When tasked with teaching employees about social engineering, the industry doesn’t half make it hard. People sat in marketing that have never sent a phishing email, or set foot in an office with a key-logger in their pocket chirp up …
CEO Fraud is the catchy name for frauds that are committed by a criminal, that pretends to be the company CEO or another high-level member of staff. The internet is awash with guides about CEO Fraud, but few seem to …
Because it’s Christmas we thought it would be good if we could give back and try to get five six lucky families using a secure password manager – like 1Password. We want to give lucky winners a voucher to start their family …
We had the pleasure of attending the Cybersecurity Leadership Summit 2018 Europe in Berlin and thought it would be a good idea to capture some of the event and hopefully pass on some of the conference for people who did …
There was a simpler time where people would send post cards asking for pen-friends. A friendship slowly developed and they would ask for a small amount of money. With the advent of the internet all this changed though, scammers could …
From the very start of being interested in ‘hacking’ and Information Security I do wonder what influences the style, the culture… I mean we all love InfoSec redteams and the ways for a brief moment our minds provide us with …
For many victims of SIM Swap Fraud, the first time they learn about the attack is in the hours after their life has been changed forever. It’s an all too common story, the signal bars disappear from your mobile phone, …
We take great pride in announcing The AntiSocial Engineer Limited has been entered into the G-Cloud 10 Framework and this signifies our ability to sell directly to HMG – in many Digital Marketplace listings we have even been listed first! …
It was Christmas Eve 2014 when I started The AntiSocial Engineer Limited. It was founded from a passion to secure people online and fuelled by utter hatred of how the information security industry was. The aim was simple, I wanted …
When we talk about phishing, the first thing people would associate with is the traditional phishing email. The click here. The “urgent action needed” kind of junk we see everyday in our inboxes… but is this still the case? Are …
Note: Before starting this article we couldn’t miss the opportunity to recommend people to this web page should you need help setting up two factor on your accounts – https://twofactorauth.org/ Google’s announcement that 10% of users use 2-factor authentication has …
We have already had our dealings with TalkTalk as covered in our earlier blogs here and here. We felt the need to disclose their 2015 Data breach previously, but it does disappoint us to need to write again. This isn’t a …
A drop box is a small computer designed to be connected to a corporate network, once connected it should enable attackers remote access to the network through a variety of methods. We have seen similar devices used in the wild …
Recently we had quite an interesting engagement and we have been allowed to share some of the details! Objective: Gain physical entry to a building for the purpose of impromptu network penetration test and wireless testing. Company Arena: Global Offices, Finance, …
Social engineering attacks can normally be quite deceptive and hard to understand, the attack should be a little like magic in the way a victim should be left questioning how you did it after it’s all over. Although as an industry …
We often talk about the unknown ‘attackers’ out to get us in the context of cyber security, but the majority of these types are not confrontational people – they barely deserve the term attacker. They hide in the shadows with …
We attended the Gibraltar Cyber Security Summit this week. It’s an initiative to bring together policing departments, local authority and cyber crime related experts. Speakers from the AFP, FBI, NCA, GCHQ and others took to the stage to transfer essential …
So it turns out us humans aren’t the only ones with a few flaws when it comes to an inbound phishing email! Often uttered from the crowds at every infosec event is the dreaded cliché statement, “Well, humans are the weakest links …
It’s always DNS. If something has broken online the first step is normally checking what the DNS is doing. Similar when we try to discover all we can about an organisation in the recon stages of any assessment it’s also …
Last week you might have heard in the press about a phone scam that’s is supposedly sweeping the nation. The dreaded, super sneaky ‘Can you hear me’ scam. Fraudsters will ring you and ask the question “Can you hear me?”. …
