Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

BEC Group Launches Hundreds of Campaigns

A business email compromise (BEC) gang has launched more than 350 attacks against organizations in the US, according to researchers at Abnormal Security. The threat actor, which Abnormal ...
Continue Reading

Alert: Refund Scam Targeting Federal Agencies via RMM Software

At least two federal civilian agencies were the unfortunate victims of a refund scam campaign, perpetrated through the use of remote monitoring and management (RMM) software. CISA, the ...
Continue Reading

Do Not Get Fooled Twice: Mailchimp's Latest Breach Raises Alarm Bells – Protect Yourself Now!

For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack ...
Continue Reading

The Current State of Cybersecurity Should Fear AI Tools Like ChatGPT

Malicious use of the text-based AI has already begun to be seen in the wild, and speculative ways attackers can use ChatGPT may spell temporary doom for cybersecurity solutions.
Continue Reading

Unusual Blank-Image Phishing Attacks Impersonate DocuSign

An unusual phishing technique has surfaced this week. Avanan, a Check Point Software company, released a blog Thursday morning detailing a new attack in which hackers hide malicious ...
Continue Reading

[Ache In the Head] The Problems With Your Not-So-Secure Email Gateway

I have been doing some research on Secure Email Gateways. The picture is not that pretty.  Below I will summarize what I found.
Continue Reading

[Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to ...
Continue Reading

Government Workers as Phishing Targets

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific ...
Continue Reading

Phishing in the Service of Espionage

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked ...
Continue Reading

There is a New Trend in Social Engineering with a Disgusting Name; "Pig-butchering"

The technique began in the Chinese underworld, and it amounts to an unusually protracted form of social engineering. The analogy is with fattening up a pig, then butchering it for all ...
Continue Reading

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.
Continue Reading

One Out of 10 Threats Still Make It All the Way to the Endpoint

Despite good intentions, layered security measures, and efficacy claims by security solution vendors, new data shows that email-based threats are still getting all the way to the Inbox.
Continue Reading

Phishing Activity Rose 130% in the Second Half of 2022, Representing Three-Quarters of All Email-Based Attacks

New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.
Continue Reading

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...
Continue Reading

QBot Malware Attacks Use SVG files to Perform HTML Smuggling

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.
Continue Reading

Spear Phishing Campaign Targets Japanese Political Organizations

Researchers at ESET warn that a Chinese-speaking threat actor dubbed “MirrorFace” targeted Japanese political organizations with spear phishing emails in the run-up to the Japanese House ...
Continue Reading

"How I lost my dog and almost my Google credentials..."

A well-trained Knowster posted: "I lost my dog this weekend and my mother in law was trying to be helpful and put my real phone number on a few social media posts she made. Now im getting ...
Continue Reading

Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

A recent Ivanti report shows cybersecurity practitioners getting more focused on the threat landscape, but defenders may need to hone their attention to focus on the right threats. 
Continue Reading

Now BEC Attacks Steal Physical Goods

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have released a joint ...
Continue Reading

Social Engineering, Money Mules, and Job Seekers

A small town in Manitoba, WestLake-Gladstone (population about 3300), fell victim to a social engineering campaign. The municipal government seems to have been a target of opportunity, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews