Social Engineering

Social Engineering | News, how-tos, features, reviews, and videos

Social media threat / danger / risk >  Text bubbles interact, one bearing skull + crossbones

Social engineering explained: How criminals exploit human behavior

Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems or data.

Fraud / deception / social engineering  >  A wolf in sheep's clothing in a binary environment.

10 signs you're being socially engineered

Scammers will try to trick you and your organization's users into giving up credentials or other sensitive date. Be skeptical if you see any of these signs.

cybersecurity controls

The 5 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

healthcare data breach / medical patient privacy security violation

6 biggest healthcare security threats for 2020

Healthcare continues to be a popular target for ransomware, cryptomining, data theft, phishing, and insider threats.

secured network of computers with locks displayed on screens

Why giving users two separate systems won't improve security

Red/green systems, which give users one system for work and another for other tasks, no longer makes sense from a security and cost perspective. There are alternatives.

A team with megaphones promotes their message.

How to market security: 8 tips for recruiting users to your cause

Getting users to care about security is a much-lamented challenge. What you need is a marketing plan.

Email takeover  >  Puppeteer hands manipulating the strings of an email client

Beware rogue email rules and forms

Creating malicious rules and forms in a compromised email client is an old but effective hacker trick that evades traditional antimalware software. Here’s how to make sure you can detect it.

Mastery of technology skills + knowledge.

12 things every computer security pro should know

Fighting the good fight takes specialized knowledge. Here's the baseline of what all security pros should know.

CSO  >  high-value targets  >  binary targeting of executives

Developing personal OPSEC plans: 10 tips for protecting high-value targets

Attackers are increasingly targeting executives and employees who have access to sensitive enterprise data. Here's how to protect those individuals with personal OPSEC plans.

Smishing, an SMS phishing attack / Vishing, a voice phishing attack by phone

Smishing and vishing: How these cyber attacks work and how to prevent them

Smishing and vishing are types of phishing attacks that try to lure victims via SMS message and voice calls. Both rely on the same emotional appeals employed in traditional phishing scams and are designed to drive you into urgent...

man in boat surrounded by sharks risk fear decision attack threat by peshkova getty

Sharks and phishers are circling, looking to snag a bite

Security professionals need to work together to come up with effective threat strategies, better training and intelligence alert systems in effort to keep phishing attacks at a minimum.

CSO > wolf in sheeps clothing / fraud / identity theft / social engineering

Famous social engineering attacks: 12 crafty cons

This rogues gallery of social engineering attack examples made headlines by taking advantage of human nature.

business intelligence crowd binary virtual world

How attackers identify your organization's weakest links

Understanding the techniques and tools attackers use in targeted phishing attacks.

6 handling email phishing

Business email compromise: The odds of being a victim are increasing

Given the growth over the last few years in BEC and EAC fraud, businesses should educate employees about the risks involved and red flags of this activity.

8 getting breached is bad for business

From phish to network compromise in two hours: How Carbanak operates

Cybercriminal group Carbanak has stolen hundreds of millions of dollars from financial institutions. Here's a detailed analysis by Bitdefender of an attack on one bank.

CSO > Phishing attacks that bypass two-factor authentication

Phishing attacks that bypass 2-factor authentication are now easier to execute

Researchers released two tools--Muraen and NecroBrowser--that automate phishing attacks that can bypass 2FA. Most defenses won't stop them.

russian hacking us election  putin voting fraud hacked

2016 election hacking in Florida: Russian emails, hidden tracks

The Mueller Report says the Russians planted malware on at least one Florida county system, and Florida's governor announces that two counties were hacked in 2016. Experts believe the problem could be bigger.

CSO  >  danger / security threat / malware / binary skull overlaying binary code

Malware explained: How to prevent, detect and recover from it

Malware is a blanket term for viruses, worms, trojans, and other harmful computer programs hackers use to wreak destruction and gain access to sensitive information.

CSO > Invalidated cyber insurance

Does your cyber insurance cover social engineering? Read the fine print

Some cyber insurance policies will pay only a small fraction of damages if an attacker used social engineering. Here's how to estimate the risk.

2fa sms

Why unauthenticated SMS is a security risk

Multifactor authentication that uses SMS messaging as a second factor is vulnerable to simple hacks. User education is the best defense.

Load More
You Might Also Like