{"id":17456,"date":"2025-05-14T12:07:41","date_gmt":"2025-05-14T16:07:41","guid":{"rendered":"https:\/\/joindeleteme.com\/?post_type=b2b-post&#038;p=17456"},"modified":"2025-05-14T12:07:44","modified_gmt":"2025-05-14T16:07:44","slug":"what-will-it-take-to-reduce-social-engineering-risk-in-2025","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/what-will-it-take-to-reduce-social-engineering-risk-in-2025\/","title":{"rendered":"What Will It Take to Reduce Social Engineering Risk In 2025?"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#effective-social-engineering-hinges-on-personal-data\">Effective Social Engineering Hinges on Personal Data<\/a><\/li><li><a href=\"#how-data-broker-information-fuels-social-engineering-attacks\">How Data Broker Information Fuels Social Engineering Attacks<\/a><\/li><li><a href=\"#ai-is-making-social-engineering-faster-easier\">AI Is Making Social Engineering Faster &amp; Easier\u00a0<\/a><\/li><li><a href=\"#removing-employee-personal-information-from-online-sources-can-significantly-reduce-social-engineering-risk\">Removing Employee Personal Information from Online Sources Can Significantly Reduce Social Engineering Risk<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>Social engineering risk is growing so fast that <a href=\"https:\/\/www.weforum.org\/publications\/global-cybersecurity-outlook-2025\/digest\/\" target=\"_blank\" rel=\"noreferrer noopener\">nearly 1 in 2 organizations<\/a> reported experiencing phishing and social engineering attacks last year.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Social engineering is a manipulation technique criminals use to exploit human behavior to deceive individuals into revealing sensitive information, granting access to systems, or performing actions that compromise security.<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Criminals invest in social engineering because it allows them to bypass technical security defenses and requires minimal resources compared to technical hacking, yet can produce massive results (e.g., access to corporate networks or financial accounts).&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<p>However, social engineering campaigns still rely on criminals getting access to one core input &#8211; personal data.&nbsp;<\/p>\n\n\n\n<p>Unfortunately for anyone who is not a cybercriminal, the existence of data brokers (read more about these companies below) means that this dangerous social engineering data risk source is not difficult to find.&nbsp;<\/p>\n\n\n\n<p>Now, with access to large language models and artificial intelligence tools easier than ever, targeted social engineering attacks have never been simpler or less resource-intensive to carry out at scale.<\/p>\n\n\n\n<p>DeleteMe has helped dozens of household name companies, public sector agencies, and high-risk individuals fight back against social engineering.&nbsp;<\/p>\n\n\n\n<p>Based on our experience and understanding of the current social engineering threat landscape, here\u2019s what we\u2019d recommend organizations do to reduce their social engineering risk in 2025.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"effective-social-engineering-hinges-on-personal-data\">Effective Social Engineering Hinges on Personal Data<\/h2>\n\n\n\n<p>In a <a href=\"https:\/\/www.reddit.com\/r\/cybersecurity\/comments\/1bcxl16\/what_is_the_best_phishing_email_you_have_seen\/\" target=\"_blank\" rel=\"noreferrer noopener\">Reddit post<\/a> titled \u201cWhat is the best phishing email you have seen?\u201d one of the most popular responses was:<\/p>\n\n\n\n<p>\u201cDavid has shared a folder with you.\u201d<\/p>\n\n\n\n<p>As the commenter later explained, the phishing email came from an attacker <strong>who \u201cused the manager\u2019s name <\/strong>to make the click happen.\u201d&nbsp;&nbsp;&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"515\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/redditsocialengineering-1024x515.png\" alt=\"Reddit post about effective phishing emails \" class=\"wp-image-17457\" style=\"width:760px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/redditsocialengineering-1024x515.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/redditsocialengineering-300x151.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/redditsocialengineering-768x387.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/redditsocialengineering.png 1506w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Because the email included the target\u2019s manager\u2019s name (someone the employee knew in a work context), it was more believable.&nbsp;<\/p>\n\n\n\n<p>Lucky for the organization, the employee reported the email for investigation.&nbsp;<\/p>\n\n\n\n<p>That may not always be the case, as proven by another commenter in the Reddit thread, who said, \u201cI did one [phishing email] that was a fake OneDrive email. <strong>I made it look like it came from a C-level whose last name was Martin, but I spelled it Martian. Got a bunch of people with that one.\u201d<\/strong><\/p>\n\n\n\n<p>It\u2019s not always email &#8211; social engineering by phone is also popular and can be made more effective with personal data.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"187\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/phishingphonecall-1024x187.png\" alt=\"Reddit post about effective vishing \" class=\"wp-image-17458\" style=\"width:778px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/phishingphonecall-1024x187.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/phishingphonecall-300x55.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/phishingphonecall-768x140.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/phishingphonecall.png 1350w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Social engineering attacks don\u2019t strictly <em>require <\/em>personal data (beyond the targets\u2019 email addresses\/phone numbers\/etc.), but as demonstrated by the above anecdotes, information on a social engineering target seriously increases the likelihood of success.&nbsp;<\/p>\n\n\n\n<p>That\u2019s why many criminals do extensive research on their victims.<\/p>\n\n\n\n<p>This process of finding out as much information as possible about social engineering targets is often called open-source intelligence (OSINT). Partially, OSINT means gathering intelligence from publicly available tools and sources.\u00a0<\/p>\n\n\n\n<p>Criminals use data brokers as OSINT tools.\u00a0<\/p>\n\n\n\n<p><strong>We know from leaked criminal group chat logs that attackers use <\/strong><a href=\"https:\/\/www.varonis.com\/blog\/contileaks\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>OSINT tools like data brokers<\/strong><\/a><strong> to find social engineering targets and contacts to \u201cname drop\u201d within social engineering campaigns to make them look more believable.\u00a0<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-data-broker-information-fuels-social-engineering-attacks\">How Data Broker Information Fuels Social Engineering Attacks<\/h2>\n\n\n\n<p>Data brokers are companies that gather personal information about individuals from various sources, compile this information into comprehensive reports, and share or sell these reports to more or less anyone.&nbsp;<\/p>\n\n\n\n<p>There are two main types of data brokers:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>B2B data brokers.\u00a0<\/li>\n\n\n\n<li>People search sites.\u00a0<\/li>\n<\/ol>\n\n\n\n<p>B2B data brokers publish people\u2019s professional data, as well as information about organizations. For example, a person\u2019s education and employment history, past and current roles, org charts, and more.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"822\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerorgchart-1-1024x822.png\" alt=\"Data broker displaying an org chart \" class=\"wp-image-17460\" style=\"width:647px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerorgchart-1-1024x822.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerorgchart-1-300x241.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerorgchart-1-768x616.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerorgchart-1-1536x1233.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerorgchart-1.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>On the other hand, people search sites focus on people\u2019s personal information. Things like their personal phone numbers, home addresses, family member names, links to personal social media profiles, etc.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"714\" height=\"880\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerfamilymembers.png\" alt=\"Data broker showing a person's family member information \" class=\"wp-image-17461\" style=\"width:391px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerfamilymembers.png 714w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2025\/05\/databrokerfamilymembers-243x300.png 243w\" sizes=\"(max-width: 714px) 100vw, 714px\" \/><\/figure>\n\n\n\n<p>Either one of these sources can give criminals a lot of information to work with when crafting social engineering campaigns.&nbsp;<\/p>\n\n\n\n<p>Combine the two, and you have a gold mine of data.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ai-is-making-social-engineering-faster-easier\">AI Is Making Social Engineering Faster &amp; Easier&nbsp;<\/h2>\n\n\n\n<p>Artificial intelligence (AI) makes gathering information about social engineering targets even easier.&nbsp;<\/p>\n\n\n\n<p>In <a href=\"https:\/\/link.springer.com\/article\/10.1007\/s10462-024-10973-2\" target=\"_blank\" rel=\"noreferrer noopener\">a report on generative AI in social engineering and phishing<\/a>, researchers say that:\u00a0<\/p>\n\n\n\n<p><em>\u201cWith its mastery of language and analytical abilities, <\/em><strong><em>Generative AI can scrutinize the digital footprints of targets. This provides insights into a target\u2019s specific interests, affiliations, or behaviors.<\/em><\/strong><em>\u201d<\/em><\/p>\n\n\n\n<p>In other words, AI can quickly pull relevant information about a person from hundreds of sources.&nbsp;<\/p>\n\n\n\n<p>In a <a href=\"https:\/\/arxiv.org\/abs\/2412.00586?ref=hackernoon.com\" target=\"_blank\" rel=\"noreferrer noopener\">recent Harvard study<\/a> on large language models\u2019 capability to launch fully automated spear phishing campaigns, <strong>AI models were able to collect accurate and useful data on people in 88% of cases.\u00a0<\/strong><\/p>\n\n\n\n<p>AI can also help write the actual content of the emails (or texts, social media messages, etc.)&nbsp;<\/p>\n\n\n\n<p>As per the above-mentioned report on generative AI in social engineering and phishing:&nbsp;<\/p>\n\n\n\n<p><em>\u201cThis gathered intelligence can subsequently be used to develop the attack strategy\u2014referred to as pretexting. Pretexting is a broad stage that encapsulates the creation of a story, scenario, or identity that an attacker uses to engage with the target. [&#8230;] <\/em><strong><em>This enables context-aware phishing, where AI crafts malicious content that resonates with the target\u2019s communication patterns, making the story or scenario highly believable. This might include emails that sound like they\u2019re from colleagues, friends, or familiar institutions.\u201d&nbsp;<\/em><\/strong><\/p>\n\n\n\n<p>It\u2019s perhaps unsurprising that AI-generated phishing emails saw a 54% click-through rate in the Harvard study &#8211; the same as emails crafted by human experts and much higher than arbitrary phishing emails (which had a 12% click-through rate).&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"removing-employee-personal-information-from-online-sources-can-significantly-reduce-social-engineering-risk\">Removing Employee Personal Information from Online Sources Can Significantly Reduce Social Engineering Risk<\/h2>\n\n\n\n<p>The most effective step any organization that wants to reduce its social engineering risk can take is to minimize the amount of personal information available about its employees online.&nbsp;<\/p>\n\n\n\n<p>This should encompass regularly auditing the organization\u2019s public-facing information (including on corporate social media profiles and company websites) to identify and mitigate unnecessary exposure and provide training to employees on safe online behaviors.&nbsp;<\/p>\n\n\n\n<p>Data broker exposure should also be taken into account and dealt with.&nbsp;<\/p>\n\n\n\n<p>Though it\u2019s possible to remove employees&#8217; personal data from data brokers and people search sites manually, it\u2019s a time-consuming process and one that needs to be repeated periodically as data brokers are known to republish information once they find more of it online, even if a person has previously \u201copted out.\u201d&nbsp;<\/p>\n\n\n\n<p>A better solution is to enroll employees, starting with those most exposed to social engineering risk, into <a href=\"https:\/\/joindeleteme.com\/business\/\" target=\"_blank\" rel=\"noreferrer noopener\">a continuous service<\/a> that proactively removes their personal data across hundreds of websites.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Social engineering risk is growing so fast that nearly 1 in 2 organizations reported experiencing phishing and social engineering attacks last year.\u00a0 Criminals invest in social engineering because it allows them to bypass technical security defenses and requires minimal resources compared to technical hacking, yet can produce massive results (e.g., access to corporate networks or [&hellip;]<\/p>\n","protected":false},"author":14,"featured_media":0,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[],"class_list":["post-17456","b2b-post","type-b2b-post","status-publish","format-standard","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/17456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/14"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/17456\/revisions"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=17456"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=17456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}