Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementLogical Security

Guarding against social engineering attacks

By Federico Morelli
computer open to gmail

Image via Unsplash

November 3, 2023

Social engineering attacks are on the rise, and despite increased awareness, human error is still the most successful gateway for most data breaches today. 

No matter how many security tools security leaders deploy and maintain to safeguard data or an organization, the biggest vulnerability lies in the people. Hackers are evolving even as security leaders invest in another cybersecurity training — they’re getting sneakier, smarter and more sophisticated. 

What is social engineering?

Social engineering is an attack that uses deception or manipulation to access confidential information or systems. It's a kind of ploy, and its goal is to make users give up their passwords or other private information through phone calls, messages, or emails. Social engineers may also use legitimate credentials from other sources, such as the dark web or social media, to tailor their attacks to their victims.

Phishing and pretexting

The two most common types of social engineering attacks today are phishing and pretexting. 

Phishing is a deceptive technique where cybercriminals impersonate someone known or a trusted organization to trick them into revealing sensitive information, such as usernames, passwords, credit card numbers, or personal identification information. 

Pretexting is more elaborate and involves the creation of a fabricated scenario or pretext to manipulate users into disclosing sensitive information. Unlike phishing, which usually relies on impersonation, pretexting often consists of building a false narrative or story to gain a person's trust and access to their data.

While phishing and pretexting are distinct tactics, they often overlap. For instance, a phishing email may incorporate pretexting elements by including a fabricated story or scenario to request more legitimate and convincing information. In such cases, the attack can be described as a blend of both techniques.

The psychology of social engineering

Social engineering attacks are often successful because they exploit human weaknesses. They rely on the attacker or attackers manipulating emotions or using deception to get what they want.

Building trust

A social engineer will use many tactics to build trust with their target so they can be tricked into giving out information more easily. They might talk about family or ask about a user’s life to create a bond. Worse still, they may come prepared with this information (collected from the internet or previous social engineering attacks) and know exactly who someone is and how they might respond. The attacker can also pretend to be a colleague in another department within your organization. 

Exploiting emotions

Social engineers know that people are more likely to give out information when they feel like they’re helping someone else, even if it means putting themselves at risk. They also exploit emotions such as sympathy or panic, which can cloud your judgment and make someone more likely to do what the attacker asks them to do. For example, suppose someone was pretending to be a police officer calling about credit card fraud. A user might feel pressured to provide them with information and even agree to transfer money.

The factors influencing human vulnerability

Social engineering attacks take advantage of human vulnerabilities, but there are other factors that cybercriminals count on whenever launching an attack. One is ignorance, and the other is arrogance. 

Lack of cybersecurity awareness

A lack of cybersecurity awareness is one of the main contributors to social engineering attacks. Users won't take precautions if they don't know they're at risk. In fact, according to a survey conducted by Intel in 2022, 97% of individuals around the globe are unable to identify a sophisticated phishing email, and one out of five small and medium business owners did not know what the word phishing means.

Overconfidence in technology

People believe that technological solutions alone can protect them from social engineering attacks. However, even strong passwords and two-factor authentication cannot protect security leaders from human nature and the possibility of making a mistake, especially when they are overworked or distracted. The secret ingredient of many social engineering attacks, urgency, can make them click on the link in the email without stopping to think first.

Mitigating the human factor 

While there’s not much security leaders can do about their human nature (which is just as great as it isn’t), they can train their instincts, change their habits and strengthen their cybersecurity defense mechanisms. In other words, they can make thei responses less impulsive. There are several ways to help security leaders mitigate the risks.

Cybersecurity training and education 

Training should not be limited to technical staff but should also include management and other employees who might come into contact with sensitive data or systems. The training should consist of practical exercises that simulate real-world scenarios so that employees can learn how to respond when faced with a real-life situation. Run these regularly and measure how well the team performs.

Implementing strong authentication methods 

Robust authentication methods ensure that only authorized individuals can access information or systems, thus reducing the risk of unauthorized access by insiders or hackers who may attempt to impersonate others by guessing passwords or using stolen credentials. Solid authentication methods include multi-factor authentication (MFA), biometrics, physical tokens and knowledge-based questions (KBQ).

Raising awareness through simulations and drills

Run drills in which employees practice recognizing suspicious behavior and reporting it immediately. Security leaders can also routinely perform "fake" social engineering attacks and check how their team responds. Follow each one of these with an in-depth feedback session. In addition to raising awareness, it will make employees more suspicious when opening an email or picking up their phone, as they should be.

Take care of the personal information available to hackers

There’s a lot to take care of. Personal information, including an address, phone number and age, can be easily found on people search sites. In addition, criminals can find out where they work and what they're interested in thanks to social media profiles and cookie tracking information (readily available on the dark web). This makes performing a successful pretexting attack way easier. 

Future social engineering trends

As technology advances, so do the techniques employed by cybercriminals in social engineering attacks. Attackers continually refine their methods, making detecting and defending against such threats increasingly challenging. The future will likely see the development of more sophisticated and convincing social engineering tactics, including deep fakes, AI-generated content, and novel psychological manipulation approaches.

The role of artificial intelligence and machine learning

Artificial intelligence (AI) and machine learning (ML) are becoming integral to both cyberattacks and defense strategies. Attackers can leverage AI and ML to automate and personalize their social engineering campaigns, making them more effective. Conversely, AI-driven tools are also used to detect and respond to social engineering attacks in real-time. However, this cat-and-mouse game raises concerns about the potential for AI to be weaponized by malicious actors.

Privacy concerns and ethical considerations

Social engineering attacks often involve the manipulation of personal information. As data privacy concerns continue growing, the ethical implications of collecting and using personal data for legitimate and malicious purposes become more pronounced. Striking a balance between security and privacy will be a crucial challenge in the future. Security leaders will need to come up with responsible data handling practices and robust legal frameworks to protect individuals from social engineering exploits while safeguarding their privacy rights.

People are the weakest link in an organization's security strategy. While many successful engineering attacks rely on greed ("click here to win"), even more exploit their impulse to help, cooperate and contribute. 

KEYWORDS: cybersecurity awareness employee training phishing security training social engineering

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Federico Morelli is a Content Manager at Incogni.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    New Security Technology
    By: Charles Denyer
close

1 COMPLIMENTARY ARTICLE(S) LEFT

Unlock the future of cybersecurity news with Security.
As a leader in enterprise security, we have you covered with the information to keep you ahead of the curve.

JOIN TODAY

Already Registered? Sign in now.

Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • red and green lighting over three unlocked locks

    Preparing employees to win the battle against social engineering

    See More
  • Phone with message icon

    Social Engineering Attacks: What You Need to Know

    See More
  • laptop open to gmail

    AI's role in future advanced social engineering attacks

    See More

Related Products

See More Products
  • 9781138378339.jpg

    Surveillance, Crime and Social Control

  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!