The Human Factor 2025

Proofpoint’s Human Factor Report Series Launches with a Focus on Social Engineering

Share with your network!

Proofpoint’s new Human Factor report series is a fresh take on how we share insights about the threat landscape.

For years, threat reports have been too long, technical and difficult to digest. And they’re often packed with dozens of pages that feature excruciatingly detailed explanations of every payload type. But there’s typically little direction on what to do next.

Our Human Factor series was created to change that—delivering shorter, sharper and more actionable reports. Each volume will focus on a specific tactic, trend or threat actor behavior observed across Proofpoint’s global threat intelligence. Backed by data from more than 3.5 billion emails analyzed daily, these reports deliver practical insights to help organizations protect their people.

What is social engineering?

The first report in our series focuses on social engineering, a threat that’s both persistent and evolving. Social engineering remains one of the most effective and enduring tactics in the cybercriminal playbook. Why? Because it preys on something that’s far more vulnerable than systems: human behavior.

At its core, social engineering is the manipulation of human psychology—using fear, urgency, curiosity or even helpfulness to get someone to take an action. That might mean clicking a link, wiring funds, sharing credentials or installing software. Often, no malware or attachments are involved, which makes these attacks especially difficult to detect.

Why it still works

Despite advances in cybersecurity, social engineering persists and is even growing. Here’s why:

  • Payload-less attacks are harder to detect. Business email compromise (BEC), TOAD (telephone-oriented attack delivery) and benign conversations rely on trust, not technology.
  • AI makes attacks more scalable. Generative AI allows threat actors to craft personalized, linguistically accurate messages across regions and roles.
  • Users often prioritize convenience over caution. Even when users understand the risk, they may engage with suspicious content if it seems urgent or aligns with their job.
  • It’s profitable. With over $55 billion in reported BEC losses over the past decade, attackers have little reason to stop.

Key takeaways from the report

In the first volume of our Human Factor report series, Proofpoint threat researchers uncovered the following trends:

  • Advanced Fee Fraud (AFF) has increased 50% year-over-year, while extortion scams are declining.
  • TOAD remains highly active, with Proofpoint blocking more than 117 million threats annually.
  • Benign conversations are on the rise, particularly from advanced persistent threat (APT) actors who are looking to build trust before launching targeted attacks.
  • Over 90% of these state-sponsored campaigns spoof real individuals, making detection even more difficult.

Defending against social engineering

To stop social engineering, you need a human-centric defense strategy that goes beyond traditional detection. Organizations need to:

  • Gain visibility into who’s being targeted and how they’re responding
  • Use AI-driven detection to catch subtle, language-based threats
  • Implement impersonation protection and domain defense
  • Deliver tailored, threat-informed security awareness training
  • Automate response workflows to act faster when risks arise

Want deeper insights into today’s top social engineering threats—and what your organization can do to stop them? Download the full Human Factor: Social Engineering report.