What Is Social Engineering?
Social engineering is the use of deception to get people to reveal information or take risky actions. Here is how it works and why it succeeds.
Mango Oasis Editorial
2026-04-04
Social engineering is the use of manipulation, pressure, or deception to get someone to do something they would not normally do. In security, that usually means revealing information, clicking a malicious link, or granting access.
Why Social Engineering Works
Most attacks do not start with brilliant code. They start by exploiting normal human instincts like trust, urgency, helpfulness, fear, or curiosity.
That is why social engineering is so effective. It targets people as much as systems.
Common Examples
Phishing emails are a classic example. So are fake password reset alerts, calls pretending to be tech support, urgent payment requests from an impersonated boss, or messages claiming an account will be locked unless you act immediately.
The method changes, but the pattern is similar: create pressure, lower skepticism, and get the person to make the attacker’s next step easier.
Social Engineering Is Not Just Online
People often think of email scams, but social engineering also happens in person and over the phone. Someone tailgating into an office, pretending to be a contractor, or calling a help desk with convincing details can all be using the same basic tactic.
The technology involved can be minimal. The real tool is persuasion.
Summary
Social engineering is deception aimed at people rather than systems. It works by exploiting trust, urgency, and routine behavior, which is why awareness matters so much. For related examples, see What Is Phishing? and What Is Two-Factor Authentication?.
Found this helpful?
Browse more plain-English explanations of tech and internet terms.
Browse All Articles