Huff Data Systems

Phishing Scams Targeting Facebook Business Accounts: A Cautionary Alert for Business Owners and Social Media Managers

See Image, this is a genuine example:

Note that scammers leverage sites.google.com to impart a semblance of legitimacy to their emails, capitalizing on the misconception that Google and Meta are affiliated. They employ a tactic to have these emails sent from Facebook to enhance their authenticity.

Consequently, unwary victims may grant access to their business page and Facebook or Meta accounts, enabling scammers to post fraudulent content and message contacts.

We have witnessed businesses lose access to their accounts for extended periods, ranging from weeks to months or even longer.

Never click on links like this. For majority of users and businesses you’ll not need to give someone permission. If you have a social media company managing pages, accounts etc then call them directly and work on it together, dont trust an email.

When AI Support Becomes a Security Risk: Lessons from the Reported Meta Account Takeovers

This latest incident is a reminder that AI-powered support systems can introduce new security risks when proper safeguards and verification controls are not in place.

According to reports, multiple high-profile Instagram accounts, including accounts associated with the Obama White House and the Chief Master Sergeant of the U.S. Space Force, were reportedly compromised after attackers allegedly discovered a way to manipulate Meta’s AI support assistant into assisting with account recovery.

The reported attack chain was surprisingly simple:

• Use a VPN with an IP address near the target’s location
• Initiate an account password reset request
• Engage Meta’s AI support assistant
• Convince the AI to associate the account with a new email address
• Receive a one-time code at the attacker-controlled email
• Reset the password and take over the account

If accurate, this highlights an important cybersecurity lesson:

AI should assist security processes, not replace identity verification.

Whether it’s social media platforms, customer service systems, help desks, or internal business processes, organizations must ensure AI-driven workflows have strong safeguards, validation checks, and human oversight for high-risk actions such as password resets, MFA changes, and account recovery.

As businesses rush to adopt AI, security controls need to evolve just as quickly.

The question is no longer whether AI can improve operations.

The question is whether the controls around AI are strong enough to prevent abuse.

Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts – Krebs on Security June 1, 2026 9 Comments The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support assi...

🚨 TEXAS CRUISE PASSENGERS ALERT 🚨

Thousands of Texans who sailed with Carnival could be at risk after the company revealed a cybersecurity breach exposed sensitive personal information — including passport and driver’s license numbers.

Carnival says hackers gained access to part of its system in April after tricking an employee through a social engineering attack. The stolen data may include:

🔺 Names
🔺 Addresses
🔺 Email addresses
🔺 Phone numbers
🔺 Dates of birth
🔺 Passport and driver’s license information

The breach could heavily impact Texas travelers, especially with Houston and the Port of Galveston serving as major cruise hubs for Carnival passengers across the Gulf Coast. 🚢

Carnival says law enforcement and cybersecurity experts are now investigating, but the company has not revealed how many people were affected nationwide.

Stay informed with VOEM ALERTS and receive emergency notifications and critical public safety information during severe weather, critical incidents, missing person cases, evacuations, and other emergencies affecting Victoria County.

There are 3 easy ways to sign up:
📱 Scan the QR Code
💻 Visit: https://www.vctx.org/page/VOEM.Alerts
📩Text VOEMALERTS to 888777

Stay informed. Stay prepared. Stay safe.

To learn more, visit: https://www.vctx.org/page/article/191

Your Smart TV may be watching more than you think.
For your home and business.
NOTE: Roku streaming sticks etc so this as well
Read how to turn off viewing data / ACR collection

Many modern smart TVs use something called ACR (Automatic Content Recognition). This technology can track what you watch, what apps you use, when you watch, and in some cases even analyze screen content to build advertising profiles tied to your household.

This is one more reminder that today’s “smart devices” are often data collection devices first.

For businesses, this matters more than people realize:
• Conference room TVs
• Lobby displays
• Home office devices
• Employee work-from-home environments

All of these can introduce privacy, security, and compliance concerns if not properly configured.

A few simple recommendations:
✔ Review Smart TV privacy settings
✔ Disable viewing data / ACR features
✔ Limit unnecessary internet access for IoT devices
✔ Separate smart devices onto guest or isolated networks
✔ Regularly review connected devices in your environment

Cybersecurity is no longer just computers and servers.
Everything connected to the internet should be treated as a potential data collection and security risk.

At Huff Data Systems, we help businesses identify hidden technology risks and build secure, manageable environments designed for today’s threat landscape.

Guide:

How to disable ACR (Automatic Content Recognition) and viewing data collection on major Smart TVs and streaming devices:

Roku TVs / Roku Streaming Devices
Settings → Privacy → Smart TV Experience
Disable:
• “Use info from TV inputs”
• “Ad Measurement”

Samsung Smart TVs
Settings → Support → Terms & Privacy
Disable:
• Viewing Information Services
• Interest-Based Advertising

LG Smart TVs
Settings → General → System → Additional Settings
Disable:
• Live Plus
• Personalized Advertising

Vizio Smart TVs
Settings → System → Reset & Admin → Viewing Data
Disable:
• ACR / Viewing Data
• Personalized Ads

Sony / Android TVs
Settings → Device Preferences → Ads
Disable:
• Ads Personalization

Also review:
Settings → Privacy → Usage & Diagnostics

Fire TV Devices
Settings → Preferences → Privacy Settings
Disable:
• Device Usage Data
• Collect App Usage Data
• Interest-Based Ads

Apple TV
Settings → Privacy → Tracking
Disable:
• Allow Apps to Request to Track

Also:
Settings → General → Privacy

Many of these settings are enabled by default.

Your TV is no longer just an entertainment device. It is often a data collection platform connected to your home network.

Convenience often comes at the cost of privacy.

Your Smart TV Takes 7,200 Screenshots Every Hour (Texas AG Lawsuit) Your smart TV is taking screenshots of everything on your screen 7,200 times every hour and sending that data to advertisers. Samsung, LG, Sony, Hisense, and...

I’ve posted a short while ago on how MFA is not enough to protect your Microsoft 365.. well here you go FBI Cyber saying the same, phishing as a service toolkits that steal tokens and allow complete access to your Microsoft 365 etc..

It can be us, or another company but if you have not discussed and know for sure you have put defenses in place for this type of cyberattack it is NOW critical you do, it just takes one employee to fall for this.. book a call with me lets make sure!

Today the FBI released a warning the public about Kali365—an emerging Phishing-as-a-Service (PhaaS) platform. Kali365, first seen in April 2026, enables cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials. The platform allows less-skilled attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities.

Learn more about how the scam works and review recommendations on how to protect yourself: ic3.gov/PSA/2026/PSA260521

HOW TO SPOT SCAMS ..
(Print and keep by your computer)

In 2025, Americans reported OVER $15.9 BILLION lost to fraud.

• Over $3.5 BILLION was lost to impersonation scams alone
• 3 MILLION fraud reports were filed with the FTC
• AI-powered voice and fake support scams are becoming harder to detect
• Businesses are increasingly targeted through fake IT support, vendor fraud, executive impersonation, and payment scams

One convincing call or email can lead to:
• Financial loss
• Data breaches
• Operational disruption
• Reputation damage
• Legal and compliance exposure

Scammers are no longer just targeting consumers.
They are targeting businesses, employees, executives, accounting teams, and vendors.

🚨 Risky Business: Hacked Small Business Routers

Over a year ago during a paid cybersecurity assessment for an organization in Victoria, TX, we found one of these TP-Link routers still actively in use. We recommended immediate replacement due to the security risk.

During that same assessment, we also discovered the company’s server backups had been failing.

The business assumed their previous “call us when something breaks” IT provider was proactively managing and monitoring these things. They weren’t.

Federal agencies including the FBI and NSA disclosed that a Russian GRU unit known as APT28 (Fancy Bear) has been systematically compromising home and small office routers since at least 2024 to intercept credentials, authentication tokens, and sensitive communications.

The FBI even took the unusual step of remotely resetting thousands of affected devices under a court order. But officials warned the problem is far from solved unless organizations replace vulnerable equipment and properly secure their environments.

This is one of the biggest risks we see today:
Businesses think someone is actively watching their technology, cybersecurity, backups, and operational risk… but often nobody actually is.

Cybersecurity and business continuity require active management, monitoring, testing, verification, and accountability — not just someone to call after something breaks.

And the impact is larger than many realize.

If a business experiences a major cyberattack, employees can be sent home for days or weeks while systems are recovered. Customers lose confidence. Operations stop. Insurance claims get denied. In many cases for companies under 200 employees, the damage is severe enough that the business never fully recovers.

The goal is prevention before the crisis.

If you want to know where your organization actually stands today, let’s perform an assessment and build a roadmap for where you need to be.

9to5Mac article on FBI router resets

Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign.

Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.

Hackers abuse Google ads, Claude.ai chats to push Mac malware Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.