Social engineering is a tactic of manipulating, influencing, or deceiving a victim in order to gain control over a computer system or to steal personal and confidential information. It is a type of confidence trick for the purpose of information security, where attackers use psychological manipulation to trick users into making security mistakes or giving away sensitive information. Social engineering attacks can happen online, in-person, and via other interactions. Some common examples of social engineering attacks include phishing, baiting, pretexting, and tailgating.

Social engineering techniques in IT can be looked at from two different angles: either by using psychological manipulation to get further access to an IT system where the actual objective of the scammer resides, or using IT technologies as support to psychological manipulation techniques to achieve an objective outside the IT realm. Social engineering attacks are notoriously difficult to prevent because they rely on human psychology rather than technological pathways. The attack surface is also significant, as it takes just one employees mistake to compromise the integrity of the entire enterprise network.

The single most efficient countermeasure to social engineering attacks remains common sense. Organizations should identify their critical assets and implement the appropriate security policies and protocols. When necessary, these should be reinforced through the use of technology. Clean up your social media, as social engineers scour the Internet searching for any kind of information they can find on a person. The more information you have posted about yourself, the more likely it is that a criminal can send you a targeted spear phishing attack.