Pyongyang's Phishing with Job Offers

Jun 22, 2020 8:27:28 AM By Stu Sjouwerman

An attack campaign with possible ties to North Korea’s Lazarus Group targeted aerospace and military companies in Europe and the Middle East with spear phishing attacks late last year, ...

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Jun 16, 2020 3:26:04 PM By Roger Grimes

There has been a significant increase in DNS domain names containing blacklivesmatter or George Floyd’s name and there’s a good chance some of those are owned by people with malicious ...

Twitter Takes Down Over 32,000 Nation State Accounts Involved in Disinformation Campaigns

Jun 16, 2020 3:14:08 PM By Stu Sjouwerman

Manipulation/disinformation campaigns are running rampant on social media and Twitter just took action -- again. "Disinformation" is a form of propaganda honed into an art form by Russia. ...

Pretexting Defined

Jun 10, 2020 8:23:00 AM By Stu Sjouwerman

Pretexting is a social engineering tactic in which an attacker attempts to gain information, access, or money by tricking a victim into trusting them, according to Josh Fruhlinger at CSO ...

[HEADS UP] Cybercriminals in Australia Harass Recipients with Abusive Transaction Descriptions on Bank Statements

Jun 4, 2020 4:59:41 PM By Stu Sjouwerman

There are bad guys in Australia that have given away money in order to use social engineering and harass people with abusive transaction descriptions that appear in online banking ...

[Heads Up] The REvil Ransomware Gang Is Now Auctioning Off Their Victim Data

Jun 2, 2020 4:39:34 PM By Stu Sjouwerman

Intrepid investigative Reporter Brian Krebs had the news first. "The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies ...

Phishing Campaigns Using Google Firebase Storage

May 26, 2020 8:31:52 AM By Stu Sjouwerman

Scammers are hosting phishing pages on Google Firebase Storage to bypass email security filters, Threatpost reports. Firebase is a Google-owned application development platform that ...

[Heads Up] The COVID Remote Work Mandate Skyrockets "Work From Home" Training Enrollments

May 21, 2020 1:51:12 PM By Stu Sjouwerman

KnowBe4 was one of the first to warn first about the impending COVID phishing tsunami on Jan 31, 2020. The bad guys did not disappoint and went all-out, all cylinders firing, and pulled ...

Preying on the Unemployed

May 20, 2020 8:20:01 AM By Stu Sjouwerman

An SMS phishing campaign has been exploiting the COVID-19 crisis by spoofing the website of a job placement agency, the New York Daily News reports. The scammers set up a website that ...

The Three Pillars of the Three Computer Security Pillars

May 18, 2020 8:31:59 AM By Roger Grimes

Much of the world, or at least the United States, is coalescing around the NIST Cybersecurity Framework. It’s a pretty good one to follow out of the many dozens that have been proposed ...

Scammers Exploit Rollout of COVID-19 Contact-Tracing Apps

May 18, 2020 8:18:04 AM By Stu Sjouwerman

An SMS phishing campaign is telling people they’ve come into contact with someone who’s contracted COVID-19, Computing reports. The UK’s Chartered Trading Standards Institute (CTSI) ...

Dutch Online Retailer Wehkamp Loses 144,000 Euros in Bankruptcy Business Email Compromise

May 15, 2020 9:45:57 AM By Stu Sjouwerman

Cyber criminals successfully gained access to email traffic between bankruptcy trustees and Wehkamp – one of the biggest online retailers in The Netherlands – writes RTL Z. Employees of ...

That Email from President Trump? Yeah, That’s a Phishing Scam

May 14, 2020 11:45:00 AM By Stu Sjouwerman

New phishing scams impersonating President Trump and Vice President Pence are designed to install malware or be the start of an extortion scam.

World's Largest Sovereign Wealth Fund Falls For $10m Social Engineering Attack

May 14, 2020 8:29:08 AM By Stu Sjouwerman

The Norwegian Investment Fund has been swindled out of 10 million dollars by fraudsters who pulled off a social engineering attack that the Norfund called "an advanced data breach" but ...

Watch Out for the Coming Tsunami of Mortgage Rescue Phishing Scams

May 13, 2020 8:22:43 AM By Stu Sjouwerman

At this point in time, with 10 years of phishing attack analysis under our belt, we can predict with a high reliability level what will be showing up in the near future. We see two scams ...

Why Does Someone Click and Become a Victim of a Scam?

May 12, 2020 11:25:03 AM By Stu Sjouwerman

One of the keys to thwarting social engineering attacks is knowing what makes us want to click on links or respond to emails, according to cybersecurity expert Raef Meeuwisse. In an ...

[Scam of The Week] Unemployed Americans Are Now Deceived Into Grabbing ‘Remote Jobs’ As Money Mules

May 8, 2020 2:29:50 PM By Stu Sjouwerman

There are now tens of millions of people suddenly unemployed, looking for ways to make ends meet.

Cybercriminals Lean Heavily on Social Engineering Tactics to Gain Access to Bank Accounts

May 7, 2020 10:30:09 AM By Stu Sjouwerman

A series of attack anecdotes shared by Brian Krebs shows how persistent and sophisticated scammers are in using social engineering tactics to gain access to their victim’s bank account ...

What is the Right Password Policy?

May 7, 2020 8:15:00 AM By Roger Grimes

What is the right password policy? Conventional password policies say you must have a password at least 8-12 characters long…16 characters or longer if it belongs to an elevated ...

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

May 6, 2020 10:03:21 AM By Roger Grimes

I get asked a lot about password policy during my travels around the globe giving presentations and from people who email after webinars. Many of the questions are the same and I’ve ...

Security Awareness Training Blog

Social Engineering Blog

View Topics

Pyongyang's Phishing with Job Offers

Increase in BLM Domain Names Forecasts BLM Phishing Attacks

Twitter Takes Down Over 32,000 Nation State Accounts Involved in Disinformation Campaigns

Pretexting Defined

[HEADS UP] Cybercriminals in Australia Harass Recipients with Abusive Transaction Descriptions on Bank Statements

[Heads Up] The REvil Ransomware Gang Is Now Auctioning Off Their Victim Data

Phishing Campaigns Using Google Firebase Storage

[Heads Up] The COVID Remote Work Mandate Skyrockets "Work From Home" Training Enrollments

Preying on the Unemployed

The Three Pillars of the Three Computer Security Pillars

Scammers Exploit Rollout of COVID-19 Contact-Tracing Apps

Dutch Online Retailer Wehkamp Loses 144,000 Euros in Bankruptcy Business Email Compromise

That Email from President Trump? Yeah, That’s a Phishing Scam

World's Largest Sovereign Wealth Fund Falls For $10m Social Engineering Attack

Watch Out for the Coming Tsunami of Mortgage Rescue Phishing Scams

Why Does Someone Click and Become a Victim of a Scam?

[Scam of The Week] Unemployed Americans Are Now Deceived Into Grabbing ‘Remote Jobs’ As Money Mules

Cybercriminals Lean Heavily on Social Engineering Tactics to Gain Access to Bank Accounts

What is the Right Password Policy?

Q&A With Data-Driven Evangelist Roger Grimes on the Great Password Debate

Search Our Blog

Subscribe To Our Blog

Posts By Topic

Get the latest about social engineering

Subscribe to CyberheistNews

Get the latest about social engineering

Subscribe to CyberheistNews

Products & Services

About Us

Free Tools

Contact Us

Contact Support

Search