With both network and web application attacks, they still need human interaction for the attack to take place. Whether those interactions are an individual putting their information into a malicious website or the attacker facilitating a man in the middle attack, they all require human interaction.
This is where social engineering comes in, it’s the psychological manipulation of people to induce them into divulging confidential information/performing actions. This type of manipulation is designed to gather confidential information, commit fraud or gain access to systems.
There are many different types of social engineering attacks, those that are the most common and damaging have been covered, however given the nature of social engineering and how it can exploit even the smallest things, even those that you think are not possible to be exploited, However it is difficult to cover every possible area. Before introducing you to phishing, below is short video which should give you an insight into a few areas of social engineering.