Skip to main content Skip to footer
Toggle navigation
Call Us

Category: Compliance · 4 min read

Social Engineering: What it Means and How to Protect Yourself

author profile photo

on October 22, 2019

author profile photo

on October 22, 2019

group of professionals sitting around a meeting room, working and talking

Do you know what social engineering is? Social engineering is the act of deception to manipulate individuals into divulging confidential and/or personal information for fraudulent purposes. The level of complexity of a social engineering attack can vary. Understanding how it works and how you can prevent becoming a victim of one is crucial in protecting yourself and your clients’ information.  

We’ve put together a list of a few of the most common forms of social engineering that you should be aware of. This is not an all-inclusive list, but it’s important to note that, no matter the technique, the intent is the same: to obtain confidential or personal information.  



Phishing is likely the most common form of social engineering. It’s defined as the fraudulent practice of sending emails disguised as being from a trustworthy source to obtain personal information for malicious purposes. The scammer often impersonates a company, website, friend, or family member. The email generally includes a link and instructs you to click on it to get more information and/or enter personal information. Be wary of emails that:  

  • Have small mistakes (grammar, punctuation, etc.)  
  • Are from unknown email addresses 
  • Request private or confidential information  
  • Are intimidating or include the sense of urgency to act  
  • Include links to unknown sources or spoofed URLs and hyperlinks 



Smishing (short for SMS phishing) is the exploitation of text messages. Generally, it involves a text message with a link to a webpage, email address, application, or phone number that directs you to click a link or download a document. Once the link is opened, there are instructions to enter personal information. This downloads a virus or other malware onto the mobile device that tracks the confidential information you type into the bogus app. Scammers rely on people’s assumption that their smartphone is more secure than a computer. Be wary of texts that:  

  • Are unexpected and/or come from an unknown source 
  • Include links to webpages or email addresses that are unfamiliar  
  • Urge a quick reply 
  • Ask you about your personal finances 



Vishing is another popular form of social engineering that targets voice communications or the telephone network. You may receive a phone call from a spoofed number (changing the caller ID to a number other than the calling number). Using a number that appears to be legitimate, you can be lured into a false sense of security. The caller may also have acquired enough personal information from other sources to set you at ease. They may be able to validate an address, maiden name, or birthdate. Once this happens, it can be easy for a scammer to glean any additional information they want. You can help protect yourself by:  

  • Not trusting caller ID and being suspicious of any unknown caller 
  • Not providing any personal information 
  • Calling them back using a trusted number  


Protect Yourself  

Slow down. Taking your time to respond is one of the easiest preventative measures you can do. Scammers are banking on the fact that you’re going to rush through your email or texts or that you’ll feel a sense of urgency to rectify what seems to be a serious situation. They're hoping you won't take the time to ask additional questions to verify that what they're asking for is legitimate. Before clicking on any links or providing any information, stop and ask yourself if the request seems reasonable. Or, would this person normally request this information? If it seems unlikely, then it probably is.  

Education is key. Defending yourself and your business is difficult when you don’t know what you’re defending yourself against. Social engineering attacks come in many forms and they are evolving and becoming more sophisticated all the time. Knowing the various methods and techniques and how they are used can help you form the framework for your defense.  

Don’t get complacent. Social engineers know who they’re targeting. They use social media outlets like Facebook, Twitter, and LinkedIn to gather information that will provide them with the credibility they need to get you to disclose the data they want. Being cognizant of the information you release on these social media sites can help. Since many attacks involve references to financial institutions, know the policies of the companies you do business with and their primary means of contact.  

Have a plan. It’s likely that you will be the victim of a social engineering attack at some point. Knowing what to do and acting immediately may be the best defense. Create a cybersecurity program and test it on a regular basis. Having a privacy policy is another layer of defense and provides a clear direction for you and anyone in your office on the expectations of how information is handled. If you need help building a program, check out our privacy policy template

It’s likely that you will be the victim of a social engineering attack at some point. Knowing what to do and acting immediately may be the best defense.

Social engineering casts a wide net. These examples are only a small sampling of how scammers are trying to obtain information. For more information on current scams, visit the Federal Trade Commission website.


For financial professional use only, not for use with the general public. #19-0676-101120 

This information is intended for Financial Professionals who are insurance licensed only. If you are securities licensed, please contact your Broker Dealer for their requirements.  

These educational pieces are intended to be informative and provide generalized guidance. They should not be construed as legal advice or provide protection against compliance violations brought on by a consumer or state insurance commission. It is the sole responsibility of the financial professional to seek compliance or legal direction specific to their individual situation. These pieces should be used to raise awareness and evaluate business practices. 

Share This Post

Interested in Streamlining Your Compliance Process?

Profile picture for user rrobbins
Written By

Rocky Robbins

Chief Compliance Officer & Corporate Counsel

Rocky Robbins is the Chief Compliance Officer and Corporate Counsel at Brokers International. Over his more than 15 years of experience in the financial services industry, Rocky served in a variety of corporate legal and compliance positions. Rocky understands the complex regulatory environment that financial professionals must navigate, and strives to provide real-world solutions to help financial professionals reduce their risks.

View All Posts

Recommended Posts