SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords
6 snips
Jun 20, 2025 New hires beware! It only took two weeks for phishing attempts to target a fresh employee after they joined. Scammers are cunningly hijacking big-name websites to insert fake tech support numbers, leading users astray. Plus, there's a new wave of phishing focusing on academics, creatively convincing them to generate app-specific passwords for Google services. Stay alert!
AI Snips
Chapters
Transcript
Episode notes
Train New Employees Early
- Include new employees in phishing awareness training early.
- They are specifically targeted with urgent gift card scams shortly after starting.
New Employee Phishing Example
- Chris Crowley set up a new Google Workspace with a new employee.
- Within two weeks, phishing emails targeted this new employee with urgent gift card scams.
Hijacked Google Ads Inject Fake Numbers
- Attackers hijack Google ads to display fake tech support numbers on real company websites.
- They use search query injection to insert malicious phone numbers into the site's own search box.