[Tech-l] FW: Cyber Safe Holiday Message from The Secretary of State's Cyber Defense Team

Thor Sage sage at mveca.org
Wed Dec 10 12:10:27 EST 2025 

Good afternoon,
You might want to share the below cautionary notes from the Secretary of State’s Office with your end-users and others.  FYI…
Thanks,
Thor


Thor Sage
Executive Director
Miami Valley Educational Computer Association
937-767-1468  x3101
[http://www.mveca.org/images/logo.gif]<http://www.mveca.org/>       [i] <https://www.linkedin.com/company/mveca/>
Not-for-profit Technology Services for Education and Local Governments

From: DeBord, Jason <jdebord at OhioSOS.Gov>
Sent: Wednesday, December 10, 2025 11:48 AM
Subject: Cyber Safe Holiday Message from The Secretary of State's Cyber Defense Team

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Cyber Safe Holiday Message from CDT – December 10, 2025
NOTICE: TLP:AMBER UNCLASSIFIED//FOR OFFICIAL USE ONLY

Happy Holidays BOE Directors, Deputies, Staff, and Board Members,

The holidays are here, and the scammers are working overtime. December has become the official Super Bowl of cybercrime, as the FBI and CISA both say attacks spike 30 to 50% this month.

Here are the Top 5 Holiday Scams going on RIGHT NOW in December 2025 and a few tips to dodge them:
1.      Fake shipping alerts
“Your package from Amazon/Walmart/FedEx/UPS/USPS is delayed – click to reschedule.”

  *   Real companies almost never ask you to log in from a text or email.
Rule: Type the tracking number directly on the official site. Never click links.

2.      “Boss’s” gift-card urgency
You get a Teams/Slack/email from “the CEO” or “HR” saying: “Hey, can you grab 10 Apple gift cards real quick? I’m in a meeting.”

  *   In 2025 this is still the #1 way small companies lose $5k–$50k in one afternoon.
Rule: Pick up the phone or walk over. Get verification from a real person in your chain of command.

3.      Charity scams that look heartbreakingly real
New this year: deep-fake videos of “orphans in Ukraine” or “disaster victims” begging for crypto.

  *   If it’s asking for Bitcoin, Gift Cards, Zelle, or Cash App, it’s fake 99.9% of the time.
Rule: Give only through known links on the actual charity’s website.

4.      Free gift/loyalty points phishing
“Congratulations! You’ve won a $1,000 Best Buy/Starbucks card – claim in 24 hrs.”

  *   These pages now use AI to copy the real site perfectly.
Rule: If you didn’t enter a contest, you didn’t win. Close it, and if it’s to your SOS email, report it.

5.      Public Wi-Fi “Evil Twin” hotspots
Shopping at the mall? That “Target_Guest_WiFi_5G” might be a fake hotspot stealing everything.

  *   December 2025 favorite: fake “charge your Tesla free” stations that install malware when you plug in.
Rule: Use your phone’s hotspot or a VPN. No exceptions when banking or working.

If anything smells even a little phishy, hit that report phishing button to fast-track it right to the top of the Cyber Defense Team wish-list. And yes, we check it twice.

Let’s make 2025 the year the Grinch gets coal.
Remember: If an offer seems too good to be true, it probably is!

Happy (and safe) Holidays!


TLP:AMBER
UNCLASSIFIED//FOR OFFICIAL USE ONLY
NOTICE: The following document is not subject to disclosure as a public record pursuant to R.C. §149.433.  DO NOT DISCLOSE


[logo for the Office of Frank LaRose Ohio Secretary of State]

Jason DeBord | Chief Information Security Officer
Office of the Ohio Secretary of State
O: 614.696.8883
OhioSoS.gov<https://ohiosos.gov/>




This message and any response to it may constitute a public record and thus may be publicly available to anyone who requests it.

Confidentiality Notice: This message is intended for use only by the individual or entity to whom or which it is addressed and may contain information that is privileged, confidential and/or otherwise exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify me immediately. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20251210/88b67dde/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 6768 bytes
Desc: image001.png
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20251210/88b67dde/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 3184 bytes
Desc: image002.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20251210/88b67dde/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 1229 bytes
Desc: image003.jpg
URL: <http://listserv.mveca.org/pipermail/tech-l/attachments/20251210/88b67dde/attachment-0003.jpg>

More information about the Tech-l mailing list