Avoiding Low-Tech, Human-Centric Cyber Attacks

Latest research highlights that cybercriminals are finding more success in low-tech, high-impact, human-centric tactics. Callback scams – a social engineering attack where victims are tricked into calling a seemingly legitimate phone number through emails or texts to reveal sensitive information or download malware – is an example.

In the first quarter of 2025, callbacks accounted for nearly one in five phishing attempts. For cybercriminals, callbacks are the low-hanging fruit – rather than making the effort to make the phishing call, the victims themselves initiate the phishing phone call. Likewise, cybercriminals find phishing wins with links, attachments, and QR codes.  

Human-centric Attacks Bypass Defences

This kind of human deception is enabling cybercriminals to bypass conventional defences more effectively. Social engineering scams like these are a significant weak spot as they don’t rely on malware and are easily able to bypass email security.

Take malicious phishing attachments. These are increasing because criminals are finding it easy to slide infected files past mechanical email scans, which now have become proficient at spotting compromised links. And possibly also because emails that leave no trace at all, like callback scams, are the safest bet of all.

Another example is SVG file images. Cybercriminals are favouring these files as attachments over PDF attachments. SVG file attachments accounted for 34% of phishing attacks in Q1 of this year. Criminals bypass anti-phishing defences by embedding the <script> tag of an SVG file with a malicious URL. Attackers execute JavaScript when the link is opened in a web browser, redirecting the user to a compromised website.

So, what can organisations do? Give them a taste of their own medicine, perhaps?

Weaponise Cybercriminals’ Own Actions Against Them

This shift in cybercriminals’ preference towards low-tech, high-impact tactics, a rethink of email security is needed, taking into consideration the human element as well as technological prowess.

With email being the primary vehicle of such low-tech scams, email security demands an approach that weaponises cybercriminals’ own actions and uses their patterns to create a unique, future-proofed response.

Cyberthreats are not static. They continually evolve, adapting, innovating, and refining their methods to slip past traditional email security defences. To stay ahead, defenders must do more than react; they must understand the enemy. This means closely analysing attacker behaviour, tactics, techniques, and procedures (TTPs). For example, tracking the rise of SVG-based phishing reveals the need for targeted detection of embedded malicious scripts within these types of files.

These insights offer critical, real-time intelligence that informs not just current defences but also anticipates future threats.

Effective defence begins with recognising and decoding the digital footprints attackers leave behind. If callback phishing is on the rise, systems can be trained to flag emails containing suspicious callback requests. If SVGs are being exploited, scanning tools can be tuned to detect hidden payloads. Every malicious campaign offers clues, digital breadcrumbs left behind by the attackers that, if analysed correctly, can be turned against them.

This intelligence-driven approach transforms email security from a static filter into a dynamic, context-aware defence system. One-size-fits-all solutions no longer suffice. Instead, defences must be tailored to the specific threats that an organisation faces and the vulnerabilities most likely to be targeted.

Relying solely on traditional email security approaches (for example, file type filtering alone, heuristic scanning) is no longer enough.

Attackers know how to bypass them. Staying ahead means being proactive, predicting attacker moves, not just responding to them. When we weaponise our understanding of attacker behaviour, we build adaptable, resilient defences that adapt as quickly as the cyberthreats do.

In today’s fast-moving threat landscape, the only way to stay secure is to evolve faster than the attackers. Security must be as agile and creative as the threats it faces. Only then can we turn the tide from reactive defence to intelligent, anticipatory protection.

Oliver Paterson is Director of Product Management at VIPRE Security Group

Image: Ideogram

You Might Also Read:

Understanding Social Engineering Attack Methods:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Financial Services Institutions Must Protect Themselves From Downtime
Lockbit Ransomware Group Hacked »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

SCADAhacker

SCADAhacker

SCADAhacker provides mission critical information relating to industrial security of SCADA, DCS and other Industrial Control Systems.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

Nixu

Nixu

Nixu is the largest Nordic specialist company in information security consulting.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

Bessemer Venture Partners (BVP)

Bessemer Venture Partners (BVP)

Bessemer Venture Partners was born from innovations that literally forged modern building and manufacturing. Today, our team of investors works with people who want to create revolutions of their own.

SpecterOps

SpecterOps

SpecterOps has unique insight into the cyber adversary mindset and brings the highest caliber, most experienced resources to assess your organizations defenses.

Vigilant Technology Solutions

Vigilant Technology Solutions

Vigilant is a global cyber security technology company offering solutions to manage entire IT & cyber security lifecycles.

Kontron

Kontron

Kontron offers a combined portfolio of secure hardware, middleware and services for Internet of Things (IoT) and Industry 4.0 applications.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

First Focus

First Focus

First Focus is a managed service provider for medium-sized organisations.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

NMi Group

NMi Group

NMi Group is a global pioneer in mission-critical Testing, Inspection, Certification, and Calibration (TICC) services.

Cyber Castle

Cyber Castle

Linux Demands Sophisticated, Purpose-Built Security. Cyber Castle is the solution. A safe, deployable platform down to the edge device for monitoring Linux security anywhere across the globe.

Cyberus

Cyberus

Cyberus brings together industry, business, and government to collaboratively create a secure digital future for Russia and the world.