Social Engineering 101: Scare Tactics

by Trava, Cyber Risk Management

Don’t let these tactics scare you into opening the door for malicious attacks. Be prepared.

One hallmark of many social engineering attacks is building urgency to complete the task presented. Making targets think they have a limited amount of time before their system is compromised is a tactic that hackers have employed since the inception of social engineering, and it is still effective. Fear is a powerful motivator, and hackers are versed in illiciting fear in their victims, forcing them to play right into their hands.

This article concludes our series on social engineering and will highlight some fear-based cyber attack methods as well as what to look for during these attacks.


Scareware has been used in cyber attacks since the early days of hacking and remains one of the most effective methods of getting malware onto systems of all sizes. These attacks take the form of pop-ups or emails explaining that harmful software has been detected on your computer and needs to be dealt with immediately to avoid further damage. Clicking the link provided starts the download of truly dangerous hacking software and giving the hacker exactly what they need.

If you come across messages like this, the first step is to stay calm. Even if the claim is legitimate, the next move made towards alleviating the issue is crucial. Contacting your IT department will allow them to quickly diagnose the problem or uncover the cyber attack attempt while protecting your system and network. A level head can often be your best defense.


Another social engineering technique that relies on fear and urgency is pretexting. This method involves an attacker pretending to be a figure of authority like police officers, investigators, auditors, or management in order to gradually extract information from you. They bombard the target with questions designed to extract vital bits of information.

They build urgency by saying the matter needs to be handled immediately to avoid repercussions or to stay on a tight deadline. The number and variety of questions combined with the threat of repercussions builds a sense of urgency meant to overwhelm the victim making the extraction of information much easier.

Again, keeping a level head is your best defense. Staying calm and reporting to management related to the topic in question can quickly uncover the truth in any claims the attackers may make.

Trava's vulnerability scan can also help you know exactly where your systems are most susceptible to attacks, making it easier to identify phony threats and attempts at scare tactics. Trava also offers phishing simulations to prepare your staff for all types of potential scareware and phishing attacks.

Faith Jackson, chief operations officer at Trava client Depreciation Protection, advises, “By running frequent phishing campaigns and other risk assessments, you identify vulnerabilities in your people, processes, and technologies. It allows you to be proactive in patching loopholes rather than being reactive if an attack happens.” Read the complete case study.

Learn more about how Trava Security can prepare your business for every type of cyber attack.

To learn more about vulnerability scans, including:

  • a description of each scan type
  • key insights learned from each scan
  • recommended frequency for running each scan