What is social engineering?

by Jon Lober | NOC Technology

How hackers use personal information to mount an attack on your business, clients, and suppliers.

As cybersecurity technology advances, hackers are forced to rework their methods. Security services, software, and hardware have become more complex and effective, and fewer cybercriminals have the patience to sort through software code and hardware specifications to identify possible vulnerabilities and entry points.

However, this does not mean that there are fewer hackers, quite the opposite in fact. They have simply reoriented their attacks towards a far softer target in our digital defenses—humans.


Now, instead of slipping through virtual cracks, hackers aim to bypass human suspicion. Hackers do not need to weave past digital defenses to install malware if someone within the target network will simply click the download link for them—or even better, make a sizeable deposit directly to their account!


Such attacks rely on methods known as social engineering. In this approach, a cybercriminal leverages human susceptibility instead of technological vulnerabilities. Hackers abuse authority, trust, and persuasion instead of malicious code and software to con their victims into compliance.


In today’s digital environment, such scammers use a wide diversity of ploys—ranging from painfully obvious pleas to insidious and nearly undetectable PaaS schemes.


In this post, we will review three of the most common social engineering techniques and the hallmarks that can alert you to an attempted attack.


1. Phishing

The most common and venerable of social engineering techniques, everyone you know has likely been the target of a phishing scam.


Although phishing can use many possible vectors, each one attempts to trick victims into revealing their login credentials or private information through misleading communication. Most of this happens through email, though smishing (through SMS text), and vishing (through voice message or phone call), and social media methods are all on the rise as well.


Classic phishing usually takes the form of a misleading email that plays on the victim’s confidence. Clever scammers will even strategically time their attacks with the seasons to make the ploy more believable.  Summer vacation season and Christmas phishing scams are perennial favorites.


The most sophisticated versions of these scams rely on phishing-as-a-service (PaaS) groups to outfit them with a full suite of tools that can facilitate targeted attacks on individuals or businesses.

How to protect yourself against phishing attacks.

A number of options exist to protect yourself against phishing. A great first step is to use an advanced threat prevention system for your email inbox, such as Spam Titan, that quarantines suspicious emails before they even reach your inbox. In addition to these third-party options, Microsoft Outlook and Gmail also offer advanced protections to flag or quarantine suspicious emails before you open them unaware. Anytime you see such an alert, exercise extreme caution before you proceed.


In addition to these technological options, consider ongoing cybersecurity awareness training. A quality training regimen will keep your employee abreast of new, developing, and widespread schemes on a continual basis. Over time, employees will become aware of the red flags associated with such attacks, and how to detect them through methods such as:


  • Checking the sender’s email—not just the displayed name.
  • Mousing over any links to see the link’s true destination.
  • Recognizing common phishing requests.

2. Business Email Compromise (BEC)

In this targeted social engineering scheme, scammers impersonate business executives to manipulate employees into compliance.


As the most costly form of social engineering, the FBI reported that business email compromise (BEC) attacks resulted in total losses of $2.7 billion in 2022 alone.


As the total amount suggests, BEC attacks can be devastating. Fraudsters usually achieve their goals by manipulating or diverting a one-time or recurring wire transfer, which can be difficult to recover. These transfers are usually hijacked through communications with a compromised email account, or one that spoofs a legitimate account.  


Common BEC schemes often:

  • request a victim to make their next payment to a new account
  • impersonate a CEO that is requesting a deposit or purchase
  • send a “quick correction” to payment details immediately after a legitimate email from a supplier with deposit instructions 

How to protect yourself from a BEC scheme:

  1. Use strict internal controls processes that require multiple approvals before initiating large deposits or making changes to existing account information.
  2. Check the actual email address of a sender, not just the displayed name.
  3. Remember that even if the email address is valid, if compromised it could be controlled by a hacker.
  4. Call the recipient on the phone prior to making any changes to payment details.
  5. Routinely audit your network.
  6. Implement ongoing cybersecurity training for all employees.



In addition to the above recommendation, we have published an eBook that addresses business email compromise in greater detail. You can get your free download of Email Fraud: How to keep hackers from hijacking your inbox on our website.

Get Your Free eBook

3. Physical Social Engineering

Sometimes the quickest path to your data is not through the internet, but on foot.


Though less common than digital means, physical methods of stealing data and credentials can be equally effective. Even if an organization has excellent firewalls, email monitoring, and endpoint protection, a well-prepared physical intruder can wreak havoc on your network.


Actual physical tactics vary widely. Though they might seem too obvious, this does not prevent them from being effective.


Intruders can piggyback through a locked door, holding the door for someone with credentials. Shoulder surfers patrol airports and cafes, watching or recording people as they log into their accounts. Determined hackers will not hesitate to dumpster dive in the waste of a careless business.


Although USB drives are slowly being replaced by the cloud and other touchless sharing methods, they can still represent a legitimate threat to any organization.


Hackers can simply drop infected USBs in a parking lot, bank lobby, office building or other public area and wait for a curious individual to check it out—unintentionally downloading malware onto their computer in the process. Some scammers go as far as to leave flash drives with tempting labels like “salary information” or “private” in conspicuous places.



Though simple, USB-based attacks are effective. US power plants and Iranian nuclear facilities have both fallen prey to infected flash drives.

How to protect your business from physical social engineering attacks

Although there are many ways to protect your business from physical infiltration, here are a few simple steps that you can take right away that can dramatically improve your odds.


  1. Establish and communicate strict security policies. E.g. No door-holding.
  2. Implement biometric access for buildings, devices, or hardware closets.
  3. Ensure secure disposal of physical documents and data storage devices.
  4. Prohibit flash drives and external hard drives from the premises.
  5. Use video surveillance of entire premises.
Missouri Sheltered Workshops can empower human potential through AI
By Jon Lober April 24, 2025
Embracing the potential of both AI and humans
Tech upgrades that will boost employee safety in sheltered workshops
By Jon Lober April 15, 2025
At NOC Technology, we've worked with Missouri sheltered workshops for over seven years, and I've witnessed firsthand how the right technological implementations can transform sheltered workshop environments. Today, I'd like to share some insights on leveraging modern technology to create safer workspaces while maintaining the dignity and privacy of all participants. The Unique Safety Challenges of Sheltered Workshops Sheltered workshops provide valuable employment opportunities for individuals with disabilities, but they also present unique safety considerations. Workers may have varying levels of physical mobility, cognitive processing, and sensory perception—all of which can impact how they respond to traditional safety measures. Additionally, the production environments often involve machinery, tools, and materials that require careful monitoring and management. The Role of Smart Technology in Safety Advancements in smart technology provide real-time safety monitoring, immediate alerts for potential hazards, and improved emergency response times. Let’s explore some key technologies and their benefits in sheltered workshop environments. Personalized Alert Systems Traditional emergency alarms can be overwhelming for individuals with sensory sensitivities. Smart alert systems can deliver personalized notifications through: Vibrating wristbands that alert workers without auditory overload Visual notification systems with customizable colors and patterns Tablet-based communication for workers who benefit from visual cues Location-specific alerts that only notify those in affected areas We recently implemented a multi-modal alert system at a workshop in central Missouri that reduced anxiety-related incidents during emergency drills by 65% . Environmental Monitoring Maintaining optimal environmental conditions is crucial for both safety and productivity: Temperature and humidity sensors that automatically adjust HVAC systems Air quality monitors that detect potentially harmful particulates Noise level monitoring to prevent sensory overload Automated ventilation systems that activate when chemical levels exceed thresholds These systems not only protect workers but also provide documented compliance with OSHA regulations. Enhanced Supervision through Smart Cameras Security cameras have evolved beyond simple surveillance. Modern systems can: Detect unusual patterns that might indicate a worker in distress Monitor restricted areas without constant staff presence Identify when machinery is being used incorrectly Alert supervisors to potential safety hazards Important note: All camera systems should be implemented with strict privacy protocols and transparent policies. Workers and guardians should be fully informed about what is being monitored and why. In many cases, audio cannot be recorded, and the camera system must be configured to meet this requirement. Wearable Safety Technology Wearable devices offer personalized safety monitoring without stigmatization: Fall detection pendants that automatically alert staff Location tracking that helps locate workers in emergency situations Biometric monitoring for workers with health conditions Proximity sensors that prevent accidental entry into hazardous areas These wearables can be designed to look like standard ID badges or watches, preserving dignity while enhancing safety. Implementation Best Practices Successfully integrating smart technology into sheltered workshops requires careful planning: Involve all stakeholders: Workers, guardians, and staff should participate in selecting and implementing new technologies. Prioritize simplicity: Choose solutions that require minimal training and maintenance. Phase in gradually: Introduce new technologies in stages to allow everyone time to adapt. Balance automation with human oversight: Technology should supplement, not replace, trained staff. Respect privacy: Collect only essential data and maintain strong security protocols.
Could your sheltered workshop benefit from grant funding for new technology?
By Jon Lober April 7, 2025
As a sheltered workshop, you play a crucial role in providing meaningful employment opportunities for individuals with disabilities. However, like any organization, securing funding for technology upgrades can be a challenge. While investing in the right tools can improve efficiency, security, and overall productivity—that’s all only if you can afford the tools in the first place.
More Articles