Social Engineering

Social engineering is when scammers manipulate people into giving up information or access by exploiting trust, helpfulness, fear, or politeness. Instead of “hacking” a system directly, they try to get you to open the door for them — by sharing a password, approving a login, transferring money, or providing private details.

Social engineering often starts with small, reasonable requests that build momentum. Scammers might sound friendly and professional, use insider language, or claim they’re solving a problem for you. They may also gather information from social media (job title, workplace, friends, routines) to personalise the approach.

Examples include: someone calling and saying they’re “IT support” who needs you to reset your password, a fake supplier asking you to update bank details for payments, or a “new staff member” requesting files or login help. Another common trick is asking for a one-time verification code “to confirm your identity” — that code may actually be the key to your account.

To protect yourself, stick to safe processes even when someone seems genuine. Don’t share passwords or verification codes, and be cautious with unexpected requests for access, money, or sensitive information. Verify identity using a known channel, and if something feels unusual, pause and escalate it to the right person or team.