Identitytheft.org is a privately owned website and is not associated with any government agencies.

What Is Social Engineering?

Social engineering is the use of psychological manipulation or deception to influence individuals or groups to divulge sensitive information or perform certain actions. It is often used in the context of cyber security to gain unauthorized access to sensitive information, such as login credentials or financial information. Social engineering tactics can include phishing scams, pretexting, baiting, and tailgating.

What are Some Examples of Social Engineering?

Social engineering is a tactic used to manipulate individuals into divulging confidential or personal information. Some examples of social engineering include:

  • Phishing: sending fake emails or messages that appear to be from a legitimate source in order to trick the recipient into providing sensitive information.
  • Baiting: offering something of value, such as a free gift or access to exclusive information, in exchange for personal information.
  • Scareware: using fear tactics, such as warning of a computer virus or security breach, to convince someone to install malware or hand over personal information.
  • Pretexting: creating a fake identity or scenario to obtain sensitive information from an individual.
  • Diversion theft: a thief will ask a company or individual to ship a package to a different address than the intended recipient.
  • Impersonation: pretending to be a legitimate representative of a company or organization in order to gain access to sensitive information.

How Can You Prevent Being a Victim of Social Engineering?

Here are a few ways to prevent being a victim of social engineering:

  • Be skeptical of unsolicited emails or messages. Never click on links or open attachments from unknown sources.
  • Use antivirus and antimalware software to protect your computer and mobile devices.
  • Be cautious of offers that seem too good to be true, such as free gifts or access to exclusive information in exchange for personal information.
  • Be wary of phone calls or emails that ask for personal information, such as passwords or credit card numbers. Legitimate companies or organizations will not ask for this information through these channels.
  • Use strong and unique passwords for all online accounts and change them regularly.
  • Keep your software and operating systems up-to-date to ensure that any security vulnerabilities are patched.
  • Be aware of the information that you are sharing on social media, and be careful about how much personal information you make public.
  • Use two-factor authentication for important accounts, like email and financial accounts, when possible.
  • Educate yourself on the common techniques used in social engineering, so that you can be more aware of potential scams and attacks.

Social Engineering and Identity Theft

There are several ways in which social engineering is used in identity theft. One common technique is phishing, where a cybercriminal sends a message that appears to be from a legitimate source, such as a bank or an email provider, asking the recipient to provide personal information, such as a username and password. The message may contain a link to a fake website that looks like the real one, where the victim is prompted to enter their login details. Once the cybercriminal has this information, they can use it to access the victim’s accounts and steal their identity.

Another social engineering technique used in identity theft is pretexting, where the cybercriminal pretends to be someone else, such as a company employee or a law enforcement officer, to gain the victim’s trust and obtain sensitive information. For example, a cybercriminal might call a victim pretending to be from their bank and ask for their account number, password, and other personal details. The cybercriminal might also use a fake identity to apply for a credit card or loan in the victim’s name, using the victim’s personal information that they obtained through pretexting.

Bottom Line

Social engineering is a powerful tool used in identity theft because it preys on people’s natural inclination to trust others and to be helpful. Cybercriminals who are skilled in social engineering can use this to their advantage to gain access to sensitive information and steal identities.