1. Home
  2. /
  3. Knowledge bank
  4. /
  5. Social engineering: How to prevent attacks on your company

Social engineering: How to prevent attacks on your company

Social engineering is an attack method where attackers manipulate people instead of systems to gain access to sensitive information. Instead of hacking in, they exploit human behaviours such as trust, stress and respect for authority. Common techniques include fake IT support calls, phishing emails and creating chaos to pressure quick decisions.

In this article, we go through what a modern social engineering attack might look like, why these attacks are increasing, and what your company can concretely do to build a stronger defence: a human firewall.

The New Attack: From Overloaded Inbox to Full Access

We've all received them. More or less convincing emails urging action. Log in, send card details, click here. The goal is always the same, to manipulate the recipient into divulging information that grants access to your company.

But today's threat landscape is more sophisticated and attacks are evolving beyond the classic "Click the link" setup. This is an example of a three-step scam scenario that creates chaos and confusion which threat actors can exploit:

Step 1: Create chaos and stress.

The attacker doesn't start with a phishing email. Instead, they use the employee's email to spam the victim's inbox with hundreds of subscriptions and newsletters. The inbox becomes unusable and the employee becomes stressed.

Step 2: Pose as the solution.

In the midst of the chaos, the victim is contacted by "IT support" via a professionally designed, but fake, Teams account. The attacker offers to help with the spam problem they themselves have caused.

Step 3: Exploit the willingness to get help.

The stressed employee, grateful for the assistance, is tricked into giving the attacker remote access to their computer using a built-in, legitimate tool such as "Quick Assist." No suspicious files need to be downloaded.

The result is that the attacker gains complete control of the computer, can steal data, install permanent backdoors, and move laterally within the network.

With better technical security solutions in place, the attackers' focus shifts to your employees.

The Psychology Behind the Attack: Why Does Social Engineering Work So Well?

There are several reasons why these attacks are so successful and why they are increasing right now. Partly, it is because many companies have begun to realise the risks that neglected cybersecurity entails. With better technical security solutions in place, the attackers' focus shifts to your employees.

The attackers know which human vulnerabilities to press to get a reaction. This can include:

  • Authority. They pretend to be someone authorised to help, such as IT support, or demand something as a manager.
  • Urgency and stress. By creating a problem, such as an overloaded inbox in this case, a feeling that it must be resolved immediately is created.
  • Trust. Our innate willingness to trust and collaborate with colleagues is exploited. A high-trust culture is a strength that can become a vulnerability.

Here, everyone becomes a target. It's not just about tricking the finance department. Even employees without high permissions can be manipulated to give away small pieces of information that collectively open the door for a larger attack.

It's about more than an annual training and memorised rules; it's about long-term culture building.

Protect your company against social engineering: build a human firewall

This requires a concrete, structured action plan for how companies can strengthen their defence against social engineering. It's about more than annual training and memorised rules; it's about long-term culture building. Here are some questions to start with:

  • Attitudes. How do employees feel about security? Do they see it as relevant to their job?

  • Behaviours. What visible actions do they take to protect information? Do they lock their computer, dare to question strange emails?
  • Cognition. Do they understand the threat landscape, risks, and why protective measures exist?
  • Communication. How effectively is security information shared? Is it easy to report incidents?
  • Compliance. How well are established rules and policies followed?
  • Norms. What is the "normal" behaviour in a team? Is it acceptable to be careless or is thoroughness expected?
  • Responsibility. How clear is it who is responsible for what regarding information security?

The role of leadership in countering social engineering

It's okay not to have answers to all questions today. But it's time to start thinking. Leadership plays a crucial role here. Security cannot be fully delegated to the IT department. Management's commitment and visible support are cornerstones of a strong security culture. A culture where questioning and reporting suspicious events is appreciated, without fear of making mistakes or causing disruption.

The goal is to make this secure behaviour a natural and expected part of employees' everyday lives. Attackers see them as their greatest opportunity. Make sure to turn them into your strongest defence. Invest in your culture today, before attackers exploit it tomorrow.

5 common questions and answers about social engineering

  • What is social engineering in IT security?
    Social engineering is a manipulation where attackers exploit human behaviours, such as trust, stress or respect for authority, to trick employees into divulging information or granting access to systems.
  • How does social engineering differ from phishing?
    Phishing is a type of social engineering that occurs via email. Social engineering is the broader term and can also happen via, for example, phone, SMS, Teams or physical meetings.
  • Why are social engineering attacks increasing?
    When companies invest in better technical protections, attackers instead target the human factor. Employees become the new attack surface.
  • How do you protect your company against social engineering?
    By building a security culture with clear routines, continuous training, open communication and leadership that prioritises and highlights security issues.
  • Which employees are most vulnerable to social engineering?
    Everyone can be a target. Even employees without high permissions can be manipulated into giving away information that opens the door for larger attacks.
Read more about our security offer and book a consultation here
En person i grå hoodie ler medan hen tittar på en mobiltelefon utomhus.

Subscribe to our newsletter!

Så behandlar Nordlo dina personuppgifter och använder cookieliknande teknik

Vi på Nordlo Group AB kommer att behandla den information du tillhandahåller för att svara på din förfrågan och för att tillhandahålla marknadsföringsinformation. Vi använder också informationen för att identifiera dina intressen för att anpassa vår kommunikation till dig.

När vi skickar nyhetsbrev använder vi även cookies och personuppgifter för att förbättra våra epostmeddelanden. Vi gör detta genom att analysera information om din IP-adress och information om interaktioner med våra nyhetsbrev.

Genom att klicka på "skicka" samtycker du till vår behandling av dina personuppgifter för ovanstående ändamål. Att ge ditt samtycke är alltid frivilligt, och du kan när som helst återkalla ditt samtycke genom att kontakta oss på info@nordlo.com. Du har även flera andra rättigheter, t.ex. rätten att få tillgång till de personuppgifter vi behandlar om dig och rätten att invända mot anpassningen av vår kommunikation.

Läs mer i vår integritetspolicy och vår cookiepolicy.

Related articles

Blog
Security

Stolen data: How to protect yourself after a cyberattack

Read more
Blog
Digital business development
Security

AI in cyberattacks: What does it mean for you as an IT manager?

Read more
Blog
Manufacturing industry and logistics
Cloud and infrastructure

Cloud strategy for industry and logistics: Create control in a connected reality

Read more
All knowledge entries

This website uses cookies and personal data

When you visit https://nordlo.com, we at Nordlo Group AB use cookies and your personal data. Some cookies and some processing of personal data are necessary, while you choose whether to consent to others. You make your choice below. Your consent is entirely voluntary.

You have certain rights, such as the right to withdraw your consent and the right to lodge a complaint with a supervisory authority. Read more in our cookie policy and our privacy policy.

Manage your cookie-settings

Cookies and personal data that we use for analysis

Check to consent to the use of Cookies and personal data that we use for analysis

To analyse how you use our website, we use cookies from Google and HubSpot's analytics service. We also process your personal data, e.g. your encrypted IP address, your geographical location and other information about how you use the website. 

Cookies and personal data that we use for marketing

Check to consent to the use of Cookies and personal data that we use for marketing

We use cookies and your personal data to display relevant marketing and to follow up on such marketing when you visit other websites or social media. We do this with the aid of Google, Facebook, HubSpot and LinkedIn. The personal data that we process for marketing purposes include your IP address, information about how you use the website and information that these services already have about you.  

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data