Live Threats
[ENGINEERING]Ransomware via fake RFP emails targeting engineering & architecture firms — CAD files and project databases encrypted|
[REAL ESTATE]Wire fraud at all-time high — buyers losing entire down payments to fake closing instructions, $446M lost in Q1 2026|
[PATCH]Microsoft April 2026 Patch Tuesday — 147 CVEs addressed including 3 zero-days, deploy immediately|
[MANUFACTURING]Manufacturing is the #1 ransomware target — OT and ICS production systems now in scope, 67% increase in 2026|
[CPA]Post-tax-season phishing blitz targeting CPA firms — IRS impersonation and client financial data theft surging|
[LEGAL]Law firms targeted with data extortion — privileged client documents stolen and threatened with publication|
[SMB ALERT]FTC launches data security enforcement wave targeting businesses under 100 employees — 23 investigations opened in Q1|
[ENGINEERING]Ransomware via fake RFP emails targeting engineering & architecture firms — CAD files and project databases encrypted|
[REAL ESTATE]Wire fraud at all-time high — buyers losing entire down payments to fake closing instructions, $446M lost in Q1 2026|
[PATCH]Microsoft April 2026 Patch Tuesday — 147 CVEs addressed including 3 zero-days, deploy immediately|
[MANUFACTURING]Manufacturing is the #1 ransomware target — OT and ICS production systems now in scope, 67% increase in 2026|
[CPA]Post-tax-season phishing blitz targeting CPA firms — IRS impersonation and client financial data theft surging|
[LEGAL]Law firms targeted with data extortion — privileged client documents stolen and threatened with publication|
[SMB ALERT]FTC launches data security enforcement wave targeting businesses under 100 employees — 23 investigations opened in Q1|
View All
Print / PDF Preview — Issue #20
Tip: use your browser's Print dialog → Save as PDF
Segler.Net
Weekly Security Intelligence Digest
segler.net/security-news · (210) 496-7313
San Antonio, TX · Confidential — For Internal Use
ISSUE #20
Your Industry Is Being Targeted: Ransomware Hits Engineering Firms, Real Estate Wire Fraud Surges & CPAs Face Tax-Season Phishing Blitz
This week’s threats are not generic — they are aimed squarely at the industries that keep San Antonio’s economy running. Engineers, real estate professionals, manufacturers, CPAs, law firms, and small businesses all have specific threats to address right now.
Week of April 21 – 27, 2026 · Published April 24, 2026
#Engineering#Real Estate#Manufacturing#CPA#Legal#SMB#Wire Fraud#Ransomware
2
Critical Alerts
4
High Severity
0
Patch Updates
3
Threat Reports
TL;DR — This Week's Key Takeaways
Engineering and architecture firms are being hit with ransomware via phishing emails disguised as project RFPs. Real estate wire fraud is at an all-time high — one wrong email costs buyers their entire down payment. Manufacturers are the #1 ransomware target for the third year running. CPA firms face a post-tax-season phishing blitz targeting client financial data. Law firms are being extorted with stolen privileged documents. And every small business needs to know about the new FTC data security enforcement wave hitting companies with fewer than 100 employees.
This Week's Articles (6)
HIGHTHREAT5 min
Engineering & Architecture Firms Targeted with Ransomware via Fake Project RFP Emails
Threat actors are sending highly convincing phishing emails to engineering and architecture firms disguised as project Request for Proposal (RFP) documents. Opening the attached “RFP” deploys ransomware that encrypts CAD files, project databases, and client deliverables. Multiple Texas firms have been hit in April 2026.
Action Items
Train all staff to verify RFP and bid invitation emails by calling the sender directly before opening attachments
Implement email sandboxing that detonates attachments in an isolated environment before delivery
Back up CAD files, project databases, and BIM models to immutable cloud storage daily
+2 more at segler.net/security-news
Affected Systems
AutoCAD and Revit project file repositoriesEngineering project management platforms (Procore, Deltek)Microsoft 365 email and SharePointNetwork-attached storage (NAS) containing project archives
CRITICALBREACH5 min
Real Estate Wire Fraud at All-Time High — Buyers Losing Entire Down Payments to Fake Wiring Instructions
The FBI’s IC3 reported that real estate wire fraud losses hit a record $446 million in Q1 2026. Attackers compromise real estate agent or title company email accounts and intercept closing communications, substituting fraudulent wiring instructions. One wrong wire transfer can cost a buyer their entire down payment with no recourse.
Action Items
Always verify wiring instructions by calling the title company at a number from their official website — never use contact info from an email
Implement a policy: wiring instructions will NEVER be sent or changed via email alone
Enable MFA on all real estate agent and title company email accounts immediately
+2 more at segler.net/security-news
Affected Systems
Real estate agent email accounts (Microsoft 365, Gmail)Title company email and transaction management systemsMortgage lender communication platformsReal estate transaction management software (Dotloop, SkySlope)
HIGHTHREAT5 min
Manufacturing Is the #1 Ransomware Target for the Third Consecutive Year — OT and ICS Systems Now in Scope
Verizon’s 2026 Data Breach Investigations Report confirmed manufacturing as the most targeted industry for ransomware for the third year running. Attackers are now moving beyond IT systems to target Operational Technology (OT) and Industrial Control Systems (ICS), threatening production line shutdowns.
Action Items
Segment your OT/ICS network from your IT network — a flat network means ransomware can reach production systems
Inventory all OT and ICS devices — you cannot protect what you cannot see
Patch IT systems that connect to OT networks immediately — these are the primary pivot points
+2 more at segler.net/security-news
Affected Systems
Manufacturing Execution Systems (MES)SCADA and industrial control systems (ICS)Programmable Logic Controllers (PLCs)Enterprise Resource Planning (ERP) systems (SAP, Oracle)
HIGHTHREAT5 min
CPA and Accounting Firms Face Post-Tax-Season Phishing Blitz — Client Financial Data and IRS Credentials Targeted
Cybercriminals are launching a targeted phishing campaign against CPA and accounting firms in the weeks following tax season, when firms are processing extensions, amended returns, and client follow-ups. Attackers are impersonating the IRS, state tax agencies, and tax software vendors to steal client financial data and practitioner credentials.
Action Items
Enable MFA on all IRS e-Services, EFIN portal, and tax software accounts immediately
The IRS will never initiate contact via email — any email claiming to be from the IRS is a phishing attempt
Implement a client data security policy and ensure all client financial data is encrypted at rest
+2 more at segler.net/security-news
Affected Systems
Tax preparation software (Drake, UltraTax, ProSeries, Lacerte)IRS e-Services and EFIN portalsClient portal platforms (ShareFile, SmartVault)Microsoft 365 email accounts
CRITICALBREACH5 min
Law Firms Targeted with Data Extortion — Attackers Stealing Privileged Client Documents and Threatening Publication
A wave of data extortion attacks is targeting law firms of all sizes, with attackers stealing privileged client communications, litigation strategy documents, and confidential settlement agreements, then threatening to publish them unless a ransom is paid. Several Texas law firms have been targeted in Q1 2026.
Action Items
Enable MFA on all attorney and staff email accounts and document management systems immediately
Implement Data Loss Prevention (DLP) to detect and alert on large-scale document downloads or exports
Classify your most sensitive client documents and apply additional access controls to them
+2 more at segler.net/security-news
Affected Systems
Document management systems (iManage, NetDocuments, Worldox)Microsoft 365 email and SharePointClient portal platformsTime and billing systems (Clio, MyCase, PracticePanther)
HIGHCOMPLIANCE5 min
FTC Targets Small Businesses in New Data Security Enforcement Wave — Companies Under 100 Employees Now in Scope
The Federal Trade Commission announced a new enforcement initiative specifically targeting small businesses with fewer than 100 employees that collect consumer data without adequate security practices. The FTC has opened 23 investigations against small businesses in Q1 2026 alone. Here is what every small business needs to know.
Action Items
If you collect customer names, emails, phone numbers, or payment data, the FTC’s data security standards apply to you
Conduct and document a basic security risk assessment — this is the FTC’s baseline expectation
Implement MFA on all systems that store customer data — the FTC is citing this as a baseline requirement
+2 more at segler.net/security-news
Affected Systems
Any business website that collects customer dataE-commerce platforms and shopping cartsCustomer relationship management (CRM) systemsEmail marketing platforms

Need help addressing these threats?

Segler.Net provides managed cybersecurity services for San Antonio businesses — from emergency patching and incident response to compliance assessments and employee security training. Our team monitors these vulnerabilities so you don't have to.

(210) 496-7313segler.net/contact
Segler.Net Security Intelligence
(210) 496-7313 · segler.net
San Antonio, Texas
Full articles: segler.net/security-news/weekly-digest-2026-04-21-v2
This digest is provided for informational purposes only. Information is compiled from publicly available sources and Segler.Net analysis. Not legal advice. Verify all CVE and patch information with official vendor advisories before taking action. © 2026 Segler.Net. All rights reserved.
Talk with Us