1. Help Centre
  2. Payments.
  3. Fraud and scam information.

Fraud and scam information.

Social Engineering Scams

Team Kroo
Team Kroo
  • Updated

What is social engineering and how does this work?

Social engineering is a manipulation technique used by fraudsters to trick people into revealing confidential information or performing actions that put their money or identity at risk.

Scammers exploit emotions like fear, urgency, curiosity, or trust.These scams often come through phone calls, emails, text messages, or social media. The fraudster might pretend to be from your bank, the police, or even someone you know.

Common tactics:

Fraudsters commonly use these techniques:

  • Phishing / Smishing / Vishing: Fake emails, texts, or calls asking you to click on links or share personal info.
  • Pretexting & Impersonation: Pretending to be someone official (e.g. your bank or IT support).
  • AI & Deepfake Scams: Using realistic fake voices or video calls to impersonate people you trust.
  • Quishing (Fake QR Codes): Tricking you into scanning malicious QR codes that lead to harmful sites.
  • Romance, Refund, or Investment Scams: Exploiting your emotions or offering fake financial opportunities.

These scams can lead to:

  • Account takeovers
  • Identity theft
  • Unauthorised payments
  • Unauthorised push payment fraud

You can learn more about at the following: 

Growing trends: Digital wallets and card scams 

With the growing use of digital wallets and online transactions, scammers are shifting their focus to these platforms. They exploit convenience and trust in these services by tricking users into: 

  • Approving fraudulent payments disguised as legitimate transactions.
  • Sharing sensitive information like one-time passcodes or account details.

Why are they being targeted?:

  • Always accessible: Mobile wallets are linked to your phone, making them an easier target for scams via text, email, or social media.
  • Real-time payments: Instant transactions mean fraud can happen quickly, with less time to intervene.
  • Harder to spot: Fraud in a digital wallet may not stand out right away like a lost debit card might.

Common tactics used in digital wallet and card scams:

  • Pretending to be from your bank or wallet provider: Fraudsters may call or text you claiming there’s suspicious activity and ask you to verify or “secure” your account by sharing codes or making a transfer.
  • Tricking you into sending money: Scammers may ask you to move funds to a “safe” account or make a payment using your digital wallet.
  • Requesting one-time passcodes (OTPs): These codes are often used to authorise wallet logins or payments. Fraudsters may say they need them for verification.
  • Fake QR codes or payment requests: Sent via email, social media, or messaging apps to trick you into entering card details or approving a transaction.

Real-World Example: Meet James

​​James was contacted on WhatsApp by someone using a UK mobile number, claiming to be from his bank. The message warned him about suspicious transactions on his account and instructed him to help "secure" it.

Shortly after, James received an official SMS from his bank containing a one-time passcode (OTP). The SMS included a clear warning not to share the code, but the urgency of the message and the convincing tone of the scammer led James to send the OTP back through WhatsApp, believing he was helping secure his account.

In reality, this OTP was used by the scammer to provision a security token to James’s account which gave them access to perform unauthorised transactions.

Only later when querying transactions he did not recognise did James realise the WhatsApp message came from a fraudster, not his bank, using a social engineering technique designed to trick individuals into bypassing security protections themselves.

Real-World Example: Victoria’s Experience

Victoria was preparing for an upcoming trip when she received what appeared to be a legitimate email from the hotel she had recently booked through a popular booking website. The message addressed her by name and referenced the correct hotel, matching her recent reservation.

The email claimed there were discrepancies or missing details in her booking and urged her to complete a secure verification process to avoid any further issues.

Trusting the information,especially since the hotel name and booking details aligned with her actual reservation, Victoria clicked the link provided in the email. She was taken to what looked like a secure site, where she entered her card details. Immediately after, she received a prompt from her banking app requesting her to approve the transaction. Assuming it was part of the booking process, Victoria approved the payment and the transaction was processed online and successfully authenticated via 3D Secure (3DS) using her biometric data.

Later, seeking confirmation, Victoria contacted the booking site directly. They informed her that her reservation had already been fully confirmed and that no further verification emails had been sent. That’s when she realised she had been scammed and that she had unknowingly authorised a fraudulent transaction, misled by a convincing and targeted phishing email that used accurate booking information to appear genuine.

How can I tell if a message or call is a scam?

Scammers can be highly convincing, often pretending to be from your bank, a delivery service, or even law enforcement. But there are warning signs you can look out for. 

Ask yourself:

  • Is there pressure to act quickly or keep it secret?
  • Does something about the message feel off—spelling, weird email address, strange tone?
  • Is the number unfamiliar or unverified?
  • Did I expect this call/message?
  • Am I being asked to share something sensitive — like a security code,login, card, or personal details?
  • Does the email or link look suspicious?
  • Does the offer seem too good to be true?

Verify before trusting:

  • Check the contact details on the official website for the merchant/bank.
  • Use trusted contact numbers.
  • For investments, check the FCA ScamSmart tool.
  • If it’s a person you know, try to speak with them on a video call or through another secure channel.
  • Always verify bank details before sending payments, ideally through a different communication method than the one in which the request was received, to guard against email or phone interception.

How can I protect myself from social engineering scams?

 Follow the safety tips below to help protect yourself:

  • Be skeptical of urgency: Scammers often try to panic you into acting quickly. Always pause and verify.
  • Don’t trust caller ID: Numbers can be spoofed. Always verify by calling back using the official number on Kroo’s website.
  • Keep your credentials safe: Never share your banking login, passwords, Authorisation Codes, or One-Time Passcodes (OTPs).
  • Use multi-factor authentication (MFA) or authenticator apps: Add extra security like verification codes sent to your phone or email.
  • Watch for unusual payment requests: Scammers may ask you to pay using gift cards, crypto, or wire transfers. This is a red flag.

Important reminders:

  1. Our Customer Support team will contact you via the Kroo app or via email from help@kroo.com. On occasion, our team may call you by phone, but Kroo will always notify you in advance via in-app chat and email to confirm the call is genuine.
  2. No bank or company will ask you to move money to a “safe” account.
  3. Scammers may reach out to you by sending you a text message or calling you. They may mention familiar names or facts that are known to you to make you believe they’re a genuine person.
  4. If someone is pressuring you to make a payment, it’s a warning sign. Legitimate companies don’t do this.
  5. Don’t share any sensitive details, such as a PIN or one-time passcode, your security details or your bank account password, with anyone.
  6. If you don’t believe that the call or text message is genuine, hang up and don’t respond to the text until you speak to us.
  7. Use secure payment marketplaces to purchase goods from strangers. These sites have buyer protection in place to reduce the risk of scams. Directly transferring money from your bank account may result in funds being lost without recovery.

What should I do if I think I’ve been targeted or scammed?

Contact Kroo immediately if you believe you may have fallen victim to a social engineering scam.

We have a dedicated in-app flow for reporting scam claims. This method is the fastest and easiest way to report a scam claim and gives Kroo the maximum opportunity to retrieve your funds.

  1. Go to the 'Home' tab in your Kroo app
  2. Find the transaction in question in your transaction list
  3. Tap on the transaction, then tap the 'Issue with this transaction' prompt in the 'Get Help' section.
  4. Select the option ‘I believe this was a scam
  5. Follow the steps in the app to report the scam and answer the question in the chat bot
  6. Give us as many details as you can so that we can investigate your claim.

You may also contact our Customer Support team via the in-app chat or email us at help@kroo.com and we'll be happy to help.

Help from other organisations: 

We would recommend reporting the incident to Action Fraud, the UK's national fraud reporting centre.

Was this article helpful?