scams

Hundreds of Orgs Compromised Daily in Microsoft Device Code Phishing Attacks

A widespread Microsoft device-code phishing campaign has been compromising hundreds of organizations daily since mid-March 2026, using AI and automation to bypass multi-factor authentication and gain access to corporate Microsoft 365 accounts. The attackers generate dynamic device codes to trick victims into authorizing access, enabling them to steal sensitive financial emails and data, with the phishing infrastructure leveraging legitimate cloud services to evade detection. Microsoft recommends limiting the use of device code authentication and training employees to recognize phishing attempts to mitigate such attacks.

https://www.theregister.com/2026/04/07/microsoft_device_code_phishing/

New macOS Stealer Campaign Uses Script Editor in ClickFix Attack

A new macOS malware campaign delivering the Atomic Stealer exploits the built-in Script Editor app via a variation of the ClickFix attack, tricking users into running malicious scripts without manual Terminal interaction. The attack uses fake Apple-themed websites that launch Script Editor with pre-filled code to download and execute obfuscated payloads, targeting sensitive data such as Keychain items, browser passwords, and cryptocurrency wallets. Mac users are advised to treat Script Editor prompts with caution and rely only on official Apple documentation for system guidance.

https://www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/

Scam Compounds Hiring “AI Models” to Seal the Deal in Deepfake Video Calls

Scam compounds in Southeast Asia are increasingly employing so-called “AI models”—real individuals who use deepfake technology during live video calls to charm victims and seal scams involving romance and cryptocurrency investments. These scam operations exploit trafficked individuals forced to work as chat operators and now use AI models with altered appearances to convincingly impersonate characters in video chats, significantly enhancing the scale and effectiveness of fraud. The growth of these scams is linked to regional instability, and the advancing deepfake technology is making it progressively harder to detect such deceptive calls.

https://www.malwarebytes.com/blog/news/2026/03/scam-compounds-hiring-ai-models-to-seal-deal-in-deepfake-video-calls

InstallFix: Weaponizing Malvertized Install Guides

Attackers are using a technique called InstallFix, a social engineering attack where they clone installation pages of legitimate CLI tools and present victims with malicious install commands disguised as the real thing. This technique is particularly effective because it exploits the common practice of copying and pasting installation commands from websites, bypassing traditional security controls like email filtering. The attackers are using malvertising, specifically sponsored search results on Google, to distribute these fake installation pages, targeting popular tools like Claude Code.

https://pushsecurity.com/blog/installfix/

1Campaign: A New Cloaking Platform Helping Attackers Abuse Google Ads

1Campaign is a cloaking platform that helps attackers bypass Google Ads screening and evade security researchers. It uses real-time visitor filtering, fraud scoring, and geographic targeting to keep phishing and crypto drainer pages online longer. The platform enables ad fraud at scale by allowing attackers to impersonate legitimate brands in Google Ads campaigns.

https://www.varonis.com/blog/1campaign

Refund Scam Impersonates Avast to Harvest Credit Card Details

A phishing scam impersonating Avast tricks users into providing credit card details for a fake €499.99 refund. The scam employs a realistic site design, urgency tactics, and live chat support to deceive victims. Signs of such scams include unrecognized charges, urgent cancellation notices, and requests for complete card information. If victimized, contact your bank, dispute unauthorized charges, and enhance security practices.

https://www.malwarebytes.com/blog/threat-intel/2026/02/refund-scam-impersonates-avast-to-harvest-credit-card-details

Fake Zoom Meeting “Update” Silently Installs Surveillance Software

Fake Zoom meeting website installs surveillance software, Teramind, on Windows without user consent. Visitors encounter a fraudulent Zoom interface that prompts an automatic update, leading to malicious file download. The stealthily installed software monitors user activity without knowledge, resembling legitimate business surveillance tools. Users are advised not to open suspicious files from the site and to check for unauthorized installations. This exploit illustrates the rising trend of attackers using legitimate software for illicit purposes.

https://www.malwarebytes.com/blog/scams/2026/02/fake-zoom-meeting-update-silently-installs-surveillance-software

Facebook Ads Spread Fake Windows 11 Downloads That Steal Passwords and Crypto Wallets

Malicious Facebook ads mimicking Microsoft promote fake Windows 11 downloads, leading users to download malware instead of updates. This malware stealthily collects passwords and cryptocurrency data. It employs sophisticated evasion techniques, targeting regular users while avoiding detection by security systems. If affected, users should avoid logging in to accounts, scan their devices, change passwords on a secure device, and take precautions with any financial information. Security teams are advised to block phishing domains and monitor for specific malware signatures.

https://www.malwarebytes.com/blog/scams/2026/02/facebook-ads-spread-fake-windows-11-downloads-that-steal-passwords-and-crypto-wallets

How Global Cybercrime Syndicates Are Stealing Hearts — and Billions

Global cybercrime syndicates are exploiting romance scams, using AI to create convincing online identities to deceive victims, particularly during Valentine's season. In 2024, Americans lost over $16 billion to cybercrime, with one in seven adults affected by romance schemes. These scams, targeting older demographics, leverage trust and urgency to manipulate victims, often moving conversations off safer platforms. Law enforcement faces challenges due to the international nature of these operations, but agencies like the FBI are forming global partnerships to combat them. Vigilance is necessary for online daters, as pressure tactics are common indicators of scams.

https://www.politico.com/news/2026/02/14/how-global-cybercrime-syndicates-are-stealing-hearts-and-billions-00780481

Apple Pay Phish Uses Fake Support Calls to Steal Payment Details

Apple Pay phishing campaign hijacks user information through fake support calls. Victims receive emails mimicking Apple alerts about unauthorized transactions, prompting them to call provided numbers. Scammers impersonate Apple agents, extracting sensitive data like Apple ID verification codes and payment details under false pretenses. Users are advised to avoid sharing 2FA codes, scrutinize sender addresses, and verify communications independently.

https://www.malwarebytes.com/blog/news/2026/02/apple-pay-phish-uses-fake-support-calls-to-steal-payment-details

Inside the Criminal World of Southeast Asia’s Scam Compounds

Scam compounds in Southeast Asia blur the lines between victimhood and criminality. Workers, often trafficked, face brutality while running online scams, and circumstances can shift individuals from victims to perpetrators due to coercion and survival needs. Key cases of individuals like Li, Bao, and Alice highlight the complexities of their experiences—ranging from forced labor to perpetuating scams to repay debts. The moral ambiguity complicates responses from authorities and NGOs, often leading to skepticism towards their stories. This intricate dynamic calls for a rethinking of justice and victim recognition within the scam economy, recognizing that the distinctions between victims and perpetrators are often fluid and intertwined.

https://aeon.co/essays/inside-the-criminal-world-of-southeast-asias-scam-compounds

A New Apple Pay Scam Is Hitting Millions

A new Apple Pay scam is targeting users by claiming suspicious transactions were blocked and urging them to call a fraudulent number. These messages, which appear official, aim to trick victims into revealing personal information. To stay safe, users should ignore such messages, verify sender details, and contact Apple directly through their website if concerned.

https://www.techradar.com/computing/cyber-security/a-new-apple-pay-scam-is-hitting-millions-heres-how-to-spot-fake-unusual-activity-messages-before-its-too-late

CTM360 Research Reveals 30,000+ Fake Online Shops Impersonating Fashion Brands

TLDR: CTM360's research reveals over 30,000 fraudulent online shops impersonating fashion brands globally, part of a sophisticated scheme called FraudWear. These scams feature realistic e-commerce structures, targeting consumers through ad-driven marketing and localized tactics, exploiting trust in legitimate brands to harvest personal and payment information without delivering products. The scale and infrastructure of such operations make them persistently difficult to combat, necessitating a shift in cybersecurity strategies.

https://thehackernews.com/expert-insights/2026/02/ctm360-research-reveals-30000-fake.html

For the Price of Netflix, Crooks Can Rent AI Crime Ops

Cybercrime has evolved with AI, offering tools like Dark LLMs for scams at subscription prices. Group-IB reports a 371% increase in AI mentions on dark web forums since 2019. AI simplifies previously complex cyberattacks into easily accessible services. Deepfake and synthetic identity tools are now inexpensive, resulting in significant financial losses, including $347 million in a single quarter. Automation in cybercrime lowers barriers for criminals, complicating defense efforts and increasing the scale and personalization of scams.

https://www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/

More Than 40 Countries Impacted by North Korea IT Worker Scams, Crypto Thefts

Over 40 countries affected by North Korea IT worker scams and crypto thefts; U.S. urges UN to enforce sanctions against North Korea. Report details North Korea's schemes to fund weapons programs, including identity theft and laundering via Chinese banks. U.S. accuses China and Russia of harboring North Korean operatives. Discussions at UN highlighted challenges in identifying North Korean workers amidst growing AI integration in scams. North Korea criticized the U.S. for its actions at the UN.

https://therecord.media/40-countries-impacted-nk-it-thefts-united-nations

Scroll to Top