PHISH & TELL 011

The Cybersecurity Brief for Women Who Mean Business

Author

Alexia Idoura
July 04, 2025

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

You’re not just building a business.
You’re building something worth protecting.

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

I always feel like I say, “Happy [fill in the holiday], don’t get scammed!” Occupational hazard. If you’re in the USA, Happy Independence Day. Here are the top stories of the week.

  1. AI-Powered Phishing Sites Appear in Minutes

    📖 Source: The Register"AI Tool Lets Attackers Spin Up Phishing Sites in Seconds"

    Cybercriminals are abusing AI web builders to generate phishing sites that look legitimate in under 30 seconds.

    ✅ Why it matters: These fake pages are harder to detect and easier to deploy—meaning more phishing attacks, more often.

    👉 What to do: Use phishing-resistant MFA (e.g., hardware tokens such as Yubikeys), and verify URLs—even if the site looks official. Even better (but not 100% fool-proof — no such thing in cybersecurity) put in place email security with real-time link scanning to protect you and your team.

  2. AI-Powered Scams: Fake Staff, Fake Stores

    📖 Source: Business Insider"Generative AI is Making Running an Online Business a Nightmare"

    Scammers are using generative AI to build fake online stores, clone your business branding, impersonate employees, and even create realistic deepfake videos or audio calls—all aimed at deceiving customers and business partners.

    ✅ Why it matters: These AI-powered impersonations can seriously damage your reputation, defraud your clients, and drain your resources trying to undo the harm.

    👉 What to do: Monitor the web for fake versions of your business. Train staff to verify unexpected requests, and alert customers to known scams involving your brand.

  3. New macOS Malware Posing as Zoom Updates

    📖 Source: SecurityWeek"North Korean Hackers Use Fake Zoom Updates to Install macOS Malware"

    North Korean hackers are using fake Zoom update scripts, delivered via Telegram and phishing emails, to install NimDoor—a stealthy macOS backdoor that can steal credentials, browser history, Telegram data, and crypto wallet info.

    ✅ Why it matters: Macs are no longer “safe by default.” Anyone using Apple devices may unknowingly install malware disguised as common updates.

    👉 What to do: Update only via the Mac App Store or official vendor sites. Enable Gatekeeper and other Mac protections. Store crypto in hardware wallets.

  4. Amazon Prime Day: Cybercriminals Ready to Strike

    📖 Source: Check Point Research"Amazon Prime Day 2025 – Deals Await, But So Do the Cyber Criminals"

    Check Point warns that cybercriminals are flooding inboxes and ads with fake Amazon deals, leading to phishing sites and credential theft.

    ✅ Why it matters: Clicking on these links could expose your business to credential theft or malware.

    👉 What to do: Watch out for fake Prime Day deals. Block high-risk domains and shop only through verified platforms.

  5. Malicious Firefox Extensions: Over 40 Found

    📖 Source: The Hacker News"Over 40 Malicious Firefox Extensions Caught Stealing Data"

    Researchers uncovered dozens of Firefox add-ons that steal user input, track browsing, and leak sensitive data to remote servers.

    ✅ Why it matters: These extensions could leak client data, login credentials, or internal documents.

    👉 What to do: Audit browser extensions for any browser periodically. Vet extensions you want to add. This applies to Chrome and any browser.

Have a team or contractors? Forward this email to them for awareness.

Would a blog post that goes into more detail on any of these topics (for example, monitoring for sites pretending to be your business) be helpful? Let me know.

🔍 In Case You Missed It (ICYMI)

  • 🫵 Last week’s Security Done Easy blog post: Protecting Your Business with a VPN: A Practical Guide for Women Entrepreneurs »

  • Follow us on Facebook or Instagram to get timely important news, such as the latest updates on the TikTok ban.

  • You may have heard in the news that Hunters International, a ransomware group targeting SMBs and schools, has shut down—and deleted victim data from their dark web site and announced they are giving their victims the decryption keys. (You may know them from a recently publicized hack involving exposing pre-surgery body photos from a plastic surgery practice.) The statement issued read, “We, at Hunters International, wish to inform you of a significant decision regarding our operations….”

    Have they turned a new leaf? More like a rebrand under a new name and a new business model. Instead of getting in and encrypting your data for a ransom, they are just flat-out stealing your data to extort a ransom. Faster and less risky for them because there’s no encryption and keys and related interactions.

    Get this: In May they invited journalists to “get on their email list” to be notified 24 hours before attacks are made public. "This exclusive access will empower journalists to prepare in-depth analyses and stories that resonate with their audiences, ensuring they stay ahead of the curve in today's fast-paced news environment." Oy.

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

A malicious Android app disguised as parental control software accidentally leaked massive amounts of stolen data, including user logins.

✅ Why it matters: You or your employees may have downloaded this spyware onto company-connected devices.

👉 What to do: Use a mobile security app on your phone and reset credentials if suspicious apps are found. Never use the same password for more than one account — use a password manager to make it easy to manage.

💬 A PERSONAL NOTE

I’ve continued to work towards launching this Kickstarter project. I love the way it’s going and I’ve gotten good feedback from business owners like you. I’ve reworked the theme to reflect my personality more (more humor) and to lean in to the fact that you want to focus on your business, not cybersecurity (though you recognize it’s something you need to do.) Here’s a peek! (Get notified when it goes public!)

In other news, these foster kitties have grown so much! Our dog has claimed them as his. 😬 

The bottle-fed foster kitties are weaned and growing so fast!

👂 TELL ME

Are you finding this newsletter helpful? Do you have questions or topics you’d like addressed? Hit reply and let me know :-)

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷