I don't say a place got "socially engineered"
That phrasing, while clinical and professional, hides some of the simplicity of what happened.
I say an attacker "called up and asked nicely"
"The company was breached after a hacker socially engineered a support rep" vs "The company was breached after a support rep gave passwords to someone who called up and asked nicely"
So much yes.
Catfishing is social engineering. It requires planning and design and structure to achieve a result.
Most of what people call social engineering is exactly what you describe.
A Mastodon instance for info/cyber security-minded people.