Posted on

The New Face of Phishing: Techniques, Targets and Prevention

Phishing Attacks Phishing is a major threat that keeps evolving and has now become a sophisticated and costly cyber risk facing businesses of all sizes. Previously linked to malicious links in an email, phishing is now powered by AI, automation, and social engineering. The attacks have become harder to detect; they are faster to execute; and they can be very damaging if successful. With many business processes happening online – such as payments, approvals, and customer engagement – the attack surface has expanded, and so has the creativity of cybercriminals.

The Changing Landscape of Phishing

Modern phishing is unlike the previous suspicious and poorly written emails, and today cybercriminals are using AI tools to do many things, including:

  • Generate perfectly written and personalized messages – attackers can now easily analyze company websites, social media profiles, public reports, and employee profiles to clone the tone, style, and communication patterns. Messages appear legitimate when they reference recent projects or internal updates.
  • Generate deepfake audio and video – with readily available AI voice-cloning tools, a scammer can easily impersonate CEOs or CFOs and request urgent wire transfers or credential access.
  • Bypass MFA using real-time phishing kits – these kits mirror login screens of popular business tools such as Microsoft 365 or Google Workspace. An employee enters credentials and authentication codes into the fake page, giving attackers instant access.
  • Launch automated hyper-targeted attacks – with automation, criminals can target specific departments using tailored messages relevant to their daily tasks.

High-Value Targets Inside Organizations

Phishing attacks are no longer random but very strategic:

  • C-Suite executives – executives are prime targets due to their authority and access levels. If an executive is compromised, their inbox can be used to authorize payments or request sensitive data.
  • Financial teams – the accounts department faces fake invoice scams, fraudulent banking instructions, and impersonated vendor messages.
  • HR departments – attackers send fake resumes loaded with malware. They might also pose as job applicants to access employee data.
  • Remote and hybrid workers – these workers use shared Wi-Fi, personal devices, and unsupervised collaboration tools. This creates a wider entry point for attackers.
  • Customers and partners – attackers impersonate brands and trick customers into submitting payments or sensitive information through fake lookalike pages.
  • IT admins and system engineers are also valuable as they have privileged access.

Modern Phishing Techniques

Emails remain the dominant delivery method, but attackers have diversified to:

  • Quishing (QR Code Phishing)
    QR codes are everywhere: on flyers, delivery packages, restaurant menus, conference badge,s and more. However, QR codes can lead to malicious sites or credential harvesting pages.
  • Search Engine Phishing or Malvertising
    Fake ads appear above legitimate brands on search results that a user can click on –thinking it’s a legitimate link.
  • Browser-in-the-Browser Attacks
    These are fake login pop-ups that replicate trusted login screens. An employee will enter their credentials, thinking it’s a legitimate site, and this goes straight to attackers.
  • OAuth Application Scams
    Here, attackers don’t steal passwords. Instead, they trick users into granting access to a malicious app. Once the access is granted, the attacker has total access.
  • Deepfake Calls and Video Messages
    These may come as high-pressure video calls or messages from an executive requesting urgent action, emergency payment, or private documents.
  • Fake Travel and Expense Scams
    Taking advantage of corporate travel, attackers clone legit travel sites in order to steal credit card and employee information.

Prevention Strategies Every Business Must Adopt

Phishing is a problem that can’t be eliminated but can only be significantly reduced through a combination of technical measures and human risk management.

Prevention requires a combination of technology, processes, and people.

  1. Build a Security-Aware Culture
    Training must be continuous, engaging, and realistic. It should be conducted via simulation and scenario-based learning.
  2. Strengthen Email Authentication
    Implement modern AI-based email filtering tools to help detect anomalies that human eyes miss. Include identity verification protocols like DMARC, SPF, and DKIM to reduce spoofing attacks.
  3. Adopt Zero Trust Security
    Implement the “never trust, always verify” approach. Access should be limited, monitored, and timed out automatically. High-risk actions should trigger additional verification.
  4. Secure Remote Work
    Implement VPNs, approved devices, endpoint protection, encrypted storage, and clear policies.
  5. Implement Multistep Verification for Financial Transactions
    Require verbal confirmation or dual approvals for high-value transfers.
  6. Monitor Vendors and Partners
    Keep in mind, there is a sharp rise in supply-chain attacks. Regularly verify domains, emails, and communication from suppliers and partners.
  7. Have an Incident Response Plan
    Be ready with a response plan in case of a breach. Acting quickly will reduce potential losses.

Conclusion

Phishing has transitioned into a sophisticated threat targeting the core operations of a business. New phishing variants reveal how attackers continually evolve their techniques. With the right awareness, technology, and processes, organizations can significantly reduce exposure.

Posted on

Partial Government Funding, Promoting Transparency and Protecting Against Foreign Terrorism

Government Promoting TransparencyEpstein Files Transparency Act (HR 4405) – The purpose of this bill is to require the Department of Justice to release all documents and records in its possession of investigations and court cases related to Jeffrey Epstein. Epstein was previously convicted of soliciting prostitution from an underage girl, and also faced new sex trafficking charges prior to his 2019 death in custody. The files are expected to reveal the names of other people involved in the sex trafficking scheme. The act was initially introduced by Rep. Ro Khanna (D-CA) on July 15. It was updated and passed in the House on Nov. 18, in the Senate the next day, with only one opposing vote between the two chambers. The bill was signed into law by the president on Nov. 19. The DOJ has up to 30 days to release the documents, which may be lightly redacted to protect against unwarranted invasion of privacy, such as victim names and medical data.

Continuing Appropriations, Agriculture, Legislative Branch, Military Construction and Veterans Affairs, and Extensions Act, 2026 (HR 5371) – This is the bill that ended the federal government shutdown. It includes funding for the remainder of the fiscal year for the food assistance program SNAP, the Department of Agriculture, the FDA, the military, Veterans Affairs, and Congress through Sept. 30, 2026. However, it stops short of funding approval beyond Jan. 30, 2026, for Commerce, Justice and Science (CJS); Defense, Energy and Water; Financial Services and General Government (FSGG); Homeland Security; Interior, Environment, and Related Agencies; Labor, Health and Human Services, and Education (LHHS); State, Foreign Operations and Related Programs; Transportation; and Housing and Urban Development. The continuing resolution did contain a few ancillary provisions, including mandatory backpay and rehiring of all federal employees furloughed or laid off during the shutdown. The original version of the bill was introduced on Sept. 16 by Rep. Tom Cole (R-OK). It passed in the House on Sept. 19 and failed in the Senate 14 times before a revised bill was passed on Nov. 10. The final bill, with changes, passed in the House on Nov. 12 and was signed into law on the same day.

District of Columbia Cash Bail Reform Act of 2025 (HR 5214) – This bill was introduced on Sept. 8 by Rep. Elise Stefanik (R-NY). It represents Republicans’ ongoing battle over who has jurisdiction over Washington, D.C.’s law enforcement and justice system. The bill would return to a cash bail system and require automatic detention of those charged under a wider set of offenses. The new confinement rule counters D.C.’s long-standing system of judge discretion regarding detention or supervised release. The bill passed in the House on Nov. 19 and currently lies in the Senate.

Strengthening Cyber Resilience Against State-Sponsored Threats Act (HR 2659) – This bipartisan legislation represents a federal strategy to strengthen U.S. cyber defenses to counter China’s attempts to actively target American infrastructure. Unfortunately, the bill does not apply to other hostile state-sponsored cyber actors such as Russia, Iran, or North Korea. Introduced by Rep. Andrew Ogles (R-TN) on April 7, the bill passed in the House on Nov. 17 and currently rests with the Senate.

Department of Homeland Security Vehicular Terrorism Prevention and Mitigation Act of 2025 (HR 1608) – This bipartisan bill seeks to address the rising threat of vehicle-based attacks, including the possible misuse of autonomous vehicles, rideshare platforms, and connected vehicle technologies. The legislation was introduced by Rep. Carlos Gimenez (R-FL) on Feb. 26 and passed in the House on Nov. 17. It currently awaits consideration by the Senate.

Posted on

How to Account for Additional Paid-in-Capital (APIC)

APIC, What is Additional Paid-in-Capital?According to the May 2019 Financial Stability Report from the Board of Governors of the Federal Reserve System, there was more than $15 billion in outstanding commercial credit. While there are many ways companies can obtain funding, additional paid-in-capital (APIC) is one way to accomplish this goal.

Defining APIC

This term refers to the gap between a share’s par value and the distribution price. If an investor pays more than what the company sets for its IPO price offer, that is what determines APIC.

Defining Par Value

Par value is the initial offer price a publicly traded company decides to offer shares to investors during its initial public offering (IPO) on exchanges. Depending on the actual initial price for an IPO, it can be done for publicity reasons, to reduce litigation risks and to aid in improving shareholder return on investment.

Market Value

Based on how well a publicly traded company performs, this is the prevailing price that investors assign to the share price, which varies dynamically.

Determining APIC

Calculating APIC is done as follows:

APIC = (Issue Price – Par Value) x Number of Shares Acquired by Investors

If a company establishes a stock price of $2 per share, investors can decide to bid up each share price to $3 or $7 or $20 via their purchases. If there are 2 million shares outstanding selling for a total of $44 million, the excess of $40 million (beyond the $4 million in par value) is the APIC.

Based on these circumstances, a company’s balance sheet should have the following entries:

– $4 million (paid-in-capital)

– $40 million (additional paid-in-capital)

When accounting for these stock purchases in this scenario, APIC is recorded on the balance sheet under the shareholder equity (SE) section. This can be seen as increasing a company’s bottom line because it results in them receiving additional cash from stockholders.

When it comes to recording the journal entry, the total cash generated by the IPO is recorded as an asset (debit) on the balance sheet, while the common stock and APIC are recorded as equity (credits).

Utility

The utility metric can yield a considerable amount of a business’ share capital, prior to retained earnings starting to accumulate. It helps provide a financial cushion for the company if retained earnings demonstrate a shortfall.

Companies that issue shares permit the business to not increase its fixed costs. Since this method is chosen instead of issuing bonds, there are no interest payments due to buyers of the bonds. Investors are not due any payments, including no dividend obligations. Business assets are also not subject to investor claims. Once shares are issued to investors, the generated funds are non-restricted, so the company can direct the funds as necessary.

APIC lets businesses produce money without any required assets backing the transaction. Depending on the company’s future performance, buying stock at the IPO can generate massive returns.

Further considerations

When there are additional share offerings post IPO, either common or preferred shares, the APIC levels may grow, necessitating them to be documented on the business’s financial statements. If share repurchases are made, levels can be decreased.

While each business has many options to raise money, if a company uses this method, it’s important to ensure that they are accounted for properly. As always, contact a professional to ensure the best personalized advice.