In some cases, the greatest weakness in a website’s security system is the people that use it. Social engineering seeks to exploit this weakness. A hacker will convince a website user or administrator to divulge some useful information that helps them exploit the website. There are many forms of social engineering attacks, including: Phishing Users of a website are sent fraudulent emails that look like they have come from the website. The user is asked to divulge some information, such as their login details or personal information. The hacker can use this information to compromises the website. Baiting This is a classic social engineering technique that was first used in the 1970s. A hacker will leave a device near your place of business, perhaps marked with a label like “employee salaries”. One of your employees might pick it up and insert it into their computer out of curiosity. The USB stick will contain malware that infects your computer networks and compromises your website. Pretexting A hacker will contact you, one of your customers or an employee and pretend to be someone else. They will demand sensitive information, which they use to compromise your website. The best way to eliminate social engineering attacks is to educate your employees and customers about these kinds of attacks.