Several aspects of social engineering make it appealing for adversaries. A threat actor attempting technical exploitation may face authentication portals, firewalls and other technical obstacles, but social engineering can use emotion, urgency and pretext as leverage to persuade someone to provide their access credentials. Social engineering preys on the human aspect to bypass security processes in place at an organization.If an adversary is successful in socially engineering a target to grant access to an environment, the result can be highly lucrative. Because access gained was granted to an "employee," it looks legitimate and does not draw attention or trigger initial detections. This gives the threat actor time to perform reconnaissance of the environment, collect sensitive information and, in some cases, monitor chat channels to determine whether the activity has been detected. Once an adversary is able to infiltrate via social engineering, they may have privileged access to admin-level accounts, allowing them to quickly spread & escalate, capture sensitive data, and deploy ransomware that can disrupt the flow of business. Having legitimate privileged credentials reduces the likelihood of detection, giving the adversary additional time for full organizational compromise.

Phishing is the deceitful use of email to collect information, capture credentials or deploy malware to a system. Nation-state threat actors such as HELIX KITTEN have been observed using spear-phishing campaigns, meaning they target specific and sometimes privileged user accounts with emails containing malicious macros in attachments.