Cybersecurity incidents reported globally highlight evolving tactics of cybercriminals in a 3-hour window on March 4, 2026. This digest covers online frauds in Coimbatore, deepfake scams in real estate, legal rulings on bank liability, takedowns of phishing platforms, and OAuth redirection exploits.
Deepfake Scams in Real Estate
The National Association of REALTORS® (NAR) issued a consumer guide warning about the surge in deepfake scams in real estate. These scams, which involve AI-generated fake content, have risen by 40% year-over-year, according to the 2026 Identity Fraud Report by Entrust. Scammers use deepfakes to impersonate stakeholders, manipulate property listings, and divert funds. The FBI’s Internet Crime Complaint Center (IC3) reported that cyber-enabled fraud resulted in $13.7 billion in losses in 2024, highlighting deepfakes as a growing threat.
To safeguard against these scams, NAR recommends:
- Verifying transactions in person or via known phone numbers to avoid digital deception.
- Using multifactor authentication (MFA) and third-party verification tools like CertifID for secure fund transfers.
- Investing in fraud-detection tools to analyze anomalies in audio/video content.
- Purchasing owner’s title insurance to protect against fraudulent deeds or liens.
Victims should report incidents to local law enforcement and the FBI IC3. For the full guide, visit NAR’s official page.
For more insights into financial fraud, explore this blog post.
Deepfake Scams in Real Estate
The National Association of REALTORS® (NAR) released a consumer guide warning about the rise of deepfake scams in real estate transactions, which surged by 40% year-over-year according to the 2026 Identity Fraud Report by Entrust. Deepfakes—AI-generated fake videos, audio, or images—are being used to impersonate buyers, sellers, or agents to divert down payments or manipulate property listings. Scammers may alter virtual tours to hide defects or fabricate non-existent properties. The FBI’s Internet Crime Complaint Center (IC3) reported that cyber-enabled fraud accounted for $13.7 billion in losses in 2024, with deepfakes emerging as a critical threat. For more details, refer to kcnet.in.
To mitigate risks, NAR recommends:
- Verifying transactions in person or via known phone numbers (avoiding reliance on digital communication alone).
- Using multifactor authentication (MFA) and third-party verification tools like CertifID for fund transfers.
- Investing in fraud-detection tools to analyze voice/audio anomalies or facial movements in videos.
- Purchasing owner’s title insurance to protect against forged deeds or fraudulent liens.
Victims are advised to report incidents to local law enforcement and the FBI IC3. For the full guide, visit NAR’s official page.
Bank Liability in Online Fraud – Goa Consumer Panel Ruling
A North Goa Consumer Disputes Redressal Commission dismissed a complaint against HDFC Bank filed by Kenneth D’Souza, a former banker who lost Rs 89,902 (≈$1,080) in a phishing scam. D’Souza clicked a malicious link in an SMS purporting to be from HDFC Bank, entered his netbanking credentials and OTP, and had funds debited immediately. While the majority of the panel (President Bela Naik and member Auroliano de Oliveria) ruled that D’Souza’s negligence—voluntarily sharing credentials—absolved the bank, a dissenting member (Rejitha Rajan) argued that the bank’s failure to acknowledge the complaint or provide investigation details constituted a deficiency in service.
The case highlights the legal gray area in phishing incidents: banks often argue that two-factor authentication (2FA) compliance shifts liability to customers, while victims contend that banks must improve fraud detection and response. The ruling sets a precedent for similar disputes in India. For the full judgment, refer to the Times of India report by Ramit Mehrotra (TNN).
This landmark case underscores the importance of proactive fraud detection mechanisms by financial institutions. It aligns with a broader trend of increasing financial frauds and the need for enhanced cybersecurity measures, as discussed in kcnet.in.
Phishing Campaign Exploits OAuth Redirection
Microsoft researchers uncovered a phishing campaign abusing OAuth URL redirection to target government and public-sector organizations. Attackers exploited OAuth’s legitimate error-handling flows to bypass email/browser defenses, redirecting victims to malicious sites hosting LNK shortcut files or HTML smuggling loaders. The attack chain involved:
- Creating a malicious OAuth app with a redirect URI pointing to attacker-controlled infrastructure.
- Sending phishing emails with crafted OAuth links (e.g., themed as document sharing or meetings).
- Forcing an error (e.g., using prompt=none or invalid scopes) to trigger a redirect to the malicious domain.
- Delivering malware (e.g., PowerShell-based reconnaissance tools or DLL sideloading payloads).
Microsoft removed several malicious OAuth apps and recommended organizations:
- Tightly govern OAuth apps (limit user consent, review permissions).
- Enforce Conditional Access policies to block suspicious authentication flows.
- Monitor cross-domain activity (email, identity, endpoints) for anomalies.
The campaign demonstrates how attackers are shifting from credential theft to abusing trust in authentication protocols. For the full advisory, visit Security Affairs (report by Pierluigi Paganini). For more insights on evolving cyber threats and proactive defense strategies, see kcnet.in.
Final words
The incidents reported reflect the diversity and sophistication of modern cyber threats. Social engineering remains dominant, with fraudsters exploiting psychological triggers. Deepfakes are increasingly weaponized in high-stakes sectors like real estate, requiring proactive detection tools. Legal precedents shape liability in phishing cases, balancing customer responsibility with institutional accountability. Collaborative takedowns demonstrate the effectiveness of public-private partnerships in disrupting cybercrime infrastructure. Protocol abuses highlight the need for defense-in-depth strategies beyond traditional perimeter security. Organizations and individuals are urged to stay vigilant, adopt phishing-resistant authentication, and report suspicious activity to authorities.