Former Federal Investigation Agency (FIA) director general Dr Sanaullah Abbasi has said social engineering is increasingly recognized as a dominant threat vector in the modern cybersecurity domain, and scammers act as banks or tax officers.
Talking to The News upon cybersecurity, he said that unlike traditional hacking, which exploits software vulnerabilities, social engineering attacks manipulate human behaviour to bypass even the most secure technical systems.
The methods have changed the economic and social behaviour of individuals in particular and societies in general and are designed to psychologically exploit individuals, making human error the weakest link in cybersecurity.
Internationally, social engineering has cost businesses and governments billions of dollars annually. This happens when attackers get into or mimic business emails to trick victims. Pretexting occurs when scammers act as banks or tax officers to get sensitive info, while baiting uses USB drives full of malware left in public to infect unaware victims.
Former FIA DG Abbasi further said that Pakistan, on the other hand, is still catching up. The country is experiencing a rapid digitization boom with e-governance platforms, digital banking, and healthcare records moving online. Yet, cyber literacy remains low. According to the Pakistan Telecommunication Authority (PTA), over 50 per cent of internet users in Pakistan are unaware of basic digital hygiene practices. Coupled with an inadequate legal framework, limited law enforcement training, and cultural over-reliance on trust, the environment becomes fertile ground for cybercriminals.
He added that the importance of understanding social engineering within Pakistan cannot be overstated. As the country increasingly relies on digital platforms to provide services, manage finances, and maintain citizen records, the risks associated with human-centric cyberattacks are rising exponentially.
Abbasi said that economically, businesses, especially in the banking and fintech sectors, are frequent targets. In 2022, a leading Pakistani bank reportedly lost over Rs200 million through a combination of phishing and social engineering attacks targeting its call center staff. Beyond monetary loss, such incidents cause reputational damage and customer mistrust, leading to long-term operational setbacks.
Social engineering attacks have evolved into a sophisticated toolset used by cybercriminals worldwide. The tactics involve exploiting cognitive biases such as authority, urgency, fear, and curiosity. These strategies bypass technological barriers and directly target human behaviour.
He added that in Pakistan, this is happening because people don't know much about staying safe online. They often miss the warning signs. What's more many scams use Urdu or Roman Urdu, which English-based systems can't catch. Also Pakistani culture puts a lot of weight on trusting family and being polite in social situations. This makes people easy targets for tricksters who use these cultural values to fool their victims.
On societal level, parties to social contract use social engineering tricks to mess with public opinion and cause trouble in society to their advantage. They do this through things like astroturfing, which makes it seem like lots of folks support certain ideas on social media when they don't. They also create bubbles that make people stick to what they already believe causing more division.
Baiting is another trick where they try to fool people into giving away private info. They even play on how our brains work to affect how we make choices. These tricks often show up online to change political talks, spread fake news, make divisions worse. This can hurt reputation of natural persons and legal persons leading to social problems.
Abbasi said this demonstrates that social engineering in Pakistan is a growing threat that exploits human psychology more than technological flaws. The attacks are diverse in technique, frequent in occurrence, and devastating in their impact on both individuals and society.
While global examples offer blueprints for prevention, Pakistan needs a context-specific approach tailored to its sociocultural and linguistic landscape. A national strategy must be designed that includes legal, educational, and technical reforms.
The former FIA director general further stated that social engineering must no longer be seen as a niche or rare problem—it is a central challenge in Pakistan’s journey toward a secure digital future. To combat social engineering we need a holistic approach, mass awareness campaigns in multiple languages with media and influencers, cyber literacy in schools, regular corporate training simulations like phishing tests.