#Social Engineering
35 stories taggedSocial Engineering · page 2 of 3.

Alleged Scattered Spider member, 19, extradited to the US after airport arrest
Peter Stokes, a dual US-Estonian citizen picked up in Helsinki in April, is accused of helping the notorious hacking crew squeeze millions from big-name companies.

Opera's new Paste Protect tries to stop the copy-paste scam that's been draining wallets
The browser will now block dodgy commands before they reach your clipboard, targeting the ClickFix trick that has become criminals' favourite way to trick people into infecting their own computers.

The USB Drop That Changed Pen Testing: Steve Stasiukonis's Credit Union Experiment, Revisited
Twenty years ago, a handful of booby-trapped thumb drives in a parking lot became one of the most-cited social-engineering case studies in security history. Here's what actually happened.

Scattered Spider Suspect, 19, Extradited From Finland to Chicago
Peter Stokes, a dual U.S.-Estonian citizen, faces conspiracy, intrusion and fraud charges tied to the loose-knit crew behind a string of high-profile enterprise breaches.

ClickFix Grows a Back Office: API-Served Payloads and a New AMSI Bypass
Researchers pulled roughly 3,000 live payloads from ClickFix infrastructure and found a polymorphic delivery pipeline built to defeat Windows script scanning.

SSU, FBI Detail Russian Phishing Op Targeting Signal and Telegram Accounts
Ukrainian counterintelligence says GRU and FSB-linked operators ran fake tech-support flows against officials' messengers across Ukraine, Europe, and the U.S.

The Service Desk Is the New Phishing Inbox
Help desks keep getting talked out of MFA resets. The fix is less about training and more about treating identity verification like an auth protocol.

ClickFix Campaign Turns Google Ads, GitLab, and Claude Into a Six-Wave Trust Machine
Attackers chained legitimate infrastructure across seven weeks to push malicious PowerShell commands to developers. Session tokens, SSH keys, and cloud credentials were the prize.

Three New Loaders Ride the ClickFix Wave: BabaDeda, Lorem Ipsum, and Potemkin
Separate research teams have pinned three distinct loader families on the same social-engineering pattern, with education and finance taking the brunt of the April 2026 activity.

Facebook Impersonation Scams Sweep MENA, Pushing Fake Subsidies and 'Free Data' Lures
Group-IB ties the campaign to a broader fraud network using cloned political figures, fake government programs and browser-push alerts to harvest credentials and payment data.

Tchap Account Takeover Exposes 73,000 French Government Users
France's sovereign messaging platform wasn't broken — a user was. Social engineering got an attacker inside, and unencrypted public rooms did the rest.

Attackers Are Wrapping Old Phishing Tricks in AI Branding. It's Working.
Microsoft and Google both dropped advisories this week documenting how threat actors are dressing up familiar credential theft and malware campaigns as ChatGPT, Copilot, and DeepSeek experiences. The technique is not new. The success rate is.

UNC3753 Hit U.S. Professional Services Firms With Vishing and Walk-In Intrusions
Dozens of legal, financial, and consulting firms were hit between January and May 2026 in a data-theft extortion run that blended phone-based social engineering with physical site visits.

Five Eyes Warns: Chinese Intelligence Officers Posing as Recruiters to Harvest Government Secrets
A joint advisory flags a persistent social engineering campaign targeting personnel with access to classified material — fake job offers, real espionage.

Meta's AI Support Bot Handed Out Password Resets to Anyone Who Asked Nicely
A pro-Iran Telegram channel published a walkthrough showing how Instagram's conversational recovery assistant could be talked into linking attacker-controlled email addresses to target accounts. The Obama White House and a senior U.S. Space Force account were briefly defaced.