Social engineering is manipulating people into revealing confidential information or performing actions. Examples of social engineering include finding sensitive information in trash or pretending to be from an organization to trick users into providing passwords or account numbers. To reduce risks, users should be suspicious of unsolicited requests for information and never provide passwords or sensitive data via email. If victimized, users should change passwords and report suspicious activity to IT.