Social engineering is the art of manipulating people into performing actions or divulging confidential information. Social engineering applies to trickery used for information gathering or computer access and in most cases the attacker never comes face-to-face with the victim.
There are several types of social engineering:
- Pretexting is a type of social engineering in which an invented scenario (the pretext) is used to persuade a victim to release information or perform an action, typically done over the phone. Pretexting methods are used to impersonate co-workers, police, bank, tax authorities, or insurance investigators. They pretend to be any individual who could have perceived authority or right-to-know in the mind of the targeted victim. This technique is often used to trick a victim into disclosing sensitive information.
- Phishing is a type of social engineering in which a phisher sends an email or instant message the appears to come from a legitimate organization. This can be a bank, a credit card company, a computer vendor, or computer support organization. The phishing message often requests the "verification" of information and warns of some dire consequence if it is not provided.
You should never divulge sensitive information–including social security numbers, user IDs and passwords, or credit card numbers–to individuals you do not know. Legitimate organizations do not initiate contact with you to request sensitive information to be sent by emails or over the phone.