Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Phishing Attacks. Show all posts
Phishing Attacks
Account Takeover AI Powered Scams Amazon Scam Alert Consumer Data Protection Cyber Security Cyberthreats Fake Retail Websites Holiday Fraud Risks Online Shopping Safety Phishing Attacks

Amazon Sounds Alarm Over Attack Threatening 300 Million Accounts

 


In the face of looming Black Friday 2025 frenzy, Amazon has unveiled a warning to its large customer base that is expected to overlap the holiday season's busiest shopping week. The warning warns of a surge in sophisticated scams expected to shadow the holiday season's busiest shopping week. On November 24, the company emailed a security advisory to millions of users, one that Forbes first reported on, warning that cybercriminals are increasingly exploiting the seasonal spike in online purchases by impersonating individuals, using fraudulent advertising, and sending unsolicited messages to elicit personal and financial information from them. 

There are approximately 310 million active customers on Amazon, making the retailer a high-value target for attackers looking for easy money during the holiday season, so they outlined five prominent tactics currently used to deceive shoppers, including the use of fake account verification emails and unsolicited phone calls to deceive shoppers. 

As Consumer Protection experts, we agree with these concerns; Mr. Mike Andrews, a representative from National Trading Standards, told Metro that scammers have an advantage over consumers when it comes to the weeks leading up to Christmas, knowing that even a small fraction of successful attempts during peak retail activities can yield significant returns. 

In a new study published in the journal Cybercrime: Science and Technology, a cybercriminal network has stepped up their impersonation campaigns against global companies such as Netflix, PayPal, and many more, with the use of browser-based notification traps and criminal infrastructures, as well as a variety of other methods for deceiving large numbers of users. 

Amidst this background, Amazon’s advisory dated November 24 details how similar tactics have now been employed against Amazon’s own customers, as scammers are attempting to coerce victims into providing them with personal data, financial credentials, and Amazon login information in exchange for money. The fact that such scams aren't new, but they have become more refined and adaptive as they cycle through techniques such as credential-stuffing attacks and malware-assisted account takeovers. 

Fraudsters often carry out such operations by posing as customer service personnel or technical support personnel - a similar tactic that the FBI has also warned about in parallel alerts concerning bank-related scams. The underlying mechanics of the deception are essentially the same: attackers send persuasive text messages, emails, or phone calls that push customers to verify activity, or to resolve a supposed issue, resulting in password disclosures or multifactor authentication codes. 

A fraudster will immediately reset all of the security settings within an account once he has gained access. He will lock out legitimate users' accounts as soon as he gets access. A recent study by the FBI reveals that there have been an increase in lookalike websites and bogus alerts mimicking delivery updates and promotional offers, as well as misleading third-party advertisements and unsolicited calls masquerading as Amazon support. 

These methods are closely related to the patterns outlined in recent FBI investigations. According to FortiGuard Labs, new findings published on November 25 further emphasize the urgency of Amazon's warning. These findings indicate a sharp increase in threats specifically designed for the holiday season, which has already been identified by the researchers. 

Over 18,000 domains were recently registered that included the terms "Black Friday," "Christmas," and "Flash Sale," with over 750 of those domains already confirmed to be malicious. In addition, nearly 3,000 of the 19,000 domains that were designed to mimic major retailers, including Amazon, were verified by the report as fraudulent, of which nearly half were identified as frauds. Decoy sites are often created with subtle spelling variations and visual similarities, which can be easily overlooked by shoppers who are rushing through deals while focusing on them. 

Among the cyber security experts who warn that the threat landscape is changing at a rapid rate, experts like Anne Cutler of Keeper Security point out that many of the latest scams are driven by artificial intelligence. By doing so, attackers are able to generate convincing order confirmations, spoofed customer service conversations, and highly realistic retailer websites with the aid of artificial intelligence. 

A response to these escalating risks has been the adoption by Amazon of stricter digital hygiene guidelines. Amazon has requested that customers rely solely on the Amazon app or website to manage their accounts, enable two-factor authentication or use passkeys to protect their login credentials, and remember that Amazon never solicits your payment or credential information via unsolicited phone calls or email. 

There is no doubt that the retailer stressed the importance of these safeguards as cybercriminals intensify their efforts before the busiest shopping season of the year. In the end, Amazon shoppers should also keep in mind that security experts warn that the threat goes well beyond phishing attacks and fraudulent domains; it is also possible to face threats within the broader online marketplace. 

A researcher, Mike Andrews, explains that artificial intelligence has made it significantly easier for scammers to manipulate product credibility by creating a large volume of convincing fake reviews on popular platforms like Google, Trustpilot, and Amazon in order to create fake reviews for their products. A growing number of bots are capable of flooding product pages with glowing testimonials, making it more difficult for customers to distinguish genuinely well-rated products from items that have been artificially boosted to mask inferior and even dangerous products. 

In addition, Andrews explains that despite the difficulty of quantifying the amount of online reviews that may be misleading, consumers should not rely on them blindly when making purchase decisions. If a high number of reviews appears within a very short period of time, overly vague praise without mentioning product features, or suspiciously generic comments are noticed, it may be a sign that the product is not as good as it sounds. 

It is possible to gain additional perspective using services like TheReviewIndex and RateBud that analyze review authenticity. Such manipulations of customer reviews vary in their goals. However, they are often aimed at convincing shoppers to make a purchase for substandard items or to purchase products that may never arrive in their hands. 

There is also an aggressive scam that seeks personal information, financial information, or Amazon login credentials through fake messages, advertisements, or phone calls. Moreover, Andrews warns that social media advertisers are becoming increasingly sophisticated when it comes to deceptive advertising, with artificial intelligence (AI) often generating storefronts that mimic small businesses or festive markets using fake images and videos. 

Even though these sites sound quite convincing, they often deliver nothing more than cheaply produced goods shipped from overseas, leaving customers disappointed and out of pocket. A surge in seasonal scams, on the other hand, illustrates the importance of taking an active role in one's online security as a shopper. Analysts believe that even simple habits, such as verifying sender addresses, checking URLs, updating passwords, and enabling multi-factor authentication, are enough to prevent the vast majority of attempts to penetrate an online network. 

The consumer is also encouraged to inform Amazon and the relevant authorities of suspicious pages or messages, so that they can be dismantled before they spread. Even though cybercriminals are developing their tactics with artificial intelligence (AI) and precision, the best way to stop them is to have an informed public that shop deliberately, questions what might be unexpected, and prioritizes safety over urgency.
Read more »
Phishing Attacks
Cyber Security Data Digital Scams Identity Thefts Internet Phishing Attacks

Scammers Used Fake WhatsApp Profiles of District Collectors in Kerala


Scammers target government officials 

In a likely phishing attempt, over four employees of Kasaragod and Wayanad Collectorates received WhatsApp texts from accounts imitating their district Collectors and asking for urgent money transfers. After that, the numbers have been sent to the cyber police, according to the Collectorate officials. 

Vietnam scammers behind the operation 

The texts came from Vietnam based numbers but showed the profile pictures of concerned collectors, Inbasekar K in Kasaragod and D R Meghasree. 

In one incident, the scammers also shared a Google Pay number, but the target didn't proceed. According to the official, "the employees who received the messages were saved simply because they recognised the Collector’s tone and style of communication." 

Two employees from Wayanad received texts, all from different numbers from Vietnam. In the Kasaragod incident, Collector Inbasekar said a lot of employees received the phishing texts on WhatsApp. Two employees reported the incident. No employee lost the money. 

Scammers used typical scripts

The scam used a similar script in the two districts. The first text read: Hello, how are you? Where are you currently? In the Wayanad incident, the first massage was sent around 4 pm, and in Kasaragod, around 5:30 pm. When the employee replied, a follow up text was sent: Very good. Please do something urgently. This shows that the scam followed the typical pitches used by scammers. 

The numbers have been reported to the cyber police. According to Wayanad officials, "Once the messages were identified as fake, screenshots were immediately circulated across all internal WhatsApp groups." Cyber Unit has blocked both Vietnam-linked and Google Pay numbers.

What needs to be done?

Kasaragod Collector cautioned the public and staff to be careful when getting texts asking for money transfers. Coincidentally, in both the incidents, the texts were sent to staff employed in the Special Intensive Revision of electoral rolls. In this pursuit, the scammers revealed the pressures under which booth-level employees are working.

According to cyber security experts, the fake identity scams are increasingly targeting top government officials. Scammers are exploiting hierarchical structures to trick officials into acting promptly. “Police have urged government employees and the public to avoid responding to unsolicited WhatsApp messages requesting money, verify communication through official phone numbers or email, and report suspicious messages immediately to cybercrime authorities,” the New Indian Express reported.

Read more »
Phishing Attacks
Cybernews data security malware Phishing Attacks

More Breaches, More Risks: Experts say Protect Your Data Now

 

As data breaches surge, experts warn consumers to guard personal information before it reaches the dark web With data breaches becoming almost routine, more consumers are being forced to confront the risks of having their personal information exposed online. 

A recent US News survey found that 44 percent of respondents had received notices for multiple breaches involving their personal data. For many people, it now feels like another familiar company announces a breach every few days. Once stolen, this information typically ends up on the dark web, where it becomes a valuable resource for hackers, scammers, and cybercriminals. Breaches are only one pathway for data to be leaked. 

Clicking phishing links, entering details in viral social media quizzes, or having a device compromised by malware can all provide criminals with access to personal information that later circulates on underground forums. 

Dr. Darren Williams, founder and CEO of data privacy and ransomware protection company BlackFog, says the presence of some personal data on the dark web does not mean consumers should surrender to the problem. According to him, there are steps that can reduce exposure and protect information that has not yet been compromised. 

Williams explains that criminals increasingly rely on AI to pull together stolen data into detailed information bundles called “fullz.” These files can include banking credentials, addresses, medical data, and social security numbers. Scammers use them to impersonate relatives, romantic partners, or trusted contacts in targeted fraud attempts. 

He notes that while highly individualized scams are less common, criminals tend to target groups of victims at scale using dark web data. To understand their level of exposure, experts recommend that consumers start by scanning the dark web for leaked credentials. 

Many password managers and personal data removal services now offer monitoring tools that track whether email addresses, usernames, or passwords have been posted online. Removing data once it appears on dark web marketplaces is extremely difficult, which is why privacy specialists advise minimizing personal information shared online. Williams says reducing digital footprints can make individuals less appealing to attackers. 

Personal data removal services can help scrub information from commercial data broker sites, which can number in the hundreds. Security specialists also emphasize the importance of preventing criminals from expanding access to personal devices or financial accounts. 

Recommended practices include enabling multi-factor authentication, using strong and unique passwords stored in a password manager, installing antivirus software, avoiding links from unknown senders, updating operating systems regularly, and using a VPN on public Wi-Fi. Identity theft protection platforms and credit monitoring services can offer an extra layer of defense and provide real-time alerts if suspicious activity occurs.
Read more »
Ransomware
Account Hacking Cybercrime Prevention Cybersecurity Data Breach digital safety Gaming Malware online threats Phishing Attacks Ransomware

Malware Infiltrations Through Official Game Channels


 

Cybercriminals are increasingly exploiting the trust of unsuspecting players as a profitable target in the evolving landscape of digital entertainment by downloading video games, which appear to be harmless to the eyes of user. The innocent download of a popular game, an exciting demo, or a modification made by a fan can sometimes conceal a much more sinister payload behind the innocent appearance. 

With the development of malicious code embedded within seemingly legitimate files, attackers have become increasingly adept at stealing credentials, draining cryptocurrency wallets, or hijacking user accounts without immediate notice, all using deceptive tactics. It has been reported that games can be real in nature, but they are often bundled with hidden malware that activates as soon as they are installed. 

Infections that cause this type of infection are usually hidden in post-release updates, ensuring that early versions look harmless while later patches quietly deliver the exploit, allowing threat actors to keep their exploits a secret. There is an increasingly common ploy to lure players away from verified gaming storefronts with claims of "exclusive content" or "performance-enhancing updates," and then redirect them to malicious external downloads, which are actually malicious. 

In addition to circumventing the platform's built-in security checks, such tactics also hinder developers and distributors from identifying and removing the threat promptly, as they cannot detect and remove the threat. One of the recent examples underscores the sophistication of these attacks, as security researchers discovered that a threat actor uploaded four seemingly benign "mods" to the official Steam catalogue for the popular online game Dota 2 in an effort to sabotage the game. 

When these modifications were installed on victims' systems, they opened a back door, allowing the attacker to take advantage of a known security vulnerability (CVE-2021-38003) that exists in the open-source JavaScript engine of Dota 2's Panorama framework. 

Community enhancements that were supposed to serve as vehicles for advanced exploitation turned out to be vehicles for advanced exploitation - demonstrating how even trusted platforms are susceptible to being compromised. It is clear from this troubling trend that the line between gaming and cyber risk is blurry, where just one careless click on a seemingly innocent file can expose players to data theft, account compromise, and system vulnerabilities that will last for years. 

While many security breaches in gaming occur as a result of external threat actors, there are some instances where the danger is a result of the game itself. It has been observed that developers, in certain cases, have knowingly embedded malicious components into their creations for the purpose of profit, surveillance, or misguided experimentation. However, in some cases, fan-made mods and community content have knowingly transmitted infections introduced by their creators. 

There have been cases when an infected development environment has accidentally introduced malware into an end-game by accident, putting countless players at risk. In such cases, it is made clear that even the most trustworthy and official platforms can be used to compromise players, eroding trust in a field once defined by creativity and connection, a time when player trust has been eroded. 

There have been increasing numbers of attacks by attackers who have been strategically leveraging the excitement surrounding major game releases by timing their campaigns for peak excitement moments. In these periods of high traffic, fraudulent “early access” invitations and “exclusive beta” offers seem more convincing, lured by players who desire to experience the latest titles earlier. 

When people are forced to download files without verifying their authenticity through claims of “limited access” or “exclusive playtests”, they are often manipulated into downloading files with the intent of creating anticipation and urgency. The type of tactics mentioned above is particularly effective with regard to streamers who are constantly looking for new content that will draw viewers to their channel.

By exploiting this ambition, cybercriminals entice them into downloading trojanized games or demo versions, which compromise both their systems as well as their audiences. However, content creators are not alone at risk of malware; casual gamers, whose curiosity or thrill of novelty drives them, are also at risk of accidentally installing malware disguised as legitimate software. The attacks take place across multiple platforms. 

Some malicious projects have bypassed moderation on official storefronts, such as Steam, by releasing Early Access games, overhyped demos, or free platformers, which have later proved harmful as a consequence of the attacks. As a result of their high ratings and fabricated reviews, they often gave the illusion that these titles were credible until intervention was instituted. As a result of cyber deception, platforms such as Discord and Telegram have become fertile ground for cyber attacks outside of official channels. 

The trust inherent in these communities amplifies the damage caused by the malicious attacker, causing victims to unintentionally become accomplices in the attack. Attackers compromise legitimate accounts and distribute infected files posing as friendly recommendations like "try my new game" or "check out this beta build".

A number of researchers, including Bitdefender's experts, have warned that the very qualities defining the gaming community- its enthusiasm, speed, and interconnectedness-are becoming weapons against it. In a culture where rapid downloads and shared excitement drive engagement, players tend to override caution in an effort to discover new content, exposing them to evolving cyber threats even when they are wewell-versed

During the past few months, Kaspersky has conducted an analysis of the growing trend of cyberattacks targeting gamers, specifically those belonging to Generation Z, which revealed alarming insights. As a result of this study, which examined malware activity across 20 of the most popular video games from the second quarter of 2024 until the first quarter of 2025, the study identified more than 1.8 million attempts to attack across the 20 most popular games between March 2025 and March 2024, the highest amount ever recorded during this period. 

Cybercriminals continue to target the biggest franchises of the gaming industry, most of which have active online and modding communities, as the findings illustrate. These findings highlight the fact that many of the biggest franchises are a prime target for cybercriminals. The largest number of attack attempts was recorded by the Grand Theft Auto franchise, which was the highest number among all titles analysed. 

Even though GTA V has been around for more than a decade, it has endured due to its popularity, modding flexibility, and active online community, making it particularly vulnerable to cybercrime. With anticipation building for GTA VI's release expected in 2026, experts are warning that similar campaigns will be on the rise, as threat actors will likely take advantage of the excitement surrounding “early access” offers and counterfeit installers in order to gain an edge. 

The biggest cybercriminal attack that occurred on Minecraft was 4,112,493. This is due to the vast modding ecosystem and younger player demographic, both of which continue to attract cybercriminals to the game. With 2,635,330 attempts, Call of Duty came in second with 2,615,330, mainly due to malicious files posing as cheats or cracked versions for games such as Modern Warfare 3. It is no wonder that,

The Sims were responsible for 2,416,443 attack attempts, a figure which can be attributed to the popularity of unofficial expansion packs and custom in-game assets. Roblox was also prominent, with 1,548,929 attacks, reflecting the persistent exploitation of platforms with content that is generated by users. There were also several other high-risk franchises, including FIFA, Among Us, Assassin’s Creed, Counter-Strike: Global Offensive, and Red Dead Redemption, which together contributed to hundreds of thousands of incidents.

Community engagement, which includes mods, patches, and fan content, has been shown to have a direct correlation with malicious software spread. Kaspersky has conducted a comprehensive analysis of these infections, which range from simple downloaders to sophisticated Trojans capable of stealing passwords, granting remote access to systems and deploying ransomware, among others. This type of attack is aimed primarily at compromising valuable gaming accounts, which are then sold on black market markets or underground forums for a high price. 

In accordance with the findings of the study, cyber threats are evolving as a result of the enthusiasm for new content, as well as a culture of sharing within gaming communities being weaponised by attackers for profit and exploitation. In my opinion, Guild Wars 2 stands out as a particularly notable example, which was developed by ArenaNet and published by NCSoft as a massively multiplayer online role-playing game. 

There is a strong community attached to this game because of its dynamic and expansive co-operative world. Despite the popularity of the game, the studio faced backlash in March 2018 after an update reportedly installed a surveillance tool on the players' systems. It was the embedded program's responsibility to search local files for unauthorised third-party applications and executables that may be associated with cheating. 

It was condemned by many players and cybersecurity experts as a serious breach of privacy, asking if the deployment of what appeared to be spyware was necessary to combat dishonesty. This episode proved that there is a delicate balance between maintaining the integrity of online games and infringing upon the rights of users. 

An analysis of the report revealed that efforts made to combat one form of manipulation of data were capable of introducing another, highlighting a growing ethical dilemma in the gaming industry-where issues of security, surveillance, and player trust have intersected in increasingly interesting, albeit uncomfortable, ways lately. In spite of the fact that the measure was designed to ensure fair play and resulted in nearly 1,600 accounts being identified and banned, it sparked widespread concern due to the way the measure was implemented. 

During the ongoing investigation into how malware infiltrated the gaming industry, a number of recent cases have shed light on the evolving strategies that cybercriminals are using to infiltrate the market. Those incidents mark a critical turning point in the history of video games, revealing how both indie developers and major gaming platforms, unwittingly, can be conduits for large-scale cyberattacks. 

One of the most alarming examples is BlockBlasters (2025), which appears innocent at first glance but rapidly gains popularity with its creative design and indie appeal, despite being a seemingly harmless free platformer on Steam. An update released weeks after the game was released introduced a hidden cryptocurrency dragon that hacked over $150,000 from unsuspecting players who had been unaware of the device.

In a later investigation, it emerged that the attackers had enlarged their reach by pretending to be sponsors and contacting streamers to promote the game. When Valve finally intervened and removed it, the attackers were able to expand their reach. During the same period, Sniper: Phantom's Resolution leveraged Steam's visibility but hosted its demo externally, bypassing platform safeguards. 

After a community report that the installer contained information-stealing malware, Valve delisted the title as a result of the incident, but this case demonstrated how attackers are able to use official storefronts as an effective means of promoting legitimate downloads while directing victims to malicious ones. 

There was also a similar pattern with the Early Access survival game Chemia (2024/2025), which had invited players to sign up for playtesting access to the game. Even though the project was presented professionally, it was eventually linked to three different malicious software strains which extorted data and created backdoors on infected machines in the future. 

Despite the fact that the supposed studio behind the title has been unable to locate an online presence, suspicions were raised that the identity had been fabricated. Meanwhile, the outbreak of the Fracturiser in Minecraft mods in 2023 underscores the dangers associated with community-driven ecosystems. As a result of malicious updates released by criminals into legitimate developer repositories, it has been extremely difficult for maintainers to recover control of the issue. 

These incidents have resulted in severe fallout for users. The takeover of accounts has permitted attackers to impersonate victims and spread scams, while financial losses, as seen during the BlockBlasters campaign, have devastated many players, including one streamer who lost funds that were being raised for medical care. 

Furthermore, as fraudulent titles, manipulated reviews, and influence promotions continue to erode the trust in gaming platforms, the line between genuine creativity and calculated deception is becoming increasingly blurred, which is further obscuring the real difference between genuine creativity and calculated deception. As a reminder of the dangers lurking even in verified storefronts and beloved communities, gamers are becoming increasingly uncertain about what they can play, especially as they become more and more connected.

Increasing cyber threats hidden within gaming platforms have highlighted a sobering truth: it is no longer acceptable to put digital safety as an afterthought to entertainment pursuits. In order to remain competitive in this rapidly evolving threat landscape, both players and developers should learn how to adapt in order to stay safe while exploiting trust, curiosity, and the community spirit that defines gaming culture. 

To protect against malicious behaviour and threats, platform oversight, a stricter moderation system for uploaded content, and advanced threat detection tools are not optional—they are essential. 

Furthermore, the player can also play a crucial role by verifying download sources, avoiding unofficial links, and keeping up to date with emerging cyber risks before attempting to install any new titles or mods.

In the end, the strongest defence is a higher level of awareness. It is no secret that video games have grown into a global industry of power and necessity, but the cybersecurity within it also needs to grow in equal measure. 

Vigilance, along with proactive security practices, can keep the excitement of new releases and the creative spirit of the community alive without becoming a gateway for exploitation. Keeping this delicate balance between innovation and protection, the future of safe gaming depends on making every click informed.
Read more »
Ransomwares
acronis AI cyberattacks AI technology Cyber Defenses Cyber Security Cybersecurity Threats Indian Cyber Security Malwares Phishing Attacks Ransomwares

India Most Targeted by Malware as AI Drives Surge in Ransomware and Phishing Attacks

 

India has become the world’s most-targeted nation for malware, according to the latest report by cybersecurity firm Acronis, which highlights how artificial intelligence is fueling a sharp increase in ransomware and phishing activity. The findings come from the company’s biannual threat landscape analysis, compiled by the Acronis Threat Research Unit (TRU) and its global network of sensors tracking over one million Windows endpoints between January and June 2025. 

The report indicates that India accounted for 12.4 percent of all monitored attacks, placing it ahead of every other nation. Analysts attribute this trend to the rising sophistication of AI-powered cyberattacks, particularly phishing campaigns and impersonation attempts that are increasingly difficult to detect. With Windows systems still dominating business environments compared to macOS or Linux, the operating system remained the primary target for threat actors. 

Ransomware continues to be the most damaging threat to medium and large businesses worldwide, with newer criminal groups adopting AI to automate attacks and enhance efficiency. Phishing was found to be a leading driver of compromise, making up 25 percent of all detected threats and over 52 percent of those aimed at managed service providers, marking a 22 percent increase compared to the first half of 2024. 

Commenting on the findings, Rajesh Chhabra, General Manager for India and South Asia at Acronis, noted that India’s rapidly expanding digital economy has widened its attack surface significantly. He emphasized that as attackers leverage AI to scale operations, Indian enterprises—especially those in manufacturing and infrastructure—must prioritize AI-ready cybersecurity frameworks. He further explained that organizations need to move away from reactive security approaches and embrace behavior-driven models that can anticipate and adapt to evolving threats. 

The report also points to collaboration platforms as a growing entry point for attackers. Phishing attempts on services like Microsoft Teams and Slack spiked dramatically, rising from nine percent to 30.5 percent in the first half of 2025. Similarly, advanced email-based threats such as spoofed messages and payload-less attacks increased from nine percent to 24.5 percent, underscoring the urgent requirement for adaptive defenses. 

Acronis recommends that businesses adopt a multi-layered protection strategy to counter these risks. This includes deploying behavior-based threat detection systems, conducting regular audits of third-party applications, enhancing cloud and email security solutions, and reinforcing employee awareness through continuous training on social engineering and phishing tactics. 

The findings make clear that India’s digital growth is running parallel to escalating cyber risks. As artificial intelligence accelerates the capabilities of malicious actors, enterprises will need to proactively invest in advanced defenses to safeguard critical systems and sensitive data.
Read more »
Phishing Attacks
Artificial Intelligence Credential Theft Cyber Attacks Cybercrime Infrastructure Cybersecurity awareness Gmail Security Multi-Layered Deception Phishing Attacks

New Gmail Phishing Attack Exploits Login Flow to Steal Credentials

 


Despite today's technologically advanced society, where convenience and connectivity are the norms, cyber threats continue to evolve at an alarming rate, making it extremely dangerous to live in. It has recently been reported that phishing attacks and online scams are on the rise among U.S. consumers, warning that malicious actors are increasingly targeting login credentials to steal personal and financial information from their customers. Those concerns are echoed by the Federal Bureau of Investigation (FBI), which revealed that online scams accounted for a staggering $16.6 billion in losses last year—a jump of 33 per cent compared with the year prior.

The extent to which the problem is increasing has been highlighted in surveys that have revealed more than 60 per cent of Americans feel scam attempts are increasing, and nearly one in three have experienced a data breach regularly. Taking these figures together, it is apparent that fortifying digital defences against an ever-expanding threat landscape is of utmost importance. 

Phishing itself is not new; however, its evolution has been dramatic over the past few decades. Previously, such scams could be easily detected due to their clumsy emails that contained spelling errors and awkward greetings like "Dear User." Today's attacks are much more sophisticated. In this latest Gmail phishing campaign, Google's legitimate login process is accurately mimicked with alarming accuracy, deceiving even tech-savvy users. 

It has been documented by security researchers that thousands of Gmail accounts have been compromised, with stolen credentials opening the door to a broad range of infiltrations, including banking, retail, and social networking sites. A breach like this is compared to an intruder entering one's digital home with the key to the rightful owner. 

A breach of this kind can cause long-lasting damage both financially and personally because it extends well beyond inconvenience. Investigations have shown that this campaign is based on deception and abuse of trusted infrastructures. Fraudulent "New Voice Notification" emails are a way for scammers to get victims by phoning them with fake sender information and making them listen to their voicemails. This attack begins with a legitimate Microsoft Dynamics marketing platform, which lends instant credibility to it, thereby enabling it to bypass many standard security controls. 

A CAPTCHA page on horkyrown[.]com, which can be traced to Pakistan, then redirects victims to a fake login page that looks exactly like Gmail's login page, which makes them feel like they're being hacked before giving them the real thing. When credentials are exfiltrated in real time, the account can be taken over almost immediately. Adding more complexity to this problem is the advent of artificial intelligence in phishing operations. 

Cybercriminals are now making perfect emails, mimicking writing styles, and even making convincing voice calls impersonating trusted figures, utilising advanced language models. According to security companies, artificial intelligence-driven phishing attempts are just as effective as human-crafted ones - if not more so - showing a 55 per cent increase between 2023 and 2025 in success rates. 

With the use of techniques such as metadata spoofing and "Open Graph Spoofing," attackers can further disguise malicious links, essentially making them almost indistinguishable from safe ones with the help of these techniques. In this new wave of phishing, which has become increasingly personalised, multimodal, and distributed at unprecedented scales, it is becoming increasingly difficult to detect. 

The FBI, as well as the Cybersecurity and Infrastructure Security Agency (CISA), have already issued warnings regarding artificial intelligence-enhanced phishing campaigns that target Gmail accounts. There was one case in which Ethereum developer Nick Johnson told of receiving a fraudulent “subpoena” email that passed Gmail's authentication checks and appeared to be just like a legitimate security alert. In similar attacks, phone calls and email have been used to harvest recovery codes, enabling full account takeover. 

Additionally, analysts found that attackers stole session cookies, enabling them to bypass login screens and bypass the entire process. Although Google's filters are now blocking nearly 10 million malicious emails per minute, experts warn that attackers are adapting faster, making stronger authentication measures and user vigilance essential. 

According to the technical analysis of the attack, it has been discovered that the (purpxqha[.]ru) Russian servers used to redirect traffic and perform cross-site requests should be responsible for the attack, while the primary domain name infrastructure was registered in Karachi, Pakistan. 

Using the malicious system, multiple layers of security within Gmail are bypassed, allowing hackers to not only collect email addresses and password combinations, but also two-factor authentication codes, Google Authenticator tokens, backup recovery keys, and even responses to security questions, enabling the attackers to completely take control of victims' accounts before they are aware that they have been compromised. Security experts have made several recommendations to organisations, including blocking identified domains, strengthening monitoring, and educating users about these evolving attack vectors. It must be noted that the Gmail phishing craze reflects a broader reality: cybersecurity is no longer a passive discipline but is a continuous discipline that must adapt to the speed of innovation as it evolves. 

There is no doubt that cultivating digital scepticism is a priority for individuals—they should question every unexpected email, voicemail, or login request, and they should reinforce their accounts with two-factor authentication or hardware security keys to ensure their accounts remain secure. A company’s responsibilities extend further, as they invest in employee awareness training, conduct mock phishing exercises, and implement adaptive tools capable of detecting subtle changes in behaviour. 

A cross-government collaboration between industry leaders, governments, and security researchers will be crucial to the dismantling of criminal infrastructure that exploits global trust. The need for vigilance in an environment where deception is becoming increasingly sophisticated each day has become more than an act of precaution, but a form of empowerment. This allows individuals and businesses alike to protect their digital identities from increasingly sophisticated threats while simultaneously protecting their digital identities.
Read more »
Phishing Attacks
Cyber Attacks Cyber War Cyber Warfare Cyberhacking Hacking Attack Iran Iranian hackers Isreal Phishing Attacks

Israel and Iran Cyber War Escalates After June Conflict Despite Ceasefire

 

The long-running cyber conflict between Israel and Iran has intensified following the June war, according to a recent report by the Financial Times. Israeli officials disclosed that they began receiving suspicious text messages containing malicious links soon after the 12-day conflict. One official, speaking anonymously, confirmed that the attacks have not stopped, emphasizing that the cyber hostilities remain active despite a temporary ceasefire on the battlefield. 

Recent incidents highlight the scale of the digital confrontation. Iranian hackers have been linked to phishing campaigns targeting Israeli diplomats and government officials, while also attempting to exploit vulnerabilities in Microsoft software to infiltrate Israeli networks. 

In parallel, Israel and groups aligned with its interests have launched disruptive cyberattacks on Iran, underscoring how digital warfare has become a central element in the shadow war between the two nations. During the June conflict, Iran’s Ministry of Communications reported facing what it described as its most extensive cyberattack campaign to date, with more than 20,000 incidents in just 12 days. 

One attack temporarily disabled Iran’s air defense systems as Israeli Air Force jets launched strikes on Tehran on June 13. Israeli cybersecurity experts later described the air defense breach as a tactical move designed to give Israel an initial advantage, while stressing that intelligence gathering on Iranian military figures and nuclear scientists was the most significant outcome. 

On the other side, an Israeli-aligned hacking group known as Gonjeshke Darande claimed responsibility for siphoning around $90 million from the Iranian cryptocurrency exchange Nobitex, transferring the funds into a wallet that could not be accessed. Nobitex rejected accusations that it operated as a regime tool, though the same group also targeted two major Iranian banks, including state-owned Bank Sepah. 

These attacks reportedly crippled banking systems by disabling not only primary data but also backup and disaster recovery servers, according to Dotin, the software provider for the affected banks. Meanwhile, Iranian-backed hackers conducted cyber operations against 50 Israeli companies, including firms in logistics, human resources, and defense-related sectors.

Leaked resumes of thousands of Israeli citizens linked to defense work were published online. Attackers also attempted to manipulate Israelis by sending fake messages that appeared to come from the Home Front Command, advising civilians to avoid bomb shelters during missile strikes. Other attempts focused on breaching security camera systems to track the locations of incoming rockets. 

Despite these efforts, Israeli cybersecurity officials argue that the cyberattacks on their country have caused minimal disruption. Iran, however, appears to have suffered more significant setbacks. Senior Iranian officials acknowledged weaknesses in their systems, citing the country’s centralized data structures as a vulnerability exploited by Israeli forces. 

The scale of the damage prompted calls within Iran for urgent measures to strengthen its cyber defense capabilities. Experts believe the cyber war will continue to escalate, as it allows both sides to strike at one another without triggering immediate international backlash. Analysts note that while conventional attacks risk provoking strong responses from global powers, operations in cyberspace often proceed unchecked. 

For Israel and Iran, the digital battlefield has become a critical front in their decades-long struggle, one that persists even when guns fall silent.
Read more »
zero-day exploit
CVE-2025-8088 directory traversa malware Phishing Attacks RomCom malware WinRAR vulnerability zero-day exploit

WinRAR Flaw Exploited as Zero-Day to Spread RomCom Malware in Phishing Attacks

 

A recently patched security flaw in WinRAR, identified as CVE-2025-8088, was weaponized as a zero-day exploit in phishing campaigns to deliver the RomCom malware, security researchers revealed.

The vulnerability, a directory traversal bug, was addressed in WinRAR version 7.13. It enabled attackers to craft malicious archives that could extract files into arbitrary file paths defined by the attacker rather than those selected by the user.

According to the WinRAR 7.13 changelog: "When extracting a file, previous versions of WinRAR, Windows versions of RAR, UnRAR, portable UnRAR source code and UnRAR.dll can be tricked into using a path, defined in a specially crafted archive, instead of user specified path."

It further clarified that "Unix versions of RAR, UnRAR, portable UnRAR source code and UnRAR library, also as RAR for Android, are not affected."

By exploiting this flaw, attackers could place executables in Windows autorun directories, such as:
  • %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup (user-specific)
  • %ProgramData%\Microsoft\Windows\Start Menu\Programs\StartUp (system-wide)
This ensured that the malicious files would automatically run on the next reboot, giving attackers remote code execution capabilities.

Since WinRAR lacks an auto-update mechanism, users are urged to manually download the latest version from win-rar.com to protect themselves against this vulnerability.

The vulnerability was uncovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. Strýček confirmed to BleepingComputer that the bug was actively exploited: "ESET has observed spearphishing emails with attachments containing RAR files," he said.

These malicious archives were used to deploy RomCom backdoors. Also known as Storm-0978, Tropical Scorpius, or UNC2596, RomCom is a Russia-linked cybercrime group tied to ransomware, credential theft, and extortion operations.

The group has a track record of leveraging zero-day exploits and developing custom malware to maintain persistence, steal sensitive data, and conduct espionage operations. RomCom has also been associated with ransomware families such as Cuba and Industrial Spy.

ESET confirmed that a detailed report on the exploitation of this flaw will be released in the coming weeks.
Read more »
Subscribe to: Comments (Atom)