Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

Researchers at Microsoft have observed an attack phishing campaign by Russia’s SVR that’s targeting resellers and managed service providers. Microsoft tracks this threat actor as ...
Continue Reading

Celebrity Hacks and the Frenzy of Renown

Avast offers a look at incidents in which celebrities have been the victim of social engineering attacks. The firm notes that while celebrities are higher profile targets, attackers use ...
Continue Reading

New Impersonation Attack Demonstrates That Threat Actors Don’t Need to Get the Logo Correct

A new trend in social engineering and impersonation emerges as cybercriminals take advantage of a user’s inability to properly identify fake corporate logos in phishing attacks.
Continue Reading

U.S. Government Says To Avoid Phishing-Resistant MFA

The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...
Continue Reading

U.K. Residents Experience a 116% Increase in Nuisance Calls, Texts, and Emails in 2021

New data from the U.K.’s Information Commissioner’s Office (ICO) shows a massive rise in the first six months of this year – and the belief that cyberattacks are to blame.
Continue Reading

NIST on Phishing Awareness

People need to be conscious of the fact that anyone can fall for social engineering tactics, according to Shaneé Dawkins at NIST, the US National Institute of Standards and Technology. ...
Continue Reading

What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks

What do you get when you add a totally free 1.3 Billion set of phone numbers and data from millions of Facebook profiles? A massive dox database of users now up for sale for $100,000.
Continue Reading

U.K. Authorized Push Payment Scams Jump 71% in First Half of 2021, Taking in £355 Million

Surpassing credit card fraud in the U.K., scamming victims into sending money to a fraudulent bank account has taken the lead spot in fraud scams that could cost U.K. residents more than ...
Continue Reading

Framing the Social Engineering Risk in Business Terms

C-suite employees need to understand the risk posed by social engineering attacks, according to CSO. Terry Thompson, adjunct instructor in cybersecurity at Johns Hopkins University, told ...
Continue Reading

New James Bond Movie is Cybercriminals Shiniest Phishbait

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait, the National reports. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, ...
Continue Reading

90% of All Cyber Attacks on Organizations Involve Social Engineering

It’s official: threat actors and cybercriminal gangs alike are enlightened and have locked in on the use of social engineering as the primary means to trick recipients into becoming ...
Continue Reading

5th Circuit Court Finds Cyber Insurer Must Pay for $1 Million Social Engineering Attack

A simple social engineered Business Email Compromise attack resulted in fraud that the cyber insurer contended was not covered under the policy.
Continue Reading

New Tactic: Shortened LinkedIn URLs Are Now Used As Phish Hooks

Scammers are using shortened LinkedIn URLs to disguise phishing links, according to Jeremy Fuchs at Avanan. LinkedIn automatically shortens links that are longer than 26 characters. The ...
Continue Reading

Newest iPhone Launch is Now a Scammer's Advantage

Scammers are taking advantage of the launch of iPhone 13, according to researchers at Zscaler. The launch event was streamed live last week on Apple’s official YouTube channel, and ...
Continue Reading

[HEADS UP] Millions of malicious emails will slip past security filters in Q4

Researchers at Tessian have published a report looking at recent trends in spear phishing attacks. The researchers found that 45% of employees said that they clicked on a phishing email ...
Continue Reading

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.
Continue Reading

Kaspersky: Use of New QakBot Banking Trojan that Steals Emails Up 65%

Representing a new evolution of banking trojan, QakBot proves to be a formidable adversary against security defenses with its’ ability to steal emails – your users.
Continue Reading

Over $100,000,000 Lost to Romance Scams in Seven Months

People in the US lost $133,400,000 to romance scams between January 1st and July 31st of 2021, according to the FBI. The average amount lost was in the tens of thousands of dollars. The ...
Continue Reading

Enterprise Organizations Have as Much as an 85% Chance of Receiving a BEC Attack Every Week

Business Email Compromise is a multi-billion dollar business, representing 43% of all cybercrime last year. Despite it being dwarfed in the news by ransomware, it represents a growing ...
Continue Reading

Researchers Discover Vulnerability Used for Deception and SSID Stripping

Researchers at AirEye have discovered a vulnerability in the way in which devices connect to wireless networks that could allow an attacker to trick a user into connecting to a malicious ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews