What is social engineering?
Social engineering is a fancy term for tricking people into doing something they shouldn't – often without them realizing it.
Instead of attacking a computer, the scammer targets you as a person. They exploit our trust, politeness, curiosity, or busyness to gain access to information, systems, or money. It's digital manipulation in disguise.
You could say that while hacking often deals with technology – social engineering deals with psychology.
How does it work?
Social engineering can happen in many ways, but they all start with contact and manipulation.
It might be:
- An email pretending to be from your boss or the bank.
- A phone call where someone pretends to be from IT support.
- A message on social media from a "colleague" with a link.
- A person who shows up in person pretending to have legitimate business.
The goal is to get you to:
- Reveal information (e.g., passwords, social security numbers, card details)
- Click on links or open files
- Transfer money
- Grant access to systems or buildings
Many scammers use information they have already found online – such as your name, workplace or relationships – to appear more credible.
Examples of social engineering
CEO fraud: An employee receives an email that looks like it's from the CEO, instructing them to transfer money "as soon as possible" to a supplier. The pressure and fake authority make many act without thinking.
Fake IT support: Someone calls claiming to be from "Microsoft" or the "IT department." They say there's a problem with your computer – and guide you to install a program that gives them access.
Text message from the bank: You receive a message with a link to a "security check" from the bank. The link leads to a fake site where you enter your login details – which go straight to the scammer.
Use of AI and voice spoofing
With artificial intelligence (AI) it's now possible to imitate a person's voice with high precision. It often only requires a short audio clip from e.g. a video, voicemail or podcast.
This is abused in social engineering to:
- Call the finance department and get money transferred because the voice sounds like the boss.
- Trick family members into thinking they're talking to you and ask for money.
- Bypass voice recognition in some systems.
The technology makes it harder to tell real from fake – and makes it even more important to be critical.
Why does social engineering work?
Because it plays on our feelings and humanity.
- We want to be helpful and polite
- We don't dare say no to authorities
- We act quickly under time pressure
- We think we recognize the sender
- We feel safe in familiar surroundings (e.g., at work)
Therefore awareness and doubt are your best friends: Stop, think, ask yourself – does this make sense?
How to protect yourself
Here are some good tips to resist social engineering:
- Be skeptical of unexpected requests – even from "known" senders
- Check the sender's details carefully – especially email addresses and phone numbers
- Use an internal control system to approve larger transfers
- Ask control questions if you receive a strange message or call
- Never share passwords – not even with "IT support"
- Enable two-factor authentication on all important accounts
And remember: It's not embarrassing to say "no" or "I need to check". It's responsible.
Anyone can be fooled – even you
It's important to understand: Social engineering works because it's well crafted. You're not stupid if you're tricked – you're just human.
So don't be ashamed – share your experience so others can learn from it. The more we talk about it, the harder it becomes for scammers to succeed.
Being alert and asking questions isn't distrust – it's common sense.