Social Engineering Surges as Key Attack Vector according to Proofpoint’s Latest Human Factor Report
Proofpoint, Inc., a leading cybersecurity and compliance company, today announced the first volume of its 2025 Human Factor Report, offering insights into how cybercriminals are evolving their tactics, with social engineering emerging as the primary threat to organizations worldwide.
A hacker’s most dangerous tool might not be a malicious link or sophisticated malware. Instead, it might be their ability to hack your brain using fake personas, seemingly innocent conversations, and believable stories to get you to take action. Under the right circumstances, clever social engineering can be more effective than any technical attack.
Some key findings from Proofpoint’s 2025 Human Factor Report: Social Engineering include:
- Threats Are Exploding to Multiple Channels—And Harder to Detect
- Proofpoint blocks 117 million TOAD (Telephone-Oriented Attack Delivery) attacks annually: these threats often rely on pure social engineering, bypassing traditional security defenses that look for malicious links or attachments.
- TOAD attacks use telemarketer techniques to manipulate people into infecting themselves by calling a number to install remote access tools and other malware —highlighting how cyberattacks are jumping channels beyond email.
- Similar tricks that manipulate people into installing malicious software themselves are expanding to collaboration and messaging platforms like Microsoft Teams
- Click Fix and fake updates/ web injects also follow
- Revenues from cryptocurrency-related fraud Surge 40%—With a Twist
- Cryptocurrency-related frauds are making more money outside of romance fraud, expanding to job fraud.
- Global losses hit $3.9 billion, with a 210% increase in the number of deposits in 2024 alone.
- While the number of victims skyrocketed, the average deposit shrank, suggesting attackers are widening the net to scam smaller payments from a larger victim pool
- Generative AI Is Enabling Multilingual, Regionally Targeted Fraud
- Most of the fraud that’s tracked by researchers is in English. However, Proofpoint also observes non-English language fraud.
- As generative AI becomes more common, threat actors will likely be able to expand their target pool by better tailoring social engineering to specific locations and languages.
- Benign Conversations Used by APTs Are on the Rise
- About 25% of all state-sponsored phishing campaigns now begin with “benign” emails to build trust—a striking shift toward psychological manipulation over technical exploits.
- 90% of these messages pretend to be interested in collaboration and engagement.
- Advanced Fee Fraud (AFF) Up 47%, Extortion Down 68%
- There’s a notable pivot from fear-based extortion to enticement-based scams. AFF scams like fake job offers or giveaways are proving more effective than threats.
- Even Taylor Swift’s Eras Tour was impersonated for fraudulent job offers.
Selena Larson, Senior Threat Intelligence Analyst at Proofpoint, said, “As generative AI becomes more common, threat actors will likely be able to expand their target pool by better tailoring social engineering to specific locations and languages. But it’s important to remember that it doesn’t matter whether emails are generated with AI or by an actual human, detection against these threats remains the same.”
From fraud to espionage, one tactic continues to dominate the threat landscape: social engineering. Whether phishing, impersonation, or AI-generated lures, cybercriminals are using psychology to get people to talk back. Proofpoint data shows that in most attacks, the technical details matter far less than human behavior. That’s why the path forward is not just smarter technology, but a smarter, human-centric defense.
