Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Identity Theft. Show all posts
Scam Detection
Cyber Frauds Cybersecurity awareness Data protection Financial Fraud Prevention Identity Theft Mobile Security Online Scams Phishing Attacks Scam Detection

Surge in Digital Fraud Prompts Consumer Reports to Issue Safety Guidance


 

By incorporating digitally mediated communication into nearly every aspect of modern life, digital media has fundamentally reshaped the way individuals interact, transact, and manage daily responsibilities, adding convenience to nearly every aspect of life. However, this same interconnected infrastructure has also broadened cybercriminal attack surfaces. 

Increasing communication channels, such as voice networks, social platforms, and messaging platforms, have led to an increase in fraud activity and sophistication. In addition to occasional phishing emails, persistent, multi-channel intrusion attempts have been developed that exploit user trust, behavior, and familiarity with platforms. 

Digital fraud is a systemic risk that is characterized by the exploitation of technological interfaces to exploit financial assets, sensitive data, and identity credentials, and has become a systemic risk in this context. According to the Consumer Cyber Readiness assessment for 2025, there is an extensive exposure rate, with nearly half of the surveyed individuals reporting a direct encounter with fraudulent schemes. 

Financial losses were a measurable component of these incidents, demonstrating the operational effectiveness of current threat models. Using a collaborative analysis conducted by consumer advocacy and cybersecurity organizations, the data also illustrates a shift in attack vectors as a result of these incidents. 

Fraud attempts are now primarily transmitted through digital channels, including email, social media, SMS, and messaging applications. Message-based fraud has experienced significant growth, with its share increasing significantly year over year, reflecting both higher user engagement on these platforms and the relative ease with which attackers can execute scalable campaigns. This trend has been confirmed by observations of threat actors, which indicate that text-based scams generate substantial illegal revenue streams alone.

Even though technology providers are implementing enhanced safeguards and detection mechanisms within their ecosystems, these controls are subject to inherent limitations. The prevention of digital fraud increasingly requires user awareness, behavioral vigilance, and proactive security practices tailored to an evolving threat environment, as well as heightened awareness and behavioral vigilance. 

Digital fraud in the Indian landscape has become even more intensified, as scale and frequency are combined to create sustained financial and psychological pressure on consumers against such a global backdrop. In recent years, fraudulent communication has become a persistent operational risk within the digital economy, as opposed to an isolated incident. 

A successful fraud attack is not only financially severe but also extremely efficient, as threat actors often compress the fraud lifecycle into a few minutes by reporting loss patterns. In conjunction with the high interaction rate among recipients of suspicious messages, this acceleration indicates an active behavioral gap exploited by adversaries. 

Through digital adoption, a larger attack surface is made available across payments, social platforms, and mobile-first services, leading to more targeted and context-aware fraud campaigns. As a consequence of the rapid evolution of attack methodologies, conventional phishing tactics are increasingly being supplemented by artificial intelligence-driven deception techniques, such as synthetic media and voice impersonation, compounding this challenge. 

Furthermore, these tools enhance credibility at large scale, making detection more difficult for the typical user. This illustrates the continuing disparity between technological sophistication and the level of user readiness. Institutional response initiatives, such as awareness programs and reporting frameworks, are gaining momentum, yet they are often operating reactively in an environment defined by continuous innovation characterized by continuous threat. 

Unless parallel advances are made in consumer education, real-time threat intelligence, and adaptive regulatory measures, the economic and systemic consequences of digital fraud will continue to hinder the country's digital growth ambitions. It is imperative that practical safeguards at the user level remain a critical line of defense in this increasingly complex threat environment. 

In Consumer Reports, the importance of utilizing native security features embedded into modern smartphones is highlighted, which are designed to detect and filter potentially malicious communication immediately. This first line of defense against high volume scam attempts is provided by these controls, whether they are advanced message filtering capabilities on iOS devices or automated spam detection within Android-based messaging platforms. 

The report recommends, however, that independent verification is necessary before initiating any financial transaction, particularly in scenarios involving urgency and emotional distress, which are common tactics used by impersonation-based fraudsters. Technical safeguards alone are not sufficient without disciplined user behavior.

By cross-checking requests using alternate communication channels, users can reduce the possibility of compromised accounts and deceptive communication. In addition, it is essential to use digital payment applications cautiously, since, despite their efficiency, they frequently lack the robust fraud prevention frameworks associated with traditional banking instruments. Because such platforms are not mandated to provide reimbursement mechanisms, users have a greater responsibility for due diligence. 

Due to this, it is recommended that financial transactions be conducted only between verified and trusted recipients, and that higher-risk payments be made through a more secure and regulated channel, such as credit-backed transactions or direct bank transfers. 

The combined measures demonstrate a broader reality in a digitally adversarial digital environment. Ultimately, resilience to digital fraud depends on a combination of technological controls, informed user judgment, and proactive risk mitigation within an increasingly adversarial digital environment.
Read more »
Malicious Link
2FA Cyber Phishing Data Breach Financial Fraud Fraud Alert Identity Theft Malicious Link

Data Breach Alert: What It Means, Why It Matters, and How to Protect Yourself Immediately




Data breach notifications should never be ignored. Discarding them as junk mail can expose you to serious risks, including financial fraud, identity theft, and unauthorized access to your personal records.

These alerts are now extremely common. They often arrive as emails or letters from organizations such as banks, telecom providers, insurers, or even gyms. Because of their frequency, many individuals overlook them. However, the Identity Theft Resource Center reports that nearly 80 percent of people received at least one such notice in the past year, with many receiving several. This repeated exposure has led to what experts describe as “breach fatigue,” where individuals stop responding to warnings altogether.

The consequences of ignoring these alerts can be severe. Criminals may open credit accounts in your name, accumulate large debts within minutes, or misuse identification numbers to access services such as healthcare. For example, a recent breach involving a U.S.-based benefits administrator exposed Social Security numbers of 2.7 million individuals. In 2024 alone, 1.36 billion breach notifications were issued. While 2025 saw fewer victims overall, the incidents became more serious. Highly sensitive data, including Social Security numbers, appeared in two-thirds of cases, while financial details or driver’s license information were involved in roughly one-third.

Cybersecurity professionals, including Sandra Glading, Greg Oslan, and David Trapp, define a data breach as an incident where unauthorized actors gain access to systems and extract personal data. This information may include basic details such as names and contact information, or more sensitive data like passwords, banking details, or national identifiers. The level of risk increases significantly when multiple types of data are combined, as attackers can reconstruct identities and carry out complex fraud.

The scale of the issue has grown rapidly. The Identity Theft Resource Center recorded 3,322 breaches affecting more than 278 million individuals in the United States in 2025, marking the highest level on record and a 79 percent increase over five years. Two decades ago, such incidents were far less frequent. Around 2010, there were roughly 600 breaches annually, and attackers primarily targeted governments or large institutions. Today, the threat landscape has shifted toward mass exploitation driven by financial incentives. According to the Federal Bureau of Investigation, cybercrime losses reached $16.6 billion in 2024, demonstrating the scale of this criminal ecosystem.


How Do You Know If You’ve Been Affected?

In many countries, including the United States, companies are legally required to inform individuals when their personal data is compromised. Notifications may arrive via email, physical mail, or identity-protection services. In major incidents, the news media may report the breach before individuals receive direct communication.

However, this system is not foolproof. Experts warn that notifications often take months because companies need time to investigate. By the time you are informed, your data may already be in use by attackers.

At the same time, scammers exploit these situations by sending fake breach alerts. These messages may include links offering free credit monitoring or contact numbers. You should never act immediately on such messages. Always verify the information through the official website of the organization before clicking links or sharing personal data.


What to Do Immediately After a Data Breach

Security experts stress that speed matters. According to IBM, the average data breach remains active for 241 days, giving attackers an advantage before detection.

1. Identify What Information Was Exposed

Different types of data create different risks. For example, an exposed email address may lead to phishing attempts, while a leaked Social Security number can enable identity theft.

Carefully review the breach notification and locate the section that lists the compromised data. If the details are unclear, contact the organization directly. You can also use trusted breach-checking tools such as services provided by the National Cybersecurity Center or “Have I Been Pwned” to verify whether your email appears in known leaks.

2. Freeze Your Credit

A credit freeze prevents lenders from accessing your credit report, making it difficult for criminals to open new accounts in your name.

To do this, contact the three major credit bureaus:

• Experian

• Equifax

• TransUnion

This process is free and can typically be completed online within minutes.

3. Place a Fraud Alert

A fraud alert requires lenders to verify your identity before approving new credit.

You only need to contact one credit bureau, which will notify the others. Standard alerts last one year, while extended alerts for confirmed identity theft victims can remain active for up to seven years.

4. Monitor Financial Accounts Closely

Unauthorized transactions may appear quickly or after a delay.

Review your bank and credit card statements regularly for several months. Enable transaction alerts to receive real-time notifications of account activity. If you notice suspicious charges, report them immediately. Most financial institutions offer zero-liability protection, but timely reporting is essential.

5. Update Your Passwords

If login credentials are exposed, attackers often attempt to reuse them across multiple platforms.

Immediately change the password for the affected account. Then update any other accounts that use the same or similar credentials. Use strong, unique passwords for each account to reduce risk.

6. Enable Two-Factor Authentication

Two-factor authentication adds an additional layer of security by requiring a temporary code generated on your device.

Although it may seem inconvenient, it significantly reduces the chances of unauthorized access. Whenever possible, use authenticator apps instead of SMS-based codes, as they are more secure.


Additional Steps to Strengthen Long-Term Protection

After addressing immediate risks, you should adopt preventive measures:

• Use a password manager to create and store complex passwords.

• Enable passkeys, which rely on biometrics or device authentication instead of traditional passwords.

• Consider identity-protection services that monitor credit activity and data leaks.

• Stay alert to phishing attempts, especially after a breach, as attackers often impersonate trusted organizations. Avoid clicking unknown links or downloading unexpected attachments.

Experts also recommend tools like the Personal Cyber Advisor from the National Cybersecurity Center, which provides tailored guidance and alerts to help users reduce their risk.


Why This Matters Now

Data breaches are no longer rare or isolated events. They have become part of a large-scale, financially driven cybercrime ecosystem. The increasing frequency, combined with the growing sensitivity of exposed data, means individuals must take a more proactive approach to digital security.

Ignoring a breach notification is no longer a safe option. Acting quickly and following the correct steps can significantly reduce the potential damage.


Read more »
Volvo Breach
Conduent Hack Data Breach Identity Theft Ransomware attack Volvo Breach

Volvo Hit in Conduent Breach Affecting 25 Million

 

A major data breach at business services provider Conduent has spiraled into a large-scale security incident affecting at least 25 million people across the United States, with Volvo Group North America among the latest victims. The breach, originally disclosed in early 2025, is now understood to be far more extensive than first reported, impacting residents in multiple states and exposing sensitive personal data. Texas authorities now estimate that 15 million people have been affected, up from an initial 4 million, while more than 10 million individuals in Oregon have also been caught up in the incident.

Conduent first confirmed in November 2025 that a cyberattack in January 2025 had exposed personal data belonging to over 10 million people. The compromised information included names, addresses, dates of birth, Social Security numbers, and health and insurance details, making it highly valuable for identity theft and fraud. Earlier, in April 2025, the company had revealed that attackers stole names and Social Security numbers during the same January intrusion, highlighting a pattern of gradually escalating disclosures as the scale of the breach became clearer.

Operational disruption accompanied the data exposure, as Conduent disclosed that a January cyberattack caused service outages impacting agencies in multiple U.S. states. Wisconsin and Oklahoma reported issues affecting payments and customer support, underscoring how attacks on back-office providers can cascade into interruptions of public services. Subsequent investigation determined that hackers had maintained access to Conduent’s network from October 21, 2024, to January 13, 2025, giving them ample time to exfiltrate personal data, including Social Security numbers, dates of birth, addresses, and health-related information.

The Safepay ransomware group later claimed responsibility for the attack in February 2025, adding an extortion dimension to the incident. Conduent, which offers printing and mailroom services, document processing, payment integrity, and other back-office support, has been sending breach notifications on behalf of affected clients, including Volvo Group North America. According to a filing with the Maine Attorney General, Volvo reported that 16,991 employees were impacted, and the company said it only learned of the incident in January 2026, many months after the original intrusion window.

In its notification letters, Conduent informed individuals that some of their personal information may have been involved due to services provided to their current or former health plans. The company stated it is not aware of any attempted or actual misuse of the compromised data but is urging recipients to consider steps to protect themselves. As part of its response, Conduent is offering free identity protection services to those affected, reflecting ongoing concern about long-term risks posed by the theft of such highly sensitive information.
Read more »
Network Attacks
AI technology AI threats Cyber Security Cyberattacks Digital Security Identity Theft Network Attacks

AI and Network Attacks Redefine Cybersecurity Risks on Safer Internet Day 2026

 

As Safer Internet Day 2026 approaches, expanding AI capabilities and a rise in network-based attacks are reshaping digital risk. Automated systems now drive both legitimate platforms and criminal activity, prompting leaders at Ping Identity, Cloudflare, KnowBe4, and WatchGuard to call for updated approaches to identity management, network security, and user education. Traditional defences are struggling against faster, more adaptive threats, pushing organisations to rethink protections across access, infrastructure, and human behaviour. While innovation delivers clear benefits, it also equips attackers with powerful tools, increasing risks for businesses, schools, and policymakers who fail to adapt.  

Ping Identity highlights a widening gap between legacy security models and modern AI operations. Systems designed for static environments are ill-suited to dynamic AI applications that operate independently and make real-time decisions. Alex Laurie, the company’s go-to-market CTO, explained that AI agents now behave like active users, initiating processes, accessing sensitive data, and choosing next steps without human prompts. Because their actions closely resemble those of real people, distinguishing between human and machine activity is increasingly difficult. Without proper oversight, these agents can introduce unpredictable risks and expand organisational attack surfaces. 

Laurie advocates moving beyond static credentials toward continuous, verified trust. Instead of assuming legitimacy after login, organisations should validate identity, intent, and context at every interaction. Access decisions must adapt in real time, guided by behaviour and current risk conditions. This approach enables AI innovation while protecting data and users in an environment filled with autonomous digital actors. 

Cloudflare also warns of AI’s dual-use nature. While it boosts efficiency, it accelerates cybercrime by making attacks faster, cheaper, and harder to detect. Pat Breen cited Australian data from 2024–25, when more than 1,200 cyber incidents required response, including a sharp rise in denial-of-service attacks. Such disruptions immediately impact essential services like healthcare, banking, education, transport, and government systems. Whether AI ultimately increases safety or risk depends on how quickly cyber defences evolve. 

KnowBe4’s Erich Kron stresses the importance of digital mindfulness as AI-generated content and deepfakes spread. Identifying fake content is no longer a technical skill but a basic life skill. Verifying information, protecting personal data, using strong authentication, and keeping software updated are critical habits for reducing harm. WatchGuard Technologies reports a shift away from malware toward network-focused attacks. 

Anthony Daniel notes that this trend reinforces the need for Zero Trust strategies that verify every connection. Safer Internet Day underscores that cybersecurity is a shared responsibility, strengthened through consistent, everyday actions.
Read more »
Subscription Abuse
Cyber Fraud Identity Theft PayPal Scam Phishing Campaign Subscription Abuse

PayPal Subscriptions Exploited in Sophisticated Email Scam

 

Hackers have found a clever way to misuse PayPal's legitimate email system to send authentic looking phishing scams that are able to bypass security filters and look genuine to the end users.

Over the last few weeks, users are complaining that they are receiving emails from PayPal's legitimate address "service@paypal.com" informing that their automatic payment has expired. The emails successfully pass all the usual security checks such as DKIM and SPF authentication and have proved to be coming directly from PayPal’s mail servers. 

One of the reasons these messages are potent is that the scammers have altered the Customer Service URL to take users to their own websites from where they can see fake purchase notifications, claiming victims have purchased high-priced electronics such as MacBooks, iPhones, or Sony devices for USD 1,300 to 1,600.

The spam text message contains Unicode characters which can make the words bold or in different fonts, all this is to help to get round spam filters and keyword detection. Instead, the messages tell recipients to call a phony “PayPal support” phone number to cancel or dispute the alleged charges. 

BleepingComputer's analysis of logs and transactions shows that the PayPal Subscriptions feature is being abused by scammers. When merchants hold a subscriber's subscription, they can do so with their own mechanism, and PayPal, in turn, will notify subscribers via email. PayPal seems to be vulnerable to a subscription metadata attack - perhaps in an API or legacy platform - which lets attackers insert arbitrary text in the Customer Service URL field (it normally only accepts valid URLs). 

The scammers can forge emails and register a fake subscriber account for an email address associated with Google Workspace mailing list. When these accounts receive the notification from PayPal, the mailing list service sends what looks like a legitimate e-mail from PayPal to the list of "victims", making it looks more and more like a scam.

Safety measures

Recipients should ignore these emails and avoid calling the provided phone numbers. These tactics historically aim to facilitate bank fraud or trick victims into installing malware on their devices . PayPal confirmed awareness of the scam and recommends customers contact support directly through the official PayPal app or website if they suspect fraudulent activity. Users concerned about account compromise should log into their PayPal account directly rather than clicking email links to verify whether any unauthorized charges actually occurred.
Read more »
WhatsApp Security
Banking Malware Cyber Attacks Cybercrime Trends Digital Fraud Identity Theft Malware Threats Online Safety Screen Sharing Scam Social Engineering WhatsApp Security

Screen Sharing on WhatsApp Turns Costly with Major Financial Loss

 


Several disturbing patterns of digital deception have quietly developed in recent months, revealing just how readily everyday communications tools can be turned into instruments of financial ruin in an instant. According to security researchers, there has been an increase in sophisticated cybercriminal schemes utilizing the trust users place in familiar platforms, particularly WhatsApp, to gain access to the internet. 

It is a common occurrence that what initially starts out as a friendly message, an unexpected image, or a polite call claiming that an “urgent issue” with a bank account is a crafted scam which soon unravels into a meticulously crafted scam. It is very possible for malicious software to be installed through downloading an innocuous-looking picture that can allow you to infiltrate banking applications, harvest passwords, and expose personal identification information without your knowledge. 

There have been instances where fraudsters impersonating bank representatives have coaxed users into sharing their screens with the false pretense that they are resolving account discrepancy. When this has happened, these fraudsters can observe every detail in real time - OTP codes, login credentials, account balances - and in some cases, they will convince victims to install remote access programs or screen mirroring programs so they can further control the device. 

It is evident from the intertwined tactics that a troubling trend in digital crime has taken place, emphasizing the need for increased vigilance among Indians and beyond, underscoring a troubling development. There is a fast-growing network of social-engineering groups operating across multiple regions, who are utilizing WhatsApp's screen-sharing capabilities to bypass safety measures and gain control of their financial lives by manipulating their screen-sharing capabilities. 

Investigators have begun piecing together the contours of this network. Initially introduced in 2023 as a convenience feature, screen-sharing has since become a critical point of exploitation for fraudsters who place unsolicited video calls, pretend to be bank officials or service providers, and convince victims to reveal their screens, or install remote-access applications masquerading as diagnostic tools, to exploit their vulnerabilities. 

Almost $700,000 was defrauded by one victim in one of the cases of abuse that spanned from India and the U.K. to Brazil and Hong Kong. This demonstrates how swiftly and precisely these schemes emerge. In describing the technique, it is noted that it is not based on sophisticated malware, but rather on urgency, trust, and psychological manipulation, allowing scammers to circumvent a lot of traditional technical protections. 

Furthermore, criminal networks are enhancing their arsenals by spreading malicious files via WhatsApp Web, including one Brazilian operation that uses self-replicating payloads to hijack contacts, automate fraudulent outreach, and compromise online banking credentials through its use of malicious payloads distributed through WhatsApp Web. 

The investigators of the fraud note that the mechanisms are based less on technical sophistication and more on psychological pressure intended to disarm victims. An unsolicited WhatsApp video call made by a number that appears local can be the start of the scam, usually presented as a bank officer, customer service agent, or even an acquaintance in need of assistance. 

Callers claim to have an urgent problem to solve - an unauthorized transaction, an account suspension threat, or even an error in the verification process - that creates a feeling of panic that encourages their victims to comply without hesitation.

The imposter will initially convince the victim that the issue is being resolved, thereby leading to them sharing their screen or installing a legitimate remote-access application, such as AnyDesk or TeamViewer, which will enable the fraudster to watch every action that occurs on the screen in real time, as they pretend to resolve it. 

By using this live feed, an attacker can access one-time passwords, authentication prompts, banking app interfaces, as well as other sensitive credentials. By doing so, attackers can be able to take control of WhatsApp accounts, initiate unauthorized transfers, or coax the victim into carrying out these actions on their own.

A more elaborate variant consists of guiding the victim into downloading applications that secretly contain keyloggers or spyware that can collect passwords and financial information long after the call has ended, allowing them to collect it all. When scammers have access to personal information such as banking details or social media profiles, they can drain accounts, take over accounts on social networks, and assume the identity of victims to target others on their contact list.

Authorities caution that the success of these schemes depends on trust exploiting, so user vigilance is key. According to the advisories, individuals should be cautious when receiving unknown phone calls, avoid sharing screens with unknown parties, disable installations coming from untrusted sources, and refrain from opening financial apps when they are receiving remote access. 

These measures are crucial in order to prevent these social engineering scams from getting the better of them, as they continue to develop. As far as the most advanced variations of the scam are concerned, the most sophisticated versions of the scam entail criminals installing malicious software through deceptive links or media files in a victim's device, thus granting them complete control of that victim's computer. 

When these kinds of malware are installed, they can record keystrokes, capture screens, gather banking credentials, intercept two-factor authentication codes, and even gain access to sensitive identity documents. It is possible for attackers to take control of cameras and microphones remotely, which allows them to utilize the device as a tool for surveillance, coercion, or a long-term digital impersonation device. 

In addition to financial theft, the extent to which the compromised identity may be exploited goes far beyond immediate financial exploitation, often enabling blackmail and continuous abuse of the victim's identity. 

In light of this backdrop, cybersecurity agencies emphasize the significance of adopting preventative habits that can significantly reduce exposure to cybercriminals. There is still an important role to play in ensuring that users do not download unfamiliar media, disable WhatsApp's automatic download feature, and keep reputable mobile security tools up to date. 

WhatsApp still has the built-in features that allow them to block and report suspicious contacts, while officials urge individuals to spread basic cyber-hygiene knowledge among their communities, pointing out that many people fall victim to cyber-attacks simply because they lack awareness of the dangers that lurk. 

There has been a surge of fraud attempts across messaging platforms, and Indian authorities, including the Indian Cybercrime Coordination Centre, as well as various state cyber cells have issued a number of public advisories about this, and citizens are encouraged to report such attacks to the National Cybercrime Reporting Portal as soon as possible. 

In conjunction with these warnings, these findings shed light on a broader point: even the most ordinary digital interactions are capable of masking sophisticated threats, and sustained vigilance remains the strongest defense against the growing epidemic of social engineering and malware-driven crimes that are booming in modern society. 

As the majority of the fraud is carried out by social-engineering tactics, researchers have also observed a parallel wave of malware campaigns that are utilizing WhatsApp's broader ecosystem, which demonstrates how WhatsApp is capable of serving as a powerful channel for large-scale infection. As an example of self-replicating chains delivered through WhatsApp Web, one of the most striking cases was reported by analysts in Brazil. 

A ZIP archive was sent to the victims, which when opened, triggered the obfuscated VBS installer SORVEPOTEL, which was an obfuscated VBS installer. In this PowerShell routine, the malware used ChromeDriver and Selenium to re-enter the victim's active WhatsApp Web session, enabling the malware to take full control of the victim's active WhatsApp Web session. 

In order to spread the malware, the script retrieved message templates from a command-and-control server, exfiltrated the user's contact list, and automatically distributed the same malicious ZIP file to every network member that was connected with it—often while displaying a fake banner that said "WhatsApp Automation v6.0" to give it the appearance of legitimacy. 

Researchers found that Maverick was a payload that was evasive and highly targeted, and it was also accompanied by a suite of malicious capabilities. It was also packaged inside the ZIP with a Windows LNK file that could execute additional code through the use of a remote server that had the first stage loader on it. As soon as the malware discovered that the device was belonging to a Brazilian user, it launched its banking module only after checking for debugging tools, examining the system locale indicators such as the time zone and language settings. 

A Maverick server monitoring website activity for URLs linked to Latin American financial institutions, when activated, was aligned with credential harvesting and account manipulation against regional banks, aligning its behavior with credential harvesting. As Trend Micro pointed out previously, an account ban could be issued as a result of the sheer volume of outbound messages caused by a similar WhatsApp Web abuse vector, which relied on active sessions to mass-distribute infected ZIP files. 

These malware infections acted primarily as infostealers that targeted Brazilian banking and cryptocurrency platforms, thereby demonstrating the fact that financial fraud objectives can be easily mapped to WhatsApp-based lures when it comes to financial fraud. 

It is important to note, however, that security analysts emphasize that the global screen-sharing scams are not primarily the work of a single sophisticated actor, but rather the work of a diffuse criminal ecosystem that combines trust, urgency, and social manipulation to make them successful. According to ESET researchers, these tactics are fundamentally human-driven rather than based on technical exploits over a long period of time, whereas Brazilian malware operations show clearer signs of being involved in structured criminal activity. 

It is thought that the Maverick Trojan can be linked to the group that has been named Water Saci, whose operations overlap with those of the Coyote banking malware family-which indicates that these groups have been sharing techniques and developing tools within Brazil's underground cybercrime market. 

Even though the associations that have been drawn between WhatsApp and opportunistic scammers still seem to be rooted in moderate confidence, they reveal an evolving threat landscape in which both opportunistic scammers and organized cybercriminals work towards exploiting WhatsApp to their advantage. 

A number of analysts have indicated that the success of the scheme is a function of a carefully orchestrated combination of trust, urgency, and control. By presenting themselves as legitimate entities through video calls that appear to originate from banks, service providers, or other reliable entities, scammers achieve a veneer of legitimacy by appearing authentic.

In addition, they will fabricate a crisis – a fake transaction, a compromised account, or a suspended service – in order to pressure the victim into making a hasty decision. The last step is perhaps the most consequential: convincing the victim to share their screen with the attacker, or installing a remote access tool, which in effect grants the attacker complete access to the device. 

In the event that a phone is gained access to, then every action, notification, and security prompt becomes visible, revealing the phone as an open book that needs to be monitored. Security professionals indicate that preventative measures depend more on vigilance and personal precautions than on technical measures alone. 

Unsolicited calls should be treated with suspicion, particularly those requesting sensitive information or screen access, as soon as they are received, and any alarming claims should be independently verified through official channels before responding to anything unfounded. The use of passwords, OTPs, and banking information should never be disclosed over the telephone or through email, as legitimate institutions would not request such data in this manner. 

Installing remote access apps at the direction of unfamiliar callers should be avoided at all costs, given that remote access applications allow you to control your device completely. It is also recommended to enable WhatsApp's built-in two-step verification feature, which increases the security level even in the event of compromised credentials.

Finally, investigators emphasize that a healthy degree of skepticism remains the most effective defense; if we just pause and check it out independently, we may be able to prevent the cascading damage that these highly persuasive scams intend to cause us.
Read more »
Online Security
Cyber Security Digital Vulnerabilities Identity Theft Internet Safety Internet Security Awareness NordVPN Online Safety Online Security

NordVPN Survey Finds Most Americans Misunderstand Antivirus Protection Capabilities

 

A new survey by NordVPN, one of the world’s leading cybersecurity firms, has revealed a surprising lack of understanding among Americans about what antivirus software actually does. The study, which polled over 1,000 U.S. residents aged 18 to 74, found that while 52% use antivirus software daily, many hold serious misconceptions about its capabilities — misconceptions that could be putting their online safety at risk. 

According to the findings, more than a quarter of respondents incorrectly believe that antivirus software offers complete protection against all online threats. Others assume it can prevent identity theft, block phishing scams, or secure public Wi-Fi connections — functions that go far beyond what antivirus tools are designed to do. NordVPN’s Chief Technology Officer, Marijus Briedis, said the confusion highlights a troubling lack of cybersecurity awareness. “People tend to confuse different technologies and overestimate their capabilities,” he explained. “Some Americans don’t realize antivirus software’s main job is to detect and remove malware, not prevent identity theft or data breaches. This gap in understanding shows how much more cybersecurity education is needed.” 

The survey also found that many Americans mix up antivirus software with other digital security tools, such as firewalls, password managers, ad blockers, and VPNs. This misunderstanding can create a false sense of security, leaving users vulnerable to attacks. Even more concerning, over one-third of those surveyed reported not using any cybersecurity software at all, despite nearly half admitting their personal information had been exposed in a data breach. 

NordVPN’s research indicates that many users believe following good online habits alone is sufficient protection. While best practices like avoiding suspicious links, using strong passwords, and steering clear of phishing attempts are important, experts warn they are not enough in today’s sophisticated cyber landscape. Modern malware can infect devices without any direct user action, making layered protection essential. 

Participants in the survey expressed particular concern about the exposure of sensitive personal data, such as social security numbers and credit card details. However, the most commonly leaked information remains email addresses, phone numbers, and physical addresses — details often dismissed as harmless but frequently exploited by cybercriminals. Such data enables more personalized and convincing phishing or “smishing” attacks, which can lead to identity theft and financial fraud. 

Experts emphasize that while antivirus software remains a critical first line of defense, it cannot protect against every cyber threat. A combination of tools — including secure VPNs, multi-factor authentication, and strong, unique passwords — is necessary to ensure comprehensive protection. A VPN like NordVPN encrypts internet traffic, hides IP addresses, and shields users from tracking and surveillance, especially on unsecured public networks. Multi-factor authentication adds an additional verification layer to prevent unauthorized account access, while password managers help users create and store complex, unique passwords safely. 

The key takeaway from NordVPN’s research is clear: cybersecurity requires more than just one solution. Relying solely on antivirus software creates dangerous blind spots, especially when users misunderstand its limitations. As Briedis put it, “This behavior undoubtedly contributes to the concerning cybersecurity situation in the U.S. Education, awareness, and layered protection are the best ways to stay safe online.” 

With cyberattacks and data breaches on the rise, experts urge Americans to take a proactive approach — combining trusted software, informed digital habits, and vigilance about what personal information they share online.
Read more »
Identity Theft
Airline Customer Data Cyber Attacks cyberattacks on airline Data Breaches Data Leak data security Hackers Identity Theft

Qantas Data Leak Highlights Rising Airline Cyberattacks and Identity Theft Risks

 

Airlines continue to attract the attention of cybercriminals due to the vast amounts of personal data they collect, with passports and government IDs among the most valuable targets. According to privacy firm Incogni, the exposure of such documents poses a “severe, long-term identity theft risk” since they are difficult to replace and can be exploited for years in fraud schemes involving fake identities, counterfeit documents, and impersonation scams. 

The recent Qantas Airways data breach, claimed by the Scattered LAPSUS$ Hunters group, underscores the sector’s growing vulnerability. The stolen data included names, email addresses, Frequent Flyer details, and limited personal information such as phone numbers and birth dates. Fortunately, Qantas confirmed that no passport details, financial information, or credit card data were compromised. 

However, experts warn that even limited leaks can have serious consequences. “Attackers often combine personal identifiers like names and loyalty program details from multiple breaches to build complete identity profiles,” said Darius Belejevas, Head of Incogni. Such composite records can enable large-scale fraud even without financial data exposure. 

The Qantas incident also highlights the danger of third-party compromises. The breach reportedly stemmed from Salesforce social engineering and vendor vulnerabilities, illustrating how a single compromised supplier can have ripple effects across industries. Belejevas emphasized that “one compromised partner can expose millions of records in a single incident.” 

Data breaches in the airline industry are escalating rapidly. According to Cyble’s threat intelligence database, more than 20 airline-related breaches have been reported on the dark web in 2025 — a 50% increase from 2024. Much of this surge is attributed to coordinated attacks by Scattered Spider and the broader Scattered LAPSUS$ Hunters alliance, although other groups have also begun targeting the aviation sector. 

In a separate incident, the CL0P ransomware group claimed to have breached Envoy Air, a regional carrier of American Airlines. Envoy confirmed the intrusion but stated that no customer data was affected, only limited business information. In contrast, WestJet, which suffered a breach in June 2025, had passports and government-issued IDs exposed, prompting it to offer two years of free identity monitoring to affected customers. Incogni, however, warned that identity theft risks from such documents can persist well beyond two years. 

Experts urge travelers to take preventive security measures. Incogni recommends enrolling in identity theft monitoring, reporting phishing attempts to national anti-fraud agencies, using strong passwords with multi-factor authentication, and removing personal data from data broker sites. 

“Individuals and organizations must do more to safeguard sensitive data,” said Ron Zayas, CEO of Incogni. “In today’s world, data isn’t just being stolen by hackers — it’s also being misused by legitimate entities to manipulate outcomes.”
Read more »
Salesforce
Airways Data Breach Data Leaked Identity Theft LAPSUS$ Qantas Salesforce

Qantas Faces Scrutiny After Massive Data Leak Exposes Millions of Customer Records

 



Qantas Airways is under investigation after personal data belonging to millions of its customers appeared online following a major cyberattack. The breach, which originated from an offshore call centre using Salesforce software, is believed to have exposed information from around 5.7 million individuals.

According to cybersecurity reports, the data was released after a criminal group known as Scattered LAPSUS$ Hunters followed through on a ransom threat. The leaked files reportedly include customers’ full names, email addresses, Frequent Flyer membership numbers, phone numbers, home and business addresses, dates of birth, and gender details. In some cases, even meal preferences were among the stolen data.

Although Qantas had outsourced customer support operations to an external provider, Australian officials emphasized that responsibility for data protection remains with the airline. “Outsourcing does not remove a company’s cybersecurity obligations,” warned Cyber Security Minister Tony Burke, who added that serious penalties may apply if organisations fail to meet legal requirements for safeguarding personal data.

Experts have cautioned customers not to search for the leaked information online, particularly on dark web platforms, to avoid scams or exposure to malicious content.

Cybersecurity researcher Troy Hunt explained that while the stolen data may not include financial details, it still poses serious risks of identity theft. “The information provides multiple points of verification that can be exploited for impersonation attacks,” he noted. Hunt added that Qantas would likely face substantial legal and financial repercussions from the incident, including class-action lawsuits.

RMIT University’s Professor Matthew Warren described the event as the beginning of a “second wave of scams,” predicting that fraudsters could impersonate Qantas representatives to trick customers into disclosing more information. “Attackers may contact victims, claiming to offer compensation or refunds, and request bank or card details,” he said. With most Qantas passengers being Australian, he warned, “a quarter of the population could be at risk.”

In response, Qantas has established a dedicated helpline and identity protection support for affected customers. The airline also secured a court injunction from the New South Wales Supreme Court to block access to the stolen data. However, this order only applies within Australia, leaving the information still accessible on some foreign websites where the databases were leaked alongside data from other companies, including Vietnam Airlines, GAP, and Fujifilm.

Legal experts have already lodged a complaint with the Office of the Australian Information Commissioner, alleging that Qantas failed to take sufficient steps to protect personal information. Similar to previous high-profile breaches involving Optus and Medibank in 2022, the case may lead to compensation claims and regulatory fines.

Professor Warren emphasised that low conviction rates for cybercrimes continue to embolden hackers. “When attackers see few consequences, it reinforces the idea that cyber laws are not a real deterrent,” he said.


Read more »
UK Trade Union
Bectu Data Breach Cybersecurity Incident Data protection ICO Investigation Identity Theft Member Information Leak Privacy Prospect Cyberattack UK Trade Union

Data Breach at Bectu Exposes Members’ Information and Bank Details


 

Prospect, one of the UK's leading trade unions, has revealed that in June 2025, it was seriously affected by a cyberattack which had been discovered in the wake of a sophisticated cyberattack that had been launched against it. This underscores the sophistication and persistence of cyber attacks against professional bodies that are becoming ever more sophisticated. A significant part of the data that has been compromised is sensitive financial and personal data belonging to members of Prospect, the union affiliated with Prospect, and its member union, Bectu, a major representation body for professionals in the film and television industry in the country. 

Prospect, a national organisation of close to 160,000 engineers, scientists, managers, and specialists from companies including BT Group, Siemens, and BAE Systems, disclosed that the breach involved a considerable amount of confidential information from its members. Based on preliminary findings, it has been found that the attackers have accessed names, birthdates, contact information, bank account information, including sort codes, for over one year. 

Moreover, it has been suggested that data related to protected personal characteristics, including gender, race, religion, disability status, and employment status, may also have been compromised. A disclosure of this nature is not surprising considering that unions and membership-based organisations are increasingly relying on digital platforms for managing member records, communicating with members, and processing subscriptions – all of which make them attractive targets for cybercriminals who are looking for large quantities of personal information in bulk. 

Bectu Members Among the Most Affected

It is estimated that thousands of people, including Bectu, one of the largest unions in the UK representing professional workers in the film and television industries, as well as theatre and live entertainment, will be affected by this strike. The organisation, which operates under Prospect, acts as an important voice for screen and stage workers, from technicians to creative freelancers, as well as the production crew. A significant percentage of Bectu's approximately 40,000 members may have been affected by the breach, according to internal assessments. While it has not yet been officially confirmed how large a compromise was, early indications suggest that the attack may have exposed highly detailed personal information, leaving individuals open to the possibility that their data could be misused. There are several types of information that have been compromised in addition to bank account information and financial details, including addresses, phone numbers, and email accounts, as well as personal identifiers such as birth dates. The information, which includes diversity and equality statistics and individual case files - often used in representation and employment disputes - was also accessed in some instances. 

Timeline and Discovery of the Breach 

There was a report of a cyberattack that occurred in June 2025, however the full extent of the incident did not become apparent until a detailed forensic investigation of the incident in the months that followed. Prospect's General Secretary, Mike Clancy, formally notified members of the breach in October 2025 via email communications, explaining the nature of the breach, as well as the measures that were being taken to address it. After the incident occurred, Prospect has reported it to the Information Commissioner's Office (ICO), the police, and other relevant authorities. The company has also hired cybersecurity specialists to assist in the ongoing investigation, strengthen internal defences, and ensure that affected individuals receive information on how to safeguard their personal information. 

Prospect’s Official Response 

Michael Clancy, president of the company, issued an official statement addressing the incident in which he confirmed that internal investigations had confirmed that unauthorised access had been gained to the data of specific members. “This investigation is ongoing, but we have unfortunately identified that some member information was accessed during this incident. The evidence we have gathered has identified the members that we need to contact about an impact on their personal information. We have written to them with information on what this means for them and the support Prospect will provide to mitigate risk,” Clancy said.

Among the union's commitments to transparency and determination to assist affected members after the breach, the union stressed its commitment to transparency. Prospect will be offering a free 12-month credit and identity monitoring service as part of its response strategy to help safeguard members from potential financial fraud or identity theft caused by the stolen information as part of its response strategy. 

Cybersecurity Experts Warn of Growing Risks to Unions.  Several cybersecurity analysts have pointed out that trade unions, as well as professional associations, are becoming prime targets for data breaches due to the sheer amount of personal information they collect and store. Many unions, in contrast to corporations, do not have a lot of IT resources at their disposal, making them more vulnerable to sophisticated cyberattacks than other organisations. 

It is important to note that unions store an enormous amount of sensitive information - from payroll information to contact information to equality and disciplinary records. In addition to this, cybercriminals are highly interested in these types of data and can exploit or sell it for financial or political gain. Although the motives behind the Prospect breach remain unclear, investigators have not yet officially identified any specific threat actor responsible for the attack, despite similar incidents occurring in recent years having been linked to organised cybercrime groups that extort organisations or sell stolen data via dark web marketplaces in an attempt to profit. 

Regulatory and Legal Implications 

The UK Data Protection Act 2018 and the UK GDPR require Prospect to report significant data breaches to the Information Commissioner (ICO) and inform affected individuals “without undue delay.” As part of its review of the case, the ICO will examine whether appropriate data protection measures had been implemented before the incident and whether additional sanctions or guidance should have been issued in the future. 

There may be substantial penalties imposed on organisations which fail to implement sufficient cybersecurity safeguards, including a fine of up to £17.5 million or 4% of the company's global annual turnover, whichever is greater. There is, however, a significant difference between Prospect and other unions, which are typically nonprofit organisations, and regulatory authorities may instead concentrate on remediation, accountability, and security governance reform. 

Industry Repercussions and Member Concerns 

Many members of both Bectu and Prospect have expressed concern about the incident, since they work in sectors already confronted with job insecurity and issues relating to data privacy. A number of people have expressed concerns about the misuse of financial information or the possibility of targeted phishing attacks following the breach. 

Bectu members, whose professional lives are often based on freelance or contractual work, should be aware that any compromise of personal or banking details could lead to serious consequences for them. According to the union, members should be vigilant, monitor their bank accounts regularly, and report suspicious activity to the financial institution as soon as possible. 

In the opinion of industry observers, the reputational impact could extend far beyond the unions themselves. Due to the waning confidence in digital record-keeping systems, organisations are being urged to invest in stronger encryption, zero-trust network frameworks, and regular security audits in order to avoid similar incidents from occurring again. 

A Wake-Up Call for the Sector

A breach like this serves as an important reminder for all professional organisations that handle large amounts of member or employee data regularly. In an increasingly digitalised world, in which sensitive information is exchanged and stored online, robust cybersecurity measures are no longer optional — they are essential to maintaining trust and operational integrity in the digital age. 

 There has been a clear commitment by Prospect and Bectu to assist affected members, strengthen their IT infrastructure, and prevent future breaches as investigations continue. The outcome of the ICO’s review, which is expected to be completed later this year, may serve as a guide for how similar incidents are handled across the UK's trade union landscape going forward.
Read more »
Scams
AI Cyber Fraud Deepfake Identity Theft Keystrokes Ransomware Scams

AI Turns Personal: Criminals Now Cloning Loved Ones to Steal Money, Warns Police

 



Police forces in the United Kingdom are alerting the public to a surge in online fraud cases, warning that criminals are now exploiting artificial intelligence and deepfake technology to impersonate relatives, friends, and even public figures. The warning, issued by West Mercia Police, stresses upon how technology is being used to deceive people into sharing sensitive information or transferring money.

According to the force’s Economic Crime Unit, criminals are constantly developing new strategies to exploit internet users. With the rapid evolution of AI, scams are becoming more convincing and harder to detect. To help people stay informed, officers have shared a list of common fraud-related terms and explained how each method works.

One of the most alarming developments is the use of AI-generated deepfakes, realistic videos or voice clips that make it appear as if a known person is speaking. These are often used in romance scams, investment frauds, or emotional blackmail schemes to gain a victim’s trust before asking for money.

Another growing threat is keylogging, where fraudsters trick victims into downloading malicious software that secretly records every keystroke. This allows criminals to steal passwords, banking details, and other private information. The software is often installed through fake links or phishing emails that look legitimate.

Account takeover, or ATO, remains one of the most common types of identity theft. Once scammers access an individual’s online account, they can change login credentials, reset security settings, and impersonate the victim to access bank or credit card information.

Police also warned about SIM swapping, a method in which criminals gather personal details from social media or scam calls and use them to convince mobile providers to transfer a victim’s number to a new SIM card. This gives the fraudster control over the victim’s messages and verification codes, making it easier to access online accounts.

Other scams include courier fraud, where offenders pose as police officers or bank representatives and instruct victims to withdraw money or purchase expensive goods. A “courier” then collects the items directly from the victim’s home. In many cases, scammers even ask for bank cards and PIN numbers.

The force’s notice also included reminders about malware and ransomware, malicious programs that can steal or lock files. Criminals may also encourage victims to install legitimate-looking remote access tools such as AnyDesk, allowing them full control of a victim’s device.

Additionally, spoofing — the act of disguising phone numbers, email addresses, or website links to appear genuine, continues to deceive users. Fraudsters often combine spoofing with AI to make fake communication appear even more authentic.

Police advise the public to remain vigilant, verify any unusual requests, and avoid clicking on suspicious links. Anyone seeking more information or help can visit trusted resources such as Action Fraud or Get Safe Online, which provide updates on current scams and guidance on reporting cybercrime.



Read more »
Phone
Android Apple Bank Accounts Cyber Security Data Email Identity Theft MFA Phone

Lost or Stolen Phone? Here’s How to Protect Your Data and Digital Identity

 



In this age, losing a phone can feel like losing control over your digital life. Modern smartphones carry far more than contacts and messages — they hold access to emails, bank accounts, calendars, social platforms, medical data, and cloud storage. In the wrong hands, such information can be exploited for financial fraud or identity theft.

Whether your phone is misplaced, stolen, or its whereabouts are unclear, acting quickly is the key to minimizing damage. The following steps outline how to respond immediately and secure your data before it is misused.


1. Track your phone using official recovery tools

Start by calling your number to see if it rings nearby or if someone answers. If not, use your device’s official tracking service. Apple users can access Find My iPhone via iCloud, while Android users can log in to Find My Device.

These built-in tools can display your phone’s current or last known location on a map, play a sound to help locate it, or show a custom message on the lock screen with your contact details. Both services can be used from another phone or a web browser. Avoid third-party tracking apps, which are often unreliable or insecure.


2. Secure your device remotely

If recovery seems unlikely or the phone may be in someone else’s possession, immediately lock it remotely. This prevents unauthorized access to your personal files, communication apps, and stored credentials.

Through iCloud’s “Mark as Lost” or Android’s “Secure Device” option, you can set a new passcode and display a message requesting the finder to contact you. This function also disables features like Apple Pay until the device is unlocked, protecting stored payment credentials.


3. Contact your mobile carrier without delay

Reach out to your mobile service provider to report the missing device. Ask them to suspend your SIM to block calls, texts, and data usage. This prevents unauthorized charges and, more importantly, stops criminals from intercepting two-factor authentication (2FA) messages that could give them access to other accounts.

Request that your carrier blacklist your device’s IMEI number. Once blacklisted, it cannot be used on most networks, even with a new SIM. If you have phone insurance, inquire about replacement or reimbursement options during the same call.


4. File an official police report

While law enforcement may not always track individual devices, filing a report creates an official record that can be used for insurance claims, fraud disputes, or identity theft investigations.

Provide details such as the model, color, IMEI number, and the time and place where it was lost or stolen. The IMEI (International Mobile Equipment Identity) can be found on your phone’s box, carrier account, or purchase receipt.


5. Protect accounts linked to your phone

Once the device is reported missing, shift your focus to securing connected accounts. Start with your primary email, cloud services, and social media platforms, as they often serve as gateways to other logins.

Change passwords immediately, and if available, sign out from all active sessions using the platform’s security settings. Apple, Google, and Microsoft provide account dashboards that allow you to remotely sign out of all devices.

Enable multi-factor authentication (MFA) on critical accounts if you haven’t already. This adds an additional layer of verification that doesn’t rely solely on your phone.

Monitor your accounts closely for unauthorized logins, suspicious purchases, or password reset attempts. These could signal that your data is being exploited.


6. Remove stored payment methods and alert financial institutions

If your phone had digital wallets such as Apple Pay, Google Pay, or other payment apps, remove linked cards immediately. Apple’s Find My will automatically disable Apple Pay when a device is marked as lost, but it’s wise to verify manually.

Android users can visit payments.google.com to remove cards associated with their Google account. Then, contact your bank or card issuer to flag the loss and monitor for fraudulent activity. Quick reporting allows banks to block suspicious charges or freeze affected accounts.


7. Erase your device permanently (only when recovery is impossible)

If all efforts fail and you’re certain the device won’t be recovered, initiate a remote wipe. This deletes all data, settings, and stored media, restoring the device to factory condition.

For iPhones, use the “Erase iPhone” option under Find My. For Androids, use “Erase Device” under Find My Device. Once wiped, you will no longer be able to track the device, but it ensures that your personal data cannot be accessed or resold.


Be proactive, not reactive

While these steps help mitigate damage, preparation remains the best defense. Regularly enable tracking services, back up your data, use strong passwords, and activate device encryption. Avoid storing sensitive files locally when possible and keep your operating system updated for the latest security patches.

Losing a phone is stressful, but being prepared can turn a potential disaster into a controlled situation. With the right precautions and quick action, you can safeguard both your device and your digital identity.



Read more »
Spear Phishing
Cyber Security Emails Google Ads Identity Theft Linkedin links phishing Spear Phishing

Phishing Expands Beyond Email: Why New Tactics Demand New Defences

 


Phishing has long been associated with deceptive emails, but attackers are now widening their reach. Malicious links are increasingly being delivered through social media, instant messaging platforms, text messages, and even search engine ads. This shift is reshaping the way organisations must think about defence.


From the inbox to every app

Work used to be confined to company networks and email inboxes, which made security controls easier to enforce. Today’s workplace is spread across cloud platforms, SaaS tools, and dozens of communication channels. Employees are accessible through multiple apps, and each one creates new openings for attackers.

Links no longer arrive only in email. Adversaries exploit WhatsApp, LinkedIn, Signal, SMS, and even in-app messaging, often using legitimate SaaS accounts to bypass email filters. With enterprises relying on hundreds of apps with varying security settings, the attack surface has grown dramatically.


Why detection lags behind

Phishing that occurs outside email is rarely reported because most industry data comes from email security vendors. If the email layer is bypassed, companies must rely heavily on user reports. Web proxies offer limited coverage, but advanced phishing kits now use obfuscation techniques, such as altering webpage code or hiding scripts to disguise what the browser is actually displaying.

Even when spotted, non-email phishing is harder to contain. A malicious post on social media cannot be recalled or blocked for all employees like an email. Attackers also rotate domains quickly, rendering URL blocks ineffective.


Personal and corporate boundaries blur

Another challenge is the overlap of personal and professional accounts. Staff routinely log into LinkedIn, X, WhatsApp, or Reddit on work devices. Malicious ads placed on search engines also appear credible to employees browsing for company resources.

This overlap makes corporate compromise more likely. Stolen credentials from personal accounts can provide access to business systems. In one high-profile incident in 2023, an employee’s personal Google profile synced credentials from a work device. When the personal device was breached, it exposed a support account linked to more than a hundred customers.


Real-world campaigns

Recent campaigns illustrate the trend. On LinkedIn, attackers used compromised executive accounts to promote fake investment opportunities, luring targets through legitimate services like Google Sites before leading them to phishing pages designed to steal Google Workspace credentials.

In another case, malicious Google ads appeared above genuine login pages. Victims were tricked into entering details on counterfeit sites hosted on convincing subdomains, later tied to a campaign by the Scattered Spider group.


The bigger impact of one breach

A compromised account grants far more than access to email. With single sign-on integrations, attackers can reach multiple connected applications, from collaboration tools to customer databases. This enables lateral movement within organisations, escalating a single breach into a widespread incident.

Traditional email filters are no longer enough. Security teams need solutions that monitor browser behaviour directly, detect attempts to steal credentials in real time, and block attacks regardless of where the link originates. In addition, enforcing multi-factor authentication, reducing unnecessary syncing across devices, and educating employees about phishing outside of email remain critical steps.

Phishing today is about targeting identity, not just inboxes. Organisations that continue to see it as an email-only problem risk being left unprepared against attackers who have already moved on.


Read more »
TransUnion
Consumer Protection Cybersecurity Data Breach Identity Theft Social Engineering third-party risk TransUnion

Credit Bureau TransUnion Confirms Breach Impacting Millions


 

In the apparent wake of growing threats to consumers' personal information, credit reporting giant TransUnion has recently announced a cybersecurity incident that exposed personal information from more than 4.4 million Americans. Several regulators and state attorneys general have confirmed that the breach took place on July 28, 2025, and was discovered just two days later by investigators. 

Among the data exposed was sensitive information such as names, Social Security numbers, and dates of birth, which were linked to a third-party application that was used by TransUnion in its U.S. consumer operations. In its statement, TransUnion clarified that the breach was limited in scope, clarifying that its internal systems and core credit reporting databases were not impacted by the breach. 

The company also stated that no credit reports or core financial records - information that could be highly valuable to fraudsters - were accessed by anyone. TransUnion filed notifications in Maine and Texas indicating that the incident was related to a third-party platform that was reportedly linked to Salesforce, rather than TransUnion's own infrastructure. 

Despite the company’s description of the exposure, which was limited to “some limited personal data”, the magnitude of the breach underscores the ongoing risks associated with external service providers in the financial services industry. 

Recent years have seen a growing concern for credit bureaus as consumer information has become increasingly attractive to cybercriminals as a target. This latest security incident is another in a long string of security incidents that have impacted major financial institutions in recent years, highlighting the difficulty of safeguarding sensitive information across a complex digital ecosystem. 

In addition to Experian and Equifax, TransUnion is one of the nation's "big three" credit reporting agencies, and together with them, they play an important role in shaping our nation's financial system by compiling detailed credit histories on nearly every consumer who has an active credit history. These files are used to create credit reports that lenders, landlords, and employers use in order to gauge a person's financial security, and they are also used to build widely known scoring models like FICO. 

This is the method by which lenders, landlords, and employers use to calculate a credit score that is composed of three digits. It is therefore natural for breaches involving such institutions to have such a significant impact on consumers and the economy as a whole. Taking a step in response to the latest incident, TransUnion has begun to send out letters to affected individuals directly and has urged consumers to contact the fraud helpline at 1-800-516-4700, which is open on weekdays, to find out if they are in good standing. 

In addition, experts suggest that consumers periodically review their credit reports across the three credit bureaus—which can be accessed for free once a week by visiting AnnualCreditReport.com.com—to see if there are any inaccuracies or if there are signs that something is amiss. As a measure of further security, paid services, like MyFico, can track FICO scores in real time and monitor fraud, while platforms like Credit Karma and WalletHub offer free VantageScore reports to subscribers who enrol in them. 

The TransUnion company initially stated that there had been no compromise of credit files; however, subsequent disclosures told a much more troubling story. According to regulatory filings filed with the Texas Attorney General’s office, among the exposed data set were names, dates of birth, and Social Security numbers, which are some of the most sensitive identifiers in the world today. 

There is no way to monitor or reset Social Security numbers, unlike credit information, which can be monitored or reset, and it may serve as a gateway to long-term identity theft and fraud. Several financial security experts warn that such information can be used for a number of purposes, including opening unauthorised credit lines, applying for loans or government benefits under stolen identities, submitting false tax returns, and other financial crimes. 

Considering that TransUnion is among the largest credit bureaus in the nation and holds records on over 260 million Americans, this breach raises serious concerns about the resilience of institutions that safeguard some of the country’s most critical consumer information. As a consequence of the breach, which was detected on July 28  and contained within hours, affected individuals have now been notified about it. 

There has been no compromise of TransUnion's core credit database or consumer credit reports, a company that is among the nation's three primary credit bureaus, along with Equifax and Experian. Rather, the intrusion was traced back to a third-party application supporting U.S. consumer operations, where unauthorised access allowed for the publication of limited personal information. According to court filings in Maine and Texas, however, names, birthdates, and Social Security numbers were among the data that had been compromised. 

In order to assess the full scope of this incident, TransUnion has engaged an independent cybersecurity expert to conduct a forensic analysis. The incident occurred in the midst of a large wave of cyberattacks targeting Salesforce-connected software. In June, Google revealed that hackers were using modified versions of Salesforce-related tools for infiltration and stealing large amounts of sensitive data from cloud systems. ShinyHunters, a cybercriminal organisation suspected of being involved in such campaigns, has been accused of using extortion tactics against employees of victim companies.

Security researchers have noted that some of the biggest corporations in the world have been breached in similar ways in recent months, including Google, Farmers Insurance, Allianz Life, Workday, Pandora, Cisco, Chanel, and Qantas. This highlights the importance of supply-chain vulnerabilities in a wide range of popular platforms as well as the dangers they pose. 

According to Salesforce, social engineering attacks against users, and not flaws in Salesforce's platform, were at fault, as it has maintained. A comparison is inevitably drawn with Equifax's 2017 data breach, one of the biggest in U.S. history, in which 147 million Americans' personal data was exposed, costing the company nearly $700 million in settlements and fines, and ultimately causing the company to lose millions of dollars. 

In the wake of this incident, congressional hearings were held and scrutiny of the credit reporting industry heightened, which led to state and federal government reforms aimed at strengthening consumer data protection. As a result of the TransUnion breach, security experts are once again urging the affected to be vigilant, reviewing their credit reports, setting up fraud alerts, and monitoring their accounts to ensure that unusual activity does not occur. 

As of right now, AnnualCreditReport.com is providing free weekly credit reports from all three major credit bureaus. Additional monitoring services may also provide a means of detecting signs of fraud, while in the meantime, Schubert Jonckheer & Kolbe has announced an investigation into the TransUnion incident, signalling the possibility of further litigation. 

TransUnion has yet to provide any details regarding the new safeguards that TransUnion intends to implement, nor has it specified whether financial restitution will be provided to victims. There have been a growing number of high-profile breaches involving third-party providers, which have been attributed to vulnerabilities in those third parties during the last few years.

For example, in June 2025, a cyberattack against chains IQ chain exposed proprietary data and banking information of the banking giant UBS. The following month, Allianz Life announced that a compromised cloud-based customer relationship management system had been used to obtain personal information regarding the majority of the company's 1.4 million American customers. That same month, Qantas confirmed that approximately six million customer records were exposed after hackers breached a third-party customer service platform on which Qantas had relied. 

Researchers have identified many of these incidents as related to cybercriminal groups such as ShinyHunters and Scattered Spider, both of which specialise in exploiting third-party information technology and cloud providers, and both of which specialise in using advanced social engineering tactics to do so. A number of these groups are thought to be associated with "The Com," a sprawling, loosely organised, cybercriminal community comprised of thousands of English-speaking actors who have collaborated on data theft, extortion, and fraud campaigns across a wide range of industries. 

A number of recent incidents have highlighted the persistent vulnerability of third-party platforms, as well as the increasing sophistication of cybercriminal groups attacking the financial services industry. As consumers are reminded by the breach, even when core systems remain intact, the theft of identifying information like Social Security numbers can result in long-term impacts that go beyond the initial intrusion, even if the original intrusion is not detected. 

It is highly recommended that individuals do more than simply review their credit reports—by freezing their credit with all three credit bureaus, a person is preventing the opening of a new account in their name by criminals, while a fraud alert can assist in making it more difficult for the criminals to take advantage of stolen information. 

Moreover, consumers should also consider employing identity monitoring tools that can provide them with the ability to scan the dark web for compromised information before potential misuse turns into financial damage. 

There is also a clear lesson to be learned from reliance on third-party applications: organisations need not only contractual protection but also continuous monitoring, rigorous vetting, and layers of defence to prevent unauthorised access to their systems. Increasingly, supply chain attacks will be a growing problem, and resilience will be dependent upon proactive investment in security as well as consumer awareness of the threats.
Read more »
Subscribe to: Comments (Atom)