What Is Social Engineering?

Social engineering is a manipulation technique that decieves individuals or groups to exploit or gain unauthorized access to sensitive information or resources. Since most humans like to help, this cyber attack targets human vulnerabilities rather than technical vulnerabilities by using psychological tactics to exploit our curiosity or impulse to trust.

Falling victim to social engineering could lead to unauthorized access to personal, financial, or organizational data; identity theft; financial loss; or compromised network security. 

How to combat social engineering?

To combat social engineering, question suspicious or unsolicited emails, calls, or visits. Be skeptical before providing personal, sensitive, or proprietary data. Educate yourself about security awareness. If they’re using an urgent or emotional appeal, think twice. Install strong security protocols such as two-factor or multi-factor authentication to make it more difficult for social engineers to get into your accounts with their illicitly gained information. 

Read more: Cybersecurity Terms: A to Z Glossary

Types of social engineering

Almost every type of cybersecurity attack has some traits of social engineering, here are some common methods that attackers use:

• Phishing: Attackers send deceptive emails or messages designed to persuade you to click on a link, download a malicious file, or provide sensitive data.

• Smishing: Bad actors use messaging, such as texting or WhatsApp, to get you to send payments, download attachments, or provide personal information.

• Spoofing: Cybercriminals create websites that look like they belong to legitimate organizations to trick you into revealing sensitive information. 

• Baiting: Leaving physical or digital devices, such as infected USB drives, in strategic locations to tempt individuals into using them. You’re trying to help and get that device back to its rightful owner but you unknowingly grant access or compromise your systems.

• Pretexting: An attacker takes on an alternative persona to entice you to disclose data or your access credentials. Often they will appear to be authority figures, such as the IRS or a business supervisor.

• Tailgating: Someone gains unauthorized entry to a restricted area in a physical location, such as a building, by following closely behind a person who is allowed to enter. The individual might appear as a repair person, or they might come up with their hands full of balloons and a cake and ask you to hold the door open for them.

• Quid pro quo: Offering something of value, such as a gift or service, in exchange for personal information or access to systems. When you see something that’s too good to be true—say free Apple products—don’t fall for this type of social engineering. Someone offering your IT support in return for your access information is another common version of quid pro quo.

Related terms

• Authentication

• DDOS attack

• Intrusion detection software

• IT infrastructure

• Physical security

Read more: Information Systems vs. Information Technology (IS vs. IT)

Get started combating social engineering

Take the next step toward a career in cybersecurity by enrolling in the  Google Cybersecurity Professional Certificate on Coursera. This certificate is your gateway to exploring job titles like security analyst SOC (security operations center) analyst, and more. Upon completion, you’ll have exclusive access to a job platform with over 150 employees hiring for entry-level cybersecurity roles and other resources supporting your job search.