Telephone impersonations, pretending to be authority figures demanding information.
Email "phishing" techniques, using "con man" techniques to gain access.
False link emails, designed to trick employees into clicking compromised email links to fake sites that look real.