Case Study | benjamin-cyse201s

Benjamin Rivera Medina
Dr. Quinn
CYSE 201S
April 17, 2026

Introduction
Artificial intelligence has rapidly advanced and changed how we use technology throughout our lives. While artificial intelligence has been used to promote growth in society and technology, it has also been used maliciously. Artificial intelligence is able to help cybercriminals automate and personalize a variety of social engineering attacks. This can be a major concern for businesses and critical infrastructure. The objective of this case study is to unveil how social engineering has changed due to artificial intelligence and strategies to mitigate risk.

Analysis
Social engineering techniques consist of different methods attackers use to gain unauthorized access to data or systems through manipulation of the victim. Traditional social engineering preparation requires a mixture of active and passive reconnaissance and time to personalize the attack. “Attackers who once spent days crafting convincing phishing emails can now do it in seconds with artificial intelligence” (AI Social Engineering: What It Is and How to Defend Against It, 2026). Social engineering heavily relates to social science principles due to the psychology behind how attackers are able to manipulate victims and gain their trust. “AI tools are able to scan various account profiles in order to gain information to be used in their personalized social phishing attack” (AI Social Engineering: What It Is and How to Defend Against It, 2026). AI can format phishing emails to trigger authority bias, or familiarity bias based on the writing style and tone of the email. In addition, AI can utilize human factors and behavior analytics to persuade and gain the trust of the victim more effectively.

Solutions
In order to mitigate and prevent these social engineering attacks, a mixture of technical security measures and social science methods are necessary. Implementing robust security protocols and tools for email security can prevent some phishing emails from reaching their target. To illustrate, sender policy frame (SPF) can check if a sending mail server is authorized to send emails. Then, Domain-based Message Authentication, Reporting, and Conformance (DMARC) can drop or quarantine these emails if they fail the SPF check. However, technical security measures will fail if staff are not properly educated in social engineering tactics. To address this social issue, cybersecurity awareness training can be used to train staff on how to properly identify, respond, and report phishing attempts. A potential challenge regarding cybersecurity awareness training is whether staff will effectively comply or not. However, this can be mitigated if management sets an example and work environment is healthy and prioritizes cybersecurity.

Reflection
A multidisciplinary approach to the problem is required because social engineering uses many fields such as psychology and sociology to manipulate victims. While improving technical security tools such as access control or email protocols can mitigate risk, they will be completely bypassed if someone falls for a malicious link. In order to combat this, an integration of both technical security measures and sociological methods can immensely reduce the risk.

Conclusion
In conclusion, social engineering has transformed and become a bigger threat due to artificial intelligence and how it can collect victim data and use it to personalize phishing attacks. This poses a significant threat to businesses and organizations as it only takes one successful phishing email to compromise or even halt business processes. It is crucial to implement both technical security measures and sociological methods to ensure the best possible protection.