Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

New Email Attack Takes a Phishing-Turned-Vishing Angle to Steal Credit Card Info

Details on this new scam demonstrate how cybercriminal gangs are working to try use new mediums and social engineering methods to trick users into becoming victims.
Continue Reading

Business Email Compromise Attacks Are Evolving, Becoming More Convincing and More Expensive

The “business” of BEC is becoming increasingly more lucrative for cybercriminals, as they develop new ways to defraud individuals and organizations of their money.
Continue Reading

Call Centers Used to Distribute BazarLoader

Cybercriminals are using call centers to trick users into downloading the BazarLoader malware, according to researchers at Palo Alto Networks’ Unit 42. By relying on social engineering to ...
Continue Reading

A Popular Fraud Combo is Back: Elon Musk and Bitcoin

Researchers at Bitdefender warn that cybercriminals continue to impersonate Elon Musk in Bitcoin scams. One campaign that started on May 15 involved sending thousands of emails telling ...
Continue Reading

Cybersecurity Insurance Landscape Is Fundamentally Changing Right Now

By Roger Grimes. Ransomware is stealing so much money and interrupting so many businesses that it might be the beginning of their undoing. It is certainly radically changing the ...
Continue Reading

Low-Grade Ways of Bypassing Email Scanners

Cybercriminals are replacing common words in phishing scams with synonyms in order to bypass security filters, according to researchers at Avanan. For example, one phishing lure contained ...
Continue Reading

The FBI’s Internet Crime Complaint Center Marks Its 6 Millionth Complaint as Pace Accelerates

The rate at which cyberattacks are increasing are being noticed by both their victims and the FBI, who are seeing more people affected by online crimes and scams.
Continue Reading

When Cryptocurrency Investments Really Are Too Good To Be True

The US Federal Trade Commission (FTC) reports that victims have lost more than $80 million in cryptocurrency scams since October of last year, with about $2 million of that total going to ...
Continue Reading

Transparent Tribe Uses Spoofed Domains in Social Engineering Attacks

Researchers at Cisco Talos warn that the threat actor known as “Transparent Tribe” (also known as APT36 and Mythic Leopard) is using spoofed websites and malicious documents to deliver ...
Continue Reading

FBI Finds Phishing Sites Abusing Search Results and Ads to Steal Banking Credentials

The US Federal Bureau of Investigation has sent out a private industry notification (PIN) warning that cybercriminals are using search engine ads and search results to spread phishing ...
Continue Reading

A  New Smishing Trojan is Out and About

Researchers at Pradeo have observed a new Android malware campaign that uses text messages asking victims to pay a small fee for a delivery. The messages contain a link that will install ...
Continue Reading

Email-Based Threats Increase 64% as Attacks Grow in Sophistication and Volume

New data from Mimecast shows how email-based threats are not only the greatest perceived concern, but are proving to be the reason for increased experienced attacks.
Continue Reading

Your Organization Needs to Take Security Awareness Training More Seriously

Your organization needs to take security awareness training (SAT) more seriously. I mean truly serious, really serious, and not relegated to some quasi-, semi-serious status that the vast ...
Continue Reading

Huge Business Email Compromise Campaign Targets More Than 120 Organizations

According to Bleeping Computer, Microsoft reported that a large business email compromise (BEC) campaign has targeted dozens of organizations. The industries targeted varied from real ...
Continue Reading

Fake Court Order Used to Take Over Domains

Motherboard reports that a scammer used a phony court order to trick a domain registrar into giving them control over a domain that posted links to dark web drug markets. The scammer then ...
Continue Reading

Cybersecurity Spend Is Now More Than 20% of the Average IT Budget As 91% of Organizations Suffering an Attack had Operations Impacted

The latest data from the Hiscox Cyber Readiness Report highlights how organizations are experiencing cyber threats and how they are responding to increase their readiness for next time.
Continue Reading

Genesis Market: a Study in the C2C Economy

Researchers at Digital Shadows describe Genesis Market, a criminal-to-criminal marketplace that aggregates and sells digital fingerprints to facilitate cyberattacks. The researchers say ...
Continue Reading

U.K. Royal Mail-related Phishing Scams Are Up 645%

New data from CheckPoint highlights how scammers are using simple shipping-related social engineering scams to trick victims into giving up personal information and credit card details.
Continue Reading

Ransomware Operators Threaten to Short Victims’ Stocks

The Darkside ransomware operators are now offering to tip off unscrupulous stock traders before they post the names of publicly traded victim companies, the Record reports. The criminals ...
Continue Reading

Scammers Target Rogers Customers With SMS Messages

Scammers are targeting Rogers customers with text messages offering $50 refunds, according to BleepingComputer. The Canadian telecommunications provider suffered a widespread outage last ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews