Social engineering schemes becoming more complex
Cybercriminals and others have long used social engineering techniques to exploit human nature. These tactics are used to manipulate individuals into sharing sensitive and valuable information that can be lucrative for bad actors. Criminals are constantly changing methods of intrusion — and it appears their methods have again changed.
Lockton has observed that attackers are learning to personalize phishing attacks and produce more genuine-seeming content to better trick targets and entice them to take certain actions. Attackers, for example, are increasingly adding personal details to emails and other messages, which they can obtain via social media and other means.
AI is also helping attackers, who may not be native speakers of the languages their targets speak, draft messages with fewer grammatical and spelling errors. This has allowed groups to better target U.S.- and U.K.-based businesses.
In May 2025, for example, Scattered Spider launched social engineering schemes against several American and British retailers, including Harrods, Marks & Spencer, and Victoria’s Secret. Using information obtained via the dark web to appear credible, attackers posed as company help desk staffers and tricked employees into providing additional credentials, which they used to infiltrate technology networks and plant ransomware. More recently, Scattered Spider has shifted to attacking insurers — including Aflac, Allianz, Erie Insurance, and Philadelphia Insurance Companies — and several airlines.
Lockton has observed that attackers are learning to personalize phishing attacks and produce more genuine-seeming content to better trick targets and entice them to take certain actions. Attackers, for example, are increasingly adding personal details to emails and other messages, which they can obtain via social media and other means.
AI is also helping attackers, who may not be native speakers of the languages their targets speak, draft messages with fewer grammatical and spelling errors. This has allowed groups to better target U.S.- and U.K.-based businesses.
In May 2025, for example, Scattered Spider launched social engineering schemes against several American and British retailers, including Harrods, Marks & Spencer, and Victoria’s Secret. Using information obtained via the dark web to appear credible, attackers posed as company help desk staffers and tricked employees into providing additional credentials, which they used to infiltrate technology networks and plant ransomware. More recently, Scattered Spider has shifted to attacking insurers — including Aflac, Allianz, Erie Insurance, and Philadelphia Insurance Companies — and several airlines.
Attackers are also increasingly carrying out social engineering schemes through voice phishing, or “vishing.” A common scheme is for an attacker to call a company’s help desk posing as an employee to obtain passwords and other credentials. Attackers can also use AI tools, such as deepfakes and voice cloning, to simulate the voices of employees and supervisors, and use AI-powered chatbots to impersonate IT teams and others.
One reason why social engineering techniques are easier to carry out today than in the past is the rise of remote and hybrid work. Remote workers cannot verify suspicious requests as easily or quickly as their in-office colleagues can, making them potentially more susceptible to such schemes. More broadly, changes in how we work mean face-to-face interactions occur less frequently, which means there are fewer informal opportunities than in the past during which businesses can detect fraud.
Automation tools, meanwhile, are empowering cybercriminals to carry out large-scale attacks with greater ease. Threat actors can now create and deploy thousands of personal messages simultaneously, allowing them to test multiple vectors at once.
