How to protect yourself from social engineering

  • The basis
  • Edited 12 May 2025
  • 2 min
  • Managing and growing
  • Secure business

When you hear the word cybercrime, you may think of hackers attacking computers and networks in a digital environment. However, many of these attacks start by deceiving people in the real world. This is called social engineering. Find out how it works and how to prevent it.

Cyber Magazine SECURE IT!

Cyber magazine SECURE IT! contains tips and information on how to secure your business online.

Read it

What is social engineering?

Social engineering is social manipulation by criminals using deception. Hackers do not attack computers and networks, but people. This is because people are often the weakest link in security. To 'hack' people, fraudsters exploit human characteristics such as fear, greed, or curiosity. Just as with cyber-attacks on systems, criminals use social engineering to steal your data or money.

Forms of social engineering

Fraudsters use social engineering to trick people in both the physical and digital worlds. Look out for these common forms of social engineering so that you do not fall for them.

Tailgating

The criminal sneaks into your business premises by secretly following an employee. This is called ' tailgating'. Sometimes it is possible to slip in with the permission of an employee. For example, the fraudster says they are delivering a parcel and need to come in for a moment. Once inside, they look for confidential information.

Shoulder surfing

Do you work on your laptop in a public place, such as on the train or in a café? Make sure no one is looking over your shoulder. These 'shoulder surfers' may see confidential information on your screen without you noticing.

Going through rubbish

Criminals also search through rubbish bins and paper containers. These 'dumpster divers' look for sensitive data, such as personal documents or bank statements.

Exploiting curiosity

In 'baiting', hackers exploit people's curiosity. For example, they deliberately leave a USB stick lying around in a public place. It is a kind of bait. A curious person plugs the USB stick into a computer, which then becomes infected with malicious software. For example, ransomware. An infected computer is more vulnerable to further cyber-attacks.

Faking authority

Hackers know that people are more likely to trust someone with authority or expertise. So they may pretend to be technical support staff, for example. They convince you that they need to quickly update your computer. In reality, the scammer copies confidential information or installs malicious software, malware.

Phishing

In the digital world, fraudsters also like to pretend to be someone you trust. They do this through phishing, for example. Criminals mislead you with fake emails, fake QR codes, and fake text or WhatsApp messages. The messages appear to come from well-known or trustworthy organisations such as the government or your bank. They ask you to send them your login details, credit card information, or PIN codes, for example.

Helpdesk fraud

A fraudster pretends to be a helpdesk employee on the phone. For example, from your own bank. They tell you that hackers are trying to empty your bank account The criminal then tells you to transfer your money as quickly as possible to a ‘secure account'. They even offer to help you transfer the money. In fact, you are transferring your money directly into the criminal's bank account. 

Video

For English subtitles, click the settings wheel, click 'ondertiteling' and select English.

Slachtoffer van social engineering

Prevent social engineering

You can reduce the risk of social engineering by taking the following measures:

  • Register every visitor to your business and ask for proof of identity. Approach people you do not know. Ask who they are meeting and check with that person.
  • Do not work on confidential documents in a public place. A privacy screen protector on your laptop screen makes it more difficult for others to see what you are doing. Do not discuss sensitive topics on the phone in public.
  • Never throw confidential documents in the bin. Use a paper shredder or a locked paper container.
  • Never insert an unknown USB stick into your computer. Also be wary of tempting offers such as free software or cheap advertising space.
  • Be careful with strangers on your premises. They may be a criminal posing as a parcel delivery person or technical employee. Never let strangers into your office or onto your computer without checking who they are.
  • Look critically at messages you receive. Are you expecting a message from this person or organisation? Or are you suddenly being asked to pay for something you do not recognise? Do not respond to these types of phishing messages. Do not share confidential information. Do not click on links or open attachments.
  • Be wary of strange phone calls, even if you recognise the number. Never give out sensitive information such as PIN codes. Do not respond to requests to install software or transfer money to a “secure” account.
     

Also of interest