BRITS are being warned to watch out – because the dodgy email attachments that used to drain your bank account have just been outdone by an even sneakier scam that’s much harder to catch.
Cyber experts have revealed that online crooks now prefer planting malicious links over using infected attachments – and the results are far worse.
2
According to a new bombshell report by Proofpoint, the hidden traps are tucked inside emails, buttons, and even PDFs or Word docs, and one wrong click could see your logins stolen or malware silently installed.
Over 3 billion attacks with dodgy URLs have been sent out and the main goal is to steal passwords.
This hacking scheme isn’t just being used by criminal masterminds either.
The tool are so easy to get hold of that even low-level scammers can launch convincing fakes that bypass security checks like multi-factor authentication and take full control of your account.
Proofpoint also uncovered a jaw-dropping 400 percent spike in a sneaky scam called ‘ClickFix’ – where users are tricked into clicking fake error messages or CAPTCHA boxes.
These convincing cons trick you into running harmful code, opening the door to remote access trojans, info-stealers, and more.
Meanwhile, QR code phishing attacks are exploding, with over 4.2 million attempts spotted in just the first half of 2025.
These nasty little codes target your personal mobile – dodging work defences completely.
And let’s not forget smishing – dodgy texts that try to fool you.
2
More than half of all SMS phishing attempts now come packed with malicious URLs, making it harder than ever to stay safe.
Selena Larson, top threat analyst at Proofpoint, gave a stark warning: “The most damaging cyber threats today don’t target machines or systems. They target people.”
She added that these new-style scams are designed to exploit human psychology, using trusted brands and familiar tech to lure you in – whether it’s a dodgy CAPTCHA, a QR code, or a believable text message.
This comes after a devastating con carried out by Chinese organised crime groups was exposed.
So-called “pig butchering” is where scammers established fake romantic and trusting relationships with victims before luring them into fraudulent investments or other financial traps.
In 2023, Shan Hanes, a banker from Kansas, US, embezzled £34.6million from his bank to cover his losses, having fallen victim to a pig butchering scam.
Hanes was later sentenced to more than 24 years behind bars.
Usually, a pig butchering scam works in three stages – hunting, raising and killing.
This involves a scammer finding a victim online, chatting to them in order to build up trust and then getting them to invest large amounts of money into fraudulent schemes.
The scam works in a similar way to a traditional romance scam, where scammers approach their victims by posing as a possible romantic partner on a dating app, or as a friend via social media.
The big difference though is how the scam is executed.
With a romance scam, trust is based on the victim’s urge to maintain a romantic relationship with the scammer.
In this scenario, the scam can often last for years.
Pig butchering scams though, in comparison, generally take place over a much shorter time period.
The scammer, rather than focusing on trying to extract money through emotional manipulation, leans more on the victim’s desire to make money together with the scammer.
This can involve just a few months rather than years to take advantage of the victim.
Usually, the scammer will present themselves as being financially successful and confident with a broad network and have appealing investment opportunities.
Once the victim has made an initial small investment, the scammer will then try to escalate the process and push them into making a much larger financial commitment, Phys.org reports.
How do I spot crypto scams?
CRYPTO scams are popping up all over the internet. We explain how to spot them.
- Promises of a high or guaranteed return – Does the offer look realistic? Scammers often attract money by making fake promises.
- Heavy marketing and promotional offers – If they are using marketing tricks to con customers you should beware.
- Unamed or non-existent team members – Just like any business you should be easily able to find out who is running it.
- Check the whitepaper – Every crypto firm should have a white paper. This should explain how it plans to grow and make money. If this doesn’t make sense, then it could be because the founders are trying to confuse you.
- Do your research – Check reviews online and Reddit threads to see what other people think.
