When looking for victims, attackers can watch out for a variety of characteristics, such as ability to trust, low perception of threat, response to authority, and susceptibility to react with fear or excitement in different situations.
[7] It is one of the top information security threats in the modern world, affecting organizations, business management, and industries.
[7] Social engineering attacks are considered difficult to prevent due to its root in psychological manipulation.
Social engineering culprits directly target customers or employees to work around trying to hack a purely technological system and exploit human vulnerabilities.
For example, while the social engineering attack known as phishing relies on modern items such as credit cards and mainly occurs in the electronic space, pretexting was and can be implemented without technology.
Pretexting can occur online, but it is more reliant on the user and the aspects of their personality the attacker can utilize to their advantage.
In academia, some common characteristics[14] are: If the victim is "prized", it means that one has some type of information that the social engineer desires.
The feeling of excitement can be used to lure the victim into the pretext and persuade them to give the attacker the information being sought after.
[14] Despite understanding that threats exist when doing anything online, most people will perform actions that are against this, such as clicking on random links or accepting unknown friend requests.
[14] The October 1984 article Switching centres and Operators detailed a common pretexting attack at the time.
On social media sites like Facebook, socialbots can be used to send mass friend requests in order to find as many potential victims as possible.
[18] Current education frameworks on the topic of social engineering fall in between two categories: awareness and training.
Training is specifically teaching necessary skills that people will learn and use in case they are in a social engineering attack or can encounter one.
[20] A research study on social engineering education in banks across the Asian Pacific, it was found that most frameworks only touched upon either awareness or training.
As well, purely technical methods of combatting against social engineering and pretexting attacks, such as firewalls and antiviruses, are ineffective.