Social Engineering
ELI5 — The Vibe Check
Social engineering is hacking people, not computers. Instead of breaking through technical defenses, attackers manipulate humans into giving up access or information. 'Hi, I'm from IT support, I need your password to fix your account' is social engineering. Technology can't fully protect against human gullibility.
Real Talk
Social engineering exploits psychological manipulation rather than technical vulnerabilities. Techniques include phishing (email), vishing (voice calls), smishing (SMS), pretexting (fabricated scenarios), and baiting. It's often the easiest path into a well-secured system because humans are the weakest link.
When You'll Hear This
"The breach started with a social engineering call to the help desk." / "Security training reduces social engineering success rates."
Related Terms
MFA (MFA)
MFA stands for Multi-Factor Authentication. It's the umbrella term for requiring multiple proofs of identity. 2FA is MFA with exactly two factors.
Phishing
Phishing is when hackers pretend to be someone you trust — your bank, your boss, Google — to trick you into giving up your password or clicking a bad link.
Security Audit
A security audit is a systematic review of your code, infrastructure, and processes to find security weaknesses.
Two-Factor Authentication (2FA)
2FA means you need two things to log in: something you know (password) and something you have (your phone).