Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Mint Mobile, Porting Numbers, and Identity Theft

US telecommunications company Mint Mobile warned some users that their phone numbers had temporarily been ported to another carrier by an unauthorized individual, which allowed the ...
Continue Reading

Nearly Every Organization Has Had an Insider-Caused Data Breach in the Last Year

Whether it’s from an accidental leak of data or falling victim to a phishing attack, new data from email security vendor Egress puts the insider’s role in breaches into critical ...
Continue Reading

Facebook Disrupts Iranian Social Engineering Operation

Facebook has taken down an operation by Iranian hackers targeting military, defense, and aerospace entities, particularly focused on the US.
Continue Reading

Cryptocurrencies and Email Extortion Trends

Researchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the ...
Continue Reading

Spear Phishing Campaign Targets Energy Companies

Researchers at Intezer have spotted a phishing campaign that’s targeting energy companies in South Korea, the United States, the United Arab Emirates, and Germany. Most of the targets are ...
Continue Reading

Phishbait Follows Current Events

Crisis draws opportunistic criminals, and the Kaseya ransomware incident is no different. Kaseya’s updates on the incident have included repeated warnings not to be taken in by emails or ...
Continue Reading

The Pandemic’s Paradigm Shift with Cybersecurity

Just over a year ago, a much-prized perk – the ability to work from home – became an everyday reality for many. ITWeb, in partnership with KnowBe4, conducted a survey to gain insight into ...
Continue Reading

Social Engineering and Organizational Culture

Consistent awareness training is necessary to fend off phishing attacks, according to Keatron Evans, a principal security researcher, instructor, and author with Infosec. In an interview ...
Continue Reading

KnowBe4’s 2021 Phishing By Industry Benchmarking Report Reveals that 31.4% of Untrained End Users Will Fail a Phishing Test

Guess what? Over the past several months, the KnowBe4 elves have been working around the clock analyzing billions of rows of data to uncover meaningful insights. Their latest offering is ...
Continue Reading

Lazarus Group Continues Targeting Defense Contractors

North Korea’s Lazarus Group has been launching phishing campaigns against more defense contractors and engineering companies, according to researchers at AT&T Alien Labs. The attackers ...
Continue Reading

87% Increase in Social Engineering Scams During the First Quarter of 2021 Compared to Q1 2020

There was an 87% increase in social engineering scams during the first quarter of 2021 compared to Q1 2020, according to Ayelet Biger-Levin from BioCatch. In an article for The Paypers, ...
Continue Reading

It Was Only a Matter of Time: The Ransomware Ecosystem Has Given Birth to VC Investors

Security firm LIFARS confirms that cybercriminals are acting like venture capital investors, funding startup cybercriminal organizations, such as Darkside Ransomware.
Continue Reading

New IcedID and QBot Phishing Campaigns Are Running Amuck

Researchers at Kaspersky recently spotted two widespread phishing campaigns delivering the IcedID and QBot banking Trojans. The majority of users targeted by the IcedID campaign were ...
Continue Reading

Almost All LinkedIn User’s Data Has Been Scraped and is Up for Sale on the Dark Web

700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.
Continue Reading

35% of All Security Incidents are Business Email Compromise Phishing Attacks

With the bad guys looking for the fastest means to get from attack to a big payout, BEC tactics are shifting tactics to adjust to organizations being better prepared.
Continue Reading

Misconfigured Cloud Database Increases Risk of Social Engineering

DreamHost, a major website hosting provider, exposed 814 million user account records in an unsecured database, researchers at Website Planet have found. The data exposed included a ...
Continue Reading

Threat Actors use Google Ads to Target People Migrating to Encrypted Messaging Services like Signal and Telegram

Researchers at eSentire warn that threat actors have been using Google Ads to target people migrating from WhatsApp to other encrypted messaging services, particularly Signal and Telegram.
Continue Reading

Attackers Abuse Google Docs for Phishing Attacks

Attackers are using a new technique to exploit Google Docs for phishing attacks, according to researchers at Avanan. The attackers take advantage of the fact that Google Docs ...
Continue Reading

Leaked Copies of Windows 11 Could Be Tempting Phishbait for Techies

The latest anticipated release of Windows should be a reminder that even IT folks can be driven into a frenzy enough to miss the signs of a malicious campaign.
Continue Reading

Understanding Ransomware’s True Costs

We all know ransomware is pretty bad, but if you are a cybersecurity risk manager trying to justify the latest purchase to mitigate it, nailing down real numbers can be pretty hard. There ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews