Friday, April 3, 2020

Grandparents: be aware of new twist on old scam

Several years ago, the "family emergency" scams--also known as the "grandparents" scam based on the use of elderly targets, started making the rounds and creating significant monetary loss for our old folks. The grandparents would receive a call from someone claiming to be a grandchild; the caller then set them up with a dramatic story about being in trouble with the law and needing upwards of $3,000 cash wired right away to pay legal fees.

One of my mom's neighbors fell for this a few years ago and lost $2,800. Once the money is wired, you can never get it back. For more information on the original scam, see

Today, with the world coronavirus pandemic in play, there's a new twist on the old scam: The imposter "grandchild" caller urgently claims that he/she is sick and/or stuck overseas and needs money wired immediately to get healthcare or transport home.

Here is the full story on the Federal Trade Commission web site

Here are some tips from the FTC to know about in case you receive a panicked phone call, email or text from a purported family member claiming to be in a dire situation and needing cash fast:

  • Resist the urge to act immediately, no matter how dramatic the story is.
  • Verify the person’s identity by asking questions that a stranger couldn’t possibly answer.
  • Call a phone number for your this "family member" that you know to be genuine.
  • Check the story out with someone else in your family or circle of friends, even if you’ve been told to keep it a secret.
  • Do not wire money; do not send a check or money order by overnight delivery or courier.
  • Report possible fraud at or by calling 1-877-FTC-HELP.

Tuesday, March 3, 2020

How to lose your life savings by trusting too much

This is how easy it is to lose your life savings if you are not vigilant about security online:

This scam boils down to a one-character difference in the real domain name versus the fake domain name (.corn instead of .com), which in certain fonts can appear identical at first glance:

.corn vs. .com (Serif)
.corn vs. .com (Arial narrow)

Always be extremely vigilant about *any* email that contains a link or attachment, even if it appears to be from someone you trust, and even if it is expected. If the email is related to finances or other sensitive information, be vigilant about verifying it before acting on it. Also:
  • DO NOT CLICK links until you've validated it is legit by hovering over the link and/or reaching out to the sender via a separate communication channel. 
  • DO NOT OPEN attachments until you've done the same.

I see these sad stories every day. Feel free to share with friends and family. Be careful!

Wednesday, October 9, 2019

Beware short URL links to videos!

Using an idea from the KnowBe4 blog, recently I ran a phish test of over 3,000 people that returned a 100% open-to-click rate. That means that every individual who opened the test email clicked the link. I've never seen a click rate that high in my career.

The email was quite simple:

The subject line displayed only the recipient's first name.
The body of the message was this, and this alone:

I saw you in this video!<random 7-character string>.

See the brief article here:

...or here:

Both links above point to the same article, but the second link is a "short URL" that I created on These are also known as "tiny URLs," and they are easily decoded.

If you get an unexpected or unusual text message or email enticing you to click a tiny URL, be sure to decode it at a site like and verify the destination domain is trustworthy before clicking it.

Friday, August 2, 2019

What to do (and not do) with suspicious emails

Everyone with an email address receives phishing emails, at home as well as work. Here is a list of do's and don'ts culled from Navigating the Phishy Social Engineering Ocean by Cheryl Conley at


  • Check the From address, be wary of fake or unknown domain names, and be sure the domain
  • name properly corresponds with the sender’s display name.
  • “Mouse over” links (hover over links with your mouse cursor) to see the real destination.
  • Use a unique password for each online account, and immediately change it if you suspect a
  • breach. For added protection, consider (1) using a passphrase and (2) implementing two-step
  • authentication.

Do not:

  • Click links or attachments unless you’re sure the message is from a trusted source.
  • Give out personal or private information to an unknown.
  • Succumb to emails just because the branding looks real or the sender appears to be someone
  • you know.
  • Click or call listed phone numbers that are included in pop-up ads or threatening emails.
  • Reply to phishing emails.

Other red flags:

  • Mismatched URLs — hover your mouse over the link and compare the destination URL with the
  • displayed URL.
  • Poor grammar and spelling could be an indicator.
  • A request for personal information.
  • Asking for money, especially with urgency.
  • An offer that appears too good to be true.
  • Unrealistic or unlikely threats.
  • Content just doesn’t look right — trust your gut.

Monday, July 15, 2019

Easy steps to secure your online information

While researching international privacy law the other day at work, I stumbled across this helpful web site from the Australian Cyber Security Center. It offers a checklist of easy-to-use tips that everyone who uses the Internet should be aware of and practicing daily.

Topics include:
  • Securing your email, social media sites and apps
  • Identifying scams
  • Securing your mobile device and your computer
  • Using public Wi-Fi safely

To see the full article and watch the checklist video, go to

Thursday, July 4, 2019

HTTPS means "secure," not "safe"

By now, most of us know to look at the URL, or uniform resource locator, of web sites we visit. The URL is more simply known as the web address. For example, is a URL.

When a URL starts with HTTPS, it means that the web site owner has purchased an encryption certificate and applied it to that particular web page. This means that any data you type into that page, such as user name, password, payment card number, account number, etc., is encrypted in transit. In other words, your sensitive data is secured when it is transmitted from your computer up to the server that hosts that web page on the Internet.

When a URL starts with HTTP, it means that your user input on that web page is not encrypted. And that is all it means.

HTTPS does not mean that the web site is safe to visit - it just means that your data is encrypted. Bad guys can buy encryption certificates just as easily as legitimate site owners. And because browsers like Chrome visibly proclaim a site is "not secure" when HTTP is in the URL, users are more apt to associate that HTTPS sites (which do not display the warning) must be safe to visit.

Not so!

Always be cautious of browsing to unknown or unfamiliar web sites. Only navigate to sites you deem trustworthy. And stop clicking! Just because a site is encrypted does not mean that it cannot infect your computer with malicious software if you click a link on it.

For more information, check out the warning issued by the FBI three weeks ago at

Sunday, June 9, 2019

Fake legal threats make for good phishing

Scammers are sending well crafted legal complaints in email messages to unsuspecting citizens, enticing them to open document attachments to view the charges or complaint. If you open an attachment, you've just let the bad guys into your computer to infect it with malware.

The emails typically come from a domain owned by a legit law firm that has been compromised. But the sender may also use a made up firm. Either way, anyone can create a fake legal document and email it to you. Don't fall for it.

For an example, see

If you receive an email like this, treat it like spam. If you have doubts that it is a fake, instead of clicking attachments or links in the suspicious email, find out if the law firm is for real and, if so, call them by phone.

Never reply or act on threatening or urgent emails that are unexpected or in any way seem out of the ordinary.