People have always been susceptible to a deal that is too good to be true. In the 1800s, American con man George C. Parker was best known for his repeated successes in "selling the Brooklyn Bridge” to the unwary. Then, in the 1900s it became popular to sell "valuable" Florida real estate that turned out to be swampland.

As generative AI evolves and becomes a mainstream part of cyber attacks, new data reveals that deepfakes are leading the way. Deepfake technology has been around for a number of years, but the AI boom has sparked new attacks, campaigns, and players all trying to use the impersonation technology to rob victims of their credentials, personal details or money. We recently covered multiple deepfake campaigns all perpetrated by a single individual that reached a global level.

In cybersecurity, transparency matters—because none of us are immune. Increasingly, we’re seeing threat actors hone in on specific organizations. When we detected the recent “Contagious Interview” campaign targeting one of our own, our team acted fast to stop it in its tracks. We’re sharing this story so others can see how easily these attacks unfold—and how quickly they need to be stopped to protect the community.

A recent report from UK Finance covered by the BBC paints a concerning picture of the evolving landscape of financial fraud. With a 16% rise in fraud cases and criminals stealing over £3 million daily, it's clear that awareness of cybersecurity threats has never been more crucial. Why Social Engineering Continues to Triumph At the heart of many of these scams is the fact that even the most robust technological defenses can be circumvented by exploiting humans.

Social engineers rely on two key psychological triggers: urgency and empathy. When people feel rushed or that they are helping someone in need, their normal critical thinking is often overridden. Attackers don’t just hack systems; they hack people, and they’re exceptionally good at it.

Discover the many ways refund fraud shows up — and learn how to stop it. Shana is a product marketing manager focused on the Persona platform and marketplaces. You can usually find her running around San Francisco with a coffee in hand. Shana is a product marketing manager focused on the Persona platform and marketplaces. You can usually find her running around San Francisco with a coffee in hand.

From groceries to gadgets, everything can be delivered to your doorstep these days with just a few clicks. In this e-commerce world, logistics and postal companies have become critical players in the retail sector, with brand names that everyone recognizes. But this has also made them goldmines of PII that attackers would do anything to get their hands on.

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme. The scam “may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc.” The schemes typically take the following steps: The FBI outlines some recommendations to help organizations avoid falling for these scams.

On October 15, 2024, a new Linux variant of the notorious FASTCash malware was uncovered, once again highlighting the vulnerabilities in global banking systems. This malware, attributed to North Korean threat actors, has been responsible for siphoning millions of dollars from ATMs worldwide by compromising interbank payment switches. The latest version targets Linux systems, allowing attackers to manipulate transaction messages and approve fraudulent cash withdrawals.

Yes, it is possible for Google Ads to be scams. According to the 2023 Google Ads Safety Report, Google successfully blocked and removed over five billion fake ads and suspended almost 13 million advertiser accounts. Even though fake Google Ads are prohibited by Google’s policies, many phony ads go undetected if no one reports them, which could lead to you falling for their scams.

Read also: a hacker pleads guilty to $37M crypto fraud, two fraudsters charged in a $1M DoorDash wage theft scheme, and more.

Cato CTRL security researchers have recently discovered a threat actor, ProKYC, selling a deepfake tool in the cybercriminal underground that helps threat actors beat two-factor authentication (2FA) for conducting account fraud attacks. The tool being sold is customized to target cryptocurrency exchanges—specifically ones that authenticate new users leveraging a government-issued document and by enabling the computer’s camera to perform facial recognition.

In a world where digital transformation is accelerating, the stakes for safeguarding critical infrastructure, government systems, and financial services have never been higher. These sectors are increasingly targeted by sophisticated payment fraud schemes and AI-powered cyberattacks, leaving them under immense pressure to shield their customers from threats.

For phishing scammers, the holidays are the most wonderful time of the year – or so holiday phishing trends would suggest. Cyberint research shows that phishing alerts surged by 46 percent last December compared to the monthly average observed throughout the year. Similarly, an Akamai study found a 150 percent increase in phishing victims between mid-October and late November 2021.

You can spot fake ads on Facebook if you notice that the ads feature very inexpensive products, poor-quality images, spelling mistakes or a lack of clear branding. Fake Facebook ads aim to trick you into sharing your personal information or paying for items that don’t exist. Continue reading to learn some of the most common signs of fake Facebook ads, how to avoid falling for these fake ads and what to do if you have already been scammed by them.

Industry analysis of the domains used behind phishing and brand impersonation attacks show financial institutions are being leveraged at an alarming rate. It’s one thing to see your industry at the top of some “state of” cybersecurity report, but it’s entirely different to learn that 68% of all phishing web pages identified in a single quarter are from your industry. That’s exactly what we find in Akamai’s latest analysis of websites across the Internet.

If a scammer has your phone number, you should lock your SIM card, secure your online accounts with strong passwords and block spam calls from your phone. With your phone number, scammers can do several things, including target you with phishing attacks, spam calls, spoofing attacks and SIM swapping. These kinds of cyber attacks can lead to your personal information being compromised and even your identity being stolen.

The criminal prosecution of the threat actors behind the "OTP Agency" has highlighted an ingenious new tactic that cybercriminals can use to bypass multi-factor authentication. The OTP Agency launched back in November of 2019. Their service was simple: if you have a compromised credential, their service would call the credential owner and pose as the website the account was for citing fraudulent activity, and ask the owner to verify themselves by providing the one-time password (OTP) sent to them via SMS.