Researchers at Malwarebytes warn that a malvertising campaign they call “malsmoke” has stopped deploying exploit kits and is now using social engineering attacks to trick users into installing malware. The threat actor behind this campaign generally targets high-traffic adult websites. In the latest campaign, the attackers began using web pages that purport to contain an adult video, and inform users that they’ll need to install a Java plugin in order to view the video.

“Starting mid-October, the threat actors behind malsmoke appear to have phased out the exploit kit delivery chains in favor of a social engineering scheme instead,” the researchers write. “The new campaign is tricking visitors to adult websites with a fake Java update. This change is significant because it drastically increases the target audience, no longer limiting it to Internet Explorer users running outdated software.”

The use of social engineering also gives the attackers flexibility in how they target their victims, and enables them to improve upon their techniques in the future.

“The threat actors could have designed this fake plugin update in any shape or form,” Malwarebytes says. “The choice of Java is a bit odd, though, considering it is not typically associated with video streaming. However, those who click and download the so-called update may not be aware of that, and that’s really all that matters.”

Malwarebytes concludes that social engineering schemes will remain relevant, since they’re cheaper and often more efficient than technical exploits.

“In the absence of high value software vulnerabilities and exploits, social engineering is an excellent option as it is cost effective and reliable,” the researchers explain. “As far as web threats go, such schemes are here to stay for the foreseeable future.”

Technical vulnerabilities can always be patched, but humans need to receive education to combat social engineering attacks. New-school security awareness training can help your employees stay ahead of these evolving tactics.