{"id":4080,"date":"2022-11-29T06:31:50","date_gmt":"2022-11-29T06:31:50","guid":{"rendered":"\/cybersecurity-blog\/?p=3232"},"modified":"2025-12-09T10:25:31","modified_gmt":"2025-12-09T10:25:31","slug":"what-is-a-social-engineering-attack","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/","title":{"rendered":"What is a Social Engineering Attack: Types and Prevention"},"content":{"rendered":"\n<p>The human factor contributes at least a little to every successful cyberattack. In many cases, it is even the main cause of the breach. You&#8217;ve probably seen a lot of similar headlines on&nbsp;the&nbsp;news&nbsp;recently:<br><\/p>\n\n\n\n<figure class=\"wp-block-image is-resized\"><img decoding=\"async\" src=\"https:\/\/lh5.googleusercontent.com\/2pgDBJzuaI3--givTGMnGclFAgXwrmlgrtCKbC4Urgl-IBiktVM9YHIa4fcMZo6o930lMI2shEAf0D18ZbsL4hGalJMKtqOEsSs90wrIS_t3Lc5Ubo4DRXL0-aOMPmq9cpNdUSCLDDn2460d7KxYMCy5kslhxXjSipH1opMJiKCcyIUrcg1N7DpNlO3KcA\" alt=\"Social Engineering attack in twitter\" style=\"width:400px;height:329px\"\/><\/figure>\n\n\n\n<p>Here\u2019s another one:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/twitter.com\/TechCrunch\/status\/1556641844267810816\n<\/div><\/figure>\n\n\n\n<p>And another one:<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/twitter.com\/BleepinComputer\/status\/1571865223744684033\n<\/div><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Despite all the super-sophisticated technology that attackers now have at their disposal, social engineering attacks are still an integral \u2014 and arguably the most reliable \u2014 driver behind hacking.<br><\/p>\n\n\n\n<p>In fact, CISCO has <a href=\"https:\/\/umbrella.cisco.com\/info\/2021-cyber-security-threat-trends-phishing-crypto-top-the-list\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">found<\/a> that about 90% of breaches happen because of social engineering. Approximately 70% of all attacks are a combination of phishing and hacking. And the number of phishing attacks worldwide <a href=\"https:\/\/www.prnewswire.com\/news-releases\/top-cyber-security-experts-report-4-000-cyber-attacks-a-day-since-covid-19-pandemic-301110157.html\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">is growing<\/a> by as much as 400% year-over-year.&nbsp;<br><\/p>\n\n\n\n<p>But what does social engineering mean, exactly, and why do hackers prefer this approach over purely software-based attack vectors?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What is social engineering?<\/h2>\n\n\n\n<p>Social engineering can be defined as a way of psychologically manipulating people to perform certain actions. Usually, to disclose confidential information or install malware. Here are some quick examples of social engineering attacks:<br><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A fraudulent email containing a malicious attachment imitating an invoice<\/li>\n\n\n\n<li>An SMS from a bank about an ostensibly compromised account<\/li>\n\n\n\n<li>A fake login webpage that steals credentials<\/li>\n<\/ul>\n\n\n\n<p>By exploiting our cognitive biases like fear, familiarity or sense of urgency, attackers disarm us and lower our guard. Social engineering attempts are carefully designed to exploit built-in human biases, including but not limited to:<br><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Authority. <\/strong>Research <a aria-label=\" (opens in a new tab)\" href=\"https:\/\/psycnet.apa.org\/doiLanding?doi=10.1037%2Fh0040525\" target=\"_blank\" rel=\"noreferrer noopener\">showed<\/a> that we are more likely to believe an authority figure, regardless of the context. This is why scammers so often pose as regulators.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Friendship <\/strong>We usually trust people we like or know well. To take advantage of this, attackers may try to impersonate our acquaintances.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Fear of Missing Out. <\/strong>We tend to feel apprehensive when we think we are about to miss something that could make our life better. The scammers use this to create a sense of urgency and scarcity.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Intimidation. <\/strong>Attackers may use intimidation to control the victim. Techniques range from threatening to report wrongdoing to the manager to much nastier things.<\/li>\n<\/ul>\n\n\n\n<p>But there is another trait that often leads to security breaches. And in a corporate IT environment, it&#8217;s more common among people on certain teams: <strong>a lack of knowledge<\/strong>. Specifically \u2014 being a bit computer illiterate.<br><\/p>\n\n\n\n<p>If you are not aware that what you are doing is dangerous, it can create a false sense of security that will make you more gullible. That is why HR professionals and accountants are more likely to be <a href=\"https:\/\/any.run\/cybersecurity-blog\/phising-types-of-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"spear-phishing (opens in a new tab)\">spear-phishing<\/a> victims than programmers.<br><\/p>\n\n\n\n<figure class=\"wp-block-pullquote\"><blockquote><p>We are remarkably bad at detecting well-designed phishing attempts. One study showed that 97% of people can&#8217;t tell a well-planned phishing email from a real one.<\/p><\/blockquote><\/figure>\n\n\n\n<p>The idea of using psychological manipulation to exploit heightened emotions is probably as old as crime itself. <a rel=\"noreferrer noopener\" aria-label=\"ILOVEYOU malware (opens in a new tab)\" href=\"https:\/\/any.run\/cybersecurity-blog\/iloveyou\/\" target=\"_blank\">ILOVEYOU malware<\/a> was one of the first malicious programs to use social engineering and massive email spam campaigns. Unfortunately, we\u2019ve never learned how to avoid scams that great, especially on the internet.<br><\/p>\n\n\n\n<p>About 30% of recipients open phishing emails, one <a href=\"https:\/\/www.phishingbox.com\/assets\/files\/images\/Verizon-Data-Breach-Investigations-Report-DBIR-2016.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">study<\/a> claims, and roughly 40% of employees admit to engaging in unsafe online behavior, such as clicking on suspicious links from their workstation or downloading questionable files.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Here\u2019s how social engineering can impact your business&nbsp;<\/h2>\n\n\n\n<p>Security breaches have devastating consequences, especially in <a href=\"https:\/\/any.run\/cybersecurity-blog\/how-to-protect-hospitals-from-cyberattacks\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">healthcare<\/a>, where the cost of remediation has been the highest for any industry for several years in a row. Here are a few quick facts based on statistics that illustrate why social engineering is such a big threat:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh3.googleusercontent.com\/qFC7FhiJ7BP4sCjU581HBBpQARBqf-Y2aJjLKH6j8C2wBmsfgDo-ZuHmGYrMQ8CuKl6CZG22JDjyPGd4-jmdnZR0hWNFev4kzvGt8ZP4KkLTYq9AhjJYWDGPTJ9ael3MvncFhbf9p7p8eNlWfioAusasPN2Tg1y_pHKLDR_sp8MbGPyD6dFKLnuZpfojXg\" alt=\"Social Engineering in numbers\"\/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>Email may be the most used attack vector, but it\u2019s not the only one. Here are 12 techniques that hackers use:&nbsp;<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">12 types of social engineering attacks&nbsp;&nbsp;<\/h2>\n\n\n\n<p>You are probably familiar with phishing and spear phishing, but that\u2019s just the tip of the social engineering toolkit. Here are some more attack vectors that hackers use:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>12 Social Engineering Types<\/strong><\/h4>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Spam Phishing&nbsp;<\/strong><br>A widespread attack<br> that&nbsp;cajoles users<br> into disclosing <br>sensitive info<\/td><td><br><strong>Spear Phishing&nbsp;<\/strong><br>A targeted social<br> engineering attack <br>which is planned<br> meticulously around<br> one user<\/td><td><br><strong>Whaling<\/strong><br>A Spear Phishing attack<br> aimed at a celebrity<br> or a high&nbsp; government official<\/td><\/tr><tr><td><strong>Angler phishing<\/strong><br>Attackers impersonate<br> a brand on social<br> media in a DM<br> conversation.<\/td><td><br><strong>Search engine phishing<\/strong><br>A fake website<br> is placed at the top<br> of the search results<br> through ads or genuine SEO<\/td><td><strong>In-session phishing&nbsp;<\/strong><br>Website pop-ups attempt<br> to deceive or scare<br> users into performing an action<\/td><\/tr><tr><td><strong>Baiting<\/strong><br>A \u201ctoo good to be<br> true\u201d offer directing<br> to a fake or <br>infected webpage<\/td><td><br><strong>Physical breaches<\/strong><br>Crooks infiltrate<br> unauthorized areas<br> by posing <br>as someone with access rights<\/td><td><br><strong>Pretexting<\/strong><br>Bad actors impersonate<br> a brand or an authority<br> figure to gain trust<\/td><\/tr><tr><td><br><strong>Vishing and Smishing<\/strong><br>The same as<br> phishing, but done<br> in voice calls or<br> SMS messages respectively<\/td><td><strong>Scareware<\/strong><br>A malware that<br> uses scare tactics<br> to make you install<br> other malware<\/td><td><br><strong>URL phishing<\/strong><br>Links to compromised<br> websites are delivered<br> by email or with malicious ads<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">How to protect your business against social engineering?<\/h2>\n\n\n\n<p>While it&#8217;s true that some attacks are so well thought out that they&#8217;re nearly impossible to catch, most of them are actually pretty primitive. And attempts at social engineering hacks can be spotted from afar if you know what to look for. The problem is that many people don&#8217;t.<br><\/p>\n\n\n\n<p>According to one <a href=\"https:\/\/www.proofpoint.com\/sites\/default\/files\/gtd-pfpt-us-tr-state-of-the-phish-2020.pdf\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">study<\/a>, 90% of organizations do not provide cybersecurity training to their employees, and this is exactly the type of ignorance that attackers thrive on.<br><\/p>\n\n\n\n<p>By extension, holding security training seminars and raising awareness of the signs of phishing is the best countermeasure. But here are a few more ways organizations can boost security. You can reduce potential exposure with spam filters, <a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/any.run\/cybersecurity-blog\/what-is-cybersecurity-risk-and-how-to-avoid-it\/\" target=\"_blank\">manage risk<\/a> by restricting employee access to information, and drastically reduce the chance of malware infection by checking suspicious files and links with ANY.RUN malware sandbox.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Spam filters. <\/strong>About <a aria-label=\" (opens in a new tab)\" href=\"https:\/\/www.darkreading.com\/cloud\/25-of-phishing-emails-sneak-into-office-365-report\" target=\"_blank\" rel=\"noreferrer noopener\">1 in every 99 emails<\/a> is a phishing attack. It&#8217;s impossible to stop them all, but spam filters can reduce the number of phishing messages reaching your inboxes by about 85%.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>2FA<\/strong>. Scammers love to hunt for login credentials to gain unauthorized access. Having two-step verification on multiple devices will stop them, unless they somehow manage to get hold of the secondary authentication gadget.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Restricting access to information. <\/strong>Establish and enforce policies around accessing data. Make sure your user base isn&#8217;t just floating around in some analytics software, where anyone can view it.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Cross referencing information. <\/strong>For example, if you receive an email with an unexpected invoice, verify its authenticity by calling the company that supposedly sent it.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Using ANY.RUN to rule out phishing attempts.<\/strong> The<a aria-label=\" ANY.RUN interactive malware sandbox  (opens in a new tab)\" href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=socialeng&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\"> ANY.RUN interactive malware sandbox <\/a>can automatically analyze any file or link and tell you if it&#8217;s malicious. Also, you can use it to view network traffic and find out what information hackers are after and where they\u2019re transmitting\u00a0it\u00a0to.\u00a0<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Using ANY.RUN to stop social engineering attempts<\/h2>\n\n\n\n<p>Let&#8217;s look at how we can use ANY.RUN to detect malicious emails and URLs, illustrated with a couple of real-life examples of social engineering attacks.<br><\/p>\n\n\n\n<p><strong>Identifying a fake Microsoft login page<\/strong><\/p>\n\n\n\n<p>Creating a fake website that masquerades as a login portal of an established brand is an effective way to steal credentials. Forget to cross-check authenticity, and your details are already in the hands of the crooks.<br><\/p>\n\n\n\n<p><a href=\"https:\/\/app.any.run\/tasks\/56377eed-6286-4d09-9951-648e9aba4335\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=socialeng&amp;utm_content=task1\" target=\"_blank\" rel=\"noreferrer noopener\">In this sampe<\/a>, attackers have copied a Microsoft Office login page. After the user fills out the form and submits the login and password, thinking they\u2019re about to sign into their Microsoft account, what really ends up happening is that the data is sent over to the hackers. To make sure no tracks are left, the fake portal then redirects to the real Microsoft website. This scheme is extremely easy\u00a0to\u00a0fall for.<br><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh4.googleusercontent.com\/pWiE9SMu1ik4g8rXf48yLK7kLcSGfDmjgbDWPYLLnm_cKZWoLOFrdZf1sgz3rCp3zix4bEKqOCCHtThAEzdCHcwDHXIdu5zAxU7gRTIXsFcCVuXs2UJ1Xs8Wo0nh-I1ljGsk0OilmJVkUh14a8GHqKnghaHUHEvEjZUBGxjy8I7W6rTlmF-e9OXk-zl7ng\" alt=\"fake Microsoft Office login page\"\/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>But it\u2019s also easily avoidable if you\u2019re using ANY.RUN. Because our service is interactive, you can fire up a new sandbox and complete the suspicious form, as if you were using a real PC. Just make sure to type some gibberish into the fields. After clicking on the \u2018Next\u2019 button, the sandbox detects an outgoing request that passes login information to a shady server. Then a warning about &#8220;malicious activity&#8221; appears in the upper right corner. And by enabling the MITM Proxy, we can even see what information the attackers were trying to steal.<br><\/p>\n\n\n\n<p><strong>Checking malicious email attachments<\/strong><\/p>\n\n\n\n<p>About 90% of hacks use malicious emails to breach the system. This is the phishing attack vector that you will have to deal with most often. Luckily, it&#8217;s easy to defend against it by checking attachments with ANY.RUN.<br><\/p>\n\n\n\n<p><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/app.any.run\/tasks\/407ad04a-03db-4e6b-8857-1b7a8d516a1d\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=socialeng&amp;utm_content=task2\/\" target=\"_blank\">In this example<\/a>, we\u2019ve received a spear phishing email which contains an infected archive. Download it without checking, and our system will be compromised with an Agent Tesla trojan the moment we click on it. So, let\u2019s run it through ANY.RUN instead.<br><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"947\" height=\"501\" src=\"\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/image-e1669709418224.png\" alt=\"A spear phishing email\" class=\"wp-image-4109\" srcset=\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/image-e1669709418224.png 947w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/image-e1669709418224-300x159.png 300w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/image-e1669709418224-768x406.png 768w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/image-e1669709418224-370x196.png 370w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/image-e1669709418224-270x143.png 270w, https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2022\/12\/image-e1669709418224-740x391.png 740w\" sizes=\"(max-width: 947px) 100vw, 947px\" \/><\/figure>\n\n\n\n<p>With <a href=\"https:\/\/any.run\/?utm_source=anyrunblog&amp;utm_medium=article&amp;utm_campaign=socialeng&amp;utm_content=landing\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"ANY.RUN malware sandbox (opens in a new tab)\">ANY.RUN malware sandbox<\/a>, we can open the letter, and interact with its attachments, which contain executable files of the trojan. We can also view the config file, and see the nested malware. A free account allows us to complete all analysis steps, and collect MITRE ATT&amp;CK indicators. The analyst can safely execute the malware in the virtual sandbox and the whole process only takes a couple of minutes. And once the malware runs, ANY.RUN automatically flags it as Agent Tesla.&nbsp;<br><\/p>\n\n\n\n<p>In both examples, we checked suspicious content before trusting it and interacting with it on the main system. This is a crucial habit to adopt. But it&#8217;s still not realistic to clear every file you receive or analyze every existing URL for fraud. So how do we know what&#8217;s worth scrutinizing and what isn&#8217;t?<br><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Here are a few pointers:&nbsp;<br><\/h4>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Bad grammar. <\/strong>Poorly executed phishing campaigns will be laden with spelling errors and botched grammar.<\/li>\n\n\n\n<li><strong>Unexpected correspondence.<\/strong> Did you receive an invoice that you didn\u2019t expect at all? There\u2019s a good chance it\u2019s fraudulent.\u00a0<\/li>\n\n\n\n<li><strong>Heightened emotions. <\/strong>Check yourself for signs of FOMO or fear. Attackers usually play on urgency and intimidation to get you to lower your guard.<\/li>\n\n\n\n<li><strong>Is it too good to be true? <\/strong>Then it probably is. Check before proceeding with it further.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Wrapping up<\/h2>\n\n\n\n<p>Social engineering is unlikely to ever stop working. As honest people, we all tend to trust what we see rather than suspect something is wrong around every corner. Attackers know this too, and take advantage of our decency in elaborate phishing campaigns.<br><\/p>\n\n\n\n<p>That said, there are many ways to reduce the risk of falling victim to such scams \u2014 proper online hygiene is at the top of the list, as is making sure the content we interact with is safe before trusting it completely.<br><\/p>\n\n\n\n<p>Be vigilant on the web, clear suspicious links and files with ANY.RUN, and, most importantly, stay&nbsp;safe online!&nbsp;<br><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Questions and answers (Q&amp;A)&nbsp;<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What is social engineering attack?<\/strong><\/li>\n<\/ul>\n\n\n\n<p>In cybersecurity, a social engineering attack is an attempt to use psychological manipulation to breach a secure system or perform a malicious action.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What is the best countermeasure against social engineering?<\/strong><\/li>\n<\/ul>\n\n\n\n<p>People with limited computer knowledge fall victim to social engineering most often, so raising awareness about types and dangers of phishing is the best countermeasure. Another important defense line is creating a policy of checking suspicious content you engage with it.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>How do social engineering attacks happen?<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Having studied the victim, attackers make contact and gain trust. They then coax the victim into committing a compromising act. Finally, they back off and cover their tracks. The entire process can take months or happen in a single email.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What social engineering principle frightens and coerces a victim by using threats?<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Intimidation. Attackers can intimidate the victim by threatening to lose their job or using incriminating data that they may have previously collected using spyware.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>How to protect against social engineering attacks?\u00a0<\/strong><\/li>\n<\/ul>\n\n\n\n<p>You can protect yourself against social engineering by staying vigilant, double-checking information before trusting it, using antivirus software, and sandboxing suspicious files or links.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The human factor contributes at least a little to every successful cyberattack. In many cases, it is even the main cause of the breach. You&#8217;ve probably seen a lot of similar headlines on&nbsp;the&nbsp;news&nbsp;recently: Here\u2019s another one: And another one: Despite all the super-sophisticated technology that attackers now have at their disposal, social engineering attacks are [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":4095,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[10,63],"class_list":["post-4080","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-lifehacks","tag-cybersecurity","tag-phishing"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.10 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is a Social Engineering Attack: Types and Prevention<\/title>\n<meta name=\"description\" content=\"Social engineering attacks are a leading cause of security breaches. But why do they happen so frequently and how can we protect ourselves from them?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ANY.RUN\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/\"},\"author\":{\"name\":\"ANY.RUN\",\"@id\":\"https:\/\/any.run\/\"},\"headline\":\"What is a Social Engineering Attack: Types and Prevention\",\"datePublished\":\"2022-11-29T06:31:50+00:00\",\"dateModified\":\"2025-12-09T10:25:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/\"},\"wordCount\":2027,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"keywords\":[\"cybersecurity\",\"phishing\"],\"articleSection\":[\"Cybersecurity Lifehacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/\",\"name\":\"What is a Social Engineering Attack: Types and Prevention\",\"isPartOf\":{\"@id\":\"https:\/\/any.run\/\"},\"datePublished\":\"2022-11-29T06:31:50+00:00\",\"dateModified\":\"2025-12-09T10:25:31+00:00\",\"description\":\"Social engineering attacks are a leading cause of security breaches. But why do they happen so frequently and how can we protect ourselves from them?\",\"breadcrumb\":{\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybersecurity Lifehacks\",\"item\":\"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"What is a Social Engineering Attack: Types and Prevention\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN&#039;s Cybersecurity Blog\",\"description\":\"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.\",\"publisher\":{\"@id\":\"https:\/\/any.run\/\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/any.run\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"url\":\"https:\/\/any.run\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"contentUrl\":\"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg\",\"width\":1,\"height\":1,\"caption\":\"ANY.RUN\"},\"image\":{\"@id\":\"https:\/\/any.run\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/www.any.run\/\",\"https:\/\/twitter.com\/anyrun_app\",\"https:\/\/www.linkedin.com\/company\/30692044\",\"https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/any.run\/\",\"name\":\"ANY.RUN\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/any.run\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g\",\"caption\":\"ANY.RUN\"},\"url\":\"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is a Social Engineering Attack: Types and Prevention","description":"Social engineering attacks are a leading cause of security breaches. But why do they happen so frequently and how can we protect ourselves from them?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/","twitter_misc":{"Written by":"ANY.RUN","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#article","isPartOf":{"@id":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/"},"author":{"name":"ANY.RUN","@id":"https:\/\/any.run\/"},"headline":"What is a Social Engineering Attack: Types and Prevention","datePublished":"2022-11-29T06:31:50+00:00","dateModified":"2025-12-09T10:25:31+00:00","mainEntityOfPage":{"@id":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/"},"wordCount":2027,"commentCount":1,"publisher":{"@id":"https:\/\/any.run\/"},"keywords":["cybersecurity","phishing"],"articleSection":["Cybersecurity Lifehacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/","url":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/","name":"What is a Social Engineering Attack: Types and Prevention","isPartOf":{"@id":"https:\/\/any.run\/"},"datePublished":"2022-11-29T06:31:50+00:00","dateModified":"2025-12-09T10:25:31+00:00","description":"Social engineering attacks are a leading cause of security breaches. But why do they happen so frequently and how can we protect ourselves from them?","breadcrumb":{"@id":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/any.run\/cybersecurity-blog\/what-is-a-social-engineering-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/any.run\/cybersecurity-blog\/"},{"@type":"ListItem","position":2,"name":"Cybersecurity Lifehacks","item":"https:\/\/any.run\/cybersecurity-blog\/category\/lifehacks\/"},{"@type":"ListItem","position":3,"name":"What is a Social Engineering Attack: Types and Prevention"}]},{"@type":"WebSite","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/","name":"ANY.RUN&#039;s Cybersecurity Blog","description":"Cybersecurity Blog covers topics for experienced professionals as well as for those new to it.","publisher":{"@id":"https:\/\/any.run\/"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/any.run\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/any.run\/","name":"ANY.RUN","url":"https:\/\/any.run\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","contentUrl":"https:\/\/any.run\/cybersecurity-blog\/wp-content\/uploads\/2020\/08\/ANYRUN-Icon.svg","width":1,"height":1,"caption":"ANY.RUN"},"image":{"@id":"https:\/\/any.run\/"},"sameAs":["https:\/\/www.facebook.com\/www.any.run\/","https:\/\/twitter.com\/anyrun_app","https:\/\/www.linkedin.com\/company\/30692044","https:\/\/www.youtube.com\/channel\/UCOgCPho7lzmH7m6fPNlukrQ"]},{"@type":"Person","@id":"https:\/\/any.run\/","name":"ANY.RUN","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/any.run\/","url":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c4ce3a6c672056b4a8cd6b0110782215?s=96&d=mm&r=g","caption":"ANY.RUN"},"url":"https:\/\/any.run\/cybersecurity-blog\/author\/a-bespalova\/"}]}},"_links":{"self":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4080"}],"collection":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/comments?post=4080"}],"version-history":[{"count":4,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4080\/revisions"}],"predecessor-version":[{"id":17288,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/posts\/4080\/revisions\/17288"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media\/4095"}],"wp:attachment":[{"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/media?parent=4080"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/categories?post=4080"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/any.run\/cybersecurity-blog\/wp-json\/wp\/v2\/tags?post=4080"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}