Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Discover the many ways refund fraud shows up — and learn how to stop it. Shana is a product marketing manager focused on the Persona platform and marketplaces. You can usually find her running around San Francisco with a coffee in hand. Shana is a product marketing manager focused on the Persona platform and marketplaces. You can usually find her running around San Francisco with a coffee in hand.

From groceries to gadgets, everything can be delivered to your doorstep these days with just a few clicks. In this e-commerce world, logistics and postal companies have become critical players in the retail sector, with brand names that everyone recognizes. But this has also made them goldmines of PII that attackers would do anything to get their hands on.

The U.S. FBI warns that scammers are attempting to trick law firms into transferring money as part of a phony debt collection scheme. The scam “may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc.” The schemes typically take the following steps: The FBI outlines some recommendations to help organizations avoid falling for these scams.

On October 15, 2024, a new Linux variant of the notorious FASTCash malware was uncovered, once again highlighting the vulnerabilities in global banking systems. This malware, attributed to North Korean threat actors, has been responsible for siphoning millions of dollars from ATMs worldwide by compromising interbank payment switches. The latest version targets Linux systems, allowing attackers to manipulate transaction messages and approve fraudulent cash withdrawals.

Yes, it is possible for Google Ads to be scams. According to the 2023 Google Ads Safety Report, Google successfully blocked and removed over five billion fake ads and suspended almost 13 million advertiser accounts. Even though fake Google Ads are prohibited by Google’s policies, many phony ads go undetected if no one reports them, which could lead to you falling for their scams.

Read also: a hacker pleads guilty to $37M crypto fraud, two fraudsters charged in a $1M DoorDash wage theft scheme, and more.

Cato CTRL security researchers have recently discovered a threat actor, ProKYC, selling a deepfake tool in the cybercriminal underground that helps threat actors beat two-factor authentication (2FA) for conducting account fraud attacks. The tool being sold is customized to target cryptocurrency exchanges—specifically ones that authenticate new users leveraging a government-issued document and by enabling the computer’s camera to perform facial recognition.

In a world where digital transformation is accelerating, the stakes for safeguarding critical infrastructure, government systems, and financial services have never been higher. These sectors are increasingly targeted by sophisticated payment fraud schemes and AI-powered cyberattacks, leaving them under immense pressure to shield their customers from threats.

For phishing scammers, the holidays are the most wonderful time of the year – or so holiday phishing trends would suggest. Cyberint research shows that phishing alerts surged by 46 percent last December compared to the monthly average observed throughout the year. Similarly, an Akamai study found a 150 percent increase in phishing victims between mid-October and late November 2021.