Framing the Social Engineering Risk in Business Terms

Oct 7, 2021 8:54:26 AM By Stu Sjouwerman

C-suite employees need to understand the risk posed by social engineering attacks, according to CSO. Terry Thompson, adjunct instructor in cybersecurity at Johns Hopkins University, told ...

New James Bond Movie is Cybercriminals Shiniest Phishbait

Oct 4, 2021 8:41:31 AM By Stu Sjouwerman

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait, the National reports. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, ...

90% of All Cyber Attacks on Organizations Involve Social Engineering

Oct 1, 2021 1:08:42 PM By Stu Sjouwerman

It’s official: threat actors and cybercriminal gangs alike are enlightened and have locked in on the use of social engineering as the primary means to trick recipients into becoming ...

5th Circuit Court Finds Cyber Insurer Must Pay for $1 Million Social Engineering Attack

Sep 30, 2021 8:19:24 AM By Stu Sjouwerman

A simple social engineered Business Email Compromise attack resulted in fraud that the cyber insurer contended was not covered under the policy.

New Tactic: Shortened LinkedIn URLs Are Now Used As Phish Hooks

Sep 27, 2021 8:32:30 AM By Stu Sjouwerman

Scammers are using shortened LinkedIn URLs to disguise phishing links, according to Jeremy Fuchs at Avanan. LinkedIn automatically shortens links that are longer than 26 characters. The ...

Newest iPhone Launch is Now a Scammer's Advantage

Sep 23, 2021 8:50:49 AM By Stu Sjouwerman

Scammers are taking advantage of the launch of iPhone 13, according to researchers at Zscaler. The launch event was streamed live last week on Apple’s official YouTube channel, and ...

[HEADS UP] Millions of malicious emails will slip past security filters in Q4

Sep 22, 2021 5:00:00 PM By Stu Sjouwerman

Researchers at Tessian have published a report looking at recent trends in spear phishing attacks. The researchers found that 45% of employees said that they clicked on a phishing email ...

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

Sep 21, 2021 3:58:01 PM By Stu Sjouwerman

The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.

Kaspersky: Use of New QakBot Banking Trojan that Steals Emails Up 65%

Sep 21, 2021 3:57:53 PM By Stu Sjouwerman

Representing a new evolution of banking trojan, QakBot proves to be a formidable adversary against security defenses with its’ ability to steal emails – your users.

Over $100,000,000 Lost to Romance Scams in Seven Months

Sep 20, 2021 8:52:34 AM By Stu Sjouwerman

People in the US lost $133,400,000 to romance scams between January 1st and July 31st of 2021, according to the FBI. The average amount lost was in the tens of thousands of dollars. The ...

Enterprise Organizations Have as Much as an 85% Chance of Receiving a BEC Attack Every Week

Sep 16, 2021 2:07:40 PM By Stu Sjouwerman

Business Email Compromise is a multi-billion dollar business, representing 43% of all cybercrime last year. Despite it being dwarfed in the news by ransomware, it represents a growing ...

Researchers Discover Vulnerability Used for Deception and SSID Stripping

Sep 15, 2021 8:55:42 AM By Stu Sjouwerman

Researchers at AirEye have discovered a vulnerability in the way in which devices connect to wireless networks that could allow an attacker to trick a user into connecting to a malicious ...

Social Media as Artillery Preparation for Spear Phishing

Sep 14, 2021 9:18:49 AM By Stu Sjouwerman

Researchers at ESTsecurity warn that a North Korean threat actor known as “Kumsong 121” is using compromised social media accounts to launch spear phishing attacks, the Daily NK reports. ...

Business Email Compromise Scam takes New Hampshire Town for $2.3 Million

Sep 13, 2021 11:39:52 AM By Stu Sjouwerman

Social engineering is at the heart of this attack, where scammers successfully tricked a town into redirecting not just one but several bank transfers.

Blame it on the Lizard Brain

Sep 13, 2021 8:45:18 AM By Stu Sjouwerman

People need to work to overcome their inherent biases in order to avoid falling for social engineering attacks, according to Heidi Mitchell at the Wall Street Journal.

5 Ways to Recognize Social Engineering

Sep 9, 2021 4:58:21 PM By Roger Grimes

Social engineering can come in many different forms: via email, websites, voice calls, SMS messages, social media and even fax. If it is a communication method, scammers and criminals are ...

BEC and the Underworld's Resources

Sep 2, 2021 8:47:27 AM By Stu Sjouwerman

Researchers at Intel 471 have observed cybercriminals outsourcing talent for business email compromise (BEC) attacks. This tactic lowers the bar of entry for BEC attacks, which are ...

Cybercriminals Can Post Jobs on LinkedIn Posing as Any Employer They Want

Aug 26, 2021 1:01:51 PM By Stu Sjouwerman

Lax verification around what company is offering a given job on LinkedIn allows attackers to create bogus job postings for malicious purposes.

Nigerian Threat Actors Solicit Victim Organization Employees to Deploy Demon Ransomware

Aug 24, 2021 1:09:38 PM By Stu Sjouwerman

The use of employees as insider accomplices potentially changes how social engineering is being used in exchange for a direct request for internal assistance.

Arrests in International Fraud Scheme Due to Social Engineering

Aug 24, 2021 11:35:39 AM By Stu Sjouwerman

Police in Romania, the Netherlands, and Ireland have arrested and charged twenty-three people accused of conducting sophisticated social engineering attacks. The organized crime group ...

Security Awareness Training Blog

Social Engineering Blog

View Topics