Overview
Social engineering manipulates human psychology to trick individuals into revealing confidential information or performing unsafe actions. It exploits trust rather than technical flaws.
Common Techniques
- Pretexting (posing as authority to extract info).
- Baiting (luring with free USBs or downloads).
- Tailgating (following someone into restricted areas).
- Phishing (digital form of social engineering).
Real-World Example
In 2011, RSA suffered a breach after employees were tricked into opening a phishing email, leading to stolen data critical for SecureID tokens.
Prevention
- Conduct security awareness training.
- Verify identities before sharing sensitive data.
- Use multi-factor authentication to reduce risks.