Social engineering tricks someone into performing an action. Instead of attacking the software, this attacks the employees of the company to compromise a computer.
Pretexting
Pretexting is calling or emailing the target and appearing as someone else. This requires some acting and psychological insight and a high level of information about the target.
Phishing
Phishing uses email to click malicious links. Spear phishing is targeted phishing according to reconnaissance.
Word Macros
Word documents and other file formats can be used to host malware, especially Microsoft Office documents. Modern versions give security warnings when a document is opened, but if the user requires macros or clicks enable content, the macros are run. PDFs can also embed executable files.
Drive by Download
A drive-by download attack compromises a site used by the target. This can be easily set using the setoolkit.
Credential Harvesting
This attack is similar to drive-by download attacks but requires a user to visit a cloned copy of the website and enter their login details.
CEO Fraud / Whaling
This is a type of spear phishing attack targeting large victims and