What is social engineering and how to prevent it?

Short answer

Social engineering is the manipulation of people into divulging confidential information or performing actions that compromise security. It exploits human psychology rather than technical vulnerabilities.

How it works

Common techniques include phishing emails, pretexting phone calls, baiting with malicious USB drives, and tailgating into secure areas. Attackers create urgency, authority, or fear to bypass critical thinking.

Example

An attacker impersonates IT support and calls an employee, claiming their account will be locked unless they confirm their password. The employee, fearing disruption, complies and exposes credentials.

Why it matters

Humans are often the weakest link in security. Technical controls cannot stop an employee from willingly handing over a password. Prevention requires awareness, verification procedures, and a culture that encourages questioning suspicious requests.