In 2021, despite companies slipping twice as many phishing decoys into their employees’ email inboxes than in the prior year, attackers gained entry to a whopping 83% of companies, a new Proofpoint report found. Fund managers are frequently finding themselves on the receiving ends of these phishing and other social engineering attacks. This second article in a two-part series describes the latest twists in social engineering techniques; key brand-name lures; and ways fund managers and other organizations can gauge the success of their phish-prevention programs. It also includes charts that show training results by industry and department, based on 115 million emails. The first article provided four key suggestions for boosting employee training effectiveness, described a controversy about disciplining slow-to-adjust employees and highlighted an overlooked third-party risk. See “Beware of False Friends: A Hedge Fund Manager’s Guide to Social Engineering Fraud” (Mar. 8, 2018).