How to defend your organization against social engineering attacks
Tech Republic Security
NOVEMBER 5, 2020
A security awareness program backed by multi-factor authentication can help protect your critical assets, says NordVPN Teams.
Authentication Engineering Social Engineering 
How social engineering is related to Cybersecurity
CyberSecurity Insiders
MAY 1, 2023
Social engineering is a term used to describe the manipulation of people into revealing sensitive information or performing actions that they otherwise wouldn’t. Social engineering is an age-old tactic that is often used in phishing attacks. In conclusion, social engineering is a significant threat to cybersecurity.
Join 28,000+
Insiders
Sign Up for our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
A Day in the Life of a Prolific Voice Phishing Crew
Krebs on Security
JANUARY 7, 2025
Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers. Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target.
Phishing 
332
332 
Social engineering attacks target Okta customers to achieve a highly privileged role
Security Affairs
SEPTEMBER 2, 2023
Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions.
Problems with Multifactor Authentication
Schneier on Security
OCTOBER 21, 2021
Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in.
Authentication 363
363 
FBI Warns of Cyber Attacks on Multi-Factor Authentication
Adam Levin
OCTOBER 8, 2019
The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.”
Authentication 210
210 
Artificial Intelligence: The Evolution of Social Engineering
Security Through Education
FEBRUARY 20, 2024
In the ever-evolving landscape of cybersecurity, social engineering has undergone significant transformations over the years, propelled by advancements in technology. This article delves into the historical shifts in social engineering tactics and explores how adversaries embrace new technologies to achieve their objectives.
The Impact of AI on Social Engineering Cyber Attacks
SecureWorld News
NOVEMBER 8, 2023
Social engineering attacks have long been a threat to businesses worldwide, statistically comprising roughly 98% of cyberattacks worldwide. Given the much more psychologically focused and methodical ways that social engineering attacks can be conducted, it makes spotting them hard to do.
FBI: Spike in Hacked Police Emails, Fake Subpoenas
Krebs on Security
NOVEMBER 9, 2024
“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged.
Hacking 266
266 
Social Engineering 101: What It Is & How to Safeguard Your Organization
Duo's Security Blog
DECEMBER 14, 2023
But as it turns out, John was a victim of a phishing scam, a type of social engineering attack where the cybercriminal impersonated John’s IT department to gain his trust and trick him into revealing his login credentials. What is social engineering? If it is, access is granted.
Mobile Malware Uses Deepfakes, Social Engineering to Bypass Biometric Authentication
SecureWorld News
FEBRUARY 15, 2024
A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The hackers rely heavily on social engineering tactics to distribute the malware.
FBI, CISA Echo Warnings on ‘Vishing’ Threat
Krebs on Security
AUGUST 21, 2020
” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. Consider using a formalized authentication process for employee-to-employee communications made over the public telephone network where a second factor is used to.
VPN 363
363 
New Bluetooth Vulnerability
Schneier on Security
SEPTEMBER 17, 2020
When, say, an iPhone is getting ready to pair up with Bluetooth-powered device, CTKD’s role is to set up two separate authentication keys for that phone: one for a “Bluetooth Low Energy” device, and one for a device using what’s known as the “Basic Rate/Enhanced Data Rate” standard.
Authentication 363
363 
4 Ways Hackers use Social Engineering to Bypass MFA
The Hacker News
FEBRUARY 12, 2024
When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches. However, it's important to remember that MFA isn't foolproof. It can be bypassed, and it often is.
Hackers Stole Access Tokens from Okta’s Support Unit
Krebs on Security
OCTOBER 20, 2023
Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. He said that on Oct 2.,
Social Engineering 2.0: The Rise of Deepfake Phishing
SecureWorld News
OCTOBER 3, 2023
And one of the most successful and increasingly prevalent ways of attack has come from social engineering, which is when criminals manipulate humans directly to gain access to confidential information. Social engineering is more sophisticated than ever, and its most advanced iteration is the topic of today's discussion: deepfakes.
Understanding the Deepfake Threat
SecureWorld News
FEBRUARY 13, 2025
Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Attacks on identity verification systems Bypassing biometric security: Many organizations use facial and voice recognition for authentication.
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Krebs on Security
NOVEMBER 21, 2024
The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule.
Identity Theft 240
240 
GUEST ESSAY: Why it’s high time for us to rely primarily on passwordless authentication
The Last Watchdog
JULY 24, 2023
Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. The next big thing is passwordless authentication. First and foremost, most solutions rely on connected devices like mobile phones to authenticate users.
Authentication 245
245 
Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour
IT Security Guru
FEBRUARY 25, 2025
A prime example is multi-factor authentication (MFA), a security process that requires users to verify their identity in two or more ways, such as a password, a code sent to their phone, or a fingerprint. Other Ways Threat Actors Exploit Human Behaviour In addition to fatigue attacks, malefactors weaponise social engineering.
When Low-Tech Hacks Cause High-Impact Breaches
Krebs on Security
FEBRUARY 26, 2023
GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.
Hacking 315
315 
GUEST ESSAY: How the ‘Scattered Spiders’ youthful ring defeated MFA to plunder Vegas
The Last Watchdog
NOVEMBER 19, 2023
As the companies face nine federal lawsuits for failing to protect customer data, it’s abundantly clear hackers have checkmated multi-factor authentication (MFA). But the coup de gras was how easily they brushed aside the multi-factor authentication protections. How they steamrolled multi-factor authentication is a reason for pause.
News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser
The Last Watchdog
JANUARY 30, 2025
The extension then silently authenticates the victim into a Chrome profile managed by the attackers Google Workspace. Once this authentication occurs, the attacker has full control over the newly managed profile in the victims browser, allowing them to push automated policies such as disabling safe browsing and other security features.
Google's AI Trends Report: Key Insights and Cybersecurity Implications
SecureWorld News
FEBRUARY 25, 2025
One of the report's most pressing concerns is the role of Generative AI in social engineering attacks. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.
Voice Phishers Targeting Corporate VPNs
Krebs on Security
AUGUST 19, 2020
Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.
Phishing 363
363 
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
Krebs on Security
NOVEMBER 21, 2020
In response to questions from KrebsOnSecurity, GoDaddy acknowledged that “a small number” of customer domain names had been modified after a “limited” number of GoDaddy employees fell for a social engineering scam. authenticate the phone call before sensitive information can be discussed. and 11:00 p.m.
Cryptocurrency 363
363 
On Security Tokens
Schneier on Security
MAY 1, 2019
These mechanisms may also rely on security keys, but chances are that they don't (and somewhere down the line, there's probably a fallback mechanism that uses SMS, or Google Authenticator, or an email confirmation loop, or a password, or an administrator who can be sweet talked by a social engineer).
AI-Powered Phishing: Defending Against New Browser-Based Attacks
SecureWorld News
JANUARY 22, 2025
Additionally, these conventional tools lack the contextual awareness needed to identify sophisticated social engineering tactics employed by AI-powered phishing campaigns. Multi-factor authentication (MFA) : Enforce robust MFA protocols to add an extra layer of security.
Phishing 112
112 
Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies
Security Affairs
NOVEMBER 15, 2024
The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Researchers from Gen Digital who discovered the threat, believe it is in its early development phase.
Encryption 116
116 
Retool blames breach on Google Authenticator MFA cloud sync feature
Bleeping Computer
SEPTEMBER 15, 2023
Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. [.]
The Original APT: Advanced Persistent Teenagers
Krebs on Security
APRIL 6, 2022
“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. ” Like LAPSUS$, these vishers just kept up their social engineering attacks until they succeeded.
A Closer Look at the LAPSUS$ Data Extortion Group
Krebs on Security
MARCH 23, 2022
Microsoft says LAPSUS$ — which it boringly calls “ DEV-0537 ” — mostly gains illicit access to targets via “social engineering.” ” This involves bribing or tricking employees at the target organization or at its myriad partners, such as customer support call centers and help desks.
Deceptive Google Meet Invites Lures Users Into Malware Scams
eSecurity Planet
OCTOBER 22, 2024
Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering. Enable multi-factor authentication (MFA): Implementing MFA adds layer of security to your accounts.
Scams 124
124 
Zero Trust: Your Best Friend in the Age of Advanced Threats
SecureWorld News
NOVEMBER 6, 2024
Google moved away from VPNs, instead using device-based authentication and continuous access verification, ensuring that each access request is authenticated. Deepfake social engineering: Deepfakes can mimic legitimate users to manipulate access. Take Google's BeyondCorp as an example.
Does Your Domain Have a Registry Lock?
Krebs on Security
JANUARY 24, 2020
In the case of e-hawk.net, however, the scammers managed to trick an OpenProvider customer service rep into transferring the domain to another registrar with a fairly lame social engineering ruse — and without triggering any verification to the real owners of the domain. ” REGISTRY LOCK.
DNS 303
303 
Sprint Exposed Customer Support Site to Web
Krebs on Security
JANUARY 29, 2020
KrebsOnSecurity recently contacted Sprint to let the company know that an internal customer support forum called “Social Care” was being indexed by search engines, and that several months worth of postings about customer complaints and other issues were viewable without authentication to anyone with a Web browser.
Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe
eSecurity Planet
NOVEMBER 6, 2024
Rhysida went so far as to publish sample files to verify the authenticity of the data, revealing access to a trove of information, including city databases, employee credentials, cloud management files, and even the city’s traffic camera feeds.
Ransomware 115
115 
Mishing Is the New Phishing — And It’s More Dangerous
eSecurity Planet
FEBRUARY 26, 2025
As businesses rely more on mobile devices for authentication and communication, these evolving threats are slipping past conventional security defenses, putting corporate networks at greater risk. Zimperium found that mishing activity peaked in August 2024, with over 1,000 daily attacks recorded. What is mishing?
Phishing 88
88 
Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
Krebs on Security
JANUARY 30, 2024
2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.
Instagram Hacked: Top 5 Ways to Protect Your Account
Hacker's King
DECEMBER 26, 2024
YOU MAY ALSO WANT TO READ ABOUT: Snapchat Password Cracking Tools: A Guide to Staying Safe Harness Biometric Security Features While Two-Factor Authentication (2FA) is widely recommended, integrating biometric security adds an unmatched layer of protection. Being aware of these tactics is half the battle.
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
Krebs on Security
JUNE 15, 2024
.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS.
Hacking 323
323 
Hackers obtained user data from Twilio-owned 2FA authentication app Authy
Security Affairs
JULY 4, 2024
Twilio states that threat actors have identified the phone numbers of users of its two-factor authentication app, Authy, TechCrunch reported. This week the messaging firm told TechCrunch that “threat actors” identified data of Authy users, a two-factor authentication app owned by Twilio, including their phone numbers.
Authentication 133
133 
LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025
The Last Watchdog
DECEMBER 18, 2024
Organizations face rising risks of AI-driven social engineering and personal device breaches. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. While fully agentic AI malware remains years away, the industry must prepare now.
Risk 173
173 
National Consumer Protection Week: Keeping your personal data safe in a digitally connected world
Webroot
MARCH 3, 2025
Common attacks to consumer protection Identity theft and fraud Some common types of identity theft and fraud include account takeover fraud , when criminals use stolen personal information such as account numbers, usernames, or passwords to hijack bank accounts, credit cards, and even email and social media accounts.
Let's personalize your content