Social engineering exploits human psychology rather than technical vulnerabilities, using deception, urgency, authority, or trust to bypass security controls. Common techniques include phishing emails, pretexting phone calls, baiting with infected devices, and tailgating into secure facilities. These attacks succeed because they target the weakest link in security: people. For instance, the 2020 Twitter breach involved attackers calling employees posing as IT support to obtain credentials, demonstrating how social engineering can compromise even technology-savvy organizations.