The Slovakia Election Deepfake: AI’s Threat to Democracy
In 2023, Slovakia became a cautionary tale when a fake audio recording targeting a prominent candidate in its national election sparked widespread outrage and concerns about electoral fraud. This article examines the mechanics of the attack, its fallout, and the...
The Le Drian Scam: A Masterclass in Social Engineering
Social engineering, the art of manipulating individuals to divulge confidential information or perform actions that compromise security, has evolved dramatically in recent years. But before talking about advanced deepfakes and AI-based attacks, an example of low-tech deception is the audacious Le...
Social Engineering Attacks: Tactics and Defenses
In this article we’ll explore how people’s emotions become business vulnerabilities, why social engineering is so effective, and three powerful principles to secure and protect your environment.
Bypassing Multi Factor Authentication (MFA) with a callbot
Call bots, a kind of vishing automation can be used to trick victims and defeat MFA. Here's how.
Which type of phishing simulation to choose?
Phishing comes in different shapes and forms. This means you have a lot of choices when it comes to creating a phishing simulation, and most companies get confused as to what type of simulation they should run. In this article, we'll...
How to launch a phishing simulation to better protect your company?
In this post, we'll explore the key steps to launch a phishing simulation that will help you protect your company from phishing attacks.
How Klaxoon uses Arsen to train its employees against phishing attacks
Aymeric from Klaxoon explains why they chose Arsen to train their employees and improve their reflexes against phishing attacks.
Phishing & AI: new attacks and new solutions
In this discussion with Benjamin Leroux from Advens, we explore the changes brought by generative AI to the attack landscape when it comes to phishing and social engineering.
Malicious Attachment generation with generative AI
Spreading malware or gaining initial access through email attachment is the third most common phishing tactic. Because of the scale of our phishing operations at Arsen, we wanted to explore the use of generative AI to craft malicious attachments. This...
Generative AI Phishing Scenarios
GenAI phishing is now a thing. You might want to deploy it for your clients or your company but you might also want some scenario suggestions to get your creative juices flowing. This article is for you, we compiled and...
Using third party LLMs for genAI phishing operations
With the rise of genAI phishing, you might be tempted to use it for your phishing operations. Using a third party, well trained LLM has obvious advantages, from infrastructure cost — this GPU time isn’t cheap — to ease of interaction...
Effective generative AI for phishing engagements
If you’ve been reading our content, you’re probably itching to shoot some genAI phishing for your next simulation campaign. But one does not simply ask ChatGPT for a cool phishing email. Here are our best practices to deploy generative AI in your...
Defense in depth: the importance of the human factor
A paradox has struck me for several years now. Everyone I speak to is convinced of the predominance of human risk. The internet is full of statistics linking initial access to employee behavior in companies, yet this issue is addressed with...
3 advantages Arsen has over Gophish
At Arsen, we love Gophish. It’s by far the most comprehensive open-source solution for deploying phishing, whether for evaluation, training, or research purposes. That being said, GoPhish has numerous limitations that add significantly to the cost of use. Whether for your business or...
Use of AI in Social Engineering Attacks
From phishing to fake transfer scams, social engineering is rampant. User manipulation is responsible for a large number of cyberattacks, and the situation is not improving. Simultaneously, the rapid development of large language models, or LLMs, and the generative AI of late...
Our most versatile phishing scenarios
Utiliser des scénarios polyvalents dans un [test de phishing](https://arsen.co/test-phishing) permet de cibler efficacement un large effectif avec peu de personnalisation. Une fausse alerte de sécurité vis-à-vis d’un compte Google peut par exemple cibler des personnes de services différents tout en restant...
USB Drop: Discover the USB drive powered attack
An attack via USB drive, also known as USB Drop, is a danger that is still underestimated. USB drives are very effective in helping us store and transport small amounts of data. We use them regularly, and many people cannot...
Why generate a random password?
Often, when an individual needs to create a new password, they will rack their brains and choose personal information that relates to them, then modify it by changing elements or adding special characters. Unfortunately, this is a bad strategy: all of...
What is Juice Jacking ?
Juice jacking is a type of cyber attack that exploits USB charging cables or chargers to compromise devices with USB ports, especially mobile phones. Charging cables don't just power your phone's battery. They also facilitate data transfer, like when importing photos...
What is catfishing, and how to protect from it?
In March 2021, the top 10 dating sites in France recorded 46.4 million visits, according to a study conducted by [monpetitdate](https://www.monpetitdate.fr/etude-statistiques-sites-de-rencontre/). Dating apps have become genuine tools for finding one's future partner. However, these apps are not used solely for...
WannaCry, the biggest ransomware heist in history
WannaCry is the ransomware behind one of the most significant ransomware attacks. In this article, we look back at the history of this particularly virulent ransomware.
Managing the risks tied to phishing
The risks associated with phishing are often underestimated. Many still believe that the consequences are limited to having to change a few passwords, scan their network, or even have a comprehensive security policy. However, as we will see, phishing can have...
What is a sextorsion attack?
A sextortion attack involves extorting money by blackmailing with a sexual theme. For instance, the malicious individual contacts the victim claiming to have a video of them in a compromising situation. The individual then threatens to release the video unless...
BEC Definition: Understanding Business Email Compromise
The compromise of email addresses, or Business Email Compromise (BEC), is a popular attack aimed at compromising a company's mailbox for malicious purposes. The simplest monetization is generally to request a fund transfer from the corrupted address or a change...
Instagram Phishing: Risks and Protection Measures
Instagram is a highly popular social network, making phishing on the platform equally prevalent. According to the "Digital Report 2021" by Hootsuite and We Are Social, Instagram ranks fifth among the most downloaded apps with 1.221 billion active users. Notably,...
Examples of vishing attacks
Vishing, or voice phishing, is a form of phone scam where attackers impersonate trusted entities to trick victims into revealing sensitive information. In this article, we'll look at common vishing examples. Understanding these tactics can help you identify and protect...