During a security audit, a company discovers that an unauthorized individual gained access to employee accounts by pretending to be IT support over the phone. Which type of attack is this?

SQL injection is a technique used to exploit vulnerabilities in a database by injecting malicious SQL queries. This attack focuses on the database layer and requires access to a web application's backend, making it irrelevant to the scenario, which revolves around human deception rather than technical exploitation.

Social engineering is the correct answer, as it directly pertains to the act of deceiving individuals into providing sensitive information or access. The scenario illustrates this by showing how the unauthorized individual pretended to be IT support, manipulating employees to gain unauthorized access to their accounts.

Brute-force attacks involve systematically attempting various combinations of passwords or keys until the correct one is found. This method is purely technical and does not incorporate any deceptive human interaction, making it unsuitable for the situation where trust was exploited through impersonation.