Social Engineering
Psychological manipulation of people into performing actions or divulging confidential information.
Full Definition
Social engineering is the art of manipulating people into performing actions or divulging confidential information by exploiting human psychology rather than technical vulnerabilities. It is the most reliable attack vector in cybersecurity because humans are inherently the weakest link — no amount of technical security can fully protect against a well-crafted deception.\n\nSocial engineering techniques include phishing, spear-phishing, vishing (voice phishing), smishing (SMS phishing), pretexting (fabricating a scenario to extract information), baiting (leaving infected USB drives), and tailgating (physically following someone into a secure area). The most effective attacks combine publicly available information from OSINT and data breaches to create highly credible and personalized scenarios.\n\nDefenses focus on employee security awareness training, verification procedures for sensitive requests, and a security culture that encourages skepticism. Technical controls like email authentication (DMARC, DKIM, SPF) reduce the effectiveness of impersonation attacks.
Related Terms
Phishing
A social engineering attack using deceptive emails or messages to steal credentials or deliver malware.
Attack TypesSpear Phishing
A targeted phishing attack customized with personal details to deceive a specific individual or organization.
Attack TypesBusiness Email Compromise (BEC)
A social engineering attack that impersonates executives or vendors to authorize fraudulent transactions.
Attack TypesOSINT (Open Source Intelligence)
Intelligence gathered from publicly available sources including websites, social media, and public records.
Threat IntelligenceMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.