What is a common characteristic of social engineering attacks?

Social engineering attacks are fundamentally based on manipulating individuals into divulging confidential information or performing actions that compromise security. The core characteristic of these attacks is their reliance on human psychology rather than technical vulnerabilities. Instead of attempting to breach a system through hacking techniques or exploiting software flaws, social engineers exploit trust, fear, or social norms to gain access to sensitive information or secure areas.

For example, a common social engineering tactic might involve impersonating a trusted individual, like an IT support technician, to coax an unsuspecting user into providing their login credentials. This manipulation is successful because it targets the human element, exploiting emotional responses and interpersonal dynamics rather than focusing on the technical aspects of security.

In contrast, other options highlight factors that do not align with the nature of social engineering. Physical access to a system, the use of automated scripts, or the exploitation of network protocols are more closely related to technical attacks that bypass security measures directly, rather than the psychological manipulation that defines social engineering.