Social engineering is what we call the intent of obtaining a company’s personal or private information through its employees or the people that have access to that company’s information. It uses psychological manipulation to mislead users into committing security mistakes, or giving away private information. Most common example is an email that promises a prize in exchange for an email or, your bank asking for your credit card’s PIN number.
Some types of social engineering attacks include: Phishing, Vishing and Smishing, Pretexting, Baiting, and some others. Attackers get more creative as time passes.
According to webtribunal.net Cybercriminals use social engineering in 98% of attacks.