The term social engineering relative to security came from early hacking efforts on telephone systems and long-distance services. Social engineering is based on the concept of why risk breaking into a system by brute force or tools when you can get some friendly employee to help you do it? Social engineering is generally a hacker’s clever manipulation of an employee’s natural human tendencies to trust and want to be helpful.

More than one company with elaborate authentication processes, firewalls, virtual private networks (VPNs), and network monitoring software has been left wide open to an attack by an employee unwittingly giving away key information in an e-mail or by answering questions over the phone with someone they don’t know. This is one area where the would-be hacker can benefit from a friendly demeanor, a good smile, and knowledge of looking and acting like they belong.

Don’t make the mistake of thinking only lower-level employees are prone to this. The fear of appearing not to cooperate with an obviously important activity has led to the comprise of many a manager.