• Social engineering is manipulating people into doing something they would not normally do, by taking advantage of their trust.

• Blagging (pretexting), usually done on the phone, but can be done face to face.
• The criminal invents a scenario to persuade people to hand over information they would not normally do.

We think your bank account has been hacked, to prevent your money being lost we need to reset your login details urgently.
What is your username?
What is your insecure password, we will reset for you?"

• Phishing uses fake emails, SMS (short message service), or websites to trick people into handing over sensitive data.
• Usually made to look like the message/site has come from a bank, e-commerce site or email provider.
• Clicking on a link will usually take you to a fake version of the website and capture your login details.

• Shouldering (shoulder surfing) is where someone watches you entering login details, passwords, PINs
• This could be by looking over your shoulder, or even using recording equipment (i.e. cameras)
• This is why people are encouraged to enter PINs whilst covering their hand with their other hand.
• This is also why passwords appear on screen as ************

1. Education, making users aware of the methods of social engineering and how to reduce the risks.
2. Checking emails are genuine, checking the email address.
3. Looking out for typing errors or poor grammar, this might indicate the email is not authentic.
4. If possible, verify the email is legitimate using another communication method.

5. Avoid clicking on a link to a website, go to the website directly using a separate browser.
6. Never download from a source you don't know or trust.
7. Cover your hand when typing a PIN.
8. Never give out your PIN/password to another person.