Social Engineering is: Definition and How to Prevent It

In addition to having a positive impact, technological developments can also trigger negative impacts such as cybercrime. One of the types is social engineering which has recently become increasingly dangerous. Social engineering is the engineering of crime on the internet that is very detrimental to the victim.

Social engineering can result in victims experiencing a loss of privacy through the data and information being shared. Using this data, hackers can take many advantages, including from the financial side.

Please note, social engineering is a crime that takes advantage of the weakness or negligence of the user. So that the hackers can get the important information and data they need quickly.

Table of Contents

The definition of social engineering is

social engineering is dangerous cybercrime

Social engineering is an attempt to manipulate someone to provide confidential personal information or data by exploiting their mistakes. This type of fraud is based on how a person thinks and acts, and this crime is also very useful for manipulating user behavior.

When the perpetrator already knows what motivates the user to do something, the perpetrator can easily manipulate it. In addition, this social engineering is also carried out on users with less internet knowledge as the internet develops very quickly.

Actually there are many methods that can be used to do social engineering. In general, hackers will create things such as emails, campaigns, and certain challenges to gain sympathy and trust from victims.

Hackers will disguise themselves as authorities or people trusted by victims in carrying out their actions so that victims are willing to provide personal data, important information, to materials.

In the realm of cybercrime, social engineering is a crime that is included in the type of human hacking because it has an allure so that the victim does not suspect anything. The attacks occur online, in person, and through other unexpected interactions by the victim.

Therefore, it is important to learn to use the internet properly and correctly. The goal is to be able to protect privacy and personal data more maximally. One thing that must be done while on the internet is not to share data carelessly.

How Social Engineering Works

how social engineering works

After knowing the definition of social engineering is one of fraud engineering, you also need to know how the fraud works. The goal is to minimize the potential for social engineering crimes to occur in oneself.

Most of these social engineering crimes rely on direct communication between the perpetrator and the victim. In general, social engineering has a way of working which is divided into several stages, namely:

Preparation phase

Every cybercrime generally always begins with preparation in advance. This preparation aims to collect all background information about the victim and find out where the victim is active in a group.


After the hacker manages to collect data and information from the victim, it will generally start the infiltration stage. This process is not carried out directly. But first by establishing a relationship with the victim. For example, by starting to build trust.

Performing Cyber ​​Attack

If the perpetrator has earned the trust of the potential victim, they generally already know the victim’s weak point. Then the hackers will start to attack the victim through the method that suits the victim best.

Victim Release

Once the perpetrators get the data and information they need, generally interaction with the victim will be lost. Even the hackers will cut off the interaction and if possible delete the communication history with the victim.

The stages of how the hack works above can happen in a short time using one email or it can even take months. Therefore, you must always be aware of the interaction process on the internet. Especially with strangers you don’t know at all.

Types of Social Engineering

types of social engineering is

Almost all cybercrimes contain social engineering techniques, the most common example being email scams. After knowing the definition of social engineering is a crime, you also need to know the types of social engineering that are commonly found on the internet.

For information, here are some types of Social Engineering that are commonly used by actors on the internet:

Social Engineering Type: Baiting

Baiting is the most common type of social engineering attack. Baiting social engineering means carrying out this attack using bait. Usually the bait used is an attractive offer for the victims.

Baiting usually takes advantage of the victim’s curiosity or baits with false promises. The lured victim will fall into the trap of the perpetrator to steal personal information data or make the device system exposed to malware.


Pretexting is a hacking technique that is used to manipulate victims in order to obtain the desired information or access with lies that are compiled in detail. This type includes cybercrime which is very dangerous and detrimental.

An example of social engineering is that the perpetrator will disguise himself as the closest person or person in authority who needs the data. However, the perpetrator will carry out a persuasive interaction so that the target can do what the fraudster asks.

Furthermore, victims who do not understand what social engineering is and the hidden intentions in the messages sent by the perpetrators will be vulnerable to this one case. Through this process, the perpetrator can steal the victim’s data and information easily.

The Type of Social Engineering Is Phishing

email phising on internet

The next type of social engineering is phishing. This term is very popular in various circles because it is a type of crime that often occurs in many victims. Phishing is an attempt to deceive someone to get information in the form of personal data, account data, and financial data.

One example of phishing is through sending fake emails to potential victims. In this case, the hacker will send a fake email disguised as an authorized agency so that ordinary recipients will feel confident and will not hesitate to follow the instructions given.

Read: What is Trojan and How to Keep Your Computer Save!

Phishing emails will usually direct recipients to provide important data, go to dangerous sites with links that look safe to open email attachments that look like malware.

Phishing victims who are unfamiliar with what social engineering is will be more vulnerable to being caught in a trap because of curiosity about certain links or feeling convincing statements from perpetrators. Therefore, it is important to always be careful when accessing the internet.

Spear Phishing

Spear Phishing is a more specific crime than ordinary phishing. The definition of spear phishing is a form of attack that has a specific target. Hackers will collect various basic information of victims such as name, email, position in the company, and so on.

This data can be used to build the target’s sense of trust and find the victim’s weak points, making it easier for them to steal or sabotage data. Because the stock of information owned by hackers is enough to convince the victim.

Not infrequently the perpetrator will include various convincing things such as the official logo of the sending agency, and other details. But you can still be safe from this crime if you pay close attention to the sender’s email, not the official email listed.

Quid Pro Quo

The next type of social engineering is Quid Pro Quo. In short, Quid Pro Quo is a tactic of getting information by offering a service. It can be said if this type enters the low level of what social engineering is.

Usually the perpetrator will contact the victim disguised as a certain party and offer assistance. Although this type is a low-level crime, social engineering is a very dangerous act. So you still have to be careful and alert.


Tailgating or often called piggybacking is a type of physical social engineering in which the perpetrator manipulates people who have the authority to gain access to locations that require authentication. Perpetrators sometimes don’t have to have special hacking skills because just by chatting, they can do this.

Read: What is Network Security: Types and Functions

Therefore, to avoid unwanted things, it is better if you are always careful. Make sure not to share important information and sensitive data with just anyone. Especially to people who are not known personally.


Scareware is the act of scaring the victim by giving certain warnings to the target device. Generally, scareware tends to mimic the appearance of a built-in security program as closely as possible so that the victim becomes concerned and follows the instructions of the warning.

This type of social engineer generally encourages victims to install malicious software or malware that will scan the victim’s personal data. Therefore, one way to protect against social engineering is not to download files carelessly on the internet.

DNS Spoofing

The next type of social engineering to know is DNS Spoofing. In short, this method is done by spoofing the IP address to a dangerous website when the victim accesses the official website.

The appearance and URL address of the fake website is quite similar to the original official website. So if the victim is not careful, usually many will be deceived. Then without suspecting it will enter important data that hackers will later use for their personal gain.

How to Avoid Social Engineering

How to avoid social engineering is

Social engineering is a technique that takes advantage of the psychological side of the user, for example curiosity or fear that brings the user into the trap of hackers. So sometimes the perpetrators do not need high-level hacking skills to do so.

To avoid Social Engineering attacks, you can use the following methods:

Avoid Opening Mysterious Emails and Attachments

One method of social engineering is via email. If you get an incoming email from someone you don’t know, you shouldn’t open it. Especially if the email contains file attachments with unfamiliar or unknown extensions.

If you get an email from someone you know but is suspicious of the contents of the attachment, it never hurts to confirm with the sender. For example by telephone or meet him in person if possible.

Read: 13 Types of Cybercrime, Stay Away from Them!

You need to remember that emails will always be forged by hackers, even emails that appear to be from trusted sources may have been forged by hackers. So you must always be careful when you want to access the internet and the content in it.

Don’t be easily tempted by offers on the internet

The next tip that can be used to prevent social engineering crimes is to avoid being easily curious and tempted by offers on the internet. Because sometimes hackers also provide attractive offers for potential victims to carry out their actions.

You should not be easily tempted by the tempting offer you receive, because it is not necessarily an official offer. To be sure, please check again by searching the internet for the offer you got. Make sure if the offer is official and comes from the official company concerned.

Using VPN

using VPN for your internet protection

Hackers can monitor your activity on the internet through the network you use. Therefore, one way to avoid social engineering is to use a VPN. Virtual Private Network (VPN) is a tool that can be used to hide privacy data on the internet.

VPN works to encrypt the connection you are using and hide your IP address, and with a VPN, you will not be tracked by hackers. But make sure that you choose a credible and trusted VPN for maximum security.

Using Multi-Factor Authentication

One of the big targets of hackers when doing social engineering is obtaining user credentials such as emails and passwords. To protect it, you can use passwords and multi-factor authentication for layered security in the process of accessing accounts.

With this double security, you usually still need other processes to log into your account, such as unique questions, OTP codes, pins, to fingerprint biometric verification or face detectors. The use of the multi-factor authentication (MFA) method aims to ensure that account credentials are more secure.

Using Antivirus and Antimalware

The next step that can also be used to prevent social engineering is to use Antivirus and Antimalware. Usually hackers can retrieve victim data by taking advantage of security holes that exist on computer devices.

But if your device and account have good security, it will certainly be able to minimize it. To protect your device from cybercrime, you should install antivirus and antimalware as a precaution before it happens.

Read: 12 Types of Computer Viruses You Need to Get Rid of Right Now

To get optimal protection, the antivirus must always get the latest version so that bugs and errors can be resolved in the latest version. Generally the latest versions have a better ability to detect malware.

Be Careful When Downloading Files on the Internet

The next way that can be used to prevent social engineering is to be careful when downloading files on the internet. Because the downloaded file may contain malware or viruses that can harm your data and device.

Make sure the site is official and has SSL protection (a security certificate that encrypts data). Also, only download files on the internet that you really need and identify the type of file.

Using Password Manager

The next tip that can be used to prevent social engineering is to use a password manager. Many of us use the same password for multiple accounts. The problem is, if the password is known, it will be easy for criminals to sabotage the data.

One of the right ways to avoid social engineering is to use a password manager, which is a tool in the form of an extension to the browser or application that can be stored on the device.

Later, the password will be stored in a super high security place, namely Advanced Encryption Standard (AES) 456 bit. So it can’t be hacked arbitrarily by hackers or irresponsible people.


Social engineering is a crime that takes advantage of the victim’s psychology, for example by exploiting fear and curiosity. This crime is relatively quite a lot found on the internet either for the purpose of data theft or financial theft.

There are many methods that can be used to perform social engineering. Starting from baiting, phishing, DNS Spoofing, and even scareware. Each type of social engineering has a different method for obtaining victim privacy data.

Social Engineering is actually a crime that can be avoided. You can use several ways to avoid this. For example, using multi-factor authentication, using antivirus, not downloading files carelessly, and so on.

That’s a complete discussion about social engineering is one of the dangerous cybercrimes. After reading the article, hopefully you can better understand what social engineering is and can avoid this type of crime.

Leave a Reply