SAN FRANCISCO — It took only one attempt for Russian hackers to make their way into the computer of a Pentagon official. But the attack didn’t come through an email or a file buried within a seemingly innocuous document.

A link, attached to a Twitter post put out by a robot account, promised a family-friendly vacation package for the summer. It was the kind of thing anyone might click on, according to the official hit by the attack, who was not authorized to speak publicly about it.

That is exactly the problem, Pentagon officials and cybersecurity experts said. While corporations and government agencies around the world are training their staff to think twice before opening anything sent by email, hackers have already moved on to a new kind of attack, targeting social media accounts, where people are more likely to be trusting.

Pentagon officials are increasingly worried that state-backed hackers are using social media sites such as Twitter and Facebook to break into Defense Department computer networks. And the human error that causes people to click on a link sent to them in an email is exponentially greater on social media sites, the officials said, because people are more likely consider themselves among friends.