Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

[Heads up] FBI Warns About Attacks That Bypass Your Multi-factor Authentication (MFA)

Last month, the FBI sent a special alert called a Private Industry Notification (PIN) to industry partners about the rising threat of attacks that bypass their multi-factor authentication ...
Continue Reading

New Instagram Phishing Scam Uses Familiar (But Fake) 2FA Codes to Trick Victims

Scammers use familiar verification methods to establish credibility and lull the victim into a false sense of security to compromise Instagram accounts.
Continue Reading

Cybersecurity Awareness Is Not Just For October!

By Joanna Huisman, KnowBe4's new SVP Strategic Insights & Research.  I have a big birthday coming up, and as you can probably guess, I’m less than thrilled about it. I tell myself it’s ...
Continue Reading

[VIDEO] CEO Stu Sjouwerman Interviewed by Dark Reading

This year at Black Hat 2019, our CEO Stu was interviewed by Dark Reading on regularly training users. Take a look at what we have in store in this video: 
Continue Reading

North Koreans Spear Phish U.S. Victims With Social Engineering Hidden In Obscure Kodak FlashPix Format

A suspected North Korean threat actor has been sending spear phishing emails targeting US organizations, according to Prevailion researchers Danny Adamitis and Elizabeth Wharton. Adamitis ...
Continue Reading

"Mishperceptions": The Five Most Common Phishing Myths Busted!

By Joanna Huisman, KnowBe4's new SVP Strategic Insights & Research.  The bad guys know that the easiest way into your organization is through your employees. This is not an opinion. Of ...
Continue Reading

Social Engineering via the US Mail

 
Continue Reading

Disgusting Fake Employment Site Targets Veterans And Installs Remote Access Trojan

Just when you think they could not sink any lower, you see something like this. A fake website pretending to be an organization that offers job opportunities for U.S. veterans is ...
Continue Reading

A Short, Very Useful Guide to Social Engineering

Knowing how to identify indicators of social engineering can alert you when someone tries to manipulate you, according to Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist. In an ...
Continue Reading

No, Really, They're Just Not That Into You

There are numerous ways to check the authenticity of someone on a dating site so you don’t fall for a romance scam, according to HackRead. You should always be cautious when interacting ...
Continue Reading

The Emotet Trojan Botnet is Back in Business

The Emotet botnet is up and running again after four months of inactivity, according to Ars Technica. Multiple security firms have reported seeing phishing emails delivering the malware ...
Continue Reading

CEO Fraud Attacks Now Use Deepfake Audio and AI to Mimic Executives Over the Phone

While deepfake video gets most of the attention on social media, it’s deepfake audio that is quickly becoming the cybercriminal’s tools of choice for committing fraud.
Continue Reading

Amazon Phishing Scam in Progress

HackRead has come across a phishing scam that’s trying to trick Amazon customers into handing over their account credentials, personal information, and financial details. The phishing ...
Continue Reading

The U.S. Cybersecurity and Infrastructure Security Agency Lays Out Strategic Vision and Priorities in the Wake of Texas Ransomware Attacks.

This new document, entitled Strategic Intent highlights ways to “defend today, secure tomorrow” and comes out as the CISA director admits that ransomware is “only getting worse.”
Continue Reading

Oklahoma Pension Fund Robbed of $4.2 million via Compromised Email

Attackers stole millions of dollars from Oklahoma’s pension fund for retired law enforcement officers, the Oklahoman reports. The Oklahoma Law Enforcement Retirement System (OLERS) said ...
Continue Reading

Video Becomes the Next Big Bait for Social Engineering

Scammers are always looking for new ways to get potential victims to engage. It appears that the latest trend is to leverage our familiarity with watching video to spawn an attack.
Continue Reading

Phishing Nightmare? New "Deadline" Email From Equifax Settlement Administrator Notifies of Changes in Filing.

You’d better check your email queue for a new email from The Equifax Breach Settlement Administrator that was sent out several days ago to those who previously filed a claim. It will ...
Continue Reading

FBI Cyber Warning: Attacks On Key Employees Up 100%, As 281 Are Arrested

Zak Doffman, contributor at Forbes reported: "There is a cyberattack epidemic hitting businesses around the world, targeting individuals responsible for requesting fund transfers or ...
Continue Reading

The Legal Profession's Catfishing Problem

Scammers frequently impersonate lawyers in fraudulent emails in order to get recipients to take those emails seriously, according to Victoria Hudgins at Legaltech News. Legal threats or ...
Continue Reading

Cybersecurity: 99% of email attacks rely on victims clicking links

Danny Palmer at ZDNet had the scoop: "Social engineering is by far the biggest factor in malicious hacking campaigns, warn researchers – so how can it be stopped?"
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews