PHISH & TELL 006

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Here are the top cybersecurity stories from this week that are most relevant to small businesses—along with why they matter and what you can do about them.

1. Notorious Ransomware Group Gets Hacked

   The notorious Lockbit ransomware gang was reportedly breached, with leaked chat logs revealing indiscriminate targeting of small businesses.

   ✅ Why it matters: Despite getting a taste of their own medicine, its tactics and tools still circulate, posing ongoing risks to small businesses. Also, victim data was leaked and victims tend to be re-victimized. Lightning does strike twice.

   👉 What to do: Keep your software and systems patched and current, maintain regular backups, and implement multi-factor authentication (MFA).

2. AI Deepfakes Used in Bank Fraud

   Scammers are leveraging AI-generated voice deepfakes to impersonate individuals and access bank accounts, highlighting vulnerabilities in identity verification processes.

   ✅ Why it matters: Small businesses, especially those led by people with public-facing profiles, are at increased risk of such impersonation attacks.

   👉 What to do: Be cautious of unexpected calls requesting sensitive information, even if the voice sounds familiar. Implement strong authentication measures and educate your team about these emerging threats.

3. Scattered Spider Returns with Social Engineering Attacks

   The hacking group Scattered Spider has resurfaced, employing social engineering tactics like impersonating IT staff to gain unauthorized access to systems.

   ✅ Why it matters: These tactics exploit human trust, making small businesses with limited IT resources particularly vulnerable.

   👉 What to do: Train employees to verify identities before granting access or resetting passwords. Establish clear protocols for handling such requests.

4. Phishing and Social Media Account Takeovers Surge

   Phishing attacks and social media account takeovers are on the rise, posing significant threats to small businesses' online presence and customer trust.

   ✅ Why it matters: A compromised social media account can damage your brand and be used to defraud your customers.

   👉 What to do: Use strong, unique passwords for each account, enable MFA, and monitor your accounts for unauthorized activities.

5. Small Businesses Face High Rates of Malicious Emails

   Statistics show that small businesses receive a disproportionately high number of malicious emails, making them prime targets for phishing and malware attacks.

   ✅ Why it matters: Limited cybersecurity resources make small businesses more susceptible to these attacks, which can lead to data breaches and financial losses.

   👉 What to do: Implement email filtering solutions, conduct regular employee training on recognizing phishing attempts, and establish clear protocols for handling suspicious emails.

🔍 In Case You Missed It (ICYMI)

• ⚠️ Watch Out: After a negative performance review, a paralegal in Florida stole trade secrets and 1000s of attorney-client records. It’s not always the crooks outside the business that are a problem. Our next blog post will dive in to *insider* threats to your business.

• 🛠️ Quick Tool: Free AI experience — Have you wondered what it’s like to manage through a cybersecurity incident? Practice Staying CALM™️ in a Cyber Crisis — Before It Counts »

• 🫵 This week’s Security Done Easy blog post: The Business Woman’s Guide to Cybersecurity While Traveling »

🔐 LOCK IT DOWN

🗺️ Limit what you share on social media in real time—especially location details

📍 Why?
Criminals often use real-time posts (like tagging your current location or showing you're out of town) to target individuals when they’re most vulnerable—whether that’s for burglary, stalking, or impersonation scams.

✅ What to do:
Wait until you're home to post about where you’ve been, and avoid sharing live travel plans or solo outings publicly. Also, double-check your privacy settings and consider who can actually see your stories or posts.

This is something many women business owners wrestle with daily: how to stay safe without sacrificing visibility, authenticity, or brand growth? You can still be authentic, with some adjustments. Keep an eye out on my socials for some specific tips.

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

Photos taken with your phone often contain hidden location data (called EXIF metadata), which can be extracted and used by bad actors to track where the image was taken. Here's how to prevent that and remove it if needed:

📱 How to Stop Your Phone from Embedding Location in Photos

🔒 iPhone (iOS):

1. Prevent Location from Being Recorded:

   • Go to Settings → Privacy & Security → Location Services.

   • Scroll down and tap Camera.

   • Select Never (or Ask Next Time if you want control).

2. Remove Location from Existing Photos Before Sharing:

   • Open the Photos app, select a photo, then tap the Share icon.

   • Tap Options at the top.

   • Toggle off Location under “Include.”

🔒 Android:

1. Prevent Location from Being Recorded:

   • Open the Camera app.

   • Tap the gear icon (Settings).

   • Look for Save location or Location tags—turn this off.

2. Remove Location from Existing Photos:

   • Use Google Photos:

     • Open the photo → Tap the three-dot menu.

     • Tap the pencil/edit icon near the location → Tap Remove location.

   • Or use free apps like Photo Exif Editor to strip metadata before posting.

💬 A PERSONAL NOTE

We’ve got some exciting things in the works!

• We’re kicking off our Kickstarter soon for our deal-your-own-security card deck soon! Keep an eye out!

• We’re finally rolling out our podcast in the next few weeks. Want to be a guest, either as an anonymous business owner who wants to dig in to her own business’ security (protecting your identity from criminals who might be listening), or as an expert who has a message to share with women business owners? Email me!

• We’ll be exhibiting at the Friends of Business Expo at the end of May, bringing together chambers of commerce and small business owners across the Carolinas for many underrepresented groups, including women, people of color, LGBTQ+, and more. If you’re in Charlotte, stop by and say Hi!

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like addressed? Hit reply and let me know :-)

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷