Universiteit Leiden

nl en

ICT

Cybersecurity: How to avoid falling victim to social engineering?

2 May 2022

Social engineering is a form of cybercrime that relies on psychological manipulation. It involves gaining information by exploiting human nature, such as helpfulness, curiosity or fear. This is often done by freely sharing seemingly innocent information, for example on social media. 

The danger of social engineering

With social engineering, a criminal creates a profile of you. They do so based on information that you share on social media, such as a birthday photo of your child or a photo of a day out. The criminal uses this seemingly innocent information to create a profile of you. Armed with this information, they then pretend to be someone you know, such as a new colleague. This ‘new colleague’ then asks you to help with an account modification but also gains access to your bank details in the process. 

Another form of social engineering is if a criminal can easily guess your password by using the information on social media. They will also add a sense of urgency when contacting you. If you ‘urgently’ have to send a payment or share data, you will be encouraged to respond more quickly without thinking first.

How to prevent social engineering

  • Always check who you let into the office, ask who they have an appointment with and make sure they are always accompanied by a member of staff;
  • Do not give others access to your data;  
  • Always watch when someone else performs work on your system;
  • Always check suspicious requests through another channel. In the example above of the new employee, call that person up to check whether they actually sent that email;
  • Use the combination window key + L to lock your screen when you walk away from your workstation.
This website uses cookies.  More information.