Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport

From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-17623">
						<source src="https://media.mailhop.org/dmarcreport/images/2024/10/Insufficient-Cybersecurity-Training-FakeCall-Malware-Threat-Women-Duped-Airport.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H1M50S">1:50</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-17623" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-17623" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-17623" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-17623" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport/&t=Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport/&url=Insufficient Cybersecurity Training, FakeCall Malware Threat, Women Duped Airport" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2024/10/Insufficient-Cybersecurity-Training-FakeCall-Malware-Threat-Women-Duped-Airport.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/insufficient-cybersecurity-training-fakecall-malware-threat-women-duped-airport/" class="input-link input-link-17623" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-17623" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-17623” readonly/>

					<button class="copy-embed copy-embed-17623" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Once again, we are here with our weekly dose of cyber news that helps you stay well-informed and ahead of the threat actors. This week, we will shed light on the significance of **cybersecurity training in organizations, learn in detail about FakeCall Android malware, and learn about the nightmarish experience of an Indian woman in Bengaluru airport.

Without any delay, let’s get started!

Limited cybersecurity training leads to cyberattacks in organizations!

Cybersecurity training should be made mandatory across all levels of an organization. However, **cybersecurity executives hardly prioritize 360-degree training and restrict the same only to developers. They overlook the significance of all-encompassing awareness efforts.

Their main goal is to **stay relevant and create a security culture rather than preventing potential data breaches and cyber threats. They keep in mind other factors such as financial costs, client satisfaction, and so on.

Another factor that often leads to cybersecurity attacks on organizations is the lack of customized security mechanisms. One-size-fits-all security solutions do not work as effectively as customized ones.

Because of inadequate cybersecurity training, not everyone in an organization is competent enough to combat security threats. Lack of awareness and resources often result in severe data breaches and monetary losses.

FakeCall Android malware makes it convenient for threat actors!

Threat actors are getting more sophisticated with their attacking tactics every passing day. FakeCall is the latest addition to their attacking kit, which has amped up the vishing and smishing attempts. This malware enables the attackers to get better control over the compromised devices, which they can use to carry out other malicious activities.

Experts have been tracking this malware since 2022. This malware convinces victims to call fake numbers which are controlled by threat actors. Further, cybercriminals **impersonate employees from prestigious finance institutions and trick the victims into sharing sensitive details.

The best thing about FakeCall is its attacker-controlled, command-and-control (C2) server, which enables the threat actors to carry out multiple deceiving activities. The malware allows threat actors to control the calls of an Android user. Also, it gives complete access and various Android permissions , which further helps cybercriminals carry out malicious activities.

The latest research suggests that FakeCall allows attackers to **control victims’ device activity more closely. Basically, this malware facilitates a seamless integration with the victim’s Android devices. This helps the threat actor to avoid any kind of threat detection.

FakeCall malware gives scammers complete Android Accessibility Service access and helps them capture all the information clearly displayed on the screen. Threat actors can easily access sensitive user data,** intercept important calls**, and manipulate user interfaces.

FakeCall can mimic legit interfaces, thereby evading any kind of user detection.

When a naive user downloads a malicious APK file unknowingly, the FakeCall malware starts working in the background. Users get **prompted to set the app as the default call manager._ The moment the user sets it as the default call handler, FakeCall gets access to all incoming and outgoing calls_. Users then get to see a custom interface that looks exactly like a legit Android dialer.

Indian women got duped at Bengaluru airport while downloading a lounge pass app!

On 29th September , an Indian woman named **Bhargav Mani got scammed at the world-class  Bengaluru airport. All she wanted was to access the airport lounge by downloading the lounge pass app. However, she downloaded the same from a malicious link, which was allegedly ranking at the top of Google’s search engine page. As a result, threat actors got access to her phone calls and OTPs. Bhargav was unaware of all these and did not even use the lounge.

She continued with her journey and later got busy with a **medical emergency in her family.

Fifteen days later, she got her credit card bill, and that’s when she realized that her card had been swiped and a transaction worth $1035 had taken place, of which she was completely unaware. Bhargav immediately got in touch with her bank (HDFC) as well as the Bengaluru authority airport authorities. Her credit card has also been blocked for security purposes. She had also filed a cybercrime report with the concerned authorities.

The Bengaluru airport authority wanted to share the images of those **staff members with whom Bhargav had interacted on that fateful day. However, Bhargav is unable to recognize any of them as she was too exhausted on that day.

Bhargav is not blaming the airport authority for the scam. Rather, she is aware that threat actors got access to her phone through the spoofed link that somehow was ranking high on Google’s first page . She believes that such attacks are a part of bigger, organized cybercrimes. Women have fallen victim to scams involving email spoofing and phishing attacks that bypass security measures like DMARC, SPF, and DKIM, highlighting the need for **improved awareness and education on email security protocols.