* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Points of View](https://www2.paloaltonetworks.com/blog/category/points-of-view/)
* Social Engineering on the...

# Social Engineering on the Rise --- New Unit 42 Report

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F07%2Fsocial-engineering-rise-new-unit-42-report%2F)  
[](https://twitter.com/share?text=Social+Engineering+on+the+Rise+%E2%80%94+New+Unit+42+Report&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F07%2Fsocial-engineering-rise-new-unit-42-report%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2025%2F07%2Fsocial-engineering-rise-new-unit-42-report%2F&title=Social+Engineering+on+the+Rise+%E2%80%94+New+Unit+42+Report&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2025/07/social-engineering-rise-new-unit-42-report/&ts=markdown)  
\[\](mailto:?subject=Social Engineering on the Rise — New Unit 42 Report)  
Link copied  
By [Michael Sikorski](https://www.paloaltonetworks.com/blog/author/michael-sikorski/?ts=markdown "Posts by Michael Sikorski")  
Jul 30, 2025  
4 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)  
[Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)  
[Global Incident Response Report](https://www.paloaltonetworks.com/blog/tag/global-incident-response-report/?ts=markdown)  
[Social Engineering](https://www.paloaltonetworks.com/blog/tag/social-engineering/?ts=markdown)

## How Cybercriminals and Nation-State Actors Are Leveraging Sophisticated Social Engineering Techniques to Attack Global Organizations at Scale

Today, Palo Alto Networks Unit 42 released the [2025 Unit 42 Global Incident Response Report: Social Engineering Edition](https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/). This report explores the top initial attack vector we observed over the past year -- social engineering. During this period, over a third of all Unit 42 Incident Response cases began with a social engineering tactic.

The report analyzes how attackers are exploiting trust to breach organizations, leading to business disruption and financial loss. Insights are derived from Palo Alto Networks telemetry, over 700 incident response case studies, and Unit 42 threat research.

### Social Engineering Data Reveals How Human Vulnerabilities Are Exploited

Social engineering is the most common initial access vector observed by Unit 42, with phishing accounting for 65% of social engineering-driven cases. These attacks often target privileged accounts (66%), utilize impersonation of internal personnel (45%) and involve callback or voice-based techniques (23%), which are becoming more sophisticated as attackers leverage AI.

The success of social engineering stems from exploiting human behavior and weak controls, rather than technical vulnerabilities. Our data reveals several key patterns driving the success of these social engineering attacks:

* **Business Disruption**: Social engineering attacks resulted in data exposure in 60% of cases, 16 percentage points higher than other initial access vectors. Business email compromises (BEC) accounted for roughly half of all social engineering cases, with nearly 60% leading to data exposure.
* **Novel Vectors**: While phishing leads, 35% of social engineering cases use methods like SEO poisoning, malvertising, smishing and MFA bombing. Attackers are expanding beyond email to other platforms and devices.
* **Control Gaps**: Ignored alerts (observed in 13% of all social engineering cases), excessive permissions (10%) and lack of MFA (10%) are common weaknesses. Overwhelmed security teams often miss or deprioritize alerts.

### AI Fuels a New Era of Social Engineering

AI has the power to reshape social engineering threats. While traditional methods persist, attackers are now using AI tools for speed, realism and scale. Unit 42 has observed three levels of AI-enabled tooling in incidents:

* **Automation** tools accelerate intrusion steps.
* **Generative** **AI** creates human-like content for personalized lures, voice cloning and adaptive interactions.
* **Agentic AI** autonomously executes multistep tasks, including cross-platform reconnaissance and creating synthetic identities for targeted campaigns.

This indicates a shift where AI components support conventional social engineering, increasing the scale, pace and adaptability of attacks.

### Social Engineering Can Be Both Highly Targeted and Highly Scalable

In the report, Unit 42 outlines two top observed social engineering models, both designed to bypass controls by mimicking trusted activity:

**High-touch compromise** targets specific individuals in real time. Threat actors impersonate staff, exploit help desks and escalate access without deploying malware. This often involves voice lures, live pretexts and stolen identity data, as seen in [Muddled Libra](https://unit42.paloaltonetworks.com/muddled-libra/) and various nation-state activities. These white glove attacks are highly targeted and tailored, employing help desk impersonation, voice spoofing and technical reconnaissance to achieve deep access, broader system control and higher potential for monetization.

**At-scale deception** includes [ClickFix](https://unit42.paloaltonetworks.com/preventing-clickfix-attack-vector/)-style campaigns, SEO poisoning, fake browser prompts and blended lures that trigger user-initiated compromise across multiple devices and platforms. Large-scale ClickFix campaigns trick users into executing malware through fraudulent system prompts and CAPTCHA tests. We've observed these attacks across healthcare, retail and government sectors, often resulting in widespread credential compromise and operational downtime.

### How Organizations Become Low-Hanging Fruit for Social Engineering

Social engineering persists due to overpermissioned access, gaps in behavioral visibility and unverified user trust in human processes. Threat actors exploit identity systems, help desk protocols and fast-track approvals by mimicking routine activity. To counter this, security leaders must shift beyond user awareness, recognizing social engineering as a systemic threat. This requires:

* Implementing behavioral analytics and identity threat detection and response (ITDR) to proactively detect credential misuse.
* Securing identity recovery processes and enforcing conditional access.
* Expanding zero trust principles to encompass users, not just network perimeters.

As technology evolves, attackers exploit human trust and productivity. The nature of trust, verification and defense is changing. This report reflects trends and attacker innovations observed over the past year. By contextualizing these findings, security leaders gain tools to recalibrate defenses, protect business continuity and maintain an edge in an evolving threat environment.

For a deeper dive into these evolving tactics and Unit 42's comprehensive analysis, [download the full report here](https://unit42.paloaltonetworks.com/2025-unit-42-global-incident-response-report-social-engineering-edition/).

To discover how Unit 42 can empower your organization, visit our[website](https://www.paloaltonetworks.com/unit42).

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Why Threat Actors Succeed](https://www2.paloaltonetworks.com/blog/2025/10/why-threat-actors-succeed/)

### [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Closing the Cloud Security Gap](https://www2.paloaltonetworks.com/blog/2025/10/closing-the-cloud-security-gap/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/category/data-security/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### The Case for Multidomain Visibility](https://www2.paloaltonetworks.com/blog/2025/10/case-for-multidomain-visibility/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Navigating the Complex Threat Landscape --- Key Takeaways for CISOs](https://www2.paloaltonetworks.com/blog/2023/11/navigating-the-complex-threat-landscape/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Securing the AI Before Times](https://www2.paloaltonetworks.com/blog/2025/08/securing-ai-before-times/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Palo Alto Networks Named a Leader in WW Incident Response Services](https://www2.paloaltonetworks.com/blog/2025/08/idc-unit-42-ir/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language