Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...
Continue Reading

The Importance of Identifying and Focusing on the Malicious Behavior

Identifying malicious behavior is a more effective long-term strategy than trying to block individual malicious actors, according to Johnathan Hunt, Vice President of Security at GitLab. ...
Continue Reading

Hacked High-Profile Twitter Accounts Are Used to Promote a Cryptocurrency Scam

Using the theme of partnering with a made up COVID-19 non-profit, the latest hack on twitter allowed some pretty prominent accounts to be used as pawns in a scam that netted $120K.
Continue Reading

The Recent Massive Twitter Social Engineering Hack Was Tried And True Pretexting

The verge reported: "Twitter provided an update about the unprecedented July 15th attack that allowed hackers to tweet from some of the most high-profile accounts on the service, in a ...
Continue Reading

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...
Continue Reading

[HEADS UP] Coronavirus Scams in the U.K. You Should be Wary Of

According to a recent report from BBC News, the bad guys are using the coronavirus pandemic to use social engineering to trick people out of their cash.
Continue Reading

Social Engineering from an Actuarial Point of View

Employees need to maintain their security habits while working from home, emphasizes Scott Godes, a partner at Barnes & Thornburg. On the CyberWire’s Caveat podcast, Godes explained that ...
Continue Reading

Vanity, Thy URL is Zoom

Zoom has fixed a security flaw that could have allowed attackers to launch hard-to-spot phishing attacks using the platform, according to researchers at Check Point who discovered and ...
Continue Reading

Don't Overlook Policy When Designing Security

There’s no single defense against phishing and other social engineering attacks, according to Kevin O’Brien, CEO and co-founder of email security company GreatHorn. On the CyberWire’s ...
Continue Reading

I Testified Before U.S. Congress About COVID-19 Phishing Scams

Yesterday, July 21, 2020 I testified before U.S. congress about COVID-19 phishing scams. I was invited by the Senate Commerce Committee's subcommittee on manufacturing, trade, and ...
Continue Reading

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent ...
Continue Reading

[Heads Up] Twitter Employees Fall For Social Engineering Attack And The Bad Guys Get "God Mode"

A number of high-profile Twitter accounts were hacked including those of Elon Musk, Bill Gates, Kanye West, Joe Biden and Barack Obama.  This is clearly the worst hacking incident ...
Continue Reading

Gartner: You Should Focus On These 7 Specific COVID-19 IT Security Areas

Gartner observed: "Rapid responses to the coronavirus pandemic leave organizations vulnerable to security breaches. Security and risk teams must remain vigilant and focus on strategic ...
Continue Reading

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...
Continue Reading

Half of all Remote Employees Aren’t the Slightest Bit Prepared for Cyberattacks

New data from IBM suggests that employees, their devices, training, and organizational policies are all lacking when it comes making sure remote workers don’t become a victim of ...
Continue Reading

Business Email Compromise Attacks Focused on Invoice Fraud Surge by 75%

As attacks on the C-Suite decline, new data shows that employees in finance department roles are critical to the success of shifts in attack campaign strategy.
Continue Reading

New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

According to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.
Continue Reading

How You Can Increase Employee Engagement with Security Awareness Training

One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...
Continue Reading

Slack Phishing

People need to be able to use their instincts in order to spot new phishing techniques, according to Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs. On the CyberWire’s ...
Continue Reading

Pyongyang's Phishing with Job Offers

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews