Government and Social Engineering - Cyber Security Informer

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Building social engineering resilience with Duo Identity Verification

Duo's Security Blog

JULY 30, 2025

According to Splunk, 98% of cyberattacks now rely on social engineering , the vast majority of which are directed towards compromising user identities. On the opposite end, many organizations are operating at the status quo and are therefore at risk of social engineering attacks. Are you new to Duo?

Social Engineering

Social Engineering Engineering Authentication Government

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Security Affairs

MAY 17, 2025

The FBI warns that ex-government officials are being targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials to current or former senior US federal or state government officials and their contacts Since April 2025, threat actors have been using texts and AI voice messages impersonating senior U.S.

Government

Government Social Engineering Authentication Accountability

Dissecting the Salesforce Social Engineering Attacks

SecureWorld News

AUGUST 7, 2025

The recent wave of attacks, attributed to the financially motivated threat group ShinyHunters (also tracked by Google as UNC6040), serves as a powerful case study in the effectiveness of sophisticated social engineering. Regular, realistic training on vishing and impersonation tactics is non-negotiable for all employees.

Social Engineering

Social Engineering Engineering Phishing Authentication

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

The government says much of Tylerb’s cryptocurrency wealth was the result of successful SIM-swapping attacks, wherein crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. .”

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

The “free money” trap: How scammers exploit financial anxiety

Malwarebytes

MARCH 19, 2025

” Whether it’s a so-called “subsidy program,” a “government grant,” or a “relief card,” these scams all share the same underlying goalto manipulate people into giving away their personal information, orworsetheir hard-earned cash. .” ” “482 Spots Remaining! gov domains).

Scams

Scams Government Identity Theft Phishing

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

FEBRUARY 25, 2025

One of the report's most pressing concerns is the role of Generative AI in social engineering attacks. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Cyber threats

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

SecureWorld News

MAY 9, 2025

Historically, COLDRIVERalso known as Star Blizzard, UNC4057, and Callistohas targeted high-profile individuals and organizations, including NATO governments, NGOs, journalists, and former intelligence officers, primarily through credential phishing campaigns. The infection process begins with a lure website featuring a fake CAPTCHA.

Malware

Malware Social Engineering Government Engineering

EDR-as-a-Service makes the headlines in the cybercrime landscape

Security Affairs

APRIL 7, 2025

In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement and other government agencies to illicitly forward Emergency Data Requests (EDRs) to major online platforms.

Cybercrime

Cybercrime Social Engineering Accountability Government

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Security Affairs

JANUARY 21, 2025

“The Ukrainian government’s computer emergency response team, CERT-UA, has received information about numerous cases of attempts to connect to computers using the AnyDesk program, allegedly on behalf of CERT-UA.” ” reads the advisory published by CERT-UA.

Social Engineering

Social Engineering Scams Engineering Software

Understanding the Deepfake Threat

SecureWorld News

FEBRUARY 13, 2025

Evolution of social engineering Social engineering exploits human psychology to manipulate individuals into revealing sensitive information or taking harmful actions. Attackers now impersonate executives, government officials, and even family members to gain trust and manipulate victims.

Social Engineering

Social Engineering Authentication Identity Theft Technology

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

SecureWorld News

APRIL 22, 2025

This incident highlights the critical vulnerability in cryptocurrency communities, where high-net-worth individuals or executives may be more prone to social engineering attacks due to the high volume of media and investor engagement they handle.

Cryptocurrency

Cryptocurrency Social Engineering Cybercrime Engineering

Microsoft Expands Security Copilot with AI Agents

SecureWorld News

MARCH 24, 2025

AI agents are identitiesand they need governance One of the most pressing concerns from industry leaders is that AI agents often operate as non-human identities (NHIs)with broad system access but minimal oversight. The solution is better governance and security for all identitieshuman and non-human alike."

Social Engineering

Social Engineering Government Risk Phishing

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Security Affairs

OCTOBER 30, 2024

The recent campaign is still ongoing and already targeted entities in multiple sectors, including government, defense, academia, NGO, and other sectors. The emails were highly targeted, using social engineering lures relating to Microsoft, Amazon Web Services (AWS), and the concept of Zero Trust.”

Phishing

Phishing Social Engineering Government Hacking

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

What are the key Threats to Global National Security?

IT Security Guru

NOVEMBER 1, 2024

Cyber attacks can compromise critical infrastructure, financial systems, and sensitive government data. Phishing and Social Engineering: These tactics manipulate individuals to disclose sensitive information. Types of Cybersecurity Threats Malware and Ransomware: These can disable systems or steal data for ransom.

Technology

Technology Cyber Attacks Government Risk

Why Take9 Won’t Improve Cybersecurity

Schneier on Security

MAY 30, 2025

Even if we do this all well and correctly, we can’t make people immune to social engineering. But—we get it—the government isn’t going to step in and regulate the Internet. We have laws and regulations in place that allow people to eat at a restaurant or board a plane without worry.

Cybersecurity

Cybersecurity Scams Security Awareness Phishing

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Develop and test ransomware response plans.

Ransomware

Ransomware IoT Encryption Social Engineering

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

Security Affairs

DECEMBER 10, 2024

This social engineering scheme has been amplified by targeted phishing, smishing, and vishing activities, with a noticeable increase around the winter holidays. Once the credit card details were entered, cybercriminals used them for much higher charges at the controlled merchants registered on money mules.A

Phishing

Phishing Social Engineering Banking DNS

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Organizations face rising risks of AI-driven social engineering and personal device breaches. Collaborative efforts between security vendors, AI providers, and businesses will be key to counter automated, scalable attacks.

Risk

Risk Threat Detection Technology Phishing

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

Hacker's King

DECEMBER 16, 2024

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. Recent incidents include attacks on government agencies, critical infrastructure, and major corporations, highlighting the vulnerability of national cybersecurity defenses.

Cyber Attacks

Cyber Attacks Phishing Healthcare Penetration Testing

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Social engineering attacks Social engineering attacks occur when someone uses a fake persona to gain your trust.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Supply Chain Vulnerability Strikes Again in Allianz Life Data Breach

SecureWorld News

JULY 29, 2025

The root cause of the Allianz Life breach was a social engineering attack launched on one of its cloud vendors on July 16th, according to the company's filing with the Maine Attorney General's office. It's part of a disturbing trend of social engineering attacks specifically targeting the insurance sector and other industries.

Data breaches

Data breaches Social Engineering Identity Theft Insurance

Coinbase Rejects $20M Ransom After Insider Data Leak, Faces Up to $400M in Fallout

eSecurity Planet

MAY 16, 2025

The stolen information was then used in social engineering scams that tricked users into giving away their crypto. Masked Social Security numbers (last four digits). Government-issued ID images. Meanwhile, blockchain investigator ZachXBT estimated that social engineering scams cost Coinbase users $300M+ annually.

Social Engineering

Social Engineering Scams Accountability Engineering

IT threat evolution Q3 2024

SecureList

NOVEMBER 29, 2024

Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations. Two months later, in July 2024, CloudSorcerer launched further attacks against Russian government organizations and IT companies.

Energy and Utilities

Energy and Utilities Ransomware Malware Government

Managed detection and response in 2024

SecureList

FEBRUARY 20, 2025

Kaspersky MDR customers by region Distribution of incidents by industry In 2024, the MDR team observed the highest number of incidents in the industrial (25.7%), financial (14.1%), and government (11.7%) sectors. in government, 17.8% However, if we consider only high-severity incidents, the distribution is somewhat different: 22.8%

Phishing

Phishing Social Engineering Government Threat Detection

The Voice of Deception: How Vishing Exploits Human Emotion

Security Through Education

AUGUST 12, 2025

Spoofing allows attackers to manipulate caller ID information, making it seem as though the call is coming from a trusted source, such as a bank, government agency, or familiar organization. Together, these techniques exploit human trust and social engineering principles, making vishing attacks more convincing and successful.

Social Engineering

Social Engineering Engineering Phishing Accountability

MY TAKE: Black Hat 2025 vendors define early contours for a hard pivot to AI security architecture

The Last Watchdog

AUGUST 11, 2025

Adversaries are using AI to accelerate known techniques—particularly phishing, social engineering, and impersonation. McClerin cited the rise of “platform abuse,” where vulnerabilities are introduced through poorly governed third-party APIs.

Architecture

Architecture Encryption Threat Detection Phishing

APT trends report Q3 2024

SecureList

NOVEMBER 28, 2024

The secure USB drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments. Chinese-speaking activity In July 2021, we detected a campaign called ExCone targeting government entities in Russia.

Malware

Malware Government Software Spyware

Mishing Is the New Phishing — And It’s More Dangerous

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals disguise messages as urgent notifications from banks, government agencies, or corporate IT teams, tricking users into providing credentials or downloading malware. Mishing is a phishing attack that uses SMS messages instead of emails to deceive victims into revealing sensitive information or clicking malicious links.

Phishing

Phishing Mobile Social Engineering Data breaches

State of Cybersecurity in Canada 2025: Key Insights for InfoSec Leaders

SecureWorld News

FEBRUARY 5, 2025

AI, a double-edged sword AI-driven cybersecurity tools enhance threat detection but also empower attackers with sophisticated social engineering, deepfake campaigns, and automated exploits. Address the talent shortage with focused initiatives Expand government incentives for cybersecurity education and mid-career training.

InfoSec

InfoSec Cybersecurity Energy and Utilities Cyber Insurance

China, Russia, North Korea Hackers Exploit Windows Security Flaw

Security Boulevard

MARCH 20, 2025

Amost a dozen state-sponsored threat groups from Russia, China, and North Korea have been exploiting a security flaw in WIndows in attacks on governments and critical infrastructure that date back to 2017. According to Trend Micro's VDI unit, Microsoft has no plans to patch the vulnerability.

Government

Government Social Engineering Engineering Malware

DCRat: Sophisticated RAT Delivered via Phishing Campaign Impersonating Government Entity

Penetration Testing

JULY 2, 2025

Fortinet exposes a DCRat campaign impersonating a Colombian government agency, using obfuscated multi-stage infection, steganography, and AMSI bypass to deliver the RAT.

Government

Government Phishing Social Engineering Engineering

New Linux FASTCash Variant: Threats to Banking Systems

Hacker's King

DECEMBER 17, 2024

Train Employees Educating employees about phishing and social engineering tactics can reduce the likelihood of attackers gaining initial access to networks. The Role of Regulators and Governments Governments and regulatory bodies play a critical role in combating cyber threats like FASTCash.

Banking

Banking Social Engineering Malware Phishing

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Fraudsters use AI, social engineering, and emotional manipulation to steal not just money, but also trust, time, and peace of mind. Here’s a breakdown of the most widespread and damaging scams today: Impersonation Scams (51% of fraud cases) where fraudsters pose as: Banks, HMRC, DVLA, or government agencies. Couriers (e.g.,

Scams

Scams Password Management Passwords Banking

How Security Teams Collect the Data They Need for Threat Intelligence

SecureWorld News

APRIL 14, 2025

With these insights, security personnel know which attack vectors to watch more closely, how to orchestrate the defenses, and what new phishing and social engineering trends to warn employees about. There are automated tools that can do the heavy lifting to handle certain aspects of this work, especially for social media monitoring.

Media

Media Social Engineering Malware Financial Services

No need to RSVP: a closer look at the Tria stealer campaign

SecureList

JANUARY 30, 2025

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples.

Accountability

Accountability Malware Banking Phishing

What’s new for you: Duo is now identity and access management

Duo's Security Blog

JUNE 26, 2025

Identity Verification integration — Block social engineering attempts at the help desk from hackers pretending to be an employee in need of assistance by re-establishing trust via the use of a government ID.

Authentication

Authentication Social Engineering Passwords Phishing

Qantas: Breach affects 6 million people, “significant” amount of data likely taken

Malwarebytes

JULY 2, 2025

Qantas says the breach occurred after a cybercriminal targeted a call centre and managed to gain access to the third party platform, presumably via social engineering. The breach at a third party provider is extra painful since Qantas concluded an uplift of third and fourth-party cyber-risk governance processes in 2024.

Social Engineering

Social Engineering Cyber Risk Data breaches Passwords

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

SecureWorld News

JUNE 4, 2025

While the company emphasized that no financial data or passwords were exposed, the incident raises concerns about the potential for highly targeted phishing and social engineering , particularly given the brand's clientele of high-net-worth individuals (HNWIs).

Retail

Retail Banking Financial Services Social Engineering

Story of the Year: global IT outages and supply chain attacks

SecureList

DECEMBER 9, 2024

This case underscores the serious risk that social engineering and supply chain attacks pose to open-source projects. This information was disseminated, making the vulnerable systems high-visibility targets for threat actors, especially as Fortinet products are commonly found in government, healthcare, and other critical sectors.

Internet

Internet Internet Risk Social Engineering

Why I Refused to Say “People Are the Weakest Link in Cyber”

Jane Frankland

JUNE 24, 2025

And today, with an increasing volume of digital challenges – from malicious to mistakes and malfunction, it’s vital we move beyond this narrative and focus on governance and empowerment instead. But a governance issue that sits squarely with those who lead. a failure of governance. The good news? Change is happening.

Cyber Risk

Cyber Risk Security Awareness Risk Government

New trends in phishing and scams: how AI and social media are changing the game

SecureList

AUGUST 13, 2025

This level of personalization dramatically increases the effectiveness of social engineering, making it difficult for even tech-savvy users to spot these targeted scams. Account theft When it comes to stealing Telegram user accounts, social engineering is the most common tactic. How do you protect yourself?

Phishing

Phishing Scams Media Social Engineering

Can Cybersecurity Make You a Millionaire?

Hacker's King

OCTOBER 22, 2024

As businesses, governments, and individuals continue to migrate to digital platforms, the risk of cyberattacks rises exponentially. YOU MAY ALSO WANT TO READ ABOUT: Can Cybersecurity Hack Your Phone? The Growing Demand for Cybersecurity Cybersecurity is a critical need for nearly every organization today.

Cybersecurity

Cybersecurity CISO Engineering Education

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Building social engineering resilience with Duo Identity Verification

Trending Sources

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

Dissecting the Salesforce Social Engineering Attacks

Feds Charge Five Men in ‘Scattered Spider’ Roundup

The “free money” trap: How scammers exploit financial anxiety

Google's AI Trends Report: Key Insights and Cybersecurity Implications

Russia's COLDRIVER Targets Western Entities with 'LOSTKEYS' Malware

EDR-as-a-Service makes the headlines in the cybercrime landscape

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Understanding the Deepfake Threat

Hackers Exploit Zoom's Remote Control Feature in Cryptocurrency Heists

Microsoft Expands Security Copilot with AI Agents

Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

What are the key Threats to Global National Security?

Why Take9 Won’t Improve Cybersecurity

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Supply Chain Vulnerability Strikes Again in Allianz Life Data Breach

Coinbase Rejects $20M Ransom After Insider Data Leak, Faces Up to $400M in Fallout

IT threat evolution Q3 2024

Managed detection and response in 2024

The Voice of Deception: How Vishing Exploits Human Emotion

MY TAKE: Black Hat 2025 vendors define early contours for a hard pivot to AI security architecture

APT trends report Q3 2024

Mishing Is the New Phishing — And It’s More Dangerous

State of Cybersecurity in Canada 2025: Key Insights for InfoSec Leaders

China, Russia, North Korea Hackers Exploit Windows Security Flaw

DCRat: Sophisticated RAT Delivered via Phishing Campaign Impersonating Government Entity

New Linux FASTCash Variant: Threats to Banking Systems

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

How Security Teams Collect the Data They Need for Threat Intelligence

No need to RSVP: a closer look at the Tria stealer campaign

What’s new for you: Duo is now identity and access management

Qantas: Breach affects 6 million people, “significant” amount of data likely taken

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

Story of the Year: global IT outages and supply chain attacks

Why I Refused to Say “People Are the Weakest Link in Cyber”

New trends in phishing and scams: how AI and social media are changing the game

Can Cybersecurity Make You a Millionaire?

Stay Connected