This is the Trace Id: 1ab23f31dd727eb4b845fdc9f121f4c1
Skip to main content Security Insider Cyber Pulse Microsoft Digital Defense Report Threat landscape Emerging trends Risk management Leadership perspectives Operations Sign up for CISO Digest Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap

Register for the May 6 SANS Cyber Solutions Fest – Cloud & Detection and Response Tracks. Register

Social engineering is scaling faster than ever

Watch the video Share
Two man wearing headphones and sitting in front of a screen displaying Ignite Security Podcast.

Episode highlights

Social engineering is one of the oldest threats, and while the medium may have changed to incorporate technology, the speed at which it has scaled is beyond expectation.

In this conversation, Crane Hassold, one of our principal security researchers, breaks down why nearly every cyberattack still starts with human manipulation, how AI is changing the surface but not the strategy, and why most defenses fail when they rely too heavily on user behavior.

  • Social engineering sits at the root of nearly all cybercrime. The tactics haven’t changed in decades, or even centuries. What has changed is delivery. Email, SMS, and cloud apps have replaced face-to-face deception, but the underlying manipulation remains identical.

    This is not a technology problem. It’s a human one.

    Scroll to timestamp ~00:01:00 for more on this topic.
  • Threat actors exploit instinctive, fast decision-making. The goal is always the same: trigger a reaction before someone has time to think.

    Slowing people down improves outcomes, but it doesn’t eliminate risk. There will never be a zero-failure rate. If your strategy assumes that, it’s already broken.

    Scroll to timestamp ~00:02:00 for more on this topic.
  • AI improves the quality of phishing lures. Emails look more polished, more convincing, and more personalized. That increases click rates significantly.

    But this is where most conversations go off track. Just because something is possible with AI doesn’t mean attackers will use it. Most are still optimizing for speed and profit, not sophistication.

    Scroll to timestamp ~00:04:00 for more on this topic.
  • The majority of cybercrime still relies on simple, proven techniques. Business email influence / compromise and low-effort scams continue to generate billions because they work.

    AI will be used where it improves return. Until then, the path of least resistance wins.

    Scroll to timestamp ~00:07:00 for more on this topic.
  • Security awareness has over-indexed on fear. Suspicious activity alerts, compromised accounts, urgent warnings.

    What’s working now is the opposite. Promotions, bonuses, and rewards. Messages that feel positive, not threatening, are increasingly effective because they bypass skepticism.

    Scroll to timestamp ~00:10:00 for more on this topic.
  • Strong defenses don’t depend on perfect behavior. They assume compromise and reduce impact.

    Controls like MFA and passwordless authentication stop most phishing attacks even when users engage. The goal isn’t prevention at the edge. It’s containment at the core.

    Scroll to timestamp ~00:15:00 for more on this topic.
Watch the video
card-background

More like this

A group of people wearing headphones and sitting in front of a large screen displaying the text Ignite Security Podcast.

Secure by Design in Practice

Hear our partners at IBM discuss what Secure by Design looks like in practice and why it’s becoming a foundational expectation in the era of AI.
Watch the video
A man and woman sitting in chairs.

Modern threats demand modern discipline

Capgemini’s, Mona Ghadiri, shares what it actually takes to run modern security operations at scale.
Watch the video
A white line drawing of a paper in an envelope with the word New on a blue background.

Get the CISO Digest

Stay ahead with expert insights, industry trends, and security research in this bimonthly email series.
Sign up

Follow Microsoft Security

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States) Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads