Skip to main content

Tag: social engineering

371 articles

Person working on laptop in cozy setting with Terminal window open.

macOS Malware Exploits User Trust to Steal Sensitive Data

Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

Analyst 207
Person sitting at laptop in dimly lit space with screen showing fake progress animation or terminal window.

macOS Stealer Uses Coercion Loop to Force Password Entry

A new macOS stealer malware has hit over 100 victims across 33 countries in just two months, with a clever coercion loop trick that forces users to enter their passwords. The attack starts with a simple paste-and-run lure, where victims unknowingly paste a command into Terminal after visiting a malicious webpage.

Analyst 207
Phone on a desk in a customer service setting with a person working at a computer in the background.

Privacy Breach at Qantas Exposed by Tech Support Scam Tactics

A clever tech-support scam led to a massive 2025 Qantas privacy breach, where 5.7 million customer records were compromised after a social engineering call tricked a contact-centre agent into giving away sensitive access. The sneaky tactic, not a systemic failure, was the surprising root cause of the breach.

Analyst 207
Dutch National Police officer stands in formal briefing room with agency emblem and cityscape in background.

Dutch Police Expose Suspects in Odido Hacking Case

The Dutch National Police have cracked the Odido hacking case, revealing that suspects impersonated an IT employee in a phone call with customer service, tricking the company into divulging sensitive info through phishing. This clever ruse led to a massive data theft in February.

Analyst 207
Law enforcement officials gather around a table with a world map and computer screens displaying data.

Interpol Disrupts Global Cybercrime Network, Arrests 5,800

In a major crackdown on global cybercrime, Interpol's Operation First Light has led to the arrest of 5,800 individuals and the seizure of $293 million, highlighting the power of international cooperation in the fight against online scams. This huge success shows that when countries work together, they can make a real difference in keeping people safe from cyber threats.

Analyst 207
Modern briefing room with podium, large window, and abstract wall emblems.

Cloud Bucket Hijacking Exposes Data Streams to Silent Compromise

In a major global sting operation, INTERPOL's Operation First Light 2026 led to the arrest of 5,811 individuals and the seizure of $293 million in illicit assets, highlighting the growing threat of transnational social engineering and money-laundering schemes. This coordinated effort involved 97 countries and territories, and resulted in the identification of over 142,000 victims and 15,606 suspects.

Analyst 207
Person sitting at desk, looking concerned while on phone call.

Helix Group Exploits SharePoint with Advanced Vishing Tactics

Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

Analyst 207
CISO stands concerned in office, overlooking blurred boardroom scene.

CISOs Warn of Executive Disconnect on Cybersecurity Risks

A whopping 78% of CISOs believe their board-level decision makers are in the dark about employee-driven cyber risks, leaving companies vulnerable to attacks. The disconnect is alarming, especially as AI-powered scams and social engineering attacks become increasingly sophisticated.

Analyst 207
Police officers in formal attire gather in a brightly-lit setting with a cityscape background, surrounded by law…

Global Crackdown Nets 5,800 Arrests in Anti-Fraud Operation

In a massive global sting operation, authorities arrested 5,811 suspects and seized $293 million in illicit assets, dealing a significant blow to social engineering fraud and money laundering. The sweeping crackdown, dubbed Operation First Light 2026, spanned 97 countries and identified over 142,000 victims.

Analyst 207
Three individuals in business casual attire walk through a campus quad carrying laptops with antennas, surrounded by…

Red Teamer Exploits Trust to Steal Priceless Trophy

Imagine walking onto a secure campus with equipment in plain sight and a convincing story, and having employees roll out the red carpet - literally. A professional red teamer and his colleagues did just that, effortlessly gaining access to a Fortune 500 company's high-security site by exploiting one simple vulnerability: trust.

Analyst 207
Mexican bank branch interior with concerned customer on smartphone.

SCMBANKER Malware Targets Mexican Banking Users with ClickFix Lures

Mexican banking customers beware: a sneaky new malware campaign, dubbed REF6045, is using fake CAPTCHA pages and social tricks to install a powerful PowerShell toolkit called SCMBANKER on unsuspecting victims' devices. This stealthy attack has been targeting Mexico's financial ecosystem, putting fintech users, payment-processor clients, and cryptocurrency exchange customers at risk.

Analyst 207
AI-Powered Attacks Target Service Desks With Convincing Impersonation Tactics

AI-Powered Attacks Target Service Desks With Convincing Impersonation Tactics

Beware: AI-powered attacks are now targeting service desks with incredibly convincing impersonation tactics, making it easier for attackers to trick agents into bypassing security controls. A single phone call can be all it takes to spark a devastating data breach, as seen in high-profile incidents at major companies like M&S, MGM Resorts, and Clorox.

Analyst 207
Concerned business owner sits at desk, scrutinizing suspicious email on smartphone.

Meta Disrupts Phishing Campaign Targeting Facebook Business Users

Watch out for phishing scams targeting Facebook Business users - red flags include broken graphics, suspicious links, and unsolicited emails promising exciting opportunities. Experts warn that cybercriminals are getting sneaky, using legitimate-looking emails and Messenger chatbots to trick victims into taking action.

Analyst 207
Person at computer looks concerned with Microsoft Teams interface blurred, suspicious message in background.

Microsoft Teams Users Targeted by Fake IT Support Scam

Beware of fake IT support scammers on Microsoft Teams who are tricking unsuspecting workers into installing malware by posing as tech support staff. These impostors are using the popular collaboration platform to deceive and compromise employee devices.

Analyst 207
Brightly lit healthcare setting with paper files and computer screens.

AdaptHealth Breach Exposes Patient Data via Social Engineering Tactics

AdaptHealth recently fell victim to a data breach, where hackers used clever social engineering tactics to trick a third-party contractor into giving them access to sensitive patient information stored in the company's cloud environment. This alarming breach put a large volume of patient data at risk, prompting AdaptHealth to disclose the incident to the Securities and Exchange Commission.

Analyst 207
Office worker looks puzzled at laptop with subtle fake prompt on screen amidst blurred coworkers and computers.

Microsoft 365 Accounts Targeted in 3-Second Hijacking Attacks

Beware of a sneaky 3-second hack that can hijack your Microsoft 365 account with just a click - it starts with a harmless-looking link that tricks you into executing the attack yourself. This clever tactic, known as ClickFix, exploits a simple human reflex to gain control of your account.

Analyst 207
Person sitting at desk with laptop, hands paused over keyboard, conveying caution.

Opera Introduces Paste Protect to Thwart ClickFix Attacks

Opera's new Paste Protect feature helps keep you safe from sneaky ClickFix attacks by automatically blocking suspicious copy actions that could land malware on your device. This clever tool outsmarts scammers who try to trick you into pasting malicious commands, protecting you from unwanted surprises.

Analyst 207
Maintenance door left ajar in a dimly lit office corridor, with an open and unlocked door handle in the foreground.

Physical Security Lapses Grant Hackers Network Admin Access

Meet Kristopher Johnson and Michael, two expert red teamers who walked into a company's office through an unlocked maintenance door, posing as new IT employees, and gained access to the building by simply offering to help shovel ice. Their easy entry exposed a shocking truth: physical security lapses can give hackers an open invitation to wreak havoc on your network.

Analyst 207
Laptop on office desk with blurred CAPTCHA on screen, surrounded by papers and supplies.

Cybercriminals Exploit ClickFix to Deliver Malware

Don't assume macOS is safe from cyber threats - a recent report warns that it now requires the same level of monitoring and protection as Windows to prevent malware attacks. Cybercriminals are using the ClickFix technique to deliver malware, tricking victims into running malicious commands.

Analyst 207
Authorities in formal attire gather in a briefing room with subtle tech infrastructure in the background.

Poland Disrupts SIM-Swapping Gang Linked to Crypto Heists

In a major breakthrough, Polish authorities have dismantled a notorious SIM-swapping gang that used social engineering and specialized software to orchestrate a string of crypto heists, with four suspects now facing charges. The successful takedown was made possible through a collaborative effort with the FBI and Homeland Security Investigations.

Analyst 207
Person looks concerned while checking phone in cluttered living room with open laptop and shopping boxes nearby.

Scammers Exploit Shop App to Fuel Callback Phishing Attacks

Beware of scammers exploiting the popular Shop app, with 50 million downloads, to trick you into callback phishing attacks with fake purchase receipts and phony support agents. They're impersonating big brands like Norton and Apple to steal your account credentials and sensitive info.

Analyst 207
Person looks concerned while interacting with fake Microsoft update on laptop at office desk.

Malicious Edge Extension Exploits Native Messaging for Malware Deployment

Beware of malicious Edge extensions that can deploy malware through native messaging, with attackers using social engineering tactics on Microsoft Teams to trick victims into installing fake updates. Once infected, victims are presented with a fake Outlook update page offering three options to deploy the Edgecution malware.

Analyst 207
Customer service representative on phone call at retail service desk.

Social Engineering Attacks Target Service Desks

Service desks have become a prime target for cyber attackers, who often find it easier to manipulate staff into divulging sensitive information than to crack the technology itself. In a string of recent incidents, hackers have successfully impersonated employees to gain access to internal systems, as seen in the 2025 UK attacks on major retailers like Marks & Spencer, Co-op, and Harrods.

Analyst 207
Smartphone on cluttered desk with WhatsApp conversation on screen, surrounded by papers and office supplies, with cityscape…

WhatsApp VBScript Campaign Targets Global Users with RMM Software

Malicious actors are targeting WhatsApp users worldwide with a sneaky VBScript campaign, compromising accounts to spread harmful files through direct messages. In a shocking concentration of attacks, 80% of victims were in Malaysia, highlighting the need for users to stay vigilant.

Analyst 207