Cybersecurity
Social Engineering
Definition
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. It is a confidence trick for the purpose of information gathering, fraud, or system access.
Why It Matters
Social engineering is often the weakest link in security, as it targets humans rather than technology. A very secure technical system can be completely bypassed if an attacker can trick a legitimate user into giving them access.
Contextual Example
Phishing is a form of social engineering. Another example is "pretexting," where an attacker creates a fabricated scenario (e.g., pretending to be from IT support) to trick a victim into revealing information.
Common Misunderstandings
- It relies on exploiting human traits like trust, fear, and a desire to be helpful.
- Training and awareness are the primary defenses against social engineering.