Avoiding Low-Tech, Human-Centric Cyber Attacks

Latest research highlights that cybercriminals are finding more success in low-tech, high-impact, human-centric tactics. Callback scams – a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware – is an example.

In the first quarter of 2025, callbacks accounted for nearly one in five phishing attempts. For cybercriminals, callbacks are the low-hanging fruit – rather than making the effort to make the phishing call, the victims themselves initiate the phishing phone call. Likewise, cybercriminals find phishing wins with links, attachments, and QR codes.  

Human-centric Attacks Bypass Defences

This kind of human deception is enabling cybercriminals to bypass conventional defences more effectively. Social engineering scams like these are a significant weak spot as they don’t rely on malware and are easily able to bypass email security.

Take malicious phishing attachments. These are increasing because criminals are finding it easy to slide infected files past mechanical email scans, which now have become proficient at spotting compromised links. And possibly also because emails that leave no trace at all, like callback scams, are the safest bet of all.

Another example is SVG file images. Cybercriminals are favouring these files as attachments over PDF attachments. SVG file attachments accounted for 34% of phishing attacks in Q1 of this year. Criminals bypass anti-phishing defences by embedding the <script> tag of an SVG file with a malicious URL. Attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website.

So, what can organisations do? Give them a taste of their own medicine, perhaps?

Weaponise Cybercriminals’ Own Actions Against Them

This shift in cybercriminals’ preference towards low-tech, high-impact tactics, a rethink of email security is needed, taking into consideration the human element as well as technological prowess.

With email being the primary vehicle of such low-tech scams, email security demands an approach that weaponises cybercriminals’ own actions and uses their patterns to create a unique, future-proofed response.

Cyberthreats are not static. They continually evolve, adapting, innovating, and refining their methods to slip past traditional email security defences. To stay ahead, defenders must do more than react; they must understand the enemy. This means closely analysing attacker behaviour, tactics, techniques, and procedures (TTPs). For example, tracking the rise of SVG-based phishing reveals the need for targeted detection of embedded malicious scripts within these types of files.

These insights offer critical, real-time intelligence that informs not just current defences but also anticipates future threats.

Effective defence begins with recognising and decoding the digital footprints attackers leave behind. If callback phishing is on the rise, systems can be trained to flag emails containing suspicious callback requests. If SVGs are being exploited, scanning tools can be tuned to detect hidden payloads. Every malicious campaign offers clues, digital breadcrumbs left behind by the attackers that, if analysed correctly, can be turned against them.

This intelligence-driven approach transforms email security from a static filter into a dynamic, context-aware defence system. One-size-fits-all solutions no longer suffice. Instead, defences must be tailored to the specific threats that an organisation faces and the vulnerabilities most likely to be targeted.

Relying solely on traditional email security approaches (for example, file type filtering alone, heuristic scanning) is no longer enough.

Attackers know how to bypass them. Staying ahead means being proactive, predicting attacker moves, not just responding to them. When we weaponise our understanding of attacker behaviour, we build adaptable, resilient defences that adapt as quickly as the cyberthreats do.

In today’s fast-moving threat landscape, the only way to stay secure is to evolve faster than the attackers. Security must be as agile and creative as the threats it faces. Only then can we turn the tide from reactive defence to intelligent, anticipatory protection.

Oliver Paterson is Director of Product Management at VIPRE Security Group

Image: Ideogram

You Might Also Read:

Understanding Social Engineering Attack Methods:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Financial Services Institutions Must Protect Themselves From Downtime
Lockbit Ransomware Group Hacked »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Acunetix

Acunetix

Acunetix is a leading web vulnerability scanner, widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology.

Dome9

Dome9

Dome9 is a cloud firewall management service that stops vulnerabilities, secures remote access, and centralizes policy management.

Merlin Cyber

Merlin Cyber

Merlin is a premier cybersecurity platform that leverages security technologies, trusted relationships, and capital to develop and deliver groundbreaking security solutions.

Bavarian IT Security Cluster

Bavarian IT Security Cluster

The Bavarian IT Security Cluster works to build regional IT security competencies and increase the competitiveness and market opportunities of its member companies.

Atlantic Council Digital Forensic Research Lab (DFRLab)

Atlantic Council Digital Forensic Research Lab (DFRLab)

The Atlantic Council’s DFRLab has operationalized the study of disinformation by exposing falsehoods and fake news, documenting human rights abuses, and building digital resilience worldwide.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Computer Network Defence (CND)

Computer Network Defence (CND)

Computer Network Defence (CND) are a Broad-Spectrum Cyber Security Consultancy and Recruitment Agency.

Mindsight

Mindsight

Mindsight is a technology consulting firm with expertise from cybersecurity to cloud, disaster recovery to infrastructure, and collaboration to contact center.

Cyolo

Cyolo

Cyolo’s Secure Access Service Edge (SASE) platform securely connects onsite and remote users to authorized assets, in the organizational network, cloud or IoT environments and even offline networks.

Rubrik

Rubrik

Rubrik helps enterprises achieve data control to drive business resiliency, cloud mobility, and regulatory compliance.

Darktrace

Darktrace

Darktrace is a global leader in cybersecurity AI, delivering complete AI-powered solutions in its mission to free the world of cyber disruption.

Apollo Secure

Apollo Secure

Apollo is an automated cybersecurity platform for startups and small businesses to achieve and maintain security compliance.

Appranix

Appranix

Appranix delivers Cloud App Resilience with app-centric entire cloud resources backup, restore, and cross-region disaster recovery.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.