Gathering Personal Information Discreetly

Gathering personal information discreetly can be challenging, especially for people who are guarded and defensive about their privacy. PII is defined as any information that can distinguish or trace an individual’s identity, such as name, social security number, date and place of birth and mother’s maiden name.


Collection of PII can be direct or indirect. An example of direct collection is an intake interview between a worker and a youth.

Social Engineering

Social engineering is a cyber attack that relies on human interaction rather than hacking or other brute force methods. It involves the psychological manipulation of a victim into divulging confidential information. Attackers will often use basic principles of psychology like the concept of reciprocity or the desire to gain access to something valuable. This process can happen quickly and efficiently or take months over a series of email messages, text conversations, chat sessions, or even face-to-face meetings.

It’s important to be aware of social engineering attacks and learn how to recognize them. For example, if you receive an email that appears to be responding to a question you never asked — but asks for personal details or contains a malware attachment, it could be a social engineering attack. Also, avoid sharing any personal details online that could be used to guess your passwords or identify you in a breach of data. For example, never mention your school, your favorite pet, or where you grew up. This could give criminals a good idea of the answers to your security questions or even the name of your bank account.

To protect against social engineering, Proofpoint recommends implementing security protocols that prevent employees from clicking on links or opening attachments, and conducting regular training to remind them of how to spot such an attack. Employees should also be encouraged to report any suspicious activity to their manager or the security team.