Social Engineering and Phishing Trends Targeting Miami Organizations

Miami's position as a gateway city for Latin American commerce, international finance, and high-volume tourism creates a concentrated attack surface that threat actors exploit through social engineering and phishing campaigns. This page covers the dominant attack types documented by federal agencies and security researchers, explains the mechanics behind each, and maps the decision factors that determine which variant is deployed against a given target. The regulatory obligations triggered by successful attacks — including Florida's own breach notification law — make understanding these threats a compliance matter, not only an operational one.

Definition and scope

Social engineering is the manipulation of individuals into performing actions or divulging information that compromises security, bypassing technical controls by targeting human decision-making instead. Phishing is the most prevalent sub-category, delivered primarily through email but increasingly through SMS (smishing) and voice calls (vishing). The FBI Internet Crime Complaint Center (IC3) consistently ranks phishing as the single highest-volume cybercrime complaint category in its annual Internet Crime Reports; the 2023 IC3 report recorded over 298,000 phishing victims in the United States, resulting in adjusted losses exceeding $18.7 million in that category alone (FBI IC3 2023 Internet Crime Report).

In Miami specifically, the threat landscape is shaped by the broader cybersecurity exposure created by the city's multilingual, multi-jurisdictional business environment. Attackers targeting Miami organizations frequently exploit the volume of Spanish-language and Portuguese-language business communications to craft credential-harvesting lures that appear legitimate to employees who routinely exchange correspondence with counterparts in Colombia, Brazil, and Mexico.

The regulatory scope is established by multiple frameworks: the Florida Information Protection Act (FIPA), Fla. Stat. § 501.171, requires breach notification within 30 days of discovery. Federal sector-specific mandates — including HIPAA for healthcare and PCI DSS for payment card environments — impose additional incident-response and reporting obligations. The regulatory context for Miami security page maps these overlapping requirements in detail.

How it works

Phishing and social engineering attacks follow a structured kill chain. The phases below reflect the model documented by NIST Special Publication 800-61 Rev. 2, adapted to the social engineering context:

  1. Reconnaissance — Attackers harvest targets from LinkedIn, company websites, chamber of commerce directories, and court filings. Miami's active commercial real estate sector and port-related businesses generate substantial public documentation that feeds this phase.
  2. Pretext construction — A plausible scenario is built: a vendor invoice dispute, a wire transfer approval, a DocuSign request referencing a real transaction. Generative AI tools have reduced the language-quality barrier that previously distinguished foreign-origin phishing from native correspondence.
  3. Delivery — The lure is delivered via spoofed email domain, SMS, or phone. Domain spoofing often involves registering lookalike domains (e.g., substituting a zero for the letter "o" in a company name).
  4. Exploitation — The target clicks a link, opens an attachment, or verbally discloses credentials. Business email compromise (BEC) attacks frequently skip malware entirely, relying on fraudulent wire-transfer instructions submitted through what appears to be a trusted internal address.
  5. Action on objectives — Funds are transferred, credentials are harvested and sold, or persistent access is established for a later ransomware deployment.

Common scenarios

Three attack patterns appear with particular frequency in the Miami threat environment, based on FBI IC3 complaint data and CISA advisories:

Business Email Compromise (BEC) targets finance, legal, and executive teams. Attackers impersonate a CEO, outside counsel, or supplier and request urgent wire transfers to accounts they control. The FBI IC3 2023 report attributed over $2.9 billion in losses to BEC across the United States, making it the highest-loss category by dollar value (FBI IC3 2023 Internet Crime Report). Miami's high volume of international real-estate closings — where large wire transfers are routine — makes the sector a primary BEC target.

Credential Phishing uses spoofed login pages for Microsoft 365, Google Workspace, or financial portals. Once credentials are captured, attackers pivot to internal email threads to launch secondary BEC attacks or exfiltrate data.

Spear Phishing is a high-personalization variant directed at a named individual, often a CFO, port logistics coordinator, or healthcare billing administrator. The personalization is constructed from OSINT (open-source intelligence) gathered in the reconnaissance phase, and success rates are substantially higher than mass-phishing campaigns because the lure references verifiable details about the target's role or relationships.

Vishing (Voice Phishing) has increased following the documented activity of groups such as Scattered Spider, which CISA and the FBI jointly warned about in a November 2023 advisory. Callers impersonate IT helpdesk staff and persuade employees to reveal multi-factor authentication codes in real time.

Decision boundaries

Selecting the appropriate defensive or investigative response depends on classifying the incident correctly:

References

Read Next

Cybersecurity Risks for Miami's International and Latin American Business Corridor Next in Threats, Risks & Industry Sectors Threat Actors Targeting Miami Businesses and Infrastructure Previous in Threats, Risks & Industry Sectors