
Cyberthreats
The new social engineering risk hiding inside ordinary work decisions
Dr. Christian Reinhardt, Director of Human Risk Management at SoSafe, examines social engineering as an attack on human decision-making in his contribution to BSI’s 21st German IT Security Congress. His chapter looks at how attention, emotional pressure, authority cues and social context shape the moment before a person acts.
This article builds on that argument through the idea of a decision attack. A decision attack is social engineering that makes a risky action feel like the normal next step. It shapes the situation around a request: the timing, the pressure, the apparent routine, the person asking and the discomfort of pushing back. By the time the employee acts, stopping to verify may feel less natural than clicking, sharing, approving or staying silent.
One example we learnt of shows the mechanism in a very ordinary setting. Someone was on a call with a salesperson and was told they would receive the offer summary by email, but only after sharing their bank account number. They questioned it. The explanation sounded harmless enough. The call had dragged on, and they wanted to end it politely, so they shared it.
The email arrived. Then came the realisation that the bank account number was probably never needed. In this case, it was not a scam. If it had been, that detail might have been the final missing piece.
Do you see how little pressure it took? A vague explanation, a long call, and the social discomfort of asking twice.
This article looks at why that moment is becoming easier to manufacture with AI, why modern work already creates many of the conditions attackers need, and how security leaders can make safe action easier before one rushed decision turns into a lost payment, exposed data, compromised access, or a missed chance to stop the attack early.
Table of contents
The important word in AI social engineering is “social”
Dr. Christian’s chapter frames social engineering as an attack on the conditions around human judgement. AI expands that problem because attackers can now manufacture more of those conditions before the employee acts.
Okta documented threat actors using Vercel’s v0 tool to generate phishing sites from text prompts, including fake sign-in pages that impersonated legitimate portals. The employee may no longer be judging an isolated email. They may be moving through a request, page, form and follow-up that appear to confirm one another.
The UK AI Security Institute found thatprompting and post-training increased conversational AI persuasiveness more than personalisation or model scale, while factual accuracy declined. That distinction is useful here. Attackers do not need perfect psychological insight into the employee. They need enough operational context to make continuation feel more natural than interruption.
The workday is already tuned for fast compliance
Dr. Christian’s chapter is concerned with the conditions around judgement, and office work is full of conditions that make judgement thinner. A study on work interruptions among 492 office workers in Germany found that interruption frequency is linked to higher subjective workload, with perceived interruption overload mediating that relationship. The effect becomes stronger when the primary task is complex. That is the interesting part for security. The risky request often arrives while someone is already carrying another cognitive load, so the employee is deciding under residue from the task they were just pulled away from.
A decision attack does not need to create a crisis. It can enter as an interruption that looks like work and offers a quick way to reduce friction. Verizon’s report found that after a phishing email is opened, the median time to click is 21 seconds, followed by another 28 seconds to submit data. Those timings show how narrow the decision window can be. The employee is not always conducting a full security assessment. Often, they are trying to resolve the next thing in front of them.
SoSafe’sAI-driven social engineering trends show why this is moving deeper into business workflows. Attackers are imitating approvals, payroll changes and role-specific finance or HR requests, which means they are placing pressure where employees already have responsibility to keep things moving. The risk sits where an interruption carries enough process familiarity to become action before it becomes scrutiny.
Synthetic trust weakens old verification habits
Deepfakes change the reliability of trust cues at the exact point where decision attacks depend on them. A 2024 systematic review on human deepfake detection found that overall detection sensitivity was not significantly above chance across audio, image, text and video. That makes voice, face and meeting presence too weak to serve as final evidence for high-consequence requests. The Arup fraud shows the business cost of that weakness, with attackers using a deepfake video call to steal $25 million. In practice, the control has to move upstream. When money, access or sensitive data is involved, the question should not be whether the person looked or sounded right, but whether the request passed a verification path the attacker could not simulate.
Stop warnings from becoming wallpaper
More warnings can make the real signal harder to see. Research on authorised push payment fraud warns that poorly targeted risk warnings can create cognitive fatigue and muscle memory effects, which means people learn to move past them even when the decision carries real risk. For decision attacks, that is the wrong kind of friction. The stronger control is a precise pause at the point of consequence: payment approval, supplier change, MFA reset, access exception, unusual data request, or senior instruction through an informal channel. The aim is to slow the moment where pressure and impact meet, rather than train employees to dismiss another banner in the name of getting work done.
Training cannot stay one example behind
Dr. Christian’s chapter makes an important point about awareness. Knowing the right rule does not mean someone will apply it at the right moment. The cue has to feel recognisable when the request arrives, especially when the message looks current, comes through a familiar workflow, and asks for action now.
SoSafe’s 19-day defence update cycle shows how quickly that gap can open. Many European organisations take around 19 days to update employee-facing defences after a new threat is identified. The same research found that 79% of security leaders had encountered AI-generated phishing emails, and 57% had seen fake AI-generated business documents such as invoices, contracts or policies.
In those 19 days, employees may see the tactic before the training does. A finance team may face a fake invoice before simulations reflect it. Legal may receive an AI-generated contract request before guidance has caught up.
That is the gap to close. Training needs to move closer to what employees are seeing now. The evidence will show up in behaviour, including whether people report uncertainty, verify unusual requests, challenge risky workflows, and stop repeat patterns from becoming normal.
Make safe choices the easiest ones to take
Dr. Christian’s chapter describes security culture as the deliberate shaping of the conditions in which security-relevant decisions happen. That is the right place to end this argument. If attackers can make the unsafe action feel ordinary, organisations need to make the safe action feel expected.
Critical decision points need to be treated as part of the security architecture. Money movement, supplier changes, identity resets, exception approvals and sensitive-data requests should come with clear verification paths that people can use without improvising or worrying that they are slowing things down.
Security culture becomes real when a second check feels normal, when a strange request has a clear place to go, when managers treat caution as good judgement, and when uncertainty reaches security early enough to matter.
Awareness still has a role, but knowledge alone is too fragile. The safer choice has to be easier to see, easier to take and easier to defend when pressure is pulling the other way.
Help teams practise the everyday judgement calls behind social engineering, from checking unusual requests to reporting concerns before small doubts become real incidents.












