Phishing is one of the most common methods of social engineering. An automated email goes out to thousands of people who rightly delete them. However, if somebody clicks a link in that email, their computer may be compromised. If not, they might be contacted by a real person. This person will lie and try to trick the person into divulging funds or information.
Scareware is another classic tactic. An attacker will attempt to trick an employee into believing they have been infected by malware. Then, this person will send them the “solution” for the infection. Without knowing it, the employee will have installed malware after downloading the “solution.”
The most effective attack vector is Spear Phishing or targeted email attack. This tactic requires reconnaissance and planning. In this attack, the “bad guy” attempts to piece together a profile of the target from their social media posts. Individuals do not realize the seemingly innocuous information they post about themselves is like a bonus prize to a hacker. The more personal information the hacker can collect the more detailed their profile of the target will be. This allows the hacker to develop emails that the target will open. The problem is not with the email itself; it is with what is attached, embedded, or linked to. The malware downloaded from the email will compromise the user’s computer. Remember the individual that sent the email is a hacker, so you should consider your whole network compromised.