Sextortion Scammers Attempt to Hit “Close to Home”

Oct 14, 2024 8:51:32 AM By Stu Sjouwerman

We live in a world where, despite the sharing of information online, we feel like those interactions will never reach home. But a new scam – covered on WTSP Tampa Bay’s Channel 10 news – ...

Hurricane Deepfakes Flood Social Media

Oct 9, 2024 6:32:39 AM By Stu Sjouwerman

As the recent hurricane Helene caused major damage and as hurricane Milton has left a path of destruction across Florida, deepfakes are spreading misinformation on social media.

Scammers Abuse Virtual Shopping Lists to Trick Walmart Customers

Sep 23, 2024 3:18:48 PM By Stu Sjouwerman

Threat actors are abusing virtual shopping lists to trick Walmart customers into transferring money or disclosing personal information, according to researchers at Malwarebytes. Links to ...

Educate Your Users About Malicious SEO Poisoning Attacks

Sep 23, 2024 9:40:21 AM By Roger Grimes

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all ...

Zscaler: There are 200 Malicious Lookalike Domains for Every 1 Impersonated Brand

Sep 23, 2024 9:40:17 AM By Stu Sjouwerman

Analysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques come together to effectively deceive.

Online Scams Are Shortening Their Cycles and Making More Money

Sep 20, 2024 10:27:19 AM By Stu Sjouwerman

New analysis of blockchain activity shows scammers are needing less time to obtain crypto payments and are seeing higher payoffs per scam.

North Korean Hackers Target Software Developers With Phony Coding Tests

Sep 18, 2024 7:59:35 AM By Stu Sjouwerman

Researchers at ReversingLabs warn that North Korea’s Lazarus Group is targeting software developers with phony job interviews.

SANS Releases Guide to Address Rise in Attacks on Manufacturing and Industrial Control Systems

Sep 18, 2024 7:59:23 AM By Stu Sjouwerman

Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically ...

Authorized Push Payment Fraud Responsible for Over Half of U.K. Frauds and Scams

Sep 16, 2024 8:42:18 AM By Stu Sjouwerman

Research from The Financial Ombudsman Service, a U.K. based organization dedicated to helping citizens with free financial advice, has found an increase in Authorized Pushed Payment (APP) ...

Your Lawyers Are Increasingly Targeted by Phishing Attacks, Ransomware

Sep 11, 2024 3:02:21 PM By Stu Sjouwerman

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an ...

Election-Themed Scams Are on the Rise

Sep 9, 2024 4:45:49 PM By Stu Sjouwerman

Researchers at Malwarebytes warn of a surge in election-themed scams ahead of November’s presidential election in the US. These attacks can be expected to increase as the election grows ...

Manufacturing Sector Is the Latest Target of Advanced Credential Harvesting Attacks

Sep 5, 2024 11:22:13 AM By Stu Sjouwerman

A new attack runs slow and steady, focused on compromising large manufacturing companies using contextual social engineering to trick victims into giving up credentials.

Phishing is Still the Top Initial Access Vector

Sep 5, 2024 11:21:58 AM By Stu Sjouwerman

Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by ...

Threat Actors Increasingly Exploit Deepfakes for Social Engineering

Sep 4, 2024 11:10:59 AM By Stu Sjouwerman

The availability of deepfake technology has given threat actors a valuable tool for social engineering attacks, according to researchers at BlackBerry.

Organizations in the Middle East Targeted By Malware Impersonating Palo Alto GlobalProtect VPN

Sep 3, 2024 2:46:10 PM By Stu Sjouwerman

A social engineering campaign is targeting entities in the Middle East using malware that impersonates Palo Alto Networks’ GlobalProtect VPN, according to researchers at Trend Micro.

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

Aug 30, 2024 12:03:10 PM By Stu Sjouwerman

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error.

Iran’s APT42 Targets WhatsApp Users With Spear-Phishing Attacks

Aug 29, 2024 8:52:16 AM By Stu Sjouwerman

Researchers at Meta have published details on Iranian spear-phishing attacks targeting WhatsApp accounts. The activity is attributed to APT42, a threat actor tied to Iran’s Islamic ...

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

Aug 28, 2024 8:26:11 AM By Stu Sjouwerman

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.

Phishing Attacks Are Increasingly Targeting Social Media and Smartphone Users

Aug 28, 2024 8:26:08 AM By Stu Sjouwerman

Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG).

Malvertising Campaign Impersonates Dozens of Google Products

Aug 23, 2024 8:48:25 AM By Stu Sjouwerman

A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a ...

Security Awareness Training Blog

Social Engineering Blog

View Topics