I am very interested in the way real-world attackers—rather than penetration testers—use social engineering techniques. Jerome Segura describes one such scam that entices the victim to send money using Western Union. What happens once the money is received? As Jerome puts it, “at the end of the trail there is a mule…”
For another reference on the topic, take a look at the recent article by Brian Krebs, where he discusses how individuals are recruited to become money mules.
If you’re interested in my earlier thoughts on social engineering techniques used in the real world, take a look at the CSO article by Joan Goodchild that discussed my presentation on the topic: Social engineering techniques: 4 ways criminal outsiders get inside.