(800) 849-6515
(800) 849-6515
What are You Looking for?
A smiling woman and a man are standing back-to-back, each using their smartphones. Icons of popular social media platforms like Facebook, Instagram, LinkedIn, and YouTube are shown flowing from their devices, symbolizing digital connectivity. Text overlay reads: "The Rising Threat of Social Engineering." A smiling woman and a man are standing back-to-back, each using their smartphones. Icons of popular social media platforms like Facebook, Instagram, LinkedIn, and YouTube are shown flowing from their devices, symbolizing digital connectivity. Text overlay reads: "The Rising Threat of Social Engineering."

    Get Help Now
    24/7 Support

    ByDigital Forensics Corp
    February 18, 2025

    The Rising Threat of Social Engineering in Cybercrime

    You may have been recently added by somebody on a digital platform who conveniently shares all of the same interests as you. Perhaps you’ve received a text from your bank asking for all of the credentials they already have on file. You could even be exposed to malware due to security vulnerabilities of a legitimate website.

    Social engineering tactics are the root cause of a vast majority of cybercrimes. Even large corporations are at risk of falling victim. Arup Group, the engineering firm responsible for projects such as the Sydney Opera House, lost $25 million to an AI deepfake attack last year(1).

    These attacks leave more than just the company at risk. They also impact the security of their entire workforce and client base. With just one individual falling for the facade, social engineering attacks can impact a mass number of victims.

    Due to this ability to enact exponential damage with only one slip-up, social engineering is commonly used by cybercriminals. Keep reading to learn more about how these schemes are conducted and ways to keep yourself safe.

    What Does Social Engineering Mean in Cybercrime?

    Social Engineering is defined as the practice of psychologically manipulating individuals to divulge money or confidential information that can be exploited for illicit activities. Unlike hacking, which relies on brute-force and technical knowhow, social engineering tactics rely on the victim willingly or unknowingly providing the information.

    Our human nature to initially trust the intentions of others, inclination to believe good offers are true, and moral desire to help those requesting our assistance leave us vulnerable to this cerebral subterfuge. However, you can decrease your chances of falling victim to online blackmail and other cybercrimes by understanding their manipulation techniques.

    Common Social Engineering Tactics Used in Cybercrime.

    There are many different ways a cybercriminal may try to expose you to their scam. Read the list below to learn more about these tactics and the crimes they can lead to.

    • Phishing: These are the most common social engineering attacks. Perpetrators will pose as a trusted entity and contact targets to request credentials that can be used for cyber extortion.
    • Pretexting: Scammers will create a fake scenario to gain the target’s trust and extract personal information. A common way this is done is by posing as a job listing.
    • Baiting/Quid Pro Quo: This involves luring an individual to disclose private information or install malware through tempting offers. This is a common tactic used in sextortion schemes.
    • Impersonation/Deepfakes: Cybercriminals feign the identity of a real individual through the use of stolen images or digitally created media. This has become increasingly utilized with the advancement of AI.
    • Tailgating: The simplest form of social engineering, tailgating involves following an authorized individual to bypass security measures and gain access to private information.
    • Physical Social Engineering: This involves posing as an authorized party to bypass security in person. This is commonly done by posing as a third-party IT specialist or delivery person.

    The Role of Social Engineering In Larger Cybercrime Operations.

    Social engineering fuels major cybercrimes. Understanding these schemes and how they are conducted is pivotal to protecting yourself from them.

    • Ransomware: Scammers will often use information found in data breaches to reach targets with phishing emails containing links and attachments that download malicious software to the recipient’s device.
    • Account Takeovers: The perpetrator may pose as a bank employee, customer service, tech support, or other trusted authority to obtain login credentials and access to confidential data.
    • Financial Fraud: In 2018, 97% of thefts from personal bank accounts were carried out using social engineering tactics(2). Ironically, one of the more common schemes involves calls warning of false fraudulent transactions.
    • Cyber Blackmail: Cybercriminals will employ social engineering tactics to gain their target’s trust and get them to divulge personal information that can be used as blackmail leverage for cyber extortion.
    • Sextortion: Social engineering tactics such as baiting and impersonation allow sextortionists to coerce their victim’s into sending explicit content.
    • Romance Scams: Like sextortion, baiting and impersonation enable perpetrators to create the facade of a romantic suitor and extort their victims.

    Real-World Consequences of Social Engineering Attacks.

    The rapid expansion of cryptocurrency has led to regulation issues and provided a new avenue for social engineering scams. The FTC received over 46,000 reports amassing $1 billion dollars in crypto currency lost in fraudulent scams from 2021 to 2022(3).

    In the past two months, users of Coinbase, the largest US cryptocurrency exchange, have lost over $65 million in a recent example of social engineering scams(4). Perpetrators sent phishing emails to users under the guise of the official Coinbase communications team, coercing victims to transfer funds to wallets they’ve set up.

    Another example of social engineering currently plaguing the US is a fake unpaid toll smishing scam. Perpetrators are posing as E-ZPass, contacting individuals through phone numbers leaked in data breaches and directing them to an imposter website.

    Massachusetts and Maryland specifically have seen a rise in these types of scams, receiving up to 900 calls per day reporting such cases(5). The issue became so prevalent that E-ZPass issued a warning in January.

    Romance scams are an ever-common example of social engineering and often target older women. Recently, numerous women have sent thousands of dollars to perpetrators posing as Keanu Reeves despite his PR team explicitly stating he has no social media presence.

    One woman, going by Chloe, sent almost $750,000 to an AI-generated Reeves in 2024. The scammer requested money for a private jet to travel to see her and a special computer to write scripts for upcoming films(6).

    Later that same year, 67-year-old Kathrine Goodson sent roughly $65,000 to a Reeves impersonator and lost her home. This came after she’d sent $500 to a different scammer posing as Reeves in 2022 and was contacted on a post she made warning others of such cons(7).

    Currently, a 67-year-old Colorado woman has sent roughly $5,000 and counting in this same scheme. She continues to deny it’s a romance scam despite wide-spread coverage, warnings from his representatives, and a sit-down interview with CBS Colorado(8).

    How to Protect Against Social Engineering Attacks.

    These attacks target both individuals and entire organizations. Protection methods are different depending on the target of the scheme, so read the list below to learn how you can prevent social engineering tactics from being waged against you.

    • Individuals: You should utilize two-form authentication on platforms that provide it to prevent your security from being compromised. Verify the accounts of anybody you communicate with online and be cautious of unfamiliar individuals who contact you with tempting offers.
    • Businesses: Training employees and establishing proper security systems can lower the risk of breaches. Prevent the theft of employee credentials by using multi-factor authentication. Additionally, you should employ regular penetration testing to identify any vulnerabilities in your system and practice a zero-trust policy.

    Have You Fallen For Any of These Traps?

    Digital Forensics Corp. can help you in the event of online blackmail and other cybercrimes committed through social engineering. You can reach out to our Blackmail Helpline for a free consultation.

    The Future of Social Engineering in Cybercrime

    The advancement of AI used in chatbots, digital media, and synthetic voices, such as the AI Keanu Reeves, has made social engineering easier and more believable. However, DFC is taking action to stay ahead of these scammers.

    Our ability to investigate the metadata of this media enables us to detect altered or created content. We can also use this information to identify its origin and identify the perpetrators. 

    Sources:

    1. Scammers siphon $25M from engineering firm Arup via AI deepfake ‘CFO’ | CFO Dive
    2. Financial fraud by social engineering: How humans get hacked and how business can stop it
    3. Reports show scammers cashing in on crypto craze | Federal Trade Commission
    4. Coinbase Users Are Losing $300M a Year to Social Scams, ZachXBT Says | Currency News | Financial and Business News | Markets Insider
    5. MDTA: Beware of text messages claiming you owe unpaid tolls
    6. Fake Keanu Reeves cons woman abroad out of more than $700k
    7. Woman who sent warning to not fall for a Keanu Reeves romance scam is now homeless after falling for same scam
    8. Colorado woman appears to be latest victim of “Keanu Reeves Scam”: “This is the real Keanu Reeves” – CBS Colorado

    DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.

    ByDigital Forensics Corp
    Published

    Read Next

    ©️ ©2025 DigitalForensics.com. All Rights Reserved.