Social engineering persists as the most significant threat in cybersecurity, defying even the most advanced technological defences. This phenomenon exploits vulnerabilities inherent in human psychology, harnessing emotions such as fear, curiosity and trust to manipulate individuals and gain unauthorised access to sensitive systems and information. Despite advances in computer security, social engineering attacks continue to evolve, taking new forms ranging from sophisticated phishing schemes to the use of AI-powered deepfakes. We will discuss why social engineering remains so effective, analyse recent case studies and discuss mitigation strategies that go beyond simple awareness. It explores the delicate balance between trusting employees and the need to implement robust security policies, questioning whether organisations' current approach is sufficient to counter this persistent threat.