Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

The Inevitability Of "The Click"

From the 2013 Verizon Data Breach Investigations Report. Note that i t only takes 20 emails to get one successful click on a phishing attack. Read the story above!
Continue Reading

FBI Warns of Spear-Phishing Attacks

Spear-phishing attacks are up, and they are targeting individuals across all industries, according to a new warning issued by the U.S. Federal Bureau of Investigation .
Continue Reading

How Zombie Phones Could Create a Gigantic, Mobile Botnet

Seen "World War Z" recently? Your mobile phone might soon be infected and become a zombie.
Continue Reading

Why Business Is Losing The War Against Cybercrime

Price Waterhouse (PwC) and CSO Magazine just released their 2013 State of Cybercrime Survey. It shows that lack of risk awareness means companies are poorly defended. This is their 11th ...
Continue Reading

Snowden Exfiltrated NSA Files On Thumb Drive

It appears that Edward Snowden used a thumb drive to exfiltrate the Top Secret files documents from NSA's network. The US DoD banned the use of flash drives in 2008 after Defense systems ...
Continue Reading

Scam Of The Week: CIA Prism Watchlist

Scam Of The Week: CIA Prism Watchlist Just this morning, a researcher discovered an email uploaded to Virustotal called CIA's_prism_Watchlist_.eml. The content refers to Snowden, and the ...
Continue Reading

SlideShare Puts Us On Front Page!

The super popular SlideShare site has featured our Seven Social Engineering Vices slide deck on their front page for a short time. Here is what they sent me!
Continue Reading

The Three Types Of Cyberattacks

Eugene Kaspersky recently gave one of his very rare interviews. He was in Israel for a staff recruitment tour, and was quoted saying:"
Continue Reading

New on SlideShare: The Seven Deadly Social Engineering Vices

The Seven Deadly Social Engineering Vices blog post has been viewed well over 11,000 times and has gone viral. That's why we created a (much prettier) SlideShare version for you which you ...
Continue Reading

Data Breach Costs: 10 Ways You're Making It Worse

Inadequate response plans and poorly executed procedures caused data breach costs to rise significantly at some businesses, according to the Ponemon Institute. Mistakes, negligence and ...
Continue Reading

Citadel 'Shutdown' Just A Microsoft PR Move

It was all over the news. The Citadel botnet responsible for stealing more than 500 million dollars out of bank accounts from both individuals and organizations worldwide has been largely ...
Continue Reading

Did China Leak Prism Deliberately?

UPDATED June 9: 16:51p - In an interview with TechCrunch, Eugene H. Spafford, a computer science professor at Purdue and a noted expert in computer security observed something ...
Continue Reading

How the Syrian Electronic Army Hacked The Onion

This is a write-up of how the Syrian Electronic Army hacked The Onion using spear-phising. In summary, they phished Onion employees’ Google Apps accounts via 3 separate methods. From ...
Continue Reading

Cybercrime Targets: C-Level execs, HR managers and System Admins

According to a recent research of Group-IB on cybercrime, senior management is considered among most popular targets.
Continue Reading

The Seven Deadly Social Engineering Vices

(updated June 17, 2015) You may not be aware that there is a scale of seven deadly vices connected to social engineering. The deadliest social engineering attacks are the ones that have ...
Continue Reading

Webroot Spots NATO Job Apps Lead To Malware

This one qualifies as a Scam Of The Week and it's a good one to forward to your employees.
Continue Reading

0-Day Threats and Security Awareness

OK, we all know that there is a lively trade in 0-day threats. Often this is an unknown vulnerability in a popular browser that is not fixed yet. Microsoft recently announced they fixed ...
Continue Reading

Phishing Scam Of The Week: Walmart.com

Wal-Mart took special effort this week and warned customers of an unusually 'high quality' phishing email that tries to get personal and credit information. They stated on their corporate ...
Continue Reading

Facebook 'Fraud-as-a-Service' Promoted Via Google

You may have read CyberheistNews Vol 3, #19, which had 'Fraud-as-a-service Goes Mainstream' as its headline. Here is a follow up on that. You can now download apps that hack Facebook, and ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews