Is Social Engineering the Next Cybersecurity Battleground?

However smart technology is or how transformative organisations make their cybersecurity initiatives, one factor remains the same when it comes to security: us.

Human vulnerability is a cornerstone of successful cyber attacks, whether as a result of simple errors such as clicking on malicious links, people causing intentional harm or our ability to be easily manipulated. 

Our susceptibility to being exploited by lies, curiosity or fear is behind a rapid increase in ‘social engineering’ cybercrime. 

Social engineering is a tactic through which hackers create a false narrative to exploit victims. It relies on deception and taking advantage of vulnerabilities to drive people to willingly hand over sensitive information. 

Hyper-personalised fraud

According to Trend Micro, social engineering attacks are increasing in their volume and complexity. In particular, attackers are refining their tactics by leveraging new and emerging technologies, including AI and wearables, to scale deception. 

“Social engineering, the practice of manipulating people into divulging sensitive information, remains one of the most effective cybercrime strategies," said Robert McArdle, Director of Trend Micro's Forward Looking Threat Research. 

“Traditionally, criminals have relied on phishing emails, fraudulent phone calls and fake websites. However, the next wave of attacks will take advantage of AI-generated deepfakes, automated scam interactions and immersive digital experiences to craft hyper-personalised fraud at an industrial scale.”

Social engineering hacks typically follow three core elements.

After establishing a medium through which to connect with the victim, attackers then build a lie or falsehood. This is designed to convince the person to take action within a certain timeframe. 

This is followed by an ‘ask’, such as giving credentials, executing a malicious file or sending money. 

This scope of attack is likely familiar to both individuals and organisations - it’s the foundation of many common email and phishing scams that regularly hit home. 

However, Trend Micro warns of a growing sophistication in this approach by attackers, citing the use of AI tools, VR devices like Apple Vision Pro, the Humane Pin, Ray-Ban glasses and other new technologies. 

Leveraging emerging technologies

Wearable technology is particularly vulnerable to social engineering attacks due to its constant operation and the high trust levels of its users. 

It is often not designed to deploy security or authentication tools and presents an open attack surface that gives easy access to sensitive user data and dashboards.

Trend Micro also warns of the danger presented by chatbots, which attackers are increasingly feeding with false information in order to manipulate users into acting. 

This ‘poisoning’ of chatbots is often used as part of a business email compromise (BEC) scheme, although Trend Micro explains that it is not viable against many commercial chatbots like OpenAI’s ChatGPT or Anthropic’s Claude.

Other new attack methods include using large language models (LLM) to increase the effectiveness of BEC schemes. Here, threat actors use LLM bots to impersonate senior business leaders, using their seniority to convince victims to send money or take other actions. 

The role of AI and how to prevent attacks

According to Trend Micro AI, particularly Gen AI, is the driving force behind increasing numbers of socially engineered lies and attacks. 

AI gives threat actors scalability and flexibility when it comes to creating and adapting effective lies against victims. 

Further, Gen AI’s capabilities in producing lifelike image, audio and video contents means it excels at both creating believable content and quickly processing large amounts of text – this gives threat actors greater scalability and capacity to attack.

Lastly, Trend Micro predicts AI could be leveraged as the basis for an intelligent and dynamic lie system. If developed, this could rapidly escalate the volume of social engineering attacks by automatically connecting and interacting with users, earning their trust before coercing them into action.

The potential to use new and emerging technologies for these kinds of attacks will continue to grow, particularly as businesses and individuals have more options for connectivity and technologies. 

In particular, Trend Micro warns of attackers coming up with new ways to reach victims while, at the same time, using technologies such as AI to perfect their lies. 

“As technology advances, so do the methods cybercriminals use to manipulate, deceive and steal,” says Robert.

“We are witnessing a shift, where AI-driven deception and immersive technology will make scams smarter, faster and harder to detect. Organisations and individuals must stay ahead of these tactics by adopting proactive security measures.”

With AI accelerating attack automation, VR and wearables opening new exploit pathways and social engineering becoming hyper-personalised, businesses and individuals must rethink their cybersecurity defences

For enterprises, this means consolidating security capabilities and taking proactive measures to stay ahead of evolving techniques and tactics levied by cybercriminals. 

A key area of focus is developing a comprehensive security strategy to protect sensitive information and assets likely to be targeted by these social engineering scams.

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today.

Cyber Magazine is a BizClik brand