Social engineering via AI

Executive Summary 

AI-based social engineering is a new cyber security attack that is growing at a phenomenal speed. These attacks may end up with data leakage, financial, or reputational damage. The use of multi-factor authentication (MFA) and training of people to identify such tactics are good, preventative measures. Organizations must act to stay ahead of this rapidly changing threat. Security awareness and defensive measures need to be prioritised to reduce risk.

Background

Social engineering has plagued the field of cybersecurity for a long time, but the advent of AI has led to such attacks to become increasingly sophisticated and hard to notice. However, tools based on Artificial Intelligence (AI), including chatbots and voice generators, can now reliably pretend to be real human beings, thus making it easier to manipulate victims so they reveal personal information [3]. With increasing availability and affordability of these tools, the threat of AI-assisted cyberattacks is going up and up.

AI is also enhancing phishing attacks by generating highly realistic emails and deepfake audio designed to impersonate trusted individuals. These techniques make a subject more likely to become a deceiver, since employees may experience difficulty distinguishing between authentic and false messages [2]. Lack of training exposes organizations to these changing threats if it is not addressed.

As the utility of digital communications increases, so does the potential harm posed by AI-based social engineering. Businesses and individuals whose personal information may be compromised may suffer if these hazards are ignored. Proactive security actions are now needed to limit these attacks’ exposure.

Impact 

AI-enabled social engineering attacks have the capacity to inflict serious damage by extracting and exposing private information, furthering financial fraud, and degrading life-sustaining systems [5]. The scalability of such attacks in turn increases the risk, as the technology enables cyberthieves to attack tens of thousands of people at the same time. Without proper security mechanisms, the consequences may potentially be financial or judicial, or result in loss of public trust. Addressing this threat is essential to maintaining cybersecurity resilience.

Mitigation 

Efforts to protect against social engineering attacks using AI need to be built on a blend of education and technical defenses. Cybersecurity training can educate learners to identify phishing attempts and related deceptions [4]. Introduction of multi-factor authentication, or MFA, provides another level of protection since it requires two forms of authentication, which makes unauthorized access less likely. These safeguards not only increase general security by mitigating both human and technological weaknesses, but also create attacks that are harder to carry out.

Relevance 

AI-powered cyberattacks affect individuals and organizations in every sector. The cost of cyber security training and protective measures, such as MFA, is more when compared to the recovery from a security breach. By using these strategies, organizations that implement them can bolster their defenses, mitigate financial pressure, and create a security-minded culture. Proactively mitigating these threats guarantees future survivability and data security.

References 

[1] Battles, Wendy. (2025, February 12). April Cybersecurity Awareness Tip: AI, social engineering, and you. Yale. https://cybersecurity.yale.edu/monthly-tip/april-2024

[2] Desai, D. & Hedge, R. (2024, April 23). Phishing Attacks Rise: ThreatLabz 2024 Phishing Report. Zscaler. https://www.zscaler.com/blogs/security-research/phishing-attacks-rise-58-year-ai-threatlabz-2024-phishing-report

[3] Shea, S. & Krishnan, A. (2024, October 22). How AI is Making Phishing Attacks More Dangerous. TechTarget. https://www.techtarget.com/searchsecurity/tip/Generative-AI-is-making-phishing-attacks-more-dangerous

[4] Stanham, Lucia. (2025, January 16). AI-Powered Cyberattacks. CrowdStrike. https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/ai-powered-cyberattacks/

[5] The Hacker News. (2025, February 7). AI-Powered Social Engineering: Reinvented Threats. The Hacker News. https://thehackernews.com/2025/02/ai-powered-social-engineering.html