Abstract

Social engineering is one of the most dangerous threats in the cybersecurity landscape as this method exploits human psychology. This paper explores the evolution of social engineering techniques, from traditional phishing to sophisticated AI-driven deception. Drawing on a wide range of empirical studies and real-world cases, it examines the psychological principles that make individuals susceptible to manipulation such as authority, urgency and trust. The study also evaluates the impact on individuals and organizations because of social engineering attacks. Current preventive measures including awareness training, technical defenses and organizational policies are reviewed alongside emerging threats posed by artificial intelligence and the Internet of Things (IoT). The study also emphasizes the future research opportunities that can be studied. The findings underscore the critical need for a human-centric approach to cybersecurity, emphasizing continuous education, adaptive technologies, and proactive defense strategies to mitigate the growing threat of social engineering.