Government Workers as Phishing Targets

Jan 12, 2023 8:56:34 AM By Stu Sjouwerman

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific ...

Phishing in the Service of Espionage

Jan 9, 2023 9:14:12 AM By Stu Sjouwerman

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked ...

There is a New Trend in Social Engineering with a Disgusting Name; "Pig-butchering"

Jan 3, 2023 1:52:21 PM By Stu Sjouwerman

The technique began in the Chinese underworld, and it amounts to an unusually protracted form of social engineering. The analogy is with fattening up a pig, then butchering it for all ...

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

Dec 30, 2022 2:40:01 PM By Stu Sjouwerman

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.

One Out of 10 Threats Still Make It All the Way to the Endpoint

Dec 30, 2022 2:34:39 PM By Stu Sjouwerman

Despite good intentions, layered security measures, and efficacy claims by security solution vendors, new data shows that email-based threats are still getting all the way to the Inbox.

Phishing Activity Rose 130% in the Second Half of 2022, Representing Three-Quarters of All Email-Based Attacks

Dec 29, 2022 10:22:48 AM By Stu Sjouwerman

New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

Dec 28, 2022 2:27:36 PM By Roger Grimes

By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...

QBot Malware Attacks Use SVG files to Perform HTML Smuggling

Dec 27, 2022 9:20:16 AM By Stu Sjouwerman

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.

Spear Phishing Campaign Targets Japanese Political Organizations

Dec 22, 2022 9:43:59 AM By Stu Sjouwerman

Researchers at ESET warn that a Chinese-speaking threat actor dubbed “MirrorFace” targeted Japanese political organizations with spear phishing emails in the run-up to the Japanese House ...

"How I lost my dog and almost my Google credentials..."

Dec 21, 2022 4:45:48 PM By Stu Sjouwerman

A well-trained Knowster posted: "I lost my dog this weekend and my mother in law was trying to be helpful and put my real phone number on a few social media posts she made. Now im getting ...

Ivanti Report Shows Cybersecurity Practitioners Concentrating on Right Threats

Dec 21, 2022 9:25:23 AM By Roger Grimes

A recent Ivanti report shows cybersecurity practitioners getting more focused on the threat landscape, but defenders may need to hone their attention to focus on the right threats.

Now BEC Attacks Steal Physical Goods

Dec 20, 2022 8:49:21 AM By Stu Sjouwerman

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) have released a joint ...

Social Engineering, Money Mules, and Job Seekers

Dec 19, 2022 10:32:37 AM By Stu Sjouwerman

A small town in Manitoba, WestLake-Gladstone (population about 3300), fell victim to a social engineering campaign. The municipal government seems to have been a target of opportunity, ...

Look Out For Scammers This Holiday Season on Social Media

Dec 14, 2022 9:12:39 AM By Erich Kron

You know how some gifts are insanely sought after each year, selling out in mere minutes? Well, these are great tools for scammers, especially on social media.

[EYE OPENER] How ChatGPT Can Be Used For Social Engineering

Dec 10, 2022 10:12:36 AM By Stu Sjouwerman

ChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In 5 seconds the ...

Scammer Group Uses Business Email Compromise to Impersonate European Investment Portals

Dec 8, 2022 8:58:00 AM By Stu Sjouwerman

A sophisticated scammer group has stolen at least €480 million from victims in France, Belgium, and Luxembourg since 2018, according to researchers at Group-IB. The gang uses a highly ...

New Threat Group Already Evolves Delivery Tactics to Include Google Ads

Dec 2, 2022 12:36:56 PM By Stu Sjouwerman

Delivering an equally new Royal ransomware, this threat group monitored by Microsoft Security Threat Intelligence has already shown signs of impressive innovation to trick victims.

Quiet Quitting Can Potentially Lead to Insider Security Risks

Nov 29, 2022 8:52:45 AM By Stu Sjouwerman

The phenomenon known as “quiet quitting,” in which employees become disengaged from their work while formally remaining in their jobs, can lead to serious security risks, according to Tim ...

Merriam-Webster has announced "gaslighting" as the 2022 word of the year

Nov 29, 2022 7:13:38 AM By Stu Sjouwerman

Merriam-Webster has announced "gaslighting" as the 2022 word of the year. One definition of gaslighting is "to manipulate (someone) into believing that he or she is going insane or that ...

There’s No Such Thing as a Free Yeti, Only Social Engineering Tactics

Nov 28, 2022 11:34:57 AM By Stu Sjouwerman

It’s easy to think of the typical online holiday scam as something that affects mostly individuals. Sad, maybe, and unfortunate, but not something that might seriously threaten a ...

Security Awareness Training Blog

Social Engineering Blog

View Topics