Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

APT Group Use Voice-Changing Software to Impersonate Women as Part of Espionage Attacks

The middle eastern threat group known as APT-C-23 are targeting male soldiers in the Israel Defense Forces in an attempt to get their victims to download and install malware.
Continue Reading

The Inside Man Season 1 Is Now Available on Amazon Prime Video

We're pleased to announce that season one of the award-winning security awareness training series 'The Inside Man' is now available on Amazon Prime.
Continue Reading

Office 365 Phishing Kits Are Being Used in a New Attack Targeting Execs and Finance

A new highly-targeted phishing campaign is seeking to compromise the online credentials of those with influence within an organization using an Office 365-themed update attack.
Continue Reading

Cybercrime Skyrocketed in the US by 55%

According to data released by StockApps, the annual loss from any type of cybercrime in the US reached $4.2 billion in 2020. This turns into billions of dollars lost, and a 55% increase ...
Continue Reading

Ubiquiti Cyber Attack Details Depict a Far More Disastrous Scenario Than Let On

New whistleblower details surrounding the December 2020 attack on the cloud-enabled IoT device manufacturer paints a far worse picture than what was disclosed.
Continue Reading

Security Awareness is the Key to Cybersecurity Behavior Change

As organizations seek to find ways to increase the effectiveness of their security stance, many are realizing the value of a cybersecurity-aware employee helping to keep the organization ...
Continue Reading

Forensically Investigating Phishing To Better Protect Your Organization

The single best thing you can do to reduce cybersecurity risk in your environment is to prevent and mitigate social engineering – phishing in particular. The first and best thing any IT ...
Continue Reading

Avoid Being Influenced by Instagram Scams

People need to be able to recognize common scams that will target them through Instagram and other social media sites, according to Harriet Stone at Naked Security. Stone points to ...
Continue Reading

A Can of Phishbait: from Surveys to Rule Changes to Your Boss's Boss

Employees need to continue being wary of phishing scams as they begin to return to the office, according to Roger Kay at INKY. Kay describes several phishing templates that INKY has ...
Continue Reading

Not Your Father's Tech Support Scam

Over the past month or so customers using the Phish Alert Button (PAB) have been reporting a curious wave of what initially appeared to be run-of-the-mill tech support scam emails. As it ...
Continue Reading

Many Ways To Hack MFA

I have spent a lot of time thinking about how to hack multifactor authentication (MFA) solutions. I have done so my whole career, deploying dozens, if not hundreds, of MFA projects. Also, ...
Continue Reading

Mom Charged in Deepfake Cheerleading Plot

Raffaela Marie Spone, a 50-year-old mom from Pennsylvania, has been arrested after allegedly leveraging deepfake technology to target several of her daughter’s cheerleading rivals.
Continue Reading

Researchers Have Their Eye on Malicious Clones of Android Apps That Put Devices at Risk

Researchers at Check Point have found malicious apps in the Google Play Store that will download Trojans to infected devices.
Continue Reading

[EYE-OPENER] USA CISA Advisory on Trickbot Campaigns: Phishing Training For Employees

March 17, 2021 — The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) have observed continued targeting through spear phishing campaigns ...
Continue Reading

Make No Mistake, This Changes Everything: Nation-State 2.0

Every organization needs to figure out their increased cyber risk from nation-state warfare attacks and deploy mitigations.
Continue Reading

Give Me £1,000 to Stop Calling You

Some scammers are taking a more direct approach to asking for money, according to BBC reporter Jane Wakefield. Wakefield received a call from a scammer who claimed to work for Microsoft, ...
Continue Reading

6 Advanced Email Phishing Attacks

No matter how good your policies and technical defenses are, some amount of phishing will get to your end users in a given month. They must be trained to recognize social engineering ...
Continue Reading

FBI Warns Against Deepfakes' Potential for Social Engineering

The FBI has issued an advisory warning of an expected increase in the use of deepfakes for social engineering attacks. Deepfakes are images, videos, audio, or text created via AI to ...
Continue Reading

NIST Updates You Should Be Aware About

By Perry Carpenter,  KnowBe4 Chief Evangelist and Strategy Officer. If you’ve been in IT or infosec for any length of time, you’ve probably heard of NIST (the National Institute of ...
Continue Reading

Phishing Scammers Send a Fake “Private Shared Document” as the Initial Attack Vector for Stealing LinkedIn Credentials

A new social engineering scam demonstrates how cybercriminals are both evolving their tactics while still using tried and true methods that just work to attain their goals.
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews