With 98% of malicious emails that hit inboxes containing no malware, the evolution and future of the phish lies squarely in the hands of effective social engineering.
If you were a cybercriminal and were planning on using email as the medium by which to carry out your evil plans, you quickly realize you need to fool the recipient no matter what – whether the desired action is to open a malicious attachment, click a link, or respond, you much con them into doing so.