🔍 Deep Dive Tuesday — Cyber Threat Intel

Tuesday, 09 June 2026 — The threats that matter to UK families right now.

What You Need to Know

Three stories dominating our monitoring feeds today. Here's the short version:

  • New banking malware is hitting UK customers. It doesn't steal your password — it waits until you're on your real bank's site and injects fake fields into the page. You type your details into what looks like a normal login screen. They go straight to criminals.
  • Vishing is replacing phishing. Threat actors are phasing out email. Phone calls convert better. And with AI voice cloning in the mix, it's getting harder to tell what's real.
  • AI-generated phishing emails are slipping through filters. The old tells — bad grammar, weird spelling — are gone. These emails read like your bank wrote them.

DarkWatch logged 8,694 captures this week across 18 targets. That includes credential dumps and scam kits specifically targeting UK banks.

1. The Banking Malware That Waits

Here's what PortSwigger Research and SANS ISC are watching.

A new malware strain is targeting UK high-street banks. The technique is cleverer than usual. Instead of phishing for credentials upfront, this malware sits on your device and waits. When you navigate to your bank's genuine website, it injects fake fields and overlays into the page in real time. You think you're logging into your bank. You're handing your credentials to criminals.

Who's in the crosshairs: Windows and Android users. The malware is spreading through email attachments disguised as invoices and delivery notices — the same vectors that have worked for years, because they still work.

What to do about it:

  • Use your bank's app, not the website
  • If you must use a browser, type the address yourself. Never click a link in an email.
  • Enable two-factor authentication if you haven't already
  • Run a virus scan if something feels off. Trust that feeling.

2. The Shift From Phishing to Vishing

This is a trend that's been building for months, and it's now unmistakable. Criminals are moving away from email and towards phone calls. The reason is simple: vishing converts at a much higher rate.

Why it works:

  • People trust a human voice more than an email
  • Caller ID is trivial to spoof
  • There's no spam filter for phone calls
  • AI voice cloning adds another layer of deception

Criminals are combining data from recent UK breaches with phone numbers bought on Telegram. When they call, they already know your name, your address, and sometimes your bank. That's why it sounds so convincing.

The rule hasn't changed: If someone calls claiming to be your bank, hang up. Call the number on the back of your card. Never share your password, PIN, or one-time code over the phone.

3. AI Phishing That Sounds Human

CrowdStrike and Schneier on Security are both reporting a surge in AI-generated phishing emails that pass through standard security filters.

The old detection systems look for patterns — misspellings, bad grammar, suspicious links. AI-generated phishing has none of those tells. The emails read like legitimate correspondence because they're written in natural, fluent English.

It's an arms race. Security vendors are deploying AI-based detection to catch AI-generated phishing. For now, the burden falls on you.

What to look for:

  • If an email asks you to log in to anything, don't click the link. Navigate to the site yourself.
  • Check the sender address carefully. One character difference is the giveaway.
  • Be suspicious of unexpected emails, even if they look professional. Scammers have gotten good at this.

DarkWatch Intelligence

Metric This Week
Total captures 8,694
Active targets 18
Credential dumps with UK addresses 6
Scam kits targeting UK banks 3
New Telegram fraud channels 12

Your Action List

  1. Call your bank and confirm your fraud alert settings
  2. Talk to elderly relatives about vishing calls — they're the most targeted group
  3. Check your email for unusual login notifications
  4. Update your antivirus software
  5. Set a family passphrase for emergency calls. It stops AI voice cloning scams cold.

Sources: PortSwigger Research, SANS ISC, Schneier on Security, CrowdStrike | DarkWatch dark web monitoring | 09 June 2026