November 13, 2025

Security Briefing: Stay Alert - November 13, 2025

🔍 What’s happening

Here are new alerts you should know about.

Critical Action Required: Update Your Windows Device NOW

Cybersecurity experts (CISA) have flagged a serious problem in Microsoft Windows that criminals are already using to break into computers.

• The Threat: This flaw allows an attacker who has briefly touched your system to secretly gain full control of your computer, accessing all your files and applications.

• What You Need to Do:

  • Go to Settings > Windows Update and check for and install the latest November 2025 patches immediately. Do not delay this step.

📧 Top Scam Alert: AI-Powered Phishing is Real

Phishing is still the #1 way criminals try to steal our data, and it's getting harder to spot because of Artificial Intelligence (AI).

• The Threat: Criminals are using AI tools to write emails that look perfectly professional with zero typos. They can also personalize messages with details they find online, making the email appear to be genuinely from a colleague, CEO, or trusted vendor. They might even use deepfake voice clips in calls.

• What to Look Out For:

  • Urgency + Unusual Request: Be highly suspicious of any message that is both urgent and asks you to do something outside of normal procedure (e.g., "Click here to update your password immediately," or "Wire money to a new account number").

  • Deepfake Scams: If you receive a voice call or voicemail from a manager asking for a sensitive, quick action (like changing payment details), hang up and call them back on their known, official phone line to verify.

  • HTTPS is Not Enough: The little padlock symbol in your browser means the connection is secure, but it does NOT mean the website is real! Always check the website address (URL) for misspellings before entering any login information.

  • Here is one example of how phishing scams are tricking people to give up information:

§  Massive Phishing Scam Using Fake Travel Booking Sites
Cybercriminals have created over 4,300 fake websites that resemble well-known travel and hotel booking platforms. They send emails asking people to “confirm your reservation” and then trick you into entering payment details. The Hacker News+2Cyber Security News+2

📱 Mobile Device Security Tips for Today

Your personal phone contains a lot of information; a simple mistake can lead to a significant security issue.  Use the following tips to enhance your phone's security.

• Only Official Apps: Only download apps from the official App Store (Apple) or Google Play Store (Android). Downloading apps from links in texts or websites is a major risk for installing malware.

• Update Apps & OS: Ensure your phone’s operating system (iOS or Android) and all your apps are set to update automatically. These updates include critical security fixes.

• Be Smart About QR Codes: "Quishing" (QR Code Phishing) is on the rise. If you see a QR code on an unexpected flyer, invoice, or public poster, do not scan it—it could redirect you to a scam website to steal your login credentials.

Remember: Slow down. If something feels off or if you have a doubt, it’s always better to pause and confirm the request.  Don’t call any phone number in the message.  Don’t click on any links.  If the message claims to be from your bank or credit card company, pull out your credit or debit card and call the number on the back of the card.  Open the bank's app (on your phone) and look for a security contact phone number.

Massive Phishing Scam Using Fake Travel Booking Sites
Cybercriminals have created over 4,300 fake websites that resemble well-known travel and hotel booking platforms. They send emails asking people to “confirm your reservation” and then trick you into entering payment details. The Hacker News+2Cyber Security News+2

• What it means for you: If you (or someone in your household) book travel or hotels online, or you get an email about a travel reservation you didn’t make, it could be a scam. Even outside of travel—for example, if you get a message about “company travel booking” or “expense processing”—it could be used to trick employees.

• What you should do today:

  • Before clicking any link in a travel-related email, hover over it to check the web address and make sure it’s exactly the official site you expect.

  • Never enter payment or card details via an email link unless you initiated it and you’re 100% sure it’s genuine.

  • If you receive a message you weren’t expecting (booking confirmation, travel payment, etc.), stop and think.  Is this your trip?    If yes, use your browser to go directly to the travel website to verify the information.  If this isn’t your trip, please delete the email and be on the lookout for unexpected charges to your credit or debit cards.

✅ Quick Actions for Everyone

• If you haven’t done so yet this week: restart your device after applying updates.

• When receiving emails about travel, bookings, payments—even expense reimbursements—verify the sender and the link before clicking anything.

• Use multi-factor authentication (MFA) for your personal accounts.

• If you’re working from home or a remote location, make sure you’re on a secure network (not public WiFi) and using your company-approved VPN if required.