What Is Social Engineering?

BDR Ramata Touré

Written by Ramata Touré
University of Portsmouth

Social engineering attacks are a growing concern for Small and Medium Enterprises (SMEs) in the UK. According to the 2020 Cyber Security Breaches Survey, which was conducted by the UK government, SMEs in the UK were more likely to be the target of a cyber-attack than larger companies. In fact, 46% of SMEs reported experiencing a cyber-attack in the past 12 months, compared to 26% of larger companies.

Social engineering is a type of cyber-attack that uses psychological manipulation to trick individuals into divulging sensitive information or performing actions that are not in their best interests. Common social engineering techniques include phishing emails, pretexting, baiting, and quid pro quo. These techniques are particularly effective against SMEs, which often have fewer resources to devote to cybersecurity.

One of the most common social engineering techniques used against SMEs is phishing. Phishing attacks involve sending emails that appear to be from a legitimate source, such as a bank or a vendor, but are actually from a cybercriminal. These emails often ask the recipient to click on a link or download an attachment that contains malware or a virus. According to a 2020 report by the cybersecurity company, SonicWall, phishing attempts increased by 320% in the first quarter of 2020 alone.

Pretexting is another social engineering technique that is frequently used against SMEs. Pretexting involves a cybercriminal pretending to be someone else, such as an employee or a customer, in order to gain access to sensitive information. In a pretexting attack, the cybercriminal may call an employee and pretend to be from IT support, asking for the employee’s login credentials or other sensitive information.

Baiting and quid pro quo attacks are also becoming more common against SMEs. Baiting attacks involve leaving a physical device, such as a USB drive, in a public place with a label that makes it look like it contains valuable information. When an unsuspecting employee picks up the device and inserts it into their computer, malware is installed on their machine. Quid pro quo attacks involve a cybercriminal offering a benefit, such as a gift card or a free service, in exchange for sensitive information.

The consequences of a social engineering attack can be devastating for an SME. Not only can it result in the loss of sensitive data, but it can also damage the company’s reputation and lead to financial losses. In fact, the average cost of a data breach for an SME in the UK is £2,900, according to the 2020 Cyber Security Breaches Survey.

To protect themselves against social engineering attacks, SMEs must educate their employees about the risks and implement cybersecurity best practices. This includes regularly training employees on how to identify and respond to phishing emails, using multi-factor authentication, and conducting regular security audits.

In conclusion, social engineering attacks are a serious threat to SMEs in the UK, and their frequency is only increasing. By understanding the common social engineering techniques and implementing cybersecurity best practices, SMEs can protect themselves from these attacks and prevent the devastating consequences they can bring.

National Cyber Security Centre. (2021). Small Business Guide: Cyber Security. Retrieved from
Hiscox. (2021). Hiscox Cyber Readiness Report 2021. Retrieved from
UK Finance. (2020). Fraud the Facts 2020. Retrieved from https://www.ukfinance.org.uk/sites/default/files/uploads/Fraud%20the%20facts%202020.pdf
Federation of Small Businesses. (2021). Small Business Statistics. Retrieved from