Why and how does social engineering work?
The first thing to keep in mind about social engineering is that it does work. Kevin Mitnick, possibly the best known hacker of recent decades, carried out most of his questionable activities through the medium of social engineering.2 He did not need to use his technical expertise because it was easier to just ask for the information he wanted. He discovered that people, when questioned appropriately, would give him the information he wanted. Social engineering succeeds because most people work under the assumption that others are essentially honest. As a pure matter of probability, this is true; the vast majority of communications that we receive during the day are completely innocent in character. This fact allows the social engineer to be effective. By making seemingly innocuous requests for information, or making requests in a way that seems reasonable at the time, the social engineer can gather the information that he or she is looking for.
