Social Engineering Defence

Recognising and Resisting Manipulation


Published on 26/05/2025

Social Engineering Defence: Recognising and Resisting Manipulation

Social engineering is the art of manipulating people into performing actions or divulging confidential information. It exploits human psychology rather than technical vulnerabilities.

  • Be Wary of Unsolicited Communications:
    • Emails, Phone Calls, SMS (Smishing), Social Media Messages: Treat any unexpected contact with suspicion, especially if it requests personal information, financial details, or login credentials, or urges immediate action.
  • Verify Identities Independently:
    • Do Not Use Provided Contact Details: If you receive a suspicious request seemingly from a known organisation (e.g., your bank, a government agency), do not use the phone number or link provided in the suspicious communication. Instead, look up the official contact details independently (e.g., from their official website or a statement) and use those to verify the request.
  • Identify Common Social Engineering Tactics:
    • Pretexting: Attackers create a fabricated scenario (pretext) to gain your trust and obtain information.
    • Baiting: Offering something enticing (e.g., free music download, a USB stick found "accidentally") to lure you into a trap, often leading to malware infection.
    • Quid Pro Quo: Promising a benefit in exchange for information or access (e.g., "help" with a fake IT problem).
    • Tailgating/Piggybacking: Physically following an authorised person into a restricted area.
    • Vishing (Voice Phishing): Phone calls attempting to trick you into revealing sensitive data. Often involves impersonating authority figures or creating a sense of urgency.
  • Protect Your Personal Information:
    • Limit Public Sharing: Be mindful of how much personal information you share online, on social media, or in public forums. This information can be gathered by attackers to craft more convincing social engineering attacks.
    • Secure Document Disposal: Shred sensitive documents before discarding them.
  • Resist Pressure and Urgency:
    • Attackers often try to create a sense of panic or urgency to prevent you from thinking critically. Take your time and pause before acting on any urgent request.
  • Educate Yourself and Your Family/Colleagues:
    • Stay informed about common social engineering scams and share this knowledge with others. Awareness is a key defence.
Back