Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Varieties of Extortion Experience

We are all familiar with ransomware and its increasingly dangerous cousin, wiper malware. The first encrypts your files and demands ransom payments in exchange for the decryption key. The ...
Continue Reading

Here Are Some Interesting Headlines I Found During Black Hat

Black Hat 2019 - The Craziest, Most Terrifying Things We Saw: I ran into Neil Rubenking when I went to the Qualys party which was in the Foundation Room all the way on top of the ...
Continue Reading

CEO Fraud hits B.C. lawyers for $2 million

Two B.C. law firms were targets of so-called social engineering frauds causing almost $2 million in real estate and investment funds to be wired to people other than clients the firms ...
Continue Reading

New UK Study: "3 out of 4 phishing scams get to your inbox untouched"

Chris Matyszczyk wrote: "Apple sends me so many invoices every week that I scarcely know what I've gone and bought. This appears to have also crossed the minds of researchers at the UK's ...
Continue Reading

Why School Districts are Targets of Social Engineering

School districts are becoming increasingly popular targets for ransomware, with at least five of these attacks occurring in July, according to the New York Times.
Continue Reading

Freight Forwarding Email Scams are Business Killers

The Australian Cyber Security Centre (ACSC) has warned that multiple Australian IT suppliers have permanently closed their doors after falling victim to procurement scams, CRN reports. ...
Continue Reading

Schools In Both The US And UK Victim Of Recent Phishing Attacks

A number of educational institutions have recently fallen victim to cyberattacks, highlighting the need for increased awareness training for students and faculty. SC Media UK has ...
Continue Reading

OSINT – a Hacker’s First Asset in Targeted Attacks

Before a cybercriminal wants to engage in a targeted attack against a particular organization or individual, they’d like to know a few things first. That’s where OSINT comes into play.
Continue Reading

Netflix's New "The Great Hack" Reminds Us -- If you Don't Pay For the Product You *Are* The Product

Last night, Netflix premiered “The Great Hack” which is based on the Cambridge Analytica scandal. They reminded us of the golden expression: “If you don't pay for the product you are the ...
Continue Reading

HoneyTrap, The Oldest In The World Now As Iranian Catphish on LinkedIn

Iranian state-sponsored hackers are increasing their targeting of civilian targets amid escalating tensions between the US and Iran, according to Zak Doffman at Forbes. Doffman cites a ...
Continue Reading

[Scam of The Week] New 'US State Police' Phishing Extortion Scam Includes Contact Numbers

Our friend Larry Abrams at Bleeping computer warned: "A new extortion scam is underway that pretends to be from a US State Police detective who is willing to delete child porn evidence if ...
Continue Reading

U.K. Sees an Increase in Sophisticated Phishing Attacks Targeting Educational Institutions

Using a mix of identity deception, domain spoofing, credential theft, and bank fraud, scammers are taking advantage of soft targets in the U.K.’s education sector. 
Continue Reading

Cyber Crime Refines Their Social Engineering Tactics

Attackers are improving their strategies by accounting for new developments in technology, Help Net Security reports. Researchers at FireEye analyzed 1.3 billion phishing emails and ...
Continue Reading

Instagram Vanity Makes for Vulnerability

Scammers are targeting Instagram users with phony offers to verify their accounts in order to receive Instagram’s blue checkmark, Threatpost reports. Researchers at Sucuri came across a ...
Continue Reading

Which Of The Four Types of Social Engineering Is The Most Damaging?

Cybercriminals know that targeted social engineering attacks lead to the highest payoffs, so the frequency and sophistication of these attacks is guaranteed to increase, writes Jasmine ...
Continue Reading

1.5 Billion Gmail Calendar Users are the Target of a Crafty New Phishing Scam

Users of Google’s Calendar app are being warned about a scam that takes advantage of the popularity of the free service and its ability to schedule meetings easily.
Continue Reading

New KnowBe4 Benchmarking Report Unveils That Untrained Users Pose The Greatest Risk To Your Organization

KnowBe4, has released the new Phishing by Industry Benchmarking Report to measure an organization’s average Phish-prone percentage, which indicates how many of their employees are likely ...
Continue Reading

No, Mr. McAfee is Not Giving Away Money

Cryptocurrency giveaway scams are making a comeback, with fraudsters posing as John McAfee, Elon Musk, and the Tesla company, BleepingComputer reports.
Continue Reading

Chinese Hackers Infiltrate Global Telecom Networks With Spear Phishing

The WSJ revealed a brazen hack by Chinese state-sponsored bad actors who totally owned more than 10 global telecom networks, and had full admin access to their networks. They were able to ...
Continue Reading

"Elaborate" Identity Takeover Fraud Hits Australian Businesses

A new procurement scam has netted at least $1.5 million from Australian companies in New South Wales over the past few weeks, according to 10 daily. The scammers are posing as ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews