Research by HP’s Wolf Security has uncovered the sophisticated tools now being utilised by hackers

I think it is fair to say that the average user is far more aware of hackers and their traditional methods to extract information or money from you. Whilst the amount of people fooled is still staggering, the ordinary consumer is more aware of potential threats and has a pretty good eye to spot the obvious scams

Spelling errors, generic email addresses plus deals that are just too good to be true are just some of the tell-tale signs that you need to be vigilant.

That view is backed up by statistics released by Scamwatch for the first 6 months of 2025

Scamwatch received 108,305 reports about scams in the first six months of 2025, which is a 24 per cent decrease in reports compared to the same period last year. While total number of reports are down, reports involving losses have increased significantly ($173.8 million)

So we are being more careful but losing more money and data.

In response, the hackers have upped their game. HP’s new Wolf Security Threat Insights report illustrates some of the new tools hackers and scammers have developed to tempt you to drop your guard.

Tools such as animations of fake screen updates with loading bars and staged password prompts are now being coupled with traditional malware in an effort to bypass detection.

Now I must admit that when shown an illustration of what a potential threat may look like, knowing it was a mock up from HP to give us an idea of what we are dealing with, and even though I have top of the line security software, these animations showing progress bars still sent a chill down my spine. That feeling of “oops I shouldn’t have clicked that”

These new methods allow hackers to deliver their payloads and at the same time instil that sense of urgency to click on anything to get out of that screen. Click on the wrong link and they have you.

Practices highlighted in the report include:  

  • You’ve Been Served (Malware)! – fake legal warning emails leading to a fake government page with an animated “one-time password” used to deliver PureRAT, a remote access tool sold on the Dark Web that gives attackers full control of infected devices. 
  • Fake Adobe Update Installs Attacker Remote Access Tool – a fake Adobe-style update screen convinced users to install a modified ScreenConnect executable, a legitimate remote support tool modified to give attackers remote access. 
  • Discord Malware Dodges Windows 11 Defences – payloads hosted on Discord and paired with patched Windows protections to deploy Phantom Stealer, a subscription-based infostealer sold on the Dark Web that harvests credentials, financial data and browser cookies.

Patrick Schläpfer, Principal Threat Researcher, HP Security Lab, comments: “Attackers are using polished animations like fake loading bars and password prompts to make malicious sites feel credible and urgent. At the same time, they are relying on off-the-shelf, subscription malware that is fully featured, and updates as fast as legitimate software. This is helping threat actors keep ahead of detection-based security solutions and slip past defences with far less effort.”

Now the full report is extremely comprehensive and probably isn’t suggested reading for a relaxing Sunday afternoon but the message it carries is one that we can’t assume we can’t be hit.

The full report can be found at HP’s website