Social Engineering

Social engineering, in the context of computer security, refers to tricking people into divulging personal information or other confidential data. It is an umbrella term that includes phishing, pharming, and other types of manipulation. While "social engineering" may sound innocuous (since it is similar to social networking), it refers specifically to malicious acts and is a topic all Internet users should understand.

Unlike hacking, social engineering relies more on trickery and psychological manipulation than technical knowledge. For example, a malicious user may send you a "phishing" email that says you need to reset your username and password for a specific website. The email may appear to be legitimate, but if you click the link in the message, it may direct you to a fake website that captures your information.

Another common type of social engineering uses false alerts on websites. For example, when you open a webpage, you might receive a message saying your computer has a virus and you need to download a specific program or call a phone number to fix it. In most cases, these alerts are auto-generated and are completely false. If you follow the instructions in the alert message, you may end up downloading spyware or giving away personal information over the phone.

Social engineering may also take place through social media. For example, malicious users may post public messages on sites like Facebook and Twitter that lure people into sharing personal information. Common example include false giveaways and prize alerts. In some cases, social engineers will even build relationships with others using online chat or private messaging before convincing them to divulge confidential data.

While most Internet users do not harbor malicious intent, social engineering is an unfortunate reality of the Internet. Therefore, it is wise to be skeptical of any message, email, or website that asks you to share personal data — especially if the request is from an unknown source. You can often verify the legitimacy of a message by checking the domain name of the website or contacting the author of the message. If you cannot verify the origin of a request, do not follow the instructions. By recognizing fake messages on the Internet, you can avoid being a victim of social engineering.

Updated August 20, 2016

Definitions by TechTerms.com

The definition of Social Engineering on this page is an original TechTerms.com definition. If you would like to reference this page or cite this definition, you can use the green citation links above.

The goal of TechTerms.com is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about the Social Engineering definition or would like to suggest a new technical term, please contact us.

Want to learn more tech terms? Subscribe to the daily or weekly newsletter and get featured terms and quizzes delivered to your inbox.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.