Social Engineering
Psychological manipulation of people into performing actions or divulging confidential information.
Also known as: Social Hacking, Human Hacking
Category: Concepts
Tags: cybersecurity, security, manipulation, psychology, attacks
Explanation
Social engineering is the art of manipulating people so they give up confidential information or take actions that compromise security. Unlike technical hacking that exploits software vulnerabilities, social engineering exploits human psychology - our tendency to trust, help others, fear authority, or act quickly under pressure.
Common techniques include: phishing (fraudulent emails), pretexting (fabricated scenarios), baiting (offering something enticing), quid pro quo (offering a service in exchange for information), and tailgating (following authorized personnel into secure areas).
Social engineering works because humans are often the weakest link in security. We're wired to be helpful, to respect authority, to reciprocate favors, and to avoid conflict. Attackers exploit these natural tendencies. A well-crafted social engineering attack can bypass the most sophisticated technical security measures.
Defense requires awareness and skepticism: verify identities through independent channels, be suspicious of unsolicited requests for information, don't click links or attachments from unknown sources, and remember that legitimate organizations won't ask for sensitive information via email or phone. Organizations should implement security awareness training and establish clear verification procedures for sensitive requests.
Related Concepts
← Back to all concepts