Social Engineering

Social Engineering news, information, and how-to advice

ransom note
dropbox phishing


The human OS: Overdue for a social engineering patch

Security experts have been saying for years that humans are the weakest link in the security chain. They still are. Why haven't things improved? Training has to get a lot more frequent, and more effective, they say.

tv satellite dish

Ransomware attack knocks TV station off air

On Monday, The ABC had to suspend programming out of Sydney, Australia and move broadcasting to Melbourne after their network was targeted by Ransomware. The malware prevented normal operations, resulting in ABC News 24 going off air...

Phishing for passwords.

What to do in the aftermath of the JPMorgan breach

The compromise of 10s of millions of JPMorgan Chase accounts poses the greatest risk of phishing attacks on consumers and small businesses, experts say.

Binary wireless traffic stream speeding down the street.

Recently introduced TLDs create new opportunities for criminals

Top-level domains are supposed to be a way to focus the Internet. In reality, they've become a boon for registrars, who use them as an up sell and a goldmine for criminals who use them to bypass defenses.

ipad mini

How to avoid online scams when selling your old iPhone or iPad

James A. Martin was the target of a scam when he tried selling his iPad mini online. He didn't fall for it—and here's how you can make sure to avoid being defrauded, too.

Hackers launch Apple ID phishing campaign playing on iCloud security worries

Phishing emails masquerade as security alerts from Apple about rogue iTunes purchases, researchers from Symantec said

People talking illustration

Social media remains an easily exploitable attack surface

Twitter, like every other social platform, has an interesting attack surface; one that criminals have been exploiting for years. The instant connection to information offered by those platforms can be turned against their users,...

Phishing emails fool most employees. But is this their problem or email's?

Test finds people struggle to distiniguish real from fake

email in inbox inbox internet mail communication 000003644536

Email security still a struggle for most companies

Banks and social media firms have taken steps to protect their customers from email scams, according to recent research. However, the travel and healthcare industries remain vulnerable. All the more troubling: Spam and phishing show...


JPMorgan breach likely impacts UCard users – again

The story is nearly identical to one from nearly a year ago. It starts with JPMorgan Chase disclosing that they've suffered a data breach. The bank says that an unknown number of records have been compromised, but it's certain that...

security phishing

Suspect Phishing? Chase Bank says to click links

Chase Bank tells customers to click a link if they question the authenticity of a given message, ignoring (and training customers to ignore) one of the primary rules when it comes to avoiding Phishing attacks - don't click anything.

Google logo fisheye

FBI issues warning about creative Google searches

A memo dated July 7, issued by the FBI and the National Counterterrorism Center, warns law enforcement and private security agencies about the practice of Google Hacking and what can be done about it.

Spam industry reinvented as messages containing malicious links surge

Malicious links now in one in six spam emails

nuclear bomb test bikini atoll and enewetak october 21 1952 dv1282017

Workers at U.S. nuclear regulator fooled by phishers

Nuclear Regulatory Commission employees were tricked into disclosing passwords and downloading malware in three phishing attacks that occurred over a three-year period.

piggy bank 164630734

Stolen data allegedly used by Irish credit unions to find debtors

Private investigators, said to be working on behalf of credit unions in Ireland, didn't need to be social engineering experts in order to convince staff at the Department of Social Protection (DSP) and other government agencies to...

Phishing key

Why it is time to intensify employee education on phishing

Companies should consider intensifying employee training to combat the increasing craftiness of phishers who are working harder to obtain personal details on targets in order to trap them in scams.


State-of-the-art spear phishing and defenses

Likelihood, severity support paying upfront for that ounce of prevention


Salted Hash: Live from DEF CON - Social Engineering

Social Engineering and DEF CON have always gone hand-in-hand, but after some of the things I've seen on the floor this weekend, it would seem that people have forgotten this – or the surge of new attendees have erased that barrier of...

Load More