Social Engineering

Social engineering is the art of manipulating people into performing actions or divulging confidential information. Unlike technical attacks that exploit software vulnerabilities, social engineering exploits human psychology — trust, authority, urgency, curiosity, and fear. Common forms include phishing (deceptive emails), pretexting (creating a fabricated scenario), baiting (leaving infected media in public), and tailgating (following authorized personnel into restricted areas).

Phishing remains the most prevalent form of social engineering. Spear phishing targets specific individuals with personalized messages, while business email compromise (BEC) impersonates executives or vendors to authorize fraudulent transactions. Sophisticated attacks combine technical exploitation with social engineering for maximum impact.

Social engineering is often the initial vector in major breaches because it bypasses technical security controls entirely. Training, phishing simulations, and multi-factor authentication are key defenses.

How APVISO tests for this: While APVISO focuses on technical application security rather than social engineering, it helps reduce your overall risk exposure. By continuously testing and fixing application vulnerabilities, APVISO ensures that even if social engineering grants initial access, attackers find fewer exploitable weaknesses in your applications.