Faith-Based Daily Awareness Post 10 April 2026

These updates are shared to help raise the situational awareness of Faith-Based organizations to best defend against and mitigate the impacts from all-hazards threats including physical security, cybersecurity, and natural disasters.

Iran’s Cyber War Six Weeks In: Critical Infrastructure Is Under Active Attack

The current threat environment reflects a sustained and escalating convergence of kinetic conflict and cyber operations, with Iranian state-linked actors actively targeting critical infrastructure despite a nominal ceasefire. U.S. government agencies have confirmed that IRGC-affiliated groups, particularly CyberAv3ngers, are exploiting internet-facing programmable logic controllers (PLCs) across sectors, including energy, water, and municipal systems, using techniques that enable persistent access, as well as potential real-world operational disruption. At the same time, Iran’s cyber campaign is expanding in scope and sophistication, supported in part by Russian intelligence and infrastructure, which complicates detection and attribution.

Notably, several prominent Iranian APT groups have gone quiet, a pattern historically associated with retooling and pre-positioning for future escalation rather than de-escalation. With major technology companies publicly named as targets by Iran and cloud infrastructure already struck, organizations – especially those with OT exposure, energy ties, or regional presence – face a high likelihood of continued intrusions, potential destructive attacks, and cascading impacts. The article’s overall assessment is that cyber activity remains elevated and operationally significant, with the greatest risk stemming from undetected access, expanding attack surfaces, and the potential for rapid escalation if geopolitical conditions deteriorate further.

Analyst Comments: For faith-based organizations, the key takeaway is not direct targeting, but the potential for short-term disruptions to the critical services they rely on. As cyber operations increasingly focus on energy and infrastructure systems, there is a higher likelihood that dependencies such as power, communications, or cloud-based services could experience temporary outages lasting from several hours to a few days. While this is not assessed as a sustained or large-scale threat to facilities themselves, it is a prudent reminder for organizations to review continuity plans, ensure backup communication methods are available, and prepare for brief service interruptions that could impact daily operations.

Scammers pose as Amazon support to steal your account

Cybercriminals are increasingly impersonating Amazon in widespread “spray and pray” phishing campaigns, leveraging the company’s massive global customer base to maximize their chances of success. A recent scam involves fake product recall emails claiming that an item purchased poses a safety risk, prompting recipients to click a link. These links lead to fraudulent login pages designed to steal Amazon credentials, enabling account takeovers. The messages are intentionally nonspecific to increase the likelihood that recipients will believe they may be affected, especially if they have recently made purchases.

To avoid falling victim, users should never click links in such messages and instead access their Amazon account directly to verify any alerts through the official message center. If compromised, individuals should immediately change their passwords, enable two-factor authentication, monitor financial accounts for suspicious activity, and report the scam to Amazon or relevant authorities.

Analyst Comments: This serves as a timely reminder for staff and volunteers that phishing campaigns continue to leverage trusted brands like Amazon to steal credentials. Organizations should reinforce basic cyber hygiene practices avoiding links in unsolicited messages, verifying communications through official channels, and enabling multi-factor authentication. Even a single compromised account can create broader organizational risk, so consistent awareness across all personnel remains essential.