[HEADS UP] North Korean Cybercriminals Use Fake Recruitment Emails in Phishing Scam

Jul 31, 2020 7:00:00 AM By Stu Sjouwerman

North Korean hackers have been following that bit of social engineering wisdom to a T. According to researching from McAfee, a months long phishing campaign against aerospace and defense ...

[HEADS UP] Coronavirus Scams in the U.K. You Should be Wary Of

Jul 29, 2020 1:06:20 PM By Stu Sjouwerman

According to a recent report from BBC News, the bad guys are using the coronavirus pandemic to use social engineering to trick people out of their cash.

Social Engineering from an Actuarial Point of View

Jul 29, 2020 8:32:40 AM By Stu Sjouwerman

Employees need to maintain their security habits while working from home, emphasizes Scott Godes, a partner at Barnes & Thornburg. On the CyberWire’s Caveat podcast, Godes explained ...

Vanity, Thy URL is Zoom

Jul 28, 2020 8:23:32 AM By Stu Sjouwerman

Zoom has fixed a security flaw that could have allowed attackers to launch hard-to-spot phishing attacks using the platform, according to researchers at Check Point who discovered and ...

Don't Overlook Policy When Designing Security

Jul 23, 2020 8:30:53 AM By Stu Sjouwerman

There’s no single defense against phishing and other social engineering attacks, according to Kevin O’Brien, CEO and co-founder of email security company GreatHorn. On the CyberWire’s ...

I Testified Before U.S. Congress About COVID-19 Phishing Scams

Jul 22, 2020 8:51:55 PM By Stu Sjouwerman

Yesterday, July 21, 2020 I testified before U.S. congress about COVID-19 phishing scams. I was invited by the Senate Commerce Committee's subcommittee on manufacturing, trade, and ...

Phishing Attack in Finland Uncovers Sophisticated Smishing Scheme

Jul 20, 2020 8:51:32 AM By Stu Sjouwerman

The Helinski Police Department is investigating a sophisticated smishing scheme in which attackers were able to steal more than 200,000 euros (US$228,736), Yle reports. The scammers sent ...

[Heads Up] Twitter Employees Fall For Social Engineering Attack And The Bad Guys Get "God Mode"

Jul 16, 2020 8:00:27 AM By Stu Sjouwerman

A number of high-profile Twitter accounts were hacked including those of Elon Musk, Bill Gates, Kanye West, Joe Biden and Barack Obama. This is clearly the worst hacking incident in ...

Gartner: You Should Focus On These 7 Specific COVID-19 IT Security Areas

Jul 8, 2020 10:59:44 AM By Stu Sjouwerman

Gartner observed: "Rapid responses to the coronavirus pandemic leave organizations vulnerable to security breaches. Security and risk teams must remain vigilant and focus on strategic ...

[Heads Up] The First-Ever Russian BEC Gang, Cosmic Lynx, Was Uncovered. They Spear Phish Multinational & Fortune 500 Senior Executives

Jul 7, 2020 10:13:48 AM By Stu Sjouwerman

“This is a historic shift to the global email threat landscape and portends new and sophisticated social engineering attacks that CISOs around the world must brace for now,” according to ...

Half of all Remote Employees Aren’t the Slightest Bit Prepared for Cyberattacks

Jul 2, 2020 10:36:53 PM By Stu Sjouwerman

New data from IBM suggests that employees, their devices, training, and organizational policies are all lacking when it comes making sure remote workers don’t become a victim of ...

Business Email Compromise Attacks Focused on Invoice Fraud Surge by 75%

Jul 2, 2020 9:59:40 PM By Stu Sjouwerman

As attacks on the C-Suite decline, new data shows that employees in finance department roles are critical to the success of shifts in attack campaign strategy.

New Sextortion Method Uses Social Engineering and Doxing To Identify and Target Victims

Jun 29, 2020 8:33:43 AM By Stu Sjouwerman

According to the SANS Internet Storm Center, cybercriminals are engaging their victims online, using social engineering tactics to collect needed details to extort money.

How To Improve Employee Engagement in Security Awareness Training

Jun 24, 2020 12:37:10 PM By Roger Grimes

One of the most common questions I get asked working for a security awareness training company is, how do I make employees more engaged with and care about the training? I get it. Who ...

Slack Phishing

Jun 23, 2020 8:27:33 AM By Stu Sjouwerman

People need to be able to use their instincts in order to spot new phishing techniques, according to Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs. On the CyberWire’s ...

Pyongyang's Phishing with Job Offers

Jun 22, 2020 8:27:28 AM By Stu Sjouwerman

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Jun 16, 2020 3:26:04 PM By Roger Grimes

There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...

Twitter Takes Down Over 32,000 Nation State Accounts Involved in Disinformation Campaigns

Jun 16, 2020 3:14:08 PM By Stu Sjouwerman

Manipulation/disinformation campaigns are running rampant on social media and Twitter just took action -- again. "Disinformation" is a form of propaganda honed into an art form by Russia. ...

Pretexting Defined

Jun 10, 2020 8:23:00 AM By Stu Sjouwerman

Pretexting is a social engineering tactic in which an attacker attempts to gain information, access, or money by tricking a victim into trusting them, according to Josh Fruhlinger at CSO ...

[HEADS UP] Cybercriminals in Australia Harass Recipients with Abusive Transaction Descriptions on Bank Statements

Jun 4, 2020 4:59:41 PM By Stu Sjouwerman

There are bad guys in Australia that have given away money in order to use social engineering and harass people with abusive transaction descriptions that appear in online banking ...

Security Awareness Training Blog

Social Engineering Blog

View Topics