What is the primary goal of social engineering attacks?

Social engineering hinges on manipulating people rather than exploiting machines. The core aim is to cause a victim to do something that weakens security—such as revealing passwords, sharing sensitive data, or performing actions that grant an attacker access. Attackers rely on psychology—trust, authority, urgency, or fear—to bypass technical protections and trick someone into disclosure or error. That’s why phishing emails, fake helpdesk calls, or pretexting are typical methods: they persuade a person to reveal credentials or sensitive information directly. Other attack types focus on technical flaws—like software vulnerabilities that can be exploited to gain access, or attempts to disrupt services. Social engineering targets the human element instead of software, so the objective is the information or access that people inadvertently provide. While gaining physical access can be a vehicle for further breaches, the overarching goal of social engineering is to trick someone into revealing information or making a security mistake.