Security Awareness Training Blog

Social Engineering Blog

Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.

Cybercriminal Gang, Silent Starling, Creates New ‘Vendor Email Compromise’ Category

New attacks focus on organizations with global supply chains looking to trick a supplier’s customers into paying fake invoices and have already impacted 500 organizations worldwide.
Continue Reading

Malware Delivered Via Fake Browser Updates Are Back and are More Sophisticated Than Ever

Leveraging vulnerable website content management platforms, these attacks seek to trick users into installing malware under the guise that their web browser is out-of-date.
Continue Reading

Now HERE is an interesting Phishing Campaign!

It's a phishing campaign against phishing campaigns! :-D It's a public service program that educates organizations and societies globally on the greatest cyber risk of all - the falsehood ...
Continue Reading

Ransomware Attack Hits Louisiana State Servers

Louisiana Governor John Bel Edwards on Monday revealed that a ransomware attack hit state servers, prompting a response from the state’s cyber-security team. The incident appears to have ...
Continue Reading

A Look at Election Influence And Social Engineering

Attempts to influence elections are by no means new, but highly targeted online advertising requires people to think about social engineering in the form of political messaging in a new ...
Continue Reading

Real Estate Scams Have Gone Global. Bad Guys Caused Tens of Thousands of Dollars Damage Down Under

Scammers hijacked a total of $70,000 by imitating an Australian settlement agent’s email address, and then tricking two property buyers into sending the money to the wrong account, Perth ...
Continue Reading

[Heads-Up] Scam Of The Week: Thousands Of Hacked Disney+ Accounts Are Already For Sale On Criminal Sites

Apart from me, guess who has been anticipating the Disney+ channel?
Continue Reading

A Majority of Organizations Experience Breaches Despite a Majority Saying They Are Prepared to Defend Against Them

The mismatch of signals by IT organizations shows a potential overestimation on IT’s part about its ability to prevent and protect against new cyberthreats.
Continue Reading

Don't Leave Your Users At Risk For Holiday Scams. Get Your Free Resource Kit From KnowBe4!

With users focused on holiday activities, cybercriminals take advantage of lowered defenses and holiday distractions to scam users into becoming victims. Phishing emails about shipping ...
Continue Reading

[Heads Up] This New, Unusual Ransomware Strain Goes Exclusively After Servers

Danny Palmer at ZDnet alerted on the following: "An unconventional form of ransomware is being deployed in targeted attacks against enterprise servers – and it appears to have links to ...
Continue Reading

TrickBot Malware Uses Highly Personalized Fake Sexual Harassment Complaints as Phishing Bait

Fake sexual harassment complaints appearing to come from the U.S. Equal Employment Opportunity Commission (EEOC) are the latest baits used by attackers to disseminate TrickBot banking ...
Continue Reading

People Need to Work Together to Spot Con Artists

It might not be possible to resist a good con artist, according to award-winning author, journalist, and champion poker player Maria Konnikova. On the CyberWire’s Hacking Humans podcast, ...
Continue Reading

Phishing Resistance for Charities

81% of charities say they’ve been targeted by a phishing attack this year, according to Ed Macnair, writing for UK Fundraising. Meanwhile, only 37% of charities think their IT and ...
Continue Reading

US Govt Asks Users to Be Wary of Holiday Scams and Malware

US consumers are encouraged by the Department of Homeland Security (DHS) to be wary of malicious campaigns and scams that usually start targeting during each year's holiday season.
Continue Reading

Specially Crafted ZIP Files Used to Bypass Secure Email Gateways

Attackers are always looking for new tricks to distribute malware without them being detected by antivirus scanners and secure email gateways. This was illustrated in a new phishing ...
Continue Reading

The Most Fascinating Layer in a SOC: The Human Layer

During my travels, the topic of security operations comes up often. And nearly every security professional I talk to is either contemplating or already implementing some form of ...
Continue Reading

APWG Q3 Report: Phishing Attacks at Highest Level in Three Years

According to the APWG’s new Phishing Activity Trends Report, the number of phishing attacks continued to rise into the autumn of 2019. The total number of phishing sites detected by APWG ...
Continue Reading

Healthcare Industry Names KnowBe4 As The 2019 Top Rated Platform For Cybersecurity Training & Education

Black Book Market Research LLC surveyed over 2,876 security professionals from 733 provider organizations to identify gaps, vulnerabilities and deficiencies that persist in keeping ...
Continue Reading

American Nikkei Employee Falls For Social Engineering Scam And Loses 29 Million Dollars

Phil Muncaster at InfoSec Mag had the (painful) scoop: "Media giant Nikkei has become the latest firm to suffer a humiliating Business Email Compromise (BEC), after it admitted losing ...
Continue Reading

[Heads Up] Scam Of The Week: Phishing Attacks Using Better Benefits And Pay Raise Bait

Millions of employees use KnowBe4's Phish Alert Button to report suspect emails, and thousands of organizations share these reports with us. This has become a fascinating threat source, ...
Continue Reading

Get the latest about social engineering

Subscribe to CyberheistNews