Social engineering attacks no longer rely on poorly written phishing emails or obvious scams. Today’s adversaries exploit trust, authority, and urgency, often using AI-driven voice cloning, deepfakes, and highly tailored impersonation, to manipulate well-trained professionals into making high-impact decisions in minutes.

In this session, Bishop Fox's Alethe Denis, Red Team Sr. Security Consultant and DEF CON Social Engineering Black Badge winner, examines how modern deception tactics are being used to target healthcare and insurance organizations, including Blue Cross Blue Shield plans and their extended vendor ecosystems. Drawing on real-world incidents, from vishing attacks that bypass bank controls to deepfake-enabled executive impersonation, this talk explores why traditional security controls often fail when the human element is under pressure.

Attendees will learn how attackers exploit familiar workflows such as vendor payment changes, leadership approvals, and urgent member-related requests, and why speed, empathy, and trust are increasingly weaponized against organizations. The session concludes with practical mitigation strategies that blend technical controls, operational safeguards, and human-centered design to help reduce fraud risk, protect sensitive data, and preserve member trust in an era of AI-enabled deception.