Ask&Do™

Understand the relationships of normal to discover your social engineering risks

Ask&Do™ is a framework for understanding and mitigating social engineering threats.

It begins with understanding…

Your Worlds

Your Worlds are the online platforms that you trust to communicate with others.

These include email, social media, and messaging apps. Trust is built based on the trust you place in the platform, and the genuine interactions you have with people and services within its world.

Humans & services in these worlds can Ask you to do things

This can be anything from asking for help with a task, to asking for personal information, or even asking you to help answer a query from a service you use.

You do the things that are important to you

Like sending a colleague a document, paying a bill, and making sure your services stay operational and secure. Also understand how you’re affected, as we all are, by Inbox Hypnotism.

The things you Do connect to things of value

There are 4 types of ‘do’. Or the do do do dos as they’re known. Not to be shortened to the do dos. Cybercriminals exploit the trust in our worlds, to trick access to our valuable things.

You don’t have to be in security mode 24/7. Just take extra care when you have to carry out one of these actions.

Valuable Things

Valuable Things are the assets that attackers find valuable, such as login details, money, or personal information.

Recognising the value of what you possess and can access helps you understand the risks involved and take appropriate precautions.

Putting it all together

Using Ask&Do™ you can explore from a specific; world, action, or valuable thing. You can look at what’s normal, or what’s a risk.

Who can ask you to do things that are worth the most? Because they are who a scammer would most like to impersonate, so extra care should be taken.

Key Ask&Do™ Awareness Principles


1. Know what’s Valuable.
2. Guard what you can Do.
3. Be aware of the most likely attacks you could face, and what makes you vulnerable to them.

Read about Inbox Hypnotism

Discover why BattlePhish is powerful