Social Engineering Attacks: Proofpoint’s 2022 Social Engineering Report

Modern information systems trust nobody online – and neither should you.

July 12, 2022

It’s a sad reality that we cannot trust people on the internet and as time goes on, this only becomes clearer. As potential victims become more careful, scammers have adopted more complex and convincing techniques to achieve their goals.

In the cyber security space, we talk a lot about phishing and scam emails, it would be safe to wager that if you have an email address you have received a phishing email. Most people probably have an idea in their mind of what a scam email looks like, often impersonal with poor spelling from a very questionable email address.

Proofpoint’s 2022 Social Engineering Report covers numerous false assumptions that can leave you vulnerable to attackers with real life examples of attempted attacks.

A key takeaway from the report was how much we underestimate cyber criminals, both their abilities and their boldness.  

Proofpoint found almost 1,000 malicious social engineering campaigns leveraging legitimate services like Microsoft OneDrive, DropBox, or Google Drive to deliver malicious files or harvest credentials – 14% of all observed campaigns.

Few people expect a scammer to reply to an existing email chain within their own company, or to talk to them on the phone. However, in 2021 Proofpoint observed over 500 campaigns use thread hijacking, associated with 16 different malware families. In most observed cases in which email conversations are stolen off infected hosts and message replies are sent automatically by the attacker.

If you would like to speak to our Cyber Security team, please don't hesitate to get in touch.