August 2nd, 2016 I find myself in a high street bank. I’d just done a 3km run, which is like a marathon to a big bloke. I enter the doors and find a queue akin to the bread lines of …
Policing Insider Threats
The term insider threat is brandished around quite a lot these days, companies often talk about the weakest link in security being people. I guess they are almost right in what they say, but I can still dream about the …
InfoSec Interviews – Richard De Vere
Original article by IT Governance: here So a while back I was interviewed by Lewis Morgan from the IT Governance Blog and thought i’d share this on the site. It is a little tongue in cheek reading it back actually! But …
How we Support Magicians, Fraudsters & Hackers
One advantage of running a small boutique consultancy is I get to steer the business activity towards subjects I personally find interesting. Throughout my career, I have always been fascinated with frauds and that is where my focus normally lies. It’s that magic-like …
Yorkshire Cyber Security Event – A reflection of the real risks
The AntiSocial Engineer is supporting the Yorkshire Cyber Security Cluster to announce the first annual Yorkshire Cyber Security Event taking place on the 12th May at the 3m Buckley Innovation Centre in Huddersfield. We will be talking about our recent research …
Sim Swap Fraud – Porting your digital life in minutes.
In this post, I wish to cover ‘Sim Swap Fraud’ and some of the ways we can prevent it. I’m not a natural writer, I only do these blogs in hope people will listen up and improve security. So feel free to …
Introducing SMShing Assessments
SMShing Explained SMShing is a common attack method used in the wild to target companies, using targeted text messages towards staff mobile phones. These messages can be generic or a more focused ‘spear’ type message, depending on how much information …
Abusing automated call handlers
I grew up in Yorkshire and of all the likeable local traits there is, there is one I despise. The gruff, basterdised local accent. Londoners mistakenly view you as a farmer and there is no risk of hearing the tones …
OSINT For Profit
An interesting skill we have honed over the years has been the use of OSINT techniques to gather information on a client company. For those new to all this, it’s ok because you can follow quite easily and should learn …
Rubbish Security
When considering the security threats your organisation will encounter you would be forgiven if the humble bin slipped your mind. Every instance of this invisible cyber, hacking, scare story we receive on the media these days is referring to ‘complex …
Social Engineering & TalkTalk
This month I have been looking at the way in which a small minority of TalkTalk customers are suffering from the rise in social engineering attacks. It seems post CPW/TalkTalk breach real evidence of further frauds is apparent. Victims can …
The Problem With Know-it-all Security.
I am not one for quotes and ‘Facebook philosophy’ memes but recently, I was reminded of my favourite quote on a certain social media platform: “The only true wisdom is in knowing you know nothing.” – Socrates The pursuit of education …
Tripwire – A look at the real British social engineers
Tripwire have been helping us shine light onto the real threats a UK business will face when it comes toe to toe with a real social engineer. Read the full article here. Taking a Look at the Real British …
Tripwire/BSidesLDN – A look at the real African social engineers
Tripwire have really been supportive of the message we try hard to pass on and have shown us much kindness. It’s important to inform people the best we can and Tripwire is the perfect medium for this. Read the full …
Should brainwaves be used for employee screening?
An interesting article by SC Magazine regarding a study that suggests brainwaves could be used to assess if an applicant will be a security hazard. At The AntiSocial Engineer we believe staff are never beyond help, we work together to …
Is Phishing going corporate?
Only SC magazine could take a long statistic driven report and explain it on a many levels. This ProofPoint report clearly reveals the insight into Phishing campaigns missed by so many. Many thanks to their editor for leaning on us …
Why Social Engineering assessments should matter to you…
Social Engineering has taken precedent in 2014, with some of the biggest data breaches ever recorded. 2015 is set to be another year filled with yet more attempts, yet more phishing emails hitting your business and having an adverse effect. …