Understanding Security Support Scams: A Comprehensive Analysis

Security support scam website impersonating Apple.

Key Topics and Findings: Overview In today’s interconnected world where practically all employees use the internet, the prevalence of security support scams and other social engineering sites remains a concern. In a threat post specifically about Microsoft security scam websites, our Threat Research team discussed recent web pages impersonating Microsoft that are falsely claiming a […]

From Google Search to Microsoft Security Scam

Image of a Microsoft security scam site.

Key Findings: Overview Keep Aware’s Threat Research division identified a recent batch of fraudulent Microsoft support sites. While these scam campaigns are not novel, they persist as an online security risk for all internet users. The scam sites impersonate Microsoft, deceive the user into thinking their machine is infected, and prompt the user to call […]

Browser Notifications Hijacking via DDoS-Protection Mimicry 

Browser Notifications Hijacking Blog

Key Findings: Overview Keep Aware’s Threat Research team has identified a browser notifications hijacking campaign that impersonates a Russian-based distributed denial of service (DDoS) protection company’s challenge page. This campaign tricks the user into allowing browser notifications and subsequently bombards them with dubious notifications, masquerading as McAfee or Windows Defender alerts, falsely claiming that the […]

Addressing the Risks of Using Prompt-Based AI Tools: A Proactive Strategy

Key Takeaways: Employees are Capitalizing on Prompt-Based AI Tools There has been a trend across industries where businesses are flocking to integrate AI into their technology stack, with the ultimate goal of increasing efficiency and/or efficacy. Alongside this trend, though, employees have been integrating prompt-based AI tools, such as OpenAI’s well-known tool ChatGPT, into their […]

MFA and Blindspots: Solidifying Your Authentication Strategy with MFA and Visibility

Key Takeaways: Implementing MFA Is Important.. But It Has Its Blindspots Most IT and cybersecurity have heard of multi-factor authentication (also known as MFA, two-factor authentication, 2FA). MFA represents a crucial step forward in the realm of digital security, effectively bolstering the protection of credentials. Protecting credentials by implementing MFA significantly reduces your organization’s risk […]

Malicious Extensions: Uncovering Add-ons that Manipulate Search Behavior

An examination of how malicious extensions infiltrate organizations, bypassing network and endpoint security measures. The analysis reveals strategies used by attackers to capture and monitor user inputs, enabling adversarial groups to harbor sensitive data of users and generate illicit ad revenue. Key Takeaways Introduction Keep Aware’s Threat Research team is looking closely into malicious extensions […]