Social engineering refers to the tricks attackers use to fool victims into performing an action. Typically, these actions are opening a malicious webpage or running an unwanted file attachment.

Many social engineering efforts are focused on tricking users into disclosing usernames or passwords, enabling attackers to send messages as an internal user to further their data acquisition attempts.

In March 2009, hackers distributed personalised emails posing as breaking news from a Reuters-related website of a bomb blast in the recipients’ city. Clicking on the link in the email took users to a webpage that installed malicious code and video footage, which then downloaded the Waled malware.