What is true about social engineering attacks?

Social engineering attacks primarily focus on exploiting human psychology rather than relying on technical skills or directly targeting system vulnerabilities. The essence of such attacks lies in manipulating individuals into performing actions that compromise security, such as revealing confidential information or granting unauthorized access.

While social engineering can take various forms, including phishing emails, phone calls, or even in-person interactions, it fundamentally seeks to exploit trust or social interactions, making option C the most accurate representation of the nature of these attacks.

Unlike the option that suggests these attacks are always email-based, social engineering methods are diverse and not limited to a single medium. Additionally, relying on technical skills or targeting system vulnerabilities is characteristic of brute-force tactics or malware attacks, which differ from the psychological manipulation inherent in social engineering.