⏱️ ≈ 8-minute read

📌 Big News — Scam State goes industrial • Zendesk impersonation campaign
🚨 Can’t Miss — Albiriox Android malware • OAST exploit platform • DPRK npm poisoning • CodeRED outage
🤖 AI in Cyber — FBI ATO fraud surge • Shadow identity risks • OpenAI vendor breach • 620% AI-phishing spike
🧪 Strange Cyber Story — Scammer Claus and his AI-powered holiday hoaxes

Pig-butchering scams have evolved from low-end romance cons into a multibillion-dollar industry powered by AI, deepfakes, and forced labor. In parts of Southeast Asia, “scam compounds” now function like industrial parks—except the product is global fraud.

Reporting from the region describes large compounds in Cambodia, Laos, and Myanmar where trafficked workers are forced to run romance, crypto, and investment scams around the clock. Scripts, personas, and even fake trading dashboards are generated or optimized by AI, allowing each “agent” to manage many victims in parallel while adapting to their behavior.

This isn’t a lone scammer DM’ing your users—it’s a structured business with KPIs, middle management, and its own R&D pipeline. The same AI-driven social-engineering playbooks are already bleeding into business email compromise, vendor fraud, and account-takeover targeting executives and finance teams.

Governments and international bodies are starting to respond: UNODC now calls these operations a human-trafficking and economic-crime crisis, and law-enforcement coalitions like the “Scam Center Strike Force” are trying to disrupt the worst offenders. But corruption, safe havens, and the sheer profitability of the model mean enforcement is still playing catch-up.

👉 Fraud has become an export industry, and AI is its favorite productivity tool. Treat pig-butchering and high-touch social engineering as a strategic risk to your customers, brand, and payment flows—not just a “consumer awareness” slide.

Scam “mega-factories” in Southeast Asia are industrializing pig-butchering with AI tooling and forced labor, and the resulting fraud is hitting victims, banks, and enterprises worldwide.

Attackers finally realized the help desk is the skeleton key of the enterprise. If you can convincingly impersonate support, you don’t need a 0-day—you just need one overworked agent.

Researchers are tracking a campaign abusing lookalike Zendesk domains and phishing pages that are nearly indistinguishable from the real console. At the same time, a Scattered Lapsus$-style crew is registering dozens of fake Zendesk domains and submitting malware-laced “tickets” designed to compromise agents’ endpoints and harvest their credentials.

Support tools sit at the intersection of identity and incident response. A single compromised help-desk account can reset MFA, reroute mailboxes, reopen closed incidents, and impersonate internal users across multiple business units. In other words: compromise support, and you get a fast lane around a lot of your Zero Trust diagram.

Zendesk and security vendors are advising customers to enforce SSO, use phishing-resistant MFA, and monitor for suspicious ticket behavior and login patterns. But many organizations still classify support platforms as “medium-tier SaaS” rather than identity-adjacent systems, so they don’t get the same policy rigor or telemetry.

👉 If a platform can change who someone is in your environment—via password resets, MFA changes, or profile edits, it is part of your identity layer. Harden Zendesk and similar tools like you would your IdP.

Typosquatted Zendesk domains and malicious ticket campaigns are targeting support teams to steal credentials and plant RATs, turning help desks into high-value beachheads.

Your readers want great content. You want growth and revenue. beehiiv gives you both. With stunning posts, a website that actually converts, and every monetization tool already baked in, beehiiv is the all-in-one platform for builders. Get started for free, no credit card required.

Simplify Training with AI-Generated Video Guides

Are you tired of repeating the same instructions to your team? Guidde revolutionizes how you document and share processes with AI-powered how-to videos.

Here’s how:

1️⃣ Instant Creation: Turn complex tasks into stunning step-by-step video guides in seconds.
2️⃣ Fully Automated: Capture workflows with a browser extension that generates visuals, voiceovers, and call-to-actions.
3️⃣ Seamless Sharing: Share or embed guides anywhere effortlessly.

The best part? The browser extension is 100% free.

Check out Guidde

It’s beginning to look a lot like phishing. Chapman University’s CISO is warning that “Scammer Claus” is back for 2025—with deepfake Santa videos, AI-generated charity appeals, and holiday-branded lures designed to melt user skepticism faster than snow on a load balancer.

Scammers are sending out Santa-themed deepfake videos, fake donation drives, and “exclusive holiday sale” campaigns aimed at students, staff, and families. Many messages link to lookalike payment portals or credential harvesters; some impersonate university departments offering emergency travel funds or surprise tuition credits. It’s all cheer on the surface, credential theft underneath.

Holiday scams have always leaned on emotion and urgency, but generative AI gives adversaries personalization and production value at scale. A convincing Santa voiceover and on-brand holiday template can make even security-savvy users drop their guard—especially when everyone’s tired and rushing to wrap up the year.

The FTC and FBI are pushing updated consumer guidance on holiday scams—from checking URLs and avoiding gift-card payments to verifying charities before donating. But most people still don’t expect a Pixar-quality Santa to be a threat actor. The gap between what AI can fake and what users expect is the attacker’s playground.

👉 If a message combines holidays, urgency, and payment or login requests, treat it as hostile until proven otherwise. Scammer Claus doesn’t care if you’ve been naughty or nice—only if you click.

“Scammer Claus” is back, using AI deepfakes and polished holiday lures to drive credential theft and fake charity donations. Santa’s never looked so legit—or so malicious.

Enjoying Exzec Cyber? Forward this to one person who cares about staying ahead of attacks

Hate everything you see or have other feedback? Reply back to this email!