Social Engineering and Phishing

Social engineering attacks people rather than technology. Instead of breaking through firewalls, the attacker tricks a person into giving up information, access, or money by exploiting trust, fear, curiosity, or helpfulness.

It is often the easiest way in: why crack a password when you can convince someone to simply hand it over? Humans are frequently the weakest link in security.

Phishing is the most common social engineering attack: fraudulent emails or messages that appear to come from a trusted source, luring victims into clicking malicious links, opening infected attachments, or entering credentials on fake sites.

A phishing email might imitate your bank or IT department, creating urgency so you act before thinking. It casts a wide net, sent to many people at once.