🔐 The DOJ’s Cyber FCA Playbook Is Working as Enforcement Triples and Shows No Signs of Slowing 📰 Read the complete article from ComplexDiscovery OÜ's cybersecurity beat at complexdiscovery.com/the-dojs-cyb.... #Cybersecurity, #FalseClaimsAct, #DOJ, #CyberFraud, #CMMC

AI-Driven Phishing Campaign Exploits Cloud Platform to Breach Microsoft Accounts at Scale   A large-scale phishing operation linked to the AI-enabled cloud hosting platform Railway has enabled cybercriminals to infiltrate Microsoft cloud accounts belonging to hundreds of organizations, according to findings by Huntress. Rich Mozeleski, a product manager on Huntress’ identity team, revealed that the activity appears to be associated with a relatively small threat actor operating from roughly a dozen IP addresses. Despite its size, the campaign has successfully compromised hundreds of targets in recent weeks. The attack initially impacted a few dozen organizations daily in early March, but activity surged sharply beginning March 3. Mozeleski noted that the campaign stood out due to its sophistication and variability—no two phishing emails or domains were identical. This led researchers to suspect the use of artificial intelligence tools to generate customized phishing content. The lures included a mix of conventional email tactics, QR codes, and hijacked file-sharing platforms. “Just the amount of it was like Pandora’s Box had opened, and the efficacy was just through the roof,” Mozeleski said. The attackers leveraged a weakness in Microsoft’s device authentication process—commonly used by smart TVs, printers, and terminals—to obtain valid OAuth tokens. These tokens can grant access to accounts for up to 90 days without requiring passwords or multi-factor authentication. While Huntress reported that hundreds of its customers were deceived by the phishing attempts, the firm stated it successfully blocked any follow-on malicious activity. However, researchers believe these cases likely represent only a fraction of the total victims, which could reach into the thousands. Organizations affected span a wide range of industries, including construction, legal services, nonprofits, real estate, manufacturing, finance, healthcare, and public sector entities. Huntress identified at least 344 impacted organizations in a detailed report. To mitigate the threat, Huntress deployed a conditional access policy update across 60,000 Microsoft cloud tenants, specifically targeting emails originating from Railway-related domains. Mozeleski described this step as “not anything we’ve ever done before.” Weaponizing Cloud Infrastructure with AIInvestigators believe the attackers abused Railway’s Platform-as-a-Service offering—designed to help users build applications without coding expertise—to rapidly create phishing infrastructure for credential harvesting. By using compromised domains and generating highly tailored phishing messages, the attackers were able to evade traditional email security filters. All observed attacks were traced back to Railway’s IP infrastructure, though it remains unclear whether Railway’s native AI tools or external solutions were used to craft the phishing content. Responding to the incident, Railway solutions engineer Angelo Saraceno confirmed that the company took action after being alerted by Huntress on March 6. “The associated accounts were banned and the domains were blocked,” Saraceno said. “Our heuristics are built to catch correlations: repeated credit cards, shared code sources, overlapping infrastructure,” he wrote in an email. “When a campaign avoids those signals, it gets further than we’d like.” Saraceno emphasized that fraud detection requires balancing security enforcement with minimizing false positives, referencing a prior February incident where system tuning caused customer disruptions. Despite mitigation efforts, Mozeleski stated that Huntress continued to detect over 50 daily compromises tied to Railway-hosted phishing domains. He suggested that stronger vetting processes—especially for free-tier users—could help prevent such abuse, drawing comparisons to platforms like Mailchimp and HubSpot that enforce stricter usage controls. “Do not allow anybody to come in, start a trial, spin up resources, and start using your infrastructure” for cyberattacks, he said. A notable aspect of this campaign is the use of AI-powered infrastructure typically associated with advanced or state-backed threat actors, now being deployed for relatively routine phishing schemes. This shift highlights growing concerns among cybersecurity experts about the democratization of powerful attack tools. Experts warn that lower-tier cybercriminals, often referred to as “script kiddies,” may benefit significantly from generative AI technologies. John Hultquist recently noted that such tools are likely to empower smaller cybercriminal groups even more than state-sponsored actors. Meanwhile, promotional material from Railway highlights features such as “vertical auto-scale out of the box” and the ease of deploying self-hosted tools—capabilities that may inadvertently aid malicious use. “We are seeing crooks as the first movers of AI,” said Prakash Ramamurthy, chief product officer at Huntress. “They don’t have any qualms about PII, they don’t have any qualms about model training … and this incident, just in the sheer pace at which it has evolved, is kind of a testament to that.”

AI-Driven Phishing Campaign Exploits Cloud Platform to Breach Microsoft Accounts at Scale #AIphishingcampaign #CyberFraud #Huntresscybersecurity

Govt, RBI Tighten Grip on Fraudulent Loan Apps  The Government of India and the Reserve Bank of India (RBI) have intensified efforts to combat fraudulent digital loan apps that exploit vulnerable borrowers. In a recent Rajya Sabha response, Minister of State for Finance Pankaj Chaudhary outlined coordinated measures to strengthen the digital lending framework and protect consumers from unauthorized platforms. These steps follow growing concerns over illegal apps that charge exorbitant rates and harass users.  RBI formed a Working Group on Digital Lending, including loans via online platforms and mobile apps, leading to comprehensive guidelines issued to regulated entities (REs). All REs must comply, with supervisory assessments ensuring adherence; non-compliance triggers rectification or enforcement actions. The guidelines aim to make the ecosystem transparent, safe, and customer-focused by firming up regulations for app-based lending.  A key initiative is RBI's 'Digital Lending Apps (DLAs)' directory, launched on July 1, 2025, listing all apps deployed by REs. This public tool helps users verify an app's legitimacy and association with regulated lenders. It addresses the confusion caused by fake apps mimicking legitimate ones, empowering borrowers to avoid scams before downloading.  The Ministry of Electronics and Information Technology (MeitY) blocks fraudulent apps under Section 69A of the IT Act, 2000, following due process. Internet intermediaries face directives for tech-driven vetting to stop malicious ads from offshore entities, while the Indian Cyber Crime Coordination Centre (I4C) analyzes risky apps. Citizens can report issues via the National Cybercrime Reporting Portal (cybercrime.gov.in) or helpline 1930, with banks using 'SACHET' and State Level Coordination Committees for complaints.  Awareness drives include RBI's SMS, radio campaigns, and e-BAAT programs on cyber fraud prevention. States handle enforcement as 'Police' is their domain, supported by central advisories. These multi-pronged actions signal a robust push toward a secure digital lending space in India.

Govt, RBI Tighten Grip on Fraudulent Loan Apps #CyberFraud #IndianGovernment #LoanApps

FBI Escalates Enforcement Against Thai Fraud Rings Targeting US Individualsa   Digital exchanges that begin with a polite greeting, an apparent genuine conversation, or a quiet offer of companionship increasingly become entry points into a far more calculated form of transnational fraud. For many Americans, these interactions are not merely chance encounters, but carefully crafted overtures designed to cultivate trust before gradually dismantling it.  Many of these schemes are now linked to sophisticated criminal enterprises operating in highly secured compounds throughout Southeast Asia, where deception is being industrialized and carried out at an unprecedented scale. Therefore, the FBI's presence in Thailand has been increased in response.  Often, these networks leave little trace other than fractured finances and shattered confidence, but the FBI is working with regional authorities to disrupt these networks that steal billions of dollars from unsuspecting victims each year. It has become increasingly apparent within Washington that the size and sophistication of these operations warrants further investigation. As a result, the investigation has widened considerably.  According to Kash Patel, elements associated with the Chinese Communist Party have played an important role in enabling the construction of fortified scam compounds across Myanmar and other parts of Southeast Asia. These facilities, he described as purpose-built environments, were targeted at large-scale financial exploitation of American citizens, particularly elderly individuals.  An investigation framed as a high-priority national security issue has been initiated by the Federal Bureau of Investigation, which has initiated a coordinated operation that incorporates domestic and international measures. This effort includes the establishment of a centralized complaint processing system to streamline victim reporting and gathering information.  There are parallel efforts being made by regional governments to disrupt the digital infrastructure underpinning these networks, notably by limiting connectivity to compounds located in Cambodia and along Myanmar's border with Thailand.  Authorities have concluded that these syndicates now function with the operational maturity of structured enterprises, utilizing multilingual outreach, social engineering tactics, and cryptocurrency-based laundering frameworks in order to conceal financial records.  In addition to being a multilateral enforcement initiative, the enforcement campaign has also involved partners such as the National Crime Agency and counterparts from the Canadian, Australian, New Zealandan, South Korean, Japanese, Singaporean, Philippine and Indonesian governments. A number of early coordinated actions have already demonstrated significant impact, including dismantling thousands of fraudulent accounts, pages, and online groups across major digital platforms. This has been accompanied by targeted legal actions, including arrest warrants, as a result of the increasing synchronization of efforts to contain the threat in addition to the scale of the threat.  A senior official of the Federal Bureau of Investigation has confirmed that transnational fraud networks in Southeast Asia constitute a persistent and evolving threat vector to the United States, which is primarily driven by highly organized criminal syndicates that are able to operate across multiple jurisdictions without causing significant friction.  As Scott Schelble noted, these entities function in a manner far beyond conventional cybercrime organizations. They use coordinated infrastructure, advanced social engineering techniques, and cross-border financial mechanisms to systematically target American citizens every day.  Based on his recent engagements in Thailand, Cambodia, and Vietnam, he emphasized that these operations are characterized by well-capitalized, technologically advanced, and structured operations with the ability to exploit regulatory gaps, digital platforms, and human vulnerabilities in order to generate significant illegal revenues. Consequently, the FBI, in coordination with the Department of Justice, has intensified its efforts to coordinate a globally aligned enforcement strategy, integrating intelligence sharing, victim identification, and financial disruption into a unified operational framework that is integrated into a global alignment of enforcement.  Through collaboration with regional counterparts, in particular, the Royal Thai Police, this approach has been able to generate actionable intelligence flows and to launch joint interventions that target both personnel and the financial infrastructure supporting these schemes.  The Cambodian National Police has pursued similar cooperation channels, including the prospect of revisiting previous task force models to combat the resurgence of scam compounds, as well as the Vietnamese Ministry of Public Security on shared enforcement priorities. The fact that even limited observations of these facilities can reveal a scale of operations that is difficult to fully comprehend remotely, as entire complexes are designed to support continuous fraud activities, underscores the systemic and entrenched nature of the threat these networks pose, according to Scheble.  As an additional signal of the sustained momentum of enforcement efforts, Jirabhop Bhuridej of the Royal Thai Police stressed that the ongoing crackdown is intended to provide a clear deterrent to transnational fraud groups, emphasizing that jurisdictional boundaries cannot prevent coordinated legal action from being taken against organized scam syndicates.  The private sector has also taken steps to complement this enforcement posture, with Meta Platforms introducing enhanced user protection mechanisms across its ecosystem to complement this enforcement posture. In addition, Facebook has introduced proactive alerts to detect anomalous connection requests, and WhatsApp has strengthened security mechanisms in order to detect and warn against potentially fraudulent device-linking activities.  In light of recent task force initiatives, operational outcomes demonstrate how significant and material these initiatives are. Authorities have seized mobile phones and data storage systems from suspected scam facilities in order to generate critical forensic evidence to support ongoing investigation and prosecution.  Furthermore, a large volume of accounts associated with fraud networks have been removed through large-scale account disruption campaigns, while coordinated law enforcement actions have resulted in multiple arrests within affected jurisdictions. In regard to the financial sector, the United States Department of Justice expanded its intervention by establishing a dedicated Scam Center Strike Force, launched in late 2025 to address the growing nexus between crypto-enabled laundering channels and these operations. In the past few months, this initiative has achieved significant asset disruption milestones, identifying, freezing, and securing hundreds of millions of dollars worth of illicit digital assets a critical step towards constraining the financial lifelines that sustain these highly adaptive criminal organizations. It is evident from these developments that both the public and private sectors are required to respond sustainably and adaptively to threats that are evolving in both scale and sophistication.  According to officials, disruption alone will not suffice without parallel investments in prevention, such as improving digital literacy, strengthening platform-level safeguards, and developing cross-border intelligence sharing frameworks that are more agile.  In order for enforcement efforts to be effective in the long run, the ability to anticipate rather than merely react will be crucial as fraud ecosystems continue to iterate tactics and utilize emerging technologies.  A critical challenge for policymakers, law enforcement agencies, and technology providers alike is developing a resilient defense posture based on intelligence that can gradually erode the operational advantages on which these networks have been based for many years.

FBI Escalates Enforcement Against Thai Fraud Rings Targeting US Individualsa #CryptocurrencyLaundering #CyberFraud #DigitalFraudPrevention

Fraud Becomes More Accessible As AI Tools And Scam-As-A-Service Platforms Enable Coordinated Campaigns Alina Bizga, Security Analyst at Bitdefender, highlights how scam-as-a-service and AI fraud campaigns are scaling through social media and adaptive tactics.

Read the full breakdown:
www.technadu.com/fraud-become...

What changes have you noticed in scam tactics recently? Share your thoughts below 👇
#CyberFraud #ScamAsAService #AIFraud #SocialMediaRisks #CyberAwareness #ThreatIntelligence

Fraud is scaling like never before.
Alina Bizga warns:
“One of the clearest trends we are seeing today is the industrialization of scams.”
AI-driven campaigns + social media = real-time, adaptive scams.

What’s your take?
#CyberFraud #AIFraud #ScamAsAService #CyberSecurity

Microsoft Alerts 29,000 Users Hit by IRS-Themed Phishing Wave  Microsoft is warning of a major IRS‑themed phishing wave that hit 29,000 users in a single day, using tax‑season panic to steal credentials and deploy remote access malware. The campaigns piggyback on the urgency of the U.S. tax season, sending emails that pretend to be refund notices, payroll forms, filing reminders, or messages from tax professionals to pressure recipients into acting quickly. According to Microsoft Threat Intelligence and Defender researchers, some lures target regular taxpayers for financial data, while others focus on accountants and professionals who routinely handle sensitive tax documents and are used to receiving legitimate tax‑related mail.Many of these messages direct users either to phishing pages built on Phishing‑as‑a‑Service platforms like the Energy365 kit or to downloads that silently install remote monitoring and management (RMM) tools.  In one large campaign unearthed on February 10, 2026, more than 29,000 users across 10,000 organizations were targeted in just a day, with about 95% of victims located in the U.S. The emails impersonated the Internal Revenue Service and claimed that irregular tax returns had been filed under the recipient’s Electronic Filing Identification Number, pushing them to urgently review those returns. Sectors hit hardest included financial services, technology and software, and retail and consumer goods, reflecting the high value of the data and access that successful compromises could deliver to attackers.  Victims were instructed to download a supposed “IRS Transcript Viewer” via a button labeled “Download IRS Transcript View 5.1,” which actually redirected to smartvault[.]im, a domain posing as legitimate document platform SmartVault. The site used Cloudflare protections so that automated scanners saw a benign front, while real users received a maliciously packaged ScreenConnect installer that gave attackers remote access to their systems. Once installed, this RMM tooling enabled data theft, credential harvesting, and further post‑exploitation such as lateral movement or deploying additional malware.  Microsoft also highlights related tax‑themed tactics: CPA‑style lures tied to the Energy365 phishing kit, bogus tax‑themed domains that push ScreenConnect, and cryptocurrency‑tax emails that impersonate the IRS and distribute ScreenConnect or SimpleHelp via malicious domains like “irs-doc[.]com” and “gov-irs216[.]net.” In some cases, attackers emailed accountants and organizations asking for help filing taxes, then funneled them to Datto RMM installers under the guise of sharing documentation. Collectively, these methods show a trend of abusing legitimate RMM platforms for stealthy, persistent access instead of relying solely on traditional malware.  To defend against these threats, Microsoft advises organizations to enforce two‑factor authentication on all accounts, implement conditional access policies, and harden email security to better scan attachments, links, and visited websites. They also recommend blocking access to known malicious domains, monitoring networks and endpoints for unauthorized RMM tools like ScreenConnect, Datto, and SimpleHelp, and educating users—especially finance and tax staff—on spotting urgent, tax‑themed emails that request downloads or credentials.

Microsoft Alerts 29,000 Users Hit by IRS-Themed Phishing Wave #CyberFraud #IRS #Microsoft

#AllMembers #Scam #News #cyberfraud
This is what you see in your notifications if you've been targeted

[FORECAST] Dismantled or Displaced? Cambodia’s Scam-Compound Crackdown by 2030? Cambodia says it sealed off ~190 scam sites. 🧨 Now the real question: dismantled or displaced? 🧱🚚 Our forecast uses grown-up metrics (convictions + asset denial + independent compound counts).

Cambodia “sealed” ~190 scam compounds. Cute—by lunch they’ll respawn two provinces over on Starlink 🙃 AlphaHunt gives a real dismantle-by-2030 just 10%. Your wallet’s the KPI.

Read the forecast: blog.alphahunt.io/dismantled-o...

#AlphaHunt #CyberSecurity #CyberFraud #HumanTrafficking

Deepfake Fraud Expands as Synthetic Media Targets Online Identity Verification Systems  Beyond spreading false stories or fueling viral jokes, deepfakes are shifting into sharper, more dangerous forms. Security analysts point out how fake videos and audio clips now play a growing role in trickier scams - ones aimed at breaking through digital ID checks central to countless web-based platforms.  Now shaping much of how companies operate online, verifying who someone really is sits at the core of digital safety. Customer sign-up at financial institutions, drivers joining freelance platforms, sellers accessing marketplaces, employment checks done remotely, even resetting lost accounts - each depends on proving a person exists beyond a screen.  Yet here comes a shift: fraudsters increasingly twist live authentication using synthetic media made by artificial intelligence. Attackers now focus less on tricking face scans. They pretend to be actual people instead. By doing so, they secure authorized entry into digital platforms. After slipping past verification layers, their access often spreads - crossing personal apps and corporate networks alike. Long-term hold over hijacked profiles becomes the goal. This shift allows repeated intrusions without raising alarms.  What security teams now notice is a blend of methods aimed at fooling identity checks. High-resolution fake faces appear alongside cloned voices - both able to get through fast login verifications. Stolen video clips come into play during replay attempts, tricking systems expecting live input. Instead of building from scratch, hackers sometimes reuse existing recordings to test weak spots often. Before the software even analyzes the feed, manipulated streams slip in through injection tactics that alter what gets seen.  Still, these methods point to an escalating issue for groups counting only on deepfake spotting tools. More specialists now suggest that checking digital content by itself falls short against today’s identity scams. Rather than focusing just on files, defenses ought to examine every step of the ID check process - spotting subtle signs something might be off. Starting with live video analysis, Incode Deepsight checks if the stream has been tampered with.  Instead of relying solely on images, it confirms identity throughout the entire session. While processing data instantly, the tool examines device security features too. Because behavior patterns matter, slight movements or response timing help indicate real people. Even subtle cues, like how someone holds a phone, become part of the evaluation. Though focused on accuracy, its main role is spotting mismatches across different inputs. Deepfakes pose serious threats when used to fake identities. When these fakes slip through defenses, criminals may set up false profiles built from artificial personas.  Accessing real user accounts becomes possible under such breaches. Verification steps in online job onboarding might be tricked with fabricated visuals. Sensitive business networks could then open to unauthorized entry. Not every test happens in a lab - some scientists now check how detection tools hold up outside controlled settings. Work from Purdue University looked into this by testing algorithms against actual cases logged in the Political Deepfakes Incident Database. Real clips pulled from sites like YouTube, TikTok, Instagram, and X (formerly Twitter) make up the collection used for evaluation.  Unexpected results emerged: detection tools tend to succeed inside lab settings yet falter when faced with actual recordings altered by compression or poor capture quality. Complexity grows because hackers mix methods - replay tactics layered with automated scripts or injected data - which pushes identification efforts further into uncertainty. Security specialists believe trust won’t hinge just on recognizing faces or voices.  Instead, protection may come from checking multiple signals throughout a digital interaction. When one method misses something, others can still catch warning signs. Confidence grows when systems look at patterns over time, not isolated moments. Layers make it harder for deception to go unnoticed. A single flaw doesn’t collapse the whole defense. Frequent shifts in digital threats push experts to treat proof of identity as continuous, not fixed at entry. Over time, reliance on single checkpoints fades when systems evolve too fast.

Deepfake Fraud Expands as Synthetic Media Targets Online Identity Verification Systems #AIDeepfakes #CyberFraud #CyberSecurity

GLOBAL OPERATION TARGETS ONLINE SCAM NETWORKS: Meta investigators disabled more than 150,000 accounts connected to suspected scam organizations
www.aseantoday.info
#Asia #ASEAN #SoutheastAsia #Thailand #Bangkok #CyberFraud

The Global Cyber Fraud Wave Is Being Supercharged by Artificial Intelligence   It is becoming increasingly common for organizations to rethink how security operations are structured and managed as the digital threat landscape continues to evolve. Artificial intelligence is increasingly becoming an integral part of modern cyber defense strategies due to its increasing complexity.  As networks, endpoints, and cloud infrastructures generate large quantities of telemetry, security teams are turning to advanced machine learning models and intelligent analytics to process those data. As a result, these systems are able to identify subtle anomalies and behavioral patterns which would otherwise be hidden by conventional monitoring frameworks, allowing for earlier detection of malicious behavior.  In addition to improving cybersecurity workflow efficiency, AI is also transforming cybersecurity operations. With adaptive algorithms that continually refine their analytical models, tasks that previously required extensive manual oversight can now be automated, such as log correlation, threat triage, and vulnerability assessment.  Artificial intelligence allows security professionals to concentrate on more strategic and investigative activities, such as threat hunting and incident response planning, by reducing the operational burden on human analysts. Organizations are facing increasingly sophisticated adversaries who utilize automation and advanced techniques in order to circumvent traditional defenses.  The shift is particularly important as adversaries become increasingly sophisticated. Additionally, AI can strengthen proactive defense mechanisms by analyzing historical attacks and behavioral indicators.  Using AI-driven platforms, organizations can detect phishing campaigns in real time using linguistic and contextual analysis as well as flag suspicious activity across distributed environments in advance of emerging attack vectors. This continuous learning capability allows these systems to adapt to changes in the threat landscape, enhancing their accuracy and resilience as new patterns of malicious activity emerge.  Therefore, artificial intelligence is becoming a strategic asset as well as a defensive necessity, enabling organizations to deal with cyber threats more effectively, efficiently, and adaptably while ensuring the security of critical data and digital infrastructure.  In the telecommunications sector, fraud has been a persistent operational and security concern for many years, resulting in considerable financial losses and reputational consequences. In order to identify irregular usage patterns and protect subscriber accounts, telecom operators traditionally rely on multilayered monitoring controls and rule-based fraud management systems. Although the industry is rapidly expanding into adjacent digital services, including mobile payments, digital wallets, and payment service banking, conventional boundaries that once separated the telecom industry from the financial sector have begun to become blurred. Increasingly, telecom networks serve as foundational infrastructure for digital transactions, identity verification, and financial connectivity, rather than merely serving as communication channels.  By resulting in this structural shift, the attack surface has been significantly increased, resulting in a more complex and interconnected fraud environment, where threats are capable of propagating across multiple digital platforms. At the same time, artificial intelligence is rapidly transforming the way fraud risks are managed and emergence occurs.  With the use of artificial intelligence-driven automation, sophisticated threats actors are orchestrating highly scalable fraud campaigns, generating convincing phishing messages, utilizing social engineering tactics, and analyzing network vulnerabilities more quickly than ever before. This capability enables fraudulent schemes to evolve dynamically, adapting more rapidly than traditional detection mechanisms.  In spite of this, technological advances are equipping telecommunications providers with more advanced defensive tools as well. A fraud detection platform based on artificial intelligence can analyze huge volumes of network telemetry and transaction data, analyzing signals across communication and payment systems in real time to identify subtle indicators of compromise. By analyzing behavior patterns, detecting anomalies, and modeling predictive patterns, security teams are able to detect suspicious activities earlier and respond more precisely. Additionally, the economic implications of telecom-related fraud emphasize the need to strengthen these defenses. The telecommunications industry has been estimated to have suffered tens of billions of dollars in losses in recent years as a result of digital exploitation on a grand scale. In emerging digital economies, this issue is particularly acute, since mobile connectivity is increasingly serving as a bridge to financial inclusion. Fraud incidents that occur on telecommunications networks that support digital banking, mobile money transfers, and online commerce can have consequences that go beyond the service providers themselves. Interconnected platforms may be subject to a variety of regulatory exposures, operational disruptions, or declining consumer confidence at the same time, affecting both telecommunications and financial services simultaneously. Increasing convergence between communication networks and financial services is shifting telecom operators' responsibilities in light of their role in the digital payment ecosystem.  In addition to ensuring network reliability, providers are also expected to safeguard financial transactions occurring across their infrastructure as digital payment ecosystems grow. In light of the significant interrelationship between mobile and online banking ecosystems, a number of scams target these populations.  As a consequence of fraudulent activity occurring in such interconnected systems, it can have cascading effects across multiple organizations, leading to regulatory scrutiny and eroding trust within the entire digital economy.  The challenge for telecommunications companies is therefore no longer limited to managing network abuse alone; they must build resilient, intelligence-driven fraud prevention frameworks capable of protecting a complex digital environment that is becoming increasingly complex. Several studies conducted by the industry indicates that cyber threat operations are in the process of undergoing a significant transformation.  Attackers are increasingly orchestrating coordinated campaigns that incorporate traditional social engineering techniques with the speed and scale of automated technology. The use of artificial intelligence is now integral to the entire attack lifecycle, from early reconnaissance and target profiling to deceptive communication strategies and operational decision-making. In the context of everyday business environments, organizations encounter increasingly high-risk interactions with automated systems as AI-powered tools become more accessible. Based on data collected in recent months, it appears that a substantial percentage of enterprise AI interactions involve prompts or requests that raise potential security concerns, demonstrating how the rapid integration of artificial intelligence into corporate workflows presents new opportunities for misappropriation.  Along with this trend, ransomware ecosystems are also maturing into fragmented and scalable models. It has been observed that the landscape is becoming more characterized by loosely connected networks of specialized operators rather than a few centralized threat groups.  As a consequence of decentralization, cybercriminals have been able to expand their operations at an exponential rate, increasing both the number of victims targeted and the speed with which campaigns can be executed.  Moreover, artificial intelligence is helping to streamline target identification, optimize extortion strategies, and automate negotiation and infrastructure management functions. Consequently, a more adaptive and resilient criminal ecosystem has been created that is capable of sustaining persistent global campaigns.  Social engineering tactics are also embracing a broader array of communication channels than traditional phishing emails. Deception is increasingly coordinated by threat actors across email, web platforms, enterprise collaboration tools, and voice communication channels. Security experts have observed a sharp increase in methods for manipulating user trust by issuing seemingly legitimate technical prompts or support instructions, often encouraging individuals to provide sensitive information or execute commands.  As a result, phone-based impersonation attacks have evolved into structured intrusion attempts targeted at corporate help desks and internal support functions, resulting in more targeted intrusion attempts. In the age of cloud-based computing, browsers, software-as-a-service environments, and collaborative digital workspaces, artificial intelligence will become an integral part of critical trust layers which adversaries will attempt to exploit.  Besides user-focused attacks, infrastructure-based vulnerabilities are also expanding the threat surface, enabling hackers to blend malicious activity into legitimate network traffic as covert entry points. Edge devices, virtual private network gateways, and internet-connected systems are increasingly being used as covert entry points by attackers.  The lack of oversight of these devices can result in persistent access routes that remain undetected within complex enterprise architectures. There are also additional risks associated with the infrastructure that supports artificial intelligence. As machine learning models, automated agents, and supporting services become integrated into enterprise technology stacks, significant configuration weaknesses have been identified across a wide number of deployments, highlighting potential exposures.  As a result of these developments, cybersecurity leaders are reconsidering the structure of defensive strategies in an era marked by machine-speed attacks. Analysts have increasingly emphasized that responding to incidents after they occur is no longer sufficient; organizations must design security frameworks that prioritize prevention and resilience from the very beginning.  To ensure these foundational controls can withstand automated and coordinated attacks, security teams need to reevaluate them across networks, endpoints, cloud platforms, communication systems, and secure access environments.  Security teams face the challenge of facilitating artificial intelligence adoption without introducing unmanaged risks as it becomes incorporated into daily business processes. Keeping a clear picture of the use of artificial intelligence, both sanctioned and unsanctioned, as well as enforcing policies, is essential to reducing the potential for data leakage and misuse.  In addition, protecting modern digital workspaces, where human decision-making increasingly intersects with automated technologies, is imperative. Several tools, including email platforms, web browsers, collaboration tools, and voice systems, form an integrated operation environment that needs to be secured as a single trust domain.  In addition to strengthening the protection of edge infrastructure, maintaining an accurate inventory of connected devices can assist in reducing the possibility of attackers exploiting hidden entry points. A key component of maintaining resilience against artificial intelligence-driven cyber threats is consistent visibility across hybrid environments that encompass both on-premises infrastructures and cloud platforms along with distributed edge systems.  By integrating oversight across these layers and prioritizing prevention-focused security models, organizations can reduce operational blind spots and enhance their defenses against rapidly evolving cyber threats. Industry observers emphasize that, under these circumstances, the ability to defend against AI-enabled cyber fraud will be less dependent upon isolated tools and more dependent upon coordinated security architectures.  The telecommunications and digital service providers are expected to strengthen collaboration across the technological, financial, and regulatory ecosystems, as well as embed intelligence-driven monitoring into every layer of their infrastructure. It is essential to continually model fraud threats, use adaptive security analytics, and tighten up governance of emerging technologies to anticipate how fraud tactics evolve as innovations progress.  By emphasizing proactive risk management and strengthening trust across interconnected digital platforms, organizations can be better prepared to address increasingly automated threats while maintaining the integrity of the rapidly expanding digital economy.

The Global Cyber Fraud Wave Is Being Supercharged by Artificial Intelligence #AIsecurityrisks #ArtificialIntelligenceCybersecurity #CyberFraud

Meta Targets 150K Accounts in Southeast Asia Scam Operation   Meta announced that it has removed more than 150,000 accounts tied to organized scam centers operating in Southeast Asia, describing the move as part of a large international effort to disrupt coordinated online fraud networks. The enforcement action was carried out with assistance from authorities in several countries. Law enforcement agencies and government partners involved in the operation included officials from Thailand, the United States, the United Kingdom, Canada, South Korea, Japan, Singapore, the Philippines, Australia, New Zealand, and Indonesia. According to Meta, the joint effort resulted in 21 individuals being arrested by the Royal Thai Police. This latest crackdown builds on an earlier pilot initiative launched in December 2025. During that initial phase, Meta removed approximately 59,000 accounts, Pages, and Groups from its platforms that were connected to similar fraudulent activity. The earlier investigation also led to the issuance of six arrest warrants by authorities. In a statement explaining the action, Meta said that online scams have grown increasingly complex and organized over recent years. Criminal networks, often operating from countries such as Cambodia, Myanmar, and Laos, have established large scam compounds that function in many ways like organized business operations. These groups typically use structured teams, scripted communication strategies, and digital tools designed to evade detection while targeting victims on a global scale. According to the company, the impact of such scams extends far beyond financial loss, as they can severely disrupt lives and weaken trust in digital communication platforms. Alongside the enforcement action, Meta also announced several new safety features aimed at helping users identify and avoid scam attempts. One of these tools introduces new warning messages on Facebook that notify users when they receive communication from accounts that display characteristics commonly linked to fraudulent activity. Another safeguard has been introduced on WhatsApp to address a tactic used by scammers who attempt to persuade users to scan a QR code. If successful, this method can link the attacker’s device to the victim’s WhatsApp account, allowing them to access messages and impersonate the account holder. Meta said its system will now notify users when suspicious device-linking requests are detected. The company is also expanding scam detection on Messenger. When a conversation with a new contact begins to resemble known fraud patterns, such as questionable job opportunities or requests that appear unusual, the platform may prompt users to share recent messages so that an artificial intelligence system can evaluate whether the interaction matches known scam behavior. Meta also disclosed broader enforcement statistics related to scams on its platforms. Throughout 2025, the company removed more than 159 million advertisements that violated its policies related to fraud and deception. In addition, it disabled approximately 10.9 million Facebook and Instagram accounts that investigators linked to organized scam centers. To further address fraudulent activity, the company said it plans to expand its advertiser verification program. The goal of this measure is to increase transparency by confirming the identities of advertisers and reducing the ability of malicious actors to misrepresent themselves while running advertisements. The announcement comes at a time when governments are intensifying efforts to address online fraud. The UK Government recently introduced a new Online Crime Centre designed to focus specifically on cybercrime, including scams connected to organized fraud operations operating in regions such as Southeast Asia, West Africa, Eastern Europe, India, and China. The centre will bring together specialists from several sectors, including government agencies, law enforcement, intelligence services, financial institutions, mobile network providers, and major technology companies. The initiative is expected to begin operations next month. The project forms part of the United Kingdom’s broader Fraud Strategy 2026–2029, a policy framework aimed at strengthening the country’s response to fraud and financial crime. As part of this strategy, authorities plan to use artificial intelligence to detect emerging scam patterns, identify suspicious bank transfers more quickly, and deploy “scam-baiting” chatbots designed to interact with fraudsters in order to gather intelligence. Officials said the new centre, supported by more than £30 million in funding, will focus on identifying the digital infrastructure used by organized crime groups. This includes tracking fraudulent accounts, websites, and phone numbers used in scam operations. Authorities aim to shut down these resources at scale by blocking scam messages, freezing financial accounts linked to criminal activity, removing fraudulent social media profiles, and disrupting scam networks at their source.

Meta Targets 150K Accounts in Southeast Asia Scam Operation #CyberFraud #LawEnforcement #Meta

🔹 ICAR — International Cyber Asset Recovery

We help victims of online scams document their cases, report fraud, and receive professional guidance.
Submit your case securely here: tally.so/r/NpVNlp

#FundsRecovery #CyberFraud #ICA

FBI Warns Of Zoning Permit Applicant Scams
Read More: buff.ly/2bzWa5C

#FBIwarning #PermitScam #GovernmentImpersonation #PhishingAlert #WireFraud #CryptoScam #PublicRecordsAbuse #CyberFraud

What is cybercrime? - Negative PID Every day, you hear about cybercrime. More and more, it is presented as a problem to society: hacking, fraud, obscene behaviour, hate speech, fake news,

What is cybercrime?

#cybercrime #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #fraud #digitalfraud #fakedocuments #socialmediafraud #cyberinvestigation #cyberfraud #negativepid

Trump Wants Justice Dept. to Prioritize Cybercrime Cases President Donald Trump wants his administration to combat “predatory” schemes targeting American consumers and businesses. The president...

#Fraud #Prevention #Cybercrime #Cyberfraud #Donald #Trump #fraud […]

[Original post on pymnts.com]

Deepfake attack: 'Many people could have been cheated' The boss of the Bombay Stock Exchange was recently targeted in what is a growing global problem.

#Deepfake attack: 'Many people could have been cheated'
www.bbc.co.uk/news/article...

Video popped up on #socialmedia sites in #India showing chief executive of #BombayStockExchange giving investors advice on which stocks to buy.
#CyberFraud #AI #ArtificialIntelligence #GenerativeAI

Phishing Campaign Abuses .arpa Domain and IPv6 Tunnels to Evade Enterprise Security Defenses   Cybersecurity experts at Infoblox Threat Intel have identified a sophisticated phishing operation that manipulates core internet infrastructure to slip past enterprise security mechanisms. The campaign introduces an unusual evasion strategy: attackers are exploiting the .arpa top-level domain (TLD) while leveraging IPv6 tunnel services to host phishing pages. This method allows malicious actors to sidestep traditional domain reputation systems, posing a growing challenge for security teams. Unlike public-facing domains such as .com or .net, the .arpa TLD is reserved strictly for internal internet functions. It primarily supports reverse DNS lookups, translating IP addresses into domain names, and was never intended to serve public web content. Researchers found that attackers are capitalizing on weaknesses within DNS record management systems. By using free IPv6 tunnel providers, threat actors obtain control over certain IPv6 address ranges. Rather than configuring reverse DNS pointer (PTR) records as expected, they create standard A records under .arpa subdomains. This results in fully qualified domain names that appear to be legitimate infrastructure addresses—entities that security tools generally consider trustworthy and therefore seldom inspect closely. Attack Chain and CNAME Hijacking According to Infoblox, the campaign often starts with malspam emails impersonating well-known consumer brands. The emails feature a single clickable image that either advertises a prize or warns about a disrupted subscription. Once clicked, victims are routed through a sophisticated Traffic Distribution System (TDS). The TDS analyzes the incoming traffic, specifically filtering for mobile users on residential IP networks, before ultimately delivering the malicious content. In addition to abusing the .arpa namespace, the attackers are also exploiting dangling CNAME records. They have taken control of outdated subdomains belonging to respected government bodies, media outlets, and academic institutions. By registering expired domains that abandoned CNAME records still reference, they effectively inherit the reputation of trusted organizations, allowing malicious traffic to blend in seamlessly. Dr. Renée Burton, Vice President at Infoblox Threat Intel, emphasized the severity of this tactic, noting that "weaponizing the .arpa namespace effectively turns the core of the internet into a phishing delivery mechanism." Because reverse DNS domains inherently carry a clean reputation and lack conventional registration details, security systems that depend on URL analysis and blocklists often fail to identify the threat. Experts recommend that organizations begin viewing foundational DNS infrastructure as a potential attack surface. Proactive monitoring, particularly for unusual record creation within the .arpa namespace, along with specialized filtering controls, will be critical to defending against this evolving threat.

Phishing Campaign Abuses .arpa Domain and IPv6 Tunnels to Evade Enterprise Security Defenses #CNAMEhijacking #CyberFraud #DNSinfrastructureattack

U.S. Justice Department Seizes $61 Million in Tether Linked to ‘Pig Butchering’ Crypto Scams The U.S. Department of Justice (DoJ) has revealed that it seized approximately $61 million in Tether connected to fraudulent cryptocurrency operations commonly referred to as “pig butchering” scams. According to the department, investigators traced the confiscated digital assets to wallet addresses allegedly used to launder funds obtained through cryptocurrency investment fraud schemes. The stolen proceeds were reportedly siphoned from victims who were manipulated into investing in fake platforms promising lucrative returns. "Criminal actors and professional money launderers use cyber-enabled fraud schemes to swindle their victims and conceal their ill-gotten gains," said HSI Charlotte Acting Special Agent in Charge Kyle D. Burns. "HSI special agents work diligently to trace the illicit proceeds of crime across the globe to disrupt and dismantle the transnational criminal organizations that seek to defraud hardworking Americans." Authorities explained that these schemes typically begin with scammers initiating contact through dating platforms or social media messaging applications. The perpetrators build trust by posing as romantic interests or financial advisors before persuading victims to invest in fabricated cryptocurrency opportunities. Officials further noted that many of these operations are allegedly run from scam compounds based primarily in Southeast Asia. Individuals trafficked under false promises of well-paying jobs are reportedly forced to participate in the schemes. Their passports are confiscated, and they are coerced into deceiving targets online under threats of severe punishment. Victims are directed to professional-looking but fraudulent investment websites that display falsified portfolios and exaggerated profits. These manipulated dashboards are designed to encourage larger investments. When victims attempt to withdraw their funds, they are often told to pay additional “fees,” resulting in further financial losses. "Once the victims' money transferred to a cryptocurrency wallet under the scammers’ control, the crooks quickly routed that money through many other wallets to hide the nature, source, control, and ownership of that stolen money," the department added. In a related statement, Tether disclosed that it has frozen roughly $4.2 billion in assets tied to unlawful activities so far. The company said that nearly $250 million of that amount has been linked to scam networks since June 2025. The seizure marks one of the larger enforcement actions targeting cryptocurrency-enabled fraud and reflects ongoing efforts by U.S. authorities to disrupt global cybercrime syndicates exploiting digital assets.

U.S. Justice Department Seizes $61 Million in Tether Linked to ‘Pig Butchering’ Crypto Scams #cryptocurrency #CyberFraud #DoJcryptoseizure

Darktrace Flags Surge in Phishing as Identity-Based Attacks Redefine 2025 Threat Landscape   More than 32 million high-confidence phishing emails were identified in 2025, signaling a sharp rise in identity-focused cyberattacks, according to new findings from Darktrace. The cybersecurity firm analyzed incidents across its global customer network, revealing a year marked by growing automation, overlapping attack techniques, and faster execution by threat actors. Among the total phishing volume, over 8.2 million emails specifically targeted high-profile individuals and executives, representing more than a quarter of all attempts observed. Additionally, 1.6 million phishing messages were traced to newly registered domains, while 1.2 million leveraged malicious QR codes to lure victims. The report found that 70% of phishing emails bypassed DMARC authentication checks. Spear-phishing accounted for 41% of attacks, and 38% featured new social engineering strategies. Roughly one-third of the phishing emails exceeded 1,000 characters in length, indicating increasingly sophisticated messaging tactics. Identity Compromise Emerges as Primary Breach Method The analysis underscores a major shift in cyber intrusion tactics: identity compromise has surpassed vulnerability exploitation as the leading initial access method. Although Common Vulnerabilities and Exposures (CVEs) rose approximately 20% year-over-year, many exploits were deployed even before vulnerabilities were publicly disclosed. "Identity has become the attacker's skeleton key. Instead of forcing their way through a firewall, adversaries are logging in with stolen credentials, hijacked tokens and abused permissions, then moving laterally under the cover of legitimacy," commented Shane Barney, CISO at Keeper Security. "When identity controls are fragmented or overly permissive, attackers don't need novel exploits. They just need access that looks routine." In the Americas, nearly 70% of reported incidents involved SaaS and Microsoft 365 account takeovers. The manufacturing sector accounted for 17% of documented cases and represented 29% of ransomware incidents in the region. Overall, 47% of global security events tracked in 2025 originated from the Americas. Regional data further illustrates varying levels of digital resilience and geopolitical pressure. In Latin America, 44% of incidents stemmed from malware spreading after phishing or credential theft. The education sector was most affected, accounting for 18% of cases. Brazil, Mexico, and Colombia recorded the highest activity levels over the past three years. Across Europe, 58% of security incidents were linked to cloud and email compromise, while 42% were tied to network-based attacks. Africa reported a 60% year-over-year spike in ransomware incidents, with 76% of compromises categorized as network-driven. In Asia-Pacific and Japan, 84% of organizations indicated that AI-driven threats are already affecting them. However, only 42% said they have formal governance policies in place for safe AI usage. "Identity is no longer about perimeter-based defense. The rise in AI-based agents and the massively accelerating threat landscape has rendered that approach inadequate, and prompted a shift towards identity as the critical element to enterprise security," SailPoint CEO, Mark McClain, said. "This report's findings demonstrate that there is now a need for real-time, intelligent, and dynamic identity security, built to govern and secure not just 'who,' or in the case of AI agents, 'what,' has access to the enterprise, but what data they can access and what they are able to do once inside."

Darktrace Flags Surge in Phishing as Identity-Based Attacks Redefine 2025 Threat Landscape #CyberFraud #Darktracephishingreport2025 #DMARCbypassphishing

Jersey politicians and TV presenter used in scam adverts The adverts featuring well-known faces are being used to promote a fake investment platform.

Politicians and TV presenter used in #scam adverts
www.bbc.co.uk/news/article...

#JerseyFinancialServicesCommission says well-known #Jersey residents & orgs being used on #socialmedia with targeted #Facebook ads promoting #fake government investment platform.
#CyberCrime #CyberFraud

Indonesia’s Coretax Platform Exploited in $2 Million Fraud Campaign Targeting Taxpayers A highly coordinated cyber fraud campaign targeting Indonesia’s official Coretax tax system has resulted in estimated nationwide losses ranging between $1.5 million and $2 million. Security firm Group-IB revealed that the scheme first surfaced in July 2025 and escalated sharply in January 2026, coinciding with the country’s peak tax filing season. Cybercriminals posed as the Coretax web portal to deceive users into installing malicious mobile applications. Although Coretax is accessible strictly through its official website and does not offer a mobile application, attackers used this limitation to their advantage. The fraud operation combined cloned phishing websites, WhatsApp accounts impersonating tax officials, and voice phishing (vishing) calls to create a convincing attack chain. Victims were instructed to download fraudulent APK files, unknowingly granting attackers remote control of their smartphones. This access enabled unauthorized banking transactions and financial theft. Investigators traced the campaign to the GoldFactory threat cluster, which utilized several malware variants, including Gigabud.RAT and MMRat. During the probe, Group-IB uncovered 228 previously unidentified malware samples. The infrastructure supporting the operation was also found to be repurposed to mimic more than 16 reputable brands across sectors such as government services, aviation, pension funds, and energy. According to the report, approximately 67 million Indonesian taxpayers were considered potential targets. However, among financial institutions secured by Group-IB, the fraud success rate was restricted to 0.027% of infected devices due to advanced predictive detection tools. Researchers estimated a broader device compromise rate of 0.025% — roughly 2.5 out of every 1,000 banking users. When extrapolated to Indonesia’s population of 287 million individuals exposed to the impersonated brands, the cumulative financial losses and associated operational expenses were calculated between $1.5 million and $2 million. The investigation further identified 996 phishing URLs generated through a centralized system, pointing to a malware-as-a-service (MaaS) framework with the capacity to scale internationally. Potential expansion targets include Thailand, Vietnam, the Philippines, and South Africa. The fraud followed a structured, multi-phase approach: * Distribution of phishing links via fake WhatsApp tax representatives * Installation of malicious applications that locked devices and extracted sensitive data * Vishing calls pressuring victims to settle alleged tax dues * Screen recording to capture banking credentials and one-time passwords (OTPs) * Remote account takeover (ATO) and fund transfers through mule accounts Group-IB noted that a layered security strategy combining signature-based detection, behavioral analytics, and contextual threat intelligence significantly mitigated losses among its clients. By analyzing infrastructure patterns and anticipating brand impersonation trends, the company reported stopping most fraudulent transactions before funds could be withdrawn. The case underscores the growing sophistication of coordinated malware campaigns and the risks they pose to public confidence in digital government services, particularly when critical platforms like national tax systems are targeted.

Indonesia’s Coretax Platform Exploited in $2 Million Fraud Campaign Targeting Taxpayers #Coretaxphishingscam #CyberFraud #GigabudRAT

🚨Global Cybersecurity Outlook 2026

How are organisations adapting as #cyberrisk accelerates?

The report from @weforum.org and #Accenture highlights #AI -driven change, #geopoliticalpressure and rising #cyberfraud - demanding stronger #resilience and cooperation.

ℹ️ www.weforum.org/publications...

Indonesia Hit by $2m Fraud Wave Using Fake ‘Coretax’ Tax Apps  A massive fraud campaign abusing Indonesia’s official Coretax tax platform has siphoned off an estimated 1.5–2 million dollars in losses nationwide, highlighting how cybercriminals now weaponize public digital services at industrial scale.  Launched around July 2025 and ramped up ahead of the 2026 tax filing season, the operation preyed on taxpayers who believed they were interacting with legitimate Coretax channels. Although Coretax is only available as a web service, victims were deceived into thinking an official mobile app existed, turning their smartphones into entry points for financial theft. This gap between user perception and the platform’s real distribution model became the core social engineering hook. According to Group-IB, the attackers built a multi-stage attack chain that blended classic phishing with modern mobile malware techniques. It started with phishing websites that visually mimicked the Coretax portal and other trusted brands, then continued via WhatsApp messages and calls from impostors posing as tax officials. These contacts pushed users to download Android application packages (APKs) masquerading as Coretax tools for filing or synchronizing tax data. Once installed, the malicious apps granted remote access, allowing fraudsters to control infected devices, freeze screens, and intercept sensitive data. The campaign has been linked to the GoldFactory threat cluster, known for deploying advanced Android remote access trojans such as Gigabud.RAT and MMRat. Investigators uncovered 228 new malware samples tied to the operation, underlining the industrialized nature of the scheme. Beyond Coretax, the same infrastructure impersonated more than 16 reputable brands, including government services, airlines, pension funds, and energy providers, significantly widening the pool of potential victims. This brand-hopping strategy enabled attackers to reuse tooling while constantly refreshing lures. At its peak, the operation aimed at roughly 67 million Indonesian taxpayers and, more broadly, at 287 million individuals exposed to abused brands across the country. While the overall compromise rate remained relatively low—around 0.025% of users—the scale of the population meant financial losses and associated costs still reached between 1.5 and 2 million dollars. Among financial institutions protected by Group-IB, predictive detection and layered defenses limited successful fraud to just 0.027% of malware-compromised devices. This illustrates how early detection and behavioral analysis can sharply reduce downstream financial impact. Researchers warn that the operation appears to follow a malware-as-a-service model, supported by a centralized framework that has already generated nearly a thousand phishing URLs. The same toolkit could easily be repurposed against taxpayers and banking customers in other countries, with Thailand, Vietnam, the Philippines, and South Africa cited as likely next targets. For Indonesian users, the key defense is to remember that Coretax does not have a mobile app and is only accessible via official government websites. Verifying domains, refusing APK installations sent over messaging apps, and questioning unsolicited “tax officer” calls are now critical to staying safe during tax season.

Indonesia Hit by $2m Fraud Wave Using Fake ‘Coretax’ Tax Apps #Coretax #CyberFraud #FinancialScam

What is cybercrime? - Negative PID Every day, you hear about cybercrime. More and more, it is presented as a problem to society: hacking, fraud, obscene behaviour, hate speech, fake news,

What is cybercrime?

#cybercrime #Cybersecurity #cyberattacks #cyberThreats #onlineSecurity #negativepid #fraud #digitalfraud #fakedocuments #socialmediafraud #cyberinvestigation #cyberfraud #negativepid

Fraudsters Use Postal Mail to Target Crypto Hardware Wallet Owners Cybercriminals are using traditional mail services to target cryptocurrency users who own hardware wallets manufactured by Trezor and Ledger. The attackers are distributing printed letters that falsely present themselves as official security notifications and attempt to trick recipients into revealing their wallet recovery phrases. The letters instruct users to complete a compulsory “Authentication Check” or “Transaction Check,” claiming this step will soon become mandatory. Recipients are warned that failure to comply before stated deadlines could result in disrupted wallet functionality. One Trezor-themed letter sets February 15, 2026 as the cutoff date, while a Ledger-branded version references October 15, 2025. The correspondence appears professionally formatted and claims to originate from internal security or compliance departments. In a case shared publicly by cybersecurity researcher Dmitry Smilyanets, a Trezor-related letter stated that authentication would soon be enforced across devices and urged users to scan a QR code to prevent interruption of Trezor Suite access. The letter further asserted that even if users had already enabled authentication on their device, they must repeat the process to ensure full activation and synchronization of the feature. The QR codes direct recipients to fraudulent domains including trezor.authentication-check[.]io and ledger.setuptransactioncheck[.]com. At the time of reporting, the Ledger-linked domain was inactive, while the Trezor-related site remained accessible but displayed a phishing warning from Cloudflare. The Trezor-themed phishing page states that users must complete authentication by February 15, 2026 unless they purchased specific models, including Trezor Safe 7, Safe 5, Safe 3, or Safe 1, after November 30, 2025, in which case the feature is allegedly preconfigured. After selecting “Get Started,” users are warned that ignoring the process could lead to blocked access, transaction signing errors, and complications with future updates. Those who continue are prompted to enter their wallet recovery phrase. The form accepts 12-, 20-, or 24-word phrases and claims the information is necessary to confirm device ownership. Technical analysis shows that submitted phrases are transmitted through a backend endpoint located at /black/api/send.php on the phishing domain. With access to the recovery phrase, attackers can restore the wallet on another device and transfer funds. The method used to identify recipients remains unclear. However, both manufacturers have experienced past data breaches that exposed customer contact information, potentially increasing targeting risks. Although email-based crypto phishing is common, physical mail scams remain relatively uncommon. In 2021, attackers mailed tampered Ledger devices designed to capture recovery phrases during setup. A similar postal campaign targeting Ledger users was reported again in April. A recovery phrase, also called a seed phrase, represents the private cryptographic key controlling a cryptocurrency wallet. Anyone who obtains it gains complete control over the associated funds. Legitimate hardware wallet providers do not request recovery phrases through mail, QR codes, websites, or email. The phrase should only be entered directly on the hardware device during a genuine restoration process.

Fraudsters Use Postal Mail to Target Crypto Hardware Wallet Owners #cryptocurrency #CyberFraud #forgedletterheads

Thailand Moves To Seize Scam Assets
Read More: buff.ly/OiAr9BJ

#ScamSyndicates #AssetSeizure #MoneyLaundering #FinancialCrime #CyberFraud #ThailandNews #LawEnforcement #GlobalCyber

Fake 7-Zip Site Spreads Malicious Installer
Read More: buff.ly/FibGJeo

#7ZipScam #MalwareDistribution #ResidentialProxies #SoftwareSupplyChain #PhishingSite #CyberFraud #InfosecAlert #ThreatCampaign

Original post on securityboulevard.com

DataDome Releases VM-Based Obfuscation: The Next Evolution in Client-Side Detection Security DataDome releases VM-based obfuscation—our most advanced client-side protection yet. Three-layer defen...

#Security #Bloggers #Network #bot #management […]

[Original post on securityboulevard.com]