Social Engineering

SANS ISC documents phishing campaign using fabricated incident reports to steal MetaMask wallet credentials. Attackers host phishing pages on AWS S3.

Microsoft warns of ClickFix variant that deliberately crashes Chrome, then social-engineers victims into running PowerShell. Only domain-joined hosts targeted.

Check Point documents 44% spike in fake Valentine's domains with 97.5% unclassified. Four in ten Valentine-themed emails are scams targeting U.S. consumers.

Germany's BfV and BSI issued a joint advisory warning of state-sponsored phishing campaigns targeting politicians, military officials, and journalists through Signal's device linking feature.

Learn how to detect deepfakes with visual clues, audio patterns, and authentication methods. Covers detection signs, AI tools, and practical defense strategies.

Learn what phishing is, the different types of phishing attacks (email, SMS, voice), red flags to watch for, and how to protect yourself from scams.

Attackers exploit Google Presentations' publish mode to host phishing pages that bypass Google's own security warnings, targeting Vivaldi Webmail users.

New campaign combines fake CAPTCHA pages with signed Microsoft scripts to bypass security tools and install Amatera infostealer on enterprise systems.

Extortion group confirms voice phishing attacks stealing SSO credentials from Crunchbase, Betterment, and more. Custom phishing kits enable real-time MFA bypass.

Fake maintenance emails urge users to backup their vaults before a deadline, redirecting victims to credential-harvesting sites. The campaign launched over MLK weekend.

North Korean APT-Q-1 now combines fraudulent cryptocurrency job postings with ClickFix social engineering to deploy GolangGhost backdoor and BeaverTail stealer.

Hudson Rock research reveals 220 legitimate business websites hijacked for ClickFix malware attacks after admin credentials were stolen by infostealers.