// THREAT DETECTION AND DATA PRIVACY TERM
Social Engineering
Social engineering is the art of manipulating people into giving up confidential information or taking a specific action. Attackers use psychological tricks to exploit human trust rather than hacking into computer systems directly.
TECHNICAL DEFINITION
Social engineering is a cyber attack vector that leverages psychological manipulation and deception to trick individuals into divulging sensitive data, granting unauthorized system access, or executing malicious software. This non-technical intrusion method exploits human fallibility and bypasses security protocols through techniques like phishing, pretexting, baiting, and vishing.
BACKGROUND
In the context of information security, social engineering is the use of psychological pressure to influence people to perform actions or divulge confidential information. It has also been more broadly defined as "any act that influences a person to take an action that may or may not be in their best interests." A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in the sense that it is often one of many steps in a more complex fraud scheme. Phishing is a type of social engineering. Researchers have developed detection techniques and cybersecurity educational programs.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- human hacking
- psychological manipulation
- phishing
- pretexting
- vishing
- deception tactics
- confidence trick
USAGE NOTE
This term is used to describe the 'human element' of an attack, often serving as the initial entry point for a larger breach.
DEVELOPERS
Organizations developing technology related to Social Engineering.
A leading platform for security awareness training and simulated phishing attacks. Their technology is designed to train employees to recognize and report social engineering attempts like phishing, spear phishing, and business email compromise.
Provides comprehensive email security and threat intelligence services that detect and block social engineering attacks. Their solutions analyze email content, sender reputation, and other factors to identify impersonation, phishing, and fraud attempts. They also offer security awareness training.
Specializes in phishing detection and response solutions. Their technology suite crowdsources threat intelligence from trained employees who can report suspicious emails, enabling security teams to quickly identify and neutralize active social engineering campaigns.
An email and data security company offering a cloud-based platform that provides targeted threat protection against social engineering. Their technology includes impersonation protection, URL scanning, and attachment sandboxing to stop malicious emails.
A security consulting and training firm that specializes entirely in the art and science of social engineering. They develop frameworks, provide penetration testing services, and create training programs focused on understanding and mitigating human-based security risks.
A Human Layer Security company that uses machine learning to protect against email-based threats caused by human error. Their platform analyzes communication patterns to automatically detect and prevent social engineering attacks like spear phishing and business email compromise.
Through its acquisitions of companies like PhishLabs and Terranova Security, Fortra provides a comprehensive portfolio of Digital Risk Protection and Security Awareness Training. Their technology actively detects and mitigates external threats targeting employees, brands, and customers via social engineering.