Basically, it’s a non-technical way of manipulating people into strategically doing specific things and/or disclosing confidential information. Hopefully without the realization that they have, in order to gain legitimate & authorized access to people, places, and/or data.
Types of Social Engineering:
Phishing | Shoulder Surfing | PreTexting |
Tailgating | Water Holing | Dumpster Diving |
There are many many more ways of Social Engineering. Attackers will use free resources to gain knowledge called Open Source Intelligence [OSINT], such as social media to access Social Media Intelligence [SOCMINT], gain someone’s trust, as well as public and business websites.
There are hundreds of free online resources that can be used for OSINT Reconnaissance [Recon] to provide an attacker with all the tools and information needed to gain unauthorized access to locations, accounts, and data.
These resources can provide an attacker with all the information needed to gain legitimate access to, or to point them in the right direction, to other resources. The main preventative tool would be Common Sense. Be aware of your surroundings, awareness to the information you may be posting, and review the legitimacy of emails and phone calls before giving out any personal information.
[You can also read and learn about Social Engineering under Attacks and Glossary.]