Skip to main content

Tag: socialengineering

102 articles

Generative AI: Stunning, Dangerous Scam Surge

Generative AI: Stunning, Dangerous Scam Surge

When a convincing video or familiar voice asks for money, generative AI makes the split-second choice to trust or verify riskier than ever; Bruce Schneier’s “Scam GPT” reveals how cheap, scalable synthetic text, images and voices are automating old cons and spawning new ones. We’ll need smarter tech, clearer rules and stronger community safeguards to keep deception from becoming the new normal.

Analyst 207
payment diversion fraud: Must-Have Critical Alert

payment diversion fraud: Must-Have Critical Alert

Worried that the bank details in that email really belong to your solicitor? The NCA warns house buyers are being hit by payment diversion fraud—sometimes losing over £80,000—so always independently verify payment instructions and use secure channels to protect your sale.

Analyst 207
social engineering: Risky Tricks Exposed

social engineering: Risky Tricks Exposed

A clear, reader-friendly breakdown of a convincing phone scam that shows how faux authority, fake case numbers and offers of a “supervisor” trick people — plus the timeline, red flags, and simple steps you can use to avoid being fooled. Learn what habits and tech fixes really stop these attacks before they cost you time or money.

Analyst 207
Facebook impersonation scams: Exclusive Risky Crackdown

Facebook impersonation scams: Exclusive Risky Crackdown

Singapore is sounding the alarm after a spike in Facebook impersonation scams that have cheated residents and strained law enforcement, and officials are now publicly pressing Meta to act faster to protect users. If platforms don’t step up with better detection, verification and takedowns, trust — and people’s money and privacy — will keep eroding.

Analyst 207
malicious-looking URLs: Stunning Risky Tool Sparks Alarm

malicious-looking URLs: Stunning Risky Tool Sparks Alarm

A new online tool can turn any ordinary link into a convincingly “malicious”-looking URL, blurring the line between prank and peril and making it harder to tell real threats from harmless links. That dual-use risk means we need better detection, clearer browser cues, and smarter user education before trust on the web starts to erode.

Analyst 207
Scattered Spider Exclusive: Devastating $115M Ransom Ring

Scattered Spider Exclusive: Devastating $115M Ransom Ring

Imagine the lights going out at your local hospital or your commute being held hostage — a new U.S. indictment alleges 19‑year‑old Thalha Jubair is a core member of Scattered Spider tied to at least $115 million in ransoms that hit hospitals, transit and retailers. The case shows how low‑tech tricks like SIM swaps and social engineering let agile, global criminal crews cause massive, real‑world harm.

Analyst 207
cryptocurrency fraud ring Stunning €100M Risky Bust

cryptocurrency fraud ring Stunning €100M Risky Bust

European police dismantled an alleged €100 million crypto fraud ring this week, arresting five suspects and shutting down fake platforms, token launches and wallets that duped investors. The case shows how cross-border forensics can stop big scams — and why you should always verify platforms and be wary of returns that sound too good to be true.

Analyst 207
deepfake phone calls: Must-Have Defenses for Risky Attacks

deepfake phone calls: Must-Have Defenses for Risky Attacks

If a familiar voice can be faked, you can’t rely on phone calls alone—recent research shows deepfake calls are already hitting nearly half of businesses. Start using multi‑channel verification, stronger technical checks, and regular staff training now to stop convincing scams before they cost you money and trust.

Analyst 207
Scattered Spider Exclusive: Risky Teen Casino Shocker

Scattered Spider Exclusive: Risky Teen Casino Shocker

A Las Vegas teen surrendered this week in connection with the 2023 Scattered Spider attacks that disrupted casino networks and reportedly caused millions in damage, prompting fresh questions about how minors acquire the skills to hit high-value targets and how justice should respond. The arrest spotlights worrying cybersecurity gaps in the industry and the urgent need to channel youthful technical talent into lawful paths.

Analyst 207
Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider: Must-Have Defenses Against Risky Attacks

Scattered Spider is skipping the fences and walking through the front door by exploiting weak identity controls, help‑desk processes, and third‑party trust. Tightening phishing‑resistant authentication, enforcing least privilege, and hardening vendor and support workflows are the urgent, practical steps every organization must take.

Analyst 207
ransomware groups: Stunning, Dangerous Threat to Museums

ransomware groups: Stunning, Dangerous Threat to Museums

When ransomware knocked a French museum offline and thieves made off with $705,000 in gold, it became painfully clear that cyberattacks can enable real‑world heists — a wake‑up call for museums and small institutions to protect both their networks and their treasures.

Analyst 207
ClickFix lures: Must-Have Critical Warning

ClickFix lures: Must-Have Critical Warning

DPRK-linked hackers are swapping code-focused bait for ClickFix-style tickets that trick marketing and trading teams into installing BeaverTail and InvisibleFerret malware, putting funds and customer systems at risk. It’s a wake-up call to treat phishing as a financial-security issue—tighten email defenses, role-based access, and training beyond engineering.

Analyst 207
Scattered Spider gang Exclusive Arrest Exposes Risk

Scattered Spider gang Exclusive Arrest Exposes Risk

U.K. police arrested 17‑year‑old Thalha Jubair after tracing gift‑card purchases back to the same crypto wallets used in Scattered Spider’s alleged $115M extortion campaign. It’s a striking reminder that sloppy opsec and smart crypto forensics can crack sophisticated social‑engineering rings — and that businesses must tighten people‑centric defenses.

Analyst 207
fake CAPTCHA pages: Exclusive Dangerous AI Phishing Threat

fake CAPTCHA pages: Exclusive Dangerous AI Phishing Threat

Think twice before clicking that checkbox — attackers are using AI to spin up lifelike fake CAPTCHAs that harvest credentials and turn a trusted security step into an easy phishing trap.

Analyst 207
Scattered Spider: Shocking Arrests Spark Risky Fallout

Scattered Spider: Shocking Arrests Spark Risky Fallout

Two teenagers have been arrested in the U.K. over last August’s Transport for London outages, with authorities linking them to the Scattered Spider hacking collective. The case highlights how young, tech‑savvy actors can trigger big disruptions—and why public systems, law enforcement and policy must adapt quickly.

Analyst 207
Law Enforcement Request System: Stunning Risky Breach

Law Enforcement Request System: Stunning Risky Breach

Google just revealed that criminals created a fraudulent account in its Law Enforcement Request System (LERS), exposing a worrying gap in the trusted channel police and courts use to obtain sensitive user data. The incident sparks a necessary push to tighten verification, protect investigations, and rebuild public confidence in the systems meant to keep us safe.

Analyst 207
FileFix attacks: Urgent Risky Facebook Alert Scam

FileFix attacks: Urgent Risky Facebook Alert Scam

Beware: a fast-moving campaign called FileFix fakes Facebook security alerts to trick users into downloading tools that actually install the StealC infostealer and follow-on downloaders. Stay cautious—verify alerts inside the official app, never run executables from links, and enable phishing-resistant MFA.

Analyst 207
HM Revenue & Customs Stunning Decline, But Risky Resurge

HM Revenue & Customs Stunning Decline, But Risky Resurge

Good news: HMRC-branded email phishing fell sharply in early 2025, suggesting tech fixes and public awareness are having an impact — but don’t relax yet. Scammers are pivoting to SMS, social and AI-enhanced tricks, so stay sceptical, verify contacts and report anything suspicious.

Analyst 207
fake military ID: Risky Stunning AI Forgery Threat

fake military ID: Risky Stunning AI Forgery Threat

Researchers say North Korean operatives used ChatGPT to craft a convincing fake South Korean military ID, showing how generative AI can supercharge social-engineering and produce forgeries that easily fool human reviewers. It’s a wake-up call: organizations need stronger cryptographic identity checks, smarter detection tools, and better staff training so polished prose no longer equals trust.

Analyst 207
RMM tools Must-Have: Stunning Best Defenses

RMM tools Must-Have: Stunning Best Defenses

Attackers are weaponizing legitimate remote-management tools with convincing phishing that tricks users into installing or granting access—letting them move laterally, steal data, or deploy ransomware. Learn practical defenses—from behavioral analytics and least-privilege RMM setups to MFA, segmentation, and clear user procedures—that stop these dual-use tools from becoming a corporate catastrophe.

Analyst 207
AI-powered operations: Stunning Exposure, Defender Win

AI-powered operations: Stunning Exposure, Defender Win

An attacker’s bid for stealth backfired when legitimate security software exposed their AI‑assisted playbook — Huntress telemetry captured model‑like artifacts that turned a covert campaign into a forensic treasure trove, proving AI speeds attacks but also leaves telltale traces defenders can use.

Analyst 207
Axios user agent Dangerous Surge: Must-Have Defense

Axios user agent Dangerous Surge: Must-Have Defense

A routine Axios user‑agent has been weaponized — ReliaQuest found a 241% surge in phishing that spoofs the header to evade filters and increase clicks. Security teams need to stop trusting user‑agent strings alone and adopt layered defenses before attackers scale this trick further.

Analyst 207
cyber espionage Stunning Risk: Congressional Impersonation

cyber espionage Stunning Risk: Congressional Impersonation

Imagine someone posing as a U.S. congressman to tip the scales in trade talks — House investigators say Chinese cyber actors impersonated Rep. John Moolenaar to harvest documents and influence negotiations, a stark reminder that digital deception can shortcut diplomacy. It’s a wake-up call for stronger authentication, staff training, and rapid-response teams to protect the integrity of democratic decision-making.

Analyst 207
AI-powered ransomware: Risky, Stunning Threat

AI-powered ransomware: Risky, Stunning Threat

What happens when a harmless research project turns into a blueprint for crime? The first AI-powered ransomware shows how generative models can automate and personalize attacks, forcing researchers, defenders, and policymakers to rethink openness, oversight, and preparedness.

Analyst 207