---
title: "AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack | DMARC Report"
description: "AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack from DMARC Report explains practical steps for email authentication, domain protection."
image: "https://dmarcreport.com/og/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack.png"
canonical: "https://dmarcreport.com/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=AI%20Scam%20Alert%2C%20Federal%20Cuts%20Vulnerability%2C%20American%20Tire%20Cyberattack&url=undefined%2Fblog%2Fai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack%2F&title=AI%20Scam%20Alert%2C%20Federal%20Cuts%20Vulnerability%2C%20American%20Tire%20Cyberattack "Share on Reddit") [ ](mailto:?subject=AI%20Scam%20Alert%2C%20Federal%20Cuts%20Vulnerability%2C%20American%20Tire%20Cyberattack&body=Check out this article: undefined%2Fblog%2Fai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack%2F "Share via Email")
> From a product strategy perspective, DMARC reporting is evolving from a security tool to a business intelligence platform, says Brad Slavin, General Manager of DuoCircle. The data in aggregate reports tells you not just who’s spoofing you, but who’s sending legitimate email on your behalf - and whether they’re doing it correctly.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-31575” readonly/>
```
```
It is week #2, and we are back again with the top 3 cyber news stories of the week. The first one involves Grok, the AI-powered assistant for X users. It is being misused by cyberattackers to target X users. Secondly, we will talk about the Federal cuts under the Trump administration that have made \*\*local and state agencies in the USA vulnerable to threat attacks. Lastly, our focus will be on the recent Bridgestone [cyberattack](https://tech.co/news/cyberattacks-us-education-sector-rise) incident.
Are you ready for the week 2 cyber bulletin? Let’s get started!
## Popular AI assistance tool being misused by scammers to target X users!
If you are an active X user, you might want to see this!
As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.
[Threat actors](https://www.cybersecuritydive.com/news/microsoft-crowdstrike-other-cyber-firms-collaborate-on-threat-actor-taxon/749614/) are exploiting [Grok](https://cybersecuritynews.com/hackers-exploit-xs-grok-ai/amp/), the AI assistance tool available on X, to attack \*\*millions of X users at a time.\_ This attacking method is known as Grokking and is being used to bypass X’s stringent cybersecurity mechanisms against malvertising.\_ Allegedly, Grokking has become the new favorite among scammers, and they’re using it hundreds of times every day to share malicious links to redirect naive users to [malicious content, malware](https://www.usatoday.com/story/tech/2025/05/21/microsoft-lumma-malware-windows-computers/83771957007/), or fake sites.
X has been using a [blanket ban](https://thepienews.com/south-sudan-responds-to-trumps-blanket-visa-ban/) on promoted posts by banning the use of any link. The promoted posts can contain only images, text, or videos. However, threat actors are smart enough to bypass this blanket ban. They have been using the caption field of video posts to add a [malicious link](https://www.scworld.com/news/new-usps-text-scam-uses-unique-method-to-hide-malicious-pdf-links). _Next, they comment using fake accounts under the same video post and prompt Grok with questions such as “@grok, where is this video from?”_ Grok, unaware of the risks, republishes the post with the clickable link. Any X user who comes across this post is vulnerable to a threat attack.
What further adds to the degree of risk is that these malicious links even get a certain degree of credibility because they are being \*\*republished by Grok. 
Experts believe that to prevent any [cyber mishap](https://news.northeastern.edu/2025/03/25/the-atlantic-war-plans-signal/), X must start working on building a robust link scanning system for all posts.
## Local and state agencies are left vulnerable after Federal cuts by the Trump administration!
The Trump administration has made some notable changes in the USA’s cybersecurity landscape. The deduction in the \*\*Federal budget and staffing cuts are one of the major shifts under the Trump administration. _Clearly, cybersecurity experts are not happy with the current equation_. Last month, on August 24, [cybercriminals](https://incyber.org/en/article/united-states-amounts-stolen-by-cybercriminals-up-33/) targeted the state of Nevada. It was a [ransomware attack](https://www.insurancebusinessmag.com/us/news/cyber/ransomware-attack-shuts-down-nevada-insurance-division-website-548454.aspx), and the [cybercrooks](https://www.csoonline.com/article/4032743/cybercrooks-faked-microsoft-oauth-apps-for-mfa-phishing.html) managed to wipe away crucial data, leading to service outages. Some of the g overnment services went online only this week. \_Meanwhile, Nevada has not been able to restore all the computer and data systems completely. \_The FBI and the [CISA](https://www.infosecurity-magazine.com/news/cisa-denies-report-russian-threats/) (Cybersecurity and Infrastructure Security Agency) have been working in close coordination with the concerned authorities of Nevada to find the perpetrators.
A similar threat attack took place back in July. It targeted the City of St. Paul and led to a state-wide emergency declaration. The governor of St. Paul requested the [National Guard’s](https://www.nextgov.com/cybersecurity/2025/07/salt-typhoon-hacks-national-guard-systems-serious-escalation-experts-warn/406765/) cybersecurity experts to look into the matter. Although the city has come back to normalcy, the officials are still working with \*\*third-party cybersecurity experts to cope with the damage.
Due to a lack of [cybersecurity](https://dmarcreport.com/blog/major-cybersecurity-trends-that-will-reign-in-2024/) budget and skilled staff, cybercriminals are intentionally targeting small government entities with lower budgets, **fewer experts**, and almost zero expertise in combating threat attacks.
## A major American tire manufacturing company is under a cyberattack.
The global tire manufacturing company, [Bridgestone Americas (BSA)](https://www.darkreading.com/cyberattacks-data-breaches/bridgestone-americas-cyberattack), has confirmed a cyber incident. It states that the cyber mishap has impacted its manufacturing units. However, BSA claims that the everyday \*\*business operations are being carried out as usual. According to a Canadian news outlet, BSA has suspended one of its manufacturing joints situated in Joliette. The mayor of Joliette has confirmed that the [cyber mishap](https://news.northeastern.edu/2025/03/25/the-atlantic-war-plans-signal/) has affected all of BSA’s plants across North America.
There is no information around any customer or employee data being divulged because of the threat of an attack.\_ A forensic investigation is being carried out to nab the real culprits. Bridgestone claims that it managed to respond right in time, and that’s how the extent of the damage has been less adverse.\_ \*\*BSA states that they already have a set of established protocols that helped them to contain the damage.
There is still not much clarity around the scope and nature of the [threat attack](https://www.voanews.com/a/us-capital-in-heightened-threat-environment-after-new-year-s-day-attacks-/7923765.html). Also, no cybercrime group has claimed responsibility for the cyber incident so far.
Experts highlight that alongside defenses against AI scams and ransomware, [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [DMARC](https://dmarcreport.com/) are vital to stop [phishing and email spoofing](https://www.msspalert.com/brief/novel-usps-spoofing-phishing-attack-relies-on-malicious-pdfs), reinforcing the overall \*\*cybersecurity posture of organizations.
## Sources
- [CISA Binding Operational Directive 18-01](https://www.cisa.gov/news-events/directives/bod-18-01)
- [Microsoft Outlook DMARC Enforcement May 2025](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) (2025)
- [PCI DSS v4.0 - DMARC Requirement](https://www.pcisecuritystandards.org/) (2025)
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Vasile Diaconu ](/authors/vasile-diaconu/)
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)[ Foundational 4m Ambient Light Spying, Cybersecurity Prices Drop, Euro 2024 Threats Jul 10, 2024 ](/blog/ambient-light-spying-cybersecurity-prices-drop-euro-2024-threats/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack","description":"AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack from DMARC Report explains practical steps for email authentication, domain protection.","url":"https://dmarcreport.com/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/","datePublished":"2025-09-09T12:27:03.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-09-09T12:27:03.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1078,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack","item":"https://dmarcreport.com/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/"}]}
```