It is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a coworkers computer, he (Even though I use “he”, hackers are of both genders, and I just chose to use “he” in these examples.) could call the co-worker pretending to be from the IT department. The conversation could be something like: Bob- “Hello Suzy. My name is Bob and I’m from the IT department. We are currently attempting to install a new security update on your computer, but we can’t seem to connect to the user database and extract your user information. Would you mind helping me out and letting me know your password before my boss starts breathing down my neck? It’s one of those days, ya’ know?”
Suzy would probably feel bad for Bob and let him know her password without any hesitation. BAM! She got social engineered. Now the hacker can do whatever he pleases with her account.
It is exactly what it sounds like. The hacker would simply attempt to look over your shoulder as you type in your password. The hacker may also watch weather you glance around your desk, looking for a written reminder or the written password itself. An effective way to get information in crowded places because it’s relatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. Shoulder surfing can also be done long distance with the aid of binoculars or other vision-enhancing devices. To prevent shoulder surfing, experts recommend that you shield paperwork or your keypad from view by using your body or cupping your hand.
If you use a weak password, a hacker could simple guess it by using the information he knows about you. Some examples of this are: date of birth, phone number, favorite pet, and other simple things like these.