Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Think Tanks Targeted by APT Actors

The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory warning that nation-state advanced persistent threat (APT) actors are targeting US ...
Continue Reading

Number of Phishing Websites Double and Unique Phishing Campaigns Triple in Q3

New data shows the bad guys have been working diligently to step up their game on both the front and back end of phishing attacks, despite still being mid-pandemic.
Continue Reading

Dutch Government Sees Phishing More Than Double in 2020

In an exclusive article, the Dutch IRS gave its perspective on the cyber threat landscape in the Netherlands. December is typically one of the busiest months of the year for cybercrime ...
Continue Reading

Giving Tuesday Means an Influx of Charity Scams

Giving Tuesday is a great idea for organizations and people to give back to people in need, especially during the COVID-19 pandemic. However, this causes concern for an increase in ...
Continue Reading

Fake Zoom Invite Leads to one Australian Company's Downfall

We've previously written blog posts to be cautious of suspicious Zoom meeting links, and we even reported a huge increase in phishing attacks using Zoom of August this year. The heads-up ...
Continue Reading

Journalists Need Phishing Awareness, Too

All types of journalists need to be wary of phishing and other social engineering attacks, according to Jacob Granger, writing at Journalism.co.uk. Granger quotes digital security expert ...
Continue Reading

You're Fired (Not Really, Just Clicked on a Phishing Email)

The operators of the BazarLoader malware are using phishing emails that inform people they’ve been terminated from their jobs, according to Linn Freedman, a partner at Robinson & Cole ...
Continue Reading

One-Third of Employees Say Their Company Has No Cybersecurity Measures in Place While Working from Home

At a time when organizations should be implementing additional security measure to ensure the logical perimeter of their network is protected, new research shows companies aren’t prepared.
Continue Reading

Google's Free Services and Phishing Campaigns: A Likely Pair

Cybercriminals are now launching phishing campaigns that abuse Google's free productivity tools while also using social engineering to trick you into installing malware.
Continue Reading

Spotting Retail Scams During the Holiday Season

People need to be particularly vigilant for scams as we approach the holiday shopping season, according to Laura Brooks at Tessian. Scammers always take advantage of seasonal trends, and ...
Continue Reading

[Free Resource Kit] Stay Safe This Holiday Season with KnowBe4!

This holiday season may be a little different this year, but users will still be focused on holiday activities. The bad guys can still take advantage of holiday distractions and use ...
Continue Reading

Nearly Half of Spear Phishing Emails Bypass Security Filters

47% of payloadless phishing emails are able to bypass the most popular secure email gateways (SEGs), according to researchers at IronScales. These are emails that don’t contain malicious ...
Continue Reading

Will You Get Spoofed for the Holidays? Find out for a Chance to WIN!

Are you aware that one of the first things hackers try is to see if they can spoof the email address of someone in your own domain?
Continue Reading

Why Use Malware When Cybercriminals Can Use Social Engineering?

Researchers at Malwarebytes warn that a malvertising campaign they call “malsmoke” has stopped deploying exploit kits and is now using social engineering attacks to trick users into ...
Continue Reading

Scammers Target Singles Day Shoppers

Shoppers need to be on the lookout for scammers as Singles Day begins in China and other countries around the world, the BBC reports. Singles Day is the world’s largest online shopping ...
Continue Reading

University Research Shows Security Awareness Training is a Necessary Layer of Defense

A research paper in the Journal of Computer Information Systems says that security awareness training is a necessary complement to technical defenses and security policies, SC Magazine ...
Continue Reading

Twitter Hack Only Took 24 Hours from Start to Takeover

A report from the New York Department of Financial Services covering the high-profile Twitter account hack from earlier in the year reveals how little time an attack takes to be ...
Continue Reading

BEC Incidents Intent on Invoice or Payment Fraud Increase 155% Across All Industries

Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up.
Continue Reading

Malicious Macros Remain Highly Effective

Microsoft Office documents with malicious macros are still one of the top choices for attackers of all skill levels, according to Craig Williams from Cisco Talos. On the CyberWire’s ...
Continue Reading

Cannabis Company GrowDiaries Suffers Data Breach of 3.4 Million Users

A recent report from SiliconANGLE released information that cannabis company GrowDiaries suffered a data breach with details of 3.4 million users being exposed online. 
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews