Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged. dot-gov emails get hacked.

Hacking 294

Hacking Accountability Government Social Engineering 294

Schneier on Security

OCTOBER 21, 2021

Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in.

Authentication 361

Authentication Ransomware Social Engineering Engineering 361

Adam Levin

OCTOBER 8, 2019

The FBI is warning businesses about a new series of cyberattacks that can circumvent multi-factor authentication (MFA). In a Private Industry Notification (PIN), the FBI warned businesses that “cyber actors” had been observed, “circumventing multi-factor authentication through common social engineering and technical attacks.”

Authentication 210

Authentication Cyber Attacks Social Engineering Engineering 210

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 346

Phishing DNS Social Engineering Accountability 346

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 86

Phishing Mobile Social Engineering Data breaches 86

Thales Cloud Protection & Licensing

MAY 7, 2025

Phishing-Resistant MFA: Why FIDO is Essential madhav Thu, 05/08/2025 - 04:47 Phishing attacks are one of the most pervasive and insidious threats, with businesses facing increasingly sophisticated and convincing attacks that exploit human error.

Phishing 71

Phishing Authentication Passwords Social Engineering 71

CyberSecurity Insiders

MAY 1, 2023

Social engineering is a term used to describe the manipulation of people into revealing sensitive information or performing actions that they otherwise wouldn’t. Social engineering is an age-old tactic that is often used in phishing attacks.

Social Engineering 131

Social Engineering Engineering Cybersecurity Education 131

Krebs on Security

FEBRUARY 26, 2023

But it’s worth revisiting how this group typically got in to targeted companies: By calling employees and tricking them into navigating to a phishing website. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. In a filing with the U.S.

Hacking 332

Hacking Social Engineering Phishing Scams 332

Security Affairs

SEPTEMBER 2, 2023

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions.

Social Engineering 144

Social Engineering Engineering Authentication Accountability 144

Krebs on Security

AUGUST 19, 2020

The COVID-19 epidemic has brought a wave of email phishing attacks that try to trick work-at-home employees into giving away credentials needed to remotely access their employers’ networks. For now at least, they appear to be focusing primarily on companies in the financial, telecommunications and social media industries.

Phishing 363

Phishing VPN Social Engineering Media 363

Troy Hunt

FEBRUARY 23, 2024

I've been getting a lot of those "your parcel couldn't be delivered" phishing attacks lately and if you're a human with a phone, you probably have been too. And so, when I received the following SMS earlier this week I was expecting a parcel and I was expecting phishing attacks: So. Parcel or phish?

Phishing 363

Phishing Scams Banking Social Engineering 363

The Last Watchdog

JULY 24, 2023

Today, bad actors are ruthlessly skilled at cracking passwords – whether through phishing attacks, social engineering, brute force, or buying them on the dark web. In fact, according to Verizon’s most recent data breach report, approximately 80 percent of all breaches are caused by phishing and stolen credentials.

Authentication 245

Authentication Passwords Phishing Social Engineering 245

Krebs on Security

AUGUST 21, 2020

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued a joint alert to warn about the growing threat from voice phishing or “ vishing ” attacks targeting companies. authenticate the phone call before sensitive information can be discussed.

VPN 363

VPN Social Engineering Authentication Engineering 363

SecureWorld News

OCTOBER 3, 2023

And one of the most successful and increasingly prevalent ways of attack has come from social engineering, which is when criminals manipulate humans directly to gain access to confidential information. Social engineering is more sophisticated than ever, and its most advanced iteration is the topic of today's discussion: deepfakes.

Social Engineering 109

Social Engineering Phishing Engineering Technology 109

Duo's Security Blog

DECEMBER 14, 2023

But as it turns out, John was a victim of a phishing scam, a type of social engineering attack where the cybercriminal impersonated John’s IT department to gain his trust and trick him into revealing his login credentials. What is social engineering? Every day criminals send millions of phishing emails.

Social Engineering 130

Social Engineering Engineering Phishing Passwords 130

eSecurity Planet

MARCH 14, 2025

A recent phishing campaign has raised alarms among cybersecurity professionals after it impersonated Booking.com to deliver a suite of credential-stealing malware. The phishing messages include links or attachments that direct users to fake Booking.com pages.

Phishing 63

Phishing Malware Social Engineering Authentication 63

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. The hackers rely heavily on social engineering tactics to distribute the malware.

Social Engineering 106

Social Engineering Mobile Authentication Engineering 106

Security Through Education

FEBRUARY 20, 2024

In the ever-evolving landscape of cybersecurity, social engineering has undergone significant transformations over the years, propelled by advancements in technology. This article delves into the historical shifts in social engineering tactics and explores how adversaries embrace new technologies to achieve their objectives.

Social Engineering 109

Social Engineering Artificial Intelligence Engineering Phishing 109

eSecurity Planet

MAY 28, 2025

Adam Mosseri, the head of Instagram, revealed that he nearly fell for a highly convincing phishing attack that appeared to come from Google. The scam, which combined a phone call and a cleverly disguised email, highlights just how advanced phishing methods are becoming, even fooling seasoned tech leaders.

Scams 76

Scams Phishing Passwords Media 76

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications.

Scams 123

Scams Malware Phishing Social Engineering 123

SecureWorld News

NOVEMBER 8, 2023

Social engineering attacks have long been a threat to businesses worldwide, statistically comprising roughly 98% of cyberattacks worldwide. Given the much more psychologically focused and methodical ways that social engineering attacks can be conducted, it makes spotting them hard to do.

Social Engineering 113

Social Engineering Engineering Cyber Attacks Artificial Intelligence 113

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Attacks on identity verification systems Bypassing biometric security: Many organizations use facial and voice recognition for authentication.

Social Engineering 90

Social Engineering Authentication Identity Theft Engineering 90

Duo's Security Blog

MAY 28, 2025

The Duo difference: End-to-end phishing resistance For too long, defenders have focused solely on login protection with multi-factor authentication (MFA). Duos IAM solution rises to this challenge by now offering end-to-end phishing resistance as a core feature, delivered right out of the box.

Social Engineering 124

Social Engineering Engineering Phishing Marketing 124

SecureWorld News

FEBRUARY 25, 2025

One of the report's most pressing concerns is the role of Generative AI in social engineering attacks. Deepfake phishing, AI-generated malware, and automated spear-phishing campaigns are already on the rise. Implementing behavioral AI detection tools can help spot inconsistencies in voice and video communications.

Cybersecurity 99

Cybersecurity Social Engineering Artificial Intelligence Cyber threats 99

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. A Scattered Spider phishing lure sent to Twilio employees.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption 116

Encryption Password Management Cryptocurrency Social Engineering 116

Krebs on Security

AUGUST 30, 2022

A recent spate of SMS phishing attacks from one cybercriminal group has spawned a flurry of breach disclosures from affected companies, which are all struggling to combat the same lingering security threat: The ability of scammers to interact directly with employees through their mobile devices.

Mobile 342

Mobile Phishing Authentication Accountability 342

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. According to Security Alliance's findings, the campaign relied on social engineering and Zoom's remote control feature to infect targets with malware.

Cryptocurrency 95

Cryptocurrency Social Engineering Cybercrime Engineering 95

Krebs on Security

NOVEMBER 21, 2020

In March, a voice phishing scam targeting GoDaddy support employees allowed attackers to assume control over at least a half-dozen domain names, including transaction brokering site escrow.com. “Our security team investigated and confirmed threat actor activity, including social engineering of a limited number of GoDaddy employees.

Cryptocurrency 364

Cryptocurrency Scams VPN Social Engineering 364

Malwarebytes

MAY 8, 2025

We discovered a new phishing kit targeting payroll and payment platforms that aims to not only steal victims’ credentials but also to commit wire fraud. Clicking on the ad sent employees and employers to a phishing website impersonating Deel. Phishing portal and 2FA The first phishing domain we saw was login-deel[.]app

Phishing 111

Phishing Authentication Engineering Banking 111

The Last Watchdog

NOVEMBER 29, 2022

A new development in phishing is the “nag attack.” The fraudster commences the social engineering by irritating the targeted victim, and then follows up with an an offer to alleviate the annoyance. Nag attacks add to the litany of phishing techniques. Spear phishing. One must admire the ingenuity of cybercriminals.

Phishing 214

Phishing Social Engineering Scams Software 214

IT Security Guru

FEBRUARY 25, 2025

A prime example is multi-factor authentication (MFA), a security process that requires users to verify their identity in two or more ways, such as a password, a code sent to their phone, or a fingerprint. Other Ways Threat Actors Exploit Human Behaviour In addition to fatigue attacks, malefactors weaponise social engineering.

Social Engineering 118

Social Engineering Authentication Risk Accountability 118

Malwarebytes

JULY 30, 2024

Not only does this trick innocent victims into downloading malware or losing their data to phishing sites, it also erodes trust in brands and by association in Google Search itself. This was the case here with this ad for Authenticator: The truth is Larry Marr has nothing to do with Google, and is likely a fake account.

Authentication 144

Authentication Computers and Electronics Social Engineering Advertising 144

Krebs on Security

APRIL 6, 2022

“They would just keep jamming a few individuals to get [remote] access, read some onboarding documents, enroll a new 2FA [two-factor authentication method] and exfiltrate code or secrets, like a smash-and-grab,” the CXO said. “Someone was trying to phish employee credentials, and they were good at it,” Wired reported.

Social Engineering 293

Social Engineering Phishing Engineering Accountability 293

The Last Watchdog

JANUARY 30, 2025

The extension then silently authenticates the victim into a Chrome profile managed by the attackers Google Workspace. Once this authentication occurs, the attacker has full control over the newly managed profile in the victims browser, allowing them to push automated policies such as disabling safe browsing and other security features.

Social Engineering 130

Social Engineering Engineering Authentication Accountability 130

Krebs on Security

NOVEMBER 14, 2023

. “Attackers exploiting this flaw could gain SYSTEM privileges, making it an efficient method for escalating privileges, especially after initial access through methods like phishing.”

Social Engineering 328

Social Engineering Phishing Internet Internet 328

Security Affairs

JULY 12, 2022

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user wishes to visit, which is the phishing site under the control of the attackers.

Phishing 144

Phishing Authentication Social Engineering Passwords 144