Social Engineering 2.0: When artificial intelligence becomes the ultimate manipulator
Once the domain of elite spies and con artists, social engineering is now in the hands of anyone with an internet connection – and AI is the accomplice. Supercharged by generative tools and deepfake technology, today's social engineering attacks are no longer sloppy phishing attempts. They're targeted, psychologically precise, and frighteningly scalable.
Welcome to Social Engineering 2.0, where the manipulators don't need to know you personally. Their AI already does.
Deception at machine levels
Social engineering works because it bypasses firewalls and technical defences. It attacks human trust. From fake bank alerts to long-lost Nigerian princes, these scams have traditionally relied on generic hooks and low-effort deceit. But that's changed, and continues to.
'AI is augmenting and automating the way social engineering is carried out,' says Anna Collard, SVP of Content Strategy&Evangelist at KnowBe4 Africa. 'Traditional phishing markers like spelling errors or bad grammar are a thing of the past. AI can mimic writing styles, generate emotionally resonant messages, and even recreate voices or faces (https://apo-opa.co/409nwPV) – all within minutes.'
The result? Cybercriminals now wield the capabilities of psychological profilers. By scraping publicly available data – from social media to company bios – AI can construct detailed personal dossiers. 'Instead of one-size-fits-all lures, AI enables criminals to create bespoke attacks,' Collard explains. 'It's like giving every scammer access to their own digital intelligence agency.'
The new face of manipulation: Deepfakes
One of the most chilling evolutions of AI-powered deception is the rise of deepfakes – synthetic video and audio designed to impersonate real people. 'There are documented cases where AI-generated voices have been used to impersonate CEOs and trick staff into wiring millions (https://apo-opa.co/4e4JBVv),' notes Collard.
In South Africa, a recent deepfake video circulating on WhatsApp featured a convincingly faked endorsement by FSCA Commissioner Unathi Kamlana promoting a fraudulent trading platform. Nedbank had to publicly distance itself from the scam (https://apo-opa.co/4e4JCJ3).
'We've seen deepfakes used in romance scams, political manipulation, even extortion,' says Collard. One emerging tactic involves simulating a child's voice to convince a parent they've been kidnapped (https://apo-opa.co/3HY5WrR) – complete with background noise, sobs, and a fake abductor demanding money.
'It's not just deception anymore,' Collard warns. 'It's psychological manipulation at scale.'
The Scattered Spider effect
One cybercrime group exemplifying this threat is Scattered Spider. Known for its fluency in English and deep understanding of Western corporate culture, this group specialises in highly convincing social engineering campaigns. 'What makes them so effective,' notes Collard, 'is their ability to sound legitimate, form quick rapport, and exploit internal processes – often tricking IT staff or help-desk agents.' Their human-centric approach, amplified by AI tools, such as using audio deepfakes to spoof victims' voices for obtaining initial access, shows how the combination of cultural familiarity, psychological insight, and automation is redefining what cyber threats look like. It's not just about technical access – it's about trust, timing, and manipulation.
Social engineering at scale
What once required skilled con artists days or weeks of interaction – establishing trust, crafting believable pretexts, and subtly nudging behaviour – can now be done by AI in the blink of an eye. 'AI has industrialised the tactics of social engineering,' says Collard. 'It can perform psychological profiling, identify emotional triggers, and deliver personalised manipulation with unprecedented speed.'
The classic stages – reconnaissance, pretexting, rapport-building – are now automated, scalable, and tireless. Unlike human attackers, AI doesn't get sloppy or fatigued; it learns, adapts, and improves with every interaction.
The biggest shift? 'No one has to be a high-value target anymore,' Collard explains. 'A receptionist, an HR intern, or a help-desk agent; all may hold the keys to the kingdom. It's not about who you are – it's about what access you have.'
Building cognitive resilience
In this new terrain, technical solutions alone won't cut it. 'Awareness has to go beyond ' don't click the link,'' says Collard. She advocates for building 'digital mindfulness' and 'cognitive resilience' – the ability to pause, interrogate context, and resist emotional triggers (https://apo-opa.co/3FF6Zwn).
This means:
Training staff to recognise emotional manipulation, not just suspicious URLs.
Running simulations using AI-generated lures, not outdated phishing templates.
Rehearsing calm, deliberate decision-making under pressure, to counter panic-based manipulation.
Collard recommends unconventional tactics, too. 'Ask HR interviewees to place their hand in front of their face during video calls – it can help spot deepfakes in hiring scams,' she says. Families and teams should also consider pre-agreed code words or secrets for emergency communications, in case AI-generated voices impersonate loved ones.
Defence in depth – human and machine
While attackers now have AI tools, so too do defenders. Behavioural analytics, real-time content scanning, and anomaly detection systems are evolving rapidly. But Collard warns: 'Technology will never replace critical thinking. The organisations that win will be the ones combining human insight with machine precision.'
And with AI lures growing more persuasive, the question is no longer whether you'll be targeted – but whether you'll be prepared. 'This is a race,' Collard concludes. 'But I remain hopeful. If we invest in education, in critical thinking and digital mindfulness, in the discipline of questioning what we see and hear – we'll have a fighting chance.'
Distributed by APO Group on behalf of KnowBe4.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
5 hours ago
- Zawya
Egypt assumes vice presidency of the International Gas Union, paving the way for 2028 presidency
Mohamed Fouad: The Egyptian Gas & Energy Association has launched an advisory council comprising senior leaders from both public and private sectors and international partners. Karim Shaaban: We aim to enhance internal integration among the IGU's committees to ensure its initiatives align with member states' priorities. Cairo — For the first time ever, Egypt has officially assumed the position of Vice President of the International Gas Union (IGU) through the Egyptian Gas & Energy Association. This step paves the way for Egypt's upcoming presidency of the next triennium (2028-2031). This role reflects increasing international confidence in Egypt's capabilities to effectively contribute to shaping the future of global energy, marking it as the first country from Africa and the Middle East to hold this prestigious position. Eng. Khaled AbuBakr, Chairman of the Egyptian Gas & Energy Association (EGEA), has taken up the role of IGU Vice President. In this capacity, he participates in all meetings and activities of the IGU and the Executive Committee. He also represents the IGU in the ongoing gas debates, such as the G7, G20, and UN Climate Change Conferences, in addition to the major international conferences, to advance its strategic vision and enhance its global influence. Eng. Mohamed Fouad, Secretary General of EGEA, serves as the Egyptian Presidency Team Director for the IGU, in addition to his role as Chair of the National Organization Committee for the 2031 World Gas Conference (WGC), which is to be held in Egypt. Meanwhile, Eng. Karim Shaaban, Head of the Strategy and Planning Committee of EGEA, holds the position of Vice Chair of the Coordination Committee and a member of the Executive Committee of the IGU. His responsibilities include overseeing the work of the IGU's committees and contributing to the preparation and submission of the Triennial Work Programme (TWP) to the Executive Committee. In this context, Eng. Khaled AbuBakr, Vice President of the IGU and Chairman of EGEA, stated: 'From Egypt and Africa, we embark to power the whole world with secure and clean energy. This leadership role represents a significant step through which we intend to enhance energy security by developing gas policies and infrastructure, improving the Gas industry's resilience to price volatility, providing necessary investments, and accelerating the transition towards more sustainable energy sources. We are fully committed to coordinating with the Italian Presidency of the IGU to ensure the Union's objectives are achieved during this phase.' Abubakr added: 'Through this position, we aim to transform the Egyptian experience into an international model to be emulated. This role enables Egypt to strengthen international cooperation and attract investment, supporting its pursuit of sustainable development and solidifying its role as a regional energy hub. We deeply appreciate the Egyptian government's support in securing this nomination.' Eng. Mohamed Fouad, Secretary General of the Egyptian Gas & Energy Association (EGEA), also outlined the Association's expanded strategy, which extends beyond natural gas to include low-carbon technologies and renewable energy. This expansion stems from the EGEA's strong belief in the importance of a balanced and inclusive energy transition. Fouad added, "The Association has launched its new Advisory Board, comprising a distinguished group of senior leaders from both the public and private sectors, as well as international partners operating in Egypt's energy and gas sector. The private sector will provide deep insights into market trends and investment opportunities, while the public sector will ensure initiatives align with regulatory policies." For his part, Eng. Karim Shaaban, Vice Chair of the Coordination Committee and member of the Executive Committee of the IGU, and Head of the Strategy and Planning Committee of EGEA, stated: "Through this committee, we aim to enhance internal integration among the IGU's committees and working groups, ensuring its initiatives align with member states' priorities. We also contribute to preparing the program for the 2028 World Gas Conference and collaborate with the leadership of the R&D and Innovation Committee to formulate sessions for the International Gas Research Conference (IGRC). These efforts contribute to elevating the Union's standing in the global gas industry." As a result of winning the presidency of the International Gas Union (IGU) for the 2028-2031 term, Egypt is set to host the 31st edition of the World Gas Conference (WGC) in 2031, marking the IGU's centenary anniversary. This event stands as the global gas and energy industry's most significant gathering, convening top experts and decision-makers to delve into the sector's primary challenges and opportunities. Hosting the WGC will underscore Egypt's leadership in energy transition and technological innovation, along with its initiatives to establish a regional green energy hub, ultimately bolstering its standing as a prime destination for investment and tourism.
Zawya
10 hours ago
- Zawya
CI Capital successfully concludes EGP 665.5mln securitized bond issuance for Aman Consumer Finance
Cairo: CI Capital ( the leading diversified financial services group, announced today the successful conclusion of the third securitized bond issuance on behalf of Aman Securitization, with the originator being Aman Consumer Finance. The issuance comes in 3 tranches: the first valued at EGP 307 Mn, with a tenor of 6 months, The second tranche, valued at EGP 222 Mn, with a tenor of 12 months. Both tranches received a Prime 1 rating from Middle East Ratings and Investor Services (MERIS). The third tranche, valued at EGP 136.5 Mn, with a tenor of 23 months, received a rating of A-. "This issuance, marking the Seventh issuance concluded by CI Capital for Aman Holding, a portfolio company of Raya Holding, reflects CI Capital's series of successes by executing numerous key transactions, further reinforcing our leading position as Egypt's leading advisory house. This issuance also affirms our ability to provide our clients with diverse and innovative investment solutions,' Commented Amr Helal, Chief Executive Officer (Sell-Side) of the Investment Bank at CI Capital. 'CI Capital has effectively concluded seven securitized bond issuances for Aman since 2023, strongly indicating the solid partnership between the two companies. He expressed his aspiration to enhance strategic cooperation between the two companies further, considering Aman one of CI Capital's most significant partners,' Added Helal. In the same context, Eng. Hazem Moghazi, Co-CEO of Business and Commercial Affairs at AMAN Holding, added: 'The success of this issuance reflects the strong confidence that investors place in AMAN Holding and in the Egyptian market overall. Since the launch of our securitization program, we have successfully completed issuances totaling nearly EGP 9.7 billion to date, which stands as a testament to our commitment to sustainable growth and to contributing to the development of Egypt's non-banking financial sector. We are proud to collaborate with all stakeholders involved in AMAN Securitization's various issuances, and we remain committed throughout 2025 to implementing our strategy of diversifying funding sources and enhancing financial transparency—supporting market stability and aligning with the aspirations of the national economy.' Mohamed Abbas, Head of DCM at CI Capital, expressed his pleasure for the successful conclusion of the issuance in partnership with Aman, noting that Aman is one of CI Capital's key success partners. He also emphasized his pride in the enduring relationships with Aman, having executed issuances with innovative structures and solutions. Finally, Abbas highlighted the substantial investor interest in the issuance, reflecting strong market confidence in both CI Capital and Aman's portfolio performance. CI Capital acted as financial adviser, issuance manager, and arranger in the issuance, while Zaki Hashem & Partners acted as the legal advisor, and United for Auditing, Tax, Advisory & Financial Services (UHY) acted as the issuance's financial auditor. About CI Capital Holding for Financial Investments CI Capital Holding for Financial Investments (Ticker: CICH EY, is a diversified financial services group and Egypt's leading provider of leasing, microfinance, mortgage finance, consumer finance, and investment banking products and services. Through its headquarters in Cairo, and presence in New York and Dubai, CI Capital Holding for Financial Investments offers a wide range of financial solutions, to a diversified client base that includes global and regional institutions and family offices, large corporates, SMEs, and high-net-worth and individual investors. CI Capital Holding for Financial Investments leverages its full-fledged investment banking platform to provide market-leading capital raising and M&A advisory, asset management, securities brokerage, custody, and research. Through its subsidiary, Corplease, CI Capital offers comprehensive leasing solutions, including finance and operating leases, and sale and leaseback, serving a wide range of corporate clients and SMEs. Additionally, CI Capital Holding for Financial Investments offers microfinance lending through Egypt's first licensed MFI, Reefy. The Group has over 4,000 employees, led by a team of professionals who are among the most experienced in the industry, with complementary backgrounds and skill sets, and a deep understanding of local market dynamics. Banque Misr, one of Egypt and Africa's most renowned financial banks, is the majority shareholder of CI Capital Holding. For more information, please contact CI's Investor Relations Department Email:
Khaleej Times
16 hours ago
- Khaleej Times
Passwords hacked worldwide: UAE cybersecurity experts urge companies to boost IT security
UAE-based cybersecurity experts are urging companies to boost password security to stay ahead of emerging threats in every aspect of operations, following news over the weekend that more than 16 billion login credentials globally were found exposed. The breach contains usernames and passwords from tech giants like Apple, Google, Facebook, Telegram, GitHub, and even some government websites, according to researchers at Cybernews, who said the findings were the result of an ongoing investigation that the team started early this year. They warned: 'With more than 16 billion login records exposed, cybercriminals now have unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing. It is especially alarming that these aren't just old breaches being recycled. This is fresh, weaponisable intelligence at scale.' Speaking to Khaleej Times, Dubai-based cybersecurity Rayad Kamal Ayub said: 'The gravity of this situation cannot be overstated. This is weaponising intelligence at scary scales for extortion. 'With such a significant number of login records compromised, the potential for abuse is immense. Cybercriminals can leverage these fresh datasets to orchestrate more sophisticated attacks, making it easier for them to impersonate individuals and gain access to sensitive information. The fact that these records are recent means that they reflect current user behaviors and trends, which can enhance the effectiveness of phishing attempts and other forms of exploitation,' added Ayub, who is also the managing director of Rayad Group. Ayub said although the UAE has achieved a top-tier classification in the Global Cybersecurity Index 2024, it is strongly advised for organisations to boost password security by using password managers, enforcing minimum length and complexity standards, and enabling multi-factor authentication. Companies should also regularly audit access controls, monitor for credential leaks, and adopt real-time detection solutions. 'It is advisable to hire professionals or cybersecurity companies to maintain databases and access control. Hospitals, banks and retailers should keep their data unencrypted and not put customers at risk,' added Ayub, who noted in the data leak 'Ana' appeared in 178.8 million instances. Joker, Batman, Thor, apple, rice used as passwords Ayub said profane language also showed up in 165 million passwords; while few of the frequently used pop culture terms in passwords included 'Mario' (9.6 million), 'Joker' (3.1 million), 'Batman' (3.9 million), and "Thor" (6.2 million). More than 10 million of the passwords featured 'apple', 4.9 million passwords have 'rice', and 3.6 million "orange," while 3.3 million opted for "pizza." Carolyn Duby, field CTO and cybersecurity GTM lead at Cloudera, noted: 'Cybercrime is expected to cost the world $10.5 trillion by 2025, having already cost $9.5 trillion in 2024 alone. 'Attacks by ransomware now happen every 11 seconds, and the average cost of a data breach has increased to $4.88 million. Companies using automation and artificial intelligence (AI) in their security operations are saving $2.22 million on average for each breach. Duby underscored 'data is both a strategic asset and a prime target. Protecting data at scale calls for intelligence, adaptability, trust, and immediate call to action to avoid massive data breaches. She recommended the first and most crucial step in protecting consumer trust is securing critical and personally identifiable information (PII). 'All data is equal in the eyes of AI, and will be used blindly, unless proper parameters are set,' she underscored. Detect, protect, defend, repeat Louise Bou Rached, director–Middle East, Turkey, and Africa at Milestone Systems, reiterated: "Today, protecting the future of innovation, reputation, and digital freedom requires more than just preventing breaches. 'Companies must implement a layered, zero-trust strategy that goes beyond reactive defense and involves constant verification of each user, device, and application. Strong access controls, multi-factor authentication, endpoint security, and frequent security audits are all part of this,' she added. Maintaining basic cyber hygiene is essential. But more importantly, according to the cybersecurity experts, protecting companies from cyberthreats is a collective thrust. 'Cybersecurity is now a fundamental component of trust, resilience, and business continuity in today's hyperconnected world, not just an internal IT function,' Rached pointed out, underscoring: 'Given that even the most sophisticated systems can be compromised with a single click, encouraging staff members through cybersecurity awareness training is equally crucial.'
