Social engineering is a type of attack in which the attacker tries to obtain sensitive and confidential information by a psychological manipulation. The intruders pretend themselves as a credible source for obtaining the information illegally. It is a type of non-technical attacks where the intruders use the phone calls, emails, human conversation and other methods to obtain information. For example, if the intruder belongs to the same organisation where he or she is planning to attack, then he or she may try to find out the locations of important files, passwords, servers and other valuable information of the organisation. One of the simplest tricks of the social engineering attack is establishing interaction with the person who may be an administrator and asks him for a password or other potential information.
Phishing is a kind of social engineering attack where the attacker uses e-mails or other messaging application to obtain information. The phishers pretend as trusted party for obtaining information. For example, a phisher may use phone call and present himself or herself as the representative of a bank and may obtain information. Thus, people may take the phisher as an actual representative of the bank and end up providing crucial information. Sending spam e-mails is another example of phishing. It generally contains some fake hyperlinks that appear legitimate. Thus, if the use enters information the phisher records that confidential information.