Tag: SCAM

Summary: The video discusses the increasing sophistication of cyberattacks, focusing on two main stories: hackers exploiting Google search ads to impersonate legitimate businesses and a pastor charged with defrauding his congregation through a fraudulent cryptocurrency scheme. The video highlights the methods used in these scams and the significant amounts of money involved, as well as the challenges in combating these cybercrimes.Keypoints:…
Read More
Cyber Insights 2025: Social Engineering Gets AI Wings
Summary: Cyber Insights 2025 highlights the evolution of social engineering as a significant cybersecurity threat, particularly with the rise of generative AI. Experts predict that AI will enhance social engineering tactics, making them more sophisticated and widespread, thereby increasing the risk of cyberattacks. The article emphasizes the inherent human nature of social engineering and the challenges in mitigating its effects on individuals and organizations.…
Read More
DoJ Indicts 5 Individuals for 6K North Korean IT Worker Scheme Violations
Summary: The U.S. Department of Justice has indicted five individuals, including two North Korean nationals, for their involvement in a fraudulent IT worker scheme that violates international sanctions. The defendants are accused of using forged identities to secure remote IT jobs at U.S. companies, generating significant revenue for North Korea.…
Read More
Unmasking Cyber Deception: The Rise of Generic Phishing Pages Targeting Multiple Brands
The CloudSEK Threat Research Team has identified a generic phishing page capable of impersonating various brands to steal user credentials. This phishing page, hosted on Cloudflare’s workers.dev, utilizes a generic login interface and can be customized to target specific organizations. Victims’ credentials are exfiltrated to a remote server after they log in.…
Read More
Summary: Cybercriminals are increasingly targeting payment systems, with a significant rise in stolen card data and check fraud. The latest fraud report highlights a surge in Magecart e-skimmer infections due to a specific vulnerability, alongside a persistent issue of check fraud in the U.S. The report forecasts ongoing trends in digital skimming, dark web activity, and check fraud for 2025.…
Read More
DOJ indicts two Americans for running laptop farm used in North Korea IT worker scam
Summary: The Justice Department has indicted five individuals for facilitating a scheme that allowed North Korean nationals to secure employment with U.S. companies, generating substantial revenue for the North Korean government. The operation involved using forged documents and remote access software to enable North Koreans to work from abroad while laundering the earnings through a Chinese bank account.…
Read More
“Scam Yourself” Attacks Show How Social Engineering is Evolving
Summary: The emergence of “scam yourself” attacks represents a sophisticated evolution of social engineering, where attackers manipulate users into compromising their own security. These attacks exploit routine actions, authority, and urgency, making them particularly dangerous as they blend seamlessly into everyday digital interactions. Understanding the psychological triggers behind these scams is essential for developing effective defenses against them.…
Read More
Annual Payment Fraud Intelligence Report: 2024
The 2024 Payment Fraud Intelligence Report from Recorded Future reveals a significant rise in fraud activities, particularly in stolen card data and e-skimmer infections. Key trends indicate that fraudsters are increasingly exploiting modern payment technologies and social engineering tactics. Predictions for 2025 suggest a continuation of these trends, emphasizing the need for enhanced security measures among financial institutions and merchants.…
Read More
Russian ransomware hackers increasingly posing as tech support on Microsoft Teams
Summary: Russian cybercriminals are executing a new scam by impersonating tech support on Microsoft Teams to install ransomware on victims’ networks. British cybersecurity firm Sophos reported over 15 incidents involving two groups leveraging Microsoft Office 365 settings for social engineering attacks. The report highlights connections between one group and Storm-1811, while the other may have ties to the FIN7 cybercrime group.…
Read More
Facilitating Phishing and Pig Butchering Activities using Zendesk Infrastructure [Bait & Switch Mode]
This report serves as an advisory to organizations regarding the misuse of Zendesk’s platform for creating subdomains that impersonate legitimate companies, potentially facilitating investment scams. The analysis highlights how these domains can be exploited for phishing attacks, particularly through a technique known as Pig Butchering. Organizations are urged to block or take down suspicious domains to prevent disruptions.…
Read More
A series of critical vulnerabilities have been reported across various platforms, including Aviatrix Controller and Microsoft 365 applications, leading to significant security risks such as unauthorized access and data breaches. Additionally, a new phishing tactic targeting Apple iMessage users and a malicious PyPi package aimed at Discord developers have emerged, highlighting the evolving threat landscape.…
Read More
Job Offer or Cyber Trap Fake CrowdStrike Recruiters Deliver Malware
A recent cybersecurity alert has revealed that fake CrowdStrike recruiters are distributing malware through phishing emails, tricking victims into downloading a malicious executable that installs a cryptocurrency miner. This scam uses a fake recruitment domain to lure job seekers. Affected: CrowdStrike, job seekers, cryptocurrency mining sector

Keypoints :

Fake CrowdStrike recruiters are distributing malware via phishing emails.…
Read More
New Star Blizzard spear-phishing campaign targets WhatsApp accounts | Microsoft Security Blog
In mid-November 2024, Microsoft Threat Intelligence reported a shift in tactics by the Russian threat actor Star Blizzard, who began targeting WhatsApp accounts through spear-phishing campaigns. This new approach involves impersonating US government officials to lure victims into malicious links that compromise their WhatsApp data. The campaign highlights the actor’s resilience and adaptability in the face of operational disruptions.…
Read More
Cybercriminals Exploit Fake Google Ads to Ransack Advertiser Accounts
Summary: A sophisticated phishing campaign has been uncovered, where cybercriminals use fraudulent Google Ads to target advertisers, redirecting them to fake login pages. This operation exploits the trust in Google’s ad platform to steal credentials, which are then used to hijack accounts for malicious purposes. The scheme has been observed globally, with multiple distinct groups involved in executing the attacks.…
Read More
UK’s porn age checks to arrive in July, raising fears over security and privacy
Summary: The UK’s communications regulator Ofcom has mandated that online pornography sites must verify users’ ages by July to prevent minors from accessing adult content. Concerns have been raised by civil liberties groups about the potential cybersecurity risks associated with age verification methods. Non-compliance could lead to severe penalties, including fines and website blocking by internet service providers.…
Read More