Cyber News

IMPORTANT NOTICE: First State Bank of Uvalde will not initiate communication with customers by email, text message, or by telephone to inquire about recent transactions or request important personal information such as your name, account number, date of birth, social security number, card numbers, personal identification number (PIN) or security codes associated with your Debit Card, or your Online Banking User ID or password.

For more security tips visit our Security Tips Page!

Scam of the week 6/25/2025

Don’t Sail with These Scammers

This week, cybercriminals are targeting travelers by using online advertisements as part of a scam, also known as “malvertising”. If you book an ocean cruise and have questions about your reservation, you probably search Google to find a customer service phone number. The top search result is a sponsored Google Ad that appears legitimate, and even contains a phone number.

If you call the number in the ad, you are connected to an “agent” who claims to have found a much cheaper deal for your trip. They offer to cancel and rebook it at the lower rate, but they will need your credit card number to secure the deal for you. However, this person doesn't work for the cruise line. The ad is fake, and the number you called connects you to a cybercriminal. They don’t actually want to help you with your travel plans, but they do want to steal your credit card number and money!

Follow these tips to avoid falling victim to a malvertising scam:

Beware of big discounts or prices that are suspiciously low. If a deal seems too good to be true, it probably is.
Remember that anyone can purchase Google Ads, including cybercriminals. Just because an ad looks official doesn’t mean it’s safe to click.
Always contact cruise lines directly through their websites and official phone numbers. If you’re new at booking travel, contact a reputable travel agent for help.

Roughly 16 billion passwords have leaked online, including from Google, Facebook and Apple

NEW YORK — Researchers at cybersecurity outlet Cybernews say that billions of login credentials have been leaked and compiled into datasets online, giving criminals “unprecedented access” to accounts consumers use each day.

Russian Threat Actor Uses Social Engineering to Compromise Google Accounts

Researchers at Google observed a Russian state-sponsored phishing campaign that attempted to compromise users' Google accounts by tricking them into handing over application-specific passwords. The attackers built trust by conversing with the victims before initiating the attack.
"In cooperation with external partners, Google Threat Intelligence Group (GTIG) observed a Russian state-sponsored cyber threat actor impersonating the U.S. Department of State," the researchers write.
"From at least April through early June 2025, this actor targeted prominent academics and critics of Russia, often using extensive rapport building and tailored lures to convince the target to set up application-specific passwords (ASPs). Once the target shares the ASP passcode, the attackers establish persistent access to the victim's mailbox."
ASPs are legitimate features included with Google accounts, but many users are unfamiliar with them and may inadvertently fall for this attack.
"Targets who responded received an email with a benign PDF lure attached. The State Department themed lure is customized to the target and contains instructions to securely access a fake Department of State cloud environment.
"This included directing victims to go to https://account[.]google[.]com and create an Application Specific Password (ASP) or 'app passwords.' ASPs are randomly generated 16-character passcodes that allow third-party applications to access your Google Account, intended for applications and devices that do not support features like 2-step verification (2SV). To use an ASP you must set it up and provide a name for the application."
Google notes that setting up an ASP isn't recommended and usually isn't necessary. Users should avoid this feature unless they know what they're doing, and you should be very suspicious if a third party asks you to set up one of these passwords.
"Users have complete control over their ASPs and may create or revoke them on demand," Google explains. "Upon creation, Google sends a notification to the corresponding account Gmail, recovery email address, and any device signed in with that Google account to ensure the user intended to enable this form of authentication."
KnowBe4 enables your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 Human Risk Management platform to strengthen their security culture and reduce human risk.
Google has the story:
https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia

Europol Warns of Social Engineering Attacks

Social engineering remains a primary initial access vector for cybercriminals, according to a new report from Europol.
"Social engineering, which exploits human error to gain access to systems or personal information, stands out as a prominent technique used by criminal actors in this context," Europol says. "Initial Access Brokers (IABs) have been increasingly focused on using such techniques for the acquisition of valid account credentials as an entry point to the victims' systems.
"This initial access can then be leveraged in a multitude of ways by criminal actors. For example, access credentials for remote services are widely used by ransomware groups and their affiliates to compromise corporate networks, which can lead to data theft (exfiltration) and the deployment of ransomware."
The report also warns of a surge in infostealer malware, allowing criminals to gather information that can be used in future attacks.
"Phishing techniques are the main vector for the distribution of infostealers," Europol says. "Criminals use a variety of methods to achieve this, including sending emails, text messages, or messages on social media that contain malicious attachments or URLs which introduce malware into the victim's system.
"Malicious websites are also propagated through search engine advertising tools and search engine optimization (SEO) poisoning. In the latter case, criminals manipulate web search results to lead users to websites containing malware."
Europol also notes that AI tools have increased the effectiveness of social engineering attacks, enabling threat actors to easily generate convincing lures. "The efficacy of many of the aforementioned social engineering techniques has been improved by the wider adoption of LLMs and other forms of generative artificial intelligence (genAI)," the researchers write.
"Phishing texts and scripts, generated to incorporate the language and cultural nuances of the victims' location, can improve the efficacy of campaigns. Recent research on the topic indicates that phishing messages generated by LLMs have a significantly higher click-through rate than those likely written by humans."
Europol has the story:
https://www.europol.europa.eu/media-press/newsroom/news/steal-deal-repeat-cybercriminals-cash-in-your-data