Social engineering

In computer security, social engineering is a technique in which an attacker psychologically manipulates users into harmful actions, such as divulging their credentials or other sensitive information.

For example, in a phishing attack, the user thinks that they are signing into a site with which they have an account, when in reality they are giving their login details to a fake site controlled by the attacker.

Social engineering attacks can be distinguished from other attacks because they do not target vulnerabilities in software or hardware, but target users, causing them to make bad decisions. This can make them hard to defend against, although system design choices can make them less likely to succeed or even effectively impossible.

Defenses against social engineering attacks often focus on teaching users safe practices, such as not clicking links in emails. However, experience has shown that all users can be vulnerable to social engineering attacks especially when they are tired, busy, or stressed.