Revealing the U.S.’s Social Engineering Scam Problem
By Roy Urrico
Finopotamus aims to highlight white papers, surveys and reports that provide a glimpse into what is taking place and/or impacting credit unions and other organizations in the financial services industry.
In 2022, social engineering scams in the U.S. resulted in nearly $8.3 billion in financial losses. Approximately 234,000 Americans fell victim to these cons with an average loss of $35,000. Those findings come from Amsterdam-based cybersecurity company Surfshark’s new study, “Unmasking 2022's U.S. Social Engineering Scam Toll.”
“Social engineering scams are as sophisticated as ever, and the shockingly high losses illustrate this. By shedding light on the most financially devastating and most common scams, we hope to encourage people to be more vigilant online. Every offer that seems too good to be true should be taken with a grain of salt,” said Surfshark’s Chief Security Officer Tautvydas Jasinskas.
The study utilized open-source information from the FBI; including 2022 Internet Crime Complaint Center’s (IC3) data across 50 U.S. states and the District of Columbia. Surfshark derived the average financial losses per victim metric from analysis involving the aggregation of financial losses and victim counts related to social engineering crimes.
Surfshark classified social engineering frauds as crimes meeting the following criteria: the crime attack objective was material benefit, attack subjects incurred direct losses, victims’ deception came through psychological manipulation, and the scammer and the victim had active interaction.
The report specified that social engineering as a tactic employed by hackers to manipulate individuals into divulging sensitive information or taking actions that compromise security, affects millions of people annually.
The study’s revelations include:
· Investment fraud, “the most financially devastating scam,” according to Surfshark, caused losses of nearly $3 billion. That represented more than a third of all social engineering losses in the U.S. in 2022. Fraudsters duped more than 23,000 people with false promises of significant profits and low risk. Next up on the con list are business email compromise (BEC) scams, which resulted in over $2.5 billion in losses in the U.S., and tech support fraud, which accounted for nearly $800 million in losses.
· The most common social engineering scams among Americans involved the supplying of goods or services without imbursement or payment made without delivery of goods or services or of subpar quality. These scams affected over 47,000 victims or more than a fifth of all social engineering cases. Fake technical or customer support schemes, which victimized almost 32,000 people, were another prevalent method of deception of Americans in 2022.
· California took the lead in losses, totaling $1.8 billion, which accounted for more than 20% of the total losses in the U.S. On average, Californians experienced the highest individual losses, nearly $53,000. Florida claimed the second position with losses exceeding $740 million, representing 9% of the total losses nationwide; followed by Texas with $700 million, New York with $600 million, and Georgia with $280 million.
Using Security Education to Combat Social-Engineered Crime
Surfshark focuses on developing what it calls “humanized privacy and security solutions.” Products include a virtual private network and antivirus tools, Alert (a data leak detection system), Search (a private search tool), and Incogni (automated personal data removal system).
In response to increasing social engineering threats, Surfshark has also developed a social engineering course to help people and businesses identify scams and protect their data.
The course includes 90-minutes of video material, downloadable “cheat sheets,” interactive tutorials, hands-on quizzes, and a collection of real-life examples used in messages and calls, digital banking, emails, travel and dating apps, and online shopping.