Social engineering is a form of techniques employed by cybercriminals designed to lure unsuspecting users into sending them their confidential data, infecting their computers with malware or opening links to infected sites. In addition, hackers may try to exploit a user's lack of knowledge; thanks to the speed of technology, many consumers and employees don't realise the full value of personal data and are unsure how to best protect this information.
​
Phishing emails attempt to convince users they are in fact from legitimate sources, in the hopes of procuring even a small bit of personal or company data. Emails that contain virus-filled attachments, meanwhile, often purport to be from trusted contacts or offer media content that seems innocuous, such as "funny" or "cute" videos.
​
A hacker might frequent the public food court of a large office building and "shoulder surf" users working on their tablets or laptops. Doing so can result in a large number of passwords and user names, all without sending an email or writing a line of virus code.
​
Some attacks, meanwhile, rely on actual communication between attackers and victims; here, the attacker pressures the user into granting network access under the guise of a serious problem that needs immediate attention.
​
Anger, guilt and sadness are all used in equal measure to convince users their help is needed and they cannot refuse.
​
Finally, it's important to beware of social engineering as a means of confusion. Many employees and consumers don't realize that with only a few pieces of information — name, date of birth or address — hackers can gain access to multiple networks by masquerading as legitimate users to IT support personnel. From there, it's a simple matter to reset passwords and gain almost unlimited access.