Social engineering is the act of manipulating others in order to extract confidential information from them. This usually involves attempts to learn a person’s user identification and password in order to access a computer system. Doing so gives a person access to the victim’s computer or bank account, which can then be used for financial gain at the expense of the victim. Alternatively, the information can be used to access the victim’s email account, which can then be used to send malicious emails to the victim’s friends and associates. Social engineering is a common ploy, since it can be the easiest way to access a system, rather than trying to hack the system software.
An example of social engineering is sending an email to a target that is configured to look as though it originated with the target’s bank, asking the person to verify her account information. This approach is known as phishing. Another approach is sending an email to a target, claiming that the person has just been the beneficiary of a significant inheritance, and asking for personal information in order to verify that the target is the correct person to receive the money. This is known as pretexting.