Phishing scams: latest cases and how to recognize them
Phishing remains the most common entry point for fraud across Europe. This page tracks recent confirmed cases reported by national CSIRTs and law-enforcement agencies, plus the patterns Mythos has identified in user-submitted messages.
The FBI is warning that cyber criminals are increasingly weaponizing Traffic Distribution Systems (TDS) to silently steer everyday internet users from legitimate-looking ads, search results, and even...
Criminals are using unsolicited FaceTime calls to impersonate Apple Support, banks, or financial institutions, pressuring victims into sharing card details, online banking credentials, Apple ID...
Researchers at Arctic Wolf uncovered a campaign in which 292 fake GitHub repositories posed as well-known security products, cryptocurrency tools, developer utilities, and other popular software....
Scammers increasingly use AI tools to create deceptively realistic images for phishing emails, fake shop websites, social media profiles, and fraudulent product listings. The NCSC Switzerland weekly...
Scammers build polished lookalike crypto-to-gift-card storefronts that mimic real platforms (dark theme, trust badges, "Pay with crypto" buttons) to steal your Bitcoin or Ethereum. Victims either...
Researchers at SANS Internet Storm Center have observed a new twist on credential-stealing phishing: HTML attachments padded with thousands of HTML comments to swell the file to ~2.5 MB. The goal is...
A new phishing-as-a-service platform called Forg365 is helping scammers steal Microsoft 365 credentials using adversary-in-the-middle (AiTM) proxies and Microsoft device-code authentication flows,...
Scammers are sending letters from fake law firms claiming you are the heir to a life insurance policy worth millions, just because you share a last name with the deceased. They offer to 'split' the...
Attackers are using a clever phishing trick that abuses Microsoft’s own legitimate login page (microsoft.com/devicelogin). Instead of sending you to a fake site, they trick you into visiting the real...
The holiday season is peak time for cybercriminals. Fake booking platforms, fraudulent ticket websites, and stolen smartphones can quickly turn a planned break into a major source of stress....
Email accounts are a top target because they control password resets for nearly every other online service you use. With a single compromised inbox, attackers can intercept banking codes, impersonate...
Attackers are impersonating recruiters from Netflix, Coca-Cola, FIFA and Adidas to lure marketing professionals into fake job interviews. Victims receive a scheduling or interview link that routes...
A new phishing campaign is impersonating over 30 well-known brands, including Adobe, Netflix, Coca-Cola, and OpenAI, by sending fake job interview invitations designed to steal Google account...
ARToken / EvilTokens: device code phishing against Microsoft 365 Security researchers at Cisco Talos uncovered ARToken , a phishing-as-a-service platform linked to the EvilTokens toolkit, that abuses...
A new phishing campaign is targeting MetaMask wallet users by tricking them into handing over their secret recovery (seed) phrase. The fraudulent email pressures victims by claiming their wallet is...
A new wave of sextortion emails is targeting internet users with the dramatic claim that the sender has "total access to all your devices" and recorded compromising footage via webcam. The messages...
A phishing email carrying an attachment that looks like a PDF actually drops a malicious Chrome extension designed to steal browser session cookies and take over your logged-in accounts — even those...
Hackers compromised a third-party frontend vendor used by Polymarket and injected malicious JavaScript into the legitimate trading site. Visitors were prompted to sign fraudulent wallet transactions...