Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.
Scammers are increasingly using visually stylized QR codes to deliver phishing links, Help Net Security reports. QR code phishing (quishing) is already more difficult to detect, since ...
A widespread phishing campaign is targeting LinkedIn users by posting comments on users’ posts, BleepingComputer reports. Threat actors are using bots to post the comments, which ...
A survey by the World Economic Forum (WEF) found that 47% of organizations cite the advancement of adversarial capabilities as their top concern surrounding generative AI.
Researchers at Gen warn that a phishing campaign is attempting to trick users into linking malicious devices to their WhatsApp accounts.
Amazon has blocked more than 1,800 suspected North Korean applicants from joining the company since April 2024, TechRadar reports. Amazon’s Chief Security Officer, Stephen Schmidt, said ...
Researchers at Push Security have observed a new variant of the ClickFix attack that combines “OAuth consent phishing with a ClickFix-style user prompt that leads to account compromise.”
Over 90% of parked domains now direct users to malicious content, compared to less than 5% a decade ago, according to researchers at Infoblox.
Eighty-one percent of small businesses suffered a security or data breach over the past year, and 38% of these businesses were forced to raise their prices as a result, a report from the ...
Lead analysts: Cameron Sweeney, Lucy Gee, Louis Tiley, James Dyer “Super-app” WeChat offers a wealth of functionality—from instant messaging, text and voice messaging, and video calls to ...
A friend of mine, John D., received this outreach on Threads (see below). At first, he thought it was the standard fake employer scam, but it is more than that. It is very likely part of ...
Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email ...
Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts.
ReliaQuest warns that the cybercriminal collective “Scattered Lapsus$ Hunters” appears to be using social engineering attacks to target organizations’ Zendesk instances.
A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog.
Here's a curious thing about people, sometimes we crave the familiar, and sometimes we demand the novel.
Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing malware on their mobile devices. Some of these ...
I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my!
A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s death and is trying to gain access to their ...
Human error remains the primary exploitation vector in mobile security incidents, according to Verizon’s latest Mobile Security Index (MSI).
Lead Analysts: Lucy Gee and James Dyer Cybercriminals want their payday. Unfortunately for the targets of phishing (and the organizations they work for) that means they’re constantly ...
