News

A new cyber threat group, identified as UNC6692, has been found using social engineering tactics on Microsoft Teams to deploy malware. This group has been impersonating IT helpdesk staff to convince individuals to accept chat invitations from fake accounts. Once engaged, they then install a suite of custom malware on the compromised devices. This tactic indicates a growing trend in cyber intrusions, where attackers use trusted platforms and identities to bypass security measures and exploit their victims. Organizations are advised to educate their employees about these threats and to exercise caution with unsolicited communication on platforms like Microsoft Teams. Source: [publication name].

Google Threat Intelligence identified UNC6692, a new threat group conducting multi-stage attacks using social engineering and custom malware. The campaign began with mass emails to overwhelm targets, followed by phishing messages via Microsoft Teams impersonating IT helpdesk staff. Victims were tricked into clicking links for fake email spam patches, which downloaded malicious AutoHotkey binaries from AWS S3 buckets. The attackers exploited trust in enterprise software to achieve deep network penetration. This demonstrates evolving tactics combining social manipulation with modular malware and browser extensions to compromise organizational security. Source: Google Threat Intelligence Group.

Recent reports indicate that fraud schemes are adopting a structured approach similar to call centers. Dubbed 'Caller-as-a-Service', cybercriminals are developing organized operations, which include hiring staff, providing extensive training, and monitoring employee performance. This shift highlights how sophisticated and professional these fraud networks have become, functioning much like legitimate businesses. The implications for consumers and businesses alike are significant, as these operations pose a growing threat and are increasingly difficult to distinguish from legitimate calls. Awareness and vigilance remain critical in combating these evolving scams. Source: Flare.

Fraudsters are exploiting SIM card hijacking to gain unauthorized access to bank accounts and drain funds silently. Attackers convince telecom providers to transfer victims' phone numbers to new SIM cards through social engineering tactics. Once in control, criminals receive OTPs meant for the account holder, bypassing two-factor authentication and gaining complete access to financial accounts. This sophisticated crime targets customers across major Indian banks. Victims often discover the theft only after substantial amounts have been transferred. Experts recommend enabling additional security layers beyond OTP-based verification and remaining vigilant about unsolicited telecom calls. Source: The Indian Express.

An Indore family fell victim to a sophisticated scam involving deepfake technology. Scammers used fabricated video calls depicting a family member in apparent distress, claiming kidnapping and demanding ransom. The fraudsters successfully extracted Rs 1 lakh from the victims before the deception was discovered. This incident highlights the emerging threat of deepfake videos being weaponized for extortion purposes. Authorities warn residents to verify claims through alternative means before making payments and to report such incidents immediately. Source: The Indian Express.

Indian citizens are becoming victims of sophisticated fraud networks operating through fake overseas job offers. Scammers lure job seekers with lucrative employment opportunities abroad, then trap them in criminal operations or extract money through various fraudulent schemes. Victims often face coercion to participate in further illegal activities or money laundering. Authorities have reported increasing cases of digital arrests—where victims are held virtually or physically threatened. These networks operate across borders, making law enforcement coordination challenging. Victims lose savings and personal data while becoming unwitting participants in larger crime syndicates. The scam highlights the vulnerability of job seekers desperate for overseas employment. Source: The Hindu.

A new wave of 'digital arrest' scams is targeting Indian citizens, exploiting fear of legal consequences to extract money and personal information. Scammers impersonate law enforcement officials, threatening victims with fake arrest warrants related to money laundering or drug smuggling. Victims are coerced into transferring funds or revealing sensitive details while being held in virtual detention. These scams exploit weaknesses in cybersecurity awareness and psychological manipulation. Authorities warn citizens to verify official communications directly with police departments and never share OTPs or banking credentials based on unsolicited calls or messages. Source: Frontline Magazine.

SIM swap fraud remains a significant threat to Indian bank account holders. Criminals exploit mobile network vulnerabilities by convincing telecom staff to transfer phone numbers to new SIM cards under their control. Once successful, attackers gain access to two-factor authentication codes sent via SMS, effectively locking out legitimate owners from their bank accounts and digital wallets. This social engineering attack has enabled large-scale financial theft across India. Victims often discover the fraud only after unauthorized transactions occur. Banks and telecom providers are implementing stricter verification protocols, but awareness remains crucial. Citizens should register grievances with their banks immediately upon noticing suspicious SIM activity and request account freezing to prevent further losses. Source: The Tribune.

Cybercriminals are deploying fake mobile towers to intercept one-time passwords (OTPs) and banking alerts, creating a dangerous new fraud method. These fraudulent towers trick devices into connecting to them instead of legitimate networks, allowing attackers to capture sensitive authentication codes and financial notifications. Once intercepted, criminals can bypass security measures and gain unauthorized access to bank accounts. This technique exploits the fundamental vulnerability in how mobile devices select network connections. Indians are advised to be cautious of sudden network disconnections, use banking apps with additional security features, and avoid conducting sensitive transactions when experiencing unstable network conditions. Source: The420.in

A Delhi family fell victim to an OTP-based fraud scheme, losing Rs 42,000 despite responding quickly to prevent further damage. The scammers exploited One-Time Password vulnerabilities to gain unauthorized access to the victim's account and initiate unauthorized transactions. This incident highlights how cybercriminals can execute rapid fraudulent transfers even when victims act promptly upon discovering suspicious activity. Experts advise never sharing OTPs with anyone, including bank representatives, and immediately contacting your bank if you receive unexpected OTP messages. Such scams often involve social engineering tactics where fraudsters pose as legitimate entities to extract sensitive information. Source: Studycafe.