Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Business Email Compromise, Credential Theft, and Many Other Attack Vectors Surged as High as 5x in Q4 2018

The latest data from Proofpoint shows many types of cyberattacks making massive jumps in comparison to both previous quarters and years.
Continue Reading

[On-demand Webinar] Get an Insider View Into the Methods and Exploits of the World's Most Famous Hacker, Kevin Mitnick

Many of the world's most reputable organizations rely on Kevin Mitnick, the world's most famous hacker and KnowBe4's Chief Hacking Officer, to uncover their most dangerous security flaws. ...
Continue Reading

Social Engineering Comes to Wikipedia

Attackers are selectively editing Wikipedia articles to lend credibility to tech support scams, according to Rob VandenBrink at the SANS Internet Storm Center. The Wikipedia page for the ...
Continue Reading

Sextortion Phishing Scam Exploits Recent Breach Fears

Sextortion scam emails are circulating which claim that a popular adult site has been hacked, allowing an attacker to record videos of users through their webcams, according to Lawrence ...
Continue Reading

[Brilliant New Social Engineering Phish] "Please Docusign: Funding For Your Business"

A friend was sent this email and he forwarded it to me. It's a brilliant new social engineering phishing scam. It will sail through all your spam / malware filters and email protection ...
Continue Reading

"Hacking Humans" Is The No. 1 Podcast Covering Social Engineering!

Each week the CyberWire’s Hacking Humans podcast looks behind the social engineering scams, phishing schemes, and criminal exploits that make headlines and take a heavy toll on ...
Continue Reading

Social Engineering Testing: Why Getting Hacked Is a Security Advantage

Stephanie Carruthers, People Hacker for IBM- X-Force Red wrote an excellent post about the need for red-teaming and pentesting your own organization. I'll quote the first paragraph or so, ...
Continue Reading

Online Job Offer Turns Would-Be Applicant into Unwitting Conspirator in Malware Attack

The context of contacting the victim via a credible website may be all that was needed to trick one job seeker into installing malware on the network of a bank.
Continue Reading

Criminals Make Off With USD $150,000 in Business Email Compromise Real Estate Scam

Scammers stole $150,000 from a woman during a real estate transaction last year, according to Lisa Vaas at Naked Security. Mireille Appert, a Swiss woman who lives in the United States, ...
Continue Reading

Firm in $1.7-million dispute with insurer because of social engineering fraud

Global law firm Dentons Canada LLP is locked in a $1.7-millon dispute with its insurer after staff at the firm’s Vancouver office fell victim to an alleged social engineering attack.
Continue Reading

Gartner's Neil Wynne: "Email Phishing is a Growing Threat"

Email phishing is a top threat to organizations because it works so well, according to Neil Wynne, principal and analyst for secure business enablement at Gartner. Wynne told Stephanie ...
Continue Reading

Is that phone call really from Amazon?

By Eric Howes,  KnowBe4 Principal Lab Researcher.  Now that it's the holiday season, malicious parties across the globe are exploiting Amazon's good name and popularity with consumers to ...
Continue Reading

CrowdStrike: Compelling Stories From The Cyber Intrusion Casebook 2018

From the Front Lines of Incident Response, the CrowdStrike Services Cyber Intrusion Casebook 2018 offers some compelling stories how threat actors are continuously adopting new means to ...
Continue Reading

[Heads-up] New Email Extortion Scam Bomb Threat Demands Bitcoin

A new email extortion scam is making the rounds, threatening that someone has planted bombs within the recipient's building that will be detonated unless a hefty bitcoin ransom is paid by ...
Continue Reading

WARNING: Your Head of Finance May Be 1 of 50,000 Execs Targeted in BEC Scams

According to a report from email security & protection vendor Agari, the cybercriminal group dubbed London Blue are directing their latest scams at very specific finance execs.
Continue Reading

Giveaway Scam Offers Free Volkswagens to Generate Ad Revenue

A scam campaign is promising free Volkswagen car giveaways to trick social media users into visiting third-party ad servers, according to researchers at Sucuri.
Continue Reading

Hackbusters - Where Can You Discuss All Things Social Engineering?

The KnowBe4 Hackbuster’s Forum is an online community dedicated to stopping the bad guys that use social engineering to hack your organization.
Continue Reading

CEOs are Prime Targets for Social Engineering Attacks

CEOs can be the weakest link in an organization’s security posture, according to Mimecast’s Matthew Gardiner. Carole Theriault talked to Gardiner last week on The CyberWire’s Hacking ...
Continue Reading

Scammers Target 21 Social Media Users Every Minute

According to a new survey, social media sharing – and oversharing – provides cybercriminals with important personal details to commit identity theft, fraud, and more.
Continue Reading

On Facebook, Make Sure They Are Who They Say They Are Before You become Friends

You receive a message apparently from a Facebook friend telling you they received another friend request from you. They go on to diagnose the "situation," tell you that you’ve been ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews