Social engineering refers to situations in which an intruder gains access to a system
not by technical means, but by deceiving users, operators, or administrators.
Potential intruders may impersonate authorized users over the phone.
Potential intruders may request information that gains them access
to the system, such as telephone numbers or passwords, or they may
request an unwitting operator to perform some action that compromises
the security of the system.
As the technical
security features of operating systems have strengthened in recent
years, social engineering has been a factor in a growing percentage
of security incidents. Operator training, administrative procedures,
and user awareness are all critical factors to ensure that access
is not inadvertently granted to unauthorized persons.