Security News

By preying on human emotion, social engineering scams inflict billions of dollars of damage with minimal planning or expertise. Recent research reveals that social engineering is leveraged in 98% of attacks.

Cybercriminals are attempting to trick American users of digital payment apps into making instant money transfers in social engineering attacks using text messages with fake bank fraud alerts. "Under the pretext of reversing the fake money transfer, victims are swindled into sending payment to bank accounts under the control of the cyber actors," the FBI said.

Morgan Stanley Wealth Management, the wealth and asset management division of Morgan Stanley, says some of its customers had their accounts compromised in social engineering attacks. The company said in a notice sent to affected clients that, "On or around February 11, 2022," a threat actor impersonating Morgan Stanley gained access to their accounts after tricking them into providing their Morgan Stanley Online account info.

Although organizations commonly go to great lengths to address security vulnerabilities that may exist within their IT infrastructure, an organization's helpdesk might pose a bigger threat due to social engineering attacks. There are many different types of social engineering schemes but one is area of vulnerability is how social engineering might be used against a helpdesk technician to steal a user's credentials.

Bitcoin scams have soared over the last seven months. The surge started around October 2020, and the scams are continuing today.

The short-lived theft of Perl.com in late January is believed to have been the result of a social engineering attack that convinced registrar Network Solutions to alter the domain's records without valid authorization. The Register wrote about the domain takeover at the time and, as Foy put it, "The Register had spot-on reporting from the start as did Paul Ducklin at Sophos."

How do you go from neuroscientist to DEFCON Social Engineering Capture the Flag champ? Find out from hacker and social engineering expert Rachel Tobac! Join us for a fascinating interview with Rachel about her journey, why you should always be "Politely paranoid", and the people who inspired her along the way.

IT security teams need to educate employees about the psychological techniques cybercriminals often use in social engineering attacks. This type of automated response is not lost upon cybercriminals, nor on Chris Poulin, who was a strategist at IBM's X-Force, when he wrote his IBM Security Intelligence commentary 6 Psychological Elements Behind Sophisticated Cyber Attacks, which looks at how cybercriminals leverage human traits to improve their odds of a successful attack.

Social engineering is allowing cybercriminals the way in. It's time to shift some of the focus from technology to psychology, as even the most sophisticated cybersecurity system has not prevented people from falling victim to social engineering.

A report released Thursday by business VPN provider NordVPN Teams examines three different types of social engineering attacks and offers advice on how to combat them. Social engineering attacks jumped during the first half of 2020, according to NordVPN Teams.