Social engineering is the art of manipulating people into performing actions or divulging confidential information. Social engineering applies to trickery used for information gathering or computer access and in most cases the attacker never comes face-to-face with the victim.
There are several types of social engineering:
- Pretexting is a type of social engineering in which an invented scenario (the pretext) is used to persuade a victim to release information or perform an action and is typically done over the telephone. Pretexting methods are used to impersonate co-workers, police, bank, tax authorities, or insurance investigators–or any other individual who could have perceived authority or right-to-know in the mind of the targeted victim. This technique is often used to trick a victim into disclosing sensitive information.
- Phishing is a type of social engineering in which a phisher sends an email or instant message the appears to come from a legitimate organization-a bank, a credit card company, a computer vendor or computer support organization-requesting "verification" of information and warning of some dire consequence if it is not provided.
You should never divulge sensitive information–including social security numbers, user IDs and passwords, or credit card numbers–to individuals you do not know. Legitimate organizations do not initiate contact with you to request sensitive information to be sent by emails or over the phone.