The security industry loves to talk about how “sophisticated” attacks can be. Usually this takes the form of us saying how advanced and sophisticated an attack is, what new methods were used to hide servers or make analysis harder, etcetera. However, it’s easy to forget that not all attacks need to be technically sophisticated; instead it can be in the social engineering used and how the attack is carried out.

http://blog.trendmicro.com/trendlabs-security-intelligence/targeted-attacks-not-all-attacks-need-to-be-sophisticated/