---
title: "Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport | DMARC Report"
description: "Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport from DMARC Report explains practical steps for email authentication, domain."
image: "https://dmarcreport.com/og/blog/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport.png"
canonical: "https://dmarcreport.com/blog/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Finsufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Insufficient%20Cybersecurity%20Training%2C%20FakeCall%20Malware%20Threat%2C%20Women%20Duped%20Airport&url=undefined%2Fblog%2Finsufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Finsufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Finsufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport%2F&title=Insufficient%20Cybersecurity%20Training%2C%20FakeCall%20Malware%20Threat%2C%20Women%20Duped%20Airport "Share on Reddit") [ ](mailto:?subject=Insufficient%20Cybersecurity%20Training%2C%20FakeCall%20Malware%20Threat%2C%20Women%20Duped%20Airport&body=Check out this article: undefined%2Fblog%2Finsufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport%2F "Share via Email")
> From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-17623” readonly/>
```
```
Once again, we are here with our weekly dose of cyber news that helps you stay well-informed and ahead of the [threat actors](https://cybersecuritynews.com/facebook-account-hijack-malware/). This week, we will shed light on the significance of \*\*cybersecurity training in organizations, learn in detail about [FakeCall Android malware](https://www.tomsguide.com/computing/malware-adware/this-nasty-android-trojan-is-hijacking-calls-to-your-bank-and-sending-them-to-hackers-how-to-stay-safe), and learn about the nightmarish experience of an Indian woman in Bengaluru airport.
Without any delay, let’s get started!
## Limited cybersecurity training leads to cyberattacks in organizations!
[Cybersecurity](https://dmarcreport.com/blog/major-cybersecurity-trends-that-will-reign-in-2024/) training should be made mandatory across all levels of an organization. However, \*\*cybersecurity executives hardly prioritize 360-degree training and restrict the same only to developers. They overlook the significance of all-encompassing awareness efforts.
Their main goal is to \*\*stay relevant and create a security culture rather than preventing potential data breaches and [cyber threats](https://www.ncsc.gov.uk/news/five-eyes-cyber-leaders-provide-threat-briefing-at-major-us-conference). They keep in mind other factors such as financial costs, client satisfaction, and so on.
Another factor that often leads to cybersecurity attacks on organizations is the lack of customized **security mechanisms**. _One-size-fits-all security solutions do not work as effectively as customized ones_.
Because of inadequate cybersecurity training, not everyone in an organization is competent enough to **combat security threats**. Lack of awareness and resources often result in severe [data breaches](https://securityintelligence.com/news/national-public-data-breach-publishes-private-data-billions-us-citizens/) and monetary losses.
## FakeCall Android malware makes it convenient for threat actors!
Threat actors are getting more sophisticated with their attacking tactics every passing day. FakeCall is the latest addition to their attacking kit, which has amped up the [vishing and smishing attempts](https://www.kroll.com/en/insights/publications/cyber/monitor/vishing-smishing-attacks). This malware enables the attackers to get better control over the **compromised devices**, which they can use to carry out other [malicious activities](https://www.msspalert.com/news/mssp-market-news-malicious-activity-spikes-after-crowdstrike-outage).
Experts have been tracking this malware since 2022\. This malware convinces victims to call fake numbers which are controlled by threat actors. Further, [cybercriminals](https://www.bleepingcomputer.com/news/security/police-seize-over-100-malware-loader-servers-arrest-four-cybercriminals-operation-endgame/) \*\*impersonate employees from prestigious finance institutions and trick the victims into sharing sensitive details.
The best thing about FakeCall is its attacker-controlled, [command-and-control (C2) server](https://hunt.io/glossary/command-and-control-server-c2), which enables the threat actors to carry out multiple deceiving activities. The malware allows threat actors to **control the calls of an Android user**. Also, it gives complete access and various Android permissions , which further helps cybercriminals carry out malicious activities.
The latest [research ](https://www.zimperium.com/blog/mishing-in-motion-uncovering-the-evolving-functionality-of-fakecall-malware/)suggests that FakeCall allows attackers to \*\*control victims’ device activity more closely. Basically, this malware facilitates a seamless integration with the victim’s [Android devices](https://therecord.media/android-spyware-kaspersky-russian-targets). This helps the threat actor to avoid any kind of [threat detection](https://www.techtarget.com/searchsecurity/tip/How-AI-could-change-threat-detection).
_FakeCall malware gives scammers complete Android Accessibility Service access and helps them capture all the information clearly displayed on the screen_. Threat actors can easily access [sensitive user data](https://www.imperva.com/learn/data-security/sensitive-data/),\*\* intercept important calls\*\*, and manipulate user interfaces.
FakeCall can mimic legit interfaces, thereby evading any kind of [user detection](https://www.rapidspike.com/blog/malicious-user-detection/).
When a naive user downloads a malicious [APK file](https://www.gizchina.com/2020/06/04/android-11-google-makes-it-difficult-to-install-apk-files/) unknowingly, the FakeCall malware starts working in the background. Users get \*\*prompted to set the app as the default call manager.\_ The moment the user sets it as the default call handler, FakeCall gets access to all incoming and outgoing calls\_. Users then get to see a custom interface that looks exactly like a legit Android dialer.
## Indian women got duped at Bengaluru airport while downloading a lounge pass app!
On 29th September , an Indian woman named \*\*Bhargav Mani got scammed at the world-class Bengaluru airport. All she wanted was to access the airport lounge by downloading the lounge pass app. However, she downloaded the same from a [malicious link](https://www.computerweekly.com/news/366544395/Malicious-URL-volumes-soar-as-cyber-criminals-pull-on-Threads), which was allegedly ranking at the top of [Google’s search engine page](https://www.usatoday.com/story/tech/tips/2024/08/17/dont-want-to-google-it-these-alternative-search-engines-are-worth-exploring/74820539007/). _As a result, threat actors got access to her phone calls and OTPs. Bhargav was unaware of all these and did not even use the lounge_.
She continued with her journey and later got busy with a \*\*medical emergency in her family.
Fifteen days later, she got her [credit card bill](https://www.npr.org/2024/05/14/1251295805/credit-cards-debt-inflation), and that’s when she realized that her card had been swiped and a transaction worth $1035 had taken place, of which she was completely unaware. Bhargav immediately got in touch with her bank (HDFC) as well as the **Bengaluru authority airport authorities**. Her credit card has also been blocked for security purposes. She had also filed a cybercrime report with the concerned authorities.
The Bengaluru airport authority wanted to share the images of those \*\*staff members with whom Bhargav had interacted on that fateful day. _However, Bhargav is unable to recognize any of them as she was too exhausted on that day_.
Bhargav is not blaming the airport authority for the scam. Rather, she is aware that threat actors got access to her phone through the [spoofed link](https://mediatrust.com/media-center/real-fake-news-spoofed-domains-are-targeting-major-media-outlets/) that somehow was ranking high on Google’s first page . She believes that such attacks are a part of bigger, organized cybercrimes. Women have fallen victim to scams involving [email spoofing](https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/) and [phishing attacks](https://thehackernews.com/2024/03/new-strelastealer-phishing-attacks-hit.html) that bypass security measures like [DMARC](https://dmarcreport.com/), [SPF](https://dmarcreport.com/what-is-spf/), and [DKIM](https://dmarcreport.com/what-is-dkim/), highlighting the need for \*\*improved awareness and education on [email security](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) protocols.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ email security ](/tags/email-security/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Vasile Diaconu ](/authors/vasile-diaconu/)
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)[ Foundational 4m Ambient Light Spying, Cybersecurity Prices Drop, Euro 2024 Threats Jul 10, 2024 ](/blog/ambient-light-spying-cybersecurity-prices-drop-euro-2024-threats/)[ Foundational 4m Banks Drop OTPs, Major Cyber Heist, Spying Spouses Arrested Jul 18, 2024 ](/blog/banks-drop-otps-major-cyber-heist-spying-spouses-arrested/)[ Foundational 4m Car Cameras Hackable, UK Water Breach, Thailand Frees Captives Feb 28, 2025 ](/blog/car-cameras-hackable-uk-water-breach-thailand-frees-captives/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport","description":"Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport from DMARC Report explains practical steps for email authentication, domain.","url":"https://dmarcreport.com/blog/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport/","datePublished":"2024-10-31T11:36:54.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-10-31T11:36:54.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport/"},"articleSection":"foundational","keywords":"dkim, DMARC, email security, News, SPF","wordCount":1094,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport","item":"https://dmarcreport.com/blog/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport/"}]}
```