Latest social engineering news, analysis, tactics the bad guys are using and what you can do to defend your organization.
A friend of mine, John D., received this outreach on Threads (see below). At first, he thought it was the standard fake employer scam, but it is more than that. It is very likely part of ...
Researchers at CyberProof warn that threat actors are launching phishing attacks via Microsoft Teams' “Chat with Anyone” feature, which lets external users send direct messages via email ...
Researchers at SpyCloud have observed a 400% year-over-year increase in successful phishing attacks, with a disproportionate number of attacks targeting corporate accounts.
ReliaQuest warns that the cybercriminal collective “Scattered Lapsus$ Hunters” appears to be using social engineering attacks to target organizations’ Zendesk instances.
A new criminal platform called “Matrix Push C2” is using browser notifications to launch social engineering attacks, according to researchers at BlackFog.
Here's a curious thing about people, sometimes we crave the familiar, and sometimes we demand the novel.
Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing malware on their mobile devices. Some of these ...
I received this email the other day to my personal email account. It is a “Security Alert” from “Microsoft Helpdesk.” Oh, my!
A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s death and is trying to gain access to their ...
Human error remains the primary exploitation vector in mobile security incidents, according to Verizon’s latest Mobile Security Index (MSI).
Lead Analysts: Lucy Gee and James Dyer Cybercriminals want their payday. Unfortunately for the targets of phishing (and the organizations they work for) that means they’re constantly ...
In the complex ecosystem of financial services, some of the greatest threats come from within. While cybersecurity for financial institutions often focuses on external threat actors, the ...
These days it can be hard to tell if something is or isn’t a scam.
Researchers at Bitdefender warn that scams are seeing a steady increase globally. Citing a recent report from the Global Anti-Scam Alliance (GASA), the researchers note that 57% of adults ...
It can happen to the best of us. This story happened a decade ago, when I was working at a Fortune 10 company. “Smartest” is subjective, but most of my former coworkers and external ...
A phishing campaign is impersonating Google Careers to target job seekers, according to researchers at Sublime Security.
A phishing campaign is impersonating LastPass and Bitwarden with phony breach notifications, BleepingComputer reports.
Cybernews warns that threat actors will likely take advantage of the recent AWS outage to launch phishing attacks against affected users.
Phishing was the initial access vector for 60% of cyberattacks across Europe between July 2024 and June 2025, according to the European Union Agency for Cybersecurity (ENISA).
A North Korean threat actor dubbed “DeceptiveDevelopment” is using various social engineering techniques to target job seekers, according to researchers at ESET.
