A Special Case of Business Email Compromise

Feb 21, 2023 9:12:41 AM By Stu Sjouwerman

Cloudflare warns that business email compromise (BEC) phishing has assumed a new form: vendor email compromise (VEC). The classic BEC case involves the impersonation of someone within an ...

Corporate Transitions Represent Times of Heightened Danger

Feb 20, 2023 10:05:40 AM By Stu Sjouwerman

When should organizations be on guard against social engineering? Always, of course, but there are certain times when they should be especially alert. A study of cyberattacks has found ...

[HEADS UP] Russian Hacker Group Launches New Spear Phishing Campaign with Targets in US and Europe

Feb 16, 2023 9:17:56 AM By Stu Sjouwerman

The Russian-based hacking group Seaborgium is at it again with increased spear phishing attacks targeting US and European countries in the last year.

Do Not Fall Victim to Cyber Attacks – Find Out What the Latest Hiscox Report Reveals!

Feb 7, 2023 1:52:22 PM By Javvad Malik

Insurance provider Hiscox has published its fifth annual cyber readiness report, which has some eye-opening statistics.

Thinking Critically About Your Online Behavior

Feb 7, 2023 8:45:03 AM By Stu Sjouwerman

Employees need to adjust their mindsets in order to defend themselves against social engineering attacks, according to Jonathon Watson at Clio. In an article for Dark Reading, Watson ...

A Close Call – PayPal Scam Warning

Feb 6, 2023 2:00:39 PM By Martin Kraemer

On Sunday, I received an urgent message from a friend. PayPal had sent him an email saying that a co-worker had sent him money. This was not unexpected, as he was collecting contributions ...

BEC Group Launches Hundreds of Campaigns

Feb 2, 2023 9:14:15 AM By Stu Sjouwerman

A business email compromise (BEC) gang has launched more than 350 attacks against organizations in the US, according to researchers at Abnormal Security. The threat actor, which Abnormal ...

Alert: Refund Scam Targeting Federal Agencies via RMM Software

Jan 30, 2023 8:51:25 AM By Javvad Malik

At least two federal civilian agencies were the unfortunate victims of a refund scam campaign, perpetrated through the use of remote monitoring and management (RMM) software. CISA, the ...

Do Not Get Fooled Twice: Mailchimp's Latest Breach Raises Alarm Bells – Protect Yourself Now!

Jan 25, 2023 1:23:12 PM By Javvad Malik

For the second time in less than a year, Mailchimp has found itself in a precarious situation, having to admit that it has been breached. It appears that a social engineering attack ...

The Current State of Cybersecurity Should Fear AI Tools Like ChatGPT

Jan 20, 2023 9:57:35 AM By Stu Sjouwerman

Malicious use of the text-based AI has already begun to be seen in the wild, and speculative ways attackers can use ChatGPT may spell temporary doom for cybersecurity solutions.

Unusual Blank-Image Phishing Attacks Impersonate DocuSign

Jan 20, 2023 8:59:19 AM By Stu Sjouwerman

An unusual phishing technique has surfaced this week. Avanan, a Check Point Software company, released a blog Thursday morning detailing a new attack in which hackers hide malicious ...

[Ache In the Head] The Problems With Your Not-So-Secure Email Gateway

Jan 14, 2023 9:59:24 AM By Stu Sjouwerman

I have been doing some research on Secure Email Gateways. The picture is not that pretty. Below I will summarize what I found.

[Heads Up] Phishing Attacks Are Now The Top Vector For Ransomware Delivery

Jan 13, 2023 6:57:21 AM By Stu Sjouwerman

Phishing attacks are now the top vector for ransomware delivery, according to researchers at Digital Defense. Phishing emails can be highly tailored to specific employees in order to ...

Government Workers as Phishing Targets

Jan 12, 2023 8:56:34 AM By Stu Sjouwerman

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific ...

Phishing in the Service of Espionage

Jan 9, 2023 9:14:12 AM By Stu Sjouwerman

Reuters describes a cyberespionage campaign carried out by the hitherto little-known threat group researchers track as "Cold River." The group is circumstantially but convincingly linked ...

There is a New Trend in Social Engineering with a Disgusting Name; "Pig-butchering"

Jan 3, 2023 1:52:21 PM By Stu Sjouwerman

The technique began in the Chinese underworld, and it amounts to an unusually protracted form of social engineering. The analogy is with fattening up a pig, then butchering it for all ...

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

Dec 30, 2022 2:40:01 PM By Stu Sjouwerman

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.

One Out of 10 Threats Still Make It All the Way to the Endpoint

Dec 30, 2022 2:34:39 PM By Stu Sjouwerman

Despite good intentions, layered security measures, and efficacy claims by security solution vendors, new data shows that email-based threats are still getting all the way to the Inbox.

Phishing Activity Rose 130% in the Second Half of 2022, Representing Three-Quarters of All Email-Based Attacks

Dec 29, 2022 10:22:48 AM By Stu Sjouwerman

New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.

[Heads Up] Giant LastPass Breach Can Supercharge Spear Phishing Attacks

Dec 28, 2022 2:27:36 PM By Roger Grimes

By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy ...

Security Awareness Training Blog

Social Engineering Blog

View Topics