Social Engineering Awareness Cheat Sheet
Covers common social engineering attack techniques, red-flag indicators, and practical verification steps to help employees resist manipulation.
1 PageBeginnerFeb 2, 2026
Common Attack Types
The main social engineering techniques attackers use.
- Phishing- Mass email impersonating a trusted brand to harvest credentials or deliver malware
- Spear phishing- Highly targeted phishing using personal details about the victim or organization
- Vishing- Voice-call phishing, often impersonating IT support, banks, or executives
- Smishing- Phishing via SMS text messages, frequently spoofing delivery or bank alerts
- Pretexting- Attacker invents a fabricated scenario (e.g. auditor, vendor) to extract information
- Baiting- Leaving infected USB drives or fake downloads to lure victims into executing malware
- Tailgating- Following an authorized employee through a secure door without badging in
- Quid pro quo- Offering a fake service or reward (e.g. 'free tech support') in exchange for access
Red Flags to Watch For
Signals that a message or call may be a social engineering attempt.
- Urgency- Pressure to act immediately, bypassing normal verification steps
- Authority impersonation- Sender claims to be a CEO, executive, or law enforcement to discourage questioning
- Mismatched sender domain- Display name looks legitimate but the reply-to or domain is subtly misspelled
- Unusual payment requests- Wire transfers, gift cards, or invoice changes requested outside normal process
- Generic greeting with personal ask- 'Dear user' combined with a request for sensitive credentials or data
- Unexpected attachments/links- Links or files you did not request, especially with shortened URLs
Verifying a Suspicious Link
Steps to inspect a URL before clicking, without visiting it.
bash
# Hover over the link in your email client to preview the real URL# (do NOT click) - check the status bar or tooltip# On a suspicious link you already copied, inspect it safely:curl -sI "https://example.com/suspicious-link" | head -5 # check headers only, no rendering# Expand a shortened URL without following it (use an unshortening service)curl -sI "https://tinyurl.com/abcd1234" | grep -i location# Compare the domain against the organization's real domainwhois example.com | grep -i "creation date" # newly registered domains are a red flag
Checking Email Authenticity
Inspect SPF/DKIM/DMARC results in raw email headers to spot spoofing.
bash
# View raw headers (Gmail: 'Show original', Outlook: 'View message details')# Look for authentication results, e.g.:# Authentication-Results: mx.example.com;# spf=fail smtp.mailfrom=attacker.com;# dkim=none;# dmarc=fail (p=REJECT) header.from=yourbank.com# spf=fail -> sending server not authorized for that domain# dkim=fail -> message content/signature does not match# dmarc=fail -> policy says reject/quarantine unauthenticated mail
What To Do When Targeted
Recommended response steps for suspected social engineering attempts.
- Do not respond directly- Never reply to or call numbers provided in the suspicious message
- Verify out-of-band- Call the person or company using a known, previously saved phone number
- Report to security team- Forward phishing emails to your organization's designated abuse/security mailbox
- Do not enter credentials- Never log in via a link from an unsolicited email; navigate to the site directly
- Preserve evidence- Keep the original email/message headers intact for incident response analysis
Pro Tip
For high-value requests like wire transfers or password resets, establish a pre-agreed verbal 'safe phrase' with finance and IT teams — attackers using deepfake voice or video can mimic tone and appearance, but not a shared secret they were never told.
Was this cheat sheet helpful?
Explore Topics
#SocialEngineeringAwareness#SocialEngineeringAwarenessCheatSheet#Cybersecurity#Beginner#CommonAttackTypes#RedFlagsToWatchFor#VerifyingASuspiciousLink#CheckingEmailAuthenticity#CheatSheet#SkillVeris
Advertisement
Sri Hayavadhana Info-Tech
Professional Web Designing Services
- Responsive Websites
- E-commerce Solutions
- SEO Friendly Design
- Fast & Secure
- Support & Maintenance