Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

View Topics

Have Your Users Been Exposed in the 8.5 Billion Breached Records This Year?

Dec 10, 2019 9:00:00 AM By Stu Sjouwerman
Data breaches are getting bigger, the bad guys are getting more cunning, and the amount of compromised data is unfortunately continuing to rise. According to RiskBased Security, breach ...
Continue Reading

Police warn of new 'line-trapping technology' being used to scam people over the phone

Dec 7, 2019 8:40:03 AM By Stu Sjouwerman
TORONTO -- A new piece of sophisticated technology is being used by fraudsters to scam unsuspecting people over the phone. Police said a woman in York Region received a call earlier this ...
Continue Reading

Gift Card Scams are Decreasing in Light of Other Business Email Compromise Scams

Dec 4, 2019 6:48:49 AM By Stu Sjouwerman
New data from email security vendor Agari shows Business Email Compromise (BEC) attacks shifting tactics last quarter, in favor of scams resulting in larger payouts.
Continue Reading

Identity Deception-Based Phishing Attacks Show an Increase in Impersonating Individuals

Dec 4, 2019 6:45:59 AM By Stu Sjouwerman
The use of impersonating a person or brand as part of an attack in on the rise, giving attackers the upper hand, establishing instant credibility and lowering the defenses of the ...
Continue Reading

Phishing for Gamers Uses A Fake Skin Giveaway

Dec 4, 2019 6:42:02 AM By Stu Sjouwerman
BleepingComputer warns that a fake Steam skin giveaway site is stealing users’ Steam credentials. The site appears to be running a 26-day promotion giving away free skins for ...
Continue Reading

Insecure Database Exposes Millions of Private SMS Messages

Dec 3, 2019 7:00:00 AM By Stu Sjouwerman
Researchers discovered an unprotected TrueDialog database hosted by Microsoft Azure with diverse and business-related data from tens of millions of users.
Continue Reading

You Can’t Always Trust a Dot-Gov Domain

Dec 2, 2019 7:12:15 AM By Stu Sjouwerman
It may be easier than one thinks to register a dot-gov domain, according to KrebsOnSecurity. People have tended to regard urls with the top-level domain dot gov as generally reliable, but ...
Continue Reading

Over Half of SMBs Experience Phishing and Social Engineering Attacks

Dec 2, 2019 7:00:00 AM By Stu Sjouwerman
The assertion that SMBs aren’t a cyber-target is officially dead. SMBs are victims of the very same attacks as enterprises in growing numbers, according to new research.
Continue Reading

Insurers Get Serious About Social Engineering Attacks Citing a Lack of Awareness as the Problem

Dec 2, 2019 7:00:00 AM By Stu Sjouwerman
With specific endorsements to protect against social engineering scams, insurers are realizing where the true risk lies in cyberattacks and make recommendations of how to mitigate it.
Continue Reading

Merchant fined for failing to train employees — Former NYDFS Superintendent Vullo Talks About Cybersecurity Regs

Nov 30, 2019 1:09:56 PM By Stu Sjouwerman
Mark Harrop, Director of Communications, Corporates at Thomson Reuters made me aware of a very interesting interview with Maria Vullo, the former Superintendent of New York’s Department ...
Continue Reading

Phishing scams on the up in the Netherlands

Nov 30, 2019 12:30:08 PM By Stu Sjouwerman
Mina Solanki, an expat in Holland wrote: "After years of declining, phishing is on the up. In 2018, the (monetary) damage caused by it had almost quadrupled compared to previous years. ...
Continue Reading

The Top Lesson From The Recent Louisiana 2,000-server Ransomware Infection: "User Education, User Education, User Education"

Nov 29, 2019 11:57:37 AM By Stu Sjouwerman
Louisiana suffered a ransomware attack last week that took down more than two thousand of the state’s computers and servers. The ransomware apparently entered the network after a user ...
Continue Reading

Black Friday Cyberattacks Just Soared 275%: Alert Your Users

Nov 27, 2019 10:49:36 AM By Stu Sjouwerman
Black Friday deals are everywhere. Some of the deals just seem too good to be true . In a brand new report , threat researchers at cybersecurity firm Check Point warn that the increasing ...
Continue Reading

Google Sent 12K Nation-State Phishing Warnings In Three Months

Nov 27, 2019 6:54:24 AM By Stu Sjouwerman
Google's Threat Analysis Group (TAG) delivered thousands of alerts of government-backed attempts to spearphish gmail users over just a three-month period earlier this year, they reported.
Continue Reading

Phishing Simulations Should be Educational, not Punitive

Nov 25, 2019 10:46:55 AM By Stu Sjouwerman
Phishing training programs need to be focused on educating employees rather than on shaming them, according to David Spark and Allan Alford, co-hosts of the Defense in Depth podcast. On ...
Continue Reading

Waterloo Brewing loses $2.1 million in social engineering cyberattack

Nov 22, 2019 1:56:38 PM By Stu Sjouwerman
Waterloo Brewing Ltd. says it has lost $2.1 million in what it calls a social engineering cyberattack. The Ontario brewery says the incident occurred in early November and involved the ...
Continue Reading

[Heads-up. This Is Ugly] After Refusing The Maze Ransomware Payment, Their Stolen Data Was Leaked

Nov 22, 2019 6:47:54 AM By Stu Sjouwerman
After a deadline was missed for receiving a ransom payment, the group behind Maze Ransomware has published almost 700 MB worth of data and files stolen from a security staffing firm. Our ...
Continue Reading

A massive international email scam netted $3 million worth of top-secret US military equipment

Nov 21, 2019 6:42:43 AM By Stu Sjouwerman
In a recent case first reported by Quartz, a crew of international cyber criminals allegedly convinced an unidentified US defense contractor to send them millions of dollars worth of ...
Continue Reading

It's Happening The World Over: $300K Lost To Phone Scammer

Nov 21, 2019 5:51:23 AM By Stu Sjouwerman
A woman in Singapore lost $300,000 to a scammer posing as a Singtel customer service employee, according to the Straits Times. The scammer told the victim he would fix some problems with ...
Continue Reading

An Australian Watering Hole (but in Canberra, not the Outback)

Nov 20, 2019 7:12:14 AM By Stu Sjouwerman
The Australian Federal Parliament suffered a malware infection earlier this year after some users fell victim to a watering hole attack, the Australian Broadcasting Corporation (ABC) ...
Continue Reading
Subscribe

Search Our Blog


Ransomware Has Gone Nuclear Webinar

Subscribe To Our Blog

Posts By Topic

View all

Get the latest about social engineering

Subscribe to CyberheistNews