Artificial intelligence is moving from passive analysis to autonomous agents. Agentic AI describes systems capable of making decisions, initiating actions, and pursuing goals with minimal human input. While this offers huge efficiency gains, it also introduces complex cyber fraud and security risks. What is Agentic AI? Traditional AI models classify data or generate responses when prompted. Agentic AI goes further: it plans, adapts and interacts with systems and people to complete tasks. Examples include: Automated trading agents Customer service bots with payment access Shopping agents that can find the best deals and help the user do their shopping or book a holiday Potential benefits More efficient trading across multiple platforms. Reduction in customer service response times and wait times. Faster bookings at relatively cheaper prices. Fraud and Security Risks Autonomy Without Oversight: Agents may act beyond intended parameters, causing financial detriment. Adversarial Manipulat

Explore essential practices for cyber security to protect your digital assets from evolving threats and safeguard your sensitive data.

QR codes have become a normal part of daily life. We scan them to pay bills, view menus, check into buildings, even access government services. As adoption grows, so too does the opportunity for fraud. Criminals are now weaponising QR codes to deceive consumers, employees and even entire organisations. At PORGiESOFT Security, our Threat Intelligence Function has been monitoring the sharp rise in “quishing” - QR-code phishing - across both public and private sectors. A new entry point for fraud A QR code is simply a digital bridge. It connects a physical environment to a web destination in seconds. Fraudsters exploit this by swapping or overlaying genuine codes with malicious ones that redirect to cloned websites or install malware. In 2024, we detected fraudulent QR codes targeting car-park payment machines, event tickets, and council notices. Some even mimicked NHS vaccine booking links during the pandemic’s later stages. The subtlety of the attack – and public familiarity with scann

In a world where fraudsters evolve daily, traditional training materials are rapidly losing their impact. Every week, thousands of new scams are launched - some with human-like precision and tone. Yet, most employees, citizens and consumers still receive awareness information that feels outdated, generic or disconnected from reality. The challenge for organisations is no longer whether to train people on fraud risks, but how to do it effectively in a digital-first, AI-driven environment. The new face of fraud education Fraudsters have learned to imitate not only emails and brands, but emotions. They exploit human curiosity, fear, urgency and even empathy to drive impulsive actions - often leading to financial losses. Modern fraud isn’t limited to crude spam messages; it includes AI-generated voices, cloned websites, and realistic video impersonations. In this environment, awareness needs to be as dynamic as the threats themselves. At PORGiESOFT Security, we’ve been developing AI-Avatar

Local councils and public service bodies are increasingly being impersonated by fraudsters seeking to exploit public trust. Fake text messages about parking fines, energy rebates, or council tax refunds now appear regularly in residents’ inboxes. Behind each one is a criminal attempt to harvest personal information, install malware or steal money. Fraud targeting councils is not new, but the scale and sophistication have evolved dramatically. In recent years, our Fraud Intelligence Function has tracked numerous scam campaigns impersonating local authorities, often using official logos, similar domain names and familiar language. These campaigns exploit both technology and emotion - and without continuous awareness, residents can easily fall victim. Why councils are high-value targets Councils handle a vast range of citizen interactions: benefits, payments, waste collection, housing support, and public health. Fraudsters know that people are more likely to trust a message from their lo

PORGiESOFT Security researched and provided a quantitative map of the UK smishing ecosystem, detailing how threat actors, infrastructure and victims intersect. What did we learn? 1. Attack infrastructure Nearly 99 percent of all messages were written in English, confirming that UK consumers remain a primary focus for global smishing campaigns. The study identified nine distinct classes of smishing messages, from Class A (URL only, 58 %) to Class M (multiple fraud data points, 8.2 %) and smaller reply-based classes (Y and Z) that asked users to text “Y”, “YES”, or “STOP”. Each class revealed a different operational intent - whether to capture clicks, phone calls or conversation engagement. On the organisational side, 13 impersonation levels were mapped. The top three were: Banks (Level B) – 39.4 % of attacks Parcel Delivery Companies (Level P) – 26.3 % Government Departments (Level G) – 16.3 % Together, these sectors accounted for over 80 percent of all UK smishing incidents analysed.