8776363957
Connect with us:
LinkedIn link
Facebook link
Twitter link
YouTube link
Gigabit Systems logo
Link to home
Who We AreManaged ServicesCybersecurityOur ProcessContact UsPartners
The Latest News in IT and Cybersecurity

News

A cloud made of diagonal linesA cloud made of diagonal lines
A pattern of hexagons to resemble a network.
Technology
Cybersecurity
AI

The most important thing you will read this week

April 22, 2026
•
20 min read

Your Email Is the Skeleton Key to Your Entire Life

Why You Need to Secure Your Email Today

Most people think their bank account is the most important account they own.

It is not.

It is their email.

If an attacker gets into your email, they do not just read messages. They gain the reset button for almost everything tied to you. That includes banking, brokerage accounts, cell service, car loans, tax portals, shopping accounts, cloud storage, and identity records. The FTC specifically warns that a hacked email account can be used to break into other accounts and should be treated as an urgent recovery event.

Your personal email is a weak point right now in more households and businesses than people realize.

How Hackers Get In So Easily

The attack usually starts somewhere else.

A shopping site gets breached.
A forum gets breached.
A travel site gets breached.
A social app gets breached.

Your email and password combination gets stolen there, then bundled into giant credential lists and sold or shared in criminal circles. Verizon says compromised credentials were an initial access vector in 22% of breaches reviewed in the 2025 DBIR, and its research also found that in the median case only 49% of a user’s passwords across services were distinct. CISA says MFA is the greatest defense against password-based attacks such as credential stuffing and password theft.

That is the opening.

If you reused that same password for your email, attackers do not need to “hack” your inbox in the movie sense. They simply try the stolen password against your email account. That is credential stuffing. It works because people reuse passwords and because stolen passwords stay useful for years.

If you do not use MFA, one exposed password can be enough.

Why Email Access Is So Dangerous

Once attackers control your email, they often control your recovery path.

They can request password resets for:

  • Banking

  • Credit cards

  • Cell carriers

  • Car finance portals

  • IRS-linked services and tax accounts

  • Shopping accounts

  • Cloud storage

  • Social media

  • Business tools

From there, the damage spreads fast.

Attackers can change recovery addresses, intercept verification emails, approve device logins, and start rebuilding your digital identity around themselves. The FTC advises changing the email password immediately, signing out of other sessions, and then securing other accounts because a hacked email account can be used to access services connected to it.

This is how identity theft snowballs.

Once they can impersonate you consistently, they can open accounts, attempt loans, apply for credit, redirect statements, and keep extending the fraud into new areas. The FTC’s identity theft guidance specifically recommends credit freezes and fraud alerts to help stop continued misuse of stolen identity data.

It is endless because email is the hub.

If You Still Use Yahoo or AOL, Move

Here is the blunt version.

If your primary personal email is still on Yahoo or AOL, move it.

Yahoo disclosed one of the largest account compromises ever, ultimately affecting all Yahoo accounts in its 2013 incident, and it separately disclosed another major security issue in 2016. Verizon’s 2017 annual report also stated that the Yahoo data breach previously disclosed affected all of its accounts.

AOL still supports 2-step verification and even security keys, so this is not about saying AOL cannot be secured at all. It is about recommending a stronger modern baseline for most users. Gmail has a more current consumer security ecosystem built around Security Checkup, stronger 2-Step Verification options, passkeys, device/session visibility, recent security activity review, and Google’s move away from “less secure apps.”

If you are starting fresh today, Gmail is the better default choice for most people.

Step-by-Step: How to Secure Gmail Properly

1. Change Your Password First

Start with the password.

Make it unique. Make it long. Make it random. Do not reuse anything from any other site.

Google’s Security Checkup specifically recommends using unique and strong passwords, and the FTC recommends 12 to 15 characters or a passphrase for hacked accounts.

Use a password manager. Do not invent one yourself and hope you remember it.

2. Turn On 2-Step Verification Immediately

Go to your Google Account, open Security & sign-in, and turn on 2-Step Verification. Google says 2-Step Verification helps prevent a hacker from getting into your account even if they steal your password.

Choose the strongest method you can:

  • Best: security key

  • Very strong: Google Prompt

  • Also good: authenticator app

  • Weakest of the common options: SMS codes

Google’s own guidance says security keys are among the most secure second steps, and Google notes that prompts are more secure than text codes.

If you want the strongest practical setup, use a hardware security key and keep a backup key in a safe place.

3. Add Passkeys

Google supports passkeys for sign-in, which can reduce your reliance on passwords and resist common phishing flows. You can manage them in Google Account > Security & sign-in > Passkeys and security keys.

This is one of the smartest upgrades you can make because it makes stolen-password attacks far less useful.

4. Review Your Recovery Email and Recovery Phone

Go into your Google Account and review your recovery options.

Make sure:

  • The recovery email is yours

  • The recovery phone is yours

  • Nothing old, shared, or forgotten is still there

Google lets you add, change, or delete recovery email options from the Security area, and recovery changes may take time to fully take effect.

This matters because attackers often try to change recovery paths after they get in.

5. Check Every Device Signed Into Your Account

Go to Google Account > Security & sign-in > Your devices > Manage all devices.

Review every session.

If you see something unfamiliar, sign it out and change your password immediately. Google provides a device-management page specifically for this review.

This is one of the fastest ways to catch silent compromise.

6. Review Recent Security Events

In your Google Account, check Recent security events.

Look for:

  • New device logins

  • Recovery changes

  • Suspicious sign-in attempts

  • App access you do not recognize

Google provides a recent security events panel for exactly this purpose.

7. Remove Old App Access

Look for third-party apps, extensions, or services that still have access to your Google account.

If you do not use them, revoke them.

Google’s Security Checkup recommends removing apps and browser extensions you do not need. Google also says app passwords are not recommended and that “less secure apps” that rely on only username and password access are being phased out.

Old mail clients and forgotten apps are a common blind spot.

8. Check Gmail Last Account Activity

Inside Gmail on desktop, scroll to the bottom right and click Details under Last account activity.

Google says this lets you review sign-in history, including times and IP addresses used to access your Gmail account.

If anything looks wrong, act immediately.

9. Stop Using Email as Your Only Recovery Method Elsewhere

Once Gmail is secured, go secure the accounts connected to it.

Update your major accounts so they use:

  • App-based MFA or security keys

  • Strong unique passwords

  • Clean recovery settings

Your Gmail cannot be your only line of defense if everything else still trusts weak SMS or reused passwords.

10. Do a Full Security Checkup

Google has a built-in Security Checkup for your account. Run it and clear every warning. It is one of the simplest high-value steps available.

This should be part of your routine, not a one-time event.

What Businesses Miss

Most people lock down their work laptop better than their personal inbox.

That is backwards.

Your personal email can be the attack path into:

  • Your payroll

  • Your mobile carrier

  • Your bank

  • Your tax records

  • Your cloud backups

  • Your business logins

That is why protecting email is an independent security step. Even if your company has good cybersecurity, your personal inbox can still become the soft underbelly attackers use to get leverage over you.

Stop What You’re Doing and Secure It Now

Do not wait until you get a fraud alert.

Do not wait until your phone stops working because your SIM got swapped.

Do not wait until your bank account, IRS profile, or financing portal starts sending you recovery emails you did not request.

Your email is the master key.

Treat it like one.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #GmailSecurity #IdentityProtection #SMBSecurity #DataProtection


Cybersecurity
AI

The Viral Trick Everyone Is Talking About

May 10, 2026
•
20 min read

The “Three Fingers Test” Won’t Save You

But here’s what might.

The Viral Trick Everyone Is Talking About

You may have heard this:

Hold up three fingers on a video call.

If the person can’t replicate it properly…

They’re AI.

Sounds smart.

Sounds simple.

It’s also outdated thinking.

Why People Think This Works

Early deepfake and AI video systems struggled with:

• Hand rendering
• Finger counts
• Natural movement
• Real-time interaction

So the idea was:

“Force the system into something complex.”

And it breaks.

Why That No Longer Holds Up

Modern AI systems have advanced rapidly.

Today’s models can:

• Render hands accurately
• Track movement in real time
• Mimic gestures convincingly
• Respond dynamically

Which means:

👉 The “three fingers test” can pass—even if it’s fake.

The Real Risk

This is where the danger comes in.

People rely on:

• Simple tricks
• Viral advice
• “Quick tests”

And assume they’re safe.

That false confidence is exactly what attackers want.

What Deepfakes Are Actually Used For

This isn’t theoretical anymore.

We’re seeing:

• Fake executives on video calls
• AI-generated voices requesting wire transfers
• Impersonation in hiring and onboarding
• Social engineering at scale

These attacks don’t need perfection.

They just need to be convincing enough under pressure.

Why Humans Still Get Fooled

Because deepfake attacks don’t rely on visuals alone.

They rely on:

• Urgency
• Authority
• Familiarity
• Emotional pressure

By the time you’re thinking about fingers…

You’re already in the trap.

What Actually Works

Instead of gimmicks, use verification protocols:

• Call back on a known number
• Use a second communication channel
• Require pre-established verification phrases
• Never approve sensitive actions on a single interaction

Because identity is no longer visual.

It’s multi-layered.

The Business Impact

For SMBs, this is critical.

Imagine:

A “CEO” joins a video call.

Looks real. Sounds real.

Requests an urgent transfer.

No red flags—except one:

You didn’t verify.

That’s how money moves.

The Bigger Shift

We are entering a world where:

• Seeing is no longer believing
• Hearing is no longer trusting
• Identity can be simulated

Which means security must evolve from:

Recognition → Verification

The Bottom Line

The three-finger test feels clever.

But attackers are already past it.

The real defense isn’t catching flaws.

It’s never trusting a single signal.

70% of all cyber attacks target small businesses, I can help protect yours.

#Cybersecurity #Deepfake #AI #FraudPrevention #MSP

Cybersecurity
Tips

Half Your Company Is Already Compromised. You Just Don’t Know It.

May 6, 2026
•
20 min read

Half Your Company Is Already Compromised. You Just Don’t Know It.

The Breach You Never Saw Coming

41 out of 83 employees.

That’s how many had credentials already stolen and circulating on the dark web.

The CEO didn’t know.
The IT director didn’t know.
The employees definitely didn’t know.

This isn’t rare. This is normal.

How This Happens Quietly

Major platforms get breached constantly.

  • LinkedIn

  • Adobe

  • Dropbox

  • Yahoo

  • Canva

Millions of credentials are stolen, packaged, and sold in bulk.

Attackers don’t rush. They wait.

Then they test those credentials against:

  • Microsoft 365

  • VPN portals

  • Remote access tools

  • Email accounts

All it takes is one reused password.

The Silent Entry Point

Your employee used their LinkedIn password from 2019 for their work email in 2024.

LinkedIn was breached in 2021.

Attackers have had years to weaponize those credentials.

No alerts. No malware. No noise.

Just a login that looks completely legitimate.

Why Businesses Miss This

Most companies focus on what they can control:

  • Firewalls

  • Endpoint protection

  • Network security

All important.

But they ignore what’s already exposed.

The real risk is not always inside your network.
It’s sitting in a database somewhere, waiting to be used.

Where This Hits Hardest

  • SMBs with limited security visibility

  • Law firms with sensitive client data

  • Healthcare organizations handling protected information

  • Schools with large, decentralized user bases

Any environment with reused passwords is a target.

The Reality of Modern Breaches

Credential-based attacks account for 80% of breaches.

No exploit needed. No fancy malware.

Just valid credentials and access.

What You Should Be Doing Right Now

  • Check for exposed credentials across your organization

  • Enforce unique passwords and a password manager

  • Implement MFA everywhere possible

  • Monitor login activity and anomalies

  • Train employees on password reuse risks

Most importantly, assume exposure already happened.

The Question That Matters

When was the last time you checked what’s already stolen?

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #DarkWeb #DataBreach #CredentialSecurity #CyberResilience


Technology
Cybersecurity
Science

200 Milliseconds Saved the Internet From Collapse

May 4, 2026
•
20 min read

200 Milliseconds Saved the Internet From Collapse

The Glitch That Shouldn’t Have Mattered

A login delay of 200 milliseconds.

That’s what exposed one of the most dangerous supply chain attacks ever discovered.

Andres Freund wasn’t hunting for a nation-state attack. He noticed something most people would ignore.

His system login felt slightly slower.

Not seconds. Not noticeable lag.

A fraction of a second.

What He Actually Found

That tiny delay led to a massive discovery.

A hidden backdoor inside XZ Utils, a core component used across Linux systems worldwide.

This wasn’t a typical vulnerability.

It was a deliberately planted access mechanism designed to:

  • Bypass authentication

  • Grant remote access

  • Blend in as legitimate system behavior

This was a digital skeleton key.

The Two-Year Setup

This attack wasn’t rushed.

It was methodical.

An unknown actor spent over two years:

  • Contributing to open-source projects

  • Building credibility with maintainers

  • Gaining trust within the developer community

  • Slowly increasing influence over the codebase

Eventually, they earned enough authority to insert malicious code without raising alarms.

This is what a modern supply chain attack looks like.

How Close We Came

The compromised versions were already making their way into major Linux distributions:

  • Debian

  • Fedora

If those versions had fully propagated:

  • Banks

  • Government systems

  • Healthcare infrastructure

  • Enterprise environments

All could have been silently compromised.

No alerts. No ransomware. No noise.

Just access.

Why This Is Terrifying

This attack didn’t target endpoints.

It targeted trust itself.

Organizations rely on open-source software every day. It is embedded in:

  • Servers

  • Cloud platforms

  • Security tools

  • Applications

When that layer is compromised, everything above it is exposed.

The Cybersecurity Lesson Most Miss

Every company invests in:

  • Firewalls

  • Endpoint detection

  • Network monitoring

But this attack bypasses all of that.

Because it lives inside trusted software.

This is the blind spot.

What SMBs, Law Firms, Healthcare, and Schools Should Take From This

You don’t need to run Linux servers to be affected.

You are still exposed through:

  • Vendors

  • SaaS platforms

  • Managed systems

  • Cloud infrastructure

If they rely on compromised components, so do you.

Supply chain risk is your risk.

The Real Story

This wasn’t stopped by a tool.

It wasn’t caught by AI.

It was stopped by curiosity.

One engineer refused to ignore something that felt off.

The Question Worth Asking

What tiny anomaly in your environment are you ignoring right now?

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #SupplyChainAttack #Linux #DataProtection #MSP

AI
Technology
Cybersecurity

AI Is Moving Underwater. On Purpose.

•
20 min read

AI Is Moving Underwater. On Purpose.

Rethinking Where Computing Lives

China is experimenting with a bold new frontier in AI infrastructure by placing data centers underwater to dramatically reduce energy consumption and freshwater use.

These subsea data centers consist of sealed server pods installed on the ocean floor, where they are naturally cooled by surrounding seawater.

Instead of relying on energy-intensive air conditioning systems, the ocean itself becomes the cooling system.

Why This Matters

AI workloads generate enormous heat.

Cooling is one of the largest energy expenses in any data center.

By moving servers underwater, operators can:

  • Reduce cooling energy demand significantly

  • Eliminate reliance on freshwater cooling systems

  • Improve overall energy efficiency

This is not a minor optimization. It is a fundamental shift in how infrastructure is designed.

The Renewable Angle

Many of these underwater systems are designed to integrate with offshore wind energy.

That means:

  • Direct access to renewable power

  • Lower carbon emissions

  • Reduced dependency on traditional energy grids

This aligns high-performance computing with sustainability goals in a way traditional data centers struggle to achieve.

A Different Way to Think About Infrastructure

What makes this innovation compelling is not just efficiency.

It is a complete redesign of the system.

Instead of asking how to improve existing data centers, engineers are asking a different question:

Where should computing exist in the first place?

The Challenges Still Ahead

This approach is still early.

Key challenges include:

  • Maintenance complexity in underwater environments

  • Corrosion and long-term durability

  • Scalability and deployment logistics

These are not trivial problems. They will determine whether this remains experimental or becomes mainstream.

What This Signals for the Future

Underwater data centers point to a larger trend.

Digital infrastructure is no longer separate from environmental constraints.

It is becoming dependent on them.

As AI demand accelerates, the industry will be forced to innovate not just for performance, but for sustainability.

The Bigger Question

Can computing evolve to work with the planet instead of against it?

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #AI #Sustainability #DataCenters #GreenAI


Cybersecurity
Technology
Mobile-Arena

That Name Isn’t Hidden. It’s One Click Away.

April 19, 2026
•
20 min read

That Name Isn’t Hidden. It’s One Click Away.

The “Private Number” Myth

People assume their phone number is private.

It isn’t.

There are dozens of tools and databases that claim to reveal who’s behind a number. Most are outdated, inaccurate, or full of noise.

But one method is simple, reliable, and already sitting on your phone.

The Zelle Lookup Trick

If a phone number or email is registered with Zelle, you can often see the legal name tied to the account.

Here’s how it works:

  1. Open your banking app that supports Zelle

  2. Start a new payment

  3. Enter the phone number or email

  4. Before sending anything, review the recipient details

In many cases, Zelle will display the real name associated with that account.

No payment required.

Why This Works

Zelle is connected directly to U.S. bank accounts.

Banks are required to verify identity. That means the name you see is typically the actual legal name on file, not a nickname or username.

That makes it far more reliable than:

  • Reverse phone lookup websites

  • Caller ID apps

  • Data broker search tools

Where This Is Useful

  • Verifying unknown contacts before sending money

  • Checking if a suspicious number matches a real identity

  • Avoiding payment scams and impersonation attempts

  • Basic due diligence for SMBs, law firms, and vendors

This is especially relevant in environments where payments move quickly and mistakes are expensive.

Where People Get Burned

This tip cuts both ways.

If you are using your personal number for business, or interacting with unknown parties, your legal name may be exposed without you realizing it.

That creates:

  • Privacy risks

  • Targeting opportunities for attackers

  • Social engineering leverage

The Cybersecurity Angle

This is not just a “trick.” It’s an exposure point.

Attackers use tools like this to:

  • Confirm identities

  • Build profiles

  • Increase credibility in scams

Combine this with data from breaches, LinkedIn, and social media, and they can impersonate someone convincingly.

How to Protect Yourself

  • Be cautious about who you share your phone number or email with

  • Use separate numbers for business and personal use when possible

  • Verify recipients before sending money, every time

  • Assume your identity details are easier to access than you think

The Bigger Picture

Most people worry about hackers breaking in.

They miss the fact that information is already being handed out by the systems they trust.

The risk is not always intrusion.

Sometimes it is visibility.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #DataProtection #SMBSecurity #SocialEngineering #Privacy


Mobile-Arena
Cybersecurity
Technology

Your Phone Number Is a Master Key. Criminals Know It. Do You?

April 21, 2026
•
20 min read

Your Phone Number Is a Master Key. Criminals Know It. Do You?

The Security Gap Nobody Thinks About

Most people protect their email, their passwords, and their devices. Almost nobody thinks to protect their phone number. That oversight is exactly what criminals are counting on.

SIM swapping is one of the most effective and underreported forms of identity theft operating today. It requires no malware, no hacking, and no physical access to your device. All it requires is a convincing phone call.

What Is SIM Swapping

Your phone number is tied to a small chip inside your device called a SIM card. That chip is what connects your number to your phone. When you get a new phone, your carrier transfers your number to a new SIM. It is a routine process. It is also a weapon.

In a SIM swap attack, a criminal calls your mobile carrier pretending to be you. Using personal information gathered from data breaches, social media, or phishing, they convince a customer service representative to transfer your phone number to a SIM card they control. Once that transfer goes through, your phone goes dark. Their phone starts receiving your calls and text messages.

This matters because your phone number is the recovery method for almost everything. Your bank. Your email. Your cryptocurrency exchange. Your two-factor authentication codes. The moment your number is in their hands, every account tied to it becomes accessible.

Real people have lost their life savings this way. It has happened to executives, celebrities, and ordinary small business owners. No one is exempt.

How Criminals Build Their Case Against You

Before making the call to your carrier, attackers research you. They pull your name, address, last four of your Social Security number, and account details from data broker sites, previous breaches, or your own social media. LinkedIn tells them where you work. Facebook tells them your birthday. A previous breach tells them your old passwords. By the time they call your carrier, they often know more verifiable details about you than you would expect.

This is why protecting your carrier account is the first line of defense.

How to Lock Down Your Account by Carrier

VERIZON

Call Verizon at 800-922-0204 or visit a store in person and request a Number Lock and a Port Freeze on your account.

  • Set a strong account PIN that is not your birthday, last four of your SSN, or any number you use elsewhere

  • Enable account notifications so any change to your account triggers an alert to your email

  • In your My Verizon app, review what information is visible and limit what can be changed without in-person verification

  • Ask Verizon to add a note requiring you to appear in store with a government-issued ID before any SIM changes are made

AT&T

Log into your AT&T account online and activate Extra Security under the profile and security settings.

  • Set a wireless passcode that is separate from your account password

  • Request a port validation feature which adds an extra layer before your number can be transferred to another carrier

  • Call AT&T support at 800-331-0500 and ask them to flag your account for in-person verification only for SIM and number changes

  • Review your FirstNet or linked accounts if applicable

T-MOBILE

Log into your T-Mobile account and navigate to the security settings.

  • Enable SIM Protection to prevent unauthorized SIM swaps

  • Set an account PIN and enable the Account Takeover Protection feature

  • Call 611 from your device and ask a representative to add a notation requiring two-factor verification before any account changes

  • Turn on T-Mobile Scam Shield and review what data is visible in your profile

VISIBLE

Visible is a Verizon-owned carrier that operates entirely online with no physical stores, which makes it a higher-risk environment for SIM swapping.

  • Set a strong unique password you use nowhere else

  • Enable two-factor authentication using an authenticator app rather than SMS

  • Secure your email account since it controls your Visible access

  • Contact Visible support through the app and request that any SIM change require additional identity verification steps

General Guidance for All Carriers

  • Do not use your real mother’s maiden name, childhood pet, or hometown as security questions

  • Use a random unrelated word or phrase instead and store it in a password manager

  • Never confirm personal details to an inbound caller claiming to be your carrier

  • Hang up and call the carrier directly

  • Ask your carrier what their escalation process is if your number is ported without your consent

How to Use Screen Time on iPhone to Block Account and Password Settings

This is one of the most underused and most effective tools available to iPhone users. Screen Time was designed for parental controls but it works equally well as a personal lockdown mechanism.

  • Go to Settings and tap Screen Time

  • Tap Turn On Screen Time, then tap This is My iPhone

  • Tap Use Screen Time Passcode and set a PIN that is different from your device passcode

Once Screen Time is active:

  • Tap Content and Privacy Restrictions and enable it

  • Go into Account Changes and set it to Don’t Allow

  • Set Passcode Changes to Don’t Allow

  • Lock down Location Services, Contacts, and Microphone access under Privacy

This prevents attackers from changing your Apple ID, passwords, or locking you out of your own device.

Additional Steps to Protect and Monitor Your Identity

  • Use an authenticator app instead of SMS for two-factor authentication

  • Freeze your credit with Equifax, Experian, and TransUnion

  • Use a password manager with unique passwords for every account

  • Monitor your accounts with identity monitoring services

  • Set up Google Alerts for your name

  • Protect your email with strong passwords and app-based MFA

  • Remove your data from broker sites like Spokeo, WhitePages, and BeenVerified

Final Takeaway

Your phone number is more powerful than most people realize.

Treat it with the same seriousness you give your financial accounts.

Because to an attacker, it is the same thing.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #IdentityProtection #ManagedIT #SMBSecurity #DataProtection


Cybersecurity
Technology
Tips

They Pay You First. Then They Rob You.

April 20, 2026
•
20 min read

They Pay You First. Then They Rob You.

The Venmo Scam That Feels Harmless Until It Isn’t

Scammers don’t always take money first. Sometimes, they send it to you.

Here’s how this increasingly common Venmo scam works and why it’s so effective.

How the Scam Actually Works

  1. A scammer gains access to a compromised Venmo account. This usually happens through stolen credentials or phishing.

  2. They send you money. For example, $200.

  3. Shortly after, you get a message:
    “OMG I sent this by mistake, can you please send it back?”

  4. They tell you exactly where to send it. It is often a different account they control.

  5. You send the money back, thinking you are doing the right thing.

What Just Happened

The original transaction was fraudulent.

Once the real owner reports the account as compromised, Venmo reverses the original $200.

But the money you sent was a legitimate, authorized transaction.

So here is the outcome:

  • The scammer keeps your $200

  • Venmo pulls back the original $200

  • You lose the money

Why This Scam Works So Well

This is not a technical attack. It is a human attack.

It targets:

  • Your honesty

  • Your sense of urgency

  • Your desire to fix a mistake

This is social engineering at its best.

Where This Hits Hardest

This is not just a personal problem. It affects organizations every day.

  • SMBs where employees move money quickly

  • Law firms handling client funds and trust accounts

  • Healthcare offices where front desks process payments

  • Schools managing tuition, trips, and vendor payments

Anywhere money moves fast, this scam has an opening.

How to Protect Yourself and Your Team

Never send money back directly.

Instead:

  • Use Venmo’s official support to reverse the transaction

  • Tell the sender to contact Venmo themselves

  • Never send funds to a different account

Slow down before acting. Urgency is the scam.

Train your team. Awareness stops this before technology ever can.

The Bigger Picture

Cybersecurity is not just about software.

It is about decision making under pressure.

The real vulnerability is not your system. It is the moment you react without verifying.

70% of all cyber attacks target small businesses, I can help protect yours.

#CyberSecurity #MSP #SmallBusiness #SocialEngineering #DataProtection


Venmo scam alert: scammers send money first, then trick you into sending it back. Learn how SMBs can avoid this social engineering attack.

Cybersecurity
Crypto
Technology

$21 Billion Was Stolen Last Year

April 16, 2026
•
20 min read

$21 Billion Was Stolen Last Year

And most people never saw it coming.

The Scale of the Problem

The latest data is in:

Americans lost $21 billion to cybercrime in a single year.

That’s not a typo.

It’s a 26% increase from the year before.

And it’s still accelerating.

This Isn’t Just “Hackers”

Most losses didn’t come from advanced breaches.

They came from:

• Investment scams

• Business email compromise

• Tech support fraud

• Phishing attacks

In other words—

Deception, not destruction.

Where the Money Is Going

The largest drivers of loss:

• Investment scams → $8.6 billion

• Crypto-related fraud → $11+ billion

• Phishing → 191,000+ cases

• Extortion → 89,000+ cases

And these are just reported numbers.

The real total is likely much higher.

The Most Dangerous Statistic

78% of victims didn’t realize they were being scammed.

Think about that.

Not careless.

Not reckless.

Unaware.

The AI Factor

For the first time, the report includes:

AI-driven scams.

These include:

• Voice cloning

• Deepfake videos

• Fake identities

• Forged documents

Nearly:

$893 million in losses tied directly to AI-enabled fraud.

And this is just the beginning.

Who’s Being Targeted

The hardest-hit group:

Americans over 60.

Losses:

$7.7 billion

But make no mistake—

This is spreading across all demographics.

And businesses are squarely in the crosshairs.

Why SMBs Are Especially Vulnerable

Small and mid-sized businesses face:

• Limited security resources

• High trust-based workflows

• Faster decision-making under pressure

Which makes them ideal targets for:

• Invoice fraud

• Email compromise

• Payment redirection scams

All it takes is:

One email.

One request.

One mistake.

The Reality Most Businesses Miss

Cybercrime today doesn’t look like hacking.

It looks like:

• A CFO wiring money

• An employee resetting credentials

• A manager approving a request

All based on false trust signals.

What Actually Works

The FBI’s advice is simple—and critical:

• Slow down urgent requests

• Verify through a second channel

• Question anything involving money or credentials

• Train employees to recognize manipulation tactics

Because speed is the attacker’s advantage.

The Bigger Picture

Cybercrime is no longer a technical problem.

It’s a human problem at scale.

Driven by:

• Psychology

• Timing

• Trust exploitation

And now—

Amplified by AI.

The Bottom Line

$21 billion wasn’t stolen by breaking systems.

It was stolen by convincing people.

And that’s a much harder problem to solve—

Unless you prepare for it.

70% of all cyber attacks target small businesses, I can help protect yours.

#Cybersecurity #AI #FraudPrevention #MSP #DataProtection

Americans lost $21B to cybercrime last year. Learn the biggest threats, how scams work, and what businesses must do to protect themselves.

Previous
Next
About
Managed ServicesCybersecurityOur ProcessWho We AreNewsPrivacy PolicyTerms & Conditions
Help
FAQsContact UsSubmit a Support Ticket
Social
LinkedIn link
Twitter link
Facebook link
Have a Question?
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Copyright © {auto update year} Gigabit Systems All Rights Reserved.
Website by Klarity
Gigabit Systems Inc. BBB Business Review