Security News

PC store told it can't claim full cyber-crime insurance after social-engineering attack
2022-08-16 16:43

A Minnesota computer store suing its crime insurance provider has had its case dismissed, with the courts saying it was a clear instance of social engineering, a crime for which the insurer was only liable to cover a fraction of total losses. Travelers, which filed a motion to dismiss, said SJ's policy clearly delineated between computer fraud and social engineering fraud.

Ransomware gangs move to 'callback' social engineering attacks
2022-08-10 20:45

At least three groups split from the Conti ransomware operation have adopted BazarCall phishing tactics as the primary method to gain initial access to a victim's network. This allows the threat actors to deploy highly-targeted attacks that are more difficult to detect and stop because of the social engineering component.

How social engineering attacks are evolving beyond email
2022-06-16 04:35

In this Help Net Security video, Chris Lehman, CEO at SafeGuard Cyber, talks about how adversaries are moving beyond email to attack companies through a wide range of digital communications platforms, including mobile messaging, collaboration, conferencing, CRM and social media. These social engineering attacks are difficult to detect and bypass standard security controls.

Old Hacks Die Hard: Ransomware, Social Engineering Top Verizon DBIR Threats – Again
2022-06-03 13:46

Ransomware and social engineering continue to dominate challenges facing cybersecurity professionals, according to Verizon's 15th annual Data Breach Investigations Report. In general, the results of DBIR merely confirm well-established trends, such as the growing threats of ransomware - up 13% this year - and the inescapability of the "Human element", which was tied to 82% of all breaches.

[White Paper] Social Engineering: What You Need to Know to Stay Resilient
2022-05-11 05:43

By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Recent research reveals that social engineering is leveraged in 98% of attacks.

FBI: Payment app users targeted in social engineering attacks
2022-04-14 21:53

Cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts. "Under the pretext of reversing the fake money transfer, victims are swindled into sending payment to bank accounts under the control of the cyber actors," the FBI said.

Morgan Stanley client accounts breached in social engineering attacks
2022-03-24 22:47

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The company said in a notice sent to affected clients that, "On or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.

Verify End-Users at the Helpdesk to Prevent Social Engineering Cyber Attack
2021-10-11 07:20

Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks. There are many different types of social engineering schemes but one is area of vulnerability is how social engineering might be used against a helpdesk technician to steal a user's credentials.

Ongoing Bitcoin Scams Demonstrate Power of Social Engineering Triggers
2021-05-24 14:09

Bitcoin scams have soared over the last seven months. The surge started around October 2020, and the scams are continuing today.

Perl.com theft blamed on social engineering attack: Registrar 'convinced' to alter DNS records by miscreants
2021-03-02 08:25

The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization. The Register wrote about the domain takeover at the time and, as Foy put it, "The Register had spot-on reporting from the start as did Paul Ducklin at Sophos."