caught in a social Engineering attack

Social Engineering: Everything You Need to Know

What is one of the fastest-growing cyberthreats? Social engineering attacks.

In its 2021 Data Breach Investigation Report, Verizon found that social engineering was the most common attack vector in data breaches. It accounted for 85% of the observed attacks.

Statistics aside, social engineering has been making major headlines.

On July 15, 2020, Twitter suffered a major social engineering attack that affected over 100 high-profile accounts. Those accounts included Joe Biden, Barack Obama, Elon Musk, Bill Gates, and Jeff Bezos. Twitter has suggested this was a social engineering attack that targeted Twitter employees.

If Twitter can’t keep social engineering attacks at bay, how ‘do you think your small business will fare?

In today’s post, we will look at four different types of social engineering attacks. Then, you’ll learn how to avoid falling victim to them.

Let’s jump in.

What is Social Engineering?

Social Engineering is the art of manipulating people into sharing confidential information. Unlike other cyber threats, social engineering uses human psychology.

Before attempting an attack, social engineers collect information on their targets. Using that research, they tailor their communication to that individual.

After gaining a victim’s trust through communication, an attacker uses deception to talk (or write) themselves into any network or even an office.

Social Engineering and Small Business

Many SMBs think they’re too small to attract cybercriminals. But that’s precisely the point…

Hackers love to go after SMBs because small companies often have fewer security resources, like the manpower and tools, necessary to tackle security challenges.

But that changes today.

Information is power. If you take the time to learn more about these cyberattacks, everyone will be better off.

Let’s start with the different types of social engineering attacks.

Types of Social Engineering


This type should be no surprise to you. Phishing is the most common social engineering technique. It is a hacking technique where a cybercriminal attempts to steal information by acting like a trusting source.

In most cases, phishing appears as an email. Unfortunately, phishing emails are more sophisticated today than ever before. They now look like sites and brands you use every day, like Amazon, PayPal, and UPS.

For more examples of phishing, please check out this blog post. This blog covers everything you need to know about phishing attacks.

Spear Phishing

Spear phishing is like phishing but more complex. Spear phishing is a hyper-targeted attack on a single person. Because of its tailoring, spear phishing has a higher success rate than a generic phishing attack.

Typically, a spear phisher will research the target beforehand. They find the information online, often through social media.

From there, the attacker will customize their communication to the victim. They may talk about a family member or a recent business trip to gain their victim’s trust. The victim doesn’t question the sender because they said all “right things.”


With vishing, the social engineer uses phone calls to trick recipients.


Our final type is quite scary. Tailgating is when a social engineer enters a secure building using someone else’s access.

How often do you hold the door for someone behind you? Now, what if that door is an office building door?

A social engineer knows that most people will hold the door for someone close behind. Once they are inside, the social engineer can wreak havoc, like sitting at an empty desk and installing malware.

How to Prevent a Social Engineering attack

When it comes to social engineering attacks, there is one common thread – people. So, the best way to reduce the success rate of these attacks is through education. The more awareness we have, the better off we’ll be.

Our Director of Cybersecurity & Compliance, Sammy De La O, is here to help you strengthen your defenses.

Sammy reveals his top 3 tips for handling social engineering attacks in the video below. To get started, click on the video (4m9s):

Closing Thoughts

Social engineers are getting more clever, so we need to be keenly aware of their tactics.

Proper training should teach employees about phishing emails, passwords, and security policies.

If you’re unsure about how to educate your employees, you can look to us, CompassMSP, for guidance.

Our training programs include educational, easily digestible content and video modules. On top of that, we also offer phishing simulation programs.

To learn more, please fill out the form below: