Posts

Be Alert for Deepfake Phishing Scams

/in /by

Phishing scams have entered a new, AI-powered phase and can now convincingly mimic real people. Attackers can generate fake voice or video deepfakes to impersonate CEOs authorizing urgent payments, IT staff requesting access, or family members needing help. If you receive a voice or video call from someone you know at an unknown number who urges you to reveal confidential information or send money immediately, slow down, check for telltale signs, and verify before acting. Listen for unnatural pauses, overly smooth phrasing, or odd emotional timing. Visually, look for inconsistent lighting or shadows, artifacts around the hairline, ears, or teeth—or anything that seems “off,” especially around the mouth and eyes when the person moves. For verification, ask for a detail that only they would know. If you’re at all unsure whether the call is legitimate, hang up and contact them—or someone else who will know more—through a separate, trusted channel. A few seconds of skepticism can prevent a costly mistake.

(Featured image by iStock.com/Tero Vesalainen; article image by iStock.com/Boris023)

Social Media: Phishing has a new face—literally. Scammers can now use AI tools to fake voices and videos that look real. Before you act on an “urgent” request, look for audio or visual clues and verify through another channel.

New Features in iOS 26.1

/in /by

The first feature update to iOS 26 is now available—go to Settings > General > Software Update to install iOS 26.1. It doesn’t introduce any game-changers, but there are a few new options and tweaks worth knowing about.

Tinted Option for Liquid Glass

For many people, Liquid Glass’s aggressive transparency can make some interface elements, especially notifications, difficult to read. Until now, your best bet for improving readability was to turn on Settings > Accessibility > Display & Text Size > Reduce Transparency. In iOS 26.1, Apple bowed to user feedback and added a new Tinted view in Settings > Display & Brightness > Liquid Glass, which adds a subtle tint and increases the opacity of many Liquid Glass interface elements. In the screenshot below, the left image uses the default Liquid Glass Clear view, the middle one uses the Tinted view, and the right one uses Clear with Reduce Transparency. You can decide which you like best.

Disable Lock Screen Camera Swipe

For many years, a fast way to get to the Camera app has been to swipe left on the Lock Screen. With new iPhones featuring the Camera Control button for quick access to the Camera app, Apple has given us the option to disable the Lock Screen left swipe. If you find yourself accidentally opening the Camera app from the Lock Screen, you can now prevent that from happening by turning off Settings > Camera > Lock Screen Swipe to Open Camera.

Background Security Improvements

Several years ago, Apple introduced Rapid Security Responses, focused security updates that aimed to reduce update hesitancy with small downloads, automatic installation, and easy reversal. For unknown reasons, Apple used them only a couple of times before reverting to traditional operating system updates. Now, Rapid Security Responses seem to have returned under a new name: Background Security Improvements. They’re enabled by default in Settings > Privacy & Security > Background Security Improvements > Automatically Install. If you prefer to approve these updates in advance, you can turn that off. (A similar setting is available for macOS 26.1.)

Slide to Stop Alarms and Timers

In iOS 26, Apple increased the size of the buttons that appear when alarms or timers go off, but the large Stop button was easy to hit when you meant to tap Snooze (for alarms) or Repeat (for timers). Apple made that mistake much less likely in iOS 26.1 by requiring you to slide the on‑screen control to stop the alarm or timer.

Swipe Between Songs in Music

Sure, you could just tap a song in the album or playlist you’re viewing, but iOS 26.1 adds a subtle way to move to the next or previous track: swipe left (next) or right (previous) on the MiniPlayer at the bottom of the screen.

More Languages for Live Translation

iOS 26 introduced Live Translation with the AirPods 4 with Active Noise Cancellation, AirPods Pro 2, and AirPods Pro 3. Initially, it supported English (US and UK), French, German, Portuguese (Brazil), and Spanish (Spain). In iOS 26.1, Apple added Chinese (Mandarin, simplified and traditional), Italian, Japanese, and Korean. To avoid delays in getting new languages when you are out and about, download the languages you expect to need ahead of time, when you have a fast Internet connection. Go to Settings > Bluetooth and tap the ⓘ next to your AirPods. Scroll to and tap Languages, then select the desired language. For actual use, open the Translate app, tap Live, and select the two languages you want to translate between.

There are a few other tweaks that most people won’t notice, such as support for the new AutoMix transitions between songs in Music when playing over AirPlay, better FaceTime audio quality in low-bandwidth conditions, manual logging of workouts in the Fitness app, and improvements when recording audio with external USB mics.

If you’re already running iOS 26, we recommend updating to iOS 26.1—the changes (and numerous security fixes) are worthwhile. If you haven’t upgraded from iOS 18 yet, now’s a fine time to make the jump.

(Featured image based on an original by Apple)

Social Media: Struggling with Liquid Glass transparency or accidental camera launches? iOS 26.1 addresses both and adds a safer slide‑to‑stop alarm control, swiping to switch songs in Music, Background Security Improvements, and more Live Translation languages.

Updated Passwords App Adds History

/in /by

One small way Apple’s Passwords app lagged behind top password managers like 1Password was in its lack of a password history. It’s sometimes helpful—such as when trying to figure out why a seemingly correct password isn’t being accepted—to see previous passwords for a site and when they were changed. In macOS 26 Tahoe, iOS 26, and iPadOS 26, the Passwords app adds that feature. Click or tap View History to review the history of a particular site’s passwords.

(Featured image by iStock.com/designer491)

Social Media: Apple’s Passwords app can now show your password history in macOS 26 Tahoe, iOS 26, and iPadOS 26, helping you track down why that “correct” password isn’t working.

Never Paste Unknown Text into Terminal!

/in /by

Here’s a new scam to watch for. A client reported running across a suspicious website masquerading as a human verification test. Instead of asking him to click pictures or solve a math equation, this one asked him to copy some text from the page and paste it into Terminal. The text was actually an encoded script that—if pasted into Terminal and executed—would have downloaded and installed malware designed to steal user data. Infected users could lose their login password, browser history and cookies, cryptocurrency wallet information, keychain data, Notes data, and a wide variety of personal files. The moral of the story: never paste unsolicited commands into Terminal. They may seem innocuous or even unintelligible, but they’re fully capable apps that can wreak havoc on your Mac.

(Featured image by iStock.com/stevanovicigor)

Social Media: A clever new scam masquerades as a CAPTCHA test, asking users to paste text into Terminal to prove they’re human. Instead, it installs malware designed to steal passwords, browser data, and other sensitive information.

16 Billion Passwords Exposed in Recent Data Breach: Turn on 2FA!

/in /by

Data breaches keep coming, and the latest one revealed by Cybernews involves 16 billion passwords. There’s no way to know for sure if your passwords are included, though it’s always worth checking Have I Been Pwned and paying attention to monitoring features in password managers. Some media reports claim that passwords from accounts at Apple, Facebook, and Google were leaked, but this is likely overblown. While some accounts at those companies were compromised by infostealers, there were no centralized breaches. Our advice remains the same: use a password manager to ensure that each of your accounts has a strong, unique password and turn on two-factor authentication whenever possible.

(Featured image by iStock.com/tsingha25)

Social Media: Another day, another breach—this time involving 16 billion passwords. Despite alarming headlines about Apple, Facebook, and Google accounts, there’s no need to panic. Our advice? Use unique passwords and enable 2FA.

Beware Domain Name Renewal Phishing Attacks

/in /by

Most phishing attacks are easy to identify, but we’ve just seen one that’s more likely to evade detection. Those who own personal or business Internet domain names—to personalize their email or provide an online presence for their website—may receive fake messages claiming that a domain has been deactivated due to a payment issue. Because scammers can determine when domain names are due to expire and the name of the company hosting the domain, the urgency triggered by a message that appears to be from the domain host and arriving near the renewal date may cause someone to click a link they shouldn’t. This particular one wasn’t even that well crafted and still caused the recipient brief concern until they manually went to DreamHost and verified that nothing was wrong with their domain payment. Stay alert out there!

(Featured image by iStock.com/weerapatkiatdumrong)

Social Media: Phishing scams are becoming more sophisticated. A message that seems to come from an Internet domain host and arrives around the time of a domain renewal could deceive even experienced users.

Consider Business Cyber Insurance

/in /by

When discussing digital security, we typically focus on preventive measures, such as using strong passwords with a password manager, enabling multi-factor authentication, keeping systems up to date, maintaining regular backups, and training employees to recognize potential security threats. While these practices are essential, they don’t guarantee complete protection.

No one is immune to online attacks—the most security-conscious organizations and individuals can still become victims. Even security experts occasionally click something they shouldn’t have or forget to keep a little-used system up to date. A single employee opening a convincing phishing email, a momentary lapse in judgment, or a zero-day vulnerability can lead to devastating consequences.

According to the FBI’s Internet Crime Complaint Center (IC3), cybercrime-related losses from 2020 through 2024 are estimated at $50.5 billion, with IC3 receiving 4.2 million complaints. Most concerning is the rising trend in the frequency and severity of these attacks.

Given these statistics and the reality that perfect security is impossible, many are looking to protect themselves from possible financial losses. Just as fires and accidents make home and auto insurance necessary, these ever-increasing threats from phishing, malware, and other forms of digital attack make cyber insurance an important consideration for both companies and individuals. We’ll focus on businesses here and explore personal cyber insurance in a future article.

What Is Business Cyber Insurance

Cyber insurance for businesses helps companies recover from security breaches and online attacks. Unlike traditional business insurance policies, cyber insurance focuses on the risks of using technology to operate or to store sensitive data online. Businesses of all sizes are vulnerable, but small and medium-sized businesses are often targeted because they lack the robust security infrastructure of larger enterprises.

Industries that are especially at risk include healthcare, financial services, retail, and professional services, but no sector is immune. You may have cause for additional concern if your company collects customer information, processes payments, or maintains a significant online presence, but realistically, every business that uses email or conducts online banking is vulnerable.

What’s Covered

A business cyber policy typically includes two core types of coverage:

  • First-party coverage: This coverage responds to direct costs incurred by your company, including legal expenses, data breach response and notification costs, ransomware payments and recovery expenses, business interruption losses, data restoration, system replacement, and crisis management.
  • Third-party coverage: Also known as liability insurance, this coverage protects you against claims from others affected by the breach, including legal defense costs, settlements, regulatory fines and penalties, and PCI-related fines associated with credit card processing.

What’s Not Covered

However, it’s essential to be aware of common exclusions to business cyber insurance, the most important of which are:

  • Weak security processes: Insurance doesn’t exempt you from maintaining a strong security stance—if you aren’t requiring strong passwords, providing security training, and correcting known vulnerabilities, the policy won’t cover you. Insurers will likely require verification of minimum cybersecurity practices before providing coverage.
  • Prior breaches: Just as health insurance may not cover pre-existing conditions, cyber insurance typically does not cover events that occurred before the policy was taken out.
  • Insider attacks or misconduct: Deliberate or fraudulent acts by company leadership or employees generally aren’t covered. Employees are a company’s greatest resource, but they can also be its greatest weakness.

Shopping for Business Cyber Insurance

How much will business cyber insurance cost? It varies based on your company size and revenue, industry sector, type and amount of sensitive data stored, security practices, coverage limits and deductibles, and claims history. That said, small businesses with yearly revenues under $1 million typically have annual premiums ranging from $500 to $2,000. Mid-sized firms often pay between $2,000 and $10,000, and large companies can expect premiums in the tens of thousands.

It’s common—and entirely understandable—to hesitate to purchase cyber insurance due to concerns about the cost. However, the potential financial impact of an incident is often significant. IBM’s 2024 Cost of Data Breach Report found that the average cost of a data breach was $4.9 million globally, but $9.4 million in the United States. Although IBM doesn’t break out costs by company size, those costs are likely for larger companies. Nonetheless, a Financial Times report notes that users at small and medium-sized businesses were twice as likely to encounter threats as those at large companies.

Choosing the right cyber insurance broker is as important as selecting the policy itself, and you’ll want to involve your security team in the search. Look for someone specializing in cyber coverage who has technical expertise in cybersecurity practices, strong relationships with underwriters, and a track record of providing active claims support. A good broker will not only find competitive pricing but also help tailor coverage to your specific risks and ensure you’re prepared to meet underwriting requirements.

When comparing cyber insurance options, pay attention to the details. Confirm that the policy addresses risks specific to your situation and provides sufficient financial protection for your potential exposure. Pay close attention to exclusions—there will be more than those listed above. Research the insurer’s claims process and reputation for responsiveness, as timely support during an incident is crucial. Finally, inquire about additional risk management services offered by the insurer that may provide valuable preventative resources to complement your coverage.

Start Researching Cyber Insurance Now

Unfortunately, the frequency and risk of cyber attacks are on the rise. Proactive security measures are key, but a single mistake or oversight could have dire outcomes. Cyber insurance provides an important safety net in the event of a breach or attack that evades your best efforts.

We won’t pretend that finding and purchasing cyber insurance is simple, but we can help with finding a good cyber insurance broker, evaluating the policy, answering application questions, and ensuring that your company meets the necessary security requirements.

(Featured image by iStock.com/Who_I_am)

Social Media: Cyber insurance can protect your business from crippling financial losses after a security breach. Learn what’s covered, what’s not, and how to shop for the right policy for your company.

Don’t Assume That Top Google Search Results Are Guaranteed Safe

/in /by

We hate to encourage paranoia, but all is not well with Google Search. Recently, we’ve heard of multiple instances where people were nearly taken advantage of due to relying on the top result in a Google search. In one case, a user called a purported HP support phone number directly from the search results but ended up speaking with a scammer. In another, a user thought they were downloading the latest version of Dropbox but got malware instead. In neither case could we reproduce the error, but they may have resulted from “SEO poisoning,” a malicious technique in which cybercriminals manipulate search engine optimization (SEO) strategies to elevate harmful websites in search results. In short, don’t assume that a site at the top of Google search results is guaranteed safe when downloading software or contacting a company. It’s best to navigate directly to a company’s official website before trusting that corporate information and software downloads are legitimate.

(Featured image based on an original by iStock.com/Armastas)

Social Media: You know that the phrase “I read it on the Internet, so it must be true” is absurd, but you should extend that skepticism to Google search results. We’ve seen two recent instances of malicious content bubbling to the top of searches. Trust but verify.

Security Precautions to Take While Traveling

/in /by

When we think about digital and device security, we mostly think about the fixed locations where people spend most of their time—home, school, and work. But what about when you’re traveling? Some security concerns remain the same when you’re on the road, but new ones crop up.

We’ll assume that you already keep your devices up to date, use FileVault on Macs, have at least a six-digit iOS passcode, have strong password habits, and use multi-factor authentication wherever possible. Other options are more specific to travel.

As with our more general article about increasing security last month, we’ve divided our list of suggestions into two parts: things that everyone should do and measures that only people who worry about being specifically targeted should employ.

Sensible Travel Security Precautions for Everyone

These suggestions are appropriate for everyone who travels, and they’re aimed primarily at avoiding relatively common problems: loss, theft, data loss, and generalized snooping:

  • Focus on physical security: As a tourist, you may be targeted by thieves, so it’s important to keep your iPhone in a secure pocket whenever you’re not using it. Carry an iPad or laptop in a bag that can’t be snatched, or leave them locked or at least concealed in your hotel room.
  • Enable Find My for all your devices: You should have already done this, but if not, enable Find My to improve your chances of finding a device you lose or accidentally leave behind. It might help if the device is stolen, but local police cooperation for recovering stolen items can vary widely. Don’t attempt to recover a stolen device yourself.
  • Put AirTags in your luggage and laptop bags: AirTags can help you track down lost luggage—you can now share their locations with airlines—and prevent you from accidentally leaving bags behind. An AirTag may also help with locating a stolen item, but always work with local law enforcement.
  • Enable biometric authentication and Stolen Device Protection: Using Face ID or Touch ID wherever possible and having Stolen Device Protection enabled on your iPhone in Settings > Face/Touch ID & Passcode is even more important when traveling.
  • Use a VPN or iCloud Private Relay: Because you may be using Wi-Fi networks whose security you know nothing about, it’s best to use a VPN like Mullvad VPN, NordVPN, or ProtonVPN to encrypt all your traffic. At a minimum, use iCloud Private Relay, which requires an iCloud+ subscription and won’t encrypt traffic from most non-Apple apps.
  • Use iCloud Photos or another backup option: To ensure you don’t lose precious vacation photos, use iCloud Photos so all your photos are uploaded to the cloud whenever you have access. This will almost certainly require an iCloud+ subscription for sufficient storage space. If Wi-Fi and cellular are too slow or unavailable, consider an external SSD to which you can manually export photos and videos for backup. To speed up the process, you could create a shortcut that automatically copies all photos taken that day.
  • Use iCloud Backup: It’s best to use iCloud Backup to back up your entire iPhone every night. That way, if your iPhone is lost or destroyed, you may be able to buy a replacement and restore from backup in relatively little time. You will probably need an iCloud+ subscription to have enough backup space.
  • Practice dealing with a lost or stolen device: If the worst happens and you lose one of your devices while traveling, you need to know what to do. Immediately go to Find My on another device or iCloud.com and mark the device as lost. If there’s a chance of getting it back, stop there. However, if you believe the device was stolen, your data is at risk, and tracking it is no longer useful, use Erase This Device in Find My to wipe it. Activation Lock will remain enabled to prevent anyone from reusing the device.

Increasing Travel Security for People Who May Be Targeted

Not all travel is fondue and gamelans. If you’re a journalist, activist, government employee, or corporate executive with access to sensitive data, you could be a target while traveling. This is particularly true if you are headed to countries like China, Russia, or others with authoritarian governments and powerful intelligence agencies. Along with the suggestions above, we recommend:

  • Be aware of local laws and government practices: It’s important to read up on regional laws regarding data access and potential government capabilities at your destination. Knowing what to expect can help you reduce your risks and take appropriate precautions.
  • Use caution with cellular access: Even if your carrier allows roaming, consider using a dedicated eSIM for international travel, separate from your personal one. That way, you can use local cellular networks without revealing your home number. Be aware that your traffic may be monitored.
  • Enable Lockdown Mode: If you’re concerned about your iPhone or iPad being targeted by local law enforcement or government intelligence agencies, turn on Lockdown Mode in Settings > Privacy & Security > Lockdown Mode. To increase security, it blocks most attachment types in Messages, complex Web technologies, incoming FaceTime calls from unknown callers, non-secure Wi-Fi network connections, and incoming invitations to Apple services. Plus, it excludes location information from shared photos, requires approval to connect accessories, and more.
  • Reduce and protect your use of cloud services: While using a VPN is essential, you should still avoid using cloud services much if government entities might have access to stored files. If you need to upload files, encrypt them first using the free and open-source Cryptomator.
  • Know how to disable Face ID and Touch ID: If you find yourself in a situation where you believe you may be compelled to unlock your iPhone or iPad with your face or fingerprint, press and hold the side or top button and either volume button to display the power off slider. This temporarily disables biometric authentication, requiring your passcode for the next unlock.
  • Use dedicated travel devices and accounts: If you’re traveling to a potentially hostile part of the world, we strongly recommend carrying only devices—preferably iPhones or iPads, which are more secure than Macs—configured to contain none of your personal data or regular accounts. Keep them with you at all times, assume they could be confiscated, and be aware you might be compelled to share passcodes or other account information. Create a separate Apple Account for such devices.

Best of luck in your travels! With just a little preparation, you can reduce the chances that something bad will happen during a vacation. If you’re traveling on business to somewhere more concerning, putting in additional effort could prevent truly problematic things from happening.

(Featured image by iStock.com/metamorworks)

Social Media: Security at home is one thing, but what about when you’re on the road? Many of the same precautions apply, but depending on your level of concern and where you’re going, additional techniques can help keep you and your data safe.

Never Save Your Work in These Locations

/in /by

In every job that involves interaction with the public, amusing “Can you believe…” stories about customers abound. They’re often triggered by seemingly reasonable behaviors that experts recognize as problematic. A well-known example from the early days of personal computing is a college student who kept track of his floppy disk by attaching it to his fridge with a magnet, not realizing that magnetic fields could disrupt the disk’s magnetic patterns and corrupt files. The advice from tech support? “Don’t do that.”

No one is sticking floppies to their fridge anymore, but we still occasionally see the modern equivalent: saving data or documents in places that are likely to disappear. Just as you shouldn’t write the only copy of essential information on an easily erased whiteboard, you shouldn’t store important data in any of these locations:

  • Unsaved documents: While autosave is becoming more common, it isn’t universal and often doesn’t activate until a document has been saved for the first time. When you create a new document, always save it right away, before you do anything else. Otherwise, you risk losing all your work if the app crashes, the Mac kernel panics, or the power goes out.
  • Trash: We know, we know! Who would put something in the Trash that they want to keep? But it happens. Don’t do that! On the other hand, there’s also no reason to empty your Trash regularly unless you’re low on space. A good compromise is to choose Finder > Settings > Advanced and select “Remove items from the Trash after 30 days.” This way, you’ll always have a 30-day grace period to recover mistakenly deleted items.
  • Clipboard: Most people know that the clipboard serves as a temporary holding place, overwritten with each new Copy or Cut. However, if you’re unaware of this, you might write something lengthy, use Cut to place it on the clipboard with the intention of pasting it elsewhere, and then forget to do so right away, resulting in data loss on the next use of Copy or Cut. Always paste anything you cut immediately. Many utilities (such as Copy ‘Em, Keyboard Maestro, LaunchBar, Pastebot, and Raycast) provide clipboard history so you don’t lose clipboard data immediately, but you still shouldn’t rely on it persisting indefinitely.
  • Email Drafts mailbox: There’s nothing wrong with starting an email and coming back to it later to finish—that’s the point of the Drafts mailbox. It’s also a sensible way to begin a message on one device and complete it on another. However, avoid storing anything in Drafts for an extended period, and be aware that items there may disappear without warning. (And never, ever store anything in your email Trash mailbox—it will be deleted eventually.)
  • Temporary folders: Thanks to its Unix roots, macOS includes several temporary folders, one located at /tmp and others specific to each user. These folders are cleared regularly, such as when the Mac is restarted, left idle for a long time, or when drive space is low. Storing important data in a temporary folder is a digital version of Russian roulette.
  • Downloads folder: Although the Downloads folder isn’t inherently volatile, it’s unwise to store anything important there. You might forget about that document while tidying up and accidentally delete it, or you might use a cleanup tool in the future that does it for you.
  • USB flash drives: There is nothing wrong with putting files on a USB flash drive. However, avoid storing the only copy of an important file on one, as it is too easy for the drive to be lost or damaged.
  • Public computers, virtual machines, and sandboxed environments: This scenario is unlikely but not impossible. Imagine you’re working on a public computer in a lab and save a file on the desktop. When that computer reboots, it will likely delete all data to return to a fresh state for the next user. The same could apply to a virtual machine used for testing or a sandboxed environment that you log in to remotely.

There are also a few locations that generally aren’t problematic but deserve extra attention due to the higher likelihood of losing data:

  • Third-party app folders in ~/Library: Some apps store their data in folders they maintain within your user account’s Library folder. While this is acceptable for data managed by those apps, we advise against putting anything else in these folders since it’s impossible to know how the app might deal with data it doesn’t recognize during a cleanup or major update.
  • Desktop: It’s fine to work on documents stored on the desktop, but we recommend filing them away carefully when you’re finished. If you frequently move files in and out of your desktop, it’s all too easy to delete something important accidentally. Additionally, if you have iCloud Drive’s Desktop & Documents folder syncing enabled, you might unintentionally delete files from another Mac due to being in a different context.
  • Box, Dropbox, Google Drive, iCloud Drive: Cloud storage services are entirely acceptable locations for important data, but they all offer options that store files only online, downloading them only when necessary. These options may prevent online-only files from being accessible when you’re offline or from being backed up locally. Worse, if you share cloud storage with others for collaboration, they could accidentally delete your data. Be sure to enable any available version history options and ensure everything is backed up locally.
  • External drives or network storage: Many individuals and organizations store essential files and data on external drives and network storage. This approach is perfectly valid, provided that these locations are backed up. When designing your backup system, remember to include your external drives, network servers, and NAS devices. Lastly, if an external drive is encrypted, ensure that you have a backup of both its data and the decryption key.

If you want to avoid all these issues, save your files in your Documents folder and make sure you have a solid backup strategy.

(Featured image based on an original by iStock.com/shutjane)

Social Media: We won’t name names, but we’ve seen too many people saving important data in locations that are likely or even guaranteed to disappear. Here’s a list of places to avoid and another of spots that warrant caution.