Focus on “Cybersecurity Culture” to Fight Social Engineering Attacks

Posted on By SEN Producer No Comments on Focus on “Cybersecurity Culture” to Fight Social Engineering Attacks

The Chief Evangelist for KnowBe4 Inc., provider security training and simulation services, makes a useful point about the inadequacy of cybersecurity software in a company where employees do not have the culture to identify and avoid social engineering attacks. He suggests several steps, starting with: “1. Assess Your Cybersecurity Culture Understand whether your employees value cybersecurity….

Read More “Focus on “Cybersecurity Culture” to Fight Social Engineering Attacks” »

Cybersecurity Culture, Social Engineering

Okta Customers Hit by Social Engineering Attacks

Posted on By SEN Producer No Comments on Okta Customers Hit by Social Engineering Attacks

The access management provider has issued a report on the attacks: “In recent weeks, multiple US-based Okta customers have reported a consistent pattern of social engineering attacks against IT service desk personnel, in which the caller’s strategy was to convince service desk personnel to reset all Multi-factor Authentication (MFA) factors enrolled by highly privileged users….

Read More “Okta Customers Hit by Social Engineering Attacks” »

Social Engineering

Feds Provide Guidance on Social Engineering in the Healthcare Industry

Posted on By SEN Producer No Comments on Feds Provide Guidance on Social Engineering in the Healthcare Industry

The guidance comes from a report entitled “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients,” from the US Department of Health and Human Services and its advisory group. It includes information social engineering and healthcare. See the report here. The information will seem basic to many IT security professionals, but it’s likely helpful to many…

Read More “Feds Provide Guidance on Social Engineering in the Healthcare Industry” »

Healthcare, Social Engineering

Are Your Employees Unwittingly Interacting with Social Engineering Attacks On Collaboration Platforms?

Posted on By SEN Producer No Comments on Are Your Employees Unwittingly Interacting with Social Engineering Attacks On Collaboration Platforms?

This interesting report covers increasing social engineering attacks on major collaboration platforms, noting the impact of the recent “Midnight Blizzard” attacks on Microsoft Teams. Read the article here. “‘As companies adopt new types of collaboration technologies, they don’t really think about security first or know what the risk might be until there’s some kind of…

Read More “Are Your Employees Unwittingly Interacting with Social Engineering Attacks On Collaboration Platforms?” »

Impersonation, Social Engineering

Seniors Lose Thousands of Dollars in Social Engineering Scams

Posted on By SEN Producer No Comments on Seniors Lose Thousands of Dollars in Social Engineering Scams

CBS’ 60 Minutes interviewed victims of social engineering scams. While people in their 30s file the most reports, according to the show, senior Americans lose the most money in these scams. The show interviews a number of victims, who provide details on the specific social engineering techniques that tricked them. In two of the cases…

Read More “Seniors Lose Thousands of Dollars in Social Engineering Scams” »

Impersonation, Pretexting

Google Workspace to Enable Customers to Require Two Admins to Sign Off on Critical Account Changes, Making Social Engineering Attacks More Difficult

Posted on By SEN Producer No Comments on Google Workspace to Enable Customers to Require Two Admins to Sign Off on Critical Account Changes, Making Social Engineering Attacks More Difficult

“‘Once it’s been implemented, when an admin initiates a highly sensitive action like a 2SV settings change, any other admin can approve,’ Google Workspace Director of Product Management Andy Wen told BleepingComputer.” Read the report here. The move will support enterprises increasing their efforts against social engineering scams such as phishing and lower the risk…

Read More “Google Workspace to Enable Customers to Require Two Admins to Sign Off on Critical Account Changes, Making Social Engineering Attacks More Difficult” »

Phishing, Social Engineering

When Typos Are Intentionally Used in Social Engineering Scams: Nigerian Prince Emails

Posted on By SEN Producer No Comments on When Typos Are Intentionally Used in Social Engineering Scams: Nigerian Prince Emails

This report offers a fascinating history of “419 emails” (named, according to the report, after the number used for fraud in the Nigerian penal code), an infamous advance-fee scam. There are several great tidbits about Nigerian Prince emails in the piece — we found this one interesting: “419 scammers are looking for the most gullible…

Read More “When Typos Are Intentionally Used in Social Engineering Scams: Nigerian Prince Emails” »

Pretexting

Like ChatGPT, but “with no Ethical Boundaries or Limitations”

Posted on By SEN Producer No Comments on Like ChatGPT, but “with no Ethical Boundaries or Limitations”

SlashNext reports on “WormGPT,” a new generative AI tool built for cybercrime, including BEC (business email compromise). “In one experiment, we instructed WormGPT to generate an email intended to pressure an unsuspecting account manager into paying a fraudulent invoice. The results were unsettling. WormGPT produced an email that was not only remarkably persuasive but also…

Read More “Like ChatGPT, but “with no Ethical Boundaries or Limitations”” »

AI and Social Engineering

Cyber & Wire Fraud Common in Mortgage Settlement Process

Posted on By SEN Producer No Comments on Cyber & Wire Fraud Common in Mortgage Settlement Process

Fraud, much of it involving social engineering, is common in the mortgage process according to a survey of almost 50,000 mortgage settlement agents. 20% said over the last year they’d been victims of wire fraud or attempted cyber fraud to intercept bank proceeds and 31% said they’d seen fraud in someone else’s transaction. “These survey…

Read More “Cyber & Wire Fraud Common in Mortgage Settlement Process” »

Social Engineering

Tricked by a Social Engineering Scam: Who’s Legally Responsible?

Posted on By SEN Producer No Comments on Tricked by a Social Engineering Scam: Who’s Legally Responsible?

Interesting report on AI and social engineering from Bloomberg. We enjoyed the details on the massive anti-fraud systems being developed by banks. Plus the tidbit about hacking extensions for Chrome. But also important, the mention of another frontier in social engineering: Looming battles over where to place legal liability for those scammed by social engineering:…

Read More “Tricked by a Social Engineering Scam: Who’s Legally Responsible?” »

AI and Social Engineering, Pretexting, Social Engineering & the Law