PHISH & TELL 005

The Cybersecurity Brief for Women Who Mean Business

Author

Alexia Idoura
May 01, 2025

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

Towards the end of each week, I’ll send you a no-fluff email that helps you:

  • 💻 Protect your business from digital scams & hacks

  • 👩🏾‍💻 Learn cyber safety without needing to “speak tech”

  • 🔐 Feel confident knowing you’re locked down tight

You’re not just building a business.
You’re building something worth protecting.
Let’s make sure no one gets to mess with it.

🎣 PHISH ALERT: TOP 5 CYBERSECURITY NEWS STORIES OF THE WEEK

Small businesses are contending with several pressing cybersecurity challenges. Here are the top five:​

  1. Happy World Password Day

    On May 1st, World Password Day spotlights the importance of strong password practices. Experts advocate for multi-factor authentication, password managers, and transitioning to passwordless solutions like biometric verification (face, thumbprint) to combat credential theft and enhance security.

    ✅ Why it matters: Weak passwords are still a leading cause of data breaches.

    👉 What to do: Use a password manager and multi-factor authentication. See our blog articles on each for more details.

  2. Co-op and M&S Hit by Cyberattacks, Disrupting Operations

    UK retailers Co-op and Marks & Spencer experienced cyberattacks that led to IT system shutdowns and service disruptions. Co-op disabled parts of its IT infrastructure, affecting inventory and support systems, while M&S faced issues with contactless payments and online orders. These incidents highlight the vulnerability of retail operations to cyber threats.

    ✅ Why it matters: Shows how cyberattacks can paralyze core business operations like payments and logistics.

    👉 What to do: Have a contingency plan and regularly back up systems to recover quickly after a breach.

  3. Women Entrepreneurs Gain Awareness on AI and Cybersecurity

    The International Women's Federation of Commerce and Industry (IWFCI) Malaysia hosted a webinar titled "Women Entrepreneurs: Basic Awareness on Generative AI and Cybersecurity." The session aimed to educate women entrepreneurs on leveraging AI and implementing cybersecurity best practices.

    ✅ Why it matters: Understanding emerging tech empowers women to protect and grow their businesses.

    👉 What to do: Host or attend webinars that demystify AI and cyber threats for entrepreneurs.

  4. Surge in Encrypted Messaging Apps Following 'Signalgate' Scandal

    Following reports of sensitive information being shared via the Signal app, there has been a notable increase in the adoption of encrypted messaging platforms. This trend underscores the growing concern over secure communication channels in both personal and professional settings.

    ✅ Why it matters: Secure communication is crucial for protecting business and client info.

    👉 What to do: Use encrypted messaging for sensitive conversations and avoid unsecured channels.

  5. Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

    Hackers have created a fake WordPress plugin WP-antymalwary-bot.php that pretends to protect your website—but actually gives attackers full access to it. Once installed, the plugin opens a backdoor, allowing hackers to upload malicious files, control your website, or steal information. It’s spreading through already hacked websites and mimics legitimate security tools to trick unsuspecting users.

    ✅ Why it matters: If you manage your website through WordPress, especially for your business, this fake plugin could let attackers steal customer data, take down your site, or use it to spread scams—all without you knowing.

    👉 What to do: 

    ✅ Only install plugins from trusted developers via the official WordPress Plugin Directory.

    🔍 Audit your existing plugins—remove any you don’t recognize or no longer use.

    🛑 Avoid downloading plugins from third-party websites or links in emails.

    🧼 Use a reliable website firewall and malware scanner, and back up your site regularly.

    🔐 Limit admin access to only those who need it, and keep WordPress core and plugins updated.

🔍 In Case You Missed It (ICYMI)

  • ⚠️ Scam Alert: In AI-enhanced imposter scams, fraudsters utilize artificial intelligence to create convincing fake identities, often posing as potential clients, investors, or romantic interests. Women entrepreneurs are frequently targeted due to their active online presence and engagement in digital networking. These scams can lead to significant financial loss, compromise of business data, and emotional distress. Maintain a healthy skepticism toward unsolicited communications and use good passwords and multi-factor authentication.

  • 🛠️ Quick Tool: Free AI experience — Have you wondered what it’s like to manage through a cybersecurity incident? Practice Staying CALM™️ in a Cyber Crisis — Before It Counts »

  • 💬 Quote of the Week: Cybersecurity is much more than a matter of IT. — Stéphane Nappo, Former Global Chief Information Security Officer (CISO) at Société Générale International Banking

  • 🫵 This week’s Security Done Easy blog post: Unlocking Ultimate Security: Why YubiKeys and Hardware Tokens Are the Gold Standard for MFA »

🔐 LOCK IT DOWN

Spot Phishing Emails Before They Hook You

Why it matters:
Phishing is still the #1 way hackers trick small business owners into giving up passwords, money, or access. These emails look legit—but one wrong click could cost you your business.

What to do (in under 5 minutes):

📧 Pause before you click — Is the email unexpected, urgent, or emotional (like “account suspended” or “invoice overdue”)? That’s a red flag.

👀 Check the sender — Hover over the name to see the actual email address. Look for odd spellings or domain names (like @secure-paymnt.com instead of @paypal.com).

🔗 Inspect links before clicking — Hover over links to preview the URL. If it looks suspicious, don’t click.

🗑️ When in doubt, throw it out — Or contact the sender through a trusted channel (like calling your bank directly, not from any number in the suspect email).

✅ Bonus Tip: Use a spam filter and train your team—one click from them could compromise your whole network!

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

👀 Protect Your Photos and Personal Images from Being Misused

Why it matters:
Images shared online—especially by women—can be taken out of context, altered, or used in impersonation scams and fake profiles. Even seemingly harmless photos can reveal your location, habits, or identity to people with bad intentions.

What to do:
🔒 Set your social media accounts to private and limit who can see your photos.
📸 Avoid posting real-time updates that show where you are (like geotagged selfies or business check-ins).
🧹 Regularly audit your profiles and remove old images that could compromise your privacy.
🔍 Reverse-search your profile pics to check if they’re being used elsewhere without your permission.

✅ Bonus Tip: Use a professional headshot for business pages and save casual or family photos for trusted, private networks only.

 WORRIED ABOUT YOUR SOCIAL MEDIA ACCOUNTS?

👉 Grab the free Social Media Lockdown Guide.

Say goodbye to the fear of waking up to a compromised account. Learn how to protect your accounts from hijackers and scammers in five steps.

💬 A PERSONAL NOTE

We’ve got some exciting things in the works!

Concept of security planning deck

  • We’re kicking off our Kickstarter soon for our deal-your-own-security card deck soon! Keep an eye out!

  • We’re finally rolling out our podcast in the next few weeks. Want to be a guest, either as an anonymous business owner who wants to dig in to her own business’ security (protecting your identity from criminals who might be listening), or as an expert who has a message to share with women business owners? Email me!

  • We’ll be exhibiting at the Friends of Business Expo at the end of May, bringing together chambers of commerce and small business owners across the Carolinas for many underrepresented groups, including women, people of color, LGBTQ+, and more. If you’re in Charlotte, stop by and say Hi!

  • Our next blog article will address secure travel — look for that next Monday morning.

💬 IN YOUR CORNER

Worries? Questions? I’m in your corner. Let me know!

👋 DM me @securitydoneeasy with your Qs
🔐 Get on the waitlist: A 90-minute live experience for women leaders who want to be ready — not reactive — in a cybersecurity incident. Coming soon. (See the “Quick Tool” in the ICYMI section above for a quick free taste.)
💌 Forward this to a biz bestie who needs to stay scam-proof, too!

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like addressed? Hit reply and let me know :-)

You’re subscribed to Phish & Tell™️ because your business is worth protecting.
Feel safe, stay savvy, and don’t click shady sh*t. ;-)

🩷