Viperlink Pte Ltd

25/06/2026

That urgent email from the CEO asking for a rush payment? It might be an AI deepfake.
Attackers are now cloning voices and mimicking writing styles perfectly to bypass the red flags we used to rely on. It’s time to upgrade your AP process.
https://youtu.be/MbF8zI9ajXM

That urgent email from the CEO asking for a rush payment? It might ...

25/06/2026

If your business uses a generic email like info@, sales@, or support@, there's a good chance you're paying for it incorrectly.

The default approach most SMBs take is to set up a regular user mailbox, share the password between staff, and call it a day.

That setup creates two real problems.

1) There's no audit trail of who sent what.

When someone leaves, they still have the password. And shared passwords are one of the most common ways small businesses get compromised.

2) You're paying for a Microsoft 365 license on a mailbox that no human owns.

Microsoft 365 has a built-in feature that solves both: Shared Mailboxes.

A Shared Mailbox lets multiple staff access the same email address (info@, support@, etc.) using their own personal logins.

Replies appear to come from the shared address.

Every action is logged under the individual employee. And it does not require a separate license if the mailbox stays under 50 GB.

How to set one up:

1. Sign in to admin.microsoft.com

2. Go to Teams & groups > Shared mailboxes

3. Click Add a shared mailbox

4. Enter a display name and email address

5. Click Add members and choose who gets access

Members can read, send from, and manage the shared address from their own Outlook within an hour.

When an employee leaves, you remove them from the mailbox in 30 seconds.

There are no password changes, and no risk of an ex-employee still reading client emails.

20/06/2026

If you use Excel and Microsoft 365 Copilot, an upgrade from March 2026 might save you hours every week.

It's called Work IQ, and it changes how Copilot handles spreadsheets.

Before, you had to manually feed Copilot the data you wanted it to use. Copy figures from an email, paste them into Excel, then ask Copilot to clean it up.

Now, Copilot can pull context directly from your related emails, Teams chats, meetings, and files in your Microsoft tenant. It reads the source material itself.

You can do things like:

▶️ Reconcile a vendor invoice against the quoted price by pointing Copilot at the original email thread.

▶️ Update a sales forecast based on the recap of yesterday's pipeline meeting.

▶️ Reformat a messy data dump a client sent over.

To use it, you need a Microsoft 365 Copilot license and the document stored in your business tenant, not a personal OneDrive.

One note on security: Copilot can only access files the user already has permission to see.

If your SharePoint and OneDrive permissions are messy, Copilot will surface things you didn't intend to share.

Audit your file permissions before turning this loose on your team.

17/06/2026

When an employee leaves, you take their laptop and disable their email.
But what about the other 100+ SaaS apps they logged into?

"Zombie Accounts" are active logins for former staff that stay live for months, providing a silent doorway into your sensitive data.
https://youtu.be/KsgCZvB7BjE

When an employee leaves, you take their laptop and disable their em...

15/06/2026

The one Outlook rule you need to set to save yourself from awkward conversations.

It's called "delay delivery." You set it once in classic Outlook, and from that point on every email you send sits in your Outbox for a specific time (that you set) before it leaves.

If you spot a typo, realize you sent the wrong attachment, or wrote something in frustration you wish you hadn't, you have can a standard 2-minute delay to give you enough time to stop it.

Just delete the email from your Outbox before the timer runs out.

To set it up in classic Outlook:

1. Go to File ; Manage Rules & Alerts

2. Click "New Rule" and pick "Apply rule on messages I send"

3. Skip past the conditions so it applies to every email

4. Check "defer delivery by a number of minutes" and set it to 2

5. Save the rule

This is better than Outlook's built-in "Recall" feature, because it works every single time.

10/06/2026

Saving a work password in a personal browser profile feels like a tiny convenience, but it's a massive security exposure. Discover how separating work and personal contexts can isolate risks and keep your data safe.
https://youtu.be/TPjGTKOBU1o

Saving a work password in a personal browser profile feels like a t...

10/06/2026

Pay attention to this fake “Microsoft” scam.

If an email asks you to enter a verification code on Microsoft's login page, don't enter the code.

That request is the giveaway for a phishing technique called device code phishing, which has hit over 340 organizations across the US, Canada, and Europe since February.

What makes this attack dangerous is that it bypasses Multi-Factor Authentication entirely, even strong MFA.

The attacker is tricking you into authorizing their device into your Microsoft 365 tenant.

You get an email about a shared SharePoint document, a payroll bonus PDF, or a meeting invitation from someone who looks legitimate.

The link sends you to login.microsoftonline.com, which is the real Microsoft login page.

The page asks you to type in a short verification code that was included in the email. You enter it and move on with your day.

But what you did was approve the attacker's device into your Microsoft 365 environment.

They now have a valid access token tied to your account.

They can read your email, download your files, and set up mailbox forwarding rules without ever needing your password again.

A turnkey phishing kit called EvilTokens started selling on Telegram in February 2026, which means even low-skill attackers can run these campaigns at scale.

To shut this attack down inside your business:

▶️ Block device code authentication flow in Entra ID for users who don't need it.

05/06/2026

If a website ever tells you to press Windows Key + R, close the tab.

That single instruction is the giveaway for a fast-growing scam called ClickFix, which has been behind a wave of infostealer infections all year.

An infostealer is malware that scrapes every saved password, browser cookie, session token, and stored credit card...

You click a Google result that takes you to a hacked website.

A fake CAPTCHA pops up and tells you to press Windows Key + R, then Ctrl + V, then Enter to verify you're human.

The second you hit Enter, you've installed malware on your own machine.

This attack slips past most security tools because you run the command yourself.

No file was downloaded, so antivirus has nothing to scan.

The browser shows no warning.

From the operating system's perspective, you typed a command into a Windows utility, the same as any admin doing real work.

A few things you can do this week:

▶️ Tell your team that if any website prompts the user to press Win+R or paste something into the Run box, they should close the tab and report it.

▶️ Restrict PowerShell for non-IT staff using AppLocker or Windows Defender Application Control. Most office employees have no work reason to run PowerShell scripts.

▶️ Make sure your endpoint protection is doing behavioral monitoring and not just signature scanning. Microsoft Defender for Endpoint and most modern EDR tools have detection rules specifically for this attack chain.

There's no shame in falling

03/06/2026

You approve an MFA prompt and carry on with your day, unaware that a hacker just hijacked your active session.

🕵️ AiTM attacks don't steal passwords, they steal the "session cookie" created after you log in. Standard MFA isn't enough anymore.
https://youtu.be/qTvQ-LLlYyA

You approve an MFA prompt and carry on with your day, unaware that ...

29/05/2026

Remote work shouldn't mean relaxed security.
Your living room is now a part of your corporate network.
Ensure your home office meets modern device trust standards and learn how to secure your physical environment from accidental data leaks.
https://youtu.be/anDkJZGjAfM

Remote work shouldn't mean relaxed security. Your living room is now a part of your corporate network. Ensure your home office meets modern device trust stan...