Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

EA Got Social Engineered via Slack Channel and Lost 780 GB valued Millions

Hackers gained access to the networks of video game giant Electronic Arts (EA) via social engineering, Motherboard reports. The hackers claim to have stolen 780 GB of data, including the ...
Continue Reading

Insights Into Credential Phishing

Cybercriminals are quick to put hacked accounts to use, according to Agari by Help Systems. The researchers found that 91% of compromised accounts are accessed by attackers within one ...
Continue Reading

78% of CISOs Say Attacks Have Increased as a Result of More Employees Working from Home

According to new data from VMware Carbon Black, the sophistication and impact of modern cyberattacks is causing CISOs to rethink how to secure the expanding attack surface.
Continue Reading

Chinese Hacker Group Debuts After 3 Years of Testing with a Previously Unseen Backdoor Exploit

Dubbed ‘SharpPanda’, this Chinese APT group uses malicious Word docs, .RTF templates, and the RoyalRoad malware to install a powerful backdoor DLL giving them all kinds of access.
Continue Reading

Everyone Has It Wrong. It Is Not Double Extortion, It Is Quintuple Extortion!

I keep seeing a new ransomware term, “double extortion” being discussed. It is the hot, new buzzword surrounding ransomware. This term attempts to summarize how ransomware is no longer ...
Continue Reading

Ransomware's Impact Highlights the Threat of Social Engineering

Ransomware actors are continuing to shift their focus to disrupting operations that affect people’s daily lives, according to the Wall Street Journal. A ransomware attack on Wednesday ...
Continue Reading

New Email Attack Takes a Phishing-Turned-Vishing Angle to Steal Credit Card Info

Details on this new scam demonstrate how cybercriminal gangs are working to try use new mediums and social engineering methods to trick users into becoming victims.
Continue Reading

Business Email Compromise Attacks Are Evolving, Becoming More Convincing and More Expensive

The “business” of BEC is becoming increasingly more lucrative for cybercriminals, as they develop new ways to defraud individuals and organizations of their money.
Continue Reading

Call Centers Used to Distribute BazarLoader

Cybercriminals are using call centers to trick users into downloading the BazarLoader malware, according to researchers at Palo Alto Networks’ Unit 42. By relying on social engineering to ...
Continue Reading

A Popular Fraud Combo is Back: Elon Musk and Bitcoin

Researchers at Bitdefender warn that cybercriminals continue to impersonate Elon Musk in Bitcoin scams. One campaign that started on May 15 involved sending thousands of emails telling ...
Continue Reading

Cybersecurity Insurance Landscape Is Fundamentally Changing Right Now

By Roger Grimes. Ransomware is stealing so much money and interrupting so many businesses that it might be the beginning of their undoing. It is certainly radically changing the ...
Continue Reading

Low-Grade Ways of Bypassing Email Scanners

Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained ...
Continue Reading

The FBI’s Internet Crime Complaint Center Marks Its 6 Millionth Complaint as Pace Accelerates

The rate at which cyberattacks are increasing are being noticed by both their victims and the FBI, who are seeing more people affected by online crimes and scams.
Continue Reading

When Cryptocurrency Investments Really Are Too Good To Be True

The US Federal Trade Commission (FTC) reports that victims have lost more than $80 million in cryptocurrency scams since October of last year, with about $2 million of that total going to ...
Continue Reading

Transparent Tribe Uses Spoofed Domains in Social Engineering Attacks

Researchers at Cisco Talos warn that the threat actor known as “Transparent Tribe” (also known as APT36 and Mythic Leopard) is using spoofed websites and malicious documents to deliver ...
Continue Reading

FBI Finds Phishing Sites Abusing Search Results and Ads to Steal Banking Credentials

The US Federal Bureau of Investigation has sent out a private industry notification (PIN) warning that cybercriminals are using search engine ads and search results to spread phishing ...
Continue Reading

A  New Smishing Trojan is Out and About

Researchers at Pradeo have observed a new Android malware campaign that uses text messages asking victims to pay a small fee for a delivery. The messages contain a link that will install ...
Continue Reading

Email-Based Threats Increase 64% as Attacks Grow in Sophistication and Volume

New data from Mimecast shows how email-based threats are not only the greatest perceived concern, but are proving to be the reason for increased experienced attacks.
Continue Reading

Your Organization Needs to Take Security Awareness Training More Seriously

Your organization needs to take security awareness training (SAT) more seriously. I mean truly serious, really serious, and not relegated to some quasi-, semi-serious status that the vast ...
Continue Reading

Huge Business Email Compromise Campaign Targets More Than 120 Organizations

According to Bleeping Computer, Microsoft reported that a large business email compromise (BEC) campaign has targeted dozens of organizations. The industries targeted varied from real ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews