Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Zscaler: There are 200 Malicious Lookalike Domains for Every 1 Impersonated Brand

Analysis of typosquatting and brand impersonation activity across 500 of the most visited domains provides insight in to how these techniques come together to effectively deceive.
Continue Reading

Online Scams Are Shortening Their Cycles and Making More Money

New analysis of blockchain activity shows scammers are needing less time to obtain crypto payments and are seeing higher payoffs per scam.
Continue Reading

North Korean Hackers Target Software Developers With Phony Coding Tests

Researchers at ReversingLabs warn that North Korea’s Lazarus Group is targeting software developers with phony job interviews.
Continue Reading

SANS Releases Guide to Address Rise in Attacks on Manufacturing and Industrial Control Systems

Increased ransomware attacks on industrial control systems (ICS), mixed with general ICS insecurity found across the manufacturing sector, has given rise to a guide specifically ...
Continue Reading

Authorized Push Payment Fraud Responsible for Over Half of U.K. Frauds and Scams

Research from The Financial Ombudsman Service, a U.K. based organization dedicated to helping citizens with free financial advice, has found an increase in Authorized Pushed Payment (APP) ...
Continue Reading

Your Lawyers Are Increasingly Targeted by Phishing Attacks, Ransomware

Researchers at Bitdefender warn that law firms are high-value targets for ransomware gangs and other criminal threat actors. Attackers frequently use phishing to gain initial access to an ...
Continue Reading

Election-Themed Scams Are on the Rise

Researchers at Malwarebytes warn of a surge in election-themed scams ahead of November’s presidential election in the US. These attacks can be expected to increase as the election grows ...
Continue Reading

Manufacturing Sector Is the Latest Target of Advanced Credential Harvesting Attacks

A new attack runs slow and steady, focused on compromising large manufacturing companies using contextual social engineering to trick victims into giving up credentials.
Continue Reading

Phishing is Still the Top Initial Access Vector

Phishing remains a top initial access vector for threat actors, according to researchers at ReliaQuest. Phishing and other social engineering tactics can bypass security technologies by ...
Continue Reading

Threat Actors Increasingly Exploit Deepfakes for Social Engineering

The availability of deepfake technology has given threat actors a valuable tool for social engineering attacks, according to researchers at BlackBerry.
Continue Reading

Organizations in the Middle East Targeted By Malware Impersonating Palo Alto GlobalProtect VPN

A social engineering campaign is targeting entities in the Middle East using malware that impersonates Palo Alto Networks’ GlobalProtect VPN, according to researchers at Trend Micro.
Continue Reading

Nearly Half of Mid-Market and Enterprise Organizations Have Experienced Four or More Ransomware Attacks in the Last Year

New data exposes the reality of ransomware attacks today, including their frequency, impact, ransom payment – and the involvement of human error.
Continue Reading

Iran’s APT42 Targets WhatsApp Users With Spear-Phishing Attacks

Researchers at Meta have published details on Iranian spear-phishing attacks targeting WhatsApp accounts. The activity is attributed to APT42, a threat actor tied to Iran’s Islamic ...
Continue Reading

Email Compromise Remains Top Threat Incident Type for the Third Quarter in a Row

New analysis of Q2 threats shows a consistent pattern of behavior on the part of threat actors and threat groups, providing organizations with a clear path to protect themselves.
Continue Reading

Phishing Attacks Are Increasingly Targeting Social Media and Smartphone Users

Threat actors are increasingly tailoring their attacks to target social media apps and smartphone users, according to a new report from the Anti-Phishing Working Group (APWG).
Continue Reading

Malvertising Campaign Impersonates Dozens of Google Products

A malvertising campaign is abusing Google ads to impersonate Google’s entire product line, according to researchers at Malwarebytes. The malicious ads are designed to lure victims into a ...
Continue Reading

US Political Campaigns Targeted by Iranian Spear Phishing Attacks

Researchers at Recorded Future’s Insikt Group warn that the Iranian state-sponsored threat actor “GreenCharlie” is launching spear phishing attacks against US political campaigns.
Continue Reading

Cybersecurity in 2024: Reflecting on the Past, Preparing for the Future

As Europe is returning from summer breaks, it is time to reflect on the first half of 2024 and look forward to the rest of the year.
Continue Reading

Ransomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack Methods

The ransomware threat group formerly known as "Royal" has rebranded itself as BlackSuit and updated their attack methods, warns the FBI.
Continue Reading

Is Disabling Clickable URL Links Enough?

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews