Social Engineering
Social engineering is the use of psychological manipulation to trick people into making security mistakes or giving away sensitive information. Rather than attacking technical systems directly, social engineers exploit human nature — trust, helpfulness, urgency, fear, curiosity — to bypass security controls.
Social engineering attacks include phishing emails, pretexting (creating a fabricated scenario), baiting (leaving infected USB drives), tailgating (following someone through a secure door), and vishing (voice phishing over the phone). These attacks target the human element — often the weakest link in any security program.
Why It Matters
Security awareness training is a CMMC requirement because technology alone cannot stop social engineering. Teaching your employees to recognize and resist manipulation attempts is essential for protecting CUI from human-targeted attacks.