
The weakest link in security is rarely the technology — it is people. Social engineering is the art of manipulating someone into handing over access or information they should keep private, and it is behind most successful hacks. Our GetMyPassword team explains what social engineering is, the common tricks attackers use, and how to recognise and resist them before you become the entry point.

What social engineering is
Social engineering means tricking a person rather than breaking a system. Instead of cracking your password, an attacker persuades you to reveal it, click a link, or approve a request. It works because it exploits human instincts — trust, fear, curiosity and the urge to be helpful — which no firewall can patch.
Common techniques
- Phishing: fake emails or messages that imitate a trusted brand.
- Pretexting: inventing a scenario — “I’m from IT support” — to extract information.
- Baiting: a tempting offer or “free” download hiding malware.
- Vishing: phone calls posing as your bank or a service, pressing for codes.
Why it works
Attackers manufacture three feelings: urgency (“act now or lose access”), authority (“this is the bank’s security team”) and trust (a message that appears to come from a friend). Under pressure, people skip their usual caution. Recognising these triggers is half the defence.
The strongest password in the world is useless if someone simply asks for it and you give it. Social engineering targets the human, so the human has to be the one who pauses and verifies.
How to protect yourself
Slow down when a message creates pressure, and verify through a separate channel — call the company on its official number, not the one in the message. Never share passwords or one-time codes; no legitimate organisation asks for them. And limit the damage of any single slip by giving each account a unique password from our password generator and enabling two-factor authentication, so one leaked credential cannot unlock everything.
Frequently asked questions
What is the most common type of social engineering?
Phishing — fraudulent emails and messages imitating trusted brands — is by far the most common. It is cheap, scalable, and relies on you clicking a link or entering credentials on a fake page.
How can I tell if I am being socially engineered?
Watch for unexpected urgency, requests for passwords or codes, and pressure to bypass normal steps. When in doubt, stop and verify the request through an official channel you find yourself, not one provided in the message.
Can technology stop social engineering?
It helps but cannot fully prevent it. Spam filters, two-factor authentication and unique passwords reduce the damage, but awareness is the key defence because the attack targets people, not systems.



