Social engineering: Hackers’ favorite shortcut

Cyberpeace Tech
Aug 18
3 min read

A recent cybersecurity report shows a clear trend: social engineering is now the preferred entry point for cyberattacks. Between May 2024 and May 2025, more than one third of analyzed incidents started by exploiting human trust instead of technical flaws.

The impact is high: 6 out of 10 social engineering attacks end in data leaks, and most of them had financial motivations (business email fraud, ransomware, or stolen credentials).

Old tricks, new tactics

Phishing is still the most common method, with campaigns targeting privileged accounts and impersonating employees.
New variants are growing: malvertising, SEO poisoning, smishing, MFA bombing, and ClickFix campaigns that simulate urgent “updates” to gain access.
The most affected industries include IT, manufacturing, legal services, retail, and finance.

AI and automation: more realism, less effort

The use of AI agents is not yet massive, but it is already changing the scale of attacks. Cybercriminals can now create synthetic identities, run massive personalized phishing campaigns, and even clone voices to trick help desks. These tools allow them to carry out real-time conversations without human participation, making fraud requests more convincing with fake documents.

The result is clear: lower costs, faster attacks, and higher success rates.

Case study: Muddled Libra (Scattered Spider)

The Muddled Libra group has professionalized its operations: it has gone from small crypto thefts to attacks against large corporations with losses exceeding hundreds of millions of dollars for a single victim and collateral effects such as airline stoppages and supermarket shortages. Its “recipe” combines internal impersonation to reset MFA, SIM swapping, open-source data collection, and the use of legitimate remote access tools to persist and escalate privileges in minutes.

Unlike other groups, it adopts the cloud as the focus of the attack, exploiting gaps in visibility and control.

What does this mean for Mexico?

For Mexican organizations (from manufacturing and retail to finance, law, health, and government) social engineering is today the most likely way to suffer a data breach. Even with strong technical defenses, weak identity verification, excessive permissions, or poor account recovery processes can open the door.

Applying a Zero Trust model focused on users, improving identity management, and training employees are key actions to reduce risks.

Concrete steps to reduce the attack surface

Protect accounts and identities. Use phishing-resistant MFA, conditional access, and minimum privilege policies.
Secure account recovery. Add multiple verification steps and prevent help desks from making critical changes in a single request.
Detect abnormal credential use. Apply behavior analytics to spot impossible logins, privilege escalations, or unusual RMM use.
Educate employees. Train teams with realistic phishing and smishing simulations.
Extend Zero Trust to people. Apply cross-checks for sensitive processes like payroll changes or payment approvals.
Improve cloud governance. Keep inventory of accounts, segment environments, and activate risk alerts.

Adopting these practices not only reduces immediate risks but also strengthens resilience against future threats. Attackers will keep refining their methods, and social engineering will remain one of the biggest challenges for companies in Mexico and worldwide.

In a world where social engineering is becoming increasingly common, prevention makes all the difference. At Cyberpeace, we invite you to stay informed and strengthen your digital security. Follow us and discover how to protect yourself.