Savvy Seahorse Targets Investment Platforms With DNS Scams
Infoblox said Savvy Seahorse uses fake ChatGPT and WhatsApp bots to lure victims
Scams use deception to steal money, credentials, or sensitive data, making them a cybersecurity risk for individuals and organizations.
Search across headline titles and summaries.
Background for this topic.
Scams are deceptive schemes intended to make people surrender money, credentials, sensitive information, or access. In information security, they commonly use phishing messages, impersonation, fraudulent websites, business-email compromise, fake technical support, or malicious attachments. Their defining feature is manipulation: the attacker creates a credible pretext and pressures the target to act before verifying the request.
Security teams should treat scams as an attack surface spanning email, messaging, telephone calls, social media, and payment workflows. Material risks include account takeover through stolen credentials, unauthorized payments, disclosure of personal or company data, and malware execution from deceptive content. Useful controls include phishing-resistant authentication, secure payment-change procedures with independent verification, filtering and domain protections, user training focused on reporting, and rapid review of suspicious messages or transactions. Incident handling may require revoking sessions, resetting credentials, contacting financial institutions, preserving evidence, and notifying affected parties where applicable.
Infoblox said Savvy Seahorse uses fake ChatGPT and WhatsApp bots to lure victims
BioCatch's Seth Ruden on How Defenders Can Keep Up With Evolving Fraud ScamsFirst-party fraudsters have shifted their focus from credit card fraud to deposit scams. In this evolving threat environment, financial institutions face new challenges from the increased use of synthetic identities and the difficulties in classifying first-party fraud, said BioCatch's Seth Ruden.
A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns. [...]
Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer
CISOs Discuss AI Scams, Cyberthreats and Election Security DefensesIn the latest "Proof of Concept," Jeff Brown, CISO for the state of Connecticut, and Lester Godsey, CISO for Maricopa County, Arizona, join ISMG editors to discuss AI-related threats to election security, safeguarding against cyber and physical threats and coordinating efforts for complete security.
Scammers' tactics are tiresomely familiar: get-rich-quick schemes and data harvesting China's Ministry of Industry and Information Technology has warned local netizens that fake wallet apps for the nation's central bank digital currency (CBDC) are already circulating and being abused by scammers.…
Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. [...]
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. [...]
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. [...]