Atos Researchers identified a new variant of the popular ClickFix technique, where attackers convince the user to execute a malicious command on their own device through the Win + R shortcut. In this variation, a "net use" command is used to map a network drive from an external server, after which a ".cmd" batch file hosted on that drive is executed.
Pig-butchering derives from the Chinese expression 'Sha Zhu Pan,' which refers to nurturing a target like livestock prior to slaughter. Applied to fraud, it entails scammers forging deep personal connections over extended periods. They then coax victims into sending funds to a deceptive digital currency venture.
The email seen by at least some customers of the Emma email platform was a phishing scam. Hackers hoped to inspire instant panic with the words, 'As part of our commitment to supporting U.S. Immigration and Customs Enforcement (ICE), we will be adding a Support ICE donation button to the footer of every email sent through our platform.'
In the cyberattack reported by Odido two weeks ago, personal data from more than 6 million accounts was stolen. The stolen information includes names, home and email addresses, phone numbers, dates of birth, bank account numbers, and ID numbers.
SLH is diversifying its social engineering pool by specifically recruiting women to conduct vishing attacks, likely to increase the success rate of help desk impersonation. The group is said to be offering anywhere between $500 and $1,000 upfront per call, in addition to providing them with the necessary pre-written scripts to carry out the attack.
Choice Hotels International disclosed a breach affecting franchisees and applicants. Its notification letter states that a "skilled person used social engineering" to gain access on January 14, 2026 to an application that contained records regarding franchisees and franchise applicants. The access occurred even though access required multifactor authentication (MFA). The information involved included names and Social Security numbers. There is no indication that any guest data was involved. No gang has publicly claimed responsibility for the attack as yet.
"While many have been discussing the privacy risks of people following the ChatGPT caricature trend, the prompt reveals something else alarming - people are talking to their LLMs about work," said Josh Davies, principal market strategist at Fortra, in an email to eSecurityPlanet. He added, "If they are not using a sanctioned ChatGPT instance, they may be inputting sensitive work information into a public LLM. Those who publicly share these images may be putting a target on their back for social engineering attempts, and malicious actors have millions of entries to select attractive targets from."
Romance scams used to feel like a cliché. Everyone pictured an email from an overseas "prince" that was poorly written and full of typos and pleas for cash. Now, that cliché is dead. Today's romance scams are industrial-scale operations. Attackers use artificial intelligence to clone voices, create deepfake video calls, and write scripts with large language models (LLMs). In 2024 alone, the Federal Trade Commission reported that financial losses to romance scams skyrocketed, with victims losing $1.14 billion.
The North Korea-linked threat actor known as UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data from Windows and macOS systems with the ultimate goal of facilitating financial theft. "The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive the victim," Google Mandiant researchers Ross Inman and Adrian Hernandez said.
Betterment, which offers automated investment and financial planning services, first disclosed the breach in January after detecting unauthorized access to certain internal systems on January 9. Betterment said the hacker gained entry through a social engineering scheme that relied on impersonation to infiltrate third-party marketing and operations tools, then used that access to send customers a fraudulent cryptocurrency promotion disguised as an official company message.
The phone rings at 2:47 AM. Your heart pounds as you fumble for the receiver. "Grandma?" The voice is shaky, desperate. "I'm in trouble. I got arrested. Please don't tell Mom and Dad." The voice sounds just like your grandson. He uses the nickname only family knows. He remembers that trip you took together last summer. Everything about this call feels real because, in many ways, it is.
Picture this: Your phone rings. The caller ID shows your local hospital. The voice on the other end sounds professional, maybe a bit urgent. They're calling about Medicare coverage changes that could affect your upcoming procedures. They just need to verify some information to ensure your benefits continue uninterrupted. Sounds legitimate, right? Here's the thing - it probably isn't. And that's exactly what makes modern phone scams so dangerous.
Last month, I sat across from one of the brightest people I know as he explained how he'd lost nearly everything to a sophisticated scam. This wasn't some naive teenager or technophobe. This was my friend from university days, a retired executive who'd navigated corporate politics for decades and made shrewd investment decisions his whole life. Watching him piece together how it happened was like watching someone solve a puzzle in reverse.
