Social engineering has been defined as “[a]ny act that influences a person to take an action that may or may not be in their best interest.†In a cyber security context, social engineering attacks are often directed against individuals and organizations in order to accomplish some nefarious design. People are convinced to reveal valuable and otherwise secure information such as private data, authorization or access details, etc. Common targets of social engineering attacks are help desk personnel, administrators and technical support.
Examples of social engineering attacks:
·        Emailing with a friendly tone to convince a user to click some fraudulent link.
·        Calling a help desk and asking, politely and tactically, for sensitive information.
·        Fooling a victim into downloading malware.