Home > Social Engineering

Social Engineering


At the heart of almost every scam, fraud, and phishing email is a tactic called social engineering, or the psychological manipulation of people in order to perform actions or divulge information. It is a time-tested, effective tactic that bad actors and scammers can use to get access to information or resources. You may sometimes see it referred to as “people hacking,” as it involves making a person do something that is not in their best interest by making a situation or request seem like it is.

Social engineering can happen in-person or online, so learning how to spot the characteristics of a social engineering scheme can help you both in the real world and in the digital world.

Slow Down
Social engineers rely on the perceived urgency of a situation in order to force you into making a rash decision. The longer you take to act on an offer or a threat, the more likely you are to see through the ruse. Take a few deep breaths and think over the situation. Does it seem too good to be true? Are they asking you to act on a distressing situation without verifying anything? Likely, the longer you take, the more likely the chance that the scammer will disengage.

The offer is too good.
Sometimes a scammer will try to give you something, rather than claim you’re in a situation to be penalized. The offer may seem amazing on the surface. Maybe it’s something you’ve had your eye on for a while or it’s a random stroke of luck. You may have heard the saying “never look a gift horse in the mouth,” but sometimes it’s good to really examine what you’re being offered.

Where is the message coming from?
Not only is it good to slow down and really examine what is before you, it’s also good to take time to examine where something originated. Check email addresses and phone numbers closely. Remember that phone numbers can be spoofed (faked) and that email addresses can be made to look similar to legitimate addresses.

Let software help you.
These days, antivirus and email software come with many features that are intended to help you spot a phishing or scam email. Watch out for alerts that point out if an email or file is risky. Even if it looks like a legitimate message, the software is design to look deeper into it for signs that it isn’t a harmless message. If you do manage to get malware from clicking on these messages, antivirus may be able to quarantine it before it does any damage.
Social engineering is found everywhere, online and offline. It remains the most effective way for a hacker to get access to a network or a machine and plays a large role in the stealing of personal data. The best way to combat social engineering schemes to be always be vigilant and to know the signs to look for.