Scammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the internet and use this to craft targeted attacks.

“Some scammers will use all available and seemingly harmless data about you to their advantage, watching your every move online, typically on social media, in order to eventually exploit your digital footprint,” Lameiras says. “Unless you’re careful, the more you interact online, the higher the odds that they’ll know a lot about you – ultimately, they may have an easier time duping you.”

Scammers also know that people are more likely to fall for scams that appear to come from people in positions of authority, such as law enforcement. In targeted attacks, the scammers often pose as the user’s boss or an executive at their organization.

“People tend to trust those in positions of authority,” Lameiras says. “Fraudsters often impersonate people who hold some kind of expertise: a government worker, a lawyer, a company executive or an expert in a specific field. These are all people we were taught to trust. Scammers will try to look official and use the names of companies or organizations you might recognize.”

Additionally, scammers often use phony sob stories or pleas for help to take advantage of their victims’ sympathy.

“Ploys that involve requests for help create empathy with the scammer or with the people who the fraudster claims to represent,” ESET says. “For example, narratives of personal tragedies or public emergencies remain effective. Even if in the back of your mind you know it might not be true, you are still inclined to help ‘just in case.’ Scammers realize that people want to feel useful.”

New-school security awareness training can teach your employees to recognize social engineering tactics so they can avoid falling for scams.