What is Social Engineering?
Social engineering is an attack technique in which an attacker tries to gain access to systems, information, or physical locations through manipulation of people.
Rather than exploiting technical vulnerabilities, social engineering targets human behaviour โ such as trust, fear, curiosity, or inattentiveness.
๐ฏ What is the goal of social engineering?
- Gaining access to confidential data
- Obtaining passwords or tokens
- Installing Malware or Remote Access tools
- Bypassing Access Control or Zero Trust measures
- Eliciting unintended actions such as transferring money or granting access
๐งช Examples of social engineering
| Technique | Description |
|---|---|
| Phishing | Fake emails or websites that ask for credentials |
| Pretexting | Impersonating a colleague or authority (e.g. IT helpdesk) |
| Baiting | Leaving an infected USB drive in a car park |
| Tailgating | Following an employee through a secure door |
| Vishing | Phoning to obtain data or access |
| Quid pro quo | Pretending to offer something (e.g. support) in exchange for access or information |
๐ Why is social engineering so effective?
- It plays on trust and routine
- It is hard to detect with technical security alone
- It uses urgency, curiosity, or fear to provoke quick action
- Combinable with technical attacks (Phishing, Malware)
- Targets people in key roles: system administrators, receptionists, operators
๐ก How can you protect yourself?
- Security awareness training and realistic simulations
- Strict procedures for Access Control and identity verification
- Technical measures such as MFA, EDR, and SIEM
- Report suspicious situations immediately to CSIRT or security
- Always verify requests for sensitive information, even internally
๐ In summary
Social engineering is the art of deception โ and is one of the greatest risks in information and operational security. Countering it requires a combination of awareness, policy, and security.