News

An Indian comedian fell victim to a sophisticated social engineering scam impersonating FedEx. Scammers sent notifications claiming a package contained illegal drugs, prompting the victim to click malicious links. The attack exploited trust in legitimate courier services to deceive users into revealing sensitive information or installing malware. Such scams target middle and upper-class Indians who frequently receive online deliveries. Experts advise verifying package details directly through official courier websites rather than clicking links in unsolicited messages. Awareness about these impersonation tactics is crucial for protecting personal and financial data. Source: BBC.

Signal, the popular encrypted messaging platform, has introduced new security warnings to protect users from social engineering and phishing attempts. These alerts are designed to identify suspicious messages and links that could compromise user safety. The feature helps users recognize common tactics used by scammers to manipulate them into revealing sensitive information or clicking malicious links. This move strengthens Signal's commitment to user protection in an era of increasing cyber threats. Indian users can benefit from these built-in safeguards while communicating on the platform. The implementation reflects growing awareness about the need for in-app security measures against evolving social engineering techniques. Source: Signal Official Announcement.

A threat group called UNC6671, operating under the 'BlackFile' brand, is conducting a large-scale extortion campaign targeting organizations across North America, Australia, and the UK. The group uses sophisticated voice phishing (vishing) and SSO compromise techniques combined with adversary-in-the-middle attacks to bypass multi-factor authentication and gain access to cloud environments, particularly Microsoft 365 and Okta systems. They use Python and PowerShell scripts to steal corporate data for extortion purposes. Since emerging in early 2026, the group has maintained high operational tempo. Security experts emphasize these attacks exploit social engineering rather than vendor vulnerabilities, highlighting the need for phishing-resistant authentication methods. Source: Google Threat Intelligence Group.

Major LPG distributors Indane, HPCL, and Bharat Gas have introduced updated guidelines to prevent OTP-based delivery scams affecting Indian consumers. Fraudsters have been intercepting one-time passwords sent during online LPG bookings and delivery processes, enabling unauthorized cylinder refills and financial losses. The new protocols include improved verification procedures, customer alerts about OTP sharing risks, and stricter authentication methods. These measures aim to protect users from falling victim to social engineering tactics where scammers pose as delivery personnel or company representatives to extract sensitive information. Consumers are urged to never share OTPs with anyone and verify official contacts directly through registered helplines. Source: Hindustan Times.

India's major LPG distributors—Indane, HP Gas, and Bharat Gas—have issued alerts to customers regarding fraudulent delivery schemes exploiting one-time passwords (OTPs). Scammers are targeting consumers by impersonating delivery personnel and tricking them into sharing OTPs, which are then misused to authorize unauthorized transactions or divert genuine deliveries. The gas companies urge customers to never share OTPs with anyone, verify caller identities before providing credentials, and report suspicious activities immediately. This advisory highlights the growing menace of social engineering attacks targeting essential commodity deliveries in India. Source: The Indian Express.

A hacking group called MuddyWater has been exploiting Microsoft Teams to steal user credentials through a sophisticated false flag ransomware campaign. The attackers trick victims into believing their systems are infected with ransomware, prompting them to click malicious links or provide login details. This deceptive technique allows the group to access corporate networks and sensitive data. Microsoft Teams, widely used for workplace communication globally including in India, becomes a vector for initial compromise. Organizations are urged to implement multi-factor authentication, educate employees about suspicious requests, and monitor Teams for unusual activity. Source: The Hacker News.

A LinkedIn report reveals that while job scam awareness is increasing among Indian professionals, Generation Z remains particularly vulnerable to employment-related frauds. The study highlights that younger workers are more likely to fall victim to fake job offers, credential theft, and fraudulent recruitment schemes. Despite growing awareness campaigns about verification of legitimate employers and suspicious application processes, cybercriminals continue targeting job seekers through deceptive postings and impersonation tactics. The report emphasizes the need for stronger verification mechanisms during hiring and educates candidates on identifying red flags in job opportunities. Source: Fortune India.

A LinkedIn survey reveals that 82% of Indian professionals now verify job opportunities before applying, indicating growing awareness about employment scams. This trend reflects heightened vigilance among job seekers in India who are becoming more cautious about fraudulent job postings and recruitment schemes. The increasing scrutiny demonstrates that professionals are taking proactive steps to protect themselves from scammers posing as legitimate employers. Such verification practices help candidates identify red flags and avoid falling victim to job-related frauds that often lead to financial losses or data theft. Source: People Matters Media.

This week, cybersecurity issues have surged, including the use of fake cell towers to send fraudulent SMS messages. Additionally, developers are facing risks due to tools that unintentionally access private files during installations. Alarmingly, millions of servers are currently exposed online without password protection. Other reported incidents include hacking attempts targeting the popular game Roblox, affecting around 600,000 accounts. The internet landscape remains precarious with a variety of security threats emerging, keeping both users and developers on high alert. It’s crucial for everyone to stay informed and practice safe online habits. Source: [publication name].

WhatsApp has significantly expanded its enforcement against digital arrest scams in India, converting 17 government flags into 9,400 account bans. The messaging platform leveraged official complaints to identify and remove accounts involved in this prevalent fraud scheme. Digital arrest scams, where fraudsters impersonate law enforcement officials to extort money from victims, have become increasingly common in India. WhatsApp's coordinated action demonstrates how tech platforms can scale enforcement efforts by utilizing government reports and internal detection mechanisms. The move represents a broader effort to combat scam-related content on the platform, protecting Indian users from financial exploitation and fraud. Source: MediaNama.

WhatsApp has taken action against fraudulent activity in India by banning 9,400 scam-related accounts from its platform. The move comes as India's Supreme Court reviews the growing menace of digital arrest scams, where criminals impersonate law enforcement officials to extort money from unsuspecting victims. These frauds typically involve threats of legal action and arrest warrants to coerce victims into transferring funds. The Supreme Court's intervention highlights the serious nature of such crimes affecting Indian citizens. WhatsApp's account bans represent the platform's effort to combat misuse, though experts suggest users remain vigilant against social engineering tactics employed by scammers. Source: Daily Pioneer.

OpenAI has introduced a 'bug bounty' program that offers a reward of $25,000 to security researchers who can find ways to bypass the safety features of its latest AI model, GPT-5.5. This initiative aims to encourage vetted experts to identify and report 'jailbreak' prompts that could potentially exploit weaknesses in the model. By engaging external researchers, OpenAI is taking significant steps towards enhancing AI safety and ensuring that its technologies remain secure against adversarial threats. This proactive approach reflects the company's commitment to maintaining high standards in AI development and deployment. Source: [publication name].