How to recognise and respond to social engineering attempts

Social engineering remains one of the most common causes of security incidents across both cyber and physical environments. Rather than attempting to breach systems directly, attackers focus on people. They gather information gradually, using trust, familiarity and urgency to persuade individuals to disclose details, reset passwords, provide access or bypass normal procedures.

These approaches are often subtle and develop over time. A routine conversation may reveal internal processes. A helpful sounding request may confirm contact details or system access. Each interaction may appear harmless on its own, but combined they can enable account compromise, fraud or physical intrusion. Recognising how these methods work, and responding consistently, is essential to reducing organisational risk.

How to recognise and respond to social engineering attempts 

Fast checklist 

If you receive an unexpected request for information, access or action: 

• Pause before responding 
• Verify the identity of the requester using an official contact method 
• Avoid clicking links, scanning QR codes or downloading attachments until verified 
• Share only the minimum information required for legitimate business purposes 
• Report suspicious emails, calls, messages or in-person approaches 
• Escalate immediately if sensitive information, credentials or building access are involved 

The sections below explain how to apply these actions effectively.  

Step 1 – Understand how social engineering works 

Social engineering is the use of psychological manipulation to influence people into revealing information or performing actions that weaken security. Unlike technical attacks, which exploit software vulnerabilities, social engineering targets everyday human behaviours such as trust, helpfulness, routine processes and the desire to resolve problems quickly. 

Attackers rarely ask for sensitive information directly. Instead, they gather small pieces of information over time. A simple conversation may reveal job roles, internal processes or supplier relationships. A phishing email may confirm whether an email address is active. A phone call may persuade someone to reset a password or provide contact details. Individually, these pieces of information appear harmless. Combined, they can enable more serious attacks such as account takeover, fraud or physical intrusion. 

Recognising that social engineering is often gradual helps people understand why verification and cautious information sharing matter even in everyday interactions. 

Step 2 – Recognise common attack methods 

Social engineering techniques appear across many communication channels. These may include phishing emails requesting login verification, text messages asking recipients to confirm account details, phone calls impersonating IT support or suppliers, fake QR codes placed in public locations, or individuals attempting to enter restricted areas by appearing legitimate. 

More sophisticated attacks may involve long-term interaction, where an attacker builds familiarity before making a request. This may occur through social media connections, repeated phone calls or in-person conversations. Because these approaches often feel routine or friendly, individuals may not recognise them as security risks. 

Understanding that attackers often appear helpful, professional or credible helps people remain alert without becoming suspicious of normal business interactions. 

Step 3 – Pause before responding 

Urgency is one of the most common pressure tactics used in social engineering. Requests that emphasise speed, confidentiality or immediate action are designed to prevent verification. Even when the request appears legitimate, pausing briefly to confirm details significantly reduces the likelihood of mistakes. 

Simple habits – such as waiting a few minutes before responding to unexpected requests or confirming instructions through a second communication channel can prevent many incidents. Attackers rely on quick reactions; slowing the process often disrupts the attack entirely. 

Step 4 – Verify identities using trusted channels 

Verification should always rely on independently sourced contact details rather than those provided within the message or call. For example, if someone claims to represent IT support, use the official service desk number rather than returning a call to the number provided. If an email appears to come from a supplier requesting payment changes, confirm using the contact information already on file. 

This practice protects against impersonation attacks, where attackers control the communication channel and attempt to guide the victim through verification steps that appear legitimate but are actually fraudulent. 

Step 5 – Limit the information you share 

Information that appears routine can still assist attackers. Office layouts, staff working hours, project names, supplier relationships, internal contact lists or procedural details can all help attackers build a more convincing approach later. Sharing only what is necessary for legitimate business purposes reduces the amount of information available for exploitation. 

In physical environments, this may include avoiding discussions of sensitive topics in public spaces, ensuring identification badges are not visible outside work locations, and preventing unauthorised individuals from following staff into restricted areas. In digital environments, it includes limiting the personal or organisational information shared publicly on social media. 

Step 6 – Report suspicious activity early 

Reporting suspected social engineering attempts allows organisations to identify patterns that may affect multiple employees, departments or locations. What appears to be an isolated suspicious email or phone call may form part of a broader campaign targeting the organisation. Early reporting enables security teams to warn others, block malicious communications and take preventative action before an incident escalates. 

Reporting should occur even if the individual did not share any information. Attempted attacks still provide valuable intelligence about how adversaries are operating. 

Step 7 – Maintain awareness during everyday interactions 

Social engineering is not limited to digital communication. Casual conversations, networking events, service visits, delivery interactions or unexpected office visitors can all provide opportunities for attackers to gather information. Remaining aware of what is being discussed, who is present and whether identification has been verified helps prevent information leakage without disrupting normal professional engagement. 

Security awareness should therefore be seen not as a one-time training activity, but as an ongoing behavioural habit integrated into daily work.