Look out for More SMiShing This Year

With the new year come new social engineering threats to users. While many of these threats themselves are not new, the rising frequency and execution of them is worth attention.  SMiShing (SMS phishing) is one of those techniques attackers use that is not new, but some see as a trend to keep an eye on in the new year.  If you are unfamiliar with the term, the basic description is that it is like phishing, but utilizes the target’s mobile phone for the delivery of a fraudulent text message as opposed to the target’s email address, in essence SMS phishing.  Continue Reading > The post Look out for More SMiShing This Year appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

2017 Verizon DBIR Social Engineering Breakdown

The much anticipated 2017 Verizon DBIR was recently released, and has some interesting data for social engineering attacks in 2016.  Social-Engineer is proud to have been a contributor to this year’s report. Below are highlights from the report, and some tips at the end on how to stay safe. Verizon studied 42,068 security incidents that resulted in 1,935 breaches. Overall, 43% of the documented breaches involved social engineering attacks!  That’s almost half, and these are only representative of the reported/documented breaches. Figure 1: Overall breaches using Social Attacks Not surprisingly, 66% of malware came from malicious email attachments.  These could Continue Reading > The post 2017 Verizon DBIR Social Engineering Breakdown appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

The Homograph Attack

Imagine sitting in front of your computer and as you’re checking your email, you come across a message advertising a great deal on the Apple iPad. You’ve been wanting to get one so you can give your old one to your child. So, you click the link that goes to https://www.apple.com. Now you check; is it secure? You see the green lock and the https in the URL. Okay it’s secure. Is it real? https://www.apple.com is what you see in the browser. So, it must be real. If you were to have looked closer you would have seen https://www.xn--80ak6aa92e.com/ not Continue Reading > The post The Homograph Attack appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

Catching Phish in the Desert: El Paso Loses 3.2 Million Dollars via Spear Phish

In 2016, phishing reached an all-time high by the second quarter. An average of 155,000 phishing emails were sent out during the months of April, May and June according to the Anti-Phishing Workgroup. This alarming trend was noted among many industry analysts, and helped to bring much of information security to the forefront of news media, and generated more visibility into the security community as an increase in the cost and visibility of these attacks made them a threat to many businesses. In August of 2016, the city of El Paso, Texas was scammed out of a total $3.2 million Continue Reading > The post Catching Phish in the Desert: El Paso Loses 3.2 Million Dollars via Spear Phish appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

The Data Breach Price Tag: How Much is Security Worth?

2015 was called the year of the breach with groups like Target being compromised and losing around 30 million credit card numbers, and OPM losing the list of government employees with a  security clearance. That would make 2016 the year of the mega-breach. The Identity Theft Research Center (ITRC) recorded 1,093 breaches last year, with a known total of 36.6 million records being exposed or stolen, but estimates now put that number well over 1 billion records and a total of 4.8 billion records exposed since 2013. With devastation on that scale, it begs the question of how much does Continue Reading > The post The Data Breach Price Tag: How Much is Security Worth? appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

Phishing Continues to Get More Sophisticated

Recently several sophisticated phishing attacks have been on the rise, with many attempting to harvest a target’s Gmail credentials.  Below we’ll do a quick breakdown of each one, and how you can continue to protect yourself in the future.  While the attack examples below were targeted at Gmail accounts, these can easily be used across many different platforms as well. Phishing by Obfuscation The following sophisticated phish has been making the rounds.  Like any other phish it may appear to come from a trusted person (or may actually be coming from a trusted person who has been hacked), and usually Continue Reading > The post Phishing Continues to Get More Sophisticated appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

SECOM Team Building and Treetop Retreat

This is the true story of 10 co-workers, picked to go to Orlando, work together, and have their lives taped. Find out what happens when people stop being polite and start getting real… We’re not reality stars, but the rest really happened. Last week, the crew of Social-Engineer attended our second annual corporate retreat in Orlando, FL. While the rest of the world was going about their business, we descended on the resort town from all corners of the US with the purpose of getting off our phones and laptops to spend some time together learning, bonding, and growing. Thursday: Continue Reading > The post SECOM Team Building and Treetop Retreat appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

Why You Should Disable Autofill on Your Browsers

Completing an online order.  Filling out another registration form.  These are just some of the online tasks we’re happy to have Autofill complete the information for us.  Recently however, web developer Viljami Kuosmanen discovered a vulnerability that can expose your stored data to a malicious person via phishing.  In this attack, a phishing email would be sent asking the target to complete a form on a web page.  Once the target fills out one of the (visible) fields, the browser then auto populates multiple invisible fields on the page (drawing from the stored Autofill data).       Above is an example Continue Reading > The post Why You Should Disable Autofill on Your Browsers appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

Phishing The C-Suite— Why do the executives keep biting?

They’re educated, seasoned professionals. They sit in big offices and make decisions that affect the future of the company. So why are so many executives biting when they are phished? Why are we seeing so many reports like these:  Snapchat– An attacker pretended to be Snapchat chief executive Evan Spiegel and tricked an employee into emailing over 700 current or former employees’ information including their names, social security numbers and wage data.  Mattel – a finance executive wired more than $3 million to the Bank of Wenzhou after the ‘new CEO’ requested a vendor payment. According to reports, Mattel quickly Continue Reading > The post Phishing The C-Suite— Why do the executives keep biting? appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more

Paging the Social Engineer: Crypto Missing in Many Industries with Sensitive Information

How many can remember the show ER? The insane pace, the rapid-fire drama? If you are a tech nerd, you remember the gear. Mostly, those old pagers. A recent study performed by Trend Micro showed that a number of major industries still use pagers to try and keep employees up to date with different emergencies. Among these are industrial control systems, HVAC, and most notably the medical field. This may seem innocuous until you look at the transmission methods used and the fact that all pages are sent clear text over the air. With a software defined radio and a Continue Reading > The post Paging the Social Engineer: Crypto Missing in Many Industries with Sensitive Information appeared first on Social-Engineer.Com - Professional Social Engineering Training and Services.
Read more