Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Malicious Loan Apps Target Android Users in Africa, South America and Asia

Researchers at McAfee warn of a surge in malicious loan apps targeting Android users across South America, Southern Asia, and Africa.
Continue Reading

Chinese Threat Actor Targets Black Friday Shoppers With Phishing Campaign

Researchers at EclecticIQ warn that the financially motivated Chinese threat actor “SilkSpecter” has launched a phishing campaign targeting Black Friday shoppers across Europe and the US.
Continue Reading

U.K. Residents are Victims of the Latest Phishing Scam Targeting Starbuck Customer Credentials

Analysis of a new phishing attack highlight just how easy it can be to spot these kinds of attacks if recipients were properly educated.
Continue Reading

Phishing Emails Use SVG Files to Avoid Detection

Phishing emails are increasingly using Scalable Vector Graphics (SVG) attachments to display malicious forms or deliver malware, BleepingComputer reports.
Continue Reading

[Heads Up] Bad Actor Uses Deepnude AI Image Generator to Lure And Infect Users

The threat group FIN7 is using the lure of generating nude images of favorite celebrities to get victims to download their NetSupport RAT.
Continue Reading

Phishing Attacks Exploits the Open Enrollment Period

A phishing campaign is impersonating HR to target employees who are making annual insurance changes during the open enrollment period, according to researchers at Abnormal Security.
Continue Reading

Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack

The newly released single largest analysis of cyber attacks across all of 2023 show a strong tie between the use of phishing and techniques designed to gain credentialed access.
Continue Reading

Nation-State Threat Actors Rely on Social Engineering First

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique.
Continue Reading

[FREE RESOURCE KIT] Stay Cyber Safe this Holiday Season with Our Free 2024 Resource Kit!

Isn’t it typical for bad actors to strike when we’re distracted and busy during this time of year?
Continue Reading

Criminals Use Search Engine Poisoning to Boost Phishing Pages

Researchers at Malwarebytes warn that cybercriminals are using search engine poisoning to boost phishing pages to the top of Bing’s search results.
Continue Reading

[Eye Opener] Attackers Don’t Hack, They Log In. Can You Stop Them?

The latest trend in cybercrime is that attackers don't really focus on “hacking” in; they’re logging in.
Continue Reading

BlackBasta Ransomware Gang Uses New Social Engineering Tactics To Target Corporate Networks

ReliaQuest warns that the BlackBasta ransomware gang is using new social engineering tactics to obtain initial access within corporate networks.
Continue Reading

Attackers Abuse Eventbrite to Send Phishing Emails

Attackers are abusing Eventbrite’s scheduling platform to send phishing emails, according to researchers at Perception Point. These attacks increased by 900% between July and October 2024.
Continue Reading

If Social Engineering Is 70% - 90% of Attacks, Why Aren’t We Acting Like It?

Over a decade ago, I noticed that social engineering was the primary cause for all malicious hacking. It has been that way since the beginning of computers, but it took me about half of ...
Continue Reading

QR Code Phishing is Growing More Sophisticated

Sophos describes a QR code phishing (quishing) campaign that targeted its own employees in an attempt to steal information.
Continue Reading

4 out of 10 Phishing Emails Are Sent From a Compromised Email Account

Analysis of phishing emails in the second quarter of this year paints a picture of what security teams and vigilant recipients should expect from modern phishing attacks.
Continue Reading

Threat Actors Compromise Valid Accounts Via Social Engineering

Phishing remains a top initial access vector for cyberattacks, according to researchers at Cisco Talos.
Continue Reading

The £3 Million Daily Heist

A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 ...
Continue Reading

Cybersecurity Budgets Are Increasing, but Security Leaders Don’t Think It’s Enough

Despite the belief that today’s SOC should be doing the lion’s share of protecting an organization, new data shows reliance on more than just security teams is needed.
Continue Reading

[2025 Is Too Late] - European Companies Must Act Now Against AI-Powered Cyber Threats

European Organizations Can't Afford to Wait: Critical Cybersecurity Threats Demand Immediate Action
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews