Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

View Topics

Spearphishing Boils Down to Basic Social Engineering

Apr 23, 2019 7:13:50 AM By Stu Sjouwerman
While spearphishing attacks may employ various tactics and tools, they all rely on the same underlying human weaknesses to achieve their goals, according to Asaf Cidon from Barracuda ...
Continue Reading

Social Engineers Earn a First

Apr 23, 2019 7:09:17 AM By Stu Sjouwerman
A study by nonprofit research company Jisc and the UK’s Higher Education Policy Institute (HEPI) found that 100 percent of spear phishing tests against universities were able to gain ...
Continue Reading

Scammers Impersonate Big UK Law

Apr 18, 2019 7:02:45 AM By Stu Sjouwerman
The UK’s Solicitors Regulation Authority (SRA) warned that scammers are impersonating a London law firm, Linklaters LLP, using phony job offers. The documents purport to come from the ...
Continue Reading

[SCAM OF THE WEEK]: Notre Dame Disaster Causes FireStorm Of Social Engineering And Misinformation

Apr 16, 2019 7:17:33 AM By Stu Sjouwerman
The Notre Dame Cathedral in Paris caught fire and was barely saved from total destruction. Millions of people visit every year and hundreds of millions feel a powerful, and personal, ...
Continue Reading

Spycatching: Social Engineering and the FBI's Insider Threat Experience

Apr 15, 2019 5:11:52 PM By Stu Sjouwerman
We’ve recently shared a link to a podcast, “The Ghost and the Mole,” which revisits the infamous case of FBI Special Agent turned Russian spy Robert Hanssen. Before dismissing this as ...
Continue Reading

Brand-New Tool: Phishing Reply Test Identifies Users Likely to Fall Victim to Fraudsters

Apr 2, 2019 10:00:00 AM By Stu Sjouwerman
Highly targeted phishing attacks, known as Business Email Compromise or CEO fraud scams have exceeded $12.5 billion in total known losses worldwide. These social engineering attacks are ...
Continue Reading

Kevin Mitnick Demos Password Hack: No Link Click or Attachments Necessary

Mar 25, 2019 10:28:22 AM By Stu Sjouwerman
In this shocking demonstration Kevin Mitnick, KnowBe4's Chief Hacking Officer, shows how hackers can steal a user’s password hash without the user having to click a hyperlink or open an ...
Continue Reading

"Hacking Humans" Is The 2019 No. 1 Podcast Covering Social Engineering!

Mar 16, 2019 10:49:23 AM By Stu Sjouwerman
Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on ...
Continue Reading

Credentials and Personal Data Continue to be the Primary Targets of Social Engineering Scams

Mar 14, 2019 1:14:49 PM By Stu Sjouwerman
Targeted attacks are increasing, with cybercriminals focused on stealing information that can be used to impersonate a user and perpetuate their scams.
Continue Reading

RSA’s Best Social Engineering News

Mar 11, 2019 7:36:44 AM By Stu Sjouwerman
KnowBe4 was at RSA 2019 this year with two booths, in both the North and South Hall. The show was humongous as usual and a torrent of news was released. I was there and it was a challenge ...
Continue Reading

Ins and Outs of Impersonation...and Kidnapping

Mar 5, 2019 3:18:19 PM By Stu Sjouwerman
Impersonation attacks and business email compromise (aka CEO fraud) can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost ...
Continue Reading

Kevin Mitnick Demos Outlook Exchange Exploit

Feb 25, 2019 11:44:01 AM By Stu Sjouwerman
In a webinar last week Kevin Mitnick, KnowBe4's Chief Hacking Officer, shared a shocking demonstration of a recent Outlook Exchange exploit in which delegated access is allowed from any ...
Continue Reading

[Last Chance] Get an Insider View Into the Methods and Exploits of the World's Most Famous Hacker, Kevin Mitnick

Feb 19, 2019 11:30:50 AM By Stu Sjouwerman
Continue Reading

Business Email Compromise, Credential Theft, and Many Other Attack Vectors Surged as High as 5x in Q4 2018

Feb 14, 2019 11:30:32 AM By Stu Sjouwerman
The latest data from Proofpoint shows many types of cyberattacks making massive jumps in comparison to both previous quarters and years.
Continue Reading

[LIVE WEBINAR] Get an Insider View Into the Methods and Exploits of the World's Most Famous Hacker, Kevin Mitnick

Feb 11, 2019 2:16:07 PM By Stu Sjouwerman
Many of the world's most reputable organizations rely on Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, to uncover their most dangerous security flaws. ...
Continue Reading

Social Engineering Comes to Wikipedia

Feb 6, 2019 6:55:23 AM By Stu Sjouwerman
Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the ...
Continue Reading

Sextortion Phishing Scam Exploits Recent Breach Fears

Feb 5, 2019 7:23:09 AM By Stu Sjouwerman
Sextortion scam emails are circulating which claim that a popular adult site has been hacked, allowing an attacker to record videos of users through their webcams, according to Lawrence ...
Continue Reading

[Brilliant New Social Engineering Phish] "Please Docusign: Funding For Your Business"

Jan 31, 2019 7:13:19 AM By Stu Sjouwerman
A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection ...
Continue Reading

"Hacking Humans" Is The No. 1 Podcast Covering Social Engineering!

Jan 30, 2019 11:33:50 AM By Stu Sjouwerman
Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on ...
Continue Reading

Social Engineering Testing: Why Getting Hacked Is a Security Advantage

Jan 28, 2019 3:42:55 PM By Stu Sjouwerman
Stephanie Carruthers, People Hacker for IBM- X-Force Red wrote an excellent post about the need for red-teaming and pentesting your own organization. I'll quote the first paragraph or so, ...
Continue Reading
Subscribe

Search Our Blog


ransomware-hostage-rescue-manual

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews