Proofpoint researchers have increasingly observed that threat actors leverage natural human curiosity rather than exploits to trick users into opening malicious emails, clicking on links, transferring funds, and more. While document-based exploits and exploit kits still regularly threaten individuals and organizations, decreasing technical vulnerabilities makes people far more attractive and reliable targets.
From business email compromise (BEC) schemes to macro-laden documents to malicious links in social media spam, attackers are making the most of the human factor. We see evidence of this every day in large scale campaigns targeting millions of recipients, smaller personalized campaigns, and highly targeted attacks on individuals with access to sensitive information and banking credentials.
Check out the infographic below to explore the trends and activities shaping the social engineering threat landscape today. For a deeper dive, download the full report here.