Game-Changer: Biometric-Stealing Malware

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the ...
Continue Reading

When Threat Actors Don’t Have a Viable Email Platform to Phish From, They Just Steal Yours

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services.
Continue Reading

Credential Theft Is Mostly Due To Phishing

According to IBM X-Force’s latest Threat Intelligence Index, 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid ...
Continue Reading

Anyone Can Be Scammed and Phished, With Examples

I recently read an article about a bright, sophisticated woman who fell victim to an unbelievable scam. By unbelievable, I mean most people reading or hearing about it could not believe ...
Continue Reading

IBM Tests Audio-Based Large Language Model to Hijack Live Conversations

With the idea in mind to “audio-jack” a live call-based banking transaction, security researchers were successful in inserting cybercriminal-controlled account details.
Continue Reading

Cybersecurity Resiliency and Your Board of Directors

Growing cybersecurity threats, especially ransomware attacks, and the Securities and Exchange Commission’s (SEC) recent rules have made having a cybersecurity-aware Board of Directors ...
Continue Reading

Fake “I Can’t Believe He’s Gone” Posts Seek to Steal Facebook Credentials

A new scam relies on a victim's sense of curiosity, brand impersonation, and the hopes of a new login to compromise Facebook credentials.
Continue Reading

New Phishing-As-A-Service Kit with Ability to Bypass MFA Targets Microsoft 365 Accounts

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri.
Continue Reading

Facebook Phishing Scams Target Concerned Friends and Family

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles ...
Continue Reading

Beware of "Get to Know Me" Surveys

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always ...
Continue Reading

Beware of Fraudulent Charge Messages

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.
Continue Reading

Phishing Reigns as the Most Likely and Most Feared Cyber Attack

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials.
Continue Reading

Phishing-Resistant MFA Will Not Stop Phishing Attacks

You would be hard-pressed to find an author and organization (KnowBe4) that has pushed the use of phishing-resistant multi-factor authentication (MFA) harder.
Continue Reading

Cybercrime Group "Scattered Spider" is a Social Engineering Threat

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released a joint Cybersecurity Advisory describing the Scattered Spider cybercriminal gang’s activities.
Continue Reading

Targeted Social Engineering on the Rise With Lowering Phishing-as-a-Service Costs

Targeted individuals were the most common victims of social engineering attacks in the second half of 2022 and the first half of 2023, according to researchers at AtlasVPN.
Continue Reading

Spear Phishing Becomes Most Common Attack Technique in Q3 2023

Spear phishing was the most common attack technique in the third quarter of 2023, according to researchers at ReliaQuest.
Continue Reading

Cybercriminal Group Octo Tempest and Its Menacing Phishbait

Microsoft is tracking a cybercriminal group called “Octo Tempest” that uses threats of violence as part of its social engineering and data theft extortion campaigns.
Continue Reading

A Brief History of Phishing, and Other Forms of Social Engineering

Social engineering attacks have a very long history, though the Internet has made it easier to launch these attacks en masse, according to Sean McNee at DomainTools. McNee points to an ...
Continue Reading

[HEADS UP] If You're a LastPass User, You May be the Next Phishing Email Target

Cybercriminals are not holding back on LastPass users as a new phishing campaign has recently launched with the intent to steal your data.
Continue Reading

MFA Defenses Fall Victim to New Phishing-As-A-Service Offerings

ZeroFox warns that phishing-as-a-service (PhaaS) offerings are increasingly including features to bypass multi-factor authentication.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews