ABA Banking Journal
No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
SUBSCRIBE
ABA Banking Journal
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive
No Result
View All Result
No Result
View All Result
Home Cybersecurity

Social Engineering: The Art of Human Hacking

April 29, 2016
Reading Time: 3 mins read

Online Security Concept - Fingerprint on Virtual Screen

By Monica C. Meinert

Each year, millions of dollars are lost to a type of fraud that’s particularly difficult to detect and stop, and it’s all based on a criminal’s ability to exploit a basic human characteristic: the tendency to trust.

It’s a practice called “social engineering,” in which a fraudster successfully manipulates a victim into taking specific actions like sending wire transfers or giving over confidential information while posing as a trustworthy source.

“Social engineering is fraud by deception,” says Mark Lowers, CEO of Lowers Risk Group, a firm based in Purcellville, Va. “It’s about playing on the average individual’s sense of decency.”

Social engineers use a variety of tactics to gain information that can help them win over the trust of their victims. Strategies can include sophisticated approaches like phishing or the tried-and-true methods of dumpster diving, pretext calling or impersonating a company employee or business associate. Once a social engineer has the information they need to appear legitimate, they can make contact with their victim and set the scheme into motion.

Virtually anyone can fall victim to a social engineering scam, but businesses in particular have seen an increase in this type of fraud over the past several years.

“[My] firm has handled dozens of cases this past year where very well-run organizations transferred big, six-figure numbers as a result of [social engineering scams],” Lowers says. “And they didn’t get it back—by the time they realized, the funds had been transferred on to multiple other banks.”

Email provides a particularly lucrative opportunity for social engineers—according to a 2014 study by McAfee, 97 percent of people globally were unable to correctly identify phishing emails. And the FBI reports that in the U.S. alone, there have been more than 7,000 victims and $747 million in losses as a result of business email compromise—a specific type of social engineering fraud—since 2013.

In business email scams, “fraudsters typically target businesses working with foreign suppliers or business that perform wire transfers or ACH transactions as payments,” often sending phony invoices or requests for payment, explains Kim Syrop, SVP and director of fraud and loss management for Webster Bank, a $22 billion institution based in Waterbury, Conn. To the person on the receiving end, these requests seem to come from a trusted vendor, which is how so many unsuspecting employees have been duped into facilitating fraudulent transactions.

In other cases, crooks will impersonate corporate CEOs, creating fake email addresses or hacking existing email accounts. From there, Syrop says, they typically reach out to a lower-level employee with wire origination authority and request a transfer of funds, often stressing confidentially. The employee naturally wants to comply with their boss’ wishes as quickly and efficiently as possible—which is exactly what fraudsters are counting on.

Building the human firewall

With the threat of social engineering becoming so ubiquitous, it’s more important than ever for banks to have systems and policies in place to help detect and deter this type of fraud.

Since humans are often described as the weakest link in the security chain, Lowers stresses that enterprise-wide education is critical for building a strong defense. “It’s not enough for a workforce to simply have policy guidelines—they really need to be educated on how to recognize this type of fraud,” he says. “They need to become a human firewall.” And like any IT firewall, the human firewall must be continually tested and updated with information as new trends emerge.

At Webster Bank, Syrop makes sure that everyone—not just the fraud department—stays up to date on current trends and understands how to spot red flags. The bank makes a point to train all business line managers on fraud prevention, with the expectation that they will in turn educate both their employees and their customers.

Both Lowers and Syrop agree that building a strong fraud culture starts with bank leadership. “It’s all about tone at the top,” Lowers says. “Awareness, education and culture are key.”

Tags: Anti-money launderingCyber crimeCybersecurityFraudSocial engineering
ShareTweetPin

Author

Monica C. Meinert

Monica C. Meinert

Monica C. Meinert is a senior editor at the ABA Banking Journal and VP for executive communications at the American Bankers Association.

Related Posts

ABA, BPI support proposed process to create drone no-fly zones

ABA, BPI support proposed process to create drone no-fly zones

Cybersecurity
July 7, 2026

In a joint letter to the FAA, ABA and BPI said that unauthorized unmanned aircraft activity near financial institution sites can create “obvious and legitimate risk” to physical security as well as cybersecurity, as the technology can be...

New York State issues guidance on AI-related cybersecurity risks to financial institutions

Survey: Most banks experienced recent rise in cyberattacks

Compliance and Risk
June 24, 2026

A majority of U.S. bank executives said they have seen an increase in the number of cyberattacks on their institutions in the past year and have boosted their cybersecurity budgets as a result, according to the most recent...

NIST releases draft guidelines for AI cybersecurity

‘Five Eyes’ nations warn AI cybersecurity threats only months out

Compliance and Risk
June 24, 2026

Organizations have only months to prepare for the cybersecurity challenges posed by new artificial intelligence models, making cyber resilience “integral to advancing business continuity,” the leaders of the "Five Eyes" cybersecurity agencies warned in a joint statement.

G7 cybersecurity group urges financial institutions to prepare for quantum computing

White House directs agencies, contractors to protect systems from quantum computing

Compliance and Risk
June 23, 2026

Government agencies and contractors would be required to take steps to protect their systems from threats posed by quantum computers under a pair of executive orders signed by President Trump.

Reports explore information exposure, costs of data breaches

Report: Software vulnerabilities become top vector for data breaches

Compliance and Risk
June 12, 2026

Exploitation of software vulnerabilities has become the most common initial access vector for data breaches, according to the most recent Data Breach Investigations Report by Verizon.

With AI threats, CISA offers agencies guidelines for patching software vulnerabilities

With AI threats, CISA offers agencies guidelines for patching software vulnerabilities

Compliance and Risk
June 11, 2026

CISA released a new framework for federal civilian agencies in determining how quickly to patch software vulnerabilities, noting that artificial intelligence is “vastly increasing” the pace at which such vulnerabilities are discovered.

NEWSBYTES

Fed seeks comments on changes to AML program rules, aligns with other agencies

July 8, 2026

CFPB releases its Fall 2025 Unified Agenda of Regulatory and Deregulatory Actions

July 7, 2026

ABA, BPI support proposed process to create drone no-fly zones

July 7, 2026

SPONSORED CONTENT

Why Your Systems Keep Slowing Down — and What to Do About It

Examiners Are Now Looking at Your Non-Core Systems

June 11, 2026
Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

Your Floorplan Audit and Your Credit Decision Are Weeks Apart. That Gap Has a Price.

June 1, 2026
A Modern Blueprint for Serving High-Net-Worth Families

A Modern Blueprint for Serving High-Net-Worth Families

May 28, 2026
Why Your Systems Keep Slowing Down — and What to Do About It

AI Is in Your Bank. Is Your Cloud Contract Governing It?

May 20, 2026

PODCASTS

Podcast: Financing America’s independence

June 29, 2026

Podcast: Talent and innovation in community banking

June 18, 2026

Podcast: Understanding bank regulators’ guidance on illegal immigration

June 11, 2026

American Bankers Association
1333 New Hampshire Ave NW
Washington, DC 20036
1-800-BANKERS (800-226-5377)
www.aba.com
About ABA
Privacy Policy
Contact ABA

ABA Banking Journal
About ABA Banking Journal
Media Kit
Advertising
Subscribe

© 2026 American Bankers Association. All rights reserved.

No Result
View All Result
  • Topics
    • Ag Banking
    • Commercial Lending
    • Community Banking
    • Compliance and Risk
    • Cybersecurity
    • Economy
    • Human Resources
    • Insurance
    • Legal
    • Mortgage
    • Mutual Funds
    • Payments
    • Policy
    • Retail and Marketing
    • Tax and Accounting
    • Technology
    • Wealth Management
  • Newsbytes
  • Podcasts
  • Magazine
    • Subscribe
    • Advertise
    • Magazine Archive
    • Newsletter Archive
    • Podcast Archive
    • Sponsored Content Archive

© 2026 American Bankers Association. All rights reserved.