Three things our system caught this week
What the alert pipeline surfaced for clients this week, in plain language.
A look-alike domain registered against a member's family name.
Caught it about ninety minutes after registration. The domain was sitting on Cloudflare with no content yet, but the typosquat pattern was clear. Note went out to the member, registrar takedown request followed. The domain came down inside two days.
A SIM-swap attempt on a member's secondary number.
Carrier intelligence flagged the port-out request directly. The client also got our note within the hour because the same attempt had shown up on the credentials-monitoring layer. They confirmed it wasn't them. The carrier blocked it.
An exchange paused withdrawals for forty minutes overnight.
Three of our Cover and Standing clients hold there. They got a same-night note with the public statement, our read on whether it looked operational or compromised, and what we'd suggest doing in the morning. Operational. No action was needed.