Stay up-to-date with the latest insurance and investing news, tips, and information.

Common Types of Social Engineering Attacks

February 11, 2021

Many cybercriminals are using social engineering attacks to exploit vulnerabilities in remote workers, targeting businesses of all sizes. These scams become especially dangerous as remote work becomes more common.

According to the Canadian Centre for Cyber Security (CCCS), cybercriminals have increased their attempts to identify and exploit individuals working from home since the COVID-19 pandemic began. Cybercriminals view remote workers as ripe for exploit due to the fact that many individuals are relatively inexperienced with remote working. What's more, home networks are generally less secure than those at the workplace.

Social Engineering Meaning

Social engineering is the act of accessing information, physical places, systems, data, property or money by using psychological methods, rather than technical methods or brute force. Social engineering attacks rely on exploiting psychological weaknesses and blind spots in order to convince victims to give social engineers what they want. These scams are common and are especially dangerous as remote work becomes more widespread.

READ: Cyber Threats in Canada: A Growing Concern

Common Social Engineering Attacks

There are many different types of social engineering attacks, each utilizing different strategies to prey on people’s curiosity and trust. Some of the most common are:

  • Phishing
  • Baiting
  • Quid Pro Quo
  • Pretexting


Phishing is when a cybercriminal attempts to obtain valuable information by tricking people into visiting a fake website or clicking a link that installs malware. This is typically done via email or text message. While phishing may be used to target specific individuals, such as a person of authority at an organization, it is often a mass untargeted attack.


Baiting is the offer of a reward (e.g., a monetary prize or discount) for taking a course of action, such as clicking on a link. Baiting can also be a physical attack. For instance, a malicious party might leave a USB marked “confidential” in public, hoping someone will find it and plug it into their computer. Once plugged in, the USB could install malware or other malicious software.

Quid Pro Quo

Quid pro quo involves a seemingly legitimate exchange wherein the targeted person believes they are receiving a good deal. For example, a malicious party may identify themselves as an IT consultant offering a technical service in exchange for login details.


Pretexting is when someone impersonates a known co-worker or authority figure in an attempt to gain access to secure information.

DOWNLOAD: Employee Cyber Training Manual

How to Reduce the Risk of Social Engineering Attacks

Fortunately, many social engineering attacks can be prevented through these simple cybersecurity practices:


Train your employees to watch out for messages with odd text formatting from unknown or unusual sources. Something that seems legitimate at a glance often fails to hold up under scrutiny.

Reinforce security

Stress the importance of never giving out logins or other valuable company information to an unidentified third party. Employees should never click links or visit web pages that they are unfamiliar with.

Update software

Keep all software updated with the latest security features.

Encourage teamwork

Encourage employees to contact the IT department if they receive a message that they believe might be a scam.

Review insurance

Review your cyber insurance policy to ensure that your organization is protected in the event of a cyberattack.

Contact Scrivens today to learn more about how you can protect yourself from social engineering attacks and discuss your current cyber liability insurance coverage.