Russian Hackers Beat Gmail, How to Avoid Online Scams, DuckDuckGo Scam Blocker

Jun 22, 2025

The list below includes the top cybersecurity news stories you need to know about from the past 24 hours. Subscribe for daily news updates on the most important stories!

Russian Hackers Exploit App Passwords to Bypass Gmail Security

A new social engineering attack by Russian hackers successfully bypasses Gmail's multi-factor authentication, targeting academics and critics.

Key Points:

Russian hacking group UNC6293 impersonates U.S. State Department to harvest app-specific passwords.
Sophisticated phishing messages convinced notable targets to create and share app passwords, granting full Gmail access.
Google's security recommends the Advanced Protection Program to prevent such vulnerabilities.

In a worrying development, Russian hackers are leveraging advanced social engineering techniques to bypass Gmail's multi-factor authentication through the use of stolen app-specific passwords. The tactics employed involve impersonating officials from the U.S. Department of State, specifically targeting academics and critics of the Russian government. This approach is more sophisticated than typical phishing schemes, taking the time to build trust with the victims before requesting sensitive information. Previous campaigns from this group, known as UNC6293, have demonstrated a strategic patience, where targets are lulled into a false sense of security through credible but fraudulent communications.

Details of the attack reveal a calculated effort to trick targets into sharing app passwords by creating a fictitious online platform for U.S. State Department interactions. Victims receiving emails from fake accounts that appear legitimate are prompted to follow instructions that ultimately compromise their Gmail accounts instead of granting access to a supposed secure service. This clever ruse highlights a methodical approach to social engineering that combines impersonation with persuasive dialogue, leaving victims unaware of the impending threat until it's too late. As cyber threats evolve, security experts emphasize the importance of utilizing available protective measures, like the Advanced Protection Program from Google, which eliminates the option of using app-specific passwords to enhance account security.

How can individuals better protect themselves from such sophisticated phishing attacks?

Learn More: Bleeping Computer

Help Get the News Out! Share This Post.

Help us get the word out about the most important cybersecurity stories. Share this post on your Substack, Reddit, X / Twitter, via email, or even carrier pigeon. Help your friends, family and contacts stay safe & informed!

7 Common Online Scams to Avoid

Online scammers are lurking everywhere, ready to exploit unsuspecting internet users for personal and financial gain.

Key Points:

Phishing emails and texts are designed to steal your sensitive information.
Job offer scams often come from unsolicited messages promising unrealistic salaries.
Impersonation scams exploit authority figures to trick victims into providing personal data.

One of the most prevalent threats on the internet today are online scams, which can catch users off-guard when they're simply checking emails or browsing for job opportunities. Phishing scams, in particular, use deceptive messages often presented with a sense of urgency to manipulate individuals into revealing sensitive data or clicking harmful links. SMS and voice phishing have emerged as effective methods for thieves, targeting victims through multiple channels, making it vital for users to remain vigilant.

In addition to phishing, there are several other types of scams that users should be cautious of. Job offer scams typically promise high salaries for low-effort jobs, often luring victims through unsolicited contact on social media. Similarly, impersonation scams capitalize on the authority of others, such as IRS officials or tech support, misleading individuals into providing confidential information in a pressured situation. Recognizing these red flags is crucial in safeguarding personal and financial information against malicious attacks.

What steps do you take to protect yourself from online scams?

Learn More: Tom's Guide

DuckDuckGo Enhances Scam Blocker to Combat Rising Online Fraud

DuckDuckGo has upgraded its Scam Blocker to better protect users from various online threats amid a surge in digital fraud losses.

Key Points:

New Scam Blocker protects against fraudulent e-commerce sites and fake crypto exchanges.
DuckDuckGo processes threat data anonymously through a partnership with Netcraft.
The tool automatically halts page loads and shows warnings when threats are detected.

DuckDuckGo has rolled out significant enhancements to its Scam Blocker, addressing a wide array of online scams that have been increasingly reported by consumers. In 2024, the FTC revealed staggering losses of $12.5 billion due to fraud, highlighting the urgent need for robust online protection tools. The upgraded Scam Blocker specifically aims to shield users from a variety of threats, including fraudulent investment platforms, scareware, phishing attempts, and malware distributors, representing a comprehensive approach to digital safety.

The new system is designed with privacy in mind. Unlike other popular browsers that rely on external databases like Google’s Safe Browsing, DuckDuckGo’s Scam Blocker employs a proprietary local threat list, updated every 20 minutes. This two-layer approach, which includes encrypted verification for rare threats, allows the browser to offer protection without compromising user data. Consequently, DuckDuckGo maintains its commitment to user privacy by ensuring that no personal browsing information is transmitted, thereby safeguarding its users against the evolving tactics of cyber criminals.

What additional features would you like to see implemented in Scam Blocker to enhance online safety?

Learn More: Cyber Security News

Cybersecurity News Network (CNN)

Discussion about this post