Social engineering is a tactic where attackers manipulate people into giving away access or sensitive information. It can show up in customer support scenarios as someone pretending to be a legitimate user who is locked out of their account.

Under Analyze > Conversations, you may see a warning icon ⚠️ on a message sent by a lead with the following information shown in a tooltip: "This message may not have been sent by [email address]"

We show a warning on lead conversations where the lead is claiming to have the email address of an existing user in your workspace.

These warnings exist to warn you that a lead or user may not be who they claim to be. You should proceed with caution and ensure you properly verify the identity of that person, rather than trusting the email address they have provided in the Fin Messenger.

There may be conversations from leads and users with the same email address across different devices in your workspace. If we were to just trust that they were the same person based on their email address, this could open up your workspace to user spoofing or social engineering.

If there’s an existing user with the email beth@examply.com, and a new lead claims to have that same email, we’ll show a warning on the lead’s conversation.

In this example, there is a legitimate user on the workspace called Beth Examply with the email beth@examply.com

Later, an unidentified website visitor enters the same email beth@examply.com into the Fin Messenger, asking for their 2FA to be reset. In this case, we show warnings on the Lead's conversation as there is nothing to prove that this person has ownership of this address.

Instead, you should be vigilant with conversations with leads who claim to have the addresses already associated with your existing users. This could of course be them remaining logged out or being locked out of their accounts, or it could be an impersonation attempt.