To begin with, the cybercriminal will identify their victim(s) and may gather background information on them. This will help them to decide which cyber-attack method will work with this particular user or users.
Once they have identified their victim(s) and decided which method of social engineering they will use, they will start to get a foothold into the victim’s systems. This may be done by contacting the user, engaging with them, making up a story or a similar action. By taking control of the interaction, they are already starting the manipulation process to gain the information or access they want.
Once the attacker has made that first contact, they will start edging their way into the systems further, expanding that foothold they have. They may even start siphoning data or disrupting your business whilst accruing the information they are seeking.
When they have all the information they need, whether this is data, financial information or logins they will work on ensuring their tracks are covered. This is to avoid you or any authorities finding out who carried out the cyber-attack. This will include removing all traces of any malware they may have planted and if they are still in contact with the victim, they will bring their conversation to a natural end. By this point, they have probably successfully attacked your network and gathered everything they wanted.
How social engineering attacks work is by exploiting and manipulating human nature. Whether it is by greed, kindness, or curiosity, they will use these human traits to encourage their victims to provide the information they desire.