KnowBe4

Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Positive Technologies Social Engineering Report: 17 Percent Fall Foul To “Attacks”

Employees download malicious files, click phishing links, correspond with hackers, and even share contact information for their colleagues. Positive Technologies has released a new report ...
Continue Reading

Scam Of The Week: Fiendishly Clever Gmail Phishing Scam You Need To Know About

Twitter user @_thp shared a recent phishing scam that they received; and it’s so fiendishly clever that it’s gone viral. They wrote: "This is the most clever phishing scam I've ever ...
Continue Reading

Social Engineering Fraud and Cyber Insurance – Are You Covered?

We’ve covered this before but here’s another article on exclusionary clauses. The loophole: "No unauthorized use of the victims Computer System". Excellent reminder by Drinker Biddle & ...
Continue Reading

Why Social Engineering Works And How To Arm Yourself Against "Human Hacking"

Let me share some observations after 7 years of building KnowBe4 from scratch into a 100 million dollar company.  We train your employees to recognize social engineering attacks and not ...
Continue Reading

How To: Social Engineering A Whole Country During An Election

Check out this fascinating 13 min interview with Christopher Wylie, a former research director at Cambridge Analytica, who had a copy of a dataset with 50 million Facebook profiles. He ...
Continue Reading

FTC Study: Millennials Are The Biggest Victims Of Social Engineering

A report from the FTC found that 40% of adults age 20-29 lost money to fraud, while only 18% of adults over the age of 70 did so, challenging the narrative of older adults falling victim ...
Continue Reading

Now *HERE* Is A Devious Combo pretexting / vishing / SMS Social Engineering Attack!

Someone on Reddit described how he was the victim of a very sophisticated social engineering attack. Wow, this is crafty. This is the story!: "I have different passwords for every website ...
Continue Reading

Phishing Messages from the Dark: When the Bad Guys Write Back

By Eric Howes,  KnowBe4 Principal Lab Researcher. For most users the experience of dealing with phishing emails is a solitary experience, whether they recognize that they are under attack ...
Continue Reading

Spend One Minute And Look At These Phishing Graphs

In the first quarter of 2018, after 7 years of helping our customers to enable their employees to make smarter security decisions and having reached the milestone of 15,000 customers, we ...
Continue Reading

KnowBe4 Prevents Customer From Becoming Social Engineering Victim Of Duke Energy Vendor’s Hack

A customer just sent us this: "Stu, the company who processes payments for Duke Energy’s walk in payments was hacked and as a result about 375,000 bank accounts may have been stolen. "We ...
Continue Reading

Phishing Schemes Are Using Encrypted Sites To Seem Legit

WIRED wrote: "A MASSIVE EFFORT to encrypt web traffic over the last few years has made green padlocks and "https" addresses increasingly common; more than half the web now uses internet ...
Continue Reading

Your Cybercrime Insurance Policy May Not Cover You For Social Engineering Fraud

I have talked about this potentially extremely expensive and very disappointing "CEO fraud" or "Business Email Compromise" problem many times before. Your cybercrime policy may not ...
Continue Reading

Google Kicks Harmful Apps Out Of Google Play And Offers 5 Steps Against Social Engineering

You're always better off getting apps from reputable stores like Google Play than you are from potentially dodgy, at best unknown, third-party sites. But even Google Play isn't immune ...
Continue Reading

What is the difference between the Surface Web, The Deep Web and the Dark Web?

These three terms are often a source of confusion, especially in connection with cybercrime and where that comes from. If you think that search engines like Google (there are more!) know ...
Continue Reading

Spam was nearly dead, then it became an essential tool for crime and came roaring back

John Christian at TheOutline wrote a post that made me take notice because it neatly summarized the current state of affairs and confirms our own experience: spam has morphed and is back ...
Continue Reading

One in 25 Searchable ‘Black Friday’ Apps Blacklisted as Malicious, Finds Report

Black Friday is a big day for shoppers. In 2016, 154 million consumers shopped over Thanksgiving weekend and spent $9.36 billion, constituting a year-over-year increase of 16.4 percent. ...
Continue Reading

Uber Total Loss: 57 Million Records Stolen But Data Breach Was Hidden For A Year

Oh boy. Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning. Bloomberg was first to report ...
Continue Reading

[ALERT] This Scary New Phishing Attack Is Very Hard To Detect

You need to know about a new phishing attack vector reported by our friends at Barkly. It utilizes a new technique that's just plain nasty. This week, users at one of their customers ...
Continue Reading

[On-Demand Webinar] Phishing and Social Engineering in 2018

Ransomware has tipped the 1 billion mark and damages are expected to be around 5 billion before the year is out. Use of ransomware has evolved throughout the year with a 600% rise in URL ...
Continue Reading

Is combosquatting a new trick hackers use to lure users into visiting malicious websites?

Georgia Tech researchers reported that hackers are using a technique identified with a newly coined term "combosquatting" to trick users into visiting malicious websites. Sorry to break ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews