PHISH & TELL 026

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Top stories of the week, how they are relevant to you, and what to do about them.

1. Meta adds AI‑powered scam detection to WhatsApp and Messenger
   Source: Meta launches new anti‑scam tools for WhatsApp and Messenger bleepingcomputer.com
   What happened: Meta announced new tools that automatically detect and warn users about potential scams. On Messenger, a new “AI scam review” watches for suspicious messages; if a new contact looks scammy, users will see a warning with options to block or report. On WhatsApp, a pop‑up warns users when they are about to share their screen or send sensitive information to an unknown contact, reminding them to verify who they’re talking to.
   Why it matters: Social‑engineering scams increasingly target small‑business owners through direct messaging. Fake supplier invoices, romance scams and crypto schemes often start with a simple chat. These new AI‑driven warnings can help people think twice before sending sensitive information.
   What you can do: Ensure everyone in your business, including you, uses the latest versions of WhatsApp and Messenger, and leave scam‑detection features turned on. Remind your team to verify unknown contacts by phone or through an alternate channel before sharing bank details, screen‑sharing or downloading files.

2. “Jingle Thief” hackers loot gift cards via cloud abuse
   Source: “Jingle Thief” hackers exploit cloud infrastructure to steal millions in gift cards thehackernews.com
   What happened: Palo Alto’s Unit 42 researchers uncovered a financially motivated group dubbed “Jingle Thief.” The criminals use phishing and smishing to steal Microsoft 365 credentials for businesses that issue gift cards, then issue fraudulent cards. They maintain a persistent presence for months, quietly issuing high‑value gift cards and selling them on the gray market.
   Why it matters: Many retailers and service providers, including small businesses, offer gift cards. A gift‑card issuance portal often sits within your cloud environment. If criminals gain access, they can drain value without immediately triggering alarms.
   What you can do: Educate staff about phishing and smishing. Enable MFA for all Microsoft 365 accounts and monitor for unusual logins or inbox‑rule changes. Review who can issue gift cards and require secondary approvals for large values. Audit old accounts and disable unused credentials.

3. Zendesk “email bombs” show the danger of anonymous support tickets
   Source: Email bombs exploit lax authentication in Zendesk krebsonsecurity.com
   What happened: Attackers abused the ticket‑creation feature in the Zendesk customer‑support platform by submitting thousands of fake support requests. Because many Zendesk customers allow anyone to create a ticket without verifying their email address, the system dutifully sent out thousands of auto‑reply messages from legitimate brands. Victims received waves of menacing or insulting emails that looked like they came from respected companies.
   Why it matters: A flood of bogus support emails can overwhelm small‑business inboxes, making it hard to spot real customer issues or invoice notifications. Worse, scammers could incorporate phishing links into these tickets or damage your reputation if your domain is used to bombard others.
   What you can do: If you use a help‑desk platform such as Zendesk, require users to verify their email address or log in before they can open a ticket. Review your auto‑responder rules and disable ones that send replies to unverified addresses. Consider limiting the number of tickets that can be created within a short period of time and regularly auditing your support system for abuse.

   Not sure what applies to your business or what your options are? Let’s talk.

🔍 In Case You Missed It (ICYMI)

• This week’s blog post: After the Cyber Attack: What Happens Next (and How to Recover Like a Pro) » Because once the alarms quiet down, recovery begins — and that’s where the real story starts.

• Follow us on LinkedIn, Facebook or Instagram. Youtube is in the works (subscribe to get notified when I finally start getting these videos out there!)

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

A simple but powerful tip for safe shopping—especially online—is to always verify the seller before entering any payment information.

Scammers commonly create fake websites or social‑media ads that mimic real brands and lure shoppers with steep discounts.

Before you buy, check that the URL begins with “https://,” look up reviews on independent sites, and confirm contact details (such as a physical address or customer‑service number).

If you’re still unsure, pay with a credit card rather than a debit card—credit cards offer stronger fraud protections and make it easier to dispute suspicious charges.

💬 A PERSONAL NOTE

Lately I’ve been reminded how easy it is to put everyone and everything else ahead of our own well‑being. When you’re running a business, looking after family, and trying to keep up with a never‑ending to‑do list, it’s tempting to believe you can push through without pausing. The reality is our bodies and minds don’t run on autopilot; they need rest, good food and moments of calm to stay resilient.

Giving yourself permission to slow down isn’t selfish—it’s essential. Carving out even small pockets of time for a walk, a meal away from your desk, a chat with a friend or simply doing nothing helps to recharge your immune system and mental clarity. When we ignore those needs, stress takes its toll, making us more susceptible to illness and burnout. Taking time for yourself means you’ll have more energy and focus for the people and projects that matter most in the long run.

👂 TELL ME

I’d love your feedback—do you like the new 3-story format? Just hit “reply” and let me know!

Stay safe and see you next week! 🌟 

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷