Tech Hygiene - Social Engineering

Written By Julian Sheppard

Let’s talk about social engineering and tech hygiene. We already know about the “scrubber” in password management and the “soap” in cybersecurity, but now we need to think about our mindset — our habits and awareness — to maintain hygiene in the digital world.

So, what is social engineering?

It’s essentially the art of understanding you as a person — how you communicate and react — and then manipulating that understanding against you. A common tactic is to trigger a strong emotion, like fear, and use that emotional response to influence your decisions. It’s sometimes called social hacking.

In most cases I’ve seen, when someone gets hacked, it’s not the device itself that’s compromised — it’s their emotional state or mindset. That’s what allows them to willingly give up information.

For example, someone might receive a call from a calm, friendly, and knowledgeable-sounding person. The victim feels completely secure and believes they’re being helped. As a result, they grant access to their computer. Once inside, the scammer can install spyware, keyloggers (which record every keystroke, including passwords), and other malicious tools that quietly collect information

The more they learn about you, the easier it becomes to access your accounts. They’ll uncover your children’s names, important people in your life, and where you live — even where you’ve lived in the past. With this personal information, they can dig deeper and try to access bank accounts, health details, and other sensitive data.

Ultimately, a huge part of their success comes from establishing communication — that’s how they get you to trust them and hand over information.

Spotting Social Engineering:

So, how can you spot social engineering? How do scammers manipulate you into giving up information? Let’s break it down into three key areas: the how, emotion, and communication.

The How:

This one’s pretty straightforward. Ask yourself:

• How did this interaction begin?

• Where did you get the information to speak to this person?

• How are they communicating with you?

Often, these scams start with a pop-up or message claiming to fix a problem. For example, something might take over your screen and tell you to call a number to remove a virus or resolve a security issue.

But think about it — why would something need to take over your device and demand that you call a number? Legitimate cybersecurity teams don’t do that.

Sometimes, you might get an email saying you have an overdue bill or a suspended account. If you take a breath and actually read the message carefully, you’ll often spot clues: spelling errors, strange phrasing, or requests that don’t quite make sense (“Call this number now to fix the scam!”).

If something takes over your screen, don’t interact with it. Use your phone to look up the company’s real contact information. Ask yourself, does this number actually belong to the brand it claims to be?

Question the situation: Why is this happening, and how did it start?

Emotion:

Scammers know emotions are the fastest way to get past your logic. They’ll make you feel fear, urgency, even gratitude — whatever works to get you reacting instead of thinking. Usually, they’ll start with panic: “Your account’s been compromised!” or “You’re about to lose all your files!” Then, once you’re anxious, they switch to calm reassurance — someone friendly who says they can fix everything for you.

If that doesn’t work, they go back to pressure and intimidation. It’s a cycle designed to keep you emotional and off balance. Real companies don’t communicate that way. They don’t use fear or flattery — they stick to facts.

And here’s the thing: even smart, careful people fall for this. Once your emotions are triggered, logic takes a back seat. The trick is to notice when that happens. If you feel a sudden rush of fear, relief, or urgency, pause for a second. Ask yourself, “Should I really be feeling this way right now?” Take a breath, step back, and talk it through with someone you trust. Being targeted doesn’t mean you did anything wrong — it just means you’re human.

Communication:

When someone’s trying to scam you, their words are carefully chosen to steer your emotions. They’ll either sound calm and confident — “Don’t worry, we’ll fix it for you, no problem at all” — or they’ll act like it’s an emergency: “You’re about to lose everything if you don’t act now!”

Both extremes are warning signs. Real tech problems don’t usually lie at either end of the spectrum. Technology has its ups and downs, but it’s rarely a crisis — and no one can promise absolute safety. If a conversation makes you feel too comfortable or too panicked, that’s your cue to pause.

That simple pause is your strongest defence. Scammers thrive on keeping you emotional, because emotions override reason. Staying calm and curious keeps you in control — and that’s exactly where you want to be.

Bringing It All Together

Social engineering is really about people — not just technology. The more aware you are of how scammers think and communicate, the stronger your digital defences become. Good tech hygiene isn’t just about having strong passwords or antivirus software; it’s about staying calm, curious, and in control when something feels off.

Remember, every pop-up, phone call, or message is an opportunity to pause and think before reacting. The more you question, the less power a scammer has over you. You don’t need to be a tech expert — you just need awareness and a bit of practice.

If something doesn’t feel right or you’re unsure how to handle a situation, don’t go it alone. Get in touch with me — I’m here to help you make sense of it, check what’s real, and guide you through staying safe online. Whether it’s a strange email, a suspicious pop-up, or just a gut feeling that something’s off, reach out. Together, we can keep your digital life secure and your confidence strong.

Julian Sheppard
Next

Tech Hygiene - Why Cybersecurity?