Social Engineering

Phishing scams spike leads to social engineering campaign

Get Safe Online has launched a major new campaign in the UK to help raise awareness of the dangers of social engineering, as figures suggest more needs to be done to inform the public about this growing nuisance.

5 things you need to know about social engineering

Social engineering plays an important part in a significant number of cyberattacks, however big, small or sophisticated the crime is. However, little is known about this tactic. This feature discusses some key aspects.

Tech support scams: 3 steps to conning unsuspecting victims

Tech support scams are “still big business”, ESET’s David Harley has previously said. In this guide we look at how fraudsters dupe their victims into handing over cash, while also corrupting their devices.

Myths about malware: an exploit is the same as malware

In this post we want to share with you a question that arose from the first post in this series: whether exploits are the same as malware. What are we talking about? The best way to debunk any myth is to start by understanding what it is we are talking about.

Salesforce software – millions of users at risk of Dyre malware

A strain of malware which previously targeted banks has turned its attention to users of the popular Customer Relationship Management (CRM) software Salesforce, used by 100,000 organizations worldwide.

Online ad threat – Yahoo, Amazon, YouTube ‘victims of malvertising’

Anyone who has visited popular domains such as YouTube.com, Amazon.com or Ads.Yahoo.com could be a victim of a new, mutating malware attack distributed through the adverts displayed on the sites.

TorrentLocker now targets UK with Royal Mail phishing

Three weeks ago, iSIGHT Partners discovered a new Ransomware encrypting victims’ documents. They dubbed this new threat TorrentLocker. TorrentLocker propagates via spam messages containing a link to a phishing page where the user is asked to download and execute “package tracking information”. In August, only Australians were targeted with fake Australian Post package-tracking page. While

Tax Scams, Malware, Phishing and a 419

A roundup of scam information, including a tax scams article, email with a link to malware, a phish, and the worlds laziest 419.

2013: a View to a Scam

There are plenty of scams effective enough to rate a warning or three, in the hope of alerting potential victims to the kind of gambit they use. And so, even though much of ESET’s business is focused on the bits and bytes of malicious software, I’ve spent a lot of time writing on WeLiveSecurity and

Phishing for Tesco Shoppers

A phishing scam targeting Tesco bank customers puts on a festive party hat and pretends to offer something for nothing. Is this a topical trend?

The Less Thoughtful Phisher

Less innovative than the scam mails described in my previous articles (Phish to phry  and The Thoughtful Phisher II), there are those phish messages that suggest a problem with your account that they need you to log in to fix. (Of course, you aren’t really logging in to a legitimate site.) Mostly their appeal is

The Thoughtful Phisher II

In the previous Thoughtful Phisher blog, we looked at some visual clues that should tip you off that a email from a ‘bank’ is not to be trusted. Just as interesting here, though, is the variety of social engineering gambits used by this wave of phish campaigns. It’s worth taking a closer look at some

Phish to phry: The Thoughtful Phisher Revisited…

[A much shorter version of this article appeared in the October 2013 Threat Radar Report as ‘The Thoughtful Phisher’. As these particular scam/spam campaigns don’t seem to be diminishing, however – indeed, some of the phishing techniques seem to be getting more sophisticated – I thought perhaps it was worth updating and expanding for a

Tech Support Scammers: Talking to a Real Support Team

It so happens that I live over 5,000 miles from the ESET North America office in San Diego, and so tend not to have water cooler conversations with the people located there. Of course, researchers working for and with ESET around the world maintain contact through the wonders of electronic messaging, but there are lots

Big companies still fall for social engineering “hacks” by phone – and it’s not getting better

Major companies such as Disney, Boeing and General Electric are still handing out information to “hackers” using the most basic tool of all – the human voice, according to a report on a competition at DefCon.

Needles and haystacks – the art of threat attribution

ESET researchers explain the difficulties in attribution of targeted attacks; evidence is often circumstantial and the source never positively identified.

Iranian election phishing campaigns thwarted by Google

Google claims to have spotted and disrupted several phishing campaigns in Iran – attempts to compromise tens of thousands of email accounts in the run-up to the country’s presidential elections this Friday.

Twitter blames spear-phishing for recent hacks – and warns news companies to expect more

Twitter has warned media companies that attacks on their official Twitter accounts are liable to continue, after Britain’s Guardian newspaper became the latest high-profile news site to fall victim.

Preventable errors are behind most security breaches, says Verizon report

Most cyber attacks are simple and predictable, relying on basic tactics and preventable employee errors, according to Verizon’s annual Data Breach Investigations Report. The problem is made worse by the fact that companies often take months or even years to detect such breaches.

Hacked CBS Twitter accounts present followers with malware-tainted “news”

Twitter accounts used by CBS News were compromised on Saturday – and began serving up bogus news stories with links to malware.

Follow us

Copyright © 2016 ESET, All Rights Reserved.