What is social engineering? Common social engineering attack techniques and how to prevent them.

Share on facebook
Share on google
Share on twitter
Share on linkedin

Today, social engineering seems to be one of the greatest security threats facing organizations and individuals at large scale by hackers, hacktivists, and various other criminals.

What is social engineering?

Social engineering is the act of tricking someone into revealing information or taking action, usually through technology. The idea behind social engineering is to take advantage of a victim’s natural tendencies and emotional reactions.

To access a computer network, the typical hacker might look for a software vulnerability. A social engineer, though, could pose as a technical support person to trick an employee into divulging their login credentials.Social engineers gain physical access to a building, sending emails from a trusted co-workers account, offering you something like a gift or freebee in return for information.Sometimes they use a link with something interesting that looks like it came from Facebook, LinkedIn or a friend.

Common social engineering techniques:


Attackers leave a malware-infected device, such as a USB flash drive or CD, in a place where someone likely will find it. The person who finds the device will load it into their computer and unknowingly install the malware and allows the attacker to advance into the victim’s system.


Phishing occurs when an attacker makes fake communications with a victim that are disguised as legitimate, often claiming or seeming to be from a trusted source. The most popular mode of communication for phishing attacks is Email;but phishing may also utilise chat applications, social media, phone calls, or spoofed websites designed to look legitimate.


Pretexting is the use of an interesting pretext to capture someone’s attention. Once the story hooks the person, the fraudster tries to trick the victim into providing something of value.‘Pretexting’ occurs when an attacker fabricates false circumstances and compels a victim into providing access to protected systems.


The criminal uses the phone to trick a victim into handing over valuable information.

Quid pro quo

A quid pro quo attack occurs when attackers request private information from someone in exchange for something desirable or some type of compensation.

Spear phishing 

Spear phishing is a highly targeted type of phishing attack that focuses on a specific individual or organization. Spear phishing attacks use personal information, sometimes social media accounts, or other online activity that is specific to the recipient to gain trust and appear more legitimate. 


Tailgating is a physical social engineering technique that occurs when unauthorized individuals follow authorized individuals.Tailgating could happen when someone asks you to hold the door open because they forgot their access card or asks to borrow your gadgets to complete a simple task and instead installs malware or steals data.

10 Steps to bypass Social Engineering:-

Complex and strong Passwords

Creating strong, unique passwords for all your accounts really is the best way to keep your personal and financial information safe.In additional, check to see if your online accounts offer biometric scanning ie fingerprints and/or eyes, or multi-factor authentication.So the hacker may need to enter a code that is sent to your phone, as well as your password to log in to your account.

Network Security

Make sure that your connections to the internet are secure. Sometimes your home Wi-Fi network is another entry point for hackers. Ensure that you have a hard-to-crack password and consider security software that prevents and identifies hackers on the network.


A firewall is an electronic barrier that blocks unauthorized access to computers and devices. Using a firewall ensures that all of the devices connected to your network are secured, including IoT devices like smart thermostats and webcams, since many IoT devices aren’t equipped with security measures, giving hackers a vulnerable point of entry to your entire network.

Click Smart

Spam emails, phony offers, clickbait, and more all use these tactics to tempt you to click on dangerous links or give up your personal information. Beware of offers that sound too good to be true, or ask for too much information.

Selective Sharing

Be cautious about what you share, particularly when it comes to personal information; it may be used to impersonate you or guess your passwords and logins.

Protect Your Mobile Life

Mobile devices face new risks, with risky apps and dangerous links sent by text message. Be careful where you click, don’t respond to messages from strangers, and only download apps from official app stores after reading other users’ reviews first. Make sure that your security software is enabled on your mobile, just like your computers and other devices, and put a secure password and enable biometric fingerprint scanning.

Safe Surfing & Shopping

When shopping online, or visiting websites for online banking or other sensitive transactions, always make sure that the site’s address starts with “https”, instead of just “http”, and has a padlock icon in the URL field. This shows that the website is secure and uses encryption to scramble your data so it can’t be intercepted by intruders. 

Also, be aware of websites that have misspellings or bad grammar in their addresses. 

Keep up to date

Keep all your software updated, turn on automatic updates so you have the latest security patches. Also, make sure that your security software is ready to run regular scans.

Look out for the latest threats

Online threats are evolving all the time, so make sure you know what to be aware of.Stay on top of this and other threats by staying informed.

Keep your guard up

 Always be cautious about what you do online, which sites you visit, and what you share. Use security software, and make sure to backup your data regularly in case something goes wrong.



Leave a Reply

Sign up for our Newsletter

Contact our Experts

Contact our Experts