Tag: social engineering
371 articles

macOS Malware Exploits User Trust to Steal Sensitive Data
Beware of a sneaky new macOS malware that tricks you into stealing your own sensitive data - all it needs is for you to paste a single command into Terminal. Dubbed ClickLock Stealer, this clever con artist has already duped at least 100 victims across 33 countries.

macOS Stealer Uses Coercion Loop to Force Password Entry
A new macOS stealer malware has hit over 100 victims across 33 countries in just two months, with a clever coercion loop trick that forces users to enter their passwords. The attack starts with a simple paste-and-run lure, where victims unknowingly paste a command into Terminal after visiting a malicious webpage.

Privacy Breach at Qantas Exposed by Tech Support Scam Tactics
A clever tech-support scam led to a massive 2025 Qantas privacy breach, where 5.7 million customer records were compromised after a social engineering call tricked a contact-centre agent into giving away sensitive access. The sneaky tactic, not a systemic failure, was the surprising root cause of the breach.

Dutch Police Expose Suspects in Odido Hacking Case
The Dutch National Police have cracked the Odido hacking case, revealing that suspects impersonated an IT employee in a phone call with customer service, tricking the company into divulging sensitive info through phishing. This clever ruse led to a massive data theft in February.

Interpol Disrupts Global Cybercrime Network, Arrests 5,800
In a major crackdown on global cybercrime, Interpol's Operation First Light has led to the arrest of 5,800 individuals and the seizure of $293 million, highlighting the power of international cooperation in the fight against online scams. This huge success shows that when countries work together, they can make a real difference in keeping people safe from cyber threats.

Cloud Bucket Hijacking Exposes Data Streams to Silent Compromise
In a major global sting operation, INTERPOL's Operation First Light 2026 led to the arrest of 5,811 individuals and the seizure of $293 million in illicit assets, highlighting the growing threat of transnational social engineering and money-laundering schemes. This coordinated effort involved 97 countries and territories, and resulted in the identification of over 142,000 victims and 15,606 suspects.

Helix Group Exploits SharePoint with Advanced Vishing Tactics
Helix Group hackers are using clever voice phishing tactics, often impersonating managers, to trick victims into handing over account access. They use a simple yet effective playbook, starting with a convincing phone call that sets the stage for a device-code phishing scheme.

CISOs Warn of Executive Disconnect on Cybersecurity Risks
A whopping 78% of CISOs believe their board-level decision makers are in the dark about employee-driven cyber risks, leaving companies vulnerable to attacks. The disconnect is alarming, especially as AI-powered scams and social engineering attacks become increasingly sophisticated.

Global Crackdown Nets 5,800 Arrests in Anti-Fraud Operation
In a massive global sting operation, authorities arrested 5,811 suspects and seized $293 million in illicit assets, dealing a significant blow to social engineering fraud and money laundering. The sweeping crackdown, dubbed Operation First Light 2026, spanned 97 countries and identified over 142,000 victims.

Red Teamer Exploits Trust to Steal Priceless Trophy
Imagine walking onto a secure campus with equipment in plain sight and a convincing story, and having employees roll out the red carpet - literally. A professional red teamer and his colleagues did just that, effortlessly gaining access to a Fortune 500 company's high-security site by exploiting one simple vulnerability: trust.

SCMBANKER Malware Targets Mexican Banking Users with ClickFix Lures
Mexican banking customers beware: a sneaky new malware campaign, dubbed REF6045, is using fake CAPTCHA pages and social tricks to install a powerful PowerShell toolkit called SCMBANKER on unsuspecting victims' devices. This stealthy attack has been targeting Mexico's financial ecosystem, putting fintech users, payment-processor clients, and cryptocurrency exchange customers at risk.

AI-Powered Attacks Target Service Desks With Convincing Impersonation Tactics
Beware: AI-powered attacks are now targeting service desks with incredibly convincing impersonation tactics, making it easier for attackers to trick agents into bypassing security controls. A single phone call can be all it takes to spark a devastating data breach, as seen in high-profile incidents at major companies like M&S, MGM Resorts, and Clorox.

Meta Disrupts Phishing Campaign Targeting Facebook Business Users
Watch out for phishing scams targeting Facebook Business users - red flags include broken graphics, suspicious links, and unsolicited emails promising exciting opportunities. Experts warn that cybercriminals are getting sneaky, using legitimate-looking emails and Messenger chatbots to trick victims into taking action.

Microsoft Teams Users Targeted by Fake IT Support Scam
Beware of fake IT support scammers on Microsoft Teams who are tricking unsuspecting workers into installing malware by posing as tech support staff. These impostors are using the popular collaboration platform to deceive and compromise employee devices.

AdaptHealth Breach Exposes Patient Data via Social Engineering Tactics
AdaptHealth recently fell victim to a data breach, where hackers used clever social engineering tactics to trick a third-party contractor into giving them access to sensitive patient information stored in the company's cloud environment. This alarming breach put a large volume of patient data at risk, prompting AdaptHealth to disclose the incident to the Securities and Exchange Commission.

Microsoft 365 Accounts Targeted in 3-Second Hijacking Attacks
Beware of a sneaky 3-second hack that can hijack your Microsoft 365 account with just a click - it starts with a harmless-looking link that tricks you into executing the attack yourself. This clever tactic, known as ClickFix, exploits a simple human reflex to gain control of your account.

Opera Introduces Paste Protect to Thwart ClickFix Attacks
Opera's new Paste Protect feature helps keep you safe from sneaky ClickFix attacks by automatically blocking suspicious copy actions that could land malware on your device. This clever tool outsmarts scammers who try to trick you into pasting malicious commands, protecting you from unwanted surprises.

Physical Security Lapses Grant Hackers Network Admin Access
Meet Kristopher Johnson and Michael, two expert red teamers who walked into a company's office through an unlocked maintenance door, posing as new IT employees, and gained access to the building by simply offering to help shovel ice. Their easy entry exposed a shocking truth: physical security lapses can give hackers an open invitation to wreak havoc on your network.

Cybercriminals Exploit ClickFix to Deliver Malware
Don't assume macOS is safe from cyber threats - a recent report warns that it now requires the same level of monitoring and protection as Windows to prevent malware attacks. Cybercriminals are using the ClickFix technique to deliver malware, tricking victims into running malicious commands.

Poland Disrupts SIM-Swapping Gang Linked to Crypto Heists
In a major breakthrough, Polish authorities have dismantled a notorious SIM-swapping gang that used social engineering and specialized software to orchestrate a string of crypto heists, with four suspects now facing charges. The successful takedown was made possible through a collaborative effort with the FBI and Homeland Security Investigations.

Scammers Exploit Shop App to Fuel Callback Phishing Attacks
Beware of scammers exploiting the popular Shop app, with 50 million downloads, to trick you into callback phishing attacks with fake purchase receipts and phony support agents. They're impersonating big brands like Norton and Apple to steal your account credentials and sensitive info.

Malicious Edge Extension Exploits Native Messaging for Malware Deployment
Beware of malicious Edge extensions that can deploy malware through native messaging, with attackers using social engineering tactics on Microsoft Teams to trick victims into installing fake updates. Once infected, victims are presented with a fake Outlook update page offering three options to deploy the Edgecution malware.

Social Engineering Attacks Target Service Desks
Service desks have become a prime target for cyber attackers, who often find it easier to manipulate staff into divulging sensitive information than to crack the technology itself. In a string of recent incidents, hackers have successfully impersonated employees to gain access to internal systems, as seen in the 2025 UK attacks on major retailers like Marks & Spencer, Co-op, and Harrods.

WhatsApp VBScript Campaign Targets Global Users with RMM Software
Malicious actors are targeting WhatsApp users worldwide with a sneaky VBScript campaign, compromising accounts to spread harmful files through direct messages. In a shocking concentration of attacks, 80% of victims were in Malaysia, highlighting the need for users to stay vigilant.