Articles about social engineering

phishing_648

Seven in ten UK unis admit being duped by phishing attacks

Seven in ten UK universities have admitted falling victim to a phishing attack in which an individual has been tricked into disclosing personal details via an email purporting to be from a trusted source. The figure comes from a Freedom of Information (FoI) request by Duo Security to 70 universities across the UK, of which 51 …
John Leyden, 27 Apr 2017
Sad Android

Rate this as five stars or we'll bombard you with pop-up ads

A malicious app that bombards Androids with ads is using all sorts of trickery to boost its ratings. The app, dubbed Hiddad-BZ by security firm ESET, is available in the Google Play store where it poses as a tool to download content from YouTube. The app uses a number of deceptive methods to trick users into installing its …
John Leyden, 8 Mar 2017

UK cops spot webcam 'sextortion' plots: How vics can hit stop

The NCA has said that "at least four young men have taken their own lives" after being targeted by financially motivated webcam blackmailers, while UK police forces are sharing stats and tips in a campaign to combat the rising problem. Police say they've recorded 864 cases of webcam blackmail cases so far in 2016, more than …
John Leyden, 30 Nov 2016
Blackmail

New Ransoc extortionists hunt for actual child abuse material

Hackers have unleashed a strain of scammer that activates on compromised computers when it encounters filenames containing strings that have been associated with child abuse clips and images. Ransoc kicks in when it finds potential "evidence" of child abuse material or media files downloaded via torrents on the targeted …
John Leyden, 16 Nov 2016

Phishing fraudsters pose as UK bank social media types

Cybercrooks are posing as customer support staff from UK banks in a ruse designed to hoodwink gullible customers out of their credentials. The social media phasing scam relies on the creation of bogus Twitter profiles, such as @BarclaysHelpUK (real example, now suspended). Customers are already expecting a response from a …
John Leyden, 27 Oct 2016
Stef Hoffer http://www.shutterstock.com/video/clip-4466882-stock-footage-istanbul-turkey-april-large-crowds-of-people-make-their-way-to-istiklal-avenue-one-of.html

Pen-test trio crafts 'Datasploit' tool for easy social engineering

Black Hat A security trio has brewed a toolset to help attackers find sensitive open source intelligence on human targets. Shubham Mittal of NotSoSecure, Nutan Kumar Panda of eBay, and Sudhanshu Chauhan of Octogence released their Datasploit toolset to help social engineers find phone numbers, email addresses, and account information of …
Darren Pauli, 15 Aug 2016
Image by beccarra http://www.shutterstock.com/gallery-1124891p1.html

Hacker shows Reg how one leaked home address can lead to ruin

Unrestcon It takes nothing more than a home address for hacker "Nixxer" to find enough information to ruin your life. Nixxer is one of Australia’s most skilled good-guy social engineers and at a recent event, and in subsequent chats with The Reg, demonstrated the potential damage rather than actually ruining a life. But the arsenal he …
Darren Pauli, 20 Jul 2016
Apple iMac 27-inch 2013

Fake Flash update malware targets gullible Apple users

Security watchers have spotted a shareware scam targeting Apple users that features malicious code signed with a legitimate Apple developer certificate. The dodgy software poses as an Adobe Flash update, typically presented to potential marks as a pop-up reminder. Those who fall for the ruse will end up unwittingly …
John Leyden, 8 Feb 2016

Murder suspect alert? Nah: Scammers fling cop-style malware

A new email scam attempts to trick marks into opening a dodgy email attachment by posing as a murder suspect bulletin from “London City Police”.* The fake email alert is designed to appear important, but also somewhat ambiguous, in a deliberate attempt to trick users into opening the zip attachment. The arresting scam is more …
John Leyden, 15 Sep 2015

Sexy sock puppets seduce security suckers

Phishers have been targeting security researchers with fake LinkedIn profiles built on re-purposed photos of models and company logos, according to F-Secure hacker Sean Sullivan (@5ean5ullivan). The threat-finding bod said that would-be recruiters, linked to a network of phoney cryptographers and security types, were …
Darren Pauli, 7 Sep 2015

SMEs in the firing line as fake invoice scams skyrocket

UK small businesses need to be on heightened alert for fake invoices, following an alarming increase in this type of scam in the first six months of 2015. Action Fraud has received reports from 749 businesses reporting falling victim to this sort of con between January and June 2015 alone. This compares with 603 victims in the …
John Leyden, 25 Aug 2015
Archer cracks the ISIS mainframe's password

Webmail password reset scam lays groundwork for serious aggro

Symantec has warned about a new password recovery scam that tricks users into handing over webmail account access, possibly setting the stage for more serious security issues. Crooks behind the social engineering ruse need only knowledge of a prospective mark’s email address and associated mobile phone number before attempting …
John Leyden, 19 Jun 2015
Punk-styled girl with piercing gazes at an apple

Gullible Apple users targeted by bogus order cancellation scam

Cybercrooks are targeting Apple iCloud users with phishing messages designed to steal financial information. A new run of spam messages offer a slight twist on the popular ”bogus order" scam. Instead of simply telling you about a payment you're supposed to have made, prospective marks are invited to cancel a transaction …
John Leyden, 13 Feb 2015

Social sniffer predicts which Nigerian prince has the best chance of scamming you

Kiwi penetration tester Laura Bell has released a social engineering analysis tool to allow analysis of risky behaviour by punters. The platform dubbed "AVA" and billed as an "automated three-phase human vulnerability scanner" will soon be released as open source and made usable for both hackers using Kali Linux and less tech- …
Darren Pauli, 18 Dec 2014
Malware

Twitter 'news' spreads faster than Ebola #FakeCures #Malware

Updated Social media has become a conduit for the spread of fake cures and treatments for Ebola. As if that weren't bad enough, confusion about the epidemic is also being harnessed to push malware and other cybercrime scams, security watchers warn. The hoaxes began in the Twittersphere with the spread of false ways to treat Ebola. …
John Leyden, 20 Oct 2014
Arrow quiver

Hey, scammers. Google's FINE with your dodgy look-a-like apps

Attackers can easily craft third party scripts to imitate Google to trick users into granting authorisation to their email accounts, says infosec chap Andrew Cantino. The Mavenlink engineer said Mountain View did not make it sufficiently clear when users were approving third party access to their data, thus making social …
Darren Pauli, 15 Sep 2014
Puss considers how to respond to PayPal marketing overtures

Average chump in 'bank' phone scam is STUNG for £10,000 - study

UK consumers have lost more than £21m to "social engineering" scams where fraudsters impersonated bank employees and tech support since the beginning of the year, according to GetSafeOnline. A range of tactics including phishing emails, fraudulent phone calls asking for personal or financial information or phone calls from …
John Leyden, 26 Jun 2014

People will happily run malware if paid ONE CENT – new study

Security white hats, despair: users will run dodgy executables if they are paid as little as one cent. Even more would allow their computers to become infected by botnet software nasties if the price was increased to five or 10 cents. Offer a whole dollar and you'll secure a herd of willing internet slaves. The demoralising …
Darren Pauli, 18 Jun 2014

Create a news alert about social engineering, or find more stories about social engineering.

Biting the hand that feeds IT © 1998–2017