Category Guidance

Dear Reader,

The mission of the FBI is to protect the American people and uphold the Constitution of the United States. This mission includes our efforts to combat financial crimes targeting seniors. The FBI, in alignment with the Department of Justice Elder Fraud Initiative and the efforts of our internal and external partners, is committed to this mission. It is from this commitment to the American people that the FBI provides the public an avenue to report fraud through the Internet Crime Complaint Center (IC3).

The IC3 receives and tracks thousands of complaints daily, reported by victims of fraud. This reporting is key to identifying, investigating, and holding those responsible accountable for their actions. Victims of fraud have the option to identify their age range when submitting a complaint to IC3; the information contained in this report is derived from complaints submitted by or on behalf of victims aged 60 and over.

Each year, millions of elderly Americans fall victim to some type of financial fraud or internet scheme, such as romance scams, tech support fraud, and lottery or sweepstake scams. Criminals gain their targets’ trust or use tactics of intimidation and threats to take advantage of their victims. Once successful, scammers are likely to keep a scheme going because of the prospect of significant financial gain.

In 2020, IC3 received a total of 791,790 complaints with reported losses exceeding $4.1 billion. Based on the information provided in the complaints, approximately 28% of the total fraud losses were sustained by victims over the age of 60, resulting in approximately $1 billion in losses to seniors. This represents an increase of approximately $300 million in losses reported in 2020 versus what was reported by victims over 60 in 2019.

To educate the public and provide as much information on the types of frauds targeting seniors as possible, the IC3 is offering its first publication of the 2020 IC3 Elder Fraud Annual Report. This report is a companion report to the 2020 IC3 Annual Report released in March 2021. These reports, along with other publications, are available at www.IC3.gov.

It is only by victims reporting fraud that we can identify trends, educate the public, and support investigations, and nowhere is this more important than crimes against seniors.

Calvin Shivers
Assistant Director
Federal Bureau of Investigation
Criminal Investigative Division

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3ElderFraudReport.pdf

Dear Reader,

In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree. These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society – medical workers searching for personal protective equipment, families looking for information about stimulus checks to help pay bills, and many others.

Crimes of this type are just a small part of what the FBI combats through our criminal and cyber investigative work. Key to our cyber mission is the Internet Crime Complaint Center (IC3), which provides the public with a trustworthy source for information on cyber criminal activity, and a way for the public to report directly to us when they suspect they are a victim of cyber crime.

IC3 received a record number of complaints from the American public in 2020: 791,790, with reported losses exceeding $4.1 billion. This represents a 69% increase in total complaints from 2019. Business E-mail Compromise (BEC) schemes continued to be the costliest: 19,369 complaints with an adjusted loss of approximately $1.8 billion. Phishing scams were also prominent: 241,342 complaints, with adjusted losses of over $54 million. The number of ransomware incidents also continues to rise, with 2,474 incidents reported in 2020.

Public reporting is central to the mission and success of IC3. Submitting a cyber crime complaint to IC3.gov not only helps the FBI address specific complaints—and provide support and assistance to victims —but also helps us prevent additional crimes by finding and holding criminal actors accountable. Information reported to the IC3 helps the FBI better understand the motives of cyber-criminals, the evolving threat posed, and tactics utilized, enabling us to most effectively work with partners to mitigate the damage to victims.

IC3 has continued to strengthen its relationships with industry and others in the law enforcement community to reduce financial losses resulting from BEC scams. Through the Recovery Asset Team, IC3 worked with its partners to successfully freeze approximately $380 million of the $462 million in reported losses in 2020, representing a success rate of nearly 82%. In addition, IC3 has a Recovery and Investigative Development Team which assists financial and law enforcement investigators in dismantling organizations that move and transfer funds obtained illicitly.

With our dedicated resources focused on recovering funds and preventing further victimization, we are better aligned to confront the unique challenges faced in cyberspace. Visit IC3.gov to access the latest information on criminal Internet activity.

We strongly encourage readers to submit complaints to IC3 and to reach out to their local FBI field office to report malicious cyber criminal activity. Together we will continue to build safety, security, and confidence into our digitally connected world.

Paul Abbate
Deputy Director
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

Article (PSA‑0014)

Why a Changing IP Address Can Be a Problem

When you run a server from home (web site, game server, CCTV, VPN, etc.) you need a way for people on the Internet to find *your* device. Most residential ISPs assign a **dynamic public IPv4 address** that can change every few hours, days, or weeks. If the address changes, anyone using the old address will lose connectivity.

Dynamic vs. Static IP Addresses

• Dynamic IP – Assigned by the ISP’s DHCP server. It may change at any time (often nightly or after a router reboot). No extra charge, but the address is not reliable for a public service.
• Static IP – Fixed for the life of the contract. Usually only offered on business‑class plans and often costs extra (sometimes $5–$20 per month). It gives you a stable address without extra software.

Quick DNS Refresher

DNS (Domain Name System) translates human‑readable names (example.com) into the numeric IP addresses computers actually use. Think of it as an online phone book: you look up a name, get a number, and the call (or web request) is placed.

The Core Issue: Your Dynamic IP + DNS

Traditional DNS points a domain name to a single static IP. If your public IP keeps changing, the DNS record quickly becomes outdated, and anyone trying to reach your service sees a dead address.

Dynamic DNS (DDNS) – The Solution

Dynamic DNS services automatically keep a DNS record in sync with your current public IP.

• You sign up for a DDNS provider (e.g., No‑IP, DuckDNS, Cloudflare API‑based updates, or the legacy Dyn service).
• The provider gives you a sub‑domain such as myhome.no‑ip.org or myserver.duckdns.org.
• A client (built‑in to most modern routers, or a small program on a PC/Raspberry Pi) monitors your public IP. Whenever the IP changes, the client sends an update to the DDNS provider via a secure API (HTTPS or DNS‑UPDATE RFC 2136).
• The provider instantly updates the DNS record, so the domain name always points at your current IP.

Where to Run the DDNS Client

• Router – Most consumer routers (e.g., ASUS, Netgear, TP‑Link, Linksys) have a “Dynamic DNS” or “DDNS” section where you can enter your provider’s hostname, username, and password.
• Dedicated device – If the router doesn’t support DDNS, install a client on a computer, Raspberry Pi, or NAS (most Synology/QNAP devices include DDNS support).
• Cloud‑based updates – Some providers (Cloudflare, Google Domains) let you use a simple script or curl command to update the record from anywhere on the Internet.

Security & Best‑Practice Tips

• Use a **strong, unique password** for the DDNS account – the update client sends these credentials on every change.
• Prefer providers that support **TLS/HTTPS** for updates (No‑IP, DuckDNS, Cloudflare).
• Keep your router’s firmware up to date; many updates fix DDNS‑related vulnerabilities.
• If you only need occasional remote access, consider a **VPN** or a cloud reverse‑proxy (e.g., Cloudflare Tunnel) which provides a stable endpoint without exposing your home IP.

Step‑by‑Step: Setting Up DDNS (Example with No‑IP)

1. Create a free No‑IP account and choose a host name (e.g., myhome.no‑ip.org).
2. Log into your router’s admin console → Dynamic DNS (or DDNS) section.
3. Select “No‑IP” from the provider list, then enter the host name, your No‑IP username, and password.
4. Save the settings. The router will now test the connection and report the current IP.
5. Confirm by visiting myhome.no‑ip.org from a device outside your network – it should resolve to your public IP.
6. Whenever your ISP changes the IP, the router automatically updates the record – no further action required.

Alternative Approaches (When DDNS Isn’t Enough)

• Purchase a static IP from your ISP – the most reliable method for business‑critical services.
• Use a cloud‑based reverse proxy (e.g., Cloudflare Tunnel, ngrok) – the tunnel endpoint stays constant even though your home IP changes.
• Hybrid VPN + DDNS – run a site‑to‑site VPN that uses the DDNS name to reach your home network securely.

Bottom Line

Dynamic DNS lets you keep a stable, easy‑to‑remember address for any service you run from a home connection that receives a dynamic IP. It’s a cheap (often free) alternative to paying for a static IP and works with the vast majority of modern routers.

Need Help Getting Started?

If you’d like assistance setting up Dynamic DNS, configuring your router, or exploring alternatives, call PSA Computer Services at (707) 506‑6802. We’ll get you online and reachable—no matter how often your IP changes.

Article (PSA‑0013)

The COVID‑19 pandemic accelerated the shift to remote and hybrid work, and many of those practices are here to stay. Even though most regions are no longer under strict lockdowns, businesses continue to:

• Allow employees to work from home full‑time or a few days a week.
• Use cloud‑based collaboration tools for meetings, file sharing, and project management.
• Prioritize security — VPNs, multi‑factor authentication, and endpoint protection are now standard.

Key Tools for a Productive Remote Set‑up

Video‑conferencing

Popular choices (2024): Zoom, Microsoft Teams, Google Meet, Cisco Webex.

Why it helps: HD video, screen sharing, meeting recordings, integrated calendars.

Instant Messaging / Collaboration

Popular choices (2024): Microsoft Teams, Slack, Discord (for informal teams).

Why it helps: Real‑time chat, file sharing, searchable history.

Remote Desktop / Application Access

Popular choices (2024): TeamViewer, AnyDesk, LogMeIn, Microsoft Remote Desktop, VNC Connect.

Why it helps: Control a workstation from anywhere; useful for legacy apps.

File Collaboration & Storage

Popular choices (2024): OneDrive, Google Drive, Dropbox, SharePoint.

Why it helps: Real‑time co‑authoring, versioning, secure sharing.

Security & Network Access

Popular choices (2024): Cisco AnyConnect, OpenVPN, Pulse Secure, Zscaler Private Access.

Why it helps: Encrypted tunnel to corporate resources; enforces MFA.

Three Simple Practices for a Balanced Remote Work Day

1. Set Clear Work‑Life Boundaries – Define a start‑time and end‑time, and stick to them. Use a dedicated “work” calendar and mute non‑urgent notifications after hours.
2. Move Your Body – Short walks, stretching breaks, or a quick home workout boost circulation and lower stress. Even a 5‑minute stretch every hour can improve focus.
3. Stay Connected Socially – Schedule brief video coffee chats or phone calls with family, friends, or coworkers. Human interaction reduces feelings of isolation and improves morale.

Security Tips You Can Deploy Right Now

• Enable multi‑factor authentication (MFA) on all cloud services (email, video‑conferencing, file‑sharing).
• Keep your operating system and applications up‑to‑date; enable automatic patches.
• Use a trusted VPN when connecting to corporate resources or sensitive data.
• Lock your workstation when you step away – a quick Windows + L (or macOS Control‑Command‑Q) does the job.
• Back up critical files regularly (cloud or external drive) following the 3‑2‑1 rule.

Hybrid Work – The New Normal

Many companies now operate on a “flexible” model: a few days in the office for collaboration, the rest remote for focused work. When planning a hybrid schedule, consider:

• Which tasks need a physical office (e.g., hardware‑intensive work, team workshops).
• How you’ll keep security consistent across both environments (same VPN, same MFA).
• Ensuring all employees have a reliable internet connection and an ergonomic workspace at home.

Need a Hand Getting Set Up?

If you’d like advice on choosing the right remote‑work tools, or want a security review of your home office, give PSA Computer Services a call at (707) 506‑6802. We’ll tailor a solution that keeps you productive and protected.

Dear Reader,

The FBI is the lead federal agency for investigating malicious cyber activity by criminals, nation-state adversaries, and terrorists. To fulfill this mission, the FBI often develops resources to enhance operations and collaboration. One such resource is the FBI’s Internet Crime Complaint Center (IC3) which provides the public with a trustworthy and convenient mechanism for reporting information concerning suspected Internet-facilitated criminal activity. At the end of every year, the IC3 collates information collected into an annual report.

This year’s Internet Crime Report highlights the IC3’s efforts to monitor trending scams such as Business Email Compromise (BEC), Ransomware, Elder Fraud, and Tech Support Fraud. As the report indicates, in 2019, IC3 received a total of 467,361 complaints with reported losses exceeding $3.5 billion. The most prevalent crime types reported were Phishing/Vishing/Smishing/Pharming, Non-Payment/Non-Delivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported losses were BEC, Confidence/Romance Fraud, and Spoofing. More details on each of these scams can be found in this report.

Of note, the IC3’s Recovery Asset Team (RAT), which assists in recovering funds for victims of BEC schemes, celebrated its first full year of operation. During its inaugural year, the team assisted in the recovery of over $300 million lost through on-line scams, boasting a 79% return rate of reported losses. We’re also pleased to announce the creation of a Recovery and Investigative Development (RaID) Team which will assist financial and law enforcement investigators in dismantling money mule organizations.

Information reported to the IC3 helps the FBI gain a better understanding of cyber adversaries and the motives behind their activities. Therefore, we encourage everyone to use IC3 and reach out to their local field office to report malicious activity. Cyber is the ultimate team sport. Working together we hope to create a safer, more secure cyber landscape ensuring confidence as we traverse through a digitally-connected world. We hope this report provides you with information of value as we work together to protect our nation against cyber threats.

Matt Gorham
Assistant Director
Cyber Division
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2019_IC3Report.pdf

Article (PSA‑0012)

Historical Overview – Windows 7 End of Support (January 14 2020)

• All Windows 7 editions (Starter, Home Basic, Home Premium, Professional, Enterprise, Ultimate) stopped receiving **security updates, bug fixes, and Microsoft‑provided technical support** on 14 Jan 2020.
• Third‑party software vendors began withdrawing support for their products on Windows 7, and many newer applications no longer install on that OS.
• Microsoft offered an **Extended Security Updates (ESU)** program for businesses that needed extra time, but the program **ended on 13 Jan 2023**.
• At the time, users who upgraded from a licensed copy of Windows 7 could move to Windows 10 at **no additional OS cost** (Microsoft covered the license upgrade). The upgrade was a one‑time service fee for the technician.

Why the End‑of‑Life Still Matters (2024‑2025)

Even five years after the official EOL, many machines still run Windows 7. The risks are now even higher because:

• **No security patches** – new vulnerabilities discovered today are never fixed on Windows 7, leaving systems exposed to ransomware, malware, and remote exploits.
• **Application incompatibility** – modern productivity suites, browsers, and cloud services no longer support Windows 7, leading to loss of functionality and potential data loss.
• **Compliance issues** – regulations such as GDPR, HIPAA, and PCI‑DSS require supported operating systems for data protection; Windows 7 does not meet those requirements.
• **Hardware driver shortages** – newer hardware (NVMe SSDs, USB‑C, Wi‑Fi 6) lacks drivers for Windows 7, limiting upgrades or replacements.

Addendum (2024‑2025): What to Do Now

1️⃣ Migrate to a Supported OS

1. Windows 11 – the current Microsoft desktop OS. Minimum hardware includes a 64‑bit CPU (8th‑gen Intel or newer / AMD Ryzen 2000 or newer), 4 GB RAM, 64 GB storage, UEFI with Secure Boot, TPM 2.0, and DirectX 12 graphics. Ideal for new machines or for hardware upgrades.
2. Windows 10 – still supported until **14 Oct 2025** (extended support). Good choice if existing hardware cannot meet Windows 11 requirements. After Oct 2025 you’ll need to upgrade again.
3. Linux (Ubuntu, Mint, Debian, etc.) – free, regularly patched, and increasingly compatible with mainstream business applications (Office‑365 web, Chrome, Firefox). Suitable for legacy hardware and for organizations wanting an OS without licensing fees.

2️⃣ Licensing & Cost Considerations

• Windows 11/10 licenses are sold per device (OEM or retail) or via volume‑licensing for businesses. Prices vary $100‑$150 per seat for retail; volume discounts available.
• Many PC manufacturers now include a **Windows 11 Home** license with new hardware at no extra cost.
• Open‑source Linux distributions are free, but you may need paid support (e.g., Ubuntu Advantage) for mission‑critical environments.

3️⃣ Migration Path – Step‑by‑Step Checklist

1. Backup everything. Use the 3‑2‑1 rule (3 copies, 2 media types, 1 off‑site). Verify restores before proceeding.
2. Inventory hardware. Check CPU, RAM, storage, and TPM 2.0. Run the PC Health Check tool or a third‑party scanner.
3. Choose the target OS. If hardware is borderline, consider Windows 10 (short‑term) or Linux (long‑term).
4. Plan application compatibility. List critical apps and verify they run on the new OS (use vendor compatibility lists or test in a VM).
5. Perform a pilot upgrade. Deploy to a single workstation or a small group, resolve issues, then roll out to the rest.
6. Finalize and document. Update device inventories, license records, and backup schedules.

4️⃣ For Legacy Systems That Must Remain on Windows 7

• Isolate the machine on a **segmented network** or VLAN with no Internet access.
• Apply **application‑level firewalls** (e.g., Windows Defender Firewall with strict inbound/outbound rules).
• Use **air‑gap** strategies: disconnect from the network when not in use.
• Consider **third‑party extended support contracts** from vendors such as BullGuard or Lumension, though these are expensive and temporary.
• Plan a **decommission schedule** – set a firm deadline for retirement and budget for replacement hardware.

5️⃣ Security Best Practices (Regardless of OS)

• Enable **multi‑factor authentication (MFA)** on all cloud services and VPNs.
• Keep all installed software (browsers, Office suites, drivers) up to date.
• Run reputable **anti‑malware** solutions and schedule regular scans.
• Encrypt sensitive data at rest (BitLocker for Windows, LUKS for Linux).
• Educate users on phishing, social engineering, and safe download habits.

Getting Help with the Transition

If you need assistance assessing your current Windows 7 fleet, planning a migration to Windows 10/11 or a Linux alternative, or securing legacy machines while you transition, call PSA Computer Services at (707) 506‑6802. We’ll help you design a cost‑effective roadmap that keeps your data safe and your business running.

Dear Reader,

The FBI is the lead federal agency for investigating cyber-attacks by criminals, overseas adversaries, and terrorists, and the FBI’s IC3 provides the public with a trustworthy and convenient reporting mechanism to submit information concerning suspected Internet facilitated criminal activity.

The 2018 Internet Crime Report emphasizes the IC3’s efforts in monitoring trending scams such as Business Email Compromise (BEC), Extortion, Tech Support Fraud, and Payroll Diversion. In 2018, IC3 received a total of 351,937 complaints with losses exceeding $2.7 Billion.

This past year, the most prevalent crime types reported by victims were Non-Payment/NonDelivery, Extortion, and Personal Data Breach. The top three crime types with the highest reported loss were BEC, Confidence/Romance fraud, and Non-Payment/Non-Delivery.

In February 2018, the IC3 established the Recovery Asset Team (RAT) to assist in the recovery of funds for victims involved in BEC schemes by streamlining communications to financial Institutions. The RAT works within the Domestic Financial Fraud Kill Chain (DFFKC) to recover fraudulent funds wired by victims. The DFFKC is a partnership between law enforcement and financial entities. In 2018, the IC3 RAT notified 56 field offices and 12 Legal Attachés of 1,061 DFFKC’s totaling $257,096,992, a recovery rate of 75%.

Another new asset of the IC3 was the creation of the Victim Specialists-Internet Crimes (VSIC) position. The VSIC contact victims of internet crimes, provide crisis intervention, conduct needs assessments, and refer victims to resources and referrals when appropriate. This new position is designed to ensure timely support and services are provided to victims to prevent further victimization and to engage the recovery process as quickly as possible. These positions also lead to a greater coordination of services with the victim’s local field office Victim Specialist.

We hope this report provides additional information of value as we work together to protect our nation against cyber threats.

Matt Gorham
Assistant Director
Cyber Division
Federal Bureau of Investigation

Read the full report here: https://www.ic3.gov/Media/PDF/AnnualReport/2018_IC3Report.pdf

Tip (ST19-001)
Security Tip – Protecting Against Ransomware
Original release date: April 11, 2019

Redirects to the Official website of the Department of Homeland Security
[US-CERT – United States Computer Emergency Readiness Team]

To read article visit: https://www.us-cert.gov/ncas/tips/ST19-001

Article (PSA‑0011)

Why This Year Was a Wake‑Up Call

From the rapid spread of WannaCry and NotPetya ransomware to the explosion of illicit cryptocurrency miners, 2017 reminded us that cyber‑threats can appear from unexpected places. Each year the quantity and variety of threats increase, and attackers continuously develop new ways to infiltrate devices while covering their tracks.

Key Threat Statistics (2017‑2023 Trend Highlights)

• Ransomware – Over 2 billion records exposed worldwide (2022 Verizon DBIR).
• Cryptocurrency miners – Symantec reported an 8,500 % increase in miner detections from 2016 to 2017; the trend continues with modern “cryptojacking” scripts on compromised websites.
• Downloader families – + 92 % new variants reported in 2017; these “dropper” programs fetch additional malware after initial infection.
• Mac malware – + 80 % new threats in 2017, and the numbers have kept climbing as macOS market share grows.

What Is Malware?

“Malware” = malicious software. It’s an umbrella term for any program that infects a computer without the user’s consent, including viruses, ransomware, spyware, ad‑ware, trojans, and cryptominers.

Common Infection Vectors (non‑exhaustive)

• Infected email attachments.
• Compromised USB thumb drives or external disks.
• Downloads from untrusted websites or pirated software.
• Malicious links in email, social‑media posts, instant‑message chats.
• Drive‑by downloads via compromised legitimate‑looking websites (malvertising).

For a full glossary of terms, see our Threat Glossary.

Do You Need to Worry About Malware?

Absolutely. Cyber‑crime targets anyone with an Internet‑connected device—home users, small businesses, and large enterprises alike.

• Business impact: A breach can expose customer data, trigger legal penalties (GDPR, HIPAA, PCI‑DSS), and damage reputation.
• Personal impact: Family photos, financial documents, and personal communications can be stolen, encrypted, or deleted.
• Recent surveys (Verizon 2023) show **≈ 1 in 3 people** reported a personal security incident in the past year.

Basic Protection Checklist (Start Here)

1. Keep software updated. Enable automatic Windows/macOS updates, and patch third‑party apps as soon as patches appear.
2. Use reputable antivirus/anti‑malware. Microsoft Defender (Windows 10/11) or a trusted third‑party solution (Bitdefender, Malwarebytes, ESET).
3. Enable a firewall. Built‑in OS firewall is sufficient for most home users; ensure it’s turned on.
4. Practice safe browsing. Don’t click unknown links, verify URLs, and avoid downloading from untrusted sites.
5. Secure email. Use spam filters, enable MFA on email accounts, and never open unexpected attachments.
6. Back up your data. Follow the 3‑2‑1‑0 rule (three copies, two media types, one off‑site, zero errors).
7. Enable multi‑factor authentication (MFA) on any cloud service, VPN, and privileged accounts.

What to Do If You Suspect an Infection

• Disconnect the device from the Internet (disable Wi‑Fi/Ethernet).
• Run a full scan with an up‑to‑date anti‑malware product.
• If the scan reports ransomware or a serious threat, isolate the machine and consider professional remediation.
• Change passwords for any accounts accessed from the infected device (preferably from a clean device).
• Restore files from a recent, verified backup if they have been encrypted or corrupted.

2025 Update – New Threat Landscape & Mitigations

Since the original 2017‑2023 overview, several important developments have reshaped the threat environment. Below is a concise addendum you can use to keep the article current.

1️⃣ Ransomware‑as‑a‑Service (RaaS) is Mainstream

• Attack‑as‑a‑service platforms (e.g., LockBit 2.0, Hive, Blackcat) let low‑skill actors launch ransomware attacks for a subscription fee.
• 2024 Verizon DBIR reported 61 % of data‑breach incidents involved ransomware, and total ransomware payments in 2024 topped **$1.5 billion**.
• Mitigation: Deploy **endpoint detection & response (EDR)** solutions (CrowdStrike Falcon, SentinelOne, Microsoft Defender for Endpoint) that can detect malicious behavior before encryption begins; maintain immutable backups (write‑once, read‑many) to thwart ransom demands.

2️⃣ AI‑Generated Phishing & Deepfake Social Engineering

• Large‑language models are being used to craft hyper‑personalized phishing emails that bypass traditional keyword filters.
• Deepfake video/audio calls are increasingly used to impersonate executives (“CEO fraud”).
• Mitigation: Adopt **zero‑trust email verification** (DMARC, SPF, DKIM), train staff with regular simulated phishing campaigns, and enforce MFA for all privileged accounts.

3️⃣ Supply‑Chain & Software‑Update Attacks

• After the 2020 SolarWinds breach, attackers have focused on compromising software update mechanisms (e.g., recent Octave and EventX incidents in 2025).
• Mitigation: Verify code signatures, enable **code‑signing integrity checks**, and limit admin rights on update tools.

4️⃣ Cryptojacking Evolution

• Browser‑based cryptojacking scripts now target **WebAssembly** for higher hash rates, often delivered via compromised ad‑networks.
• Mobile devices are also being hijacked to mine Monero via malicious apps.
• Mitigation: Use browser extensions that block crypto‑mining scripts (e.g., uBlock Origin, NoScript), keep browsers and plug‑ins up to date, and run mobile anti‑malware scans.

5️⃣ Rise of “File‑less” Malware & Living‑off‑the‑Land (LotL) Techniques

• Attackers increasingly leverage legitimate OS utilities (PowerShell, Windows Management Instrumentation, Office macros) to execute payloads without dropping a file on disk.
• Mitigation: Enable **Windows Defender Exploit Guard** (Attack Surface Reduction rules), enforce **Application Control** (AppLocker or Microsoft Defender Application Control), and limit PowerShell execution policies.

6️⃣ Enhanced Defensive Technologies (2025)

• Microsoft 365 Defender XDR integrates email, endpoint, identity, and cloud app protection using AI‑driven analytics.
• Zero‑Trust Network Access (ZTNA) replaces traditional VPNs for many businesses, reducing lateral movement risk.
• Endpoint platforms now provide **automated ransomware rollback** (e.g., CrowdStrike’s “Rollback” and SentinelOne’s “ActiveEDR”) that can restore files to pre‑infection state without a backup.

7️⃣ Updated Statistics (2025)

• IDC estimates **5.6 billion** devices will be infected with some form of malware by the end of 2025.
• 2024 Palo Alto Networks report shows a **28 % increase** in credential‑theft attacks targeting remote‑work setups.
• Cyber‑insurance premiums have risen an average of **23 %** year‑over‑year, reflecting the growing cost of ransomware and data‑breach remediation.

Need Help Right Now?

If you have questions about current threats, want a security assessment, or need assistance cleaning an infected system, call PSA Computer Services at (707) 506‑6802. We’ll help you protect your data and get you back online safely.

Article (PSA‑0010)

Why Organised Folders & File Names Matter

Clear, consistent folder hierarchies and descriptive file names make it easy for anyone – you, a colleague, or a future replacement – to locate, sort, and understand data without having to open every file. When the structure is well‑planned you also reduce the risk of accidental overwrites, improve backup reliability, and simplify compliance audits.

General Principles

• Consistency is king. Choose a convention and apply it everywhere.
• Keep it human‑readable. A person should understand the purpose of a folder or file just by glancing at its name.
• Stay within OS limits. Most file systems allow 255 characters per name and 260 characters for a full path (Windows) or 4 KB per path (Linux/macOS). Avoid nesting too deeply.
• Separate concerns. Use top‑level directories for major categories (e.g., Personal, Business, Projects, Archives).

Designing a Folder Hierarchy

1️⃣ Top‑Level Categories

Start with a few broad folders that reflect the primary purpose of the data.

/Personal
/Business
/Shared
/Archives

2️⃣ Sub‑Categories by Type

Inside each top‑level folder, group by data type or function.

/Personal/
    Documents/
    Pictures/
    Music/
    Finance/
    Health/

 /Business/
    Clients/
    Projects/
    Marketing/
    HR/
    Finance/

3️⃣ Time‑Based Segmentation (when relevant)

For large, chronological collections (photos, invoices, logs) add a date hierarchy. Use the ISO‑8601 format YYYY‑MM (or YYYY‑MM‑DD) – it sorts naturally.

/Personal/Pictures/2024/01_Jan/
/Business/Finance/Invoices/2024/01_Jan/

4️⃣ Project‑Oriented Segmentation

When a project spans multiple data types, create a dedicated project folder and nest type‑specific subfolders inside it.

/Business/Projects/ABC_Redesign/
    Docs/
    Designs/
    Deliverables/
    Archive/

File‑Naming Conventions – Actionable Rules

1. Date format – Use YYYYMMDD (or YYYY‑MM‑DD) at the beginning or end of the name. This format sorts correctly and avoids ambiguity across regions.
2. Scope identifiers – Add short, standard abbreviations for:
   • Project code – e.g., ABC for Project ABC.
   • Department or client initials – e.g., HR, ACME.
3. Versioning – Use zero‑padded numbers (v001, v002) so that lexical sorting matches chronological order.
4. Descriptive title – Include a concise subject (max 3‑4 words) that remains meaningful outside the folder context.
5. Separator choice – Use either _ (underscore) or - (hyphen) consistently. CamelCase is acceptable but avoid mixing styles.
6. File‑type extension – Keep the correct extension (e.g., .pdf, .xlsx) as the last element.

Example File Names

20240415_ABC_Proposal_v001.pdf
20240328_HR_EmployeeList_v03.xlsx
IMG_20240112_Jan_Holiday.jpg
2024-04-30_Invoice_ACME_001.pdf

Do’s & Don’ts (quick reference)

• Do use only alphanumeric characters, underscores (_), hyphens (-), and periods for the extension.
• Do keep names concise – aim for ≤ 30 characters (excluding extension) when possible.
• Do make the name readable without relying on the folder path for context.
• Don’t use spaces, tabs, commas, semicolons, or special symbols (e.g., # $ % & *).
• Don’t use all caps for the entire name; reserve caps for abbreviations only.
• Don’t embed version control software identifiers (like .git) in regular file names unless the file is truly part of a repo.

Practical Tips for Implementation

1. Document the standard. Create a one‑page cheat sheet and store it in the root folder (e.g., README_FileNaming.txt).
2. Automate where possible. Use bulk‑rename tools (PowerRename in PowerToys, Bulk Rename Utility, or scripts) to retrofit existing files to the new convention.
3. Leverage OS features. Use “Quick Access” (Windows) or “Favorites” (macOS) to pin frequently used top‑level folders.
4. Regularly audit. Conduct a quarterly review to ensure new files follow the rules and to prune empty or obsolete folders.
5. Back up consistently. A predictable folder structure improves backup reliability and makes restores faster.

When Working in a Team or Organization

• Adopt the same hierarchy across all shared drives or cloud storage (OneDrive, Google Drive, SharePoint).
• Agree on a master list of abbreviations (project codes, department IDs) to avoid collisions.
• Include the naming policy in onboarding material and enforce it through periodic spot‑checks.

Bottom Line

A well‑designed folder tree combined with a clear, consistent file‑naming scheme turns a chaotic data dump into an organized, searchable library. Adopt the rules above, document them, and enforce them – the time you invest now saves countless hours later.

Need Assistance?

If you’d like help designing a folder hierarchy, creating a naming standard for your team, or cleaning up an existing file system, call PSA Computer Services at (707) 506‑6802.