FAQ About Understanding the Basics of Cybersecurity

Social engineering is a type of attack in which an attacker uses psychological manipulation techniques to trick individuals into divulging sensitive information or performing actions that are not in their best interest. Social engineering attacks can take many forms, including phishing, pretexting, baiting, and tailgating.

The goal of social engineering attacks is to exploit human nature and emotions, such as curiosity, trust, or fear, to gain access to sensitive information or systems. For example, a social engineer might pose as an IT support technician and call a target to request their login credentials, or leave a USB drive containing malware in a public place with the hope that someone will pick it up and connect it to their computer.

Social engineering attacks can be highly effective because they do not rely on technical vulnerabilities or exploits, but rather on the human element of security. Protecting against social engineering requires a combination of awareness, training, and technical controls. Organizations can provide security awareness training to employees to help them recognize and avoid social engineering attacks, implement technical controls such as access controls and intrusion detection systems, and develop policies and procedures for responding to social engineering incidents.