Cypac Blog

The bad guys are at it again! This week, the FBI issued a new warning about a cybercriminal group called Silent Ransom Group, or SRG, that’s been targeting law firms with a mix of phishing, fake IT support calls and even in-person visits. The scam usually starts with a phone call or phishing email from the attacker pretending to be from IT support. They may tell an you there’s a problem with your computer, an issue with an email or something that needs to be fixed right away.

I did a count of crypto ATM machines on Oahu - there are now 20! A crypto ATM lets you buy or sell cryptocurrency like Bitcoin or Ethereum using cash, a debit card, or a digital wallet, similar to how a regular ATM handles money but for digital currency. Why is this a problem? Because scammers are pretending to be a banks, government agencies, tech support workers and even a company executives, then pressure our local community to withdraw cash, go to a crypto ATM and then se

For those of you with kids, there's a good chance your school is using Canvas. This week they were breached and the fallout has been huge. What is Canvas used for anyway? Canvas (owned by Instructure, Inc.) is one of the most widely used learning management systems (LMS's) and is used heavily to post assignments, collect homework, manage grades, share class materials, send messages, and communicate between students, teachers and staff. What happened and why does it matter the

I was at Safeway the other day with my kids buying groceries and when it came to checkout I had a choice, pay by tapping my card or with my phone's Apple Pay. Which do you think is safer? The answer might surprise you. We did a KHON2 news segment this week on Ghost Tapping, the modern day version of a thief “bumping” your wallet. Except instead of stealing your card, they take advantage of its short-range wireless payment feature, near-field communication (NFC). KHON2 - Ghost

If you recently clicked a link, or went to a website you visit "all the time", but maybe typed a little too fast and did not check the spelling, you may have landed on a fake lookalike site. For example, someone meaning to visit: https://Google.com But instead might accidentally type something like: https://Goggle.com That tiny difference matters! If the page suddenly started showing scary pop-ups saying things like “Your antivirus has expired,” “Virus detected,” “Your comput

Beware of a new text message campaign that hit the islands this week. It claims that you owe money for speeding, parking and toll evasion and it looks pretty official... but something is off! Here’s what the text message looks like. See if you can spot everything wrong with it: This is great practice for identifying a sloppy scam. Why are St. Louis and Honolulu County on the same notice? Check out the em dashes (long hyphens) in the “Immediate Action Required” section. Also n

Have you ever received an email from yourself or another co-worker that seemed a bit... phishy? Over the past 2 weeks we've seen a huge spike in direct-send abuse from clients using Microsoft 365. It's a phishing technique where bad guys use a legitimate Microsoft 365 feature to send emails that appear 100% like they're coming from inside your company. It's particularly bad because they bypass all email spam filters and go right into inboxes. You may be wondering, why the hec

Hawaii banks, credit unions, and financial advisors face a stack of cybersecurity rules: GLBA, FFIEC, NCUA Part 748, PCI-DSS, and Hawaii HRS 487N. Here is what examiners look for, where most institutions fall short, and a 90 to 120 day path to compliance.

Some of you may have heard about YouTubers fighting back against overseas scam call centers by sending them glitter bombs, stink bombs or reverse hacking their computers. If you haven't, they're hugely entertaining - just search for "glitter bomb payback." Unfortunately though, the days of having a target to strike at could be numbered - those call centers are now being replaced with... you guessed it... AI! Apparently AI is not just coming for our jobs, it's coming for scamm

Cybersecurity for small business Hawaii is a pressing need in 2026. Honolulu businesses face layered risks from phishing, ransomware, and state breach notification laws. Learn what a plan covers and how to get started.