In macOS 15 Sequoia, Apple made it more difficult to bypass Gatekeeper to run apps that aren’t notarized. (Notarization is one of the ways Apple ensures that apps distributed outside the Mac App Store are unmodified and free from malware.) Cybercriminals have responded to this increase in security with a new social engineering attack. They provide the victim with a disk image, ostensibly to install some desired piece of software, instructing the user to drag a text file into Terminal. Doing so executes a malicious script that installs an “infostealer” designed to exfiltrate a wide variety of data from your Mac. The simple advice here is to treat any guidance to drop a file into Terminal with extreme suspicion—no legitimate software or developer will ever ask you to do that.
(Featured image based on an original by iStock.com/Farion_O)
Social Media: Thing #17 to never do: Follow instructions to drop a text file into Terminal. It’s a great way to install malware and let cybercriminals steal your passwords, financial information, and more.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-12-02 14:05:002024-12-21 03:00:27Don’t Listen to Anyone Who Tells You to Drag a Text File into Terminal
We regularly warn Internet users about online scams and phishing attacks. Most of these are relatively easy to identify and avoid once you’re aware of telltale signs. Unfortunately, we’ve encountered a newer type of scam that’s more difficult to identify, partly because it plays on fears of legal action.
Website owners are the target of this scam email, which purports to come from a lawyer. The message states that an image on your site has been used without permission. Such a claim is all too believable for many, especially those who may not have been as careful about usage permissions in the distant past as they are today. The message includes a link to the image, a link to the purportedly infringing page, and a threat to initiate legal action if certain actions aren’t taken within five business days
Unusually, the email doesn’t ask you to take down the infringing image or pay a retroactive licensing fee. Instead, it says you must credit the image’s copyright holder and include a link. Such a simple request seems like a huge win—instead of paying a licensing fee or worrying about being sued, you can twiddle a little HTML and move on with your life.
Don’t do it! This is what’s called a “link insertion scam.” It exploits the search engine optimization principle that links on reputable sites provide legitimacy to linked sites, helping them move up in the search rankings. Unfortunately, the reverse is also true; linking to a scammer from your website will cause Google and other search engines to penalize your site in the search rankings.
Unfortunately, these copyright infringement scams look legitimate at first glance, as you can see in this example. The From and Subject lines don’t seem forged or malformed, and there are no obvious grammatical errors or indications that the writer doesn’t speak fluent English. And when you click the link in the signature, you end up at what appears to be the website of a real law firm. What should you do if you receive a message like this?
First, don’t panic. Just because the message looks legitimate doesn’t mean it comes from a real lawyer. Also, don’t call your lawyer unless they’re willing to work for free. You can save stress, time, and money by evaluating the message yourself.
A few details in the message suggest that it’s not real:
The domain in the From line’s email address—elitejusticeadvisors.biz—sounds sketchy and doesn’t match the company name.
The Subject line of “DMCA Copyright Infringement Notice” sounds official, but those familiar with the DMCA will know that it can be used only for a formal notice-and-takedown process, not to make demands for attribution or payment. But most people won’t know that.
The message is addressed to the generic “Dear owner of,” whereas legitimate messages from a lawyer would be addressed to a specific entity.
The required link URL points to a telecom news site in Sri Lanka, and it’s odd that an Arizona lawyer would be working for such a client.
The example of the purportedly infringing image is hosted at Imgur, a consumer image-hosting site known for funny pet pictures and cringeworthy GIFs. Legal firms would always use some sort of case management site.
Those details may feel wrong, but they’re insufficient to prove it’s a scam. You’ll need to dig deeper. Here are some ways you can do that:
Investigate the domain: Do a Web search on the domain in question: elitejusticeadvisors.biz. Because others have written about this scam, articles identifying it as a scam will appear on the first page of the results.
Search for the lawyer and firm: The lawyer’s name is too generic to yield revealing results, but if you do a Web search on “Dean Parker Commonwealth Legal Services,” you’ll once again see that others have identified it as a scam.
Check a state bar association directory: Most state bar associations or state courts have a searchable directory of licensed legal professionals. A quick search of the State Bar of Arizona’s member directory reveals that no “Dean Parker” is licensed in Arizona.
See if the headshot matches a real person: If the website provides a headshot, you can copy the image (Control-click it and choose Copy Image) and paste it into the TinEye reverse image search engine. Since all the results say “generated.photos,” it’s a good bet that the image was AI-generated.
Search for the company’s full name and address: As with the name of the lawyer, the generic-sounding name of the law firm will probably match other companies. However, if you search for the full name and address, you’ll likely turn up articles about it being fake.
Visit the address virtually: With Apple Maps and Google Maps, you can verify that a business is present at a location (or not) and often view the offices using Google Street View. Both mapping tools show no law firm at the provided address. Additionally, the building does not have a fourth floor, as specified in the address.
Ask ChatGPT: Now that ChatGPT has access to current Web information, it’s worth pasting the complete contents of the message into a ChatGPT conversation and asking it to tell you about the message. Start generally, but then ask if it thinks the message might be a scam, and if so, to suggest ways you could verify your suspicions.
Some of the above search suggestions identify the scam only because the scammer has reused the same company name, lawyer name, physical address, and website. If you were the first to be targeted by a new scam, the state bar association search and physical address check would be the most likely to expose it.
Let us leave you with an important caveat. You shouldn’t assume that all copyright infringement messages are scams. A legitimate DMCA takedown notice will ask you to remove the content, and a real copyright infringement message—probably from a company that specializes in such matters rather than a lawyer—will likely demand payment. In both cases, take down the offending image right away. If you really were using an image without permission, some payment may be required, and if the amount feels excessive, contact a lawyer specializing in copyright infringement cases. They may be able to negotiate a lower payment or point out issues that will make the claim go away.
(Featured image based on an original by iStock.com/Olivier Le Moal)
Social Media: If you receive what looks like a copyright infringement message complaining about an image on your website, don’t panic—it might be a scam. We help you identify such scams and explain what to do if the message turns out to be real.
iPhones and iPads are highly personal devices, but you might want to let someone else use a particular app on yours without letting them poke through Messages, Mail, and Photos. For example, a child could play a game, a volunteer could check in attendees, or a friend could take photos. To allow this, Apple created Guided Access, which you turn on in Settings > Accessibility—give it an easily remembered passcode and decide if you want to let the display auto-lock. Then, to turn on Guided Access, open the app you want to share and triple-click the side or top button. Options let you control buttons, the accelerometer, software keyboards, touch input, and a time limit. To end a Guided Access session, triple-click the side or top button, enter the Guided Access passcode, and tap End.
(Featured image by iStock.com/Userba011d64_201)
Social Media: If you’d like to allow a child, friend, or colleague to enjoy a specific app on your iPhone or iPad while keeping them focused and preventing access to everything else on the device, check out Apple’s Guided Access feature.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-11-01 13:08:002024-12-01 21:26:16Use Guided Access for Securely Allowing Others to Use an App on Your iPhone or iPad
We’ve seen an uptick in fake invoices from scammers using PayPal. Because they’re being sent through PayPal itself, spam filters won’t catch them, and they have few of the usual markers of phishing email (but look for sketchy names and email addresses at the top). Some are even forged to appear as if they come from Apple. Never pay a PayPal invoice that you can’t tie directly to something you’ve ordered, and don’t call the number listed—the scammer will try to convince you that the invoice is real. If you receive one of these invoices, click the “Report this invoice” link at the bottom to help protect others who might have received it, and forward the message to phishing@paypal.com. Don’t mark the invoice as spam, though, since that will train your email client to be suspicious of legitimate messages from PayPal.
(Featured image by iStock.com/Moostocker)
Social Media: Beware of PayPal invoice scams that might even appear to come from Apple. Should you receive one, report it to PayPal to help protect other people, but don’t mark the message as spam.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-11-01 13:07:002024-12-01 21:26:17Watch Out for PayPal Invoice Phishing Scams
All those data breaches are coming back to haunt us. Once our phone numbers and addresses began to be leaked, it was only a matter of time before scammers would personalize their attacks to make them seem more real. The latest “sextortion” scams purport to have compromising video of you taken from your computer’s webcam, backing it up with your phone number and a Google Street View-like image that matches your leaked address. They make a lot of claims and dire-sounding threats, but talk is cheap, and there’s nothing behind them. Do not pay the scammers!
(Featured image by iStock.com/Thapana Onphalai)
Social Media: Scams are starting to incorporate personal information stolen in data breaches, so you may get “sextortion” threats that purport to know your phone number, address, and more.
Although we’re still fans of 1Password, and there are plenty of other good password managers out there, like BitWarden and Dashlane, Apple has finally removed the last hurdle to using its built-in password management capabilities.
Starting in macOS 15 Sequoia, iOS 18, iPadOS 18, and visionOS 2, Passwords is now a real app rather than being trapped inside Safari, System Settings, and Settings. If you have resisted using a password manager or don’t wish to continue subscribing to an alternative, give Apple’s Passwords a try. It makes creating, maintaining, and entering passwords faster, easier, and more secure than doing it by hand. Those already using a password manager can export their accounts and import into Passwords.
What You’ll Find in Passwords
We’ll focus on the Mac version here, but the other versions are nearly identical apart from their screen sizes.
The left-hand sidebar, reminiscent of Reminders, provides categories of accounts:
All: Select All to see all your accounts, regardless of what shared group they may be in.
Passkeys: If you have any passkeys for large websites like Apple, Google, and others, they’ll appear here.
Codes: Passwords can create, store, and enter two-factor authentication codes for sites that support them. If you need to look one up manually because Passwords couldn’t autofill it, you’ll find the associated account here.
Wi-Fi: This category contains stored passwords for all the known Wi-Fi networks on your device. Because known Wi-Fi networks aren’t synced between devices, the number of these will vary between your devices.
Security: If you have any accounts with weak passwords, accounts you previously shared and stopped sharing, or accounts whose passwords were leaked in a security breach, they’ll appear here. Edit these accounts and click the Change Password button to start the process; when the password changes, they’ll disappear from this category.
Deleted: Any accounts you delete stay here for 30 days before being deleted for good. You can delete any of these accounts immediately or restore them to their previous group.
Shared Groups: If you use Family Sharing, you automatically get a Family Passwords group to simplify sharing important accounts with your family members. But you can also share accounts with other groups of Apple device owners. To move an account to a group, choose it from the Group pop-up menu.
The middle pane lists the accounts in the selected category. You can sort the list using the menu with vertical arrows, search for a specific account, and manually add a new one with the + button. Otherwise, scroll through the list and click an account to view it in the right-hand pane.
At the top of the right-hand pane is an AirDrop button and an Edit button. Click AirDrop to share an account with someone nearby or Edit to make changes or set up a two-factor verification code. If you want to copy information, click the User Name, Password, Verification Code, or Website item to get a Copy menu. The password becomes visible when you mouse over it. Clicking Website also offers an Open Website option and lets you add more sites where the password should autofill.
Setup Requirements
Most people shouldn’t need to do anything to start using Passwords. However, if you have trouble, check the following items:
Turn on Password AutoFill: If your device isn’t entering passwords for you, turn on AutoFill Passwords and Passkeys in Settings/System Settings > General > AutoFill & Passwords. Also, ensure that Passwords is enabled in the AutoFill From section if multiple password managers are installed.
Turn on iCloud Keychain: If you want your passwords to sync securely among your devices, which makes life a lot easier, go to Settings/System Settings > Your Name > iCloud > Passwords and turn on Sync This Device.
Set up iCloud Passwords for other browsers: Apart from Safari, Chromium-based Web browsers (Arc, Brave, Google Chrome, Microsoft Edge, etc.) can access and autofill your saved passwords if you install Apple’s iCloud Passwords Chrome extension. (There’s also now an iCloud Passwords add-on for Firefox.) The overall experience is not as seamless as in Safari, requiring a once-per-launch code, and you have to create new accounts in Safari or manually in Passwords, but it works.
Configure settings: Choose Passwords > Settings (or look in Settings > Apps > Passwords for iOS 18 and iPadOS 18) to access options. Generally speaking, it’s fine to keep them all turned on.
If you have additional questions, check Apple’s documentation for detailed instructions for all the platforms on which Passwords runs. But realistically, Passwords is easy to use, and although the app itself is new, the underlying password management features and syncing have been in place for years, so they’re stable and reliable.
(Featured image by iStock.com/designer491)
Social Media: Apple’s new Passwords app in macOS 15, iOS 18, iPadOS 18, and visionOS 2 makes the company’s longstanding password storage and syncing features more straightforward and easy to use. It’s password management for the rest of us!
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-10-01 15:04:002024-10-31 14:47:21Passwords Becomes a Real App in macOS 15 Sequoia, iOS 18, and iPadOS 18
Although paying attention to online security is of primary importance, don’t forget local security. You don’t want to go out for lunch and let someone wandering by your office poke through your email, messages, photos, and private files. To ensure this doesn’t happen, set your Mac to start the screen saver or sleep the display after a few minutes (on a laptop, just close the lid), and then set “Require password after screen saver begins or display is turned off” to a short duration. We recommend 1 or 5 minutes, though you can adjust to balance inconvenience against security. To eliminate the fuss almost entirely, use Touch ID or an Apple Watch to unlock your Mac without having to type your password.
(Featured image based on an original by iStock.com/Armastas)
Social Media: Don’t forget about local security on your Mac. Make sure to require a password shortly after the screen saver starts or the display sleeps to prevent people from riffling through your email, photos, messages, and more.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-09-03 14:06:002024-10-01 07:19:19Set macOS to Require a Password after Screen Saver Start or Display Sleep
We’ve written in the past about how Apple-only companies can protect themselves from ransomware (strong security, isolated backups, monitoring software), but realistically, it’s primarily a threat to computers running Windows and Linux. If you, or anyone you know, is targeted by ransomware, look to the No More Ransom website, developed by Europol’s European Cybercrime Centre and the Dutch police, for advice and tools. The advice boils down to: “Don’t pay the ransom because it proves to the criminals that ransomware works, and there’s no guarantee it will solve your problem.” On the tools side, the Crypto Sheriff helps identify the type of ransomware in play, and No More Ransom provides decryption tools for 180 different forms and variants of ransomware. There are no guarantees, but anyone who has fallen prey to ransomware should start with No More Ransom.
(Featured image based on original by iStock.com/Suebsiri)
Social Media: Ransomware primarily affects Windows and Linux computers, but if you, or anyone you know, falls prey to it, visit the No More Ransom website for advice and decryption tools.
QR codes, those square, blocky codes you scan with your iPhone’s camera to load a Web page, have become ubiquitous. So much so that we seldom pause before scanning any QR code we see. But if you think about it, that’s the same as clicking random links in emails or texts, which is a terrible idea from a security perspective. “Quishing” (QR code phishing) isn’t commonplace yet, but some sources say there are thousands of cases per month. To avoid falling victim to a quishing scam, only scan QR codes from trusted sources, try to verify what a code will do once scanned, and evaluate the yellow URL preview Safari provides (when using other browsers, all you see is Open in Browser Name). Finally, always install iOS security updates promptly because they often address vulnerabilities that could be exploited with malicious data.
(Featured image based on an original by iStock.com/B4LLS)
Social Media: QR codes—those blocky squares you scan with your iPhone camera—are an easy way to open a Web page. Unfortunately, scammers also use them to trick people into visiting malicious websites, so read our tip about scanning these codes safely.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-08-01 13:08:002024-09-03 01:52:33Be Careful When Scanning Unknown QR Codes
We recently wrote an article for those who manage their own Internet domain names about using SPF, DKIM, and DMARC to prevent your domains from being used in phishing attacks and enhance the deliverability of legitimate email. But what about other domains you own but don’t use for email? To make phishing attacks more believable, spammers sometimes forge email so it appears to come from parked domains that aren’t protected. You can use SPF, DKIM, and DMARC to ensure that forged email that seems to come from your unused domains isn’t accepted. The details are too specific to go into here, but Cloudflare has an excellent article outlining what you need to do.
(Featured image based on an original by iStock.com/Igor Kutyaev)
Social Media: If you have parked domains that never send email, it’s important to set up SPF, DKIM, and DMARC so scammers can’t forge legitimate-looking email from those domains.
https://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpg00F-11 Photohttps://f11photo.com/wp-content/uploads/sites/13/2023/06/PR-F11Photo-logo.jpgF-11 Photo2024-08-01 13:06:002024-09-13 09:40:46Protect Domains That Don’t Send Email from Email Spoofing
