Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Why Hack When You Can Con?

 
Continue Reading

U.S. Organizations Involved with Nuclear Deterrence are the Target of North Korean Phishing Attacks

Using some very sophisticated methods, the Kimsuky group is believed to be behind a spear phishing campaign aimed at stealing U.S. secrets.
Continue Reading

[PODCAST] Understanding Social Engineering and Maintaining Healthy Paranoia

Recorded Future's Guest today was Rosa Smothers, senior vice president of cyber operations at KnowBe4, where she leads KnowBe4’s federal practice efforts, including providing ...
Continue Reading

Many in Utilities Sector Expect Attacks on Critical Infrastructure: Survey

Ed Kovacs at SecurityWeek reported on something that is one of the few things that keep me "awake at night":
Continue Reading

"Staggering" Increase in Business Email Compromise--aka CEO Fraud

Mimecast’s quarterly Email Security Risk Assessment (ESRA) identified millions of dangerous emails making it through security filters, including a 269% increase in business email ...
Continue Reading

Cybercriminals Leverage the U.K.’s Strong Customer Authentication Requirement in a New String of Phishing Attacks

Attackers are taking advantage of the requirement to secure online shopping and banking transactions processed within the U.K. to gather personal details of consumers and users alike.
Continue Reading

Chinese State-Sponsored Phishing

A sophisticated threat group is going after a variety of industries using spearphishing and an arsenal of malware, according to Nalani Fraser and Fred Plan from FireEye. Fraser and Plan ...
Continue Reading

Is Cyberinsurance a Reason for the Rise in Ransomware Attacks?

Are cybercriminals counting on the victim’s simple cost-to-benefit decision to have their cyber-insurer pay the ransom? And, if so, are they targeting companies with cyberinsurance?
Continue Reading

Fall LinkedIn Job Postings Are a Prime Vehicle for Job Scams, Cyber Attacks

LinkedIn says the Fall hiring season is very hot right now. With more than 20 million jobs posted, LinkedIn is the perfect way for scammers to trick users into becoming victims.
Continue Reading

[Heads up] FBI Warns About Attacks That Bypass Your Multi-factor Authentication (MFA)

Last month, the FBI sent a special alert called a Private Industry Notification (PIN) to industry partners about the rising threat of attacks that bypass their multi-factor authentication ...
Continue Reading

New Instagram Phishing Scam Uses Familiar (But Fake) 2FA Codes to Trick Victims

Scammers use familiar verification methods to establish credibility and lull the victim into a false sense of security to compromise Instagram accounts.
Continue Reading

Cybersecurity Awareness Is Not Just For October!

By Joanna Huisman, KnowBe4's new SVP Strategic Insights & Research.  I have a big birthday coming up, and as you can probably guess, I’m less than thrilled about it. I tell myself it’s ...
Continue Reading

[VIDEO] CEO Stu Sjouwerman Interviewed by Dark Reading

This year at Black Hat 2019, our CEO Stu was interviewed by Dark Reading on regularly training users. Take a look at what we have in store in this video: 
Continue Reading

North Koreans Spear Phish U.S. Victims With Social Engineering Hidden In Obscure Kodak FlashPix Format

A suspected North Korean threat actor has been sending spear phishing emails targeting US organizations, according to Prevailion researchers Danny Adamitis and Elizabeth Wharton. Adamitis ...
Continue Reading

"Mishperceptions": The Five Most Common Phishing Myths Busted!

By Joanna Huisman, KnowBe4's new SVP Strategic Insights & Research.  The bad guys know that the easiest way into your organization is through your employees. This is not an opinion. Of ...
Continue Reading

Social Engineering via the US Mail

 
Continue Reading

Disgusting Fake Employment Site Targets Veterans And Installs Remote Access Trojan

Just when you think they could not sink any lower, you see something like this. A fake website pretending to be an organization that offers job opportunities for U.S. veterans is ...
Continue Reading

A Short, Very Useful Guide to Social Engineering

Knowing how to identify indicators of social engineering can alert you when someone tries to manipulate you, according to Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist. In an ...
Continue Reading

No, Really, They're Just Not That Into You

There are numerous ways to check the authenticity of someone on a dating site so you don’t fall for a romance scam, according to HackRead. You should always be cautious when interacting ...
Continue Reading

The Emotet Trojan Botnet is Back in Business

The Emotet botnet is up and running again after four months of inactivity, according to Ars Technica. Multiple security firms have reported seeing phishing emails delivering the malware ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews