When you hear the term ‘social engineering,’ do you want to run in the other direction and pretend you didn’t hear? Fear not; we are here to help because the reality is, if you don’t know what social engineering is, you need to.

Social engineering is the art of manipulating people, so they give up confidential information. As human beings, we trust people and what they say. Unfortunately, we live in a world where people will take advantage of this.

Criminals use social engineering tactics because it is usually easier to exploit your instinct to trust, than it is to discover ways to hack your software. For example, it is much easier to trick someone into giving their password willingly, than it is for hackers to try and access their account.

When individuals are targeted, criminals are usually trying to:

  • Trick you into giving them your passwords or bank account information.
  • Access your computer to secretly install malicious software that will give them access to your passwords and bank information, as well as giving them control over your computer.

The weakest link in security is inevitably the person who accepts a person or scenario, at face value. It doesn’t matter how many locks are on your doors, how many guard dogs are barking, alarm systems and armed security are available; if you trust the person at the door who is delivering a big bunch of flowers and you don’t’ ask for identification, you are completely at risk. Fact.


So, the question is, how do you spot common social engineering attacks?

You have received an email which contains a link: Be wary of any email you receive! If the link comes from a friend and you’re curious, you’ll trust the link and click on it. Hackers have become so clever that they can make an email look like it is has come from a friend, when in fact it hasn’t. Once you have clicked on the link, your computer can be infected with malware and the criminal can take over your machine.

Best advice; check the language used in the email. Is it the usual language used by your friend? Also, when you can hit reply, you can check the email address. Check both before you click on any link.

You have received an email which contains a download: Again, be wary! Pictures, music, films, documents and eBooks that has malicious software embedded look legitimate. That’s the problem. If you download these, thinking it is from your friend, it’s too late. Now, the criminal has access to your machine, email account, social network accounts and contacts and the attack spreads to everyone you know.

Best advice; check the language used in the email. Is it the usual language used by your friend? Also, when you can hit reply, you can check the email address. Check both before you click on any link.


Email from a friend: If a criminal manages to hack into or socially engineer someone’s email password, they will have access to that person’s contact list. Most people use one password for all platforms, so the chances are they will probably have access to that person’s social networking contacts as well.

Once the criminal has that email account under their control, they can send emails to all the person’s contacts or leave messages on all their friend’s social pages. These messages may use your trust and curiosity and create a compelling story.

Best advice; check the language used in the email. Is it the usual language used by your friend? Pick up on the phone and call them; double check!

Social networking safety is often overlooked. This can leave you vulnerable to being a target for cyber-criminals and possible reputational damage.

Identity theft is any kind of deception, scam, or crime that results in the loss of personal data, including the loss of user names, passwords, banking information and credit card details. Your phone or tablet that you are carrying around is essentially a small computer, which could suffer from malware, spyware and viruses in exactly the same way.

You can follow these simple steps to ensure your sensitive information and privacy are protected:

  • How much is too much? It goes without saying, it is obviously a terrible idea to post your personal phone number, credit card information or home address anywhere on the internet. You never know who will be able to see that information, even if you are sharing it with a closed network of friends. Only share information you are happy for people to see.
  • Beware of people attempting to connect with you: Anyone can pretend to be whoever they want on the internet. Online scammers present themselves as honest people with an intention to gain access to your personal information for their own purposes. When in doubt, ignore the request or better still, block the user in question.
  • Optimise your privacy settings: Social media networks are not designed with your privacy in mind and you will always have to make manual adjustments. Go into your privacy settings, and see where things are set. Never leave any personal information set to be viewed by the public, unless you are happy to do so. If you’re a stickler for privacy, there are many things you can set to only be visible by you, including your posts.
  • Always trust your gut! Ultimately, you should trust your gut. If you post close to none of your personal information on the internet, you are significantly reducing the risk to your personal security. Remember that you don’t have to make something public if you only want to share it to a small group of individuals.


Did you find this information useful? Download or print out our PDF; it may come in handy! What is Social Engineering PDF

You can visit our security section on our dedicated blog here. This section is packed full of helpful reviews and tips on internet security, cyber-crime, password protection and much more. Most of our blog posts in this section contain downloadable or/and printable PDFs, which you may find useful.

Please call our helpful team of ninjas on 01843 572600 or email hello@365itsupport.co.uk if you would like some advice on social engineering.

Looking for some cyber-security training? Visit our BCS Education site where you will find our Cyber Security End User Training. Contact us for a code so you can get this for free, for you and your team members!

You must be logged in to post a comment.