Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Instagram Vanity Makes for Vulnerability

Scammers are targeting Instagram users with phony offers to verify their accounts in order to receive Instagram’s blue checkmark, Threatpost reports. Researchers at Sucuri came across a ...
Continue Reading

Which Of The Four Types of Social Engineering Is The Most Damaging?

Cybercriminals know that targeted social engineering attacks lead to the highest payoffs, so the frequency and sophistication of these attacks is guaranteed to increase, writes Jasmine ...
Continue Reading

1.5 Billion Gmail Calendar Users are the Target of a Crafty New Phishing Scam

Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.
Continue Reading

New KnowBe4 Benchmarking Report Unveils That Untrained Users Pose The Greatest Risk To Your Organization

KnowBe4, has released the new Phishing by Industry Benchmarking Report to measure an organization’s average Phish-prone percentage, which indicates how many of their employees are likely ...
Continue Reading

No, Mr. McAfee is Not Giving Away Money

Cryptocurrency giveaway scams are making a comeback, with fraudsters posing as John McAfee, Elon Musk, and the Tesla company, BleepingComputer reports.
Continue Reading

Chinese Hackers Infiltrate Global Telecom Networks With Spear Phishing

The WSJ revealed a brazen hack by Chinese state-sponsored bad actors who totally owned more than 10 global telecom networks, and had full admin access to their networks. They were able to ...
Continue Reading

"Elaborate" Identity Takeover Fraud Hits Australian Businesses

A new procurement scam has netted at least $1.5 million from Australian companies in New South Wales over the past few weeks, according to 10 daily. The scammers are posing as ...
Continue Reading

Phishing Attacks Go Mobile as Cybercriminals Leverage Push Notifications

Taking advantage of the inherent trust in mobile content, the bad guys are using a mixture of phishing text messages and look-alike sites to trick users into giving up credentials.
Continue Reading

[Heads-up] The U.S. Launched A Cyber Attack On Iran, And We're Expecting Spear Phishing Strike Backs

The tension in the Middle-East apparently prompted a game-changing move by the U.S. President.  Washington Post sources say exactly 10 years after Stuxnet, the President approved a ...
Continue Reading

UK Forensic Crime Labs Shut Down Due To Ransomware Attack

Every police force across England and Wales has been forced to prioritize evidence for forensic testing following a criminal cyber attack affecting one of the primary forensic service ...
Continue Reading

FBI Alert: Last Week Conflict With Iran Can Cause Spear Phishing Retaliation

This blog post has been superseded by a more recent one.  You can find this new post here.
Continue Reading

The Fake French Minister In A Silicone Mask Who Stole Millions

Identity theft is said to be the world's fastest-growing crime, but in sheer chutzpah there can be few cons to match the story of the fake French minister and his silicone mask.
Continue Reading

How Hackers Emptied Church Coffers with a Phishing Attack and Social Engineering Phone Call

Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
Continue Reading

Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000

It was all over the press, and even made it in the New York Times: "The leaders of Riviera Beach, Fla., looking weary, met quietly this week for an extraordinary vote to pay nearly ...
Continue Reading

Subdomain Scam Hits Australian Government Seeking Money to “Register” Bogus Domain Names

Employees of agencies within the Australian government have been receiving targeted emails offering to register what amounts to a subdomain of a legitimate look-alike domain.
Continue Reading

Social Engineering is at the Root of Nearly all Fraud Attacks

According to the latest fraud report from RSA, all four of the documented fraud attack methods use some form of social engineering to trick victims into giving up their money.
Continue Reading

[On-Demand Webinar] Open Source Intelligence (OSINT) Hacking Data Sources That Bad Guys Use

Ever wonder how hackers, spies, and con-artists gather such detailed and convincing intel on their targets?KevinMitnick, the world's most famous hacker and KnowBe4's Chief Hacking ...
Continue Reading

Biometrics Can’t Replace Passwords: A Cybercriminal's Dream

In the quest to create a more secure environment, new ways to authenticate that replace the password are being sought. But it’s looking like passwords are here to stay.
Continue Reading

Red Flags Warn of Social Engineering

The easiest way to avoid falling for scams and other social engineering attacks is to have an understanding of the tactics employed by attackers, according to Roger A. Grimes, writing in ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews