Technology Advisor Blog

Every year, the IRS releases its list of the “Dirty Dozen” - the most common tax scams they’re seeing across the country.

And every year, we have the same conversation with clients:

“I got an email that looked official… I just wanted to double-check before I clicked anything.”

This year’s list for 2026 is a reminder of something we’re seeing more and more - scammers aren’t just targeting individuals anymore. They’re going after small businesses, nonprofits, and busy teams who don’t have time to second-guess every message.

Let’s break down what matters most - and what to watch for.

The IRS “Dirty Dozen” tax scams for 2026 highlight the most common ways scammers target taxpayers and small businesses - from phishing emails and fake charities to misleading tax credits and identity theft. Understanding these scams can help you avoid costly mistakes, protect sensitive information, and reduce your risk during tax season. 

Business email compromise, or BEC, is not always about a suspicious email. Sometimes the real danger is an attacker quietly using a real account while your business has no idea. 

When most people think about email security, they picture a suspicious message landing in someone’s inbox. Maybe it has a strange link, awkward wording, or a request that feels just a little off.

That is still a very real problem. But some of the most damaging email-related attacks do not start with an obviously fake message. They start when a criminal gets access to a real Microsoft 365 account and begins quietly looking around.

That is what makes business email compromise so dangerous.

You did it. You upgraded to that big, beautiful, high-resolution monitor. Maybe it’s 27 inches. Maybe it’s 4K. Maybe it looked absolutely stunning in the store.

If your email isn’t working today, you’re not alone.

Security updates aren’t the most exciting topic—but they are one of the most important parts of keeping your business protected.

Right now, we’re seeing something that surprises a lot of people: about 13% of the systems in our community need a reboot.  That means critical security updates are downloaded… but not fully protecting those computers yet.

Why reboots matter more than most people realize

Each month, Microsoft releases security fixes (often called “Patch Tuesday”). Behind the scenes, we carefully test critical patches within 24 hours, then roll out additional updates over the following week. This testing and deployment process is a core part of a healthy security program.

Here’s the catch: many of those security patches don’t actually take effect until you reboot.  And we're seeing too many computers in our community that haven't been rebooted in too long.

Even more important, some patches are sequential. If the first update doesn’t fully install because the

Most of us barely notice CAPTCHA checks anymore.

You know the ones - the little box that says “I am not a robot”, or the quick image puzzle before you can move on. The little puzzle may ask you to select the images that contain traffic lights, bicycles, or crosswalks.  We see them so often that clicking through has become second nature. In fact, many people associate CAPTCHAs with extra security, not risk.

If your favorite app wouldn’t load this morning, you weren’t alone. Amazon Web Services (AWS) - the cloud backbone behind a huge slice of the internet - had a major hiccup in its US-EAST-1 (Northern Virginia) region in the early hours today. Reports began around ~3:00 a.m. ET, with recovery signs a couple hours later. By mid-morning, Amazon said the underlying issue had been fully mitigated. Still, the ripple effects were hard to miss: services like Snapchat, Zoom, Signal, Fortnite, Coinbase/Robinhood, Perplexity, and even airline sites such as Delta and United saw issues at points during the incident. DownDetector tallied millions of outage reports across the globe. The Verge

This week, we received what looked like an official Request for Proposal (RFP) email from a local business we know. It was well-written, professional, and completely believable.

Last week, I didn’t even see a suspicious voicemail notification in my inbox - and that’s the point! Our email security blocked it before it ever got to me. At first glance, the message looked pretty legitimate.  It  was well-formatted, had a sense of urgency - “Your voicemail system has received a new message.  Review it promptly to stay updated”, and looked like something that could easily trick someone into clicking.

Microsoft has officially announced that Windows 10 support will end on October 14, 2025. After that date, no more free security updates will be released. For small businesses, this isn’t just a technical detail - it’s a security and business risk. Cybercriminals often target outdated systems, and without regular patches, Windows 10 devices will quickly become vulnerable.