As technology continues to advance and the value of digital assets and data grows into and through 2023, so too do the tactics and technologies used by attackers in the realm of social engineering. In the coming year, it is likely that we will see the emergence of new methods and approaches, as well as the evolution of existing ones.

Why? Because social engineering works. Attackers profit from it. This is why it is not going away any time soon and why attackers work so hard to stay ahead of cybersecurity companies and tools.

Below are our predictions for 2023. These deserved their own post in addition to our prediction posts on cybersecurity and data privacy.

Phishing Keeps Evolving

One trend that is likely to continue in 2023 is the use of phishing attacks. These types of attacks involve sending fake emails, text messages, social media messages, Slack messages, or phone calls that appear to be from a real source, in an attempt to trick the recipient into divulging sensitive information or clicking on a malicious link or attachment.

In the past, phishing attacks have often been relatively simple, with attackers using generic templates and obvious red flags to try and lure in victims. However, as awareness of these types of attacks has increased, so too have the sophistication of the tactics used by attackers. In 2023, it is likely that we will see phishing attacks that are more personalized and targeted, using information gleaned from social media and other sources to create more convincing scams.

Even though security filters are constantly improving, detecting more and more phishing attacks, attackers continue to stay one step ahead, or a half a step ahead. At the current scale, a half a step ahead stil means millions of scam messages arrive in inboxes.

AI for Cyberattackers

Another trend that is likely to emerge in the coming year is the use of virtual assistants and other artificial intelligence (AI) technologies as a means of social engineering.

As the use of virtual assistants such as Amazon's Alexa and Google Assistant becomes more widespread, it is possible that attackers will find ways to exploit these technologies for their own gain. For example, an attacker could create a fake app or skill that appears to be a legitimate service, but is actually designed to collect sensitive information from users.

Alternatively, an attacker could use AI to generate convincing fake customer service calls or chat conversations or emails, in an attempt to trick individuals into divulging sensitive information. Notably, we’ve tested making phishing messages with ChatGPT and the messages contain far few red flags than typical, actually-malicious phishing messages.

Social Media Scams Increase

In addition to these trends, it is likely that we will see an increase in the use of social media and messaging apps as a means of conducting social engineering attacks. Attackers may use these platforms to gather information about their targets, or to spread misinformation or propaganda in an effort to manipulate public opinion. We may also see attackers using social media to conduct "influence campaigns," in which they use fake accounts or bots to spread specific messages or ideas in an effort to sway public opinion or influence the outcome of elections.

Protecting Ourselves from Phishing

As social engineering attacks become more prevalent, more pervasive, and harder to detect, individuals need new tools and new mindsets to protect themselves.

To protect against these types of attacks, individuals and organizations will need to stay vigilant and aware of the latest tactics and techniques used by attackers. This may include implementing strong security protocols and regularly updating software and systems, as well as educating employees on how to recognize and avoid social engineering attacks. In addition, it may be helpful for individuals to use strong, unique passwords for their accounts, and to enable two-factor authentication wherever possible.

The realm of social engineering is constantly evolving, and it is likely that we will see the emergence of new tactics and techniques in the coming year. To protect against these types of attacks, it is important for individuals and organizations to stay informed and vigilant, and to implement strong security measures and protocols. As we wrote above, attackers are staying ahead of security so it’s imperative we empower end users, individuals, to detect and prevent social engineering attacks.

By taking these precautions, we can work to mitigate the risks posed by social engineering and protect ourselves and our organizations from these types of attacks.