The most common social engineering attacks are called phishing, baiting, and quid pro quo.
Phishing: Where a hacker poses as a reputable company, such as PayPal or Amazon, and asks for credit card information.
Baiting: A physical device, such as a disk or USB, is left in a public space. When the victim plugs it into their computer, malware is downloaded.
Quid Pro Quo: An hacker physically pretends to be a member of the company staff, such as a maintenance worker or IT professional, and request keys for access to the building.
Source: Digital Guardian
Source: EDTS
The image above is an example of phishing. To the casual email-using observer, it looks like a perfectly legitimate email from UPS- it even has a link to download the mobile app. However, clicking on the tracking number immediately infects the phone or computer with malware.
Source: Google Images
This is an example of a baiting attack. When found, curious employees wouldn’t hesitate to plug this into their computer, where hackers will then have access to personal files and company data.
Source: Charlotte Bryan (original image)
This final image is an example of quid pro quo. Such a key would be a prime target for a hacker dressed as a maintenance worker to steal from the company and then duplicate.