How to Spot and Avoid Social Engineering
1. Be suspicious of urgency
If someone pressures you to act right now, whether it’s clicking a link, transferring money, or sharing info, pause. Urgency is a classic manipulation tactic.
2. Double-check identities
If someone claims to be from IT, HR, or even your boss, verify through a known contact method. Don’t trust caller ID or email addresses at face value.
3. Watch for emotional triggers
Social engineers often play on fear, curiosity, or even flattery. If a message makes you feel panicked or overly important, take a breath and reassess.
4. Don’t overshare on social media
Attackers can use your public posts to craft convincing scams. Avoid sharing details like job titles, birthdays, or travel plans that could be used against you.
5. Hover before you click
Before clicking a link, hover your mouse over it to preview the actual URL. If it looks odd or doesn’t match the sender’s domain, don’t click.
6. Be wary of freebies
If someone offers something for free, like a USB stick, gift card, or survey prize, it could be bait. “Baiting” is a common trick to get you to plug in malware or give up info.
7. Don’t trust unsolicited tech support
If someone calls claiming to be from Microsoft, your bank, or “security support,” hang up and call the official number. Real companies don’t cold-call for fixes.
8. Use two-factor authentication (2FA)
Even if someone gets your password, 2FA adds a second layer of protection. It’s one of the easiest ways to block social engineering fallout.
9. Keep software up to date
Patches fix vulnerabilities that attackers love to exploit. Regular updates reduce your risk, even if you accidentally click something shady.
10. Trust your gut
If something feels off, it probably is. Ask a colleague, report it to IT, or just pause. It’s better to be cautious than compromised.
