October is Cyber Security Month, the European initiative coordinated by ENISA and by the European Commission to raise cyber security awareness in Europe. Ever since 2020, GÉANT has been putting its weight behind this initiative with a large-scale awareness campaign. The GÉANT CyberSecMonth 2024 campaign is entirely dedicated to the topic of social engineering and will feature the tagline “Your brain is the first line of defence”.

Each week in October we will share short videos with tips and tricks by experts from international R&E organisations, in-depth interviews with the community, blog articles and more. Also, watch this space for the new four-part animation series following the adventures of Jake Doubt, Head of the Security Team at Guilder University, and covering topics such as spear phishing, romance scams and tailgating.

You are also invited to tune in to our programme of four webinars held by security experts from industry and the wider GÉANT community. Keep checking this page and our social media accounts for all updates and follow the hashtags #CyberSecMonth and #CSM24. Download the campaign resources and visit the new Security Awareness Resources Hub to find security & privacy awareness materials for NRENs, guidelines on how to set up your own awareness programme and much more.

Cybercriminals use various manipulation techniques to trick people into revealing confidential information, based on fundamental psychological principles of human behaviour. Social engineers are aware of these human biases and exploit them in multiple ways.

With this campaign, GÉANT aims to encourage users to think critically and remain vigilant, enabling them to stay one step ahead of cybercriminals.

What is social engineering?
Social engineering is nothing more than ‘human hacking’: it’s a generic term used to manipulate people in order to obtain valuable information or to gain access to IT systems.

What makes social engineering especially dangerous is that it relies on human psychology, rather than using vulnerabilities in computer systems.

It’s all about psychology: social engineers target our minds. They gain our trust and then strike by encouraging us to divulge personal or financial information, click on unsafe links, or open malicious attachments.

What techniques do social engineers use?

Social engineering relies heavily on the five ‘Principles of Influence’ established by behavioural psychologist Robert Cialdini. These principles are also commonly used in sales and marketing.

Here’s an overview:

  • Liking: People tend to give more credibility to those they like than to those they do not. To exploit this, social engineers try to appear trustworthy and attractive, and they pretend to share similar interests.
  • Reciprocity: People naturally feel inclined to return a favour. Social engineers exploit this by offering something small, like advice, making you feel obligated to give something in return.
  • Commitment and Consistency: Once we make a decision, we often feel compelled to stick with it. Attackers take advantage of this by first getting you to agree to small requests before asking for something bigger
  • Social Proof: We are more likely to support a product or initiative if people we trust have endorsed it. Attackers may use social networks to exploit this by claiming that your online friends have already approved an action, product or service.
  • Authority: People tend to trust experts or those in authority more than others. Attackers might use phrases like “according to experts” or “science proves” to persuade you to agree to something.
Different types of attacks

From face-to-face interactions exploiting trust, to sophisticated online schemes that trick people into revealing sensitive information, these tactics can take many forms. Below is a list of some kinds of attacks illustrating the diverse strategies used to manipulate individuals:

  • Phishing - spear phishing // smishing // vishing
  • Pretexting
  • Tailgating
  • Baiting (USB)
  • CEO fraud
  • Romance scam

How can you protect yourself?

For our protection from social engineers, we humans have a powerful weapon: our brain! It’s sufficient just to take a moment to think critically.

  • Is this request question realistic?
  • Who is the sender of the message?
  • Why am I getting this call out of the blue?
The key message of CSM24 is clear: take your time to assess the situation and think critically, especially when you feel a sense of urgency coming into a conversation and if in doubt always ask back via a different channel.
Do you want to find out more? Contact csm@geant.org Interested in cybersecurity awareness? Find out about our initiatives: https://security.geant.org/awareness/

Follow our campaign

Skip to content