How to Protect Against Social Engineering Fraud and Scams

What is social engineering fraud?

Social engineering fraud is a form of deception in which a criminal uses false pretenses to mislead an employee into sending money, diverting a payment or sharing confidential information. Rather than exploiting a technical weakness in a system, these schemes target human judgment and routine business processes.

At its core, social engineering relies on behavioral manipulation. Criminals use trust, authority and urgency to make a request feel normal and credible. They may impersonate a customer, executive, vendor or service provider. The goal is to create just enough familiarity and pressure that standard verification steps are overlooked or shortened.

As Tracey Santor, AVP, Product Management & Strategy for Financial Institution Bonds at Travelers, explains, “Criminals don’t slow down. Your defenses shouldn’t either.”

Unlike fraud schemes that depend on malware or system intrusion, social engineering blends quietly into everyday activity. Requests may arrive by email, phone call, text message or even in person. Because the communication looks and sounds legitimate, it may not immediately raise concern.

These schemes are defined by a tactic: persuading someone with access to take an action that benefits the criminal. As criminals refine their approach, they increasingly tailor messages using publicly available information and emerging tools, including generative artificial intelligence (AI), to make requests more convincing.

Social engineering follows recognizable patterns. Understanding how these scams unfold is essential for any organization – and especially critical for financial institutions given the speed and value of the transactions they manage. The sections that follow examine how these schemes develop and where financial institutions face heightened exposure. 

“Criminals don’t slow down. Your defenses shouldn’t either.”

Tracey Santor, AVP, Product Management & Strategy, Financial Institution Bonds, Travelers

How do social engineering scams unfold?

Social engineering scams typically follow a repeatable progression rather than occurring as a single, isolated event.

Most schemes begin with reconnaissance. Criminals gather information from public sources, prior interactions or previously compromised data to understand the institution’s organizational structure, approval processes and normal communication patterns. This groundwork allows them to craft requests that closely resemble legitimate business activity.

Using this information, criminals establish a believable pretext. They create a plausible reason to contact someone with authority or access, aligning the request with routine operations. The interaction may appear ordinary, which reduces the likelihood that it will be questioned. Pressure is often introduced through urgency, tight deadlines, references to senior leadership or appeals to helpfulness and customer service.

If an initial attempt fails, escalation is common. Criminals may adjust their story, switch communication channels or contact a different employee or department. Each interaction may seem reasonable on its own, allowing the scheme to advance without immediate detection.

This staged approach explains why social engineering can bypass controls even when technology is functioning as designed. The activity may not appear suspicious in isolation. But when responsibility is distributed across teams and processes, early warning signs can be missed.

Consistent verification procedures, clear escalation paths and employee awareness are critical across organizations. While technology plays an important role, social engineering ultimately succeeds or fails at human decision points – regardless of whether the request arrives by email, phone call, text message or another channel.

How are AI and deepfakes used in social engineering fraud? 

Criminals are increasingly using AI tools to make social engineering schemes more convincing and easier to scale. U.S. federal agencies including Cybersecurity and Infrastructure Security Agency (CISA) have warned that synthetic media such as deepfakes can be used to impersonate individuals and enable social engineering attacks.¹  These generative tools can help produce realistic emails, documents, voice messages and even video that mimic legitimate communications.

Voice cloning and deepfake technology can make it harder to rely on traditional cues such as tone, familiarity or visual appearance when assessing authenticity during phone or virtual interactions.

However, AI does not change the fundamentals of social engineering. These schemes still depend on trust, urgency and perceived authority. Technology may improve the presentation, but the success of the fraud still hinges on influencing human judgment.

For financial institutions, where transaction authority and identity verification are central to operations, this reinforces the importance of consistent verification procedures rather than relying solely on how “real” a request appears.

Common social engineering tactics and examples

Social engineering fraud relies on recurring techniques that exploit familiarity, routine communication and trust. These methods can affect organizations of all sizes and across industries.

• Phishing - Sending deceptive emails that appear to come from a legitimate organization or individual to prompt recipients to click links or share information.
• Spear phishing - A targeted form of phishing that uses personal or organizational details to make messages appear directly relevant to a specific recipient.
• Pretexting - Creating a false identity and invented scenario to persuade a target to reveal sensitive information or authorize a transaction.
• Vishing - Using phone calls or voice messages while posing as a trusted colleague, vendor or customer.
• Smishing - Sending fraudulent text messages that prompt recipients to click links, call numbers or disclose information.
• Email account compromise and contact spamming - Gaining control of a legitimate email account and using its contact list to distribute malicious or deceptive messages.
• Baiting - Using physical or digital lures, such as infected USB drives or file downloads, to entice individuals into introducing malware or granting access.

These techniques frequently appear in combination rather than isolation, and while they can affect organizations of any type, certain schemes create heightened exposure for financial institutions because of the volume, speed and value of transactions they manage.

What social engineering schemes affect financial institutions?

Social engineering schemes most frequently impacting financial institutions include business email compromise, fraudulent instructions and check fraud. These schemes exploit established payment workflows, account authority processes and customer service routines, making them particularly difficult to detect without consistent verification and escalation controls.

Business email compromise (BEC)

Business email compromise involves impersonating executives, employees, customers, vendors or trusted partners to request payments or sensitive information. For financial institutions, these requests often align closely with established approval and payment workflows, which can make them difficult to distinguish from legitimate activity.

In more advanced schemes, criminals compromise legitimate email accounts and monitor communications over time. This allows them to match writing style, timing and transaction context, increasing the likelihood that fraudulent requests are processed without escalation.

Common characteristics of BEC schemes include:

• Requests aligned closely with existing workflows.
• Subtle changes to payment details rather than new instructions.
• Timing that coincides with busy periods, staff transitions or reporting deadlines.

Together, these elements allow BEC activity to blend into routine operations, increasing the risk that fraudulent requests are treated as ordinary business unless verification and escalation controls are applied consistently.

Fraudulent instructions and impersonation schemes

Fraudulent instruction schemes involve impersonating customers, authorized representatives or internal personnel to induce fund transfers, account changes or access approvals. These schemes often appear as routine service or operational requests rather than overt payment fraud.

Impersonation may occur through email, phone calls or voicemail, sometimes across multiple interactions. Attackers may provide partial information to establish credibility and rely on employees to complete verification steps on their behalf.

In some cases, attackers attempt to add unauthorized individuals – such as a fake financial director or account administrator – to customer or business accounts, creating ongoing access rather than a single fraudulent transaction.

Check and Treasury check fraud

Check fraud remains a significant exposure for financial institutions, even as digital payments expand. Criminals may alter stolen checks, change payee information or deposit counterfeit items obtained through illicit channels.

Treasury-related check fraud often follows a recognizable pattern. Criminals may deposit large Treasury checks into dormant or low-activity accounts, monitor funds availability and quickly withdraw or transfer funds once they are released.

Red flags can include unusual transaction activity, significant gaps between the check issue date and deposit date, or deposits that do not align with the account’s historical behavior.

Blended and multistage schemes

Many social engineering attacks combine multiple tactics rather than relying on a single approach. Email impersonation, phone calls, document manipulation and physical actions may all appear within the same scheme.

Because activity is spread across channels and teams, no single interaction may appear suspicious on its own. For financial institutions, this reinforces the importance of viewing social engineering risk across processes rather than isolated events.

Social engineering fraud is no longer a series of isolated incidents. The data below shows that these attacks are increasing rapidly, causing greater operational and financial damage to financial institutions. 

$2.7+ billion in the United States

Why are financial institutions prime targets for social engineering fraud?

Social engineering fraud poses heightened risk for banks, credit unions, wealth managers and insurance companies because of the role they play in moving, safeguarding and authorizing funds. Financial institutions operate in environments where high-value transactions, time sensitivity and trust-based decision-making are routine.

Interconnected operations and legacy systems

Many institutions operate across a complex web of legacy systems, modern platforms and third-party providers. These environments create handoffs that attackers can exploit.

High-value transactions and time pressure

Financial institutions process high-value, time-sensitive transactions every day. Urgency increases the likelihood that unusual requests move forward without escalation.

Trust-based workflows across teams and vendors

Long-standing relationships between departments, executives, customers and vendors create assumptions of legitimacy that attackers deliberately exploit.

Together, these factors create conditions where social engineering fraud can blend into normal operations. High transaction values, interconnected systems and trust-based workflows support efficient service. They also reduce friction in ways attackers can exploit. This helps explain why financial institutions remain frequent targets. It also explains why prevention tactics must be embedded in how work actually gets done, not just how systems are designed.

Why do social engineering losses escalate so quickly?

Social engineering schemes exploit payment systems designed for speed and efficiency. Wire transfers, automated clearing house (ACH) payments and real-time payment platforms move funds quickly, often leaving little opportunity to reverse a transaction once it has been authorized. Once a fraudulent instruction is processed, funds are frequently transferred through multiple intermediary accounts – sometimes within minutes – to obscure their origin and disperse the proceeds. Each additional transfer reduces the likelihood of recovery as funds move across institutions, jurisdictions or payment networks.

Delayed detection compounds the damage. Fraudulent requests are often structured to align with normal business activity, so irregularities may not surface until after funds have settled or a customer raises a concern. In business email compromise scenarios, even brief delays in recognition can significantly affect recovery options.

When funds are lost, institutions must quickly shift from prevention to response – addressing financial exposure while managing operational disruption and reputational risk.

Social engineering losses often escalate because these attacks concentrate in specific operational areas where speed, trust and routine activity intersect. The below highlights where financial institutions face the greatest exposure.

Regulatory reporting has emphasized fraud, operational risk third-party exposure as areas of supervisory focus.⁴

How a layered defense can help financial institutions protect themselves against social engineering

Effective social engineering prevention requires a layered approach that combines organizational practices, operational controls and supporting technology. While social engineering coverage can help address financial loss, reducing exposure ultimately depends on how these safeguards work together across the organization.

People – training and awareness

Ongoing training helps employees recognize manipulation tactics and understand why verification procedures exist. Programs are most effective when they reflect real workflows and current threat patterns.

Leadership reinforcement and modeling of best practices is critical. When escalation and verification are emphasized over speed alone, employees are more likely to pause and question unusual requests.

Process – verification and consistency

Documented procedures help provide consistency across teams and channels. Predetermined callback requirements, separation of duties and standardized escalation paths help reduce reliance on individual judgment under pressure.

Processes should be reviewed with the workforce regularly, particularly during staffing transitions or peak workloads.

Technology – controls and monitoring

Technology supports, but does not replace, strong processes. Multifactor authentication (MFA), behavioral monitoring and secure access controls provide essential safeguards when aligned with how employees actually work.

In addition, training helps employees recognize manipulation tactics, consistent processes reduce reliance on individual judgment, and technology reinforces controls across everyday operations.

Financial institutions should not treat these safeguards as static. Controls must be reviewed, tested and strengthened as tactics evolve to remain effective.

Practical steps financial institutions can take to reduce social engineering risk

The layered approach becomes more effective when translated into consistent, repeatable actions.

1. Treat requests to change payment instructions as high risk.
2. Verify changes using contact information already on file rather than information provided in the request.
3. Be cautious of urgency or pressure to bypass procedures.
4. Use out-of-band communication by confirming unexpected requests through a different trusted channel, such as calling a known phone number instead of replying to an email.
5. Require the requester to provide complete verification information without offering hints or missing details.
6. Encourage employees to escalate unusual requests and share concerns with colleagues or supervisors.
7. Recognize and reinforce employees who follow procedures and raise concerns, even when a request turns out to be legitimate.

Consistently applying these actions helps translate a layered defense into everyday decisions that reduce exposure to social engineering fraud.

Understanding social engineering coverage considerations

Social engineering fraud can trigger complex coverage considerations depending on the facts of a loss. Financial institutions should review how their crime, financial institution bond or related policies respond to fraudulent instructions, impersonation schemes and funds transfer exposures.

Coverage language, definitions and conditions vary. Clear documentation of controls, verification procedures and employee training can play an important role in both loss prevention and claim response.

Engaging with an experienced insurance professional can help institutions evaluate how their coverage aligns with evolving fraud risks.

To explore how Travelers can help protect financial institutions from social engineering fraud and emerging scam risks, contact your independent agent or connect with a Travelers representative today.

This article incorporates analysis from multiple industry sources and leading cybersecurity research organizations. For the most current threat intelligence and prevention strategies, financial institutions should consult with their security teams and insurance providers regularly.

Sources
¹ https://media.defense.gov/2023/Sep/12/2003298925/-1/-1/0/CSI-DEEPFAKE-THREATS.PDF
^2,3 https://www.ic3.gov/AnnualReport/Reports/2024_IC3Report.pdf
⁴ https://www.occ.gov/publications-and-resources/publications/semiannual-risk-perspective/files/pub-semiannual-risk-perspective-spring-2025.pdf