News

State Bank of India has issued a warning against scammers sending fraudulent SMS and messages to customers, falsely claiming their YONO mobile banking application will be deactivated. These phishing messages typically direct users to click malicious links or provide sensitive banking credentials. Cybercriminals use urgency tactics to trick users into compromising their accounts. SBI advises customers never to click links in unsolicited messages, never share OTPs or passwords, and to verify communications directly through official SBI channels. Users should report suspicious messages to SBI's customer support immediately. Source: CyberSecurityNews.

Grand Island authorities have alerted residents to a fraudulent email scam impersonating the local planning commission. Cybercriminals are sending deceptive emails to trick recipients into clicking malicious links or revealing sensitive information. Officials urge the public to verify email authenticity by contacting the planning commission directly through official channels before responding to unexpected messages. Residents should avoid clicking suspicious attachments or links and report suspected phishing attempts to authorities. This type of social engineering attack commonly targets government agencies and citizens. Source: KSBN Local 4.

The FBI has issued a warning about an active phishing scam targeting Microsoft 365 account users. Cybercriminals are using fraudulent emails designed to appear legitimate, attempting to trick users into revealing their login credentials and sensitive information. Once compromised, attackers can gain unauthorized access to personal and corporate data. The FBI advises users to verify sender email addresses carefully, avoid clicking suspicious links, and enable multi-factor authentication on their accounts. Organizations should educate employees about recognizing phishing attempts and implement robust email security measures. Reporting suspected phishing attempts to the FBI's Internet Crime Complaint Center (IC3) is recommended. Source: Fox 10 Phoenix.

India's Press Information Bureau (PIB) has warned citizens against fraudulent emails claiming to be from the Reserve Bank of India offering lottery winnings or inheritance claims. These messages are scams designed to deceive recipients into revealing personal and financial information or making payments. Scammers impersonate RBI officials to appear legitimate. Citizens receiving such emails should immediately delete them without clicking any links or providing information. The PIB advises reporting suspicious communications to relevant authorities. The RBI does not conduct lotteries or send unsolicited inheritance notifications via email. Stay vigilant and verify any official communication directly through RBI's official website or helpline before responding. Source: Business Standard.

Indian government authorities have issued a warning to participants of the India AI Impact Summit 2026 regarding an active phishing scam targeting attendees. Cybercriminals are sending fraudulent emails and messages impersonating summit organizers to steal personal information and credentials from participants. The scam attempts to trick recipients into clicking malicious links or revealing sensitive data. Attendees are advised to verify communications directly with official summit channels, avoid clicking suspicious links, and report any phishing attempts to authorities. This warning highlights the growing threat of cyber attacks during major events and conferences in India. Source: News On AIR.

Chinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding in underground criminal markets, rivaling Russian-dominated operations. Google's Threat Intelligence Group analyzed twelve mature PhaaS services operating within Chinese criminal networks, revealing sophisticated tactics beyond simple password theft. These services now employ real-time interception to steal one-time passcodes (OTPs), bypassing multi-factor authentication instantly. Attackers use live administration panels to interact with victims in real-time and tokenize stolen payment data to gain unauthorized access to digital wallets and financial accounts. They exploit encrypted messaging channels like RCS and iMessage to evade traditional security filters. Unlike Russian operations, these Chinese services primarily target non-Chinese organizations globally. Google has taken legal action against PhaaS providers and supports legislation to combat these evolving threats. Source: Google Threat Intelligence Group.

The FBI has issued a warning about Kali365, a phishing-as-a-service platform exploiting Microsoft 365 users. The service leverages OAuth device code authentication to compromise accounts and steal session tokens, effectively bypassing multi-factor authentication (MFA) protections. This phishing service poses a significant threat to organizations and individuals relying on Microsoft 365 for business operations. Users are advised to remain vigilant against suspicious authentication attempts and review account access logs regularly. Organizations should implement additional security measures beyond standard MFA to protect against such sophisticated attacks. Source: FBI.

This article covers a business funding announcement for abcoffee, a specialty coffee chain in India. It discusses the company's Pre-Series B funding round of ₹61 crores led by Kliff and plans for offline expansion. This is a business/startup news story and does not relate to cybersecurity, cyber-crime, data protection, or digital safety concerns relevant to CyberSathi.in's audience.

Shira is a dedicated anti-phishing training platform designed to help organizations educate employees about phishing threats. The platform provides interactive training modules that teach users to recognize suspicious emails, fraudulent links, and social engineering tactics commonly used in phishing campaigns. By simulating real-world phishing scenarios, Shira enables employees to practice identifying threats in a safe environment before encountering actual attacks. Such training platforms are crucial for Indian businesses and institutions seeking to strengthen their cybersecurity defenses, as phishing remains a primary entry point for data breaches and financial fraud. Awareness and employee training significantly reduce an organization's vulnerability to phishing-based attacks. Source: Shira.

This content discusses Nanci, a CI/CD platform development project, not a cybersecurity or cyber-crime awareness topic. It covers software development practices, debugging tools, and pipeline automation—areas outside CyberSathi.in's focus on cyber-crime awareness for Indian readers. The article does not address phishing, ransomware, fraud, malware, data breaches, or other security threats relevant to the portal's mission.

A sophisticated phishing campaign called ClickFix has been targeting users searching for legitimate software like Tailscale. Attackers create fake websites that closely resemble the genuine product pages, tricking users into downloading malicious files or entering credentials. The campaign exploits search engine results to appear as legitimate alternatives. Once users interact with these fake sites, they risk compromising sensitive information and system security. Indian users should verify URLs carefully before downloading software and use official websites or app stores instead of relying solely on search results. Enable two-factor authentication on important accounts for additional protection. Source: Cybersecurity Research.

Cybercriminals are leveraging artificial intelligence to enhance device code phishing campaigns, making attacks more sophisticated and difficult to detect. Device code phishing exploits the OAuth authentication flow by tricking users into authorizing malicious applications through fake login prompts. The AI component enables attackers to personalize messages, improve targeting accuracy, and automate large-scale campaigns efficiently. These attacks often bypass traditional security measures by appearing legitimate and requesting device code verification instead of passwords directly. Indian users should remain vigilant when approving device authentications and verify application legitimacy before granting permissions. Organizations are advised to implement multi-factor authentication and user awareness training to mitigate risks. Source: Cybersecurity industry reports.