Abnormal Security's end of year report features what it says are the top five phishing exploits. The FTC says beware of job offers via text. Spain busts a phishing ring that defrauded 10, 000 bank customers. And the U. S. offers 5 million as a reward to disrupt the North Korean IT worker schemes. This is Cybersecurity Today.
I'm your host, Jim Love. Abnormal security released its end of year report featuring what it says are the top five phishing exploits of 2024 and its predictions for what will happen in 2025. Number one is cryptocurrency fraud. These scams target individuals unfamiliar with the complexities of blockchain technology. The schemes often involve phishing emails posing as trusted wallet providers, asking users to provide their private recovery phrases to secure their accounts.
Attackers exploit the irreversible nature of blockchain transactions to siphon funds, resulting in significant financial losses. In 2025, these scams are expected to intensify as cryptocurrency adoption grows, potentially leveraging deep fake videos or AI powered chatbots to increase credibility. File sharing services such as Google Drive and Dropbox were weaponized to bypass traditional email defenses.
Attackers used legitimate platforms to host malicious documents that appeared authentic to recipients. For instance, phishing campaigns targeted employees by sharing seemingly official payroll update files that redirected users to credential harvesting sites. As APIs for these platforms become more integrated into workflows, attackers in 2025 are predicted to exploit these interfaces further using them to create even more convincing scams. And there's multi channel phishing.
By combining email, SMS, and messaging apps like WhatsApp, attackers use multi channel strategies to evade detection and increase urgency. These campaigns started with phishing emails that shifted communication to less secure personal devices via text or app links. For example, scammers impersonated cryptocurrency exchanges, redirecting victims to WhatsApp to finalize fraudulent transactions.
In 2025, attackers are expected to leverage automated AI driven tools to scale these multi channel attacks and target individuals more effectively. Business email compromise attacks became more precise and scalable during 2024 because of AI. Using generative AI tools, attackers crafted hyper personalized emails mimicking writing styles and incorporating real time data from social media or prior interactions. These emails often requested wire transfers or confidential information.
Looking ahead, 2025 may see AI models becoming even more adept at adapting to specific contexts, posing challenges for legacy email defenses. And the fifth, email account takeover, which Abnormal Security describes as one of the most damaging threats in 2024. Attackers gain access to corporate accounts through phishing, credential stuffing, or social engineering, but once inside they exploit the trust associated with legitimate email accounts.
To launch further attacks, such as lateral phishing or vendor email compromise. Again, as APIs and cloud connected applications expand, 2025 is likely to see more of these attacks incorporating automation to scale their reach and sophistication.
And for the coming year, Abnormal is predicting even more advanced phishing exploits, such as AI enhanced phishing, where attackers will use real time data to create contextually relevant scams, blurring the line between legitimate and malicious communication. More API exploits, where malicious actors will increasingly leverage APIs of trusted platforms to obfuscate their activities and scale their attacks. And finally, automation at scale.
Tools that automate phishing processes will lower the barrier for entry, allowing even novice attackers to launch complex campaigns, which is a good reason to start thinking about either revising your protection and training plans, or maybe starting to look around at some of these work from home jobs that you see all the time, but before you do that.
The federal trade commission has issued a warning about the alarming rise of task scams, which have caused consumers to lose hundreds of millions of dollars in 2024. These scams often delivered via text or WhatsApp promise easy money for small online tasks, but ultimately leave victims out of pocket. How does this scam work? The scammers initiate contact through text messages, offering vague job opportunities such as app optimization or product boosting.
Initially, the victims are asked to complete simple tasks like. Liking posts or writing reviews, and they receive small payouts, making the scheme appear legitimate. However, the scammers soon demand a deposit to unlock the next set of tasks, which they claim will result in even bigger rewards. Once the victims pay, the scammers disappear, leaving them with no further work or compensation. So who will fall for this? The FTC data reveals a massive surge in these task scam complaints.
In 2020, the agency received no reports of such scams. By 2021, there were 500 complaints, growing to 1, 000 in 2022 and 5, 000 in 2023. But in the first half of 2024 alone, over 20, 000 complaints were filed. Consumers reported losses of approximately 223 million in 2024, with nearly 40 percent tied to these text based scams. For comparison, total losses to job scams in 2020 were just 90 million. Just 90 million. So why do people fall for this?
The scammers exploit the growing trend of legitimate online micro tasks, like labeling data for AI training to lure their victims. By offering small payouts up front, they build trust before asking for a deposit, often in cryptocurrency. And this tactic gives victims a false sense of legitimacy, convincing them to part with their money. The FTC emphasized, of course, someone telling you to pay money to get the money you've supposedly earned is a sure sign of a scam.
No legit business would ever do that. Spanish and Peruvian police have dismantled a massive voice phishing, vishing operation, arresting 83 individuals in a coordinated crackdown. The scam targeted at least 10, 000 bank customers, resulting in 3. 15 million U. S. in stolen funds. The simultaneous raids across Spain and Peru involved 29 operations led by Spain's Policía Nacional. Arrests included 35 individuals in cities such as Madrid, Barcelona, and Mallorca, and 48 in Peru.
The alleged leader of the ring was apprehended in Spain, and authorities seized cash, mobile phones, computers, and detailed scam manuals during the raids. The scammers operated three call centers employing 50 agents who used stolen databases and scripted social engineering tactics to impersonate bank representatives. Caller ID spoofing technology was used to make calls appear legitimate with numbers and names matching those of the targeted banks.
Victims were told their accounts had been compromised through unauthorized ATM withdrawals and were guided through fake account verification processes. Victims were tricked into sharing onetime passcodes sent to their phones. And these codes were then used by operatives near bank branches in Spain to withdraw funds immediately. The operatives kept 20 to 30 percent of the stolen money with the remaining proceeds sent to the organization's base in Peru.
The scammers also used color coded communication and scattered their operatives across different cities to complicate law enforcement tracking. The crackdown highlights the growing sophistication of these vishing scams and underscores the importance of vigilance in protecting personal and financial information.
The U. S. State Department is getting serious about tracking down North Korean IT worker fraud by offering a reward of up to 5 million for information that leads to the disruption of these schemes. These operations use fake identities to secure remote employment and funnel earnings back to the regime to support its nuclear weapons programs, violating international sanctions.
Two front companies, Yanbian Silverstar, based in China, and Volasis Silverstar, based in Russia, employ over 130 North Korean IT workers, referred to as IT warriors. These workers use stolen or purchased U. S. identities to secure freelance jobs, 000 annually. Collectively, they generate hundreds of millions of dollars each year. Their fraudulent earnings are laundered and sent back to North Korea to fund prohibited nuclear activities.
The workers deceive employers by creating fake online personas, registering domains to appear as reputable companies and using sophisticated techniques, such as AI tools during interviews. In some cases, when their schemes are discovered, they resort to extortion, threatening to leak stolen data or sabotage systems. The Department of Justice has indicted 14 individuals linked to Yanbian Silverstar and Velasas Silverstar for conspiracy identity theft and money laundering led by CEO John Song Hua.
The group has generated at least 88 million over six years. This featured the seizure of nearly 2. 3 million in assets between 2022 and 2023, the dismantling of a North Korean laptop farm in China used to impersonate U. S. workers, and the arrest of Christina Maria Chapman in Arizona for operating another north Korean Laptop Farm. Earlier this year, cybersecurity firm KnowBe4 unknowingly hired a North Korean operative as a principal software engineer.
Despite thorough background checks and interviews, the worker used stolen credentials and AI tools to pass as a legitimate candidate. Once hired, they attempted to install malware on company devices. The FBI is warning companies to remain vigilant and enhance their verification processes, monitor employee activity, and of course, educate their staff to recognize red flags like inconsistencies in identities or overly polished credentials.
. That's our show for today to reports and other details in our show notes at technewsday. com. We welcome your comments, tips, and the occasional bit of constructive criticism at editorial at technewsday. ca. I'm your host, Jim Love. Thanks for listening.