Social engineering is the art of manipulating people into divulging confidential or personal information that may be used for fraudulent purposes. It works by exploiting human psychology rather than technical hacking skills. Common social engineering techniques include posing as an authorized employee, gathering information to gain trust, and reading body language. To protect against social engineering, organizations should implement strong password policies, use two-factor authentication, provide security awareness training to employees, and foster a security-conscious culture.