Homographic Domain Name Phishing Tactics

Jun 6, 2022 1:00:22 PM By Stu Sjouwerman

Bitdefender warns that Microsoft Office applications are vulnerable to phishing tactics that exploit international domain names (IDNs). Affected applications include Outlook, Word, Excel, ...

Smishing and Home Delivery

Jun 2, 2022 9:10:57 AM By Stu Sjouwerman

A smishing campaign is impersonating the UK-based delivery company Evri with text messages informing recipients that their package couldn’t be delivered, according to Paul Ducklin at ...

SideWinder Targets Pakistani Entities With Phishing Attacks

Jun 2, 2022 9:09:56 AM By Stu Sjouwerman

The India-aligned APT SideWinder is using a variety of social engineering techniques to target Pakistani government and military entities, according to researchers at Group-IB. The threat ...

Phishing Campaign Targets QuickBooks Users

Jun 1, 2022 8:23:44 AM By Stu Sjouwerman

Accounting software provider Intuit has warned of a phishing scam targeting its customers, BleepingComputer reports. The phishing campaign affected users of Intuit’s QuickBooks product, ...

We Do Not Talk Enough About Social Engineering and It’s Hurting Us

May 27, 2022 8:04:40 AM By Roger Grimes

One of the most important things I have tried to communicate to audiences since at least the 1990s is how prevalent a role social engineering plays in cybersecurity attacks. I have ...

The $44 Million Smishing Problem and How to Not Be a Victim

May 27, 2022 8:04:11 AM By Stu Sjouwerman

Consumer Affairs reported on how big of a problem SMS phishing scams have become, and how it's about to get a lot worse. According to a recent FBI report, more than 320,000 Americans were ...

Collaring the (Alleged) Leader of a BEC Gang

May 26, 2022 8:44:12 AM By Stu Sjouwerman

A joint operation by INTERPOL and the cybercrime unit of the Nigeria Police Force have concluded a yearlong investigation into the SilverTerrier business email compromise gang by ...

That’s Not Actually Elon Musk

May 25, 2022 8:55:58 AM By Stu Sjouwerman

Scammers are using deepfake videos of Elon Musk in an attempt to trick people into handing over cryptocurrency, BleepingComputer reports. The scammers set up a phony cryptocurrency ...

FBI Director Warns of “Unprecedented” Cyberespionage Attacks Originating in China

May 24, 2022 9:53:06 AM By Stu Sjouwerman

FBI Director Christopher Wray highlighted China’s role in cyberespionage in a recent 60-Minutes news segment, saying the level of attacks the U.S. is seeing is “unprecedented in history.”

Why People Fall for Scams

May 16, 2022 1:51:27 PM By Stu Sjouwerman

Scammers use a variety of tried-and-true tactics to trick people, according to André Lameiras at ESET. For example, they can easily find open-source information about people on the ...

Trezor Crypto Wallet Attacks Results in Class Action Lawsuit Against MailChimp Owner Intuit

May 12, 2022 12:23:17 PM By Stu Sjouwerman

Months after the MailChimp data breach targeting 102 companies in the crypto sector, a new lawsuit has been filed seeking millions of dollars in damages.

European Wind-Energy Sector Is the Latest Target of Russian State-Sponsored Attacks

May 12, 2022 12:21:37 PM By Stu Sjouwerman

While Russia consistently denies any launching of cyberattacks, attack details point to reasonable intent by and cybercriminal ties to the Russian government.

Beware of Spoofed Vanity URLs

May 12, 2022 8:58:50 AM By Stu Sjouwerman

Researchers at Varonis warn that attackers are using customizable URLs (also known as vanity URLS) on SaaS services to craft more convincing phishing links. The attackers have used this ...

Business Email Compromise Shouldn’t Be the Cost of Doing Business

May 9, 2022 9:11:25 AM By Stu Sjouwerman

The FBI last week published a public service announcement updating its warnings about the continuing threat of business email compromise (BEC, also called CEO fraud). The problem has ...

Holding a Great Employee Education Meeting

May 2, 2022 4:45:24 PM By Roger Grimes

I recently attended a customer’s annual security awareness training employee event. I have attended a bunch of these over the years and I have loved them all. But this particular customer ...

Half of IT Leaders Say their Non-Technical Staff are Unprepared for a Cyber Attack

Apr 28, 2022 6:04:48 PM By Stu Sjouwerman

New data shows IT leadership believes users outside of IT create a “continued significant risk to organizations” despite having a layered security strategy to prevent attacks.

Nearly all Data Breaches in Q1 2022 Were the Result of a Cyber Attack

Apr 26, 2022 9:53:38 AM By Stu Sjouwerman

New data from the Identity Theft Resource Center shows rises in the number of data compromises following 2021’s record-setting year, all stemming from cyber attacks.

More_eggs Malware Distributed Via Spear Phishing

Apr 26, 2022 8:49:59 AM By Stu Sjouwerman

Threat actors are sending out the stealthy “more_eggs” malware in spear phishing emails that target hiring managers, according to researchers at eSentire’s Threat Response Unit (TRU).

Community Associations Confront Social Engineering

Apr 25, 2022 8:51:35 AM By Stu Sjouwerman

It’s not just deep-pocketed corporations that prove attractive targets for social engineering. Any organization that holds information that can fetch a good price in the criminal ...

LinkedIn is the Most Impersonated Brand in Phishing Attacks

Apr 21, 2022 12:25:45 PM By Stu Sjouwerman

Social media companies, particularly LinkedIn, are now the most impersonated brands in phishing campaigns, researchers at Check Point have found.

Security Awareness Training Blog

Social Engineering Blog

View Topics