Social engineering is a manipulation technique that exploits human error and psychological manipulation to trick individuals into revealing private information, granting access, or performing actions that compromise security. Rather than attacking technical systems directly, social engineering targets the human element, often called "human hacking," by deceiving users into exposing data, spreading malware, or giving access to restricted systems

. The process typically involves several steps: attackers gather background information on the victim, establish trust through communication or impersonation, exploit the victim's trust to achieve their goal (such as theft or sabotage), and then disengage once the objective is met. This can happen through emails, social media, phone calls, or even face-to-face interactions

. Social engineering attacks rely on common human traits like curiosity, trust, fear, or ignorance and often use tactics such as pretexting (creating a fabricated scenario to gain information), shoulder surfing (observing someone entering sensitive information), or dumpster diving (searching through trash for confidential data)

. The goals of social engineering attacks generally fall into two categories:

• Theft: Obtaining valuables such as information, access credentials, or money.
• Sabotage: Disrupting or corrupting data to cause harm or inconvenience

Because social engineering exploits human psychology rather than technical vulnerabilities, it is considered one of the most effective and prevalent methods used by cybercriminals today, often serving as the initial step in larger cyberattacks