{"id":8427,"date":"2026-06-09T11:06:01","date_gmt":"2026-06-09T11:06:01","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8427"},"modified":"2026-06-09T11:06:01","modified_gmt":"2026-06-09T11:06:01","slug":"security-shifts-to-the-human-layer-as-ai-scams-surge","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8427","title":{"rendered":"Security shifts to the human layer as AI scams surge"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

Cybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapting scams to AI-powered tools, trusted digital services, and changing workplace behavior.<\/p>\n

Microsoft Threat Intelligence, in its advisory, said threat actors are \u201cleveraging the wider global interest around AI itself as a social engineering lure,\u201d impersonating platforms such as ChatGPT, Microsoft Copilot, DeepSeek, and Anthropic\u2019s Claude to distribute malware, steal credentials, and commit financial fraud.<\/p>\n

Google, in its latest Fraud & Scams Advisory, separately highlighted the evolution of traditional phishing into Adversary-in-the-Middle (AITM) and QR-code phishing attacks while documenting growing abuse of trusted cloud services, AI-driven investment scams, and impersonation campaigns.<\/p>\n

While Microsoft\u2019s advisory focuses on AI-branded lures and Google\u2019s examines broader fraud trends, both point to attackers evolving established social-engineering techniques to match the growing role AI plays in everyday enterprise workflows rather than relying solely on technical exploits.<\/p>\n

AI lures move into the mainstream<\/h2>\n

\u201cThreat actors are quick to capitalize on highly anticipated launches or emerging trends, leveraging trusted branding and exploiting user curiosity to improve the success rates of their campaigns,\u201d Microsoft said in the advisory<\/a>. The company added that despite the AI branding, the campaigns continue to rely on \u201clongstanding tactics\u201d such as urgency-driven messaging, abuse of trusted services, and multi-stage redirection chains.<\/p>\n

Microsoft argued that AI-themed campaigns are becoming more than opportunistic attacks. \u201cAI-themed lures reflect a shift in social engineering that is likely to persist as a long-term tactic used by threat actors, from cybercriminal groups to nation states,\u201d the advisory said, citing campaigns that used ChatGPT-themed subscription renewal emails and fake DeepSeek V4 repositories employing stolen branding and search optimization to distribute Vidar Stealer malware.<\/p>\n

Google\u2019s advisory reaches a similar conclusion from a different angle.<\/p>\n

\u201cScams continue to be a persistent global challenge, fueled by sophisticated transnational crime groups who seek to exploit people online for financial gain,\u201d the company said<\/a>, citing estimates that global fraud losses could approach $580 billion in 2025. The advisory describes Calendar Phishing campaigns that abuse trusted cloud productivity suites, AITM attacks that mirror legitimate login experiences, and cryptocurrency scams that persuade victims to execute malicious code under the guise of AI-powered investment guidance.<\/p>\n

Rather than introducing entirely new attack techniques, both advisories document cybercriminals adapting familiar phishing, impersonation, and malware campaigns to environments where AI tools and cloud services have become part of everyday work.<\/p>\n

Security shifts to the human layer<\/h2>\n

Security researchers say the findings reflect a broader enterprise challenge as AI becomes embedded across business applications and employee workflows.<\/p>\n

\u201cAI-enhanced phishing and impersonation, including deepfakes, voice cloning, and social engineering, ranks as the single most-cited AI-driven threat concerning enterprises today, with 58% of respondents flagging it,\u201d said Sakshi Grover, senior research manager for Cybersecurity Services Research at IDC Asia\/Pacific.<\/p>\n

\u201cThe attack surface has migrated from software stacks to the cognitive and behavioral layer \u2014 what employees believe, click on, and act upon when an AI-branded experience tells them to,\u201d Grover said.<\/p>\n

Prabhjyot Kaur, senior analyst at Everest Group, said organizations should see the trend as more than another wave of shadow IT.<\/p>\n

\u201cShadow IT was a visibility problem. Shadow AI is a trust exploitation problem,\u201d Kaur said, arguing that AI capabilities increasingly arrive through embedded SaaS features, browser extensions, copilots and productivity platforms that employees adopt as part of routine work.<\/p>\n

Building resilience beyond phishing<\/h2>\n

For enterprise leaders, the challenge increasingly lies in adapting security programs to changing user behavior rather than responding to isolated phishing campaigns, analysts added.<\/p>\n

Apeksha Kaushik, senior principal analyst at Gartner, said adversaries are \u201ccapitalizing on the credibility of leading AI brands\u201d to make social-engineering campaigns \u201chyper realistic and convincingly personalized\u201d through deepfakes, impersonation, and disinformation.<\/p>\n

\u201cAttackers are adapting to how employees interact with AI, targeting the human layer by manipulating trust and routine behaviors rather than seeking technical exploits,\u201d Kaushik said.<\/p>\n

She said organizations should focus on long-term resilience instead of episodic response. \u201cThe strategic battle has shifted from blocking individual episodic attacks to managing the environment itself,\u201d Kaushik said, arguing that stopping one deepfake or impersonation attempt offers only a tactical victory if the broader attack ecosystem continues to evolve.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

Cybercriminals are increasingly reshaping familiar social-engineering campaigns around the way employees use AI, with separate advisories from Microsoft and Google documenting how attackers are adapting scams to AI-powered tools, trusted digital services, and changing workplace behavior. Microsoft Threat Intelligence, in its advisory, said threat actors are \u201cleveraging the wider global interest around AI itself as […]<\/p>\n","protected":false},"author":0,"featured_media":8428,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8427","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8427"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8427"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8427\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8428"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}