Social engineering is an attack technique in which people are manipulated into performing actions or leaking confidential data.

Often defined as an act of psychological manipulation, the most common type of social engineering happens over the phone, wherby the person calling pretends to be another person, usually a trusted authority figure like a bank employee or a member of the police, and tells an elaborate lie in order to trick the victim into divulging personal information.

In the context of IT, the most popular type of social engineering is phishing, a technique which is again used to extract confidential data.

 

Usually, the attacker, or phisher, sends an email which appears to come from a legitimate business like a bank. Usually under the warning of a breached account or unauthorised access, the email asks the person targeted to verify information.

The user is then asked to click a link which directs to a seemingly legitimate website complete with official logos and content. Those targeted are then asked to fill out a form to verify their information, with the forma requesting everything from home addresses to bank account details.

Usually the phisher send huge amount of these emails, spamming various people. The phisher counts on a small percentage of people to click on the fraudulent link.