“Compromise” is the “C” in “MICE”

Aug 23, 2021 8:47:35 AM By Stu Sjouwerman

The FBI is warning Silicon Valley companies to be wary of insider threats, Protocol reports. FBI special agent Nick Shenkin told Protocol in an interview that authoritarian ...

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Aug 18, 2021 2:00:29 PM By Stu Sjouwerman

Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.

Deepfakes Continue to be a Concern as the Technology Improves and Becomes More Convincing

Aug 18, 2021 2:00:15 PM By Stu Sjouwerman

In the wake of the FBI’s warning about more deepfake-based cyber attacks coming in the next year, organizations should remain vigilant against this compelling form of social engineering.

Attackers Use Morse Code to Encode Phishing Attachments

Aug 17, 2021 9:56:28 AM By Stu Sjouwerman

A phishing campaign is using morse code to encode malicious attachments in order to slip past security filters, according to researchers at Microsoft. The phishing emails contain HTML ...

The Anatomy of Smishing Attacks and How to Avoid Them

Aug 16, 2021 8:56:01 AM By Stu Sjouwerman

Cybercriminals and nation-state actors continue to launch smishing attacks to steal credentials and distribute malware, according to Michael Marriott, Senior Strategy and Research Analyst ...

Military Personnel Vulnerable to Fraud

Aug 13, 2021 10:55:52 AM By Stu Sjouwerman

US military personnel and veterans have lost more than $822 million to scams since 2017, according to researchers at AtlasVPN. The researchers analyzed data from the US Federal Trade ...

Android Trojan Goes After Facebook Accounts

Aug 11, 2021 9:11:53 AM By Stu Sjouwerman

A new Android Trojan has hijacked more than 10,000 Facebook accounts by stealing session cookies, according to researchers at Zimperium. The malware uses social engineering to trick users ...

Spear Phishing Becomes a Bigger Problem as the Average Organization is Targeted 700 Times a Year

Aug 11, 2021 8:21:16 AM By Stu Sjouwerman

With threat actors honing their trickery skills to craft the perfect email used to fool a would-be victim recipient, new data shows cybercriminals are stepping up their game on a number ...

Cyber Insurance Industry Wrongly Hedging Its Bets on MFA

Aug 10, 2021 8:53:19 AM By Stu Sjouwerman

Because of ransomware attacks, I have been covering the cybersecurity insurance industry for a few years, including here. I even have a whole chapter dedicated to cybersecurity insurance ...

BEC Attacks Are Targeting Lower-Level Employees

Aug 5, 2021 8:48:30 AM By Stu Sjouwerman

A new report from Barracuda found that most business email compromise (BEC) attacks are now targeting employees who aren’t in executive or financial roles.

How Social Engineers Use Social Media

Aug 3, 2021 9:38:30 AM By Stu Sjouwerman

People need to be aware of how their social media posts can be used against them, according to Darren Millar, senior vice president of operations at PiiQ Media. In an article for ...

Mint Mobile, Porting Numbers, and Identity Theft

Jul 21, 2021 8:47:55 AM By Stu Sjouwerman

US telecommunications company Mint Mobile warned some users that their phone numbers had temporarily been ported to another carrier by an unauthorized individual, which allowed the ...

Nearly Every Organization Has Had an Insider-Caused Data Breach in the Last Year

Jul 19, 2021 1:45:35 PM By Stu Sjouwerman

Whether it’s from an accidental leak of data or falling victim to a phishing attack, new data from email security vendor Egress puts the insider’s role in breaches into critical ...

Facebook Disrupts Iranian Social Engineering Operation

Jul 19, 2021 9:38:15 AM By Stu Sjouwerman

Facebook has taken down an operation by Iranian hackers targeting military, defense, and aerospace entities, particularly focused on the US.

Cryptocurrencies and Email Extortion Trends

Jul 15, 2021 10:04:39 AM By Stu Sjouwerman

Researchers at GreatHorn have found that 98.7% of extortion emails ask for payment in Bitcoin. Most of these emails aren’t targeted, but enough people will likely fall for them that the ...

Spear Phishing Campaign Targets Energy Companies

Jul 13, 2021 10:29:13 AM By Stu Sjouwerman

Researchers at Intezer have spotted a phishing campaign that’s targeting energy companies in South Korea, the United States, the United Arab Emirates, and Germany. Most of the targets are ...

Phishbait Follows Current Events

Jul 12, 2021 9:49:35 AM By Stu Sjouwerman

Crisis draws opportunistic criminals, and the Kaseya ransomware incident is no different. Kaseya’s updates on the incident have included repeated warnings not to be taken in by emails or ...

The Pandemic’s Paradigm Shift with Cybersecurity

Jul 9, 2021 1:18:00 PM By Anna Collard

Just over a year ago, a much-prized perk – the ability to work from home – became an everyday reality for many. ITWeb, in partnership with KnowBe4, conducted a survey to gain insight into ...

Social Engineering and Organizational Culture

Jul 8, 2021 9:40:03 AM By Stu Sjouwerman

Consistent awareness training is necessary to fend off phishing attacks, according to Keatron Evans, a principal security researcher, instructor, and author with Infosec. In an interview ...

Lazarus Group Continues Targeting Defense Contractors

Jul 7, 2021 8:57:49 AM By Stu Sjouwerman

North Korea’s Lazarus Group has been launching phishing campaigns against more defense contractors and engineering companies, according to researchers at AT&T Alien Labs. The ...

Security Awareness Training Blog

Social Engineering Blog

View Topics