Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

View Topics

[Heads Up] Twitter Employees Fall For Social Engineering Attack And The Bad Guys Get "God Mode"

Jul 16, 2020 8:00:27 AM By Stu Sjouwerman
A number of high-profile Twitter accounts were hacked including those of Elon Musk, Bill Gates, Kanye West, Joe Biden and Barack Obama. This is clearly the worst hacking incident in ...
Continue Reading

Gartner: You Should Focus On These 7 Specific COVID-19 IT Security Areas

Jul 8, 2020 10:59:44 AM By Stu Sjouwerman
Gartner observed: "Rapid responses to the coronavirus pandemic leave organizations vulnerable to security breaches. Security and risk teams must remain vigilant and focus on strategic ...
Continue Reading

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

Jul 7, 2020 10:13:48 AM By Stu Sjouwerman
“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...
Continue Reading

Half of all Remote Employees Aren’t the Slightest Bit Prepared for Cyberattacks

Jul 2, 2020 10:36:53 PM By Stu Sjouwerman
New data from IBM suggests that employees, their devices, training, and organizational policies are all lacking when it comes making sure remote workers don’t become a victim of ...
Continue Reading

Business Email Compromise Attacks Focused on Invoice Fraud Surge by 75%

Jul 2, 2020 9:59:40 PM By Stu Sjouwerman
As attacks on the C-Suite decline, new data shows that employees in finance department roles are critical to the success of shifts in attack campaign strategy.
Continue Reading

New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

Jun 29, 2020 8:33:43 AM By Stu Sjouwerman
According to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.
Continue Reading

How To Improve Employee Engagement in Security Awareness Training

Jun 24, 2020 12:37:10 PM By Roger Grimes
One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...
Continue Reading

Slack Phishing

Jun 23, 2020 8:27:33 AM By Stu Sjouwerman
People need to be able to use their instincts in order to spot new phishing techniques, according to Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs. On the CyberWire’s ...
Continue Reading

Pyongyang's Phishing with Job Offers

Jun 22, 2020 8:27:28 AM By Stu Sjouwerman
An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...
Continue Reading

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Jun 16, 2020 3:26:04 PM By Roger Grimes
There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...
Continue Reading

Twitter Takes Down Over 32,000  Nation State Accounts Involved in Disinformation Campaigns

Jun 16, 2020 3:14:08 PM By Stu Sjouwerman
Manipulation/disinformation campaigns are running rampant on social media and Twitter just took action -- again. "Disinformation" is a form of propaganda honed into an art form by Russia. ...
Continue Reading

Pretexting Defined

Jun 10, 2020 8:23:00 AM By Stu Sjouwerman
Pretexting is a social engineering tactic in which an attacker attempts to gain information, access, or money by tricking a victim into trusting them, according to Josh Fruhlinger at CSO ...
Continue Reading

[HEADS UP] Cybercriminals in Australia Harass Recipients with Abusive Transaction Descriptions on Bank Statements

Jun 4, 2020 4:59:41 PM By Stu Sjouwerman
There are bad guys in Australia that have given away money in order to use social engineering and harass people with abusive transaction descriptions that appear in online banking ...
Continue Reading

[Heads Up] The REvil Ransomware Gang Is Now *Auctioning Off* Their Victim Data

Jun 2, 2020 4:39:34 PM By Stu Sjouwerman
Intrepid investigative Reporter Brian Krebs had the news first. "The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies ...
Continue Reading

Phishing Campaigns Using Google Firebase Storage

May 26, 2020 8:31:52 AM By Stu Sjouwerman
Scammers are hosting phishing pages on Google Firebase Storage to bypass email security filters, Threatpost reports. Firebase is a Google-owned application development platform that ...
Continue Reading

[Heads Up] The COVID Remote Work Mandate Skyrockets "Work From Home" Training Enrollments

May 21, 2020 1:51:12 PM By Stu Sjouwerman
KnowBe4 was one of the first to warn first about the impending COVID phishing tsunami on Jan 31, 2020. The bad guys did not disappoint and went all-out, all cylinders firing, and pulled ...
Continue Reading

Preying on the Unemployed

May 20, 2020 8:20:01 AM By Stu Sjouwerman
An SMS phishing campaign has been exploiting the COVID-19 crisis by spoofing the website of a job placement agency, the New York Daily News reports. The scammers set up a website that ...
Continue Reading

The Three Pillars of the Three Computer Security Pillars

May 18, 2020 8:31:59 AM By Roger Grimes
Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...
Continue Reading

Scammers Exploit Rollout of COVID-19 Contact-Tracing Apps

May 18, 2020 8:18:04 AM By Stu Sjouwerman
An SMS phishing campaign is telling people they’ve come into contact with someone who’s contracted COVID-19, Computing reports. The UK’s Chartered Trading Standards Institute (CTSI) ...
Continue Reading

Dutch Online Retailer Wehkamp Loses 144,000 Euros in Bankruptcy Business Email Compromise

May 15, 2020 9:45:57 AM By Stu Sjouwerman
Cyber criminals successfully gained access to email traffic between bankruptcy trustees and Wehkamp – one of the biggest online retailers in The Netherlands – writes RTL Z. Employees of ...
Continue Reading
Subscribe

Search Our Blog


Comprehensive Anti-Phishing Guide

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews