Can you spot the deception? At first glance, it looks like a genuine Microsoft password reset email. The sender’s name even says “Microsoft noreply@microsoft.com.” But a closer look exposes the fraud: the domain is not microsoft.com; it’s rnicrosoft.com, where the attackers replaced the letter “m” with “r” + “n.” When typed together (“rn”), it visually mimics “m.” This is called a homograph phishing attack, a social engineering trick designed to exploit how the human eye reads text quickly. In cybersecurity, we call this visual spoofing, and it’s one of the most effective tactics in email-based fraud. What’s really happening The…

It’s a Monday morning. You are checking your email, and amid the usual flow of messages, one stands out: “Notification from SARS.”The tone is official. The logo is perfectly placed. The sender’s address looks authentic, and even the government domain appears genuine. Out of habit, you click to read more. After all, it’s the tax authority; you cannot ignore that. But beneath the polished façade lies a trap, a phishing email so carefully designed that even seasoned executives can fall for it. The link inside, web.val.run, looks harmless but leads to a fake login page, a digital decoy built to…

This November, Uganda’s next generation of CFEs will gather at the Institute of Forensics and ICT Security (IFIS) for the country’s most rigorous fraud investigation program, powered by Summit Consulting Ltd and certified by the Association of Certified Fraud Examiners (ACFE, USA). It’s not a workshop. It’s a battlefield simulation. Inside the training room. Day one begins with a sealed envelope marked Case 004 – The Ghost in Accounts. Inside: photocopies of supplier invoices, a list of suspicious transactions, and an anonymous whistleblower email. Participants work in teams. They cross-reference bank statements. They map out shell companies. They examine phone…

“Uncle, Uncle, Uncle… Godfrey agenze.” “Sorry, Bernabas. The young man has left us.” Those words from Godfrey’s fiancé and his doctor, the Liver Specialist doctor respectively still echo in my mind. They have refused to fade. They replay each time I close my eyes; sharp, cold, unrelenting. I hear them when I walk into the office, when I glance at his desk, when I imagine his calm knock on my door, saying, “Bernabas, we need to review the new proposal.” At 1:46 a.m. on Thursday, 16th October 2025, my world came to a standstill. My nephew; my son in every…

In every boardroom, the conversation about risk often starts with spreadsheets, control matrices, and audit checklists. Yet, in reality, risk left spreadsheets a long time ago. It lives in the strategic decisions your organization makes every single day. It lives in who makes those decisions, when they are made, and how they are influenced by blind spots that often go unnoticed, until it’s too late. The greatest threat to an organization today is not a hacker lurking on the dark web, waiting for the perfect moment to strike. It’s not necessarily a sophisticated malware or a ransomware syndicate. The real…

The countdown is over! The much-anticipated Cybersecurity & Risk Management Conference 2025, under the theme: Securing the Future – AI-Driven Security and Risk Management, is set to take place tomorrow, 16th October 2025, at Speke Resort Munyonyo, Kampala. This landmark event brings together cybersecurity experts, business leaders, policymakers, and risk professionals for a day of deep insights, strategic discussions, and practical solutions to modern cyber threats. Organized by the Institute of Forensics & ICT Security (IFIS), the training arm of Summit Consulting Ltd., in collaboration with the Institute of Corporate Governance Uganda (ICGU), this annual conference provides a unique platform to…