Phishing Gets Smarter — and So Should Your Defenses

Author

Taylor Hawes
October 10, 2025

⚡ Weekend Threat Brief

“Payroll Pirates” Strike University HR Employees

Hackers are targeting universities across North America through a new campaign called “Payroll Pirates”. The group, identified as Storm-2657, tricks HR employees into sharing credentials through phishing sites that mimic payroll portals. Once inside, attackers reroute salary payments to their own accounts and register additional MFA devices to keep control.

Key points

  • Campaign uses fake payroll update emails to lure HR and finance staff.

  • Attackers exploit single sign-on and MFA reset features to maintain access.

  • Microsoft identified the group as part of a broader wave of university-focused cybercrime.

  • Victims risk salary theft, data breaches, and prolonged system compromise..

Takeaway: Universities should use phishing-resistant MFA (such as FIDO2 keys), audit account changes, and monitor for suspicious login activity in HR and payroll systems.

🎯 Tactical Playbook

How to Outsmart Today’s Sneakiest Phishing Scams

Bitdefender highlights how phishing has become more personalized and multi-channel, extending beyond email into SMS and voice. Attackers use cloned websites, AI-written messages, and urgency tactics to trick even seasoned users.

Tactical tip: Security awareness alone is no longer enough. Organizations must combine training with email protection tools and automated URL scanning to block phishing attempts before users see them.

🛡️ Research Watch

U.S. Cyber Trust Mark Aims to Secure Smart Devices

The U.S. Cyber Trust Mark, developed by the FCC and NIST, is designed as a “nutrition label” for smart devices. It helps consumers identify products that meet federal cybersecurity standards, covering areas like data protection and software updates. The label, which includes a QR code linking to detailed device information, applies to items such as routers, cameras, and wearables. While its goal is to promote safer consumer IoT products, some experts note that the program’s voluntary nature may limit widespread adoption among manufacturers.

The Cyber Trust Mark could raise awareness of cybersecurity in the consumer device market, but its long-term impact will depend on whether major brands commit to adopting it

🧩 Tool Tip of the Week

Automate Response with ManageEngine Log360

ManageEngine Log360 includes a built-in SOAR (Security Orchestration, Automation, and Response) platform that allows security teams to automate repetitive incident-handling tasks. Playbooks can be created for common alerts such as phishing, login failures, or unauthorized access attempts. These playbooks automatically enrich alerts, gather evidence, and escalate incidents, saving time for analysts.

🗣️ Community Signal

On a daily basis, we really need to keep our eye on the ball from a day-to-day perspective and it’s difficult being a data center and having the level of profile of clients that we have at QTS. We’re on the frontlines on the war on cyber terror and we need to make sure we are constantly watching inbound and outbound traffic that comes across, whether directed towards us or our clients. Kurt Manske, vice president of compliance and corporate IT at QTS Realty Trust

🗳️ Your Take - The Results

AI-generated zero-day exploits (31%) top CISO concerns, with rogue insiders (25%) and quantum-driven supply chain attacks (23%) close behind—showing how human and tech risks are converging.

Advertise with Comparitech
Does your business offer services or products in cybersecurity? Get your product seen by IT leaders and professionals.

Advertise with us →

Until Monday’s edition - Let’s keep that zero-day count at zero!