KnowBe4

Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

"Hacking Humans" Is The 2019 No. 1 Podcast Covering Social Engineering!

Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on ...
Continue Reading

Credentials and Personal Data Continue to be the Primary Targets of Social Engineering Scams

Targeted attacks are increasing, with cybercriminals focused on stealing information that can be used to impersonate a user and perpetuate their scams.
Continue Reading

RSA’s Best Social Engineering News

KnowBe4 was at RSA 2019 this year with two booths, in both the North and South Hall. The show was humongous as usual and a torrent of news was released. I was there and it was a challenge ...
Continue Reading

Ins and Outs of Impersonation...and Kidnapping

Impersonation attacks and business email compromise (aka CEO fraud) can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost ...
Continue Reading

Kevin Mitnick Demos Outlook Exchange Exploit

In a webinar last week Kevin Mitnick, KnowBe4's Chief Hacking Officer, shared a shocking demonstration of a recent Outlook Exchange exploit in which delegated access is allowed from any ...
Continue Reading

Business Email Compromise, Credential Theft, and Many Other Attack Vectors Surged as High as 5x in Q4 2018

The latest data from Proofpoint shows many types of cyberattacks making massive jumps in comparison to both previous quarters and years.
Continue Reading

[LIVE WEBINAR] Get an Insider View Into the Methods and Exploits of the World's Most Famous Hacker, Kevin Mitnick

Many of the world's most reputable organizations rely on Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, to uncover their most dangerous security flaws. ...
Continue Reading

Social Engineering Comes to Wikipedia

Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the ...
Continue Reading

Sextortion Phishing Scam Exploits Recent Breach Fears

Sextortion scam emails are circulating which claim that a popular adult site has been hacked, allowing an attacker to record videos of users through their webcams, according to Lawrence ...
Continue Reading

[Brilliant New Social Engineering Phish] "Please Docusign: Funding For Your Business"

A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection ...
Continue Reading

"Hacking Humans" Is The No. 1 Podcast Covering Social Engineering!

Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on ...
Continue Reading

Social Engineering Testing: Why Getting Hacked Is a Security Advantage

Stephanie Carruthers, People Hacker for IBM- X-Force Red wrote an excellent post about the need for red-teaming and pentesting your own organization. I'll quote the first paragraph or so, ...
Continue Reading

Online Job Offer Turns Would-Be Applicant into Unwitting Conspirator in Malware Attack

The context of contacting the victim via a credible website may be all that was needed to trick one job seeker into installing malware on the network of a bank.
Continue Reading

Criminals Make Off With USD $150,000 in Business Email Compromise Real Estate Scam

Scammers stole $150,000 from a woman during a real estate transaction last year, according to Lisa Vaas at Naked Security. Mireille Appert, a Swiss woman who lives in the United States, ...
Continue Reading

Firm in $1.7-million dispute with insurer because of social engineering fraud

Global law firm Dentons Canada LLP is locked in a $1.7-millon dispute with its insurer after staff at the firm’s Vancouver office fell victim to an alleged social engineering attack.
Continue Reading

Gartner's Neil Wynne: "Email Phishing is a Growing Threat"

Email phishing is a top threat to organizations because it works so well, according to Neil Wynne, principal and analyst for secure business enablement at Gartner. Wynne told Stephanie ...
Continue Reading

Is that phone call really from Amazon?

By Eric Howes,  KnowBe4 Principal Lab Researcher.  Now that it's the holiday season, malicious parties across the globe are exploiting Amazon's good name and popularity with consumers to ...
Continue Reading

CrowdStrike: Compelling Stories From The Cyber Intrusion Casebook 2018

From the Front Lines of Incident Response, the CrowdStrike Services Cyber Intrusion Casebook 2018 offers some compelling stories how threat actors are continuously adopting new means to ...
Continue Reading

[Heads-up] New Email Extortion Scam Bomb Threat Demands Bitcoin

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient's building that will be detonated unless a hefty bitcoin ransom is paid by ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews