What Is Social Engineering?

Social engineering is a manipulation technique that deceives individuals or groups into exploiting or gaining unauthorised access to sensitive information or resources. Since many humans like to help, this cyberattack targets human vulnerabilities rather than technical vulnerabilities by using psychological tactics to exploit our curiosity or impulse to trust.

Falling victim to social engineering could lead to unauthorised access to personal, financial, or organisational data, identity theft, financial loss, or compromised network security. 

How to combat social engineering?

Question suspicious or unsolicited emails, calls, or visits to combat social engineering. Be sceptical before providing personal, sensitive, or proprietary data. Educate yourself about security awareness. If they’re using an urgent or emotional appeal, think twice. Install strong security protocols such as two-factor or multi-factor authentication to make it more difficult for social engineers to get into your accounts with their illicitly gained information. 

Types of social engineering

Almost every type of cybersecurity attack has some traits of social engineering. Take a look at some common methods attackers use:

• Phishing: Attackers send deceptive emails or messages to persuade you to click on a link, download a malicious file, or provide sensitive data.

• Smishing: Bad actors use messaging, such as texting or WhatsApp, to get you to send payments, download attachments, or provide personal information.

• Spoofing: Cybercriminals create websites that look like they belong to legitimate organisations to trick you into revealing sensitive information. 

• Baiting: Individuals strategically leave physical or digital devices, such as infected USB drives, to tempt individuals into using them. You’re trying to help and get that device back to its rightful owner, but you unknowingly grant access or compromise your systems.

• Pretexting: An attacker uses an alternative persona to entice you to disclose data or access credentials. Often they will appear to be authority figures, such as HMRC or a business supervisor.

• Tailgating: Someone gains unauthorised entry to a restricted area in a physical location, such as a building, by following closely behind a person who is allowed to enter. The individual might appear as a repair person, or they might come up with their hands full of balloons and a cake and ask you to hold the door open for them.

• Quid pro quo: A person offers something of value, such as a gift or service, in exchange for personal information or access to systems. When you see something too good to be true—say, free Apple products—don’t fall for this type of social engineering. Offering your IT support in return for your access information is another common version of quid pro quo.

Related terms

• Authentication

• DDOS attack

• Intrusion detection software

• IT infrastructure

• Physical security

Get started combating social engineering.

Social engineering is a cyberattack that manipulates people into giving up sensitive information or access, often through phishing emails, fake websites, or pretending to be someone they're not. By understanding these tactics, you can protect yourself from falling victim to them.

Take the next step towards a career in cybersecurity by enrolling in the  Google Cybersecurity Professional Certificate on Coursera. This Professional Certificate is your gateway to exploring job titles like security analyst, SOC (security operations centre) analyst, and more. Upon completion, you’ll have exclusive access to a job platform with over 150 employees hiring for entry-level cybersecurity roles and other resources supporting your job search.