Back to Knowledge BaseSecurity & Passwords

    How to Recognise Social Engineering Attacks

    6 min read
    Updated 26 January 2026

    What Is Social Engineering?

    Social engineering is when criminals manipulate people instead of hacking computers. They trick you into giving them passwords, money, or access to systems. These attacks work because they exploit trust and human nature.

    Types of Social Engineering Attacks

    Pretexting

    The attacker creates a fake story (pretext) to gain your trust.

    Example scenarios:

    • "I'm calling from your bank's fraud department about suspicious activity"
    • "This is IT support, we need your password to fix an urgent issue"
    • "I'm the new employee and I've locked myself out, can you let me in?"
    Warning signs:
    • Unsolicited contact asking for sensitive information
    • Pressure to act quickly
    • Stories that seem plausible but cannot be verified

    Baiting

    Offering something enticing to get you to take action.

    Example scenarios:

    • USB drives left in car parks labelled "Salary Information"
    • Free downloads that contain malware
    • "You've won a prize" messages
    Warning signs:
    • Offers that seem too good to be true
    • Unknown USB drives or devices
    • Pressure to download or open something

    Tailgating (Piggybacking)

    Following authorised people through secure doors or checkpoints.

    Example scenarios:

    • Someone carrying boxes asks you to hold the door
    • A person in a delivery uniform follows you in
    • Someone claims their access card is broken
    Warning signs:
    • People you do not recognise trying to enter
    • Requests to bypass normal security procedures
    • Reluctance to wait for proper authorisation

    Quid Pro Quo

    Offering a service in exchange for information.

    Example scenarios:

    • "I'm from IT, I can fix your slow computer if you give me your login"
    • Fake surveys offering gift cards for personal information
    • Technical support that requires remote access to help you
    Warning signs:
    • Unsolicited offers of help
    • Requests for credentials or remote access
    • Offers that require you to share sensitive information

    Vishing (Voice Phishing)

    Phishing attacks conducted over the phone.

    Example scenarios:

    • "This is the ATO, you owe back taxes and will be arrested if you don't pay now"
    • "Your Microsoft account has been hacked, we need to secure it"
    • "This is your bank, we've detected fraud on your account"
    Warning signs:
    • Calls creating fear or urgency
    • Requests for personal information or passwords
    • Pressure to stay on the line and not verify with anyone

    How to Protect Yourself

    Verify Identity

    Before sharing any information:

    • Ask for the caller's name and department
    • Hang up and call back using a known, official number
    • Do not use any number they provide
    • Check with your manager or IT if unsure

    Question Unusual Requests

    Be suspicious of requests that:

    • Are urgent or time-sensitive
    • Ask you to bypass normal procedures
    • Request passwords or sensitive data
    • Come from unexpected sources

    Trust Your Instincts

    If something feels wrong, it probably is.

    • Legitimate organisations understand if you need to verify
    • Real IT support will never ask for your password
    • Banks do not call demanding immediate payment
    • Take time to think, even when pressured

    Verify In Person

    For physical security:

    • Do not let unknown people follow you through secure doors
    • Ask unfamiliar faces to show their access card
    • Report people who seem out of place
    • Never share access cards or codes

    What to Do If You Suspect an Attack

    During the Interaction

    • Stay calm and polite
    • Do not provide any information
    • Tell them you need to verify and will call back
    • End the interaction if they become aggressive

    After the Interaction

    • Report it to IT immediately
    • Write down details of what happened
    • Do not feel embarrassed - these attacks are sophisticated
    • If you shared any information, report it right away

    Remember

    Social engineering targets people, not computers. Anyone can be targeted, regardless of how tech-savvy they are. The best defence is awareness and always verifying before trusting.

    Need Help?

    To report suspicious activity or if you think you may have been targeted, contact helpdesk@netlumait.com.au or call 1300 521 162.

    Was this article helpful?

    Still Need Help?

    If you are still having trouble, our support team is here to help.

    Email HelpdeskCall 1300 521 162

    Related Articles

    How to Reset Your Microsoft 365 Password

    4 min read

    How to Set Up Two-Factor Authentication (2FA)

    5 min read

    How to Spot Phishing Emails

    5 min read

    Browse Other Categories

    Email & CalendarSecurity & PasswordsMeetings & CollaborationDevices & ConnectivityMicrosoft 365Mobile DevicesPrinting & ScanningRemote WorkFile Management & BackupCommon Error MessagesWindows TroubleshootingKeyboard, Mouse & PeripheralsGoogle Workspace