Search Results: SocialEngineering

In October, DoorDash fell victim to a social‑engineering scam that exposed personal data for millions of users across North America and Australasia. The incident, the company’s delayed notification, and the legal fallout underscore how even large tech firms can be blindsided by human‑factor attacks.

DoorDash's latest data breach, stemming from a social engineering attack on an employee, highlights the persistent security challenges facing major digital platforms. The incident, the third for the company since 2019, raises critical questions about employee training and incident response protocols in high-volume tech services.

Cybercriminals are weaponizing TikTok with deceptive 'activation guide' videos that trick users into executing PowerShell commands, delivering Aura Stealer malware. This ClickFix attack campaign steals credentials, cookies, and crypto wallets while evolving with secondary payloads that execute in memory. Security experts warn this social engineering tactic represents a dangerous shift in malware distribution targeting both consumers and developers.

The FTC reports a record $700 million lost by Americans aged 60+ to online scams in 2024, a sixfold increase from 2020 driven by tech-based impersonation and social engineering. Scammers exploited trust gaps and digital illiteracy, devastating life savings through fake crises and fraudulent calls. This underscores a critical cybersecurity crisis demanding urgent industry and educational reforms.

WhatsApp is rolling out a new 'safety overview' feature that alerts users to potential scams when added to groups by unknown contacts, providing critical details like group creation dates and scam warnings. This move comes as the platform disabled over 6.8 million accounts linked to scam centers in early 2025, highlighting the escalating threat of social engineering attacks.

French luxury giant Chanel confirms its US customer contact data was stolen, becoming the latest high-profile victim in a relentless wave of attacks targeting Salesforce instances. The ShinyHunters extortion group is exploiting employee vishing attacks to compromise credentials or install malicious OAuth apps, bypassing platform security. This breach underscores a critical vulnerability in cloud service dependencies: the human element.