Social Engineering Threats

NEX Level - Issue #2

Author

CyberNEX Technology
August 19, 2025

Issue #2: Social Engineering Threats

The Secret to Avoiding Scams………………………...

…………………Social Engineering Explained

We’ve all been there – that moment of hesitation, when something doesn’t feel quite right... then we push the thought aside. It could be a phone call, an email, or a text message that catches us off guard. We don't want to look foolish or admit we have been tricked. Social engineers know this and prey on our insecurities, using psychology more than technology to manipulate us. These scams work because they exploit our natural instincts to help, trust, and ultimately avoid embarrassment. But here’s the thing: falling for a scam doesn’t mean you are careless – it means the attacker did their job well. Let’s break down how to outsmart them before they get the chance.

We created this newsletter not just for you, but for those around you as well. We encourage you to share any part of it with family and friends, especially those who may not be familiar with cybersecurity. Criminals and scammers don’t discriminate - they’ll target anyone who leaves themselves vulnerable.

Issue #2: Protecting yourself from Social Engineering

The phone rings. The number looks official – it's local, and the caller ID says it’s your bank. You hesitate for a moment... but pick up. The voice on the other end is calm, professional, and immediately puts you at ease. “Hello. We’ve noticed some suspicious activity on your account,” they say. Your stomach tightens. They mention a transaction you don’t recognize, and a wave of panic washes over you. How did this happen?

The caller reassures you that everything will be fine. “We just need to verify a few things to secure your account.” You’re relieved that they’re on top of it, that they caught the fraud in time. You give them your account number when they ask. It’s a small request – after all, they already have it on file, right?

Then they ask for your security question answers. A brief flicker of doubt crosses your mind. Shouldn’t they already know this? But they’re so polite, so convincing, and you don’t want to sound paranoid. You reason that it’s for your own protection, so you go ahead and share the information. The call ends with them thanking you for your cooperation, promising the issue is resolved. You hang up, feeling a mix of relief and embarrassment for even worrying.

But then, later that day, you check your bank account – and the funds are gone.

It hits you all at once: you were scammed. In that moment of panic and pressure, you gave them everything they needed. Now, you’re left scrambling, trying to undo the damage that could’ve been avoided if only you’d paused and verified.

What is Social Engineering?

Social engineering is a form of hacking that relies not on breaking into systems but on manipulating people. It's a psychological attack where hackers trick you into handing over sensitive information, clicking malicious links, or granting access to accounts.

Imagine a con artist, but instead of money, they’re after your personal data or corporate secrets. It could happen over the phone, through email, or even in person. The tactics are designed to exploit trust and human error.

Social Engineering Attacks You Should Know

  • Phishing: You’ve probably heard of this one, but have your family members? Phishing is when attackers send deceptive emails or texts pretending to be someone you trust (like your bank or a well-known company) to steal sensitive information. They often include links that lead to fake websites or ask you to download harmful attachments

  • Vishing: This attack happens over the phone. Scammers pretend to be tech support, law enforcement, or even a family member in distress. They present a false story or scenario to manipulate you into giving up information and create a sense of urgency to trick you into providing information like credit card numbers or login credentials. To make the scenario even more believable, scammers are now using AI to mimic the voice of a family member in distress.

  • Smishing: Attackers send fraudulent text messages (SMS) to trick victims into revealing personal information or clicking on malicious links. These messages often appear to come from trusted sources, such as banks, delivery services, or well-known companies, creating a sense of urgency. Once the victim engages, they can unknowingly download malware or provide sensitive data directly to the attacker.

  • Baiting & QR Codes: In this attack, hackers leave “bait” – like a USB drive – in a public place. When a curious person picks it up and plugs it into their computer, malware is installed. It's an attack built on curiosity or the desire for a "freebie."

    Sometimes the bait is QR Stickers... or unsolicited packages. Criminals will send packages to unsuspecting victims. Inside the package, there’s no invoice or obvious sender information – just a small card with a QR code to find out who sent it. After the recipient scans the malicious QR code, they trigger malicious software to be downloaded onto the phone. This malware can give the attackers access to personal data, sensitive information, and even remote control over certain functions of the device.

  • Deepfakes: These hyper-realistic, digitally manipulated videos or images are created using artificial intelligence to replace one person's likeness with another's. They can be used to convincingly simulate someone saying or doing things they never did, making it difficult to distinguish between real and fake content. While deepfakes can be used for entertainment, they also pose significant risks for misinformation, fraud, and identity theft.

How to Protect Yourself and Your Loved Ones

Now that you know the tricks, here are some simple, actionable steps you and your family can take to stay safe from social engineering:

For People New to Cybersecurity (Family & Friends)

  • Be Suspicious of Unsolicited Communication: If you receive an unexpected email, call, or text from someone asking for personal information - take a moment before responding. Double-check the sender, and don’t click any links unless you’re certain of the source. If the call appears to come from a number you know, hang up and call the individual back from your contacts. If the scammer is spoofing the number, they won't want you to hang-up.

  • Verify, Verify, Verify: NEVER trust a request that demands immediate action. If someone claims to be from a company or institution, hang up or close the email and contact the organization directly using an official number or website.

  • Don’t Overshare: Personal information can be weaponized. Social engineers use information like your birth date, address, or even pet names (often security question answers) to trick you. Be cautious about sharing too much on social media. It's also a good idea for families to determine a code word for verification - but you must keep it secret.

For Cybersecurity Pros to Share

  • Teach the Basics: Encourage your family and friends to ask questions about things they don’t understand online. It’s better to be cautious than fall for a trap. Simple security tips like "check the sender's email address" or "hover over links before clicking" go a long way.

  • Update Regularly: Make sure everyone in your circle keeps their devices and software updated. A good hacker knows how to exploit outdated systems.

  • Talk About Scams: Social engineers are always coming up with new tactics. Make it a habit to talk to your family and friends about recent scams or attacks you've come across. They might not be up-to-date on cybersecurity news, so sharing what you know is helpful.

Additional Resources

<Want more information to share with family, friends, and coworkers? These handpicked resources will help you understand, avoid, and stay ahead of scammers — with actionable advice, case examples, and legal insight.>

  • CISA Guide to Social Engineering

    CISA’s guidance outlines how individuals and organizations can avoid social‑engineering attacks by recognizing warning signs, using precautions, and by reporting suspected incidents promptly. Why it’s useful: Phishing and social‑engineering remain major cyber‑threats, often succeeding via human error, and following these recommendations helps people reduce risk, thwart attackers, and respond effectively if compromised.

  • Phishing Infographic

    Visually explains how phishing works and offers clear prevention actions tied to CISA’s Cybersecurity Performance Goals to reduce susceptibility. Why it’s useful: It condenses real-world data and actionable advice into a clear, easily digestible format that organizations and individuals can use to educate their workforce and strengthen defenses against phishing threats.

  • Victim of Identify Theft?

    Centralized portal where identity theft victims can report fraud, receive a personalized recovery plan, and access ready‑to‑use checklists, sample letters, and step‑by‑step guidance to resolve and repair theft-related damage. Why it’s useful: Provides victims with a pre‑built, legally recognized Identity Theft Report and recovery roadmap - saving time, ensuring consistency in reporting, and giving practical tools to dispute fraudulent accounts, freeze credit, and restore credit and identity efficiently.

  • Darknet Diaries Podcast on Social Engineering

    Rachel Tobac, a renowned social engineer who never learned to code but draws on behavioral psychology and improv, shares stories of using her voice, charm, and phone‑spoofing tools to manipulate targets and successfully “hack” people and organizations. Why it’s useful: Listening to how Rachel blends psychological insight, real-world tactics, and social engineering techniques offers eye‑opening lessons on the human vulnerabilities attackers exploit - and practical context for improving awareness and defenses against similar threats.

Cocktail & Song Pairing

Every issue, we wind down with a curated cocktail and song — something to sip, something to vibe to, and maybe a little something to reflect on. This month’s pairing is inspired by the scammers and thieves we are working so hard to thwart.

Cocktail

A Thief in the Night

Smooth and mysterious, this cocktail blends bourbon, Averna, fresh lemon, and honey syrup for a rich, slightly sweet taste with a hint of citrus. Combine all ingredients in a shaker with ice, shake with the intensity of a scammer's pounding heartbeat once they realize you are on to them, and strain into a chilled glass. Garnish with a lemon twist to symbolize you souring their plan (then send us a pic!!)

  • 2 ounces bourbon

  • 1 ounce Averna (Sicilian amaro. It is becoming easier to get in the United States)

  • Juice from 1/4 lemon

  • 1/2 ounce honey syrup

Song

'Lies' by The Knickerbockers...

Lies, lies… you're tellin' me that you'll be true.

Lies, lies… that's all I ever get from you.

Tears, tears… I shed a million tears for you.”

Until NEX Time…

Thanks for joining us on this month’s journey to the NEX Level. We hope it left you a little smarter, a little sharper, and maybe even a little inspired to take action.

If you are hungry for more…

Check out our latest insights: quick reads, deep dives, and practical tips.

Discover the CyberNEX experience: see how we help teams like yours stay secure, compliant, and ahead of the game.

Until next time… stay curious, stay resilient, and keep leveling up!