How to defend yourself against a social engineering attack

The art of manipulating people to give up confidential information is not new. It’s just that there are new methods of manipulation including something called a ‘social engineering attack’!

Regardless of the method, all social engineering attacks take advantage of our natural instinct to trust people. It’s much easier for cyber criminals to trick someone into giving out their password or bank account details than it is to hack all the systems required to obtain the same information.

The key to protecting yourself is to know who and what to trust.

Take a new and critical look at the emails you receive and watch for the following red flags:


  • Is the email from someone you don’t have a working relationship with?
  • Is the sender from an organisation you don’t personally have dealings with, even though others in your workplace do?
  • If you know the sender, is it out of character for them to send a message of this nature?
  • Is it usual for the sender to include embedded hyperlinks or attachments in their email?


  • Was the email sent to a group of people you don’t know?
  • Was it sent to people you do know, but the mix is unusual? For example, everyone’s surname begins with ‘S’.


  • Has the email arrived at an unusual time? For example, it’s time stamp says 12.30 am but you know the colleague who sent it is not a
    night owl.


  • Is the subject mismatched with the message?
  • Is the topic irrelevant to you?


  • Is the email poorly written, with spelling and grammatical errors?
  • Does it invite you to click a hyperlink or open an attachment?
  • Does the message seem illogical or nonsensical?
  • Is the topic of the message inappropriate or irrelevant to you?
  • Does the email ask me to look at something compromising or embarrassing to myself or others?


  • When you hover your mouse over any hyperlinks, is the link-to address different to that which is written in the email?
  • Is the hyperlink the only content in the message?
  • Is the business name in the hyperlink spelt correctly?


  • Does it make sense to have an attachment as part of the email?
  • Were you expecting the attachment to be sent?

Slow down

Think carefully about what you’ve received and the steps it’s asking you to take. If an email looks suspicious it probably is. Do your research and don’t be afraid to reject requests. Set your spam filters to high. Beware the download. Curiosity leads to careless clicking. Don’t be tempted. Not once. Not at all.

If you need any assistance with your cyber strategy or you don’t know where to start please call us on  1300 478 738 or email us at

Contact Us

This field is for validation purposes and should be left unchanged.

Find out how we can help with your IT challenges.

About the author:

Picture of Ash Klemm

Ash Klemm

Ash has over 20 years of experience in sales and marketing. His journey from a casual salesperson at Chandlers to State Manager at a national IT distribution company, while battling health issues, including a double lung transplant in 2015, gave him the experience, know-how, tenacity, and marketing insight, to find solutions and help businesses grow. After spending several years in the ivory tower of state management, Ash missed the genuine connection of face to face meetings and helping make a difference to businesses in need. His authentic, conversational, and easy-going nature helps our customers feel at ease and shows them we are a brand to trust. Ash spends his days advocating for our customers to ensure they receive the best possible service in a timely fashion. Ash is also the in house chair builder. His curiosity and natural problem-solving ability make him the perfect first call for all our new customers to help determine what is wrong, how Surety IT can help and what the best solutions are moving forward.
Scroll to Top