Social Engineering is the process of manipulating the human aspect of a security system to gain access to confidential information or restricted areas. This can vary from a simple credential stealing ‘Phishing’ attack, to various on-site engagements.
The aim is not to compromise an IT system through a conventional vulnerability or misconfiguration, but rather to gain access through ‘exploiting’ the human in the middle.