What Is Social Engineering
In this section, we’ll explain what social engineering is, how it’s used by cybercriminals to manipulate people, and how you can protect yourself from falling victim to these tactics. Social engineering is when scammers trick you into giving away personal information like passwords, bank details, or other sensitive data. Instead of breaking into computer systems, they rely on gaining your trust through phone calls, emails, or even face-to-face interactions.
We’ll walk you through the common types of social engineering scams, such as phishing emails that pretend to be from your bank, phone calls claiming there’s a problem with your computer, or even fake text messages asking for urgent payments. You’ll learn how to spot the warning signs, like requests for personal information, pressure to act quickly, and messages that seem too good to be true.
By the end of this page, you’ll feel confident in recognising these tricks and know exactly how to respond to keep your information safe. With a few simple steps, you can protect yourself from scammers who try to manipulate your trust.
How Does Social Engineering Work?
Social engineers will often start by researching their targets, then they use tricks to manipulate people into revealing sensitive information. Some common methods include:
- Phishing - Fake emails or messages from trusted sources asking for personal information.
- Pretexting - Attackers pretend to be someone trustworthy to ask for private details.
- Baiting - Offering something tempting (like free software) to get personal information or to install malware.
- Tailgating - Tricking someone into granting access to restricted areas, like buildings, by pretending to be authorised.
How to Protect Yourself from Social Engineering
Be Sceptical of Unsolicited Requests - If someone contacts you asking for personal information, always verify their identity through a trusted channel before sharing anything.
Don't Share Sensitive Information - Avoid giving out personal information over email, phone, or social media, unless you are certain of the request’s legitimacy.
Watch for Red Flags - Look out for urgent language, unexpected requests, or offers that seem too good to be true. These are often signs of a social engineering attack.
Verify Links and Emails - Before clicking on any link or downloading any attachment, double-check that the sender is legitimate, and the URL is correct.
Use Strong, Unique Passwords - Strong passwords help protect you if attackers manage to trick you into revealing some information. Use unique passwords for each of your accounts.
What to Do if You Suspect a Social Engineering Attack
Stop and Think - Don’t rush to respond. Take a moment to evaluate if the request seems suspicious.
Verify the Request - Contact the person or organization directly using a trusted phone number or email to confirm the request.
Report It - If you think it’s a scam, report it to your IT department, bank, or the relevant authority for help.
Change Your Passwords - If you suspect your information has been compromised, change your passwords immediately and enable two-factor authentication.
Monitor Your Accounts - Keep an eye on your accounts for any unusual activity and report any suspicious actions right away.