Social engineering attacks have become more sophisticated and easier to execute, with AI enabling tailored campaigns that target individuals with unprecedented precision. In this session, we’ll take a detailed look at how these attacks are designed and deployed. Using Evilginx, a reverse proxy phishing framework, we’ll demonstrate the step-by-step creation of a phishing attack and show how it captures credentials and bypasses MFA in real time.  Understanding the attacker’s playbook is critical to building effective defenses. We’ll discuss how to counter these evolving threats with phishing-resistant authentication using passkeys, real-time identity verification, and proactive risk management. This session will provide actionable insights into both the mechanics of modern attacks and the strategies that make them ineffective.