4th November 2019 All Posts

Security Monday: Social Engineering

Welcome to week four of our ‘Security Monday’ top tips. The topic this week is ‘Social Engineering’ and we have some tips from our Security Lead Jaabeer.

We suggest that you share these top tips with your staff to keep all of your data super secure. Make sure you check out last weeks article on ‘Ransomware.’

Social Engineering

Social engineering is the psychological manipulation of users to disclose information or access to attackers. This is probably the most effective TTP (tactics, techniques, procedures) within the InfoSec world. 

Almost all cyber attacks have used some form of social engineering such as phishing scams, forging websites, annoying pop-ups, tailgating etc.

Malicious attackers use a variety of techniques to make social engineering more effective such as:

  1. Establishing trust
  2. Using authority (e.g. impersonating an important staff member or government organisation)
  3. Generating urgency – (e.g. the well known HMRC scam which claims a limited amount of time for a tax refund)

Be wary of the above techniques when receiving emails or any form of electronic messages. Always check the legitimacy of messages before responding.

Share this article
About the Author

Jaabeer works in the Information Security and Data Protection industry and is a Certified GDPR Practitioner . He has a wealth of experience working in the information technology, healthcare and energy industry as a Security Lead and Information Security Analyst.