Table of Contents
What Is Social Engineering?
Social engineering is the art of manipulating people into giving up confidential information or performing actions that compromise security. Unlike technical hacking, social engineering exploits human psychology — trust, fear, urgency, and helpfulness. It is often the easiest and most effective way to breach an organization's security.
Common Social Engineering Techniques
Pretexting
The attacker creates a fabricated scenario to engage the victim. For example, posing as IT support calling about a "security issue" with your account, or pretending to be a new employee who needs help accessing a system.
Baiting
Offering something enticing to lure victims. This could be a USB drive labeled "Confidential — Salary Data" left in a parking lot, or a free software download that contains malware.
Quid Pro Quo
Offering a service in exchange for information. A common example is an attacker calling random numbers at a company, posing as tech support, and offering to fix a problem in exchange for login credentials.
Tailgating / Piggybacking
Physically following an authorized person through a secure door. The attacker might carry boxes or pretend to be on the phone, relying on the natural human tendency to hold doors open for others.
Phishing
The most widespread social engineering technique. Uses fake emails, texts, or websites to trick victims into revealing credentials or installing malware. See our detailed phishing guide for more information.
Why Social Engineering Works
Social engineering exploits fundamental human tendencies:
- Authority — We tend to comply with requests from authority figures
- Urgency — Time pressure prevents careful thinking
- Social proof — If others seem to trust something, we do too
- Reciprocity — We feel obligated to return favors
- Fear — Threats about account suspension or legal action trigger panic
How to Protect Yourself
Verify Identity
- Always verify who you are talking to through an independent channel
- Call the company directly using a number from their official website
- Be suspicious of unexpected contact, even from people who seem to know you
Slow Down
- Resist urgency — legitimate organizations allow time for verification
- If something feels wrong, trust your instinct
- Take a pause before clicking, downloading, or sharing information
Limit Information Sharing
- Be cautious about what personal information you share online
- Use strong, unique passwords so compromised knowledge cannot unlock accounts
- Remove metadata from files before sharing
Educate Your Team
- Regular security awareness training dramatically reduces successful attacks
- Practice identifying social engineering attempts
- Create a culture where questioning requests is encouraged, not punished
Social engineering succeeds because it targets the most vulnerable part of any security system — the human element. Awareness is your strongest defense.
Share this article
Raimundo Coelho
Cybersecurity specialist and technology professor with over 20 years of experience in IT. Graduated from Universidade Estácio de Sá. Writing practical guides to help you protect your data and stay safe in the digital world.
