Phishing & Social Engineering

Security awareness tips, industry news, and product updates.

A hiring manager conducting a remote video interview on a laptop
Phishing & Social EngineeringThreat Intelligence

Deepfake Job Interviews: Hiring Is Now an Attack Surface

North Korean operatives are using deepfakes and synthetic identities to get hired at Western firms. Unit 42 built a convincing fake candidate in about 70 minutes. Here is how to vet remote hires.

Natalie Hoffmann·7/10/2026·6 min read
Reporting a phishing email from Outlook
Phishing & Social EngineeringProduct Updates

Report Phishing from Outlook: The empowsec Add-In Guide

empowsec's Outlook add-in gives employees a one-click 'Report phishing' button in their inbox - capturing email headers and content for review while instantly rewarding employees who correctly identify a simulation.

Marcus Chen·7/3/2026·8 min read
An employee carefully reading an email thread on an office computer
Phishing & Social EngineeringThreat Intelligence

Thread Hijacking: Phishing From Inside Trusted Emails

Thread hijacking lets attackers reply inside a real email conversation, with a familiar subject, history, and trusted sender. It defeats the 'unknown sender' instinct. Here is how to spot it.

Elena Vasquez·7/1/2026·7 min read
Employee searching for a software download on a laptop in an office
Phishing & Social EngineeringThreat Intelligence

Malvertising & SEO Poisoning: The Fake Download Trap

Attackers are buying ads and gaming search results so the top hit for popular software is a trojanized download. Here's how malvertising and SEO poisoning infect employees - and how to train against it.

David Kowalski·6/28/2026·7 min read
An HR professional reviewing payroll documents at a desk
Phishing & Social Engineering

Payroll Diversion: The BEC Scam That Targets HR Teams

Attackers are phishing payroll portal logins and impersonating staff to reroute direct-deposit paychecks into accounts they control. The FBI has warned about it for years - here's how HR can stop it.

Lisa Brennan·6/27/2026·7 min read
Office worker on a laptop video call reviewing a chat message in a collaboration app
Phishing & Social EngineeringThreat Intelligence

Teams & Slack Phishing: The Threat Beyond the Inbox

Phishing has moved out of the inbox and into Microsoft Teams, Slack, and calendar invites — platforms employees trust by default. Here is how the attacks work and how to extend your defenses to cover them.

Elena Vasquez·6/26/2026·7 min read
An employee reading an urgent text message on a smartphone at work
Phishing & Social Engineering

Gift Card Scams: The "Are You Available?" CEO Fraud

"Are you available? I need a quick favor." It's the opening line of a gift card scam impersonating your CEO - low-tech, high-volume, and aimed at new and junior staff. Here's the pattern and the one rule that stops it.

Thomas Eriksson·6/25/2026·7 min read
Finance team member reviewing an invoice on a desk in an office
Phishing & Social Engineering

Invoice Fraud & Vendor Email Compromise: How to Stop It

A trusted supplier emails to say their bank details have changed. Pay the new account and the money is gone. Here is how vendor email compromise drives invoice fraud — and the verification controls that stop it.

Sarah Mitchell·6/24/2026·6 min read
Employee reviewing an application permission request on a laptop screen
Phishing & Social EngineeringThreat Intelligence

Consent Phishing: Malicious OAuth Apps That Bypass MFA

Consent phishing tricks users into approving a malicious OAuth app — granting attackers token-based access to mail and files without ever touching a password or triggering MFA. Here is how it works and how to shut it down.

Marcus Chen·6/23/2026·6 min read
Close inspection of a web address on a laptop screen with a magnifying glass
Phishing & Social EngineeringThreat Intelligence

Lookalike Domains & Typosquatting: A Defense Guide

An 'rn' that reads as an 'm', an extra word, a wrong TLD — lookalike domains impersonate trusted brands in phishing and brand abuse. Here is how to spot them and the controls that blunt them.

David Kowalski·6/22/2026·7 min read
Employee looking at a concerning email on their phone in a calm office setting
Phishing & Social EngineeringSecurity Awareness Tips

Sextortion Emails: It Is Almost Always an Empty Bluff

A threatening email claims to have webcam footage and demands Bitcoin — and it even quotes one of your old passwords. Here is why these extortion scams are almost always empty bluffs, and how to help employees respond calmly.

Rachel Andersen·6/21/2026·7 min read
IT help desk agent wearing a headset and assisting a caller
Phishing & Social EngineeringThreat Intelligence

Help Desk Social Engineering: Scattered Spider's Front Door

Scattered Spider doesn't hack your MFA — it calls your help desk and talks an agent into resetting it. Here's how help desk social engineering works and how to lock the door.

David Kowalski·6/16/2026·4 min read
« Previous123Next »