What is social engineering?

In social engineering, an attacker uses social skills to obtain information about an organization or its computer systems. The attacker may seem respectable and unassuming, possibly claiming to be a new employee, repair person, or researcher, and may offer credentials to support that identity. However, by asking questions, the attacker is able to piece together enough information to infiltrate an organization's network. If an attacker cannot gather enough information from one source, he or she may contact another source within the same organization and rely on information from the first to add to that attacker's credibility.