Don’t look for a job on Facebook: An ad campaign is pushing “digital advertising” jobs. Click it, and you’ll end up with password-stealing malware on your machine. Stick with finding a real, good job on LinkedIn,folks.
How to spot a fake retail website before you buy
I got a question this week from Janet in Idaho. She was scrolling Instagram, clicked an ad for a super-cute dress and bought it. Next thing you know, there are bogus charges on her debit card. “How the heck did that happen?” she asked me. “It was a website I’ve shopped on before.”
Oh, Janet, don’t be a Mrs. Potato Head. Only use a credit card to shop online. They have fraud protections that debit cards don’t. And be on the lookout for scammers’ newest trick: Fake websites.
It starts with clicking an ad
This latest nefarious trick works because it’s copying websites you trust. The URL looks fine, the logos and slogans are there, the product pages look normal, and the payment platforms shown are all legit. Some of the sites even have the trusted HTTPS certification and 100% fake reviews.
So, how do you end up there in the first place? The jerk behind the site takes out social media ads and sends emails. You’re then lured by the extra-low prices, special discounts and free shipping.
Spoiler: You aren’t getting that product you ordered, or it’ll be a cheap knockoff. Worse, you may end up with a malware download that steals even more of your personal information.
Spot fake sites, fast
Here’s my quick cheat sheet to check before making a single click. For starters, if the price of whatever you’re buying is less than half of what it normally would be, move on, and ask yourself these questions:
- Is the URL multiple words? Big brands have enough clout to get simple domain names, like Macys.com or BestBuy.com. Fraudulent sites use longer, weirder titles like “MacyOutletShop.”
- Does this trendy boutique even exist? Many scam sites use names that sort of sound real, like “Homitage.” But if you’ve never heard of it, Google it. You should at least come up with reviews, additional landing pages or third-party sites selling the brand.
- Are there pushy pop-ups? Some websites have pop-ups for chats or discounts. But phony sites push pop-ups to ask for your contact or payment information while you’re still shopping.
- Where’s the customer service? Counterfeit sites may have a “Contact Us” email form that goes nowhere, but real sites will have plenty of ways to contact their customer service team.
- How do images look up close? Reliable sites use high-res images that are easy to expand or open in another window. Bogus sites typically use low-quality pics that don’t stand up under scrutiny.
Pro tip: Check the IP
Use this IP address tool to see where the site is located. Look for suspicious signs, like an American business with an IP address from overseas, including spots like China, India, Venezuela and other places that just don’t make sense.
Janet in Idaho, this one’s for you … The other day, I was in Safeway getting ingredients for potato leek soup. Two women were engaged in deep conversation about a friend’s divorce right in front of the leeks. So I said, “Excuse me, ladies, I need to take a leek.” It took them a few seconds to laugh.
Biggest data breaches of 2024 (so far)
From big banks to car dealerships, 2024 has been a banner year for data breaches. Yes, I mean that in the worst way possible. I’d be shocked if there’s any American left unexposed at this point.
Let’s take a walk down the data breach memory lane. I’ve got steps for remediation at the end for you and everyone you care about.
Don’t click on Google ads: Malware wormed its way into search ads for Google Authenticator. They were very hard to spot, with the display URL “https://www.google.com” and the advertiser “verified by Google.” Need to download something? Scroll past the ads and sponsored content, or type in the official address yourself.
293% increase
In email attacks, compared to last year. Email scams exploded in the first half of 2024, including increases in ransomware, malware and phishing attempts. AI might not be helping tech companies turn a profit yet, but it’s sure helping cyber crooks.
9 gadgets to keep you safe and secure
Staying safe and secure can feel like a full-time job. That’s why you have me! Below, I’m sharing nifty gadgets to keep your personal information, devices and even your car safe from prying eyes and sneaky thieves.
Top tech myths you need to stop worrying about
Let’s bust some tech myths wide open! I’ve heard them all, and it’s time to set the record straight to keep you ahead of the game.
Myth: 5G causes cancer.
Another health care data breach: This time, it’s HealthEquity, a tech company that runs health savings accounts. Criminals got their hands on 4.3 million people’s names, numbers, addresses and payment info. What’s strange, though, is that no malware was spotted during the investigation, and there’s been no ransom demand yet.
How ironic: Security training company KnowBe4’s latest remote hire turned out to be a collection of North Korean hackers. When they mailed the “employee” a company-issued Mac to the guy’s phony home address (that was really a hacker farm), it was immediately loaded up with malware. How’d he get through HR screening? An AI-edited stock headshot — something they should’ve checked before hiring the guy.
⚠️ Job seekers, beware: North Korean hackers are setting up fake job interviews. Their goal is to break into Macs. How it works: They ask you to join a meeting by downloading a file called “MiroTalk.dmg.” It’s hiding info-stealing malware. Next time you get an offer, vet the company and stick to using trusted software already on your computer.
🛑 Been saying this for years: A new lawsuit claims Chinese app Temu is essentially malware that accesses everything on your phone, from texts to emails, and sells your data to third parties. Temu says they’re “surprised” by the lawsuit and blame misinformation. If you still have the app, delete it ASAP.
Bad ads: Fake Google ads for browser company Arc are routing people to a landing page that looks nearly identical to the real one. When you install the software, malware sends your data to a shady IP address. Tip: If a download tells you to right-click to open instead of just double-clicking, it’s a scam. That’s a trick they use to bypass macOS security.
Web safety alert: Over 100,000 websites, including Hulu, are victims of a security breach. They all use a compromised JavaScript library that could redirect users to scam sites, install malware, and even swipe usernames, passwords and credit card info. Watch out for rogue pop‑ups.
A dangerous Google Chrome scam: It’s planting malware that starts with a pop-up when you try to open a webpage or document. It’ll then tell you to copy and paste text into Windows PowerShell. No, don’t do this. Time to add a trusted ad blocker to your browser to avoid this scam and the thousands of others that get you the same way.
280 million
Chrome users who have installed shady extensions in the past three years. These extensions included malware and often asked for advanced permissions during installation. On average, dangerous extensions stayed in the Chrome store for over a year before getting the boot. Good job there, Google.
How to stop spam texts for good
Remember back in the day when you didn’t think twice about putting your cell number and email address into any form that asked for it? If you’re thinking, “Uh, Kim, I still do that,” I’m about to make your life so much easier.
Your car is a target – Don’t get hacked or duped
Ever heard of wrapping your key fob in aluminum foil? It sounds a little crazy, but it’s a smart move. Your key fob’s signal is surprisingly easy for criminals to intercept using cheap scanners sold online. Thieves can open your car without setting off any alarms. If you have a true keyless car model, they might just drive away. Wrapping your fob in foil blocks the signals.
🚨 TikTok malware in your DMs: Celebs like Paris Hilton and big brands like CNN are getting hacked on TikTok — no clicks needed! Just opening a DM lets the malware sneak right in (paywall link). The strange part? The infected accounts haven’t posted anything fishy yet.
Don’t click the ads – Might be malware
When I have a question now, whether it’s finding a recipe or doing math, I’m using AI a lot more than doing a good ol’ Google Search. My go-to is ChatGPT, but Perplexity is useful, too. I often ask both AI bots the same question as a way to double-check things. Google Gemini is a big “meh” to me so far.