Business Email Compromise Scam takes New Hampshire Town for $2.3 Million

Sep 13, 2021 11:39:52 AM By Stu Sjouwerman

Social engineering is at the heart of this attack, where scammers successfully tricked a town into redirecting not just one but several bank transfers.

Blame it on the Lizard Brain

Sep 13, 2021 8:45:18 AM By Stu Sjouwerman

People need to work to overcome their inherent biases in order to avoid falling for social engineering attacks, according to Heidi Mitchell at the Wall Street Journal.

5 Ways to Recognize Social Engineering

Sep 9, 2021 4:58:21 PM By Roger Grimes

Social engineering can come in many different forms: via email, websites, voice calls, SMS messages, social media and even fax. If it is a communication method, scammers and criminals are ...

BEC and the Underworld's Resources

Sep 2, 2021 8:47:27 AM By Stu Sjouwerman

Researchers at Intel 471 have observed cybercriminals outsourcing talent for business email compromise (BEC) attacks. This tactic lowers the bar of entry for BEC attacks, which are ...

Cybercriminals Can Post Jobs on LinkedIn Posing as Any Employer They Want

Aug 26, 2021 1:01:51 PM By Stu Sjouwerman

Lax verification around what company is offering a given job on LinkedIn allows attackers to create bogus job postings for malicious purposes.

Nigerian Threat Actors Solicit Victim Organization Employees to Deploy Demon Ransomware

Aug 24, 2021 1:09:38 PM By Stu Sjouwerman

The use of employees as insider accomplices potentially changes how social engineering is being used in exchange for a direct request for internal assistance.

Arrests in International Fraud Scheme Due to Social Engineering

Aug 24, 2021 11:35:39 AM By Stu Sjouwerman

Police in Romania, the Netherlands, and Ireland have arrested and charged twenty-three people accused of conducting sophisticated social engineering attacks. The organized crime group ...

“Compromise” is the “C” in “MICE”

Aug 23, 2021 8:47:35 AM By Stu Sjouwerman

The FBI is warning Silicon Valley companies to be wary of insider threats, Protocol reports. FBI special agent Nick Shenkin told Protocol in an interview that authoritarian ...

Can the Microsoft 365 Platform Be Trusted to Stop Security Breaches?

Aug 18, 2021 2:00:29 PM By Stu Sjouwerman

Lax security policies, a lack of security measures and solutions in place, and an expectation that Microsoft will address any security issues is putting organizations at risk.

Deepfakes Continue to be a Concern as the Technology Improves and Becomes More Convincing

Aug 18, 2021 2:00:15 PM By Stu Sjouwerman

In the wake of the FBI’s warning about more deepfake-based cyber attacks coming in the next year, organizations should remain vigilant against this compelling form of social engineering.

Attackers Use Morse Code to Encode Phishing Attachments

Aug 17, 2021 9:56:28 AM By Stu Sjouwerman

A phishing campaign is using morse code to encode malicious attachments in order to slip past security filters, according to researchers at Microsoft. The phishing emails contain HTML ...

The Anatomy of Smishing Attacks and How to Avoid Them

Aug 16, 2021 8:56:01 AM By Stu Sjouwerman

Cybercriminals and nation-state actors continue to launch smishing attacks to steal credentials and distribute malware, according to Michael Marriott, Senior Strategy and Research Analyst ...

Military Personnel Vulnerable to Fraud

Aug 13, 2021 10:55:52 AM By Stu Sjouwerman

US military personnel and veterans have lost more than $822 million to scams since 2017, according to researchers at AtlasVPN. The researchers analyzed data from the US Federal Trade ...

Android Trojan Goes After Facebook Accounts

Aug 11, 2021 9:11:53 AM By Stu Sjouwerman

A new Android Trojan has hijacked more than 10,000 Facebook accounts by stealing session cookies, according to researchers at Zimperium. The malware uses social engineering to trick users ...

Spear Phishing Becomes a Bigger Problem as the Average Organization is Targeted 700 Times a Year

Aug 11, 2021 8:21:16 AM By Stu Sjouwerman

With threat actors honing their trickery skills to craft the perfect email used to fool a would-be victim recipient, new data shows cybercriminals are stepping up their game on a number ...

Cyber Insurance Industry Wrongly Hedging Its Bets on MFA

Aug 10, 2021 8:53:19 AM By Stu Sjouwerman

Because of ransomware attacks, I have been covering the cybersecurity insurance industry for a few years, including here. I even have a whole chapter dedicated to cybersecurity insurance ...

BEC Attacks Are Targeting Lower-Level Employees

Aug 5, 2021 8:48:30 AM By Stu Sjouwerman

A new report from Barracuda found that most business email compromise (BEC) attacks are now targeting employees who aren’t in executive or financial roles.

How Social Engineers Use Social Media

Aug 3, 2021 9:38:30 AM By Stu Sjouwerman

People need to be aware of how their social media posts can be used against them, according to Darren Millar, senior vice president of operations at PiiQ Media. In an article for ...

Mint Mobile, Porting Numbers, and Identity Theft

Jul 21, 2021 8:47:55 AM By Stu Sjouwerman

US telecommunications company Mint Mobile warned some users that their phone numbers had temporarily been ported to another carrier by an unauthorized individual, which allowed the ...

Nearly Every Organization Has Had an Insider-Caused Data Breach in the Last Year

Jul 19, 2021 1:45:35 PM By Stu Sjouwerman

Whether it’s from an accidental leak of data or falling victim to a phishing attack, new data from email security vendor Egress puts the insider’s role in breaches into critical ...

Security Awareness Training Blog

Social Engineering Blog

View Topics