Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.
Continue Reading

Nation-State Threat Actors Rely on Social Engineering First

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique.
Continue Reading

[FREE RESOURCE KIT] Stay Cyber Safe this Holiday Season with Our Free 2024 Resource Kit!

Isn’t it typical for bad actors to strike when we’re distracted and busy during this time of year?
Continue Reading

Criminals Use Search Engine Poisoning to Boost Phishing Pages

Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results.
Continue Reading

[Eye Opener] Attackers Don’t Hack, They Log In. Can You Stop Them?

The latest trend in cybercrime is that attackers don't really focus on “hacking” in; they’re logging in.
Continue Reading

BlackBasta Ransomware Gang Uses New Social Engineering Tactics To Target Corporate Networks

ReliaQuest warns that the BlackBasta ransomware gang is using new social engineering tactics to obtain initial access within corporate networks.
Continue Reading

Attackers Abuse Eventbrite to Send Phishing Emails

Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024.
Continue Reading

If Social Engineering Is 70% - 90% of Attacks, Why Aren’t We Acting Like It?

Over a decade ago, I noticed that social engineering was the primary cause for all malicious hacking. It has been that way since the beginning of computers, but it took me about half of ...
Continue Reading

QR Code Phishing is Growing More Sophisticated

Sophos describes a QR code phishing (quishing) campaign that targeted its own employees in an attempt to steal information.
Continue Reading

4 out of 10 Phishing Emails Are Sent From a Compromised Email Account

Analysis of phishing emails in the second quarter of this year paints a picture of what security teams and vigilant recipients should expect from modern phishing attacks.
Continue Reading

Threat Actors Compromise Valid Accounts Via Social Engineering

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos.
Continue Reading

The £3 Million Daily Heist

A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 ...
Continue Reading

Cybersecurity Budgets Are Increasing, but Security Leaders Don’t Think It’s Enough

Despite the belief that today’s SOC should be doing the lion’s share of protecting an organization, new data shows reliance on more than just security teams is needed.
Continue Reading

[2025 Is Too Late] - European Companies Must Act Now Against AI-Powered Cyber Threats

European Organizations Can't Afford to Wait: Critical Cybersecurity Threats Demand Immediate Action
Continue Reading

More Than 33,000 People in the UK Have Been Hacked Over the Past Year

Action Fraud, the UK’s national fraud and cyber crime reporting service, warns that more than 33,000 people have reported that their online accounts have been hacked over the past year.
Continue Reading

KnowBe4's Cybersecurity Experts Shine at Barnes & Noble in New York City

New York City's iconic Barnes & Noble on 5th Avenue recently featured the newly released books of two of KnowBe4's leading cybersecurity experts: Chief Human Risk Management Officer ...
Continue Reading

North Korean IT Worker Threat: 10 Critical Updates to Your Hiring Process

KnowBe4 was asked what changes were made in the hiring process after the North Korean (DPRK) fake IT worker discovery. Here is the summary and we strongly suggest you talk this over with ...
Continue Reading

FBI Warns Scammers Are Targeting Law Firms For Phony Debt Collections

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme.
Continue Reading

Phishing Attacks Are Abusing Legitimate Services to Avoid Detection

Microsoft warns that threat actors are abusing legitimate file-hosting services to launch phishing attacks. These attacks are more likely to bypass security filters and appear more ...
Continue Reading

North Korean Hackers Continue to Target Job Seekers

A North Korean threat actor is launching social engineering attacks against job seekers in the tech industry, according to researchers at Palo Alto Networks’ Unit 42.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews