Hard Lessons From Romance Scams

Feb 12, 2024 10:32:16 AM By Roger Grimes

Seeing as this week is Valentine’s Day, I should have written something about rom coms, true love, and trusting your heart more. But this is not one of those posts. This post is about ...

Browser-Based Phishing Attacks Increase 198%, With Evasive Attacks Increasing 206%

Feb 9, 2024 12:03:26 PM By Stu Sjouwerman

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection.

Unprecedented Rise of Malvertising as a Precursor to Ransomware

Feb 8, 2024 8:00:00 AM By Stu Sjouwerman

Cybercriminals increasingly used malvertising to gain initial access to victims’ networks in 2023, according to Malwarebytes’s latest State of Malware report.

[On-Demand Webinar] How to Fight Long-Game Social Engineering Attacks

Feb 7, 2024 8:00:00 AM By Stu Sjouwerman

Sophisticated cybercriminals are playing the long game. Unlike the typical hit-and-run cyber attacks, they build trust before laying their traps. They create a story so believable and ...

Generative AI Used to Launch Phishing Attacks

Feb 6, 2024 1:38:52 PM By Stu Sjouwerman

Criminal threat actors are increasingly utilizing generative AI tools like ChatGPT to launch social engineering attacks, according to researchers at Check Point.

New Phishing-As-A-Service Kit with Ability to Bypass MFA Targets Microsoft 365 Accounts

Feb 5, 2024 4:57:58 PM By Stu Sjouwerman

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri.

Social Engineering Masterstroke: How Deepfake CFO Duped a Firm out of $25 Million

Feb 5, 2024 8:47:01 AM By Stu Sjouwerman

Check out this one line for a moment...“duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.”

Ransomware Payments On The Decline As Cyber Attackers Focus on The Smallest, And Largest, Organizations

Jan 31, 2024 1:52:23 PM By Stu Sjouwerman

New data for Q4 of 2023 reveals a sizable shift in the cyber threat landscape, with serious implications regarding ransomware and social engineering attacks targeting both the largest and ...

Houston, We Have a 2024 China Problem

Jan 26, 2024 7:02:27 AM By Stu Sjouwerman

Russia is not the only global problem that democracy has to deal with. The Chinese regime ran large influence campaigns, attempting mass social engineering in the U.S. 2022 midterm ...

New Evasive Phishing Technique “Legacy URL Reputation Evasion" (LURE)

Jan 25, 2024 8:59:50 AM By Stu Sjouwerman

Researchers at Menlo Security observed a 198% increase in browser-based phishing attacks over the past six months.

Social Engineering Attacks Rising in the Trucking Industry

Jan 25, 2024 8:59:28 AM By Stu Sjouwerman

Spear phishing and voice phishing (vishing) are on the rise in the trucking industry, according to a new report from the National Motor Freight Traffic Association (NMFTA).

AI Does Not Scare Me, But It Will Make The Problem Of Social Engineering Much Worse

Jan 22, 2024 2:05:54 PM By Roger Grimes

I am not scared of AI. What I mean is that I do not think AI is going to kill humanity Terminator-style. I think AI is going to be responsible for more cybercrime and more realistic ...

LinkedIn is Being Used for Dating – It’s a Recipe for Disaster

Jan 16, 2024 10:20:50 AM By Stu Sjouwerman

A new article explains how business professionals are beginning to be not-so-professional and seeking to make personal connections. It’s only a matter of time before cybercriminals jump ...

Beware of "Get to Know Me" Surveys

Jan 11, 2024 1:46:46 PM By Roger Grimes

Trained security awareness professionals are aware that whatever someone says about themselves and personal experiences can be used against them in a social engineering scam. It is always ...

Red Flags for Phishing: Verizon Outlines Latest Scams to Watch Out For

Jan 9, 2024 9:24:06 AM By Stu Sjouwerman

Verizon has published an article outlining various forms of social engineering attacks, including SMS/text messaging phishing (smishing), voice phishing (vishing), and spear phishing ...

Beware of Fraudulent Charge Messages

Jan 5, 2024 1:19:09 PM By Roger Grimes

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.

AI-Powered Invoice Fraud: How This Latest Scam Hijacks Your Business Transactions

Jan 4, 2024 9:01:32 AM By Stu Sjouwerman

Resecurity is tracking a cybercriminal gang called “GXC Team” that develops and sells tools to facilitate online banking theft and social engineering attacks.

Lockbit 3.0 Ransomware Disrupts Emergency Care at Multiple German Hospitals

Jan 3, 2024 10:57:52 AM By Stu Sjouwerman

Hitting three hospitals within a Germany-based hospital network, the extent of the damage in this confirmed ransomware attack remains undetermined but has stopped parts of operations.

New Research: Phishing Attacks Stole $295 Million In Crypto In 2023

Jan 3, 2024 8:12:02 AM By Stu Sjouwerman

Researchers at Scam Sniffers have found that phishing attacks stole nearly $295 million worth of cryptocurrency from 324,000 victims in 2023, CryptoSlate reports. The cryptocurrency is ...

A Dream Team Security Awareness Training Program?

Jan 2, 2024 1:29:27 PM By Roger Grimes

Every person and organization is different and requires slightly different methods and ways of learning. But every person and organization can benefit by more frequent security awareness ...