Social Engineering

Security+ 🏆 • Social Engineering 👥 • Threats ⚠️ • Difficulty: free

Definition

Social engineering is the use of psychological manipulation to trick people into revealing information, granting access, or performing actions that benefit an attacker. It targets human behavior such as trust, urgency, fear, and helpfulness, often to bypass technical security controls.

Examples

An attacker impersonates IT support and convinces an employee to share an MFA code to “restore access.”
A phishing email pressures a user to click a link and sign in to a fake portal to avoid an account suspension.

Discover 🔎

Social engineering is one of the most effective attack methods because it does not require breaking encryption or exploiting a complex vulnerability. Instead, it exploits normal human behavior. People want to be helpful, avoid trouble, respond quickly to leaders, and trust familiar brands. Attackers design messages and situations that trigger those instincts.

Social engineering also scales. It can be used broadly in mass phishing campaigns, or it can be used in highly targeted attacks such as whaling. In both cases, the technical part of the attack often depends on the human part succeeding first.

Remember: Social engineering attacks the decision, not the device. The attacker wants you to do the risky step for them.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.