Common methods social engineers use are:
- Baiting – whereby the attacker leaves an infected peripheral such as a USB memory stick in a common staff area in the hope a staff member inserts it into their computer or hands it to the IT department.
- Tailgating – whereby an attacker follows another staff member into a secure area before the door has closed.
- Phishing – whereby an assailant sends an email masked as another staff member or a genuine source and directs the staff member to open the infected file or follow a link.
- Pretexting – whereby the attacker persuades a staff member to hand over restricted material by mimicking someone else.