Now being commonly referred to as “Scama” – short for Scamming Method – these kits are being sold promoting highly advanced feature sets, turning the novice scammer into a pro. I’ve covered a number of Phishing-as-a-Service kits on this blog, but we’re seeing an evolution in both the kit features and how they’re being promoted on the dark web.
There is no doubt that more pervasive deepfake and AI technologies will make for more realistic, sophisticated, phishing attacks, and add to an already huge problem. The days of phishing attacks rife with spelling and language errors are coming to an end. This is more the reason why you need a great security awareness training (SAT) program to fight back.
Czech and Ukrainian police have arrested six individuals responsible for a call center-based vishing scam designed to trick victims into thinking they were already victims of fraud. Imagine getting a call on your mobile phone from your bank. The caller ID shows the number you have saved in your contacts, so it must be your bank, right? The person on the other end tells you your account has been compromised and the remaining funds must be moved to a safe account. Sounds legit?
To celebrate National Computer Security Day, which is recognized on November 30 every year, KnowBe4 encourages all IT and security professionals to train their workforce how to stay safe from cybersecurity threats as the organization’s last line of defense. It is also crucial to focus on building a strong security culture by educating employees about today’s cyber threat landscape and how they can play a role in protecting the organization.
Researchers at Sophos have found that the criminal market for malicious generative AI tools is still disorganized and contentious. While there are obvious ways to abuse generative AI, such as crafting phishing emails or writing malware, criminal versions of these tools are still unreliable. The researchers found numerous malicious generative AI tools on the market, including WormGPT, FraudGPT, XXXGPT, Evil-GPT, WolfGPT, BlackHatGPT, DarkGPT, HackBot, PentesterGPT, PrivateGPT.
There’s been a “precipitous rise” in QR code phishing campaigns in 2023, according to Matthew Tyson at CSO. “For the attacker, QR codes bring a number of benefits, including some appreciated by legitimate businesses: they are easy to create and easy to use,” Tyson writes.
This is a cautionary tale of both how your data can legally end up in the hands of an organization you never intended and how victims can be largely left in the dark post-breach. Normally when there’s a press release from an organization hit by a data breach, there are at least a few details that let customers know the company has a handle on what transpired, that the breach has been mitigated, and what customers impacted should do to protect themselves.
With organizations heavily focusing on protecting the corporate endpoint, cybercriminals are switching focus onto mobile devices where users are more prone to fall for their social engineering tactics. We consume so much content from people you don’t personally know that it’s not part of your everyday process to stop and be critical of what’s being presented to you. And that’s exactly what cybercriminals are taking advantage of.
Researchers at ESET describe various types of scams launched by users of Telekopye, a telegram bot that assists in crafting social engineering attacks. The scammers call their victims “mammoths,” so ESET has dubbed the scammers “Neanderthals.” The first type of scam is simply financial data theft via phishing sites.
The digital landscape is evolving at an exponential rate, and with it, the cybersecurity challenges we face. As we approach 2024, I've reflected on the insights gleaned from recent discussions I was privileged to partake in, such as the World Economic Forum's annual cybersecurity conference, ThreatCon and conversations with industry leaders, academics, and government representatives. Here are my top seven takeaways for 2024.
