Post #6: Protecting Against Social Engineering and Phishing

As we become more connected to digital tools, the importance of protecting our information has never been greater. Some of the most dangerous threats today do not come from hackers breaking into systems, but from people being tricked into giving access away. These tactics fall under social engineering, phishing, and smishing.

What is Social Engineering?

Social engineering is when attackers manipulate people into revealing confidential information or giving access to secure systems. Instead of targeting a computer’s weakness, these attacks target human behavior. For example, someone might pretend to be tech support and convince an employee to share a password.

People often fall for these scams because the attacker seems trustworthy or urgent. According to researchers Akyeşilmen and Alhosban (2024), social engineering succeeds by exploiting trust and habits, not by using advanced hacking tools.

The damage can be serious. A successful attack might give someone access to a company’s internal network, allow them to steal data, or even install malware without detection.

How to defend against social engineering:

• Employee training: Teach people how to spot suspicious requests and avoid manipulation.

• Verification protocols: Require double-checking before granting access or sharing sensitive information.

What Are Phishing and Smishing?

Phishing is a scam that usually comes through email. Smishing is a similar tactic but through text messages. These messages often look legitimate and try to get the victim to click a link, download a file, or share personal details.

These attacks are effective because they often include company logos and correct grammar, and they create a false sense of urgency. A message might say your bank account has been locked and prompt you to click a link to fix it.

Fallon et al. (2023) found that people who clicked on phishing emails were less likely to question the message’s legitimacy. That shows how important awareness really is.

How to defend against phishing and smishing:

• Spam filters and security apps: These can block suspicious messages before they reach the user.

• Multi-factor authentication: Even if someone steals a password, MFA helps stop them from logging in without a second form of ID.

Why This Matters

Attacks like social engineering, phishing, and smishing are effective because they do not rely on breaking software. They rely on tricking people. That makes them hard to detect and often successful.

The good news is that awareness and the right tools can make a big difference. By using verification processes, educating employees, and having strong security systems in place, we can reduce the risk.

Reference: 

Akyeşi̇lmen, N., & Alhosban, A. (2024). Non-Technical Cyber-Attacks and International Cybersecurity: The Case of Social Engineering. Gaziantep University Journal of Social Sciences, 23(1), 342–360. https://doi.org/10.21547/jss.1346291

Fallon, C., Baweja, J., Yun, J., Thompson, N., Shaw, Z., & Arendt, D. (2023). Phishing in the Wild : An Ecologically Valid Study of the Phishing Tactics and Human Factors that Predict Susceptibility to a Phishing Attack. Journal of Information Warfare, 22(2), 67–85.