Definition

What is Social Engineering?

The use of psychological manipulation to deceive individuals into divulging confidential information, performing actions, or bypassing security controls — without exploiting any technical vulnerability. Phishing (email), vishing (voice calls), smishing (SMS), and pretexting are the most common techniques. Social engineering attacks bypass technical controls entirely by exploiting human trust, authority, and urgency, making security awareness training and phishing simulation programs essential countermeasures.

Related terms

Multi-Factor Authentication (MFA) →

An authentication mechanism that requires users to present two or more independent verification factors before access is granted: something you know (password), something you have (hardware token or authenticator app), or something you are (biometric).

Red Team →

A group of security professionals who simulate sophisticated, persistent adversaries to test an organization's ability to detect and respond to real-world attacks.

Ethical Hacking →

The authorized practice of using offensive attack techniques against a system to identify security weaknesses before malicious actors can exploit them.

Penetration Testing →

A structured, authorized simulation of a real-world cyberattack against a system, network, or application with the goal of identifying exploitable vulnerabilities before malicious actors do.

Put this into practice

AI penetration testing for web applications →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.