Social engineering
Manipulating people psychologically — rather than hacking systems technically — to make them reveal information, grant access, or take actions that benefit a fraudster.
Also known as: human hacking, pretexting
Last reviewed: 1 June 2026
Social engineering is the foundation of most scams. Rather than exploiting software vulnerabilities, it exploits human tendencies: trust, helpfulness, fear of authority, urgency, curiosity, and the desire to avoid conflict.
Common social-engineering tactics include pretexting (creating a false scenario, e.g. pretending to be an IT auditor), baiting (leaving infected USB drives in car parks), quid-pro-quo offers ('I'll help you with your IT problem if you give me your login'), and tailgating (following an authorised person into a secure area).
Online, social engineering underpins phishing, vishing, smishing, romance scams, and business email compromise. Understanding that any unsolicited contact attempting to create urgency, fear, or exceptional opportunity is a red flag is the single most effective defence against social engineering.