A social engineer acquires confidential information from users to harm a company. They gain trust by impersonating valued employees and use psychological techniques to convince users to help. Security breaches happen when employees provide information to seemingly trusted individuals without following security policies. Companies can prevent social engineering by having thorough security policies that define instructions for employees and verify identities to prevent impersonation.