Question? Call Us 858-777-0040
Logo 01

What in the world is social engineering?

What In The World Are The Darknet And Darkweb?
Get your CPA firm aquanted with new FTC rules.

Read our latest eBook "The Accountant's Guide to the FTC Safeguards Rule"

Edward ran up behind the company employee as he entered the building.

“Can you hold the door, please?”
“It’s my first day here.”
“Well have a great day and welcome!”
“Thank you.”

Edward turned down the hallway and found an empty trash bin and took it with him. He turned left down the hall to executive row, just like the building schematic had shown.

He walked into Craig’s office and emptied Craig’s bin into his. Then he saw it, the sticky note on the monitor with Craig’s password. Craig was on vacation.

His email thread said he was in Cancun.

Edward had done his monitoring of Craig’s email, but lied to and manipulated an unsuspecting employee to give him access to a secure building.

Physical trespassing like the above incident of “tailgating” is comparatively uncommon compared to other types of what is called “social engineering.”

Social engineering is the criminal practice of manipulating someone to reveal personal or business information or to perform a certain task that will be harmful to an individual or organization.

Hackers are usually after personally identifiable information (PII)–name, social security number, driver’s license number, email, address, phone number, place of work, position, etc.–that should normally be kept as private as possible.

Users may have PII that they willingly share with a company in exchange for use of the company’s software, products or services. Users naturally trade off some privacy for convenience.

But that doesn’t mean they want to share it with cyber criminals.

Methods of Attack

Phishing” emails are so named because the hackers or scammers who send the emails are luring users into their trap. See our piece on phishing for an in-depth look at the various types of phishing attacks.

Most business email compromise (BEC) attacks–currently the most common type of cyber attack–on business networks are initiated by successful spearphishing and/or vishing.

Beware Mind Tricks of Savvy Crooks

In all these types of social engineering, remember the following tactics used by hackers and scammers to manipulate users into dropping their guard. They may appeal to:

Knowledge of personal details – Using the name of the target, which has been gathered through other research (“reconnaissance”).

Sensibleness – The request for information makes sense.

Authority – “Give me the information because of who I am.”

Urgency – “I need this information right now” or “your account needs your attention.” Scammers will try to get users to act rashly.

Scarcity – “This deal will only last for limited time.”

Social proof – “I’m well-known” (people look up to them, they have swagger).

Likeness/Impersonation – The hacker looks or acts like a certain person (and “do me favors”).

Fear – “If you don’t give it to me, be afraid of losing your job.”
Interrogation – The hacker questions the target when under question himself.

Humor – Being funny gets the target to drop their guard.

Conclusion: Know This Last Fact

Remember, beware the tactics above. And remember that banks, credit unions, credit cards and merchants will never contact users through text message or email to make important changes or share information like their account PIN.

Awareness for employees is crucial when it comes to stopping social engineering aimed at users and businesses. Users should be aware of tactics and methods used by scammers and threat actors.


Tech Kahunas is a San Diego Managed IT Services provider which provides IT support and services like 24/7 monitoring, data backup and restore, and malware protection.

Tech Kahunas will help you Defend Your Island. Set up a free 30-minute Strategy Session with us now.

Get your CPA firm aquanted with new FTC rules.

Read our latest eBook "The Accountant's Guide to the FTC Safeguards Rule"


Leave a comment

Your email address will not be published. Required fields are marked *

Peter Bondaryk
Peter Bondaryk

Business Owner's Guide
to Cybersecurity
ebook business owner's guide to cybersecurity
Latest posts
Follow us

Get Our FREE Accountant's Guide to the FTC Safeguards Rule Ebook!

The New FTC Requirements
That Will Change the Way You
Do Business

Get Your FREE Copy!​

Sign up to learn how you can protect against cybercrime

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

If today your business was hacked and you were at risk of losing it all...
Do you have a plan?
We will not spam, rent, or sell your information.

Nullam quis risus eget urna mollis ornare vel eu leo. Aenean lacinia bibendum nulla sed 

Join our newsletter and get a 20% discount
Promotion nulla vitae elit libero a pharetra augue