The Rising Threat of Social Engineering in 2025: Are You Prepared?

First of all, i am excited to share that I have transitioned from AWS Hybrid Edge, where I worked on solutions such as Outposts and Local Zones, to AWS Security. With my background in penetration testing and hybrid edge solutions, I’m eager to apply my expertise in helping organisations strengthen their security posture against threats like social engineering.

As the calendar turns to 2025, the cybersecurity landscape faces an ever-evolving threat: social engineering. Unlike brute-force attacks or malware, social engineering doesn’t rely on exploiting technical vulnerabilities. Instead, it targets the most unpredictable component of any organisation’s defences, its people.

Social engineering has become one of the most effective tools in a cybercriminal’s arsenal, manipulating human psychology to bypass even the most robust security systems. As attacks become more sophisticated and targeted, organisations must adapt their strategies to defend against this growing menace.

What Makes Social Engineering So Dangerous?

Social engineering attacks exploit trust, urgency, and human error. Instead of breaking through firewalls, attackers manipulate individuals into revealing sensitive information, granting access, or unwittingly executing harmful actions. These methods are often low-cost, scalable, and highly effective, making them a preferred tactic for cybercriminals.

Why It’s Effective

• Trust Exploitation: Employees tend to trust emails from internal departments, phone calls from IT support, or requests from “authority figures.”
• Emotional Manipulation: Many attacks create a sense of urgency or fear. For example, a fake email about account suspension might prompt immediate action without careful scrutiny.
• Tailored Approaches: Attackers now leverage publicly available information from platforms like LinkedIn to craft highly personalised messages that appear legitimate.

Trends in Social Engineering: What to Watch For in 2025

As we navigate the complexities of a hyperconnected world, social engineering tactics continue to evolve. Some emerging trends include:

1. AI-Enhanced Phishing

Phishing remains the cornerstone of social engineering, but the integration of AI tools has amplified its potency. AI-generated phishing emails mimic human writing styles with near perfection, making it harder than ever to distinguish fraudulent messages from legitimate ones.

For instance, OpenAI’s GPT models can be misused to generate highly convincing, personalised phishing messages. In 2025, attackers are using AI to:

• Craft emails that align with corporate communication styles.
• Tailor messages based on the recipient’s role, habits, and preferences.

2. Deepfake Impersonation

Deepfake technology has advanced significantly, enabling attackers to create realistic video or audio messages. Imagine receiving a Zoom call from your “boss” or a voicemail from your CEO instructing you to transfer funds urgently. These deepfake attacks blur the line between reality and deception, leaving employees ill-equipped to identify fraud.

3. Exploiting Remote Work Vulnerabilities

With remote and hybrid work here to stay, social engineering attacks are increasingly targeting home offices. Phishing emails disguised as IT updates, fake VPN login pages, and fraudulent software updates have become commonplace.

4. Supply Chain Targeting

Attackers are shifting their focus to vendors, contractors, and partners—the weakest links in an organisation’s supply chain. A single compromised vendor can serve as a gateway to infiltrate multiple organisations.

Notable Social Engineering Attacks

The 2023 MGM Resorts Breach

In one of the most high-profile social engineering cases, cybercriminals used a simple phone call to an IT help desk to gain access to MGM Resorts’ systems. The attackers posed as employees and persuaded support staff to reset credentials. The breach disrupted operations, causing significant financial and reputation damage. Read more here.

The Twitter Bitcoin Scam (2020)

Although not recent, this attack remains a blueprint for how social engineering can exploit even tech-savvy organisations. Attackers gained access to Twitter’s internal tools through social engineering, hijacked high-profile accounts, and promoted a cryptocurrency scam, netting over $100,000 in hours. Learn more about the attack.

Robinhood Customer Data Breach (2021)

In November 2021, a cybercriminal tricked a Robinhood customer service representative into providing access to internal systems. The attacker was able to obtain personal data for over 7 million users, including names, emails, and in some cases, phone numbers. This breach highlights the risks of social engineering targeting support teams.

SolarWinds Supply Chain Attack (2020)

The SolarWinds hack, one of the largest cyber-espionage campaigns, included elements of social engineering to initially gain access. Attackers exploited trust in software updates, pushing malicious code disguised as legitimate updates to customers of SolarWinds. This attack affected several government agencies and Fortune 500 companies.

Defending Against Social Engineering: A Multi-Layered Approach

Protecting against social engineering requires a comprehensive strategy that combines technology, processes, and people. Here are three pillars of a robust defence:

1. Build Awareness and Education

Training employees to recognise and respond to social engineering attacks is critical. However, outdated, one-size-fits-all approaches no longer suffice. Organisations must implement dynamic, engaging training programs:

• Gamification: Simulated phishing exercises that reward correct responses.
• Role-Based Training: Tailored sessions for specific job functions, such as finance teams (prone to invoice fraud) or HR teams (targeted for payroll scams).
• Frequent Updates: Training must evolve to cover new threats like AI-generated phishing and deepfake impersonation.

2. Embrace Zero-Trust Architecture

Zero-trust principles assume that every user, device, and connection is untrusted until verified. Key components include:

• Multi-factor Authentication (MFA): Even if credentials are compromised, MFA adds an additional layer of protection.
• Least Privilege Access: Employees should only have access to systems and data essential for their roles.
• Continuous Monitoring: Regularly validate user behaviour and flag anomalies in real-time.

3. Foster a Culture of Vigilance

Cybersecurity must be embedded in organisational culture:

• Encourage Reporting: Employees should feel comfortable reporting suspicious activities without fear of repercussions.
• Leadership Buy-In: Leaders should model best practices and actively participate in cybersecurity initiatives.
• Cross-Department Collaboration: IT, HR, and management teams must work together to identify and mitigate risks.

The Role of Technology in Combating Social Engineering

While technology alone cannot solve the problem, it plays a critical role in enhancing defenses. AWS offers several tools that can significantly bolster an organisation’s resilience against social engineering:

• AWS Macie: This fully managed data security and privacy service uses machine learning to identify and protect sensitive data such as personally identifiable information (PII). By monitoring data access patterns, AWS Macie can flag suspicious activities that may indicate a social engineering attack.
• AWS Incident Detection and Response: Launched recently to provide expert guidance during security events, this service helps organisations detect, analyse, and respond to incidents quickly. In the context of social engineering, rapid response can mitigate damage and prevent attackers from leveraging stolen credentials further.
• Amazon GuardDuty: GuardDuty continuously monitors for malicious activity and unauthorised behavior, providing insights into potential social engineering threats. It integrates seamlessly with other AWS tools to create a holistic security ecosystem.
• AWS Identity and Access Management (IAM): With IAM, organisations can enforce least privilege access, ensuring employees only have the permissions necessary for their roles. This minimises the potential impact of a successful social engineering attack.

Looking Ahead

Social engineering will remain a dominant threat in 2025 and beyond. As attackers refine their tactics, organisations must evolve their defences accordingly. Cybersecurity is no longer just the responsibility of IT teams; it requires a concerted effort across all levels of an organisation.

Having conducted extensive penetration testing earlier in my career, I’ve repeatedly observed that social engineering is often underestimated by organisations despite its rising prevalence. With the growing adoption of edge computing solutions like AWS Outposts and Local Zones, the attack surface for organisations has expanded significantly, making the need for robust defences even more urgent.

Investing in training, adopting zero-trust principles, and leveraging advanced technologies like AWS Macie and AWS Incident Detection and Response are essential steps. But perhaps the most critical defense is fostering a culture where every employee understands that they are the first line of defense.