The key to social engineering is establishing a trust relationship, typically between individuals who have previously never met. The act of social engineering is designed to attempt to obtain otherwise secure data by convincing an individual into revealing non-public information.
This can be done by masquerading as a privileged or authorized employee, or using other means to gain a person's trust. In performing social engineering, a common thread often occurs whereby an individual is tricked, cajoled, awed, persuaded, or otherwise convinced that providing the requested information is an appropriate course of action.
Social engineering is often based on trickery and misleading activities that encourage employees to release information that may be valuable to obtain other non-public information from the organization, often using a computer system. For example, an employee in an enterprise may be tricked into revealing their password - or someone’s - for access to a sensitive application.