The rapid adoption of artificial intelligence is transforming the cybersecurity landscape, enabling threat actors to execute increasingly sophisticated social engineering campaigns across multiple communication channels. According to Bobby Ford, Chief Strategy and Experience Officer at Doppel, traditional security practices centered on blocking malicious emails or malware are no longer sufficient to address modern threats. Organizations are facing adversaries that operate at machine speed, leveraging AI to create highly personalized attacks that extend beyond email into collaboration platforms, mobile messaging applications, social media networks, and online advertising ecosystems. As these tactics evolve, security teams are being urged to shift their focus from simply preventing isolated incidents to disrupting entire attack campaigns before they reach their intended targets.
Ford describes today’s social engineering attacks as a structured attack chain that unfolds across multiple stages designed to establish trust, manipulate human behavior, and ultimately achieve compromise. The process begins with attackers creating convincing infrastructure using automation and AI technologies. This can include lookalike domains, fake executive identities, deceptive social media profiles, fraudulent ecommerce storefronts, and counterfeit support websites. By analyzing publicly available information such as branding materials, leadership communications, and organizational messaging, attackers can generate highly realistic assets that closely resemble legitimate entities. According to Ford, these activities often occur outside traditional security perimeters, making them difficult for existing defensive tools to detect. Once the infrastructure is established, threat actors launch coordinated campaigns through phishing emails, SMS messages, messaging platforms, voice calls powered by deepfake technology, and misleading advertisements. These campaigns are often tailored based on geography, language, job role, and user behavior, allowing attackers to continuously refine their methods and increase effectiveness.
As attacks progress, they move from external channels into trusted business environments where employees routinely conduct sensitive activities. Fraudulent messages may appear in collaboration platforms, business email inboxes, recruitment networks, or mobile devices, placing attackers directly within contexts where financial transactions, credential changes, and operational decisions occur. Ford notes that many organizations remain heavily focused on email security despite evidence that a growing percentage of social engineering campaigns now span multiple channels. Once engagement begins, attackers frequently use AI powered conversational tools and synthetic voice technologies to maintain real time interactions with victims. These conversations can involve impersonated executives, support personnel, recruiters, or trusted vendors who respond dynamically to concerns and objections. The objective is to build confidence and lower skepticism until the victim performs a desired action such as sharing credentials, approving payments, modifying security settings, or granting access. By the time an organization recognizes the activity as malicious, attackers may have already obtained sensitive information, compromised privileged accounts, or initiated broader operational disruption.
Ford argues that organizations must adopt a proactive and unified approach to counter these threats. Rather than relying solely on inbound filtering technologies, endpoint protection tools, and user awareness training, security teams should focus on identifying and dismantling attacker infrastructure before campaigns gain momentum. This includes monitoring domains, social media platforms, app stores, advertising networks, and dark web sources for signs of impersonation and fraud. AI, natural language analysis, and computer vision technologies can help correlate seemingly unrelated indicators into a single threat campaign, enabling faster response and remediation. Ford also advocates for the use of automated honeypots that safely engage malicious actors to gather intelligence and strengthen evidence for takedown requests. Combined with API driven remediation processes that work directly with registrars, technology platforms, and telecommunications providers, organizations can significantly reduce the lifespan and effectiveness of fraudulent infrastructure. As AI continues to reshape the threat landscape, cybersecurity professionals are increasingly recognizing that resilience depends not only on blocking malicious activity but also on identifying, mapping, and disrupting the broader social engineering ecosystem that supports it.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
