scams

Apple Pay Phish Uses Fake Support Calls to Steal Payment Details

Apple Pay phishing campaign hijacks user information through fake support calls. Victims receive emails mimicking Apple alerts about unauthorized transactions, prompting them to call provided numbers. Scammers impersonate Apple agents, extracting sensitive data like Apple ID verification codes and payment details under false pretenses. Users are advised to avoid sharing 2FA codes, scrutinize sender addresses, and verify communications independently.

https://www.malwarebytes.com/blog/news/2026/02/apple-pay-phish-uses-fake-support-calls-to-steal-payment-details

Inside the Criminal World of Southeast Asia’s Scam Compounds

Scam compounds in Southeast Asia blur the lines between victimhood and criminality. Workers, often trafficked, face brutality while running online scams, and circumstances can shift individuals from victims to perpetrators due to coercion and survival needs. Key cases of individuals like Li, Bao, and Alice highlight the complexities of their experiences—ranging from forced labor to perpetuating scams to repay debts. The moral ambiguity complicates responses from authorities and NGOs, often leading to skepticism towards their stories. This intricate dynamic calls for a rethinking of justice and victim recognition within the scam economy, recognizing that the distinctions between victims and perpetrators are often fluid and intertwined.

https://aeon.co/essays/inside-the-criminal-world-of-southeast-asias-scam-compounds

A New Apple Pay Scam Is Hitting Millions

A new Apple Pay scam is targeting users by claiming suspicious transactions were blocked and urging them to call a fraudulent number. These messages, which appear official, aim to trick victims into revealing personal information. To stay safe, users should ignore such messages, verify sender details, and contact Apple directly through their website if concerned.

https://www.techradar.com/computing/cyber-security/a-new-apple-pay-scam-is-hitting-millions-heres-how-to-spot-fake-unusual-activity-messages-before-its-too-late

CTM360 Research Reveals 30,000+ Fake Online Shops Impersonating Fashion Brands

TLDR: CTM360's research reveals over 30,000 fraudulent online shops impersonating fashion brands globally, part of a sophisticated scheme called FraudWear. These scams feature realistic e-commerce structures, targeting consumers through ad-driven marketing and localized tactics, exploiting trust in legitimate brands to harvest personal and payment information without delivering products. The scale and infrastructure of such operations make them persistently difficult to combat, necessitating a shift in cybersecurity strategies.

https://thehackernews.com/expert-insights/2026/02/ctm360-research-reveals-30000-fake.html

For the Price of Netflix, Crooks Can Rent AI Crime Ops

Cybercrime has evolved with AI, offering tools like Dark LLMs for scams at subscription prices. Group-IB reports a 371% increase in AI mentions on dark web forums since 2019. AI simplifies previously complex cyberattacks into easily accessible services. Deepfake and synthetic identity tools are now inexpensive, resulting in significant financial losses, including $347 million in a single quarter. Automation in cybercrime lowers barriers for criminals, complicating defense efforts and increasing the scale and personalization of scams.

https://www.theregister.com/2026/01/20/group_ib_ai_cycercrime_subscriptions/

More Than 40 Countries Impacted by North Korea IT Worker Scams, Crypto Thefts

Over 40 countries affected by North Korea IT worker scams and crypto thefts; U.S. urges UN to enforce sanctions against North Korea. Report details North Korea's schemes to fund weapons programs, including identity theft and laundering via Chinese banks. U.S. accuses China and Russia of harboring North Korean operatives. Discussions at UN highlighted challenges in identifying North Korean workers amidst growing AI integration in scams. North Korea criticized the U.S. for its actions at the UN.

https://therecord.media/40-countries-impacted-nk-it-thefts-united-nations

Are Criminal Hacking Organizations Recruiting Teenagers to Do the Dirty Work?

Criminal hacking organizations are recruiting teenagers in Western countries by offering fake jobs and cryptocurrency payments. These groups use social media and gaming platforms to groom young individuals for illegal activities, including ransomware attacks. Parents should watch for signs of unusual income or expensive items and be aware that law enforcement, including the FBI, is actively prosecuting young offenders.

https://www.pandasecurity.com/en/mediacenter/are-criminal-hacking-organizations-recruiting-teenagers-to-do-the-dirty-work/

Price of a ‘bot Army’ Revealed Across Hundreds of Online Platforms Worldwide

Cambridge's COTSI reveals global bot prices: A new index tracks fake account verification costs on 500+ platforms. Verifying fake accounts is notably cheap in the US (0.26), UK (0.10), and Russia (0.08), while pricier in Japan (4.93) and Australia (3.24). Prices surge for bots on Telegram and WhatsApp before elections, indicating manipulation intentions. The study emphasizes sim card regulation to curb bots and suggests transparency measures are often circumvented. It exposes a burgeoning underground market reliant on SIM products for orchestrating misinformation and influence campaigns globally.

https://www.cam.ac.uk/stories/price-bot-army-global-index

Beware: PayPal Subscriptions Abused to Send Fake Purchase Emails

PayPal subscriptions are being exploited in a scam where fake purchase emails are sent, misleading people into believing they made expensive transactions. The emails, appearing legitimate, originate from “[email protected]” and include modified customer service URLs displaying fake purchase notifications. Scammers intend to instill fear, prompting recipients to call a fake PayPal support number. Although legit email formats are used, PayPal is working to mitigate this scam. Recipients are advised to ignore such emails and verify their account directly through PayPal.

https://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/

How Phishers Hide Banking Scams Behind Free Cloudflare Pages

Phishing scams are increasingly using free hosting services like Cloudflare Pages to create fake banking and insurance login portals, aiming to capture sensitive information such as usernames, passwords, and answers to security questions. These scams often redirect through compromised legitimate sites, utilizing Telegram for data exfiltration, making them difficult to detect and shut down. Victims encounter authentic-looking pages and are misled into providing personal data, while attackers benefit from rapid setup and evasion of traditional security measures. To avoid such attacks, users should scrutinize URLs, avoid clicking links from unexpected emails, and verify requests for sensitive information.

https://www.malwarebytes.com/blog/news/2025/12/how-phishers-hide-banking-scams-behind-free-cloudflare-pages

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’

Rey, admin of the notorious cybercriminal group “Scattered LAPSUS$ Hunters” (SLSH), has been identified following an interview where he confirmed his real identity. SLSH, comprising three hacking groups, has extorted major corporations through social engineering, including companies like Toyota and FedEx. Rey previously managed data leak operations for other ransomware groups and recently launched a new ransomware service called ShinySp1d3r. Despite initially engaging in cybercrime, Rey, now 15, claims to be trying to distance himself from the criminal activities and has communicated with law enforcement about his involvement. His digital footfalls, however, led to his identification.

https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/

Lifetime Access to WormGPT 4 Costs Just $220

WormGPT 4, a malicious AI tool, costs $220 for lifetime access, allowing cybercriminals to easily generate malware and phishing attempts without requiring extensive technical knowledge. This AI can create ransomware scripts and other malicious code, significantly lowering entry barriers for attackers. Another model, KawaiiGPT, is free and also capable of producing harmful scripts, exemplifying the growing accessibility of malicious AI tools.

https://www.theregister.com/2025/11/25/wormgpt_4_evil_ai_lifetime_cost_220_dollars/

FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

FBI reports over $262M lost to account takeover (ATO) fraud this year, targeting various sectors through social engineering and phishing. Cybercriminals impersonate financial institutions to steal sensitive information and funds. Users are advised to monitor accounts and protect personal information. The rise of AI in phishing tactics is linked to increased holiday scams, with significant vulnerabilities exploited across e-commerce platforms. A shift towards sophisticated purchase scams is noted, involving authorized payments by victims, complicating fraud detection.

https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html

The Scammer Next Door — The Dial

India's increasing fraud culture mirrors its stark inequality. A journalist recounts receiving a fake lottery call, leading to insights into a booming scam industry during the COVID-19 lockdown. Exposing the inner workings, she interviews scam operators like “Rana Pratap,” who leverage desperation and misinformation for profit. Amid mass unemployment, many view scamming as a viable career. The growth of scams reveals a collective disillusionment; ordinary citizens, driven by a deteriorating trust in traditional success paths, become scamming entrepreneurs, reflecting a troubling trend of deceit in society.

https://www.thedial.world/articles/news/india-scams-scamlands

Scroll to Top