diff --git a/clients/kittle/reports/2026-06-09-ic3-bec-fraud-report.md b/clients/kittle/reports/2026-06-09-ic3-bec-fraud-report.md
index bb062bc..736ab4e 100644
--- a/clients/kittle/reports/2026-06-09-ic3-bec-fraud-report.md
+++ b/clients/kittle/reports/2026-06-09-ic3-bec-fraud-report.md
@@ -41,7 +41,7 @@
 
 **Attacker contact phone on the fraudulent form:** (659) 221-9243
 
-**Loss status:** Redirect ATTEMPTED. Detected by ACG before confirmation of any completed transfer. Kittle is verifying with the City of Tucson and their bank whether any change was processed. Actual completed loss: to be confirmed (likely prevented if caught in time); attempted/exposed amount as above.
+**Loss status — PREVENTED (no completed loss).** Confirmed 2026-06-09 by Kittle's bookkeeper (Darline Cabrera), after speaking with the City of Tucson: **the City stopped the payment before any funds were transferred to the attacker.** No completed financial loss occurred. Attempted / exposed amount: **$130,000+** (as above). Kittle also confirmed it has **no business relationship with Foam Factory Incorporated**, confirming both receiving accounts are attacker-controlled mule accounts. The fraudulent accounts should still be reported and frozen, and the perpetrator pursued (this complaint documents an attempted wire/ACH fraud).
 
 ## 3. SUBJECT (PERPETRATOR) INFORMATION
 
@@ -86,7 +86,8 @@ Separately/concurrently, the attacker harvested contacts (18:36–18:53 UTC) and
 ## 7. ACTIONS TAKEN BY ACG / VICTIM
 - Compromised accounts' sessions revoked; passwords reset (Ken's password changed in person 2026-06-09).
 - Malicious inbox rules removed; mailbox forwarding, transport rules, and delegate access re-verified clean (2026-06-09).
-- Kittle contacting City of Tucson AP (by phone) to halt/verify the ACH change and confirm the June 9 EFT routes to Kittle's verified account; Kittle contacting their bank.
+- Kittle contacted the City of Tucson; **the City stopped the fraudulent payment** before any funds were transferred (confirmed 2026-06-09). Kittle confirmed no relationship with Foam Factory Incorporated.
+- Ken's account was auto-restricted from sending by outbound-spam protection during the phishing blast; ACG verified nothing malicious was queued (Outbox/Drafts empty) and **removed the restriction (sending restored 2026-06-09).**
 - Client advised to file this IC3 complaint and notify Truist / First State Bank / JPMorgan Chase fraud departments to freeze the receiving accounts.
 
 ---