Simpl Tech Tips — Phishing & Social Engineering Explained
Simpl Tech Tips

Phishing & Social Engineering, Explained

Most online attacks don't break in by hacking a computer — they trick a person. Social engineering is the art of manipulating you into handing over passwords, money, or access, and phishing is its most common form. Here's how it works and what to watch for, in plain English.

How an attack unfolds

1

They do their homework

Attackers gather details from social media, data breaches, and company websites — your name, job, contacts, and the brands you trust.

2

They reach out

A message, text, call, or DM lands in your inbox — often impersonating your bank, your boss, a delivery service, or a familiar brand.

3

They press your buttons

Urgency, fear, authority, or curiosity push you to act fast — "your account is locked," "pay now," "click to confirm" — before you can stop and think.

4

They cash in

You click a fake link, type your password, or send money — and the attacker walks away with your credentials, your data, or your funds.

The key idea

These attacks target you, not your devices.

Antivirus and firewalls are good at stopping malicious software — but social engineering sidesteps all of that by going after the human. Instead of cracking a password, the attacker simply asks you for it, dressed up as someone you trust. That's why the best defence isn't a gadget; it's a habit. Slow down when a message creates pressure, verify who's really contacting you through a channel you trust, and never share passwords or one-time codes with anyone, no matter how official they sound.

Common forms to recognise

Email phishing

Mass-sent fake emails posing as trusted brands, with a link to a lookalike login page or a malicious attachment. Watch for odd sender addresses and generic greetings like "Dear Customer."

Most Common

Spear phishing

A targeted version aimed at one person, using real details about you to seem convincing. Because it's personalised, it's far harder to spot than a generic blast.

Highly Targeted

Smishing & vishing

Phishing by text message (smishing) or phone call (vishing) — a "missed delivery" text or an urgent call from "your bank's fraud team." The channel changes; the trick is the same.

Texts & Calls

Pretexting

The attacker invents a believable backstory — a new IT technician, an auditor, a delivery driver — to win your trust and coax out information or access you'd normally protect.

Fake Backstory

Baiting

A tempting offer is the hook — a free download, a prize, or even a "lost" USB stick left lying around. Take the bait, and you install malware or hand over your details.

Too Good To Be True

Business email compromise

An attacker impersonates a boss, supplier, or colleague to request an urgent payment or change of bank details. It skips the dodgy link and relies purely on trust and pressure.

Wire-Fraud Risk
Free & beginner-friendly

Learn to spot scams before they catch you.

Get simple, jargon-free tips on recognising phishing and social engineering — so you can pause, verify, and stay one step ahead of the people trying to trick you.

Get More Tips