Tag: social engineering
371 articles

INTERPOL Warns of Rising Cybercrime in Asia-Pacific
Cybercriminals are wreaking havoc in Asia-Pacific, using cutting-edge tactics like AI and ransomware to scam and steal on a massive scale. Phishing is the region's most costly and widespread crime, with a third of countries reporting over 10,000 cases in just 15 months.

Cybercriminals Worry AI Tools Will Disrupt Their Illicit Trade
Cybercriminals are getting anxious about the impact of AI tools on their illicit trade, and experts warn that now is the time for organizations to step up their cyber hygiene game with measures like timely patching, multifactor authentication, and passkey use. By prioritizing these defenses, businesses can stay ahead of emerging threats, including AI-assisted attacks.

Cybercrime Surges Across Asia and South Pacific, Hits 30% of All Crime
Cybercrime is surging across Asia and the South Pacific, now accounting for over 30% of all recorded crime, with organised networks leveraging AI, ransomware, and social engineering on a massive scale. The rapid rise is driven by rapid digital adoption and new technologies.

Malware Campaign Exploits Fake Reviews to Spread Crypto Clipper
A single threat actor cleverly mimicked legitimate brands to spread Crypto Clipper Malware, using fake reviews, tutorial videos, and promotions on trusted platforms to manufacture credibility for a malicious crypto tool. They created a convincing illusion of a trusted product, complete with inflated download counts and coordinated five-star reviews.

Sniper Dz Scams Target MENA Users with Fake Offers and Browser Exploits
Scammers are targeting people in the Middle East and North Africa with fake offers of free mobile internet, financial rewards, and government subsidies, using fraudulent Facebook accounts to trick victims into divulging sensitive info. These Sniper Dz scams impersonate trusted figures and organizations to lure users in with enticing deals.

Cybercriminals Exploit AI Hype in Social Engineering Attacks
Cybercriminals are cleverly exploiting our curiosity about AI to launch sophisticated social engineering attacks, using trusted AI names and urgent lures to trick victims into divulging sensitive info or downloading malware. By tapping into our desire to stay ahead of the curve, attackers are able to bypass our usual caution and catch us off guard.

TikTok Tutorials Spread Vidar Stealer via Fake Software Lures
Cybercriminals are using TikTok and Instagram Reels to spread the Vidar infostealer by disguising it as free software tutorials, tricking viewers into downloading malware. By reporting these accounts, users can help take them down and slow down the attackers' momentum.

Threat Actors Exploit Microsoft Teams for Phishing Attacks
Phishing attacks are getting smarter, with threat actors now using trusted platforms like Microsoft Teams to target unsuspecting employees, accounting for 42% of all phishing alerts in just the first four months of 2026. These sneaky messages can land directly in your feed, masquerade as internal IT support, and trick you into taking action with alarming ease.

WhatsApp Disrupts NSO Group's Spearphishing Campaign
WhatsApp has successfully shut down a sneaky phishing campaign by notorious spyware firm NSO Group, which tried to trick users into clicking malicious links to spy on them. The messaging giant is now asking a US court to hold NSO Group accountable for violating a ban on targeting users.

Android Malware NFCShare Targets Europe Banks via GitHub Updates
Malicious actors are using GitHub to spread new variants of the NFCShare Android malware, disguising them as banking app updates to target customers of European banks. Victims are first lured into downloading the malware through phishing sites that mimic real banks, where they're prompted to install a fake update.

Meta Alleges NSO Group Breaches Spyware Injunction
Meta just took a bold stand against NSO Group, the notorious spyware maker, by ramping up legal action after thwarting a sneaky phishing campaign aimed at WhatsApp users. The tech giant successfully blocked NSO-linked attempts to trick people into clicking malicious links, despite a US court injunction already in place.

WhatsApp Disrupts NSO Group's Spyware Phishing Campaigns
Meta's WhatsApp team swiftly sprang into action, disrupting a sophisticated spyware phishing campaign linked to the NSO Group after investigating user reports of targeted social-engineering attacks. They successfully stopped the attackers' attempts to trick people into clicking malicious links that could have put their data at risk.

China Exploits Job Sites for Spying on Five Eyes Targets
Be cautious on job sites - Chinese spies are posing as recruiters on LinkedIn, Indeed, and Upwork to trick Five Eyes targets into divulging sensitive information. They're using clever social engineering tactics to make their scams seem all too believable.

Meta Accuses NSO Group of Breaching WhatsApp Injunction
Meta is taking a stand against NSO Group, accusing the Israeli spyware vendor of breaching a WhatsApp injunction by targeting users with social engineering attempts. The company claims it successfully thwarted these malicious efforts, but is now asking a federal judge to hold NSO Group in contempt.

Threat Actors Exploit Vishing, Physical Intrusions in US Data Extortion Campaign
Meet UNC3753, a notorious group of threat actors using clever voice phishing and social engineering tactics to infiltrate US corporate environments and steal sensitive data. Their deceitfully simple attacks start with a phone call or email and quickly escalate into rapid data theft and ransom demands.

Silent Ransom Group Exploits Law Firms with Fake IT Support Scams
Law firms are being targeted by the Silent Ransom Group through clever fake IT support scams, putting sensitive client information at risk. This sophisticated attack starts with innocent-looking invoice emails that trick victims into calling a phone number, initiating a chain of events that can lead to devastating consequences.

Mandiant Exposes UNC3753's US Law Firm Data Heist Tactics
Beware of UNC3753, a notorious group that's been stealing sensitive data from US law firms and other professional services, using clever vishing tactics and lightning-fast intrusions to extort their victims. In some cases, they can go from initial contact to data theft in under an hour.

Multiple Breaches Expose Sensitive Data Across Industries
Sensitive data has been compromised across various industries in a series of alarming breaches, including a clever social engineering scam that exposed info of 6 million Carnival Corporation customers and two incidents involving learning management company Instructure's Canvas platform. These breaches highlight the growing threat of cyber attacks and the importance of robust data protection measures.

Cybercriminals Target FIFA World Cup 2026 with Sophisticated Scams
As the 2026 FIFA World Cup approaches, cybercriminals are gearing up to scam unsuspecting fans with sophisticated ticketing scams, counterfeit sites, and panic-inducing mechanics. Experts warn that this major event has become a prime target for cyberattacks, with thousands of fraudulent domains and fake Facebook ads already circulating.

Microsoft Warns AI Adoption Exposes Organizations to New Malware Threats
Microsoft's senior security researcher warns that the AI tools making our jobs easier can also be exploited by threat actors, highlighting a new and urgent risk for organizations to manage. As AI adoption grows, companies must recognize it as both a valuable asset and a potential attack surface that requires careful protection.

Bayer Overhauls Security Training to Counter AI-Driven Threats
Bayer is revolutionizing its security training to combat AI-driven threats by ditching traditional checklist-driven advice for a psychology-first approach that outsmarts increasingly realistic social engineering tactics. This bold move aims to empower staff and suppliers to safely harness the power of generative AI.

Silent Ransom Group Escalates Tactics with In-Person IT Impersonation
The FBI warns that the notorious Silent Ransom Group is taking a more aggressive approach, impersonating IT staff in person to infiltrate corporate systems, targeting US law firms, insurance, finance, and healthcare companies since 2023. This new tactic marks a significant escalation from their previous remote trickery methods.

Kimsuky Expands Malware Arsenal with HTTPSpy, HelloDoor
Kimsuky, a notorious North Korean hacking group, has upgraded its malware arsenal with HTTPSpy and HelloDoor, using clever tactics like fake installation pages and a spoofed Webex meeting to infiltrate targets. The group's latest attacks involve highly tailored social engineering and real-time infection verification to maximize success.

GreyVibe hackers wield AI tools to fuel multi-sector cyberattacks
Meet GreyVibe, a likely Russian threat group that's been wreaking havoc across multiple sectors in Ukraine since at least August 2025, using AI-generated social engineering and custom malware to fuel its attacks. WithSecure researchers uncovered the group's activities, revealing a surprisingly unsophisticated approach despite its use of advanced AI tools like ChatGPT and Google Gemini.