There's no firewall or antivirus that can protect from Social Engineering. The best solution is to teach users how to identify and avoid Social Engineering.
In the context of information security, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme. It has also been defined as "any act that influences a person to take an action that may or may not be in their best interests."An example of social engineering is an attacker calling a help desk, impersonating someone else, and claiming to have forgotten their password. If the help desk worker resets the password, it grants the attacker full access to the account.