Ir al contenido principal

Security Friday: Watch Out for Bank Scam Texts, Microsoft Recall, and Lots More

Hi Readers, Cullen here. It's spring here in Iowa, and the birds are chirping. The other thing chirping is my cell phone, with wave after wave of scam text messages claiming I've got an unpaid toll.
This Newsletter Is Brought to You By:
Incogni Logo
IN THIS NEWSLETTER

  • 🗒️✅ Your Security Checklist
  • 🏆🎖️ Test Your Security Skills
  • 📰 Your Weekly Security Update
  • 🤨 This Should Be on Your Radar 📡
  • 🙈 Security Fail of the Week 👎
  • 🍎📱 Security Updates from Apple 🍎
 
🗒️✅ Your Security Checklist

If you take nothing else from this newsletter, do these three things to protect yourself:

  1. Use a password manager. If you use the Passwords app, you can manually add passwords in just a few seconds.
  2. Use Advanced Data Protection if you can. This feature encrypts your iCloud data, ensuring only you and no one else, not even Apple, can access it.
  3. Only enable location services for apps you trust. You can manually disable location services on an app-by-app basis in your iPhone Settings.

In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.

 
🏆🎖️ Test Your Security Skills

What should you do in the following scenario?

When creating a new account, which of these would it be better to use your real email address for, and not one generated by Hide My Email? 🤔

  1. Google Drive
  2. DropBox
  3. OneDrive
  4. iCloud Drive
  5. They're pretty similar

Scroll to the bottom to see how you did!

Stop Malicious Code Before It Loads

A VPN service is a crucial part of your online security toolkit and if you don't have one, now is the time to get one. Even smart devices can be a risk to your home network, and a VPN can protect you from hackers. Sign up for NordVPN and get 77% off in an exclusive iPhone Life deal!

 
Unpaid Toll? Next Will Be Banking

We've all gotten the scam text messages warning us that we have an unpaid toll. I've gotten five or six! You've probably also seen the scam text messages claiming you have an undeliverable package. Both of those scams are perpetrated en masse by criminals working mainly in China. The scams are so prolific because they're very effective, and the criminals make a lot of money. Brian Krebs at KrebsOnSecurity (not to be confused with Chris Krebs of SentinelOne, no relation) has been researching those criminals, with lots of details about how those scams work and how they pay out. Now, information security company Silent Push has found that the same criminals are expanding their scam innovations to be able to mimic banking app messages.

The Bottom Line: Look out for an incoming wave of banking app scam messages. Expect scam texts from your bank telling you that you need to log in, or that you have an unpaid fine, or similar. We don't know exactly what these scammers will try, but if you always go to the real website, rather than tapping a link you receive in a text, you should avoid the majority of the danger.

 
🤨 This Should Be on Your Radar 📡

Microsoft Giving Recall Another Chance

Last year, we reported that Microsoft would be implementing an AI-powered tool in Windows 11 called Recall, which screenshots the entire screen every three seconds. You can then view the history of everything you do on your PC and even search for something specific. After massive backlash, Microsoft ended up putting a pause on Recall. However, the company has decided it's been long enough since its first attempt, and it will now be including Recall in an upcoming Windows 11 release.

This time around, Recall will be opt-in, so it won't be enabled by default, and you will also be able to pause the feature at any time. There will also be a variety of features to improve user privacy. For example, you can filter specific websites and apps from being snapshotted by Recall. There is also a setting to prevent sensitive information from being stored, which means you can prevent things like passwords or medical records from being captured by the AI tool. Additionally, all of Recall's snapshots are always stored locally, so they cannot be accessed by the cloud. Of course, all of this depends on how much you trust Microsoft to be completely honest about what Recall is and isn't capturing.

The Bottom Line: Despite the improvements made to make Recall more secure, if you have a Windows 11 Copilot+ PC, we definitely still do not recommend enabling Recall when it becomes available. In our opinion, there is still too much risk involved with letting an AI constantly capture your entire screen.

Cybersecurity "Expert" in Dozens of Criminal Trials May Not Have Been an Expert at All

Dozens of criminal cases may have to be reopened after the man used as an expert witness in the trials has fallen under suspicion of lying about his credentials. Read more at KrebsOnSecurity.

The Bottom Line: It may seem incredible that a supposed expert could appear in so many trials without raising any alarms, but it underlines just how fundamental a basic level of trust is for the everyday function of even critical systems like courts, and how easy it can be to coast on work supposedly done by others without reviewing it. You simply cannot function without choosing who to trust, but reviewing who you are trusting and where they get their expertise is always a worthwhile exercise.

Car Rental Company Suffers Data Breach

Cleo, a software vendor used by car rental company Hertz, was subjected to a cyberattack in late 2024. As a result, Hertz customers' personal data has been stolen, including names, dates of birth, driver's licenses, payment information, and more. According to Tech Crunch, customers in Australia, New Zealand, the EU, the UK, Canada, and some US states have been affected by this breach, though the company has not given a specific number.

The Bottom Line: If you have used Hertz in the past, be on the lookout for a notice from the company regarding the breach. You should also freeze your credit to prevent anyone from using your stolen data.

Wipe Your Data from the Web

As cyber threats and scams evolve, so must our tools to fight them. That's why Incogni is offering a brand new service: custom data removals. Any time you find yourself in a place online where you shouldn't be, you can submit that site to Incogni and they will get you off that site*. Get Incogni Unlimited and reclaim your privacy from anywhere that exposes you.

*Exceptions include social media, government records, blogs, and forums.

Ever Wondered Where All Those Spam Comments Come from on Every Website's Comments Section? It's OpenAI

SentinelOne, a cybersecurity firm, recently released a report detailing how an OpenAI-powered bot called AkiraBot was used to steal people's money. AkiraBot targeted small businesses and essentially would spam the comments section of their websites with promises to optimize the site so that it would appear at the top of search engine results. 404media has the full story.

The Bottom Line: Anti-spam systems can block spam comments, but they're expensive to maintain because it will always be easier to generate novel forms of spam than to detect them. Remember: it's never safe to accept offers of services that are sent to you unsolicited in the comments section of a website. Always double-check and vet any software before you pay for it, and before you install it.

US Bank Regulator Hack Would Have Been Prevented by Multi-Factor Authentication

Hackers were able to exploit an email account of the US Office of the Comptroller of the Currency and access 150,000 emails belonging to over 100 bank regulators. The attackers were able to guess the email account's password, and it appears the account was not protected by multi-factor authentication. That means the account did not ask the hackers to verify their identity and simply allowed them to log in to the account. The OCC says it is launching an investigation to find out how this happened and prevent it from happening again.

The Bottom Line: Always enable multi-factor authentication for your accounts when it is offered. Especially if you are securing important admin accounts.

Related: How to Set Up Two-Factor Authentication with Gmail

The FBI Posed as a Dark Web Money Launderer Named "Elon Musk" for Nearly a Year

A dark web user, calling himself "ElonmuskWHM," spent years working as a money launderer for other dark web users. The FBI was able to identify and arrest ElonmuskWHM, but then spent nearly a year operating the account in order to track down the account's dark web clients. Check out the full story on 404media.

The Bottom Line: No practical advice here, just some great journalism. Go read the story!

NSA Director & US Cyber Commander Fired

The director of the National Security Agency (NSA), General Timothy Haugh, has been fired, along with his deputy at the NSA, Wendy Noble. No reason was given by the administration. The NSA is the US agency for wiretapping and digital intelligence gathering: digital spying. US Cyber Command is a branch of the Department of Defense. Head over to The Washington Post for more information.

Former CISA Director Under Investigation

Chris Krebs, who was the head of the Cybersecurity and Infrastructure Security Agency (CISA) during the first Trump administration and responsible for securing the 2020 elections, is now under investigation by order of President Trump. Mr. Krebs was fired by Trump in 2020, after stating that the election was secure. He now works at SentinelOne.

The Bottom Line: The findings of over sixty court cases have agreed with Mr. Krebs' assessment that the election was secure. No credible evidence has emerged of election tampering in 2020, or since.

Tackle Your Credit Card Debt by Paying 0% Interest until Nearly 2027

If you have outstanding credit card debt, getting a new 0% intro APR credit card could help ease the pressure while you pay down your balances. Our credit card experts identified top credit cards that are perfect for anyone looking to pay down debt and not add to it! Click through to see what all the hype is about.

 
🙈 Security Fail of the Week 👎

Crosswalks Hacked in Silicon Valley

Some crosswalks play audio signals to assist vision-impaired people in navigating safely. The devices which play those audio signals were hacked, in a few instances in Silicon Valley. The hacker set them to play AI-generated audio resembling the voices of Elon Musk and Mark Zuckerberg. You can read about it over on Tech Crunch. The devices can be accessed by a close-range wireless signal, and usually a technician would need to log in with a password before swapping out the audio, but very often these devices are left using the default password.

The Bottom Line: When installing new devices, always remember to set the password to a strong and unique password managed by a secure password manager. Also, this is funny.

 
🍎📱 Security Updates from Apple 🍎

Everything you need to know about Apple's latest software updates.

  • The most recent iOS and iPadOS is 18.4.1
  • The most recent macOS is 15.4.1
  • The most recent tvOS is 18.4.1
  • The most recent watchOS is 11.4.1
  • The most recent visionOS is 2.4.1

The iOS 18.4.1 includes two security fixes for vulnerabilities that Apple says may have been used in an "extremely sophisticated attack against specific targeted individuals." This usually means that some top-shelf spyware like NSO Group's Pegasus, or else a powerful nation-state spy agency, was using these two bugs to target specific individuals, but we can't know for sure. The first bug fixed by the update is in the processing of an audio file, and could allow a skilled attacker to craft an audio file that, when played back on an iPhone, would grant the attacker the ability to run code on the iPhone. The second bug was a feature set called Remote Participant Audio Control (RPAC), used for features like FaceTime. The bug in RPAC allows an attacker who can run code (for example, by exploiting the other bug iOS 18.4.1 patched) to bypass certain anti-tampering controls.

The Bottom Line: Even if you're not one of the individuals targeted by these attacks, it's still worth updating your operating systems to get the fixes.

 
Security Skills Answer

If you answered D or E, you're correct. E. They're pretty similar is correct, unless you turn on Advanced Data Protection for iCloud, in which case, D. iCloud is the best.

 
Mission Statement

There is far too much security and privacy news to cover it all. When building this newsletter, we look for scams, hacks, trouble, and news to illustrate the kinds of problems Apple enthusiasts may encounter in our private lives, and the self defense we can practice to keep our devices, accounts, and lives secure. Our commentary focuses on practical advice for everyday people. This newsletter was written by Cullen Thomas and Rhett Intriago and edited by Sarah Kingsbury.

 
Next Steps

In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.

Interested in maximizing your Apple Account security? Check out:

 
Premium Content

If you enjoyed this newsletter, you'll love all the security content available on iPhone Life Insider!

This premium subscription includes:

  • The complete iPhone Life Privacy & Security Course for Apple Enthusiasts and other free online courses taught by expert instructors
  • In-depth guides on everything from security to iPhone photography to other Apple devices
  • Daily, bite-sized video tips on topics ranging from iCloud security to password management
  • A digital subscription to iPhone Life Magazine, where you'll find articles covering the best security gear, apps, and in-depth how-tos
  • The monthly premium iPhone Life Security Newsletter covering everything you need to know to keep your digital life secure
  • Access to the ad-free version of the iPhone Life Podcast and exclusive bonus content
  • Expert help with all your most pressing Apple Watch questions in our private Ask an Expert Facebook Group

Join the Insider community today and save 30 percent!

 

Follow iPhone Life

iPhoneLife Logo
Copyright © 2024 Mango Life Media LLC. All Rights Reserved.
Mac, iPad, iPhone, Apple TV, Apple Watch, AirPods, macOS, iPadOS, iOS, watchOS, and Apple are all trademarks of Apple, Inc.
You have opted in to receive this email from iPhone Life magazine
To stop receiving these emails, you may:
Mango Life Media LLC | 402 North B Street | Fairfield, IA 52556

Comentarios

Entradas populares de este blog

The Baroque Bob Is the Lavish New Haircut You Need to Try

Big, bouncy, and oh-so-chic.  ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌...

Japan has big plans for a U.S. summit. But Trump just wants to talk cars and military costs

Administration officials say he was not interested in other topics | Email not displaying correctly? View it in your browser. Subscribe to TIME magazine WHAT TO KNOW NOW LISTEN ...

You Can Score Up to 40% Off at Nordstrom Right Now

View on the Web Dear RealSimple Member: We're always searching for special offers to benefit RealSimple members. Here's an offer from one of our partners that we thought might interest you. Nordstrom Discounted Over 25,000 Items for Its Spring Sale Shop clothing, home decor, kitchenware, and more ...