Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. Then, the focus of cyber attacks on retailers, and what lessons must be learned by business leaders and customers.

Cyber Attacks

SecureWorld News

JULY 17, 2025

The result is a wave of new schemes that combine social engineering with digital forgery: Executive deepfake fraud: Fraudsters impersonate senior executives (CEO, CFO, etc.) Voice-cloned phone scams: Rather than crude phishing emails, scammers use AI voice synthesis to call bankers or customers while mimicking a trusted person's voice.

Banking

Malwarebytes

FEBRUARY 4, 2025

Generative AI tools can more convincingly write phishing emails so that the tell-tale signs of a scamlike misspellings and clumsy grammarare all but gone. Cybercrime is a very mature field that relies on a set of well-established tools, such as phishing, information stealers, and ransomware that are already feature complete.

Artificial Intelligence

SecureList

MARCH 25, 2025

Key findings Phishing Banks were the most popular lure in 2024, accounting for 42.58% of financial phishing attempts. Amazon Online Shopping was mimicked by 33.19% of all phishing and scam pages targeting online store users in 2024. Cryptocurrency phishing saw an 83.37% year-over-year increase in 2024, with 10.7

Phishing

SecureWorld News

JULY 1, 2025

Generative AI sustains sophisticated, multi-channel social engineering for phishing campaigns to gain access privileges to critical infrastructure. A decade after the Ukraine blackout began with a spear-phishing email, social engineering remains potent. Artificial intelligence is multiplying attacker speed.

Social Engineering

SecureWorld News

MARCH 17, 2025

The average breach in the retail sector costs $2.9 You must equip your staff with the knowledge to recognize phishing attempts, social engineering ploys, and other common cyber threats through regular, targeted training sessions. Additionally, complex supply chains and franchise models create sprawling attack surfaces.

Cyber Attacks

Responsible Cyber

NOVEMBER 23, 2024

Industries most affected by these breaches include healthcare, finance, and retail, where sensitive data is routinely shared with vendors for operational efficiency. Investigations revealed that employee phishing was the primary vector for the breach, exposing the vulnerabilities created by insufficient training and awareness programs.

Risk

Webroot

APRIL 22, 2025

Retail and e-commerce: Retail and ecommerce businesses are vulnerable to breaches because they handle and store vast amounts of customer payment information, including addresses, credit card numbers and more. Selling it on the dark web : Stolen data is frequently sold to the highest bidder on dark web marketplaces.

Data breaches

Security Affairs

JUNE 29, 2025

House banned WhatsApp on government devices due to security concerns Russia-linked APT28 use Signal chats to target Ukraine official with malware China-linked APT Salt Typhoon targets Canadian Telecom companies U.S.

Data breaches

Security Affairs

MAY 13, 2025

M&S is a major British multinational retailer headquartered in London. BleepingComputer reported that DragonForce ransomware affiliates usedScattered Spider social engineering tacticsto target Marks and Spencer. The company did not share technical details about the attack.

Data breaches

Digital Shadows

NOVEMBER 26, 2024

Key Points Phishing incidents rose during the reporting period (August 1 to October 31, 2024), accounting for 46% of all customer incidents. This increase is likely driven by high employee turnover and easy access to phishing kits. Meanwhile, “RansomHub” is rising rapidly due to its attractive ransomware-as-a-service (RaaS) model.

Cyber Attacks

Zero Day

JUNE 22, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions.   Think you've been involved in a data breach?

Passwords

Security Affairs

OCTOBER 27, 2024

CISA adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812 Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment Internet Archive was breached twice in a month Unknown threat actors exploit Roundcube Webmail flaw (..)

Data breaches

Krebs on Security

JULY 10, 2025

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods , and the British food retailer Co-op Group. KrebsOnSecurity has learned the identities of two of the suspects. ”

Cybercrime

Zero Day

JUNE 20, 2025

We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions.   Think you've been involved in a data breach?

Passwords

Duo's Security Blog

DECEMBER 12, 2022

The Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) just released the 2022 Holiday Season Cyber Threat Trends report that reveals the most prevalent malware tools leveraged by cyber criminals this year, with phishing and fraud dominating the list.

Retail

Security Boulevard

APRIL 18, 2023

Phishing attacks continue to be one of the most significant threats facing organizations today. As businesses increasingly rely on digital communication channels, cybercriminals exploit vulnerabilities in email, SMS, and voice communications to launch sophisticated phishing attacks.

Phishing

Duo's Security Blog

FEBRUARY 16, 2022

With growing concerns around security, ransomware and retail breaches, there are a few key considerations that retailers should keep in mind when it comes to protecting their organizations. Retail’s great “digital transformation” sped up, as did the number of data breaches impacting retail. Data breach costs rose from $3.86

Retail

The Hacker News

NOVEMBER 22, 2022

The Luna Moth campaign has extorted hundreds of thousands of dollars from several victims in the legal and retail sectors. Palo Alto

Phishing

eSecurity Planet

MARCH 31, 2022

Approximately 83 percent of organizations said they faced a successful phishing attempt in 2021, up from 57 percent in 2020. This guide breaks down the different types of phishing attacks and provides examples to help organizations better prepare their staff to deal with them. What is Phishing? Spear Phishing.

Phishing

SC Magazine

MAY 11, 2021

An Office 365 retail pack. Raysonho @ Open Grid Scheduler / Grid Engine, CC0, via Wikimedia Commons). Researchers last week spotted a phishing campaign that leveraged an online email authentication solution from Zix, in hopes that potential victims would be lulled into a false sense of security.

Phishing

Trend Micro

DECEMBER 2, 2020

A recent phishing scam uses the name of a retail company to target users from France. The scheme employs a more targeted social engineering technique as it features each target's actual home address and phone number.

Social Engineering

The Last Watchdog

FEBRUARY 3, 2021

The intruders got in by tricking UScellular retail store employees into downloading malicious software on store computers. In this case of USCellular, rather than asking for ransom from the company, the criminals got access to the database and then can go after the individuals with attempts to phish for bank and credit card information.

Phishing

Malwarebytes

OCTOBER 27, 2023

Octo Tempest is believed to be a group of native English speaking cybercriminals that uses social engineering campaigns to compromise organizations all over the world. This can be done in a number of ways, but the most common ones involve social engineering attacks on the victim's carrier.

Social Engineering

SC Magazine

JUNE 24, 2021

A recently reported phishing and vishing campaign was designed to impersonate Geek Squad. A new blog post report has shone a light on the malicious practice known as voice phishing or vishing – a social engineering tactic that some cyber experts say has only grown in prominence since COVID-19 forced employees to work from home.

Phishing

CSO Magazine

NOVEMBER 21, 2022

Palo Alto’s Unit 42 has investigated several incidents linked to the Luna Moth group callback phishing extortion campaign targeting businesses in multiple sectors, including legal and retail. Luna Moth removes malware portion of phishing callback attack.

Phishing

IT Security Guru

MARCH 31, 2023

Phishing attacks, malicious links and social engineering are just a few of the tricks used by cybercriminals to obtain credentials and other valuable information. Phishing attacks are the one of the most common attack vectors used by cybercriminals.

Social Engineering

CyberSecurity Insiders

MARCH 15, 2023

Latitude offers ‘buy now-pay later’ facility to a number of Australian retailers such as David Jones and Harvey Norman has assured that it will post more details as soon as the investigation gets over.

Financial Services

SecureList

NOVEMBER 22, 2021

Fact 2: the retail sector, particularly e-commerce, has always been popular with cybercriminals. In Q3 2021 , online stores were in second place by share of recorded phishing attacks (20.63%). Amazon was consistently the most popular lure used by cybercriminals to launch phishing attacks. Phishing Threats by the Numbers.

Scams

SecureList

NOVEMBER 23, 2022

Today, e-commerce sales make up 21% of global retail sales, which is a 50% increase on the pre-pandemic levels. In this research, we analyze various types of threats, such as financial malware and phishing pages mimicking the world’s biggest retail platforms, banking and payment systems, and discuss recent trends.

Phishing

Krebs on Security

DECEMBER 29, 2022

Big Yellow and Avira weren’t the only established brands cashing in on crypto hype as a way to appeal to a broader audience: The venerable electronics retailer RadioShack wasted no time in announcing plans to launch a cryptocurrency exchange. It emerges that email marketing giant Mailchimp got hacked.

Cryptocurrency

SC Magazine

MARCH 29, 2021

Today’s columnist, Yonatan Israel Garzon of Cyberint, says that the online boom during the pandemic has caused serious security issues for online retailers. At the same time, retailers have been forced to extend their online services to a breaking point, while often involving third parties in their supply and logistics chains.

Retail

Security Boulevard

FEBRUARY 10, 2025

As phishing attacks continue to evolve, so should our defenses. Phishing predictions for 2025In our ThreatLabz 2024 Phishing Report, we shared the following key predictions for the year to come: Prediction 1: AI vs. AI will be an enduring challengeEnhanced AI capabilities increase the speed, scale, and automation of cyberattacks.

Phishing

Security Affairs

SEPTEMBER 3, 2023

Being Used to Phish So Many of Us? Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hacks QakBot, Quietly Removes Botnet Infections Under Siege: Rapid7-Observed Exploitation of Cisco ASA SSL VPNs Why is.US

Social Engineering

Appknox

JUNE 23, 2022

Thus, these Australian attacks significantly contribute to the rising trend in socially engineered attacks. The lockdowns have made on-demand retail and mCommerce a permanent fixture among Australian users who share their transaction details without any qualms. Common Trends Among the Australian Mobile Threats.

Social Engineering

SecureWorld News

AUGUST 4, 2022

Most recently, a former T-Mobile retail store owner was convicted for stealing employee credentials to illegally access internal computer systems and unlock and unblock cellphones. The former store owner used various phishing techniques to steal T-Mobile employee credentials. How was he unlocking these phones?

Mobile

Security Affairs

JULY 4, 2022

The submissions were classified as either phishing or malware. Phishing and Malware Q2 2022. The results depicted in Figure 1 show that phishing campaigns (68,9%) were more prevalent than malware (31,1%) during Q2 2022. A growing trend in phishing submissions was observed in Q2 (2630), with malware having 31.1%

Threat Reports