Security news aggregator

Latest coverage for Social Engineering

Social engineering manipulates people into revealing access or approving actions, causing compromise; verify requests and enforce least privilege.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Social engineering is the deliberate manipulation of people into disclosing information, bypassing a control, or performing an action for an attacker. It commonly uses phishing, voice or text messages, impersonation, pretexting, and physical access attempts. In a threat model, the attacker targets trust, urgency, authority, or helpfulness rather than exploiting software directly. Successful deception can expose credentials or personal data, authorize fraudulent payments, enable malware delivery, or provide an initial foothold for account or network compromise.

Effective defenses make sensitive requests independently verifiable and limit the damage of a mistake. Use phishing-resistant multi-factor authentication where practical, least-privilege access, and approval or call-back procedures for payments, password resets, and changes to account or banking details. Staff should have a simple way to report suspected messages without penalty; security teams can then investigate related accounts, messages, and login activity, revoke exposed credentials, and contain follow-on access. Awareness training helps people recognize pretexts, but should reinforce these technical and procedural controls rather than rely on vigilance alone.

Showing 3 most recent headlines Filtered view
Bank Info Security 1 year, 10 months ago

ISMG Editors: Social Engineering, Election Defense in AI Era

Also: Dangers of Malicious Code Embedded in ML Models; Is Ransomware in Decline?AI's influence on social engineering and election security has become a focal point at Black Hat. ISMG editors discuss how advanced technologies are making it easier to manipulate people and compromise security systems and offer key insights on machine learning vulnerabilities.

Bank Info Security 1 year, 10 months ago

Real-Time Deepfakes: A Growing Threat to Corporate Security

Bishop Fox's Brandon Kovacs on the Security Risks of Real-Time Voice, Video CloningThe ability to create real-time deepfakes of trusted figures has transformed the landscape of corporate security threats. Brandon Kovacs, senior red team consultant at Bishop Fox, details how attackers can now clone voices and video in real-time, enabling new forms of social engineering and fraud.