Los Angeles County Under Siege: How Social Engineering Attacks Are Targeting Government Employees in 2024

Los Angeles County employees are facing an unprecedented wave of sophisticated social engineering attacks in 2024, with cybercriminals increasingly targeting government workers through elaborate schemes designed to steal credentials, compromise systems, and gain unauthorized access to sensitive public data. Recent incidents have demonstrated the growing threat, with over 4 million mobile-focused social engineering attacks recorded in 2024, while Los Angeles County’s own systems have experienced significant breaches including ransomware attacks on the Superior Court and phishing campaigns affecting 25 departments.

The Evolving Threat Landscape in Los Angeles County

In February 2024, a sophisticated phishing campaign compromised 25 Los Angeles County departments, with the Department of Public Health alone seeing 53 employees fall victim to credential theft, resulting in over 200,000 individuals having their personal information compromised. The Superior Court of Los Angeles County was forced to close all 36 courthouse locations in July 2024 following a ransomware attack, highlighting the devastating impact these attacks can have on critical government services.

Social engineering remains the top initial access vector, accounting for 36% of all incident response cases between May 2024 and May 2025, consistently bypassing technical controls by targeting human workflows and exploiting trust. Attackers are now using AI-powered tactics including CEO voice cloning, targeting help-desk personnel for password resets, and employing telephone-oriented attack delivery to prime phishing victims.

Common Attack Methods Targeting County Employees

Phishing attacks, the most common form of social engineering, involve fraudulent communications that appear to come from legitimate sources, designed to trick recipients into providing sensitive information such as login credentials or financial details. Business Email Compromise (BEC) attacks have resulted in $2.7 billion in losses across 21,832 complaints in one year, with sophisticated scams tricking employees into transferring funds to attackers’ accounts.

More than one-third of social engineering incidents now involve non-phishing techniques, including search engine optimization poisoning, fake system prompts, and help desk manipulation, with some threat actors moving from initial access to domain administrator privileges in under 40 minutes. Lancaster businesses, representative of the broader Los Angeles County area, are experiencing increased ransomware attacks, phishing emails targeting employee credentials, and sophisticated social engineering attacks where criminals impersonate vendors or executives.

The Human Factor: Why Government Employees Are Vulnerable

Government entities often operate with extremely limited budgets for cybersecurity and IT services, leaving them vulnerable to skilled adversaries, particularly during periods of high stress when IT and cybersecurity resources are already stretched thin. The median time for users to fall for phishing emails is less than 60 seconds, with victims clicking malicious links within 21 seconds of opening emails and entering sensitive data within another 28 seconds.

Social engineering attacks exploit human interaction and psychological manipulation, targeting feelings such as curiosity or fear to trick users into making security mistakes or giving away sensitive information. These attacks exploit human social frailties, including our tendency to act impulsively under stress, with scammers deploying AI-fueled tactics blended with social manipulation.

Protecting Los Angeles County: Essential Defense Strategies

Because most cyberattacks, including ransomware, start with social engineering attacks, organizations should focus on employee education and fostering a strong security culture, with employees encouraged to learn to spot and report suspected social engineering attacks as quickly as possible. Employees should be regularly educated on the latest social engineering techniques, trained to recognize phishing attempts, and provided an easy way to report potential threats.

For Los Angeles County organizations seeking comprehensive protection against these evolving threats, partnering with experienced cybersecurity providers is essential. Cybersecurity Los Angeles specialists like IT Pros Management offer multi-layered defense strategies specifically designed to protect against social engineering attacks. Since 2011, IT Pros Management has been providing highly rated technology solutions to companies in Los Angeles, Ventura and Orange counties, committed to making sure small- and medium-sized businesses and not-for-profit organizations receive professional and affordable IT support.

Technical Safeguards and Best Practices

Organizations should install and maintain anti-virus software, firewalls, and email filters, take advantage of anti-phishing features offered by email clients and web browsers, and enforce multifactor authentication. Comprehensive cybersecurity services should include continuous network monitoring, endpoint security for all devices, regular vulnerability assessments, email security, web filtering, data backup, and employee cybersecurity training to recognize phishing attempts and social engineering tactics.

All employees should be trained on cybersecurity best practices, following good hygiene practices on all devices including strong password protection, connecting only to secure Wi-Fi, and maintaining constant vigilance for phishing attempts. The best defense against social engineering attacks includes employee training, multi-factor authentication, email filtering tools, and clear security policies.

Moving Forward: Building Resilience Against Future Attacks

Organizations can help keep their workforce alert to emerging social engineering tactics by integrating threat intelligence into employee training programs, implementing a holistic approach that operationalizes Zero Trust, secures the human attack surface, and enables rapid response to evolving threats. The key to defense lies in cybersecurity best practices, continuous employee education, and a culture of vigilance, with organizations that stay informed significantly reducing the risk of falling prey to sophisticated social engineering attacks.

As social engineering attacks continue to evolve and target Los Angeles County employees with increasing sophistication, the need for comprehensive, proactive cybersecurity measures has never been more critical. By combining technical safeguards with ongoing employee education and partnering with experienced cybersecurity providers, government organizations can build the resilience necessary to protect sensitive public data and maintain essential services for the communities they serve.