Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Tribune Publishing apologizes for fake bonus offer in phishing-simulation email

Yesterday at the end of the day, I was called by our PR team who got alerted by tech support about a Twitter post that was going viral. Turns out a custom phishing test created by one of ...
Continue Reading

How to Become a Harder Target From Malicious Threat Actors

The US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory regarding threat actors associated with China’s Ministry of State ...
Continue Reading

High-Profile Caper Spawns Phishing Campaign

A phishing campaign is using the recent Twitter hack as phishbait, HackRead reports. In mid-July, hackers used social engineering against Twitter employees to gain access to more than a ...
Continue Reading

Funds Transfer Fraud Has Increased 35% Since the Onset of COVID-19

With reported losses from thousands of dollars to well over $1 million, funds transfer fraud represents 27% of cyber insurance claims in 2020.
Continue Reading

Extradited Member of a U.K. Scammer Highlights How His Gang Took Banks for $2 Million

Details on how this global gang of cybercriminals used spoofing and impersonation methods to social engineer banks time and time again shows how effective these tactics are.
Continue Reading

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Originally seen all the way back in 2008, this banking trojan is continuously being developed. Its latest iteration is downright nasty and has already infected 5% of all organizations ...
Continue Reading

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

There is an old Dutch expression: "High trees catch a lot of wind". Well. once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In ...
Continue Reading

Threat Group DeathStalker Uses PowerShell-based Implant Powersing to Hack into Financial Services Firms

Apparently focused on more intelligence gathering than taking direct malicious action against the organizations they compromise, this attack is filled with ingenuity.
Continue Reading

The Heart has Its Reasons, but Those Shouldn't Become an Enterprise Risk

The FBI has warned that victims of romance scams lost $475 million in 2019, BleepingComputer reports. In Idaho alone, nearly one hundred of these victims lost more than $1 million each. ...
Continue Reading

The Bureau Explains How Tech Support Scams Work

Tech support scams function like organized businesses and consist of various criminals fulfilling different roles, according to court documents obtained by ZDNet. The documents contain ...
Continue Reading

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.
Continue Reading

[Heads Up] Weaponized Disinformation Campaigns Skyrocket; KnowBe4 Releases New Spot & Stop DisInfo Training Module

Disinformation is a potent weapon in the current cold cyberwar arsenal. DisInfo attacks are skyrocketing and the number of countries using organized social media manipulation is going up ...
Continue Reading

An Embarrassment of Riches: Malicious Actors Target AWS Accounts

Amazon is an obvious target for malicious actors looking to leverage the trust and authority enjoyed by a widely known online service or brand in malicious emails and social engineering ...
Continue Reading

New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

Aimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.
Continue Reading

The Most Effective Attacks Are Often the Simplest

The recent Twitter hack shows that devastating security breaches don’t always involve sophisticated actors or methods, according to Rachel Tobac, CEO of SocialProof Security. On the ...
Continue Reading

Having a Wonderful Time, Wish Your Data Were Here

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued an alert warning that someone is impersonating the OCR and sending fraudulent postcards to ...
Continue Reading

Phishing Golden Hour

In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...
Continue Reading

My lazy Sunday afternoon was interrupted...

My lazy Sunday afternoon was interrupted with what appeared to be a prank, a social engineering attempt, or something else that remains to be identified. 
Continue Reading

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...
Continue Reading

The Importance of Identifying and Focusing on the Malicious Behavior

Identifying malicious behavior is a more effective long-term strategy than trying to block individual malicious actors, according to Johnathan Hunt, Vice President of Security at GitLab. ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews