Duo's Security Blog

DECEMBER 14, 2023

But as it turns out, John was a victim of a phishing scam, a type of social engineering attack where the cybercriminal impersonated John’s IT department to gain his trust and trick him into revealing his login credentials. What is social engineering? So clearly, John isn’t alone. If it is, access is granted.

Social Engineering 130

Social Engineering Engineering Phishing Passwords 130

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes.

Scams 80

Scams Social Engineering Mobile Phishing 80

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Attacks on identity verification systems Bypassing biometric security: Many organizations use facial and voice recognition for authentication.

Social Engineering 83

Social Engineering Authentication Identity Theft Engineering 83

SecureWorld News

OCTOBER 3, 2023

And one of the most successful and increasingly prevalent ways of attack has come from social engineering, which is when criminals manipulate humans directly to gain access to confidential information. Social engineering is more sophisticated than ever, and its most advanced iteration is the topic of today's discussion: deepfakes.

Social Engineering 108

Social Engineering Phishing Engineering Technology 108

Krebs on Security

AUGUST 19, 2020

Allen said a typical voice phishing or “vishing” attack by this group involves at least two perpetrators: One who is social engineering the target over the phone, and another co-conspirator who takes any credentials entered at the phishing page and quickly uses them to log in to the target company’s VPN platform in real-time.

Phishing 363

Phishing VPN Social Engineering Media 363

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. The flash scam netted the perpetrators more than $100,000 in the ensuing hours.

Social Engineering 289

Social Engineering Phishing Engineering Accountability 289

Webroot

MARCH 3, 2025

This month, take advantage of all that NCPW offers, including access to free tools and information that can help you identify and prevent online scams, fraud, and identity theft. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 84

Consumer Protection Identity Theft Scams Social Engineering 84

eSecurity Planet

NOVEMBER 6, 2024

Rhysida went so far as to publish sample files to verify the authenticity of the data, revealing access to a trove of information, including city databases, employee credentials, cloud management files, and even the city’s traffic camera feeds.

Ransomware 116

Ransomware Authentication Identity Theft Penetration Testing 116

Malwarebytes

JANUARY 12, 2022

Utilizing threats and other “social engineering” methods, individuals acting maliciously were able to exploit human error within our customer experience team and bypass two-factor authentication to gain access to player accounts. Tricky, but not impossible, and a lot of it comes down to staff training.

Social Engineering 90

Social Engineering Engineering Accountability Phishing 90

Troy Hunt

FEBRUARY 23, 2024

However, I don't fall for the scams because I look for the warning signs: a sense of urgency, fear of missing out, and strange URLs that look nothing like any parcel delivery service I know of. Urgency is a core tenet of social engineering as it encourages people to act without properly thinking it though.

Phishing 362

Phishing Scams Banking Social Engineering 362

Malwarebytes

MARCH 29, 2021

There are some scams on Steam which have stood the test of time. Like Steam phishing campaigns, this particular Steam scam—referred to loosely as the “I accidentally reported you” or “I accidentally reported your account” scam—has been coming and going since initial reports of it emerged in late 2018.

Scams 145

Scams Accountability Social Engineering Passwords 145

SecureList

MARCH 25, 2025

Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Financial phishing In 2024, online fraudsters continued to lure users to phishing and scam pages that mimicked the websites of popular brands and financial organizations. million detections compared to 5.84

Phishing 71

Phishing Banking Scams Mobile 71

eSecurity Planet

FEBRUARY 26, 2025

The research found a sharp rise in mobile phishing attacks, with cybercriminals moving away from traditional email scams in favor of SMS-based attacks. Strengthening mobile security also requires enforcing strict access controls to limit exposure and continuously educating employees on the latest social engineering tactics.

Phishing 89

Phishing Mobile Social Engineering Data breaches 89

Identity IQ

JUNE 1, 2023

The Rise of AI Social Engineering Scams IdentityIQ In today’s digital age, social engineering scams have become an increasingly prevalent threat. In fact, last year, scams accounted for 80% of reported identity compromises to the Identity Theft Resource Center (ITRC).

Social Engineering 52

Social Engineering Scams Engineering Identity Theft 52

Malwarebytes

MAY 15, 2022

Kidnap scams involve making a phone call to a victim and telling them a loved one has been taken. Things become even worse when social engineering combines with publicly available data to make it even more convincing. 2 factor authentication and password managers are good places to start. The virtual kidnap: Step by step.

Scams 131

Scams Social Engineering Password Management Engineering 131

Krebs on Security

AUGUST 30, 2022

The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. Those who submitted credentials were then prompted to provide the one-time password needed for multi-factor authentication. Image: Cloudflare.com. On that last date, Twilio disclosed that on Aug.

Mobile 339

Mobile Phishing Authentication Accountability 339

The Last Watchdog

APRIL 14, 2022

For starters, attackers leverage social engineering tactics and information gleaned from websites and social media profiles to determine employees’ working relationships and connections. We would never expect someone we know and work with to scam us, much less defraud our organization.

Phishing 247

Phishing Accountability Scams Social Engineering 247

SecureWorld News

FEBRUARY 13, 2024

As artificial intelligence continues advancing at a rapid pace, criminals are increasingly using AI capabilities to carry out sophisticated scams and attacks. The scam began with the employee receiving a phishing message purportedly from the company's chief financial officer requesting an urgent confidential transaction.

Scams 112

Scams Artificial Intelligence Social Engineering Media 112

SecureList

JULY 5, 2023

A typical phishing scam aimed at a hot wallet user works as follows: hackers send email messages addressed as coming from a well-known crypto exchange and requesting the user to confirm a transaction or verify their wallet again. As is the case with hot wallets, scammers use social engineering techniques to get to users’ funds.

Scams 132

Scams Phishing Cryptocurrency Social Engineering 132

The Last Watchdog

DECEMBER 18, 2024

Amini Pedram Amini , Chief Scientist, Opswat The sophistication and abuse of AI are escalating as costs drop, driving a surge in ML-assisted scams and attacks on physical devices. Organizations face rising risks of AI-driven social engineering and personal device breaches.

Risk 173

Risk Threat Detection Technology Phishing 173

Joseph Steinberg

JANUARY 20, 2022

And, of course, they must know, and be able to strongly authenticate, any human users as well. Consider the case of ransomware, for example, and the fact that the number of successful ransomware attacks has skyrocketed in recent years. They must also understand their business processes down to a granular level.

Cybersecurity 363

Cybersecurity Artificial Intelligence Ransomware Social Engineering 363

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

Security Boulevard

JANUARY 26, 2023

Summary In the midst of significant layoffs hitting the previously immune tech industry, scammers have mobilized and doubled down on targeting job seekers with various employment scams. Fig 8 - Source code showing commented-out credit card validation element The malicious domain used in this scam - zscaler-finance-analyst-strategy[.]live,

Scams 131

Scams Identity Theft Social Engineering Advertising 131

Webroot

FEBRUARY 13, 2024

In the digital age, the quest for love has moved online, but so have the fraudsters, with romance scams reaching record highs. These scams don’t just harm individuals financially and emotionally; they can also pose significant risks to businesses.

Scams 110

Scams Cryptocurrency Media Education 110

Malwarebytes

DECEMBER 28, 2023

In 2023, the public primarily confronted two varieties of online scams: the technical and the topical. Technical scams abuse legitimate aspects of modern internet infrastructure to lead users to illegitimate or compromised sites. Topical scams, on the other hand, are simpler. We know these scams all too well.

Scams 112

Scams Accountability Social Engineering Small Business 112

Krebs on Security

FEBRUARY 28, 2023

Countless websites and online services use SMS text messages for both password resets and multi-factor authentication. First, they included an offer to use a mutually trusted “middleman” or escrow provider for the transaction (to protect either party from getting scammed). ” TMO UP!

Mobile 340

Mobile Phishing Authentication Advertising 340

Identity IQ

MAY 16, 2023

The Growing Threat of Google Voice Scams IdentityIQ Imagine this: You’re eagerly selling an antique dresser on Facebook Marketplace and a prospective buyer communicates interest in it. However, they express concern that you may be trying to scam them. What is a Google Voice Scam? What is Google Voice? phone number.

Scams 98

Scams Identity Theft Accountability Authentication 98

Security Affairs

SEPTEMBER 5, 2022

The phishing campaign bypassed native Google Workspace email security controls because it passed both DKIM and SPF email authentication. The post A new phishing scam targets American Express cardholders appeared first on Security Affairs. The page was crafted to request the victims to enter their user ID and password.

Phishing 100

Phishing Scams Social Engineering Password Management 100

Security Affairs

APRIL 8, 2024

The Health Sector Cybersecurity Coordination Center (HC3) recently observed threat actors using sophisticated social engineering tactics to target IT help desks in the health sector. The attackers aim at gaining initial access to target organizations.

Social Engineering 137

Social Engineering Healthcare Engineering Accountability 137

Malwarebytes

JUNE 19, 2023

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. A 21 year old man named David Smith, from Connecticut, allegedly figured out a way to extract large quantities of cash from drivers with a scam stretching back to 2020.

Scams 98

Scams Phishing Password Management Passwords 98

Malwarebytes

OCTOBER 18, 2022

Unfortunately, scams are a fact of life online. The virtual ties that bind us are international now: Our public telephone numbers, social media accounts, email addresses, messaging apps, dating profiles, and even our physical mailboxes, can all be reached by any criminal and con artist from anywhere in the world.

Scams 98

Scams Social Engineering Media Accountability 98

Identity IQ

JANUARY 11, 2024

New AI Scams to Look Out For in 2024 IdentityIQ Artificial intelligence (AI) has quickly reshaped many aspects of everyday life. Here are three new AI scams to look out for in 2024 as well as some tips to help protect yourself and stay prepared for the explosive development of AI.

Scams 98

Scams Artificial Intelligence Identity Theft Phishing 98

Spinone

NOVEMBER 12, 2020

What is social engineering? Social engineering is a manipulative technique used by criminals to elicit specific actions in their victims. Social engineering is seldom a stand-alone operation. money from a bank account) or use it for other social engineering types. Check recipient.

Social Engineering 52

Social Engineering Engineering Phishing Banking 52

The Last Watchdog

APRIL 28, 2020

Related: Coronavirus scams leverage email As we get deeper into dealing with the coronavirus outbreak, the need for authorities and experts to communicate reliably and effectively with each other, as well as to the general public, is vital. That, of course, presents the perfect environment for cybercrime that pivots off social engineering.

Social Engineering 174

Social Engineering Cyber Attacks Scams Engineering 174

The Last Watchdog

NOVEMBER 29, 2022

The fraudster commences the social engineering by irritating the targeted victim, and then follows up with an an offer to alleviate the annoyance. The nag might be a spoofed multifactor authentication push or system error alert – a notification message that annoying repeats on a seemingly infinite loop.

Phishing 214

Phishing Social Engineering Scams Software 214

Adam Levin

JULY 15, 2020

The personal Twitter accounts of Elon Musk, Barack Obama, Joe Biden, Bill Gates, Jeff Bezos, Kanye West, Warren Buffett in addition to the official corporate accounts of Apple, Uber, and Cash were hijacked for several hours July 15 in an apparent Bitcoin scam. I am giving back to the community.

Hacking 167

Hacking Social Engineering Scams Accountability 167

Hacker's King

DECEMBER 25, 2024

Phishing Scams : Fake login pages or deceptive messages trick users into providing their credentials. Social Engineering : Attackers manipulate victims into sharing personal information, such as passwords or answers to security questions. Enable Two-Factor Authentication (2FA) : Activate 2FA in Snapchat settings.

Passwords 52

Passwords Social Engineering Accountability Scams 52