Security News
The phishing attack on Twitter employees serves as an opportunity for all businesses to reassess how they build and deploy application
People, like computers, can be hacked using a process called social engineering, and there's a good chance a cybersecurity attack on your organization could start with this technique.
Twitter has said that around 130 accounts were targeted by miscreants this week as high-profile individuals and businesses had their accounts hijacked to promote a Bitcoin scam. The estimate comes days after the social media biz admitted the blitz - which snared the accounts of Bill Gates, Elon Musk, Jeff Bezos, Apple, Uber and former President Barack Obama - was the result of "Coordinated social engineering".
SEE: Social engineering: A cheat sheet for business professionals. Security consulting firm Social Engineer, Inc., defines social engineering in incredibly basic and broad terms: "Any act that influences a person to take an action that may or may not be in their best interest."
Twenty years have passed since cybercrooks demonstrated the role exploiting human psychology could play in spreading malware. While not the first worm to cause a headache for computer users, it was the first to truly demonstrate the potential role of social engineering online.
Today we're going to dive into how COVID-19 is driving an increase in account takeover as well as providing some suggestions on how to combat. Before we get too into the weeds, let's just quickly level set on a definition of account takeover or ATO. Account takeover is when a legitimate customer's account is accessed through illicit means for the purpose of committing fraud.
Beyond compromised credentials, attackers leverage personally identifiable information gathered on specific targets to launch social engineering attacks or reset the victim's account password to take over the account. Social engineers armed with data can easily source the answers to knowledge-based questions, which are the primary form of user authentication during a password reset, to take over the account.
Despite a nearly four-month absence, the return of Emotet within the last two weeks of September accounted for nearly 12 percent of all malicious email samples in Q3, delivering millions of...
More than 99 percent of cyberattacks rely on human interaction to work, Proofpoint recently shared. More often than not, the principal attack method is phishing emails. When hitting enterprises,...
The idea that humans are the weakest link shouldn't guide the thinking on social-engineering defense.