An attacker who uses social engineering techniques such as phishing, spamming, or tailgating to gain access.

Social engineering hinges on manipulating people to bypass security, rather than breaking in with technical tricks. Phishing and spam lure someone into revealing credentials or privileges, while tailgating takes advantage of courtesy to slip into a restricted area. Someone who uses these human-focused tactics to gain access is a social engineer, because their attacks target people and their trust, not just systems. The other roles don’t fit as neatly: a hacker is a broad label for someone who breaches systems, but it doesn’t specify the social manipulation aspect; an insider has legitimate access and wouldn’t necessarily rely on social tricks to get in; a penetration tester is a legitimate evaluator who simulates attacks, not an attacker exploiting real-world weaknesses.