social engineering Archives

DocuSign impersonation attacks are exploiting government-vendor theft

Government Agency Spoofing: DocuSign Attacks Exploit Government-Vendor Trust

Stephen Kowski | November 18, 2024 | CTO Corner, DocuSign, Email Protection, Fraud, government attack, impersonation, , spoofing

The latest wave of DocuSign attacks has taken a concerning turn, specifically targeting businesses that regularly interact with state, municipal, and licensing authorities. Since November 8 through November 14, we have observed ...

SlashNext

Cyber Scams & Why We Fall for Them

hmeyers | October 25, 2024 | Blog Posts, Cyber Threats, Cybersecurity, Fraud, Scams,

Gary Perkins, Chief Information Security Officer Social engineers rely on two key psychological triggers: urgency and empathy. When people feel rushed or that they are helping someone in need, their normal critical ...

CISO Global

The Rise of AI Voicemail Scams, Political Donation Privacy Concerns

Tom Eston | September 16, 2024 | AI, Cyber Security, Cybersecurity, Data Privacy, Digital Privacy, election, Episodes, Information Security, Infosec, Podcast, Podcasts, political, Political Donation, Politics, Privacy, PS5, Scams, security, , technology, US election, Voicemail, Voicemail Scam, Walmart, Weekly Edition

In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. We also explore recent research on the privacy concerns surrounding donations to political parties ...

Shared Security Podcast

DTEX i³ Threat Advisory Reveals Growing Risk of Credential Abuse by Outside Adversaries

Kellie Roessler | August 27, 2024 | blended attack, DTEX i3 Team, Insider Risk Management, non-malicious insider, , threat advice

In today’s digital age, where the line between personal and professional life is increasingly blurred, the storage of corporate credentials on personal accounts has emerged as an attractive vector for outside adversaries ...

DTEX Systems Inc

digital, deception, deepfake, businesses, survey, attacks, deepfake, AI, security, deepfake, vishing, businesses, deepfake, misinformation, AI, deepfake technology

The Golden Age of Impersonation: The Dual Role of AI in Cyber Attacks & Cyber Defense

Shashi Prakash | August 22, 2024 | cyberattacks, Defense, Phishing,

Attacks today can be executed through a myriad of communication channels, including emails, social media and mobile applications. ...

Security Boulevard

Teach a Man to Phish

Forrest Kasler | August 21, 2024 | Hacking, Penetration Testing, Phishing, Red Team,

PHISHING SCHOOLA Decade of Distilled Phishing WisdomI decided to give away all of my phishing secrets for free. I realized at some point that I have been giving away phishing secrets for years, ...

Posts By SpecterOps Team Members - Medium

Sleeping With the Phishes

Forrest Kasler | August 13, 2024 | Hacking, Penetration Testing, Phishing, Red Team,

PHISHING SCHOOLHiding C2 With Stealthy Callback ChannelsWrite a custom command and control (C2) implant — Check ✅Test it on your system — Check ✅Test it in a lab against your client’s endpoint detection and response (EDR) product — Check ✅Convince a target ...

Posts By SpecterOps Team Members - Medium

vishing, romance scams generative AI pig butchering

This Caller Does Not Exist: Using AI to Conduct Vishing Attacks

Andre Rosario | August 7, 2024 | mobile attacks, Mobile Threats, Phishing, , vishing

The best way to defend against vishing attacks is by educating ourselves on how threat actors operate, and to become familiar with the tools, techniques and procedures used to carry out these ...

Security Boulevard

Deep Sea Phishing Pt. 2

Forrest Kasler | July 30, 2024 | Hacking, Penetration Testing, Phishing, Red Team,

PHISHING SCHOOLMaking Your Malware Look Legit to Bypasses EDRI wanted to write this blog about several good techniques for endpoint detection and response (EDR) evasion; however, as I was writing about how to ...

Posts By SpecterOps Team Members - Medium