Aug 3, 2021   |   Tom Barton

What is social engineering?

Go back

In the last 12 months, four in ten businesses and one in four charities have reported having cyber security attacks or breaches. This is according to a report published by the UK government in March 2021. With COVID-19 and nationwide lockdowns, cybercriminals targeted more companies and businesses using social engineering and other methods ever recorded.

But what exactly is social engineering?


What is social engineering?

Social engineering is when a criminal manipulates an individual or company into giving up confidential information. They may attempt to seek out numerous types of data including your passwordsbank or other financial information.

With password security becoming stronger, criminals are now relying on the trusting nature of human beings to give up information or give them access to company platforms and accounts.


What are the different types of social engineering?

There are several different types of social engineering which a cyber-criminal may use to extort data or information from you. To understand how they attempt to manipulate you, you need to know what each method is.


Baiting is a social engineering scheme based on the cyber-criminal offering something you want or need, to gain your information. These can be seen on a variety of websites from peer-to-peer sites to social platforms. However, these can also be found on search engine results pages and in your inbox.


Scareware manipulates users’ fears of viruses, trojans and other security breaches. They will be bombarded by fictitious threats, warnings, and alarms to prompt users to install security software to secure the device.  However, by clicking install what you are actually downloading is malicious software allowing the criminal full access to your computer and confidential information.


Pretexting is when the criminals will make up a scenario and pretend to be an authority figure who requires your information. They may go so far as to use official logos and branding of that company to make you believe they are from that company or organization


Phishing is a very commonly used tool of social engineering. This is when criminals send emails to individuals or companies with the intention to trick them into providing their information.

Spear phishing

This is similar to phishing but in this scenario the criminal will pretend to send the email from a trusted or known sender to encourage users to give up their confidential information. These are targeted attacks and can appear to be from a specific individual you know, organization or business.

Important Tip

If you read something and it doesn’t sound right or seems too good to be true, it probably is. Always think before you click on any links and don’t open any attachments where you don’t recognize the original sender or aren’t expecting an email.


How to protect yourself from social engineering?

There are several ways you can help prevent any of these social engineering attacks. Here are some of the most common solutions and tips:

  • Secure your computer with the best anti-virus, firewalls, endpoint protection etc
  • Delete any requests for financial information or passwords - this will be spam
  • Set your spam filters to high to filter out a large majority of these emails
  • Reject any unknown emails or offers of help from organizations – companies will not contact you to provide help unless you have specifically requested it directly.
  • If in doubt research the company – if the email looks legitimate look them up and contact them using official contact details to check if it is them

See how Next DLP protects your employees and prevents data loss