Social engineering is an attack methodology in which hackers deceive people into giving up confidential information — such as passwords, account numbers and access codes — through communications that are disguised as legitimate. The tactic is based on the idea that people are basically trusting.
The most common form of social engineering is phishing, which is easy to deploy and very effective. For example, a hacker sends an employee an email that convinces him or her to post sensitive data on an insecure website. To address the challenge of social engineering, the right cybersecurity measures must be put in place to limit the vulnerabilities.