KnowBe4

Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

FTC Study: Millennials Are The Biggest Victims Of Social Engineering

A report from the FTC found that 40% of adults age 20-29 lost money to fraud, while only 18% of adults over the age of 70 did so, challenging the narrative of older adults falling victim ...
Continue Reading

Now *HERE* Is A Devious Combo pretexting / vishing / SMS Social Engineering Attack!

Someone on Reddit described how he was the victim of a very sophisticated social engineering attack. Wow, this is crafty. This is the story!: "I have different passwords for every website ...
Continue Reading

Phishing Messages from the Dark: When the Bad Guys Write Back

By Eric Howes,  KnowBe4 Principal Lab Researcher. For most users the experience of dealing with phishing emails is a solitary experience, whether they recognize that they are under attack ...
Continue Reading

Spend One Minute And Look At These Phishing Graphs

In the first quarter of 2018, after 7 years of helping our customers to enable their employees to make smarter security decisions and having reached the milestone of 15,000 customers, we ...
Continue Reading

KnowBe4 Prevents Customer From Becoming Social Engineering Victim Of Duke Energy Vendor’s Hack

A customer just sent us this: "Stu, the company who processes payments for Duke Energy’s walk in payments was hacked and as a result about 375,000 bank accounts may have been stolen. "We ...
Continue Reading

Phishing Schemes Are Using Encrypted Sites To Seem Legit

WIRED wrote: "A MASSIVE EFFORT to encrypt web traffic over the last few years has made green padlocks and "https" addresses increasingly common; more than half the web now uses internet ...
Continue Reading

Your Cybercrime Insurance Policy May Not Cover You For Social Engineering Fraud

I have talked about this potentially extremely expensive and very disappointing "CEO fraud" or "Business Email Compromise" problem many times before. Your cybercrime policy may not ...
Continue Reading

Google Kicks Harmful Apps Out Of Google Play And Offers 5 Steps Against Social Engineering

You're always better off getting apps from reputable stores like Google Play than you are from potentially dodgy, at best unknown, third-party sites. But even Google Play isn't immune ...
Continue Reading

What is the difference between the Surface Web, The Deep Web and the Dark Web?

These three terms are often a source of confusion, especially in connection with cybercrime and where that comes from. If you think that search engines like Google (there are more!) know ...
Continue Reading

Spam was nearly dead, then it became an essential tool for crime and came roaring back

John Christian at TheOutline wrote a post that made me take notice because it neatly summarized the current state of affairs and confirms our own experience: spam has morphed and is back ...
Continue Reading

One in 25 Searchable ‘Black Friday’ Apps Blacklisted as Malicious, Finds Report

Black Friday is a big day for shoppers. In 2016, 154 million consumers shopped over Thanksgiving weekend and spent $9.36 billion, constituting a year-over-year increase of 16.4 percent. ...
Continue Reading

Uber Total Loss: 57 Million Records Stolen But Data Breach Was Hidden For A Year

Oh boy. Uber is known for pushing the limits of the law and has dozens of lawsuits pending against it, but this one went too far and now comes the reckoning. Bloomberg was first to report ...
Continue Reading

[ALERT] This Scary New Phishing Attack Is Very Hard To Detect

You need to know about a new phishing attack vector reported by our friends at Barkly. It utilizes a new technique that's just plain nasty. This week, users at one of their customers ...
Continue Reading

[On-Demand Webinar] Phishing and Social Engineering in 2018

Ransomware has tipped the 1 billion mark and damages are expected to be around 5 billion before the year is out. Use of ransomware has evolved throughout the year with a 600% rise in URL ...
Continue Reading

Is combosquatting a new trick hackers use to lure users into visiting malicious websites?

Georgia Tech researchers reported that hackers are using a technique identified with a newly coined term "combosquatting" to trick users into visiting malicious websites. Sorry to break ...
Continue Reading

Putin Uses Psychiatrists For Social Engineering Attacks Against Individual Targets

Newsweek cross-posted an article that first appeared on The Daily Signal, and this is extremely relevant to what we are battling here today. Kiev, Ukraine—Since 2014, Russia has used ...
Continue Reading

Worldwide Bad Rabbit Ransomware Outbreak Starts With Social Engineering

Organizations in Russia, Ukraine and a few hours later also the U.S. are under siege from Bad Rabbit , a new strain of ransomware  which is basically a new, improved NotPetya  version 2, ...
Continue Reading

Advertising Intelligence—ADINT—Can Be Misused For Social Engineering

You are probably aware of the terms SIGINT (signals intelligence, like radio interception) and HUMINT (human intelligence, like espionage). There is a new term coined by the University of ...
Continue Reading

You Need To See This, And It Will Make You Crap Your Pants

You and I know that your users are the weak link, things like ID10T and PEBKAC come to mind. But do you know how bad the problem really is? Some people like to bury their head in the sand ...
Continue Reading

Scam Of The Week: Equifax Phishing Attacks

You already know that a 143 million Equifax records were compromised. The difference with this one is that a big-three credit bureau like Equifax tracks so much personal and sometimes ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews