(860) 482-9791 info@tccubed.com

AI Scams Surge: FBI Warns of $900M in Losses Plus Critical Microsoft 365 & Fortinet Threats

by The Creator | Jun 16, 2026

Phishing training response is critical as attackers now bypass password theft by tricking Microsoft 365 users into completing legitimate authentication processes that grant attackers direct account control. Small business owners must implement immediate staff training, identity verification protocols, and security updates to defend against this social engineering shift.

Today's cybersecurity landscape presents urgent challenges for small business owners. The FBI has issued warnings about AI-powered scams that have cost Americans nearly $900 million, with sophisticated deepfakes becoming increasingly difficult to detect. Meanwhile, the FTC reports that imposter scams reached a staggering $3.5 billion in losses in 2025, nearly tripling since 2020.

A new phishing campaign targeting Microsoft 365 users represents a shift in attack strategies. Rather than attempting to steal passwords directly, attackers are tricking users into completing legitimate Microsoft authentication processes that ultimately grant attackers account control. This social engineering tactic bypasses traditional security measures.

The FBI has also warned that the Silent Ransom Group is actively targeting law firms by impersonating IT staff to steal sensitive data and extort victims. Businesses that work with legal firms or handle confidential information should implement strict verification protocols for all IT support requests.

Additionally, three critical vulnerabilities in Fortinet FortiSandbox are being actively exploited, with two patches having been available since April. Organizations using Fortinet products must update immediately.

Key recommendations for small business owners: implement immediate patching protocols, train employees to question unexpected authentication requests, verify all identities through independent channels, and never delay security updates. These attacks exploit both trust and procrastination.

Why phishing training response matters to your Microsoft 365 users

The latest phishing campaign targeting Microsoft 365 users represents a dangerous shift in attack tactics. Rather than stealing credentials, attackers use social engineering to trick employees into completing real Microsoft authentication flows, granting attackers legitimate account access. CISA and the FBI have flagged this device code phishing method as active in the wild. For professional services and manufacturing firms handling client data, a compromised Microsoft 365 account means exposure of contracts, financial records, and confidential projects. The single most important action: conduct mandatory phishing training this week that specifically covers unexpected authentication requests, then implement a verification protocol requiring employees to contact IT through a known phone number before granting access to any system requests.

Key takeaways

  • Attackers now use social engineering to bypass password theft and gain legitimate Microsoft 365 access through device code flows.
  • Verify all IT support requests by calling IT directly on a known number, never through contact info in unexpected messages.
  • Fortinet FortiSandbox users must patch three critical vulnerabilities immediately, patches available since April 2025.
  • AI-powered deepfake scams and imposter scams reached $3.5 billion in 2025 losses, often targeting vendors and suppliers with spoofed identities.

Frequently asked questions

How do I know if a Microsoft 365 authentication request is legitimate?

If you receive an unexpected request to complete Microsoft authentication, stop and call your IT department directly using a phone number you know is correct. Never use contact information from the message itself. Legitimate IT staff will never ask you to authenticate through unsolicited messages.

What should I tell employees in phishing training about these new attacks?

Train staff that this attack does not steal passwords. Instead, it tricks users into completing real Microsoft sign-in screens, which grants attackers real account access. Teach them to recognize unexpected authentication requests as a red flag and to verify through a direct call to IT before proceeding.

Do I need to update Fortinet products immediately?

Yes. Three critical vulnerabilities in FortiSandbox are actively being exploited in the wild. Patches have been available since April 2025. Check your Fortinet deployment and apply updates without delay.

What does the Silent Ransom Group targeting mean for professional services firms?

This group impersonates IT staff to steal sensitive client data and extort firms. Professional services firms handling confidential client information must implement strict identity verification for all IT support requests and consider multi-factor authentication on all remote access systems.

Sources

Keep reading