Social Engineering’s Quiet Evolution: Why the Human Layer Still Beats the Zero-Day

In April 2026, attackers walked out of ADT with roughly 10 million customer records. They did not burn a zero-day. They did not deploy malware. They called an employee, posed as internal IT support, and talked their way to a working set of Okta single sign-on credentials. From there they signed into the company's Salesforce instance and exported names, phone numbers, addresses, and partial Social Security numbers. The group behind it, tracked as ShinyHunters, has run that same script against a long list of recognizable names, including Google, Adidas, and Qantas.

This is worth sitting with, because it runs against where most of the security conversation went over the past year. The headlines have been about frontier-model capability: evaluations of Claude Mythos, autonomous agents that chain exploits, AI systems probing for zero-days at machine speed. Those stories are real and they matter for the medium term. But they describe where the threat could be heading, not where breaches actually begin today. The intrusions landing right now overwhelmingly start with a person being convinced to do something, and the most expensive ones often involve no software vulnerability at all.

Social engineering did not fade into the background while everyone watched the AI race. It evolved, it absorbed AI as a tool, and it remains the most reliable way into an organization. Understanding how it got here, and where it goes next, is the difference between defending the threat you read about and defending the one that's calling your help desk.

Why the human layer still owns the numbers

Before tracing the evolution, it helps to anchor the claim that the human layer is still the main event.

Verizon's 2026 Data Breach Investigations Report puts the human element in roughly 62% of breaches. The European Union Agency for Cybersecurity (ENISA) places social engineering at about 60% of observed initial access in its 2025 Threat Landscape, with phishing as the primary initial intrusion vector. By contrast, ENISA attributes around 21% of initial access to vulnerability exploitation. Exploitation is more technically decisive when it works, since it culminated in intrusion in nearly 70% of those cases, but it is simply less common as a way in than convincing a human.

The people setting budgets have noticed. The World Economic Forum's Global Cybersecurity Outlook 2026 found that cyber-enabled fraud and phishing rose to the top of executive cyber-risk concerns, displacing ransomware for the first time. The same report found 94% of respondents naming AI as the most significant driver of change in cybersecurity, and 87% identifying AI-related vulnerabilities as the fastest-growing risk category. Read those two findings together and the picture is clear: leaders are worried about AI precisely because of what it does to social engineering, not because it has replaced it with something else.

That tension sits underneath the rest of this piece. AI hasn't handed attackers a new trick. It has taken the oldest one and stripped away the things that used to hold it back: the cost, the manual effort, and the clumsy grammar that gave it away.

Four phases: how social engineering actually evolved

Social engineering has moved through four reasonably distinct phases. Each one did not erase the last; it layered on top of it. Most organizations are now defending against all four at once.

Phase one: bulk email phishing

The first era was volume. Attackers sprayed generic lures to enormous lists and converted whatever small fraction clicked. The defining trait was low cost per message and low quality per message. The "tells" became security-awareness folklore: clumsy grammar, mismatched logos, an unexpected attachment, a sender address that fell apart on inspection. Training programs were built around spotting those tells, and for a while that was a workable defense because the attacks really did look wrong.

Phase two: targeted spear phishing and business email compromise

The second era was precision. Instead of a million generic emails, an attacker researched a specific finance employee, learned the name of their CFO, mirrored the company's tone, and sent one carefully built message asking for a wire transfer or a change to payment details. Business email compromise (BEC) became one of the most lucrative categories in cybercrime on the strength of this approach.

The economics are what constrained it. Good spear phishing took human effort: reconnaissance, writing, social context. That cost meant it was reserved for high-value targets where the payoff justified the labor. The defensive implication followed directly. Spear phishing was a boutique threat, and most employees never saw a truly tailored one.

Phase three: multi-channel social engineering

The third era broke out of the inbox. Attackers learned that email is only one of the channels where people make trust decisions, and often not the weakest one. Voice phishing (vishing), SMS phishing (smishing), QR-code lures, and direct manipulation of IT help desks all moved from novelty to standard practice.

What's different now is that an attack rarely shows up as a single message. It shows up as a sequence. A typical modern campaign might open with an email to establish a pretext, reinforce it with a text message that adds urgency, continue inside a collaboration tool like Microsoft Teams so the interaction feels internal, and close with a phone call that supplies the human pressure. Each channel covers for the weaknesses of the others, and the employee experiences a coordinated story rather than a suspicious one-off.

Phase four: AI-amplified, identity-targeting deception

The fourth era, the one defining 2026, removed the cost ceiling that held phase two in check and added synthetic media to phase three.

Generative AI made high-quality personalization cheap enough to apply at scale. A controlled human-subject study found that fully automated, AI-generated spear phishing achieved a 54% click-through rate, matching human expert teams and far above the 12% control baseline, at a cost of roughly four cents per email. That single result captures the structural change: the careful, tailored attack that used to be reserved for the CFO can now be produced for everyone in the directory. Spear phishing went from boutique to mass-production.

At the same time, voice and video stopped being trustworthy as identity signals, and the target of the whole exercise shifted from the inbox to identity itself. The rest of this article is mostly about what that fourth phase looks like in practice.

The channels that changed the most

Three channels carry most of the change worth understanding.

Vishing and the return of the phone call

Voice phishing is the fastest-rising channel in the set. CrowdStrike recorded a 442% increase in vishing between the first and second halves of 2024; in one illustration of the slope, the firm logged two vishing attacks in January 2024 and 93 that December. Keepnet Labs reports that around 70% of organizations have experienced a voice-phishing attempt. Deloitte's Center for Financial Services projects that fraud using generative AI, which includes vishing, could cost up to $40 billion a year by 2027.

Two things make voice effective. First, the technology barrier collapsed: Microsoft notes that a usable voice clone can be produced from roughly three seconds of audio, which means a few seconds of a recorded all-hands or a conference talk is enough raw material. Second, the psychology is reliable. An academic review of vishing attacks found that attackers leaned on authority bias in over 95% of cases, and number spoofing makes the call appear to come from a trusted source. The soft entry points are predictable too, with help desks and contact centers built to be helpful to people who sound stuck and stressed.

Deepfakes, from proof-of-concept to operational

For years, deepfakes were a conference demo. The Arup case turned them into an operational template. A finance employee at the engineering firm joined a video call in which the CFO and several colleagues were all AI-generated reconstructions built from publicly available footage. Following instructions on that call, the employee made 15 transfers totaling about $25 million. The attack is repeatedly cited not because it is common at that scale, but because it proved the method works in a live, multi-participant setting.

What's instructive is also when it fails. When LastPass was targeted by an audio deepfake of its CEO, the attempt collapsed because the message arrived out of the employee's normal channel and pushed urgency, and those two traits triggered suspicion. That failure mode is the seed of an actual defense, and we'll return to it.

Email's quieter mutation

Email did not stand still while attention moved to voice and video; it mutated to slip past the controls built for phase one. Microsoft's threat intelligence for the first quarter of 2026 recorded QR-code phishing rising 146% in three months, because a QR code routes the victim to a phone browser and sidesteps email link scanners. CAPTCHA-gated phishing, which uses a fake human-verification step to look legitimate and stall automated analysis, more than doubled in March. Device-code phishing, which steals authentication tokens without ever capturing a password, climbed sharply. Adversary-in-the-middle kits such as Tycoon2FA sit between the user and the real login page to intercept both credentials and the multi-factor token in real time, which defeats the most commonly deployed form of MFA.

A related variant is callback phishing, where the lure is not a link but a phone number. The group tracked as Silent Ransom has sent invoice-themed emails, waited for the victim to call a fake IT-support line, walked them through installing a remote-access tool, and exfiltrated documents for extortion, in some cases within half an hour of getting access.

The throughline across all of these is that the channel keeps moving to wherever verification is weakest.

Inbox to identity: what attackers actually target now

Step back from the individual channels and a single shift explains most of them. The target of social engineering used to be the inbox. The target now is identity.

In practice that means attackers are after single sign-on credentials, multi-factor approvals, OAuth grants, active session tokens, and the help-desk procedures that can reset all of the above. Once an attacker is holding a real set of credentials, they usually don't need to break anything. They just log in, and from a security tool's perspective most of what happens next looks like an employee going about their day. Three campaigns from the current period show the pattern from different angles.

ShinyHunters built the cleanest version of it. The group, tracked by Google's threat intelligence team under identifiers including UNC6040, runs a repeatable pipeline: a spoofed call from "IT support," a walk-through that gets the employee to approve an MFA prompt or read back a one-time code, valid Okta SSO access, then a pivot straight into Salesforce to export customer data and extort the victim. The ADT breach that opened this article followed exactly that path. So did intrusions associated with Workday, Charter Communications, and Google's own Salesforce instance. No malware sits at the center of this; the entire operation runs on a phone call and a credential.

Scattered Spider, tracked as UNC3944, applied the same logic to the IT help desk and aimed it at UK retail in 2025. The group profiled employees from public sources, then called service desks impersonating those employees and pressured staff into resetting passwords or removing MFA, before deploying DragonForce ransomware. At Marks & Spencer the operational damage was severe: suspended online orders, failed contactless payments, halted warehouse operations, more than £500 million wiped from market capitalization, and reporting of roughly £3.8 million per day in lost online sales. Co-op and Harrods were hit in the same wave. The same collective had used identical help-desk tradecraft against MGM Resorts and Caesars in 2023. (Some reporting describes collaboration between ShinyHunters and Scattered Spider; treat the precise relationship as reported rather than settled.)

Coinbase showed the third variant, where the manipulated human is not unsuspecting but bribable. Beginning in late 2024, attackers recruited overseas customer-support agents to export customer data using their own legitimate access. The activity ran for nearly five months before discovery, the attackers demanded a $20 million ransom that Coinbase refused, and the company has estimated the total impact at $180 million to $400 million. The stolen records then fueled a second round of social engineering, this time impersonating Coinbase support to victims directly. Insider recruitment turns the access-control problem inside out: the credential being abused was issued on purpose.

What unifies the three is the absence of a technical breach at the point of entry. Each began with a legitimate credential obtained by manipulating a person, and each largely bypassed the endpoint detection tooling that assumes an intruder has to break something.

What AI did, and what it didn't

It would be easy to read the last few sections as "AI changed everything." The reality is narrower than that, and more useful to plan around.

The consistent assessment across the UK's National Cyber Security Centre (NCSC), the Verizon DBIR, and Google Cloud's threat intelligence is that AI is currently a force multiplier across the existing intrusion chain rather than a source of genuinely new attack techniques. The DBIR notes that less than 2.5% of observed AI-assisted malware involved rare techniques. NCSC assesses that fully autonomous, end-to-end advanced intrusions remain unlikely through 2027, while expecting AI to make the familiar steps faster, cheaper, and more accessible to less-skilled actors. The techniques in the breaches above are not new. Pretexting, impersonation, and stolen credentials have been around for decades. What's new is how quickly and how cheaply an attacker can run them now.

That economic change is the real story, and it is significant on its own. When tailored spear phishing drops to four cents a message, when a voice clone needs three seconds of audio, and when a convincing pretext can be drafted in any language in seconds, the constraint that used to limit high-quality social engineering simply lifts. The result is a feedback loop. AI-assisted social engineering yields identity access; that access yields internal documents, org charts, ticket histories, and writing samples; and that material trains the next, more convincing lure. Each successful round makes the following one easier.

There's a fitting illustration of how thoroughly social engineering has absorbed the AI moment. In June 2026, Microsoft documented attackers using AI hype itself as the bait, running campaigns that impersonate ChatGPT, Microsoft Copilot, and Anthropic's Claude. The logic is precise: people have learned to be slightly suspicious of an unexpected banking email, but they have no instinct yet for what a legitimate message about a new AI tool should look like. The frontier-model story that dominated the year's headlines has, in other words, become a phishing theme. That is the whole argument in miniature. The durable threat is not the autonomous AI attacker; it is the human who can be moved, now reachable at a scale and quality that used to be impossible.

What companies should expect, 2026 to 2028

Projecting the current trajectory forward gives a reasonably concrete picture for the next couple of years.

Expect personalized phishing and vishing to become routine across every channel an employee uses, including email, SMS, voice, chat, and social platforms, with the limiting factor being target data and delivery infrastructure rather than the effort of writing a convincing message. Expect the strongest lures to stop looking like phishing and start looking like ordinary business-process continuation, a payment-detail update or an access request that matches a real workflow. Expect credential dumps from prior breaches, including the 16-billion-record compilation circulated in 2025, to serve as ready-made dossiers that make pretexts more believable. Expect over-permissioned SaaS integrations and OAuth grants to remain the quiet path for lateral movement after the initial human compromise. And expect help desks and finance functions to stay at the top of the target list, because both are designed to act helpfully under pressure.

The uncomfortable part is what this means for awareness training. Training is necessary, but the research does not support treating it as a sufficient control. A meta-analysis of cybersecurity training found a positive overall effect, but with behavior change consistently smaller than gains in knowledge or attitude, and stronger study designs showing smaller behavioral effects. People can pass the quiz and still approve the prompt under pressure. Annual training alone is not a match for AI-era social engineering, and saying otherwise sets a program up to fail.

What works is a layered posture that assumes some lures will land:

• Phishing-resistant MFA, specifically FIDO2 or passkeys, for administrators, finance, help-desk staff, developers, and executives, because it cannot be relayed by an adversary-in-the-middle proxy or read aloud over the phone.

• Out-of-band verification for any sensitive request, meaning a callback to a pre-registered number or a confirmation in a separate channel before resetting credentials, removing MFA, or moving money. This is precisely the friction that saved LastPass.

• Help-desk identity-proofing and strict controls on password and MFA resets, so the person performing the reset is not the single point of failure that Scattered Spider exploited.

• Least privilege and active governance of SaaS and OAuth connections, to shrink the blast radius when one identity is compromised.

• Multi-person authorization for wire transfers and other high-value actions, so no single manipulated employee can complete them alone.

• Realistic simulations measured by behavior rather than quiz scores, and specifically including voice-phishing simulations aimed at help-desk and other high-exposure roles.

That last point deserves emphasis because it is where most programs have a blind spot. Enea has reported that around 75% of enterprises do not specifically invest in protection against voice scams, even as vishing posts the steepest growth of any channel. This gap is a large part of why CISOs are adding vishing simulation to programs that used to be email-only. Most employees have practiced spotting a suspicious email. Very few have ever experienced a live, adaptive voice attack in a safe setting, which means the first realistic one they encounter is the real one.

Top rated platforms for vishing attack prevention and employee training

Closing the voice-phishing gap has become a distinct buying decision rather than a feature buried inside a generic awareness suite. The platforms below approach vishing prevention and employee training from different angles, and they're listed alphabetically rather than ranked, because the right fit depends on whether you need a broad human-risk suite or specialist depth in realistic, multi-channel attack rehearsal. Vendor-reported effectiveness figures are noted as such.

Brightside

Brightside is a simulation-first, AI-era platform that covers phishing, vishing, and deepfake scenarios in one product, with its clearest depth in voice. Its vishing simulator uses generative AI to run live calls that adapt to what the target says in real time, rather than playing a scripted recording. Admins build campaigns through a five-step template flow (attack goal, context, tactics, voice, and review) and can choose a Recommended Strategy that layers proven social-engineering tactics, such as authority impersonation and manufactured urgency, with a short explanation of why each combination works. A distinctive Hybrid Attack mode pairs a voice call with a trackable phishing email as a single coordinated campaign, which mirrors how real multi-channel attacks actually run. The platform ships with eight preset voices across English, French, German, and Italian, supports custom voice cloning from a one-to-two-minute recording for executive-impersonation rehearsals, and lets admins preview a call in the browser before launching. Its Swiss base and multilingual coverage make it a natural fit for European organizations weighing NIS2 and DORA obligations.

Brightside is best suited to security teams that want to rehearse modern, identity-targeting attacks (voice, hybrid voice-plus-email, and deepfakes) with high realism, rather than buy the broadest possible content library.

Pros

• Live, adaptive AI voice calls rather than pre-recorded scripts

• Hybrid voice-plus-email campaigns that model real attacker sequences

• Custom executive voice cloning and preview-before-launch

• Multilingual (EN/FR/DE/IT) with European compliance relevance

Cons

• Specialist simulation focus rather than a broad, all-in-one human-risk suite

• Smaller off-the-shelf training content library than the largest incumbents

Hoxhunt

Hoxhunt is an enterprise human-risk platform built around adaptive, gamified phishing training that tunes difficulty to each employee's behavior over time, with remediation that connects into security operations workflows. It added a deepfake attack simulation that delivers a phishing email leading to a mock video call featuring an AI-generated executive, offered as a custom-delivered service rather than a fully self-serve feature. Hoxhunt's strength is measurement and behavior change at scale across a large workforce.

Hoxhunt is a strong fit for large organizations that want data-driven, continuously adapting phishing training and are comfortable with voice and deepfake testing being more of a guided service than a self-serve simulator.

Pros

• Adaptive difficulty tuned to individual behavior

• Strong reporting and behavior-change measurement

• SOC-connected remediation workflows

Cons

• Vishing is less of a standalone, self-serve simulator than the voice-specialist tools

• Deepfake simulation is custom-delivered rather than on-demand

Keepnet Labs

Keepnet Labs is a broad human-risk-management suite that spans phishing, vishing, smishing, and QR-code simulation alongside awareness training, phishing reporting, and incident-response workflows. Its vishing module is popular with teams that want quick setup: security staff can upload their own recordings or use AI text-to-speech, schedule calls within set windows, and track responses in real time. Keepnet also publishes much of the widely cited vishing data in the market; the company reports, for example, that AI-powered vishing simulations cut trained teams' risk scores by around 80% over three months, a vendor-reported figure that should be read as such.

Keepnet is a good fit for organizations that want wide attack-surface coverage and response tooling in one platform, with vishing included as part of a larger suite rather than as a deep specialty.

Pros

• Wide channel coverage (phishing, vishing, smishing, QR) in one suite

• Self-serve vishing setup with scheduling and real-time tracking

• Built-in phishing-response and reporting workflows

Cons

• Breadth can come at the expense of voice-simulation depth

• Headline effectiveness stats are vendor-reported

KnowBe4

KnowBe4 is the largest and most widely adopted security-awareness platform, with an extensive training-content library, mature phishing-simulation automation, and its AIDA system for AI-driven campaign personalization. It has added AI-assisted voice capabilities, though its voice simulations lean toward scripted flows rather than the live, adaptive conversations offered by voice-specialist tools. Its scale, language coverage, and integrations make it a default shortlist entry for large awareness programs.

KnowBe4 is best suited to organizations that prioritize content breadth, automation maturity, and broad adoption, and that treat vishing as one component of a large awareness program rather than the centerpiece.

Pros

• Very large training-content and phishing-template library

• Mature automation and broad integrations

• Wide language and regional coverage

Cons

• Voice simulations are more scripted than live-adaptive

• Multi-vector realism is less central than in simulation-specialist tools

Proofpoint

Proofpoint approaches awareness as one layer of a broader human-centric security platform tied to its email-security and threat-intelligence stack. Its training combines phishing, smishing, and USB simulations with a People Risk Explorer that identifies the most-attacked people using real threat telemetry, and it can auto-enroll employees who fail into adaptive learning paths. The value is tightest for organizations already running Proofpoint email security, where training and threat detection share the same data.

Proofpoint fits enterprises that want awareness training integrated with email security and risk modeling, and that value threat-intelligence-driven targeting over standalone voice-attack depth.

Pros

• Risk-based targeting using real threat telemetry (People Risk Explorer)

• Tight integration with email security and the wider Proofpoint stack

• Adaptive learning paths triggered by simulation failures

Cons

• Voice and vishing are less central to the offering

• Value depends heavily on already using Proofpoint email security

The common thread is that realistic, multi-channel attack rehearsal, voice included, has moved from a nice-to-have to a baseline expectation. The breaches that defined the last two years did not exploit unpatched software. They exploited people who had never practiced saying no to a convincing caller, and who worked in organizations that made it too easy to turn one manipulated decision into full access.