What is social engineering?

Social engineering manipulates people into taking actions or revealing information. Rather than exploiting technical vulnerabilities, it exploits human psychology: trust, fear, urgency, and authority. Email is a primary **social engineering** channel.

Techniques include: **phishing** (impersonating trusted entities), pretexting (creating false scenarios), baiting (offering something desirable), and quid pro quo (offering services for information). All rely on psychological manipulation.

Defense is primarily educational. Technical controls help but can't prevent determined **social engineering**. Training users to recognize manipulation techniques, verify requests through trusted channels, and resist pressure is essential.