The most popular scenario for social engineering attacks is when the hacker impersonates or tries to trick them into compromising security. Hacker impersonates another employee in the organization.
Hacker impersonates administrator
Hacker calls and impersonates the network administrator, tries to trick the user into compromising security by asking the user to do things such as changing their password or giving away account information. The hacker also may ask the user questions about the general setup of the system.
Hacker impersonates user
Calls the network administrator pretending to be a frustrated user. In this scenario the hacker will pretend they do not remember their password or how to get onto the system. An unaware administrator may help the hacker (acting as a frustrated user) gain access to the system by resetting a password and guiding them through the process of gaining access.
Hacker impersonates management
If the hacker knows the name of personnel on the management team, the hacker may call employees within the company and impersonate management. The hacker will ask the unsuspecting employee to perform actions that will essentially compromise the security of the system or the environment so that the hacker can gain access later.