Very often, an attacker does not have direct access to a system they want to compromise. They must depend on an unwitting user to help them. Besides opening malicious email attachments or providing information on the phone, the user might be persuaded into performing some other task that they should not. This usually takes more effort and skill on the part of the attacker. Examples include:

  • Disabling or bypassing security controls.
  • Granting physical or network access.
  • Creating or resetting credentials that the attacker can use.
  • Delivering or forwarding messages, faxes, documents, or emails.
  • Installing software.
  • Authorizing payments.
  • Connecting or disconnecting devices.
  • Reconfiguring a system.