Exclusive Master’s Level Social Engineering Class is Here!


Over the past four years, we have had the pleasure of educating some of the most exceptional and diverse students from around the world through our Advanced Practical Social Engineering (APSE) class. The APSE class provides an introduction to the art and science of social engineering and has evolved over time.  Each year we added new content, the most up to date research, and even an afternoon “spy school” format homework . So in addition to learning directly from social engineering practitioners, students are given the opportunity to immediately practice new knowledge, making it a unique, applied experience. Continue Reading >

So, you’re considering phishing to augment your corporate security program?


Lately, we’ve worked with array of organizations who decided to launch phishing programs (they’re great for education, training and awareness), but quickly realized outside help was needed in order to maximize results. After all, an effective phishing program considers far more than just click ratios. We wrote the book on it, literally! Here are some questions to help guide you on your way to making the right decision for your specific needs… Happy phishing! Continue Reading >

Is a 100% Success Claim Realistic?


Guaranteed to give you a full head of hair…. guaranteed to make you lose weight… guaranteed to change your sex life…. These guarantees are often used in the marketing world to gain curiosity and to make the consumer take a peek at the offer. Now come on, you don’t have to admit it … but guaranteed: most of us reading this have taken a second gander at one of these offers at least once.  I know I have  However, even if you’ve fallen for this tactic in the past, you likely now realize that these claims are bogus or, at […] Continue Reading >

Creating a Culture of Security to Defend Against Social Engineering Attacks


The Fifth Annual Benchmark study on Privacy and Security of Healthcare Data by Ponemon Institute has recently revealed what others have long perceived: There has been a shift in the root cause of data breaches from accidental to intentional.  While 90% of healthcare organizations represented in the study had experienced a data breach, for the first time, criminal attacks are the number one cause of these breaches. Continue Reading >

Social-Engineer @ RSA 2015

RSA Conf-1

Remember the days when RSA was an intimate little show with a few thousand visitors?  Neither do we!  Next week marks the start of RSA 2015, and the largest information security conference in the US will descend on San Francisco. Somewhere in the midst of 25,000 or so expected attendees will be the Social-Engineer team, so we wanted to make sure you know what we’re up to throughout the conference! Continue Reading >

One Phish, Two Phish, Red Phish, Blue Phish


Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails is out today. What is a phishing attack?  Phishing is a social engineering technique and we define it as the practice of sending emails that appear to be from reputable sources with the goal of influencing or gaining personal information. Continue Reading >

Whaling: Why Go After Minnows When You Can Catch a Big Phish?

whalers- wanted

Phishing attacks can come in many different forms. By now the risks associated with phishing and targeted spear phishing attacks are well known and documented throughout the security industry. Perhaps what’s often overlooked are hidden threats related to phishing. Today, phishing goes far beyond Nigerian wire transfer scams rife with poor grammar.  Although we still see newer variations of the old 419 scam still being used, we also see an increase in highly evolved campaigns targeting corporate executives or government officials. Continue Reading >

Risk Assessment in Social Engineering


What does a soldier charging into the fight have in common with a soldier that flees from combat? Both of these people have evaluated risk and made decisions based on their assessments. Our safety and well-being largely depends on how appropriately we gauge risks and react to them; this guides much of human behavior and bears relevance to the field of social engineering. Continue Reading >

The Rise of Multifaceted Social Engineering Attacks


In an October 2004 report, Gartner indicated the greatest security risk facing large companies and individual Internet users of the next ten years will be the increasingly sophisticated use of social engineering to bypass IT security defenses (Gartner 152).  Fast forward ten years, and social engineering attacks not only serve as a costly threat, but they are evolving in ways that make even the most security conscious people susceptible.  In recent times social engineering attacks have become even more dangerous due to their complexity. We are seeing a rise in multifaceted social engineering attacks.  These attacks combine a number of […] Continue Reading >