Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

View Topics

Here Is What You Can Do To Inspect SMS URL Links Before Clicking

Nov 9, 2022 4:39:12 PM By Roger Grimes
Phishing via Short Message Service (SMS) texts, what is known as smishing, is becoming increasingly common (some examples are shown below). There is probably not a person on Earth who ...
Continue Reading

New Business Email Compromise Gang Impersonates Lawyers

Nov 7, 2022 10:23:46 AM By Stu Sjouwerman
A criminal gang is launching business email compromise (BEC) attacks by posing as “real attorneys, law firms, and debt recovery services.” The attackers send legitimate-looking invoices ...
Continue Reading

Russian trolls and bots are back, targeting Tuesday’s U.S. midterms.

Nov 7, 2022 6:51:03 AM By Stu Sjouwerman
Steven Lee Myers at the NYT had the scoop on this typical Russian influence operation which really is social engineering at scale: "The user on Gab who identifies as Nora Berka resurfaced ...
Continue Reading

Phishing Resistant MFA Does Not Mean Un-Phishable

Nov 2, 2022 3:16:23 PM By Stu Sjouwerman
Human societies have a bad habit of taking a specific, limited-in-scope fact and turning it into an overly broad generalization that gets incorrectly believed and perpetuated as if it ...
Continue Reading

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

Nov 1, 2022 2:48:13 PM By Stu Sjouwerman
Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark ...
Continue Reading

[Eye Opener] Work In IT? You Get Attacked Much More Than Other Employees

Oct 24, 2022 3:17:13 PM By Stu Sjouwerman
We received an interesting email from Elevate Security you need to be aware of. Their recent research showed: "Social engineering attacks are growing more sophisticated every day, ...
Continue Reading

New Credential Harvesting Scam Impersonates Google Translate to Trick Victims

Oct 21, 2022 1:59:35 PM By Stu Sjouwerman
In an interesting twist, this latest scam identified by security researchers at Avanan attempts to establish legitimacy by making the victim think the logon page is being translated.
Continue Reading

Three-Quarters of Ethical Hackers Can Collect and (Potentially) Exfiltrate Data in 10 Hours or Less

Oct 12, 2022 12:00:00 PM By Stu Sjouwerman
New insight from the SANS Institute surveying 300 ethical hackers sheds some light on how they perceive your security stance – and how easy it is for them to break in despite your efforts.
Continue Reading

Could 100% of Phishing Be Eliminated One Day?

Oct 11, 2022 12:59:34 PM By Roger Grimes
Occasionally you will hear people or organizations claiming that they are on the verge of eliminating all social engineering from reaching end-users. Could it be true? Could it happen one ...
Continue Reading

Cybercriminal Gets 25 Years Prison Time Over Romance Scams and Business Email Compromise Attacks

Oct 6, 2022 8:56:35 AM By Stu Sjouwerman
A man from Atlanta, Georgia has been convicted of running romance scams and business email compromise attacks that netted him over $9.5 million, the US Justice Department has announced.
Continue Reading

German Police Collar Alleged Phishing Cybercriminals

Oct 3, 2022 9:07:51 AM By Stu Sjouwerman
The Bundeskriminalamt (BKA), Germany's federal criminal police, raided three homes on Thursday, September 29th, in the course of an investigation of a cyber criminal operation the BKA ...
Continue Reading

Trend Micro Reports Stolen Identities And Deepfakes

Oct 2, 2022 12:30:31 PM By Stu Sjouwerman
Researchers at Trend Micro warn that the social engineering potential of deepfakes is becoming an increasing concern. Deepfakes have already been successfully used in attacks, and Trend ...
Continue Reading

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

Oct 1, 2022 12:43:15 PM By Stu Sjouwerman
Jai Vijayan, Contributing Writer at Dark Reading correctly stated: "It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and ...
Continue Reading

Response-Based Phishing Scams Targeting Corporate Inboxes Hit New Records

Sep 30, 2022 9:14:06 AM By Stu Sjouwerman
Setting a record for both highest count and share in volume with other types of phishing scams, response-based attacks are at their highest since 2020 and are continuing to grow.
Continue Reading

Social Engineering and Bogus Job Offers

Sep 29, 2022 9:37:07 AM By Stu Sjouwerman
Researchers at SentinelOne have warned that North Korea’s Lazarus Group is using phony Crypto.com job offers to distribute macOS malware. The researchers aren’t sure how the lures are ...
Continue Reading

FBI: Cyber Criminals Will Continue Targeting Healthcare Payment Processors Through Phishing Campaigns and Social Engineering

Sep 27, 2022 9:00:42 AM By Stu Sjouwerman
Despite the pandemic being largely considered over, a recent Private Industry Notification focused on the Healthcare industry indicates that organizations should remain vigilant.
Continue Reading

Recent Optus Data Breach Teaches the Importance of Recognizing Social Engineering

Sep 26, 2022 10:00:46 AM By Stu Sjouwerman
Optus, one of Australia's largest telecommunications companies, recently suffered a data breach that affected over 9.8 million customers.
Continue Reading

Sentence in a Catphishing Case

Sep 26, 2022 9:59:32 AM By Stu Sjouwerman
A convict serving twenty-five years in South Carolina for voluntary manslaughter and attempted armed robbery, Darnell Kahn, has now also been convicted in a US court on Federal sextortion ...
Continue Reading

You Need Aggressive Cyber Training, Not "So, So" Training

Sep 26, 2022 8:00:00 AM By Stu Sjouwerman
According to nearly every study conducted over the last decade, social engineering is involved in the vast majority of cyber attacks. The figures range from about 30% to 90% of all ...
Continue Reading

“Browser-in-the-Browser” Phishing Technique Spotted in New Steam Account Attack

Sep 23, 2022 1:58:10 PM By Stu Sjouwerman
Luring victims using a realistic- and legitimate-looking fake browser window to steal Steam accounts, this new type of social engineering may be a sign of things to come.
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews