---
title: "Social engineering attacks- techniques and prevention | DMARC Report"
description: "Social engineering is the persuasion or manipulation of human psychology by threat actors to achieve a malicious goal."
image: "https://dmarcreport.com/og/blog/social-engineering-attacks-techniques-and-prevention.png"
canonical: "https://dmarcreport.com/blog/social-engineering-attacks-techniques-and-prevention/"
---

Quick Answer

Social engineering is the persuasion or manipulation of human psychology by threat actors to achieve a malicious goal. The aim is to fool targets into trusting \[threat actors\](https://www.cybersecuritydive.com/news/first-american-financial-encrypted-data/703411/) and lowering their guards so that they can invade systems to steal data, install malware, intercept important documents, make \[fraudulent financial transactions\](https://money.usnews.com/investing/articles/biggest-corporate-frauds-in-history), etc. They may also ask you to share \[Social Security numbers\](https://www.investopedia.com/terms/s/ssn.asp), credit card details, health records, family information, etc. Social engineering is usually one of the steps or stages of

Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fsocial-engineering-attacks-techniques-and-prevention%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Social%20engineering%20attacks-%20techniques%20and%20prevention&url=undefined%2Fblog%2Fsocial-engineering-attacks-techniques-and-prevention%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fsocial-engineering-attacks-techniques-and-prevention%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fsocial-engineering-attacks-techniques-and-prevention%2F&title=Social%20engineering%20attacks-%20techniques%20and%20prevention "Share on Reddit") [ ](mailto:?subject=Social%20engineering%20attacks-%20techniques%20and%20prevention&body=Check out this article: undefined%2Fblog%2Fsocial-engineering-attacks-techniques-and-prevention%2F "Share via Email") 

![Social engineering attacks- techniques and prevention](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) 

\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses.

> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.

Social engineering is the persuasion or manipulation of human psychology by threat actors to achieve a malicious goal. The aim is to fool targets into trusting [threat actors](https://www.cybersecuritydive.com/news/first-american-financial-encrypted-data/703411/) and lowering their guards so that they can invade systems to steal data, install malware, intercept important documents, make [fraudulent financial transactions](https://money.usnews.com/investing/articles/biggest-corporate-frauds-in-history), etc. They may also ask you to share [Social Security numbers](https://www.investopedia.com/terms/s/ssn.asp), credit card details, health records, family information, etc. Social engineering is usually one of the \*\*steps or stages of a larger cyberattack attempted by stealing your identity.

This [cyberattack](https://ciso.economictimes.indiatimes.com/news/next-gen-tech/hackers-tap-social-engineering-ai-to-drive-more-cyber-attacks-in-2024/106564972) trick is gravely dangerous as it’s not always easy to spot, and employees of big companies like Twitter have also fallen into the trap. This blog discusses the Twitter Bitcoin scam (2020) in detail, along with techniques for the prevention of **social engineering attacks**.

## Real-life social engineering scam example- the Twitter Bitcoin scam (2020)

In 2020, when the world was dealing with the COVID-19 outbreak, a group of [malicious actors](https://www.securitymagazine.com/articles/100984-malicious-actors-are-leveraging-peak-travel-and-vacation-times) used social engineering tactics by reaching out to [Twitter employees by phone](https://en.wikipedia.org/wiki/2020%5FTwitter%5Faccount%5Fhijacking) and pretending to be colleagues or **legitimate business partners**. They smartly convinced these employees to give them credentials that allowed them to access the internal system of Twitter.

![Dmarc record](https://media.mailhop.org/dmarcreport/images/2024/08/dmarc-record-6.jpg) 

They used tools to reset passwords and bypass [two-factor authentication](https://www.investopedia.com/terms/t/twofactor-authentication-2fa.asp) for the targeted accounts, including those belonging to celebrities, politicians, and business owners like Elon Musk, Barack Obama, Bill Gates, and Jeff Bezos. They tweeted a similar message from each of the hacked accounts, urging followers to send Bitcoins to a **specific address**. The bait was the promise of doubling the amount in return.

Here’s what was tweeted from Elon Musk’s account- “I’m feeling generous because of COVID-19\. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!”

## The response and impact

Twitter acted responsibly and deactivated the compromised account after taking down the fake tweets. The bad actors got away with **$121,000 in Bitcoin**, which was relatively smaller considering the high-profile targets. This is because the attack’s true intention was to damage Twitter’s trust and reputation.

The FBI convicted three individuals- 17-year-old Graham Ivan Clark from Florida, the mastermind, and his accomplices, [Mason Sheppard from the UK](https://www.independent.co.uk/news/world/americas/twitter-hack-teenager-arrest-obama-elon-mask-biden-florida-a9649026.html) and Nima Fazeli from Florida. Clark was later sentenced to three years in **juvenile detention**.

### \*\*The takeaways from the attack The [high-profile scam](https://www.bleepingcomputer.com/news/security/fbi-warns-of-phishing-targeting-high-profile-brands-customers/) was no less than a wake-up call for social media platforms, businesses, and users alike. It underscored the \*\*importance of training employees to read [red flags](https://www.usatoday.com/story/tech/2021/10/13/red-flag-meme-takes-over-tik-tok-twitter-facebook-instagram/8437407002/),

deploying stronger defense methods , and creating effective and swift incident response plans to mitigate and contain attacks in time.

## Social engineering techniques

[98% of cyberattacks](https://sprinto.com/blog/social-engineering-statistics/#:~:text=Social%20engineering%20scams%20are%20on,posing%20serious%20threats%20to%20organizations.) involve the use of social engineering at some stage or the other. Here are the common \*\*conventional and contemporary tactics that are being used.

## 1\. Baiting

As the name indicates, the baiting technique involves a false promise to pique the victim’s interest, greed, and curiosity. The ‘bait’ usually contains malware or other [malicious payloads](https://thehackernews.com/2024/05/malware-delivery-via-cloud-services.html) that \*\*compromise the systems and security when activated or plugged in.

_Baits can be in any form- physical or online. In the case of physical baiting, the bait is placed where the target is most likely to see it - for example, in the parking lot, lobby, washroom, cafeteria, etc._ These are usually labeled with something intriguing like ‘**Confidential’ or ‘Appraisal 2024**.’ For online baiting, attackers leave the baits in free-to-download movies, software, games, etc.

Once the bait is engaged, malware is installed, or the victim is directed to a [malicious website](https://finance.yahoo.com/news/australia-warns-malicious-websites-cyber-013439463.html), leading to data theft, **system compromise**, or further infiltration into the network.

## 2\. Scareware

Scareware bombards targets with fake alerts and threats , convincing them to believe their systems are infected with malware. This deception prompts users to \*\*install software that is either useless or malicious. Scareware is also known as [deception software](https://www.techtarget.com/whatis/definition/deception-technology), rogue scanner software, or fraudware. It’s often spread through spam emails that issue false warnings or offer worthless or harmful services for purchase.

## 3\. Pretexting

In [pretexting](https://blog.knowbe4.com/pretexting-defined), threat actors obtain information through several lies they craft creatively and cleverly. The attacker begins by gaining the victim’s trust, **pretending to be a co-worker**, police officer, bank official, or someone else with authority. They then ask questions that seem necessary to confirm the victim’s identity, but in reality, they are collecting important personal information.

## 4\. Quid pro quo

Quid pro quo is a Latin term that can be loosely translated as ‘this for that’ or ‘something for something.’ In [quid pro quo](https://www.duocircle.com/data-privacy/what-is-a-quid-pro-quo-attack), the cybercriminal offers something valuable or helpful in exchange for information or access to a system. For example, they can pretend to be an IT support person helping you troubleshoot a system or program, but in return, they ask you for login credentials or other **sensitive information**. You may think you are getting help, but in reality, you are giving away valuable data or access to the attacker.

## 5\. Deepfake technology

Deepfake technology, **powered by AI**, has been used to create realistic fake audios and videos that can be used in social engineering attacks. For instance, in 2019, [a deepfake audio attack](https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/) was reported in which cybercriminals used AI to mimic the voice of a company’s CEO, convincing an employee to transfer $243,000 to a fraudulent account.

## Be wary, vigilant, and defensive

Be wary of offers and deals that sound too good to be true because there are chances that those are actually ‘**too good to be true**.’ Think and question yourself before accepting it as a fact. Moreso, don’t shrug off the power of multi-factor authentication, as it ensures an unauthorized entity doesn’t get access to your account despite getting their hands on the password.

![Dmarc record generator 9715](https://media.mailhop.org/dmarcreport/images/2024/08/dmarc-record-generator-9715-1.jpg) 

When it comes to [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/), be vigilant by implementing [DMARC](https://dmarcreport.com/), [SPF](https://dmarcreport.com/what-is-spf/), and [DKIM](https://dmarcreport.com/what-is-dkim/). These \*\*protocols help protect against social engineering attacks like phishing and spoofing.

_Turn on automatic updates or regularly download the latest version of software you use; don’t brush off the notifications asking you to update them_. Since [social engineering manipulates human psychology](https://medium.com/@okanyildiz1994/the-art-of-social-engineering-manipulating-the-human-element-cca2afbc6eed), you and your employees are the **most vulnerable asset**. So, educate them on the latest social engineering tactics so they know what to be wary of.

## Topics

[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/) 

![Vasile Diaconu](https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg) 

[ Vasile Diaconu ](/authors/vasile-diaconu/) 

Operations Lead

Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.

[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/) 

## Take control of your DMARC reports

Turn raw XML into actionable dashboards. Start free - no credit card required.

[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) 

## Related Articles

[  Foundational 8m  10 Critical Learnings From Verizon’s 2021 DBIR - A DMARCReport Perspective  Nov 25, 2025 ](/blog/10-critical-learnings-from-verizons-2021-dbir-a-dmarcreport-perspective/)[  Foundational 12m  10 DNS Blacklist Insights That Improve Email Security And Deliverability Fast  Nov 14, 2025 ](/blog/10-dns-blacklist-insights-to-improve-email-security-and-deliverability/)[  Foundational 12m  10 Email Spoofing Detection Tools That Dramatically Improve Brand Protection  Nov 11, 2025 ](/blog/10-email-spoofing-detection-tools-that-dramatically-improve-brand-protection/)[  Foundational 12m  10 Reasons SPF Filtering Is Critical For Email Security  Nov 19, 2025 ](/blog/10-reasons-spf-filtering-is-critical-for-email-security/)

```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Social engineering attacks- techniques and prevention","description":"Social engineering is the persuasion or manipulation of human psychology by threat actors to achieve a malicious goal.","url":"https://dmarcreport.com/blog/social-engineering-attacks-techniques-and-prevention/","datePublished":"2024-08-29T10:18:11.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-08-29T10:18:11.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/social-engineering-attacks-techniques-and-prevention/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, SPF","wordCount":1127,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Social engineering attacks- techniques and prevention","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Social engineering attacks- techniques and prevention","item":"https://dmarcreport.com/blog/social-engineering-attacks-techniques-and-prevention/"}]}
```