A common method involves placing malicious code or emails phishing disguised as legitimate documents on file-sharing sites like Dropbox or email servers. When unsuspecting users download these attachments, they unwittingly install malware attachments onto their computers.
Some baits include a physical component. For example, a hacker might place a USB stick in a public restroom stall. People picking up the device unknowingly infect themselves with malware.
More info: What is Data-Centric Security