Cyber scams on the rise: How to avoid getting phished by hackers
Yahoo Finance Videoand
Josh LiptonSun, December 28, 2025 at 10:00 AM EST
In this video:
Americans lost $12.5 billion in scams in 2025, according to a report from the US Federal Trade Commission (FTC), a whopping 25% increase from last year.
Push Security CTO Mark Orlando discusses how to spot cyber scams and phishing messages, going into detail on a recent scandal where hackers used malicious Calendly links to trick people and gain their login info.
Catch Mark Orlando explain where new online scams are becoming most prevalent — such as on networking sites like LinkedIn.
Watch Yahoo Finance's interview with CrowdStrike (CRWD) president Michael Sentonas on how the cybersecurity industry is using AI to combat hacks. Also read up on how North Korean hackers were responsible for over $2 billion in crypto losses in 2025.
To watch more expert insights and analysis on the latest market action, check out more Market Domination Overtime.
Video Transcript
00:00
Speaker A
How would you defend against that?
00:03
Mark
Well, it's it's of course very difficult and I think as just a a user who maybe has less aware of these kinds of things, you know, awareness is always helpful. And so I would say, uh the same way that you might pause and think before you go clicking on a link that you're unsure of the source or opening a file attachment in an email that you're unsure of the source. If someone is trying to solicit some kind of action from you, uh whether that is, you know, accessing a website that maybe you don't trust or less familiar with or uh particularly logging into your Google account or your Microsoft account and you're taken from maybe the initial website to another website and then prompted to log in. That's where kind of your spidey sense should start tingling a little bit and it's worth maybe picking up the phone or sending a text message to validate that that trusted person who sent you this message, that communication is in fact who they claim to be.
00:43
Speaker A
And and finally Mark, uh another one you talk about here, the Calendly fishing campaign, walk us through that one.
00:53
Mark
Sure. So, we identified a campaign, another campaign uh this year where attackers were fishing their target sending these uh malicious email messages with fake calendly links. And uh many people use calendly in their their work, you know, of course to schedule meetings and and find availability. And these calendly themed fishing emails were ostensibly reaching out to schedule job interviews. And they were appearing to come from trusted brands like Disney, Lego, Unilever, uh with, you know, the enticement to click on this Calendly link to schedule a job interview. So, a kind of a a couple of different things in play there. One, you had a trusted, recognizable brand. Um, we're also kind of playing on on emotions here, you know, in this job market, big opportunity for a job interview at a big company. Of course, that's very attractive. So, in terms of that initial, you know, what we would call a lure, it was very convincing, difficult for people to kind of pick out. Um, on the other side of that attack, the goal there was to trick people into signing in to an account, um, for Google Ad management, uh which we know attackers often use to create malicious advertisements so that when you go to Google and you do a search for let's say sports equipment, uh you're served up ads that will take you to these same kinds of malicious websites. So, that campaign was pretty interesting from the perspective of that social engineering, you know, very convincing ways of tricking people into clicking on those links, but also in terms of what the attackers are likely to do with that information once those the accounts are compromised.
02:26
Speaker A
It's an ever evolving landscape. You've got your hands full there, Mark. Thanks so much for your time today. We appreciate it.
02:33
Mark
Pleasure. Thanks so much.
View Comments