I've used some gray-hat SE techniques for various endeavors, often work related... its amazing the things that you can accomplish by stating your name, title and a company that you represent. I work for a media company and some of the things that I do require taking over a client company's website and revamping it top to bottom... not just design but often setting up new hosting, gaining control of the domain name that some 3rd party purchased on their behalf, getting into their existing hosting account to retrieve files, images, and other data. A typical SE in this regard may go something like this...
After gathering as much information as possible. Company X, Company X CEO Name, website - CompanyX.com and current DNS records from WHOIS, whatever internal documentation from Company X that I've been able to get... I place a called to Webhost Y.
Me: "Hello Webhost Y, this is Tremor from Z Media calling on behalf of Company X. Company X has recently contracted us to redesign WebsiteX.com. I have been authorized to speak on behalf of Company X CEO Name and I have been tasked with gaining access to their hosting account at Webhost Y. You may call Company X at 123-456-7890 to verify our contract agreement. Company X has ended it's relationship with Old 'Design Company B' with whom they seem unable to contact for username and password to the ftp account. I do believe that 'Design Company B' is just some graphic designer operating out of his garage and he is just upset that he lost an account... haha.. you know how that is right?"
Webhost Y Rep: "Totally."
Me: "Anyway, we here at Z Media looked at your services at Webhost Y and find them to be of good quality and fair pricing, at this time we see no reason to change hosting service for Company X."
-That's the hook... You're not going to get what you want if your taking something away.. stroke the ego.
Me: "Anyway... Company X really wants to get off the ground with their new design so we were hoping to get access to the FTP... and Design Company B seems to have gone off the reservation. Additionally, we we're considering upgrading to your platinum hosting plan, so if you could a quote that I could pass by accounting that would be handy."
Webhost Y Rep: "No problem I'll send it right over. For the FTP the username is CompanyX and the password is also CompanyX."
Me: "Oh gee not very secure! We probably ought to fix that... thanks for the help."
Webhost Y Rep: "No problem, if you have any questions in the future you can call my extension directly."
---- And that's been the story atleast a dozen times. Goes pretty much the same acquiring a domain name transfer authorization code... sometimes have to fax a change of e-mail address to the registrar on company letterhead but that's easy enough. And I'm pretty astonished at how easy it was... I know that I am legit when I do this, but I can't help but think how it could be easily done by someone else with malicious intentions.