Social Engineering (Human Access Hacks)

This isn’t just about tricking people out of money — it’s about tricking them into giving access to systems.
Social engineering is how many serious cyberattacks begin: with a well-timed phone call, a dropped USB, or a convincingly urgent request.

What Makes This Different from a Scam?

Social engineering in hacking often isn’t about getting you to hand over money.
It’s about making you do something that weakens your own system:

• Giving away login details
• Installing malware on your device
• Granting remote access
• Letting someone into a secure location or network

It often looks like tech support, system upgrades, or security warnings — not investment pitches or phoney prizes.

‍

Common Hacking Techniques That Use Social Engineering

• Fake Tech Support: A caller claims your device is infected and asks you to install “helpful” software — which turns out to be a remote access tool.
• USB Drop Attacks: A USB stick left in a car park or café is plugged in — and auto-installs malware or opens a backdoor.
• Helpdesk Impersonation: In companies or charities, someone calls pretending to be from IT and asks for login resets or MFA codes.
• Deepfake Calls or Voicemails: AI-generated voices pretending to be your boss or colleague instruct you to take urgent action.
• Onboarding Abuse: Fake job offers or service requests used to manipulate someone into creating user accounts for an attacker

‍

How to Protect Yourself & Your Devices

Never Install Remote Software Unless You Initiated It

This is the #1 trick used to get malware or control over your system.

Question Unusual IT Requests

Even in trusted environments, always double-check unfamiliar requests with known contacts or supervisors.

Use MFA and Never Share Codes

Social engineers often pretend to be support staff and ask for one-time passcodes — don’t share them.

Treat Unfamiliar USBs as Dangerous

Never plug in random devices, even if they look new or branded.

Create a Verification Habit

Especially in workplaces: have procedures for confirming the identity of anyone asking for access or tech changes.

‍

If You've Engaged With a Suspected Attack

• Disconnect your device from Wi-Fi immediately
• Note down what was said, what you did, and who contacted you
• Run a full antivirus/malware scan
• Inform your IT department or seek tech support
• Change any passwords used or stored on the device
• Report it to Action Fraud or your cyber lead if it involved sensitive systems

‍

Scams take your money.
Social engineering gives away your access.
It’s the difference between being defrauded and being compromised. You don’t have to be technical to stop it — just aware of how attackers may try to get in through you.

‍