Duo's Security Blog

DECEMBER 14, 2023

A few days later, John finds himself locked out of his account, and quickly learns that the password reset link he clicked earlier did not come from his company. He took the steps needed to keep his account safe by following the directions from his IT team. What is social engineering? John is a diligent employee.

Social Engineering 129

Social Engineering Engineering Phishing Passwords 129

Krebs on Security

DECEMBER 29, 2020

With the ongoing disruption to life and livelihood wrought by the Covid-19 pandemic, 2020 has been a fairly horrid year by most accounts. In almost every category — from epic breaches and ransomware to cybercrime justice and increasingly aggressive phishing and social engineering scams — 2020 was a year that truly went to eleven.

Scams 300

Scams Social Engineering Cybercrime Advertising 300

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing 332

Phishing Cryptocurrency Accountability Social Engineering 332

Security Boulevard

DECEMBER 14, 2021

Phishing scams continue to top the list of cybercrimes. Unfortunately, it’s likely 2022 will continue this trend as these types of social engineering attacks become more sophisticated. Phishing attacks account for more than 80% of reported security incidents. The statistics are alarming.

Scams 126

Scams Phishing Social Engineering Cybercrime 126

Security Through Education

MARCH 22, 2023

What does a government scam, an IT support scam and a romance scam have in common? They all use psychology and social engineering skills to convince their victims to take an action that is detrimental to them. Let’s see what lessons we can learn from scam artists to better protect ourselves.

Scams 122

Scams Social Engineering Engineering Media 122

Security Through Education

MARCH 3, 2025

When I first heard of social engineering, about 6 years ago, I couldnt define it clearly and concisely if you had offered me millions of dollars. ’ Lets re-visit what social engineering really means, how people use it, and how you can start protecting yourself from it. Either way, lets refresh and learn together!

Social Engineering 59

Social Engineering Engineering Scams Banking 59

Adam Levin

OCTOBER 8, 2019

In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.” The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA).

Authentication 210

Authentication Cyber Attacks Social Engineering Engineering 210

Krebs on Security

AUGUST 19, 2020

According to interviews with several sources, this hybrid phishing gang has a remarkably high success rate, and operates primarily through paid requests or “bounties,” where customers seeking access to specific companies or accounts can hire them to target employees working remotely at home. A phishing page (helpdesk-att[.]com)

Phishing 363

Phishing VPN Social Engineering Media 363

Adam Levin

JULY 10, 2020

billion records have already been exposed, and that’s only accounting for the first quarter of 2020. Phishing scams skyrocketed as citizens self-isolated during the lockdown, and social-engineering schemes defrauded Internet users of millions.”. MGM Resorts (10.6 Marriott (5.2

Data breaches 252

Data breaches Social Engineering Antivirus Scams 252

Malwarebytes

MARCH 29, 2021

Suppose that, out of the blue, a Steam user tells you they’ve accidentally reported you for something you didn’t do, like making an illegal purchase, and that your Steam account is going to be suspended. There are some scams on Steam which have stood the test of time. The Steam scam playthrough. What do you do?

Scams 145

Scams Accountability Social Engineering Passwords 145

eSecurity Planet

OCTOBER 22, 2024

These malware scams lure individuals with fake conference invitations designed to mimic legitimate meeting requests and exploit users’ trust. Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues.

Scams 124

Scams Malware Phishing Social Engineering 124

Krebs on Security

JULY 22, 2020

These individuals said they were only customers of the person who had access to Twitter’s internal employee tools, and were not responsible for the actual intrusion or bitcoin scams that took place that day. ever so anxious” said he was 19 and lived in the south of England with his mother. They would take a cut from each transaction.”

Hacking 321

Hacking Accountability Scams Media 321

SecureWorld News

OCTOBER 3, 2023

And one of the most successful and increasingly prevalent ways of attack has come from social engineering, which is when criminals manipulate humans directly to gain access to confidential information. Social engineering is more sophisticated than ever, and its most advanced iteration is the topic of today's discussion: deepfakes.

Social Engineering 109

Social Engineering Phishing Engineering Technology 109

Krebs on Security

APRIL 6, 2022

The smash-and-grab attacks by LAPSUS$ obscure some of the group’s less public activities, which according to Microsoft include targeting individual user accounts at cryptocurrency exchanges to drain crypto holdings. The flash scam netted the perpetrators more than $100,000 in the ensuing hours.

Social Engineering 281

Social Engineering Phishing Engineering Accountability 281

Webroot

JANUARY 5, 2022

Each year, as online shopping ramps up in the weeks before the holidays, so do online scams targeting the elderly. In fact, COVID-19, Zoom meetings, vaccination recommendations and travel warnings all provide ample and unique precedent for social engineering attacks. The most common types of online elder fraud.

Scams 135

Scams Social Engineering Antivirus Internet 135

Joseph Steinberg

JANUARY 19, 2024

When I answered, however, I heard a message that my account was overdue and that service was going to be cut off for non-payment. Of course, scam calls warning about the termination of utility service if a payment is not made immediately are nothing new. I was tempted to ask the caller if she could see my payment for $527.01

Scams 270

Scams Artificial Intelligence Accountability Data breaches 270

CyberSecurity Insiders

JANUARY 25, 2023

United States Cybersecurity and Infrastructure Security Agency (CISA) along with two other agencies; National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a warning to federal agencies against a phishing scam taking place through Remote Monitoring and Management (RMM) Software.

Scams 134

Scams Software Phishing Social Engineering 134

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on their own accord.

Scams 134

Scams Phishing Social Engineering Banking 134

SecureWorld News

MARCH 11, 2022

Famed hacker Kevin Mitnick learned early on to use emotion to manipulate and socially engineer his targets. At the time, his targets were typically sysadmins, and the social engineering started with a phone call. If you hover over the link you'll see it goes to a scam site called mothersawakening.

Social Engineering 97

Social Engineering Engineering Phishing Accountability 97

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The researchers identified around 15,000 actor accounts, most of which were created for this campaign. Hijacked channels ranged from $3 USD to $4,000 USD depending on the number of subscribers. Pierluigi Paganini.

Accountability 144

Accountability Malware Phishing Social Engineering 144

The Last Watchdog

APRIL 2, 2024

It’s a digital swindle as old as the internet itself, and yet, as the data tells us, the vast majority of security incidents are still rooted in the low-tech art of social engineering. Related: AI makes scam email look real Fresh evidence comes from Mimecast’s “The State of Email and Collaboration Security” 2024 report.

Social Engineering 211

Social Engineering Technology Engineering Accountability 211

Krebs on Security

OCTOBER 25, 2018

The fraudsters behind the often laughable Nigerian prince email scams have long since branched out into far more serious and lucrative forms of fraud, including account takeovers, phishing, dating scams, and malware deployment. The FBI says BEC scams netted thieves more than $12 billion between 2013 and 2018.

Scams 217

Scams Accountability Media Banking 217

Malwarebytes

FEBRUARY 10, 2021

English: the international language of scamming. In one week, small campaigns can account for more than 100 million phishing / malware mails targeting Gmail users. Whether this is due to older users being theoretically more susceptible to scams, or simply that their online footprint is easier to find, is not decided either way.

Scams 140

Scams Phishing Data breaches Malware 140

Hacker Combat

OCTOBER 25, 2021

Google has reported that it disrupted the phishing attacks where threat actors had tried to hijack various YouTube accounts using cookie theft malware. The hijacker’s intent was to use those accounts to promote different crypto-currency scams. . Such accounts have a buying price ranging from $3 to $4,000. . and email.cz.

Accountability 126

Accountability Malware Scams Antivirus 126

SecureList

JULY 5, 2023

A typical phishing scam aimed at a hot wallet user works as follows: hackers send email messages addressed as coming from a well-known crypto exchange and requesting the user to confirm a transaction or verify their wallet again. As is the case with hot wallets, scammers use social engineering techniques to get to users’ funds.

Scams 132

Scams Phishing Cryptocurrency Social Engineering 132

CyberSecurity Insiders

JULY 12, 2022

But in reality, they just divert the customer to a web page that makes them submit credentials that can lead to larger scams, such as identity thefts, soon. They also seem to develop multiple social engineering attacks per week to impersonate renowned brands just to mint money.

Scams 115

Scams Identity Theft Social Engineering Banking 115

The Last Watchdog

APRIL 6, 2020

This can make them particularly susceptible to social engineering trickery, the trigger for online extortion and fraud campaigns, Bastable told me. These scams rely on the failure of a subordinate employee to recognize a cleverly spoofed email directive. The total stolen: $2.3 The FBI is investigating. No arrests have been made.

Scams 147

Scams Social Engineering Ransomware Engineering 147

Malwarebytes

AUGUST 22, 2022

In her post , she broke down the scam into four phases, reflecting the scammers' intent in each stage: Dismay, Isolate, Overwhelm, and Intimidate. When she was about to enter her bank account PIN, she remembered she wasn't supposed to share it with anyone. She then realized she was about to be scammed. Source: Chasseur Group).

Social Engineering 97

Social Engineering Engineering Banking Scams 97

Malwarebytes

MAY 15, 2022

Kidnap scams involve making a phone call to a victim and telling them a loved one has been taken. Things become even worse when social engineering combines with publicly available data to make it even more convincing. Don’t leave contact details of family members stored in easily compromised email accounts.

Scams 133

Scams Social Engineering Password Management Engineering 133

Security Boulevard

OCTOBER 4, 2024

In a pig butchering scam, fake trading apps first available on Google and Apple apps stores and later on phishing download sites lured victims into depositing money into fraudulent accounts, which was then stolen, according to a report from Group-IB.

Scams 119

Scams Phishing Accountability Social Engineering 119

Malwarebytes

AUGUST 19, 2021

It makes use of social engineering in a similar fashion to other pandemic-themed SMS texts, with a strong psychological aspect tied in for good measure. This doesn’t get a free pass to your bank account. It’s also worth noting there’s been a number of other scams along these same lines.

Scams 117

Scams Social Engineering Banking Engineering 117

The Last Watchdog

APRIL 14, 2022

The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. In actuality, the request is coming from a BEC fraud ring, and the payment details direct the funds to an account controlled by the attackers. Scenario 2. Scenario 3. Planned attacks.

Phishing 247

Phishing Accountability Scams Social Engineering 247

Adam Levin

MARCH 16, 2020

billion, or roughly half, of the total losses in 2019 were attributed to generic email account compromise (EAC) complaints. Taking into account unknowables, we’re talking about a ballpark cost of roughly $75,000 per BEC-related complaint. billion in BEC scam-related losses the year before.

Scams 130

Scams Identity Theft Phishing Accountability 130

Heimadal Security

SEPTEMBER 22, 2022

The large number of subscribers has attracted threat groups that are looking to score with a social engineering campaign. Scammers send phishing emails trying to convince Netflix users that their account is somehow in jeopardy, and […].

Scams 93

Scams Phishing Social Engineering Engineering 93

Malwarebytes

AUGUST 13, 2021

A fair few cryptocurrency scams have been doing the rounds across 2021. One of the sneakiest ways to grab a code is to jump into customer support discussions on social media. Scammers set up fake customer support style accounts, then direct potential victims to phishing pages hosted elsewhere. 419 crypto scam. Conclusion.

Scams 115

Scams Cryptocurrency Social Engineering Media 115

SecureList

JULY 11, 2022

E-mail scammers typically combine social engineering with technical skills to bypass spam filters and persuade the recipient to reply. In terms of topics and techniques, text-based fraud can be divided into several types: Dating scams. Let’s take a look at these types of scams and see why they work. Dating scams.

Scams 133

Scams Accountability Banking Phishing 133

SC Magazine

APRIL 8, 2021

No wonder scam artists are taking notice and jumping on the bandwagon. But in other cases they are attempting to trick users into inputting their account credentials or credit card data, allowing the perpetrators to steal their valuable information. And it’s not hard to speculate when scams could go from here. billion in 2020.

Scams 137

Scams Cryptocurrency Phishing Marketing 137