PHISH & TELL 007

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Here are the top cybersecurity stories from this week that are most relevant to small businesses—along with why they matter and what you can do about them.

1. Retail Giants Continue to be Hit by Cyberattacks

   Major retailers, including Victoria’s Secret and The North Face, suffered cyberattacks leading to data breaches and operational disruptions. Victoria’s Secret temporarily shut down its website and postponed its earnings report. (Best headline: “Knickers Outlet Knackered”.)

   ✅ Why it matters: Small businesses in retail should expect attackers to “trickle down” tactics from large enterprises. If you're handling any customer data, you're a target.

   👉 What to do: Run regular scans on your systems. Train staff to identify and avoid phishing and malicious links. Establish an incident response plan—test it quarterly.

2. Cybersecurity Workforce Shrinks at CISA

   The US Cybersecurity and Infrastructure Security Agency (CISA) saw about a third of its staff exit amid budget cuts and restructuring.

   ✅ Why it matters: Federal support for US small businesses through CISA (like threat alerts and best practices) could slow down or become less consistent.

   👉 What to do: Don’t rely solely on federal advisories—get help from local business groups, an MSP, or consultant.

3. AI Attacks Hit New High: 36,000 Scans Per Second

   Cybercriminals are using AI to scale attacks at unprecedented speeds. Recent data shows up to 36,000 automated scans per second targeting IoT devices, web applications, and cloud services. A new website is likely to be scanned within minutes.

   ✅ Why it matters: Small businesses can be quickly and indiscriminately targeted—especially if they have weak or outdated systems.

   👉 What to do: Patch systems frequently to close known vulnerabilities.

4. Salesforce Users Targeted in Sophisticated Vishing Campaign

   Google reported that attackers impersonated IT support staff to trick employees into giving up access to Salesforce accounts.

   ✅ Why it matters: Even non-technical employees can grant attackers access if they’re not trained to be skeptical.

   👉 What to do: Train staff on how to spot voice and support scams.

5. Insider Breach at Coinbase Costs Millions

   An insider at Coinbase helped leak customer data and demanded a $20 million ransom, reinforcing that internal threats can be just as dangerous.

   ✅ Why it matters: Small businesses often skip background checks or audit trails—leaving them vulnerable to insider abuse.

   👉 What to do: Conduct pre-hire background checks and enforce role-based access. Run Phishing tests to train team members.

🔍 In Case You Missed It (ICYMI)

• 💻 Free Webinar! Are you a woman business owner who wants to protect what you’ve built—without becoming a tech expert? Join my free workshop, Cyber Confident, on Monday, June 9th at 12pm ET / 9am PT. You’ll discover how your business instincts are your best cybersecurity asset and learn practical steps to safeguard your company—no jargon, no overwhelm. 🔒 Register here (replay will also be available): https://securitydoneeasy.com/webinar-registration

• 🛠️ Quick Tool: Free AI experience — Have you wondered what it’s like to manage through a cybersecurity incident? Practice Staying CALM™️ in a Cyber Crisis — Before It Counts »

• 🫵 This week’s Security Done Easy blog post: Real Talk: What is the Cost of Cybersecurity for Women-Owned Small Businesses? »

🔐 LOCK IT DOWN

🗺️ Enable Two-Factor Authentication (2FA) on All Social Media Accounts

📍 Why?
Social media accounts are prime targets for cybercriminals. If hijacked, they can be used to spread scams, damage your brand’s reputation, or lock you out of your own platforms. Phishing and credential stuffing attacks are common entry points.

✅ What to do:
Go to your business’s social media account settings. Enable Two-Factor Authentication (prefer app-based like Google Authenticator or Authy—avoid SMS if possible). Ensure all admins and team members also have 2FA enabled.

🧐 Pro Tip:
Use a centralized password manager (like 1Password or Bitwarden) and audit who has access. Remove ex-employees or outdated permissions immediately.

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

🛡️ Personal Safety Tip: Use a Virtual Phone Number & Email for Online Interactions

When shopping online, networking, or signing up for services, your personal contact info can be harvested and misused for scams, harassment, or even doxxing. Women are disproportionately targeted in these types of cyber-enabled personal threats.

What to Do:

• Use a virtual phone number (via Google Voice, Burner, or MySudo) for networking events, online shopping, or dating apps.

• Create a separate email address (like [email protected]) for non-financial or public-facing activities.

• Avoid using your full name or location on public profiles unless necessary for business branding.

Bonus Tip:
Set strong privacy settings on social media to limit who can see your location, photos, and personal posts. Use a password manager and enable 2FA on your personal accounts.

💬 A PERSONAL NOTE

We’ve got some exciting things in the works!

• We’re kicking off our Kickstarter soon for our deal-your-own-security card deck soon! Sign up to be notified when we go live!

• We had a blast at the Friends of Business Expo at the end of May, bringing together chambers of commerce and small business owners across the Carolinas for many underrepresented groups, including women, people of color, LGBTQ+, and more. Thanks to the Carolinas LBGT+ Chamber of Commerce for a great event!

• But wait, there’s more! We were also featured on the NASDAQ display in NYC!

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like addressed? Hit reply and let me know :-)

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷