Skip to main content

Tag: socialengineering

102 articles

UK Warns of Targeted Attacks on WhatsApp and Signal Accounts

UK Warns of Targeted Attacks on WhatsApp and Signal Accounts

The UK's cybersecurity agency has issued a warning about hackers targeting WhatsApp and Signal accounts, specifically using social engineering tactics to gain access to private conversations. To stay safe, "high-risk" individuals can take steps to protect themselves from these types of cyber-attacks.

Analyst 207
WhatsApp Abused in Critical Multi-Stage Attack Warns Microsoft

WhatsApp Abused in Critical Multi-Stage Attack Warns Microsoft

Beware: a simple WhatsApp message can be the gateway for hackers to take control of your entire corporate network, as Microsoft warns of a new multi-stage social-engineering campaign exploiting the popular messaging app's security vulnerabilities. Stay vigilant - your harmless "ping" could be the weakest link in your security chain!

Analyst 207
KrebsOnSecurity.com Exclusive: Best Security Insights at 16

KrebsOnSecurity.com Exclusive: Best Security Insights at 16

For its 16th year, KrebsOnSecurity pulls back the curtain on how organized extortion rings, DDoS‑for‑hire botnets and scaled social‑engineering tradecraft turned lone hackers into multimillion‑dollar criminal businesses.

Analyst 207
HashJack Exclusive: Dangerous Injection Weaponizes Websites

HashJack Exclusive: Dangerous Injection Weaponizes Websites

Meet HashJack — a new technique that turns everyday websites into traps for AI‑enabled browsers and automated agents, tricking them into leaking session tokens and secrets with a convincing prompt. What feels like a harmless CAPTCHA or verification dialog can quietly hand attackers the keys to your account until those tokens are revoked.

Analyst 207
ClickFix Phishing Exclusive: Critical Hotel Malware Alert

ClickFix Phishing Exclusive: Critical Hotel Malware Alert

Imagine a routine support ticket that silently installs malware—attackers are using ClickFix‑style pages sent from compromised hotel emails to steal credentials or drop remote‑access tools like PureRAT. Be cautious: don’t paste commands or log in from unexpected support links—verify the sender and the page first.

Analyst 207
Tangled fishing lines and hooks on a cluttered academic desk with scattered papers and broken stationery, featuring a shiny…

UNK_SmudgedSerpent Exclusive: Dangerous Lures for Academics

Think your inbox is just clutter? A newly observed actor, UNK_SmudgedSerpent, is luring academics with plausible conference invites, fake collaboration requests and weaponized drafts to steal unpublished research and private correspondence—forcing universities to choose between openness and much tougher defenses.

Analyst 207
Person in shadows reaching for cash with laptop displaying downward trend in background.

Investment Scams: Exclusive Asia Report on Alarming Spread

Our exclusive Asia report exposes the alarming spread of investment scams across the region—read on to spot the red flags and protect your money.

Analyst 207
85,000 Pet Owner Records Exposed: Exclusive Critical Risk

85,000 Pet Owner Records Exposed: Exclusive Critical Risk

A misconfigured database left 85,000 pet‑owner records — from names and addresses to medical notes and microchip IDs — publicly accessible, creating a roadmap for scammers, identity thieves and even pet‑theft. Here’s what was exposed, how it happened, and simple steps to protect your pet and family.

Analyst 207
Singapore Officials Targeted in Stunning Damaging Scam

Singapore Officials Targeted in Stunning Damaging Scam

A stunning Singapore officials scam has exposed shocking vulnerabilities—discover how the damaging scheme unfolded and what it means for public trust.

Analyst 207
ShinyHunters Exclusive: Damaging Corporate Extortion Wave

ShinyHunters Exclusive: Damaging Corporate Extortion Wave

The ShinyHunters campaign has escalated from quiet database dumps to brazen public extortion—naming victims, posting timetables, and using voice‑phishing plus massive file thefts that could turn single breaches into a supply‑chain crisis. Corporations now face a stark choice: pay ransoms or risk a public dump of sensitive customer and corporate data.

Analyst 207
YouTube Videos Exposed: Exclusive Dangerous Malware Alert

YouTube Videos Exposed: Exclusive Dangerous Malware Alert

Think twice before clicking — researchers have uncovered a coordinated network that’s published over 3,000 malicious videos, baiting viewers with fake tools and links that install credential stealers, cryptominers, and remote-access trojans.

Analyst 207
85,000 Pet Owner Records Exposed in Major Data Breach

85,000 Pet Owner Records Exposed in Major Data Breach

Turns out your pet’s medical chart can be a treasure map for crooks — over 85,000 pet and owner records were left publicly accessible, exposing names, contact details, microchip and medical data. What starts as spam can quickly turn into targeted fraud, identity theft or even false ownership claims, putting families and animals at real risk.

Analyst 207
Feds Tie Scattered Spider Duo to $115M in Ransoms

Feds Tie Scattered Spider Duo to $115M in Ransoms

U.S. prosecutors say 19‑year‑old Thalha Jubair helped power Scattered Spiders telecom‑focused extortion ring, allegedly netting at least $115 million through SIM‑swap scams, social engineering and account takeovers. The cross‑border indictment is a stark wake‑up call that human trust, lax recovery policies and reused credentials—not exotic malware—still fuel major ransoms.

Analyst 207
calendar invite Shocking Leak: Risky Trust Damage

calendar invite Shocking Leak: Risky Trust Damage

A misconfigured Outlook calendar invite from Cifas accidentally exposed dozens of fraud-prevention professionals’ email addresses — a simple slip with potentially serious consequences. It’s a wake-up call that default-private settings, group aliases and basic training aren’t optional if we want to protect the people who protect us.

Analyst 207
copy-paste attacks: Dangerous, Must-Have Fixes

copy-paste attacks: Dangerous, Must-Have Fixes

When a site tells you “paste this into your console” it may seem like helpful tech support, but ClickFix attacks are a fast‑growing social‑engineering scam that trick users into running scripts that steal tokens, clipboard data, or install persistent browser malware. Learn why low technical barriers, defenses that can be bypassed by user interaction, and high‑value browser tokens make copy‑paste attacks especially dangerous — and what can be done to stop them.

Analyst 207
phishing emails: Urgent Warning—Must-Have Best Tips

phishing emails: Urgent Warning—Must-Have Best Tips

Don’t panic — LastPass says it wasn’t hacked; those alarming emails are a phishing scam. Pause, verify updates through the official app or website, and report any suspicious messages.

Analyst 207
Cryptocurrency ATMs: Risky Reality, Must-Have Alerts

Cryptocurrency ATMs: Risky Reality, Must-Have Alerts

Cryptocurrency ATMs offer quick, cash-to-crypto convenience—but their speed and perceived anonymity make them prime tools for scammers and regulatory headaches, so investors should scrutinize fees, compliance, and fraud controls before betting on the sector.

Analyst 207
weaponize trust: Stunning, Risky Threats to Tech

weaponize trust: Stunning, Risky Threats to Tech

This week’s ThreatsDay unpacks a staggering $15B crypto fraud, chilling satellite-enabled surveillance, and a rise in smishing — showing how everyday tech is being turned against us and what simple steps you can take to protect your money, data, and trust.

Analyst 207
Whisper 2FA: Exclusive Risky Phishing Threat

Whisper 2FA: Exclusive Risky Phishing Threat

Think 2FA is foolproof? Researchers warn Whisper 2FA — a phishing‑as‑a‑service tool tied to roughly one million credential‑theft attempts since July 2025 — shows attackers can cheaply scale real‑time relay attacks, so phishing‑resistant authentication and layered defenses are now essential.

Analyst 207
online scam network Exposed: Stunning Risky Fraud Ring

online scam network Exposed: Stunning Risky Fraud Ring

The UK and US have hit a sprawling Southeast Asian scam network with coordinated sanctions to freeze assets and choke off the financial lifelines behind investment and romance frauds. The move targets call centres in Cambodia and Myanmar that allegedly use script-driven deception, coerced workers and complex laundering to prey on victims worldwide.

Analyst 207
Scattered Lapsus$ Hunters: Exclusive Risky Hiatus

Scattered Lapsus$ Hunters: Exclusive Risky Hiatus

After the FBI seized their site, teenage collective Scattered Lapsus$ Hunters vowed to go dark until 2026 — a defiant restart in a familiar retire-regroup-return cycle. Whether they stick to it or not, defenders should treat the pause as a chance to patch vulnerabilities, rotate credentials and strengthen defenses.

Analyst 207
subpoena management platform Stunning Risky Outage Exposes

subpoena management platform Stunning Risky Outage Exposes

When Kodex — the subpoena-tracking platform trusted by police and big tech — went dark after its domain was frozen over a forged legal order, agencies were left scrambling and the outage revealed how social engineering against registrars and cloud providers can cripple critical legal services without touching any code. It’s a wake-up call to strengthen verification, add redundancy, and treat DNS and registrar governance as core security, not an afterthought.

Analyst 207
phishing Warning: Exclusive Risky Threat & Must-Have Fixes

phishing Warning: Exclusive Risky Threat & Must-Have Fixes

ENISA warns that simple phishing emails and unpatched systems were behind most EU cyber intrusions last year, turning tiny mistakes into big national-security headaches. It’s a wake-up call to harden the basics—MFA, patching, email defenses, and smarter user training—before the next click becomes a crisis.

Analyst 207
Windows shortcuts: Stunning, Risky DLL Lures

Windows shortcuts: Stunning, Risky DLL Lures

A single innocent-looking Windows shortcut in a ZIP can quietly trigger PowerShell to fetch a DLL implant and let attackers run code inside trusted processes — turning everyday convenience into a stealthy compromise. Stay skeptical of unexpected archives and treat shortcut icons as potentially dangerous until verified.

Analyst 207