Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

QR Code Phishing is Still on the Rise. The SEG is Dead.

Organizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro.
Continue Reading

Nearly All Ransomware Attacks Now Include Exfiltration of Data…But Not All Are Notified

Organizations are falling victim to ransomware attacks where data is stolen, but the victim isn’t being told about it. I have a theory as to why this is happening.
Continue Reading

North Korean Fake IT Worker FAQ

Frequently Asked Questions About KnowBe4's Fake IT Worker Blog July 23, 2024, I wrote a blog post about how KnowBe4 inadvertently hired a skillful North Korean IT worker who used the ...
Continue Reading

Phishing Campaigns Abuse Cloud Platforms to Target Latin America

Several threat actors are abusing legitimate cloud services to launch phishing attacks against users in Latin America, according to Google’s latest Threat Horizons Report.
Continue Reading

How a North Korean Fake IT Worker Tried to Infiltrate Us

Incident Report Summary: Insider Threat First of all: No illegal access was gained, and no data was lost, compromised, or exfiltrated on any KnowBe4 systems. This is not a data breach ...
Continue Reading

Phishing Attacks Will Likely Follow Last Week’s Global IT Outage

Organizations should expect to see phishing attacks exploiting the global IT outage that occurred last Friday, the Business Post reports.
Continue Reading

[Warn Your Users] High Scam Risk After Failed Trump Assassination

Pictures of Donald Trump rushed from a campaign stage, his cheek brushed with blood from an assassination attempt, are an unsettling shock.
Continue Reading

State-Sponsored Phishing Campaigns Target 40,000 VIP Individuals

Researchers at Menlo Security discovered three state-sponsored phishing campaigns that have targeted 40,000 important individuals over the past three months. “In a recent 90-day period, ...
Continue Reading

Don't Fall for It: How to Spot Social Media Job Scams a Mile Away

As social media becomes more intertwined with our daily routines, cybercriminals are using it to trick people with fake job offers. What are these social-media recruitment scams, and how ...
Continue Reading

Phishing Attacks Themed Around Popular Weight Loss Drugs Increase 183%

As popularity grows for these proven methods of weight loss, scammers have taken note and have placed a significant focus on separating victims from their money.
Continue Reading

New “Paste and Run” Phishing Technique Makes CTRL-V A Cyber Attack Accomplice

A new phishing campaign tries to trick email recipients into pasting and executing malicious commands on their system that installs DarkGate malware.
Continue Reading

Ransomware Attack on U.K. Health Service Laboratory Disrupts Major London Hospital Services

What likely started as a quick ransomware “smash and grab” has turned into a headline case resulting in responses from both U.K. and U.S. law enforcement.
Continue Reading

[Important Alert] TeamViewer Network Breached as Russian APT29 Hackers Strike Again

In a concerning development, TeamViewer, one of the world's leading remote access software providers, has disclosed a cyber attack that breached its corporate network environment.
Continue Reading

FBI Warns of Phishing Campaign Targeting the Healthcare Industry

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry.
Continue Reading

Cybercriminals Set Sights on Digital Identities of Singapore Citizens

Singapore has become the latest target for cybercriminals looking to steal digital identities and exploit them for nefarious purposes.
Continue Reading

The Double-Edged Sword of AI: Empowering Cybercriminals and the Need for Heightened Cybersecurity Awareness

The BBC recently reported that Booking.com is warning that AI is driving an explosion in travel scams. Up to 900% in their estimation - making it abundantly clear that while AI can be a ...
Continue Reading

BEC Attacks Accounted for More Than One in Ten Social Engineering Attacks in 2023

A new report from Barracuda has found that email conversation hijacking attacks have risen by 70% since 2022. Additionally, business email compromise (BEC) attacks accounted for 10.6% of ...
Continue Reading

The Indispensable World of Red Teaming

In this mad, mad world of breaches, organizations are scrambling to keep their heads above water. It's like trying to navigate a minefield while blindfolded and riding a unicycle — one ...
Continue Reading

[Heads Up] Tricky Fake Invoice Phishing Attack Uses Search to Deliver Malware

Researchers at Trustwave warn that a phishing campaign is distributing malware via HTML attachments disguised as invoices. Notably, the HTML files abuse the Windows Search protocol to ...
Continue Reading

No Politician Too Small: School Board Candidates Targeted By Phishing and BEC Scams

Cybercriminals are broadening their targets to include even local political candidates, as an escalating series of phishing attacks was recently directed at school board candidates in ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews