You receive a message that contains an appeal or threat, and the message tries to convince you to do something.
You assess the characteristics of the message, decide the appeal is legitimate and take the requested action.
The action, which might be clicking a malicious link, opening a malicious file or sending sensitive information like credit card details, results in a negative consequence for you as the receiver of the message and some kind of illegitimate gain for the sender of the message.
Social engineering makes it harder to spot malicious emails
Cybercriminals use a technique called ‘social engineering' as a way of enticing and manipulating people. They use tricks to lower your natural defences against deception, for example by pretending to be someone you trust, or by making a highly attractive offer.
Cybercriminals are putting more time, effort and money towards researching targets to learn names, titles, responsibilities, and any personal information they can find. Afterwards, they usually call or send an email with a made up but believable story designed to convince the person to give them certain information.
Social media accounts provide rich information such as events, conferences and travel destinations, which can be used to make an approach seem real and accurate. So consider what personal information you share online and learn how to use social media safely.
Note: Social networking sites typically allow you to choose who has access to see your personal details. Consider hiding your email account or changing the settings so that only people that you trust are able to see your details.