Eight Romance Phishing Scammers with Ties to Nigerian Organized Crime Arrested After Stealing Nearly $7 Million

Oct 29, 2021 2:02:43 PM By Stu Sjouwerman

This latest arrest by the South African Police Service (SAPS) demonstrates how romance scams that have been around for decades remain alive and well… and profitable.

Over Half of all Impersonation Attacks Target Non-Executive Employees

Oct 29, 2021 2:02:26 PM By Stu Sjouwerman

A new report shows how cybercriminals focus on users that are less vigilant and more prone to falling for social engineering and impersonation tactics designed to gain access to finances.

Ransomware 3.0: It Is About To Get Much Worse

Oct 27, 2021 4:28:01 PM By Roger Grimes

If you think ransomware is bad, it is about to get much, much worse. What will ransomware gangs do? Just everything.

Cybercriminals are using Craigslist email notifications to send phishing links

Oct 27, 2021 9:16:47 AM By Stu Sjouwerman

Cybercriminals are using Craigslist email notifications to send phishing links, according to Roger Kay at INKY. The emails contain links to download a document with malicious macros.

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

Oct 26, 2021 9:38:10 AM By Stu Sjouwerman

Researchers at Microsoft have observed an attack phishing campaign by Russia’s SVR that’s targeting resellers and managed service providers. Microsoft tracks this threat actor as ...

Celebrity Hacks and the Frenzy of Renown

Oct 25, 2021 10:50:10 AM By Stu Sjouwerman

Avast offers a look at incidents in which celebrities have been the victim of social engineering attacks. The firm notes that while celebrities are higher profile targets, attackers use ...

New Impersonation Attack Demonstrates That Threat Actors Don’t Need to Get the Logo Correct

Oct 20, 2021 10:15:50 AM By Stu Sjouwerman

A new trend in social engineering and impersonation emerges as cybercriminals take advantage of a user’s inability to properly identify fake corporate logos in phishing attacks.

U.S. Government Says To Use Phishing-Resistant MFA

Oct 20, 2021 10:15:13 AM By Roger Grimes

The U.S. government has been pushing people to avoid SMS- and voice call-based multi-factor authentication (MFA) for years, but their most recent warning is to avoid any MFA that is ...

U.K. Residents Experience a 116% Increase in Nuisance Calls, Texts, and Emails in 2021

Oct 13, 2021 8:52:53 AM By Stu Sjouwerman

New data from the U.K.’s Information Commissioner’s Office (ICO) shows a massive rise in the first six months of this year – and the belief that cyberattacks are to blame.

NIST on Phishing Awareness

Oct 13, 2021 8:49:33 AM By Stu Sjouwerman

People need to be conscious of the fact that anyone can fall for social engineering tactics, according to Shaneé Dawkins at NIST, the US National Institute of Standards and Technology. ...

What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks

Oct 8, 2021 9:09:56 AM By Stu Sjouwerman

What do you get when you add a totally free 1.3 Billion set of phone numbers and data from millions of Facebook profiles? A massive dox database of users now up for sale for $100,000.

U.K. Authorized Push Payment Scams Jump 71% in First Half of 2021, Taking in £355 Million

Oct 8, 2021 9:09:44 AM By Stu Sjouwerman

Surpassing credit card fraud in the U.K., scamming victims into sending money to a fraudulent bank account has taken the lead spot in fraud scams that could cost U.K. residents more than ...

Framing the Social Engineering Risk in Business Terms

Oct 7, 2021 8:54:26 AM By Stu Sjouwerman

C-suite employees need to understand the risk posed by social engineering attacks, according to CSO. Terry Thompson, adjunct instructor in cybersecurity at Johns Hopkins University, told ...

New James Bond Movie is Cybercriminals Shiniest Phishbait

Oct 4, 2021 8:41:31 AM By Stu Sjouwerman

Cybercriminals are using the new James Bond movie, No Time to Die, as phishbait, the National reports. Researchers at Kaspersky warn that malicious ads and phishing sites are claiming, ...

90% of All Cyber Attacks on Organizations Involve Social Engineering

Oct 1, 2021 1:08:42 PM By Stu Sjouwerman

It’s official: threat actors and cybercriminal gangs alike are enlightened and have locked in on the use of social engineering as the primary means to trick recipients into becoming ...

5th Circuit Court Finds Cyber Insurer Must Pay for $1 Million Social Engineering Attack

Sep 30, 2021 8:19:24 AM By Stu Sjouwerman

A simple social engineered Business Email Compromise attack resulted in fraud that the cyber insurer contended was not covered under the policy.

New Tactic: Shortened LinkedIn URLs Are Now Used As Phish Hooks

Sep 27, 2021 8:32:30 AM By Stu Sjouwerman

Scammers are using shortened LinkedIn URLs to disguise phishing links, according to Jeremy Fuchs at Avanan. LinkedIn automatically shortens links that are longer than 26 characters. The ...

Newest iPhone Launch is Now a Scammer's Advantage

Sep 23, 2021 8:50:49 AM By Stu Sjouwerman

Scammers are taking advantage of the launch of iPhone 13, according to researchers at Zscaler. The launch event was streamed live last week on Apple’s official YouTube channel, and ...

[HEADS UP] Millions of malicious emails will slip past security filters in Q4

Sep 22, 2021 5:00:00 PM By Stu Sjouwerman

Researchers at Tessian have published a report looking at recent trends in spear phishing attacks. The researchers found that 45% of employees said that they clicked on a phishing email ...

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

Sep 21, 2021 3:58:01 PM By Stu Sjouwerman

The seemingly benign quizzes asking personal details take advantage of individuals’ willingness to share and could be used to establish passwords, password hints, and more.

Security Awareness Training Blog

Social Engineering Blog

View Topics

Eight Romance Phishing Scammers with Ties to Nigerian Organized Crime Arrested After Stealing Nearly $7 Million

Over Half of all Impersonation Attacks Target Non-Executive Employees

Ransomware 3.0: It Is About To Get Much Worse

Cybercriminals are using Craigslist email notifications to send phishing links

Russian SolarWinds Hackers Newly Attack Supply Chain With Password-Spraying and Phishing

Celebrity Hacks and the Frenzy of Renown

New Impersonation Attack Demonstrates That Threat Actors Don’t Need to Get the Logo Correct

U.S. Government Says To Use Phishing-Resistant MFA

U.K. Residents Experience a 116% Increase in Nuisance Calls, Texts, and Emails in 2021

NIST on Phishing Awareness

What’s Next for the 3.8 Billion Entries in the Clubhouse-Facebook Database? Plenty of Social Engineering Attacks

U.K. Authorized Push Payment Scams Jump 71% in First Half of 2021, Taking in £355 Million

Framing the Social Engineering Risk in Business Terms

New James Bond Movie is Cybercriminals Shiniest Phishbait

90% of All Cyber Attacks on Organizations Involve Social Engineering

5th Circuit Court Finds Cyber Insurer Must Pay for $1 Million Social Engineering Attack

New Tactic: Shortened LinkedIn URLs Are Now Used As Phish Hooks

Newest iPhone Launch is Now a Scammer's Advantage

[HEADS UP] Millions of malicious emails will slip past security filters in Q4

Social Media Quizzes May Be Data Scrapers Building Victim Profiles

Search Our Blog

Subscribe To Our Blog

Posts By Topic

Get the latest about social engineering

Subscribe to CyberheistNews

Get the latest about social engineering

Subscribe to CyberheistNews

Products & Services

About Us

Free Tools

Contact Us

Contact Support

Search