Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The holidays bring joy, celebration, and a flood of scam texts designed to steal your money, data, and peace of mind. Every holiday season brings excitement, and unfortunately, a surge in SMS scams targeting unsuspecting consumers. These scam messages might be tiny, but their impact can be huge, ranging from financial loss to identity theft. According to the U.S. Federal Trade Commission, people reported $470 million in losses from text-based scams in 2024, a fivefold increase since 2020.

Researchers at Appknox warn that malicious apps are impersonating popular AI tools like ChatGPT and DALL-E to trick users into installing malware on their mobile devices. Some of these apps simply collect user data to be sold to advertising services, while others act as full-fledged malware.

Website cloning attacks are a form of digital impersonation where threat actors replicate a company’s legitimate website to deceive users, harvest credentials, or redirect payments, often before enterprises even realize a clone exists. These attacks exploit brand trust at scale, turning familiarity into a weapon against customers.

A phishing campaign is targeting LastPass users with phony notifications informing users that someone has notified the company of the user’s death and is trying to gain access to their account. The emails have the subject line, “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED).” LastPass describes the following attack flow: Notably, the attackers are also calling recipients of the emails and posing as LastPass representatives, adding another layer of legitimacy to the campaign.

Account takeover (ATO) fraud has become one of the fastest-growing threats for enterprises. No longer confined to banks, ATO now targets retailers, SaaS platforms, airlines, and any business that maintains digital accounts for customers. The problem? Most enterprises are still relying on outdated defenses like domain takedowns, MFA, and dark web monitoring. By the time these tools kick in, fraudsters have already stolen customer credentials and inflicted brand damage.

A study from Malwarebytes has found that one in three mobile users has been targeted by an extortion scam, and one in five of these users has fallen victim. Additionally, one in six users has been targeted by sextortion, with a higher number of these attacks (38%) affecting Gen Z users.

Local founders say the country’s payments reboot and AI breakthroughs could put B.C. at the centre of financial innovation. One day before the Bank of Canada announced it had approved the country’s first payment service providers under the new Retail Payment Activities Act, leaders from Vancouver’s growing sector gathered for a conversation that felt prescient. At.

Around the world, banks and payment processors are reporting an explosion of mysterious tap-to-pay transactions happening nowhere near real cardholders. The European Association for Secure Transactions (EAST), for instance, has tracked a 1,500% surge in these relay-based attacks over the past year, with incidents stretching from Santiago to Singapore.