I am usually not a man of a few words. I am the opposite. I write hundreds of pages a month and talk non-stop in person. But lately, I have been trying to be better at saying more with less. With that in mind, I tried to boil down social engineering attacks in as few words as possible.
Social engineering is a scam which attempts to have a person perform an action which is against their own self interests. It is a con. Usually, the action is to provide confidential information (e.g., login information) or to execute malicious trojan horse content.
Most social engineering attacks have four common traits, which if present, signal a far higher likelihood of a scam being involved. Asking and answering four questions can help you avoid becoming a victim. If they are present, you should go out of your way to confirm the request using an additional, more trusted method before performing any action. Here is the flowchart of those questions:
Not every message with these four traits is absolutely a social engineering scam. Our email inboxes, voice mail and postal mailboxes are full of unexpected requests. That is life. But when these four traits are present, you need to confirm the request using some other guaranteed-to-be-safe method before performing it. Think before you act.