Social Engineering

Social engineering refers to the use of psychology and manipulation by cybercriminals to obtain valuable information or money.

Social engineering is a form of interpersonal manipulation with the aim of causing people to behave in a certain way, e.g. to divulge confidential information, to buy a product or to release funds. Social engineers spy on their victims' personal environment, usurp identities or exploit basic human characteristics such as helpfulness, trust, curiosity, fear or respect for authority in order to obtain sensitive information or unpaid services.

Specific measures

  • Be wary if you are pressured by phone, email or text message to do something. Do not trust every caller, email or message.
  • Do not allow yourself to be intimidated or put under pressure.
  • Never disclose passwords or PINs on the phone or via email. No reputable service provider will ever ask for a password or your login credentials.
  • Do not forward any codes or passwords you have received by email or text message, whatever the pretext.
  • Never give anyone access to your computer, even if the person is claiming to be from a security service provider, financial institution or support company, etc.
  • Do not disclose business information to strangers.
  • End implausible calls immediately and delete emails/text messages right away if they require action on your part and put you under time pressure.
  • If in doubt, talk to employees or colleagues about the plausibility of the request.

Preventive measures

  • Break cybercriminal patterns by taking your time (they often create a sense of urgency).
  • Disclose as little personal information as possible. Limit yourself to what is absolutely essential. Information on social media in particular may be used for social engineering attacks.
  • Bear in mind that identities can easily be falsified on the internet. This applies to email addresses, phone numbers, websites, social media accounts, etc.
  • Use strong passwords and never use the same password for multiple accounts. The NCSC recommends using a password manager.
  • Install two-factor authentication whenever possible. This offers an additional layer of protection to prevent your account from being hacked.

Effects and risks

  • With the data obtained, cybercriminals can infiltrate email and other online accounts or even entire systems
  • Financial loss
  • Misappropriated data can be used as a basis for blackmail
  • Malware can be infiltrated into systems

Further information

Social engineering is at the root of almost every cyberphenomenon. Typical examples include:

Last modification 01.01.2024

Top of page