The FBI issued a warning about a new scam where criminals manipulate online photos to create fake "proof-of-life" images for virtual kidnapping scams. These involve criminals posing as kidnappers, demanding ransom, and using altered images.

The FBI has issued a warning about a new scam where criminals harvest photos from social media platforms like Facebook, LinkedIn, and X to stage fake kidnappings. These photos are used as "proof-of-life" to extort ransom from the victim's family.

Cybercriminals have ramped up account takeover (ATO) frauds, causing over $262 million in losses since January. The frequency and sophistication of these attacks are rapidly intensifying with the onset of the holiday shopping season.

A widespread and industrial-scale scam campaign targeting Black Friday shoppers is exploiting malvertising and fake brand giveaways to harvest personal information and payment card data.

A large-scale phishing campaign is actively targeting users of Meta Business Suite by exploiting Facebook’s legitimate business invitation infrastructure. Over 40,000 phishing emails have been distributed to more than 5,000 SMBs.

A coordinated international law enforcement operation has led to the arrest of nine individuals across Cyprus, Spain, and Germany for their involvement in laundering over €600 million through fraudulent cryptocurrency investment schemes.

A phishing campaign is impersonating PayPal and Geek Squad to execute a tech support scam. Victims receive fake invoices via email, prompting them to call a fraudulent support number, leading to potential financial loss and system compromise.

A surge in social engineering scams is targeting international students in the US. These scams impersonate government officials, police, or university staff to coerce victims into disclosing sensitive information or making payments.

Storm-2657 is targeting U.S. universities to hijack employee payroll accounts. At least 11 accounts across three universities were compromised to send phishing emails to nearly 6,000 recipients across 25 universities.

The campaign leverages compromised Discord accounts to send direct messages asking users to test a game. Victims are redirected to convincing fake game pages hosted on Blogspot subdomains or cloud services.