Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes.

Scammers are abusing Google AppSheet and Google Drive to bypass security filters and steal thousands of Facebook Business accounts globally.

Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections.

Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry.

An Apple account notification has been exploited in a new email phishing attack that comes with a fake iPhone purchase claim.

The post New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert appeared first on TechRepublic.

OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems.

FBI Atlanta and Indonesian National Police dismantle W3LLSTORE phishing market linked to $20M fraud, seizing domains and detaining developer.

A LinkedIn phishing scam uses fake notifications and lookalike domains to steal credentials, hijack accounts, and access sensitive professional data.

Researchers at WatchGuard have identified a new phishing campaign targeting companies in Venezuela. Using malicious SVG image files…

ReversingLabs researchers identify a new Ghost campaign using fake npm install logs and progress bars to phish for sudo passwords and steal crypto wallets from developers.

7AI research reveals a massive QR code phishing attack that evaded SPF, DKIM, and DMARC. Find out how 1.6 million emails went undetected.

OX Security reveals a new phishing campaign targeting GitHub developers. Scammers use fake OpenClaw token giveaways to trick users into connecting and draining their crypto wallets

A federal grand jury has indicted Kwamaine Jerell Ford, a Georgia man accused of running a phishing scam that targeted professional athletes in the NBA and NFL while he was in federal prison.

Prosecutors say the scheme allowed him to gain access to victims’ Apple accounts, steal financial information, and carry out fraudulent transactions.

According to the indictment, the alleged phishing scam involved impersonating both an adult film star and Apple customer support representatives to trick athletes into sharing their login credentials and multi-factor authentication codes. Authorities say the stolen information was then used to access accounts and make unauthorized purchases.

Federal prosecutors also allege that the scheme expanded beyond financial fraud and included coercion and sex trafficking activities involving a female victim. The case is currently being investigated by the Federal Bureau of Investigation (FBI), and Ford has pleaded not guilty to multiple federal charges.

Phishing Scam Allegedly Targeted Professional Athletes

According to federal prosecutors, Kwamaine Jerell Ford, a 34-year-old from Buford, Georgia, has been indicted for orchestrating a phishing scam that targeted professional athletes in the NBA and NFL. The indictment alleges that Ford used deceptive online tactics to gain access to victims’ Apple accounts. Authorities say the phishing scam relied on a two-step social engineering approach designed to trick athletes into sharing their login credentials. First, Ford allegedly created a fake online persona posing as a well-known adult film star. Through this account, he offered to send explicit videos to the targeted athletes. At the same time, he reportedly spoofed legitimate Apple customer support accounts and contacted victims through text messages. The messages asked the athletes to send their usernames, passwords, or multi-factor authentication codes so they could supposedly access the videos. According to investigators, dozens of victims fell for the phishing scam and unknowingly handed over their account credentials.

Access to Accounts Led to Financial Fraud

Once Ford gained access to the victims’ accounts, prosecutors say he obtained their stored credit and debit card information. The indictment alleges that he then used the stolen financial details for personal spending. Authorities believe the phishing scam enabled Ford to carry out thousands of dollars in unauthorized transactions. Investigators say the tactic relied heavily on impersonation and trust manipulation—methods that remain common in modern phishing scams. The case is particularly striking because Ford had previously been convicted of similar crimes. In 2019, in the Northern District of Georgia, he was convicted of computer fraud and aggravated identity theft after carrying out phishing attacks that allowed him to spend nearly $325,000 using stolen financial information belonging to athletes and celebrities. “While serving time for stealing credit card numbers from athletes and celebrities to fund his lifestyle, Ford allegedly engaged in the same conduct again,” said Theodore S. Hertzberg. “Disturbingly, the indictment alleges that Ford went even further and used a fraudulent online persona to traffic a young woman and coerce her to produce hidden camera videos of commercial sex acts with unknowing individuals.”

Allegations of Coercion and Sex Trafficking

Federal authorities say the case escalated beyond a financial phishing scam in 2021. According to the indictment, Ford allegedly used the same fraudulent persona to recruit and manipulate a woman into engaging in commercial sex acts with professional athletes. Prosecutors say Ford promised the victim that the fake film star would help advance her modeling career. Based on those claims, the woman allegedly traveled to meet athletes and participated in encounters arranged by Ford. Authorities say Ford coordinated travel, negotiated payments with the athletes, and took a financial cut from the encounters. Investigators also allege that Ford used additional fake personas to threaten the victim and pressure her into continuing the activity. Some encounters were allegedly filmed without the athletes’ knowledge or consent. FBI officials say the case demonstrates how online fraud schemes can expand into broader criminal activity. “Kwamaine Ford clearly did not learn from his prior conviction for a similar scheme. This time, he allegedly escalated his criminal activity—stealing identities and money while also moving into coercion and sex trafficking,” said Peter Ellis. “The FBI’s dedicated agents remain committed to staying ahead of schemes like this and protecting the public from individuals who exploit and harm others for personal gain.”

Charges and Ongoing Investigation

On March 13, 2026, Ford appeared in federal court and pleaded not guilty to multiple charges, including nine counts of wire fraud, seven counts of computer fraud, one count of access device fraud, four counts of aggravated identity theft, and one count of sex trafficking. A U.S. magistrate judge ordered that he remain in custody without bail while the case proceeds. As with all federal indictments, the charges represent allegations, and Ford is presumed innocent unless proven guilty in court. The investigation is being led by the Federal Bureau of Investigation, with Assistant U.S. Attorneys Bernita B. Malloy and Phyllis Clerk prosecuting the case.

Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes.

Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe.

A new planning and zoning permit phishing scam is raising concerns across the United States as cybercriminals impersonate city and county officials to trick individuals and businesses into paying fraudulent permit fees. The warning, issued by the FBI, highlights how attackers are exploiting publicly available government data to make phishing emails appear legitimate. The scam targets people who have active applications for planning and zoning permits, particularly those involved in land-use projects or property development. By using accurate permit details, criminals create convincing emails that pressure victims to transfer money for fake administrative fees.

Planning and Zoning Permit Phishing Scam Targets Active Applications

Unlike generic phishing attempts that rely on vague messages, this scam is highly targeted. Criminals gather information from publicly available sources related to planning and zoning permit applications, including property addresses, application numbers, and the names of local officials. Armed with this data, they send emails to applicants posing as planning and zoning board representatives. The emails typically claim that additional fees are required to process or approve the permit. Victims are instructed to make payments through wire transfers, peer-to-peer payment services, or cryptocurrency—methods that are difficult to trace or recover once the money is sent. What makes this planning and zoning permit phishing scam particularly effective is its timing. Emails may arrive while applicants are actively communicating with local government offices about their permits, making the fraudulent request appear routine.

Why the Zoning Permit Scam Looks So Real

The success of this planning and zoning permit phishing scam lies in its attention to detail. Many phishing campaigns fail because they are poorly written or obviously suspicious. This one is different. The fraudulent emails often contain:

• Accurate property addresses and zoning case numbers
• Names of real city or county officials
• Professional language mirroring official government correspondence
• Attachments such as PDF invoices listing itemized fees

The emails may also use formatting and visual elements that resemble legitimate municipal communications, including references to regulatory compliance or planning commission procedures. However, a key red flag is the email domain. While the sender’s name may resemble a government official, the email address often originates from non-government domains such as “@usa.com” instead of official municipal domains. Another tactic involves discouraging verification. Victims may be told to request payment instructions through email rather than by phone, supposedly to maintain an “audit trail.” In reality, this discourages them from contacting the city office directly.

Public Data and Trust

This planning and zoning permit phishing scam highlights a broader cybersecurity issue—how publicly accessible government data can be weaponized. Permit records and zoning applications are often publicly available to maintain transparency in local governance. But criminals are increasingly exploiting this information to craft targeted attacks. In this case, the scam works because it combines accurate data with institutional trust. Most applicants assume that communications about permit fees will come from government offices, and the emails mimic that expectation convincingly. The result is a form of government impersonation phishing that is harder for victims to detect than traditional scams.

Lessons from the Planning and Zoning Permit Phishing Scam

The rise of this planning and zoning permit phishing scam offers several lessons for businesses, property owners, and local governments. First, legitimate-looking emails should never be trusted solely based on branding or professional formatting. Attackers can easily replicate logos, signatures, and official language. Second, payment requests, especially those involving wire transfers or cryptocurrency—should always be verified through official channels. Experts recommend contacting the relevant city or county office directly using the phone number listed on the government’s official website rather than responding to an email. Applicants should also carefully examine the sender’s domain and watch for subtle misspellings or unusual characters.

Reporting Permit Payment Fraud

Authorities are urging victims of the planning and zoning permit phishing scam to report incidents to the FBI’s Internet Crime Complaint Center (IC3). Reports should include details such as:

• The sender’s email address and date of the message
• Any phone numbers included in the communication
• The project’s scheduled hearing date, if applicable
• The amount requested and the payment method demanded

Reporting these scams helps investigators identify patterns and disrupt criminal networks running permit payment fraud schemes. The emergence of the planning and zoning permit phishing scam is another reminder that cybercriminals are increasingly exploiting real-world processes—not just digital vulnerabilities. When administrative systems move online and data becomes public, attackers adapt quickly. For applicants and businesses, the safest approach remains simple: verify first, pay later. In today’s threat landscape, even a routine permit email deserves a second look.