Once I became aware of how attackers gather information and exploit behaviour, something shifted for me not dramatically, not overnight, but intentionally. I started paying closer attention to what I shared, especially on social media.What used to feel harmless suddenly felt… loud. And slowly, things changed. I stopped receiving strange phone calls.The persistent ones? I blocked them without hesitation.Not because I was afraid but because I understood what was happening. Awareness gave me boundaries. Awareness Changes Behaviour Before It Changes Technology I am not claiming perfection. I am still learning.But even the little awareness I have gained has helped me protect my digital footprint in ways I didn’t know were possible before. I hardly respond to direct messages on social media now.Not because every message is dangerous but because access matters. I verify links before clicking.I pause instead of reacting.I question instead of assuming. That pause alone has probably saved me more times than I realise. Technology Helps But Awareness Leads Firewalls, passwords, and 2FA are powerful.But they don’t replace awareness they depend on it. Most attacks succeed because someone was rushed, distracted, curious, or trusting in the moment. Awareness doesn’t eliminate those emotions, but it helps you recognize when they’re being used against you. And that recognition is powerful. Understanding Criminal Minds Changes Everything One of the biggest lessons this journey has taught me is this:some people genuinely think differently. Not everyone online has good intentions.Some people study behaviour the same way cybersecurity professionals study systems except they do it to exploit, not protect. Once I accepted that reality, I stopped taking things personally and started taking them seriously. This Is Why Awareness Is Control From a security perspective, awareness is not just a mindset it is control. It reduces exposure.It limits access.It interrupts manipulation.It lowers risk. Just like in aviation, where safety depends on awareness at every level, cybersecurity relies on humans being aware of their digital footprints. I Am Not There Yet and That’s Okay I amstill learning.Still refining.Still becoming more intentional. But awareness has already given me something invaluable:control over my digital presence. Cybersecurity does not start with tools.It starts with understanding. And sometimes, that understanding is enough to stop an attack before it ever begins.
What Attackers Learn About You Before They Attack
Most cyberattacks don’t start with hacking tools or technical exploits.They start quietly, patiently, invisibly. Long before an attacker reaches out, clicks a link, or sends a message, they are already watching, learning and piecing things together. And most times, they don’t need to break into anything. We hand them the information. Attacks Begin With Observation Attackers don’t wake up and randomly choose a target. They observe first. They look for: To them, every detail is a puzzle piece.And when enough pieces come together, a profile forms. When Familiarity Feels Uncomfortable There was a time I used to receive phone calls from men I didn’t know. They would say my name confidently. Mention where I worked. Speak as if we had crossed paths before. Something about it always felt off. However, I have always been cold toward people I don’t know who claim to know me, so I never engaged. But I couldn’t stop wondering:How did they get my number?How do they know where I work? At the time, I didn’t have answers, just the questions. The Moment It Clicked One day, out of curiosity, I went into my Facebook settings. And there it was. My workplace.My details.Information I had forgotten I ever shared publicly. No hacking required.No breach.No technical skill. Just access to information I had made public without thinking twice. That moment stayed with me. Why This Matters in Cybersecurity Attackers don’t need everything about you.They just need enough. Enough to sound believable.Enough to earn trust.Enough to lower your guard. This is how social engineering works.This is how phishing becomes personal.This is how a stranger turns into “someone who sounds legit.” By the time the attack happens, the groundwork has already been laid. Information Is Context and Context Is Power When someone knows: they don’t approach you as a stranger.They approach you with context. And humans are wired to trust context. What Changed for Me Ever since stepping into cybersecurity, I have become very intentional about what I share and where I share it. Not paranoid.Not fearful.Just aware. I understand now that: Attackers don’t always “find” information.Often, they simply collect it. The Quiet Truth About Attacks Most attacks are already halfway successful before contact is made. Because when someone reaches out and already knows enough about you to sound familiar, the hardest part of the attack is already done. That is why cybersecurity isn’t just technical.It is behavioural.It is awareness.It is learning to see your digital footprint the way an attacker would. And once you see it that way, you never look at your online presence the same again. Want more like this?I write about human-centred cybersecurity, risk, and career transitions.
Social Engineering: When Trust Becomes the Attack Vector
When people hear “cyberattack,” they imagine code being cracked, systems breached, firewalls broken. What they rarely imagine is a conversation. A phone call. A message. A friendly voice that sounds like help. That’s the danger of social engineering. Social engineering doesn’t attack systems first.It attacks people. I learned this the hard way. How Social Engineering Really Works Social engineering is the art of manipulation. It’s when attackers use psychology, familiarity, and trust to persuade someone into giving up access often without realizing they aredoing anything wrong. What makes it so effective is that it doesn’t feel like an attack.It feels like opportunity.Or assistance.Or validation. That’s exactly how my own account was taken over. When Familiarity Felt Like Proof The person who contacted me knew things about me. Not deeply personal things but enough. Where I had posted an advert. What I was offering. How to frame the conversation in a way that caught my attention. And because they knew those details, I assumed they were legitimate. That’s the trap. Attackers don’t guess.They research. This process is called reconnaissance gathering information about a target before making a move. Social media, online ads, public profiles, casual posts… they all become puzzle pieces. At the time, I didn’t see it as reconnaissance.I saw it as credibility. I thought, “If they know this much about me, they must be genuine.” That assumption cost me access. Why Social Engineering Works So Well Social engineering succeeds because it leans into very human traits: It doesn’t force entry it is invited in. And once that invitation is extended, technology does exactly what it’s told to do. What Changed After That Experience I won’t pretend I wasn’t naive then because I was.But I also won’t pretend that naivety makes someone foolish. It makes them human. Since stepping into cybersecurity, my relationship with information has completely changed. I am far more intentional about what I share online. I think twice before posting details that could be stitched together into a profile of me. Because attackers don’t need everything.They just need enough. What I am Intentional About Now Today, I treat my digital presence the same way aviation treats safety assume risk, reduce exposure. I am careful about: And especially passwords. Passwords should never be tied to anything visible on your social media names, dates, interests, milestones. If it can be learned about you, it shouldn’t protect you. The Real Lesson Social Engineering Taught Me Social engineering isn’t about intelligence levels.It’s about context. Attackers don’t show up waving red flags.They show up sounding reasonable. That’s why awareness matters more than fear. Cybersecurity didn’t teach me to stop trusting people.It taught me to slow down, verify, and separate familiarity from legitimacy. And that lesson painful as it was became one of the most valuable foundations in my cybersecurity journey. Because once you understand social engineering, you stop asking,“How did they hack the system?” And you start asking the better question:“How did they convince the human?”