With digital connectivity the default for communication, trust in digital is critical for business operations. However, cybercriminals are shifting their focus, weaponising trust itself as a primary target. Rather than merely exploiting technical vulnerabilities, attackers are manipulating human confidence โ whether through impersonating senior executives, mimicking familiar brands, or subverting security protocols โ to infiltrate networks and perpetrate fraud. Recent research shows how criminals are systematically undermining trust, underscoring why a fundamental rethink of the ways we identify, authenticate, and secure our interactions across every channel, especially email โ the default form of communication โ is critical, says John Trest, pictured, Chief Learning Officer, VIPRE Security Group.
Capitalising on brand credibility
Attackers are playing the trust game strategically. Trust is a weapon, and attackers know exactly how to wield it. Compromised accounts now rank as the leading origin of spam emails. Cybercriminals are hijacking reputable platforms like Microsoft and Google to push malicious content behind the cover of familiar, trusted domains. Familiar, respectable brands people recognise rarely raise red flags, and that is precisely the point.
This same logic extends to cloud and developer platforms. Services like Dropbox, Amazon Web Services, and Bitbucket are increasingly being exploited to host and distribute harmful files. Threat actors lean on these platforms deliberately โ their strong reputations, widespread enterprise use, and encrypted delivery channels make them ideal vehicles for attack.
Hosting malicious content in the cloud offers attackers several advantages. It helps malicious links slip past conventional email security filters, appear credible to unsuspecting recipients, and camouflage harmful traffic within routine business activity. It also grants the bad actors operational agility โ they can quickly swap payloads, rotate URLs, and deliver malware selectively based on a victim’s location, behaviour, or security profile. This kind of exploitation of these cloud and developer platforms signals a growing commitment to living-off-trusted-services tactics by criminals, further deepening the already difficult challenge of separating genuine cloud activity from malicious intent.
Trust abuse through BEC
Business Email Compromise (BEC) continues to dominate the phishing landscape, responsible for 51 per cent of all email fraud cases. Its persistent prevalence is a clear signal that corporate defenses remain inadequate against this threat. Within BEC, impersonation reigns as the most common attack method, representing 82 per cent of all incidents. The remaining 18 per cent involves diversion-based tactics โ think fraudulent invoices or fabricated payroll requests designed to redirect funds or sensitive data.
When it comes to impersonation targets, CEOs and senior executives are squarely in the crosshairs, accounting for half of all impersonation-based BEC emails. Smaller organisations with flat, tight-knit structures are particularly vulnerable โ in these settings, a direct request from a CEO to authorise a transfer is entirely normal, making such scams far easier to execute convincingly.
Those most exposed are financial officers and employees with close access to C-suite figures, as their close proximity to decision-makers makes them attractive targets for highly crafted schemes. Looking at historical trends, BEC attacks are becoming sharper and more personalised, with AI amplifying their sophistication. Finance and HR teams are prime targets, with threat actors exploiting context from recent transactions, payroll cycles, and internal communications to make their deception harder to detect.
ย
The art of urgency-driven subject lines and legitimate file naming conventions
Threat actors now commonly using file naming conventions that resemble legitimate business and personal documents, such as salary and payroll files, invoice-related documents, employee appraisals, incentive and bonus documents, and so on.
Similarly, email subject lines are crafted to convey a sense of urgency, initiate immediate reengagement, and enable financial manipulation and exploitation – โMake this a priorityโ, โPay cheque updatedโ, โAccount information change requiredโ, โNew banking informationโ, and so forth.
Each of these subject lines closely resembles standard internal correspondence, projecting authority and urgency to help sidestep normal verification steps, which in turn heightens the effectiveness of BEC attacks.
Exploiting trust in direct human interaction
Just in the last quarter of 2025, callback phishing scams have seen a resurgence, spiking by a phenomenal 500 per cent. This again underscores a notable shift back toward exploiting trust in direct human interaction as a key tool for manipulation.
Snapping safety nets ย
Cybercriminals are turning organisational security measures against their intended purpose. By using tools like CAPTCHA and โI am not a robotโ verifications, they are effectively blocking automated security scans. These tactics are frequently combined with convincing fake login pages, enabling attackers to harvest user credentials, bypass detection, and mislead users into thinking they are accessing genuine, secure platforms.
All this highlights a significant shift in cybercriminal tactics, with trust itself now serving as the primary target. Attackers are not only leveraging technical weaknesses but are also capitalising on our confidence in familiar individuals, brands, and even established security measures. By impersonating trusted stakeholders and exploiting well-known organisations, criminals are blurring the lines between genuine and fraudulent communications.
This evolving landscape makes it essential for businesses and individuals alike to critically reassess their methods for verifying the legitimacy of every interaction, ensuring that trust is no longer an exploitable vulnerability, but a foundation reinforced by robust and adaptive security practices.
