There's a common assumption that cyber threats and physical threats exist in separate domains—that a hacked email account is a digital problem, while a break-in is a physical one. That assumption is increasingly dangerous.

Criminals have learned that compromising digital systems can be the most effective way to enable physical crimes. A hacked email account becomes the pathway to resetting alarm system credentials. A compromised business account provides the intelligence needed to intercept shipments. A SIM swap gives attackers the ability to authorize fraudulent transactions in person at a bank branch.

For small and medium-sized businesses, understanding this convergence isn't academic—it's essential. Here are five documented ways cyber attacks are enabling physical crimes, and what they mean for organizations trying to protect both their data and their physical assets.

1. Wi-Fi Jamming Burglaries: Disabling Your Security Before Breaking In

In March 2024, the Los Angeles Police Department's Wilshire Division issued warnings to residents after a series of burglaries where thieves used Wi-Fi jamming devices to neutralize wireless security systems before breaking in.

How it works: Criminals use relatively inexpensive signal jammers to disrupt the Wi-Fi frequencies that wireless cameras, motion sensors, and alarm systems depend on. With security systems knocked offline, they enter properties—often through second-story balconies or rear entrances—without triggering alerts or leaving video evidence. They target high-value items: jewelry, cash, electronics, and safes.

According to the LAPD, the burglars are highly organized, with a getaway driver waiting and watching for random patrols or other possible witnesses. Similar incidents have been reported in Edina, Minnesota, and other areas across the United States.

Interim LAPD Chief Dominic Choi advised residents: "The immediate fix for these home alarm systems is to hardwire them, where you plug those systems directly into ethernet in the wall and not use your Wi-Fi internally."

Why it matters for businesses: Many small businesses rely on wireless security cameras and cloud-connected alarm systems. These provide convenience and cost savings, but they also create a single point of failure. If your entire security infrastructure depends on Wi-Fi connectivity, an inexpensive jamming device can render it useless.

The gap between "cyber" and "physical" security disappears entirely here—the digital vulnerability (wireless signal disruption) directly enables the physical crime (burglary).

2. Cyber-Enabled Cargo Theft: Hackers Partnering with Organized Crime

In late 2024 and into 2025, researchers at Proofpoint documented a concerning evolution in cargo theft: cybercriminals actively partnering with traditional organized crime groups to steal physical shipments.

How it works: Attackers target freight brokers and trucking companies through phishing emails containing malicious links. Once they've compromised accounts, they can:

  • Post fraudulent loads on digital freight marketplaces ("load boards")
  • Impersonate legitimate carriers to accept real shipments
  • Redirect trucks to fraudulent pickup locations where organized crime physically steals the cargo

The stolen goods—everything from electronics to food and beverages—are then sold through secondary markets.

The scale: According to the National Insurance Crime Bureau, cargo theft losses increased by 27% in 2024 and are estimated at approximately $35 billion in annual losses. Proofpoint researcher Ole Villadsen described this as a "marriage of cybercrime and organised crime."

Why it matters for businesses: Any company that ships or receives goods is potentially affected. The attack exploits the digital systems that modern logistics depends on, but the end result is physical: your inventory disappears, and there's often little recourse. Small manufacturers, distributors, and retailers are particularly vulnerable because they may lack the resources to verify every carrier or monitor shipments in real-time.

3. SIM Swap Attacks: From Phone Hijacking to In-Person Bank Fraud

SIM swapping has evolved from a method to steal cryptocurrency into a gateway for comprehensive identity theft—including physical, in-person fraud.

The Oren David Sela case: In April 2025, a California man was sentenced to 61 months in federal prison after orchestrating a fraud operation that combined digital and physical tactics. Sela would:

  1. Steal mail to gather personal information on victims
  2. Use that information to execute SIM swaps, hijacking victims' phone numbers
  3. With control of phone numbers, reset passwords and bypass two-factor authentication
  4. Drain bank accounts—in some cases by physically visiting bank branches to authorize transactions using the victims' identities

He stole over $1.8 million, primarily targeting elderly victims in the Beverly Hills area. He was ordered to pay $1,818,369 in restitution.

The broader pattern: According to the FBI's Internet Crime Complaint Center (IC3), SIM swap victims lost $68 million in 2021 alone—a dramatic increase from $12 million in the three years prior combined (2018-2020). In many cases, criminals visit mobile carrier stores with fake identification to obtain copies of victims' SIM cards, then use that access to authorize wire transfers, sometimes appearing in person at bank branches.

Why it matters for businesses: Business owners and executives are prime targets. If an attacker can hijack your phone number, they can potentially reset credentials for banking, email, and other critical accounts. The fact that your "second factor" of authentication routes through a phone number you no longer control means even accounts you thought were protected become vulnerable.

4. Access Control System Compromises: Creating the Keys to Your Building

Electronic access control systems—keycards, fobs, and badge readers—are standard security measures for offices, warehouses, and facilities of all sizes. But researchers have repeatedly demonstrated that many of these systems contain vulnerabilities that could allow attackers to grant themselves physical access.

Dormakaba vulnerabilities: In January 2026, security researchers at SEC Consult disclosed serious flaws in Dormakaba's Exos access control management software, including hardcoded credentials and encryption keys. The vulnerabilities could allow attackers to remotely unlock doors at major facilities. Dormakaba confirmed several thousand customers were affected, including some operating in high-security environments. Affected organizations included industrial companies, energy providers, logistics firms, and airport operators across Europe.

Hotel lock vulnerabilities: In March 2024, researchers disclosed a series of vulnerabilities dubbed "Unsaflok" in the Saflok line of electronic RFID locks—used in hotels worldwide—that allows attackers to create forged keycards capable of opening any room in a property. Over 3 million locks in 131 countries were affected. As of March 2024, 64% of the locks remained vulnerable.

Legacy protocol weaknesses: Many offices still use decades-old Wiegand protocol technology that security researchers have demonstrated can be cloned with inexpensive tools. At Black Hat security conference, researchers demonstrated devices that could copy common proximity keycards in under 60 seconds.

Why it matters for businesses: That keycard system you installed for security might actually be a vulnerability. Third-party vendor systems controlling physical access to your premises could be compromised remotely, allowing criminals to walk through your front door. Once inside, they can steal assets, install malicious devices on your network, or access areas containing sensitive information.

5. Business Email Compromise: The Gateway to Wire Fraud and Physical Impersonation

Business Email Compromise (BEC) is often discussed as a digital threat—attackers impersonating executives or vendors to redirect payments. But BEC increasingly enables physical fraud as well.

The numbers: According to the FBI's Internet Crime Complaint Center, BEC caused $2.77 billion in losses in 2024 alone across 21,442 reported incidents, with cumulative losses exceeding $55 billion over the past decade. BEC was the second costliest cybercrime category, following only investment fraud.

How it becomes physical: Once attackers have access to email accounts, they gain intelligence that enables physical crimes:

  • Real estate fraud: Criminals monitor email for pending property transactions, then impersonate sellers or title companies. In some cases, they physically appear at closings with forged documents and fake identification. According to the American Land Title Association, 28% of title companies experienced at least one seller impersonation fraud attempt in 2023.
  • Vendor impersonation: Attackers learn your suppliers, payment schedules, and internal processes, then show up in person or send physical invoices with altered payment details.
  • Identity document theft: Email access often reveals copies of passports, driver's licenses, and other documents that enable in-person impersonation at banks and other institutions.

Why it matters for businesses: A compromised email account isn't just a data problem—it's reconnaissance for potential physical fraud. Attackers may monitor your communications for weeks or months, learning enough about your business to impersonate vendors, intercept shipments, or redirect payments in ways that blend digital and physical tactics.

The Convergence Problem

These incidents share a common thread: the traditional boundary between cybersecurity and physical security no longer exists.

Your wireless alarm system is a cybersecurity concern. Your email account is a physical security concern. Your shipping logistics platform is both. The electronic locks on your doors are networked devices with potential vulnerabilities.

For small and medium-sized businesses, this creates challenges:

Security silos don't work. IT security and physical security are often handled by different people—or physical security is outsourced entirely to alarm companies. When threats cross these boundaries, gaps emerge.

Convenience creates risk. Wireless cameras, cloud-connected alarms, and electronic access control all provide genuine benefits. But they also introduce attack surfaces that didn't exist with older, disconnected systems.

Verification becomes critical. Whether it's a carrier picking up a shipment, a wire transfer request, or someone presenting credentials at your door, the ability to verify identity through channels attackers don't control becomes essential.

Questions Worth Considering

Every business has different risk profiles, but these questions can help identify where cyber-physical vulnerabilities might exist:

  • Do your security cameras and alarm systems depend entirely on Wi-Fi? What happens if that connection is disrupted?
  • Who has electronic access to your facilities, and how are those credentials managed when employees leave?
  • How would you verify a high-value wire transfer request if email were compromised?
  • Do your logistics partners have security measures against carrier impersonation and shipment redirection?
  • Are employees using personal accounts for business communications or services, creating blind spots for security monitoring?

The organizations that navigate this landscape successfully won't be those with the biggest security budgets. They'll be the ones that recognize cyber and physical security as interconnected—and build their defenses accordingly.

This article is intended for informational purposes only and does not constitute professional security, legal, or compliance advice. Organizations should consult with qualified professionals to assess their specific circumstances and develop appropriate protective measures.