Definition: Social Engineering is a phrase that describes a malicious attack vector designed to take advantage of the naiveté of computer users. This method of intrusion seeks to deceive people into thinking a request for service or information is legitimate.
Cybercriminals, for example, could telephone an employee and represent themselves as being a member of the IT staff and attempt to gain confidential information. Mis-information, deceit and manipulation of the target business are the trademarks. The technique is simply fraudulent.
People of ill intent gain the confidence of employees who work for the targeted organization and then execute their plan when the time is right.
Its Relevance: All employees need to be aware of the nature of this attack vector. Most people want to be courteous and have a basic instinct to help others. An attacker uses this method to mislead employees who work in the system to take advantage of the good will of people. Some attacks are very sophisticated and based upon trusted relationships that took weeks or months to develop.