Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

American Nikkei Employee Falls For Social Engineering Scam And Loses 29 Million Dollars

Phil Muncaster at InfoSec Mag had the (painful) scoop: "Media giant Nikkei has become the latest firm to suffer a humiliating Business Email Compromise (BEC), after it admitted losing ...
Continue Reading

[Heads Up] Scam Of The Week: Phishing Attacks Using Better Benefits And Pay Raise Bait

Millions of employees use KnowBe4's Phish Alert Button to report suspect emails, and thousands of organizations share these reports with us. This has become a fascinating threat source, ...
Continue Reading

Webroot Threat Researchers Take a Fresh Look at Phishing Tactics

Most people aren’t aware of how sophisticated phishing email templates and websites have become, according to David Dufour from Webroot. Dufour recently told the CyberWire that criminals ...
Continue Reading

[Heads-Up] North Korean Malware Found On Indian Nuclear Plant's Network

I am not a happy camper. This is exactly why I have been insisting on security awareness training for employees at critical infrastructure organizations. This could have been a Real Life ...
Continue Reading

Lessons Learned From Vishing Robocall Attacks In Mandarin

Among the specialized forms of vishing are those that target specific language communities. Chinese-speaking people in the US and around the world are increasingly being targeted with ...
Continue Reading

Ransomware Attack Causes School 'District-Wide Shutdown'

A ransomware attack hitting Las Cruces Public Schools forced the district to shut down the entire computer system to contain the infection.
Continue Reading

Vishing, from (not) the Bank

We saw yesterday how phishing affects the financial sector. Here we see another, related trend: impersonation attacks that purport to be from the victim’s bank.
Continue Reading

Phishing Attack Targets Humanitarian Organizations

Researchers at Lookout have discovered an ongoing phishing campaign targeting humanitarian non-governmental organizations (NGOs), including UNICEF and the Red Cross. The infrastructure ...
Continue Reading

CNN Says "Hack Our Reporter," and White Hat Rachel Tobac *Does*

It’s “disturbingly easy” to steal someone’s personal data using information gleaned from their social media accounts, according to Donie O’Sullivan at CNN. O’Sullivan met with Rachel ...
Continue Reading

Credential Phishing With a Masked URL

Cofense warns of a phishing campaign going after credentials for the Stripe online payment platform. The attackers are sending emails purporting to be from Stripe Support, telling the ...
Continue Reading

A New Strain of Tech Support Scam in the U.K.

The BBC reports a tech support scam that caused a British man, Doug Varey, to lose £4,000. The scam began when Mr. Varey saw an online ad for twelve years’ worth of computer security ...
Continue Reading

Smishing and Carrier Impersonation

While most phishing campaigns involve email, SMS text messages are an ideal alternative for attackers, according to Paul Ducklin at Naked Security. Text messages are brief and uniform in ...
Continue Reading

Can An Employee's Bad Conscience Be A Vulnerability?

It can be useful to remember that social engineering succeeds much better when its marks are stressed or hurried. That appears to be the case with an ongoing scam campaign that lays its ...
Continue Reading

KnowBe4 Wins ComputingSecurity Award: Education and Training Provider of the Year

We are extremely pleased to announce we won the ComputingSecurity Award for Education and Training Provider of the Year. Here is the team accepting the award.
Continue Reading

An Unusually Vile Bit of Social Engineering

A woman in Wales lost £1,000 to a scammer who posed as a police officer and threatened that she would lose her children if she didn’t pay the money within an hour, Wales Online reports. ...
Continue Reading

A Lawyer's Look at "Big Game Phishing"

Ransomware attacks have increasingly been going after high-value data in order to extract larger ransoms from victims, according to the well-known law firm Cooley. This trend was ...
Continue Reading

Microsoft Recommends: "Top 6 Email Security Best Practices"... And One Of Them Is Phishing Simulations

Girish Chander, Microsoft's Group Program Manager of Office 365 Security wrote an excellent post on their blog titled "Top 6 email security best practices to protect against phishing ...
Continue Reading

CRN: "Kevin Mandia -- Detect Spear Phishing, Lock Down CEO Email To Stay Safe"

Michael Novinson at CRN had a great article that really explains the issues we are dealing with. He started out with: "Spear phishing remains the most common way for adversaries to ...
Continue Reading

Simjacking is Still a Problem, British Food Writer Lost £5,000

British food writer Jack Monroe lost £5,000 due to a simjacking attack, the BBC reports. In a series of tweets, Monroe said someone had taken over her phone number and used the access to ...
Continue Reading

Extremely Embarrassing 250,000-record Data Breach At Hookers.nl

The data of 250,000 users of Hookers.nl, a forum where experiences with prostitutes and escorts are exchanged, have been stolen and offered for sale on the internet. It concerns e-mail ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews