Edward Contreras

Urgent Cybersecurity Alert for USAA Members: Beware of Sophisticated Phone Spoofing Scams Today, July 9, 2025, I experienced a highly sophisticated fraud attempt targeting USAA members that underscores a critical cybersecurity vulnerability: phone number spoofing. This is reportedly the most current scam tactic, and it highlights why vigilance is paramount in our digital age. The scam began with an unsolicited call purporting to be from USAA, attempting to "verify" transactions. My alarm bells rang when I stated I'd call USAA back directly, and the caller immediately backpedaled. What followed was audacious: while I was on hold with the legitimate USAA number, I received an incoming call also spoofed to appear from 1-800-531-USAA. The "manager" on this second call brazenly asserted, "If you hang up you will be calling us right back on the same number on your phone." This incident vividly demonstrates the ease and effectiveness of phone number spoofing. For those unfamiliar, spoofing is the act of falsifying the Caller ID to mask a caller's true identity, making an illicit call appear to originate from a trusted source. Modern Voice over IP (VoIP) technology makes this alarmingly simple, creating a significant challenge for verifying caller authenticity. Upon immediately contacting the real USAA Fraud department, they confirmed this is a very active and concerning scam. Key Takeaways for Enhanced Cybersecurity: * Verify, Don't Trust Caller ID: Never rely solely on Caller ID for financial or sensitive calls. Always initiate calls back to your institution using official numbers found on their website or your statements. * Beware of Pressure Tactics: Legitimate institutions will not pressure you to stay on the line or prevent you from calling them back independently. * Educate Your Network: Share awareness about phone spoofing. Many may not realize how easily Caller ID can be manipulated. In our increasingly interconnected world, proactive awareness and verification are our strongest defenses against evolving cyber threats. Let's champion a culture of heightened security and skepticism. #USAA #Cybersecurity #FraudPrevention #PhoneSpoofing #ScamAlert #InformationSecurity #BeVigilant Disclaimer: This post was developed with AI assistance for clarity and accuracy, based on my personal experience on July 9, 2025. All factual details of the encounter are precisely as they occurred.

5

1 Comment

378 GB of Data From Navy Federal Credit Union Exposed https://ift.tt/2vs5hlE A database, in apparent association with the Navy Federal Credit Union, exposed 378 GB of information.  via Cybersecurity News https://ift.tt/SV24L0k September 04, 2025

1

Texas cities and agencies have been under [cyber] attack for the last several years and they have been losing the fight. They are standing up the Texas Cyber Command at UT San Antonio. Interesting plan. Learn more at https://lnkd.in/gT9C5FeD

3

CACI adds $12M DHS ICE Cyber Crimes Center Dark Web Investigative Operations IT Licenses and Support task on Alliant 2 ==>> https://lnkd.in/e-CymnMU CACI International Inc

8

1 Comment

The Texas Cyber Command has launched its official website, marking a key milestone in the rollout of a new, state-level cybersecurity agency tasked with protecting critical infrastructure and coordinating cyber operations across Texas. https://bit.ly/472uJDY

13

SBOMs are no longer mandatory for federal agencies. New guidance rescinds prior software supply chain mandates and shifts to agency-defined risk assessment. Details → https://lnkd.in/eJUQdKf2 #Cybersecurity #GovTech

12

National Cybersecurity Preparedness Consortium is bringing the latest in cyber vulnerability training to YOU, no-cost! Check out these deliveries, and let me know if you want one taught in your city! TEEX Business and Cyber Solutions

11

Cybercriminals often bypass technical defenses by targeting employees through sophisticated social engineering attacks and phishing scams. A robust security strategy must include ongoing employee training and attack simulations to build a human firewall.

1

Throwback Thursday post! Armavel, LLC's own Nina Shell, MS, CAPM attended the ATO Cloud Security Summit a couple of weeks ago and met up with Pete Waterman and Yolanda Robinson Darricarrere, MS! At this year’s ATO Cloud Security Summit, the theme of Speed, Security & Software-Defined Transformation took center stage. The summit reinforced that modernization is not just a mandate—it’s a mission-critical urgency. With the growing threat landscape, a federal approach focused on experimentation, automation, and agility is essential. Some of Nina's Key Takeaways include: 1. FedRAMP Modernization: Redefining compliance through automation, KSIs, and policy-as-code. “Please don’t use this as a checklist.” 2. DISA Innovations: Secure inheritance models, like ISSM-as-a-service, are accelerating secure cloud adoption. 3. AI & Cybersecurity: NIST AI RMF and executive orders shaping governance for secure, transparent AI aligned with human and mission values. 4. Risk Management: Leaders highlighted that “Risk can present as inaction,” emphasizing the need for calculated risks to stay relevant. 5. Startup Inclusion: Efforts to help small vendors enter federal markets, including GSA’s 20x platform accelerator. 6. The FORGED Act: Aiming to reduce acquisition drag and fast-track commercial innovation. The summit also highlighted the importance of strong government-industry collaboration and the need to embrace cultural change in the pursuit of modernization. #CloudSecurity #Modernization #FedRAMP #AI #Cybersecurity #GovTech #Innovation #Partnership

18

Steven Alexander says, "When humans become '𝗭𝗲𝗿𝗼-𝗗𝗮𝘆 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝘀' 𝗖𝗘𝗢 𝗼𝗳 𝗰𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗳𝗶𝗿𝗺 𝗰𝗵𝗮𝗿𝗴𝗲𝗱 𝘄𝗶𝘁𝗵 𝗶𝗻𝘀𝘁𝗮𝗹𝗹𝗶𝗻𝗴 𝗺𝗮𝗹𝘄𝗮𝗿𝗲 𝗼𝗻 𝗵𝗼𝘀𝗽𝗶𝘁𝗮𝗹 𝘀𝘆𝘀𝘁𝗲𝗺𝘀 𝗩𝗲𝗿𝗶𝘁𝗮𝗰𝗼 𝗖𝗘𝗢 𝗝𝗲𝗳𝗳𝗿𝗲𝘆 𝗕𝗼𝘄𝗶𝗲 𝗳𝗮𝗰𝗲𝘀 𝗰𝗵𝗮𝗿𝗴𝗲𝘀 𝗳𝗼𝗿 𝗮𝗹𝗹𝗲𝗴𝗲𝗱𝗹𝘆 𝗶𝗻𝘀𝘁𝗮𝗹𝗹𝗶𝗻𝗴 𝗺𝗮𝗹𝘄𝗮𝗿𝗲 𝗼𝗻 𝗵𝗼𝘀𝗽𝗶𝘁𝗮𝗹 𝗰𝗼𝗺𝗽𝘂𝘁𝗲𝗿𝘀, 𝘃𝗶𝗼𝗹𝗮𝘁𝗶𝗻𝗴 𝗢𝗸𝗹𝗮𝗵𝗼𝗺𝗮’𝘀 𝗖𝗼𝗺𝗽𝘂𝘁𝗲𝗿 𝗖𝗿𝗶𝗺𝗲𝘀 𝗔𝗰𝘁. https://lnkd.in/eh7fMaME Jeffrey Bowie, CEO of the cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital. The man is accused of having installed the malware on the hospital computers on August 6, 2024. Bowie was arrested on April 14, following the issuance of an arrest warrant. Security footage reportedly shows the man attempting to access multiple offices before installing malicious software designed to capture screenshots every 20 minutes and transmit them to an external IP address.

1

2 Comments

Public sector technology environments operate under a different standard. Security, continuity, compliance, and audit readiness are not optional. They are operational requirements. Whether supporting cybersecurity operations or enterprise end-user environments, structured delivery and disciplined execution matter. Lozort Federal continues to build a Texas-based network of professionals experienced in compliance-driven, enterprise IT environments. Strong technical capability paired with accountability is what truly supports public sector missions. #Cybersecurity #PublicSectorIT #EnterpriseIT #TexasTechnology #VeteranOwned

1

Hello USAA just a suggestion from a consumer/Cybersecurity Professional I value the steps USAA takes to safeguard members’ financial information, but I believe your current account security protocols could be improved to better align with core information security principles, specifically the CIA Triad: Confidentiality, Integrity, and Availability. While protecting confidentiality and integrity is critical, availability is equally important. Under the current system, members may lose access to their accounts for up to three business days when security issues are flagged. This prolonged lockout impacts availability and can create unnecessary hardship for members who rely on timely access to their funds. Additionally, your fraud prevention process should emphasize proactive engagement. Contacting the member immediately (via phone, text, or secure app notification) before locking the account would ensure integrity of the account while preserving availability. This balance is at the heart of the CIA Triad and of effective cybersecurity practice. I encourage USAA to consider the following adjustments: Reduce or eliminate prolonged account lockouts that hinder availability. Implement immediate member contact prior to account suspension to preserve both integrity and availability. Provide a streamlined, verifiable process to quickly restore access once identity is confirmed. USAA has long built trust through security and service. Aligning account protocols with the CIA Triad will reinforce that trust while ensuring members are protected without being unintentionally locked out. Thank you for considering this feedback.

1

The latest #GovConThoughts by Josh Duvall, CISSP: #SBA Publishes New 8(a) Guidance, Suspends Over 1,000 8(a) Firms. #govcon #smallbusiness https://lnkd.in/exhMWD4X

2