A social engineering attack refers to any type of attack where deception, manipulation or coercion is used to elicit information or access from a person for their own purposes. Social engineering refers to any technique used by a threat actor that focuses on people and process, rather than on technology. The most common form of social engineering attack is a phishing email that tricks victims into giving up personal information such as passwords and credit card details. Phishing often masquerades as an official corporate email from an organisation's CEO or another trusted person within the company.
“Networks are no longer safe if a company takes the egg-shell approach of simply using perimeter-centric hardware devices, anti-virus and anti-malware software and other approaches to keep intruders out" - William Boni, VP and CISO T-Mobile USA – Jan 2012.