U.S. flag

An official website of the United States government

Government Website

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Safely connect using HTTPS

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


  1. Home
  2. About Us
  3. Site Links
  4. Archived
  5. News Archive
  6. Protect Yourself Against Social Engineering Attacks

Archived Content

In an effort to keep DHS.gov current, the archive contains outdated information that may not reflect current policy or programs.

Protect Yourself Against Social Engineering Attacks

Posted by Stop. Think. Connect.

Recently there’s been a reported rise in the number of cyber incidents suspected to be the result of social engineering, a tactic which involves approaching an individual, either online or in person, and manipulating them into providing personal information that can be used to break into a computer network or assume someone’s identity.

Such schemes can be as brazen as tricking you into handing over a password or as seemingly harmless as asking what kind of software you use or the name of the person responsible for maintaining your computer network. Perpetrators may pose as coworkers, repair men, IT staff or other outsiders with an apparent legitimate need to know such information.

To avoid becoming a victim of a social engineering attack:

  • Be suspicious of unsolicited contacted from individuals seeking internal organizational data or personal information.
  • Do not provide personal information or passwords over email or on the phone.
  • Do not provide information about your organization.
  • Pay attention to website URLs that use a variation in spelling or a different domain (e.g., .com vs. .net).
  • Verify a request’s authenticity by contacting the company directly.
  • Install and maintain anti-virus software, firewalls, and email filters.

If you think you are a victim of a social engineering attack:

  • Report the incident immediately.
  • Contact your financial institution and monitor your account activity.
  • Immediately change all of your passwords.
  • Report the attack to the police, and file a report with the Federal Trade Commission (http://ftc.gov) and US-CERT (https://www.us-cert.gov).

Stop. Think. Connect. Protect yourself and help keep the web a safer place for everyone.  For more information on the Stop.Think.Connect. Campaign, please visit www.dhs.gov/stopthinkconnect.

Last Updated: 02/05/2021
Was this page helpful?
This page was not helpful because the content