Protecting UK Families & BusinessesKnowledge is power — we make sure you have it
Menu ☰
🛡 CyberAware UK
🔍𝕏🎧
Menu
Home🔍 Search
Live Threat Intel
DashboardHorizonReportsScams DatabaseThreat MapDark WatchData at a Glance
Been Scammed? Start Here
Help — I've Been ScammedRecovery GuideReport a CrimeVictim SupportEmotional SupportSupport & FAQ
Lock It Down
HackingSecurity EducationSocial EngineeringEthical HackersDigital FootprintInsurance FraudFighting Back
Scams & Money
London ScamsGov FraudIdentity FraudRomance ScamsCyber StalkingLawNew Legislation
Reviews & Tests
Product Reviews
Know Your Stuff
PodcastQuizFree GuideLearning HubTeensBullySilver SurfersManga HeroCulture
Go Deeper
InvestigationsNew TechAI FutureDigital DetoxAsk UsTech News
Careers
Cyber Careers
About Us
AboutForensic ToolsShopAdvertiseBusiness
© 2026 CyberAware UK

Social Engineering

The art of manipulating people into giving up confidential information. Most cyber attacks start with psychology, not code.

10
Attack Types
91%
Attacks start with social engineering
BIGGEST THREAT
AI voice cloning rising fast

Why You Need to Know This

Social engineering bypasses firewalls, encryption, and antivirus entirely. It targets the one vulnerability every system has: people. The best technical defences mean nothing if an employee gives away their password over the phone. Every UK adult is a target at home and at work. Understanding these tactics is your first line of defence.

Types of Social Engineering Attacks

Phishing

Email scams pretending to be legitimate organisations

UK Example

"Your account has been compromised" — fake emails from your bank, HMRC, or delivery companies

Stats: 91% of cyber attacks start with phishing. UK banks report 200,000+ phishing attempts daily.
Protection: Never click links in unexpected emails. Go directly to the website. Check the sender address carefully.

Vishing (Voice Phishing)

Phone call scams using fake caller ID and impersonation

UK Example

Calls claiming to be from your bank's fraud team, the police, or a government department asking you to move money

Stats: UK victims lost £236m to phone scams in 2024. Average loss per victim: £7,500.
Protection: If someone calls asking for money or personal info, hang up. Call your bank on the number on the back of your card.

Smishing (SMS Phishing)

Fake text messages with malicious links

UK Example

"Your parcel is on hold — confirm delivery" fake DPD, Royal Mail, Evri texts

Stats: 76% of UK adults received a scam text in 2024. Fraud losses from smishing up 42% year on year.
Protection: Do not click links in unsolicited texts. Report scam texts to 7726 (free).

Pretexting

Creating a fake scenario to steal information

UK Example

Someone posing as IT support asking for your password, or a "researcher" conducting a "survey"

Stats: Pretexting attacks increased 87% in 2024, targeting HR and finance departments.
Protection: Verify identities through official channels. Never share passwords or PINs with anyone.

AI Voice Cloning

Deepfake audio impersonating someone you know

UK Example

Fake voicenotes from "family members" in distress asking for money. CEO fraud using cloned executive voices.

Stats: 40% of UK adults could not tell a real voice from a cloned one. The tech costs £3 and 3 seconds of audio.
Protection: Agree a safe word with family. If a call seems off, hang up and call back on the known number.

CEO Fraud / Whaling

Impersonating senior executives to authorise payments

UK Example

Fake emails from the CEO to finance teams requesting urgent bank transfers

Stats: UK businesses lost £180m+ to CEO fraud in 2024. Average loss: £18,000 per incident.
Protection: Always verify payment requests verbally. Implement dual-authorisation for transfers over a threshold.

Baiting

Tempting victims with free stuff that contains malware

UK Example

Free USB sticks at conferences that install ransomware. Fake prize draws that steal personal data.

Stats: Over 50% of people will plug in a found USB drive. 44% of office workers click free offers without checking.
Protection: Never plug unknown USB devices into your computer. Think before you click free.

Tailgating (Physical)

Following someone into a secure area without authorisation

UK Example

Someone pretending to be a delivery driver or cleaner following employees through security doors

Stats: 80% of tailgating attempts succeed. Only 15% of employees challenge someone at a secure door.
Protection: Challenge anyone you do not recognise. Let security know immediately.

Quid Pro Quo

Offering something in exchange for information

UK Example

Fake IT support offering free antivirus in exchange for remote access to your computer

Stats: Quid pro quo attacks have a 70%+ success rate. People feel obligated when offered something free.
Protection: No legitimate company asks for payment or personal info to unlock a free service.

Watering Hole

Infecting websites that your target group regularly visits

UK Example

A scammer compromises a popular UK forum or community site, then steals data from everyone who visits

Stats: Watering hole attacks are rare but devastating. One compromised site can affect thousands of users.
Protection: Keep your browser and extensions updated. Use an ad blocker. Be cautious about sites asking for personal info.

The Universal Rule

No legitimate organisation will ever ask for your password, PIN, or full bank details over the phone, email, or text. If someone asks it is a scam.

Report social engineering attacks to Action Fraud. Report scam texts to 7726.