phishing

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

FBI reports over $262M lost to account takeover (ATO) fraud this year, targeting various sectors through social engineering and phishing. Cybercriminals impersonate financial institutions to steal sensitive information and funds. Users are advised to monitor accounts and protect personal information. The rise of AI in phishing tactics is linked to increased holiday scams, with significant vulnerabilities exploited across e-commerce platforms. A shift towards sophisticated purchase scams is noted, involving authorized payments by victims, complicating fraud detection.

https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html

Matrix Push C2 Abuses Browser Notifications to Deliver Phishing and Malware

Cybercriminals exploit browser push notifications via the Matrix Push C2 platform to deliver malware and phishing attacks. Users are deceived into granting permission through misleading prompts, allowing attackers to send fake alerts and gather personal data. The platform enables detailed monitoring of victims and custom URL management for malicious campaigns, often resulting in data theft or financial loss. Users are advised to manage notification permissions across their browsers to mitigate these risks.

https://www.malwarebytes.com/blog/news/2025/11/matrix-push-c2-abuses-browser-notifications-to-deliver-phishing-and-malware

ClickFix Gets Creative: Malware Buried in Images

ClickFix malware is a multi-stage attack using steganography to conceal infostealing malware within images. It begins with social engineering tactics, tricking users into executing malicious commands. Huntress identified two main ClickFix lures—one using a “Human Verification” tactic and the other mimicking a Windows Update interface. The process involves JavaScript to copy commands to the clipboard, PowerShell for loading .NET assemblies, and a complex steganographic algorithm to hide and extract shellcode from PNG images. This shellcode is then injected into target processes, ultimately delivering LummaC2 malware for data theft. The campaign has evolved with increasingly convincing user interfaces to deceive targets effectively.

https://www.huntress.com/blog/clickfix-malware-buried-in-images

Fake Calendar Invites Are Spreading. Here’s How to Remove Them and Prevent More

Fake calendar invites are on the rise, often linked to phishing scams that users struggle to delete due to synchronization across devices. To remove these, disable auto-adding events in settings for Outlook, Gmail, and mobile calendars, block senders, and report spam. Precautions include avoiding interaction with unknown invites, limiting calendar permissions, and using anti-malware tools. Always verify billing issues through official channels.

https://www.malwarebytes.com/blog/news/2025/11/fake-calendar-invites-are-spreading-heres-how-to-remove-them-and-prevent-more

New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT

New EVALUSION campaign deploys Amatera Stealer and NetSupport RAT via ClickFix social engineering. Amatera targets sensitive data and circumvents security measures. Attackers trick users into executing malicious commands through fake reCAPTCHA pages, leading to data exfiltration. Various phishing tactics, including fake invoices and compromised sites, are used to spread malware.

https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html

Phishing Tool Smart Redirects Bypass Email Security

Quantum Route Redirect is a new phishing tool that simplifies the creation of advanced phishing campaigns targeting Microsoft 365 users. Automating complex attack steps and utilizing smart redirects enables even low-skill attackers to bypass detection systems, redirecting security tools to legitimate pages while delivering phishing schemes to human users. The tool has a broad international impact, primarily affecting US victims, and can elude traditional and advanced email security measures. Defensive strategies include using advanced content analysis, URL filtering, and sandboxing technologies to identify and block such attacks.

https://www.darkreading.com/endpoint-security/phishing-tool-smart-redirects-bypass-email-security

Quantum Route Redirect PhaaS Targets Microsoft 365 Users Worldwide

Quantum Route Redirect, a new phishing automation platform, uses around 1,000 domains to steal Microsoft 365 credentials, primarily targeting users in the U.S. It automates phishing attacks by routing victims to malicious sites through deceptive emails. The kit is designed for ease of use, even for less skilled attackers, and incorporates mechanisms to evade detection by automated security tools. Security analysts recommend implementing robust URL filtering to combat this threat.

https://www.bleepingcomputer.com/news/security/quantum-route-redirect-phaas-targets-microsoft-365-users-worldwide/

5 Reasons Why Attackers Are Phishing Over LinkedIn

LinkedIn phishing is rising, with 34% of attacks occurring outside email. Key reasons include:

  1. Bypasses traditional security tools since LinkedIn DMs evade email security protections.
  2. Cheap and easy for attackers, leveraging legitimate account hijacking.
  3. Facilitates targeting high-value individuals due to easy reconnaissance.
  4. Users more likely to trust messages from familiar contacts.
  5. Potential rewards are high because breaches can compromise core business accounts and data.

Organizations must adapt security to guard against these threats across multiple channels, not just email.

https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/

Anatomy of Tycoon 2FA Phishing: Tactics Targeting M365 and Gmail

Tycoon 2FA Phishing Kit Overview:
Emerging in August 2023, Tycoon 2FA is a sophisticated phishing threat leveraging multi-factor authentication (MFA) bypass techniques, primarily targeting Microsoft 365 and Gmail users. With over 64,000 incidents reported in 2025, it employs a Phishing-as-a-Service platform to capture user credentials via a reverse proxy and deceptive login pages. The attack exploits various distribution methods, including PDFs, and evades detection with anti-research mechanisms and real-time MFA code capture. Enhanced security measures and user education are essential to mitigate risks associated with Tycoon 2FA.

https://gbhackers.com/tycoon-2fa-phishing/

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

Smishing Triad linked to over 194,000 malicious domains in a global phishing scheme since January 2024, targeting various services. The group, based in China, scams users with fake notifications, generating over $1 billion in three years. Their infrastructure uses U.S. cloud services, registering many disposable domains to evade detection. These campaigns increasingly target brokerage accounts, manipulating stock prices under the “phishing-as-a-service” model, employing a network of developers and spammers.

https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html

AI Makes Phishing 4.5x More Effective, Microsoft Says

Microsoft's report reveals AI enhances phishing emails, boosting click rates from 12% to 54% and potentially increasing profitability by 50 times. Cybercriminals exploit AI for targeted attacks, utilizing tools like voice cloning and deepfakes. Nation-state actors are also adopting AI for cyber operations. Additionally, new tactics like “ClickFix” have emerged, allowing attackers to manipulate users into executing malware. Overall, AI significantly alters phishing strategies, making attacks more efficient and harder to detect.

https://www.theregister.com/2025/10/16/ai_makes_phishing_45x_more_effective/

AI Vs. AI: Detecting an AI-obfuscated Phishing Campaign

A blog post discusses a phishing campaign in which AI was likely used to create complex, obfuscated code, disguising it as a legitimate document. Microsoft Defender for Office 365 successfully detected and blocked this campaign through behavioral and infrastructural analysis, emphasizing the need for continuous vigilance against AI-aided threats. Recommendations for organizations include improved email settings and user education to protect against such phishing tactics.

https://www.microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign/

Defending Against Evolving Identity Attack Techniques

Microsoft's blog discusses evolving identity attack methods by threat actors, emphasizing the rise in sophisticated phishing techniques targeting cloud identities despite advances like MFA and passwordless solutions. The article highlights various modern phishing methods, including adversary-in-the-middle attacks, device code phishing, OAuth consent phishing, and phishing via enterprise communication platforms, particularly Microsoft Teams. It stresses the importance of user education and advanced security measures (e.g., conditional access policies and Zero Trust) to protect against these threats. Recommendations for organizations include implementing phishing-resistant MFA, user training, and leveraging Microsoft Entra for enhanced security.

https://www.microsoft.com/en-us/security/blog/2025/05/29/defending-against-evolving-identity-attack-techniques/

Phishing Attack Uses Blob URIs to Show Fake Login Pages in Your Browser

Cofense Intelligence reports a phishing technique using blob URIs to create fake login pages in browsers, evading email security and stealing credentials. Blob URIs, which store data temporarily on local machines, make it difficult for security systems to detect malicious activity since external checks cannot see them. Attackers often redirect users from trustworthy sites to fake pages, posing a serious challenge for email security systems.

https://hackread.com/phishing-attack-blob-uri-fake-login-pages-browser/

Scroll to Top