Cybersecurity threats are continuously evolving, with new tactics and schemes emerging regularly. This report highlights recent incidents, including state-sponsored attacks using GitHub and a surge in government impersonation scams.
Fraud and Financial Scams: Impersonation and Bank Fraud
The FBI’s Internet Crime Complaint Center (IC3) reported a 100% increase in government impersonation scams between 2024 and 2025, with losses exceeding $797 million in 2025 alone. The 2025 IC3 report highlights that scammers exploit AI-driven voice/messaging tools to pose as officials from agencies like the IRS or Social Security Administration (SSA), pressuring victims into urgent actions (e.g., fake tax payments or benefit suspensions).
Key tactics observed:
- AI Involvement: 260 complaints referenced AI, with $7 million lost in those cases.
- Psychological Tactics: Scammers leverage fear of legal penalties or benefit loss to manipulate victims.
- Top Targets: Romance scams, tech support fraud, and investment scams also ranked among the costliest cybercrimes.
The IC3 emphasizes the need for public awareness campaigns, especially for vulnerable groups like seniors.
In Mysuru, India, an 80-year-old retiree lost ₹7.5 lakh (~$9,000) to cybercriminals who lured him into a fake online trading scheme via WhatsApp. The scammers added him to groups promising high returns, showing fake profits to encourage further investments. When he attempted to withdraw funds, the platform became unresponsive. A FIR was filed with the Cyber Economic and Narcotics (CEN) Police on April 4, 2026.
- Modus Operandi: WhatsApp groups → fake trading platforms → manipulated profit displays → withdrawal denials.
- Vulnerable Group: Seniors are frequent targets due to limited tech literacy and trust in “too-good-to-be-true” offers.
The Social Security Administration (SSA) Office of the Inspector General (OIG) issued an urgent warning about fake emails mimicking SSA communications. These emails, often with official logos and ‘.gov’-like domains, prompt users to click malicious links or download attachments under the guise of “your Social Security statement is ready.”
- Red Flags: Emails from non-‘.gov’ domains, urgent payment demands, or requests for personal data via email.
- Response Protocol: Users should type ‘ssa.gov/myaccount’ directly into their browser and report suspicious emails to the SSA OIG or FBI IC3.
- Payment Warnings: The SSA never demands payments via gift cards, cryptocurrency, or wire transfers.
A Grand Junction, Colorado, construction firm [579 Construction](https://www.denverpost.com/2026/04/06/grand-junction-construction-firm-fraud/) sued Timberline Bank after a scammer impersonating a bank fraud department employee (“Jefferey Parker”) drained $298,400 from its accounts. The fraudster called owner Lori Schroeder to verify transactions, then changed login credentials and initiated 15 fraudulent transfers within 24 hours.
- Bank’s Response: Timberline claimed no internal breach but acknowledged the scam, noting it had warned customers about such schemes since September 2024. The bank reimbursed only $20,000, leaving 579 Construction with $278,400 in losses and reputational damage.
- Legal Argument: The lawsuit alleges negligence, questioning why the bank failed to flag the “barrage of unrecognized transactions.”>
The scams underscore the need for heightened vigilance and better public education. Individuals and organizations should be cautious of unsolicited communications and verify identities before taking any actions.
Refer to our blog article on financial frauds for more insights on how to protect yourself from such scams.
Fraud and Financial Scams Impersonation and Bank Fraud
The FBI’s Internet Crime Complaint Center (IC3) reported a 100% increase in government impersonation scams between 2024 and 2025, with losses exceeding $797 million in 2025 alone. The 2025 IC3 report highlights that scammers exploit AI-driven voice/messaging tools to pose as officials from agencies like the IRS or Social Security Administration (SSA), pressuring victims into urgent actions (e.g., fake tax payments or benefit suspensions).
Key tactics observed:
- AI Involvement: 260 complaints referenced AI, with $7 million lost in those cases.
- Psychological Tactics: Scammers leverage fear of legal penalties or benefit loss to manipulate victims.
- Top Targets: Romance scams, tech support fraud, and investment scams also ranked among the costliest cybercrimes.
The IC3 emphasizes the need for public awareness campaigns, especially for vulnerable groups like seniors.
In Mysuru, India, an 80-year-old retiree lost ₹7.5 lakh (~$9,000) to cybercriminals who lured him into a fake online trading scheme via WhatsApp. The scammers added him to groups promising high returns, showing fake profits to encourage further investments. When he attempted to withdraw funds, the platform became unresponsive. A FIR was filed with the Cyber Economic and Narcotics (CEN) Police on April 4, 2026.
- Modus Operandi: WhatsApp groups → fake trading platforms → manipulated profit displays → withdrawal denials.
- Vulnerable Group: Seniors are frequent targets due to limited tech literacy and trust in “too-good-to-true” offers.
A Montgomery, Alabama, woman, Rashema Shackleford (37), was sentenced to 10 years in prison for orchestrating a mail theft and bank fraud scheme (2022–2023). Shackleford and accomplices (Laportia Webster, Otis Daniels) stole checks from mailboxes, created counterfeit checks, and deposited them into complicit bank accounts, siphoning $114,000+ in fraudulent transactions.
Key details: Used Webster’s accounts for deposits; arrested in Florida (May 2025) after a $100K bounty. Sentencing: 120 months in prison + 5 years supervised release. Webster’s sentencing is scheduled for April 15, 2026.
The Social Security Administration (SSA) Office of the Inspector General (OIG) issued an urgent warning about fake emails mimicking SSA communications. These emails, often with official logos and ‘.gov’-like domains, prompt users to click malicious links or download attachments under the guise of “your Social Security statement is ready.”)
- Red Flags: Emails from non-‘.gov’ domains, urgent payment demands, or requests for personal data via email.
- Response Protocol: Users should type ‘ssa.gov/myaccount’ directly into their browser and report suspicious emails to the SSA OIG or FBI IC3.
- Payment Warnings: The SSA never demands payments via gift cards, cryptocurrency, or wire transfers.
A Grand Junction, Colorado, construction firm 579 Construction sued Timberline Bank after a scammer impersonating a bank fraud department employee (“Jefferey Parker”) drained $298,400 from its accounts. The fraudster called owner Lori Schroeder to verify transactions, then changed login credentials and initiated 15 fraudulent transfers within 24 hours.
- Bank’s Response: Timberline claimed no internal breach but acknowledged the scam, noting it had warned customers about such schemes since September 2024. The bank reimbursed only $20,000, leaving 579 Construction with $278,400 in losses and reputational damage.
- Legal Argument: The lawsuit alleges negligence, questioning why the bank failed to flag the “barrage of unrecognized transactions.”)
Key tactics observed:
- AI Involvement: 260 complaints referenced AI, with $7 million lost in those cases.
- Psychological Tactics: Scammers leverage fear of legal penalties or benefit loss to manipulate victims.
- Top Targets: Romance scams, tech support fraud, and investment scams also ranked among the costliest cybercrimes.
The IC3 emphasizes the need for public awareness campaigns, especially for vulnerable groups like seniors.
Legal and Regulatory Developments
A Montgomery, Alabama, woman, Rashema Shackleford (37), was sentenced to 10 years in prison for orchestrating a mail theft and bank fraud scheme (2022–2023). Shackleford and accomplices (Laportia Webster, Otis Daniels) stole checks from mailboxes, created counterfeit checks, and deposited them into complicit bank accounts, siphoning $114,000+ in fraudulent transactions.
Key details: Used Webster’s accounts for deposits; arrested in Florida (May 2025) after a $100K bounty. Sentencing: 120 months in prison + 5 years supervised release. Webster’s sentencing is scheduled for April 15, 2026.
Key Takeaways and Recommendations
For Individuals:
- Verify sender domains (e.g., ‘.gov’ for government emails).
- Never click links/attachments in unsolicited emails; navigate directly to official websites, especially for Social Security updates.
- Report scams to FBI IC3, FTC, or local law enforcement.
- Seniors should enable two-factor authentication (2FA) and consult family before investing, especially in online trading platforms.
For Businesses:
- Implement DMARC/SPF/DKIM to prevent domain spoofing, as part of a broader strategy to mitigate email impersonation costs.
- Monitor for unusual PowerShell/LNK file activity (indicative of DPRK-style attacks), especially in sectors targeted by state-sponsored actors.
- Train employees on social engineering red flags (e.g., urgent payment requests).
- Partner with banks to flag anomalous transactions in real time, such as sudden, large-scale transfers typical in bank fraud cases.
For Governments:
- Expand public awareness campaigns on impersonation scams, especially during tax season, addressing the surge in government impersonation scams.
- Strengthen cross-agency collaboration to disrupt fraud rings (e.g., USPS + DOJ for mail theft), as seen in recent legal actions against mail theft and bank fraud schemes.
- Incentivize blockchain-based verification for high-risk sectors (e.g., utilities, finance), highlighting innovative technologies to combat financial fraud.
Final words
The diverse and sophisticated threat landscape highlights the need for proactive defense strategies. Individuals and organizations must prioritize education, technical safeguards, and rapid incident response to mitigate risks.