2022 Social Engineering Report

Social engineering is the preeminent component of the overwhelming majority of cyberattacks today. Whether the goal of a threat actor is to directly perpetrate fraud, harvest credentials, or install malware, at some point a human being must be coerced into taking an action on the actors’ behalf. This fact is the basis for Proofpoint’s People-Centric Security Model, an idea which has revolutionized the way the world’s leading businesses consider the threat landscape and defend their organizations. It is the central driver of security awareness programs, which train end users to better recognize attempts to exploit them into facilitating malicious activity.

Despite defenders’ best efforts, cybercriminals continue to defraud, extort, and ransom companies for billions of dollars annually. We are locked in an adversarial struggle with these threat actors, the nature of which evolves over time. As new defensive capabilities are implemented, crafty and technically talented actors look for new ways to defeat them. Security-focused decision makers have prioritized bolstering defenses around physical and cloud-based infrastructure which has led to human beings becoming the most reliable entry point for compromise. As a result, a wide array of content and techniques continue to be developed to exploit human behaviors and interests.

The most effective methods prey on natural human tendencies and undermine instincts which raise an alarm that “something isn’t right.” Often this means presenting the intended victim with content they may already be familiar with or regularly interact with in their day-to-day jobs: invoices, receipts, documents, and spreadsheets. The content appears routine and therefore raises no alarm. A threat actor might impersonate a trusted partner, or an authority figure such as a company’s executive…