Social engineering is a way for criminals to steal sensitive information without hacking complex security systems.
Social engineering refers to all techniques aimed at talking a target into revealing specific information or performing a specific action for illegitimate reasons.
Phishing is one of the most well-known forms of social engineering
Information obtained during an attack could be used for identity theft, unapproved fund transfers, or illicitly gaining sensitive information (e.g. credentials and passwords).
Attackers use an array of manipulation techniques to build trust and deceive unsuspecting individuals.
Example: By impersonating an important client or an employee, an attacker manipulates the victim into browsing a fake website to trick them to provide information available on the original website, or to infect the victim’s workstation.