Funds Transfer Fraud Has Increased 35% Since the Onset of COVID-19

Sep 14, 2020 10:49:30 AM By Stu Sjouwerman

With reported losses from thousands of dollars to well over $1 million, funds transfer fraud represents 27% of cyber insurance claims in 2020.

Extradited Member of a U.K. Scammer Highlights How His Gang Took Banks for $2 Million

Sep 8, 2020 1:45:28 PM By Stu Sjouwerman

Details on how this global gang of cybercriminals used spoofing and impersonation methods to social engineer banks time and time again shows how effective these tactics are.

The New Version of Qbot Trojan Steals Damn Near Everything, Hijacks Email Threads to Spread Infection

Sep 8, 2020 7:01:00 AM By Stu Sjouwerman

Originally seen all the way back in 2008, this banking trojan is continuously being developed. Its latest iteration is downright nasty and has already infected 5% of all organizations ...

[Heads Up] My Name Is Being Used In Criminal Identity Theft Attacks At The Moment

Sep 5, 2020 11:07:10 AM By Stu Sjouwerman

There is an old Dutch expression: "High trees catch a lot of wind". Well. once you get in the public eye there is definitely the effect you become a bigger target of identity theft. In ...

Threat Group DeathStalker Uses PowerShell-based Implant Powersing to Hack into Financial Services Firms

Sep 2, 2020 8:23:15 AM By Stu Sjouwerman

Apparently focused on more intelligence gathering than taking direct malicious action against the organizations they compromise, this attack is filled with ingenuity.

The Heart has Its Reasons, but Those Shouldn't Become an Enterprise Risk

Sep 1, 2020 8:26:15 AM By Stu Sjouwerman

The FBI has warned that victims of romance scams lost $475 million in 2019, BleepingComputer reports. In Idaho alone, nearly one hundred of these victims lost more than $1 million each. ...

The Bureau Explains How Tech Support Scams Work

Aug 27, 2020 8:51:03 AM By Stu Sjouwerman

Tech support scams function like organized businesses and consist of various criminals fulfilling different roles, according to court documents obtained by ZDNet. The documents contain ...

Watch Out! Cybersecurity and Infrastructure Security Agency Warn of New VBA Attack Designed to Deploy KONNI Remote Administration Tool

Aug 25, 2020 10:42:10 AM By Stu Sjouwerman

A new alert from CISA outlines just how dangerous and intrusive the KONNI malware is in organizations that fall for phishing attacks using Word attachments with malicious VBA code.

[Heads Up] Weaponized Disinformation Campaigns Skyrocket; KnowBe4 Releases New Spot & Stop DisInfo Training Module

Aug 25, 2020 10:40:29 AM By Stu Sjouwerman

Disinformation is a potent weapon in the current cold cyberwar arsenal. DisInfo attacks are skyrocketing and the number of countries using organized social media manipulation is going up ...

An Embarrassment of Riches: Malicious Actors Target AWS Accounts

Aug 24, 2020 8:26:26 AM By Eric Howes

Amazon is an obvious target for malicious actors looking to leverage the trust and authority enjoyed by a widely known online service or brand in malicious emails and social engineering ...

New Vishing Scam Targets Diners at London’s Prestigious Ritz Hotel

Aug 20, 2020 5:23:47 PM By Stu Sjouwerman

Aimed at stealing credit card details from restaurant patrons, this new scam feels like it’s something we’re going to hear about a lot more.

The Most Effective Attacks Are Often the Simplest

Aug 20, 2020 8:26:53 AM By Stu Sjouwerman

The recent Twitter hack shows that devastating security breaches don’t always involve sophisticated actors or methods, according to Rachel Tobac, CEO of SocialProof Security. On the ...

Having a Wonderful Time, Wish Your Data Were Here

Aug 13, 2020 11:30:11 AM By Stu Sjouwerman

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued an alert warning that someone is impersonating the OCR and sending fraudulent postcards to ...

Phishing Golden Hour

Aug 12, 2020 6:08:44 PM By Roger Grimes

In emergency healthcare settings, the “golden hour” is the time between when a patient suffering a life threatening event (e.g., heart attack, stroke, aneurysm, etc.) is most likely to ...

My lazy Sunday afternoon was interrupted...

Aug 12, 2020 5:19:33 PM By Stu Sjouwerman

My lazy Sunday afternoon was interrupted with what appeared to be a prank, a social engineering attempt, or something else that remains to be identified.

Leaked U.S.-UK Trade Documents Show How Devastating Compromised Email Can Be

Aug 6, 2020 4:15:57 PM By Stu Sjouwerman

An ongoing criminal investigation highlights how classified documents stolen by Russian hackers from former U.K. trade minister Liam Fox may have been used to impact the British 2019 ...

The Importance of Identifying and Focusing on the Malicious Behavior

Aug 6, 2020 8:31:49 AM By Stu Sjouwerman

Identifying malicious behavior is a more effective long-term strategy than trying to block individual malicious actors, according to Johnathan Hunt, Vice President of Security at GitLab. ...

Hacked High-Profile Twitter Accounts Are Used to Promote a Cryptocurrency Scam

Aug 5, 2020 8:29:43 AM By Stu Sjouwerman

Using the theme of partnering with a made up COVID-19 non-profit, the latest hack on twitter allowed some pretty prominent accounts to be used as pawns in a scam that netted $120K.

The Recent Massive Twitter Social Engineering Hack Was Tried And True Pretexting

Jul 31, 2020 11:50:57 AM By Stu Sjouwerman

The verge reported: "Twitter provided an update about the unprecedented July 15th attack that allowed hackers to tweet from some of the most high-profile accounts on the service, in a ...

[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

Jul 31, 2020 7:00:00 AM By Stu Sjouwerman

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...

Security Awareness Training Blog

Social Engineering Blog

View Topics