Messaging fraud trends point to smarter attacks, stronger blocking

Help Net Security
Actively Exploited

Overview

In 2025, fraudsters significantly expanded their operations, focusing on SMS, voice, and chat channels, which businesses use to communicate with customers. The Communications Fraud Control Association reported that global telecom fraud losses reached approximately $42 billion, an increase of several billion from the previous year. This surge in fraudulent activity coincided with a rise in blocked messages, indicating that companies are ramping up their defenses against these scams. Infobip, a major communications platform, reported handling billions of messages, reflecting the scale of the issue. As attackers become more sophisticated, businesses need to implement stronger blocking mechanisms to protect their communications and customer interactions.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: SMS, voice, chat channels, Infobip platform
  • Action Required: Companies should enhance their fraud detection systems and implement stronger message blocking measures.
  • Timeline: Ongoing since 2025

Original Article Summary

Fraudsters spent 2025 investing in scale. New routes, new tools, and higher message volumes moved through the SMS, voice, and chat channels that businesses rely on to reach customers. Money follows that activity. The Communications Fraud Control Association puts global telecom fraud losses at around 42 billion dollars for the year, several billion higher than its estimate for the prior year. Blocked volumes rose alongside the threat. Infobip, a communications platform that handles billions of … More → The post Messaging fraud trends point to smarter attacks, stronger blocking appeared first on Help Net Security.

Impact

SMS, voice, chat channels, Infobip platform

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2025

Remediation

Companies should enhance their fraud detection systems and implement stronger message blocking measures.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Coverage

As Global Conflicts Go Digital, Businesses Need Wartime Gameplans

darkreading

The article discusses the impact of cyberwarfare on businesses, using the example of a Ukrainian tax software company that has suffered due to the ongoing conflict in Ukraine. This situation illustrates how cyberattacks can extend their reach far beyond the immediate battlefield, affecting companies worldwide. Businesses in other countries, especially those connected to or reliant on technology, need to recognize the risks posed by cyber conflicts and take proactive measures to safeguard their operations. It emphasizes the necessity for companies to develop strategic plans to respond to potential cyber threats stemming from global conflicts. This is particularly relevant as the nature of warfare evolves into a digital arena.

Jul 9, 2026

UK Government Rolls Out Agentic AI Defense Plan Alongside Industry Pledge

SecurityWeek

On July 7, 2026, the UK government announced its Agentic AI Defense Plan, aiming to enhance the nation's cybersecurity capabilities. This initiative comes alongside a pledge from various industry players to strengthen cooperation in tackling cyber threats. The government is prioritizing the integration of artificial intelligence to better predict and respond to cyber incidents. This move is significant as it reflects a proactive approach to safeguarding sensitive information and critical infrastructure against increasingly sophisticated cyberattacks. By fostering collaboration between public and private sectors, the UK aims to build a more resilient cybersecurity framework.

Jul 9, 2026

AI Gateways Offer Attackers the Keys to the Kingdom

darkreading

A recent cryptomining incident has revealed that AI gateways can be exploited by attackers to gain access to sensitive resources like AI models, cloud infrastructure, and identity and access management (IAM) data. This situation raises concerns for organizations that rely on these technologies, as it highlights vulnerabilities that could be leveraged for unauthorized activities. The incident serves as a warning that companies need to reassess their security measures around AI and cloud systems to prevent similar breaches. As these technologies become more integrated into business operations, the potential for exploitation increases, making it essential for users to understand the risks involved. The implications of such breaches could be significant, affecting not only data security but also operational integrity.

Jul 9, 2026

Microsoft to retire the OWA Light client in Exchange Server

BleepingComputer

Microsoft is set to retire the Outlook Web Access (OWA) Light client in an upcoming update to Exchange Server. This lightweight version of the email client was designed for users with limited bandwidth or older devices. The discontinuation means that users relying on OWA Light will need to transition to the standard OWA client, which could impact their ability to access email if their devices or connections are not compatible. Microsoft has not yet specified a timeline for the retirement or provided detailed guidance on the transition process. This change could affect organizations with users who depend on the lighter version for remote access, potentially disrupting their workflow.

Jul 9, 2026

Police arrests 5,800 suspects in global anti-fraud crackdown

BleepingComputer

In a significant global crackdown on fraud, law enforcement agencies have arrested 5,811 suspects across 97 countries and confiscated $293 million in illegal assets. This operation, which involved collaboration between various international police forces, aimed to dismantle networks involved in scams and financial fraud. The arrests included individuals associated with tech support scams, online shopping fraud, and money laundering. These efforts are crucial in combating the growing trend of online fraud, which affects countless victims worldwide and undermines trust in digital transactions. The scale of this operation underscores the need for continued vigilance and cooperation among nations to tackle cybercrime effectively.

Jul 9, 2026

Microsoft Patches RoguePlanet Defender Flaw That Can Grant SYSTEM Privileges

The Hacker News

Microsoft has addressed a significant vulnerability in its Defender antivirus software, dubbed RoguePlanet, which was made public nearly a month ago. This flaw, tracked as CVE-2026-50656, has a CVSS score of 7.8, indicating a high risk of privilege escalation. It affects the Microsoft Malware Protection Engine, specifically the 'mpengine.dll' component responsible for scanning and cleaning malware. If exploited, this vulnerability could allow attackers to gain SYSTEM privileges on affected systems, posing a serious security risk. Users of Microsoft Defender are urged to apply the latest security updates to protect their systems from potential exploitation.

Jul 9, 2026