This Month in Security with Tony Anscombe – April 2026 Edition

The rise of Microsoft Teams impersonation scams reflects a broader shift toward exploiting everyday collaboration tools. Attackers pose as help‑desk personnel, leveraging the platform’s built‑in remote‑control features to coax users into granting privileged access. This social‑engineering vector bypasses traditional perimeter defenses, making multi‑factor authentication and real‑time user education essential. Enterprises that have integrated Teams deeply into their workflows must now enforce strict verification protocols and monitor anomalous session requests to curb credential theft.

Industrial control systems are increasingly in the crosshairs of nation‑state‑aligned threat actors, as demonstrated by the Iranian‑linked campaign against Rockwell PLCs. With almost 4,000 devices exposed across critical‑infrastructure networks, the attack surface extends beyond IT to operational technology environments. Segmentation of OT networks, regular firmware patching, and strict access‑control lists are proven mitigations. Moreover, continuous monitoring for unauthorized PLC communications can detect malicious commands before they disrupt physical processes, safeguarding both safety and continuity.

The FBI’s Internet Crime Complaint Center (IC3) reported a staggering $21 billion in losses from cyber‑enabled crimes in 2025, eclipsing the 2024 figure by roughly 15%. The surge is driven by sophisticated ransomware, business‑email compromise, and the very scams highlighted in this month’s roundup. For businesses, the financial impact translates into higher insurance premiums, increased regulatory scrutiny, and the need for robust incident‑response plans. Investing in comprehensive threat‑intelligence feeds and adopting a zero‑trust architecture can reduce exposure and help organizations stay resilient amid escalating cyber threats.