Like a chain a computer is only as strong as it weakest link, which is often the users. Social engineering is the process of getting users to divulge information that allows hackers to break in.
This could be the details of a users security questions, or the network infrastructure to help the hackers to discover appropriate attacks, or it could be login credentials.
One particularly devious method of social engineering is Cross Site Scripting (XSS). Which is where a hacker hijacks a web page to introduce content that was not there originally. The result is a page that appears on the domain of an organisation, yet has nothing to do with it, such a fake login form that sends the credentials to the hackers. There is an example of how to launch this attack in WebGoat. To avoid this form of attack, always type in the address of a website rather than following a link.
