DUBAI, UAE Cybersecurity firm Proofpoint has identified social engineering as the leading global cyber threat in its newly released 2025 Human Factor Report. The report underscores a shift from traditional technical exploits to psychological manipulation as attackers increasingly exploit human behavior to breach organizational defenses.
According to the findings, attackers now prefer tactics such as TOAD (Telephone-Oriented Attack Delivery), fake job offers, and benign-looking emails to trick individuals into compromising security. Proofpoint blocks over 117 million TOAD attacks annually, signaling a sharp rise in social engineering over malicious links or attachments.
Key insights include a 40% surge in cryptocurrency-related fraud, driven mainly by job scams, and a 47% increase in Advanced Fee Fraud, with a notable drop in extortion scams. The use of generative AI is also enabling multilingual, targeted attacks, expanding threat actors’ reach.
State-sponsored groups are increasingly initiating attacks with innocuous emails to build trust, with 90% pretending to seek collaboration. Proofpoint warns that even with evolving tools like AI, human-centric detection and defense strategies are crucial.
“Cybercriminals are shifting from fear to persuasion,” said Selena Larson, Senior Threat Intelligence Analyst at Proofpoint. “Defending against these threats means educating people as much as advancing technology.”
The report highlights the urgent need for organizations to combine technology with user awareness to combat the growing sophistication of social engineering attacks.
