What is social engineering? See how to avoid security issues

Much is said about cyber threats, which take advantage of system vulnerabilities to invade networks and steal user data. However, it is not just virtual failures that can cause problems for the population. Human errors can happen and compromise information, and that’s what social engineering is trying to do.

  • Do you know what pharming is? Know the threat and how to avoid it
  • How to diagnose if your mobile device is infected with malware
  • After mega leaks, data theft attempts go up 21% in Brazil in 503288

Social engineering is a technique used by cyber criminals to trick unsuspecting users into sending confidential data, infecting their computers with malware, or opening links to malicious websites.

In cybercrime, these scams usually they reach unsuspecting people or people without much experience in the virtual world. Victims can have everything from their data stolen to their computers infected with viruses. In addition, attacks can happen both online and over the phone or other types of communication.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News.

Every day a summary of the main news in the tech world for you!

Types of social engineering

There are several types of social engineering attacks, always trying to use human situations to mislead the person. Check out the main types below:

Quid pro quo

You’ve certainly already received that email saying that you won a lot of money, and that to receive the amount, you just had to send your CPF or some other personal data to the sender, right? This is the social engineering called Quid pro quo.

The name is a Latin expression that means “fair exchange is not stealing”. It is a very common practice in cyber attacks, being used from ransomware to the so called “scareware“, where a message promises computer users an update to address an urgent security issue when, in fact, the announcement itself is the threat.


Example of social engineering used in phishing. (Image: Reproduction Correio Braziliense)

In other situations criminals try to pass themselves off as trusted institutions by copying the layout of an email corporate. A quick check of the sender address, however, shows that this is a scam, as emails from companies always come by specific credentials — but an unsuspecting user can fall for the scam.

Even within this category in which criminals try to pass themselves off as known institutions, there is the vishing, where contacts are made over the phone; and the smishing, in which scammers send SMS messages trying to do with which the person leaks information. It is necessary to pay close attention in these cases, as most people find that both forms of communication used in these types of attacks are less prone to hits.


Bait is a method that involves creating a trap, such as a pen drive

USB loaded with malware. A victim finds the device and, curious to see what is on the device, places it on his USB drive, which results in a system compromise.

There are cases of bait where criminals they just want to disrupt the victims’ lives, without being interested in the person’s sensitive data. There are pen drives which, after a few minutes on the computer, release an intense energy spike that damages the machine where it is inserted, and they are used in these types of blows.

Contact spamming and hacking

Emails compromised by data leakage can be hijacked by intruders who use them to send messages with malicious files everywhere account contact list, the so-called “spamming

of contacts Have you ever received that “check out this amazing site” from your brother’s email? Better to be suspicious.

In some cases, criminals can hack into an email account without the her access data are leaked, in order to perform the spamming of contacts.


Some criminals make use of pretexts, that is, stories, to try to snare the victims s. Appealing to the human inclination to want to help others, users receive emails from Nigerian princes who have recently lost their father, and who need 500 to take the throne. The person, moved by the narrative, clicks on the link in the e-mail and ends up downloading several viruses on his computer.


Some social engineering cases may even involve direct communication between the attacker and the potential victim, with building a relationship between the two while actually the attacker just wants to steal data. Cases even of people pretending to be in love with a victim can occur, where the vulnerability caused by the period of emotions on the surface ends up causing the person to leak sensitive information to the other.

How to protect yourself from social engineering

It is difficult to defend against social engineering, as these frauds are made to exploit human impulses and errors, which are not as simple to fix as a software update. However, there are several tips that can help you better identify and prevent scam attempts. In most cases they are procedures to check the veracity of the information received, a necessary and important process.

Check the source

Did you receive an email from a company? Check the sender. Found a USB drive out of nowhere on your desk? Try to trace the device’s origin before connecting it to your computer. Checking the source is a process that does not require much effort, and can save you a lot of stress in the future.

Even small details, such as spelling errors in a supposed official communication of a bank, can bring up suspicious, so keep an eye out. As a last resort, contact the person who is supposedly asking for something by phone or other legitimate means. Your doubts will surely be resolved and you will remain safe.

See what they know about you

Did you get a call from the bank and it didn’t start with the clerk asking security questions, but asking your name or some other personal information? It’s quite possible that it was a scam. Even email communications have small details to identify that they are real, as in the case of the Nota Fiscal Gaucha, which always has a safety phrase chosen by the user in the header of the email. The lack of this information should always be noted.

Keep calm

Social engineering often depends on a sense of urgency. In an example outside the digital world, if you get a phone call saying your mother has been kidnapped, your first reaction is to get desperate. However, if you calm down and get in touch with her, the bad guy loses all the advantage he had in the coup.

Criminals expect their targets, both in the digital and the real world , do not think too much about what is happening. If you can stay calm and search, for example. through the official contact of the company that is supposedly contacting you, you will easily see how easy it is to break the criminals’ goals.

Ask identification

Did you receive a phone call that is already asking for a lot of personal information? Ask who the operator works with and what his or her name is, or hang up and get in touch with the institution’s official numbers. Do not accept questions outright, treat your data with care and always investigate what is really going on.

Use a good spam filter

Always check if your email has a good spam filter. Various filters use different types of information to determine which messages might be malicious. They also have a database that allows you to identify suspicious links or dangerous attachments, in addition to having an IP list of suspicious senders, which are automatically blocked if they reach your inbox.

This is real?

Hardly a Nigerian prince will need real yours. (Image: Reproduction/Westein)

How many people have you heard who received an email out of nowhere and became overnight millionaires to the day? Yeah, none. Whenever you receive a message or phone call, try to identify if it has a real chance of happening. The famous e-mail from the Nigerian prince asking 93 Royals to take the throne is totally unrealistic, for example. Just, as stated above, stay calm and reflect a little.

Protect your devices

As stated at the beginning of this session, defending against social engineering attacks is not an easy process. However, if you fall into one, if your devices are up-to-date with antivirus and the most current software updates, the impact of an intrusion can be lessened. Also, avoid using the same password on all accounts. If credentials are varied, in the event that a leak occurs, less information or access will be compromised. Also use two-factor authentication so that the password alone is not enough to access the services.

Think of your digital presence

We live in an age where people share a lot of information on social media, and that can be dangerous. Banks and other institutions may use as a security question for account recovery something like ‘name of first pet’. If you’ve shared this data on Instagram, it’s possible for criminals to know the answer, and use it to break into your accounts. Some social engineering attacks also try to gain your trust by using recent events shared on social media to get your attention.

The general recommendations to avoid these situations are to always check the privacy of social networks, leaving posts set to “friends only” and be careful with what is being posted on the internet. This caution should be expanded to several other online situations, such as a digital resume, where it is a good option to hide address, phone number and date of birth, so that this information is not publicly accessible.

Source: Norton, Kaspersky, Imperva

Did you like this article?

Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.

Related Articles

Back to top button