Information Security, Scams and Social Engineering

Social Engineering from the Attacker Perspective

Security Through Education

FEBRUARY 9, 2022

At Social-Engineer, LLC (SECOM), we define social engineering as “any act that influences a person to take an action that may or may not be in their best interest.” If you Google “social engineering,” you will get a very different and more negative definition. billion to phone scams.

Social Engineering

Social Engineering Engineering Scams Education

Crazy Evil gang runs over 10 highly specialized social media scams

Security Affairs

FEBRUARY 3, 2025

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND, which are running targeted scams for specific victim profiles.

Scams

Scams Media Cryptocurrency Cybercrime

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

SecureWorld News

MARCH 20, 2025

March Madness is here, and while fans are busy filling out brackets and making last-minute bets, cybercriminals are running their own full-court presstargeting unsuspecting fans with phishing scams, fake betting apps, and credential-harvesting schemes.

Scams

Scams Social Engineering Mobile Phishing

Cyber Scams & Why We Fall for Them

Security Boulevard

OCTOBER 25, 2024

Gary Perkins, Chief Information Security Officer Social engineers rely on two key psychological triggers: urgency and empathy. In today’s hyper-connected world, cybersecurity […] The post Cyber Scams & Why We Fall for Them appeared first on CISO Global.

Scams

Scams Social Engineering CISO Engineering

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Security Affairs

JANUARY 21, 2025

CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber scams involving threat actors impersonating the agency by sending fraudulent AnyDesk connection requests under the guise of security audits.

Social Engineering

Social Engineering Scams Engineering Software

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Similar scams were reported globally. McAfee researchers discovered 15 SpyLoan Android apps on Google Play with a combined total of over 8 million installs.

Social Engineering

Social Engineering Media Mobile Scams

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Security Affairs

NOVEMBER 21, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks.

Cybercrime

Cybercrime Identity Theft Cryptocurrency Phishing

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Joseph Steinberg

JANUARY 20, 2022

Zero Trust is a concept, an approach to information security that dramatically deviates from the approach commonly taken at businesses worldwide by security professionals for many years. . • Zero Trust cannot be purchased off the shelf even from a combination of vendors. So, what is Zero Trust – in layman’s terms?

Cybersecurity

Cybersecurity Artificial Intelligence Ransomware Social Engineering

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays.

Social Engineering

Social Engineering Phishing Banking DNS

Protecting employees from job offer scams can lead to awkward but important conversations

SC Magazine

APRIL 1, 2021

Google on Wednesday evening announced that North Korean hackers have continued to target information security professionals with fake job offers, perpetuating a campaign that previously involved the use of a zero-day browser exploit. (Image from Google blog).

Scams

Scams Social Engineering Phishing Engineering

CryptoRom: OkCupid scam cost Florida man $480k – we followed the money to Binance

Security Affairs

APRIL 27, 2023

CyberNews analyzed a classic cryptocurrency romance scam, also known as CryptoRom, explaining how scammers hid the money CryptoRom scammers hid the money with several layers of obfuscation, but the Cybernews research team discovered that the stolen funds ended up in Binance accounts. Here’s how we did it. Cybernews researcher team said.

Scams

Scams Cryptocurrency Social Engineering Accountability

Phone Scam Targets Psychologists, All My Apes Gone, Supply Chain Skimmer Attack

Security Boulevard

JANUARY 10, 2022

A phone scam targeting psychologists reveals that even professionals can become victims, stolen multi-million-dollar NFT’s results in a “all my apes gone” plea for help, and details on a skimmer supply chain attack on more than 100 real estate websites. ** Links mentioned on the show ** The Phone Scam That Targets Psychologists [link] Thieves […].

Scams

Scams Social Engineering Engineering InfoSec

A new phishing scam targets American Express cardholders

Security Affairs

SEPTEMBER 5, 2022

Below are the recommendations provided by Armorblox to identify phishing messages: Augment native email security with additional controls; Watch out for social engineering cues; Follow multi-factor authentication and password management best practices; Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Scams Social Engineering Password Management

A member of the Scattered Spider cybercrime group pleads guilty

Security Affairs

APRIL 7, 2025

Scattered Spider members are part of a broader cybercriminal community called The Com, where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks. In January 2024, U.S.

Cybercrime

Cybercrime Identity Theft Social Engineering Hacking

Ransomware realities in 2023: one employee mistake can cost a company millions

Security Affairs

OCTOBER 17, 2023

With 85% of campaigns targeting victims with phishing emails containing malicious links, another form of a social engineering attack, education and cyber vigiliance remain a high priority. Why should employers educate employees about cyber security? This method was identified as vishing – a voice-based phishing attack.

Social Engineering

Social Engineering Ransomware Engineering Phishing

U.S. Department of Health warns of attacks against IT help desks

Security Affairs

APRIL 8, 2024

The Health Sector Cybersecurity Coordination Center (HC3) recently observed threat actors using sophisticated social engineering tactics to target IT help desks in the health sector. The attackers aim at gaining initial access to target organizations.

Social Engineering

Social Engineering Healthcare Engineering Accountability

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Security Affairs

SEPTEMBER 29, 2024

How the Necro Trojan infiltrated Google Play, again Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware “Marko Polo” Navigates Uncharted Waters With Infostealer Empire Octo2: European Banks Already Under Attack by New Malware Variant Infostealer malware bypasses Chrome’s new cookie-theft defenses AI-Generated Malware Found in the Wild (..)

Malware

Malware Social Engineering IoT Scams

Protecting employees from job offer scams can lead to awkward but important conversations

SC Magazine

APRIL 1, 2021

Google on Wednesday evening announced that North Korean hackers have continued to target information security professionals with fake job offers, perpetuating a campaign that previously involved the use of a zero-day browser exploit. (Image from Google blog).

Scams

Scams Social Engineering Phishing Engineering

LastPass employee targeted via an audio deepfake call

Security Affairs

APRIL 12, 2024

” The employee ignored the contact and reported the attempt to the security team, the company confirmed that the incident did not impact the company. LastPass shared the incident to raise awareness about using deepfakes for CEO fraud and other scams. concludes the report.

Social Engineering

Social Engineering Scams Password Management Technology

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 9, 2025

What are the risks?

Spyware

Spyware Cybercrime Scams Social Engineering

The Rise of AI Voicemail Scams, Political Donation Privacy Concerns

Security Boulevard

SEPTEMBER 15, 2024

In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. Join […] The post The Rise of AI Voicemail Scams, Political Donation Privacy Concerns appeared first on Shared Security Podcast.

Scams

Scams Social Engineering Data privacy Engineering

Security awareness training: An educational asset you can’t be without

Webroot

JANUARY 19, 2022

Through a series of effective delivery modules, SAT provides employees with relevant information and knowledge on topics like social engineering, malware, compliance and information security. Effective security awareness training can significantly boost your organization’s security posture.

Security Awareness

Security Awareness Education Phishing Social Engineering

YouTube creators’ accounts hijacked with cookie-stealing malware

Security Affairs

OCTOBER 20, 2021

Once hijacked the channel, attackers either sell it to the highest bidder or employ it in cryptocurrency scam scheme. The hackers used fake collaboration opportunities (i.e. a demo for anti-virus software, VPN, music players, photo editing or online games) to hijack the channel of YouTube creators.

Accountability

Accountability Malware Phishing Social Engineering

New Coronavirus-themed malspam campaign delivers FormBook Malware

Security Affairs

MARCH 8, 2020

This week, the Department of Homeland Security’s cybersecurity agency shared the following tips on how to prevent Coronavirus-themed: Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.

Malware

Malware Scams Social Engineering Phishing

Apple Finally Adopts RCS, AI Powered Scams Targeting the Elderly

Security Boulevard

NOVEMBER 26, 2023

The conversation shifts to Apple’s upcoming support for Rich Communication Services (RCS) and the potential security implications. Lastly, Tom and Kevin reflect on reports of AI-powered voice cloning scams targeting […] The post Apple Finally Adopts RCS, AI Powered Scams Targeting the Elderly appeared first on Shared Security Podcast.

Scams

Scams Security Awareness Social Engineering Data privacy

Top 5 Attack Vectors to Look Out For in 2022

Security Affairs

OCTOBER 21, 2021

Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of incentive to focus on what works best in achieving their goals. Some threat actors carry out phishing attacks using social media and networking platforms, such as Twitter or LinkedIn. Stolen Credentials.

IoT

IoT Phishing Passwords Scams

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Security Affairs

JUNE 20, 2020

The crooks exploited online tools and technology along with social engineering tactics to target the victims and steal usernames, passwords, and bank accounts. Okpoh, Benson and Kayode conducted romance scams and were involved in money laundering along with Uzuh. ” continues OFAC.

Social Engineering

Social Engineering Scams Small Business Banking

Security Researchers Find Nearly 400,000 Exposed Databases

eSecurity Planet

MAY 3, 2022

The CRI report surveyed over 3,500 chief information security officers (CISOs), IT professionals and managers from Asia-Pacific, North America, Europe, and South America in the latter part of 2021. As a result, companies are spending on information security tools to enable secure remote work and increase business efficiency.

Social Engineering

Social Engineering Internet Internet Risk

UK police arrested a 17-year-old linked to the Scattered Spider gang

Security Affairs

JULY 22, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks.

Cybercrime

Cybercrime Social Engineering Hacking Scams

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

In an adaptive phishing campaign, attackers gather specific information about victims through various sources, such as social media, public websites, and previous data breaches. One of the key elements of these campaigns is social engineering, which aims to psychologically manipulate victims.

Phishing

Phishing Education Social Engineering Media

Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

Security Affairs

AUGUST 23, 2024

The person responsible for the cave is a 29-year-old Russian citizen who would have received cryptocurrencies that would be part of a cyber scam carried out by North Korean hackers who made off with a loot of US$100 million, an operation that was investigated by the Federal Bureau of Investigation (FBI) of the United States .”

Cryptocurrency

Cryptocurrency Social Engineering Hacking Engineering

Spanish police arrested an alleged member of the Scattered Spider group

Security Affairs

JUNE 17, 2024

Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks.

Cybercrime

Cybercrime Hacking Social Engineering Cryptocurrency

The High Stakes of Cybersecurity in Online Gambling

SecureWorld News

SEPTEMBER 12, 2024

Fraud: Sophisticated scams, including bonus abuse and account takeovers, pose significant financial risks. Online betting is a potentially exciting activity for interested gamers, but they should always proceed with patience, vigilance, and caution," said Cliff Steinhauer , Director, Information Security and Engagement, at the NCA.

Cybersecurity

Cybersecurity Scams Phishing Mobile

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

This quirk made the attack look more trustworthy and added a layer of flexibility to these scams. David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. The FBI-themed ransomware was one of the most prolific infections at the time.

Ransomware

Ransomware Hacking Encryption Penetration Testing

3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

Security Affairs

SEPTEMBER 24, 2021

Now, however, the expanded compilation – if genuine – “could serve as a goldmine for scammers,” says CyberNews senior information security researcher Mantas Sasnauskas. People tend to overshare information on social media. With that said, the database could be sold piecemeal. Spamming 3.8

Passwords

Passwords Media Accountability Scams

Reading INTERPOL the African Cyberthreat Assessment Report 2021

Security Affairs

OCTOBER 30, 2021

The top five threats are: Online Scams – For African member countries, the highest-reported and most pressing cyberthreat across the region was identified as online scamming. This threat seeks to target and take advantage of victims’ fears, insecurities, and vulnerabilities through phishing, mass mailing and social engineering.

Cybercrime

Cybercrime Scams DDOS Banking

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

Security Affairs

OCTOBER 20, 2020

Group-IB assisted Paxful, an international peer-to-peer cryptocurrency marketplace, in countering web-bot and social engineering attacks. Powered with Group-IB’s solution for online fraud prevention Secure Portal , the platform has managed to fight off over 220,000 requests from web-bots in just two months, shielding its 4.5

Cryptocurrency

Cryptocurrency Social Engineering eCommerce Engineering

NIST and No-notice: Finding the Goldilocks zone for phishing simulation difficulty

Webroot

OCTOBER 19, 2021

Practical exercises include no-notice social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking, via spear-phishing attacks, malicious web links.” – NIST SP 800-53, Rev. 5, Section 5.3 (pg.

Phishing

Phishing Security Awareness Scams Social Engineering

Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

SEPTEMBER 8, 2024

Head Mare hacktivist group targets Russia and Belarus Zyxel fixed critical OS command injection flaw in multiple routers VMware fixed a code execution flaw in Fusion hypervisor U.S.

Data breaches

Data breaches Artificial Intelligence Social Engineering Hacking

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Security Affairs

JANUARY 3, 2024

Resecurity has uncovered a cybercriminal faction known as “ GXC Team “, who specializes in crafting tools for online banking theft, ecommerce deception, and internet scams. These methods are commonly employed in wire fraud and well-known bogus invoice scams. billion on organizations.

Artificial Intelligence

Artificial Intelligence Banking Scams Cybercrime

Revolut security breach: data of +50,000 users exposed

Security Affairs

SEPTEMBER 19, 2022

The Lithuanian State Data Protection Inspectorate has started an investigation into the security breach, according to preliminary data, threat actors had access to the Revolut database through the use of social engineering techniques. Upon discovering the intrusion, the security team promptly locked out the threat.

Social Engineering

Social Engineering Data breaches Scams Engineering

Ocala City in Florida lost $742,000 following BEC attack

Security Affairs

NOVEMBER 4, 2019

Business email compromise scam (BEC) continues to target organizations worldwide, crooks stole $742,000 from Ocala City in Florida. The City of Ocala in Florida is the last victim in order of time of a profitable business email compromise scam (BEC) attack, fraudsters redirected over $742,000 to a bank account under their control.

Scams

Scams Banking Social Engineering Accountability

Microsoft warns of the rise of cryware targeting hot wallets

Security Affairs

MAY 18, 2022

Experts also warn of scams and other social engineering attacks that cybercriminals use to trick victims into sending funds to the attackers’ wallets.

Cryptocurrency

Cryptocurrency Social Engineering Malware Cybercrime

Social Engineering from the Attacker Perspective

Crazy Evil gang runs over 10 highly specialized social media scams

Trending Sources

March Madness Meets Cyber Mayhem: How Cybercriminals Are Playing Offense this Season

Cyber Scams & Why We Fall for Them

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

15 SpyLoan Android apps found on Google Play had over 8 million installs

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

US DoJ charges five alleged members of the Scattered Spider cybercrime gang

Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Protecting employees from job offer scams can lead to awkward but important conversations

CryptoRom: OkCupid scam cost Florida man $480k – we followed the money to Binance

Phone Scam Targets Psychologists, All My Apes Gone, Supply Chain Skimmer Attack

A new phishing scam targets American Express cardholders

A member of the Scattered Spider cybercrime group pleads guilty

Ransomware realities in 2023: one employee mistake can cost a company millions

U.S. Department of Health warns of attacks against IT help desks

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 13

Protecting employees from job offer scams can lead to awkward but important conversations

LastPass employee targeted via an audio deepfake call

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

The Rise of AI Voicemail Scams, Political Donation Privacy Concerns

Security awareness training: An educational asset you can’t be without

YouTube creators’ accounts hijacked with cookie-stealing malware

New Coronavirus-themed malspam campaign delivers FormBook Malware

Apple Finally Adopts RCS, AI Powered Scams Targeting the Elderly

Top 5 Attack Vectors to Look Out For in 2022

U.S. authorities sanction six Nigerian nationals for BEC and Romance Fraud

Security Researchers Find Nearly 400,000 Exposed Databases

UK police arrested a 17-year-old linked to the Scattered Spider gang

“My Slice”, an Italian adaptive phishing campaign

Russian national arrested in Argentina for laundering money of crooks and Lazarus APT

Spanish police arrested an alleged member of the Scattered Spider group

The High Stakes of Cybersecurity in Online Gambling

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

3.8 billion Clubhouse and Facebook user records allegedly scraped and merged, put for sale online

Reading INTERPOL the African Cyberthreat Assessment Report 2021

Pay it safe: Group-IB aids Paxful in repelling a series of web-bot attacks

NIST and No-notice: Finding the Goldilocks zone for phishing simulation difficulty

Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybercriminals Implemented Artificial Intelligence (AI) for Invoice Fraud

Revolut security breach: data of +50,000 users exposed

Ocala City in Florida lost $742,000 following BEC attack

Microsoft warns of the rise of cryware targeting hot wallets

Stay Connected