Social Engineering
What is Social Engineering?
Social EngineeringThe psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
Social engineering is an umbrella term for attacks that target human cognition and behaviour rather than technical vulnerabilities. Attackers leverage trust, authority, urgency, fear, reciprocity, and curiosity to convince victims to share credentials, transfer funds, run malware, or grant access. Common vectors include phishing emails, vishing calls, smishing texts, pretexting, baiting, and impersonation in person. Because the weakness exploited is human judgment, technical controls alone cannot eliminate the risk. Effective defences blend continuous security awareness training, phishing simulations, strict verification procedures for sensitive actions, hardware MFA such as FIDO2, and a culture that rewards reporting suspicious activity.
● Examples
- 01
An attacker calls the IT helpdesk pretending to be a senior executive and requests a password reset.
- 02
A fraudulent invoice email tricks finance staff into changing supplier bank details.
● Frequently asked questions
What is Social Engineering?
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker. It belongs to the Attacks & Threats category of cybersecurity.
What does Social Engineering mean?
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
How do you defend against Social Engineering?
Defences for Social Engineering typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Social Engineering?
Common alternative names include: Human hacking.