Share this post
Social engineering attacks are becoming more sophisticated, personalized, and dangerous than ever before. After analyzing over 100,000 security simulations across multiple organizations, including more than 10,000 vishing simulations, we've identified four critical trends reshaping the cybersecurity landscape in 2025.
Vishing has evolved from simple automated calls into one of the most dangerous social engineering techniques. Modern voice cloning tools can now convincingly replicate someone's voice using just a few seconds of publicly available audio, like a video from social media or a recorded call. Our data reveals a stark reality: AI-powered voice attacks achieve interaction rates more than twice as high as generic voice-based attempts. When attackers impersonate familiar voices - colleagues, executives, or trusted vendors - employees naturally lower their guard and engage more readily.
A notable example involved attackers impersonating Italy's Defence Minister Guido Crosetto using voice cloning technology. They targeted members of billionaire Beretta and Bugatti-Rimac families, resulting in a confirmed loss of €1 million. The attackers created elaborate scenarios involving fake kidnapped journalists, exploiting trust and urgency to pressure victims into transferring funds.
Generic "spray-and-pray" phishing is dead. Attackers have shifted to highly contextualized, targeted lures that resemble legitimate business communications. Approximately 50% of phishing emails now use spear-phishing techniques, leveraging open-source intelligence (OSINT), organizational context, and leaked information from darknet sources. This allows attackers to construct credible, workflow-relevant narratives targeting specific individuals with messages that include well-crafted signatures and closely follow routine workflows:
Employees click because everything "looks right" and routine urgency reinforces that behavior. In contrast, generic, non-contextualized messages average only about 1% interaction - users have become familiar with typical phishing templates and are far more cautious.
Attackers are no longer limiting themselves to a single communication channel. Instead, they're orchestrating sophisticated campaigns across email, SMS, collaboration tools, messaging apps, and voice calls. In a typical multi-channel attack:
Each touchpoint builds on the previous one, creating a sense of legitimacy that's extremely difficult to detect. Our data shows dramatic results: Simulations using more than two communication channels increase the likelihood of non-protective user actions by up to ten times compared to single-channel scenarios. Agentic AI and modern automation enable attackers to easily coordinate these multi-channel campaigns, building credibility through reinforcing touchpoints that make attacks nearly indistinguishable from legitimate communication.
Another clear trend in 2025 is the expansion of phishing beyond email. Attackers actively seek less monitored and more trusted channels to reach targeted employees. Encrypted messaging apps like Signal, WhatsApp, and Telegram provide direct, private access with limited security controls. These platforms deliver messages instantly to mobile devices, encouraging quick responses. According to CISA alerts, threat actors are using phishing lures, malicious links, and mobile-focused exploits to compromise users of these communication apps.
Social media platforms account for approximately 22.5% of phishing incidents. Meta recently confirmed the takedown of more than 6.8 million WhatsApp accounts linked to criminal scam operations, while LinkedIn reported removing over 116 million accounts following spam or scam activity detection in 2025 alone. While platform providers actively work to combat this abuse, the scale of the problem is evident in transparency reporting, and many attacks succeed before detection.
The 2025 threat landscape represents a structural shift in social engineering. Attackers are orchestrating sophisticated, multi-channel campaigns that exploit human psychology across various platforms simultaneously. What makes this particularly dangerous: When a deepfake call is followed by a WhatsApp message and a shared document, the multi-channel reinforcement dramatically increases success rates. Technical controls alone are insufficient to mitigate these threats. Organizations must fundamentally rethink their security posture with:
We are entering a period where social engineering is becoming more personal, more convincing, and harder to recognize, pushing organizations to reinforce verification habits and strengthen their overall security awareness.
Download our complete Human Attack Surface: Threat Trends 2025 Report for deeper insights into the data, real-world case studies, and actionable recommendations to protect your organization against these evolving threats.
