Phishing Threats Are on the Rise: Organizations Must Assess Their Vulnerability
Frank Costa, President of NEXGEN Protection Services on Phishing Threats:
As AI-powered tools become more accessible, phishing threats are aon the rise. Attackers are increasingly targeting multiple channels to bypass security measures, beginning with phishing emails that contain links to video meetings featuring a deep fake.
Phishing attacks are becoming increasingly sophisticated, making it essential for organizations to assess their vulnerability. Hackers now have access to advanced AI-powered tools that enable them to craft email messages, create malicious payloads, and even generate deep fakes. These technologies—and the cyberattacks they facilitate—are more accessible than ever, particularly as cybercriminals tap into the growing “Crime as a Service” (CaaS) ecosystem. Providers now sell everything from attack tools to pre-packaged phishing kits designed to bypass native defenses and secure email gateways (SEGs).
Threat actors can leverage AI at every stage of a phishing attack, from speeding up the intelligence-gathering process on potential targets to automating the creation and distribution of highly personalized attacks. The use of AI accelerates and scales up attack creation, allowing even less-experienced cybercriminals to launch sophisticated campaigns.
Impersonation attacks are another common tactic. The most frequent form involves attackers posing as the recipient’s company, accounting for 16% of phishing emails. The Human Resources (HR) department is often impersonated in these attacks. Cybercriminals also use platforms like LinkedIn, company websites, and news announcements to identify new hires at target organizations. These newly hired employees are then targeted in impersonation and social engineering attacks. New employees are frequently the victims of phishing emails impersonating VIPs, particularly in CEO fraud schemes.
To strengthen defenses, organizations can adopt best practices that help build a “human firewall.” The first step is to understand and communicate what constitutes normal behavior for brands and suppliers, which can aid in detecting impersonation. Organizations should also standardize and validate communication channels, especially for roles like HR and IT. Finally, companies should assess their vulnerability to supply chain and vendor-based compromises.
Source:
Alger, J. (February 20, 2025). Mobile Phishing Threats Are Evolving, According to New Research. Security Magazine.
Loss Prevention Strategies for Combating Organized Retail Theft
Frank Costa, President of NEXGEN Protections Services on Loss Preventions Strategies:
Organized retail theft (ORT) impacts more than just a retailer’s bottom line; it creates dangerous environments for both staff and shoppers. The increasing incidents of violence and aggression have pushed retailers to invest heavily in loss prevention strategies. In response, major retailers are partnering with technology innovators to strengthen their defenses.
(ORT) involves coordinated efforts by professional thieves to steal large quantities of merchandise from retail stores. Unlike casual shoplifting, ORT is systematic, with stolen goods often resold through various channels, including online marketplaces. This form of theft has seen a significant rise in recent years, resulting in billions of dollars in annual losses for retailers.
Companies such as Walmart, Target, Lowe’s, Kroger, Macy’s, CVS, and others are at the forefront, using cutting-edge technology to deter and detect criminal activity. From advanced video surveillance systems to biometric cameras and autonomous security robots, retailers are deploying a formidable arsenal to combat the growing threat of ORT. Central to this technological revolution is the integration of artificial intelligence (AI), which enhances the sophistication and effectiveness of existing security measures.
Source:
Danielson, R. (February 20, 2025). Retail Resilience: Technology Strategies to Combat Organized Theft. Security Magazine.
Hashtags: #protectionservices #securitystandards #publicsafety #mobilesecurity #securitythreats
Guidelines for Handling ICE Enforcement Actions: For Businesses, Schools, & Houses of Worship
Frank Costa, President of NEXGEN Protection Services on ICE Enforcement Actions:
ICE raids have not been corroborated by officials. Most ICE Enforcement operations appear to have taken place in public areas, particularly locations where immigrants are known to gather, such as outside restaurants and large hardware stores where day laborers are often hired.
President Donald Trump promised a significant increase in the number of migrants detained and deported, and on the day of his inauguration, he signed several executive orders to address the issue. The Acting Department of Homeland Security Secretary issued a directive rescinding a previous order that made sensitive areas—such as schools, churches, and hospitals—off-limits for most immigration enforcement actions.
Guidelines for Businesses Facing an ICE Enforcement Action:
- Record the officers’ names and badge numbers.
- If there is no warrant, allow agents to enter public areas of the premises. If they attempt to search nonpublic areas, inform them that you object to the search but do not physically restrain them.
- If the officers have a warrant, ensure it is signed by a judge and take note of any restrictions listed, such as specific places to be searched. Even with a signed warrant, a representative from the company should state that the company does not consent to the search. A company representative should follow the officers to ensure they remain within the boundaries of the warrant and document any actions that might exceed those bounds.
- Businesses should not assist employees who attempt to hide from officers, nor should they lie to officers or attempt to destroy or hide documents or equipment.
- Unlock any locked areas that are covered by the warrant if requested by the officers.
- Do not interfere if officers speak with employees, and do not instruct employees to avoid cooperating. However, you may inform employees that they are not required to answer officers’ questions.
The full guidance also notes that ICE may audit the business’s I-9 documentation and provides additional instructions on how to respond to such notifications.
Source:
Briscoe, S. (January 28, 2025). Companies, Schools, Houses of Worship, and Hospitals Get Advice for Handling ICE Enforcement Actions. Security Managment Magazine.
