The US Federal Bureau of Investigation (FBI) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail.

Microsoft was the most impersonated brand in phishing attacks during Q2, 2023, according to Check Point’s latest Brand Phishing Report.

The latest data from the FBI’s Internet Crime Complaint Center (IC3) ups the estimate for the cost of losses and exposure through business email compromise (BEC) attacks from 2013 through 2023. In the latest advisory from the IC3 entitled “Business Email Compromise: The $50 Billion Scam,” there was a 17% increase in losses from BEC attacks in 2022.

Cybercriminals are exploiting the introduction of “.ZIP” as a new generic Top-Level Domain (gTLD) to launch phishing attacks, according to researchers at Fortinet. “Cybercriminals are always on the lookout for new opportunities and techniques to exploit, and the recent availability of '.ZIP' domains for public purchase has unfortunately created such an opportunity,” the researchers write.

Almost every organization freely admits that people are the biggest risk to its security. This year’s Data Breach Investigations Report by Verizon highlights that 74% of incidents involved the human element. People are a ‘soft’ target for cybercriminals. Networks and software can only be exploited if pre-existing vulnerabilities are discovered and hacked before they’re patched. People, however, can be engineered into creating vulnerability at any time.

In recent years, fake job hiring scams have become a common form of social engineering. Threat actors use these scams to steal money, launder money, commit identity theft, or carry out other fraudulent or illegal activities. The motives of threat actors behind fake job hiring scams vary. Some are simply looking to make a quick buck, while others are more interested in stealing personal information or committing identity theft.

The quantity of emails involved in scams and cyber attacks continues to grow as credential theft and response-based phishing persist as top attack variants. The ripple effect from cybercrime-as-a-service launching a few years back has reached critical mass, where we’re seeing significant increases in the percentage of emails that are either clearly determined to be malicious (7.7%) as well as those suspicious enough that users are recommended to not engage with (15.9%).

A manufacturing organization became the target of a business email compromise (BEC) attack. The threat actor utilized stolen credentials and then hoped a prompt-bomb attack will work — it did, and the threat actor was able to take over the user’s inbox. While, thankfully, this incident was detected and responded to by Arctic Wolf before more damage was done, BEC attacks are becoming more common and more successful by the month.