Social Engineering is becoming far more prevalent in recent years. The attacker can target a large number of individuals for a generic offer or a smaller subset of individuals with a very specific approach tailored on a per-person basis.

The key difference between technical exploitation and social engineering is that, besides training, it is difficult to find a clear mechanism to significantly reduce the risk of an individual being susceptible.

Social engineering is on a case-by-case basis and can drastically change in complexity depending on the scenario.

OFFERS, SCHEMES OR INVESTMENTS

Draws an individual in over a longer duration. Slowly takes advantage of them for a higher pay-out.

Resolution: Avoid temptation to be immediately drawn in. Use the classic ‘sleep on it’ method. If it seems to good to be true, or you aren’t certain on the origin of the offer, decline.

READ MORE: Knowing your cyber security approach

OUTSTANDING PAYMENTS

Used by exploiting fear, debt collection or warning notices target those who will immediately pay without questioning further.

Resolution: Creditors have guidelines to work within. If you are being pressured, do not react and report it to the relevant professional body.

IMPERSONATION

More crafted attack which involves full identity theft and charisma to draw out a longer exploitation for a high pay-out.

Resolution: Keep your paper-trail and digital footprint small. Remove when you no longer use them. Avoid leaving personal information exposed to identity thieves.

REWARDS

These are often considered high failure rate and are very easy to spot at the first instance. They target a large audience and rely almost exclusively on volume.

Resolution: Ignore all rewards unless released from an official body. The ‘too good to be true’ rule applies here.