Social engineering is a cybersecurity attack that targets the human element of security rather than computer systems. Attackers manipulate people into breaking normal security procedures by exploiting trust, authority, curiosity, or fear.
Common tactics include:
- Phishing: Fraudulent emails or messages pretending to be from legitimate organisations, asking you to click malicious links or enter credentials.
- Pretexting: Creating a false scenario to build rapport and extract information, such as someone claiming to be IT support requesting your password.
- Baiting: Offering something enticing (free software, USB drives left in public places) to trick you into downloading malware or exposing data.
- Tailgating: Following authorised personnel through secure doors without using your own credentials.
- Vishing: Voice-based phishing where attackers call pretending to be from banks or services to obtain personal details.
Why it matters: Social engineering bypasses expensive firewalls and encryption because the weakest link in security is human behaviour. Attackers often combine technical hacking with social engineering for maximum effectiveness.
What you should do: Verify requests through independent contact details before sharing information. Be sceptical of unsolicited emails asking for passwords or personal data. Enable multi-factor authentication to protect accounts even if credentials are compromised. Report suspicious communications to your IT department or the organisation supposedly contacting you. Organisations should provide regular security awareness training so staff recognise and resist these attacks.