Phishing and Social Engineering - Cyber Security Informer

Clever Social Engineering Attack Using Captchas

Schneier on Security

SEPTEMBER 20, 2024

It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line. This is really interesting.

Social Engineering

Social Engineering Engineering Phishing Malware

New cybersecurity data reveals persistent social engineering vulnerabilities

Tech Republic Security

FEBRUARY 8, 2023

The post New cybersecurity data reveals persistent social engineering vulnerabilities appeared first on TechRepublic. Ransomware was down last year, though LockBit led threat actors and employees opened a third of the toxic emails in the last six months of 2022.

Social Engineering

Social Engineering Engineering Cybersecurity Ransomware

Using AI to Scale Spear Phishing

Schneier on Security

AUGUST 13, 2021

The problem with spear phishing it that it takes time and creativity to create individualized enticing phishing emails. The real risk isn’t that AI-generated phishing emails are as good as human-generated ones, it’s that they can be generated at much greater scale. Defcon presentation and slides.

Phishing

Phishing Risk Social Engineering Artificial Intelligence

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

Thanks FedEx, This is Why we Keep Getting Phished

Troy Hunt

FEBRUARY 23, 2024

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. And so, when I received the following SMS earlier this week I was expecting a parcel and I was expecting phishing attacks: So. Parcel or phish?

Phishing

Phishing Scams Banking Social Engineering

Artificial Intelligence: The Evolution of Social Engineering

Security Through Education

FEBRUARY 20, 2024

In the ever-evolving landscape of cybersecurity, social engineering has undergone significant transformations over the years, propelled by advancements in technology. This article delves into the historical shifts in social engineering tactics and explores how adversaries embrace new technologies to achieve their objectives.

Social Engineering

Social Engineering Artificial Intelligence Engineering Phishing

Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks

Tech Republic Security

MARCH 4, 2021

Cybercriminals have changed tactics since COVID-19, with surgically precise social engineering attacks targeting business apps replacing batch-and-blast phishing.

Phishing

Phishing Social Engineering Engineering

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

SEPTEMBER 2, 2023

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions.

Social Engineering

Social Engineering Engineering Authentication Accountability

Social Engineering Stories: One Phish, Two Vish, and Tips for Stronger Defenses

NetSpi Executives

OCTOBER 25, 2024

This year’s theme is “Secure Our World” with an emphasis on recognizing phishing and vishing attempts – two prevalent tactics used by bad actors to exploit unsuspecting individuals. Part of the requirements for a standard phishing test is allowlisting our sending domains. However, no emails were opened during this initial campaign.

Social Engineering

Social Engineering Engineering Phishing Penetration Testing

ReliaQuest Uncovers New Black Basta Social Engineering Technique

Digital Shadows

OCTOBER 25, 2024

During the investigation, we discovered a wider trend: a campaign of escalated social engineering tactics originally associated with the ransomware group “Black Basta.” Threat actors are using domains like the following for this QR-code phishing activity: qr-s1[.]com What Happened? com qr-s2[.]com com qr-s3[.]com com qr-s4[.]com

Social Engineering

Social Engineering Engineering Phishing Accountability

Voice Phishers Targeting Corporate VPNs

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries.

Phishing

Phishing VPN Social Engineering Media

Social Engineering 101: What It Is & How to Safeguard Your Organization

Duo's Security Blog

DECEMBER 14, 2023

But as it turns out, John was a victim of a phishing scam, a type of social engineering attack where the cybercriminal impersonated John’s IT department to gain his trust and trick him into revealing his login credentials. What is social engineering? Every day criminals send millions of phishing emails.

Social Engineering

Social Engineering Engineering Phishing Passwords

Over 600,000 Personal Records Exposed by Data Broker

Tech Republic Security

DECEMBER 3, 2024

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking

Hacking Social Engineering Phishing Scams

UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base

Penetration Testing

DECEMBER 10, 2024

The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a security advisory (CERT-UA#12414) detailing a sophisticated phishing campaign targeting organizations within Ukraine’s defense industrial base.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing

Phishing Social Engineering Engineering Security Awareness

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

The Hacker News

JULY 29, 2024

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script.

Phishing

Phishing Social Engineering Scams Engineering

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies. Restrict VPN access hours, where applicable, to mitigate access outside of allowed times.

VPN

VPN Social Engineering Authentication Engineering

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

The Last Watchdog

NOVEMBER 29, 2022

A new development in phishing is the “nag attack.” The fraudster commences the social engineering by irritating the targeted victim, and then follows up with an an offer to alleviate the annoyance. Nag attacks add to the litany of phishing techniques. Spear phishing. One must admire the ingenuity of cybercriminals.

Phishing

Phishing Social Engineering Scams Software

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

Security Boulevard

SEPTEMBER 9, 2024

The rise in sophisticated phishing threats like polymorphic attacks, social engineering tactics, and the use of compromised accounts have undoubtedly highlighted the significant gaps in perimeter technology, leading to a notable increase in bypassed attacks.

Phishing

Phishing Social Engineering Engineering Accountability

Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported.

Security Affairs

JUNE 4, 2024

Resecurity uncovered a cybercriminal group that is providing a sophisticated phishing kit, named V3B, to target banking customers in the EU. “Currently, it is estimated that hundreds of cybercriminals are using this kit to commit fraud, leaving victims with empty bank accounts. .

Banking

Banking Phishing Social Engineering Engineering

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

The Last Watchdog

JULY 27, 2023

In its H1 2023 Report: Cybersecurity Trends & Insights , Perception Point reported an overall increase in social engineering attacks, including a 20% growth in the prevalence of Business Email Compromise (BEC) attacks along with a 41% surge in phishing attacks from H2 2022 to H1 2023.

Phishing

Phishing Social Engineering Engineering Media

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

SEPTEMBER 21, 2022

Phishing is one of the most common social engineering tactics cybercriminals use to target their victims. Cybersecurity experts are discussing a new trend in the cybercrime community called phishing-as-a-service. Phishing-as-a-Service (PhaaS). Related: Utilizing humans as security sensors. Rising popularity.

Phishing

Phishing Artificial Intelligence Cybercrime Social Engineering

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Krebs on Security

NOVEMBER 21, 2020

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. “Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.

Cryptocurrency

Cryptocurrency VPN Scams Social Engineering

A crafty phishing campaign targets Microsoft OneDrive users

Security Affairs

JULY 30, 2024

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users.

Phishing

Phishing DNS Social Engineering Engineering

Bypassing 2FA with phishing and OTP bots

SecureList

JUNE 10, 2024

This article examines methods that rely on social engineering, where attackers manipulate the victim into giving away the OTP, and tools that they use to automate the manipulations: so-called OTP bots and administration panels to control phishing kits. Phishing is typically how they get the most up-to-date credentials.

Phishing

Phishing Banking Social Engineering Accountability

“My Slice”, an Italian adaptive phishing campaign

Security Affairs

JANUARY 22, 2024

Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches.

Phishing

Phishing Education Social Engineering Media

The Original APT: Advanced Persistent Teenagers

Krebs on Security

APRIL 6, 2022

“Someone was trying to phish employee credentials, and they were good at it,” Wired reported. ” Twitter revealed that a key tactic of the group was “phone spear phishing” (a.k.a. “voice phishing” a.k.a. “vishing”).

Social Engineering

Social Engineering Phishing Engineering Accountability

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

2022 that an intrusion had exposed a “limited number” of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits

Tech Republic Security

AUGUST 29, 2023

A new study from Abnormal found that 4.31% of phishing attacks mimicked Microsoft, far ahead of second most-spoofed brand PayPal.

Phishing

Phishing Social Engineering Artificial Intelligence Engineering

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports

Threat Reports Social Engineering Engineering Phishing

Phishing attacks target mobile users via progressive web applications (PWA)

Security Affairs

AUGUST 23, 2024

ESET researchers detailed a phishing campaign against mobile users that uses Progressive Web Applications (PWAs). The technique allows the installation of a phishing application from a third-party website without requiring the user to enable third-party app installations. ” reads the report published by ESET.

Phishing

Phishing Mobile Banking Social Engineering

The Telegram phishing market

SecureList

APRIL 5, 2023

They have become adept at using Telegram both for automating their activities and for providing various services — from selling phishing kits to helping with setting up custom phishing campaigns — to all willing to pay. ” Links to the channels are spread via YouTube, GitHub and phishing kits they make.

Phishing

Phishing Marketing Scams Accountability

Mobile Device Security Policy

Tech Republic Security

JANUARY 31, 2024

In addition, the same social engineering, phishing and application/operating system vulnerabilities which plague desktops. Mobile devices are commonly used to conduct company business, which can render them more susceptible to risk than desktop or even laptop computers.

Mobile

Mobile Social Engineering Engineering Phishing

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Penetration Testing

NOVEMBER 5, 2024

LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer base through deceptive reviews on its Chrome Web Store... The post Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store appeared first on Cybersecurity (..)

Scams

Scams Phishing Social Engineering Password Management

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking

Hacking Phishing Cybercrime Passwords

How 1-Time Passcodes Became a Corporate Liability

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices. 2, and Aug.

Mobile

Mobile Phishing Authentication Accountability

2020 Likely To Break Records for Breaches

Adam Levin

JULY 10, 2020

Phishing scams skyrocketed as citizens self-isolated during the lockdown, and social-engineering schemes defrauded Internet users of millions.”.

Data breaches

Data breaches Social Engineering Antivirus Scams

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

The Hacker News

SEPTEMBER 18, 2023

Software development company Retool has disclosed that the accounts of 27 of its cloud customers were compromised following a targeted and SMS-based social engineering attack. The fact that Google Authenticator syncs to

Social Engineering

Social Engineering Phishing Engineering Accountability

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

NOVEMBER 14, 2023

. “Attackers exploiting this flaw could gain SYSTEM privileges, making it an efficient method for escalating privileges, especially after initial access through methods like phishing.”

Social Engineering

Social Engineering Phishing Internet Internet

Email crypto phishing scams: stealing from hot and cold crypto wallets

SecureList

JULY 5, 2023

Hence, cybercriminals have little motivation to invest heavily into phishing campaigns, and so, techniques used in email attacks on hot wallets are hardly ever original or complex. Sample phishing email that targets Coinbase users After the user clicks the link, they are redirected to a page where they are asked to enter their seed phrase.

Scams

Scams Phishing Cryptocurrency Social Engineering

Happy 11th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2020

In almost every category — from epic breaches and ransomware to cybercrime justice and increasingly aggressive phishing and social engineering scams — 2020 was a year that truly went to eleven. But it was hardly a dull one for computer security news junkies.

Scams

Scams Social Engineering Cybercrime Advertising

Google and Apple Move to Strengthen User Protections

Security Boulevard

JULY 10, 2024

Google and Apple look to give users better protections against social engineering attacks like phishing, with Google giving high-risk users access to the APP service with a passkey and Apple educating users about the threats with a detailed support document in the wake of a recent smishing campaign.

Social Engineering

Social Engineering Education Engineering Phishing

Clever Social Engineering Attack Using Captchas

New cybersecurity data reveals persistent social engineering vulnerabilities

Trending Sources

Using AI to Scale Spear Phishing

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Thanks FedEx, This is Why we Keep Getting Phished

Artificial Intelligence: The Evolution of Social Engineering

Report: Quality, not quantity, is the hallmark of the latest waves of phishing attacks

Social engineering attacks target Okta customers to achieve a highly privileged role

Social Engineering Stories: One Phish, Two Vish, and Tips for Stronger Defenses

ReliaQuest Uncovers New Black Basta Social Engineering Technique

Voice Phishers Targeting Corporate VPNs

Social Engineering 101: What It Is & How to Safeguard Your Organization

Over 600,000 Personal Records Exposed by Data Broker

When Low-Tech Hacks Cause High-Impact Breaches

UAC-0185 APT Leverages Social Engineering to Target Ukrainian Defense Industrial Base

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

FBI, CISA Echo Warnings on ‘Vishing’ Threat

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

Old Habits, New Threats: Why More Phishing Attacks are Bypassing Outdated Perimeter Detection

Cybercriminals attack banking customers in EU with V3B phishing kit – PhotoTAN and SmartID supported.

News Alert: Perception Point reports rates of ‘BEC,’ phishing attacks climb in the first half of 2023

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

A crafty phishing campaign targets Microsoft OneDrive users

Bypassing 2FA with phishing and OTP bots

“My Slice”, an Italian adaptive phishing campaign

The Original APT: Advanced Persistent Teenagers

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Phishing attacks target mobile users via progressive web applications (PWA)

The Telegram phishing market

Mobile Device Security Policy

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

How 1-Time Passcodes Became a Corporate Liability

2020 Likely To Break Records for Breaches

Retool Falls Victim to SMS-Based Phishing Attack Affecting 27 Cloud Clients

Microsoft Patch Tuesday, November 2023 Edition

Email crypto phishing scams: stealing from hot and cold crypto wallets

Happy 11th Birthday, KrebsOnSecurity!

Google and Apple Move to Strengthen User Protections

Stay Connected