Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Social Engineering

New Social Engineering Tactic Uses PDFs in Business Email Compromise Attacks

Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks. Researchers at Check Point describe one current BEC campaign that’s using Soda PDF to send messages encouraging the recipients to call a phone number. Should they make the call, the bad actor on the line seeks to winkle them out of their cash. Check Point calls these kinds of attempts, which “leverage legitimate services to send out malicious material,” BEC 3.0.

Offbeat Social Engineering Tricks in a Scammer's Handbook

Contrary to stereotype, today’s cyberattacks aren’t limited to complex tactics such as the use of zero-day exploits or polymorphic malware that flies under the radar of traditional defenses. Instead of going the extra mile to set such schemes in motion, most threat actors take a shortcut and piggyback the human factor.

The Bookmark Trap: How Discord Admins Fell Prey to Social Engineering

Brian Krebs wrote: "A number of Discord communities focused on cryptocurrency have been hacked this past month after their administrators were tricked into running malicious Javascript code disguised as a Web browser bookmark. "According to interviews with victims, several of the attacks began with an interview request from someone posing as a reporter for a crypto-focused news outlet online.

[Mastering Minds] China's Cognitive Warfare Ambitions Are Social Engineering At Scale

As the world continues to evolve, so does the nature of warfare. China's People's Liberation Army (PLA) is increasingly focused on "Cognitive Warfare," a term referring to artificial intelligence (AI)-enabled military systems and operational concepts. The PLA's exploration into this new domain of warfare could potentially change the dynamics of global conflict.

Beyond the firewall: How social engineers use psychology to compromise organizational cybersecurity

A Social engineering attack is the process of exploiting weaknesses in human psychology to manipulate and persuade others to perform in a way that is harmful. Prior to the digital age, criminals would carry out these attacks in person, in what was known as a confidence game. The perpetrators were referred to a “con men”, regardless of their gender.

Blocking Social Engineering by Foreign Bad Actors: The Role of the New Foreign Malign Influence Center

The U.S. government created a new office to block disinformation. The new Foreign Malign Influence Center (FMIC) oversees efforts that span U.S. military, law enforcement, intelligence, and diplomatic agencies. The FMIC was established on September 23 of last year after Congress approved funding, and is situated within the Office of the Director of National Intelligence. The FMIC has the unique authority to marshal support from all elements of the U.S.

[Eyes Wide Shut] Fed Powell's Call with Russian Pranksters Exposed as Social Engineering

It was all over the news. Fed's Jerome Powell was social engineered by Russian pranksters posing as Zelensky. According to video footage shown on Russian state television, Federal Reserve Chairman Jerome Powell unwittingly spoke with a duo of Russian pranksters who were pretending to be Ukrainian President Volodymyr Zelenskiy during a call. Powell provided responses to various questions about topics like inflation and the Russian central bank, believing that he was speaking with Zelenskiy.

Another Perspective on ChatGPT's Social Engineering Potential

We’ve had occasion to write about ChatGPT’s potential for malign use in social engineering, both in the generation of phishbait at scale and as a topical theme that can appear in lures. We continue to track concerns about the new technology as they surface in the literature.