COMMENTARY: We witnessed a shift this summer that should concern every CISO, CEO, board, and executive team: social engineering has evolved into a high-precision, high-impact weapon.The days of scattered phishing emails with bad grammar and obvious red flags are gone. In their place are highly-tailored campaigns, blending deepfakes, supply-chain compromises, and insider impersonation. The new reality has arrived: attackers aren’t just breaking in, they’re advancing at an alarming rate using AI.[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]From airline help desks and celebrity deepfakes to open-source ecosystems with billions of downloads, this past summer showed us just how broad, and how dangerous, this new threat delivery model has become.This escalation means annual awareness training is now obsolete. Organizations need continuous simulation and adaptive adversary emulation that mirrors how modern attackers operate. Without it, employees and executives are essentially practicing for yesterday’s threats.The reality: social engineering has become a brand protection problem.We’re seeing firsthand how these threats evolve. And the message is clear: attackers no longer need to break into systems, they only need to be convincing enough to get invited in.Organizations must now treat social engineering defense as seriously as they do firewalls, endpoint protection, and MFA.That means teams need to do the following:This summer taught us that social engineering has become the defining attack vector of our time. Whether through impersonation, deepfakes, or poisoned supply chains, attackers are exploiting trust faster than organizations can defend.It’s time to recognize brand protection and social engineering defense as a top priority for every CISO. We must defend brand trust and high-profile identities with the same urgency as networks and endpoints.Kevin Tian, co-founder and CEO, DoppelSC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
The summer’s defining brand attacks
Scattered Spider and IT/help desk impersonation
One of the most concerning campaigns came from Scattered Spider, a group that has repeatedly proven the effectiveness of impersonation-based attacks. By posing as IT or help desk staff in collaboration platforms like Slack and Teams along with help desk sites, the group has successfully compromised managed service providers (MSPs), airlines, insurance companies, retailers, and SaaS prodivers, including Qantas, Aflac, Marks & Spencer, and Salesforce. Their tactics include impersonating internal staff to request that IT teams reset passwords or transfer MFA tokens.These attacks demonstrate that the internal and external tools we rely on daily are now prime targets.Deepfakes of executives and celebrities
Social engineering has moved beyond text and email. Increasingly, it’s visual and auditory. This summer, we saw the chilling case of AI-generated deepfakes of actor Steve Burton, used in a romance scam that cost one victim over $430,000.Great.com founder Erik Bergman was also scammed for $1.25 Million in August through a fake WhatsApp chat that purported to include YouTube star Mr. Beast and others donating crypto funding to a charity.Deepfakes like these prove how personal identity has become a weaponized asset. A CEO’s voice, a CFO’s likeness, or a public figure’s persona can be cloned in minutes and redeployed for fraud at scale.The npm supply-chain attack
In September, the cybersecurity community saw a different kind of social engineering: an attack on trust in software supply chains. Bad actors hijacked maintainers’ accounts to inject malicious code into npm packages with more than 2 billion weekly downloads, including debug and chalk. The attack was initiated by phishing emails that impersonated npm support and were sent from a fraudulent domain.The poisoned versions were live for just a few hours, but that was long enough to ripple across build systems and cloud environments worldwide. Though its actual impact appears limited, the incident underscores the inherent risk posed by widely trusted libraries.Three lessons from a season of escalation
Lesson 1: Help desk platforms are prime targets.
The Scattered Spider campaigns remind us that threat actors know where trust lives—and they exploit it. By impersonating IT staff, they bypassed the most hardened perimeters and exploited human reliance on help desk support.And these aren’t isolated cases. We’re seeing rising abuse across social media, paid ads, and dark web markets, showing that attackers are constantly probing for weak points in the trust graph. For example, the ongoing Fake CAPTCHA attacks.The lesson: internal is not inherently safe. Communication channels inside your enterprise must be protected with the same rigor as external gateways.Lesson 2: Executive identities are ripe for impersonation and deepfakes.
The Steve Burton scam wasn’t just about one victim, it was about a blueprint. If attackers can convincingly deploy a celebrity likeness in romance scams, imagine what they can do with an executive’s voice in a vendor payment fraud scheme, or a CFO’s face in a video call authorizing wire transfers.Executives must now understand that their likeness, voice, and digital persona are attack surfaces. Protecting them is as critical as protecting their laptops or inboxes.This reality reframes executive protection as not just physical security but digital identity defense.Lesson 3: Attacker sophistication has escalated dramatically.
The past three to six months have revealed a steep curve in attacker sophistication because AI. We’re not just seeing better phishing emails, we’re seeing:- Malware embedded in npm libraries trusted by nearly every major developer team.
- Deepfakes with lifelike fidelity capable of deceiving even savvy users.
- Insider-style impersonation in enterprise messaging systems, bypassing perimeter defenses entirely.
Why this matters for brands
Brands thrive on earned trust. When attackers compromise an IT channel, impersonate an executive, or poison a supply chain, the damage isn’t just technical—it’s reputational.- Customers begin to question whether they can trust the brand.
- Employees fall for impersonation attacks.
- Regulators take notice of systemic weaknesses.
- Protect executive identities with monitoring and takedown capabilities.
- Simulate modern attacks to keep employees ready for real adversaries.
- Integrate threat intelligence directly into awareness and defense workflows.
