What is Social Engineering?

In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. This differs from social engineering within the social sciences, which does not concern the divulging of confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional “con” in that it is often one of many steps in a more complex fraud scheme.

It has also been defined as "any act that influences a person to take any action that may or may not be in their best interests.

An example of social engineering is the use of the “forgot password” function on most websites that require login. An improperly-secured password-recovery system can be used to grant a malicious attacker full access to a user’s account, while the original user will lose access to the account.


Also good to mention that social engineering is the primary vector to take control of any account that is active today. Hands down the most reliable form of exploit, you would be astonished to find how many people will just give you a password over the phone if you ask in the right way.

Related, but best for it’s own topic, is phishing, or spear phishing campaigns. In which we send out dozens or hundreds of emails, text messages, or chat messages asking to follow a link or provide a credential. But I digress.

Great summery!


It’s all about playing with human mind, gaining trust, and make the person do what you want to complete your attack.