Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Account Takeover Attacks Increase as Cybercriminals Fine-Tune Their Brand Impersonation, Social Engineering, and Phishing Skills

The latest Spear Phishing Report from Barracuda highlights how cybercriminals are systematically improving their game… and are becoming more successful for it. The capturing of user ...
Continue Reading

[Heads-Up] If This Is True It's A Disaster. Three Major US Antivirus Companies Breached? ***UPDATED

ARSTECHNICA is getting me worried here. We were all at KB4-CON in Orlando the last few days, and during the conference word got to me that security researchers found out that high-profile ...
Continue Reading

[Spoiler!] That Free Avengers: Endgame Download You Found Online? It’s a Scam!

The lure of watching the latest Avengers movie is enough motivation for some to fall for this scam aimed at collecting your credit card data.
Continue Reading

IT and Executives are (Mostly) in Alignment and Both Fear the Phish

According to the latest from AT&T Cybersecurity, enterprise IT and boardrooms largely see eye-to-eye… and those eyes are watching some very common, yet pervasive, threats.
Continue Reading

Brunswick Church Falls For Phishing Scam Of Almost $2 Million

Staff at St. Ambrose Roman Catholic Church in Brunswick say the church was scammed out of nearly $2 million. The church said a phishing email led it to believe that a construction firm ...
Continue Reading

PSA: How To Recognize Disinformation

One of the skills everyone needs to prevent social engineering attacks is to recognize disinformation. False information that is intended to mislead people has become an epidemic on the ...
Continue Reading

Evil TeamViewer Attacks Under the Guise of the U.S. State Department

A targeted, email-borne attack against embassy officials and government finance authorities globally is making use of a malicious attachment disguised as a top-secret U.S. document. It ...
Continue Reading

Spearphishing Boils Down to Basic Social Engineering

While spearphishing attacks may employ various tactics and tools, they all rely on the same underlying human weaknesses to achieve their goals, according to Asaf Cidon from Barracuda ...
Continue Reading

Social Engineers Earn a First

A study by nonprofit research company Jisc and the UK’s Higher Education Policy Institute (HEPI) found that 100 percent of spear phishing tests against universities were able to gain ...
Continue Reading

Scammers Impersonate Big UK Law

The UK’s Solicitors Regulation Authority (SRA) warned that scammers are impersonating a London law firm, Linklaters LLP, using phony job offers. The documents purport to come from the ...
Continue Reading

[SCAM OF THE WEEK]: Notre Dame Disaster Causes FireStorm Of Social Engineering And Misinformation

The Notre Dame Cathedral in Paris caught fire and was barely saved from total destruction. Millions of people visit every year and hundreds of millions feel a powerful, and personal, ...
Continue Reading

Spycatching: Social Engineering and the FBI's Insider Threat Experience

We’ve recently shared a link to a podcast, “The Ghost and the Mole,” which revisits the infamous case of FBI Special Agent turned Russian spy Robert Hanssen. Before dismissing this as ...
Continue Reading

Brand-New Tool: Phishing Reply Test Identifies Users Likely to Fall Victim to Fraudsters

Highly targeted phishing attacks, known as Business Email Compromise or CEO fraud scams have exceeded $12.5 billion in total known losses worldwide. These social engineering attacks are ...
Continue Reading

Kevin Mitnick Demos Password Hack: No Link Click or Attachments Necessary

In this shocking demonstration Kevin Mitnick, KnowBe4's Chief Hacking Officer, shows how hackers can steal a user’s password hash without the user having to click a hyperlink or open an ...
Continue Reading

"Hacking Humans" Is The 2019 No. 1 Podcast Covering Social Engineering!

Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on ...
Continue Reading

Credentials and Personal Data Continue to be the Primary Targets of Social Engineering Scams

Targeted attacks are increasing, with cybercriminals focused on stealing information that can be used to impersonate a user and perpetuate their scams.
Continue Reading

RSA’s Best Social Engineering News

KnowBe4 was at RSA 2019 this year with two booths, in both the North and South Hall. The show was humongous as usual and a torrent of news was released. I was there and it was a challenge ...
Continue Reading

Ins and Outs of Impersonation...and Kidnapping

Impersonation attacks and business email compromise (aka CEO fraud) can lead to far more dangerous consequences than monetary losses, according to Matt Devost from OODA LLC. Devost ...
Continue Reading

Kevin Mitnick Demos Outlook Exchange Exploit

In a webinar last week Kevin Mitnick, KnowBe4's Chief Hacking Officer, shared a shocking demonstration of a recent Outlook Exchange exploit in which delegated access is allowed from any ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews