AI Supercharges Social Engineering Attacks Targeting Employees
Severity: High (Score: 66.5)
Sources: Iverify, Blog.Knowbe4
Published: · Updated:
Keywords: social, engineering, report, attacks, didn, invent, supercharged
Summary
AI-enabled social engineering attacks are on the rise, leveraging generative AI to automate and enhance the effectiveness of phishing attempts. These attacks exploit human trust and target employees through mobile devices, making them harder to detect. A report from Visa indicates that social engineering was responsible for the largest number of losses in the second half of last year. Generative AI tools allow attackers to create personalized messages, mimic executive writing styles, and adapt conversations in real time. The visibility gap in mobile communications further complicates detection for organizations. Deloitte predicts that AI-enabled fraud losses in the U.S. could reach $40 billion by 2027. The combination of immediacy and personal trust in mobile devices creates a favorable environment for these attacks. As a result, the scale of identity-based attacks has increased significantly, affecting multiple sectors and organizations. Key Points: • AI tools are automating and enhancing social engineering attacks, making them more effective. • Mobile devices are the primary vector for these attacks, exploiting employee trust and quick response habits. • Deloitte forecasts AI-enabled fraud losses in the U.S. could reach $40 billion by 2027.
Detailed Analysis
**Impact** Employees across multiple sectors and geographies are increasingly targeted by AI-enhanced social engineering attacks, particularly through mobile devices. These attacks lead to significant financial losses, with Deloitte projecting U.S. GenAI-enabled fraud losses could reach $40 billion by 2027, up from $12.3 billion in 2023. The primary business impact involves unauthorized account access, identity recovery manipulation, and fraudulent transactions, affecting operational continuity and data integrity. **Technical Details** Attackers leverage generative AI to automate victim research, personalize phishing messages, mimic executive communication styles, and adapt interactions in real time. Mobile platforms and BYOD environments are exploited due to limited enterprise visibility and weaker security controls. Deepfake audio and video are used to impersonate executives and employees, facilitating identity recovery fraud and MFA bypass without deploying malware or exploiting CVEs. No specific IOCs or infrastructure details were provided. **Recommended Response** Organizations should enhance monitoring of mobile communication channels and identity recovery workflows, focusing on anomalous MFA requests and support desk interactions. Implement stricter verification protocols for identity and access management processes, including multi-factor authentication with out-of-band verification. Train employees to recognize AI-generated impersonations and enforce segmentation between personal and professional device use. No patching or specific detections were detailed; continuous monitoring for social engineering indicators is advised.
Source articles (2)
- Report: AI — Blog.Knowbe4 · 2026-06-08
Threat actors are increasingly using AI-enabled social engineering to get around technical security measures , according to a new report from Visa. Social engineering attacks were behind the largest n… - AI Didn't Invent Social Engineering. It Supercharged It. — Iverify · 2026-06-08
Social engineering has always been effective because it targets something every organization depends on: human trust. What has changed is the amount of effort required to make those attacks convincing…
Timeline
- 2025-12-01 — Visa report highlights rise in social engineering losses: A report from Visa indicates social engineering attacks caused the largest financial losses in the second half of 2025.
- 2026-06-08 — AI's role in social engineering discussed: Iverify article outlines how generative AI enhances social engineering by automating personalization and adaptation.
- 2026-06-08 — Deloitte predicts significant fraud losses: Deloitte forecasts that AI-enabled fraud losses in the U.S. could reach $40 billion by 2027, up from $12.3 billion in 2023.
Related entities
- Phishing (Attack Type)
- DarkSword (Malware)
- T1566 - Phishing (Mitre Attack)
- IOS (Platform)