#phishing-schemes

#phishing-schemes

Scams involving antiques and collectibles are almost as old as some of the items. But internet sales now mean fraudsters have a much wider audience.

"Any numbers that we see, it's the tip of the iceberg," said Melissa Stroebel, vice president of research and strategic insights at Thorn, a nonprofit that builds technology to combat online child sexual exploitation. "That is about what has been either detected or proactively reported."

Four terabytes of data have reportedly been stolen, including database records and source code. Allegedly stolen data has been published on a leak site, containing Slack information, internal ticketing data, and videos of conversations between Mercor's AI systems and contractors.

Last month, I sat across from one of the brightest people I know as he explained how he'd lost nearly everything to a sophisticated scam. This wasn't some naive teenager or technophobe. This was my friend from university days, a retired executive who'd navigated corporate politics for decades and made shrewd investment decisions his whole life. Watching him piece together how it happened was like watching someone solve a puzzle in reverse.

The links are sent to people seeking a range of services, including those offering insurance quotes, job listings, and referrals for pet sitters and tutors. To eliminate the hassle of collecting usernames and passwords-and for users to create and enter them-many such services instead require users to provide a cell phone number when signing up for an account. The services then send authentication links or passcodes by SMS when the users want to log in.

The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, 'As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a Support ICE donation button to the footer of every email sent through our platform.'

Web browsers are among the top targets for today's cybercriminals, playing a role in nearly half of all security incidents, new research reveals. According to Palo Alto Networks' 2026 Global Incident Response report, an analysis of 750 major cyber incidents recorded last year across 50 countries found that, in total, 48% of cybercrime events involved browser activity. Individuals trying to connect to the web, including business employees, are exposed to cyberthreats on a daily basis.

Silent Push said it discovered the campaign after analyzing a suspicious domain linked to a now-sanctioned bulletproof hosting provider Stark Industries (and its parent company PQ.Hosting), which has since rebranded to THE[.]Hosting, under the control of the Dutch entity WorkTitans B.V., is a sanctions evasion measure. The domain in question, cdn-cookie[.]com, has been found to host highly obfuscated JavaScript payloads (e.g., "recorder.js" or "tab-gtm.js") that are loaded by web shops to facilitate credit card skimming.

Generative models learn an executive's tone and syntax from public posts, press releases and meeting transcripts. Attackers then craft messages indistinguishable from authentic correspondence. But the real innovation isn't the text, it's the choreography. A fraudulent email may serve only as the opening move. Within minutes, the target receives a confirming voice message that sounds like the executive whose name appears in the signature block. A deepfaked video may follow, asking for "final authorization." Email opens the door; other channels walk through it.

To be clear, ransomware isn't going anywhere, and adversaries continue to innovate. But the data shows a clear strategic pivot away from loud, destructive attacks toward techniques designed to evade detection, persist inside environments, and quietly exploit identity and trusted infrastructure. Rather than breaking in and burning systems down, today's attackers increasingly behave like Digital Parasites. They live inside the host, feed on credentials and services, and remain undetected for as long as possible.

"Mandiant is tracking a new, ongoing ShinyHunters-branded campaign using evolved vishing techniques to successfully compromise SSO credentials from victim organisations, and enrol threat actor controlled devices into victim MFA solutions," he told Computer Weekly via email. "This is an active and ongoing campaign. After gaining initial access, these actors pivot into SaaS environments to exfiltrate sensitive data. An actor that identifies as ShinyHunters has approached some of the victim organisations with an extortion demand.