Malicious scripts are often hidden within links or attachments. When the recipient clicks on a link or opens an attachment, the script executes and performs its harmful actions. This can include redirecting the recipient to a phishing site, downloading malware, or exploiting vulnerabilities in the recipient's system to gain unauthorized access.