This chapter has looked at how social engineering attacks can be prevented and mitigated. It first looked at how one can identify possible social engineering scenarios. The chapter has discussed ways in which one can tell that an email is aimed at trying to manipulate them. Since most social engineering attempts will be made through emails, things that should be considered when evaluating whether an email is sent from social engineers have been discussed. General identifiable patterns of phishing were also discussed. Other signs in general communication such as grammar that can hint at possible social engineering attacks have also been highlighted. The chapter then discussed how users can mitigate social engineering attempts orchestrated on phones, emails, and also in person. As a solution to social engineering attempts on corporates, the chapter has discussed social engineering audits. It highlighted areas where these audits should be targeted as they are commonly exploited by social engineers.

The chapter has gone through the signs that users can look out for to identify social engineering attacks. Since social engineering is orchestrated in normal interactions, users may be least prepared when they are targeted. However, they may be able to tell from the signs listed in this chapter that they are being targeted. The identification of social engineering attack signs is key to prevention and mitigation. The chapter has gone through several mitigation measures that can be taken against social engineering attacks. This chapter concludes the whole of social engineering having gone through how it is orchestrated and how it can be prevented and mitigated.

The next chapter is a collation of case studies belonging to the field of social engineering.