Threat actors continue to use generative AI tools to craft convincing social engineering attacks, according to Glory Kaburu at Cryptopolitan. “In the past, poorly worded or grammatically incorrect emails were often telltale signs of phishing attempts,” Kaburu writes. “Cybersecurity awareness training emphasized identifying such anomalies to thwart potential threats. However, the emergence of ChatGPT has changed the game.

Two giants in the gaming and hospitality industry, Caesars Entertainment and MGM Resorts, recently announced that they were targeted by cybercriminals. But here’s the catch, both ransomware attacks appear to have started with the use of social engineering tactics against IT helpdesk personnel to gain access to systems.

A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond. Usually, the intent of a phishing attack is evident. For example, if the attack is pretending to be Microsoft and sends you to a spoofed login page, the whole point of the attack is to harvest the victim’s Microsoft 365 credentials.

Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within organizations’ networks.

No, phishing and social engineering are not the same. Phishing is a subset of social engineering, meaning phishing attacks are a form of social engineering, but not all social engineering is considered phishing. Read on to learn more about what differentiates phishing from social engineering and how to protect yourself from both.

Continuing coverage of IBM’s recently-released Cost of a Data Breach report, we focus on the impact attacks involving social engineering have on data breach costs. There are two reports every year that we cover on this blog that you should be reading – Verizon’s Data Breach Investigations Report and IBM’s Cost of a Data Breach report. Each of these reports has been published for years, providing insight into how the state of data breaches are changing.

Most social engineering scams search out their potential victims, often sending emails to known email addresses, sending chat messages to them or calling known phone numbers. The attackers take an active role in seeking out and making contact with their victims.

A few weeks ago, GitHub posted on their blog a recent security alert that should have any organization in the tech industry worried. GitHub identified a social engineering campaign that is targeting personal accounts of employees that work for technology firms. This campaign is using a combination of repository invites and malicious npm package dependencies to strike.

How can you take a proactive approach to your organization’s cybersecurity strategy? Scoping the threat landscape and having a solid incident response plan is a good start. But you also need to continuously seek out vulnerabilities and weaknesses to remediate or mitigate. These vulnerabilities and weaknesses aren’t just limited to systems and processes – the human factor plays a prominent part in many cybersecurity breaches.