New Instagram Support Phishing Attack Fakes “Unusual Logon” Experience Well Enough to Fool Victims

Nov 22, 2022 9:36:16 AM By Stu Sjouwerman

Long gone are the days of tacky landing pages that barely impersonate a brand; threat actors are improving their social engineering game well enough to make anyone believe it’s the real ...

Over One-Third of Companies Who Pay the Ransom are Targeted for a Second Time

Nov 21, 2022 11:33:06 AM By Stu Sjouwerman

Despite the somewhat logical notion that once you’ve paid the ransom, the attack is over, new data shows that paying the ransom doesn’t help you anywhere near how much you think it does.

Fangxiao Domain-Spoofing for Revenue

Nov 16, 2022 9:07:56 AM By Stu Sjouwerman

Researchers at Cyjax describe a large phishing campaign being run by a China-based financially motivated threat actor called “Fangxiao.” The threat actor has been active since at least ...

[FREE Resource Kit] Stay Safe This Holiday Season with KnowBe4

Nov 15, 2022 12:32:09 PM By Stu Sjouwerman

It's the best time of the year! But also, it's the busiest time for cybercriminals. Since your users will be distracted with seasonal activities, cybercriminals will take advantage of the ...

“Hired Hand” in the Kingdom of Saudi Arabia Uses Domain Spoofing

Nov 15, 2022 8:59:27 AM By Stu Sjouwerman

Sometimes a social engineering campaign has a clear geographical focus, often shaped by language, holidays, or current events. In this case, the scammers are taking opportunistic ...

[HEADS UP] FBI Warns of Tech Support Scams That Impersonate Payment Portals for Fake Refunds

Nov 10, 2022 3:59:40 PM By Stu Sjouwerman

In the latest FBI warning, cybercriminals are now impersonating financial institutions' refund payment portals. This effort is to contain victims' personal information with legitimacy.

Here Is What You Can Do To Inspect SMS URL Links Before Clicking

Nov 9, 2022 4:39:12 PM By Roger Grimes

Phishing via Short Message Service (SMS) texts, what is known as smishing, is becoming increasingly common (some examples are shown below). There is probably not a person on Earth who ...

New Business Email Compromise Gang Impersonates Lawyers

Nov 7, 2022 10:23:46 AM By Stu Sjouwerman

A criminal gang is launching business email compromise (BEC) attacks by posing as “real attorneys, law firms, and debt recovery services.” The attackers send legitimate-looking invoices ...

Russian trolls and bots are back, targeting Tuesday’s U.S. midterms.

Nov 7, 2022 6:51:03 AM By Stu Sjouwerman

Steven Lee Myers at the NYT had the scoop on this typical Russian influence operation which really is social engineering at scale: "The user on Gab who identifies as Nora Berka resurfaced ...

Phishing Resistant MFA Does Not Mean Un-Phishable

Nov 2, 2022 3:16:23 PM By Stu Sjouwerman

Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

Nov 1, 2022 2:48:13 PM By Stu Sjouwerman

Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark ...

[Eye Opener] Work In IT? You Get Attacked Much More Than Other Employees

Oct 24, 2022 3:17:13 PM By Stu Sjouwerman

We received an interesting email from Elevate Security you need to be aware of. Their recent research showed: "Social engineering attacks are growing more sophisticated every day, ...

New Credential Harvesting Scam Impersonates Google Translate to Trick Victims

Oct 21, 2022 1:59:35 PM By Stu Sjouwerman

In an interesting twist, this latest scam identified by security researchers at Avanan attempts to establish legitimacy by making the victim think the logon page is being translated.

Three-Quarters of Ethical Hackers Can Collect and (Potentially) Exfiltrate Data in 10 Hours or Less

Oct 12, 2022 12:00:00 PM By Stu Sjouwerman

New insight from the SANS Institute surveying 300 ethical hackers sheds some light on how they perceive your security stance – and how easy it is for them to break in despite your efforts.

Could 100% of Phishing Be Eliminated One Day?

Oct 11, 2022 12:59:34 PM By Roger Grimes

Occasionally you will hear people or organizations claiming that they are on the verge of eliminating all social engineering from reaching end-users. Could it be true? Could it happen one ...

Cybercriminal Gets 25 Years Prison Time Over Romance Scams and Business Email Compromise Attacks

Oct 6, 2022 8:56:35 AM By Stu Sjouwerman

A man from Atlanta, Georgia has been convicted of running romance scams and business email compromise attacks that netted him over $9.5 million, the US Justice Department has announced.

German Police Collar Alleged Phishing Cybercriminals

Oct 3, 2022 9:07:51 AM By Stu Sjouwerman

The Bundeskriminalamt (BKA), Germany's federal criminal police, raided three homes on Thursday, September 29th, in the course of an investigation of a cyber criminal operation the BKA ...

Trend Micro Reports Stolen Identities And Deepfakes

Oct 2, 2022 12:30:31 PM By Stu Sjouwerman

Researchers at Trend Micro warn that the social engineering potential of deepfakes is becoming an increasing concern. Deepfakes have already been successfully used in attacks, and Trend ...

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

Oct 1, 2022 12:43:15 PM By Stu Sjouwerman

Jai Vijayan, Contributing Writer at Dark Reading correctly stated: "It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and ...

Response-Based Phishing Scams Targeting Corporate Inboxes Hit New Records

Sep 30, 2022 9:14:06 AM By Stu Sjouwerman

Setting a record for both highest count and share in volume with other types of phishing scams, response-based attacks are at their highest since 2020 and are continuing to grow.

Security Awareness Training Blog

Social Engineering Blog

View Topics