Spamming involves sending messages to large groups of people whose contact info is usually obtained through nefarious methods. Spamming is a general term used to define both malicious and non-malicious message broadcasting.
When the attacker uses text messaging, email, or voice calling (voice phishing = vishing), it is called Phishing. Phishing is used to make the target believe they are being called by a legitimate institution or an entity in order to extract valuable information from the target.
Baiting involves designing a trap and waiting for the potential victim to walk into the trap. As a simple example, if an attacker drops a few USB drives in your company’s parking lot, chances are, one of your employees will try and plug it into their computer to check the contents of the USB drive. This might sound silly but there have been numerous instances where simple tricks by Social Engineers have resulted in massive corporate data breaches. Phishing is used to make the target believe they are being called by a legitimate institution or an entity in order to extract valuable information from the target.
PiggyBacking means using someone else to attack a potential victim. The attacker will use a third-party (usually innocent) who has access to the victim in order to carry out a piggybacking attack. There are many variations of Piggybacking. If an attacker follows your employee to your office using their access card, this is one form of piggybacking called tailgating.