Posts

Never Save Your Work in These Locations

In every job that involves interaction with the public, amusing “Can you believe…” stories about customers abound. They’re often triggered by seemingly reasonable behaviors that experts recognize as problematic. A well-known example from the early days of personal computing is a college student who kept track of his floppy disk by attaching it to his fridge with a magnet, not realizing that magnetic fields could disrupt the disk’s magnetic patterns and corrupt files. The advice from tech support? “Don’t do that.”

No one is sticking floppies to their fridge anymore, but we still occasionally see the modern equivalent: saving data or documents in places that are likely to disappear. Just as you shouldn’t write the only copy of essential information on an easily erased whiteboard, you shouldn’t store important data in any of these locations:

  • Unsaved documents: While autosave is becoming more common, it isn’t universal and often doesn’t activate until a document has been saved for the first time. When you create a new document, always save it right away, before you do anything else. Otherwise, you risk losing all your work if the app crashes, the Mac kernel panics, or the power goes out.
  • Trash: We know, we know! Who would put something in the Trash that they want to keep? But it happens. Don’t do that! On the other hand, there’s also no reason to empty your Trash regularly unless you’re low on space. A good compromise is to choose Finder > Settings > Advanced and select “Remove items from the Trash after 30 days.” This way, you’ll always have a 30-day grace period to recover mistakenly deleted items.
  • Clipboard: Most people know that the clipboard serves as a temporary holding place, overwritten with each new Copy or Cut. However, if you’re unaware of this, you might write something lengthy, use Cut to place it on the clipboard with the intention of pasting it elsewhere, and then forget to do so right away, resulting in data loss on the next use of Copy or Cut. Always paste anything you cut immediately. Many utilities (such as Copy ‘Em, Keyboard Maestro, LaunchBar, Pastebot, and Raycast) provide clipboard history so you don’t lose clipboard data immediately, but you still shouldn’t rely on it persisting indefinitely.
  • Email Drafts mailbox: There’s nothing wrong with starting an email and coming back to it later to finish—that’s the point of the Drafts mailbox. It’s also a sensible way to begin a message on one device and complete it on another. However, avoid storing anything in Drafts for an extended period, and be aware that items there may disappear without warning. (And never, ever store anything in your email Trash mailbox—it will be deleted eventually.)
  • Temporary folders: Thanks to its Unix roots, macOS includes several temporary folders, one located at /tmp and others specific to each user. These folders are cleared regularly, such as when the Mac is restarted, left idle for a long time, or when drive space is low. Storing important data in a temporary folder is a digital version of Russian roulette.
  • Downloads folder: Although the Downloads folder isn’t inherently volatile, it’s unwise to store anything important there. You might forget about that document while tidying up and accidentally delete it, or you might use a cleanup tool in the future that does it for you.
  • USB flash drives: There is nothing wrong with putting files on a USB flash drive. However, avoid storing the only copy of an important file on one, as it is too easy for the drive to be lost or damaged.
  • Public computers, virtual machines, and sandboxed environments: This scenario is unlikely but not impossible. Imagine you’re working on a public computer in a lab and save a file on the desktop. When that computer reboots, it will likely delete all data to return to a fresh state for the next user. The same could apply to a virtual machine used for testing or a sandboxed environment that you log in to remotely.

There are also a few locations that generally aren’t problematic but deserve extra attention due to the higher likelihood of losing data:

  • Third-party app folders in ~/Library: Some apps store their data in folders they maintain within your user account’s Library folder. While this is acceptable for data managed by those apps, we advise against putting anything else in these folders since it’s impossible to know how the app might deal with data it doesn’t recognize during a cleanup or major update.
  • Desktop: It’s fine to work on documents stored on the desktop, but we recommend filing them away carefully when you’re finished. If you frequently move files in and out of your desktop, it’s all too easy to delete something important accidentally. Additionally, if you have iCloud Drive’s Desktop & Documents folder syncing enabled, you might unintentionally delete files from another Mac due to being in a different context.
  • Box, Dropbox, Google Drive, iCloud Drive: Cloud storage services are entirely acceptable locations for important data, but they all offer options that store files only online, downloading them only when necessary. These options may prevent online-only files from being accessible when you’re offline or from being backed up locally. Worse, if you share cloud storage with others for collaboration, they could accidentally delete your data. Be sure to enable any available version history options and ensure everything is backed up locally.
  • External drives or network storage: Many individuals and organizations store essential files and data on external drives and network storage. This approach is perfectly valid, provided that these locations are backed up. When designing your backup system, remember to include your external drives, network servers, and NAS devices. Lastly, if an external drive is encrypted, ensure that you have a backup of both its data and the decryption key.

If you want to avoid all these issues, save your files in your Documents folder and make sure you have a solid backup strategy.

(Featured image based on an original by iStock.com/shutjane)


Social Media: We won’t name names, but we’ve seen too many people saving important data in locations that are likely or even guaranteed to disappear. Here’s a list of places to avoid and another of spots that warrant caution.

When Purchasing a Fireproof Safe, Pay Attention to the Details

The devastating losses caused by the Los Angeles wildfires have underscored the need to protect data from catastrophic events. A traditional offsite backup—periodically moving a hard drive to another location—might not have sufficed in areas affected by wildfires, where many structures were destroyed. An online backup using a service like Backblaze or CrashPlan is often a better solution, although it can become costly for multiple Macs, and some individuals and organizations are uncomfortable storing their data online, even with encryption.

What about a safe? Would storing one or more backup drives in a safe provide adequate protection? Possibly, but the details are critical. Some safes are designed solely to guard against theft, focusing on preventing thieves from opening the door. However, paper ignites at 451ºF (it chars around 387ºF), and most house fires reach temperatures between 800ºF and 1200ºF, so you may think that all you need to do is look for a “fireproof” safe. That’s a good start, but paper is actually much more resilient than magnetic and optical media.

Fireproof safes come with ratings that indicate the internal temperature they can maintain, with the most common being:

  • Class 350: Safes maintain an internal temperature of 350ºF, suitable only for paper.
  • Class 150: Safes keep the interior below 150ºF, which should protect magnetic media.
  • Class 125: Safes maintain temperatures under 125ºF, appropriate for optical media.

It is also important to determine how long the safe can maintain that temperature. Generally speaking, a fireproof safe is rated for 1 or 2 hours, indicating it can maintain the specified internal temperature for at least that duration. Time ratings represent minimums, not maximums, so the actual protection time may be longer.

In most cases, the protection time is likely to be longer. That’s because safes are tested in furnaces at temperatures that can be two to three times hotter than the average house fire. For example, Underwriters Laboratory (one of several independent testing labs) conducts tests at 1700ºF or 1850ºF. Additionally, while a house fire may burn for several hours, the average fire will consume everything near the safe within 20 minutes and then move on.

Wildfires are a different story. In extreme conditions, wildfire temperatures can range from 1500ºF to 2200ºF, approaching or exceeding the testing conditions. Wildfires also last longer, so a safe in a destroyed building may remain in embers for hours or even days before it can be recovered.

While temperature over time is the main factor to consider when researching a fireproof safe, also look for two other variables being mentioned as well:

  • Water resistance: Where there’s fire, there’s usually water. Thousands of gallons of water, some of which will undoubtedly affect the safe. Not all fireproof safes are waterproof, so verify whether a specific safe can withstand being doused by firefighters.
  • Impact protection: If the floor collapses, a safe on an upper story could fall a considerable distance. If you are considering such a location, ensure the safe can withstand the impact. To simulate realistic fire conditions, the test may involve withstanding a 30-foot drop onto a concrete floor, followed by reheating.

Finally, remember that if your safe is in a fire, the heat will cause its insulation to swell up, rendering the lock useless, regardless of its type. Typically, you will need to hire a locksmith to access the safe using instructions from the manufacturer.

If you’re going to trust your data to a fireproof safe, do your research to ensure that whatever you buy will meet your needs for fire, water, and impact protection. It won’t be cheap—depending on the size and other factors, a good fireproof safe can cost many hundreds or even thousands of dollars. However, this is one area where you definitely shouldn’t cut corners.

(Featured image based on originals by iStock.com/phive2015 and Hanna Plonsak)


Social Media: If the wildfires in Los Angeles have you considering a fireproof safe to safeguard backups and important documents, make sure to research temperature ratings over time and be mindful of water and impact resistance.

Don’t Listen to Anyone Who Tells You to Drag a Text File into Terminal

In macOS 15 Sequoia, Apple made it more difficult to bypass Gatekeeper to run apps that aren’t notarized. (Notarization is one of the ways Apple ensures that apps distributed outside the Mac App Store are unmodified and free from malware.) Cybercriminals have responded to this increase in security with a new social engineering attack. They provide the victim with a disk image, ostensibly to install some desired piece of software, instructing the user to drag a text file into Terminal. Doing so executes a malicious script that installs an “infostealer” designed to exfiltrate a wide variety of data from your Mac. The simple advice here is to treat any guidance to drop a file into Terminal with extreme suspicion—no legitimate software or developer will ever ask you to do that.

(Featured image based on an original by iStock.com/Farion_O)


Social Media: Thing #17 to never do: Follow instructions to drop a text file into Terminal. It’s a great way to install malware and let cybercriminals steal your passwords, financial information, and more.

Website Owners: Identifying Copyright Infringement Link Insertion Scams

We regularly warn Internet users about online scams and phishing attacks. Most of these are relatively easy to identify and avoid once you’re aware of telltale signs. Unfortunately, we’ve encountered a newer type of scam that’s more difficult to identify, partly because it plays on fears of legal action.

Website owners are the target of this scam email, which purports to come from a lawyer. The message states that an image on your site has been used without permission. Such a claim is all too believable for many, especially those who may not have been as careful about usage permissions in the distant past as they are today. The message includes a link to the image, a link to the purportedly infringing page, and a threat to initiate legal action if certain actions aren’t taken within five business days

Unusually, the email doesn’t ask you to take down the infringing image or pay a retroactive licensing fee. Instead, it says you must credit the image’s copyright holder and include a link. Such a simple request seems like a huge win—instead of paying a licensing fee or worrying about being sued, you can twiddle a little HTML and move on with your life.

Don’t do it! This is what’s called a “link insertion scam.” It exploits the search engine optimization principle that links on reputable sites provide legitimacy to linked sites, helping them move up in the search rankings. Unfortunately, the reverse is also true; linking to a scammer from your website will cause Google and other search engines to penalize your site in the search rankings.

Unfortunately, these copyright infringement scams look legitimate at first glance, as you can see in this example. The From and Subject lines don’t seem forged or malformed, and there are no obvious grammatical errors or indications that the writer doesn’t speak fluent English. And when you click the link in the signature, you end up at what appears to be the website of a real law firm. What should you do if you receive a message like this?

First, don’t panic. Just because the message looks legitimate doesn’t mean it comes from a real lawyer. Also, don’t call your lawyer unless they’re willing to work for free. You can save stress, time, and money by evaluating the message yourself.

A few details in the message suggest that it’s not real:

  • The domain in the From line’s email address—elitejusticeadvisors.biz—sounds sketchy and doesn’t match the company name.
  • The Subject line of “DMCA Copyright Infringement Notice” sounds official, but those familiar with the DMCA will know that it can be used only for a formal notice-and-takedown process, not to make demands for attribution or payment. But most people won’t know that.
  • The message is addressed to the generic “Dear owner of,” whereas legitimate messages from a lawyer would be addressed to a specific entity.
  • The required link URL points to a telecom news site in Sri Lanka, and it’s odd that an Arizona lawyer would be working for such a client.
  • The example of the purportedly infringing image is hosted at Imgur, a consumer image-hosting site known for funny pet pictures and cringeworthy GIFs. Legal firms would always use some sort of case management site.

Those details may feel wrong, but they’re insufficient to prove it’s a scam. You’ll need to dig deeper. Here are some ways you can do that:

  • Investigate the domain: Do a Web search on the domain in question: elitejusticeadvisors.biz. Because others have written about this scam, articles identifying it as a scam will appear on the first page of the results.
  • Search for the lawyer and firm: The lawyer’s name is too generic to yield revealing results, but if you do a Web search on “Dean Parker Commonwealth Legal Services,” you’ll once again see that others have identified it as a scam.
  • Check a state bar association directory: Most state bar associations or state courts have a searchable directory of licensed legal professionals. A quick search of the State Bar of Arizona’s member directory reveals that no “Dean Parker” is licensed in Arizona.
  • See if the headshot matches a real person: If the website provides a headshot, you can copy the image (Control-click it and choose Copy Image) and paste it into the TinEye reverse image search engine. Since all the results say “generated.photos,” it’s a good bet that the image was AI-generated.
  • Search for the company’s full name and address: As with the name of the lawyer, the generic-sounding name of the law firm will probably match other companies. However, if you search for the full name and address, you’ll likely turn up articles about it being fake.
  • Visit the address virtually: With Apple Maps and Google Maps, you can verify that a business is present at a location (or not) and often view the offices using Google Street View. Both mapping tools show no law firm at the provided address. Additionally, the building does not have a fourth floor, as specified in the address.
  • Ask ChatGPT: Now that ChatGPT has access to current Web information, it’s worth pasting the complete contents of the message into a ChatGPT conversation and asking it to tell you about the message. Start generally, but then ask if it thinks the message might be a scam, and if so, to suggest ways you could verify your suspicions.

Some of the above search suggestions identify the scam only because the scammer has reused the same company name, lawyer name, physical address, and website. If you were the first to be targeted by a new scam, the state bar association search and physical address check would be the most likely to expose it.

Let us leave you with an important caveat. You shouldn’t assume that all copyright infringement messages are scams. A legitimate DMCA takedown notice will ask you to remove the content, and a real copyright infringement message—probably from a company that specializes in such matters rather than a lawyer—will likely demand payment. In both cases, take down the offending image right away. If you really were using an image without permission, some payment may be required, and if the amount feels excessive, contact a lawyer specializing in copyright infringement cases. They may be able to negotiate a lower payment or point out issues that will make the claim go away.

(Featured image based on an original by iStock.com/Olivier Le Moal)


Social Media: If you receive what looks like a copyright infringement message complaining about an image on your website, don’t panic—it might be a scam. We help you identify such scams and explain what to do if the message turns out to be real.

Use Guided Access for Securely Allowing Others to Use an App on Your iPhone or iPad

iPhones and iPads are highly personal devices, but you might want to let someone else use a particular app on yours without letting them poke through Messages, Mail, and Photos. For example, a child could play a game, a volunteer could check in attendees, or a friend could take photos. To allow this, Apple created Guided Access, which you turn on in Settings > Accessibility—give it an easily remembered passcode and decide if you want to let the display auto-lock. Then, to turn on Guided Access, open the app you want to share and triple-click the side or top button. Options let you control buttons, the accelerometer, software keyboards, touch input, and a time limit. To end a Guided Access session, triple-click the side or top button, enter the Guided Access passcode, and tap End.

(Featured image by iStock.com/Userba011d64_201)


Social Media: If you’d like to allow a child, friend, or colleague to enjoy a specific app on your iPhone or iPad while keeping them focused and preventing access to everything else on the device, check out Apple’s Guided Access feature.

Watch Out for PayPal Invoice Phishing Scams

We’ve seen an uptick in fake invoices from scammers using PayPal. Because they’re being sent through PayPal itself, spam filters won’t catch them, and they have few of the usual markers of phishing email (but look for sketchy names and email addresses at the top). Some are even forged to appear as if they come from Apple. Never pay a PayPal invoice that you can’t tie directly to something you’ve ordered, and don’t call the number listed—the scammer will try to convince you that the invoice is real. If you receive one of these invoices, click the “Report this invoice” link at the bottom to help protect others who might have received it, and forward the message to phishing@paypal.com. Don’t mark the invoice as spam, though, since that will train your email client to be suspicious of legitimate messages from PayPal.

(Featured image by iStock.com/Moostocker)


Social Media: Beware of PayPal invoice scams that might even appear to come from Apple. Should you receive one, report it to PayPal to help protect other people, but don’t mark the message as spam.

Beware Fake “Sextortion” Scams

All those data breaches are coming back to haunt us. Once our phone numbers and addresses began to be leaked, it was only a matter of time before scammers would personalize their attacks to make them seem more real. The latest “sextortion” scams purport to have compromising video of you taken from your computer’s webcam, backing it up with your phone number and a Google Street View-like image that matches your leaked address. They make a lot of claims and dire-sounding threats, but talk is cheap, and there’s nothing behind them. Do not pay the scammers!

(Featured image by iStock.com/Thapana Onphalai)


Social Media: Scams are starting to incorporate personal information stolen in data breaches, so you may get “sextortion” threats that purport to know your phone number, address, and more.

Passwords Becomes a Real App in macOS 15 Sequoia, iOS 18, and iPadOS 18

Although we’re still fans of 1Password, and there are plenty of other good password managers out there, like BitWarden and Dashlane, Apple has finally removed the last hurdle to using its built-in password management capabilities.

Starting in macOS 15 Sequoia, iOS 18, iPadOS 18, and visionOS 2, Passwords is now a real app rather than being trapped inside Safari, System Settings, and Settings. If you have resisted using a password manager or don’t wish to continue subscribing to an alternative, give Apple’s Passwords a try. It makes creating, maintaining, and entering passwords faster, easier, and more secure than doing it by hand. Those already using a password manager can export their accounts and import into Passwords.

What You’ll Find in Passwords

We’ll focus on the Mac version here, but the other versions are nearly identical apart from their screen sizes.

The left-hand sidebar, reminiscent of Reminders, provides categories of accounts:

  • All: Select All to see all your accounts, regardless of what shared group they may be in.
  • Passkeys: If you have any passkeys for large websites like Apple, Google, and others, they’ll appear here.
  • Codes: Passwords can create, store, and enter two-factor authentication codes for sites that support them. If you need to look one up manually because Passwords couldn’t autofill it, you’ll find the associated account here.
  • Wi-Fi: This category contains stored passwords for all the known Wi-Fi networks on your device. Because known Wi-Fi networks aren’t synced between devices, the number of these will vary between your devices.
  • Security: If you have any accounts with weak passwords, accounts you previously shared and stopped sharing, or accounts whose passwords were leaked in a security breach, they’ll appear here. Edit these accounts and click the Change Password button to start the process; when the password changes, they’ll disappear from this category.
  • Deleted: Any accounts you delete stay here for 30 days before being deleted for good. You can delete any of these accounts immediately or restore them to their previous group.
  • Shared Groups: If you use Family Sharing, you automatically get a Family Passwords group to simplify sharing important accounts with your family members. But you can also share accounts with other groups of Apple device owners. To move an account to a group, choose it from the Group pop-up menu.

The middle pane lists the accounts in the selected category. You can sort the list using the menu with vertical arrows, search for a specific account, and manually add a new one with the + button. Otherwise, scroll through the list and click an account to view it in the right-hand pane.

At the top of the right-hand pane is an AirDrop button and an Edit button. Click AirDrop to share an account with someone nearby or Edit to make changes or set up a two-factor verification code. If you want to copy information, click the User Name, Password, Verification Code, or Website item to get a Copy menu. The password becomes visible when you mouse over it. Clicking Website also offers an Open Website option and lets you add more sites where the password should autofill.

Setup Requirements

Most people shouldn’t need to do anything to start using Passwords. However, if you have trouble, check the following items:

  • Turn on Password AutoFill: If your device isn’t entering passwords for you, turn on AutoFill Passwords and Passkeys in Settings/System Settings > General > AutoFill & Passwords. Also, ensure that Passwords is enabled in the AutoFill From section if multiple password managers are installed.
  • Turn on iCloud Keychain: If you want your passwords to sync securely among your devices, which makes life a lot easier, go to Settings/System Settings > Your Name > iCloud > Passwords and turn on Sync This Device.
  • Set up iCloud Passwords for other browsers: Apart from Safari, Chromium-based Web browsers (Arc, Brave, Google Chrome, Microsoft Edge, etc.) can access and autofill your saved passwords if you install Apple’s iCloud Passwords Chrome extension. (There’s also now an iCloud Passwords add-on for Firefox.) The overall experience is not as seamless as in Safari, requiring a once-per-launch code, and you have to create new accounts in Safari or manually in Passwords, but it works.
  • Configure settings: Choose Passwords > Settings (or look in Settings > Apps > Passwords for iOS 18 and iPadOS 18) to access options. Generally speaking, it’s fine to keep them all turned on.

If you have additional questions, check Apple’s documentation for detailed instructions for all the platforms on which Passwords runs. But realistically, Passwords is easy to use, and although the app itself is new, the underlying password management features and syncing have been in place for years, so they’re stable and reliable.

(Featured image by iStock.com/designer491)


Social Media: Apple’s new Passwords app in macOS 15, iOS 18, iPadOS 18, and visionOS 2 makes the company’s longstanding password storage and syncing features more straightforward and easy to use. It’s password management for the rest of us!

Set macOS to Require a Password after Screen Saver Start or Display Sleep

Although paying attention to online security is of primary importance, don’t forget local security. You don’t want to go out for lunch and let someone wandering by your office poke through your email, messages, photos, and private files. To ensure this doesn’t happen, set your Mac to start the screen saver or sleep the display after a few minutes (on a laptop, just close the lid), and then set “Require password after screen saver begins or display is turned off” to a short duration. We recommend 1 or 5 minutes, though you can adjust to balance inconvenience against security. To eliminate the fuss almost entirely, use Touch ID or an Apple Watch to unlock your Mac without having to type your password.

(Featured image based on an original by iStock.com/Armastas)


Social Media: Don’t forget about local security on your Mac. Make sure to require a password shortly after the screen saver starts or the display sleeps to prevent people from riffling through your email, photos, messages, and more.

No More Ransom Website Offers Ransomware Decryption Tools

We’ve written in the past about how Apple-only companies can protect themselves from ransomware (strong security, isolated backups, monitoring software), but realistically, it’s primarily a threat to computers running Windows and Linux. If you, or anyone you know, is targeted by ransomware, look to the No More Ransom website, developed by Europol’s European Cybercrime Centre and the Dutch police, for advice and tools. The advice boils down to: “Don’t pay the ransom because it proves to the criminals that ransomware works, and there’s no guarantee it will solve your problem.” On the tools side, the Crypto Sheriff helps identify the type of ransomware in play, and No More Ransom provides decryption tools for 180 different forms and variants of ransomware. There are no guarantees, but anyone who has fallen prey to ransomware should start with No More Ransom.

(Featured image based on original by iStock.com/Suebsiri)


Social Media: Ransomware primarily affects Windows and Linux computers, but if you, or anyone you know, falls prey to it, visit the No More Ransom website for advice and decryption tools.