According to the FBI IC3 Internet Crime Report 2023, business email compromise (BEC) scams are the second most expensive type of cybercrime. Over the past three years, the number of US victims increased from 19,954 (2021) to 21,832 (2022) but decreased slightly to 21,489.
The threat actors behind BazaCall (also known as BazarCall), have been observed using multiple tactics to breach targeted networks and lure unsuspecting victims into downloading its malicious malware. Read this to learn more on how to protect against this threat.
The Federal Trade Commission (FTC) stated that over $1.1 billion in losses from impersonation scams were reported in 2023. The report shows that 330,000 incidents were business impersonation scams, and nearly 160,000 were government impersonation scams.
As more users adopt multi-factor authentication (MFA) for account security, threat actors increase efforts to bypass this security measure. They often use phishing emails to gather login details for online accounts and phishing kits to increase the effectiveness of these campaigns.
Search Generative Experience (SGE) is Google’s upcoming generative artificial intelligence (AI) search feature. Google first allowed users to opt into the Google SGE results in May 2023. Google began rolling out this feature to a small sample of random users who have not yet opted in.
Threat actors use SMS texts in phishing campaigns to steal users’ personal data, funds, etc. SMS-based phishing (SMiShing) may be more effective than email phishing as these messages are viewed on a mobile device, making it difficult to identify malicious texts.
With Tax Day quickly approaching, many taxpayers may feel stressed as they work to file their tax returns promptly and accurately. During this time, cybercriminals may exploit this human vulnerability and leverage the rapid advancement and increase in artificial intelligence and deepfakes.
A sophisticated phishing scheme of fraudulent URLs, login pages, a sense of urgency and legitimacy, and persistent communication through mobile devices was recently discovered. The phishing kit revealed the creation of replicas of login pages and impersonating organizations.
On February 22, a compromised email account sent phishing emails to several contacts at a New Jersey educational institution. The users who attempted to access the link in the email and submitted their credentials had their accounts compromised by the threat actor.
Subdomain hijacking occurs when threat actors gain control of a subdomain of a legitimate domain by taking over unused or abandoned subdomains to inject their IP address into the SPF record, and send emails on behalf of the primary domain name.
