Social Engineering: 4 Red Flag Questions

By Amos Aesoph, Xigent CISO

Social Engineering

Ninety percent of all cyberattacks involve social engineering, the art of manipulating or influencing your employees to gain control over your organization’s computer system. Cybercriminals look for opportunities to motivate you to open an attachment, click a link, or take some sort of action that allows them to breach your security.

While new tactics emerge from day to day, certain common traits can serve as red flags that you may be targeted in a scam. According to Xigent’s partner KnowBe4, simply asking yourself four questions can help you identify social engineering. If the answer is yes to any of the following, be suspicious:

  1. Does the message arrive unexpectedly? We all get messages every day that we don’t expect, but an email, call, or text that comes without warning is more likely to be social engineering.
  2. Is this the first time a sender has asked you to perform the requested action? If your coworker or CEO has never asked you to send money, execute a program, or provide a password, you need to think twice before acting.
  3. Does the request include a “you need to do it NOW” stressor? Cybercriminals don’t want you to stop to think about what they’re asking. They create a false sense of urgency to get you to act without asking questions.
  4. If the request is malicious, can performing it harm your interests? If the action you’re being asked to take could potentially hurt you or others, such as providing confidential information, stop and think. Stop and ask some more questions before you do anything more.


One of the best ways to cut the effectiveness of social engineering with your employees is to educate them on the latest tactics and threats being used by cybercriminals. Effective training can help transform your employees from your biggest security liability to your first line of defense against social engineering.

Xigent consultants can help you assess your organization’s operations and security practices and create a multi-layered security program, including training, that meets your unique needs.

Get a Security Assessment