Social Engineering - Cyber Security Informer

Social Engineering to Disable iMessage Protections

Schneier on Security

JANUARY 17, 2025

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website.

Social Engineering

Social Engineering Engineering Phishing

News alert: Arsen’s rolls out AI-powered phishing tests to improve social engineering resilience

The Last Watchdog

MARCH 24, 2025

24, 2025, CyberNewswire — Arsen , a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. Paris, France, Mar. To learn more about Conversational Phishing, users can visit [link].

Social Engineering

Social Engineering Engineering Phishing Security Awareness

Clever Social Engineering Attack Using Captchas

Schneier on Security

SEPTEMBER 20, 2024

This is really interesting. It’s a phishing attack targeting GitHub users, tricking them to solve a fake Captcha that actually runs a script that is copied to the command line.

Social Engineering

Social Engineering Engineering Phishing Malware

Black Basta Ransomware Group Elevates Social Engineering with Microsoft Teams and Malicious QR Codes

Penetration Testing

OCTOBER 27, 2024

The ReliaQuest Threat Research Team uncovered an intensified social engineering campaign tied to the ransomware group Black Basta.

Social Engineering

Social Engineering Engineering Ransomware Cybersecurity

Gen Z’s Rising Susceptibility to Social Engineering Attacks

Security Boulevard

MARCH 31, 2025

Gen Z, or individuals born between 1997 and 2012, have certain types of lifestyles, upbringings and character traits that make them ideal for social engineering exploitation. The post Gen Zs Rising Susceptibility to Social Engineering Attacks appeared first on Security Boulevard.

Social Engineering

Social Engineering Engineering Scams Phishing

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

Tech Republic Security

FEBRUARY 27, 2025

Trends in cybersecurity across 2024 showed less malware and phishing, though more social engineering. CrowdStrike offers tips on securing your business.

Social Engineering

Social Engineering Engineering Phishing Malware

Social Engineering: Back to the Basics

Security Through Education

MARCH 3, 2025

When I first heard of social engineering, about 6 years ago, I couldnt define it clearly and concisely if you had offered me millions of dollars. ’ Lets re-visit what social engineering really means, how people use it, and how you can start protecting yourself from it. Either way, lets refresh and learn together!

Social Engineering

Social Engineering Engineering Scams Banking

Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

Tech Republic Security

DECEMBER 12, 2023

Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. Get the details.

Social Engineering

Social Engineering Engineering Malware Big data

Top 5 AI-Powered Social Engineering Attacks

The Hacker News

JANUARY 31, 2025

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. Theres no brute-force spray and pray password guessing. No scouring systems for unpatched software.

Social Engineering

Social Engineering Engineering Passwords Software

North Korean Hackers Steal $1.5B in Cryptocurrency

Schneier on Security

FEBRUARY 25, 2025

This attack proves that UI manipulation and social engineering can bypass even the most secure wallets. The Bybit hack has shattered long-held assumptions about crypto security. No matter how strong your smart contract logic or multisig protections are, the human element remains the weakest link.

Cryptocurrency

Cryptocurrency Social Engineering Hacking Engineering

News alert: Arsen introduces new AI-based phishing tests to improve social engineering resilience

Security Boulevard

MARCH 24, 2025

24, 2025, CyberNewswire Arsen , a leading cybersecurity company specializing in social engineering defense, today announced the full release of Conversational Phishing, a groundbreaking feature embedded in its phishing simulation platform. Paris, France, Mar.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Each participant in the call has a specific role, including: -The Caller: The person speaking and trying to social engineer the target. A tutorial shared by Stotle titled “Social Engineering Script” includes a number of tips for scam callers that can help establish trust or a rapport with their prey.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Investigating the Navalny Poisoning

Schneier on Security

DECEMBER 23, 2020

Navalny got a confession out of one of the poisoners, displaying some masterful social engineering. Bellingcat has investigated the near-fatal poisoning of Alexey Navalny by the Russian GRU back in August. The details display some impressive traffic analysis. Lots of interesting opsec details in all of this.

Social Engineering

Social Engineering Engineering

Many Cyber Attacks Begin by Breaking Human Trust

Lohrman on Security

OCTOBER 1, 2023

Sophisticated social engineering attacks have led to hundreds of data breaches this year. What can be done? And what new resources can help?

Cyber Attacks

Cyber Attacks Social Engineering Data breaches Engineering

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Security Boulevard

DECEMBER 5, 2024

Identity phishing doesn’t just lead to data theft – it can also lead to financial fraud, targeted social engineering attacks and lateral movement across endpoints. The post Identity Phishing: Using Legitimate Cloud Services to Steal User Access appeared first on Security Boulevard.

Phishing

Phishing Social Engineering Engineering Security Awareness

Arsen Introduces AI-Powered Phishing Tests to Improve Social Engineering Resilience

Penetration Testing

MARCH 24, 2025

Paris, France, 24th March 2025, CyberNewsWire The post Arsen Introduces AI-Powered Phishing Tests to Improve Social Engineering Resilience appeared first on Cybersecurity News.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

“This is social engineering at the highest level and there will be failed attempts at times. “In terms of overall social engineering attacks, the more you have a relationship with someone the more they’re going to trust you,” Donahue said. Don’t be discouraged.

Hacking

Hacking Accountability Government Social Engineering

Python Developers Targeted with Malware During Fake Job Interviews

Schneier on Security

SEPTEMBER 17, 2024

Interesting social engineering attack: luring potential job applicants with fake recruiting pitches, trying to convince them to download malware.

Malware

Malware Social Engineering Engineering Hacking

Using Legitimate GitHub URLs for Malware

Schneier on Security

APRIL 22, 2024

Interesting social-engineering attack vector : McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

Malware

Malware Social Engineering Engineering Software

Intro to Deceptionology: Why Falling for Scams is Human Nature

Security Boulevard

MARCH 24, 2025

Deception is a core component of many cyberattacks, including phishing, scams, social engineering and disinformation campaigns. The post Intro to Deceptionology: Why Falling for Scams is Human Nature appeared first on Security Boulevard.

Scams

Scams Social Engineering Engineering Phishing

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

The Last Watchdog

MARCH 28, 2025

In the case studies demonstrated by SquareX , these attacks leverage AI agents to automate the majority of the attack sequence, requiring minimal social engineering and interference from the attacker.

Antivirus

Antivirus Ransomware Social Engineering Engineering

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Penetration Testing

NOVEMBER 5, 2024

LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer base through deceptive reviews on its Chrome Web Store... The post Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store appeared first on Cybersecurity (..)

Scams

Scams Phishing Social Engineering Password Management

AI Mistakes Are Very Different from Human Mistakes

Schneier on Security

JANUARY 21, 2025

It also turns out that some of the best ways to “ jailbreak ” LLMs (getting them to disobey their creators’ explicit instructions) look a lot like the kinds of social engineering tricks that humans use on each other: for example, pretending to be someone else or saying that the request is just a joke.

Social Engineering

Social Engineering Engineering Technology Risk

2025 SecureWorld Theme: Once Upon a Time in Cybersecurity

SecureWorld News

JANUARY 7, 2025

Beware the Poisoned Apple: Defending Against Malware and Social Engineering Just like Snow White was tricked into accepting a poisoned apple from the Evil Queen, malware and social engineering attacks exploit trust to deliver harmful payloads. Are your defenses ready to withstand a "Jack"?

Cybersecurity

Cybersecurity Social Engineering Phishing Engineering

Hackers Stole Access Tokens from Okta’s Support Unit

Krebs on Security

OCTOBER 20, 2023

In both cases, the attackers managed to social engineer employees into resetting the multi-factor login requirements for Okta administrator accounts. In March 2022, Okta disclosed a breach from the hacking group LAPSUS$, a criminal hacking group that specialized in social-engineering employees at targeted companies.

Social Engineering

Social Engineering Engineering Accountability Hacking

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

Joseph Steinberg

OCTOBER 24, 2022

An online cybersecurity event with 2,500 people already logged in had to be cancelled after suspected cybercriminals launched a social engineering attack in the event’s chat window.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Scams

FBI, CISA Echo Warnings on ‘Vishing’ Threat

Krebs on Security

AUGUST 21, 2020

” The perpetrators focus on social engineering new hires at the targeted company, and impersonate staff at the target company’s IT helpdesk. The agencies said crooks use the vished VPN credentials to mine the victim company databases for their customers’ personal information to leverage in other attacks.

VPN

VPN Social Engineering Authentication Engineering

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Tech Republic Security

FEBRUARY 26, 2024

Identity-based and social engineering attacks still take center stage, according to the CrowdStrike 2024 Global Threat Report.

Threat Reports

Threat Reports Social Engineering Engineering Phishing

Over 600,000 Personal Records Exposed by Data Broker

Tech Republic Security

DECEMBER 3, 2024

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Social Engineering

Social Engineering Engineering Phishing Cybersecurity

Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

Tech Republic Security

AUGUST 23, 2024

A new malware called NGate allows cybercriminals to steal near field communication data from Android phones via sophisticated social engineering. The data is relayed to the fraudsters before being used to steal cash.

Social Engineering

Social Engineering Malware Engineering Banking

xz Utils Backdoor

Schneier on Security

APRIL 2, 2024

Installing it was a multi-year process that seems to have involved social engineering the lone unpaid engineer in charge of the utility. In theory, the code could allow for just about anything, including stealing encryption keys or installing malware. It was an incredibly complex backdoor.

Social Engineering

Social Engineering Engineering Software Encryption

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Security Affairs

JANUARY 21, 2025

” Threat actors are attempting to use social engineering techniques by exploiting the trust of local entities in the authority. The threat actors need to have the victim’s AnyDesk ID to carry out the attack and the software must be active on the target systems.

Social Engineering

Social Engineering Scams Engineering Software

What’s Next for Open Source Software Security in 2025?

Tech Republic Security

JANUARY 9, 2025

Hidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure use of open-source software in 2025.

Software

Software Social Engineering Engineering Artificial Intelligence

Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers

Penetration Testing

OCTOBER 19, 2024

A new and dangerous social engineering tactic, dubbed ClickFix, has emerged as a significant cybersecurity threat in 2024, according to a recent report from the Sekoia Threat Detection & Research... The post Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers appeared first on Cybersecurity News.

Social Engineering

Social Engineering Threat Detection Engineering Cybersecurity

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

FEBRUARY 26, 2023

GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved. But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee.

Hacking

Hacking Social Engineering Phishing Scams

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

The Last Watchdog

NOVEMBER 11, 2024

It could also help users identify various cybersecurity attacks, whether they are types of spoofing , phishing, social engineering, or malware. One significant risk is the potential for the technology to become a host to sophisticated social engineering attacks.

Cybersecurity

Cybersecurity Social Engineering Technology Threat Detection

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

In January 2024, KrebsOnSecurity broke the news that Urban had been arrested in Florida in connection with multiple SIM-swapping attacks.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser

The Last Watchdog

JANUARY 30, 2025

Using a very clever social engineering attack that exploits trusted domains, the adversary can then further escalate the profile hijacking attack to steal passwords from the victims browser.

Social Engineering

Social Engineering Engineering Authentication Media

Trojaned Windows Installer Targets Ukraine

Schneier on Security

DECEMBER 20, 2022

The installer was left on various torrent sites, presumably ensnaring people downloading pirated copies of the operating system: Mandiant uncovered a socially engineered supply chain operation focused on Ukrainian government entities that leveraged trojanized ISO files masquerading as legitimate Windows 10 Operating System installers.

Social Engineering

Social Engineering Engineering Software Government

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

NOVEMBER 30, 2024

SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss. Some of the malicious apps were promoted through deceptive advertising on social media.

Social Engineering

Social Engineering Media Mobile Scams

Cloak ransomware group hacked the Virginia Attorney General’s Office

Security Affairs

MARCH 24, 2025

“Cloaks attack strategy involves acquiring network access through Initial Access Brokers (IABs) or social engineering methods such as phishing, malvertising, exploit kits, and drive-by downloads disguised as legitimate updates like Microsoft Windows installers.” ” reads a report published by Halcyon.

Ransomware

Ransomware Hacking Social Engineering VPN

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

FEBRUARY 25, 2025

One of the report's most pressing concerns is the role of Generative AI in social engineering attacks. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Cyber threats

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

AUGUST 19, 2021

. “For decades, West African scammers, primarily located in Nigeria, have perfected the use of social engineering in cybercrime activity.”

Ransomware

Ransomware Social Engineering Cybercrime Scams

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

Cybercriminals employ social engineering techniques to trick you into believing you must resolve fictitious technical issues. The hallmark of ClickFix campaigns is their clever use of social engineering.

Scams

Scams Malware Phishing Social Engineering

Social Engineering to Disable iMessage Protections

News alert: Arsen’s rolls out AI-powered phishing tests to improve social engineering resilience

Trending Sources

Clever Social Engineering Attack Using Captchas

Black Basta Ransomware Group Elevates Social Engineering with Microsoft Teams and Malicious QR Codes

Gen Z’s Rising Susceptibility to Social Engineering Attacks

CrowdStrike Security Report: Generative AI Powers Social Engineering Attacks

Social Engineering: Back to the Basics

Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware

Top 5 AI-Powered Social Engineering Attacks

North Korean Hackers Steal $1.5B in Cryptocurrency

News alert: Arsen introduces new AI-based phishing tests to improve social engineering resilience

A Day in the Life of a Prolific Voice Phishing Crew

Investigating the Navalny Poisoning

Many Cyber Attacks Begin by Breaking Human Trust

Identity Phishing: Using Legitimate Cloud Services to Steal User Access

Arsen Introduces AI-Powered Phishing Tests to Improve Social Engineering Resilience

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Python Developers Targeted with Malware During Fake Job Interviews

Using Legitimate GitHub URLs for Malware

Intro to Deceptionology: Why Falling for Scams is Human Nature

News alert: SquareX discloses nasty browser-native ransomware that’s undetectable by antivirus

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

AI Mistakes Are Very Different from Human Mistakes

2025 SecureWorld Theme: Once Upon a Time in Cybersecurity

Hackers Stole Access Tokens from Okta’s Support Unit

Cybersecurity Event Cancelled After Being Hit By Cybercriminals

FBI, CISA Echo Warnings on ‘Vishing’ Threat

CrowdStrike 2024 Global Threat Report: 6 Key Takeaways

Over 600,000 Personal Records Exposed by Data Broker

Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC)

xz Utils Backdoor

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

What’s Next for Open Source Software Security in 2025?

Beware of Fake Google Meet Invites: ClickFix Campaign Spreading Infostealers

When Low-Tech Hacks Cause High-Impact Breaches

GUEST ESSAY: The promise and pitfalls of using augmented reality– ‘AR’ — in cybersecurity

Feds Charge Five Men in ‘Scattered Spider’ Roundup

News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser

Trojaned Windows Installer Targets Ukraine

15 SpyLoan Android apps found on Google Play had over 8 million installs

Cloak ransomware group hacked the Virginia Attorney General’s Office

Google's AI Trends Report: Key Insights and Cybersecurity Implications

Wanted: Disgruntled Employees to Deploy Ransomware

Deceptive Google Meet Invites Lures Users Into Malware Scams

Stay Connected