Rather than attacking secure systems directly, cybercriminals prefer to prey on a more accessible weakness: humans. Most successful cyberattacks work because of a simple human error. Learn more about social engineering and how to protect yourself from it.
What is social engineering?
Social engineering is a set of fraudulent tactics aiming to extort personal information through manipulation. In other words, the fraudsters prey on their victims’ trust, curiosity, fear, and sense of urgency to get them to reveal sensitive information or take compromising actions.
Here are a few examples of social engineering strategies used by fraudsters.
Voice phishing (or vishing)
Calls aiming to gain access to personal information. Discover examples of voice phishing.
Spam phishing
Fraudulent email inviting the recipient to click on a link or provide sensitive information. Learn more about phishing.
Smishing (SMS phishing)
Text message urging the recipient to act quickly via a link or false alert.
Identity theft
Fraudulent use of an individual’s or organization’s identity.
Fake social media accounts
Creation of profiles imitating people or businesses, for the purpose of duping.
Targeted social engineering
Emotional or behavioural manipulation to influence an action.
Misleading advertising
Misleading ad aiming to redirect the victim to harmful content.
Legitimate-looking fake website
Fake site that resembles a real one, used to gain access to sensitive information.
Tailgating to access a restricted area
Technique consisting of following a person to access a restricted area without authorization.
Deepfake (voice or visual identity theft using AI)
Using artificial intelligence (AI) to imitate a person’s voice or image. Learn more about voice imitation using AI.
Why is this concerning?
Social engineering needs to be taken seriously, as it is very widespread. In fact, the majority of security incidents involve human error. And the number of successful attacks is high!
And it can happen to anyone. Social engineering targets all sorts of people, regardless of their role or experience. Even with awareness, new types of frauds can emerge, as artificial intelligence makes the attacks even more credible.
And the consequences can be devastating: theft of data, fraud, financial losses, damaged reputation… For all these reasons, it’s best to stay vigilant and protect yourself.
How to avoid falling for a scam
Fight fire with fire! Although social engineering preys on human weaknesses, human judgement is your best ally when it comes to detecting scams.
- Don’t judge a book by its cover. Harmful websites, ads, communications, and social media profiles often appear legitimate at first glance.
- Beware of strong emotions. Attacks tend to focus on urgency and fear as tools to manipulate people. An urgent or unexpected request can be a sign of a scam.
- Take a step back. It is important to ask yourself if the request is logical, plausible in its context, and to check its legitimacy via another means of communication when in doubt.
Vigilance: the best shield
Social engineering is an underhanded threat that preys on emotions and trust. Vigilance and a critical eye are key to avoid falling victim to these scams. Stay informed, adopt good reflexes, and keep questioning: these are the best ways to avoid falling for a trap!
Read also:
Mis à jour 24-09-2025
Version 1.0
