Skip to Content Skip to Navigation

One day, you get a mysterious email announcing you as the lucky winner of a competition.

You don’t remember entering any competitions recently, but your interest is piqued by the thousands of dollars ready to be deposited in your bank account. To claim your prize, all you need to do is pay a small processing fee. While the email looks legit, it does seem a bit fishy… Nevertheless, curiosity (or greed) gets the better of you, and you’ve forked out hundreds just to get your hands on this mythical prize!

Online scams and phishing attacks are prime examples of social engineering — a technique used to manipulate people into sharing confidential or personal information, or to gain access to valuables like your money or data.

Scammers and hackers start by reaching out to you to gain your trust or spin an elaborate story around some urgent calamity, once-in-a-lifetime opportunity, or even something as mundane as a “failed payment” with software subscriptions that need to be resolved.

They may weaponise any number of emotionally manipulative tactics like using fear, curiosity, love, grief, and guilt to get your attention. From there, they don’t have to work too hard to get you to follow their innocent-sounding instructions. And once they’ve got you hooked, they’ll invite you to share more about yourself, click on links, pay money, or even try to hijack your phone, email, or social media accounts to victimise even more people.

How to protect yourself from social engineering

With the amount of random emails, calls, and texts we get spammed with every day, it’s easy to miss the suspicious signs, and autopilot our way through clicking on links that appear normal.

Here’s some easy habits you can adopt to reduce your likelihood of falling victim to a social engineering attack:

Slow down, re-read and listen to everything carefully

Some of the most obvious giveaways of a scam are bad spelling, generic addresses, or claims that just don’t match up with anything you’ve done or can recall doing recently. If something sounds too good to be true, it probably is – especially if you’ve been contacted by a stranger you know nothing about.

Think twice before clicking on links and buttons, or downloading attachments

Especially if you don’t recognise the sender, or if the tone of the email/text message seems out of character compared to how they usually sound. Best case scenario sees you checking with the sender to make sure they really meant for you to see something.

Worst case scenario sees you inadvertently downloading viruses or other malware that could be used to hack your device and steal your information.

Adjust your spam settings

To stop scam and phishing emails from reaching you in the first place, you can increase your spam filter to high and block emails from certain addresses. You can always add your friends to a “safe senders” list to ensure their emails get through.

Get a second opinion

If you’re really not sure whether an email, text, or call is real or fake, the best thing to do is to contact the business or service provider directly and ask them about it. Additionally, you can read their Privacy Policy or Terms of Use to verify whether or not they would ever ask for your personal information by texts or email.

Need a privacy policy for your website?

Generate a free Privacy Policy and Terms of Service with Create yours now!