The Bureau Explains How Tech Support Scams Work

Aug 27, 2020 8:51:03 AM By Stu Sjouwerman

Tech support scams function like organized businesses and consist of various criminals fulfilling different roles, according to court documents obtained by ZDNet. The documents contain ...

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

Aug 25, 2020 10:42:10 AM By Stu Sjouwerman

A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.

[Heads Up] Weaponized Disinformation Campaigns Skyrocket; KnowBe4 Releases New Spot & Stop DisInfo Training Module

Aug 25, 2020 10:40:29 AM By Stu Sjouwerman

Disinformation is a potent weapon in the current cold cyberwar arsenal. DisInfo attacks are skyrocketing and the number of countries using organized social media manipulation is going up ...

An Embarrassment of Riches: Malicious Actors Target AWS Accounts

Aug 24, 2020 8:26:26 AM By Eric Howes

Amazon is an obvious target for malicious actors looking to leverage the trust and authority enjoyed by a widely known online service or brand in malicious emails and social engineering ...

New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

Aug 20, 2020 5:23:47 PM By Stu Sjouwerman

Aimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.

The Most Effective Attacks Are Often the Simplest

Aug 20, 2020 8:26:53 AM By Stu Sjouwerman

The recent Twitter hack shows that devastating security breaches don’t always involve sophisticated actors or methods, according to Rachel Tobac, CEO of SocialProof Security. On the ...

Having a Wonderful Time, Wish Your Data Were Here

Aug 13, 2020 11:30:11 AM By Stu Sjouwerman

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued an alert warning that someone is impersonating the OCR and sending fraudulent postcards to ...

Phishing Golden Hour

Aug 12, 2020 6:08:44 PM By Roger Grimes

In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...

My lazy Sunday afternoon was interrupted...

Aug 12, 2020 5:19:33 PM By Stu Sjouwerman

My lazy Sunday afternoon was interrupted with what appeared to be a prank, a social engineering attempt, or something else that remains to be identified.

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

Aug 6, 2020 4:15:57 PM By Stu Sjouwerman

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...

The Importance of Identifying and Focusing on the Malicious Behavior

Aug 6, 2020 8:31:49 AM By Stu Sjouwerman

Identifying malicious behavior is a more effective long-term strategy than trying to block individual malicious actors, according to Johnathan Hunt, Vice President of Security at GitLab. ...

Hacked High-Profile Twitter Accounts Are Used to Promote a Cryptocurrency Scam

Aug 5, 2020 8:29:43 AM By Stu Sjouwerman

Using the theme of partnering with a made up COVID-19 non-profit, the latest hack on twitter allowed some pretty prominent accounts to be used as pawns in a scam that netted $120K.

The Recent Massive Twitter Social Engineering Hack Was Tried And True Pretexting

Jul 31, 2020 11:50:57 AM By Stu Sjouwerman

The verge reported: "Twitter provided an update about the unprecedented July 15th attack that allowed hackers to tweet from some of the most high-profile accounts on the service, in a ...

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

Jul 31, 2020 7:00:00 AM By Stu Sjouwerman

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...

[HEADS UP] Coronavirus Scams in the U.K. You Should be Wary Of

Jul 29, 2020 1:06:20 PM By Stu Sjouwerman

According to a recent report from BBC News, the bad guys are using the coronavirus pandemic to use social engineering to trick people out of their cash.

Social Engineering from an Actuarial Point of View

Jul 29, 2020 8:32:40 AM By Stu Sjouwerman

Employees need to maintain their security habits while working from home, emphasizes Scott Godes, a partner at Barnes & Thornburg. On the CyberWire’s Caveat podcast, Godes explained ...

Vanity, Thy URL is Zoom

Jul 28, 2020 8:23:32 AM By Stu Sjouwerman

Zoom has fixed a security flaw that could have allowed attackers to launch hard-to-spot phishing attacks using the platform, according to researchers at Check Point who discovered and ...

Don't Overlook Policy When Designing Security

Jul 23, 2020 8:30:53 AM By Stu Sjouwerman

There’s no single defense against phishing and other social engineering attacks, according to Kevin O’Brien, CEO and co-founder of email security company GreatHorn. On the CyberWire’s ...

I Testified Before U.S. Congress About COVID-19 Phishing Scams

Jul 22, 2020 8:51:55 PM By Stu Sjouwerman

Yesterday, July 21, 2020 I testified before U.S. congress about COVID-19 phishing scams. I was invited by the Senate Commerce Committee's subcommittee on manufacturing, trade, and ...

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

Jul 20, 2020 8:51:32 AM By Stu Sjouwerman

The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent ...

Security Awareness Training Blog

Social Engineering Blog

View Topics