Impersonation
FTC warns of record $3.5 billion losses to imposter scams in 2025
The U.S. Federal Trade Commission (FTC) warned that Americans lost $3.5 billion to imposter scams in 2025, with reported losses nearly tripling since 2020. Imposter scams were also the most reported fraud category last year, accounting for nearly one in three fraud reports filed with the FTC. In these scams, the fraudsters reach victims through […]
Google adds Android protection against AI deepfake scam calls
Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user’s personal contacts. Called “fake call detection,” the feature is rolling out globally this month to Android 12 and later devices, starting with Pixel devices, and will be enabled by default. Once activated, it works […]
FBI warns of in-person data theft attacks from extortion gang
The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks. “As of Spring 2026, SRG actors use a social engineering scheme to pose as an employee from the victim’s IT department. SRG actors either directly call or send phishing emails to […]
FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs
The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. The observed activity targets organizations involved in North Korea-related policy, research, and analysis, including non-governmental organizations, think tanks, academic institutions, strategic advisory firms, and government entities in […]
Fake Calendly invites spoof top brands to hijack ad manager accounts
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. Although threat actors targeting business ad manager accounts isn’t new, the campaign discovered by Push Security is highly targeted, with professionally crafted lures that create conditions for high success rates. Access to marketing […]
FBI warns of cybercriminals using fake FBI crime reporting portals
The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as “possible malicious activity.” Although it didn’t share any examples and didn’t point to specific attacks, the FBI said that such spoofed websites could be used by attackers in financial scams or to steal […]
FBI: US officials targeted in voice deepfake attacks since April
The FBI warned that cybercriminals using AI-generated audio deepfakes to target U.S. officials in voice phishing attacks that started in April. This warning is part of a public service announcement issued on Thursday that also provides mitigation measures to help the public spot and block attacks using audio deepfakes (also known as voice deepfakes). “Since April 2025, […]
Malicious Chrome extensions can spoof password managers in new attack
A newly devised “polymorphic” attack allows malicious Chrome extensions to morph into other browser extensions, including password managers, crypto wallets, and banking apps, to steal sensitive information. The attack was devised by SquareX Labs, which warns of its practicality and feasibility on the latest version of Chrome. The researchers have responsibly disclosed the attack to Google. […]
Microsoft Teams phishing attack alerts coming to everyone next month
Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. Once enabled, it will display alerts when detecting phishing attacks targeting organizations that have enabled external Teams access (which allows threat actors to message any user from external domains). The company […]
Hundreds of fake Reddit sites push Lumma Stealer malware
Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. On the fake pages, the threat actor is abusing the Reddit brand by showing a fake discussion thread on a specific topic. The thread creator asks for help to download a specific tool, […]