Key Takeaways:

• Valentine’s Day is a prime time for cybercriminals, with phishing scams disguised as giveaways, rewards, and romantic promotions.
• Exclusive Guardz Research Findings: The Guardz platform detected, quarantined, and prevented phishing scams impersonating Costco, Walmart, Rituals, and many more, which attempted to lure recipients into malicious links.
• Small businesses are at high risk, as employees may unknowingly click on fraudulent links, compromising sensitive data.
• MSPs play a critical role in protecting SMBs by protecting identities, emails, devices, and data.
  Guardz empowers MSPs with real-time unified detection & response, helping them defend their clients against evolving cyber threats.

Cybercriminals Love Valentine’s Day: Exclusive Guardz Findings

Holidays create the perfect cover for cybercriminals, and Valentine’s Day is no exception. In the weeks leading up to the holiday, cyber scammers intensify their attacks, leveraging themes of love, urgency, and exclusive offers to deceive victims.

While people are celebrating love, cybercriminals are crafting deceptive Valentine’s Day scams to steal credentials, personal information, and financial data. Holidays create a sense of urgency, making users more susceptible to clicking on fraudulent links disguised as “exclusive offers” and “limited-time rewards.”

This year, the Guardz platform detected and quarantined multiple phishing campaigns targeting small businesses—all disguised as Valentine’s Day promotions from well-known brands.

The Guardz Research Unit has uncovered a wave of phishing emails impersonating major brands in the weeks leading up to Valentine’s Day. Here’s what we found:

1. Fake “Costco Valentine Basket” Email (Phishing Scam)

Subject: “Last Chance to Win a Costco Valentine Basket!”
Sender: “Costco Wholesale” (spoofed email address)

This email falsely claims to be from Costco, urging recipients to claim a Valentine’s Day gift basket before it’s “too late.” Clicking the link leads to a fraudulent website designed to steal login credentials and payment information.

Guardz Research Findings: After analyzing the URL, the Guardz Research Unit confirmed that the link leads to a malicious phishing site—not an official Costco promotion.

Guardz Platform Action: This attack was automatically detected, quarantined, and blocked before it could reach recipients’ inboxes, preventing small businesses from falling victim.

2. Fake “Walmart Valentine Rewards” Email 

Subject: “You’ve Won a Walmart Valentine Basket!”
Sender: “Walmart Valentine Rewards” (spoofed email address)

This phishing attempt exploits Walmart’s brand by luring recipients into clicking a fake link to claim a non-existent reward. Employees in small businesses may assume this is a corporate giveaway or customer reward program and unknowingly compromise company credentials.

Guardz Research Findings: The Guardz Research Unit confirmed that this email was not sent by Walmart, and the fraudulent link redirects to a credential-harvesting site.

Guardz Platform Action: The Guardz platform identified the fraudulent sender, analyzed the link, and quarantined the email, ensuring that no end users were exposed to the scam.

3. Fake “Rituals Valentine Package” Email 

Subject: “Congratulations! Your Rituals Valentine Package Is Here!”
Sender: “Rituals” (spoofed email address)

This email pretends to be from Rituals, announcing a Valentine’s gift for the recipient and urging them to click a link to “claim” their prize.

Guardz Research Findings: The Guardz Research Unit determined that the link leads to a malicious site designed to steal credentials.

Important Note: Guardz maintains strict confidentiality for all detected threats, ensuring no customer details are published or shared.

How MSPs Can Protect Small Businesses from Valentine’s Day Cyber Threats

1. AI-Powered Email Security: Preventing Threats Before They Reach Users

Most phishing emails bypass traditional spam filters, relying on brand impersonation and psychological manipulation. MSPs must deploy advanced AI-driven email security to:
– Detect and block phishing attempts before they reach inboxes.
– Analyze and quarantine suspicious emails in real-time to prevent credential theft.
– Automatically prevent malicious links from being accessed.

Guardz provides MSPs with AI-powered email security, allowing them to automatically stop phishing campaigns before they impact businesses.

Guardz helps MSPs prevent account compromise by securing email, detecting phishing attempts, and monitoring for credential leaks—before they turn into full-blown breaches.

2. Phishing Simulations: Strengthening Employee Awareness

Even with advanced security, human error remains the top cybersecurity risk. The best way to ensure employees recognize phishing threats? Simulated phishing tests.

Guardz provides MSPs with automated phishing simulations, helping SMB employees:
– Recognize phishing attempts in real time.
– Practice identifying fraudulent emails safely.
– Improve their cybersecurity habits through ongoing training.

With real-time reporting, MSPs can track employee performance, identify vulnerabilities, and reinforce training where needed.

3. Cyber Awareness Training: Reducing Human Error Risks

Cybercriminals rely on untrained employees clicking malicious links. Ongoing cybersecurity training is the key to prevention.

Guardz Cyber Awareness Training Helps MSPs:
✔ Deliver automated, ongoing security training for SMB employees.
✔ Test employees with real-world cyber threats to improve response rates.
✔ Monitor training effectiveness to ensure businesses stay secure.

How Guardz Helps MSPs to Secure Small Businesses

At Guardz, we provide MSPs with a comprehensive cybersecurity platform to detect and prevent threats before they reach SMB clients. Recently, We’ve launched our “Ultimate Plan”– AI-Powered Unified Detection & Response across identities, endpoints, email, cloud, and data, featuring embedded SentinelOne EDR –  Guardz ensures MSPs can proactively defend small businesses from evolving cyber threats.

Why MSPs Choose Guardz:

AI-Powered Threat Detection – Stops phishing and email-based attacks before they impact businesses.
Automated Phishing Simulations & Cyber Awareness Training – Prepares employees to recognize and avoid cyber threats.
Dark Web Monitoring & Compliance Tools – Helps MSPs stay ahead of evolving threats.

Final Thoughts: Cybersecurity Must Be a Priority—Not a Valentine’s Afterthought

Cybercriminals exploit human emotion and trust, and Valentine’s Day scams are no exception. This year, phishing campaigns are more sophisticated than ever, using brand impersonation and fake rewards to trick victims into handing over sensitive information.

For MSPs, proactive cybersecurity is the only way to keep small businesses safe. That means:
✔ Blocking phishing attempts before they reach inboxes
✔ Training employees to recognize scams through phishing simulations
✔ Using real-time threat intelligence to stay ahead of cybercriminals

By partnering with Guardz, MSPs can deliver enterprise-grade security to small businesses without complexity or high costs.

Want to protect your SMB clients from phishing threats? Check out Guardz’s Ultimate Cybersecurity Plan for MSPs today!

A new hacking group called Belsen Group has dumped data containing IP addresses, firewall configurations, and plaintext VPN credentials from over 15,000 FortiGate firewalls. This breach is particularly alarming for MSPs and IT professionals who rely on FortiGate firewalls to secure client environments.

Key Takeaways:

• Over 54% of the compromised firewalls are still online and accessible as of January 2025.
• The breach is linked to CVE-2022–40684, a critical authentication bypass vulnerability that attackers exploited to steal firewall configurations.

Here’s a closer look at what happened, the risks involved, and how MSPs and IT professionals can protect their networks.

Background and Timeline

Who is the Belsen Group?

A relatively new cybercriminal group recently leaked 1.6GB of FortiGate firewall configurations, organized by country and IP address.

How Was the Data Obtained?

Cybersecurity researcher Kevin Beaumont linked this attack to CVE-2022–40684, a critical authentication bypass zero-day vulnerability disclosed by Fortinet in October 2022. Attackers exploited this flaw to extract configuration files and steal credentials.

Why Does It Matter Now?

Even though this data dates back to 2022, firewall configurations often remain unchanged unless an organization has actively responded to a known breach / rotated login credentials. This means that credentials and firewall rules from 2022 could still be valid.

Scope of Exposure

Major Findings:

• 54% of the leaked IPs remain online and reachable (as of January 2025).
• 33% of these IPs still expose FortiGate login interfaces
• A community-driven GitHub repository is tracking the leaked IPs:
  🔗 Leaked IP List

How to Check If You’re Affected

1. Compare Your IP Addresses

Check your IP inventory against the leaked IP list:
🔗 Leaked IP List

2. Guardz Trial Users Get a Free Check

Guardz offers a free vulnerability assessment during its trial period. We’ll check if your organization appears in the leaked data and provide Dark Web monitoring to detect other breaches.

Recommended Remediations

1. Patch & Update Immediately

• For FortiOS 7.0.x → Update to 7.0.16+
• For FortiOS 7.2.x → Update to 7.2.12+
• For CVE-2024-55591 → Follow Fortinet’s guidance to upgrade to 7.0.17+ or 7.2.13+

2. Rotate Credentials

• Immediately change all FortiGate passwords.
• Enforce multi-factor authentication (MFA) on all remote-access VPNs and admin portals.

3. Remove Public-Facing Admin Pages

• Restrict management interfaces to internal networks or secure VPN connections.
• Exposing admin interfaces to the public internet makes them easy targets for brute-force attacks and zero-day exploits.

4. Monitor for Unauthorized Activity

• Review firewall logs for suspicious logins or configuration changes.
• Track inbound connections from unknown or suspicious IP addresses.

How Guardz Supports You

1. Free Leak & Dark Web Checks

During our trial, we scan for any leaked IPs or credentials associated with your organization. We also provide Dark Web monitoring to stay ahead of new threats.

2. Actionable Insights

Our platform offers step-by-step remediation guidance, including:

• Enforced password resets.
• Security configuration suggestions, such as MFA enforcement.

Conclusion

This FortiGate firewall breach highlights the urgent need for proactive cybersecurity measures. Even though this stolen data is from 2022, many organizations haven’t refreshed credentials or firewall settings, leaving them exposed.

If you suspect your FortiGate devices have been compromised—or if you want expert guidance on securing your infrastructure—reach out to Guardz.

We’re here to help you navigate this breach, protect your assets, and keep your clients’ networks secure.

We are excited to announce the release of the Ultimate Plan, which combines SentinelOne’s industry-leading Endpoint Detection and Response (EDR) technology with the Guardz unified platform and adds Managed Detection and Response (MDR) for MSPs. This launch marks a significant milestone as we broaden our value proposition, offering a holistic, AI-powered, and user-centric managed cybersecurity service.

What Makes the Ultimate Plan a Game-Changer?

The Ultimate Plan builds on the Guardz platform’s holistic, user-centric approach to security by incorporating managed SentinelOne capabilities with Guardz MDR (Managed Detection and Response) services. Here’s what MSPs can expect:

1. Platform Configuration and Management

Guardz MDR simplifies the complexities of managing SentinelOne by taking on the day-to-day configuration and maintenance tasks:

• Monitoring Endpoint Health: Proactively ensuring devices are secure and operational.
• Policy Updates: Managing block and allow lists across global customer bases.
• Controlled Updates: Keeping SentinelOne agents up-to-date with controlled rollouts to maintain reliability.

2. Alert Triage

By leveraging AI, Guardz MDR manages and prioritizes alerts, removing the burden of false positives and reducing noise:

• Real-Time Alert Management: Ensures MSPs see only the most critical threats.
• Streamlined Workflows: Saves MSPs time by automating responses to routine notifications.

3. Incident Analysis

Guardz MDR goes beyond managing individual alerts by providing a comprehensive analysis of security incidents:

• Global Insights: Looks across organizations to understand the broader impact of threats.
• User-Centric Connections: Links endpoint activity with other security layers, such as cloud behavior, phishing patterns, and email activity, for a complete view of threats.

4. Incident Support

Guardz MDR offers direct, real-time engagement with a team of security analysts:

• Actionable Responses: Includes quarantining endpoints, blocking threats, and isolating risky users.
• Direct MSP Communication: Updates are delivered via phone, email, or the Guardz platform for seamless collaboration during incidents.

Tailor-Made for MSPs

The Ultimate Plan is designed specifically to meet the needs of MSPs, offering them the tools and support they need to succeed:

• Simplified Management: A single platform that consolidates tools and eliminates the need for multiple dashboards.
• Scalable Security: AI-driven automation and managed services enable MSPs to grow without adding headcount.
• Cost-Effective Offering: Advanced enterprise-level protection made affordable and practical for MSPs and their SMB clients.

Contact us today to learn more about how the Guardz Ultimate Plan can transform your security strategy!

Bringing Top-Level Security to SMBs

For SMBs, the Ultimate Plan delivers the kind of protection typically reserved for large enterprises—without the complexity or cost. By embedding SentinelOne’s capabilities into the Guardz platform and enhancing them with AI-powered management, Guardz ensures:

• Robust Security: SMBs gain access to enterprise-grade EDR, MDR, and a unified security approach.
• Ease of Use: Guardz takes on the heavy lifting so SMBs can focus on their business.
• Scalable Solutions: Security that grows with their business needs without requiring in-house expertise.

Why Choose the Guardz Ultimate Plan?

The Guardz Ultimate Plan empowers MSPs to deliver enterprise-grade security with unmatched ease and efficiency. Security is only as effective as an MSP’s ability to implement and manage it effectively. While SentinelOne’s best-in-class technology provides cutting-edge threat detection and remediation, its full potential can only be realized when paired with seamless management and real-time responsiveness. That’s where Guardz excels.

The Ultimate Plan combines SentinelOne’s powerful EDR capabilities with a unified platform designed to simplify provisioning, deployment, and ongoing management. On top of that, we layer a robust Managed Detection and Response (MDR) service to ensure MSPs can confidently deliver 24/7 protection against ransomware, account compromise, and other advanced threats.

Key benefits include:

• 24/7 Security Services: Empower your clients with always-on protection without adding to your team’s workload.
• Focus on Growth: Guardz handles the complexities of security management, freeing you to scale your business.

With Guardz, MSPs can provide world-class security services that are scalable, easy to manage, and designed to meet the demands of modern cybersecurity.

Empowering Small Businesses with World-Class Protection

The Ultimate Plan ensures SMBs receive the level of protection previously reserved for large enterprises:

• Cost-Effective Security: Delivers powerful protection without requiring in-house expertise or infrastructure.
• Scalable Solutions: Allows MSPs to offer 24/7 security services to SMBs without increasing headcount.
• Simplified Management: Reduces the complexity of managing multiple tools, freeing MSPs to focus on growing their businesses.

Final Thoughts

The Guardz Ultimate Plan represents a transformative shift in cybersecurity for MSPs and SMBs. By combining SentinelOne’s enterprise-grade technology with the Guardz unified detection & response, we’re empowering MSPs to deliver unmatched value to their clients while simplifying operations and improving scalability.

Contact us today to learn more about how the Guardz Ultimate Plan can transform your security strategy!

Looking to increase staff and expand operations? Are you having a tough time selling your MSP services to potential clients or retaining existing ones? We’ve assembled a list of 12 inspirational TED Talks every MSP and IT professional should start watching to make better decisions and grow a successful business. Watch them all. We highly recommend it. 

1)  I Was Seduced By Exceptional Customer Service | John Boccuzzi, Jr. 

We begin with retention. If you want to scale business operations, you must retain your existing customer base. John Boccuzzi Jr. will show you the value of having exceptional customer service and why he considers it the greatest form of marketing a brand can have. John explains why so many businesses fail due to poor customer experiences. Don’t be one of them.

2) Never Split The Difference | Chris Voss 

Are you struggling to sell your value and offerings to potential clients? Don’t find yourself in a no-win situation. Hear from a former FBI hostage negotiator with over 24 years of experience in high-stakes negotiations. Learn the art of Tactical Empathy to build meaningful relationships with your clients and convince those prospects of the value you offer.  

3) How to Master Recruiting | Mads Faurholt-Jorgensen 

“Most leaders spend 10% of their time recruiting and 90% correcting recruiting mistakes.” Mads Faurholt-Jorgensen will help you avoid these pitfalls by teaching you what to prioritize when hiring new staff. Learn how to conduct winning interviews and know if the person is the right fit within minutes. Build your team with greater confidence after this educational TED Talk. 

4) How to Write an Email (No, Really) | Victoria Turk

Victoria Turk will show you the fundamentals of email etiquette. Where should you begin when starting the conversation in an email? Victoria will give you the scoop on what you should include in the body of the text to keep potential clients interested. Keep those email conversations going in the right direction with this informative TED Talk. 

5) How to Write an Email That Will Always Be Answered! | Guy Katz 

A well-written email will help you close that contract faster. Every character counts. Guy Katz will teach you how to write an email that always gets answered, including the 5 ingredients for a great email. There are billions of emails sent daily. The majority of them won’t get opened or stand a chance of getting noticed as they are redirected to the spam filter. Guy’s practical advice will help increase your open rates and closed won opportunities in your sales pipeline. 

6) Neuromarketing: The New Science of Consumer Decisions | Terry Wu 

Why should a prospect choose your MSP over your competitors? Dr. Terry Wu breaks down the science of neuromarketing and gives you plenty of insight on how to better understand your clients. Learn how a failed Coca-Cola experiment led to 8,000 angry phone calls a day. Find out what the missing ingredient was to avoid customer churn.

7) Think Your Email is Private? Think Again | Andy Yen

Think your emails are private? Andy Yen will prove you wrong on that theory. Andy discusses the role of encryption in securing email conversations and the importance of protecting user privacy. Without encryption, the content gets transmitted as readable text, which gives a threat actor all the insight they need to steal personal information. Don’t hit that “send” button just yet until you’ve watched Andy’s insightful TED Talk.

8) Behavioral Economics – How to Make it Work for Us | Maciej Kraus

Are you pricing your services correctly? Take the guesswork out of your pricing efforts by mastering behavioral economics with Maciej Kraus. Learn the importance of behavioral science and how it helps your prospects move forward in the buying funnel. Find out what a coffee chain has in common with your pricing models.

9) Your Human Firewall – The Answer to the Cyber Security Problem | Rob May

Rob May talks about how personal data is such a precious commodity and how companies invest in traditional security when the bigger risks are what he dubs the human firewall. Rob talks about unsecured Wi-FI connections while waiting for your latte at Starbucks which could lead to potential man-in-the-middle attacks and data exfiltration. 

Rob also talks about phishing and how easy it is to fall into that trap – a great use case to implement phishing simulations in your organization. 

10)  Data Privacy and Consent | Fred Cate

Dr. Fred Cate will make you rethink what you know about data privacy and data collection. You’ll discover why data privacy is essential, not only for staying compliant with various regulations but also for safeguarding your customers’ identities and sensitive information. A very interesting talk all around. 

Learn about the Do’s and Don’ts of Managing Sensitive Data in the Cloud here.

11) SEO Matters | Ira Bowman

You can’t grow a successful MSP business without visitors coming to your website. Having visibility in Google’s search results can give you a competitive edge in the market. Just how much? Ira Bowman mentions the fact that Google owns 92-94% of search engine traffic. 

As an MSP, if your site isn’t on the first page, you’re missing out on the majority of potential clicks which ultimately translates to lost revenue. Ira will fill you in on all the SEO details to gain more search visibility and how to run campaigns that convert. 

12) 3 Ways to Make Better Decisions — by Thinking Like a Computer | Tom Griffiths

Decision-making doesn’t have to be complex, especially when you start thinking like a computer. Take a neural journey with cognitive scientist Tom Griffiths on how you can apply the logic of computers to decipher basic setbacks and accelerate business goals with little to no friction.

Stay inspired by following Guardz to learn more about the latest MSP findings and research to transform your business. 

Do You Know Where Sensitive Data Resides?

Do you know where all sensitive data resides within your organization, or more importantly, where it resides in your customers’ clouds? Those unauthorized access controls, excess permissions, inactive users, or misconfigured S3 storage buckets could be exposing terabytes of critical data by the minute. 

Research showed that more than 30% of cloud data assets contain sensitive information. But that’s where the problem begins for a busy MSP. Without clear visibility into where sensitive data resides or how it’s being accessed, securing it becomes nearly impossible, often resulting in a massive breach. 

That’s why we put this checklist together on The Do’s and Don’ts of Managing Sensitive Data in the Cloud. But first, do you know who has access to what?

Securing Data in the Cloud: Who Has Access to What? 

According to research conducted by Microsoft Security in their 2023 State of Cloud Permissions Risks Report, found that over 45% of organizations have AWS access keys that have not been rotated for at least months. The report also found that 40% of identities are inactive in AWS environments.

Let that sink in for a moment. 

How can MSPs determine who has access to which type of data across multiple cloud platforms and ensure it remains secure? 

Now factor in third parties. 

Third parties may have unmanaged access permissions that are out of your scope. Any of those permissions can provide a backdoor for attackers to exfiltrate sensitive data. 

And the risks aren’t only limited to cloud environments…

MSPs must constantly worry about shadow IT, where employees use unauthorized cloud services and other SaaS applications without the consent or knowledge of IT. This is a big problem. 

Those unauthorized cloud accounts and user roles can bypass security protocols (assuming they’ve been implemented) and leave your attack surface completely vulnerable. Even the most “harmless”-looking Chrome extension, such as Grammarly, can bring about major security threats since it has access to documents that contain financial transactions, proprietary information, and other PII. 

Once you agree to those terms, your data becomes vulnerable to those third parties. Those terms of service are often long, complex, and difficult to fully understand, making it easy for employees to overlook the risks associated with granting access.

Sure, data privacy laws have become more strict, but they can’t protect you from the risks posed by unauthorized access if you don’t know where sensitive data resides. 

Data at Rest vs. Data in Transit

In order to secure data, you first need to have a better understanding of the different types of data. 

Data at rest refers to data that is stored and not actively being transmitted or processed, such as in databases, file servers, or cloud storage. 

Data in transit or in motion, on the other hand, refers to data that is being transmitted from one location to another, such as emails or cloud-based API calls. 

All data, whether at rest or in transit, should be secured using strong encryption. This prevents unauthorized access to stored files on servers or cloud services (data at rest) and mitigates risks such as Man-in-the-Middle (MITM) attacks during transmission (data in transit).

The Do’s and Don’ts of Managing Sensitive Data in the Cloud [Complete Checklist]

Access permissions should be limited by default. But this is the part that gets tricky for MSPs.

Why?

Because an MSP may not be fully aware of how many permissions and identities are circulating within cloud environments. When was the last time your team conducted a comprehensive review of user permissions and roles across all cloud platforms? 

A month ago? A year? Longer?  

Now multiply those accounts, permissions, and identities when dealing with multiple clients simultaneously, and it’s not so hard to imagine that a data breach is only a single account login away. Research taken from Google Cloud’s 2023 Threat Horizons Report found that 86% of data breaches involve stolen credentials.

So, yeah, the threats are very real. No need to fall into that trap. 

Below are the most common cloud risks, along with best practices you can implement to prevent them and secure sensitive data.

But there’s a better way to manage sensitive data in the cloud. 

Keep All Sensitive Cloud Data Secured with Guardz 

Who has cloud access permissions to critical data? Don’t wait until an account gets compromised to find out. 

Guardz examines all digital assets within the customer cloud environment by scanning files and folders for excessive sharing permissions, misconfigurations, and other types of risky user behavior that can lead to a breach.

Prevent compromised credentials with Guardz cloud DLP and unified cybersecurity platform. 

See where all sensitive data resides across your organization and client cloud environments. 
Speak with one of our experts today.