This website stores cookies on your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. To find out more about the cookies we use, see our privacy policy


What is social engineering?

Social engineering scams are constantly evolving which can make protecting yourself difficult – but not impossible. The key is to educate yourself and be aware of new threats and trends.

Social engineering scams are constantly evolving which can make protecting yourself difficult – but not impossible. The key is to educate yourself and be aware of new threats and trends.

In the context of cyber security, social engineering is the act of tricking someone into giving up sensitive information that can be used to defraud them. The type of information that criminals seek out can vary, however in most instances it includes passwords, bank information or they may even attempt to take control of your computer to gain access to sensitive information. But what do these scams look like? Here are some core examples…

Baiting scams

Offering something desirable for free, or at a heavy discount, is an easy way to trap unsuspecting victims. Often advertised on Peer-to-Peer sites, social media networks and online marketplace or auction websites, these scams may be disguised as a free film download or discounted goods. The seller may appear to have good ratings and reviews – information that has been forged to give the scam an air of authenticity.

Victims who fall for these types of scams may unintentionally download malicious software, purchase non-existent goods resulting in a loss of funds, and in serious cases may find their bank account has been emptied.

Phishing scams from a trusted source

If a criminal manages to hack into your email inbox they will have access to your contact list and can send emails to your address book. Because the email appears to come from a trusted source – you – many people will engage with the content. The email could contain a link or file for download which in actual fact contains malware, either allowing the criminal to carry out a similar attack on them or giving them access to sensitive files and information.

Alternatively, a phishing scam may be an email that appears to come from a legitimate company, such as HMRC or TV Licensing, offering you a refund or asking you to confirm your personal information.

Unsolicited technical support

Imagine receiving a call from a software company explaining that your computer appears to be running slowly, therefore they need to run some diagnostics. If you use the software they are offering to fix, chances are you’ll trust that it’s a legitimate call and it’s in your best interests to let them help you. Next, they may attempt to take over your computer and in sophisticated examples, appear to show you a screen containing diagnostic information – while in the background, they are stealing sensitive information such as bank details.

In some instances, this type of ‘help’ is solicited. Criminals have been known to respond to customer queries on social media by intercepting complaints and misleading a company’s legitimate customers. This can be difficult to spot and given the potentially time sensitive nature of a complaint, many customers are all too happy to engage so long as their query is being resolved.

How to avoid social engineering scams

Don’t allow yourself to be pressured into acting too quickly

Criminals will create a sense of urgency to prevent you from thinking too hard about what they’re saying. If the message conveys a sense of panic, be wary – never let their urgency influence your judgement.

Be suspicious of any unsolicited messages or phone calls

If the email looks like a legitimate company you use, check the ‘from’ address and verify it matches the contact details on their website. If you’re not sure about a call you have received, hang up and call back using a number on the company’s official website. If they are who they say they are, they won’t mind you being careful!

Email account takeover is a big problem

Once a criminal is in control of an email account, they seek to defraud the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email and the topic is somewhat obscure, check with your contact before opening links or downloading anything..

Free money offers, especially from overseas, are fake

If you receive an email from a foreign lottery, money from an unknown relative, or requests to transfer funds from a foreign country in return for bigger gains, it is guaranteed to be a scam.

Delete any request for financial information or passwords

If you get asked to reply to a message with personal information, it’s a scam. No legitimate company would ask for sensitive information – under any circumstance.

Reject requests for help or offers of help

Legitimate companies and organizations will not contact you to provide help if you have not reported an issue. If you did not specifically request assistance from the person contacting you, consider any offer to ’help’ fix your computer, move your money to a safe account, answer your question, etc., a scam.

Set your spam filters to high

Every email provider has spam filters. To find yours, look at your settings options, and set these to high–just remember to check your spam folder periodically to see if legitimate emails have been accidentally trapped there.

Secure your digital footprint

Install anti-virus software, firewalls, email spam filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notification. Use an anti-phishing tool offered by your web browser or third party to alert you to risks. You can also scan your email accounts using our free Dark Web Scanner to check if your email address has been breached or leaked on the Dark Web – if it has, you know to be more vigilant when it comes to receiving unsolicited emails. It would also be advisable to change your password for that account, and any accounts that use the same password.