Social Engineering

Social Engineering news, information, and how-to advice

ransomware

Ransomware damage costs predicted to hit $11.5B by 2019

The rising ransomware costs are driven by an uptick in the frequency of attacks, which is expected to rise to an attack every 14 seconds.

10 phishing

Why you should fear phishing more than data breaches

A recent study from Google and UC Berkeley examined the various ways accounts are compromised, and determined that phishing attacks – not data breaches – pose the most risk to users when it comes to lost access.

11 phish

5 ways to minimize phishing attacks

Social engineering and phishing remain two of the most effective methods of attacking systems and networks. Here are five quick wins to help improve your security.

cybersecurity awareness month

6 reasons why awareness programs fail even when following best practices

Taking into account the traditional critical success factors of security awareness may not be enough to create a security aware environment.

cyber security

What the good guys are up against: a roundup of popular attack vectors

To help the defenders know what they’re up against, here are some of the attack vectors that have been frequently used in recent months

cybersecurity ts

5 worst cybersecurity habits with catastrophic consequences

These cybersecurity habits can have devastating effects. Make sure you — and your employees — aren't following them.

money bundles of US dollars

Social engineer bank robber arrested weeks after successful $142,000 heist

A Malaysian bank robber who used social engineering as his primary weapon in a string of thefts was recently arrested at his home in Batu Berendam, Malacca, three weeks after successfully walking away with $142,000 (RM600,000) by...

spearfishing trap

Multi-stage spear phishing – bait, hook and catch

Multiple step spear phishing is the latest iteration in social engineering from sophisticated cyber criminals.

p1240381 11

Scammers sent follow-up emails in Office 365 phishing campaign

As previously reported on Salted Hash, a recent phishing email looking to harvest credentials was actually part of an ongoing phishing campaign targeting Office 365 customers. The campaign has been going on since late 2016, and is...

p1240300 5

Office 365 Phishing attacks create a sustained insider nightmare for IT

Earlier this month, Salted Hash deconstructed a Phishing email that had bypassed company filters and made into the general inbox. The email focused on an outdated subdivision, and was easily spotted as a scam. However, we've since...

cyber security

A note to mom about cybersecurity

I wanted to put this advice in simple terms that people who didn’t obsess about security and privacy could understand. And so I came up with this “Cybersecurity Pledge” that I’m going to send to my friends and family. I’ll start with...

cybersecurity shield and gear image

Please don't send me to cybersecurity training

Training providers offer unique twists to help engage employees on security awareness education and make the process less painful.

phishing threat

Back to school, part 2: no whaling allowed!

5 security safeguards to keep the CEO out of hot water.

p1240307 6

Office 365 phishing – A quick look at a recent example

On Thursday, an interesting email showed up in my inbox. The message says there are emails pending, because I've used 98-percent of my storage space. In order to fix this, I needed to download and save the attached configuration. The...

knife lanyard knot untangle rope

Mimecast’s newly discovered email exploit isn’t a vulnerability, it’s a feature

Mimecast, a Boston-based email security firm, claims to have discovered a new email exploit. The exploit itself centers on the fact that an attacker who sends an HTML-based email linking to an external CSS file can "edit any text in...

tom pendergast in the alps

Take a vacation—just not from cybersecurity best practices!

If you’re a person with privileged access in a company—executives, yes, but IT and finance and more—a criminal who has been watching your company and watching you personally could easily gather enough clues about you and your company...

cyberattack laptop arrows war fight

The 5 types of cyber attack you're most likely to face

Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront.

phishing threat

Attackers experimenting with CVE-2017-0199 in recent phishing attacks

Researchers at Trend Micro and Cisco's Talos have identified a new wave of Phishing attacks leveraging CVE-2017-0199, a previously-patched remote code execution vulnerability in the OLE (Windows Object Linking and Embedding) interface...

eliminate insider threats 1

IT's 9 biggest security threats

As this list of the biggest security threats shows, hacking has evolved from a one-person crime of opportunity to an open market of sophisticated malware backed by crime syndicates and money launderers.

socengentry

What is social engineering? How criminals take advantage of human behavior

Social engineering is essentially the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques. Here are answers to some frequently asked...

Load More