Security News

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks
2023-06-08 04:23

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware. "Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The Hacker News.

Zelle users targeted with social engineering tricks
2023-04-14 08:09

The spoofed email is cleverly crafted to look as legitimate as possible: it contains the Zelle logo, grammatically correct text, and an authentic link to the firm's web page at the bottom of the email, in the "Security and privacy" footer. What distinguishes this malicious email from legitimate ones is the sender's email address, which is obviously not related to Zelle.

New cybersecurity data reveals persistent social engineering vulnerabilities
2023-02-08 11:00

New research from NCC Group and Abnormal Security shows clouds and a bit of silver to line them: Ransomware attacks declined last year, but business email compromises increased - massively for smaller businesses - and a third of toxic emails got through their human gateways. According to risk management firm NCC Group, there was a 5% drop in ransomware attacks last year - from 2,667 attacks in 2021 to 2,531 attacks in 2022 - although between February and April there was an uptick due to LockBit activity during the Russia-Ukraine war.

Social engineering attacks anybody could fall victim to
2022-10-24 04:30

Social engineering - also known as human hacking - is an expression that encompasses a number of methods and vectors attackers use to manipulate targets into giving away or providing access to sensitive information, or generally performing actions that are against their best interest. To effectively perform social engineering attacks, attackers exploit vulnerabilities in how humans react to specific situations.

BazarCall Call Back Phishing Attacks Constantly Evolving Its Social Engineering Tactics
2022-10-11 16:41

The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. Primary targets of the latest attack waves include the U.S., Canada, China, India, Japan, Taiwan, the Philippines, and the U.K. BazaCall, also called BazarCall, first gained popularity in 2020 for its novel approach of distributing the BazarBackdoor malware by manipulating potential victims into calling a phone number specified in decoy email messages.

Callback phishing attacks evolve their social engineering tactics
2022-10-08 14:11

Callback phishing operations have evolved their social engineering methods, keeping old fake subscriptions lure for the first phase of the attack but switching to pretending to help victims deal with an infection or hack. Callback phishing attacks are email campaigns pretending to be high-priced subscriptions designed to lead to confusion by the recipient as they never subscribed to these services.

3 ways enterprises can mitigate social engineering risks
2022-10-07 04:00

In this Help Net Security video, Alon Levin, VP of Product Management at Seraphic Security, explains what social engineering is, and how prevalent it is. He offers insight into the three ways enterprises can mitigate the risks of social engineering.

Defeat social engineering attacks by growing your cyber resilience
2022-09-07 04:00

In this Help Net Security video, Grayson Milbourne, Security Intelligence Director at OpenText Security Solutions, discusses the innovation behind social engineering campaigns and illustrates how...

New social engineering tactics discovered in the wild
2022-08-24 05:00

In this Help Net Security video, Otavio Freire, President and CTO at SafeGuard Cyber, offers insight on new social engineering tactics discovered in the wild, and illustrates how phishing attacks...

PC store told it can't claim full cyber-crime insurance after social-engineering attack
2022-08-16 16:43

A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses. Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud.