Don’t fall for these social engineering scams in 2023

Don’t fall for these social engineering scams in 2023

Social engineering scams have grown into a multitude of deceptive tactics, posing significant risks to businesses in 2023. These schemes exploit human psychology, capitalizing on trust and familiarity to deceive individuals and extract sensitive information or financial gains. What's worse is that these scams just need one way in — one tiny human error — to take over your data completely.

Here are the top social engineering scams that your business must defend against this year:


Phishing continues to be the most prevalent form of cybercrime around the world. In a phishing scam, the perpetrator pretends to be a reputable source, such as a representative of a government agency or a bank, to trick victims into revealing personal information. A phishing scam can be done via email, phone call, or email, and often leads unsuspecting individuals to disclose confidential data, putting their security and privacy at risk.

In Canada, spear phishing ranks among the top three most prevalent types of scams. According to The Royal Canadian Mounted Police, these scams amounted to $530 million in victim losses in 2022, a 40% increase compared to the previous year.

Read also: Phishing tests: What they are and why your organization needs them

Business email compromise (BEC)

In a BEC attack, scammers compromise email accounts to impersonate high-level executives or trusted individuals. They deceive employees into carrying out fraudulent actions, such as wiring money or disclosing sensitive information.

Per a recent report by Osterman Research, BEC attacks are growing annually and are projected to be twice as prevalent as general phishing threats in the next 12 months. What’s more, based on data from the Internet Crime Complaint Center, the median amount stolen through BEC has risen to $66,000. BEC attacks typically target finance employees and C-level executives, with the most common types of BEC attacks being data theft, fake invoices, and account takeover.

Cryptocurrency scams

A report by the US Federal Trade Commission revealed that cryptocurrency scammers have successfully stolen over US $1 billion since 2021, solidifying the prevalence of illicit activities in the digital currency space.

Here are some of the most common cryptocurrency scams and how they work:

  • Bitcoin investment scams – Scammers pose as experienced investment managers and promise high returns on cryptocurrency investments. They request upfront fees and personal information, but instead of investing the money, they steal it.
  • Rug pull scams – Schemers promote a new project, NFT, or coin and encourage people to invest. After receiving funds, they disappear, leaving investors with worthless investments.
  • Romance scams – Romance scammers build online relationships with victims, then manipulate the latter into buying or giving money in cryptocurrency. Once they receive the funds, the scammer vanishes.
  • Man-in-the-middle attacks – In this type of attack, scammers eavesdrop on public networks to intercept sensitive information, such as passwords and cryptocurrency wallet keys, then use the information to steal cryptocurrency.
  • Social media cryptocurrency giveaway scams – Scammers create fraudulent posts on social media platforms offering fake bitcoin giveaways. Users who click on the posts are directed to malicious sites that ask for verification or payments, resulting in the theft of money or personal information.

How can you protect your business against social engineering scams?

As social engineering scams grow in complexity and impact, your business faces a pressing need to protect itself and its stakeholders. To combat these threats effectively, you must implement a multifaceted approach that combines proactive security measures, employee education, and continuous monitoring.

It also pays to partner with an industry expert like XBASE Technologies to bolster your defenses. We can conduct security assessments, penetration testing, and vulnerability scans to help identify weaknesses and proactively address potential entry points for scammers. We also implement essential technological safeguards, such as advanced email filters, anti-phishing tools, and intrusion detection systems, to detect and block malicious activities. We’ll also sit down with you to plan and establish robust incident response strategies to address potential breaches swiftly and minimize their operational impact.

In an increasingly interconnected digital world, protecting against social engineering scams is crucial not only to safeguard financial assets and sensitive data but also to maintain the trust and confidence of customers, partners, and stakeholders. Contact XBASE Technologies today to experience EXponentially Better™ cybersecurity services.