Glossary
Social Engineering
Social engineering is when bad guys trick you instead of your computer. They might pretend to be your boss, IT support, or a vendor to get you to share passwords, transfer money, or click dangerous links. It works because humans naturally want to be helpful and trust others - and scammers exploit that.
What is Social Engineering?
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Instead of hacking computers, attackers hack humans by exploiting trust, fear, urgency, or helpfulness to bypass security measures.
Why Should You Care?
Social engineering is behind over 90% of successful cyberattacks. Your expensive security software is useless if an employee is tricked into handing over credentials or wiring money to a scammer. No business is too small to be targeted - in fact, small businesses are often preferred because they typically have less training.
Is your business exposed?
Real-World Example
A scammer called a small manufacturer pretending to be from their bank's fraud department. They said there was suspicious activity and they needed to 'verify' account details to stop it. In the panic, the office manager read out account numbers and security codes. Within 30 minutes, $45,000 was transferred out. The real bank said there was never any fraud - until that call.
How to Protect Against Social Engineering
- 1.
Train all employees to recognize social engineering tactics
- 2.
Establish verification procedures for financial requests
- 3.
Create a policy to call back on known numbers, never ones provided by caller
- 4.
Limit publicly available information about employees online
- 5.
Conduct periodic phishing tests to keep staff alert
- 6.
Create a culture where it's OK to verify unusual requests
Related Terms
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required