CyberheistNews Vol 15 #29 [Jawdropper] AI Is Luring Vacationers to Locations That Do not Even Exist!

[Jawdropper] AI Is Luring Vacationers to Locations That Do not Even Exist!

We have seen AI generate artwork, write code and even compose music. However now it is crafting a brand new sort of rip-off: pretend journey locations.

In response to TechRadar, cybercriminals are utilizing generative AI instruments to create web sites, movies and itineraries for trip spots that do not exist. The rip-off is surprisingly efficient. AI can conjure up hyper-realistic images, convincing evaluations and professional-looking reserving websites. For victims dreaming of a getaway, it is easy to be fooled.

These journey scams normally begin with focused social media adverts or electronic mail promotions providing luxurious getaways at rock-bottom costs. As soon as customers click on by way of, they’re proven photorealistic pictures of luxurious resorts or scenic cities, some even backed by “buyer testimonials” generated by AI. Victims pay deposits or full charges for the journey, solely to find the vacation spot is a fiction.

This is not nearly misplaced cash. These scams erode belief in on-line bookings and digital content material. And as generative AI improves, recognizing fakes turns into tougher.

So how are you going to shield your self and your loved ones?

Begin with skepticism. Confirm locations on unbiased sources like Google Maps or journey boards. Do not rely solely on lovely pictures or glowing evaluations, particularly from new web sites with no established credibility. If the deal feels too good to be true, it most likely is.

And at last, that is one other reminder that AI is a double-edged sword. Whereas it is reworking industries, it is also arming cybercriminals with highly effective instruments for deception. Keep alert. Keep skeptical. And at all times double-check earlier than you e-book that dream trip.

[VIDEO!] An Article at TechRadar. Present this Jawdropper to your loved ones. I did.
https://www.techradar.com/computing/artificial-intelligence/ai-is-tricking-people-into-traveling-to-places-that-dont-exist-and-we-all-need-to-learn-to-avoid-these-scams?

[Live Demo] Cease Misdirected Emails and Knowledge Loss Earlier than They Occur with KnowBe4 Stop

With 376 billion emails despatched each day, your group faces unprecedented dangers from human error and misdirected communications. The human ingredient, concerned in 68% of knowledge breaches, creates outbound-based threats costing hundreds of thousands in penalties and fame injury yearly.

KnowBe4’s knowledge reveals a surprising actuality: organizations detect solely 10% of outbound electronic mail safety incidents, leaving your corporation dangerously susceptible.

Be part of our reside demo to see how KnowBe4 Stop seamlessly integrates into M365 to establish dangerous communications earlier than they result in breaches.

See KnowBe4 Stop in motion as we present you tips on how to:

• Stop pricey errors with real-time alerts that cease misdirected emails and unauthorized file sharing
• Detect and block knowledge exfiltration makes an attempt earlier than delicate data leaves your group
• Interact customers with an unobtrusive, real-time threat evaluation as they compose an electronic mail
• Achieve complete visibility into outbound electronic mail threat throughout your group
• Implement data boundaries that hold you compliant with business laws

Strengthen your safety posture with AI-native clever electronic mail safety that identifies and stops dangerous communications earlier than injury happens, closing the essential safety hole conventional options miss.

Date/Time: Wednesday, July 23 @ 1:00 PM (ET)

Save My Spot:
https://information.knowbe4.com/prevent-live-demo?partnerref=CHN

[Heads Up] Look ahead to New Assaults on Your Browser-Based mostly AI Brokers

By Roger Grimes

We’re working tirelessly on our AI First technique to higher shield each people and their AI instruments.

KnowBe4 and its advocates spend quite a lot of time speaking to audiences about AI-enabled threats, and rightly so, as just lately lined in dozens of earlier posts. After which OpenAI launched their Browser Agent…

This yr and subsequent promise to be an explosion of cyber threats higher enabled by AI. After years of claiming AI assaults could be coming, they’re right here and would be the manner that the majority cybercrime is dedicated forevermore. AI will allow cyberattacks to be sooner, extra profitable, extra pervasive and hyper customized.

Because the main Human Threat Administration (HRM) platform supplier, quite a lot of our consideration focuses on lowering human threat. We do that by way of a extremely dynamic platform that pushes technical defenses, safety consciousness coaching, and AI-enabled defenses.

We’re additionally working to guard the AI you employ to guard your self and enhance your productiveness. Attackers are crafting new methods to take advantage of AI in methods which might be more likely to be extra profitable than if people have been extra concerned.

We’ve beforehand lined how assaults towards your AI productiveness instruments can result in elevated disinformation, knowledge leaks and poor outcomes. There’s a new fear…assaults towards your browser-based AI brokers.

Browser-Based mostly AI Brokers

Browser-based AI brokers are a extra fashionable model of browser extensions and add-ins, which have been round for many years…solely with AI thrown in. Browser extensions have at all times been an enormous safety menace to folks’s browsers. A badly coded, weakly threat-modeled browser extension can simply undermine an in any other case very safe browser expertise.

Among the greatest exploits in historical past have been tied to assaults towards common browser brokers. Accordingly, many organizations, together with KnowBe4, considerably restrict which browser extensions will be added to co-workers’ browsers.

Browser extensions are naturally turning into extra AI-enabled and rising folks’s productiveness past earlier possible ranges. A variety of early generally used browser-based AI brokers contain elevated productiveness round electronic mail.

For instance, some browser-based AI brokers will cull your electronic mail inbox into extra usable groupings, which permit extra environment friendly dealing with. Different browser based mostly AI brokers will gladly discover free availability in your calendar to schedule conferences that have been initiated from an electronic mail.

Utilizing such a agent offers me an hour or two of my life again every week. Different browser-based AI brokers search for and forestall cyberattacks. I’ve seen a number of AI brokers that concentrate on defending your SMS messages.

[And this week OpenAI opened Pandora’s box with their agent, warning that this could be the victim of phishing and prompt injection.]

[CONTINUED] On the KnowBe4 Weblog:
https://weblog.knowbe4.com/knowbe4-protecting-you-and-your-ai

Measure Your Safety Tradition. 5 Minutes. Free Evaluation

Many organizations put money into safety coaching with no clear metrics for fulfillment, battle to reveal ROI to management, or miss essential gaps of their safety tradition. Sound acquainted?

That is why we have created our new free KnowBe4 Program Maturity Evaluation. It can assist consider your group throughout ten key dimensions of human threat administration.

In simply 5 minutes, you may get:

• A complete analysis throughout 10 essential safety dimensions
• Clear measurement of 40 Tradition Maturity Indicators
• Your group’s particular maturity stage (from Fundamental Compliance to Sustainable Safety Tradition)
• Sensible, actionable suggestions to strengthen your human protection layer
• A strategic roadmap to advance your safety tradition

In contrast to generic cybersecurity frameworks targeted on technical controls, the Program Maturity Evaluation zeroes in on what issues most—your folks. The straightforward-to-understand outcomes, not marketing consultant jargon, offers you instant steps to remodel checkbox compliance right into a measurable safety tradition.

After finishing the evaluation, you may obtain a complete report exhibiting your maturity stage and tailor-made suggestions discussing how KnowBe4’s HRM+ platform can speed up your maturity journey.

Begin measuring what really issues right this moment!

Begin Free Evaluation:
https://information.knowbe4.com/program-maturity-assessment-chn

Engineered To Evade: How Phishing Assaults Are Designed To Get By way of Your Safe E-mail Gateway

By Bex Bailey

Getting by way of safe electronic mail gateways (SEGs) is just the price of doing enterprise for a cybercriminal. Actually, detection on the perimeter by a SEG is identical as falling on the first hurdle.

SEGs have been adopted broadly, particularly in bigger organizations (though this image has began to alter lately – extra on that beneath).

Even the place organizations do not use a SEG, many native controls in electronic mail platforms (like Microsoft Trade) function utilizing the identical rules. So a cybercriminal can be pretty assured they’re going to have to get by way of no less than a SEG or related layer to achieve a goal’s inbox.

Cybercriminals will be extremely intelligent and, like most of us, they want or need to receives a commission on the finish of the day. If electronic mail safety expertise stands between them and no matter they’re planning, then they’re going to do all the things they will to evolve their assaults to bypass detection.

Here is some proof. Under is a screenshot taken from the darkish net. It reveals particulars of a subscription-based phishing toolkit with entry to 30+ model impersonation templates. It is marketed on the market at a month-to-month price of $300 or lifetime entry for $1,000, and comes with 24/7 assist.

Crucially, the payloads are assured to bypass named SEG distributors.

While you mix these particulars, they paint an attention-grabbing image. The cybercriminal promoting the package is hoping to create renewing prospects to generate ongoing enterprise. Any failure to ship on their ensures will injury this enterprise mannequin — so we will anticipate they’ll look to uphold their guarantees.

Weblog submit with hyperlinks and screenshots:
https://weblog.knowbe4.com/engineered-to-evade-how-phishing-attacks-are-designed-to-get-through-your-secure-email-gateway

2025 Phishing Risk Developments Report

Our Phishing Risk Developments Reviews convey you the most recent insights into the most well liked matters within the phishing assault panorama. In 2025, it has been in with the previous and in with the brand new, as cybercriminals use new strategies to “revive” the efficacy of present assaults.

Obtain this newest version to find:

• What’s driving a resurgence in ransomware delivered by phishing emails
• How cybercriminals have achieved a 47% enhance in assaults evading Microsoft’s native safety and safe electronic mail gateways
• Which jobs cybercriminals are more than likely to use for in your group
• How 92% of polymorphic assaults make the most of AI to attain unprecedented scale — and alter the phishing panorama for good
• Plus different prime phishing stats for 2025

Obtain Now:
https://information.knowbe4.com/phishing-threat-trends-report-chn

Let’s keep secure on the market.

Heat Regards,

Stu Sjouwerman, SACP
Founder and Exec Chair
KnowBe4, Inc.

PS: [VIDEO] Introduction to ChatGPT Agent. They warn towards phishing and immediate injection:
https://www.youtube.com/reside/1jn_RpbPbEc

You may learn CyberheistNews on-line at our Weblog
https://weblog.knowbe4.com/cyberheistnews-vol-15-29-jawdropper-ai-is-luring-travelers-to-places-that-dont-even-exist

Job Seekers Beware: Many Folks Are Falling for Employment Scams

Multiple in 10 individuals who have been focused by job scams this yr fell sufferer, based on a report from Resume.org. Youthful folks, significantly younger males, usually tend to fall sufferer.

“In whole, 14% of those that acquired a job rip-off textual content fell sufferer,” the report says. “Youthful staff usually tend to have fallen sufferer to the rip-off. Twenty p.c of Gen Zers fell for a job rip-off, adopted by 16% of millennials, 10% of Gen Xers, and simply 4% of boomers.

Males seem much more more likely to develop into victims, with 24% of Gen Z males and 31% of millennial males interacting with the rip-off.” One in three victims of those scams misplaced cash to the attackers, and 18 p.c stop their jobs or delayed actual interviews for a pretend supply.

“Of the individuals who engaged with the job rip-off textual content, practically half, 48%, say they shared private data with the sender, and 30% had cash stolen from their checking account or bank card,” the report says. “The quantity stolen assorted: 6 % misplaced lower than $100, 32% between $100 and $250, and 38% between $251 and $500.

“Moreover, 21% report losses of $501 to $1,000, whereas 3% say scammers took greater than $1,000. Additional, 22% of victims gave the scammers cash straight. The most typical purpose was being requested to pay upfront charges, one thing 84% of victims report.”

Kara Dennison, head of profession advising at Resume.org, said, “There are a number of causes youthful folks, particularly younger males, are extra susceptible to job scams. Many are early of their careers and have not but developed the instincts to identify purple flags.

“Monetary strain additionally performs a giant position, because the promise of quick, distant earnings is extremely interesting when going through scholar debt and rising residing prices.”

Customers can thwart these scams if they’ve a wholesome sense of suspicion and are skilled to acknowledge social engineering ways. “When requested what made the message appear suspicious, most say the truth that it got here by way of a textual content message as an alternative of a conventional job platform,” the researchers write.

“Others say the job description or firm particulars have been imprecise, the supply appeared too good to be true, or the message included poor grammar and an unprofessional tone. Some say they have been tipped off by the truth that they have been pressured to reply shortly or promised unrealistic pay.”

KnowBe4 empowers your workforce to make smarter safety choices day-after-day.

Resume.org has the story:
https://www.resume.org/3-in-10-young-men-targeted-by-job-scam-texts-fell-victim/

FTC Advisory: Find out how to Defend Your self Towards Job Scams

The U.S. Federal Commerce Fee (FTC) has issued an advisory warning of job scams that impersonate well-known corporations with tempting employment alternatives. The scammers try to steal customers’ private and monetary data in an effort to steal their cash or launch additional assaults.

“Scammy recruiters who declare to be recruiting for a big-name employer usually attain out by electronic mail or textual content with a distant job supply — generally from a private cellphone quantity or electronic mail account,” the FTC says. “You may get an electronic mail with an official-looking invitation for a digital interview together with details about your job duties and job advantages.”

If you happen to reply to a phony job supply, the scammers will try to rush by way of the method to stop you from considering clearly or asking others for recommendation.

“Earlier than you even interview, you may get an official-looking job supply together with paperwork that requires your private monetary data (supposedly for direct deposit),” the advisory says. “The recruiter will push for that data earlier than they reply your questions in regards to the job.

“In actuality, there isn’t any job and the ‘recruiter’ is a scammer. Actual employers will not ask for that sort of data earlier than they’ve really interviewed and employed you. The FTC affords the next recommendation to assist customers acknowledge these scams:

• “Take a look at the sender’s electronic mail tackle. Is the e-mail from a enterprise or a private electronic mail? Recruiters will typically electronic mail from a company electronic mail account, not from a private electronic mail like @gmail.com or @yahoo.com.
• They ask in your private data earlier than you interview. Scammers will ask in your driver’s license, Social Safety, or checking account quantity to fill out ’employment paperwork.’ Your delicate data could be the main focus of your ‘interview’ and so they may ask to get that data earlier than they’re going to speak about job duties.
• Take a look at the recruiter. Search on-line the title of the recruiter or their firm to see what you discover about them. Sort the title with phrases like ‘rip-off’ or ‘grievance.'”

Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and cut back human threat.

The FTC has the story:
https://shopper.ftc.gov/consumer-alerts/2025/07/job-scammers-are-looking-hire-you