Social engineering might sound like a buzzword tossed around in cybersecurity circles, but it’s actually one of the most dangerous threats facing organizations today. While most security strategies focus on defending systems, firewalls, and software, attackers have shifted their sights to something far more accessible: people.
In 2025 alone, social engineering tactics have exposed some of the world’s largest companies, proving that even the best tech stack can be undone by a single human misstep. In this post, we’ll walk you through five real-world examples of successful social engineering attacks, what they reveal about our current threat landscape, and how you can build human-first defenses that actually work.
What Is Social Engineering?
Social engineering deceives individuals into revealing sensitive information or granting unauthorized access by exploiting human instincts like trust or urgency. Here, the human element is the vector. A well-crafted email. A convincing phone call. A sense of urgency. That’s all it takes to open the door. And once it’s open, no antivirus can stop what comes next.
Types of Social Engineering Attacks to Watch For
Below are some of the most dangerous and rapidly evolving social engineering tactics businesses need to be aware of:
Insider Recruitment & Data Theft
Attackers target and deceive trusted insiders, often through bribery, blackmail, or social pressure, to gain access to internal systems and sensitive data. This tactic is particularly effective because it bypasses most traditional security controls.
Phishing
Perhaps the most well-known social engineering attack, phishing involves sending deceptive emails or messages that appear to come from trusted sources. These communications often contain malicious links or attachments designed to harvest login credentials, financial data, or other confidential information.
MFA Bypasses
Multi-factor authentication (MFA) adds an important layer of protection. But attackers have adapted. They now exploit weaknesses in reset procedures. And impersonate IT support to trick users into sharing verification codes or credentials, bypassing MFA altogether.
Pretexting
In a pretexting attack, cybercriminals construct a believable backstory to build trust with their target. For example, they may pretend to be a vendor, executive, or colleague to convince someone to share sensitive information or grant access to restricted systems.
AI Weakness Exploits
As more organizations integrate AI-powered tools into their workflows, attackers are finding new vulnerabilities, such as default settings, weak passwords, or undisclosed backdoors. These are often overlooked in traditional security audits but can be exploited just as easily through social engineering tactics.
5 Real-World Social Engineering Attacks That Worked
1. Coinbase Insider Data Breach – May 2025
In May 2025, Coinbase confirmed a serious breach when cybercriminals bribed overseas support staff to leak sensitive customer data, including names, birthdates, email addresses, and partial Social Security numbers, all linked to a small percentage of its user base. (eSecurity Planet, Coinbase). Attackers used this data to orchestrate highly targeted social engineering attacks.
Coinbase rejected a $20 million ransom and instead offered a bounty for the perpetrators, all while preparing reimbursements for affected users, a potential cost tallying hundreds of millions. (eSecurity Planet).
2. CoGUI Phishing Campaign Floods Japan with 580 Million Emails
Between January and April 2025, a sophisticated phishing kit called CoGUI unleashed a massive barrage of more than 580 million scam emails across Japan. These emails impersonated trusted brands like Amazon, PayPal, Apple, and even tax agencies, with the goal of deceiving recipients into revealing credentials and payment information (eSecurity Planet).
3. UK Retailers Hit by MFA-Bypassing Ransomware via Help Desk Social Engineering
A UK-focused cybercriminal group known as Scattered Spider infiltrated major retailers like Marks & Spencer, Harrods, and Co-op through deft social engineering. Posing as IT or service desk staff, the attackers tricked real employees into performing actions such as resetting credentials or disabling multi-factor authentication. Once internal access was granted, ransomware was deployed, bringing down e-commerce and in-store systems and costing Marks & Spencer approximately £300 million (SecurityBrief UK).
4. McDonald’s AI Chatbot Breach via Weak Default Credentials
In June 2025, researchers uncovered a glaring vulnerability in McDonald’s AI-powered hiring chatbot, “Olivia,” developed by Paradox.ai. A stale admin account was secured with the universally weak password "123456" and had no multi-factor protection, allowing researchers to access personal data of up to 64 million job applicants, names, contact information, and chat logs.
5. LexisNexis Data Breach via Pretexted GitHub Access
On December 25, 2024, an unauthorized actor accessed LexisNexis Risk Solutions' GitHub repositories, where sensitive personal data including: names, email addresses, phone numbers, driver’s license numbers, and Social Security numbers, were exposed for over 364,000 individuals. While full details are still emerging, the attack reportedly began with social engineering to gain access to development tools—a textbook example of pretext-driven breach escalation.
Why These Examples Matter
Each of these incidents demonstrates how social engineering attacks transcend technical tools, they target human trust, oversight, and procedure. From insider collusion and phishing floods to AI oversight and impersonation, the common denominator is deceptive influence, not malware.
Shift from Reactive to Proactive Defense
These real-world cases of social engineering attacks in 2025 show one thing clearly: people, not systems, are the most vulnerable link. Strengthening your defenses in 2025, and beyond, requires building a human-first security strategy.
Ready to go beyond detection?
Partner with Mitnick Security for Social Engineering Testing and Employee Awareness Training today, to transform your team into your first line of defense.
