Proton

What is social engineering and how can you protect yourself?

Social engineering is a common hacking tactic involving psychological manipulation used in cybersecurity attacks to access or steal confidential information.

They then use this information to commit fraud, gain unauthorized access to systems, or, in some cases, steal your identity. Businesses in the US, for example, lost over $2.9 billion to business email compromise(new window) in 2023. Many of the attacks involved phishing, one of the most common social engineering scams.

By understanding the mechanics of common social engineering tricks and implementing strong cybersecurity defenses, you can better secure your most sensitive, valuable information.

This article digs into the different types of social engineering attacks and explores ways you can protect yourself and your business from falling victim to these deceptive practices.

How social engineering works

Rather than targeting weak code, social engineering leverages weaknesses in human psychology to gain access to buildings, systems, or data. Most often, social engineering exploits our natural human tendency to trust. 

Cybercriminals are getting better and better at disguising themselves as well-meaning actors, using persuasive language to lure victims into divulging information they wish to keep private and secure. 

For example, an attacker might send you an email that appears to come from a well-known company or service, asking you to confirm login credentials or personal information. This type of communication can create a sense of urgency or fear and make you think there’s a problem with your account that needs immediate attention. Many think they are responding to someone who has their best interests in mind and provide the information, such as login details or a one-time passcode — only to have that information used against them.

Social engineering attacks are not confined to email, though this is the most common vector. They can also happen over the phone, on social media, or in person.

Are there different types of social engineering attacks? 

Cybercriminals have an extensive toolbox of social engineering tricks. 

Phishing

Phishing involves sending legitimate-seeming emails or messages with the sole intention of extracting sensitive data, such as passwords or credit card information. These emails and messages can appear astonishingly real, tricking you into believing they are from a trusted sender.

Fake invoicing

Attackers often use a legitimate domain, such as PayPal, to send fake invoices claiming you owe a balance and including a button to pay. 

Baiting

This tactic dangles enticing offers, such as free software, to lure victims into traps that may lead them to unwittingly install ransomware. The promise of a free movie download, for example, could trick you into downloading a file that compromises your computer.

Business Email Compromise (BEC) 

In this scenario, an attacker can trick senior executives into transferring funds or revealing sensitive information(new window). Usually in the form of email, these attacks appear legitimate with urgent requests or malicious links, making them harder to detect. 

Scareware 

This involves sending false alarms and fictitious threats to coerce potential victims into downloading or installing software that is harmful. These threats, for example, may claim your system is infected with a virus that requires a special type of security software that is actually malicious.

Dumpster diving

This tactic, although more elaborate and involved, is another common social engineering move that involves sifting through your trash to find bills, bank statements, pre-approved credit cards, or other documents with sensitive information that can be used for fraudulent activities.

Tailgating

Also called “piggybacking(new window),” this brick-and-mortar tactic involves attackers gaining entry into secured areas by following closely behind authorized personnel. Tailgating exploits the common human instinct of holding doors open for others, especially in busy areas.

Money scams

You probably heard of the so-called Nigerian prince scam(new window), in which an attacker asks you to help transfer a large lump of money from abroad in return for a cut of the cash. Of course, you must first hand over your bank account details or pay a “processing fee” to get it.

Quid pro quo

Here, attackers offer services or benefits in exchange for information. A hacker, for example, might offer to fix a computer issue that requires you to download a remote access tool that ultimately gives the attacker control over your computer.

How can you protect yourself from social engineering attacks?

There are several strategies you can use to limit or prevent the risk of social engineering attacks:

Exercise caution with email attachments

Be wary of opening attachments or clicking links in emails from unfamiliar sources, as they may contain malware or point to phishing sites.

Be skeptical of too-good-to-be-true offers

If an offer seems too generous without any apparent catch, it’s likely a baiting tactic designed to exploit.

Limit online personal information sharing

The less information you share online, the harder it will be for attackers to target you with personalized scams.

Regularly update your software

Keeping your apps and operating system up to date ensures you have the latest protection against new threats.

Back up your data

Regular backups can help you quickly recover from an attack without significant loss of information.

Properly dispose of sensitive documents

Shredding or otherwise thoroughly destroying documents containing personal or sensitive information can prevent it from being discovered and used maliciously.

Avoid unfamiliar USB devices and disable device autorun features

Plugging in unknown USB devices can introduce malware to your system. Disabling autorun prevents the automatic installation of potential ransomware.

Use multi-factor authentication (MFA)

Adding an extra layer of security beyond just passwords can significantly enhance your defenses against unauthorized access.

Use strong passwords and 2FA

Use strong, unique passwords on all your online accounts. Proton recommends using an open-source password manager to help you create and remember strong passwords. Additionally, enabling two-factor authentication (2FA) adds an extra layer of defense. If your usernames or passwords are ever compromised, scammers won’t be able to access your accounts.

Protect yourself with Proton

In the face of social engineering threats, Proton offers a comprehensive suite of products and features designed to safeguard your digital life. 

Proton Mail

Proton Mailis built to recognize and isolate phishing emails, significantly reducing the risk of scam messages reaching your inbox. With end-to-end encryption at the heart of our services, we’ve designed Proton Mail with several layers of cybersecurity defenses:

Our encryption extends to forwarded messages, file sharing, and all events organized in Proton Calendar, allowing you to maintain workflow and schedule meetings without compromising security.

Proton VPN

Proton VPN(new window) also masks your online activities and location from potential eavesdroppers, making it difficult for attackers to gather information about you that could be used in social engineering attacks. For companies, a Proton VPN for Business(new window) account grants access to an extensive server network spanning 85+ countries across six continents, guaranteeing you and your employees will always have access to a fast, secure VPN server — no matter where your operations or employees are located.

Proton Drive

Proton Drive protects your files from unauthorized access. All your files, file names, and folder names are fully encrypted at rest and in transit to your secure cloud. With a Proton for Business plan, each user in your organization gets 500 GB of storage, providing the space and security your business needs to operate without worry of cybersecurity threats. 

Proton Pass

Proton Pass makes it easy to securely share logins and — if you’re a business owner — control who has access to sensitive logins. Administrators get additional access to tools to ensure their teams adopt cybersecurity best practices, including two-factor authentication. A Proton Pass for Business account gives you access to 50 vaults, unlimited aliases, and our high-security Proton Sentinel program, which works for both Proton Mail and Proton Pass and has blocked thousands of account takeover attacks since it was launched in August 2023. 

Making the switch is easy 

Proton Mail also offers a simple-to-use feature called Easy Switch that allows you to seamlessly transition to your new Proton Mail inbox, back up data, and import messages, contacts, and calendars from other email services, such as Gmail. It’s easy to transfer your data to Drive and Pass as well.

When you create a Proton Mail account, you are both protecting your most valuable data from social engineering attacks and helping build a better internet where privacy is the default.

Related articles

A cover image for a blog describing the next six months of Proton Pass development which shows a laptop screen with a Gantt chart
Take a look at the upcoming features and improvements coming to Proton Pass over the next several months.
The Danish mermaid and the Dutch parliament building behind a politician and an unlocked phone
We searched the dark web for Danish, Dutch, and Luxembourgish politicians’ official email addresses. In Denmark, over 40% had been exposed.
Infostealers: What they are, how they work, and how to protect yourself
Discover insights about what infostealers are, where your stolen information goes, and ways to protect yourself.
Mockup of the Proton Pass app and text that reads "Pass Lifetime: Pay once, access forever"
Learn more about our exclusive Pass + SimpleLogin Lifetime offer. Pay once and enjoy premium password manager features for life.
A cover image for a blog announcing that Pass Plus will now include premium SimpleLogin features
We're changing the price of new Pass Plus subscriptions, which now includes access to SimpleLogin premium features.
Infinity symbol in purple with the words "Call for submissions" and "Proton Lifetime Fundraiser 7th Edition"
It’s time to choose the organizations we should support for the 2024 edition of our annual charity fundraiser.