Social engineering remains the most popular—and effective—vector for cyber attacks. It doesn’t matter the size or maturity of a company: a single interaction is all it takes to open the door to intruders who exploit our most human characteristics.

Phishing campaigns, business email compromise (BEC) fraud, fake messages in the name of executives, or even deepfakes in video calls: the current landscape demands more than awareness—it demands anticipation. And this is where the transformative role of Cyber Threat Intelligence (CTI) comes in.

Why is Social Engineering Still So Effective?

Unlike a technical attack, which requires exploiting vulnerabilities or executing malware, social engineering relies on a more predictable and accessible vector: human behavior. It appears in various forms:

• Phishing: Emails that mimic legitimate communications.
• Smishing: SMS or WhatsApp messages with bait.
• Vishing: Voice or audio calls with forged identities.
• BEC (Business Email Compromise): Sophisticated scams using real names and targeting finances.
• Pretexting: Creating false stories to gain trust.

The attacker’s goal may be to:

• Manipulate the victim’s emotions, for example, with content that makes them angry.
• Arouse their sense of urgency, such as through a Black Friday promotion that seems too good to miss.
• Exploit their habits, for instance, by using a fake digital signature notification for a supposed document sent to someone who needs to sign contracts and reports daily.

And more recently, with the advancement of AI, we are seeing voice and video deepfakes being used to deceive even trained professionals.

What Does CTI Have to Do With This?

Cyber Threat Intelligence isn’t just about malware and malicious IPs. It’s also about people, contexts, and patterns. When applied correctly, CTI can:

✅ Monitor channels where attackers plan campaigns: forums, Telegram, the dark web, leak sites.

✅ Identify registrations of suspicious domains with names similar to your brand.

✅ Analyze common language and themes in campaigns already active in other sectors—and predict their arrival in yours.

✅ Detect phishing kits, fraud tools, and even disinformation campaigns being discussed before they are launched.

With this kind of visibility, your company can act before the click.

The Power of Anticipation: Seasonal Campaigns and Targeted Events

It’s common to see peaks in phishing and fraud during predictable periods:

• Black Friday: Fake e-commerce sites, malicious coupons, fake apps.
• Elections: Content manipulation and fake news with malicious links.
• Tax season: Fake emails during the income tax filing period or with themes related to social programs.
• HR and onboarding: Fraud targeting new employees.

Based on intelligence, it’s possible to predict that such campaigns are coming—and monitor their signs before execution: such as detecting the registration of domains with promotional terms, the reactivation of known actors, and the emergence of templates in fraud marketplaces, among others.

Sophisticated Fraud with AI: The New Frontier of Social Engineering

Fraud campaigns are becoming increasingly technological:

• Fake social media profiles with consistent histories generated by AI.
• Deepfakes of executives requesting fund transfers.
• Personalized emails based on leaked or scraped data.

The good news is that the technical preparation for these scams also leaves traces, which CTI can detect, such as:

• Tools and tutorials circulating in underground channels.
• Profiles or domains being registered in bulk with sensitive themes.
• Command-and-control and phishing infrastructure being reconfigured for new campaigns.

A Practical Case of Anticipation

Imagine your company is in the retail sector. The CTI team identifies that domains similar to yours (with variations like “yourcompany-sale[.]com”) have been registered and are pointing to a suspicious server. In parallel, phishing campaigns using delivery-themed templates are being sold by a criminal group on Telegram.

The team alerts the business and technology areas. The security team:

• Blocks the domains in internal proxies and DNS.
• Notifies customers via email and social media about the risk.
• Updates the awareness training platform with the most likely themes to appear.

All of this happens even before the first malicious email arrives.

How Your Organization Can Apply CTI Against Fraud

• Establish active monitoring of mentions of your brands, executives, and business-related topics.
• Map patterns from previous campaigns and create watchlists of domains, keywords, and artifacts.
• Integrate the CTI team with the awareness and customer service teams: these areas are the most exposed.
• Have a clear response protocol for phishing or BEC campaigns with containment and communication scripts.
• Consider hiring specialized providers in digital fraud to enhance visibility in external environments.

How Resonant Can Help

Social engineering is effective because it speaks directly to what makes us human: haste, trust, distraction, repetitive habits, and various other emotions. But with Resonant’s CTI, it’s possible to see beyond the obvious. We anticipate campaigns, understand the actors, predict the triggers, and transform passive defense into proactive defense.

You already prepare your employees to recognize phishing. But who is preparing your company to know what’s coming next?

Talk to our team and learn about our strategies for anticipating fraud and other types of attacks.