Why this matters: Social engineering attacks trick people—not computers. Scammers use trust, fear, or urgency to make you click, pay, or reveal private information.
What Is Social Engineering?
Social engineering is the use of psychological manipulation to persuade you to give up information, send money, or grant access. It often looks like a message from a boss, friend, bank, delivery service, or support agent— but it’s an impostor.
Common Tactics
- Phishing: Emails/DMs with malicious links or attachments.
- Spear-phishing: Highly targeted messages using your personal details.
- Pretexting: “I’m IT/HR/Bank support…” building a fake scenario to get data.
- Baiting: “Free gift/lottery/shipment” links that install malware or harvest data.
- Quid pro quo: “We’ll fix your account if you share your password/code.”
- Vishing/Smishing: Voice calls or SMS pretending to be trusted services.
Real-World Examples (WhatsApp & Facebook)
- “Is this you in this video?” Link leads to a fake login page to steal your password.
- “URGENT: Your account will be disabled.” A fake Facebook/WhatsApp message demanding you “verify now.”
- Fake job/aid offer: Asks for an “application fee” or copies of IDs to commit identity fraud.
- Family/CEO impersonation: A cloned voice or hacked account demands money “right now.”
How to Defend Yourself
Do
- Verify requests via a second channel (call the real number).
- Type the website yourself—don’t click unknown links.
- Enable MFA/2FA and use a password manager.
- Keep your OS, browser, and apps updated.
- Set privacy controls on social media; share less.
Avoid
- Sharing one-time codes, passwords, or PINs—ever.
- Rushing due to “urgent” pressure tactics.
- Downloading attachments from strangers.
- Using public Wi-Fi for logins/payments without a VPN.
If You Think You’re Targeted
- Pause: Don’t click or reply. Verify via a known contact number or official app.
- Change passwords for any accounts you suspect; enable MFA.
- Scan your device with reputable security software.
- Report the message to the platform (WhatsApp/Facebook) and warn contacts.
- Document screenshots and links for reporting to local cyber authorities.
For Organisations, Schools & NGOs
- Awareness Regular, short trainings with local examples.
- MFA Enforce MFA on email, VPN, and admin portals.
- Reporting One-click phishing reporting and clear response playbooks.
- Access Least-privilege accounts; review shared mailboxes and tokens.
- Simulation Run realistic phishing drills and share lessons learned.
Red Flags to Watch
- Urgency, fear, or too-good-to-be-true offers.
- Mismatched sender addresses or odd URLs (check carefully!).
- Requests for codes, passwords, or payment “fees.”
- Grammar mistakes, odd formatting, or inconsistent branding.
- Unusual friend requests or DMs asking for money/help.
Tip: If a message triggers a strong emotion—stop, verify, and only then take action.