How to defend yourself against a Social Engineering attack

The art of manipulating people to give up confidential information is not new. It’s just that there are new methods of manipulation! Regardless of the method, all social engineering attacks take advantage of our natural instinct to trust people. It’s much easier for cyber criminals to trick someone into giving out their password or bank account details than it is to hack all the systems required to obtain the same information.

The key to protecting yourself is to know who and what to trust.

Take a new and critical look at the emails you receive and watch for the following red flags:


  • Is the email from someone you don’t have a working relationship with?
  • Is the sender from an organisation you don’t personally have dealings with, even though others in your workplace do?
  • If you know the sender, is it out of character for them to send a message of this nature?
  • Is it usual for the sender to include embedded hyperlinks or attachments in their email?


  • Was the email sent to a group of people you don’t know?
  • Was it sent to people you do know, but the mix is unusual? For example, everyone’s surname begins with ‘S’.


  • Has the email arrived at an unusual time? For example, it’s time stamp says 12.30 am but you know the colleague who sent it is not a night owl.


  • Is the subject mismatched with the message?
  • Is the topic irrelevant to you?


  • Is the email poorly written, with spelling and grammatical errors?
  • Does it invite you to click a hyperlink or open an attachment?
  • Does the message seem illogical or nonsensical?
  • Is the topic of the message inappropriate or irrelevant to you?
  • Does the email ask me to look at something compromising or embarrassing to myself or others?


  • When you hover your mouse over any hyperlinks, is the link-to address different to that which is written in the email?
  • Is the hyperlink the only content in the message?
  • Is the business name in the hyperlink spelt correctly? 


  • Does it make sense to have an attachment as part of the email?
  • Were you expecting the attachment to be sent?

Slow down

Think carefully about what you’ve received and the steps it’s asking you to take. If an email looks suspicious it probably is. Do your research and don’t be afraid to reject requests. Set your spam filters to high. Beware the download. Curiosity leads to careless clicking. Don’t be tempted. Not once. Not at all.

If you need any assistance with your cyber strategy or you don't know where to start please call us on  1300 478 738 or email us at

About the Author

Geoff Stewart is a highly experienced and skilled Technology Director at Surety IT. His knowledge is based on years of industry experience having created customised, stable, well performing systems both for multi-national companies in the UK and Australia and Surety IT customers.

Surety IT can help you create the right system to enhance your business, ensuring you know how it is right for you and how to use it. We will tailor a solution to suit your needs with leading systems, local support and more, building your vision for a more flexible and capable business.

Call us today on  1300 478 738 or email to discuss your requirements.