Every second company attempts to prepare cyber attacks through social engineering, according to a recent survey by the digital association Bitkom. What methods of attack are behind this and what can companies do about it?
The term social engineering covers numerous methods used by cyber criminals to gain information for a cyber attack.
A caller from the IT department who needs the password for a PC update, an email from the boardroom with a link to a website or a desperate text message from a colleague who can't access her computer—cyber criminals who are collecting information for an attack could be behind it all. Social engineering is the name of the method by which employees are manipulated into disclosing confidential data.
Almost every second company affected
Almost every second German company (45%) has experienced such incidents within a year. 30 percent report occasional attempts, 15 percent even report frequent ones. These are the results of asurvey of 1,003 companies with 10 or more employees commissioned by the digital association Bitkom. "On the one hand, cyber criminals use social engineering to gain access to IT systems. On the other hand, it may initially only be a matter of collecting important information, such as the names of direct superiors or the software used. Such information can also help to prepare another social engineering attack or carry out a cyberattack," says Felix Kuhlenkamp, IT security expert at Digital Association Bitkom.
If you know the attack techniques, you can better protect yourself against them. The Kloepfel Group, which specializes in procurement and supply chains, has compiled an ABC of social engineering techniques and how to recognize them
Baiting—the attacker lures the victim with an enticing offer, often in the form of a free download or a USB stick infected with malware. Example: A dangerous USB stick is placed in a parking lot in the hope that someone will find it and curiously insert it into their PC. So beware of unknown USB sticks or unusually attractive offers without a clear source.
Impersonation—The attacker pretends to be someone else, often a trusted person such as a colleague or supervisor, to gain access to information or secure areas. Example: A stranger poses as a new employee and asks for access to the building.
Phishing—Phishing is an attempt to steal personal data such as passwords using fake emails or websites. Example: An email that looks like it comes from a bank asks the recipient to enter their account details. Phishing emails can be recognized by unusual sender addresses, spelling mistakes or unexpected requests for personal information.
Pretexting—With pretexting, the attacker feigns a false identity in order to gain access to confidential information. Example: Someone calls and pretends to be an IT employee to ask for your password. Pretexting can be recognized by the fact that the caller asks unusual questions or requests information that is not normally asked over the phone.
Quid Pro Quo—With this method, the attacker offers something in return for information or access rights. Example: A caller offers "free technical support" in order to get you to disclose access data. Quid pro quo attacks can be recognized when someone demands personal or security-related information in exchange for an alleged service.
Spear phishing—A targeted form of phishing in which the attacker specifically targets one person and uses a personalized message to gain the victim's trust. Example: An email that looks like it comes from the boss asks the employee to click on an attachment or link or to pass on confidential information.
Tailgating—Tailgating is when someone tries to enter a secure area without their own access card or authorization.
Vishing—Vishing (voice phishing) is a technique in which fraudsters attempt to obtain sensitive information such as passwords or bank details by telephone. Example: A fraudster pretends to be a bank employee and asks for your account information. This also includes so-called grandchild scammers who try to get money with shock calls. If you receive unexpected calls in which the caller asks for confidential information or exerts strong pressure, it is better to hang up.
Watering hole—In this technique, the attacker compromises a frequently visited website in order to spread malware or steal data. Example: A frequently visited industry website is infected so that its visitors unknowingly download malware. Watering hole attacks can be detected by virus warnings or unusual behavior of familiar websites.
Date: 08.12.2025
Naturally, we always handle your personal data responsibly. Any personal data we receive from you is processed in accordance with applicable data protection legislation. For detailed information please see our privacy policy.
Consent to the use of data for promotional purposes
I hereby consent to Vogel Communications Group GmbH & Co. KG, Max-Planck-Str. 7-9, 97082 Würzburg including any affiliated companies according to §§ 15 et seq. AktG (hereafter: Vogel Communications Group) using my e-mail address to send editorial newsletters. A list of all affiliated companies can be found here
Newsletter content may include all products and services of any companies mentioned above, including for example specialist journals and books, events and fairs as well as event-related products and services, print and digital media offers and services such as additional (editorial) newsletters, raffles, lead campaigns, market research both online and offline, specialist webportals and e-learning offers. In case my personal telephone number has also been collected, it may be used for offers of aforementioned products, for services of the companies mentioned above, and market research purposes.
Additionally, my consent also includes the processing of my email address and telephone number for data matching for marketing purposes with select advertising partners such as LinkedIn, Google, and Meta. For this, Vogel Communications Group may transmit said data in hashed form to the advertising partners who then use said data to determine whether I am also a member of the mentioned advertising partner portals. Vogel Communications Group uses this feature for the purposes of re-targeting (up-selling, cross-selling, and customer loyalty), generating so-called look-alike audiences for acquisition of new customers, and as basis for exclusion for on-going advertising campaigns. Further information can be found in section “data matching for marketing purposes”.
In case I access protected data on Internet portals of Vogel Communications Group including any affiliated companies according to §§ 15 et seq. AktG, I need to provide further data in order to register for the access to such content. In return for this free access to editorial content, my data may be used in accordance with this consent for the purposes stated here. This does not apply to data matching for marketing purposes.
Right of revocation
I understand that I can revoke my consent at will. My revocation does not change the lawfulness of data processing that was conducted based on my consent leading up to my revocation. One option to declare my revocation is to use the contact form found at https://contact.vogel.de. In case I no longer wish to receive certain newsletters, I have subscribed to, I can also click on the unsubscribe link included at the end of a newsletter. Further information regarding my right of revocation and the implementation of it as well as the consequences of my revocation can be found in the data protection declaration, section editorial newsletter.
Countermeasures against social engineering
Bitkom gives four tips on how companies can better protect themselves against social engineering:
Conduct regular training: Companies should conduct regular training sessions to sensitize employees to the dangers of social engineering. They can learn how to recognize and report suspicious messages or requests.
Clearly define and secure processes: Companies should define guidelines as to which information may be passed on by which means - for example by telephone or email—and which may never be passed on, such as passwords. In addition, double security mechanisms, such as the checking and confirmation of transfers or sensitive decisions by at least two or more people in different areas of the company, should be implemented. This greatly minimizes the risks of manipulation by individuals or unauthorized access.
Use multi-factor authentication: Multi-factor authentication, which requires a code on the smartphone or a keycard in addition to the password, for example, makes it more difficult to use information obtained through social engineering. Attackers can therefore not penetrate IT systems as easily.
Use modern IT security software: In principle, companies should use security software such as spam filters or anti-phishing software to at least filter out simple attacks. In addition, special software-based systems can be used to detect unusual activities in your own network that indicate social engineering attacks. Artificial intelligence and anomaly detection often detect suspicious behavior and trigger an alarm in good time.
:quality(80)/p7i.vogel.de/wcms/40/c5/40c5051cebdb10fdee9a283303434d9d/0129881741v1.jpeg "3D-printed tools and other components contribute to energy-saving, precise processes. (Image:Gerhard Schubert GmbH)")
:quality(80)/p7i.vogel.de/wcms/e5/fa/e5fa9fa2e3b44ee1894fdf95bbe828fe/0129904146v1.jpeg "Airports and other critical infrastructure in Europe are to be better protected against drones. (Picture: ©assetseller - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/ae/bd/aebda515c684825e97579175874ea6bd/0129920231v1.jpeg "Hensoldt, a sensor specialist for critical defense applications among other things, now has a strategic milestone ahead of it. The company is planning to acquire Nedinsco, an optronics company from Venlo in the Netherlands. Here's what's to come ... (Image:Hensoldt)")
:quality(80)/p7i.vogel.de/wcms/c3/6f/c36f031df46d22615d941d077d32313c/0129800025v1.jpeg "The laser-assisted process is intended to make wafer cutting significantly more productive. (Image:Trumpf)")
:quality(80)/p7i.vogel.de/wcms/e8/dc/e8dc27a8d9fba8fbd081987400bf6848/0127426198v1.jpeg "3D FEM models are detailed, large and computationally intensive. Thanks to ROM and the support of Cadfem, Wago has succeeded in setting up an e-shop for thermal simulation. (Image:WAGO)")
:quality(80)/p7i.vogel.de/wcms/9c/ac/9cac6246660e746c5a3989399ac4d250/0128561645v1.jpeg "Artificial intelligence can drive efficiency in smart factories through centralized data management and predictive maintenance. (Picture: ©Fardived - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/6b/e2/6be235b5ad8a442ccd9d164b0b300d8b/0129763992v1.jpeg "As early as 2020, the Zimmer Group announced that it would convert its production to be sustainably CO2-neutral. (Image:Zimmer Group)")
:quality(80)/p7i.vogel.de/wcms/d4/ba/d4bab9481e66f8570f40eb8ef2a90198/0129795613v1.jpeg "A camera inspection during removal ensures that the components are placed correctly in the KLTs. (Image:Yaskawa Europe)")
:quality(80)/p7i.vogel.de/wcms/76/81/7681b6450512b2cce1e453cd3d732543/0129479309v1.jpeg "Symbolic image: Model-based design combines virtual system models with real machines and systems in order to simulate, validate and coordinate functions, control and software early on in the development process. (Image:Dall-E / AI-generated)")
:quality(80)/p7i.vogel.de/wcms/5c/0f/5c0fee074c4b6c8e8c0993f3217c2f5a/0129773718v1.jpeg "The General Fusion demonstration reactor. (Image:General Fusion)")
:quality(80)/p7i.vogel.de/wcms/b5/5e/b55ed9355e0395ec0caf111d6af6b494/adobestock-495980372--c2-a9-20natali-mis-20-e2-80-93-20stock-adobe-com-6720x3778v1v1.jpeg "Which engineering skills will be in vogue in 2026? (Image:natali_mis - stock.adobe.com)")
:quality(80)/p7i.vogel.de/wcms/bf/a5/bfa5d882e93f159ce93e933742272b00/nord-vibn-cmyk-2196x1235v1v1.jpeg "With digital twins for virtual commissioning, Nord supports customers in ensuring that systems are available more quickly, even with complex drive systems. (Image:Nord Drivesystems)")
:quality(80)/p7i.vogel.de/wcms/e4/01/e40186c9a7d04cbecb20fab20ff79094/0129886097v1.jpeg "Skoda has inaugurated a new battery plant in Mlada Boleslav to meet rising demand, but also to reduce battery costs by 30 percent. (Image:Skoda)")
:quality(80)/p7i.vogel.de/wcms/74/7b/747b6bc4d758c5dd4b5c24a763ae493d/0129897614v1.jpeg "Huawei Intelligent Automotive Solutions has presented a lidar with a resolution of 896 lines. (Image:HIMA via ChinaEVHome)")
:quality(80)/p7i.vogel.de/wcms/ba/b7/bab7bfd052f35da3c39388508faa350e/0129851977v1.jpeg "The third generation of the Mazda CX-5 scores above all with its inner values. (Image:Mauritz - VCG)")
:quality(80)/p7i.vogel.de/wcms/81/24/8124e33f53ec73fa99374f407cc11b61/0129727992-541x304v1v1.jpeg "The development of control elements and HMI systems for commercial vehicles can lead to interactions. (Image:Preh / AI-generated)")
:quality(80)/p7i.vogel.de/wcms/8b/46/8b46730ba87a86f16d696f043cf0e3d1/0129887022v1.jpeg "Linyi Yunchuan's S2000 platform has risen to a height of two kilometers and fed the energy generated into the grid. (Image:Linyi Yunchuan)")
:quality(80)/p7i.vogel.de/wcms/92/f8/92f8bf81914500bcda78f63dab8da720/0129926751v1.jpeg "Only recently, the US government allowed high-end chips for AI such as Nvidia's H200 series (pictured) to be exported to China under certain conditions. But now the tax is being pulled back all the harder: An eDraft envisages tighter controls on the export of hardware for AI technologies worldwide. Even allies would be affected. (Image:Nvidia)")
:quality(80)/p7i.vogel.de/wcms/84/cc/84cc506003388ecffaab464677c7afa6/0129843694v1.jpeg "Launched last year, ASML's TWINSCAN XT:260 is an i-line scanner with a throughput of 270 wafers per hour. With a focus on the increased demands of AI chips, ASML wants to shift its focus away from pure front-end tools for chip production in the next ten to fifteen years with packaging and bonding technologies. (Image:ASML)")
:quality(80)/p7i.vogel.de/wcms/8f/48/8f48b0ed0d6c5c4f299b1310a7b577e9/0129830738v1.jpeg "Data centers in orbit are indeed dreams of the future, while data centers under water are already being tested. (Image:Dall-E / AI-generated)")
:fill(fff,0)/images.vogel.de/vogelonline/companyimg/76800/76895/65.jpg "FAULHABER_120mm.jpg ()")
:fill(fff,0)/p7i.vogel.de/companies/67/eb/67eba621ef6ea/logo2.png "logo2 (Wuxi InfiMotion)"){kind=logo}
:quality(80)/p7i.vogel.de/wcms/db/01/db0155d9e7ca9fd069bd9bd4161f4d1b/0127315728v1.jpeg "Hackers have become the mafia of the digital age. They block systems, steal sensitive data, and extort money. They no longer operate as individuals in backrooms but as professionally organized groups equipped with top-notch technology. Their targets include both international corporations and medium-sized and small businesses. (Image:Bystronic/Justin Wood)")
:quality(80)/p7i.vogel.de/wcms/f4/61/f4615bc4550548c72a754f3e2c58f859/0128580377v1.jpeg "According to a VDMA survey, companies expect cybersecurity incidents to increase in the coming years. (Picture: ©valerybrozhinsky - stock.adobe.com)")