One of the most common social engineering attacks is to claim to be from a support desk at a vendor (e.g. Epicor) and ask for access to your store systems.