Social engineering is defined as the psychological manipulation of people to make them perform actions or disclose confidential information. Many companies today spend millions of dollars protecting their data from network attacks with things like a firewall or an IDS/IPS system, but what happens when the vulnerability comes from the people you hire to handle data and information every day? These are the people targeted by most social engineering scams as many hackers use computer technology and manipulation to take advantage of victims who are simply too ignorant or too willing to help. Social engineering has been largely misunderstood, leading to many differing opinions on what social engineering is. what it is and how it works. Many believe that social engineering simply means lying or cheating to obtain free, trivial items; others believe that social engineering refers to the tools a hacker can use to gain information or favors, while others believe it is a science that can be broken down into parts or equations. Social engineering can be used in many areas of life, but not all of them are malicious or harmful. Many times social engineering can be used to motivate a person to take an action that is good for them; most of the social engineering we will talk about is the one that focuses on scams and manipulation. Social engineering is not just any action but a set of actions that, when put together, constitute the action, skill, and science of successful social engineering. The first step a successful social engineer must take to start his scam is to gather information. It has been said that no information is irrelevant and these words ring true, so it is SE. Even the small...... middle of paper......endor asking for access to part of a building or property. Scripts can help employees determine an appropriate response. The last step to take is to learn from social engineering audits. There are many companies that provide SE audits and choosing the correct one is crucial. Everything from setting objectives, to what should be included in the audit, and choosing the best auditor should be taken into consideration. Social engineering is defined as the psychological manipulation of people to make them perform actions or disclose confidential information. With so many tactics in use today and constantly changing and evolving, the same goes for the people targeted by these attacks. It is no longer enough to believe that attacks can only occur via a network, but we must also be ready to realize that we ourselves also represent a great vulnerability..