Kymatio Isotype
Why Kymatio
Partners
Book a demo
Book a demo
EN
Kymatio Isotype
Why Kymatio
Partners
Book a demo
This website uses cookies

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.

I acceptSettings
Cookie settings
Kymatio uses cookies to make your experience better. Check our Privacy Policy to learn more.
Strictly necessary (always active)
Cookies required to enable basic website functionality.
Accept all cookiesSave settings
Close
articles
Social Engineering: An Unknown Concept
Cyberattacks
Cybersecurity Glossary

Social Engineering: An Unknown Concept

by
Andrea Zamorano
|
April 25, 2022

When we hear the term "cybersecurity", the first thing that usually comes to mind is the security of devices and networks: antivirus, firewalls, data encryption... The human factor is often forgotten or, at the very least, relegated to the background.

IN THIS article
Text Link
Book a demo

The Human Factor in Cybersecurity: Why Awareness is Key

When we hear the term cybersecurity, we often think of device and network protection: antivirus, firewalls, data encryption. The human factor is frequently forgotten or relegated to the background, despite studies showing that more than 90% of security incidents involve people in some way.

While organizations are increasingly aware of this, incidents continue to occur daily. Most are caused by employees without malicious intent, with social engineering attacks playing a major role.

Social engineering: an underestimated threat

Social engineering manipulates people into performing actions that benefit the attacker — such as clicking a link, downloading a file, providing credentials, or making transfers.
Phishing is the most well-known example, but vishing (voice calls), smishing (SMS messages), and even face-to-face interactions are also common.

Anyone can be a victim — not just those working with sensitive data. An employee may receive a malicious USB stick, a fraudulent phone call, or a convincing fake email.

Real-world examples

  • Mapfre (2020) – A phishing email compromised an employee’s credentials, granting attackers access to systems. The breach escalated into a ransomware attack.
  • Zendal (2020) – Using CEO fraud, attackers impersonated executives and auditors via email, leading to transfers worth €9 million before detection.
  • State Public Employment Service of Spain (2021) – Ryuk ransomware spread across employee devices, encrypting critical information. Negligence, such as executing malicious files, played a role.
  • Infected USB scams – US companies received USB drives disguised as gifts from Amazon or government agencies. Once connected, they installed ransomware.
  • WeTransfer impersonation – Emails claimed to include a court summons, directing victims to a fake WeTransfer site to steal credentials.
  • Microsoft support scam – Through vishing, attackers posed as Microsoft technicians, convincing victims to install remote-control software, granting them full access to sensitive data.

Building human firewalls

Just as we install technological defenses, people must also become a line of defense. This requires comprehensive awareness — knowing not just how to manage passwords or maintain a secure workplace, but also how to detect and respond to diverse attack vectors.

Phishing may be the most common, but threats like baiting (infected USB drives) and vishing are equally dangerous. Cybercriminals exploit human vulnerabilities just as they exploit software flaws.

Understanding these weaknesses — and recognizing them in ourselves — is essential for staying alert and preventing attacks with potentially serious consequences.

related articles

Explore more articles

Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
Cyberattacks
Cybersecurity Prevention
Why an AI-Phishing Benchmark is Critical for Your 2025 Strategy
by
Kymatio
|
August 19, 2025
NIS2 vs. DORA comparison — what applies to your organization
Cyberattacks
Cybersecurity Glossary
NIS2 vs. DORA comparison — what applies to your organization
by
Kymatio
|
August 1, 2025
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
Cyberattacks
Cybersecurity Prevention
Annual Campaign Calendar: Phishing, Smishing, Vishing and QRishing
by
Kymatio
|
July 29, 2025
ACTIVATE YOUR HUMAN FIREWALLS

Ready to uncover the real risk within your organization

Book a demo
Know the real risk
4.8 in Capterra

Join the Kymatio® newsletter and get the latest insights, research, and practical tips on cybersecurity awareness prevention straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Services
HRMAssessment  & AwarenessAttack SimulationsBreach ScanDigital Wellbeing
Use cases
Public SectorFinancial SectorHealthcare SectorLarge enterprises
About us
Why KymatioKnow KymatioOur valuesSuccess Stories
Resources
BlogWebinarsWhitepapersNews
Get in touch
ContactLinkedInXFacebookYoutube
© 2025 Kymatio. All Rights reserved.
Privacy policy
·
Compliance
·
Cookies Policy
·
Legal Notice
·
AI Policy