Social engineering (in the context of information security): The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
The greatest concern for the 580 information security professionals that responded to the 2017 Black Hat USA survey was the threat around phishing and social engineering (50%, up from 46% in 2016).
Coupled with the fact that the same respondents felt the weakest link in defences was end users being easily fooled by social engineering attacks (38%, up from 28%) this should come as little surprise to security professionals. But these figures may help them to gain that C-suite-level buy-in when trying to develop an efficient and, more importantly, relevant security education and awareness package for their organisation’s personnel.
Social Engineering became a familiar information security term to me when I was reading The Art of Deceptionby Kevin Mitnick. However, Social Engineering had been exploiting weaknesses in human nature for many years prior.