While the number of social engineering approaches is only limited by a hacker’s imagination, social engineering approaches can be placed into 6 broad categories:
Money – Offering money or other compensation of value in exchange for restricted information. Done in a slow, methodical, indirect way starting with gifts & small tokens of appreciation.
Ideology – Using employees’ uncertainty about elements of corporate strategy or activity to gain restricted info. (i.e. – Google employees protesting military application of tech)
Compromise – Malicious actors can use personal pictures, texts, other info against an employee. Threatening to expose either publicly or to the corporation.
Ego – Malicious actors can play to employees’ grievances to get them to provide info either to another organization or cause that would “appreciate them” more or in revenge for perceived or real slights the company has done unto the employee.
Curiosity – Emails or texts that make you wonder who sent them.
Authority impersonation – Emails, texts or phone calls purporting to be from someone in your management chain.