Social engineering in cybersecurity refers to the tactics that attackers use to manipulate individuals into revealing confidential information, granting unauthorized access, or performing actions that compromise security. Unlike traditional hacking methods that focus on exploiting technical vulnerabilities in software or networks, social engineering targets human psychology and behavior. These tactics often involve deception, manipulation, and influence to bypass security defenses that are designed to protect systems and data.

Common forms of social engineering include phishing, pretexting, baiting, and impersonation. For example, in phishing attacks, attackers use deceptive emails or messages to trick individuals into clicking malicious links, downloading harmful attachments, or sharing sensitive information like passwords. In other cases, attackers might impersonate trusted figures, such as IT personnel, to convince employees to provide access to secure systems.

Because social engineering relies on human error, it is one of the most challenging threats to mitigate. Organizations combat social engineering by promoting security awareness, training employees to recognize and respond to suspicious behavior, and implementing strict verification protocols. Social engineering is a critical focus for cybersecurity professionals, as it represents a potent threat vector that requires both technical controls and human vigilance to defend against.