Social Engineering

What Does Social Engineering Mean?

Social engineering is an umbrella term for any security exploit that relies on people's willingness to be helpful. A successful social engineering exploit depends on whether or not the attacker can trick someone else into making a mistake.


The purpose of this type of security exploit is to provide the attacker with legitimate credentials they can use to move laterally through target's network. This type of attack vector requires the attacker to have both soft skills and hard skills. Soft skills help the attacker gain initial access and hard skills help them to escalate privileges.

Popular types of social engineering strategies include Business Email Compromise (BEC) and phishing.

Techopedia Explains Social Engineering

Social engineering is as dangerous and harmful as any other cybersecurity attack.

Types of Social Engineering Attacks

Phishing and spear phishing are two common social engineering strategies that target a specific person or small group of people. Both types of attack are often email-based and include information known to be of interest to the target.

Typically, the attacker's email is made to appear as if it was legitimately sent from the organizations' IT department or senior management — and the message usually contains a warning about major consequences if requested information is not provided.

Business Email Compromise (BEC) is one of the most financially lucrative crimes in the United States according to the F.B.I. This type of security exploit targets both businesses and individuals who perform legitimate transfer-of-funds requests. The type of cyber fraud involves spoofing a legitimate business email account in order to trick the victim into transferring money into an account controlled by the attacker.


Related Terms

Latest IT Careers Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…