This is a monthly newsletter I put together for an internal security awareness program. Feel Free to grab and use for your own program.

Task Scams: Why You Should Never Pay to Get Paid 

ESET warns of a growing wave of “task scams” where victims are enticed by offers of quick money for simple online tasks, such as liking content or clicking buttons. While early steps appear legitimate and even show fake earnings, the scheme ultimately demands an upfront payment to “unlock” these earnings—after which victims receive nothing. Reports of task scams have quadrupled, with millions lost to this tactic. 

Key Insights: 

• Scams typically begin through unsolicited messages on WhatsApp, Telegram, or social media. 

• Fake earnings dashboards give victims a false sense of progress and legitimacy. 

• Victims are often pressured to pay a fee in cryptocurrency to claim their supposed rewards. 

• Scammers may use cloned websites and group chats filled with fake success stories to boost credibility. 

• Other forms of employment fraud include fake job ads, phishing through CV submissions, and impersonated recruiters. 

Further Reading: WeLiveSecurity 

Jasper Sleet: North Korean Remote IT Workers Use AI to Infiltrate Organizations 

Microsoft Threat Intelligence has identified a surge in activity from the North Korea-linked threat actor Jasper Sleet, formerly tracked as Storm‑0287. These operatives are exploiting remote work arrangements to embed themselves within organizations worldwide. Using AI tools to enhance fake identities, they are securing employment, gaining access to sensitive systems, and exfiltrating data to support North Korea’s strategic and financial objectives. 

Key Insights: 

• Jasper Sleet operatives use AI for facial and voice modification to impersonate real job seekers. 

• Fake identities are supported by fabricated credentials, doctored online profiles, and complicit facilitators. 

• The campaign targets a wide range of industries across North America, Europe, and Asia. 

• Over 3,000 accounts have been suspended due to links to this operation. 

• Common tactics include the use of residential IPs, remote access software, and resume laundering. 

Further Reading: Microsoft Security Blog 

AI Hiring Bot Breach: McDonald’s Chatbot Exposes Data of Millions 

Security researchers Ian Carroll and Sam Curry discovered a critical vulnerability in Olivia, the AI hiring assistant via Paradox.ai's McHire platform, used by McDonald’s. With just the default password 123456, the duo accessed an admin account and discovered a critical API flaw. In under an hour, they viewed personal details—including names, emails, phone numbers, and chat logs—for approximately 64 million job applicants spanning years of data. 

Key Insights: 

• A dormant admin panel was secured by default credentials, lacking any multifactor authentication. 

• An insecure direct object reference (IDOR) allowed researchers to enumerate applicant records by simply changing numeric IDs. 

• Data exposed included conversation content and personal identifiers—though not financial or sensitive health info. 

• McDonald’s and Paradox.ai responded swiftly, disabling the account and patching the API within a day. 

• Despite the quick fix, the breach underscores the risks of weak third-party oversight and insecure AI-driven recruitment tools. 

Further Reading: Wired 

Gemini Email Summary Phishing: Invisible Prompt Injection Risk 

A newly discovered vulnerability in Google’s Gemini for Workspace demonstrates how attackers can embed hidden instructions in emails—styled with invisible text—so that clicking “Summarize this email” invokes the malicious prompt. This can result in fake security alerts, phishing links, or fraudulent phone numbers appearing in AI-generated summaries. 

Key Insights: 

• Attackers hide directives using invisible HTML/CSS that Gemini parses but users can’t see. 

• Summarized messages may falsely warn of compromised accounts and urge recipients to click links or call numbers. 

• Because there are no obvious phishing signals (like attachments or visible links), these emails bypass typical threat detection. 

• Security teams should flag summaries containing urgent calls to action and train users to verify full email content. 

Further Reading: Bleeping Computer 

Deepfake It ‘til You Make It: The New AI Criminal Toolset 

Cybercriminals are increasingly exploiting deepfake technology to conduct fraud, extortion, and manipulation campaigns. Originally built for creative or entertainment purposes, AI-driven tools for generating fake audio, video, and images are now widely available and being misused to impersonate individuals and mislead organizations. 

Key Insights: 

• Democratized Deepfake Creation: Tools for generating synthetic media are now easy to use, enabling low-skilled actors to produce realistic forgeries. 

• CEO Fraud & Recruitment Exploits: Deepfake audio and video are being used to impersonate executives during meetings or to create fake candidate profiles in hiring scams. 

• KYC & Identity Fraud Risks: Attackers use deepfakes to bypass identity verification processes at banks and fintech platforms, facilitating account fraud. 

• Plug-and-Play Underground: Criminal communities are sharing deepfake tools, tutorials, and services, lowering the barrier to entry for would-be attackers. 

Further Reading: Trend Micro 

FileFix: A Social Engineering Evolution of ClickFix 

Check Point Research has uncovered FileFix, a new social engineering attack that refines the ClickFix method to trick users into executing malicious commands. Delivered through compromised or typo-squatted websites, FileFix prompts victims with a fake download link or “Fix” button—copying harmful PowerShell scripts to the clipboard. When users paste and run these snippets, the attacker gains system access through a stealthy, multi-stage infection chain. 

Key Insights: 

• FileFix uses clipboard hijacking to push malicious payloads via user-initiated paste actions. 

• Fake prompts mimic legitimate "fix" or software update buttons to build trust. 

• Infection unfolds in stages—from initial PowerShell downloaders to final payloads like AsyncRAT or remote access trojans. 

• This variation simplifies and accelerates command execution compared to previous ClickFix variants. 

• Detection requires user awareness and endpoint policies that block shell execution from clipboard content. 

Further Reading: Check Point Research 

FBI Warns of Youth-Driven Cybercrime and Violence Networks 

The FBI has issued a series of alerts warning about “The Com,” a decentralized network of youth-led cybercriminal groups responsible for a surge in digital fraud, harassment, and real-world violence. Subgroups like Hacker Com focus on cryptocurrency theft, SIM swapping, and ransomware, while IRL Com offers violence-for-hire services such as swatting, assault, and kidnapping. These groups exploit gaming platforms and social media to recruit minors, using threats, doxing, and financial incentives to escalate involvement. 

Key Insights: 

• Youth-focused groups are driving cybercrime and monetizing their skills via extortion, malware, and fraud. 

• Cryptocurrency enables both virtual and physical attacks, including pay-for-assault services. 

• Recruitment often starts on gaming and social platforms, escalating into serious criminal activity. 

• Swatting and doxing are common intimidation tactics tied to digital theft or status-building. 

Further Reading: IC3.gov PSA 1   | ICS3.gov PSA 2 | ICS3.gov PSA 3 

North Korean IT Worker Schemes: Emerging Threat to U.S. Businesses 

The FBI has issued a critical alert (PSA>I‑072325‑4) highlighting how North Korean IT workers and their domestic facilitators are infiltrating U.S. businesses. These workers use deceptive employment setups—often via U.S.-based intermediaries—to bypass sanctions and gain unauthorized access to sensitive systems, generating illicit revenue to support the DPRK regime. 

Key Insights: 

• These schemes rely on unwitting or complicit U.S. individuals who receive, configure, and then forward company assets (like laptops and accounts) to operatives in North Korea. 

• Facilitators may manage shipping, remote access setup, account creation on job platforms, and even handle proceeds in shared financial accounts. 

• Tactics exploit front companies and virtual interviews to mask identities and evade detection, with remote desktop tools like TeamViewer used covertly. 

• There are significant risks of sanction violations, data theft, and unauthorized system control when businesses hire third-party or international IT contractors. 

• The FBI recommends organizations conduct in-person or video identity verifications, validate employment credentials, monitor shipping/payment methods, and restrict unauthorized remote-access tools. 

Further Reading: IC3.gov PSA I‑072325‑4 

Targeted Social Engineering Drives Ransom Payments Skyward in Q2 2025 

Coveware’s Q2 2025 ransomware spotlight reveals a dramatic shift in attack economics: the average ransom payment jumped to $1,130,070—a staggering 104% increase from Q1—while the median payment doubled to $400,000, indicating high-value extortion is on the rise. 

Key Insights: 

• Ransomware actors are shifting from broad targeting to highly targeted social-engineering campaigns, exploiting trusted communications and tailored deception to pressure specific high-profile victims. 

• While the payment amounts surged, the overall ransom payment rate remained low at ~26%, suggesting many organizations continue to successfully resist paying demands. 

• Mid-sized and larger enterprises are now disproportionately affected, as attackers focus on fewer but more lucrative targets rather than bulk low-value victims. 

Further Reading: Coveware Blog 

Privacy Alert: Tea App Data Breach Exposes Millions of Sensitive Chats 

The women-focused “Tea” app, designed for anonymous reviews and dating safety, has suffered a catastrophic data breach impacting users prior to February 2024. Initial reports of exposed selfies and ID documents (around 72,000 images) have now escalated: researchers uncovered a second compromised database containing 1.1 million private messages on deeply personal topics—spanning infidelity, abortion, and abuse. 

Key Insights: 

• Legacy storage misconfiguration in Firebase led to unauthorized data exposure, including chat logs and user IDs. 

• Messaging functionality has been disabled while Tea investigates and coordinates with cybersecurity experts and the FBI. 

• Victims face potential risks of identity theft, harassment, and blackmail through leaked information involving personal phone numbers and real‑world identifiers. 

Further Reading: WebProNews  

Scattered Spider Alert: FBI & CISA Update on Tactics & Threats 

Critical infrastructure and commercial entities are urged to review CISA's updated joint advisory AA23‑320A (last revised July 29, 2025), detailing evolving tactics used by the Scattered Spider cybercriminal group. Known for preying on IT and help desk personnel, this financially motivated threat actor now combines social engineering, ransomware, and data extortion with sophisticated new techniques. 

Key Insights: 

• Scattered Spider continues targeting IT support channels using voice phishing (vishing), SMS phishing (smishing), and MFA fatigue attacks alongside SIM swapping to obtain access credentials. 

• Once inside, attackers repurpose legitimate remote-access and tunneling tools (e.g. TeamViewer, AnyDesk, Ngrok) instead of relying on malware, enabling stealthy and persistent access. 

• New variants like DragonForce ransomware are now being deployed as part of combined extortion operations (data theft + encryption). 

• In recent operations, actors have refined social engineering methods while rotating TTPs to evade detection and extend dwell time. 

• Updated mitigations emphasize phishing-resistant MFA, verifying helpdesk contacts out-of-band, limiting remote access tool use, and continuous validation of security controls against evolving attack behaviors. 

Further Reading: CISA Advisory AA23‑320A (Scattered Spider) 

Scam Alert: Gaming Sites Flooded with Fake Platforms and Phishing Traps 

Threat actors have launched a large-scale social engineering campaign using polished, fraudulent gaming and wagering websites—promoted via Discord and social media ads. These platforms lure users with claims of partnerships with influencers like “Mr. Beast,” and offer fake promo codes for in-game credits. Once victims deposit funds or connect crypto wallets, the sites disappear—often taking user data and assets with them. 

Key Insights: 

• Hundreds of scam sites—often over 1,200 domains—are promoted via sponsored ads and influencer tie-ins to appear legitimate. 

• These platforms impersonate giveaways or wagering systems, incentivizing sign-ups with fake bonus credits and “verified” endorsements. 

• After registration or payment, users often lose access to funds and face account theft or credential compromise. 

• Scams are heavily directed toward younger users on Discord and gaming communities, exploiting trust in influencer culture. 

• In addition to phishing domains, attackers distribute malware via fake mods or “game cheats,” particularly targeting titles like Minecraft and Roblox. 

Further Reading: KrebsOnSecurity 

Phishing Trends Q2 2025: Microsoft at the Helm, Spotify Rejoins the Spotlight 

Check Point Research’s latest Brand Phishing report reveals that in the second quarter of 2025, cybercriminals continued to impersonate high-trust brands to trick users into revealing credentials or financial data. Microsoft remained the most spoofed brand—used in 25% of phishing attempts—followed by Google (11%), Apple (9%), and Spotify (6%), marking Spotify’s first reappearance in the charts since late 2019. 

Key Insights: 

• Microsoft led phishing campaigns, accounting for a quarter of all spoofed brands. 

• Spotify saw a surprising resurgence in impersonation attempts after a long absence, used in campaigns involving fake credential and payment pages. 

• Booking.com–themed domains surged by over 700 in Q2, many embedding personal user data to deceive targets convincingly. 

• Tech remained the top spoofed sector, with social networks, travel, and retail brands also seeing elevated impersonation activity. 

• Seasonal alignment played a key role: the rise in travel scams coincided with summer holiday planning, amplifying phishing success. 

Further Reading: Check Point Research 

Microsoft OAuth Phishing Campaign: MFA Bypass via App Impersonation 

Proofpoint has exposed a sophisticated phishing campaign where attackers used malicious Microsoft OAuth applications—disguised as trusted brands like Adobe, DocuSign, and SharePoint—to trick users into granting access to their Microsoft 365 accounts. These apps operated within legitimate authorization flows, enabling attackers to bypass multi-factor authentication (MFA) with minimal-risk consent requests. 

Key Insights: 

• The fake OAuth apps mimicked trusted publishers to obtain permissions for profile, email, and openid scopes—enough to capture credentials and session tokens without raising suspicion. 

• Once approved, users were redirected to phishing pages that intercepted login credentials and session tokens using AiTM (attacker-in-the-middle) kits like Tycoon or EvilProxy. 

• Attackers were able to maintain access via stolen tokens even after password resets, remaining linked to accounts until consent was manually revoked. 

• The campaign compromised multiple sectors—including finance, healthcare, and retail—targeting executives and high-privilege users. 

• Standard security controls such as DMARC or domain reputation were largely ineffective since the phishing originated from within Microsoft's system. 

• Microsoft is rolling out updated defaults that require administrative approval for third-party app permissions, aiming to limit similar attacks going forward. 

Further Reading: Proofpoint Threat Insight 

FBI Alert: QR Code Packages Used in Emerging Fraud Scheme 

The FBI has issued a Public Service Announcement (PSA I‑073125) warning about a new twist on the classic "brushing scam": unsolicited packages sent to recipients containing QR codes that, when scanned, prompt the victim to share personal or financial information or inadvertently download malware. These packages often arrive without sender details, making recipients more likely to investigate the code out of curiosity. 

Key Insights: 

• Mail includes no sender information, tempting recipients to scan QR codes in order to identify the sender. 

• Scanning the code can lead to phishing forms requesting sensitive data or installation of smartphone malware. 

• The tactic is a modification of brushing scams, repurposed for fraud by exploiting user curiosity and trust. 

• Fraudsters may ask victims to grant permissions or download apps that compromise device security. 

Protective Measures: 

• Don’t scan QR codes from unexpected or unknown packages. 

• Avoid granting app or account access triggered via unsolicited QR links. 

• If suspicious, report the package to your local authorities or the FBI’s Internet Crime Complaint Center (IC3). 

Further Reading: IC3.gov PSA I‑073125 

This is a security awareness focused newsletter that I share internally. Feel free to grab and use for your own internal security awareness program. Created with help from ChatGPT.

Personal Information Compromised in Grubhub Data Breach 

A recent data breach at Grubhub has compromised personal information of millions of users. The breach exposed sensitive details such as names, email addresses, and passwords, leading to potential risks of identity theft and fraud. Customers are urged to change their passwords and monitor their accounts for any unusual activity. This incident highlights the importance of securing user data and staying vigilant after a breach. 

Key Insights: 

• Grubhub's recent data breach exposed sensitive personal information, including names and email addresses. 

• Customers should change passwords and monitor accounts for suspicious activity to protect against identity theft. 

• This breach underscores the need for stronger data protection measures and proactive security practices in handling consumer information. 

Further Reading: SecurityWeek 

Beware of Lazarus LinkedIn Recruiting Scam 

A new LinkedIn recruiting scam linked to the Lazarus Group is targeting professionals with fake job offers. The scam lures victims into sharing personal information or downloading malicious files, ultimately leading to data theft or malware infections. As the threat actor behind this campaign is known for cyber espionage and financial theft, users must remain cautious when interacting with unsolicited job offers on LinkedIn. 

Key Insights: 

• The Lazarus Group is behind a LinkedIn recruiting scam aimed at stealing personal information and spreading malware. 

• The scam involves fake job offers that seem legitimate, tricking victims into revealing sensitive details. 

• Users should verify job offers before engaging and avoid downloading files or clicking links from unknown sources. 

Further Reading: GBHackers 

Love Gone Phishy: Check Point Research Exposes Valentine’s Day Cyber Threats 

Check Point Research has uncovered a rise in phishing campaigns during the Valentine's season, targeting users with fake promotions, gifts, and love-related messages. These attacks are exploiting the festive period to lure victims into clicking malicious links or sharing sensitive information. This underscores the importance of maintaining cybersecurity practices during high-traffic times like holidays. 

Key Insights: 

• Phishing campaigns around Valentine's Day are using romantic themes to deceive users into revealing personal information. 

• These threats often involve fake websites or links promising deals and gifts, leading to credential theft or malware infection. 

• Consumers should be cautious when clicking on unsolicited links, especially during holiday seasons, and verify offers from trusted sources. 

Further Reading: Check Point Blog 

Fake Etsy Invoice Scam Tricks Sellers into Sharing Credit Card Information 

A new scam targeting Etsy sellers involves fake invoices that appear to come from Etsy's support team. These fraudulent invoices contain links that lead to a phishing page, designed to steal credit card information. Sellers are urged to carefully examine the sender’s email address and to avoid clicking links in suspicious emails. Etsy never requires credit card information for verification purposes, and any such request should be treated as a red flag. 

Key Insights: 

• The scam begins with a fake invoice sent via email, often with a PDF attachment that appears legitimate. 

• Fraudulent websites closely mimic Etsy’s design but ask for sensitive data, including credit card information. 

• Sellers should avoid clicking on email links and should visit Etsy’s official site directly to verify any account requests. 

Further Reading: Malwarebytes 

Using Genuine Business Domains and Legitimate Services to Harvest Credentials 

Cybercriminals are increasingly using legitimate business domains and services to conduct credential harvesting attacks. By spoofing well-known companies and mimicking their email communications, attackers deceive users into providing their login information. These tactics often involve using business-looking email addresses and phishing links that lead to fake login pages. This trend underscores the need for businesses and consumers to be cautious when interacting with unsolicited messages. 

Key Insights: 

• Phishing attacks are increasingly using trusted business domains and services to trick users into disclosing credentials. 

• Attackers mimic legitimate emails to create fake login pages that steal sensitive information. 

• Users should be cautious of unsolicited messages and verify the authenticity of any login requests by visiting official websites directly. 

Further Reading: KnowBe4 Blog 

Phishing for Love: A Sharp Surge in Valentine’s Day-Themed Scams 

As Valentine's Day approaches, scammers are leveraging love-themed phishing attacks to deceive users into clicking malicious links or revealing personal information. These scams often appear as romantic gift offers, fake delivery notices, or enticing deals, tricking individuals into providing sensitive data or making fraudulent payments. This surge in phishing tactics highlights the need for extra caution during the holiday season. 

Key Insights: 

• Valentine’s Day scams are using themed messages to entice victims into sharing personal information or clicking on malicious links. 

• These scams often come in the form of fake gift offers, e-cards, and package delivery notifications. 

• Users should avoid clicking on unsolicited links and verify offers before engaging with any communications. 

Further Reading: KnowBe4 Blog 

Tips for Detecting Real-time Deepfakes: A Guide to Staying One Step Ahead 

As deepfake technology becomes more sophisticated, it’s increasingly important to know how to identify fake videos and images in real-time. These manipulated media files are often used for scams, misinformation, or even social engineering attacks. The blog offers practical tips for detecting deepfakes, such as examining inconsistencies in video and audio quality, checking metadata, and verifying the source of the content. With deepfakes becoming more prevalent, staying informed about these techniques can help protect against digital manipulation. 

Key Insights: 

• Real-time detection of deepfakes is critical as they are being used in a variety of attacks. 

• Signs to look for include mismatched lighting, unnatural facial movements, and inconsistencies in audio. 

• Verifying sources and cross-checking information are essential steps in detecting fake content. 

Further Reading: KnowBe4 Blog 

Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts 

A new spear-phishing campaign linked to Russian threat actors is targeting Microsoft 365 users. The attackers use highly customized phishing emails that appear legitimate, aiming to steal login credentials and gain unauthorized access to sensitive information. With Microsoft 365 being a prime target, organizations should enhance their security by training users to recognize phishing attempts and implementing advanced security measures, including multi-factor authentication. 

Key Insights: 

• Russian threat actors are targeting Microsoft 365 accounts using personalized spear-phishing emails. 

• These attacks aim to steal credentials, putting sensitive data at risk. 

• Organizations should deploy multi-factor authentication and conduct regular security awareness training to protect against these threats. 

Further Reading: KnowBe4 Blog 

New Facebook Copyright Infringement Phishing Campaign 

A new phishing campaign has been detected targeting Facebook users with fake copyright infringement notices. The attackers use deceptive emails that appear to come from Facebook, claiming that users have violated copyright laws. The emails contain links to fake Facebook pages that prompt users to enter personal information, including passwords. This campaign highlights the ongoing threat of phishing attacks that impersonate trusted platforms like Facebook. 

Key Insights: 

• The phishing emails mimic Facebook's notifications about copyright violations to trick users into sharing sensitive data. 

• Victims are directed to fake pages designed to capture their credentials. 

• Users should be cautious about unsolicited emails and verify the authenticity of any official communications by visiting Facebook directly. 

Further Reading: Check Point Blog 

Phishing Kit Abuses Open Graph to Target Social Media Users 

A new phishing kit takes advantage of the Open Graph protocol, which is commonly used to display rich media on social media platforms, to deceive users. The kit allows attackers to embed phishing links into seemingly harmless social media posts, making it more difficult for users to identify fraudulent content. By manipulating Open Graph data, the scam appears legitimate, drawing users into phishing sites that steal personal information. 

Key Insights: 

• The phishing kit abuses Open Graph to embed malicious links in social media posts, creating fake but convincing content. 

• This tactic makes it harder for users to detect phishing attempts on social media. 

• Users should be cautious about clicking links in social media posts, especially if they appear unfamiliar or too good to be true. 

Further Reading: KnowBe4 Blog 

Phishing Campaign Disguises as ChatGPT Subscription 

A new phishing campaign is using ChatGPT subscriptions as a cover to steal user credentials. The attackers send emails offering a fake ChatGPT subscription, prompting users to enter their personal and payment information. This method exploits the popularity of ChatGPT and preys on users' trust. Security measures, such as verifying subscription details and avoiding unsolicited emails, can help prevent falling victim to this scam. 

Key Insights: 

• Attackers are using fake ChatGPT subscription offers to steal personal and financial information. 

• The phishing emails mimic legitimate communications, making them harder to detect. 

• Users should verify subscription offers directly on trusted platforms and avoid clicking on links in unsolicited emails. 

Further Reading: Broadcom 

DeepSeek Lure Used to Spread Malware 

A new DeepSeek campaign uses CAPTCHA-like pages to distribute malware. Attackers use fake CAPTCHA challenges to lure users into executing malicious code, evading detection by appearing harmless. The campaign primarily targets users who are tricked into downloading and running the malware. This attack illustrates how cybercriminals are exploiting popular web features to deliver malicious payloads. 

Key Insights: 

• The malware is delivered through fake CAPTCHA-like pages, making it seem legitimate. 

• Attackers use this method to bypass security filters and trick users into downloading harmful software. 

• Regular security updates and cautious behavior when interacting with unfamiliar websites can help mitigate such threats. 

Further Reading: Zscaler Blog 

Chinese Hackers Target Hospitals by Spoofing Medical Software 

A new phishing campaign has been discovered where Chinese hackers are targeting hospitals by spoofing medical software, including fake updates for health-related applications. The hackers use these fake updates to deliver malware, gaining access to sensitive healthcare data. Hospitals and healthcare organizations are urged to be cautious of unsolicited software updates and to ensure they are obtaining updates from official sources. 

Key Insights: 

• Attackers are spoofing medical software updates to distribute malware in healthcare organizations. 

• The campaign targets sensitive healthcare data, with phishing emails disguised as software updates. 

• Healthcare organizations should verify software updates and ensure they come from trusted sources. 

Further Reading: KnowBe4 Blog 

Scanning for Trouble: Behind the Scenes of Our QR Code Phishing Demo 

The KnowBe4 team explores the mechanics of QR code phishing in their latest demo, showcasing how attackers are using QR codes to direct victims to phishing sites. The demo reveals the ease with which malicious actors can create seemingly harmless QR codes that lead to fraudulent sites, designed to steal personal information. By understanding the techniques used in these phishing campaigns, organizations can better educate employees and defend against such attacks. 

Key Insights: 

• QR code phishing is becoming more common, with attackers using them to bypass traditional email filtering techniques. 

• Malicious QR codes often lead victims to fake login pages where sensitive data is harvested. 

• Organizations should educate employees on the risks of scanning unsolicited QR codes and implement strong security measures. 

Further Reading: KnowBe4 Blog 

How Phished Data Turns into Apple & Google Wallets 

Phishing campaigns are evolving, with cybercriminals now using phished data to load stolen payment card information directly into Apple and Google Wallets. These scams often involve SMS messages impersonating services like the USPS or toll operators, tricking users into entering payment details. Once victims provide their information and verification codes, their data is linked to mobile wallets controlled by attackers. This advancement in carding techniques highlights the growing risks of mobile payment systems and the need for heightened security measures. 

Key Insights: 

• Cybercriminals use phishing to steal payment information, converting it into mobile wallets for fraud. 

• These phishing schemes often involve spoofed messages and real-time interaction with human operators. 

• Attackers can use "ghost tap" technology to make fraudulent purchases from a distance using NFC technology. 

Further Reading: Krebs on Security 

This is a newsletter I share internally as part of our internal security awareness program. Feel free to take and use in your organization. Created with help from ChatGPT

Fake Job Applications Deliver Dangerous Malware 

Summary: A spear-phishing campaign has been targeting HR professionals with malicious job applications. Attackers use fake resumes containing More_eggs malware, a backdoor designed to steal credentials. This malware, part of a Malware-as-a-Service (MaaS) platform operated by the Golden Chickens group, can be used by multiple threat actors. The attack chain involves malicious Windows shortcut (LNK) files that initiate the infection upon execution, allowing attackers to perform reconnaissance and drop additional payloads. 

Key Insight: Be cautious when handling job applications, especially those involving downloadable files from unknown sources. 

For further details, read the full article on The Hacker News. 

Data Privacy Risks in Connected Cars 

Modern connected vehicles collect vast amounts of data, including driving habits, location, and even biometric information like voice commands. A recent analysis by CHOICE reveals that many popular car brands share this data with third-party companies, raising privacy concerns. Brands like Kia, Hyundai, and Tesla collect and share voice and video data, while others gather driving behaviors. This highlights the importance of understanding your car’s data collection practices and opting out where possible. 

Further reading: CHOICE - Connected Cars Tracking Your Data. 

North Korean Hackers Targeting Job Seekers 

A new campaign by North Korean hackers is targeting job seekers, particularly in the tech industry, according to a recent report. Hackers impersonate recruiters on platforms like LinkedIn, luring individuals into downloading malware disguised as video conferencing tools. The malware is designed to steal cryptocurrency and sensitive corporate data, posing risks to both individuals and organizations. Job seekers should remain cautious when interacting with unsolicited offers and recruiters. 

Further reading: KnowBe4 - North Korean Hackers. 

Election Season and Cybersecurity Concerns 

As the 2024 election season progresses, a recent Malwarebytes survey reveals that 74% of respondents consider it a risky time for personal information. Fears of scams, privacy breaches, and cyber interference are high, with 52% of people expressing concern about falling prey to scams through political ads. Many are taking precautions, such as using two-factor authentication and password managers, to secure their data. 

Key Insights: 

• 74% view election season as risky for personal data. 

• 52% fear scams via political ads. 

• Increased adoption of security practices like two-factor authentication. 

Further reading: Malwarebytes - Election Season Raises Fears. 

North Korean IT Worker Incident Highlights Hiring Risks 

A recent cyberattack on a company underscores the dangers of unknowingly hiring North Korean operatives. The organization accidentally hired a North Korean IT worker who accessed sensitive data and demanded a ransom. This highlights the need for stringent vetting in remote hiring practices, especially as North Korea increasingly infiltrates global companies. 

Recommended Protections: 

• Implement strict identity verification for remote workers. 

• Conduct thorough background checks with global databases. 

• Regularly monitor employee network activity for unusual behavior. 

Further reading: GBHackers - North Korean IT Worker Incident. 

Mobile-First Cyber Attacks on the Rise 

Cyber attackers are increasingly adopting a "mobile-first" strategy, as highlighted by a new report from Zimperium. With 83% of phishing sites now targeting mobile devices and a 13% rise in mobile malware, employees’ personal devices pose a growing risk to organizations. As more employees use their smartphones for work-related tasks, organizations need to bolster mobile security and educate employees on safe practices through security awareness training. 

Further reading: KnowBe4 - Mobile-First Attack Strategy. 

Microsoft Spoofing Threats on the Rise 

A recent report from Harmony Email & Collaboration highlights over 5,000 fake Microsoft emails targeting organizations within a single month. These emails, often impersonating legitimate administrators, use sophisticated obfuscation techniques, making it difficult for users to detect. The risks include account takeovers, ransomware, and data theft.  

Further reading: Check Point Blog. 

New VPN Credential Attack Uses Sophisticated Social Engineering 

A recent attack uncovered by security researchers targets organizations using VPNs through a combination of social engineering, fake login sites, and phone calls. Attackers impersonate a helpdesk, direct users to a spoofed VPN login page, and steal credentials. They also prompt users for multi-factor authentication (MFA) codes to gain access to corporate networks. This attack highlights the importance of user vigilance and strong security training. 

Attack Chain: 

• Impersonation of helpdesk. 

• Directs victim to fake VPN login page. 

• Steals credentials and MFA codes. 

Further reading: KnowBe4 - New VPN Credential Attack. 

Operation Kaerb Takedown 

Operation Kaerb successfully dismantled iServer, a Phishing-as-a-Service platform responsible for facilitating mobile credential theft targeting nearly half a million victims. iServer enabled low-skilled criminals to unlock stolen phones by phishing for user credentials. This takedown is a reminder of the evolving tactics cybercriminals use and underscores the importance of staying vigilant against mobile-focused phishing attacks. 

Further Reading: Operation Kaerb on KnowBe4 

Sextortion Scams on the Rise 

Our team has recently been targeted by sextortion scams, where attackers use publicly available information to create threatening messages designed to elicit fear and urgency. These scams often appear more credible by including personal details. If you receive such a message, avoid engagement or payment—report it to our security team immediately by using the suspicious email button in Outlook. 

Further Reading: KnowBe4 Article on Sextortion Scams. 

Update: Q3 2024 Brand Phishing Trends 

Check Point Research’s Q3 2024 report reveals that Microsoft continues as the most impersonated brand in phishing attacks, accounting for 61% of brand phishing attempts. Apple (12%) and Google (7%) follow, with new additions Alibaba and Adobe rounding out the top 10. These attacks commonly target the technology, social media, and banking sectors, as cybercriminals exploit brand familiarity to deceive users and capture credentials or payment information. Notably, new phishing sites targeting WhatsApp and Alibaba highlight the evolving strategies of threat actors seeking to exploit user trust. 

Key Insights: 

• Microsoft Dominance: Microsoft phishing attempts made up 61% of brand impersonation attacks, with Apple and Google also highly targeted. 

• Sector Focus: Technology and social networks were the most impersonated sectors, followed by banking. 

• Evolving Phishing Tactics: Phishing websites like whatsapp-io.com and alibabashopvip.com show attackers adapting to impersonate new brands. 

Further Reading: Check Point’s Q3 2024 Brand Phishing Report. 

North Korean Cybercriminal Infiltrates UK Company 

A UK-based organization recently suffered a breach after inadvertently hiring a North Korean cybercriminal posing as a remote IT worker. Once hired, the attacker used insider access to extract sensitive information and eventually demanded a ransom for its non-disclosure. This case highlights the importance of strict hiring processes for remote roles and enhanced security practices. 

Key Insights: 

• Vetting Remote Employees: Conduct rigorous background checks to confirm credentials. 

• Data Security: Monitor access and behavior for early threat detection. 

• Remote Work Risks: Be mindful of cyber threats exploiting virtual roles. 

Further Reading: KnowBe4 Article; KnowBe4 10 Hiring Updates 

North Korean Threat Actors Pose as Recruiters to Target Job Seekers 

Palo Alto Networks' Unit 42 recently uncovered a campaign in which North Korean threat actors pose as recruiters to lure tech job seekers into downloading malware disguised as legitimate communication tools. Known as the "Contagious Interview" campaign, this operation involves malware variants like BeaverTail and InvisibleFerret, which are capable of stealing credentials, exfiltrating sensitive files, and targeting cryptocurrency wallets. Victims are approached on professional platforms like LinkedIn, and then directed to install fake interview applications that serve as a conduit for malware. 

Key Insights: 

• Sophisticated Impersonation Tactics: Attackers convincingly impersonate recruiters and use realistic job offers to build trust with targets. 

• Multifunctional Malware: The malware used can harvest browser passwords, access cryptocurrency wallets, and install backdoors, enhancing its threat potential. 

• Organizational Risk: Beyond individual targets, successful infections on company devices can lead to broader data breaches within organizations. 

As remote work and digital hiring continue to rise, it’s critical to validate the legitimacy of recruiters and avoid downloading unverified software for job interviews. 

Further Reading: Unit 42 Report on North Korean Recruitment Tactics 

Pig Butchering Scams Target Job Seekers 

Proofpoint has identified a new twist in cryptocurrency fraud, known as "Pig Butchering," targeting job seekers. Scammers posing as recruiters lure victims into fake job roles, eventually guiding them to invest in fraudulent cryptocurrency platforms. Victims see initial "profits" to build trust, but ultimately lose their entire investment. These scams often begin on social media, moving to platforms like WhatsApp or Telegram for further manipulation. 

Further Reading: Proofpoint Article. 

Foreign Disinformation on U.S. Hurricanes 

Recent intelligence shows that operatives from Russia, China, and Cuba have spread false information about U.S. hurricanes to deepen political divides. AI-generated images and misleading posts claimed federal relief was denied or funds were diverted to foreign conflicts, aiming to erode trust in U.S. disaster response. Be cautious of divisive narratives or unverified disaster images on social media, as they may be part of coordinated disinformation efforts. 

Further Reading: NBC News Article. 

Social Engineering Exploits Valid Accounts 

Recent incidents highlight how threat actors are compromising legitimate accounts through social engineering tactics. By manipulating individuals into divulging sensitive information or performing specific actions, attackers gain unauthorized access to systems and data. This method often involves impersonating trusted entities or creating convincing scenarios to deceive targets. 

Key Insights: 

• Impersonation Tactics: Attackers frequently pose as IT support or company executives to extract credentials. 

• Phishing Campaigns: Sophisticated emails and messages are crafted to appear authentic, luring recipients into providing access details. 

• Insider Threats: Compromised accounts can be used to launch further attacks within an organization, making detection challenging. 

Further Reading: KnowBe4 Article on Social Engineering Exploits. 

Major Data Breach at Change Healthcare Affects 100 Million Americans 

In February 2024, Change Healthcare, a leading U.S. healthcare technology company, experienced a significant ransomware attack that compromised the personal, financial, and medical information of approximately 100 million individuals. The breach disrupted healthcare services nationwide, highlighting vulnerabilities in the sector's cybersecurity defenses. 

Key Insights: 

• Scope of Breach: The attack exposed sensitive data, including medical records, billing information, and personal identifiers such as Social Security numbers and driver's license details. 

• Financial Impact: UnitedHealth Group, Change Healthcare's parent company, reported direct breach response costs of $1.521 billion and total cyberattack impacts of $2.457 billion. 

• Ransom Payment: The company paid a $22 million ransom to the BlackCat ransomware group in an attempt to secure the stolen data. 

Further Reading: Change Healthcare Breach Hits 100M Americans – Krebs on Security 

Student Loan Phishing Scams Targeting Millions 

Cybercriminals are exploiting confusion around student loan forgiveness with a surge in phishing emails targeting millions of Americans. These emails use advanced techniques to look legitimate and bypass email filters, making them harder to detect. 

What You Can Do to Stay Safe: 

• Watch for Red Flags: Be cautious with emails related to student loans, especially those asking for immediate action or personal information. Verify any claims by contacting your loan service provider directly. 

• Check the Source: Always look closely at the sender’s email address. Official communication will come from verified addresses, not random or suspicious-looking senders. 

• Enable Multi-Factor Authentication (MFA): Use MFA on your financial accounts for extra security, making it harder for attackers to gain access if they obtain your credentials. 

• Be Prepared: Know how to report a suspicious email in your email system, and don’t hesitate to delete anything that seems off. 

Further Reading: Check Point Blog. 

This is a newsletter I share internally as part of our internal security awareness program. Feel free to take and use in your organization. Created with help from ChatGPT

Spamouflage: State-Linked Influence Operations Target U.S. Elections 

Summary: A Chinese state-linked influence operation, Spamouflage, is ramping up efforts to sway U.S. political discourse ahead of the 2024 election. By posing as U.S. voters and using AI-generated content, they spread divisive narratives on social media about sensitive issues like gun control and racial inequality. These tactics highlight the importance of vigilance against foreign influence campaigns and fake online personas. 

Key Insight: Verify online sources and stay aware of potential influence operations. 

Further Reading: Graphika Report 

Lazarus Hackers Target Job Seekers with Malware-Laden Job Offers 

Summary: The Lazarus Group is actively targeting job seekers, particularly those in blockchain-related fields, by disguising malware within fake job offers. The group utilizes platforms like LinkedIn, Upwork, and Telegram to distribute malicious software, including the "BeaverTail" malware, which steals credentials and cryptocurrency wallet data. Job seekers should be cautious of unsolicited job offers and avoid downloading unfamiliar files. 

Key Insight: Always verify job offers and avoid downloading files from unknown sources. 

Further Reading: GBHackers Article 

Foreign Influence Operations Target U.S. 2024 Election 

Summary: U.S. intelligence officials warn of increased influence operations from Russia, China, and Iran aimed at U.S. voters ahead of the 2024 election. These operations, while not yet disrupting voting infrastructure, spread disinformation through media, PR firms, and American influencers. A recent U.S. indictment highlights Russia's attempts to covertly funnel pro-Russian narratives into right-wing media, signaling the need for heightened vigilance as the election approaches. 

Key Insight: Stay alert to disinformation and foreign influence in political content. 

Further Reading: CyberScoop Article 

Lowe's Employees Targeted by Google Ads Phishing Campaign 

Summary: Lowe's employees were recently targeted by a phishing attack using fraudulent Google ads mimicking the MyLowesLife portal. Attackers designed fake login pages to steal employee credentials. This highlights the dangers of using search engines to access work-related sites. Employees should be reminded to avoid clicking on sponsored links and instead bookmark legitimate sites to protect against phishing attacks. 

Tip: Always access work portals through bookmarks or trusted URLs, not through search engines. 

Further Reading: Malwarebytes Blog 

Email Breaches at Welcome Health & United Way of Connecticut 

Summary: Welcome Health and United Way of Connecticut reported email account breaches compromising sensitive data. At Welcome Health, patient information and contractor Social Security numbers were exposed, while a phishing attack on United Way's employee email compromised data of up to 8,039 patients. Both organizations have responded with enhanced security measures and offered credit monitoring to affected individuals. 

Further Reading: HIPAA Journal 

False Claims of Hacked Voter Data Intended to Undermine U.S. Elections 

Summary: The FBI and CISA have issued a joint public service announcement warning about false claims of hacked voter information. Foreign actors may spread disinformation to erode public confidence in U.S. elections, especially by exaggerating claims of compromised voter data. The agencies urge citizens to critically evaluate such claims and remind that much voter information is public. 

Key Insight: Stay vigilant against disinformation campaigns designed to sow distrust in election processes. 

Further Reading: CISA Announcement 

Beware of Parking Payment Scams Involving Fake QR Codes 

Summary: Drivers in the UK are being targeted by scammers who place fake QR codes on parking machines. These codes lead to fraudulent websites designed to steal payment information. The RAC warns drivers to avoid using unfamiliar QR codes and instead rely on cash, card, or official apps for parking payments. This "quishing" scam has been reported across multiple UK regions, with an increasing number of incidents. 

Key Insight: Be cautious when scanning QR codes, especially in public places like parking machines. 

Further Reading: RAC News  

Florida Healthcare Data Leak Exposes Thousands of Doctors and Hospitals 

Summary: A data breach at MNA Healthcare exposed sensitive information of over 14,000 healthcare workers and 10,000 hospitals, including encrypted Social Security Numbers, addresses, and job details. The breach, caused by a misconfigured database, increases risks of identity theft and fraud. Healthcare professionals and institutions are advised to enhance cybersecurity measures, monitor financial accounts, and consider identity theft protection. 

Further Reading: Cybersecurity News 

New Sextortion Scam Uses Photos of Victims' Homes 

Summary: A recent wave of sextortion scams has taken a more personalized approach, including photos of victims' homes in threatening emails. Scammers claim to have recorded compromising footage through malware and demand Bitcoin payments to avoid releasing the videos. The photos are often pulled from online mapping services to increase intimidation. To stay safe, avoid responding to such emails, keep webcams covered when not in use, and report incidents to law enforcement. 

Further Reading: Krebs on Security 

Google Password Manager Now Syncs Passkeys Across Devices 

Summary: Google Password Manager now automatically syncs passkeys across Windows, macOS, Linux, Android, and ChromeOS devices. Passkeys, which use biometrics like fingerprints and facial recognition, offer a more secure alternative to passwords. With this update, passkeys are encrypted and accessible on all devices, enhancing security and convenience for users. Google has also introduced a new PIN feature to ensure end-to-end encryption for synchronized data. 

Further Reading: BleepingComputer Article 

FTC Report Exposes Surveillance by Social Media and Streaming Giants 

Summary: The FTC has released a report revealing that major social media and video streaming platforms engage in extensive data collection and surveillance of users, including children and teens. The report highlights inadequate privacy protections and raises concerns about the use of data for targeted advertising. The FTC recommends stronger privacy laws, data minimization, and enhanced safeguards for younger users. 

Key Insight: Ensure your social media use is mindful of privacy risks, and review settings to limit data sharing. 

Further Reading: FTC Report 

Operation Overload: A Disinformation Threat Targeting U.S. Elections 

Summary: Operation Overload, a Russia-linked disinformation campaign, is ramping up efforts targeting U.S. voters ahead of the 2024 presidential election. The operation uses AI-generated fake content, such as fabricated TikTok videos and doctored news articles, to spread false narratives. Recent emails aimed at smearing Vice President Kamala Harris highlight the evolving tactics. It's critical for newsrooms and voters to remain vigilant and fact-check claims. 

Key Insight: Be cautious of AI-generated content that mimics legitimate sources to manipulate public opinion. 

Further Reading: CheckFirst Report 

Phishing Attack Uses Two-Step Approach to Evade Detection 

Summary: A new phishing attack leverages a two-step process, using legitimate platforms like Microsoft Office Forms as an intermediary to evade detection. After clicking the phishing email link, users are directed to a legitimate form before being redirected to a fake login page designed to steal credentials. This sophisticated approach helps attackers bypass security filters by exploiting trusted platforms. 

Key Insight: Be cautious of phishing links that utilize legitimate services as intermediaries before redirecting to malicious sites. 

Further Reading: KnowBe4 Blog 

Investment Scam Losses Surge Six-Fold Since 2021 

Summary: The Better Business Bureau reports a six-fold increase in losses from investment scams since 2021. Scammers frequently exploit dating platforms and hacked social media accounts to lure victims into fraudulent cryptocurrency schemes. Victims are often promised high returns on investments, only to lose significant amounts of money. Common red flags include promises of guaranteed returns, little-known cryptocurrencies, and requests to share wallet details. 

Key Insight: Be cautious of unsolicited investment offers and avoid sharing cryptocurrency wallet details with unverified individuals. 

Further Reading: KnowBe4 Blog 

HR-Related Phishing Tactics on the Rise 

Summary: Threat actors are using HR-related phishing emails, posing as internal messages like "Updated Employee Handbook," to trick employees into clicking malicious links. These attacks often lead victims to fake login pages that steal their credentials. The emails appear legitimate, making it crucial for employees to be extra cautious with HR communications and verify any unusual requests directly with their HR department. 

Key Insight: Always verify HR-related emails before clicking links or providing sensitive information. 

Further Reading: Cofense Blog 

Foreign Influence Operations Using AI to Target U.S. Elections 

Summary: According to a recent ODNI election security update, foreign actors—primarily Russia and Iran—are increasingly using AI-generated content to influence U.S. voters. These actors are deploying manipulated media across various formats, including text, images, audio, and video, to spread disinformation and fuel divisive political narratives. As Election Day approaches, U.S. citizens should be vigilant about AI-generated content and misinformation campaigns. 

Key Insight: Verify sources and be cautious of sensationalized or divisive media, especially content that seems AI-generated. 

Further Reading: ODNI Election Security Update 

Expert Tips to Identify Phishing Links 

Summary: Phishing attacks are becoming more sophisticated, but there are key ways to spot phishing links. Security experts advise checking for suspicious URLs with complex characters, paying attention to redirect chains, and inspecting page titles or missing favicons. Attackers also abuse CAPTCHA and Cloudflare checks to mask phishing attempts. Tools like ANY.RUN’s Safebrowsing can help safely analyze suspicious links before engaging with them. 

Key Insight: Always inspect URLs carefully and use tools to analyze suspicious links in a safe environment. 

Further Reading: The Hacker News 

The Dangerous Intersection Between Cybercrime and Harm Groups 

Summary: A recent investigation reveals that some cybercriminals involved in ransomware attacks are also tied to violent online communities. These groups, often targeting young people, manipulate victims into self-harm or harming others. They use platforms like Telegram and Discord to coordinate harassment and extortion, demonstrating the increasing overlap between cybercrime and real-world violence. 

Key Insights: 

• Cybercriminals are also involved in harm groups. 

• Young people are often victims of online manipulation. 

• Cybercrime is increasingly crossing into physical violence. 

Read more: Krebs on Security. 

Cyber Predators Exploit Healthcare Vulnerabilities with Ransomware and Data Theft 

Summary: Cybercriminals are increasingly targeting healthcare organizations, exploiting weaknesses to steal patient data and extort hospitals via ransomware attacks. These criminals collaborate through darknet marketplaces, offering ransomware-as-a-service, and trading access to compromised healthcare systems. With attacks up 32% globally in 2024, healthcare remains a prime target due to its valuable data and often outdated security infrastructure. 

Key Insights: 

• Healthcare sees an average of 2,018 attacks weekly, with APAC and Latin America hit hardest. 

• Ransomware-as-a-service empowers less experienced criminals. 

• Hospitals face high risks due to the critical nature of their operations. 

Read more: Checkpoint Research. 

Beware of Funeral Streaming Scams on Facebook 

Summary: Scammers are exploiting Facebook by creating fake funeral streaming groups, tricking grieving families into providing credit card information to view a supposed service. These fraudulent groups use the deceased's images to appear legitimate and direct users to malicious websites requesting payment. This scheme preys on vulnerable people, often at their most emotional moments. 

Key Insights: 

• Fake funeral streaming pages ask for credit card details. 

• Scammers use social media to create convincing, emotional traps. 

• Stay vigilant and verify event details before engaging. 

Read more: Krebs on Security. 

Phishing Campaign Exploits Google Apps Script for Sophisticated Attacks 

Summary: A new phishing campaign manipulates Google Apps Script macros to target users across multiple languages. The phishing emails falsely claim to provide “account details” and include links to malicious pages mimicking legitimate Google services. Victims are tricked into disclosing sensitive information, leading to data theft and operational disruption. 

Key Insights: 

• Attack uses Google’s infrastructure to appear legitimate. 

• Affected users may disclose sensitive data via a deceptive Google Apps Script URL. 

• Advanced email filtering, real-time URL scanning, and phishing awareness training are crucial defenses. 

For more details, visit Checkpoint Research. 

New Windows PowerShell Phishing Campaign Highlights Serious Risks 

Summary: A recently discovered phishing campaign uses GitHub-themed emails to trick recipients into launching PowerShell commands, enabling the download of password-stealing malware. The attack uses social engineering techniques, disguising itself as a CAPTCHA verification process. By exploiting PowerShell’s automation capabilities, attackers gain unauthorized access to credentials stored on victims' systems. 

Key Insights: 

• Attack targets GitHub users but could be adapted for broader use. 

• Exploits PowerShell to execute malicious commands. 

• Vigilance and disabling unnecessary PowerShell access are crucial defenses. 

For more, visit Krebs on Security. 

Phishing Attacks Exploit Content Creation and Collaboration Platforms 

Summary: A recent phishing campaign abuses popular content creation and collaboration tools to trick users into clicking malicious links. Cybercriminals use legitimate-looking posts and documents with embedded phishing URLs, leading to credential theft through fake login pages. These attacks have been seen in both business and educational environments. 

Key Insights: 

• Phishing emails from trusted platforms contain hidden threats. 

• Common platforms include design tools and document-sharing services. 

• Users should be cautious of unexpected links and suspicious login requests. 

For more information, visit KnowBe4. 

Scammers Exploit Virtual Shopping Lists to Target Walmart Customers 

Summary: Cybercriminals are using Walmart’s virtual shopping list feature to scam customers by embedding fake customer support numbers. Clicking these links, often promoted via malicious ads, leads users to scammers who impersonate law enforcement or bank employees. Victims are coerced into transferring funds, often under false threats of legal consequences. 

Key Insights: 

• Scammers misuse legitimate platforms like Walmart's shopping lists. 

• Ads can redirect to fake support numbers. 

• Stay vigilant of scare tactics and unsolicited requests for money. 

For more details, visit KnowBe4. 

Cyber Threats Looming for the 2024 U.S. Election 

Summary: As the 2024 U.S. election approaches, cyber threats from nation-state actors, hacktivists, and cybercriminals are expected to rise. These include disinformation campaigns, phishing attacks, and attacks on electoral infrastructure. Businesses should brace for phishing campaigns and SEO poisoning targeting politically charged topics. 

Key Insights: 

• Nation-state groups may conduct hack-and-leak operations and influence campaigns. 

• Expect a surge in phishing attacks and scams using election-related themes. 

• Businesses should implement advanced cybersecurity measures to mitigate risks. 

For more details, visit ReliaQuest. 

Timeshare Scam Linked to Mexican Drug Cartel Targets U.S. Owners 

Summary: The FBI has issued a warning about a telemarketing scam targeting timeshare owners, linked to the Jalisco New Generation drug cartel. Scammers posing as buyers lure victims into paying advance fees for fraudulent timeshare sales. The funds are used to finance other cartel activities. Victims are often reluctant to report the scam due to fear or embarrassment. 

Key Insights: 

• Scammers pose as buyers offering above-market prices. 

• Victims lose thousands in fraudulent fees. 

• Report scams to authorities to prevent further harm. 

For more details, visit Krebs on Security. 

These are news stories I’ve shared internally at my company. Feel free to take and use as part of your security awareness program.

Russia-linked Operations Target Paris 2024 Olympics 

In the lead-up to the 2024 Summer Olympics in Paris, Russian-linked actors launched a disinformation campaign to discredit France’s hosting capabilities and spread fear of terrorist attacks. These operations employed tactics like AI-generated videos, fake news reports, and social media hashtags to undermine confidence and create chaos. France's support for Ukraine has made it a target for these hybrid destabilization efforts. Stay vigilant against misinformation and verify sources before sharing content online. 

Key Insights: 

• Russian-linked actors are targeting the Paris 2024 Olympics. 

• Disinformation tactics include AI-generated content and fake news. 

• The campaign aims to undermine confidence and spread fear. 

• Verify information from trusted sources to avoid spreading misinformation. 

For more details, visit the DFRLab article. 

Ransomware Attacks on Blood Suppliers 

In a concerning trend, blood suppliers have faced three ransomware attacks in the past three months. The latest victim, OneBlood, experienced a significant disruption, impacting over 350 hospitals and causing a critical shortage of blood supplies. This follows similar attacks on Synnovis and Octapharma, highlighting the growing threat to healthcare infrastructure. The American Hospital Association urges health systems to review their contingency plans to mitigate such risks. 

Key Insights: 

• OneBlood hit by ransomware, causing severe blood supply disruptions. 

• Recent attacks also targeted Synnovis and Octapharma. 

• Increased targeting of healthcare infrastructure by ransomware groups. 

• Review and update contingency plans to ensure operational resilience. 

For more details, visit the Healthcare IT News article. 

Surge in Data Breach Victims in 2024 

In the first half of 2024, over 1 billion individuals were affected by data breaches, a staggering increase compared to 2023. The majority of breaches targeted financial services, healthcare, and manufacturing sectors. Alarmingly, there is a significant rise in attacks with unspecified vectors, highlighting a need for improved transparency and information sharing to bolster defense strategies. Phishing remains the primary attack method, underscoring the importance of robust security awareness training. 

Key Insights: 

• Over 1 billion victims in the first half of 2024. 

• Top targets: financial services, healthcare, manufacturing. 

• Increase in unspecified attack vectors. 

• Phishing remains the leading attack method. 

For more details, visit the KnowBe4 article. 

Foreign Influence Actors Adapting to U.S. Presidential Race 

U.S. intelligence agencies have identified that foreign influence actors are adapting their strategies in response to changes in the 2024 U.S. presidential race. These actors are leveraging social media, misinformation campaigns, and other digital tactics to sway public opinion and disrupt the electoral process. Key sources of influence include Russia, China, and Iran, each employing sophisticated techniques to achieve their objectives. 

Key Insights: 

• Foreign actors are evolving their methods to interfere in the U.S. elections. 

• Tactics include social media manipulation and misinformation. 

• Vigilance and media literacy are crucial to counter these threats. 

For more details, visit the Reuters article. 

$40 Million Recovered from International Email Scam 

Interpol's Global Rapid Intervention of Payments (I-GRIP) mechanism helped recover over $40 million from an international email scam targeting a Singapore-based commodity firm. The scam involved a fraudulent email from a fake supplier requesting payment to a new bank account. Swift action by Singapore and Timor Leste authorities led to the interception of funds and the arrest of seven suspects. 

Key Insights: 

• Swift action: Crucial in intercepting fraudulent funds. 

• Global cooperation: Essential for combating international scams. 

• Awareness: Verify email requests for fund transfers. 

For more details, visit the Interpol article. 

Cyberattack on France's Grand Palais During Olympics 

France's Grand Palais suffered a ransomware cyberattack during the 2024 Olympic Games. The attack led to operational disruptions, particularly affecting museum bookstores and boutiques. Swift action was taken to prevent the spread of the attack, and temporary autonomous solutions were implemented to keep stores operational. Authorities, including ANSSI and CNIL, were informed, and preliminary investigations found no data exfiltration. This incident highlights the importance of robust cybersecurity measures, especially during major events. 

Key Insights: 

• Ransomware Attack: Disrupted operations at Grand Palais. 

• Immediate Response: Systems shut down to prevent spread. 

• No Data Exfiltration: Preliminary findings are positive. 

For more details, visit the Bleeping Computer article. 

Rising Costs of Data Breaches in Healthcare 

A recent report by IBM and the Ponemon Institute revealed that the healthcare industry faces the highest average data breach costs at $10.93 million, significantly above the global average of $4.45 million. These breaches, often involving stolen credentials, can take up to 292 days to resolve. Healthcare organizations are urged to implement AI and automation in cybersecurity to reduce breach lifecycle and costs. Incident response planning and stringent data protection measures are essential to mitigate these risks. 

For more details, visit the Security Intelligence article. 

Enhanced Protection in Chrome 

Google has revamped the Chrome downloads experience to boost security and user awareness. The redesigned interface now offers detailed warnings, classifying files as either suspicious or dangerous, using AI-powered assessments. Enhanced Protection mode users benefit from automatic deep scans for suspicious files, providing extra layers of safety against new malware. Additionally, Chrome now tackles encrypted malicious files by prompting users to enter passwords for deep scans, enhancing protection even further. These updates aim to reduce user bypassing of warnings and improve overall safety when downloading files. 

For more details, visit the Google Security Blog. 

New Phishing Campaign Exploits Google Drawings and WhatsApp 

Menlo Security has uncovered a sophisticated phishing campaign that abuses Google Drawings and WhatsApp's URL shortener to deceive users. The attack redirects victims from what appears to be legitimate links to malicious sites mimicking trusted brands like Amazon. These tactics make it difficult for users and traditional security tools to detect the threat. Stay cautious of unexpected emails with links or attachments, even if they appear to be from familiar sources. 

Key Insights: 

• Exploited Platforms: Google Drawings and WhatsApp's URL shortener. 

• Phishing Tactics: Redirection to malicious sites mimicking trusted brands. 

• Recommendation: Be cautious of unexpected emails with links, even from known sources. 

For more details, visit the Menlo Security article. 

Real Social Engineering Attack on KnowBe4 Employee Foiled 

KnowBe4 recently thwarted a social engineering attack targeting one of its employees. The attacker, posing as a customer support representative, attempted to gain unauthorized access to internal systems by exploiting trust and urgency. The employee recognized the signs of a phishing attempt and reported the incident immediately. This event underscores the importance of ongoing security awareness training and vigilance against social engineering tactics. 

Key Insights: 

• Social Engineering: Attackers may pose as trusted sources to gain access. 

• Vigilance: Recognizing and reporting suspicious activity is crucial. 

• Training: Regular security awareness training is essential to prevent such attacks. 

For more details, visit the KnowBe4 article. 

Beware of Misinformation on TikTok: Protect Yourself from Political Lies 

In today's digital age, social media platforms like TikTok are not just sources of entertainment—they have become powerful tools for spreading information, both true and false. A recent study revealed that a staggering 33% of young Americans have been exposed to political lies on TikTok. This statistic highlights a growing concern: the rapid spread of misinformation, particularly among younger generations. 

Why This Matters: Misinformation, especially on social media, can influence opinions, sway elections, and even create social unrest. For cybercriminals, misinformation is a weapon. They can use false information to manipulate public perception, incite division, or even scam users by blending lies with phishing attacks. 

How to Protect Yourself: 

1. Verify Before You Trust: Always cross-check information from multiple credible sources before believing or sharing it. Look for news from established, reputable outlets. 

1. Be Skeptical of Viral Content: Just because something is popular doesn't mean it's true. Viral videos and posts may be designed to elicit strong emotional responses, making it easier to spread falsehoods. 

1. Watch for Red Flags: Pay attention to signs of misinformation, such as sensational headlines, lack of credible sources, and emotionally charged language. 

1. Educate Yourself and Others: Stay informed about the tactics used by those who spread misinformation. Share your knowledge with friends and family to help them avoid being misled. 

Conclusion: As we continue to navigate the complex world of social media, staying vigilant against misinformation is crucial. By adopting a skeptical mindset and verifying the content we encounter online, we can protect ourselves and our communities from the harmful effects of political lies and other forms of disinformation. 

Exposed Passwords Highlight Risk 

A recent breach at National Public Data (NPD) underscores the critical need for strong security practices. NPD inadvertently published administrator passwords to their backend database, exposing sensitive information. This incident, coupled with a previous massive data leak, highlights the importance of securing credentials and regularly updating passwords. Users of similar services should take immediate steps to protect their personal information, including freezing their credit files and monitoring their accounts for suspicious activity. 

Key Takeaway: Ensure your passwords are strong, unique, and updated regularly to avoid similar risks. 

Read more 

Unmasking Styx Stealer 

Checkpoint Research uncovered the Styx Stealer malware, designed to steal browser data, cryptocurrency, and instant messenger sessions. The developer's operational security mistakes, including leaking data during debugging, led to a treasure trove of intelligence. This discovery linked Styx Stealer to the Agent Tesla malware campaign, revealing details about the cybercriminals involved, including their identities and operations. 

Key Insights: 

• Malware Functionality: Steals browser data, cryptocurrency, and instant messenger sessions. 

• OpSec Failures: Leaks led to significant intelligence gathering. 

• Linkage: Connected to the Agent Tesla campaign and other cybercriminals. 

For more details, visit the Checkpoint article. 

AI Vishing Threats on the Rise 

Recent research by KnowBe4 has demonstrated that unsuspecting call recipients are highly vulnerable to AI-driven vishing (voice phishing) attacks. These attacks leverage AI to create highly convincing voice manipulations, often impersonating trusted individuals or authority figures. The study highlights the importance of being skeptical of unsolicited calls, even if the caller sounds familiar. Employees should verify the authenticity of any unexpected requests over the phone before taking action. 

Key Insights: 

• AI Vishing: Increasingly sophisticated and convincing. 

• Verification: Always verify unexpected phone requests. 

• Awareness: Stay vigilant against unsolicited calls. 

For more details, visit the KnowBe4 article. 

Employment Scams Targeting Job Seekers 

KnowBe4 reports a surge in employment scams targeting job seekers. Scammers pose as legitimate employers, often using fake job postings or direct outreach to collect personal information and money from victims. These scams exploit the urgency and desperation of job seekers, making them particularly effective. To protect yourself, always verify job offers through official channels, be cautious of unsolicited communications, and avoid sharing sensitive information without thorough verification. 

Key Insights: 

• Scam Tactics: Fake job postings and direct outreach. 

• Target: Personal information and money from job seekers. 

• Recommendation: Verify job offers through official channels. 

For more details, visit the KnowBe4 article. 

Protect Yourself from File-Sharing Phishing Attacks 

Over the past year, file-sharing phishing attacks have surged by 350%, targeting employees through fake notifications from services like Google Drive or Dropbox. These attacks aim to steal sensitive information or infect your device with malware. To protect yourself, always verify the legitimacy of file-sharing requests, avoid clicking on suspicious links, and report any unusual emails to IT immediately. Staying vigilant is key to keeping our organization secure. 

For more details, visit the KnowBe4 article. 

Beware of Travel-Themed Spam Scams 

Bitdefender’s AntiSpam Lab warns that half of all travel-themed spam messages circulating worldwide are scams. Attackers are specifically targeting users of popular travel sites like Booking.com and Airbnb. These scams often involve fake booking confirmations and travel deals designed to steal personal information or deliver malware. With the travel season in full swing, it's essential to verify the authenticity of any travel-related emails and avoid clicking on suspicious links. 

Key Insights: 

• 50% of travel-themed spam messages are scams. 

• Targeted Platforms: Booking.com and Airbnb users. 

• Recommendation: Verify emails and book through trusted sources. 

For more details, visit the Bitdefender article. 

Beware of Phishing Attacks Using URL Shorteners 

Phishing attacks are increasingly leveraging URL shorteners to obfuscate malicious links, making it harder for users to recognize potential threats. These shortened URLs often appear in emails or text messages, leading victims to fraudulent websites that steal personal information or deploy malware. To protect yourself, always hover over links to reveal their true destination, and avoid clicking on shortened URLs from unknown sources. 

For more details, visit the KnowBe4 article. 

Surge in Microsoft Brand Impersonation Attacks 

A recent report shows a 50% increase in phishing attacks impersonating Microsoft in just one quarter. These attacks target users by mimicking Microsoft’s branding to steal credentials or deploy malware. Given Microsoft’s widespread use in organizations, employees should be extra cautious when receiving emails claiming to be from Microsoft, especially those requesting login details or prompting downloads. Always verify the sender's address and report suspicious emails to IT. 

For more details, visit the KnowBe4 article. 

North Korean IT-Worker Scheme Exposed in Tennessee 

A Nashville resident, Matthew Isaac Knoot, was arrested for facilitating a scheme that funneled hundreds of thousands of dollars to North Korea’s illicit weapons program. Knoot allegedly helped North Korean IT workers secure remote jobs with U.S. and British companies by using stolen identities. The funds, earned through six-figure salaries, were laundered and funneled back to North Korea. This case underscores the growing threat of North Korean cyber operations targeting remote work environments. 

For more details, visit the full article. 

Cyber Threats Targeting US Elections 2024 

As the US elections approach on November 5, 2024, cybercriminals are intensifying their efforts to exploit the event. From phishing campaigns using candidate names to fake websites and domains designed to mislead voters, these threats are aimed at manipulating voter sentiment and stealing personal information. 

Key Insights: 

• Candidate Names: Used in domains to create believable phishing sites. 

• Election Manipulation: Emotional appeals to influence voter behavior. 

• Financial Fraud: Fake donation sites and meme coins targeting voters. 

For more information, visit BforeAI. 

Beware of QR Code Phishing: Microsoft Sway Abused 

A new phishing campaign is leveraging QR codes in emails to trick users into visiting malicious websites hosted on Microsoft Sway. This attack is particularly dangerous because it bypasses traditional email security filters and targets users on mobile devices, where security controls are often weaker. 

Key Insights: 

• Targets: Tech, manufacturing, and finance sectors. 

• Method: QR codes embedded in phishing emails. 

• Action: Be cautious when scanning QR codes, especially from unsolicited emails. 

Stay vigilant and educate your teams about this evolving threat. For more details, visit BleepingComputer. 

Malvertising Campaign Impersonates Google Products 

A recent malvertising campaign has been detected, impersonating various Google products to lure users into tech support scams. These malicious ads, exploiting Google’s Looker Studio, redirect victims to fake Microsoft or Apple warning pages, urging them to call a fraudulent support number. This campaign serves as a reminder to be cautious of online ads, even those that appear to represent trusted brands. 

Key Insights: 

• Target: Users of Google products. 

• Tactics: Fake tech support scams via malvertising. 

• Impact: Potential malware installation and data theft. 

For more details, visit KnowBe4. 

When Get-Out-The-Vote Efforts Resemble Phishing Scams 

As election season approaches, many citizens receive text messages urging them to get out and vote. While these messages often come from well-intentioned organizations, a recent campaign highlighted by KrebsOnSecurity shows how such efforts can closely resemble phishing scams. 

In this case, a fake political consulting firm sent out mass texts linking to websites that requested personal information under the guise of verifying voter registration. The messages were a scam trying to get people to give up sensitive personal information. 

Here’s how you can protect yourself: 

1. Verify the Source: Always check the sender’s identity and verify the website independently. Visit official government websites directly rather than clicking on links in unsolicited messages. 

1. Look for Red Flags: Be wary of messages that create a sense of urgency, request personal information, or direct you to unfamiliar websites.  

1. Report Suspicious Messages: If you suspect a message is a phishing attempt, report it to the relevant authorities or your organization's IT department. 

While voter registration is crucial, ensuring the integrity of the process and protecting personal information is equally important. Stay informed and vigilant to avoid falling victim to phishing scams during election season. 

For more details, visit KrebsOnSecurity. 

GenAI and the Surge of AI-Driven Fraudulent Websites 

Cybercriminals are increasingly leveraging large language models (LLMs) to scale the creation of fraudulent websites, including phishing sites and fake online stores. Netcraft reports a significant rise in AI-generated content for scams, with a 3.95x increase in such websites from March to August 2024. These AI tools enhance the credibility of scams by improving text quality, making malicious content more convincing and harder to detect. Organizations must enhance their defenses to mitigate the risks posed by this emerging threat. 

Key Insights: 

• LLMs are used to generate convincing text for scams. 

• AI-driven scams have seen a sharp increase in recent months. 

• Monitoring and takedown strategies are essential to combat this trend. 

Further Reading: Netcraft Blog 

Scammers Exploit Fake Funeral Livestreams for Financial Gain 

Cybercriminals are using fake funeral livestreams on social media to exploit grieving families. These scams, often promoted through compromised accounts, lead victims to payment pages that charge excessive fees. This trend underscores the need for vigilance online, even during sensitive moments like a loved one's passing. Users should be cautious when encountering unexpected payment requests for livestreams and report suspicious activity. 

Further Reading: KnowBe4 Blog 

 Originally posted on exploresec.com.

This is Security Awareness focused newsletter I put together for distribution internally at my company. Feel free to take and use for your own program.

Medusa Ransomware Analysis 

In June 2024, ReliaQuest detected the Medusa ransomware, which encrypted multiple hosts in a customer environment. Medusa, active since 2022, exploits unpatched vulnerabilities and hijacks legitimate accounts. The attack lifecycle includes initial access via a compromised VPN account, credential access through NTDS dumps, and lateral movement using RDP. Medusa employs living-off-the-land techniques, PowerShell for credential dumping, and service installations for persistence. Enhanced VPN configurations, endpoint visibility, and automated responses are critical to mitigating such ransomware threats. 

Key Takeaways: 

• Medusa exploits unpatched vulnerabilities and legitimate accounts. 

• Uses living-off-the-land techniques for stealth. 

• Mitigation includes enhanced VPN security, endpoint visibility, and automated responses. 

For detailed insights, read the full report here. 

Teen Sextortion on the Rise 

Overview: Sextortion targeting teenagers is on the rise, exploiting their trust and vulnerabilities on social media. Criminals pose as peers or love interests to coerce explicit images, which they then use for blackmail. 

Key Points: 

• Tactics: Attackers use fake profiles to build rapport and exchange fake explicit content. 

• Impact: Victims face severe emotional and psychological harm, sometimes leading to tragic consequences. 

• Preventive Measures: Educate teens on online safety, ensure open communication, and use strong privacy settings. 

Action Steps: 

• Educate yourself and your teens about sextortion. 

• Foster open discussions on online interactions. 

• Report incidents promptly. 

• Support victims without blame. 

For more details, visit KnowBe4 Blog. 

North Korean Fake IT Worker Infiltration Attempt 

In a recent incident, KnowBe4's SOC detected suspicious activities from a newly hired software engineer, later revealed to be a North Korean fake IT worker using AI to generate a fake identity. Despite rigorous hiring processes, including background checks and multiple video interviews, the individual bypassed security measures and attempted to load malware upon receiving their workstation. 

Key Takeaways: 

• Enhanced Vetting: Improve background checks and resume scanning for inconsistencies. 

• Background check appears inadequate. Names used were not consistent. 

• References potentially not properly vetted. Do not rely on email references only. 

• What to look for: Inconsistencies in information. 

• Discrepancies in address and date of birth across different sources 

• Conflicting personal information (marital status, "family emergencies" explaining unavailability) 

This case underscores the importance of robust hiring and security processes to prevent similar infiltration attempts. 

For a detailed account, visit the full article on KnowBe4's blog. 

Phish-Friendly Domain Registry ".top" Put on Notice 

The ".top" domain registry, managed by Jiangsu Bangning Science & Technology Co. Ltd., has been warned by ICANN for its failure to address phishing abuse. Findings revealed that over 4% of new ".top" domains from May 2023 to April 2024 were used for phishing. ICANN's notice demands immediate improvements, or the registry risks losing its license. This highlights the critical need for vigilant monitoring and prompt action against domain abuse to protect users from phishing threats. 

For more information, read the full article on Krebs on Security. 

CrowdStrike Phishing Attacks Appear in Record Time 

Recent IT outages have led to a surge in phishing sites exploiting the chaos. Within hours, domains like crowdstriketoken[.]com and crowdstrikefix[.]com emerged, targeting those affected by the outages. Cybercriminals quickly capitalized on the situation, registering 28 domains by early morning. The US Cybersecurity and Infrastructure Security Agency (CISA) urges caution, advising users to avoid suspicious links and verify communications through official channels. Stay vigilant and only rely on trusted sources for updates. 

Key Takeaways: 

• Phishing sites can appear rapidly during crises. 

• Always verify the authenticity of communication channels. 

• Use official websites and trusted sources for updates. 

• Be extra cautious of suspicious domains and links. 

For more details, visit KnowBe4's blog. 

Is Your Bank Really Calling? Protect Yourself from Financial Impersonation Fraud 

Summary: With the rise of sophisticated scams, distinguishing between legitimate bank communications and fraudulent attempts is increasingly challenging. Cybercriminals use stolen personal details to make their scams appear genuine, often creating a sense of urgency to exploit victims. 

Key Takeaways: 

• Red Flags: Requests for passwords or OTPs, suspicious links, pressure tactics, unsolicited calls. 

• Protection Tips: Verify calls by contacting your bank directly, trust your instincts, and avoid sharing sensitive information over the phone. 

Recommendations: Stay vigilant and regularly update your security awareness to safeguard against financial fraud. 

For more information, read the full article on KnowBe4 Blog. 

Building Security into the Redesigned Chrome Downloads Experience 

Google has revamped Chrome’s download interface, adding detailed warnings to protect users from malicious files. The new UI uses AI-powered verdicts from Google Safe Browsing to categorize files as "suspicious" or "dangerous," helping users make informed decisions.  

Key Takeaways: 

• Detailed download warnings improve user decision-making. 

• Enhanced Protection mode automatically scans suspicious files. 

• Stay vigilant and utilize Chrome’s built-in security features. 

For more details, visit Google's Security Blog. 

Olympics-Themed Scams: Stay Vigilant! 

With the Paris 2024 Olympics approaching, cybercriminals are ramping up their efforts to exploit the excitement. Recent reports show an 80-90% increase in cybercrime targeting French organizations, with scam tactics including typosquatting domains (e.g., oympics[.]com) and Olympic-themed lottery scams impersonating brands like Coca-Cola and Microsoft. These scams target users worldwide, emphasizing the need for heightened vigilance. Always scrutinize unexpected emails and offers, especially those that seem too good to be true. 

Key Takeaways: 

• Increased Cybercrime: Expect more cyber threats as the Olympics near. 

• Typosquatting: Watch out for fake domains mimicking official Olympic sites. 

• Lottery Scams: Be wary of unsolicited emails claiming lottery winnings. 

• Global Target: These scams can affect anyone, not just those in France. 

Stay safe and informed to protect yourself and your organization from these threats. 

For more details, visit KnowBe4's Blog. 

Beware of Generative AI Tool Scams 

Scammers are exploiting the growing interest in generative AI tools like ChatGPT. Researchers have observed a surge in suspicious domain registrations, especially around significant AI-related announcements. These domains often include keywords like "gpt" and "prompt engineering," and many are used for phishing and other malicious activities. 

Key Takeaways: 

• Suspicious Domains: Be cautious of new domains related to AI tools. 

• Phishing Risks: Verify the legitimacy of AI-related tutorials and tools. 

• Keyword Alerts: Watch out for terms like "gpt" in suspicious contexts. 

Stay alert and informed to protect yourself from these evolving threats. 

For more details, visit KnowBe4's Blog. 

QR Code Phishing: An Ongoing Threat 

QR code phishing, or "quishing," continues to rise as a significant cyber threat. Cybercriminals exploit QR codes to bypass email security filters and target users directly, often embedding malicious codes in PDFs or images. This method can deceive even vigilant users, leading to compromised personal and financial information. 

Key Takeaways: 

• Bypassing Filters: QR codes can slip through traditional email security. 

• Human Targeting: Scams aim at users’ mobile devices for data theft. 

• Red Flags: Be cautious of QR codes lacking context or asking for excessive permissions. 

Stay informed and cautious to protect against these sophisticated phishing attacks. 

For more details, visit KnowBe4's Blog. 

New Phishing Tactic: Chat Support Scams 

Cybercriminals are now using fake chat support to add credibility to phishing scams. By mimicking legitimate support chats on spoofed payment pages for platforms like Etsy and Upwork, scammers deceive users into providing sensitive information. These chat features, staffed by scammers posing as support agents, guide victims through the phishing process, making the scams more convincing and harder to detect. 

Key Takeaways: 

• Enhanced Deception: Scammers use fake chat support to build trust. 

• Phishing Risks: Verify the legitimacy of support chats on payment pages. 

• Increased Vigilance: Be cautious of unexpected support interactions. 

Stay informed and vigilant to protect against these sophisticated attacks. 

For more details, visit KnowBe4's Blog. 

OneDrive Pastejacking: A New Threat to Watch 

A recent discovery highlights a new threat called "pastejacking" targeting OneDrive users. This technique exploits the copy-paste functionality to inject malicious commands into users' clipboards, potentially leading to unauthorized data access or malware installation. Attackers embed harmful code into seemingly innocuous text or files, posing a significant risk to personal and organizational security. 

Key Takeaways: 

• Clipboard Manipulation: Be wary of copying text from unknown sources. 

• Vigilant Practices: Double-check clipboard content before pasting. 

• Update Security Measures: Ensure software is up-to-date to mitigate risks. 

Stay informed and cautious to protect against these evolving threats. 

For more details, visit Trellix's Blog. 

Fake Leaks of Crypto Wallet Seed Phrases: A Growing Threat 

Scammers are leveraging fake leaks of passwords and seed phrases to target cryptocurrency users. These sophisticated scams involve presenting victims with seemingly real data leaks, enticing them to use malicious crypto management apps. Once installed, these apps steal sensitive information, leading to significant financial losses. 

Key Insights: 

• Fake Data Leaks: Scammers create realistic-looking leaks to deceive users. 

• Malicious Apps: Avoid downloading crypto apps from unverified sources. 

• Increased Vigilance: Always verify the legitimacy of seed phrases and passwords. 

For more details, visit Kaspersky's Blog. 

Aveanna Healthcare Data Breach: Email Accounts Compromised 

Aveanna Healthcare has experienced a data breach affecting 11 email accounts. The breach, discovered on May 9, 2023, potentially exposed the personal and protected health information (PHI) of patients, including names, Social Security numbers, and medical details. Aveanna has since secured the compromised accounts and is offering affected individuals complimentary credit monitoring and identity protection services. 

Key Takeaways: 

• Data Exposed: Personal and PHI compromised. 

• Immediate Actions: Secure email accounts and monitor credit. 

• Preventive Measures: Implement robust email security protocols. 

For more details, visit HIPAA Journal.