Attacks & Threats
Social Engineering
Also known as: Human hacking
Definition
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
Examples
- An attacker calls the IT helpdesk pretending to be a senior executive and requests a password reset.
- A fraudulent invoice email tricks finance staff into changing supplier bank details.
Related terms
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Pretexting
A social-engineering technique in which an attacker invents a believable scenario or identity to manipulate a target into disclosing information or performing an action.
Baiting
A social-engineering attack that lures victims with an enticing physical or digital object designed to trigger malware execution or credential theft.
Quid Pro Quo Attack
A social-engineering attack in which the attacker offers a service or benefit in exchange for information or access from the victim.
Tailgating
A physical intrusion technique where an attacker slips through an access control by closely following an authorized person without their consent or awareness.
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.