Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

F-Secure Cautions about Fresh Olympic-themed Spam

F-Secure the security company based in Finland has recently cautioned that spam mails themed on the Olympics are targeting Internauts while carrying web-links to one malevolent PDF file ...
Continue Reading

Fake LinkedIn Emails To Reset Your Password

Since LinkedIn had their IPO, they have been in the news a lot more, even if only to compare them with the recent Facebook IPO Debacle. But the better known you are, the bigger target you ...
Continue Reading

Malicious PowerPoint File Contains Exploit, Drops Backdoor

TrendLabs discovered a malicious MS PowerPoint document that arrives attached to email messages. The file contains an embedded Flash file, which exploits a software bug found in specific ...
Continue Reading

Chinese hacker brings grief to Calgary’s Catholic school system

Hackers will find any mail server that is not protected and/or configured correctly and use it to send out as much spam as possible. This gets the unsuspecting organization blacklisted ...
Continue Reading

VIDEO The Top 5 Online Security Traps And How To Avoid Them

GFI is one of the few antivirus vendors that understands the importance of prevention and end-user training. They produced this useful video that in two minutes illustrates the top 5 ...
Continue Reading

Gmail Security Hole Allows Hackers To Automate Social Engineering Trick

Christopher Mims over at Technology Review was the first one to report on this. A large Gmail security hole could lead to mass harvesting of accounts, as hackers can automate this social ...
Continue Reading

Fake Facebook “Account Cancelation Requests” Lead to Malware

Softpedia reported: "A shady-looking email, apparently originating from Facebook, has been seen in inboxes, informing users that the social media network has received an account ...
Continue Reading

Hackers Target the Weakest Link: The End User

I was interviewed by Jeremy Quittner yesterday. Here is how he started his article in American Banker today: "It took Stu Sjouwerman, the founder and chief executive of security firm ...
Continue Reading

Guessable Passwords: The Unpatchable Exploit

Monday morning, I found a tweet by @INFOSECSchool with the above title. I admit, it's a catchy phrase and sure enough, IF you allow easy passwords, it's an invitation to get hacked. This ...
Continue Reading

Fake Amex ID Verification

[caption id="" align="alignleft" width="260" caption="Fake Amex ID Verification"][/caption] OK, here is another one to warn everyone about, especially the employees that have a ...
Continue Reading

Russia's most effective cybercriminals

Rod Rasmussen over at SecurityWeek has a really interesting article about a Russian cyber gang driving a massive wave of fraud: "Tucked away in a small town outside Moscow, Russia one of ...
Continue Reading

Gartner considers security awareness training an essential tool for all companies

Linda Musthaler, at NetworkWorld just wrote an excellent article about training workers to be cyber safe. One paragraph was especially noteworthy: “In 2012 we’re already seeing a sharp ...
Continue Reading

I am a malware coder and botnet operator

This is a discussion on Reddit, where a (presumably Polish) malware coder and botnet operator very candidly answers questions from people. This is a fascinating but rather technical read, ...
Continue Reading

News - FBI warns against malware installed via hotel networks

The Internet Crime Complaint Center had this 'Intelligence Note': "Recent analysis from the FBI and other government agencies demonstrates that malicious actors are targeting travelers ...
Continue Reading

The Average Cyberespionage Attack Goes On For 416 Days

WIRED Mag has a great article by Kim Zetter. It boils down to the fact that high-level hackers are able to get and stay in your network. And even if you are able to kick them out, they ...
Continue Reading

Symantec Report Says User Behavior is Root of Most Breaches

Tracy Kitten over at BankInfoSecurity spotted something interesting in Symantec's recent Internet Security Threat Report. This is the upshot: "Which Internet security threats pose the ...
Continue Reading

$1,000 Walmart Gift Card Scam Inflates Your Phone Bill

We have seen crooked Walmart gift card offers before, but now and then I run across one that's craftier than earlier versions. And as usual, you do not get the gift card, but a high dose ...
Continue Reading

Proof: Antivirus Only Defends Against Low-skilled Attackers

The SANS Computer Forensics and Incident Response team built a real-life network for their students so they could learn how to hack into the network. They put McAfee enterprise endpoint ...
Continue Reading

Bogus PayPal payment alert causes malware infection

Gary Warner just reported: "A new malicious spam campaign has just launched this morning targeting Paypal users. This malware campaign attempts to "social engineer" users into clicking a ...
Continue Reading

Cybercrime uses hidden file extensions to trick users

Symantec contributor Fred Gutierrez shows clearly in this blog post why it can be deadly to click on a .JPG file: "Cybercriminals have continuously evolved their methods throughout the ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews