Tag: phishing

Don't stay in the past: phishing has become much more sophisticated

Phishing campaigns have become more sophisticated, not only seeking to deceive employees but also exhausting the resources of security operations center (SOC) analysts. Organizations are facing an increase in phishing reports that congest investigation queues, which decreases the quality of analysis and increases the risk of security breaches. Fishing in the sea of crime According to recent reports, some attackers have designed their campaigns to maximize the effort required for investigation, causing incidents that should be resolved in minutes to take hours, significantly widening the window […]

Phishing campaigns have become more sophisticated, not only seeking to deceive employees but also exhausting the resources of security operations analysts (SOC). Organizations are facing an increase in phishing reports that congest investigation queues, which decreases the quality of analysis and increases the risk of security breaches.

Fishing in the Sea of Crime

According to recent reports, some attackers have designed their campaigns to maximize the effort required for investigation, causing incidents that should be resolved in minutes to take hours, significantly widening the window of opportunity for an attack. This tactic has led SOC teams to a state of alert fatigue, where response times are reduced and decisions are made with less rigor.

Organizations, therefore, must reevaluate their approaches to defending against phishing. It is not only about training employees to identify suspicious emails, but also about optimizing post-report investigation processes. Implementing systems that provide synthesized analysis can enable analysts to make faster and more effective decisions, reducing investigation time from hours to minutes.

Despite current efforts to automate threat detection, many tools do not address the fundamental problem of workload in SOCs. An emerging approach is focused on decision-ready investigation, where the system provides a clear assessment, allowing analysts to review investigations instead of conducting them from scratch. This could radically change the dynamics of investigations against phishing campaigns, contributing to a faster and more robust response to attacks.

Platforms like Conifers.ai are developing solutions to provide these phishing investigations in minutes, instead of hours, effectively combating the attackers’ exhaustion strategies.

Europol dismantles a cybercrime platform that managed to defraud more than 5 million euros

Europol announced on Friday the dismantling of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a “SIM farm,” providing its clients with a wide range of crimes, from phishing to investment fraud. This operation, called Operation SIMCARTEL, involved 26 raids in several European countries, resulting in the arrest of seven suspects and the seizure of 1,200 SIM box devices containing 40,000 active SIM cards. A sophisticated criminal operation Among those arrested, five are of Latvian nationality. In addition, five servers were dismantled and two websites, gogetsms.com and apisim.com, that advertised the service were taken down to replace them […]

Europol announced on Friday the dismantling of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a “SIM farm”, providing its clients with a wide range of crimes, from phishing to investment fraud. This operation, called Operation SIMCARTEL, involved 26 searches in several European countries, resulting in the arrest of seven suspects and the seizure of 1,200 SIM box devices containing 40,000 active SIM cards.

A sophisticated criminal operation

Among those arrested, five are of Latvian nationality. In addition, five servers were dismantled and two websites, gogetsms.com and apisim.com, that advertised the service were taken down and replaced with a seizure banner on October 10, 2025. The authorities also confiscated four luxury vehicles and froze €431,000 ($502,000) in the suspects’ bank accounts, as well as €266,000 ($310,000) in cryptocurrency accounts.

The operation involved law enforcement forces from Austria, Estonia, Finland, and Latvia, in collaboration with Europol and Eurojust. Europol attributes to this criminal network more than 1,700 individual cases of cyber fraud in Austria and 1,500 in Latvia, causing significant losses totaling around €4.5 million ($5.25 million) in Austria and €420,000 ($489,000) in Latvia.

The platform’s infrastructure allowed criminals to create more than 49 million online accounts, which were used to carry out phishing and smishing attacks and to deceive victims into investing money in fraudulent investment schemes. According to reports, some crimes of this organization included extortion, human smuggling, and the distribution of child sexual abuse material (CSAM).

GoGetSMS, one of the involved platforms, was marketed as a solution to obtain “fast and secure temporary phone numbers”, although users on Trustpilot have expressed their dissatisfaction with the lack of response from support and issues with the functionality of the service.

Avast Free Antivirus DOWNLOAD

The world’s largest indie website is accused of phishing through AI, and the blame is on Funkos

The world of indies has been shaken for a few hours today after the largest independent video game website went offline. The issue is somewhat complicated, so let’s take it slow. The independent game store Itch.io is back online after being down for a while due to a false phishing report. Although the game store’s servers remain online, the website’s domain points to IP addresses that do not belong to Itch.io, making it inaccessible to most people. Itch.io blames the collectibles company of […]

The world of indies has been shaken for a few hours today after the largest independent video game website went offline. The issue is somewhat complicated, so let’s take it easy.

Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.

Subscribe (it's FREE) ►

The independent game store Itch.io is now online after being down for a while due to a false phishing report. Although the game store’s servers remain online, the website’s domain points to IP addresses that do not belong to Itch.io, making it inaccessible to most people.

Itch.io blames the pop culture collectibles company Funko for the issues in a post on Twitter, “because they use a garbage brand protection software called ‘AI-powered’ Brand Protection Software that created some bogus phishing report to our registrar.”

Everything we know about Funkos and phishing

Although the page in question has been removed, the domain registrar of itch.io, iwantmyname, continues to disable the domain, probably due to automated systems. According to a post on X, the indie game marketplace is now waiting for the domain registrar to respond and re-enable its domain.

If you know how to modify your hosts file that assigns hostnames to IP addresses, you can use the IP address 45.33.107.166 in the meantime, but you will need to remove the entry once the domain is restored.

Itch.io expected that the issues would be resolved within hours to avoid having to deploy a new domain name. We confirm that the website is now operational.

The issues with the domain arise just a few days after itch.io began allowing its users to use their domain name for Bluesky accounts.

Xbox Game Pass DOWNLOAD

It is difficult to bring together in one topic artificial intelligence, indie video games, phishing, and Funkos.

That prize you just won is your boss putting you to the test… and you’ve failed

Every day, we receive a vast number of emails, among which several manage to slip through offering us “prizes” or “deals” that seem too good to miss. In the end, these are never what they claim to be; instead, it might be your own company setting a trap for you.

Norton 360 Deluxe DOWNLOAD

Phishing messages pose a very real danger to companies and can ultimately cause significant harm and millions of dollars in losses. In 2021 alone, the FBI recorded over 300,000 complaints about phishing attacks, a 30% increase from the previous year. Looking at 2022, the figures reveal that Americans lost $10.3 billion due to online scams (phishing, identity theft, etc.).

To prevent more significant harm, companies attempt to educate their employees to recognize these types of attacks instantly. In these cases, companies test their employees with emails that, at first glance, would appear quite legitimate.

Taylor Swift and other types of bait

A good trap must also have bait that is up to the task. In this case, Taylor Swift has proven to be an ideal figure to make people click even on the most suspicious links. KnowBe4, a security-focused company, used Taylor and her Eras Tour to develop a fake email template that was then sent to thousands of employees.

During a 30-day period, the email was sent about 17,600 times to different users, and ultimately, 533 ended up clicking the fraudulent link. However, not all “attacks” are based on the American singer. The same company, KnowBe4, also has a more controversial category that provides emails with more sensitive subjects. Work-related tests, issues related to the human resources department, meeting requests, salary updates… any of these reasons can imitate real attacks and thus test employees. Would you fall for any of these traps?

Norton 360 Deluxe DOWNLOAD