Netcrook
Security Awareness & Social Engineering / North America
WhatsApp Scam Playbook: how trust is turned into a cashout
The danger is not a break in WhatsApp’s code, but a social-engineering chain that turns familiar chat habits into financial loss.
Search Hijack: Fake Claude Code Pages Turn a Routine Install Into a Malware Trap
A reported SEO poisoning campaign impersonates the Claude Code setup path, showing how developer trust in search results can become an entry point for infostealers.
When Phishing Stops Looking Like Phishing
The lure is still familiar, but the payload is changing: attackers are leaning on infostealer malware to quietly collect passwords and other sensitive data after the click.
Fake AI Installer Pages Turn Search Traffic Into a Malware Trap
A search-led impersonation of Claude Code shows how modern social engineering can turn setup curiosity into an execution path for a reported .NET infostealer.
Android Takes Aim at the Scam Call That Sounds Too Real
Google has added a new Android anti-impersonation feature, fake call detection, to help blunt AI voice cloning and call spoofing as fraudsters make phone scams harder to spot.
When the Ad Slot Becomes the Trap: Fake ChatGPT Downloads Weaponize Search Trust
A lookalike download page and sponsored listings show how cybercriminals can turn search visibility into a malware delivery path.
Fake Enforcement Email Turns Chrome Extension Logins Into a High-Value Target
A pressure-filled copyright warning can be more than a scam: in the Chrome extension ecosystem, a stolen Google login may become a publishing foothold.
When a Fake AI Assistant Becomes the Trapdoor
A ClickFix-style campaign on Google Sites shows how trusted hosting and AI branding can turn a developer workflow into a credential and command-execution risk.
Fake Copyright Warnings Turn Chrome Extension Trust Into a Credential Trap
A pressure-heavy impersonation campaign targets extension publishers by borrowing the language of Google enforcement and the Chrome Web Store to push victims toward credential entry.
When a Fake Installer Becomes the Attack: How Developer Trust Is Being Turned Against Itself
A Google Sites lure impersonating Claude Code shows how ClickFix-style social engineering can push victims into running Windows commands that stage a reported in-memory stealer.
Fake Cloudflare Error Pages Turn Ordinary Texts Into a Mobile Phishing Trap
A smishing campaign is abusing familiar infrastructure-style error screens to make brand impersonation feel routine, urgent, and believable on small screens.
Google Moves Android Toward Identity Checks for Scam Calls
A new Android protection is meant to spot calls that impersonate trusted contacts, signaling a shift from simple spam filtering to stronger trust controls.
When the Help Button Turns Hostile: Instagram Account Theft Through AI-Branded Trust
A social-engineering case involving Meta AI shows how attackers can weaponize support workflows, not by breaking the model, but by breaking the user’s confidence in it.
When a Leaked AI Key Becomes a Broadcast Machine
A reported Telegram influence campaign shows how stolen AI credentials can be turned into a content engine, with the real risk sitting in key management, not in a model exploit.
Fake Support, Real Risk: The Signal Backup-Key Trap Hiding Inside Chat
A support impersonation campaign is trying to turn one secret - the backup recovery key - into access to encrypted chat archives.
How a Friendly Voice Turns a Crypto Kiosk Into a One-Way Exit
Complaints tied to cryptocurrency ATMs describe millions of dollars in losses, with Texas and Florida near the top of the list and victims allegedly guided step by step through the cash-out.
When a Browser Becomes a Trap: CypherLoc and the Fake-Support Playbook
A browser-based scareware campaign shows how fear, interruption, and social pressure can be turned into a fraud engine.
Scareware’s New Trick: Turning a Fake Help Desk Into a Fraud Engine
A campaign built around CypherLoc shows how social engineering can be packaged, repeated, and scaled by making urgency look like technical support.
33 Years for Sextortion: Why Coercion Alone Can Be a High-Impact Cyber Crime
A guilty plea and a long prison term in a case involving more than 145 children show how online abuse can inflict serious harm without a breached server or malware campaign.
Fake Profiles, Real Harm: A Sentence That Exposes Social Media’s Weakest Link
A 33-year prison term in a child-exploitation case shows how fake accounts can be used to contact minors and turn ordinary social platforms into tools of coercion.