FBI Drops Shocking Nationwide Warning

FBI Issues Critical Warning Amid Surge in Cyberattacks

The FBI has issued a critical warning to organizations and employees: do not reset your passwords in response to a recent wave of cyberattacks.

This urgent alert comes as ransomware threat actors continue to evolve their tactics, specifically targeting help desks and IT support teams.

Known as “Scattered Spider,” the ransomware group has been linked to devastating cyberattacks on major retail and aviation companies.

While there’s some uncertainty about whether they are behind every recent attack, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have jointly updated their advisory with a stark warning—do not reset passwords without following proper security protocols.

At first glance, this advice may seem counterintuitive.

Most people and companies are told to change passwords regularly to defend against hackers.

However, in this case, the FBI explains that Scattered Spider employs advanced social engineering techniques to deceive IT staff into resetting passwords and transferring multifactor authentication (MFA) tokens to devices under the attackers’ control, per Forbes.

The group employs “layered social engineering” methods involving multiple phone calls and contacts.

They pose as employees and systematically gather sensitive information from help desk staff.

Once they learn the exact steps required to reset a password, they launch spearphishing calls to convince support teams to hand over access, including resetting passwords and transferring MFA tokens.

“This method is highly targeted and insidious,” the FBI warned in their July 29 advisory.

The attackers exploit the very security processes meant to protect accounts.

To defend against this, the FBI recommends organizations adopt phishing-resistant multifactor authentication systems that are harder for hackers to bypass. Employee training must also be ramped up to recognize and resist vishing (voice phishing) and spearphishing attempts.

The alert also highlights new guidance from the U.K. National Cyber Security Centre, urging companies to review help desk password reset procedures. This includes tightening authentication requirements before any password reset or MFA transfer, especially for accounts with elevated privileges.

Experts stress that simply resetting passwords without verifying the request can hand hackers the keys to the kingdom.

The FBI’s warning underscores how cybercriminals increasingly target human weaknesses rather than just software vulnerabilities.

This latest advisory is a reminder that cyber defense requires constant vigilance—not just better technology but smarter processes and well-trained personnel. Companies must rethink their internal controls to prevent social engineering from undermining security.

As ransomware groups like Scattered Spider grow bolder, following these FBI guidelines can help blunt their attacks before critical systems are compromised.

🤦🏻‍♀️Do Not Reset Your Password — FBI Issues Critical New Warning via @forbes https://t.co/pPzv6YvZNe

— Tammy Bruce (@HeyTammyBruce) August 2, 2025

Continue Scrolling for the Comments