Phish & Tell
Posts
PHISH & TELL 030

PHISH & TELL 030

The Cybersecurity Brief for Women Who Mean Business

Alexia Idoura
November 21, 2025

vgws

👋 WELCOME to Phish & Tell™️, from Security Done Easy™️

You’re not just building a business.
You’re building something worth protecting.

🎣 TOP CYBERSECURITY NEWS STORIES OF THE WEEK

Hey friend,

It’s the “everyone’s busy and clicking fast” part of the year — which means scammers are busy too. This week’s theme: crooks are leaning hard on legit-looking messages, social platforms, and “please just do this one quick step” tricks. We’re staying two steps ahead.

Let’s get into it.

LinkedIn is the new phishing playground
Source: The Hacker News thehackernews.com
What happened: The Hacker News highlighted why attackers love LinkedIn: built-in trust, easy impersonation, and messaging that bypasses email filters.
Why it matters: Women founders are visible on LinkedIn — which is great for business and also great for scammers hunting targets.
What to do:
- If a “client” or “podcast host” wants you to open a doc/link, verify first.
- Be cautious with “collab offers” that push you to sign in somewhere.
- Lock down your LinkedIn security settings and enable 2FA.
WhatsApp accounts are being hijacked to spread a password-stealing worm
Source: The Hacker News thehackernews.com
What happened: A WhatsApp-based worm (“Eternidade Stealer”) is spreading by taking over accounts and sending malicious content to contacts.
Why it matters: If you use WhatsApp for customers, community, or VA coordination, a takeover can instantly scam your whole network as you.
What to do:
- Turn on WhatsApp’s two-step verification PIN.
- If a contact sends an odd file or “urgent update,” call/text them first.
- Re-train your reflexes: familiarity ≠ safety.
Ransomware isn’t slowing down — it’s multiplying
Source: The Hacker News thehackernews.com
What happened: Analysts counted 85 active ransomware/extortion groups in Q3 2025, with new ones popping up constantly.
Why it matters: More groups = more “spray and pray” attacks against small businesses that don’t have enterprise defenses.
What to do (through the HER Method™️ lens):
- Operations: patch devices + remove old accounts.
- Information: backup your crown-jewel files weekly, or more often depending on your business.
- Money: set transaction alerts and dual-approval for payouts.
  Even one of these steps massively shrinks your risk.
Not sure what applies to your business or what your options are? Let’s talk.

🔍 In Case You Missed It (ICYMI)

This week’s blog post: How to Handle a Spam Flood Attack — and How to Stop Spam From Overwhelming You in the First Place» A spam flood attack is when someone signs your email address up for massive amounts of junk—newsletters, promotions, random accounts—sometimes thousands at once. The attacker is hoping their spam avalanche hides alerts about their real activity long enough for them to pull something off.
Follow us on LinkedIn, Facebook or Instagram. Youtube is in the works (subscribe to get notified when I finally start getting these videos out there!)

🤖 The LOL-gorithm

🧷 THE SAFETY SNAP

Smishing (scam texts) is predicted to spike hard this month.

Holiday season is ramping up and you are juggling a million tasks, often handling them from your phones. Text scams are designed for that distracted moment.

Schneier flagged a fresh wave of “you owe a delivery fee / toll fee” texts that push you to a fake payment page. These messages look routine and hit when you’re expecting packages.

Quick gut-check:

Real carriers and toll services don’t demand surprise payments by random text links.
If you’re worried, open the official app/site yourself.
Tell your family/team too — these scams spread fast by sheer volume.

💬 A PERSONAL NOTE

I had to smile because someone (who isn’t a single mom) said, oh, you were on a business trip, how great to have some you time!

Ah, sweet summer child, as they say…

The “free” time gave me that much more time to take advantage of doing some items on my project plan that I haven’t had time for in the day-to-day. I was also: arranging an Uber for a teen who overslept and missed the bus, making sure an adult kid was there for dinner and to spend the night with her younger teen sibs, DoorDashing some OTC meds for another teen who had a cold, having deep text convos because for some reason moments like this are when teens confide about things, handling bank loan stuff, making sure the dog was being taken out regularly, plus walking a kid through changing the batteries on the electronic lock because I just got a critical low battery alert and I wanted to be able to get in the door when the Uber dropped me off at midnight. Phew.

Yes, I was exhilarated by the event I attended and it was great to be here in person — the energy from the organizers and the other attendees was fantastic, as was the singular-ish focus during the day. At the same time, I missed my kids, and I felt guilty even though they were well taken care of and I’ve raised them to be capable humans. And still exhausted because the mental load doesn’t disappear just because I’m not physically there.

I didn’t share all that with my sweet well-meaning friend who truly does care, but it’s not an experience we share. I am sharing this with you because if you are juggling a thousand things, I see you and I get it. You aren’t alone.

👂 TELL ME

Is there format with three news stories less overwhelming than when I included five? Is there something that would be helpful to include for you?

Stay safe and see you next week! 🌟

You’re subscribed to Phish & Tell™️ because your business is worth protecting.

🩷