Apply the Best Defense to Attack Scenarios

Let's test your knowledge in a real-world context. This article presents a series of social engineering scenarios—from a phishing email impersonating the IT department to a scammer posing as tech support—and then provides specific guidance on the best way to recognize and defend against each one. This is the capstone of your social engineering training. For each scenario, you can practice identifying the specific attack tactic (e.g., pretexting, baiting) and then determine the best defense (e.g., verifying the request through an official channel, using MFA). This skill—analyzing a situation and deploying the correct countermeasure—is what makes a "human firewall" effective.