Skip to Content
Bank of America Coronavirus Resource Center See details

How cyber criminals engineer deception online

A person tapping the navigation bar on a laptop with strands of 1-0 code in foreground.

Cyber crime relies on increasingly sophisticated versions of malware, hacking methods, botnets and other technologies. But it also exploits tactics refined by criminals who pre-dated the internet by decades. Trickery, coercion and the human tendency to trust have always been among the most effective tools in crime, and cyber criminals know how to use them.

 Online confidence scams often depend on what is known as “social engineering.” They exploit human fallibility and technology to prompt a targeted individual to act in a way that results in theft of money or information. These scams may also leverage a threat to make stolen, sensitive information public.

Using data harvested from social media sites, professional profiles, blogs, websites or local news reports — often over weeks or even months — cyber criminals can gain a nuanced understanding of users and often their families as well.

The criminals can use this information to methodically build a relationship with a person and gain their trust. Once trust is established, the criminals can make a simple request for the target to click a link, send money or share personal information. They also may perpetrate a scam through a fake message that appears to come from a trusted acquaintance.

Social-engineering efforts are often deployed against business employees, but anyone with an online identity can draw the attention of a cyber criminal. Financial loss and manipulation, however, are not inevitable. People who verify any requests for money or personal information can avoid falling for most online scams. Thinking twice about the details you share online can also reduce the risk of becoming a target of this type of methodical crime.

Image of person holding a file icon above head with lock to his left.
Image of a magnifying glass in front of a computer monitor.
Image of a magnet lifting a man from a row of standing people.
Image of icons and envelopes rising out of a file folder.
Image of an envelope and enclosed letter with triangular hazard icon at right.
Image of credit card, file folder and tablet of numbers.

Personal details build trust

Social engineering is effective because many people are not careful to monitor the amount of personal information they commit to the internet. Social media sites and forums, for instance, usually have privacy controls that allow users to restrict the amount of personal information that can be seen in public. But many users do not apply these filters and allow all the information they post to remain in public view.

The most meticulous cyber criminals may put as much time into building a persona of their own. Once they reach out — as a fellow alumnus, school parent or sports enthusiast, to name just a few examples — they may be able to anticipate a person’s reactions with a high degree of accuracy, making it easier to act and respond in ways that establish trust.

Scams can take many forms. During the holidays, requests for gifts or charitable contributions are common. Criminals may send email links that contain malware that gives them access to people’s devices, personal accounts or data. Some may demand ransoms to release the device or stolen information.

Cyber criminals can access a wide variety of information streams to create and exploit and incredibly detailed description of the people they target.

The best defenses: monitoring and verification

Ending online communication and trusting no one at all is not a practical strategy. Fortunately, it isn’t necessary. It’s possible to enjoy the convenience and connection of life online by observing some essential precautions:

Think before you post. A social media post doesn’t need to include a checking account or Social Security number to compromise you. Before you share details about your home and loved ones, consider whether it’s really necessary.

Review the privacy settings. Make sure that any online account through which you share personal information does not allow unrestricted public access.

Monitor your accounts. Watch your accounts for any suspicious activity and close those that are no longer active. Make sure to also monitor the accounts of any dependents.

Verify any request for payment or personal information. Even if a request seems to come from someone you know, contact that person through another channel to ensure the request has not been made by an impersonator.

Stay connected, stay protected

 To help keep your account information safe and secure during this period, make sure your contact information is up to date and set up security and account alerts (deep link) so we can stay in touch. Remember, if we need to reach out to you, we’ll NEVER ask for personal or financial information or an access code through email, text or unsolicited calls. Visit our Security Center or the Stay Safe Online website for tips on how to recognize potential scams and learn more about how to keep your accounts safe.

Related Insights

TOP