Social engineering — sometimes referred to as social hacking or blagging in computing — is a manipulation technique where attackers exploit human psychology rather than technical vulnerabilities to gain access to systems, data, or premises. It remains one of the most effective attack vectors because it targets people, not technology.
Common types of social engineering attacks include:
- Phishing – fraudulent emails designed to trick recipients into clicking malicious links or sharing credentials
- Vishing – voice-based phishing where attackers impersonate IT support, banks, or suppliers over the phone
- Baiting – leaving infected USB drives or files in locations where curious employees will use them
- Pretexting – creating a fabricated scenario to extract information, such as posing as an auditor or senior manager
- Tailgating – physically following authorised personnel into secure areas without proper credentials
To defend against social engineering, businesses should combine awareness training with technical controls:
- Regular security awareness training – educate staff to recognise and report suspicious activity
- Simulated phishing campaigns – test employee responses in a safe environment
- Multi-factor authentication (MFA) – adds a second layer even if credentials are compromised
- Email filtering and anti-spoofing – block malicious messages before they reach inboxes
As a cyber security expert partner, Connection Technologies delivers security awareness training and technical defences to protect your team. Get a quote to strengthen your human firewall.