Mindpod Technologies
A Mindpod Technologies Newsletter · Atlanta

The Mindpod Spot

Issue No. 02  ·  Fall 2026

The Human Firewall — when the con sounds exactly like your boss, the fix is to hang up and call a number you already trust.

In This Issue
  1. The Con Got an Upgrade — why the old scam tells are dead, and the cheap human fix.
  2. Field Reports — the exact con aimed at SMBs, law firms, clinics & nonprofits (and what to do this week).
  3. Signals — five tech-ecosystem trends behind the new wave of scams.
  4. From the Editor’s Desk — a note from Jaras Funderburg.
Highlights
  • The con got an AI upgrade: perfect grammar, real-looking links, and a voice that sounds exactly like your boss.
  • The best defense against all of it isn't a product — it's a quick phone call to a number you already know.
  • That urgent "approve the login" buzz on your phone? If you didn't ask for it, the answer is no.
  • Field reports for SMBs, law firms, clinics & nonprofits — the exact scam aimed at each, and what to do this week.
Feature

The Con Got an Upgrade

The old warning signs are dead. AI now writes the scam in perfect English, in your boss's voice, with your vendor's face.

By the Mindpod Field Team  ·  Edited by Jaras Funderburg

For years we taught people to spot the bad ones: the typos, the broken grammar, the "Dear Valued Customer," the link that went somewhere it shouldn't. Those tells are gone. AI now drafts a phishing email cleaner than most of us write — no errors, the right tone, the company's lingo, your manager's exact way of signing off. It can clone a voice from a short clip of audio, so the "urgent" phone call really does sound like the boss. It can fake a face on a video call. The grammar mistake you were trained to catch isn't coming anymore, because a machine is doing the writing now, and machines don't fumble the spelling.

The takeaway

stop hunting for the flaw in the message, because there won't be one. The con isn't sloppier — it's slicker, faster, and cheaper to run at scale, which means more of it is aimed at small shops that figure they're too small to bother with. The good news is that the fix didn't get more expensive. It got more human. The defense isn't a smarter spam filter or a tool you buy — it's a habit anyone can build for free: when a message asks you to move money, change a payment, or hand over data, verify it out of band first. Hang up and call the person back on a number you already trust. The machine can fake the email, the voice, and the face. It can't answer the call you place to a number it never gave you.

Field Reports

The exact con aimed at you

Four sectors, four versions of the same scam — and the same free defense. No vendor required.

SMB

The boss who emails in a hurry is probably not the boss.

The classic con hasn't changed, but the polish has. You get a message from the owner — traveling, in a meeting, can't talk — who needs a wire sent now, or a stack of gift cards bought for a client, and please keep it quiet until it's done. It reads exactly like them, because the tools writing it have studied exactly how they write. The grammar is clean. The signature is right. The urgency is the whole point: hurry is how you skip the step where you'd notice.

Takeaway: the step you skip is the step that saves you. Any request to move money or buy gift cards gets confirmed on a channel the requester already owns — a phone number you had before the email arrived, not one printed in the message. A quick call to a number you already trust beats a costly mistake every time.

Do this week
  • Set a money rule everyone knows: any new or changed payment is verified by calling a known number first — no exceptions for "urgent."
  • Save real direct numbers for your owner, finance lead, and top vendors so nobody has to trust a number from an email.
  • Tell every employee plainly: the company will never ask you to buy gift cards. Make it boring, repeat it, mean it.
Law Firms

The wire instructions changed at the last minute. They always do.

A real estate closing is a magnet because the timing is public, the dollars are large, and everyone's already braced for last-minute paperwork. So the fraudulent email fits right in: a "client" or "opposing counsel" you've been corresponding with sends updated wire instructions, or a quick question that quietly opens a door. The thread looks legitimate because sometimes it is — a compromised inbox somewhere in the chain lets the con ride on a real conversation. A convincing tone is no longer proof of anything.

Takeaway: treat every change to payment instructions as wrong until a human you know confirms it by voice. Call the client or counsel at a number from your own file — never the number, link, or callback in the latest message. The few minutes this costs at closing are the cheapest insurance your firm will ever buy.

Do this week
  • Make verbal verification of wire instructions a required, non-skippable step on every closing checklist.
  • Pull callback numbers for clients and counsel from your matter file, not from the email asking for the change.
  • Brief every paralegal and assistant: a request to rush or stay quiet about a transfer is a reason to slow down and call.

General awareness, not legal advice — confirm specifics with your own counsel and malpractice carrier.

Health Clinics

"This is IT — we need to fix your account real quick."

The phone rings and it's "IT support" or "your software vendor," calm and competent, walking a front-desk staffer through a quick fix that just happens to need a password, a login code, or remote access to the machine. This is vishing — the con by voice — and clinics are a favorite target because the front desk is busy, helpful by training, and sitting on patient records that are worth a lot to the wrong people. The matching email version asks staff to "verify" a portal login through a link that looks just like the real one.

Takeaway: real IT doesn't need your password, and a real login code is never something you read aloud to someone who called you. When a call or email asks for credentials or access, hang up or close it, and reach your actual IT contact or vendor on the number you already have on file. Nobody legitimate is hurt by a callback to a known number.

Do this week
  • Post your real IT and vendor support numbers at the front desk so staff never rely on a number a caller gives them.
  • Make the rule absolute: passwords and login codes are never shared by phone or email — to anyone, ever.
  • When an unexpected "support" call asks for access, train staff to hang up and call IT back on the posted number before doing anything.
Nonprofits

"Are you at your desk? I need a quick favor." — the director, supposedly.

Lean teams of staff and volunteers run on trust and goodwill, which is exactly what the con borrows. A message lands from the executive director or a board member — warm, a little urgent — asking a junior staffer or volunteer to grab some gift cards for a donor thank-you, or to handle a quiet payment before an event. The other flavor goes after the donor list: an email dressed up as your CRM or payment provider asks someone to "verify" a login, handing the keys to your supporters' data to a stranger.

Takeaway: generosity is your mission, not your verification method. Before anyone buys gift cards, moves money, or logs in to "confirm" anything, confirm the request out loud with the person it supposedly came from — using a number or desk you already trust, not the reply button. The real director would always rather get a quick call than see a volunteer out their own cash.

Do this week
  • Tell staff and volunteers directly: leadership will never ask them to buy gift cards — treat that request as a scam, full stop.
  • Set one simple check for any money request: confirm it in person or by a known phone number before acting.
  • Reach donor and payment systems only through a bookmark you saved yourself, never through a link in an email asking you to log in.
Signals

Five trends behind the scams

Across the whole tech ecosystem — not just AI — here’s what’s driving the new wave.

1

The old phishing tells are dead

The "bad grammar, weird greeting, sketchy link" advice we all learned no longer saves you — AI writes clean, fluent, on-brand messages in seconds. The lesson isn't to look harder; it's to stop trusting how a message reads and start verifying who actually sent it.

2

The voice on the phone might not be a person

Cloned voices and faked video have walked out of the lab and into everyday scams, and a short clip pulled from a webinar or voicemail can be enough to mimic someone. A familiar voice asking for money or a password is now a reason to slow down, not speed up.

3

"Verify out of band" is becoming the universal control

The single move that defeats most of these cons is boring and free: confirm the request on a second channel you already trust — call the known number, walk down the hall, never reply to the message that's rushing you. Increasingly, this is the baseline expected of any team handling money or sensitive data.

4

MFA fatigue is the new way in

Attackers who already have a stolen password just spam your phone with login approvals until someone, tired and distracted, finally taps "yes." If a prompt you didn't ask for shows up, the right answer is always deny — then go change that password.

5

Awareness is a habit, not an annual video

The once-a-year compliance click-through ages out the moment the next AI tool ships. The teams staying ahead treat awareness like a fire drill — short, frequent, and human — so "pause and verify" becomes a reflex instead of a slide nobody remembers.

Who sends you this

A quick word about the people behind the newsletter

Mindpod Technologies is an Atlanta firm with a single mission: give the organizations that hold our communities together — small businesses, firms, clinics, nonprofits — the kind of AI, cloud, and security discipline that used to require an enterprise team and an enterprise budget. It’s led by a technologist with 20+ years inside Microsoft infrastructure and security, and this newsletter is part of how we give some of that thinking back, no strings attached.

If anything above hit close to home, the next step is a conversation, not a contract.

Book a free, no-obligation assessment
From the Editor’s Desk

Trust Is the Surface Now

We spent a generation hardening machines. This next one is about hardening trust — because the cons that work today don’t break your software, they borrow your relationships. They wear a familiar voice and a trusted face and bet that you’re too busy to check.

So the most advanced security move of this era turns out to be the oldest one we have: a real person, on a line you already know, beats a perfect fake every time. Pick up the phone. Stay skeptical. Stay kind. We are what we think — so let’s think like people who verify.

— Jaras FunderburgPresident, Mindpod Technologies
Editor’s note — draft in your voice; send me your words for Issue 02 and I’ll polish + drop them in.
Don’t miss the next one

Get The Mindpod Spot in your inbox

One issue, plainly written, no spam — field notes you can actually use, and the occasional Mindpod note we promise to keep tasteful.

Connect

Mindpod Technologies — Atlanta, GA Phone  1-800-301-9873 Email  Info@mindpodtech.com Web  www.mindpodtech.com Book  calendly.com/jarasf

Colophon

Editor — Jaras Funderburg Design & Communications — Jarvonnah Funderburg Issue No. 02 · Fall 2026 Insights are general guidance, not legal, medical, or financial advice.
You’re reading Issue No. 02 of The Mindpod Spot. Forward it to someone who keeps the lights on. Subscribe & read past issues →