Social Engineering Attacks in the AI Era: A Review

Abstract: The rapid advancement of Artificial Intelligence (AI) has transformed the cybersecurity landscape by enhancing both defensive mechanisms and cybercriminal capabilities. Among the most concerning developments is the evolution of social engineering attacks, where AI technologies are being leveraged to manipulate human behaviour more effectively than ever before. Traditional social engineering techniques such as phishing, spear-phishing, baiting, pretexting, and impersonation have become increasingly sophisticated through the integration of generative AI, large language models, deepfake technologies, voice cloning systems, and automated reconnaissance tools. AI enables attackers to create highly personalized and convincing fraudulent messages, synthetic audio, and realistic video content that exploit human trust and cognitive vulnerabilities. The paper discusses various AI-enabled attack vectors, including AI-generated phishing emails, deepfake-based impersonation, chatbot-assisted scams, social media manipulation, and business email compromise attacks. The review also explores current defense mechanisms, including AI-powered detection systems, user awareness programs, behavioral analytics, multi-factor authentication, and deepfake detection techniques. Additionally, regulatory and ethical considerations related to AI misuse are examined. By synthesising recent research findings and industry reports, this paper highlights the growing threat of AI-enhanced social engineering and emphasises the need for adaptive cybersecurity strategies, ongoing awareness training, and collaborative efforts among researchers, policymakers, and security practitioners. The study concludes by identifying future research directions to develop resilient defences against increasingly intelligent and automated social engineering attacks.

Keywords: Social Engineering, Artificial Intelligence, Generative AI, Deepfake, Phishing