Key Takeaways

  • Social Engineering manipulates people into giving up secrets.
  • Attacks utilize fear, urgency, or curiosity.
  • Pretexting is creating a fake scenario (e.g., "I'm from IT Support").
  • Verify every request. Call the purported sender back on an official number.

You can have the best firewall in the world, but if an employee politely holds the door open for a pizza delivery guy (who is actually a hacker), you are compromised.

Common Tactics

1. Phishing (The classic)

Emails that look real. "Your Netflix payment failed." They want you to click a link and type your credentials into a fake site.

2. Vishing (Voice Phishing)

A phone call. "Hello, this is Microsoft Support. Your computer has a virus." They trick you into installing remote access software (TeamViewer) and then drain your bank account.

3. Baiting

Leaving a USB drive labeled "Payroll 2024" in the parking lot. Curiosity kills the cat. Someone picks it up, plugs it in, and installs malware instantly.

The "CEO Fraud" (BEC)

A hacker spoofs the CEO's email and sends a message to the finance department: "I need an urgent wire transfer to a vendor right now. Do it quickly." This causes millions in losses annually.

Frequently Asked Questions (FAQ)

How do I spot a social engineer?
Look for Urgency ("Do this NOW or you'll be fired") and Authority ("This is the Police"). They try to bypass your critical thinking by making you panic.
What if I accidentally clicked a link?
Disconnect from the internet immediately. Run a full antivirus scan. Change your passwords from a different device (like your phone) immediately.

Learn to spot the fakes.
Read Phishing Guide