QR codes have become a normal part of daily life. We scan them to pay bills, view menus, check into buildings, even access government services. As adoption grows, so too does the opportunity for fraud. Criminals are now weaponising QR codes to deceive consumers, employees and even entire organisations. At PORGiESOFT Security, our Threat Intelligence Function has been monitoring the sharp rise in “quishing” - QR-code phishing - across both public and private sectors. A new entry point for fraud A QR code is simply a digital bridge. It connects a physical environment to a web destination in seconds. Fraudsters exploit this by swapping or overlaying genuine codes with malicious ones that redirect to cloned websites or install malware. In 2024, we detected fraudulent QR codes targeting car-park payment machines, event tickets, and council notices. Some even mimicked NHS vaccine booking links during the pandemic’s later stages. The subtlety of the attack – and public familiarity with scann

In a world where fraudsters evolve daily, traditional training materials are rapidly losing their impact. Every week, thousands of new scams are launched - some with human-like precision and tone. Yet, most employees, citizens and consumers still receive awareness information that feels outdated, generic or disconnected from reality. The challenge for organisations is no longer whether to train people on fraud risks, but how to do it effectively in a digital-first, AI-driven environment. The new face of fraud education Fraudsters have learned to imitate not only emails and brands, but emotions. They exploit human curiosity, fear, urgency and even empathy to drive impulsive actions - often leading to financial losses. Modern fraud isn’t limited to crude spam messages; it includes AI-generated voices, cloned websites, and realistic video impersonations. In this environment, awareness needs to be as dynamic as the threats themselves. At PORGiESOFT Security, we’ve been developing AI-Avatar

Artificial intelligence is transforming the financial sector’s ability to detect and prevent fraud. With over £1 trillion lost globally to scams each year, AI offers both a challenge and an opportunity. Used responsibly, it can empower banks, regulators and fraud teams to identify suspicious activity faster and more accurately than ever before. The scale of the problem Fraud now accounts for over 40% of all crime in the UK. Financial institutions face relentless attacks ranging from phishing and smishing to insider threats and synthetic identity fraud. Traditional systems often rely on static rules or manual reviews, which cannot keep pace with evolving threats. Why AI is a game-changer AI can analyse millions of data points in real time, spotting subtle anomalies that human analysts might miss. Natural language processing (NLP) helps systems understand communication patterns, while machine learning models learn from historical fraud data to predict new threats. At PORGiESOFT Security,

Local councils and public service bodies are increasingly being impersonated by fraudsters seeking to exploit public trust. Fake text messages about parking fines, energy rebates, or council tax refunds now appear regularly in residents’ inboxes. Behind each one is a criminal attempt to harvest personal information, install malware or steal money. Fraud targeting councils is not new, but the scale and sophistication have evolved dramatically. In recent years, our Fraud Intelligence Function has tracked numerous scam campaigns impersonating local authorities, often using official logos, similar domain names and familiar language. These campaigns exploit both technology and emotion - and without continuous awareness, residents can easily fall victim. Why councils are high-value targets Councils handle a vast range of citizen interactions: benefits, payments, waste collection, housing support, and public health. Fraudsters know that people are more likely to trust a message from their lo

What is smishing? Smishing refers to SMS-phishing attacks where scam messages are sent via SMS. Instead of longer scams being delivered via emails, it’s scams being sent via text messages. Such messages usually contain a link and impersonate legitimate organisations. Threat actors use various manipulative techniques to convince and trick recipients of smishing messages. Fig 1 - Legacy smishing message Emerging tactics Smishing messages traditionally used to contain only links, but threat actors have adapted their tactics to include confusing linkless messages that use phone numbers or that ask for one word or letter replies without any URLs included initially. Some recent messages we’ve noticed have only contained one word - “Hi”, once the recipient engages with the threat actors by replying they then send further messages sometimes offering work opportunities or acknowledging a non-existent job application. End Game for Smishing Threat Actors The end goal for threat actors is to piqu

Cyber Fraud Fusion is a modern approach to fraud management that unites fraud, cybersecurity, risk and intelligence functions into a single collaborative model. It breaks down silos between teams and technologies to create a real-time view of threats across an organisation. The problem with fragmentation Traditionally, fraud teams focus on financial crime while cybersecurity handles technical incidents. Yet, attacks increasingly cross both domains - a phishing email may start in IT logs but end as a financial loss. PORGiESOFT Security recently introduced Fraud OS - Cyber Fraud Fusion to close this gap. The platform integrates and aggregates fraud incident data across SMS, email, websites and open-source intelligence (OSINT) to detect cross-channel fraud patterns and connect the dots. How Fraud Fusion works Data ingestion: Fraud signals from multiple sources are captured (tactical intelligence, transactions, working group notes, incident logs, alerts, external threat intelligence feeds