What is social engineering in cybersecurity?

Social engineering is the manipulation of people (rather than systems) into performing actions or divulging confidential information. It exploits human psychology — trust, fear, urgency, authority, and curiosity. Common techniques: Phishing (email/SMS), vishing (voice/phone calls pretending to be IT or bank), pretexting (fabricating a scenario to gain trust — e.g., "I'm from IT, I need your password to fix an issue"), baiting (leaving infected USB drives in parking lots), quid pro quo (offering something in exchange for info), tailgating/piggybacking (physical access by following an authorized person). Defense: security awareness training, clear verification procedures, never sharing passwords verbally, and a security culture where employees feel safe reporting suspicious incidents.