What is Social Engineering?
Social engineering exploits human psychology rather than technical vulnerabilities. Attackers manipulate people into revealing confidential information or performing actions that compromise security.
No security system can fully protect against social engineering. Humans are often the easiest target.
Common Techniques
Pretexting
Creating a fabricated scenario to extract information. Example: Calling IT support pretending to be an employee who forgot their password.
Baiting
Leaving infected USB drives in public places, or offering free downloads containing malware.
Tailgating
Following authorized personnel through secure doors without proper authentication.
Quid Pro Quo
Offering something in exchange for information. Example: "Free tech support" calls that install remote access tools.
Authority
Impersonating someone in authority (CEO, IT department, police) to pressure compliance.
Defense Strategies
- Verify identity - Always confirm who you're talking to
- Question urgency - Attackers create artificial time pressure
- Use official channels - Call back on known numbers
- Never share passwords - IT will never ask for them
- Trust your instincts - If something feels wrong, stop