Latest Threats

🟦 Phishing 🟥 BEC
🔴 High

Fake Payroll Emails (Direct Deposit Changes)

Detected: Aug 2025 • Region: US

Attackers spoof HR or executives to request payroll changes, capturing credentials and rerouting deposits.

How It Works

  • Spoofed internal email urges urgent payroll update.
  • Link opens a fake HR portal to steal credentials.
  • Deposits are diverted to criminal accounts.

Who’s Targeted

  • SMBs (HR & payroll teams)
  • Accounting / finance staff

Impact

BEC losses ~$2.9B (FBI IC3, 2023). Rising in 2024–2025.

Prevention

  • Verify payroll change requests by a known phone number.
  • Use SSO + phishing‑resistant MFA.
  • Report suspicious emails immediately.

How Allerna Helps

  • Role‑based HR scenarios + quiz on verification steps.
  • Downloadable “Payroll Change Playbook” (call‑back script + approver checklist).
  • One‑click reporting flow embedded in training.
Source & Notes
  • FBI IC3; APWG trend notes.
🟦 Phishing 🟧 Vishing
🟠 Medium

Callback Phishing (TOAD: “Call to Cancel”)

Detected: Jul–Aug 2025 • Global

Emails with fake invoices or renewals list a phone number; call centers social‑engineer victims into giving access.

How It Works

  • Email prompts a call to dispute charges.
  • “Agent” pushes remote tools or logins.
  • Device/account takeover follows.

Who’s Targeted

  • IT helpdesks, finance teams
  • Consumers

Prevention

  • Never call numbers from unsolicited emails.
  • Confirm via official site/app or card portal.
  • Block/report repeat senders.

How Allerna Helps

  • Interactive call‑flow exercise: spot pressure tactics.
  • Printable “Phone Verification Script” for staff.
  • Guided incident‑report checklist post‑call.
Source & Notes
  • Proofpoint & Zscaler (2024–2025).
🟧 Vishing 🟪 Deepfake
🔴 High

AI Voice‑Cloning Executive Impersonation

Detected: 2024–2025 • Global

Scammers clone a leader’s voice to approve urgent payments or access, often paired with follow‑up emails.

How It Works

  • Public audio -> voice clone model.
  • Voicemail/call requests wire transfer or MFA code.
  • Email thread reinforces urgency.

Prevention

  • Out‑of‑band verification for high‑risk asks.
  • Dual approval for payments.
  • Limit public posting of sensitive audio/video.

How Allerna Helps

  • Deepfake awareness module with audio A/B drills.
  • Finance approval playbook + sample policy language.
  • Executive assistant micro‑course on “verify before comply.”
Source & Notes
  • FBI alerts; Microsoft security blogs.
🟨 Smishing 🟦 Phishing
🟠 Medium

Package Delivery Texts (Fake Tracking Links)

Detected: Summer 2025 • Global

Fake SMS from couriers contain shortened links to phishing pages that steal payment or account details.

How It Works

  • “Reschedule delivery” text with shortened URL.
  • Fake tracking site captures credentials/cards.
  • Sometimes installs mobile malware.

Prevention

  • Use carrier apps or retailer accounts to track.
  • Don’t click unsolicited links; report to 7726 (US).
  • Enable mobile OS link‑warnings and app‑only deliveries.

How Allerna Helps

  • Mobile smishing micro‑lessons + screenshot examples.
  • “Check before you tap” habit training.
  • Monthly SMS scam digest for employees.
Source & Notes
  • Carrier/FTC advisories; mobile threat reports.
🟦 Phishing
🟠 Medium

“Quishing” — Malicious QR Codes

Detected: 2025 • Global

QR codes in emails/posters redirect to spoofed login pages that bypass email link scanners.

How It Works

  • Image‑only email with embedded QR code.
  • Mobile camera opens fake SSO page.
  • Credentials captured on phone.

Prevention

  • Don’t scan unknown codes; prefer typed URLs.
  • Use passwordless/MFA resistant to replay (FIDO).
  • Report image‑only “security” emails.

How Allerna Helps

  • Hands‑on quishing drill with safe demo QR.
  • Poster/QR hardening tips for offices.
Source & Notes
  • APWG; enterprise incident write‑ups.
🟦 Phishing 🟧 Vishing
🔴 High

MFA Fatigue Attacks (Push Bombing)

Detected: 2025 • Global

Attackers spam MFA push prompts (and sometimes call the user) until a tired user taps “Approve.”

Prevention

  • Use number‑matching / require reason codes.
  • Escalate unexpected MFA prompts to IT.
  • Switch critical apps to FIDO passkeys.

How Allerna Helps

  • Micro‑lesson: “When to deny MFA.”
  • Simulated fatigue exercise + immediate debrief.
  • Helpdesk script to handle user reports fast.
Source & Notes
  • Vendor advisories; breach postmortems.
🟧 Vishing 🟦 Phishing
🔴 High

Helpdesk Impersonation (Password Reset)

Detected: 2024–2025 • Global

Threat actors call IT posing as employees and convince staff to reset passwords or enroll new MFA devices.

Prevention

  • Helpdesk must verify via HRIS/ID + call‑back to on‑file number.
  • No resets over chat without ticket + manager approval.
  • Audit MFA changes.

How Allerna Helps

  • Helpdesk simulation lab with red/blue scripts.
  • Policy template: “Secure identity proofing for support.”
  • Post‑incident reporting workflow training.
Source & Notes
  • High‑profile incidents; SOC reports.
🟥 BEC
🔴 High

Vendor Email Compromise (Invoice Bank Change)

Detected: 2025 • Global

A real vendor account is hijacked; legitimate invoices are altered to route payments to criminal accounts.

Prevention

  • Bank detail changes require vendor call‑back + verified contact.
  • Use approved vendor portal; block email‑only changes.
  • Small test transactions for new accounts.

How Allerna Helps

  • AP/Procurement scenario pack and checklist.
  • Template email for “bank change verification.”
  • Manager sign‑off workflow training.
Source & Notes
  • BEC case studies; insurer claims data.
🟥 BEC 🟦 Phishing
🟠 Medium

“Urgent Gift Cards for Clients” (Executive Impersonation)

Detected: Ongoing • Global

Impersonated executives email or text assistants to buy gift cards and send codes immediately.

Prevention

  • Executives: declare a policy of “no gift card asks.”
  • Verify via second channel before any urgent purchase.
  • Use company cards with pre‑set rules.

How Allerna Helps

  • Assistant/EA mini‑course on executive spoofing.
  • Policy template: “Approved purchase methods.”
Source & Notes
  • Law‑enforcement advisories; enterprise reports.
🟩 Impersonation 🟦 Phishing
🟠 Medium

Recruiter Impersonation (Malicious Job Offers)

Detected: 2025 • Global

Fake recruiters on LinkedIn/Telegram lure candidates to download “assessment tools” that are malware.

Prevention

  • Do not run executables from chats or DMs.
  • Apply via official career portals only.
  • Use company‑managed devices with EDR.

How Allerna Helps

  • User awareness story with screenshots of real lures.
  • Checklist: safe job application practices.
Source & Notes
  • Threat intel advisories; platform safety reports.
🟪 Deepfake 🟥 BEC
🔴 High

Deepfake Video Call to Authorize Payment

Detected: 2024–2025 • Global

Attackers use a synthetic video of an executive during a meeting to instruct immediate wire transfers.

Prevention

  • Payment approvals never rely on video presence alone.
  • Use passphrases/meeting codes for sensitive calls.
  • Out‑of‑band confirmation with finance.

How Allerna Helps

  • Deepfake spotting tips (lighting, blinking, desync).
  • Finance “standing rule” templates for approvals.
Source & Notes
  • Public case reports; media forensics guides.
🟩 Impersonation 🟦 Phishing
🟠 Medium

Chat App IT Support Spoofs (Teams/Slack)

Detected: 2025 • Global

Attackers DM employees as “IT Support,” directing them to fake SSO pages or to share MFA codes.

Prevention

  • Disable external DMs or clearly mark them.
  • IT contacts only via verified channels/tickets.
  • Never share MFA codes in chat.

How Allerna Helps

  • Chat‑first scenarios with safe fake prompts.
  • “Trust labels” training for external contacts.
Source & Notes
  • Microsoft/Slack guidance; incident posts.
🟦 Phishing 🟩 Impersonation
🟠 Medium

Crypto “Support” Lures for Seed Phrases

Detected: 2025 • Global

Fake exchange/support chats ask users to “verify” recovery phrases, draining wallets within minutes.

Prevention

  • Never share seed phrases; support will never ask.
  • Use hardware wallets and allow‑list withdrawals.
  • Verify support via official domain/app.

How Allerna Helps

  • Consumer‑safety add‑on module for staff with crypto exposure.
  • Poster: “12 things support will never ask for.”
Source & Notes
  • Exchange advisories; wallet security docs.
🟩 Impersonation
🟢 Low

Office Tailgating (Badge Piggybacking)

Detected: Ongoing • Regional

Intruders follow employees through doors by posing as delivery or maintenance staff to access devices/rooms.

Prevention

  • “No tailgating” culture; challenge politely.
  • Temporary badges + escort rules for visitors.
  • Lock screens when stepping away.

How Allerna Helps

  • Lobby/warehouse role scenarios.
  • Printable desk card: polite challenge script.
Source & Notes
  • Facility security best practices.