4 Tips for Recognizing a Social Engineering Attack

Don't be fooled by a dude with a clipboard

Computer engineers connecting communication cable
Chris Windsor/The Image Bank/Getty Images

Think of social engineers as hackers at the workplace. Social engineers attempt to manipulate people to get things they want — usually passwords, personal information, or access to restricted areas.

Social engineering isn't simple trickery. There is a well-defined social engineering framework that is highly detailed and contains specific methods of attacks, situation-based exploits, and means of eliciting compliance.

No one wants to become a victim of a social engineering attack, so it's important to recognize an attack in progress and respond to it appropriately.

If Tech Support Calls You, Suspect a Social Engineering Attack

If you receive an unsolicited call from someone claiming to be tech support, this is a huge red flag that you are likely being set up for a social engineering attack. Tech support has enough incoming calls and doesn't need to go looking for problems. Hackers and social engineers who claim to be tech support try to obtain information such as passwords or direct you to visit malware sites so they can infect or take control of your computer.

Ask the tech support person to come by your desk. Check their story, look them up in a company directory, call them on a number that can be verified and is not spoofed. If they are in the office, call them using their internal extension.

Beware of Unscheduled Inspections

Social engineers often pose as IT inspectors as a pretext. They carry clipboards and wear uniforms to sell their pretext. Their goal is usually to get access to restricted areas to obtain information or install software such as keyloggers onto computers within the organization that they are targeting.

Check with management to see if anyone claiming to be an inspector or another person not commonly seen in the building is legitimate. They may drop names of people who aren't there that day. If they don't check out, call security and do not let them into any part of the facility.

Don't Fall for 'Act Now' False Urgency Requests

One thing that social engineers and scammers do to bypass your rational thought process is to create a false sense of urgency.

The pressure to act quickly may override your ability to stop and think about what is happening. Never make quick decisions because people you don't know are pressuring you. Tell them they will have to come back later when you can vet their story, or tell them you will call them back after you have verified their story with a third party.

Beware of 'Help Me, or the Boss Is Going to Be Mad'

Fear can be a powerful motivator. Social engineers and other scammers take advantage of this fact. They use fear, whether it's fear of getting someone in trouble or fear of not meeting a deadline.

Fear, coupled with false urgency, can short circuit your thought processes and make you vulnerable to complying with a social engineer's request. Arm yourself with knowledge of the techniques they use and make sure your co-workers are educated on these tactics also.