Skip to main content
TopAIThreats home TOP AI THREATS
Technical Attack

Social Engineering

Psychological manipulation techniques that exploit human trust, authority, and urgency to trick individuals into revealing credentials, authorizing transactions, or granting system access.

Security & Cyber Information Integrity

Definition

Social engineering is an attack methodology that targets human psychology rather than technical vulnerabilities — manipulating individuals into performing actions or divulging information through deception, impersonation, pretexting, or exploitation of trust relationships. AI has transformed social engineering by enabling the generation of highly personalized phishing messages at scale, real-time voice cloning for phone-based impersonation, and deepfake video for executive impersonation in video calls.

How It Relates to AI Threats

Social engineering intersects with AI threats across Security & Cyber and Information Integrity. Within Security & Cyber, AI-powered social engineering uses generative models to automate reconnaissance, craft personalized lures, and conduct voice or video impersonation at scale — dramatically reducing the cost per attack while increasing the success rate. Within Information Integrity, AI-generated social engineering content contributes to the broader erosion of trust in digital communications, as recipients can no longer rely on voice recognition, writing style, or video presence to verify identity.

Why It Occurs

  • Human cognitive biases (urgency, authority, social proof) remain effective regardless of the attacker’s technological sophistication
  • AI enables personalization at scale, tailoring messages to individual targets using publicly available data
  • Voice cloning from as little as 3-10 seconds of reference audio enables convincing phone-based impersonation
  • Real-time deepfake technology defeats video verification, previously considered a high-trust channel
  • The cost per convincing social engineering attempt has collapsed from hours of human effort to seconds of API calls

Real-World Context

The Hong Kong deepfake CFO fraud (INC-24-0001) demonstrated AI-powered social engineering at its most severe — real-time deepfake video impersonation of multiple executives on a video call resulted in a $25 million wire transfer. WormGPT (INC-23-0006) demonstrated the democratization of AI-enhanced social engineering, providing purpose-built tools for generating convincing phishing lures without the language or cultural expertise traditionally required.

Related Incidents

INC-24-0001 critical 2024-01

Hong Kong Deepfake CFO Video Conference Fraud

INC-23-0006 high 2023-07

WormGPT: AI-Powered Business Email Compromise Tool

Related Threat Patterns

AI-Powered Social Engineering Security & Cyber Deepfake Identity Hijacking Information Integrity

Related Terms

Phishing Deepfake Voice Cloning
← Back to Glossary → Taxonomy → All Domains

Last updated: 2026-03-22