Humanitarian Cyber Surge, Unsubscribe Scam Alert, SEO Boosts Phishing

Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

Humanitarian Cyber Surge, Unsubscribe Scam Alert, SEO Boosts Phishing

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-28732">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/06/Humanitarian-Cyber-Surge-Unsubscribe-Scam-Alert-SEO-Boosts-Phishing.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M18S">2:18</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-28732" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-28732" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-28732" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-28732" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/humanitarian-cyber-surge-unsubscribe-scam-alert-seo-boosts-phishing/&t=Humanitarian Cyber Surge, Unsubscribe Scam Alert, SEO Boosts Phishing" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/humanitarian-cyber-surge-unsubscribe-scam-alert-seo-boosts-phishing/&url=Humanitarian Cyber Surge, Unsubscribe Scam Alert, SEO Boosts Phishing" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/06/Humanitarian-Cyber-Surge-Unsubscribe-Scam-Alert-SEO-Boosts-Phishing.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/humanitarian-cyber-surge-unsubscribe-scam-alert-seo-boosts-phishing/" class="input-link input-link-28732" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-28732" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-28732” readonly/>

					<button class="copy-embed copy-embed-28732" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Hey people! We are three weeks down in June, just like that! With that, we bring to you the third bulletin of the month. Are you excited to **stay up-to-date about the latest cyber incidents happening around the globe? If yes, here’s the good news. We are back with our fresh dose of global cyber facts. This week, we will talk about how cybercrooks are using SEO tactics to push phishing pages high up the search results. Also, our focus will be on the new Gmail scam. Lastly, we will discuss the steep rise in the incidents of cyberattacks on humanitarian organizations.

So, if you are all set to dive deeper, let’s get started!

Global humanitarian organizations see a steep rise in cyber incidents!

There has been a massive 241% spike in the number of cyberattacks on **humanitarian organizations worldwide in just 12 months. Distributed Denial of Service or DDoS is the most dominant form of attacks. CyberPeace Institute, an entity that gathers data and information around cyber conflicts, shared that opportunistic attacks are becoming the new normal for nonprofit enterprises.

Since nonprofit organizations operate on a low budget, it is difficult for them to set up high-end cybersecurity systems . Only 15% of all global humanitarian organizations have a cybersecurity expert on board. Journalism entities, social welfare organizations, environmental and humanitarian entities are being attacked left, right, and center by threat actors.

Nonprofit organizations are not only ‘cyber poor’ but also the prime targets of repressive government regimes, political hacktivists and foreign adversaries.

**Journalism organizations are the worst hit among all the nonprofit entities in the last month. What’s worse is that cyberattacks are getting more sophisticated with every attempt. Cybercrooks are even using deepfakes to wipe away sensitive data.

The only way out is to have a solid cybersecurity mechanism in place to combat the increasing number of cyber incidents. Cybersecurity systems use DMARC, DKIM, and SPF protocols to authenticate emails, prevent spoofing, and protect against phishing attacks.

You may want to think twice before hitting that ‘Unsubscribe’ button- New scam alert!

Phishing attacks are on the rise in Gmail as well as other email systems. Cybercrooks are using malicious ‘Unsubscribe’ links to carry out phishing attacks and information theft. Clicking on these fraudulent links will redirect users to fake pages and phishing sites, potentially compromising personal details.

Threat actors have discovered a new scam in which they add tracking codes to unsubscribe buttons in emails. These tracking codes enable cybercrooks to determine whether or not the account is active. They then sell out the active email IDs in dark forums at premium pricing. The CTO at DNSFilter claims that **1 out of 644 unsubscribe buttons is likely to contain tracking code, and it can successfully redirect unaware users to phishing sites.

The best way to prevent being scammed through a malicious unsubscribe link is to use the ‘in-app unsubscribe’ feature that you get with Outlook or Gmail.

Cyberattackers are using search engine optimization to rank the phishing pages high in SERPs!

If you think search engine optimization or SEO is just meant for **boosting traffic to your website, you need to know this: Threat actors have started using SEO to push phishing pages up the search engine results. Researchers have found that threat actors are using code-injected web pages in order to manipulate the search engines so that the algorithm pushes the compromised content and redirects the users to phishing sites.

Andrew Sebborn , an analyst at Netcraft, believes that cyberattackers inject legitimate web pages with embedded JavaScript and URL keywords that can redirect unaware users to malicious pages. The injected content tends to be subtle and can easily evade detection. It easily manipulates Google’s PageRank system. Threat actors often choose sites with high DA value, such as .gov, .edu, and Country Code TLDs. Google assumes that such domains are of great relevance and prioritizes these pages in search engine page results.

The Netcraft researchers have found out that SEO optimization services for carrying out malicious activities are being offered for as little as $1 per site. Apart from injecting legitimate pages, these SEO services also include adding selected phrases and keywords to the pages in order to generate search engine traffic and get visibility high up in the search results.

The ultimate goal of the cybercrooks is to keep the users unaware of the attack and convince them that they are being directed to a legitimate search results page. Such attacks are designed to harvest personal and sensitive data from users, including login credentials, bank account numbers, credit card details, and more.

Cyberawareness is, therefore, no longer a luxury but a necessity in today’s time. Next time you proceed to click on a top-ranking search result , make sure you take a close look at the URL and meta description. If there’s any anomaly or irregularity, simply avoid clicking on the link.