Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A KnowBe4 Threat Lab publication Authors: Daniel Netto, Jeewan Singh Jalal, Anand Bodke, and Martin Kraemer Executive Summary Attackers exploit redirects that lack safeguarding mechanisms to borrow the domain reputation of the redirect service, obfuscate the actual destination and exploit trust in known sources. Whitelisting URLs, only allowing a predefined set of URLs to be rewritten, is an effective countermeasures against the vulnerability on the server side.

The past year has been a journey of incredible growth and transformation at INETCO. From launching innovative product updates to expanding partnerships and earning recognition across the industry, we’ve taken huge strides toward transforming payments protection across the globe. 2024 was a year where milestones turned into momentum, preparing us to reach even greater heights in 2025.

Nearly half (46%) of businesses observed an increase in deepfakes and generative AI-related fraud last year, a new report from AuthenticID has found. Additionally, phishing attempts increased by 76% in 2024, and more than 90% of cyberthreats were driven by social engineering. The report also noted a rise in workplace-related fraud, including employee impersonation and account takeover.

In a previous Trustwave SpiderLabs’ blog, we explored how cybercriminals exploit Facebook Messenger chatbots to execute social engineering attacks, deceiving users into falling victim to scams and phishing schemes. These attacks often rely on the perceived legitimacy of automated systems to manipulate users into sharing sensitive information.

Secondary education has always been a luxury, but only recently has it become expensive enough to require loans. Thankfully, students looking to avoid indebtedness have some options available—the best of which are scholarships. Over 1.7 million scholarships are awarded yearly, granting billions of dollars in funding to in-need students and families.

As a former black hat hacker, social engineering and phishing concepts are not new to me. I have used these techniques in my previous life, so I know their effectiveness. Having spent years immersed in the intricacies of social engineering, I’m always looking for new twists on this age-old technique.

Read also: Major hacking forums seized in an international police op, British trio running the OTP.Agency vishing service sentenced, and more.

Investment scams are a growing problem. Modern cybercriminals are increasingly using this technique to swindle money out of unsuspecting victims. It’s easy to understand why: investment scams are remarkably effective. Research from Barclays even found that they accounted for a staggering 33% of all money lost to scammers in 2023. It’s clear then that many people don’t know how to identify an investment scam.