What Is Social Engineering? A Guide to Today’s Most Common Scams

Social engineering scams are on the rise, fueled by widespread social media usage and advancements in tools including AI that allow deceptions to be more convincing. This type of scam relies on criminals exploiting human emotions, whether creating false trust or instilling fear, to encourage an action that allows a scam to happen.

Crypto users aren't immune to social engineering. Understanding and being alert to the threat is fundamental to protecting your assets. In this article, we'll explain what social engineering is, why social engineering works, and the signs of a threat you should be aware of.

What is social engineering?

No matter how strong a platform's security features and protocols are, human emotion will always be a vulnerability. Social engineering seeks to exploit this weakness by nudging users towards actions that create opportunities for exploitation. For example, getting them to click a link that installs malicious software, or handing over private keys and passwords for a wallet. The crux of social engineering scams lies in manipulative communication and interaction with the victim.

Why does social engineering work?

Social engineering is effective because it takes advantage of instinctive human nature and the emotional aspect of our decision making. That's why many scammers will pose as individuals in need of help — leveraging empathy and guilt, or fabricate a threatening scenario such as a false hacked account to create fear. Effective social engineering scams evoke an emotion that leads the victim to let their guard down and act without suspicion or critical thought.

Common types of social engineering crypto scams

Various types of social engineering scams exist today, in crypto circles and beyond. Criminals will use virtually any platform they can to reach potential victims, from email, phone calls, and text messages to social media. Advanced methods also now include 'deepfakes', which involve videos, audio, or images being generated or edited using AI to deceive an individual.

Vigilance is therefore key across all forms of communication to help you spot and avoid today's many social engineering scams. Below are four of the most common.

• Romance scams: This common confidence trick involves the scammer building trust among the victim by feigning romantic interest. Once trust is built through false emotional connection, the scammer will typically claim they're facing financial hardship. The scammer then attempts to coerce the victim into handing over funds or granting access to their crypto wallet. Learn more about romance scams here.

• Pig butchering scams: Similar to romance scams, pig butchering involves the scammer first building an emotional connection with the victim. Rather than requesting funds directly, the criminal convinces the victim to invest in or trade with a fraudulent platform. Once significant funds have been handed over, the scammer flees with the money. Learn more about pig butchering scams here.

• Impersonation scams: Here, the criminal would pose as a celebrity, customer support agent, or person of authority and create a fictitious scenario that needs the user's attention. That could be an investment opportunity requiring an initial deposit with a promise of major returns, or a technical issue that needs the victim to hand over account access. Learn more about impersonation scams here.

• Phishing scams: This scam sees a criminal deceive their victim into handing over sensitive information, such as log-in credentials or financial data. The scam often involves sending a malicious message from a seemingly trustworthy source, such as email or text message. Learn more about phishing scams here.

Red flags to look out for

Although social engineering relies on human deception to work, there are various red flags you can look out for to avoid falling victim.

• Unsolicited contact: Crypto social engineering scams usually begin with some form of unsolicited contact. That could be a request for connection on a social platform, a message on a dating app, or an email supposedly from a platform you use. Be cautious of unexpected contact, especially if the sender is persistent in their communication with you.

• Urgency to act quickly: Social engineering scams often aim to create urgency for you to take a specific action. When you're urgent, you might not analyze the situation carefully, missing the signs that something's wrong. If you're being pressured to act quickly, consider it a red flag and a situation that needs scrutiny.

• Requests for sensitive information: Even a legitimate crypto exchange or bank generally won't ask you for sensitive information, aside from details to verify your identity, such as your name and age. Be highly skeptical if an individual or supposed representative from a company requests a private key, password, user ID, or other details that can be used to gain access to your account.

The final word

Social engineering scams are a threat to your crypto funds that's growing in sophistication. Although today's tactics are advanced and sometimes difficult to spot, being aware of the red flags and cautious in your communication with others gives you the best chance of protecting yourself. With new methods frequently being devised, it's wise to regularly educate yourself about the changing threat landscape.

Learn more about protecting your crypto funds and the first-class security measures OKX has in place over on our OKX Protect hub.