Social Engineering

Published Mar 10, 2023Updated Jun 12, 2023
Contribute to Docs

Social Engineering is when an attacker uses human emotion (usually fear and urgency) to trick the target into performing an action, such as sending the attacker money, divulging sensitive customer information, or disclosing authentication credentials.

Social Engineering In-Use

An individual might receive an email from an unsuspecting user telling them that their account has been compromised and will be deactivated unless they click the link in the email and confirm their credit card details. Once the individual clicks the link in the email, it navigates the individual to a fake website where they can insert their credit card details.

How Do Businesses Defend Against Social Engineering Attacks?

Businesses educate and train employees across the organization. Employees at all levels should understand not to click on suspicious links or to accept unusual offers, despite how legitimate an email appears to be. The following are some quick tips to remember:

  • Think Before Clicking: Attackers employ a sense of urgency to make a person act first and think later in social engineering attacks. If a person receives an email with a sense of urgency that seems unusual, that person should take a moment to check if the source is credible first.
  • Research The Sources: Check the domain links to see if they are real. Usually, a typo/spelling error is an indicator that something isn’t right. Hovering a cursor on a link before a person clicks on it will reveal where the link will send them.
  • Be Careful Downloading: If a person does not know the sender, that person shouldn’t open the message. Cybercriminals will often use email attachments to spread viruses and other forms of malware.

All contributors

Looking to contribute?

Learn Cybersecurity on Codecademy