Social Engineering

Pierluigi Paganini August 19, 2024
The Mad Liberator ransomware group uses social-engineering techniques

New cybercrime group Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to conceal data exfiltrating. The Sophos X-Ops Incident Response team warned that a new ransomware group called Mad Liberator is exploiting the remote-access application Anydesk for their attacks. The group was also spotted running a fake Microsoft Windows update […]

Pierluigi Paganini September 02, 2023
Social engineering attacks target Okta customers to achieve a highly privileged role

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor […]

Pierluigi Paganini June 08, 2023
Experts detail a new Kimsuky social engineering campaign

North Korea-linked APT Kimsuky has been linked to a social engineering campaign aimed at experts in North Korean affairs. SentinelLabs researchers uncovered a social engineering campaign by the North Korea-linked APT group Kimsuky that is targeting experts in North Korean affairs. The attacks are part of a broader campaign recently detailed in a joint advisory published by […]

Pierluigi Paganini February 20, 2023
Social engineering, deception becomes increasingly sophisticated

Social engineering techniques are becoming increasingly sophisticated and are exploiting multiple emerging means, such as deep fakes. The increasing use of videoconferencing platforms and the various forms of remote work also adopted in the post-emergency covid make interpersonal collaborations increasingly virtual. This scenario must undoubtedly force organizations to prepare adequately to be able to recognize […]

Pierluigi Paganini November 25, 2022
An international police operation dismantled the spoofing service iSpoof

An international law enforcement operation has dismantled an online phone number spoofing service called iSpoof. An international law enforcement operation that was conducted by authorities in Europe, Australia, the United States, Ukraine, and Canada, with the support of Europol, has dismantled online phone number spoofing service called iSpoof. The iSpoof service allowed fraudsters to impersonate trusted corporations […]

Pierluigi Paganini July 19, 2022
Crooks create rogue cryptocurrency-themed apps to steal crypto assets from users

The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. Crooks contact US investors claiming to offer legitimate cryptocurrency investment services, and attempt to trick them […]

Pierluigi Paganini February 01, 2022
Massive social engineering waves have impacted banks in several countries

A massive social engineering campaign targeting banks has been delivered in the last two years in several countries. A massive social engineering campaign has been delivered in the last two years in several countries, including Portugal, Spain, Brazil, Mexico, Chile, the UK, and France. According to Segurança Informática publication, the malicious waves have impacted banking […]

Pierluigi Paganini July 20, 2021
Microsoft secured court order to take down domains used in BEC campaign

Microsoft has seized 17 malicious homoglyph domains used by crooks in a business email compromise (BEC) campaign targeting its users. Microsoft’s Digital Crimes Unit (DCU) has seized 17 domains that were used by scammers in a business email compromise (BEC) campaign aimed at its customers. The IT giant secured a court order that allowed it to take down “homoglyph” domains […]

Pierluigi Paganini September 05, 2020
Hackers use overlay screens on legitimate sites to steal Outlook credentials

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are displayed on top of legitimate webpages to […]

Pierluigi Paganini June 25, 2019
SocialEngineered forum hacked and data leaked online

SocialEngineered.net is a forum dedicated to social engineering discussions, it has been compromised data of its users was leaked on a hacker forum. SocialEngineered.net, the forum dedicated to social engineering topics, announced it has suffered a data breach two weeks ago. Hackers accessed data from tens of thousands of members and leaked them online on […]