87% Increase in Social Engineering Scams During the First Quarter of 2021 Compared to Q1 2020

Jul 7, 2021 8:41:47 AM By Stu Sjouwerman

There was an 87% increase in social engineering scams during the first quarter of 2021 compared to Q1 2020, according to Ayelet Biger-Levin from BioCatch. In an article for The Paypers, ...

It Was Only a Matter of Time: The Ransomware Ecosystem Has Given Birth to VC Investors

Jul 6, 2021 4:12:45 PM By Stu Sjouwerman

Security firm LIFARS confirms that cybercriminals are acting like venture capital investors, funding startup cybercriminal organizations, such as Darkside Ransomware.

New IcedID and QBot Phishing Campaigns Are Running Amuck

Jul 1, 2021 10:48:05 AM By Stu Sjouwerman

Researchers at Kaspersky recently spotted two widespread phishing campaigns delivering the IcedID and QBot banking Trojans. The majority of users targeted by the IcedID campaign were ...

Almost All LinkedIn User’s Data Has Been Scraped and is Up for Sale on the Dark Web

Jun 30, 2021 4:31:12 PM By Stu Sjouwerman

700 Million LinkedIn user’s personal details were posted for sale earlier this month, putting 92% of their userbase at risk of social engineering and spear phishing attacks.

35% of Cybersecurity Incidents are Business Email Compromise (BEC) Phishing Attacks

Jun 29, 2021 2:00:38 PM By Stu Sjouwerman

With cybercriminals looking for the fastest means to get from attack to a big payout, BEC attacks are shifting tactics to adjust to organizations being better prepared.

Misconfigured Cloud Database Increases Risk of Social Engineering

Jun 28, 2021 8:49:19 AM By Stu Sjouwerman

DreamHost, a major website hosting provider, exposed 814 million user account records in an unsecured database, researchers at Website Planet have found. The data exposed included a ...

Threat Actors use Google Ads to Target People Migrating to Encrypted Messaging Services like Signal and Telegram

Jun 24, 2021 10:34:26 AM By Stu Sjouwerman

Researchers at eSentire warn that threat actors have been using Google Ads to target people migrating from WhatsApp to other encrypted messaging services, particularly Signal and Telegram.

Attackers Abuse Google Docs for Phishing Attacks

Jun 24, 2021 8:48:29 AM By Stu Sjouwerman

Attackers are using a new technique to exploit Google Docs for phishing attacks, according to researchers at Avanan. The attackers take advantage of the fact that Google Docs ...

Leaked Copies of Windows 11 Could Be Tempting Phishbait for Techies

Jun 22, 2021 10:15:55 AM By Stu Sjouwerman

The latest anticipated release of Windows should be a reminder that even IT folks can be driven into a frenzy enough to miss the signs of a malicious campaign.

Understanding Ransomware’s True Costs

Jun 18, 2021 8:00:00 AM By Roger Grimes

We all know ransomware is pretty bad, but if you are a cybersecurity risk manager trying to justify the latest purchase to mitigate it, nailing down real numbers can be pretty hard. There ...

Tax Organizations Need to Focus on Cybersecurity

Jun 16, 2021 11:01:28 AM By Stu Sjouwerman

Tax preparation companies and tax agencies are increasingly facing scams, fraud, and other attacks, according to Robert Capps, Vice President of Marketplace Innovation at NuData Security. ...

EA Got Social Engineered via Slack Channel and Lost 780 GB valued Millions

Jun 15, 2021 8:48:34 AM By Stu Sjouwerman

Hackers gained access to the networks of video game giant Electronic Arts (EA) via social engineering, Motherboard reports. The hackers claim to have stolen 780 GB of data, including the ...

Insights Into Credential Phishing

Jun 9, 2021 10:36:37 AM By Stu Sjouwerman

Cybercriminals are quick to put hacked accounts to use, according to Agari by Help Systems. The researchers found that 91% of compromised accounts are accessed by attackers within one ...

78% of CISOs Say Attacks Have Increased as a Result of More Employees Working from Home

Jun 8, 2021 1:37:33 PM By Stu Sjouwerman

According to new data from VMware Carbon Black, the sophistication and impact of modern cyberattacks is causing CISOs to rethink how to secure the expanding attack surface.

Chinese Hacker Group Debuts After 3 Years of Testing with a Previously Unseen Backdoor Exploit

Jun 8, 2021 1:37:27 PM By Stu Sjouwerman

Dubbed ‘SharpPanda’, this Chinese APT group uses malicious Word docs, .RTF templates, and the RoyalRoad malware to install a powerful backdoor DLL giving them all kinds of access.

Everyone Has It Wrong. It Is Not Double Extortion, It Is Quintuple Extortion!

Jun 3, 2021 2:12:53 PM By Roger Grimes

I keep seeing a new ransomware term, “double extortion” being discussed. It is the hot, new buzzword surrounding ransomware. This term attempts to summarize how ransomware is no longer ...

Ransomware's Impact Highlights the Threat of Social Engineering

Jun 3, 2021 2:10:23 PM By Stu Sjouwerman

Ransomware actors are continuing to shift their focus to disrupting operations that affect people’s daily lives, according to the Wall Street Journal. A ransomware attack on Wednesday ...

New Email Attack Takes a Phishing-Turned-Vishing Angle to Steal Credit Card Info

May 28, 2021 9:56:51 AM By Stu Sjouwerman

Details on this new scam demonstrate how cybercriminal gangs are working to try use new mediums and social engineering methods to trick users into becoming victims.

Business Email Compromise Attacks Are Evolving, Becoming More Convincing and More Expensive

May 28, 2021 9:51:22 AM By Stu Sjouwerman

The “business” of BEC is becoming increasingly more lucrative for cybercriminals, as they develop new ways to defraud individuals and organizations of their money.

Call Centers Used to Distribute BazarLoader

May 27, 2021 9:21:37 AM By Stu Sjouwerman

Cybercriminals are using call centers to trick users into downloading the BazarLoader malware, according to researchers at Palo Alto Networks’ Unit 42. By relying on social engineering to ...

Security Awareness Training Blog

Social Engineering Blog

View Topics