KnowBe4

Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Putin Uses Psychiatrists For Social Engineering Attacks Against Individual Targets

Newsweek cross-posted an article that first appeared on The Daily Signal, and this is extremely relevant to what we are battling here today. Kiev, Ukraine—Since 2014, Russia has used ...
Continue Reading

Worldwide Bad Rabbit Ransomware Outbreak Starts With Social Engineering

Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit , a new strain of ransomware  which is basically a new, improved NotPetya  version 2, ...
Continue Reading

Advertising Intelligence—ADINT—Can Be Misused For Social Engineering

You are probably aware of the terms SIGINT (signals intelligence, like radio interception) and HUMINT (human intelligence, like espionage). There is a new term coined by the University of ...
Continue Reading

You Need To See This, And It Will Make You Crap Your Pants

You and I know that your users are the weak link, things like ID10T and PEBKAC come to mind. But do you know how bad the problem really is? Some people like to bury their head in the sand ...
Continue Reading

Scam Of The Week: Equifax Phishing Attacks

You already know that a 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes ...
Continue Reading

Equifax Reports Data Breach Possibly Impacting 143 Million U.S. Consumers

The Wall Street Journal just reported that Credit-reporting company Equifax Inc. disclosed Thursday that hackers gained access to some of its systems, compromising the personal ...
Continue Reading

These 4 Maps Will Make You Understand Russia's Aggressive Cyber Attacks

There are many kinds of maps, they can show roads or general geography, but sometimes they shed light on other dimensions like economic, political and/or military perspectives. First of ...
Continue Reading

Introducing Behavioral Information Security

Ben Tomhave posted a great article on his "The Falcon's View" blog. Loved the concept and I'm cross-posting the whole thing in it's entirety without any edits with grateful ...
Continue Reading

Criminals Use Social Engineering To Make Victims Install Malicious Chrome Extensions

  The attackers did reconnaissance on their targets, using social networks which people inside the organization were involved in making financial transactions. These victims were then ...
Continue Reading

Here Is A Cool And Useful INFOGRAPHIC About Social Engineering

Kevin Mitnick, KnowBe4's Chief Hacking Officer retweeted a link to well-executed infographic about Social Engineering, and here it is, courtesy of the team at Smartfile.com  
Continue Reading

Top White House officials fall for prankster social engineering tricks

A UK-based email prankster used social engineering tactics to fool several top White House officials into responding to his messages, including the Trump administration’s cybersecurity ...
Continue Reading

Lessons from Social Engineering Disasters to Improve Security

Michele Fincher from the excellent team at www.social-engineer.com wrote: "In my fantasy life, I’m Ruby Rose from John Wick: Chapter 2, Gina Carano from Haywire, with possibly some ...
Continue Reading

New Dark Web Site Offers Automated Social Engineering-As-A-Service

This Site Creates Robocalls to Steal People’s Credit Card PINs A June 30, 2017 post on Motherboard revealed a V1.0 of a site that does automated social engineering as a service, and has ...
Continue Reading

Windows 10 Stops Ransomware Cold? Not So Fast!

Recently, Microsoft claimed that no known ransomware could penetrate the new Win10 Creators Update. Presenting new anti-ransomware protection features added in Win 10 CU, Robert Lefferts, ...
Continue Reading

See Me On Video At The NYSE Cyber Investing Summit Pitching KnowBe4

The CyberWire wrote: Pitches: "Innovation from Young Companies The Pitch Panel was the Cyber Investing Summit's fast round of innovation pitches, moderated by Allegis's Bob Ackerman and ...
Continue Reading

New PowerPoint Social Engineering Attack Installs Malware Without Requiring Macros

Researchers at Security firm SentinelOne reported that a group of hackers is using malicious PowerPoint files to distribute 'Zusy,' a banking Trojan, also known as 'Tinba' (Tiny Banker). ...
Continue Reading

Proofpoint:"Cyber Criminals Shifting To Social Engineering."

In their new "The Human Factor Report 2017" Proofpoint wrote: "Cyber criminals relied less on automated attacks and exploits, shifting instead to social engineering." The change to social ...
Continue Reading

Inside the Tech Support Scam Ecosystem

Dennis Fisher at OnThe Wire reported on some fascinating research by three PhD candidates at Stony Brook University. He wrote: "Fake tech support schemes have been a scourge on the ...
Continue Reading

Verizon: "Most Breaches Trace to Phishing, Social Engineering"

BankInfoSecurity wrote: "Ninety percent of data breaches seen by Verizon's data breach investigation team have a phishing or social engineering component to them. Not coincidentally, one ...
Continue Reading

Phishing Attack Uses Stuxnet Technology And Makes PCs Into Roombugs

Researchers have uncovered an advanced malware-based operation that siphoned more than 600 gigabytes from about 70 targets in a broad range of industries, including news media, and ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews