Social Engineering

Social Engineering news, analysis, how-to, opinion and video. | CIO

candy strangers
6 social media

central station standing

Awareness training: How much is too much?

The goal of security awareness training is to help employees recognize and avoid security risks. The key, experts say, is to make them skeptical but not operate in a “constant state of distrust.”

classroom training

Is your security awareness training program working?

The metrics to use to determine where to make improvements in security awareness training

security phishing hook

New tech can help catch spearphishing attacks

Highly-targeted spearphishing attacks slip past spam and anti-virus filters, but new approaches that look for more subtle patterns can help reduce the threat

Phishing trends

What is phishing success?

A recent article asking the question to security professionals seemed to miss the mark, and raises more questions than it answers.

Q&A

How well does social engineering work? One test returned 150%

A conversation with a white hat hacker

video

Social engineering tricks and why CEO fraud emails work

At the Black Hat conference in Las Vegas, CSO’s Steve Ragan talks with Stephanie Carruthers, owner of Snow Offensive Security, about why business email compromise (aka CEO fraud) works so well against companies. She also discusses...

ransomware locked computer stock image cropped

Report: Only 3 percent of U.S. companies pay attackers after ransomware infections

Almost half of all companies have been the victims of a ransomware attack during the past 12 months, but 97 percent of affected U.S. companies did not pay the ransom, according to a new report.

board of directors

Spearphishing attacks target boards

With great power comes great responsibility -- and also a great big target painted on your head. At least, that's the case lately with corporate boards of directors and cybercriminals launching spearphishing attacks

ransomware

93% of phishing emails are now ransomware

As of the end of March, 93 percent of all phishing emails contained encryption ransomware, according to a report released today

0 intro gamify

7 reasons to gamify your cybersecurity strategy

Thanks to gamification, organizations are finding new ways to educate employees on the importance of cybersecurity, through gaming elements like one-on-one competitions, rewards programs and more.

facebook logo crop

Security pros concerned about Facebook payment expansion

Facebook's Messenger app has allowed users to send money to friends using their debit cards since last spring, but recent reports indicate that Facebook may be considering a move into the retail payments space as well, following in...

breach title

Enterprises fall behind on protecting against phishing, detecting breaches

The ninth annual Verizon Data Breach Report contains bad news on multiple fronts, including click-through rates on phishing messages, how long it takes companies to detect breaches, and even whether companies spot the breaches at all....

bullseye darts

CEO targeted by fraud twice a month

Every couple of weeks or so, Tom Kemp's company gets hit by ever-more-sophisticated attempts to trick them out of large sums of money

01 whaling title

10 whaling emails that could get by an unsuspecting CEO

Email security company Mimecast has shared a handful of real-life examples of fraud attempts targeted at the person in the corner office.

01 intro

Ever been in these social engineering situations?

A security consultant lays out various scenarios in hopes you are not the next victim.

deception hack hacker phishing tricked

People are (still) the biggest security risks

Social engineering and ‘download this attachment’ scams are back – as if they ever left – and working better than ever, unfortunately.

social engineering
Awareness

Social engineering 101: 18 ways to hack a human [Infographic]

Hackers use these common tactics to prey on your humanity. Here's what you need to know to keep you, your users, and your business safe.

at symbol chain

Business email compromise fraud rising fast, hard to fight

The email comes from a trusted source -- the CEO, a regular vendor, the company attorney or accountant. It's part of an ongoing conversation, the format and language is identical to previous emails of the same type. There might even...

Load More