What Types of Social Engineering Attacks Are There and How to Protect Ourselves

As we know, whenever we surf the net we can be victims of many attacks that put our systems at risk. Luckily we can make use of multiple tools and methods with which we can protect ourselves. Now, hackers often hone their techniques to achieve their goals. Something that is increasingly present is social engineering . In this article we are going to explain what are the main attacks related to social engineering.

Main social engineering attacks

In some article we have explained what social engineering is and how it is increasingly present. In this article we wanted to compile the most frequent attacks that are based on social engineering. In this way we will have a better understanding of this problem. We will also give some tips to protect ourselves.

What Types of Social Engineering Attacks Are There

Phishing by email

It is undoubtedly the social engineering attack that is most present today. It is not something new, far from it. However, over time they have been perfecting their techniques. Basically it is to receive an e-mail where they tell us to log in through a link or download a file. The point is that by logging in we are giving our data to a cybercriminal.

Within Phishing we can find generic messages and also personalized messages. The latter are more successful since they are aimed directly at the victim.

Text messages

Social engineering is also used to attack via text message . They can make use of a simple SMS to make the victim enter a malicious page or send personal data. For example they can impersonate a legitimate organization.

Scams by social networks

Social media is also a major source of social engineering attacks. On many occasions, it consists of attackers attacking their victims and posing as legitimate users, sometimes members of some organization.

What they are looking for with this is to gain their trust to carry out their attacks, collect data or obtain any benefit.

Fake News or scams

Without a doubt the Fake News or scams are very present in the network. They can look for these types of hooks to go viral and reach many users. Later, those links, those fake articles, may have malicious content, invite you to download software that has been modified by third parties, or collect data in some way.

Problems with the system

It is another of the techniques widely used in social engineering. They can call the victim to indicate that their computer is in danger, that they have detected a threat, that someone has tried to steal their data, etc. They usually pose as some important and prestigious organization.

Free product

The most traditional hook. Here attackers offer the chance to receive something for free . It can be software, it can be some physical product or it can have a benefit when contracting a service. They seek once again to gain the trust of the victim and subsequently carry out their attacks.


Baiting is a type of social engineering attack based on finding sloppy victims who casually come across removable memory. This can be a simple pendrive, for example. The point is that this memory is going to have some type of malware and when inserted it will infect the victim’s computer.


Something different is tailgating . Basically it consists of entering a restricted area. Take for example a company that is accessed through an RFID card. The attacker waits for the victim to be entering to quickly approach and say that their card has been forgotten inside.

How to avoid becoming victims of social engineering attacks

Luckily we can take into account certain tips that we are going to explain to avoid being victims of this type of problem. Some basic questions can help us gain protection.

Do not expose the data

Something very important but that sometimes users overlook is not exposing the data more than the account. By this we mean not to make our e-mail address public in open forums or comments on web pages. Nor should we make personal data public on social networks that can be used against us and are available to anyone.

Protect equipment

Of course it is important to protect the security of our devices. This means that we must install security tools and also have the latest updates and patches. Sometimes vulnerabilities arise that it is important for us to correct.

Mejora seguridad Microsoft Teams

Be careful when logging in

A basic point is also to take care of ourselves when starting the session . We should not expose information when logging in from insecure networks or through platforms that may not be reliable. We must also log out when using third-party equipment.

Using strong passwords

Finally, another tip we want to give is to use passwords that are strong and secure. This means that they contain letters (upper and lower case), numbers and other special symbols. All this at random.