Skip to content

Cybersecurity: social engineering

Social engineering is just one of the threats that the EU is working on to promote cyber resilience and fight cybercrime. 

Social engineering

Social engineering is a strategy used by individuals or groups to manipulate and deceive people into revealing sensitive information or performing actions that compromise their security. It relies on psychology and human behaviour, rather than technical know-how. 

In social engineering attacks, the attacker often poses as a trusted person or source in order to gain the victim's trust. The attacker uses tactics such as impersonation, persuasion or trickery to extract valuable information such as:

  • passwords
  • financial details
  • access to systems and networks  

Social engineering attacks can take various forms. The strategy is to exploit human vulnerabilities to achieve the attacker's objectives, whether these are gaining unauthorised access,  stealing data or money.

The different techniques used in social engineering

Phishing

Phishing icon.

Attackers send deceptive emails, messages, or links to websites that appear legitimate, aiming to trick recipients into clicking and revealing sensitive information such as passwords, credit card numbers, or personal data.

Spear phishing

Spear phishing icon.

Similar to phishing but highly targeted. In order to appear even more convincing, attackers customise messages based on specific information about the target.

Baiting

Baiting icon.

Attackers offer something enticing, such as free software downloads, in exchange for personal information or system access. This can involve infected files or links.

Pretexting

Pretexting icon.

Attackers create a fabricated scenario or pretext to obtain information. This often involves impersonating someone trustworthy, such as a colleague or bank representative.

Vishing

Vishing icon.

A form of phishing that occurs over voice communication, usually phone calls. Attackers impersonate trusted entities and persuade victims to reveal sensitive information.

Impersonation

Impersonation icon.

Attackers pretend to be someone else, either online or in person, to gain trust and manipulate the target into disclosing confidential information or taking specific actions.

Angler phishing

Tailored deception icon.

Attackers mainly target social media users and often take advantage of popular or trending topics to create deceptive messages, making them appear relevant and trustworthy.

 

Ransomware and extortion

Ransomware icon.

Attackers threaten to reveal sensitive information or disrupt systems unless a ransom is paid. They instil fear in order to coerce their victims.

 

Protection against such attacks

Awareness is your shield

Shield icon.

Be vigilant and recognise the signs. If something feels odd or too good to be true, it may be a scam.

Think before you click

Think before you click icon.

Avoid clicking on links or opening emails from unknown sources.

Guard your personal information

Guard your personal information icon.

Never share sensitive details such as passwords, credit card numbers, or personal data in messages or emails, no matter who asks.

Set strong passwords

Set strong passwords icon.

Use unique, strong passwords for different accounts.

Use multi-factor authentication

Multi-factor authentication icon.

Wherever possible enable multi-factor authentication, it adds an extra layer of security to your online accounts

Verify the caller’s identity

Caller’s identity icon.

If someone contacts you claiming to be affiliated to a company or an organisation, ask for proof of identity or contact the organisation directly to verify the information.

Stay informed

Stay informed icon.

Keep learning about new scams and techniques.

Stick to trusted sources

Trusted sources icon.

Use trusted sources to download files in order to avoid malwares.

If you become a victim

Victim checklist icon.
  • notify your competent local authorities
  • change your passwords
  • enable multi-factor authentication
  • scan your devices for malware
  • alert friends and colleagues that your accounts were breached

See also

Cybersecurity

Cybersecurity

How the EU combats cybercrime

How the EU combats cybercrime

Cyber threats in the EU: facts and figures

Cyber threats in the EU: facts and figures