A researcher was alerted to a fake website containing fake quotes that appeared to be written by himself. The age of generative artificial intelligence (AI) toying with our public personas has truly arrived. As cybersecurity professionals we must ask, what are the implications of fake-news-at-scale-and-quality for individuals and organizations?
The U.S. Federal Trade Commission (FTC) has published a data spotlight outlining the most common text message scams in 2022. Below are the top five text scams reported by the FTC: Phony bank fraud prevention alerts were the most common type of text scam last year.
Legitimate services can be exploited in social engineering, including business email compromise (BEC) attacks. Researchers at Check Point describe one current BEC campaign that’s using Soda PDF to send messages encouraging the recipients to call a phone number. Should they make the call, the bad actor on the line seeks to winkle them out of their cash. Check Point calls these kinds of attempts, which “leverage legitimate services to send out malicious material,” BEC 3.0.
Cybercriminals still know that the easiest way to successfully infiltrate an organization is through its people. While organizations continue evaluating and investing in their technology-based security layer, the human layer continues to be the most enticing and vulnerable attack vector. This marks the sixth consecutive year that KnowBe4 has analyzed hundreds of millions of data points in order to provide our annual Phishing by Industry Benchmark Report.
A survey by PasswordManager.com has found that one in three job seekers has fallen for, and responded to, fake job scams over the past two years. “Nearly 4 in 10 respondents, all of whom have searched for a job within the last two years, say they’ve encountered job postings that turned out to be a scam,” the researchers write.
The recent conviction of a U.K. man for cyber crimes committed in 2018 brings to light a cyber attack where this attacker manually performed the “in-the-middle” part of an attack. We’ve all heard of a “Man-in-the-Middle” (MitM) attack – also more recently called a “Manipulator-in-the-Middle” attack.
Details from a simple impersonation phishing attack show how well thought out these attacks really are in order to heighten their ability to fool victims and harvest credentials. Credential harvesting scams are pretty simple at face value: send an email that links to a spoofed login page/website, and let the credentials roll on in.
A phishing campaign is spoofing the major German media conference Anga Com, according to Jeremy Fuchs at Avanan. “A central part of any conference for a company is to garner interest for their company,” Fuchs explains. “Many conferences will give over lead lists for companies to follow up on. This can be a significant source of potential revenue for companies. This is not the usual fare for hackers.
The French government is taking a stand against the increasing threat of digital warfare. Publicly accusing Russia of conducting an extensive online manipulation campaign, France is fighting back against typosquatting of major media outlets and the French Foreign Ministry. The goal of these fake websites is to spread disinformation and confusion about the ongoing war in Ukraine.
While artificial intelligence (AI) has been the hot topic of this year, a theme that I continue to see is that AI is being used for good and evil. I'm going to dive more into key takeaways your organization can learn from Catherine Williams, Threat Intelligence Specialist at Telecom giant BT. Get her insights on AI being on two sides of the battlefield, and why everyone should start integrating cybersecurity in their everyday tasks now.
