Although not technically an online tool itself, social engineering remains an important way of setting up malware or initiating fraud.
Social engineering is just another way of saying that hackers trick people into giving up important information. A receptionist in a large company might get a call from a “colleague” who says they have forgotten their password and can the receptionist remind them. Or the accounting department might be called by their photocopier company notifying them of a new bank account where lease payments can be deposited. Naturally, it is a criminal and not the real photocopier lessor. Social engineers take advantage of busy people who want to be helpful and do not apply best practice steps to establish legitimacy.