All news with #social engineering tag

DoorDash Confirms October 2025 Customer Data Breach

🔒 DoorDash has confirmed a data breach in October 2025 that exposed customers' names, phone numbers, physical addresses and email addresses. The company said an employee was targeted in a social engineering scam that allowed unauthorized access, but there is currently no indication the data has been misused. DoorDash stated that sensitive identifiers and payment information were not accessed and that it has engaged an external firm, notified law enforcement, rolled out security enhancements and issued additional staff training.

Social Engineering: How Attackers Exploit Human Weakness

🧠 Social engineering exploits human psychology to bypass technical and physical safeguards, using impersonation, deception and manipulation to gain access to systems, facilities or data. Attackers commonly use phishing, vishing, smishing, pretexting, baiting and tailgating after extensive reconnaissance to craft believable lures. High-value targets are often pursued via spear-phishing or BEC schemes, while opportunistic attackers rely on mass phishing. Practical defenses include ongoing security awareness training, verified procedures for urgent requests and realistic simulation tests; tools such as Social-Engineer Toolkit help organizations test their resilience.

DoorDash Discloses October Data Breach Exposing Contacts

🔔 DoorDash disclosed an October data breach after an employee fell for a social engineering scam, allowing an unauthorized third party to access certain user contact information. Notified users were told exposed data varied by person and could include names, physical addresses, phone numbers and email addresses; the company said Social Security Numbers were not accessed. DoorDash said it shut off access, engaged a forensic firm, notified law enforcement, and warned users to watch for phishing; affected users can call a helpline and cite reference code B155060.

DoorDash Discloses October Data Breach Affecting Users

🔔 DoorDash disclosed a data breach discovered on October 25, 2025, after an unauthorized third party gained access to certain user contact information when a DoorDash employee fell victim to a social engineering scam. Affected information varied by individual and may have included first and last names, physical addresses, phone numbers, and email addresses. DoorDash says no Social Security Numbers or other highly sensitive data were accessed, and the company engaged a forensic firm, notified law enforcement, and deployed additional security measures. Initial notifications appear focused on Canada, though the advisory suggests the incident could affect users in other regions.

University of Pennsylvania Confirms Data Stolen in Breach

🔒 The University of Pennsylvania confirmed attackers used compromised credentials obtained via a sophisticated social engineering identity impersonation to access systems supporting development and alumni operations. The breach, discovered October 31, allowed exfiltration of approximately 1.71 GB of documents from SharePoint and Box and an alleged copy of a Salesforce donor marketing database of about 1.2 million records. Penn has engaged the FBI and CrowdStrike, revoked access, increased monitoring, and warned its community to be cautious of phishing and suspicious outreach while the investigation continues.

Scattered Spider, LAPSUS$, and ShinyHunters: SLH Collective

🕸 The nascent Scattered LAPSUS$ Hunters (SLH) collective — a merging of Scattered Spider, LAPSUS$, and ShinyHunters — has repeatedly recreated its Telegram presence, cycling channels at least 16 times since August 8, 2025. The group markets an extortion-as-a-service offering to affiliates, targets organizations including those using Salesforce, and has teased a custom ransomware family called Sh1nySp1d3r. Trustwave SpiderLabs assesses SLH as blending financially motivated crime with attention-seeking hacktivism and sophisticated brand management.

Microsoft Teams Bugs Enable Message and Caller Spoofing

🔒 Check Point researchers disclosed four vulnerabilities in Microsoft Teams that let attackers alter message content, spoof senders, and manipulate notifications to impersonate colleagues. The issues were reported in March 2024 and remediated across multiple updates beginning with an August 2024 fix for CVE-2024-38197, followed by patches in September 2024 and October 2025. Exploitable by external guests and internal actors alike, the flaws could trick users into clicking malicious links, sharing sensitive data, or accepting fraudulent calls by making messages and caller notifications appear to originate from trusted executives or coworkers.

Cybercriminals Increasingly Target Online Payroll Systems

🔒 Microsoft warns of an emerging scam targeting online payroll systems, in which attackers use social engineering to steal employee and administrator credentials. Those credentials are abused to reroute direct deposits into attacker-controlled accounts, and fraudsters may take extra steps such as changing contact details or suppressing notifications to delay detection. The advisory highlights how moving payroll online creates new avenues for account takeover and financial fraud, and urges employers and vendors to strengthen authentication, monitoring, and verification processes.

Rise of AI-Powered Pharmaceutical Scams in Healthcare

🩺 Scammers are increasingly using AI and deepfake technology to impersonate licensed physicians and medical clinics, promoting counterfeit or unsafe medications online. These campaigns combine fraud, social engineering, and fabricated multimedia—photos, videos, and endorsements—to persuade victims to purchase and consume unapproved substances. The convergence of digital deception and physical harm elevates the risk beyond financial loss, exploiting the trust intrinsic to healthcare relationships.

How Social Engineering Works — Unlocked 403 Podcast S2E6

🔍 In this episode of Unlocked 403, host Becks speaks with Alena Košinárová, a software engineer at ESET, to unpack the psychological tactics behind social engineering and why people fall for scams even when they know better. They discuss how public information and social media amplify attackers' effectiveness and outline practical measures to reduce exposure. The segment balances behavioral insight with clear, actionable defenses.

BatShadow Deploys Go-Based Vampire Bot Against Job Seekers

🔎 A Vietnam-linked group tracked as BatShadow is running a social-engineering campaign that lures job seekers and digital marketing professionals with faux job descriptions to deliver a previously undocumented Go-based malware, Vampire Bot. Attackers distribute ZIP archives containing decoy PDFs alongside malicious LNK or executable files that launch an embedded PowerShell script to fetch lure documents and remote-access tooling such as XtraViewer. The lure coerces victims into opening links in Microsoft Edge, triggering an automatic ZIP download that contains a deceptive executable padded to appear as a PDF; once executed, the Go binary profiles the host, exfiltrates data, captures screenshots, and maintains contact with a command-and-control server.

Fake CISO Job Offer Used in Long-Game 'Pig-Butchering' Scam

🔒 A seasoned US CISO was targeted in a months-long pig-butchering scam that used a fabricated recruitment process posing as Gemini Crypto, including LinkedIn outreach, SMS, WhatsApp messages and a likely deepfaked video interview. The attackers groomed the target from May–September 2025, offered a fictitious CISO role, and asked him to buy $1,000 in crypto on Coinbase as "training." The candidate declined, documented the exchange, and warned peers; analysts say these long-game social engineering campaigns and malware-laced "test" assignments are increasingly common and financially damaging.

Service Desk as Attack Vector: Defend with Workflows

🔐 The service desk is now a primary enterprise perimeter for attackers, with social-engineering groups like Scattered Spider converting routine requests into broad access — as seen in high-impact incidents such as MGM Resorts and Clorox. Training matters but is not enough; verification must be a security-owned, auditable workflow rather than an agent’s discretionary call. Implement mandatory controls so agents never view credentials, apply role-based verification depths, and use points-based contingency checks when MFA fails. Integrate the flow with ITSM so tickets launch verification automatically, returning results and telemetry for alerting and audit.

WhatsApp phishing: fake vote pages hijack accounts

🔒 Kaspersky analyzed a global phishing campaign that uses convincing fake voting pages to hijack WhatsApp accounts. Attackers lure victims with personalized requests and multilingual scam pages; when users click Vote they’re prompted for the phone number linked to their account and shown a single‑use verification code. Victims who then enter or paste that code in their WhatsApp app inadvertently activate a remote WhatsApp Web session, giving attackers full access. Immediately check Linked devices, disconnect unknown sessions, and follow Kaspersky’s recovery and prevention guidance.

Inside a Convincing Phone Scam: Social Engineering Exposed

🔍 A reader recounts a sophisticated phone scam in which callers posed as bank employees and provided plausible details to build trust. The scammers supplied case numbers and 'cancellation codes,' then transferred the victim to a staged supervisor named Mike Wallace to legitimize their story. Even security-aware individuals can be deceived; the anecdote illustrates how social engineering exploits procedural expectations and authority. Independently verify any unexpected bank contact via official channels before taking action.

Lighthouse and Lucid PhaaS Linked to 17,500 Phishing Domains

🔍 Netcraft reports that the PhaaS platforms Lucid and Lighthouse are linked to more than 17,500 phishing domains impersonating 316 brands across 74 countries. Lucid, first documented by PRODAFT in April, supports smishing via Apple iMessage and RCS and is tied to the Chinese-speaking XinXin group. Both services offer customizable templates, real-time victim monitoring, and granular targeting controls (User-Agent, proxy country, configured paths) that restrict access to intended victims. Lighthouse subscriptions run from $88 per week to $1,588 per year, underscoring the commercial scale of these offerings.

UK Arrests Two Teens Linked to Scattered Spider Hacks

🔒 UK law enforcement has arrested two teenagers allegedly tied to the Scattered Spider hacking group over an August 2024 cyberattack on Transport for London (TfL). Nineteen-year-old Thalha Jubair and 18-year-old Owen Flowers were detained; authorities say Jubair faces U.S. charges for dozens of intrusions, extortion and money laundering while Flowers faces additional charges linked to U.S. healthcare targets. Prosecutors allege the group extorted at least $115 million in ransoms and that law enforcement previously seized roughly $36 million in cryptocurrency tied to Jubair.

Insight Partners Notifies Thousands After Ransomware Breach

🔒 Insight Partners is notifying thousands of people after a ransomware incident in which a threat actor gained network access via a sophisticated social engineering attack. The attackers reportedly exfiltrated sensitive data — including banking and tax records, personal information of current and former employees, and details related to limited partners, funds, management companies, and portfolio companies — before encrypting servers on January 16, 2025. The firm says formal notification letters and complimentary credit or identity monitoring are being mailed; if you do not receive a letter by the end of September 2025, your personal data was determined not to be impacted. State filings indicate 12,657 individuals were affected, and no group has publicly claimed responsibility.

Social-Engineered Help Desk Breach Costs Clorox $380M

🔐 Attackers affiliated with the Scattered Spider group exploited weak vendor phone procedures to obtain repeated password and MFA resets from Cognizant’s service desk, then used the access to escalate to domain-admin footholds at Clorox. Clorox says the intrusion caused roughly $380 million in damages, including remediation and extended business-interruption losses. The case highlights failure to follow agreed verification processes and the amplified risk of outsourced help desks. Organizations should enforce out-of-band caller verification, immutable reset logs, and automated containment to reduce the attacker window.

Data Is the New Diamond: Evolving Salesforce Data Theft

🔒 Recent Unit 42 analysis details ongoing data theft campaigns targeting Salesforce environments, notably a Salesloft Drift supply chain intrusion attributed to UNC6395 that may have started with reconnaissance as early as March 2025. Threat actors claiming links to Muddled Libra and Bling Libra have promoted stolen datasets on Telegram and announced new RaaS ambitions, while some channels were removed by September 5. Unit 42 emphasizes the prominence of social engineering by operatives tied to "The Com," predicts shifts toward data theft extortion and other monetization tactics, and recommends engagement with RH-ISAC, adoption of Salesforce mitigations, and use of Unit 42 incident insights to strengthen people and process defenses.