Common Social Engineering Attacks: Customer Service
From Learn to be a true Social Engineer
1.1 By Phone Usually attackers obtain the phone numbers from the website posted with a routing email for customer support.
They would call in and just give out a blind last name for password resets. Lack of training and the desire to please causes many to just go and reset without verifying the caller.