Social Engineering Isn’t Just Cybersecurity — It Happens in Real Life Too

Have you ever wondered why you receive scam text messages and phone calls? The purpose of these messages is typically to get you to give your personal information so it can be used for their own motives—whether that be accessing your bank account or impersonating you. These calls and messages fall under a term called social engineering.

This cybersecurity term refers to a common reconnaissance strategy in the hacking framework. Reconnaissance is the first step and entails gathering information for a future attack. Social engineering is the practice of manipulating individuals into divulging valuable information. This information is later used to conduct research or even carry out attacks such as exploitation.

Not only is social engineering used in cybersecurity, but it is also used in real life. There are people in this world who may not be aware of the term but are aware of the tactics, either subconsciously or consciously, and utilize them to their benefit.

Social engineering can be performed through phone calls, which is known as vishing. It can also be conducted via text messages, which is referred to as smishing. The most common type of social engineering vector is through email, known as phishing. This term was coined in the 1990s and gets its name from the concept of baiting a fish—similar to how a person is lured into giving up personal information such as passwords. When someone impersonates an executive or specifically targets executives using social engineering tactics, it is called whaling.

Now that you know the most common social engineering vectors, let’s talk about the signs to watch out for—not only in texts, emails, and phone calls, but in your personal life as well.

Attackers tend to use urgency, trust, and fear to get individuals to submit to their motives. If you ever receive a random email or text urging you to click a link or download a file, it is most likely a phishing or smishing attempt and should be mentally flagged as suspicious. Before taking any action, stop and think.

Check who the sender is. If you see a string of random characters in the email name or a generated domain, it is most likely a malicious attempt meant to bait you. At that point, it is not even necessary to analyze the link. Discard the email and flag it as spam.

If you receive a text message from an unknown number urging you to access a link or open an attachment, delete it immediately. Attachments can contain malware, which is malicious software used to damage a system or spy on it. This can affect your cellular device. You can avoid this risk by deleting the message without accessing the link or attachment and blocking the number.

If someone is trying to get close to you very quickly, this can also be suspicious. Once you recognize this behavior, it is important to analyze why it may be happening and end the conversation or relationship as soon as possible. People with malicious intent often behave this way because there is something valuable they are trying to gain access to or obtain from you. Protecting yourself and your assets means applying controls—or boundaries—to prevent any form of exploitation from occurring.

The last method I want to address is fear. Fear is commonly used to manipulate individuals into submitting to someone else’s narrative. If you ever feel pressured or forced to be afraid of an event—whether through text, email, phone call, or in person—it is likely a social engineering attempt. Once you recognize this, end the interaction in a way that protects you and prioritizes your well-being. Online, this may mean deleting the message or ending the call. In person, it may mean removing yourself from the situation.

What I want you to take from this reading is a new sense of awareness and empowerment in your cybersecurity journey. You now understand what social engineering is and are familiar with common attack vectors such as phishing, smishing, vishing, whaling, and in-person manipulation. You also have a better understanding of reconnaissance and how to recognize when fear, urgency, or trust is being used against you.

The tools you learned today empower you to take control of your own cybersecurity.

For those looking to better understand their cybersecurity risks or improve awareness, you’re welcome to fill out the discovery form or visit my YouTube channel for additional educational content.