You get an email from Apple thanking you for your purchase of an app you never heard of. In the body of the email is a link for you to click on for more information about the purchase. Your immediate inclination is to click the link, sign in, and let Apple know in no uncertain terms that you want your money back. Don't do it! It's probably a phishing email, designed to trick you into handing over your log-in credentials.

We've all seen really obvious phishing emails, written in terrible English from some random email address. But almost every day I get an email forwarded to me that looks pretty good, from a client who, wisely, decided to slow down and ask my opinion of the email prior to taking any action. Here's how to look over any email with a critical eye.

Phishers rarely use a real corporate email address - Real emails from real companies will come from the company's domain - the part of the email address that comes after the @ sign. Emails from @apple.com, @microsoft.com, @amazon.com, are almost always legit. But phishers often create fake email addresses meant to fool the eye. What comes BEFORE the @ sign means very little. I have seen addresses like [email protected], [email protected], etc. - all fakes.

Sometimes the email address is hidden under a legitimate looking display name. If that happens, hover your mouse over the display name and it should uncover the true email address. 

Some very sophisticated phishers will make fake domains that look very similar to the domain they are spoofing. For example, arnazon.com is not amazon.com - I typed an "r" next to an "n" to make a fake "m". These types of fake domain attacks are more common in the business world, but can be used to fool the general public as well, and can be very hard to spot.

There are also websites that specialize in sending email that looks like it came from a real domain. Those sites don't send out bulk phishing email, but they can be used to send a single targeted phishing email to start an attack against a business or government agency.

Phishers rely on emotions - almost every phishing attempt has an immediate call to action. Mistaken purchases, accounts that are about to be closed, websites/email addresses that are going to be locked - the phisher is trying to trigger an immediate response, preferably before you think about it too hard. Legitimate businesses just don't work that way - be suspicious of any email that tries to generate a sense of urgency about logging in to a site.

Phishers push you to click on the link in the email (or sometimes download a PDF or other file). Again, a legitimate business will always offer an alternative - they will tell you to go directly to their website, or to call the number on your credit card.  I can tell you that even when I think an email is totally legitimate, I NEVER go to the website by clicking through the email. I always open up a new browser window and go directly to the business website by typing their address.

Yes, much of the junk mail we get is pretty clearly fake. But some phishers are more sophisticated. If you get an email and you are even the slightest bit suspicious, don't hesitate to forward it to me and ask my opinion!  

Did you see the news in December about creepy hackers talking to kids through their home security cameras?  Those folks were using Amazon Ring products, and Amazon insisted the devices had not been hacked - rather, the homeowners had allowed their credentials to be stolen. Phishing is one way the credentials could have been stolen. Another is through any number of hacks - that's why I always nag you not to reuse passwords. However, even if the homeowners had posted their user name and password on the dark web themselves, the hackers couldn't have gained access to their cameras if they had set up two factor authentication on their account.

Two factor authentication (2FA), also called multi factor authentication, is a way to secure accounts by requiring a code, usually texted to your mobile phone, as an additional step before granting access to an account. Generally you can set a device as "trusted", so you only have to enter the code one time. It stops other people from being able to log into your accounts by forcing you to use something you know (your user name and password) and something you have (your cell phone, to receive a code), before granting access. 

Amazon is now being sued, because they didn't force users to set up 2FA on their Ring systems. I doubt that lawsuit will go far, but the lesson is clear - you need to use 2FA where ever it is offered. When I first wrote about 2FA, it was still pretty uncommon, but now almost every email and major shopping site offers it. Here are some links to set-up instructions:

AOL Amazon Apple Comcast

Google Microsoft Ring Yahoo

 Of course, if you need any help setting this up, please give me a call!

Reduce, Reuse, Recycle

Electronic waste is a HUGE topic these days. We all love getting shiny new tech at the holidays, but what do you do with the old stuff?  Here are some ideas:

Computers - Did you replace your Windows 7 computer with a new Windows 10 system? If it's in reasonable shape, your old system might be good enough to be upgraded to Windows 10 and donated. Contact your local senior center or family resources center to see if there is local need, or  look over this list for other donation options.  You will need to remove your personal data from the computer prior to donating, which I can do for you as a flat rate service. Give me a call if you'd like to discuss your options.

Mac systems are more problematic, as Apple stops supporting them with security updates so they become unsafe to use on the internet. If your Mac is able to run Mojave, it's definitely worth wiping and donating. If it cannot run Mojave, your best bet is to trade it in at Apple.

Smartphones -  Even though you've moved your number to a new phone, your old phone doesn't need to have a data connection to be useful. Connected to home WiFi, old phones can be used as alarm clocks, music or podcast streaming devices, even remote controls. If you replaced your phone because it was very slow, trying doing a factory reset and setting it up as a single use device. 

If you can't find a use for your old phone, there are many organizations that take cell phone donations. Again, make sure  you factory reset your phone prior to donation. 

Tablets - Older tablets make great dedicated electronic devices. Your old iPad can be loaded with e-cookbooks and kept on a stand in the kitchen. You can connect it to exercise equipment and create a low-rent Peloton. You can set it up as an inexpensive video entertainment system for your car. Or you can use it as part of a do-it-yourself home security system.

Whatever you do, don't just toss old electronics into the trash. They are full of valuable, but toxic, metals. The best thing to do is to keep them in use, but if you cannot find a way to do that, make sure they are responsibly recycled!