ally-logo-white-transp
security

Social engineering: How to protect yourself from scams

·3 min read

Received a text from an unknown number claiming to be your bank alerting you of potential fraud? It may be a social engineering scam. Through texting, email or social media, it’s now easier than ever for scammers to obtain your personal information and gain access to your online accounts and financial information. Fortunately, there are steps you can take to protect yourself. Start by taking our social engineering quiz to test your knowledge, then read on to learn about different social engineering scams.

What are social engineering scams?

Simply put, social engineering is when scammers use deception to obtain personal information from an individual and use it for fraudulent purposes. These scams take advantage of personal vulnerabilities and psychological tricks. For example, scammers might impersonate a friend or family member in an emergency situation to gain your trust and prompt action.

To spot a social engineering scam, look for:

  • Unexpected requests for private or sensitive information

  • Language emphasizing urgency or immediate action

  • Suspicious looking links or attachments

Read more: Help keep your money safe and secure in an Ally Bank Savings Account.

Social engineering is when scammers use deception to obtain personal information from an individual and use it for fraudulent purposes.

Common types of social engineering attacks

Being able to identify a social engineering scam is the first step to protecting yourself. Common types of scams include:

Phishing scam

Phishing is one of the most common types of frauds used to collect sensitive information. By impersonating reputable entities — such as banks or government agencies — through text, email or other communications, scammers can make it look like you are providing information to a legitimate source.

Spear phishing scam

Spear phishing is a personalized form of phishing, where specific information about the victim is used to make the phishing attempt seem more realistic. For example, cybercriminals may say they're a loved one with a new phone number, then claim they’re experiencing an emergency and need money wired to them.

The sweetheart scam

Between dating apps and social media, it's easy to find love online. But watch out for con artists who act romantically interested and offer to pay for things like plane tickets, surgery, debts or travel documents by asking for your login information.

Baiting

A baiting scam is a type of attack where cybercriminals lure in victims using a tempting offer, such as free software or media downloads. Once you click the link, you could be subject to malware.

Current event and get rich quick scams

Any get-rich-quick promises, low-risk “golden opportunities" and online ads for “new credit identities" could potentially be scams.

Read more: Learn more about the latest digital scams and ways to help protect yourself.

Pretexting

Pretexting is when a scammer poses as a trustworthy person, like a co-worker or bank representative, to gain your trust.

Vishing and smishing

Vishing scammers use fraudulent phone numbers and even AI and voice-altering software to pose as reputable companies or individuals to get sensitive personal information. Smishing, similarly, is a type of phishing scam that involves text messages (SMS). The hacker uses typical phishing techniques, such as posing as a legitimate business, and may even spoof that company's phone number to try to add legitimacy to the scam.

Protect yourself against social engineering scams

To help keep you and your information safe, keep these rules in mind:

  • Implement strong security measures, such as multi-factor authentication, and avoid using the same password for multiple accounts.

  • Watch out for calls or emails claiming to be from banks, digital payment apps or other financial institutions asking for your password or other account information.

  • Don't download a digital file from someone you don't know or blindly click on a URL on social media or in emails. Double-check that website names or addresses don’t contain spelling errors, distorted logos or strange letters and numbers.

  • Be wary of anyone you don't know and of any request that makes you feel uncomfortable. If you receive suspicious communication from an organization, contact it directly to verify.

  • Monitor your accounts regularly for unusual activity. If you have an Ally Bank Spending Account, we constantly monitor your account activity for potential fraud and will contact you in the case of any suspicious activity.

Suspect you’ve been a victim of fraud? Contact your bank or relevant authorities immediately. If your account has been compromised, change your passwords right away and take any necessary actions to secure your account.

Stay safe

Simply being mindful — and skeptical — about any messages that urge you to take action on something unexpected can help keep your money and bank accounts safe and secure.

Explore more