In cyber attacks involving social engineering, criminals attempt to mislead their victims into voluntarily disclosing data, bypassing security measures or willingly installing malware on their personal systems. Cyber criminals are sophisticated in the way they carry out their attacks, just like spies. They exploit human characteristics such as the willingness to help others, trust, fear or respect for authority.

On this page we have collated a range of practical tips and background information on social engineering for you, provided by the BSI and the Alliance for Cyber Security (ACS). Use them to make your employees aware of the risks associated with phishing, CEO fraud and so on -- and in the process, you will make it as hard as possible for cyber criminals to exploit the "human vulnerability factor" within your company.

Video: "What is social engineering?"

In social engineering, the attacker exploits the "human factor", which is presumably the weakest link in the security chain, for their criminal purposes. In this video (in German), a BSI expert explains why all employees need to find out about these scams and how to avoid them.

Tips for citizens to protect themselves against social engineering

An article on our section for consumers explains what employees need to look out for, especially when using social networks or if they receive suspicious e-mails or calls from people they do not know. The golden rule is this: the most effective protection against social engineering is to apply good common sense.