Skip to main content
    New Email Scam Tool Makes Fake Business Messages Look More Real
    Cybersecurity
    2 min read

    New Email Scam Tool Makes Fake Business Messages Look More Real

    Criminals are using a new phishing service called ARToken that makes their fake emails harder to spot, even for careful readers.

    Source

    CyberScoop

    Original headline: This phishing kit looks more like BEC-as-a-service

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Wednesday, July 1, 2026Updated Thursday, July 2, 20262 min read
    Share:

    Researchers at Cisco Talos have discovered a new phishing tool called ARToken that helps criminals create more convincing fake emails. This tool is related to another service called EvilTokens. These services work like a criminal subscription model, where scammers pay to use sophisticated tools that make their phishing emails look more legitimate and harder to detect. This affects anyone with an email address, but especially people who handle money or sensitive information at work. Business email compromise scams often target employees who can authorize payments, access company accounts, or share confidential data. The emails may look like they come from your boss, a coworker, or a trusted vendor asking you to take urgent action.

    Here's what you should do to protect yourself. First, never click links or download attachments from unexpected emails, even if they look like they're from someone you know. Second, if you receive an email asking you to send money, share passwords, or take urgent action, verify it through a different method. Call the person directly using a phone number you already have, not one provided in the email. Third, hover your mouse over links before clicking to see where they really go. The display text might say one thing, but the actual destination could be completely different. Develop a habit of being suspicious of urgent requests via email. Criminals count on you acting quickly without thinking. Teach everyone in your family to pause and verify before taking action on any email that asks for personal information, money, or account access. Enable two factor authentication on all your important accounts so that even if a criminal gets your password, they still can't get in. These simple habits will protect you from most phishing attempts, regardless of which tools the criminals are using.

    Protect Yourself

    Use our GCR Scam Guard to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: CyberScoop

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.