Skip to main content

What are the top social engineering tactics (and how can you defend against them)?

30th July 2025

With a variety of methods at their disposal, it is easier than ever for bad actors to manipulate you: here is what you need to look out for.

The greatest vulnerability to your IT systems is you. Well, not you personally, but people: we can so easily be talked in to making mistakes or can accidentally make errors. In the world of cyber security, we call this social engineering – the act of being manipulated into giving away key information or clicking on malicious links.

To help to counteract this, we are going to go over the top methods cyber criminals use, how they work and how to defend against them. Take a look and try to keep them in mind the next time you receive a correspondence that you can’t 100% trust:

5. Quid Pro Quo

In this type of social engineering, the attack offers something to the victim in exchange for valuable data or access. This could be an offer to “fix” your computer or a survey that asks you to enter personal information.

Remember to verify the identities of anyone requesting access: for example, if they are claiming to be IT support for your company, find out if they exist and if they’re credentials are as they should be. You should also limit how much information you give out to unknown individuals.

4. Tailgating (or Piggybacking)

This is a physical method of attack, so only relevant if you work in an office (though if your home is broken in to then the same applies). Bad actors can gain access to restricted places by pretending to be someone who belongs, like a delivery driver. Once there, they can get into important systems.

To counteract this, ensure your critical systems have strong access controls, with badges and biometrics. Additionally, provide staff with training so they don’t let people through. Also, keep your computer locked when you step away from your desk: even if they get to it, they may not figure out your passcode!

3. Baiting

By playing on our greed, this social engineering method can be very effective. Users are enticed with the offer of free software, or free USB drives, which when installed are found to be malicious, infecting your systems with malware.

Preventing this is simple: if it seems too good to be true, it probably is. Don’t accept freebies, only download from trusted sources and block unauthorised USBs.

2. Pretexting

For this social engineering method, the attacker creates a scenario to manipulate you into revealing information or performing actions. This may be pretending to work for a bank and asking for financial details or impersonating a coworker who urgently needs to access something important.

Use zero-trust as a starting point: if you never assume an access request is legitimate, then bad actors can never get through. Don’t allow these requests to panic you into giving away key details: remain calm and verify before you proceed.

1. Phishing

Yes, of course, what else! Phishing emails and texts appear to be from trusted sources, but they are designed to trick victims in to clicking on corrupted links or divulging private information. It is highly likely that you have encounter this before, as phishing is extremely common.

While training and awareness are the best protective methods – if you know not to click or respond, then the attempt will fail – using email filtering and anti-phishing tools can also be a good deterrent.

How you know what social engineering methods are used and how to deal with them, we hope you can put these methods into practice and keep your systems secure. If you would like any help or advice, please contact Interfuture Security.

YouTube: https://youtu.be/x95qDo2QPoA

Back to top