Technology Advisor Blog

Just because it is January, does not mean hackers are ceasing their cyber attacks on businesses and unsuspecting victims. This month, we have noticed scams such as stealing debit card information at local stores hitting close to home, sophisticated phishing attempts across social media accounts, particularly Instagram, and Windows 11 updates we’ve observed for users. At Ekaru, our goals are to provide users with the most up-to-date news for cybersecurity locally and across the US, while also providing tips to keeping you and businesses safe.

Close to Home: Skimming Device on ATM Machine in Chelmsford

Earlier this month, a maintenance technician began working on an ATM in a local supermarket store located in Chelmsford, MA. Upon his services, they identified a camera attached to the ATM, along with a skimmer to obtain unsuspecting victim’s PIN numbers. It’s a heavy reminder that though we have heard on the news about these devices happening across the US and beyond, it’s a shock when it is in your hometown. Now you feel you are at a higher chance of becoming a chain reaction in unexpected fraudulent behavior.
Local police are ensuring those that may have used a local ATM in Chelmsford to keep a proactive eye out for any unusual activity across their bank or debit accounts.

Safety Tips to Avoid ATM Skimmers

• When you are looking to extract funds from your debit or banking accounts, its important to inspect the ATM you are approaching with caution. The key indicators to look out for are anything on the device is loose, crooked, damaged or scratched. If you notice any of those before tapping or inserting your card, it is best to use another reader for peace of mind.

• Before entering your PIN, make sure the keypad is installed securely. This means pull at the edges for anything to come loose. When typing your PIN, cover this information as best as you can. There is the possibility of cameras picking up the numbers of your PIN all around the terminal.

• If possible, use ATMS in well-lit locations, preferably indoors. Since they are inside and security cameras within the business could be present, the possibility of ATM being compromised is still there, but less vulnerable than one located outside in the elements, away from cameras and good lighting.

While the technician thankfully located these devices left by cybercriminals, it’s unclear how long they were on the ATM before being discovered.

No Breach Detected: Instagram Phishing

For businesses and individuals, social media allows us to stay connected with loved ones, share our favorite moments, send funny reels to friends, and discover businesses both large and small. Within the first 2 weeks of the new year, millions of users received unsolicited emails from security@mail.instagram.com in their inboxes to reset their Instagram password. As an individual’s social media account is sacred, they ensure they have a strong password to prevent any hackers from trying to reset their passwords. When you suddenly receive a password reset email from what appears to be Instagram’s official security email, it’s enough to create an anxious reaction in multiple users.

According to users on social media platforms such as TikTok that spread awareness on this phishing campaign, about 17.5 million users were affected. The comments left by folks made users feel better that they weren’t the only ones that received the email. Some admitted they clicked the link; others double checked their security settings. Thankfully Instagram has calmed users down by reinforcing that with these sophisticated phishing attacks that there was no breach to account information.
This is another reminder that emails can appear legitimate from businesses and social media platforms, but essential to always verify before reacting/clicking a link attached to an email or SMS messaging.

Tips to Keep Your Social Media Accounts Safe

• If you receive an email from a social media platform that someone is trying to reset your Instagram password, verify through the social media platform itself. Do NOT click ANY links.

• Instagram particularly in its security settings has a section where you can check for legitimate emails sent to you from Instagram within the last 14 days. If there isn’t anything present after clicking that section or in other cases the button doesn’t do anything, then it is likely a very convincing phishing email.

• Enable strong 2FA on your devices for additional security.

• If you feel the need to, change your password and have it be unique to each platform.

While the Instagram reset email is not legitimate, the main purpose is to cause confusion, panic to click, rush, and react to give access to your systems.

Windows 11 Monthly Recap

For Windows 11 updates in the month of January, a significant rollout of security and cumulative patches that kept users and IT pros on their toes. Microsoft delivered its usual Patch Tuesday cumulative update (KB5074109) on January 13, followed by two out-of-band fixes as significant problems emerged.

January Patch Tuesday (KB5074109)
The main security and cumulative update for Windows 11 (versions 24H2/25H2) was released mid-month. This update addressed security vulnerabilities and general OS stability improvements, though Microsoft did not roll out major new features with it.

Emergency Out-of-Band Updates (KB5077744 & KB5078127)
Soon after the January cumulative update, Microsoft issued two emergency patches to fix serious regressions. This includes shutdown/hibernate failures and Remote Desktop credential issues.

Boot Failures & Stability Problems
Some users reported rare but severe errors like UNMOUNTABLE_BOOT_VOLUME, where PCs failed to boot entirely after applying the January updates, requiring manual recovery via WinRE. Microsoft confirmed it was actively investigating these reports and the update’s interaction with certain system states.

Legacy Hardware Impact
The KB5074109 update removed several legacy modem drivers, unintentionally disabling dial-up and other older networking hardware for users still dependent on them. Microsoft stated this was intentional from a security perspective, understandably the change frustrated users that were affected.

Tips For Rolling Windows Updates

• Install emergency patches promptly where issues are confirmed.

• Backup before updating: Create a system restore point or full backup prior to installing cumulative updates, especially on production machines.

• Check the Windows Release Health dashboard: For the latest confirmed fixes and known issues from Microsoft, that dashboard remains the authoritative source for update status.

Ekaru is Here to Protect You and Your Business

At Ekaru, we specialize in protecting users from everyday cyber risks that often go unnoticed.

In cases like ATM skimming, we educate users on spotting compromised machines, monitoring bank alerts, and responding proactively if card data is suspected to be stolen. When it comes to password-reset phishing emails, our team deploys email filtering, user awareness training, and assisting with larger incident response teams to prevent credential theft before damage is done.

Beyond individual threats, we help organizations stay on top of Windows 11 updates by monitoring Patch Tuesday releases, testing updates before deployment, rolling out emergency fixes when required, and minimizing downtime caused by unstable patches. Together, these services reduce risk, improve response times, and allow users and businesses to stay secure without needing deep technical expertise themselves. Our intention is to help our community by identifying suspicious activity, react proactively and keep your personal or business workflows optimal.

If you or your team are looking to increase their cybersecurity needs while also being considerate with your budget, we are here and happy to help. Let’s connect and see how our services can meet your cybersecurity needs today!