Collaborate Disseminate
When one thinks of Open Source Intelligence (OSINT) things like Facebook, court records, and Google-fu typically come to mind. However, a skilled reconnoiter will also utilize the contents of your trash when looking for information. Fraudst… Continue reading Are You Being Vigilant Against a Dumpster Diving Attack?
‘Tis the season for tax fraud and identity theft via tax-related scams. Tax fraud has been on the rise for years, and nearly 1 out of every 2 Americans are at increased risk for tax fraud due to the Equifax breach. 145 million America… Continue reading Stay Safe in the Tax Season after Equifax
With the new year come new social engineering threats to users. While many of these threats themselves are not new, the rising frequency and execution of them is worth attention. SMiShing (SMS phishing) is one of those techniques attackers use th… Continue reading Look out for More SMiShing This Year
The much anticipated 2017 Verizon DBIR was recently released, and has some interesting data for social engineering attacks in 2016. Social-Engineer is proud to have been a contributor to this year’s report. Below are highlights from the report, and some tips at the end on how to stay safe. Verizon studied 42,068 security incidents that resulted in 1,935 breaches. Overall, 43% of the documented breaches involved social engineering attacks! That’s almost half, and these are only representative of the reported/documented breaches. Figure 1: Overall breaches using Social Attacks Not surprisingly, 66% of malware came from malicious email attachments. These could […] Continue Reading >
The post 2017 Verizon DBIR Social Engineering Breakdown appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.
Continue reading 2017 Verizon DBIR Social Engineering Breakdown
In 2016, phishing reached an all-time high by the second quarter. An average of 155,000 phishing emails were sent out during the months of April, May and June according to the Anti-Phishing Workgroup. This alarming trend was noted among many industry analysts, and helped to bring much of information security to the forefront of news media, and generated more visibility into the security community as an increase in the cost and visibility of these attacks made them a threat to many businesses. In August of 2016, the city of El Paso, Texas was scammed out of a total $3.2 million […] Continue Reading >
The post Catching Phish in the Desert: El Paso Loses 3.2 Million Dollars via Spear Phish appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.
Continue reading Catching Phish in the Desert: El Paso Loses 3.2 Million Dollars via Spear Phish
2015 was called the year of the breach with groups like Target being compromised and losing around 30 million credit card numbers, and OPM losing the list of government employees with a security clearance. That would make 2016 the year of the mega-breach. The Identity Theft Research Center (ITRC) recorded 1,093 breaches last year, with a known total of 36.6 million records being exposed or stolen, but estimates now put that number well over 1 billion records and a total of 4.8 billion records exposed since 2013. With devastation on that scale, it begs the question of how much does […] Continue Reading >
The post The Data Breach Price Tag: How Much is Security Worth? appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.
Continue reading The Data Breach Price Tag: How Much is Security Worth?
Recently several sophisticated phishing attacks have been on the rise, with many attempting to harvest a target’s Gmail credentials. Below we’ll do a quick breakdown of each one, and how you can continue to protect yourself in the future. While the attack examples below were targeted at Gmail accounts, these can easily be used across many different platforms as well. Phishing by Obfuscation The following sophisticated phish has been making the rounds. Like any other phish it may appear to come from a trusted person (or may actually be coming from a trusted person who has been hacked), and usually […] Continue Reading >
The post Phishing Continues to Get More Sophisticated appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.
Continue reading Phishing Continues to Get More Sophisticated
Completing an online order. Filling out another registration form. These are just some of the online tasks we’re happy to have Autofill complete the information for us. Recently however, web developer Viljami Kuosmanen discovered a vulnerability that can expose your stored data to a malicious person via phishing. In this attack, a phishing email would be sent asking the target to complete a form on a web page. Once the target fills out one of the (visible) fields, the browser then auto populates multiple invisible fields on the page (drawing from the stored Autofill data). Above is an example […] Continue Reading >
The post Why You Should Disable Autofill on Your Browsers appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.
Continue reading Why You Should Disable Autofill on Your Browsers
How many can remember the show ER? The insane pace, the rapid-fire drama? If you are a tech nerd, you remember the gear. Mostly, those old pagers. A recent study performed by Trend Micro showed that a number of major industries still use pagers to try and keep employees up to date with different emergencies. Among these are industrial control systems, HVAC, and most notably the medical field. This may seem innocuous until you look at the transmission methods used and the fact that all pages are sent clear text over the air. With a software defined radio and a […] Continue Reading >
The post Paging the Social Engineer: Crypto Missing in Many Industries with Sensitive Information appeared first on Social-Engineer.Com – Professional Social Engineering Training and Services.