AI, Impersonation, and the 804: Cybersecurity Trends Hitting Richmond in 2026

Hand using tablet with digital lock interface representing cybersecurity protection and data security

If you’re a business owner in Richmond, you’re used to looking out for your neighbors. But in 2026, the “neighborhood” has moved into our inboxes, and the threats are getting eerily personal.

Gone are the days of obvious scams. Today’s hackers are using AI to sound exactly like a local vendor in Scott’s Addition or a project manager at a Henrico job site. Here’s what we’re seeing on the ground in Central Virginia right now.

The Biggest Cyber Threats Facing Richmond Businesses

These aren’t theoretical risks or distant headlines. They’re real, active threats targeting Richmond businesses right now, often using familiar names, local context, and a sense of urgency to catch teams off guard.

1. The “Dominion Energy” Urgent Disconnect

This is a classic scam that has evolved significantly. We’ve seen a surge in sophisticated spoofing where the caller ID actually displays “Dominion Energy,” making the request feel legitimate at first glance.

The scam typically follows a predictable pattern:

  • You receive a call or text claiming your account is past due
  • You’re told power will be shut off within hours
  • Payment is requested via wire transfer, gift cards, or “digital vouchers”

In reality, Dominion will never demand payment over the phone or through unconventional methods. If you receive a message like this, hang up and verify your account directly through the official website or app.

2. Hyper-Localized Phishing (The “Carytown Effect”)

Phishing attacks are becoming far more targeted, especially at the local level. Hackers are now using AI tools to scrape platforms like LinkedIn and local news sources to craft highly believable emails.

You might receive a message that appears to come from a Richmond-based nonprofit, a nearby business partner, or even someone referencing a recent local event such as a chamber meeting or festival at Byrd Park. Because these emails feel familiar and relevant, they often bypass the usual red flags people associate with spam.

The danger lies in attachments or links disguised as invoices or shared documents. Even a quick moment of trust can lead to compromised credentials or financial exposure.

3. Deepfake Voice Fraud in the C-Suite

One of the most concerning developments we’re seeing going into 2026 is the rise of AI-generated voice cloning in business environments.

In a typical scenario:

  • A finance employee receives a call from someone who sounds exactly like their CEO
  • The caller claims to be traveling or unavailable and requests an urgent wire transfer
  • The tone is rushed and confidential, creating pressure to act quickly

Because the voice sounds authentic, traditional verification instincts don’t always apply. To combat this, many Richmond businesses are implementing safeguards:

  • Use a code word protocol for financial requests
  • Require secondary approval for wire transfers
  • Never act on urgency without verification

If the caller cannot confirm through a pre-established method, the request should not move forward.

4. The 2026 QR Code Trap (Quishing)

QR codes have become part of everyday life in Richmond, from restaurant menus to parking meters downtown. Unfortunately, attackers are taking advantage of that convenience.

This tactic, often referred to as “quishing,” involves placing fraudulent QR code stickers over legitimate ones. When scanned, these codes redirect users to spoofed login pages designed to capture credentials for platforms like Microsoft 365 or online banking.

Because scanning a QR code feels passive and safe, many users don’t think twice before entering sensitive information. A quick visual check can make a difference. If a code appears tampered with or placed over another, it’s best to avoid scanning it altogether. When possible, typing the official URL directly into your browser is the safer option.

Quick Threat Comparison

Threat Type How It Reaches You What It Targets Key Red Flag
Utility Spoofing Phone / Text Immediate payment Urgency + payment demand
Localized Phishing Email Credentials / invoices Hyper-specific local details
Deepfake Voice Fraud Phone Wire transfers Familiar voice + urgency
QR Code Phishing (Quishing) Physical + Mobile Scan Login credentials Suspicious or altered QR code

How to Protect Your Team

Cybersecurity in Richmond isn’t just about firewalls anymore. It’s about awareness, consistency, and having the right processes in place.

A few core practices can make an immediate impact:

  • Enable multi-factor authentication across all systems
  • Verify any financial or banking changes through a known contact method
  • Train employees to recognize urgency and unusual requests, not just poor grammar

These steps directly address the tactics attackers are using today and help create a stronger, more resilient organization.

Stay Ahead of What’s Targeting the 804

Cyber threats in Richmond aren’t slowing down, and the businesses that stay ahead are the ones that treat cybersecurity as a strategic advantage, not just an IT task.

At Bastionpoint Technology, we partner with local teams to build smarter, more resilient systems that keep operations moving and reputations protected.

Contact Bastionpoint today to schedule a vulnerability assessment and see where your business stands, or if you’d rather talk it through in person, let’s grab a coffee at Lamplighter.

/0 Comments/by
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *