Social engineering is defined as obtaining confidential information by means of human interaction.
The types of information that hackers are seeking can vary, but when individuals are targeted the hackers usually try to trick the victims in order to get their passwords, bank information, or access their computer to secretly install malicious software.
Unlike the other attack types, social engineering does not refer to a technological manipulation of computer hardware or software vulnerabilities and does not require much in the way of technical skills. Instead, this type of attack exploits human weaknesses – such as carelessness or the desire to be cooperative – to gain access to legitimate network credentials. The talents that are most useful to the intruder who relies on this technique are the so-called “people skills,” such as a charming or persuasive personality or a commanding, authoritative presence.
Many security professional consider that the weakest link in the security chain is the human who accepts a person or scenario at face value. Some common social engineering attacks include email from a “friend” that contains a link or a file to download (with malicious software embedded), or asking for help; phishing attempts or baiting scenarios.