Social engineering is a form of cyber-attack that focuses on manipulating people rather than directly attacking computer systems or software. Instead of exploiting technical vulnerabilities, attackers exploit human behaviour, trust, emotions, and decision making in order to convince victims to reveal sensitive information or perform specific actions.

Attackers may attempt to trick users into:

• Revealing passwords or personal information
• Clicking malicious links
• Downloading harmful files
• Sending money or sensitive data
• Granting access to systems or accounts

Social engineering attacks are effective because they target human psychology. Even organisations with strong technical security can remain vulnerable if attackers are able to manipulate users successfully.