---
title: "Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions | DMARC Report"
description: "Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions from DMARC Report explains practical steps for email authentication, domain."
image: "https://dmarcreport.com/og/blog/ohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions.png"
canonical: "https://dmarcreport.com/blog/ohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions/"
---
Quick Answer
\_According to the FBI's 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Ohio%20Staff%20Phished%2C%20Cybercrooks%20Mimic%20FBI%2C%20Regulator%20Attacked%20Millions&url=undefined%2Fblog%2Fohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions%2F&title=Ohio%20Staff%20Phished%2C%20Cybercrooks%20Mimic%20FBI%2C%20Regulator%20Attacked%20Millions "Share on Reddit") [ ](mailto:?subject=Ohio%20Staff%20Phished%2C%20Cybercrooks%20Mimic%20FBI%2C%20Regulator%20Attacked%20Millions&body=Check out this article: undefined%2Fblog%2Fohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions%2F "Share via Email")
> Domain spoofing is trivially easy without DMARC enforcement, says Brad Slavin, General Manager of DuoCircle. Anyone can send email that looks like it comes from your domain. DMARC with p=reject is the only way to tell receiving servers to block unauthorized senders completely.
\_According to the [FBI’s 2022 Internet Crime Report (IC3)](https://www.ic3.gov/Media/PDF/AnnualReport/2022IC3Report.pdf), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report
Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-40792” readonly/>
```
```
Last week was replete with [threat attacks](https://www.amnesty.org/en/latest/news/2026/03/trump-warning-attack-iran-power-plants-is-threat-to-commit-war-crimes/) that managed to create chaos and disrupt essential operations. Ohio-based Scioto County employees were targeted by phishing actors. A group of cybercrooks managed to mimic the FBI to target Tron blockchain users. Meanwhile, the RBI, India’s central bank and financial regulator, was hit as many as \*\*61 million times in just 3 months. The attack on Stryker, the medical equipment manufacturer, led to delays in critical surgeries.
## Ohio County employees received phishing emails with malicious links!
A potential data breach occurred in [Scioto County](https://www.herald-dispatch.com/news/ohio%5Fnews/scioto-county-investigates-potential-data-breach/article%5Fbc8457b4-93cc-4f35-961b-ae56092e5859.html), where multiple employees received [phishing emails](https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html) containing malicious links. The Scioto County commissioners have revealed that the fake emails appeared to be coming from legitimate sources. They also feel that threat actors might have gained access to sensitive data because of employee interactions with these [malicious emails](https://www.securitymagazine.com/articles/100687-the-last-six-months-shows-a-341-increase-in-malicious-emails).
The commissioners have agreed to collaborate with a **third-party law firm**, Kutak Rock, to comprehend the scope of the attack and the extent of the damage. The investigation will also help them determine whether [sensitive data](https://industrialcyber.co/utilities-energy-power-water-waste/pickett-usa-breach-allegedly-exposes-sensitive-engineering-data-linked-to-us-utilities/) has been compromised.
The \*\*County officials have been tight-lipped about the specificity of the breached data. They claim that all the necessary cybersecurity protocols have been deployed proactively to limit the impact of the attack. Local leaders are monitoring this matter closely and have emphasized that appropriate [cybersecurity](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) measures are being considered to prevent similar incidents in the future. From stringent \*\*email filtering systems to employee training and latest security procedures, experts are considering some of the best preventive measures to secure the County’s data from future cyberattacks.
There’s no information yet on whether the personal data of employees was compromised. Cybersecurity experts warn that properly configuring [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://dmarcreport.com/what-is-spf/) is essential to \*\*protect personal data from phishing attacks and [email spoofing](https://www.bleepingcomputer.com/news/google/google-now-blocks-spoofed-emails-for-better-phishing-protection/) threats.
## Cybercrooks targeting Tron blockchain users by mimicking the FBI
A new phishing scam is doing the rounds. The scamsters are impersonating the FBI to target users of the [Tron blockchain](https://www.finedayradio.com/news/tv-delmarva-channel-33/us-crypto-bank-adds-tron-blockchain-to-platform-for-american-investors/). The FBI has issued a warning against such [phishing attacks](https://www.infosecurity-magazine.com/news/mobile-phishing-attacks-surge-16/). The cybercrooks use specially designed counterfeit tokens that look quite similar to the official branding of the FBI. The [threat actors](https://cyberscoop.com/legislation-would-designate-critical-cyber-threat-actors-direct-sanctions-against-them/) dispatch “**FBI-branded**” tokens to wallets. Additionally, they share a message saying that the user account is currently being probed. Further, the victims are compelled to complete a verification process in order to \*\*prevent their crypto assets from being locked out. Cybersecurity experts believe that the [phishing scam](https://www.espncricinfo.com/story/icc-loses-around-usd-2-5-million-in-phishing-scam-1354908) is designed to wipe away personal data as well as access the funds of the victims.
Each dispatched token creates a sense of urgency and panic. The victims are then redirected to [fake websites](https://www.voanews.com/a/in-us-fake-news-websites-now-outnumber-real-local-media-sites/7663647.html) where they are required to enter their **personal information** (wallet details and identification). The cybercrooks can also use a tactic called “address poisoning.”
_The FBI has urged Tron blockchain users to “exercise caution.” Also, Tron users are requested not to share “any identifying information to any website associated with such token.”_ The federal agency has also stated that the \*\*FBI will never issue such tokens or request user verification through such illegitimate methods.
## India’s primary financial regulator targeted 61 million times in Q4 2025!
RBI, the central bank and primary financial regulator of India, was targeted [61](https://economictimes.indiatimes.com/industry/banking/finance/banking/rbi-website-hit-by-61-million-cyberattack-attempts-in-a-single-quarter-all-blocked/articleshow/129773338.cms) million times in just 3 months. Thankfully, RBI was able to avert every threat attempt by leveraging its firewall and **security engines**.
The staggering number of attempts underscores the steep rise in threats against critical [financial infrastructure](https://www.prnewswire.com/news-releases/bybit-unveils-2026-vision-as-the-new-financial-platform-expanding-beyond-exchange-into-global-financial-infrastructure-302674685.html).
Each and every threat attempt was successfully mitigated by \*\*RBI’s cybersecurity systems with zero instances of [data leak](https://informationsecuritybuzz.com/leak-hsbc-customer-data-bank-denies-breach/) or breach. The sheer number of attacks definitely appears alarming. However, experts believe that these numbers reflect only malicious traffic attempts, not successful intrusions.
But the sharp upward trajectory in threat attempts is indeed a cause of concern. It definitely hints towards a broader global pattern in which threat actors target **financial institutions with automated**, high-volume [cyberattacks](https://www.aljazeera.com/news/2025/4/15/china-accuses-us-of-launching-cyberattacks-during-asian-winter-games).
## Stryker cyber mishap led to delayed surgeries!
Stryker, a [medical equipment manufacturer](https://apnews.com/article/stryker-cyberattack-iran-medical-equipment-products-8dd418618a3bd4fa4c97caf7978c11ee), was targeted by threat actors last week. As a result, some hospitals had to delay a few surgeries.
Due to the cyberattack, Stryker experienced a temporary disruption in its daily operations. Stryker was unable to deliver customized \*\*medical inventory \*\*to [health organizations](https://www.bbc.com/news/articles/cn9zznx8qdno). _A Stryker spokesperson stated that, due to this disruption, “some patient-specific cases have been rescheduled._”
Handal, a notorious [cyber gang](https://gulfnews.com/uae/crime/dubai-police-bust-cyber-gang-stealing-banking-data-via-fake-links-1.500164111), has claimed responsibility for the threat attack on Stryker. The attack was designed carefully to disrupt Stryker’s core operations, such as processing orders, making products, and dispatching them to customers. Stryker has managed to contain the threat attack on time. Also, the attackers were unable to access to any **patient’s personal data**.
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Vasile Diaconu ](/authors/vasile-diaconu/)
Operations Lead
Operations Lead at DuoCircle. Runs project management, developer coordination, and technical support execution for DMARC Report.
[LinkedIn Profile →](https://www.linkedin.com/in/vasile-diaconu/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions","description":"Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions from DMARC Report explains practical steps for email authentication, domain.","url":"https://dmarcreport.com/blog/ohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions/","datePublished":"2026-03-27T10:39:51.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2026-03-27T10:39:51.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vasile-diaconu/#person","name":"Vasile Diaconu","url":"https://dmarcreport.com/authors/vasile-diaconu/","jobTitle":"Operations Lead","description":"Vasile Diaconu is the Operations Lead at DuoCircle, the company behind DMARC Report and AutoSPF. He coordinates between engineering, product, and technical support - running project management, interfacing with developers on customer-reported issues, and making sure work that comes in through the support channel actually gets closed out. Vasile sits at the intersection of customer feedback and engineering execution, giving him a direct view of which email authentication problems customers hit most often in production.","image":"https://media.mailhop.org/dmarcreport/images/team/vasile-diaconu.jpg","knowsAbout":["SaaS Operations","Technical Support Coordination","Customer Issue Resolution","Engineering Program Management","Deployment Operations"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vasile-diaconu/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/ohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1116,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Ohio Staff Phished, Cybercrooks Mimic FBI, Regulator Attacked Millions","item":"https://dmarcreport.com/blog/ohio-staff-phished-cybercrooks-mimic-fbi-regulator-attacked-millions/"}]}
```