Social Engineering
Definition
Social engineering is the manipulation of people into disclosing confidential information or performing actions that undermine security. It exploits human trust rather than technical vulnerabilities.
Social engineering relies on psychological manipulation. Attackers build trust, create urgency or exploit fear to convince victims to share sensitive data or grant access.
Examples include phishing, vishing (via phone), pretexting (assuming a false identity) and baiting (luring with a found USB stick). Social engineering underpins most targeted attacks.
Organisations reduce risk through security awareness training, strict verification procedures and social engineering attack simulations.