> For the complete documentation index, see [llms.txt](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/osint-tool-resouces-usage/what-is-social-engineering.md).
# What is Social Engineering
**Social engineering** is a psychological manipulation technique used by threat actors or general to deceive individuals into revealing confidential information, granting access to systems, or performing actions that compromise security.
#### Goals:
* Gain **unauthorized access** to systems or data
* **Steal identities** or login credentials
* **Trick targets** into performing actions unknowingly
### Common Types of Social Engineering Attacks
#### 1. **Phishing**
Deceptive emails, fake websites, or text messages used to steal information such as usernames, passwords, or credit card numbers.
#### 2. **Spear Phishing**
A more targeted and personalized phishing attack. The attacker gathers information about the victim to appear more credible.
#### 3. **Vishing (Voice Phishing)**
Scams conducted through phone calls. The attacker may pretend to be from customer support, banks, or authorities.
#### 4. **Pretexting**
Creating a false scenario to obtain information. Example posing as IT staff to ask for login credentials.
#### 5. **Baiting**
Luring victims with something tempting, such as a free USB or a downloadable file, which may contain malware.
#### **6. Tailgating**
Following someone into a restricted area without authorization, commonly used in physical security breaches.
## Why Social Engineering is Still Used
As a penetration tester, social engineering is still often used to find initial access such as hacking, ransomware and blackmail and other detrimental things, social engineering attacks individuals not systems, let's take an example of any sophisticated system but employees are fooled by social engineering can still be penetrated, a hacker if he can't attack his system then the individual is attacked, for example a hacker does OSINT to employees, then he finds interesting information such as email addresses, schools, hobbies, birth dates and others. Then hackers can enter with this gap looking for possible access, if the hacker succeeds in trapping his target then he will do a deep investigation such as credential stuffing and looking for access and stealing data. Remember this depends on the motivation there are hackers who do this to steal money or find initial access, conduct espionage and other things
## How to Prevent?
* **Don’t trust** unsolicited requests for personal or sensitive information
* **Verify the identity** of senders or callers
* **Be cautious** with suspicious emails or links
* **Enable two-factor authentication (2FA)** wherever possible
* **Educate and train** individuals or employees regularly
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/osint-tool-resouces-usage/what-is-social-engineering.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.