The basic goals of social engineering are the same as hacking in general: to gain unauthorized access to systems or information in order to commit fraud,
Typical targets include telephone companies and answering services, big-name corporations and financial institutions, military and government agencies, and hospitals.
Finding good, real-life examples of social engineering attacks is difficult. Target organizations either do not want to admit that they have been victimized (after all, to admit a fundamental security breach is not only embarrassing, it may damaging to the organization’s reputation)
As for why organizations are targeted through social engineering – well, it’s often an easier way to gain illicit access than are many forms of technical hacking.
Social engineering attacks take place on two levels: the physical and the psychological. First, we'll focus on the physical setting for these attacks: the workplace, the phone, your trash, and even on-line.
In the workplace, the hacker can simply walk in the door, like in the movies, and pretend to be a maintenance worker or consultant who has access to the organization.