BlogDefence23RD OCT 2023
AuthorErum Shaikh
11 min read

13 Tips to Outsmart Social Engineering Attacks Like a Pro

A feature picture of a group of cybersecurity experts sharing their tips to outsmart social engineering attacks.
BlogDefence23RD OCT 2023
11 min read

13 Tips to Outsmart Social Engineering Attacks Like a Pro

AuthorErum Shaikh
A feature picture of a group of cybersecurity experts sharing their tips to outsmart social engineering attacks.

Social engineering attacks are becoming increasingly common. Whether you're on your phone or checking an email, it can happen to anyone. But there is some good news. You can protect yourself with a few simple precautions. And what better way than to learn from pros who know a thing or two about how to outsmart social engineering attacks?

We have compiled the best security advice online from seasoned professionals.

And the best part? These tips can be followed by just about anyone.

Shall we begin?

Pro Tips to Outsmart Social Engineering Attempts

These 13 tips can help individuals and organizations in keeping social engineers away:

Bruce Schneier (Security Technologist)

Bruce Schneier is a fellow at the Berkman-Klein Center for Internet and Society at Harvard University,
Bruce Schneier / Image Source: Berkman-Klein Center for Internet and Society
Amateurs hack systems, professionals attack people

Cybersecurity expert Bruce Schneier warns against falling for emails that pressure you to act quickly, such as those claiming you have an urgent problem with your account. He says that most "people tend to believe what they read” when they should take a step back and reevaluate.

Lesson: Think twice about emails or other messages asking you to exercise an extraordinary sense of urgency.

Dr. Eric Cole (CyberSec Expert)

Dr Eric Cole is a renowned cybersecurity professional.
Dr. Eric Cole / Image Copyright: Shelly Au
We are sure you hear about Internet scams or stolen personal information on the daily – yet none of us ever think we’re the ones it is going to happen to

Cybersecurity consultant Dr. Eric Cole advises caution when entering financial information online. Some malicious websites can mimic legitimate ones, stealing your data.

Lesson: Never give out your credit card or any other financial information online without verifying the website is legitimate.

Kevin Mitnick (The World's Most Famous Hacker)

Kevin Mitnick is the world's most famous hacker.
Kevin Mitnick / Image Credits: Dan Taylor/Heisenberg Media
You can try to confirm your suspicions by hovering your mouse over the hyperlinks to see where they’d lead. If the URL that pops up is from a different website than what the email claims, or it contains misspellings of a known site, that’s a “big red flag”.

Kevin Mitnick, inarguably the most famous hacker turned security consultant, has a simple rule. Never click links or download attachments from unknown sources lest they infect your device with malware.

Lesson: Be wary of suspicious links or attachments in emails or messages.

Robert Herjavec (Business Leader)

A thorough cybersecurity professional, Robert Herjavec has enjoyed an illustrious career.
Robert Herjavec / Image Credits: David A. Grogan/CNBC
85% of all cybercrime across the world happens through email

Entrepreneur Robert Herjavec advises caution if strangers contact you out of the blue. Especially those after your personally identifiable information (PII).

Lesson: Always be aware of the method of communication used by strangers, especially when they request personal information. The best way to deal with them is to ignore them.

Lisa Bock (Security Ambassador)

Lisa Bock is a cybersecurity educator.
Lisa Bock / Image Source:
Cyber criminals are using methods that are more refined to get you to click on a link, or go to a website.  They have done their research, and identified their targets from a company directory to ensure a more successful exploit

Educator Lisa Bock says that online threats are evolving all the time. A firm with measures in place for encryption-based ransomware may find itself unprepared for a different attack vector. This could even be an official-looking email that contains a link to launch an internal Denial of Service (DoS) attack.

Lesson: With new threat vectors being discovered constantly, it is best to backup and store sensitive files in a remote storage facility to minimize data loss.

Troy Hunt (MVP for Developer Security)

Troy Hunt works for Microsoft and has advised on cybersecurity matters for developers.
Troy Hunt / Image Source:
Why are social engineering attacks so successful? It isn’t because people are stupid or lack common sense. But we, as human beings, are all vulnerable to being deceived because people can misplace their trust if manipulated in certain ways

Microsoft's Troy Hunt suggests staying informed about common social engineering scams, such as those offering large sums of money in exchange for a small upfront payment.

Lesson: Knowledge is half the battle. Get familiar with common scams like WhatsApp scams.

Jonathan Oberheide (Startup Advisor)

Jon Oberheide has consulted for many companies, offering them cybersecurity advice.
Jon Oberheide / Image Source:

Jon (Jonathan) Oberheide, co-founder of Duo Security, is a major proponent of Fast Identity Online (FIDO), an open standard for passwordless authentication. These authentication methods ditch the password in exchange for biometric information (such as facial recognition or fingerprint).

Lesson: Instead of relying on passwords, adopt passwordless authentication like passkeys and FIDO wherever applicable.

Chris Hadnagy (Creator of the First Social Engineering Framework)

Chris Hadnagy is a famous security professional and author.
Chris Hadnagy / Image Source:
Can you send out an email that says, “Hey, here’s what the COVID phish of the day looks like?" Just something to keep them aware of what’s happening. And that, at least, could save some folks from falling for these attacks

Social engineering expert Chris Hadnagy believes that even a basic email about cybersecurity education can do wonders for you and your organization.

Lesson: For small operations with limited budgets, a weekly or monthly security awareness email can significantly reduce the likelihood of phishing scams.

Raj Samani (Chief Scientist @ McAfee)

A security professional from McAfee, Raj Samani has extensive experience in the field of cybersecurity.
Raj Samani / Image Source: McAfee
Scammers ask you to pay money or give them your bank account details to help them transfer the money

Some cybercriminals can send phishing emails or even calls while impersonating someone you know. McAfee Fellow Raj Samani advises confirming their contact information with an official directory to ensure they are who they claim to be.

Lesson: If you receive an email with strange URLs from someone you know, do not click it. Instead, look up their number in an official phone directory and confirm their identity over a call.

Lorrie Cranor (Distinguished Professor)

Lorrie Cranor teaches subjects related to security and privacy technologies at WIT Pittsburgh.
Lorrie Cranor / Image Source: WIT Pittsburgh
Everyone hates passwords, but no matter how much we hate them, text passwords are here to stay

Professor Lorrie Cranor and her fellow researchers unanimously agree that weak passwords can leave your online accounts vulnerable to hacking. But with some human ingenuity, people can develop stronger and easier-to-recall passwords.

Lesson: Protect your online accounts with strong passwords, pairing them with a multi-factor authentication method for the best results.

Mikko Hyppönen (Angel Investor)

Mikko Hyppönen is a Finnish angel investor and cybersecurity expert.
Mikko Hyppönen / Image Source: LinkedIn
Faxes are great when e-mail doesn’t work. I wouldn’t be throwing them away

Cybersecurity expert Mikko Hyppönen advises not throwing alternative communication channels like fax away. About computers, he says that "they’ve brought us so much more productivity and we are so much more efficient with computers, but we still should be able to continue operating the most critical parts of our operation when computers fail."

Lesson: Cybercriminals can't account for everything. It is important to design alternative disaster recovery plans that don't rely on the most common hardware, software and processes needed for business continuity.

Joseph Steinberg (Journalist)

Joseph Steinberg is a cybersecurity, privacy, and Artificial Intelligence (AI) expert.
Joseph Steinberg / Image Source:
Businesspeople of all types need to understand what cyber-threats they are likely to face, and how to protect themselves from falling prey to various common forms of social-engineering and technical attacks

Cybersecurity expert Joseph Steinberg recommends cybersecurity awareness training programs for employees to recognize and avoid social engineering attacks to help prevent breaches.

Lesson: Implement employee training programs to help educate staff on social engineering tactics and how to identify them.

Brian Honan (Information Security Professional)

Brian Honan is a security professional and the owner of BH Consulting.
Brian Honan / Image Source: Meet in Ireland
By looking at profiles, we’ll know what technologies are being used in the company, because of all the certificates that they’ve received from different vendors

Infosec professional Brian Honan warns that oversharing personal information on social media can leave you vulnerable to social engineering attacks. This is because even a tiny bit of information can be used by a threat actor to unearth more information about you.

Lesson: Be cautious when sharing any information online.


Being cautious and vigilant when online is essential to protect yourself from social engineering attacks. Avoid clicking on suspicious links or attachments, be wary of strangers asking for personal information, keep your software and antivirus updated, and stay informed about the latest scams. Implementing employee training programs and software tools can also help prevent social engineering attacks.

Even the top minds on cybersecurity agree that nothing beats the basics!

Erum Shaikh
Erum Shaikh / Editor
Erum is a passionate psychotherapist by day and cyber sleuth by night. With over a decade of experience as a journalist, she loves to dig deep into the abyss of cybersecurity to find out what, why and how an incident occurred. Reach out to her on X @shaikherum
FAQsFrequently Asked Questions
A few basic rules can help you minimize the likelihood of suffering from a successful social engineering attempt. Make sure you don't share information about you online, check your email and messages for any suspicious links, and adopt multifactor authentication methods.