Social engineering, in the context of information security, is the art of manipulating people so they give up confidential information. This is a type of confidence trick for the purpose of vital information gathering. It is a term that describes a non-technical attack that relies on human interaction and tricking people to break normal security procedures. Criminals have been using social engineering tactics because it is comparatively easier that other attacks. It is one of the most successful attacks, because its victims innately want to trust other people and are naturally helpful. The victims of social engineering are tricked into releasing information that they do not realize will be used to attack a computer network. Social engineers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting it. Often, an attack is not specifically about your account but about using the access to your information to launch a larger attack. And while having someone gain access to your personal email might not seem like much more than an inconvenience and threat to your privacy, think of the implications of an attacker gaining access to your social security number or your medical records or launch an attack on your company’s network.
The most important thing you can do to prevent being socially engineered yourself is to always be as vigilant as you can and being aware of common tricks puts you one step ahead of the game. Just to give you an idea of how easy it is to obtain someone’s password, watch this video: