Monthly Archives: April 2023

It was all over the news. Fed’s Jerome Powell was social engineered by Russian pranksters posing as Zelensky. 

Wired just published an interesting story about political bias that can show up in LLM’s due to their training. It is becoming clear that training an LLM to exhibit a certain bias is relatively easy. This is a reason for … Read More

Check out the 19 new pieces of training content added in April, alongside the always fresh content update highlights, events and new features.

A new survey points to an overconfidence around organization’s preparedness, despite admitting to falling victim to ransomware attacks – in some cases multiple times.

A new impersonation scam targets users of the popular pay platform under the guise of the victim having money coming to them and with the goal to obtain Zelle credentials.

QBot malware seems to be outliving its competitors through innovative new ways to socially engineer victims into helping install it.

Poker players and other human lie detectors look for “tells,” that is, a sign by which someone might unwittingly or involuntarily reveal what they know, or what they intend to do. A cardplayer yawns when he’s about to bluff, for … Read More

Money mules play a subordinate but important role in the criminal economy. They’re used to move stolen funds around, a low-level version of illicit remittance and money laundering. Researchers at Feedzai, in the course of a look at fraud in … Read More

Researchers at Group-IB have found an extensive campaign in which criminal operators have created a large number of fake Facebook profiles that repost messages in which the scammers misrepresent themselves as tech support personnel from Meta (Facebook’s corporate parent). Researchers … Read More

CyberheistNews Vol 13 #17  |   April 25th, 2023 [Head Start] Effective Methods How To Teach Social Engineering to an AI Remember The Sims? Well Stanford created a small virtual world with 25 ChatGPT-powered “people.” The simulation ran for 2 … Read More

We’ve had occasion to write about ChatGPT’s potential for malign use in social engineering, both in the generation of phishbait at scale and as a topical theme that can appear in lures. We continue to track concerns about the new … Read More

You may not have heard of this service planned for July 2023, but it promises a massive new social engineering attack surface. This is from their website: “About the FedNowSM Service. The FedNow Service is a new instant payment infrastructure … Read More

A FBI bulletin highlights a new twist in the sextortion game: companies claiming to assist with addressing sextortion who use deceptive social engineering tactics to coerce victims into paying huge fees.

Social media is designed of course to connect, but legitimate modes of doing so can be abused. One such case of abuse that’s currently running involves Linktree, a kind of meta-medium for social media users with many accounts. If you’re … Read More

New data shows that cybercriminals started this year off with a massive effort using new techniques and increased levels of attack sophistication.

At a time when cyber attacks are achieving success in varying degrees and IT pros are keeping quiet about resulting breaches, there is one specific type of attack that has them most worried.

The nature of an advanced artificial intelligence (AI) engine such as ChatGPT provides its users with an ability to use and misuse, potentially empowering both security teams and threat actors alike.

In an interesting twist, new data hints that organizations with cyber insurance may be relying on it too much, instead of shoring up security to ensure attacks never succeed.

The Verge came out with an article that got my attention. As artificial intelligence continues to advance at an unprecedented pace, the potential for its misuse in the realm of information security grows in parallel. A recent experiment by data … Read More

We are excited to announce that KnowBe4 has been named a leader in the Spring 2023 G2 Grid Report for Security Orchestration, Automation, and Response (SOAR) for the PhishER platform for the eigth consecutive quarter!