Optery

Cybersecurity Awareness Month continues with Core 4 habit #3: recognize and report scams. When it comes to social engineering, employees should watch for red flags like urgency, unusual channels, or unexpected attachments, and always verify sensitive requests through a second channel. But here’s the reality: training doesn’t reduce the volume of scams. So long as there is exposed employee personal data to fuel them, social engineering attacks will keep coming. And with AI now in the mix, they will only increase. Commercial data brokers make attacker reconnaissance on businesses easy, providing a wealth of employee and organizational data to exploit. From Conti to Scatter Swine to Black Basta, Scattered Spider and more, attackers use these sites to identify targets and craft phishing, smishing, and vishing campaigns that lead to breaches, ransomware, and extortion. Optery prevents social engineering attacks by finding and removing this exposed personal data from data broker sites in the most comprehensive way possible. Without easy reconnaissance data, attackers will move on to more exposed targets. Even the best training can’t stop every click. Optery prevents many of those lures from being sent in the first place. #cybersecurityawarenessmonth #socialengineering #phishing

Cybersecurity Awareness Month continues with Core 4 habit #2: turn on multi-factor authentication (MFA). MFA is essential for protecting accounts, but not all MFA is equally strong. Attackers increasingly use exposed personal data and social engineering to bypass common forms of MFA such as SMS, one-time passcodes, or app-push approvals. Here are the main ways MFA is defeated today: 🔷 SIM swap / SMS interception: attackers use exposed PII to impersonate victims and convince carriers to port numbers so SMS OTPs are intercepted. 🔷 Real-time phishing / AiTM: attackers craft highly targeted phishing messages using exposed personal data to lure users to a proxy site that mimics a legitimate login page. The proxy relays credentials to the real service and steals the authenticated session cookie, letting the attacker access the account even when MFA is enabled. 🔷 MFA prompt fatigue / coercion: attackers first obtain usernames and credentials (via phishing, breach dumps, or password cracking using exposed emails), then bombard the user with repeated push requests or apply tailored social pressure until the user approves a login. 🔷 Account-recovery / help-desk abuse: attackers use exposed personal details to pass identity checks with support staff and reset MFA or account credentials. Phishing-resistant MFA like FIDO2 hardware tokens is the gold standard, but most other MFA methods can still be defeated with enough personal data. Optery helps prevent MFA bypass by removing the exposed employee information attackers use to impersonate, phish, or trick their way past authentication. #MFA #cybersecurityawarenessmonth #socialengineering

This year’s Cybersecurity Awareness Month theme is ‘Staying Safe Online,’ emphasizing simple actions everyone can take that make a meaningful difference in cybersecurity. The first of the ‘Core 4’ actions involves protecting your passwords. Using strong, unique passwords, and managing them with a reputable password manager, is foundational for security. But even strong passwords can be compromised when personal data falls into the wrong hands, and data brokers make it easy for attackers to access details that can undermine your password security. Data brokers sell the personal details that help threat actors crack, reset, or steal passwords in three ways: 🔹 Password cracking (breach + hashes): Attackers plug exposed emails found on data broker sites into breach repositories to pull password hashes, then crack them (rainbow tables / targeted guesses using personal data). 🔹 Password resets via vishing: Attackers call IT help desks and use personal details to impersonate employees, convincing support staff to reset passwords or grant account access. 🔹 Social engineering & credential harvesting: Attackers craft convincing lures (email, SMS, voice) using personal details and trick users into handing over passwords. Password security is far stronger when attackers don’t have the data they need to crack, reset, or trick their way in. Optery helps by finding and removing more exposed employee profiles than anyone else, proving it with screenshots, and minimizing organizational risk for social engineering and credential compromise. #passwordsecurity #cybersecurityawarenessmonth #socialengineering

Highlights from Optery's General Counsel Ambar C.

Cybersecurity Awareness Month is here. It’s 31 days when the rest of the world pays more attention to what CISOs think about every single day. When I ask CISOs what’s top of mind, these themes come up again and again: Reducing the noise: How do we cut down the sheer volume of phishing, vishing, and smishing attempts hitting employees every day? AI-fueled attacks: The bad guys now have better tools. AI means more convincing lures, more volume, and less time to react. Moving from reactive to proactive: CISOs recognize the gap. We can block and train all day, but until we shrink the attack surface, the volume of attacks won’t decline. This year’s Cybersecurity Awareness Month highlights the Core 4 habits: strong passwords, MFA, scam awareness, and software updates. Put another way: protect your passwords, protect your accounts, protect against social engineering, and protect against exploitable vulnerabilities. One of the most effective things one can do along these lines is to address exposed personal data, because attackers rely on it to crack or harvest passwords, bypass MFA, and craft scams that AI now makes more scalable than ever. A data broker profile is an open vulnerability that is just as exploitable as unpatched software. The less PII you leave exposed to attackers, the fewer opportunities they have, which means a dramatic reduction in targeted social engineering attempts that reach your email or phone. That’s a win for you, your company, and the CISOs working to keep us all secure.

📢 Issue #5 of The Optery Dispatch is here. Inside this issue: ⭕ FBI FLASH alert details Salesforce breaches by UNC6040 and UNC6395. Attackers are using vishing and stolen OAuth tokens to infiltrate Salesforce, exfiltrate data, and extort victims. ⭕ LevelBlue’s Threat Trends Report shows BEC and social engineering dominating. Nearly all incidents in early 2025 investigated by LevelBlue involved social engineering tactics, with ClickFix fake CAPTCHA campaigns surging 1,450% and emerging as a go-to initial access method. ⭕ Anthropic’s latest threat intel report reveals how agentic AI lowers the barrier for attackers. A single operator used an AI coding agent to automate every phase of a breach across multiple organizations. ‼️ Be sure to subscribe to receive future issues.

Without the capability to find and remove exposed personal data across the open web, companies leave their clients vulnerable to PII exploitations like phishing, voice and messaging scams, password compromise, and more. With Optery's API, businesses and developers can proactively address exposed PII vulnerabilities by embedding our award-winning data broker scanning and removal technology into their applications at scale. The Optery API can be utilized to create new data privacy and security features across various use cases and industries, including Consumer Internet, Cybersecurity, Identity Theft Protection, Insurance, Personal Finance, Physical Security, VPN Software, and others. Why developers love it: 🔷 SOC-ready integration with exposure data flowing into security dashboards for monitoring and response 🔷 Screenshot retrieval provides visual proof of exposed personal data 🔷 Event webhooks deliver real-time updates on key actions like opt-out submissions and new reports 🔷 Sandbox environment allows safe testing without touching production 🔷 Public documentation enables fast onboarding 🔷 SOC 2 Type II certification ensures enterprise-grade security For more information or to request access to the API, click on ‘API for Partners’ under the ‘Business’ tab on our website. #phishing #smishing #vishing 

Optery for Business is featured in the newly released SiliconANGLE 2025–2026 TechForward Buyer’s Guide! The TechForward Buyer’s Guide highlights market-leading innovations across AI, cloud, data, and security that solve real problems and drive measurable outcomes for businesses. In the Security Tech section, Optery for Business is recognized as the Best in Category: Digital Risk Protection (DRP) Platform (page 49). We’re honored to be included among the technologies shaping the future of enterprise security. 🔹 Explore the full Buyer’s Guide here: https://lnkd.in/eSKWR_7f 🔹 Read "Optery Wins SiliconANGLE TechForward Award in the Digital Risk Protection Platform Category": https://lnkd.in/eDjcTmTD #digitalriskprotection #cybersecurity #socialengineering

Playing offense is an essential part of cybersecurity. To be complete, that effort must address both technical vulnerabilities and exposed PII. Traditional offensive security is built around probing technical defenses through penetration testing, red teaming, and scanning for weaknesses. But attackers aren’t just looking at your tech; they’re also pulling employee data from brokers to fuel social engineering campaigns. Seeing your organization as attackers do means recognizing that exposed PII is a critical part of the enterprise attack surface. Identifying and removing this data should be a core element of any offensive cybersecurity strategy. Optery for Business automates this process in the most comprehensive way possible: finding dozens more exposures per person than other services, covering 1,360+ sites, and providing screenshot-verified proof of removals. Companies that treat exposed PII as a vulnerability stay ahead of threat actors and sharply reduce their risk of being targeted.

We’re live at the MSP Summit in Orlando! Optery is here at Booth #717, showing MSPs how we protect clients from social engineering, BEC, and other PII-driven threats by limiting attackers’ ability to gather intel and target employees. If you’re attending, stop by our booth to meet the team, see how our award-winning platform works, and learn how Optery prevents attacks at the source. #MSPs #socialengineering #cybersecurity