We value your privacy

We use cookies to enhance your browsing experience, serve personalised ads or content, and analyse our traffic. By clicking "Accept All", you consent to our use of cookies. Privacy Policy

Customise Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorised as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Social Engineering: Why Hackers Hack Humans (Not Just Systems)

by | May 14, 2025 | Article, Blog, Research

When we think of hackers, we picture lines of code, dark rooms, and digital backdoors. But what if the most vulnerable part of your organisation isn’t your firewall—but your team?

Enter social engineering—the art of manipulating people to give up confidential information or perform actions that compromise security. It’s not new, but it’s getting smarter, subtler, and more dangerous. 

What is Social Engineering?

Social engineering is a psychological attack. Rather than exploiting code, it exploits trust, curiosity, fear, or even kindness. The goal? To get someone to: 

  • Click a malicious link
  • Reveal login credentials
  • Authorise a bogus payment
  • Grant access to restricted systems

In other words, it turns employees into unknowing accomplices. 

Real-World Tactics 

Some examples of social engineering techniques that are thriving right now: 

  • Phishing emails that mimic real services like Microsoft, DocuSign, or even your own CEO.
  • Vishing (voice phishing) where attackers pose as IT support or bank reps over the phone.
  • Tailgating, where someone follows an employee into a restricted area by pretending to be “new” or “locked out.”
  • Pretexting, where an attacker builds a fake scenario (like pretending to be a supplier needing urgent access). 

Why It’s on the Rise

With hybrid work, people are juggling more platforms, devices, and distractions. Combine that with AI-generated emails and voice clones, and it’s no wonder that even security-savvy employees are falling for these tactics. 

In fact, according to recent reports:

  • 98% of cyberattacks rely on social engineering in some form
  • Human error is involved in 95% of security breaches 

How Can We Protect Against It? 

  • Build a Culture of Curiosity
    Encourage staff to question unexpected emails, calls, and requests, even if they appear to come from trusted sources.
  • Train Frequently (and Creatively!)
     Make security training engaging and regular. Use simulations, gamified quizzes, and real-world examples.
  • Encourage Reporting, Not Shame
     If someone clicks something suspicious, they should feel safe reporting it—not hiding it.
  • Limit Access and Privileges
     Minimise the damage an attacker can do by ensuring employees only have access to what they need. 

The most advanced security system in the world won’t stop an attacker who convinces your finance team to pay a fake invoice. That’s why human firewalls are just as important as digital ones.

Social engineering is a reminder that cybersecurity is a team sport—and every player counts.