Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Card fraud is escalating at an alarming rate, with no signs of slowing down. In a world where digital payments have become the norm, almost everyone, consumers, businesses, and financial institutions, finds themselves at risk. The convenience of card payments has made them an essential part of daily life, but it has also paved the way for sophisticated fraud schemes. For businesses, the stakes are even higher.

Arctic Wolf has recently observed customers receiving unsolicited Microsoft multi-factor authentication (MFA) text messages. These messages originate from legitimate Microsoft short code numbers; however, the source and intent have not been confirmed. This issue appears widespread, affecting organizations across multiple industry verticals. Example of Text Message It is currently unclear whether this activity is due to a systemic issue on Microsoft’s side or part of a malicious campaign.

Botnets have become a core part of the infrastructure in today’s cybercrime ecosystem — not just as enablers of disruption, but as purpose-built networks engineered for profit, stealth, and scalability. Built from large networks of compromised devices and rented out via criminal marketplaces, botnets are now essential as-a-service components of any cyberfraudster’s toolkit. While the concept of a botnet is not new, their construction, use cases, and value have certainly advanced.

A KnowBe4 co-worker of mine recently got this SMS phishing message (i.e., smish). They quickly identified it as a social engineering attack and shared it on our internal communication channel for sharing such things. I have had more and more of these types of similar smishes occurring over the last few months. It is an attempt to trick someone into worrying that their Gemini, Gmail, Microsoft, Instagram…or whatever account…is in the middle of being compromised and you need to react NOW! NOW!

When it comes to the stress of dealing with eCommerce scams, digital business teams don’t need reminding. But the current and projected cost of eCommerce fraud is truly staggering. A study by Juniper Research, a leader in fintech insights, forecasts that eCommerce fraud is set to leap from $44.3 billion in 2024 to $107 billion by 2029. That’s stomach-churning 141% jump. Needless to say, eCommerce fraud prevention has never been a more pressing goal.

A phishing campaign is targeting European countries with lures themed around copyright infringement, researchers at Cybereason warn. The phishing emails are designed to deliver the Rhadamanthys infostealer malware. “These campaigns often involve emails impersonating companies and their legal departments, falsely claiming recipients have violated copyright on social media or elsewhere and demanding content removal,” the researchers write.

Cybersecurity experts are warning that scammers are taking advantage of uncertainty surrounding the U.S. administration’s tariff policies, CNBC reports. Fraudsters may send texts or emails posing as retailers, delivery companies or government agencies, requesting tariff-related payments for purchases and deliveries. James Lee, president of the Identity Theft Resource Center, noted that scammers frequently take advantage of new government policies to launch phishing attacks.