{
	"id": "c1c003a0-bb58-489f-b769-11f256f952ae",
	"created_at": "2026-04-29T02:21:07.440967Z",
	"updated_at": "2026-04-29T08:21:57.725032Z",
	"deleted_at": null,
	"sha1_hash": "da14a8743f1028892cd6b783ea96c9c9d323057a",
	"title": "What Is Social Engineering? Definition, Attacks, Scams | Proofpoint US",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 97630,
	"plain_text": "What Is Social Engineering? Definition, Attacks, Scams |\r\nProofpoint US\r\nPublished: 2021-12-28 · Archived: 2026-04-29 02:03:38 UTC\r\nTable of Contents\r\nKey Takeaways\r\nSocial Engineering Definition\r\nHow Does Social Engineering Work?\r\nWhat Are the Steps to a Successful Social Engineering Attack?\r\nCommon Social Engineering Targets in Enterprises\r\nHow Social Engineering Has Evolved\r\nSocial Engineering in the Age of AI\r\nCommon Signs of a Social Engineering Attack\r\nExamples of Social Engineering Techniques\r\nHow to Prevent Social Engineering Attacks\r\nWhy Social Engineering Remains So Effective\r\nEmerging Trends in Social Engineering\r\nFAQs for Social Engineering\r\nSocial engineering is a manipulation technique that targets human judgment rather than technical vulnerabilities.\r\nAttackers use trust, urgency, or deception to prompt actions against a person’s own interests. This could include\r\nstealing credentials or causing a company to send money via a fake wire transfer. The technology used is\r\nbecoming increasingly sophisticated and can affect more people across a single attack. Using AI allows social\r\nengineers to create legitimate-looking emails at scale and even fake audio/video of executives to add legitimacy to\r\na request.\r\nEmails are no longer the only way for attackers to gain access to systems. Attacks now also come via SMS/text\r\nmessage, phone calls, social media, and collaboration platforms such as Slack and Teams. For those who deal with\r\nsecurity issues and fraud prevention, social engineering has become one of the most significant problems\r\ncompanies face, including phishing, business email compromise (BEC), account takeover, and financial fraud.\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 1 of 11\n\nHere’s how your free trial works:\r\nMeet with our cybersecurity experts to assess your environment and identify your threat risk exposure\r\nWithin 24 hours and minimal configuration, we'll deploy our solutions for 30 days\r\nExperience our technology in action!\r\nReceive report outlining your security vulnerabilities to help you take immediate action against\r\ncybersecurity attacks\r\nFill out this form to request a meeting with our cybersecurity experts.\r\nThank you for your submission.\r\nKey Takeaways\r\nSocial engineering uses psychological techniques, such as exploiting a person’s trust, sense of urgency, or\r\nauthority, to prompt them to take unsafe or illegal actions. These exploits target people rather than systems.\r\nAny member of an organization could be targeted by social engineering attacks, from employees and\r\nexecutive staff to customers and vendors.\r\nModern social engineering campaigns often use phishing and impersonation along with AI-generated\r\ncontent to make their messages seem more believable and difficult to identify.\r\nFor many of today’s biggest security threats, social engineering provides the initial attack path. This\r\nincludes BEC, account takeovers, identity theft, and various forms of fraud.\r\nTo protect yourself from these types of threats, you need more than just technical tools. You need to include\r\nsecurity awareness training, clearly defined verification processes, and multiple layers of defense.\r\nSocial Engineering Definition\r\nSocial engineering exploits psychological vulnerabilities to manipulate individuals into disclosing sensitive\r\ninformation or performing actions that compromise organizational security. While traditional attacks typically\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 2 of 11\n\ntarget systems, social engineering targets people. This type of deception takes advantage of the way humans\r\nnaturally react to trusting someone, recognizing authority, and being familiar with someone or something.\r\nToday’s attackers are now using AI in conjunction with deception and identity impersonation to make\r\nmanipulation more difficult to detect. An example of this would be an attacker replicating an executive’s voice to\r\nrequest that the company’s finance department carry out fraud. The reason social engineering has proven to be\r\nsuch a successful method of attacking organizations is that it relies on behavior. The attackers take the time to\r\nstudy their intended victim(s), understand where they work and what they do, and develop their strategy\r\naccordingly.\r\nHow Does Social Engineering Work?\r\nA threat actor might have a specific target in mind, or the attacker could cast a wide net to access as much private\r\ninformation as possible. Before a threat actor carries out a social engineering attack, their first step is to conduct\r\ndue diligence on the targeted user or corporation. For example, the attacker could gather names and email\r\naddresses of the finance department staff from an organization’s LinkedIn page to identify targeted victims and\r\nstandard operating procedures.\r\nThe reconnaissance phase is critical to the success of a social engineering attack. The attacker must fully\r\nunderstand the business’s organizational chart and target who has the authority to perform the actions necessary\r\nfor success. In most attacks, social engineering involves the threat actor pretending to be someone the targeted\r\nuser knows. The more information the threat actor collects about the targeted user, the more likely the social\r\nengineering attack will be successful.\r\nWith enough information gathered, the attacker can now carry out the next steps. Some social engineering attacks\r\nrequire patience to slowly build the targeted user’s trust. Other attacks are quick, where the threat actor gains trust\r\nwithin a limited time by conveying a sense of urgency. For example, the attacker might call a targeted user and\r\npretend to be an IT support staff member to trick the user into divulging their password.\r\nWhat Are the Steps to a Successful Social Engineering Attack?\r\nJust like most effective cyber-attacks, social engineering involves a specific strategy. Each step requires\r\nthoroughness because the attacker aims to trick the user into performing a particular action. Social engineering\r\ninvolves four steps. These steps are:\r\nInformation gathering: This first step is critical to social engineering success. The attacker collects\r\ninformation from public sources like news clippings, LinkedIn, social media, and the targeted business\r\nwebsite. This step familiarizes the attacker with the inner workings of the business departments and\r\nprocedures.\r\nEstablish trust: At this point, the attacker contacts the targeted user. This step requires conversation and\r\nconvincing, so the attacker must be equipped to handle questions and persuade the targeted user to perform\r\nan action. The attacker must be friendly and might try to connect with the targeted user on a personal level.\r\nExploitation: After the attacker tricks the targeted user into divulging information, exploitation begins.\r\nThe exploit depends on the attacker’s goals, but this step is when the attacker gets money, access to a\r\nsystem, steals files, or obtains trade secrets.\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 3 of 11\n\nExecution: With the sensitive information obtained, the attacker can now perform the final goal and exit\r\nthe scam. The exit strategy includes methods to cover their tracks, including detection avoidance from the\r\ntargeted organization’s cybersecurity controls that could warn administrators that an employee had just\r\nbeen tricked.\r\nCommon Social Engineering Targets in Enterprises\r\nSocial engineering works best when attackers go after people with access, authority, or trust. In an enterprise\r\nenvironment, these targets make up more of the organization than most security teams realize.\r\nEmployees represent the largest target group. Most phishing, smishing, and credential theft campaigns use\r\nbroad targeting methods across the entire workforce.\r\nExecutives are high-value targets for financial fraud, BEC, and deepfake impersonations. They are targeted\r\nby attackers to either obtain money from them or to impersonate them to get money from other employees.\r\nFinance teams are primary targets for wire fraud and invoice manipulation. If one employee approves a\r\ntransaction, it could lead to significant financial losses for their employer.\r\nHelp desk/IT staff are preyed upon through pretexting and impersonation to reset credentials, obtain new\r\naccount access, or gain new system privileges.\r\nCustomer service teams are vulnerable to account-takeover attacks, in which attackers impersonate\r\nlegitimate customers to gain access to accounts or obtain customer personal data.\r\nThird-party vendors and partners can serve as an indirect point of entry into your systems because of\r\nthe trusted relationships they’ve developed with your company.\r\nHow Social Engineering Has Evolved\r\nSocial engineering has been an issue for many years. These cyber-attacks began with simple phone scams and\r\ngeneric phishing emails that would cast a broad net in hopes of finding enough people to scam. The tactics were\r\nusually very basic and fairly easy to identify, but they had the potential to succeed because they were so\r\nwidespread.\r\nThings have changed significantly today. Modern social engineering campaigns are designed as multi-channel\r\nefforts. They can move across email, SMS, voice calls, social media, and even your work-based communication\r\nplatforms. AI has accelerated the shift from manual, opportunistic scams to personalized, convincingly human\r\nautomated attacks.\r\nOne of the greatest changes we have seen in modern social engineering is the level of precision. These attackers\r\nwill do their homework to learn about you, mimic how someone familiar to you sounds and act/look like them,\r\nand create messages that seem legitimate. This isn’t just a numbers game anymore. Modern social engineering is\r\nmuch more of a targeted campaign. As such, it is much harder to detect than it was in the past.\r\nSocial Engineering in the Age of AI\r\nAI has transformed the potential for large-scale social engineering. Threat actors are now able to leverage large\r\nlanguage models to produce custom, contextually relevant communications within seconds, at a price point that\r\nallows nearly all types of threat actors access to highly-targeted spear phishing. A study conducted in January of\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 4 of 11\n\n2025 demonstrated that AI-powered spear phishing had a 54% click-through rate (CTR), which is comparable to\r\nthat of a human expert, but at less than one-tenth the cost.\r\nThis attack vector extends far beyond email. Voice-cloning applications may mimic a CEO’s tone and style based\r\non a few minutes of audio. AI chatbots are able to maintain a believable conversation in near-real time, pretending\r\nto be IT support or a financial representative of a firm until their target complies. In the 2024 CFO deepfake video\r\nconference case, there were no real participants on the call, and the company lost $25 million before identifying\r\nthe scam.\r\nCommon Signs of a Social Engineering Attack\r\nSocial engineering works because it triggers instinctive responses before the target has time to think critically.\r\nUrgency, fear, authority, and curiosity are the primary lenses used to induce those responses. Being aware of these\r\nsignals is the first line of defense against them.\r\nA few patterns show up consistently across modern attacks:\r\nPressure to act fast: When you need to act fast with financial transfers, reset credentials, or approve access\r\nto a resource, that is usually a tell-tale sign of social engineering. Executives often receive high-pressure\r\nfinancial requests from what they believe to be their colleagues or vendors.\r\nIdentity impersonation: Attackers pretend to be executives, IT staff, vendors, or customer Support agents.\r\nThis happens via email, phone calls, Slack, Teams, and even text messages. Cloned voices and AI-generated audio are now making it harder to detect phone-based impersonations.\r\nPolished, convincing language: AI-generated messages no longer have typos and awkward phrasing,\r\nwhich made such exploits easy to spot in the past. If a message feels slightly off despite looking\r\nprofessional, that instinct is worth listening to.\r\nSuspicious links and QR codes: Phishing links embedded in messages are a long-standing tactic. QR code\r\nscams, sometimes called quishing, are a growing variation that bypasses many traditional security filters.\r\nAccount recovery and help desk requests: Support teams are frequent targets. Attackers pose as\r\nemployees who need urgent credential resets or account changes. Always verify identity through a separate\r\nchannel before making any access changes.\r\nUnverifiable senders: If somebody is unwilling or incapable of confirming who they are, that alone should\r\ncause you to pause. This goes for every channel.\r\nExamples of Social Engineering Techniques\r\nThe aim of social engineering is to deceive people into taking actions that they wouldn’t ordinarily take. The\r\ntechniques listed below are some of the most common and damaging techniques being employed today.\r\nDigital Impersonation\r\nAttackers use digital channels to impersonate someone recognizable. They can ask for your password, money, etc.\r\nMost of the time, these attacks come via email or other digital channels.\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 5 of 11\n\nPhishing: These deceptive emails are designed to obtain user credentials, distribute malware, or direct\r\nusers to fraudulent sites. Phishing messages are becoming more elaborate thanks to AI, so it is becoming\r\nincreasingly difficult to determine if the message is legitimate or not.\r\nSmishing: This is a form of phishing that uses SMS/text messages to send users malicious links or prompt\r\nusers to contact an illegitimate phone number. Users typically respond to an SMS more quickly and with\r\nless scrutiny than to an email.\r\nVishing: The attacker uses a voice to impersonate a legitimate caller, including an executive, a vendor, or\r\nan IT staff member. Due to advancements in voice-cloning technology, vishing has become much more\r\nbelievable.\r\nQR phishing (quishing): Scammers embed malicious QR codes—in e-mails, PDFs, and physical signs—\r\nthat lead users to websites where they are asked for their credentials. QR codes can bypass many of the\r\ntypical link-scanning filters.\r\nDeepfake fraud: Deepfakes are generated using AI and include both audio and video. They can be used to\r\nimpersonate a company executive, a colleague, or a vendor. These types of attacks are becoming more\r\nprevalent for use to make unauthorized transactions or influence employees during live conversations.\r\nCollaboration app scams: Scammers are now utilizing collaboration apps to impersonate executives or IT\r\npersonnel. The scammers will create urgency around their request and may compromise an internal account\r\nto seem like a legitimate request.\r\nSocial media impersonation: Threat actors are creating fake social media profiles that mimic executives,\r\ncolleagues, or brands. Once the trust is built, the scammer will ask the target for sensitive information or\r\nask the target to visit malicious content.\r\nAccess Manipulation\r\nThese tactics involve obtaining unauthorized access to systems through deception, persistence, or physically being\r\npresent.\r\nPretexting: Attackers create a fabricated story in order to gain the trust of the target. A classic example of\r\npretexting is when a scammer poses as a bank representative to verify a customer’s account information\r\nafter a reported security breach.\r\nHelp desk deception: Support teams are high-value targets. Attackers impersonate employees in need of\r\nurgent credential resets or account changes. Verification workflows that rely on a separate, established\r\nchannel are the most effective defense.\r\nMFA fatigue: Threat actors continue to repeatedly prompt the target for multiple forms of authentication\r\nuntil the target becomes frustrated or confused enough to accept one. This tactic was used in some high-profile breaches and can be detected only through behavioral analysis.\r\nTailgating: This exploit occurs when an unauthorized individual follows an authorized employee through a\r\nsecured door. This allows the unauthorized individual to bypass physical security measures completely.\r\nTailgating does not require technical expertise; it relies on the employee’s courtesy and distraction.\r\nIncentive and Lure Tactics\r\nThese techniques use promises, rewards, or fabricated opportunities to lower a target’s guard.\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 6 of 11\n\nBaiting: Scammers lure victims into accessing a malicious link or downloading a piece of malware, which\r\nis often in the form of free software, a gift card, or exclusive content.\r\nQuid pro quo: These attacks involve sharing something of value in exchange for access to the target’s\r\nsystem or sensitive information. Sometimes, quid pro quo is used by disgruntled employees who are\r\ncontacted by outside threat actors.\r\nFake offers and surveys: Disguised customer service interactions, prize notifications, or survey invitations\r\nare used by scammers to gather the target’s personal information or to redirect the target to a website that\r\ncollects credentials.\r\nHow to Prevent Social Engineering Attacks\r\nUrgency is the most reliable signal that something deserves a second look. Attackers use it deliberately to\r\ncompress the time between a request and a response. Slowing down is not a sign of inefficiency. It is the right\r\ninstinct. A few practices that hold up across every channel:\r\nVerify through a separate channel: If a request arrives by email, confirm it by phone or in person before\r\nacting. If it arrives by phone, follow up through a known contact method. This applies to financial\r\napprovals, credential resets, and access changes. Executives receiving urgent wire transfer or approval\r\nrequests should treat out-of-band verification as a standard step, not an exception.\r\nDo not trust urgency alone: Pressure to act immediately, even from a familiar name or voice, is reason to\r\npause. Legitimate requests from colleagues, vendors, and executives can almost always wait a few minutes\r\nfor verification.\r\nTreat AI-generated content as a credibility challenge: Polished language, familiar tone, and accurate\r\ncontext no longer indicate a message is real. AI makes impersonation more convincing across email, SMS,\r\nand collaboration platforms. Apply the same scrutiny to a well-written message as a poorly written one.\r\nApply the same skepticism to collaboration tools as email: Impersonation in Slack, Teams, and similar\r\nplatforms is a growing tactic. A message from a colleague’s account requesting urgent action should be\r\nverified the same way an email would be.\r\nBe cautious with voice and video requests: Voice-cloning and deepfake technology have made audio and\r\nvideo less reliable as identity proof. If a call or video request involves a sensitive action, verify through a\r\nsecond channel before proceeding.\r\nNavigate directly to sites rather than clicking links: If a message claims to be from a known service or\r\nvendor, open a browser and go directly to the site. The same applies to QR codes in unsolicited messages\r\nor physical materials.\r\nHelp desk and SOC teams require strong identity verification before any credential reset or access change. An\r\nattacker’s best path through your organization may be a single convincing phone call.\r\nWhy Social Engineering Remains So Effective\r\nSocial engineering defense techniques have advanced dramatically. However, these threats remain the leading\r\nthreat to organizations because the most difficult defense to patch is human judgment. These include urgency,\r\nauthority, and familiarity, among others. As such, attackers are continually improving their ability to manufacture\r\nthese elements for use against individuals.\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 7 of 11\n\nWhat has changed is scale and precision. Attackers can now use AI to generate a high volume of personalized,\r\ncontextually relevant messages, which was impossible with previous technology. 2025 research found that AI-generated phishing attacks outperformed elite human red teams by 24%, a meaningful shift from just two years\r\nearlier, when AI lagged significantly behind.\r\nThe attack surface has also widened. Threats no longer arrive through a single channel or identity. They move\r\nacross email, voice, SMS, and collaboration platforms in coordinated sequences. According to the Verizon 2025\r\nDBIR, the human element was a factor in roughly 60% of breaches. That number has held steady for years, and\r\nthat consistency is the point.\r\nEmerging Trends in Social Engineering\r\nDeepfakes have gone from a hypothetical risk to an active threat, with hackers leveraging AI-generated audio and\r\nvideo to impersonate executive-level personnel, vendors, and colleagues. The quality of deepfakes is such that\r\nvoice authentication can no longer be relied upon to identify a person.\r\nThe number of malicious QR code detections reported by Kaspersky increased fivefold between August and\r\nNovember of 2025. This type of attack is so successful at getting past people’s defenses because it often bypasses\r\nemail filters and sends users to credential-harvesting sites on their mobile devices, which typically have less\r\nrobust security software than desktops.\r\nCollaborative workspaces have emerged as a major attack vector. There are increasing instances of impersonation\r\non these platforms, especially when an attacker compromises a legitimate internal account, giving the\r\nimpersonator some credibility.\r\nThere is growing concern among security professionals about AI-enabled autonomous capabilities for executing\r\nsocial engineering campaigns. Security teams are already planning how to deal with autonomous AI agents that\r\ncan design and execute all aspects of a social engineering campaign, from research to lure development to delivery\r\nvia any medium (e.g., email, phone).\r\nFAQs for Social Engineering\r\nWhat is social engineering in simple words?\r\nHow is social engineering different from phishing?\r\nHow are attackers using AI in social engineering?\r\nCan deepfakes be used in social engineering attacks?\r\nHow can organizations prevent social engineering?\r\nWhy is social engineering effective even with strong security tools?\r\nWhat is the most common form of social engineering?\r\nIs social engineering illegal?\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 8 of 11\n\nHow common is social engineering?\r\nWhat is social engineering in simple words?\r\nMost people think of cyber-threats as malware or a hacker exploiting vulnerabilities in software. However, social\r\nengineering is a threat where an attacker tricks a targeted user into divulging sensitive information by pretending\r\nto be a familiar person or service. The attacker might trick a targeted user into divulging their password, or the\r\nattacker could trick the targeted user into sending money by pretending to be a high-level executive. Attackers’\r\ngoals in a social engineering campaign vary, but generally, the attacker wants access to accounts or to steal the\r\nuser’s private information.\r\nHow is social engineering different from phishing?\r\nPhishing is one type of social engineering, but social engineering is the broader category. It includes any technique\r\nthat manipulates people through deception, whether over email, phone, SMS, video, or in person. Phishing\r\nspecifically refers to deceptive messages designed to steal credentials or deliver malware. Social engineering also\r\nencompasses vishing, pretexting, deepfake fraud, help desk deception, and more.\r\nHow are attackers using AI in social engineering?\r\nAI has increased the speed and scalability of social engineering. AI uses large language models to produce high-quality, personalized, and professional-looking emails in bulk. This eliminates some of the characteristics that\r\nmake phishing so easy to identify. The use of AI also enables the development of voice cloning, synthetic videos,\r\nand automated reconnaissance that can provide an attacker with information about their intended victim.\r\nCan deepfakes be used in social engineering attacks?\r\nYes, they are being used. An example of how this has been done was seen in a very publicized incident involving a\r\nBritish engineering firm called Arup. They were targeted with an AI-generated deepfake video. The attackers\r\npretended to be the company’s CFO during a video conference and caused the firm to lose roughly $25 million.\r\nBetween the first and second half of 2024, voice-cloned attacks went up 442%. Deepfakes are no longer a limited\r\ntool for well-funded and sophisticated attackers. They are now being used in both financial fraud and executive\r\nimpersonation schemes.\r\nHow can organizations prevent social engineering?\r\nOrganizations need to take a multi-layered approach. This includes continuing to train employees on security\r\nawareness, having out-of-band workflows for sensitive requests, implementing strong identity controls, and using\r\nbehavior-based detection to monitor and alert when an employee performs an abnormal action. Organizations also\r\nneed to document how the identity of callers to the helpdesk and SOC teams will be verified prior to resetting any\r\ncredentials or making any changes to access. Culture is important as well. If employees believe they can safely\r\nreport suspicious activities, then they become a significant deterrent against social engineering.\r\nWhy is social engineering effective even with strong security tools?\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 9 of 11\n\nImpersonations bypass security technologies because they target individuals directly. A sophisticated\r\nimpersonation doesn’t have to go through a firewall to reach an individual. Or evade an endpoint agent. It simply\r\nhas to get someone to act on the request. Most security tools can identify and block known types of malicious\r\ncontent. However, they are less likely to identify a convincing request from someone who appears to be a co-worker or supervisor. The most obvious characteristics of a malicious message that would alert a user to its\r\npotential harm are removed by artificial intelligence. This places nearly all of the burden for determining whether\r\na communication is legitimate on the individual (which is exactly where an attacker wants it).\r\nWhat is the most common form of social engineering?\r\nThe term “social engineering” is a broad term that covers many cyber-criminal strategies. Social engineering\r\ninvolves human error, so attackers target insiders. The most common form of social engineering is phishing,\r\nwhich uses email messages. Under the umbrella of phishing are vishing (voice) and smishing (text messages). In a\r\ntypical phishing attack, the goal is to obtain information for monetary gain or data theft.\r\nIn a phishing email, the attacker pretends to be a person from a legitimate organization or a family member. The\r\nmessage might ask for a simple reply, or it will contain a link to a malicious website. Phishing campaigns can\r\ntarget specific people within an organization – spear phishing – or the attacker can send hundreds of emails to\r\nrandom users, hoping that at least one falls for the fraudulent message. Untargeted phishing campaigns have a low\r\nsuccess rate, but it doesn’t take many successful messages for an attacker to obtain the necessary information for\r\nmonetary gain.\r\nThe two phishing variants – smishing and vishing – have the same goals as a general phishing campaign but\r\ndifferent methods. A “smishing” attack uses text messages to tell targeted users that they have won a prize and\r\nneed to pay a shipping fee to receive their gifts. “Voice” phishing requires voice-changing software to trick users\r\ninto thinking the attacker is someone from a legitimate organization.\r\nIs social engineering illegal?\r\nYes, social engineering is illegal because it uses deception to trick individuals into revealing sensitive information\r\nor granting access to systems. These attacks often lead to more serious crimes, including fraud, identity theft, and\r\nunauthorized access to networks or financial accounts.\r\nA common example is consumer fraud, where attackers impersonate trusted organizations to request financial\r\ndetails or payments. Once obtained, this information can be used to steal money or sold on illicit markets.\r\nPenalties vary depending on the scale and impact of the attack. Smaller offenses may result in fines or short-term\r\njail time, while larger or repeated attacks can lead to significant prison sentences, higher fines, and civil lawsuits\r\nbrought by affected victims.\r\nHow common is social engineering?\r\nVery common, and growing. According to the 2025 SANS Security Awareness Report, 80% of organizations rank\r\nsocial engineering as their top human-related risk. Palo Alto Networks’ Unit 42 found that social engineering was\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 10 of 11\n\nthe leading initial access vector in incident response cases between mid-2024 and mid-2025, accounting for 36%\r\nof all incidents. In two-thirds of those cases, attackers targeted privileged or executive accounts.\r\nThe goals behind these attacks have also broadened. Credential theft remains the most common outcome, but\r\nsocial engineering now drives financial fraud, account takeover, data theft, and ransomware deployment. Business\r\nemail compromise alone generated $2.8 billion in reported losses in 2024, according to the FBI.\r\nTake Ownership of Your Data with Proofpoint\r\nCompanies that invest in data security and governance are better able to control where sensitive information is\r\nstored, who can access it, and how it moves throughout their environment. To protect data effectively, you need to\r\ndo more than just stop threats at the perimeter. It requires ongoing visibility into insider behavior, unauthorized\r\naccess patterns, data governance policies, and internal systems that can adapt as data moves. When securing and\r\npreventing data loss is a top priority, the right mix of discovery, classification, and access controls can help\r\nbusinesses stay ahead of both intentional misuse and unintentional exposure.\r\nSee why enterprises trust Proofpoint for comprehensive data protection that addresses tomorrow’s threats. Contact\r\nProofpoint today.\r\nRelated Resources\r\nThe latest news and updates from Proofpoint, delivered to your inbox.\r\nSign up to receive news and other stories from Proofpoint. Your information will be used in accordance with\r\nProofpoint’s privacy policy. You may opt out at any time.\r\nSource: https://www.proofpoint.com/us/threat-reference/social-engineering\r\nhttps://www.proofpoint.com/us/threat-reference/social-engineering\r\nPage 11 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.proofpoint.com/us/threat-reference/social-engineering"
	],
	"report_names": [
		"social-engineering"
	],
	"threat_actors": [],
	"ts_created_at": 1777429267,
	"ts_updated_at": 1777450917,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/da14a8743f1028892cd6b783ea96c9c9d323057a.pdf",
		"text": "https://archive.orkl.eu/da14a8743f1028892cd6b783ea96c9c9d323057a.txt",
		"img": "https://archive.orkl.eu/da14a8743f1028892cd6b783ea96c9c9d323057a.jpg"
	}
}