In this way, they are more likely to click on a link or open a document that we send them. By having the email addresses of people within an organization, we can tailor our social engineering attack to particular people and circumstances within that organization (e.g., a sales report to the sales department) and maybe spoof the email address of a colleague within the organization. If we are considering a social engineering attack against a target, we are probably going to need email addresses.
