Social Engineering

Social Engineering news, information, and how-to advice

red bull mini
persoanl info form

IRS discloses breach, attackers used PII to clear security checks

On Tuesday, the Internal Revenue Service (IRS) disclosed a data breach that affects 100,000 taxpayers. In a statement on the matter, the IRS said that the attackers were able to access information through the "Get Transcript"...

st louis federal reserve bank

eNom discloses DNS attack to customers

On Thursday, Taryn Naidu, the CEO of domain registrar eNom, sent a letter to customers disclosing a "very sophisticated attack" that targeted the DNS settings on four domains. The email was sent in order to provide transparency, but...

othello iago

Social Engineering: Even Shakespeare understood security’s weakest link

What do Shakespearean tragedies and security issues have in common? Both are overwhelmingly the result of human error. Othello is one of Shakespeare's greatest plays, and Iago is one of literature’s first social engineers.

american justice courtroom gavel legal system law justice flag 000000804982

Law firm says human error to blame for client breaches in 2014

The Privacy and Data Protection team at BakerHostetler, a law firm with offices across the U.S, has released a report stating that human error was responsible for the majority of the security incident cases they worked in 2014.

handing over keys
Q&A

Professional hackers talk social engineering threats and security awareness

With years of experience pen testing and human hacking, Chris Hadnagy and Dave Kennedy are experts at how social engineers work, and what techniques they use to successfully breach an organization. In this discussion with CSO Chief...

security phishing hook

CareerBuilder listings used as Phishing platform

Researchers at Proofpoint recently discovered a Phishing campaign that originated form select job postings on CareerBuilder.

1 rsa opener

RSA Conference 2015: Criminals targeting gaps in user awareness training

Common Phishing techniques were less effective last year, so criminals changed their game in order to adapt

Surveys: Employees at fault in majority of breaches

A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes, say two new studies, but companies aren't doing enough to address this issue.

phishing

Russian hackers used State Dept. systems to Phish White House staffers

U.S. officials briefed on the investigation have told CNN that Russian hackers used their access after compromising the U.S. State Department to target sensitive information on the unclassified White House network.

shoulder surfing

Beware the ‘visual hack’

Social engineering is by far the largest security threat to most organizations. But recent research showed that a "surgical strike" from a hacker strolling through an office as a "part-time worker" can yield a small amount of very...

Google logo fisheye

Google error leaks website owners' personal information

A Google software problem inadvertently exposed the names, addresses, email addresses and phone numbers used to register websites after people had chosen to keep the information private.

030415blog hillary clinton checks her email

Why the Hillary Clinton email story is a big deal

A security-only look into why using a personal email address for business communication is an all-around bad idea, regardless if you are a CSO or the Secretary of State (but an extremely bad idea if you are the Secretary of State).

telephone operators 1952

Call recording on: Listen to an actual Microsoft support scam as it happened

The scam starts with a call that warns of problems, and immediately offers to connect you with a Microsoft support staffer. Their goal is to remotely control your system and install malware and rogue anti-Virus software.

security phishing hook

Domain keywords used to spot phishing sites

Criminals setting up fake domains for phishing are prone to use the same words over and over and spotting those words can help identify malicious sites, according to a new threat detection model from OpenDNS.

slide to unlock

iPhone theft victims tricked into unlocking devices

Symantec has discovered a campaign that aims to unlock Apple devices after they've been lost, which requires either the device's passcode or the credentials for a person's iCloud account.

apple pay

Crooks targeting call centers to further Apple Pay fraud

According to mobile payments expert, Cherian Abraham, fraud on Apple's mobile payment platform – Apple Pay – is rampant. However, Apple's hardware and software security measures remain intact; the issue at the heart of most fraud...

medical records healthcare medicine file document claim form doctors office hospital 000000399129

Anthem: 78.8 million affected, FBI close to naming suspect

On Tuesday, Anthem, the nation's second largest health insurer, said that 8.8 to 18.8 million people who were not customers could be impacted by their recent data breach, which at last count is presumed to affect some 78.8 million...

clean desk

Low tech 'visual hacking' successful nine times out of ten

Researchers were able to get sensitive corporate information just by looking around corporate offices in 88 percent of attempts, according to a new study

Load More