13 Tips to Outsmart Social Engineering Attacks Like a Pro

Social engineering attacks are becoming increasingly common. Whether you're on your phone or checking an email, it can happen to anyone. But there is some good news. You can protect yourself with a few simple precautions. And what better way than to learn from pros who know a thing or two about how to outsmart social engineering attacks?

We have compiled the best security advice online from seasoned professionals.

And the best part? These tips can be followed by just about anyone.

Shall we begin?

Pro Tips to Outsmart Social Engineering Attempts

These 13 tips can help individuals and organizations in keeping social engineers away:

Cybersecurity expert Bruce Schneier warns against falling for emails that pressure you to act quickly, such as those claiming you have an urgent problem with your account. He says that most "people tend to believe what they read” when they should take a step back and reevaluate.

Lesson: Think twice about emails or other messages asking you to exercise an extraordinary sense of urgency.

Cybersecurity consultant Dr. Eric Cole advises caution when entering financial information online. Some malicious websites can mimic legitimate ones, stealing your data.

Lesson: Never give out your credit card or any other financial information online without verifying the website is legitimate.

Kevin Mitnick, inarguably the most famous hacker turned security consultant, has a simple rule. Never click links or download attachments from unknown sources lest they infect your device with malware.

Lesson: Be wary of suspicious links or attachments in emails or messages.

Entrepreneur Robert Herjavec advises caution if strangers contact you out of the blue. Especially those after your personally identifiable information (PII).

Lesson: Always be aware of the method of communication used by strangers, especially when they request personal information. The best way to deal with them is to ignore them.

Educator Lisa Bock says that online threats are evolving all the time. A firm with measures in place for encryption-based ransomware may find itself unprepared for a different attack vector. This could even be an official-looking email that contains a link to launch an internal Denial of Service (DoS) attack.

Lesson: With new threat vectors being discovered constantly, it is best to backup and store sensitive files in a remote storage facility to minimize data loss.

Microsoft's Troy Hunt suggests staying informed about common social engineering scams, such as those offering large sums of money in exchange for a small upfront payment.

Lesson: Knowledge is half the battle. Get familiar with common scams like WhatsApp scams.

Jon (Jonathan) Oberheide, co-founder of Duo Security, is a major proponent of Fast Identity Online (FIDO), an open standard for passwordless authentication. These authentication methods ditch the password in exchange for biometric information (such as facial recognition or fingerprint).

Lesson: Instead of relying on passwords, adopt passwordless authentication like passkeys and FIDO wherever applicable.

Social engineering expert Chris Hadnagy believes that even a basic email about cybersecurity education can do wonders for you and your organization.

Lesson: For small operations with limited budgets, a weekly or monthly security awareness email can significantly reduce the likelihood of phishing scams.

Some cybercriminals can send phishing emails or even calls while impersonating someone you know. McAfee Fellow Raj Samani advises confirming their contact information with an official directory to ensure they are who they claim to be.

Lesson: If you receive an email with strange URLs from someone you know, do not click it. Instead, look up their number in an official phone directory and confirm their identity over a call.

Professor Lorrie Cranor and her fellow researchers unanimously agree that weak passwords can leave your online accounts vulnerable to hacking. But with some human ingenuity, people can develop stronger and easier-to-recall passwords.

Lesson: Protect your online accounts with strong passwords, pairing them with a multi-factor authentication method for the best results.

Cybersecurity expert Mikko Hyppönen advises not throwing alternative communication channels like fax away. About computers, he says that "they’ve brought us so much more productivity and we are so much more efficient with computers, but we still should be able to continue operating the most critical parts of our operation when computers fail."

Lesson: Cybercriminals can't account for everything. It is important to design alternative disaster recovery plans that don't rely on the most common hardware, software and processes needed for business continuity.

Cybersecurity expert Joseph Steinberg recommends cybersecurity awareness training programs for employees to recognize and avoid social engineering attacks to help prevent breaches.

Lesson: Implement employee training programs to help educate staff on social engineering tactics and how to identify them.

Infosec professional Brian Honan warns that oversharing personal information on social media can leave you vulnerable to social engineering attacks. This is because even a tiny bit of information can be used by a threat actor to unearth more information about you.

Lesson: Be cautious when sharing any information online.

Being cautious and vigilant when online is essential to protect yourself from social engineering attacks. Avoid clicking on suspicious links or attachments, be wary of strangers asking for personal information, keep your software and antivirus updated, and stay informed about the latest scams. Implementing employee training programs and software tools can also help prevent social engineering attacks.

Even the top minds on cybersecurity agree that nothing beats the basics!