Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

There is a type of scam where victims are contacted by someone fraudulently posing as a popular trusted entity (e.g., Amazon, U.S. Post Office, etc.), law enforcement, or an intelligence agency that initially claims to have evidence linking the victim to a global, spy-like scam. Initially, the victim is befuddled, clueless and scared. The caller then asks the victim to hold on as they are then passed to one or more purported national law enforcement agencies.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list ways to explore these trends. This week, we’ll look at three common holiday season scams and how to spot and avoid them. ‘Tis the season to be jolly—and wary. The holidays are the time when friends and families come together, make merry, and revel in the festivities.

Cybersecurity researchers are warning about a new breed of investment scam that combines AI-powered video testimonials, social media malvertising, and phishing tactics to steal money and personal data. Known as Nomani — a play on "no money" — this scam grew by over 335% in H2 2024, with more than 100 new URLs detected daily between May and November, according to ESET's H2 2024 Threat Report.

With the exponential expansion of AI, bad actors are frothing at the mouth. Advanced technology for automating social engineering techniques that previously required technical know-how is now within arm’s reach of anyone with a keyboard. Attempts to exploit and deceive are more common than ever, and they are emptying business’s pockets. In 2023, 800 businesses worldwide reported fraud losses totaling 6.5% of their revenue, amounting to $359 billion.

Learn how to spot fake online giveaways like a pro.

Before you prove your humanity to a pop up, make sure you’re not accidentally downloading malware.

Customer fraud losses and remediation are often integrated as an inevitable cost of doing business Fraud’s impact on the bottom line is often considered when pricing products and services. This has happened since the first thief swiped a product from a marketplace stand. Today, scams responsible for severe business impact have become increasingly sophisticated, and the creeping costs are increasingly hard to budget for.

Vishing attacks, also known as voice phishing scams, are the newest way for cybercriminals to take advantage of weak spots. What is a vishing strike, though? Vishing is a type of social engineering scam in which people are tricked into giving up private information like passwords, credit card numbers, or business details over the phone or through voice mail. Vishing is different from phishing emails because it involves talking to people in person.