Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Social Media as Artillery Preparation for Spear Phishing

Researchers at ESTsecurity warn that a North Korean threat actor known as “Kumsong 121” is using compromised social media accounts to launch spear phishing attacks, the Daily NK reports. ...
Continue Reading

Business Email Compromise Scam takes New Hampshire Town for $2.3 Million

Social engineering is at the heart of this attack, where scammers successfully tricked a town into redirecting not just one but several bank transfers.
Continue Reading

Blame it on the Lizard Brain

People need to work to overcome their inherent biases in order to avoid falling for social engineering attacks, according to Heidi Mitchell at the Wall Street Journal.
Continue Reading

Five Signs of Social Engineering

Social engineering can come in many different forms: via email, websites, voice calls, SMS messages, social media and even fax. If it is a communication method, scammers and criminals are ...
Continue Reading

BEC and the Underworld's Resources

Researchers at Intel 471 have observed cybercriminals outsourcing talent for business email compromise (BEC) attacks. This tactic lowers the bar of entry for BEC attacks, which are ...
Continue Reading

Cybercriminals Can Post Jobs on LinkedIn Posing as Any Employer They Want

Lax verification around what company is offering a given job on LinkedIn allows attackers to create bogus job postings for malicious purposes.
Continue Reading

Nigerian Threat Actors Solicit Victim Organization Employees to Deploy Demon Ransomware

The use of employees as insider accomplices potentially changes how social engineering is being used in exchange for a direct request for internal assistance.
Continue Reading

Arrests in International Fraud Scheme Due to Social Engineering

Police in Romania, the Netherlands, and Ireland have arrested and charged twenty-three people accused of conducting sophisticated social engineering attacks. The organized crime group ...
Continue Reading

“Compromise” is the “C” in “MICE”

The FBI is warning Silicon Valley companies to be wary of insider threats, Protocol reports. FBI special agent Nick Shenkin told Protocol in an interview that authoritarian ...
Continue Reading

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.
Continue Reading

Deepfakes Continue to be a Concern as the Technology Improves and Becomes More Convincing

In the wake of the FBI’s warning about more deepfake-based cyber attacks coming in the next year, organizations should remain vigilant against this compelling form of social engineering.
Continue Reading

Attackers Use Morse Code to Encode Phishing Attachments

A phishing campaign is using morse code to encode malicious attachments in order to slip past security filters, according to researchers at Microsoft. The phishing emails contain HTML ...
Continue Reading

The Anatomy of Smishing Attacks and How to Avoid Them

Cybercriminals and nation-state actors continue to launch smishing attacks to steal credentials and distribute malware, according to Michael Marriott, Senior Strategy and Research Analyst ...
Continue Reading

Military Personnel Vulnerable to Fraud

US military personnel and veterans have lost more than $822 million to scams since 2017, according to researchers at AtlasVPN. The researchers analyzed data from the US Federal Trade ...
Continue Reading

Android Trojan Goes After Facebook Accounts

A new Android Trojan has hijacked more than 10,000 Facebook accounts by stealing session cookies, according to researchers at Zimperium. The malware uses social engineering to trick users ...
Continue Reading

Spear Phishing Becomes a Bigger Problem as the Average Organization is Targeted 700 Times a Year

With threat actors honing their trickery skills to craft the perfect email used to fool a would-be victim recipient, new data shows cybercriminals are stepping up their game on a number ...
Continue Reading

Cyber Insurance Industry Wrongly Hedging Its Bets on MFA

Because of ransomware attacks, I have been covering the cybersecurity insurance industry for a few years, including here. I even have a whole chapter dedicated to cybersecurity insurance ...
Continue Reading

BEC Attacks Are Targeting Lower-Level Employees

A new report from Barracuda found that most business email compromise (BEC) attacks are now targeting employees who aren’t in executive or financial roles.
Continue Reading

How Social Engineers Use Social Media

People need to be aware of how their social media posts can be used against them, according to Darren Millar, senior vice president of operations at PiiQ Media. In an article for ...
Continue Reading

Mint Mobile, Porting Numbers, and Identity Theft

US telecommunications company Mint Mobile warned some users that their phone numbers had temporarily been ported to another carrier by an unauthorized individual, which allowed the ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews