Social engineering exploits human psychology rather than technology. It’s highly effective because it targets our natural trust and helpful instincts.
Common Social Engineering Attacks
- Phishing: Fake email pretending to be trusted source
- Pretexting: Creating fake scenario to gain trust
- Vishing: Phone calls pretending to be authority
- Baiting: Leaving infected USB stick to entice clicking
- Quid Pro Quo: Offering service for information
- Tailgating: Following authorized person into secure area
Recognition Skills
- Legitimate companies never ask for passwords via email
- Authority figures are often impersonated (CEO, bank official)
- Urgency and scarcity create pressure to act without thinking
- Unexpected contact should be verified independently
Defense Culture
Organizations with strong security culture teach everyone to be skeptical. Verification becomes habit. “Trust but verify” is the motto.
Personal Defense
Verify requests independently. Never assume email is from stated sender. Take time before responding to urgent requests. When in doubt, ask.
Tags: social engineering, phishing, security awareness, human security, cyber defense