Do you know if your data is wandering around on the Internet?

You’d be horrified by how much we can find about you online.

We often implicitly trust companies to keep our data safe, but wait a minute – just because they say it’s safe doesn’t mean it’s foolproof. In fact, companies often warn you in their contracts about how they will handle your information.

That’s not possible, you might say. Well, just recently, in July 2024, AT&T confirmed that cybercriminals had stolen phone numbers and call records of “nearly all” of its customers, affecting approximately 110 million people [1].

The genetic testing company ’23andMe’ reported a breach, affecting 14,000 users [2].

Under the subtitle “Top 5 Data Breaches of 2023,” you can read about this genetic company and others [2].

Here’s an altered story – almost real (company names and personal names have been changed to guarantee anonymity) – that will make you think twice about your own online security… and even your physical security:

The High-School Friend and The DNA Test

Juliana Luniq, a young German medical professional, had just moved to a new city, Amsterdam. She was juggling her new job while setting up her new place, keeping her busy and somewhat feeling lonely. A few days after settling in, she was thrilled to reconnect with Amanda, her best friend from high school. Amanda had reached out on social media, and soon they were remembering about old times, laughing over high-school photos, and catching up on Juliana’s new life that Amanda had followed on social media, where Juliana posted her move from Germany to the Netherlands.

Juliana felt a wave of nostalgia as she reconnected with Amanda, who remembered all the details – favorite bands, embarrassing prom moments, even the long summer road trip they had taken after graduation.

It was comforting to have an old friend in her inbox, especially while adjusting to a new city and all the challenges of starting fresh. Juliana and Amanda chatted over the next few weeks, catching up on everything from career to family. Juliana even shared that she had recently taken a DNA test with a popular international company, GeneVII GmbH, to explore her ancestry and potential health risks. She had always been interested in her heritage, and the test had provided insights into her family’s genetic makeup, along with a few notes on health predispositions.

Unknown to Juliana, the “Amanda” she thought she was chatting with was not her friend at all. The real Amanda had no idea this “reconnection” was happening. Juliana was, in fact, being targeted by a sophisticated scam ring that exploited leaked data from GeneVII GmbH and social media. By piecing together both Amanda’s and Juliana’s social media posts, tagged photos (dates, places…), and even Juliana’s genetic data, the scam ring crafted a disturbingly convincing persona from Juliana’s past. Like so many of us – even high-profile cybersecurity experts who’ve been targeted – Juliana had unknowingly provided the foundation they needed.

Over the next few weeks, “Amanda” became a comforting presence for Juliana – a familiar face who seemed to understand her. They exchanged stories and recommendations, and one day, “Amanda” suggested an exclusive supplemental health analysis service from GeneVII GmbH that she had found after Juliana had recommended the company to her. The offer seemed like the perfect opportunity for Juliana to explore her health profile in greater depth, especially with the recommendation from her friend.

Juliana clicked the fake link sent to her, logged in, provided her details, and verified her account “for security purposes” via a 6-digit Google Authenticator code (any code would work), thinking this was just another benefit of her GeneVII GmbH membership. The address had only a slight change – where ‘VII’ had one lowercase ‘L’ instead of two (unnoticeable).

That very night, the scam operation went into action. “Amanda” and her team now had complete access to Juliana’s GeneVII GmbH account, including her full genetic profile. Worse still, they had changed her security questions, password, and locked her out – a move timed over the weekend when most companies are closed. As a precaution, they also accessed her email, confirmed all changes, and deleted any email notifications.

On Monday, while Juliana was at work, her family received an unexpected call from a professional-sounding woman claiming to be a genetic counselor from GeneVII GmbH. She explained that, through routine analysis, they had discovered a serious genetic marker for an aggressive disease in Juliana’s DNA. The counselor’s tone was calm, compassionate, and and eerily calm. She warned Juliana’s parents that their daughter was at imminent risk for the disease and that a groundbreaking, though experimental, treatment was available privately.

“We’re reaching out because Juliana didn’t respond to her emergency contact,” the counselor said smoothly, spinning a believable story that left Juliana’s parents in a state of panic. Her father tried to contact her directly, but each attempt was met with an error message asking him to try again later. The scammers had managed to block her account and used a pretense with the operator to change her phone number.

In the midst of this supposed crisis, the counselor put the family in touch with “Amanda”, claiming that Juliana had trusted her as a local contact in Amsterdam. Tearfully, “Amanda” explained that Juliana had confided in her about feeling fatigued and overwhelmed, and was considering this experimental treatment – if only it weren’t so costly. To make the story even more convincing, “Amanda” shared personal, intimate details about her supposed friend.

Juliana’s family was devastated. Unable to reach her, feeling powerless and desperate, they resolved to do anything to save her. The counselor assured them that EUR 80,000 was all that was needed to secure a spot in the exclusive medical trial, but emphasized that spots were filling up quickly.

In an emotional rush, Juliana’s parents wired the money, convinced they were buying their daughter precious time. All the while, Juliana was blissfully unaware of the deception, still going about her happy life in Amsterdam.

That evening, she only discovered the truth when she tried to log into her GeneVII GmbH account to do what “Amanda” told her about the new test and found she was locked out. Panicked, she called the company’s customer service, only to learn that her account had been accessed from a new device two days earlier, and her details had been changed. Her heart raced as she thought, ‘Who could that be?’ when suddenly all the private messages she had exchanged with “Amanda” came to mind, making her realize that her supposed friend had known far too much. It struck her like a ton of bricks that this “friend” was a complete stranger, piecing together her life and vulnerabilities through years of social media, and now genetic data.

With mounting dread, she urgently called her parents from the company’s phone since her own phone was disabled – only to learn of the money they had sent and the horror they had endured on her behalf. They were all heartbroken, and Juliana was devastated at having unknowingly led them there. Every choice she had made seemed to unravel with one simple, careless mistake:

Trusting an ‘online friend request’ from someone who felt familiar.

Juliana had fallen victim to a deeply personal scam, one that exploited intimate details of her life, her genetic data, and her family’s trust. A single click, a connection with a “familiar” face, and a series of misplaced trust had led her and her family into the hands of a highly organized scam ring.

What can we take away from this story?

Every digital footprint you leave online remains permanent – whether you ask Google to remove it or not. Think beyond just Google, and consider other search engines outside the EU and US, and especially governmental databases. Your photos, friendships, and even your DNA can be weaponized by bad actors. In an age where data breaches occur daily and scammers exploit the smallest details, it’s crucial to rethink who you trust online and what data you share. Your information might be worth more than you realize – not just to you, but to those who would use it against you and the people you love.

This story serves as a reminder to think carefully about the personal information you share, even with online friends (check with them before, via email, telephone…), to recognize the potential for deep personal consequences. Be proactive by asking questions!

In our days, we urgently need to exercise caution when it comes to our data in today’s digital world. Be mindful of what you share on social media, and consider removing tags and geolocation data from your photos and videos.

Just for fun (or maybe not), try asking ChatGPT to create a profile about you – you will be amazed at what it can tell you. Now just imagine governments who collect every bit of data about you, and using a more powerful AI!

A new DANGER!

A new threat is now looming, the imitation of our voices, which could be used to scam us all.

These AI-generated voices can be incredibly realistic, to the point that it becomes difficult to tell if you are speaking to a human or a machine. Imagine receiving a call from a loved one, asking for money urgently, only to find out it was not them at all, but a deepfake of their voice.

Advise your friends or loved ones to take action if they notice anything unusual or suspicious. For instance, they can use security-based questions to verify whether they are truly speaking to the person they think they are. These questions could be designed to test familiarity or mutual knowledge that only the real person would know. Here are some examples:

  • What was the color of my childhood bedroom?” (A personal question based on shared history.)
  • What’s the name of the family dog?” (A detail that’s specific and difficult for an imposter to guess.)
  • What was the title of the last movie we watched together?” (Something that could easily reveal whether the caller is the real person or not.)
  • Can you name the musical band we saw last summer?” (A shared experience that would be hard for anyone else to know.)
  • What was the first thing I said when we met?” (A personal memory that only the real person would be able to recall.)

These questions can help confirm that the person on the other end is who they claim to be, especially in cases where AI-generated voices might be used to deceive. In fact, you could even use these questions while chatting, as AI currently excels more in text-based conversations than in voice interactions.

Be proactive in educating your circle about these potential threats, and always verify anything that seems even slightly out of the ordinary.

Is the first sentence justified?

“You’d be horrified by how much we can find about you online.”

Disclaimer:
The names, places, companies, and, in part, events mentioned in this article are purely fictional and created solely for illustrative purposes. Any resemblance to actual individuals, locations, or organizations is entirely coincidental.

References:
[1] https://techcrunch.com/2024/10/14/2024-in-data-breaches-1-billion-stolen-records-and-rising/
[2] https://jumpcloud.com/blog/top-data-breaches-2023

Everyone has something to hide!

Author: Vasco Gonçalves
Date: April 19, 2022

Secure your data (composed by Vasco Gonçalves / images source: PixaBay)

Let’s start with a real-life story where some of you might identify yourselves:

A CEO, let’s call her Joanna, lost her job for being trolled on social media.

What happened?

Joanna worked very hard to attain her position. She was relatively young, ambitious, and very successful. One morning, as usual, she arrived at the office and found her employees whispering and acting strangely.

She called her executive assistant and asked if she knew what was going on. Reluctantly, the assistant explained:

“Someone posted some photos of you and a man kissing, along with some nasty comments and other stuff.” The “other stuff” included partially masked nude photos of Joanna and a man, avoiding Twitter’s bans.

She asked to see the posts.

“Oh my God! These photos are of my husband and me! How did they get these photos? They were in my encrypted Cloud! Nobody could have accessed them! These photos are private!”

In that instant, she knew her career had come to an end and felt overwhelming shame. She wanted the ground to swallow her whole. She ran out of the office and went home, never to return.

Joanna had a virtual conference with the Board of Directors to announce her resignation. She handed in her written resignation the next day via postal mail. Although the Board opposed her resignation, Joanna could no longer work with her colleagues.

What happened to Joanna? Where does she live now? Does she still work?

Keep reading, the answers will be given.

Consequences

Have you ever faced a situation so overwhelming you felt like retreating from the world?

Maybe due to compromised photos like Joanna, or perhaps some confidential documents or patents are circulating on the Internet.

Gossip starts to mushroom everywhere, from your family to unknown people. You are trolled on social media. Many move away to unknown places, permanently or until the dust settles, as Joanna did. Some people lose jobs they cared about and receive no financial compensation. Though rare, some even commit suicide.

As a business owner or CEO, it is very difficult to hire someone who is or was trolled on social media or in gossip columns, even if the news is fake and they are innocent.

Others will say, “I have nothing to hide!

Joanna was a respected professional and active member of her community, balancing family and career with dedication, but in an instant, she lost everything!

Maybe you are young and free-spirited. But one day, you might make mistakes, knowingly or unknowingly. That’s when you’ll wish the ground to swallow you whole!

One thing we should never forget:

“The Internet NEVER FORGETS anything!”

Once comments, photos, videos… are published, they remain somewhere in the world forever. Just search your favorite search engine, and you will see that some photos pop up even if they are no longer available on certain websites.

  • Are you in such a situation? Maybe, or maybe not yet!
  • Are you a celebrity?
    An actress or an actor, a social media magnate, a business leader,
    a politician …
  • Do you have innovations, patents… to secure and hide?
  • Do you have professional or private pictures or videos to secure and hide?

If you answered yes to any of these questions, you are certainly a candidate to secure and hide professional or private data or information, especially if it could be embarrassing to the public!

“I already have my data in a secure online cloud.”

Can you trust such online clouds? Joanna thought her data was secure in the Cloud. She paid a hefty fee for the provider to secure her phone and cloud.

If you ‘secure’ your data on the cloud, you become a perfect target for hackers, paparazzi, corporations, and rogue governments. With today’s circumstances, everyone is in need of money, and this could likely intensify over the next 5 to 10 years!

Despite their best efforts, clouds from Amazon, Apple, Google, Microsoft, and others are serious hacking targets. Here is a simple example:

“iCloud hacker stole intimate photos from hundreds of Apple customers” (techradar.pro – https://www.techradar.com/news/icloud-hacker-stole-intimate-photos-from-hundreds-of-apple-customers)

How many accounts have been compromised (publicly known and undisclosed)?

You just need to look on Twitter, at hacker sites, and anonymous forums. Many brag about their exploits and sometimes post a nude picture of a celebrity or publish a few lines of a top-secret document as proof. They want to monetize these documents and photos or sell them back to you for a huge amount of money.

What is the guarantee that the malicious hackers will not retain a copy for future financial demands (again and again)? Many companies are in such a position and pay regularly – as an insurance policy – without being assured of the data’s destruction!

What can be done? What is the best option?

The best storage is a Secure Local Open Source Personal Cloud (SLOSPC). Think of SLOSPC as a personal vault in your home, fortified with cutting-edge security.

What is that?

Simply said, SLOSPC is a highly secure computer in your house or premises. Not any kind of security, but the highest form of security that exists for now – all the software opensource and free**.

How does it work? Simply said:

  • We install it with all the securities (Linux-based).
  • We test it.
  • We let it be tested by an independent ethical hacker.
  • We arrange for a non-published domain name (difficult to guess) if you need to access documents via the Internet.
  • We train the user(s) in security matters.
  • If you wish, we intervene only in urgent matters and perform annual maintenance (we never see your private documents since they are encrypted under your name).

I hope you understand the implications of ‘everyone has something to hide’ and the vulnerabilities of online cloud systems.

  • So, what happened to Joanna?
  • Where does she live now?
  • What does she do for a living?

Joanna and her new life

She relocated with her family to a quieter location to start afresh. After a year, she applied for a business permit and now does local marketing for small companies – keeping it local.

She asked me for a solution to her problem, and I proposed the above solution, a SLOSPC.

How to get the SLOSPC or more information?

If you wish for more information, send us a simple message through our website: https://digitaltran.eu/#contact.

Thereafter, we will contact you more privately.

* Some news about photoshoots, new collection designs, innovations, officially non-published patents, private photos, private documents, accounts and passwords (sensitive people may abstain from viewing some websites):

https://firewalltimes.com/amazon-web-services-data-breach-timeline/

https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html?m=1

https://edition.cnn.com/2022/03/23/tech/microsoft-lapsus/index.html

https://nypost.com/2021/12/08/google-warns-over-1m-devices-have-been-infected-in-russian-hack/

https://thehackernews.com/2021/11/hackers-using-compromised-google-cloud.html

https://abc7.com/jennifer-lawrence-nude-photos-hacker-ariana-grande-victoria-justice/288987/

http://myunique.info/vintage/icloud-hacked-celebrity-photos.php

https://celebrityrevealer.com/

** You may contribute financially to the opensource community so they can continue to perfect their free products, which we can enjoy. More and more companies and private individuals are turning to open-source and contributing heavily so developers can continue developing and controlling any code available full-time.

Disclaimer

The story presented in this article, while inspired by real events, includes fictional elements and altered facts to protect the privacy and safety of individuals involved. The individual referred to as “Joanna” is not based on any one person, and details have been intentionally modified to prevent identification.

As the author, I acknowledge being an acquaintance of a family whose experiences loosely inspired this narrative. However, the fictionalization ensures that no harm or harassment can be traced back to anyone connected to the events. This article aims to educate readers about digital security and privacy, not to disclose or speculate on any individual’s personal life.

Can You Mine Bitcoin (BTC) with a Simple Smartphone App?

Yes, it’s possible to mine cryptocurrencies like Bitcoin with minimal energy via your smartphone. However, there’s a catch – serious privacy and security concerns. Let’s break it down, focusing on the Pi Network as an example.

Data Collection and Sharing Concerns

What Data is Collected?

Pi Network gathers a significant amount of personal and device-related information, including:

  • Personal details: Names, email addresses, phone numbers
  • Device information: Hardware specifications, operating system version
  • Contact data: Access to phonebook information
  • Location tracking: GPS and related data
  • Usage logs: Access times, activity patterns
  • Marketing engagement: Ad-related interactions and preferences

How is the Data Used?

The platform uses this data for:

  1. Enabling Pi coin mining
  2. Conducting identity verification – Know Your Customer (KYC)
  3. Enhancing platform security
  4. Improving app functionality
  5. Building user profiles for targeted purposes

Data Sharing Practices !!!

Why is This a Concern?

Pi Network’s approach to data sharing raises alarms due to:

  1. Third-party access: Data is shared with advertisers and other entities, sometimes after being aggregated or de-identified.
  2. Limited transparency: The privacy policy is difficult to locate, leaving users unclear about how their data is managed.
  3. Extensive permissions: The app requests broad access to Android devices, facilitating comprehensive data collection.

Privacy Issues

Several specific issues highlight why Pi Network’s practices are controversial:

  1. Default settings: Intrusive data collection and advertising settings are enabled by default.
  2. Opaque privacy policies: The official website lacks prominent and accessible information on privacy practices.
  3. Potential data misuse: The collection of sensitive data, such as full names and phone numbers, raises the risk of exploitation.

How Does It Compare to Other Platforms?

Many social media and mobile apps engage in extensive data collection, but Pi Network’s methods are notably aggressive. Some critics liken it to high-profile data scandals, such as Cambridge Analytica, due to its broad scope of data harvesting.

Proceed with Caution

While Pi Network claims to prioritize user privacy, its data collection and sharing practices suggest otherwise. Users should carefully consider these implications, particularly if they are concerned about their personal data being used for marketing purposes or shared with third parties, including governments.

The platform may address these concerns in the future, but for now, many users consider it a risk not worth taking.

Sources

  1. Kotigi FAQs: Pi Network Data Privacy
  2. Google Play Data Safety
  3. Binance Square Article 1
  4. AI Multiple: Is Pi Network Safe?
  5. Reddit Discussion on Pi Network Privacy
  6. Binance Square Article 2
  7. Google Play Store App
  8. Pi Network Privacy Policy

Disclaimer

The information provided in this document is for informational purposes only and is based on publicly available sources and research. It does not constitute financial, legal, or professional advice. While every effort has been made to ensure the accuracy and reliability of the information, no guarantees are made regarding its completeness or timeliness.

Readers should independently verify any claims or data before taking any action, especially concerning privacy, security, or financial matters. The mention of Pi Network or other platforms is not an endorsement or critique of their services but a presentation of findings based on available data.

Use of the Pi Network app or similar platforms may pose risks, including but not limited to data privacy and security concerns. Users are encouraged to exercise caution, thoroughly review the terms of use and privacy policies, and consult with a qualified professional if needed.

The author and publisher disclaim any liability for actions taken or not taken based on the content of this document. Use of this information is at your own risk.

Transitioning from Grey to 100% Green Energy

Is it possible to transition from polluting energy sources to fully “green” energy in a short time?

A short answer: “Yes, it is!

However, the first and most crucial step is to address a significant obstacle: the influence of corrupt government and corporate officials. Without removing their interference, we risk undoing progress and returning to square one.

What is “Green” Energy?

  • Hydroelectric dams
  • Solar energy
  • Wind energy
  • Ocean wave and tidal energy
  • Nuclear energy (with the challenge of managing nuclear waste)
  • Electric vehicles (EVs) and their batteries connected to the grid
  • …and more.

Today, let’s focus on three of the most accessible and economical options:

  • Solar energy (including new all-in-one advanced solar panels: electricity – day/night – and heating)
  • Home wind energy
  • Electric vehicles (EVs)

These technologies are relatively straightforward to implement, cost-effective, and have the potential to make a significant impact.

For new construction and renovation projects, governments should mandate the integration of green energy technologies. In many countries, regulations already require property owners to connect to public utilities, ensuring access to shared resources for reasons like hygiene and community solidarity.

Why not extend this principle to green energy systems? By connecting renewable energy setups – such as solar panels and home wind turbines – to the public grid, homeowners could sell their surplus energy to those in need. This would lower energy tariffs, phase out polluting generators, and drive widespread adoption.

To realize this vision, governments must enact supportive legislation, such as offering tax rebates for green energy and passive housing investments. In the long term, this approach benefits everyone – a win-win:

  • Governments save on public health expenditures, also alleviating the burden on medical professionals, reduce national debt, and cut pollution control costs.
  • Companies can innovate and thrive in a green economy, even producing energy solutions locally.
  • Private citizens save on energy costs and can profit from selling surplus energy.

Furthermore, surplus national funds could be reinvested in underserved rural areas, improving living standards and fostering social equity.

China has already made significant strides in green energy adoption and other areas of public life, although there’s still room for improvement. They’ve addressed corruption – a pervasive issue worldwide – by implementing reforms. Citizens globally must demand greater transparency from their governments to eradicate corruption, which would unlock resources to fund these transitions. Believe it or not, this would significantly improve lives economically and socially.

With reduced corruption and proper governance, we could see tax incentives and green energy adoption flourish within the next 10 years or, at most, a generation.

In the end, everyone wins:

  • Healthier environments
  • Stronger economies
  • A better quality of life for all

This concept draws inspiration from EVA Smart City (2016), a visionary project decades ahead of its time – up to 30 years more advanced than any modern city. It became a benchmark, embraced by forward-thinking corporations, universities, and communities in several countries, showcasing the transformative power of innovation and collaboration in building sustainable futures.

What’s your take on this? Does it sound utopic? Think twice before dismissing it as mere utopia!

After all, many once considered EVA Smart City a dream too, yet it was successfully adopted – until the pandemic temporarily brought it to a halt. Now, I’m planning to repurpose it as a foundation for educating young, aspiring technologists and scientists through an NGO. This initiative will inspire them to transform visionary ideas into reality, focusing on areas like cybersecurity, mechatronics, IoT, and beyond.

Disclaimer:
Any past, present, or future publications regarding the concepts, designs, or intellectual property related to EVA Smart City are solely the creation and intellectual property of Vasco F. Gonçalves. Unauthorized use, reproduction, or adaptation of these concepts in any form is strictly prohibited without prior written consent from the author.

Knives and Robots: Tools of Progress, Shadows of the Past

A chef might say: “Give me a knife, and I can create tasty dishes.”
A technologist might say: “Give me a robot, and I will ease your life.”

Noble and true statements. But have you ever asked yourself what a knife and a robot have in common?

At first glance, you might say: nothing. But from a historical perspective, these tools share remarkable parallels. Both represent humanity’s ingenuity and the dual capacity to create and destroy.

Humanity’s Oldest Tool – the Knife

The knife is one of the oldest tools in human history, with origins in the Paleolithic era. Early humans shaped stones into crude cutting implements, a leap that revolutionized survival. By the Bronze Age, knives evolved with the introduction of metals like copper and bronze, offering sharper and more durable blades. The Iron Age brought further refinement, as iron and steel allowed for stronger, more versatile designs that continue to be essential today.

Initially a tool of survival, the knife became a weapon. Its evolution from necessity to an instrument of war underscores its dual role as both a creator of life and an executioner of death.

A Dream of Artificial Helpers – the Robot

The concept of robots traces back to ancient myths and early mechanical devices. Greek mythology spoke of Talos, a giant automaton built by Hephaestus, while similar beings appeared in Chinese and Indian stories. Practical attempts to build robotic creations began as early as the 3rd century BCE (a bit less than 2300 years ago), with inventors like Ctesibius and Hero of Alexandria crafting water- and air-powered automata for entertainment.

The Renaissance saw breakthroughs, with Leonardo da Vinci designing a mechanical knight in the 15th century. By the 18th century, automata like Jacques de Vaucanson’s digesting duck demonstrated the fusion of artistry and engineering.

Modern robotics took shape during the Industrial Revolution, driven by advancements in mechanics and electricity. The term “robot” was coined in 1921 by Czech playwright Karel Čapek in R.U.R. (Rossum’s Universal Robots). In 1954, George Devol created the first programmable robot, Unimate, marking a milestone in manufacturing automation.

Today, robots play diverse roles in industries, healthcare, and homes, showcasing humanity’s aspiration to mimic life and enhance productivity, as evidenced by examples we already see, particularly in China and the USA.

The Dark Side of Innovation

Despite their contributions to progress, knives and robots also reveal humanity’s darker tendencies. Just as knives transitioned from tools to weapons, robots are increasingly being developed for military purposes. Governments worldwide, bypassing their own ethical frameworks, are pouring vast resources into creating robotic weapons powered by artificial intelligence (AI), mirroring the historical trajectory of knives becoming swords.

What makes our era especially concerning is easy accessibility. Unlike the past, when such technologies required massive industrial complexes, today’s advancements in AI and robotics can be achieved with modest local datacenters.

Yet, the real threat does not lie with small-scale innovators but with governments – entities that have historically driven wars against the will of their own citizens.

A Call for Accountability

Should we stop the development of robotics and artificial intelligence? Certainly not. These technologies save countless lives, from assisting the elderly to providing critical healthcare. However, the lessons of history urge us to act responsibly, something governments are often willing to overlook.

Today, we have tools unavailable in the past, such as legal systems, public accountability, and the power of collective voice. Citizens must demand transparency and ethics in AI and robotics development. Laws must be created and enforced to ensure these tools serve humanity’s survival, not its destruction.

The Choice Is Ours

Knives and robots are mirrors of our potential – symbols of creativity and destruction. Their impact depends not on their existence but on how we choose to handle them.

By addressing the political and ethical dimensions of technology, we can ensure that these tools remain blessings rather than curses. After all, progress is not just about invention – it’s about responsibility.

Disclaimer:
This article is intended for informational and reflective purposes only. The views and opinions expressed here are those of the author and do not necessarily reflect the views of any organization or entity. The content is meant to spark discussion about the ethical implications of technological advancements and is not an endorsement of any specific policy, government action, or technological development. Readers are encouraged to consider these issues critically and from multiple perspectives.

Scammers Are More Sophisticated Than Ever

In today’s digital age, scammers are employing increasingly sophisticated tactics to exploit individuals. What’s particularly alarming is the level of personalization they achieve, crafting believable scenarios to target you or your family. I recently learned, despite already being aware of it, through a friend just how advanced and resourceful these groups can be.

Many of these scammers collaborate with psychologists and behavioral experts to design emotionally compelling schemes. They tailor their approaches to manipulate your trust and decision-making. How do they gain such intimate knowledge about you or your loved ones? The answer lies in multiple sources, many of which are either freely accessible or poorly secured.

Let’s have a look together:

Common Ways Scammers Collect Information

  1. Social Media:
    Most of us share glimpses of our lives on platforms like TikTok, Facebook, Instagram, Threads, or LinkedIn. Scammers mine these posts for personal details – family connections, hobbies, anniversaries, and even addresses – that can be used to gain your trust or create believable stories.
  2. Smartphones and Computers:
    Malware or phishing attacks can give scammers access to your devices, allowing them to extract sensitive information like contact lists, photos, and financial details.
  3. Online Relationships:
    Scammers also infiltrate dating apps and platforms – not by hacking, but by actively participating as fake boyfriends or girlfriends. They build connections, gain trust, and gather personal details over time, sometimes lasting months. In some cases, they purchase premium memberships to access exclusive dating groups or communities, even at high costs.
  4. Social Engineering:
    Beyond the digital realm, scammers exploit face-to-face interactions or casual online friendships. They may pose as coworkers, neighbors, or mutual friends to gain more information.
  5. Discarded Documents (garbage cans):
    Hackers and scammers can retrieve valuable information from improperly disposed-of items, such as old bank statements, bills, or any documents containing personal or financial details, even if they appear insignificant.

Tips to Protect Yourself

  1. Be Mindful of What You Share Online:
    Limit the personal information you post publicly. Review your privacy settings on social media platforms, and think twice before sharing details about your family (whether good or bad), locations, or future plans.
  2. Verify Before You Trust:
    If someone contacts you with an urgent request involving family members – such as needing money for an emergency or something else – pause and verify their story directly. Avoid using SMS or regular phone calls to inquire about your supposedly ill family member. Instead, use secure communication apps like Signal or Session, ensuring their security number is verified beforehand, either in person or during a live video call.
  3. Strengthen Your Cybersecurity:
    Use strong, unique passwords for all your accounts. Consider using a password manager like KeePassXC or other open-source options. Enable multifactor authentication (MFA), such as fingerprint or hardware tokens, whenever possible. Keep your devices secure by updating them regularly and using reliable antivirus software.
  4. Beware of Suspicious Profiles:
    If you use dating apps or networking platforms, be cautious of profiles that seem too perfect or overly curious about personal details early on. Where appropriate, conduct background checks – some services even offer facial recognition tools – and mainly trust your instincts.
  5. Educate Your Family:
    Scammers often target the most vulnerable members of a family, such as the elderly, teenagers, or individuals dealing with personal problems. These groups may be more talkative or less cautious. Share cybersecurity knowledge and encourage family members to approach you if they receive suspicious messages or requests.
  6. Dispose of Sensitive Information Securely:
    Always shred or securely destroy documents containing personal or financial information before throwing them away. This includes bank statements, bills, receipts, and anything else that could be used to piece together your identity or finances.

Cybersecurity isn’t just about technology, even the best tools have their limits. The way you communicate, both online and offline – even in everyday situations like a trip to the supermarket – is equally important. Scammers rely on emotional manipulation and social engineering, making your awareness the most critical line of defense.

Be cautious at work, in private settings, and across your digital interactions. Always double-check if something feels off, and remember: in the digital world, your personal information is a valuable asset. Protecting it doesn’t just safeguard you but also shields your friends, family, and acquaintances from potential attacks.

Guard your personal information wisely.

Do You Know How to Use AI or a Chatbot in Your Daily Life?

Here’s a simple but effective guide:

Assign the AI a Role

Begin by designating the AI a specific role, such as a computer expert, a Microsoft Windows or Linux specialist, or even a cooking chef.

Prompt Examples:

Prompt 1 – Assign a Role to the AI:
“You are an Italian cooking chef.” Press ENTER.

Prompt 2 – Modify a Recipe:
“I have visitors tonight, and I need to cook for 10 people. I was planning to make a homemade pasta dish with walnut sauce a creamy sauce made from walnuts, garlic, olive oil, and Parmesan cheese. However, one of the guests is allergic to walnuts. Can you suggest a way to adapt the recipe to exclude the nuts while preserving the original flavor profile as much as possible?” Press ENTER.

Prompt 3 – Request a List of Ingredients:
“Can you provide a list of ingredients for a nut-free alternative to my original recipe?” Press ENTER.

Be as Specific as Possible

Avoid vague or overly general prompts like:

  • “I need to cook something for my visitors.”
    With such prompts, the AI might suggest any random recipe, even one from 200 years ago.

Likewise, avoid generic technical descriptions like:

  • “I have a problem with my computer.”
    The response will likely be too broad to solve your issue.

Provide Context and Detail

Let’s refine the process with a technical example:

Example: Computer Problem

Prompt 1 – Assign a Role:
“You are now an expert in Windows 10 Pro.”
Press ENTER.

Prompt 2 – Describe the issue with relevant details (be as specific as possible):
“I’m encountering an issue in Office Excel. When I try to create a table that summarizes my sales data, I get an error that says: ‘Something went wrong with the table.’ My table just has columns for ‘Product,’ ‘Sales,’ and ‘Date.’ Can you help me figure out what’s causing this and how I can fix it?”
Press ENTER.

Example: Troubleshooting a Smartphone Issue

Prompt 1 – Assign a Role:
“You are now an Android (or Apple) smartphone expert.”
Press ENTER.

Prompt 2 – Describe the Issue with Relevant Details:
“My phone keeps freezing when I try to open the camera app. It worked fine last week, but now it stops responding and the screen goes black. I’ve tried restarting my phone, but it still happens. Can you help me fix this?”
Press ENTER.

Why Details Matter

Including precise details helps the AI provide targeted and useful answers.

For the cooking example, specifying the dish and the ingredients allows the AI to offer an appropriate substitute.

For the technical example, describing the application, version, and error message enables the AI to diagnose the problem more effectively.

Privacy Considerations and Confidentiality

NEVER share private or enterprise-sensitive data. Instead, use substitute data or anonymize information. Remember, these interactions may be used for training purposes and could potentially be visible to others.

Practical Tips for Using AI

Keep the Chat Open
Many enterprise chatbots operate in a “private” mode. If you close the chat window too early, you might lose the session’s context and need to restart from scratch.

Save History
If possible, save the chat history for future reference, especially for ongoing issues or projects – some AI offer an ‘Export’ tool (use it).

By following these steps, you can effectively use AI to solve everyday problems, whether it’s planning a meal or troubleshooting software issues. Stay specific, provide context, and protect your privacy for the best results!

How Small Businesses Can Take Advantage of AI on a Tight Budget

In today’s competitive landscape, artificial intelligence (AI) has become an essential tool for businesses of all sizes. For small companies with limited budgets, accessing the power of AI might seem intimidating. Due to high living costs and the galloping inflation, free or low-cost AI tools, such as ChatGPT, Google Gemini, or perplexity can open the door to significant improvements in efficiency, productivity, and customer engagement.

Here’s how small businesses can get started without breaking the bank in 6 steps and a real-world example:

Step 1: Determine Key Business Challenges

Before diving into AI tools, small businesses should focus on the areas where AI can provide the most impact. Common challenges that AI can address include:

  • Customer Service: Slow response times or a high volume of inquiries.
  • Marketing: Inefficient targeting or difficulty creating engaging content.
  • Operations: Manual, time-consuming tasks like bookkeeping or data entry.

By focusing on these specific areas, businesses can ensure that they utilize AI in the most effective way possible.

Step 2: Start with Freely Available Tools

Platforms like ChatGPT and Google Gemini offer free versions that are ideal for small-scale applications:

  • ChatGPT (Free Plan): A conversational AI tool that can generate content, assist with customer inquiries, or provide operational suggestions.
  • Google Gemini (Free Plan): Ideal for analyzing documents stored in Google Drive, extracting key insights, and identifying trends.

How to Use These Tools:

  1. Customer Support: Use ChatGPT to create pre-drafted responses for common customer questions.
  2. Document Analysis: Leverage Google Gemini to summarize contracts, reports, or feedback forms.
  3. Marketing Content: ChatGPT can generate blog posts, social media captions, or email campaigns tailored to your business.

    Note: Always review AI-generated content. While these tools are powerful, they can occasionally produce errors or inaccuracies that require manual correction.

Step 3: Prioritize and Optimize Usage

Since free plans come with limitations, focus on the most critical tasks:

  • Analyze High-Priority Documents: Use Gemini to process key files such as contracts, performance reports, or client feedback.
  • Break Down Large Tasks: Split extensive documents into smaller sections before uploading to Gemini.
  • Draft and Edit: Use ChatGPT to draft content, which can then be refined manually for greater accuracy and customization.

Step 4: Combine Free AI Tools for Greater Efficiency

For businesses looking to overcome the limitations of free plans, combining tools can maximize outcomes:

  • Content Creation: Pair ChatGPT with tools like Canva (free version) to create visually engaging marketing materials.
  • Document Processing: Use Google Workspace’s AI-powered suggestions alongside Gemini for better productivity in Sheets and Docs.
  • Workflow Automation: Use free automation platforms like Zapier’s Free Plan or IFTTT to integrate AI insights into existing business workflows.

Step 5: Upskill Your Team with Free Resources

Learning how to use these tools effectively is key to success:

  • Free Online Tutorials: Platforms like YouTube and Coursera offer free courses on using AI tools like ChatGPT and Google Workspace.
  • Communities and Forums: Join groups on Reddit (e.g., r/smallbusiness) or Google Workspace communities to learn from others.

Encouraging team members to explore these resources ensures that everyone can contribute to leveraging AI effectively.

Step 6: Incorporate Manual Efforts Strategically

Even with free tools, manual intervention can enhance outcomes by adding context, precision, or creativity to AI-generated results.

Example Workflow for Combining AI and Manual Efforts:

  1. Use Google Gemini to extract insights from a customer feedback survey, such as recurring complaints or suggestions.
  2. Manually organize these insights into categories (e.g., product quality, customer service) to identify actionable patterns.
  3. Draft solutions or improvements tailored to these categories, ensuring they align with the company’s goals.

This process combines the speed of AI with the nuance of human understanding, delivering better results for your business.

Step 7: Monitor Free Tool Updates

AI providers frequently update their offerings, which may include enhanced capabilities or more affordable pricing options. For example:

  • Google might expand Gemini’s free document analysis limits.
  • ChatGPT may enhance its free features with more integrations or plugins.

Keeping an eye on these updates ensures businesses can stay ahead without overspending.

Real-World Example

A small bakery faced challenges managing customer inquiries and promoting its seasonal products. Here’s how it used free AI tools:

  1. Customer Service: ChatGPT generated standardized responses to common questions, such as ‘What are today’s specials?’ or ‘Do you offer gluten-free options?’
  2. Marketing: ChatGPT helped generate email templates and social media posts for holiday promotions.
  3. Document Management: Gemini analyzed supplier contracts, helping the owner identify cost-saving opportunities.

By combining AI tools and manual adjustments, the bakery saved time, reduced costs, and increased customer engagement.

Small businesses can leverage AI effectively without significant financial investment. By prioritizing key tasks, starting with free tools like ChatGPT and Google Gemini, and optimizing usage through automation and manual refinement, even budget-conscious companies can gain a competitive edge.

With creativity and strategic planning, AI becomes not just a luxury for large corporations but a practical and accessible tool for small businesses to thrive.

Disclaimer:
I am not affiliated with or financially benefiting from any of the companies, platforms, or tools mentioned in this article, including ChatGPT (OpenAI), Google Gemini, Perplexity AI, Canva, Google Workspace, Zapier, and IFTTT. This article is purely informational and intended to help readers understand and access free or affordable AI and automation tools. No sponsorships, partnerships, or compensation were involved in the creation of this content.

The Cybersecurity Dangers in Everyday Conversations

What if the conversation happening right next to you in the supermarket could be the starting point for a cyberattack on a financial institution?

Yes, you heard it right – in the supermarket!

It just happened to me this afternoon after attending a FinTech event. I was simply minding my own business, waiting in line for some groceries, when a group of young professionals started discussing an app that hasn’t even been released yet. Now, I’m not one to eavesdrop on conversations, but the word app immediately grabbed my attention (since I work in IT).

I noticed their badges clearly displaying the company name and department. They were discussing the app’s features, pointing out some weaknesses and concerns. While it’s always interesting to hear different perspectives on upcoming technology, what struck me was how much sensitive information they were openly discussing in a public space.

Had I been a malicious actor, I could have easily gathered information – company names (via their badges), department roles, app details, and even identifiable data (such as serial numbers, which were visible on the badges) – without them realizing it. In moments like these, it’s a stark reminder of how quickly a seemingly harmless conversation can turn into a potential security risk.

As cybersecurity professionals or enthusiasts, we know that attackers thrive on the smallest bits of information – “ingredients” – that can later be used for more targeted attacks or social engineering. In this case, an open discussion about app details combined with easily identifiable workplace information could give someone the tools needed to attempt a security breach.

It was a harmless conversation… or so it seemed. But the more I listened, the more I realized just how much danger these individuals were exposing themselves to, and how easily I, or anyone else, could exploit that information. In fact, had I wanted to, I could have even started to analyze part of their psychological profile, given the long wait time.

The Dangers of Public Conversations

I want to share my thoughts through this article to remind us all to be vigilant about our surroundings and to consider the consequences of sharing too much information – whether online or in physical spaces like a supermarket.

The Public Vulnerability

It’s easy to forget how much information we’re sharing in public, especially when we’re speaking casually or discussing topics like upcoming projects in our company. Yet, all of these seemingly harmless details can create significant vulnerabilities.

Just think a minute about it, company names, app features, departmental roles – these are all pieces of data that attackers can use to start building a profile. They’re like breadcrumbs leading an attacker directly to their target.

Real-World Implications

Let’s consider this from a real-world perspective. Had I been a hacker, as mentioned, I could’ve gathered crucial data – names, department information, and app specifics – all from an innocent conversation. It doesn’t take much to piece this together and launch a targeted attack, whether through phishing, social engineering, or another method.

Public spaces are rife with opportunities for cyber threats, and most people don’t realize how easy it is to glean this type of information in everyday situations. Even the seemingly innocuous details we overlook can be dangerous when they fall into the wrong hands, for instance when someone gossips about another person.

Link to Social Engineering

Cybercriminals don’t always need sophisticated technology to breach a system. Sometimes, all they need are a few personal details – details that are often freely shared in casual conversations, or gossips. This is the essence of social engineering, where attackers manipulate individuals based on information they’ve gathered, sometimes from a single overheard comment.

The more people reveal in casual interactions, the easier it becomes for hackers to manipulate their way into organizations or systems.

The Psychological Effect: How It Feels to Be ‘That Person’

First-Person Narrative

As I stood there, I experienced a mix of curiosity and disbelief. Here were people, unknowingly sharing sensitive data that could easily be misused. It wasn’t malicious, but it could have had serious consequences. And as I processed it, I couldn’t help but feel a sense of responsibility. What if I was the one to point this out? So, I did – I pointed out to them the responsibility they had towards their clients, who would eventually use that app, whether internally or externally to the financial institution.

It’s moments like these that highlight the true importance of cybersecurity awareness – not just in the office but in everyday life. Even casual conversations can hold critical information that, if left unchecked, can open doors for cybercriminals.

The Awakened Sense of Responsibility

The more I reflected on that moment, the more I realized how crucial it is for individuals to be conscious of their surroundings and the information they share. Cybersecurity isn’t just about firewalls or encryption. It’s also about how we, as individuals, manage and protect the information we share – even when we’re unaware that it could be at risk.

We all have a role to play in keeping our personal and professional data secure. It’s not just about protecting the company’s firewall, rather it’s about protecting the privacy of those we interact with every day.

How to Protect Yourself and Others

Practical Advice

So how can we avoid falling victim to this type of vulnerability? It starts with awareness.

Whenever you’re discussing sensitive information, always consider the context:

  • Could someone overhear you?
  • Are you in a public space where a conversation about an app or your company could be pieced together to gain a clearer picture of your work?

It’s not just about keeping secrets – it’s about being mindful of how much data is exposed in everyday interactions.

Promote a Security-Conscious Culture

We need to encourage a culture where people think twice about their surroundings, even in seemingly innocent environments like grocery stores, coffee shops, or public transportation. It’s easy to assume that our work or personal conversations are only meant for the people involved, but we need to recognize the risks and make sure others are aware too.

Call to Action

As cybersecurity professionals and individuals, we have a responsibility to foster this culture of vigilance. Let’s stop making it easy for hackers to exploit our everyday conversations. Share these tips with colleagues, friends, and family – encourage them to adopt more cautious practices.

Next time you’re in a public space, think twice before discussing company details or personal projects. Be aware of the invisible risks around you.

The Final Thought

The next time you’re standing in line at the supermarket, remember this:

The most dangerous hack might not come from your computer, but from the conversation happening right next to you.

Let’s take these everyday risks seriously and make sure we’re not inadvertently making it easier for cybercriminals to exploit us.

Here is another problem that involves 45 of 50 top banks, a data breach!

https://www.forbes.com/sites/larsdaniel/2024/11/20/global-fintech-giant-finastra-investigating-data-breach

Dormant Malware, the Hidden Threat Lurking in Your Systems

In cybersecurity, malware remains a persistent and growing concern. One of the most dangerous forms of malware is dormant malware, also known as sleeper malware.

This malicious software can remain inactive for extended periods within a system before being activated by cybercriminals, sometimes waiting for months or even years. While there is no precise data on how many systems are infected with dormant malware, certain statistics shed light on the prevalence and potential impact of this hidden threat.

Dormant Malware Prevalence

The term dormant malware refers to malicious programs that are intentionally left inactive, sometimes for months or even years, before being triggered by external, but mainly by internal, conditions – keywords, access to specific files, date events… This form of malware is challenging to detect because it does not show any obvious signs of compromise until activated. Some key data points provide insight into how dormant malware may be affecting systems worldwide:

  • 560,000 new malware samples are detected DAILY, contributing to an already staggering total of over 1 billion known malware programs. Many of these could potentially remain dormant within infected systems, waiting for the right conditions to activate [1], with the staggering cost of an average of US$/EUR 4.5 million per incident.
  • In 2023, the total number of malware attacks worldwide reached an alarming 6+ billion, marking a 10% increase from the previous year [2]. This increase in attacks raises concerns about the growing threat landscape, with dormant malware being a likely factor in many incidents.
  • A particularly concerning statistic is that nearly every second computer in China is infected with malware, with a 47% infection rate that ranks as the highest globally. Many of these infections could involve dormant malware that is lying in wait for activation [1], and it can spill over into systems worldwide, including the West.

Malware knows no borders, much like influenza.

Factors Contributing to Dormant Malware

There are several reasons why malware might remain dormant in a system. Understanding these threats can help organizations strengthen their defenses and detect them more effectively:

  1. Dependency on External Infrastructure: Dormant malware may not activate if it cannot communicate with its command-and-control (C&C) server, which is responsible for sending activation commands. Without this connection, the malware remains inert until the link is re-established [3]. This is my favorite method, ‘air-gapped systems’, but still not safe without certain precautions.
  2. Internal Component Dependency: Many malware families consist of multiple components that must work together to execute their payload. If a critical component is missing, the malware may remain dormant until the necessary components are present or accessible [3], making it undetectable.
  3. Missing/Expected Input: Some malware requires specific inputs or conditions to execute, as mentioned before. Without these triggers, such as certain user actions or system events, the malware stays inactive, posing a potential threat that could go undetected until activation [3].
  4. Broken ‘Packer‘: Malware often uses packers (encryption tools) to evade antivirus detection. If the packer malfunctions or breaks, the malware may fail to unpack and remain dormant, as the broken payload can be replaced or reinitialized when a suitable trigger activates it. [3].

Impact and Detection Challenges

The threat posed by dormant malware is varied. On one hand, its ability to stay hidden for extended periods makes it difficult to detect. On the other hand, when activated, it can cause huge ravages, not only in terms of financial loss but also in exposing individuals’ private lives to the world. Major challenges include:

  • Extended Dwell Times: Cybercriminals often rely on extended dwell times, using these inactive periods to plan their attacks carefully and maximize the damage once the malware is activated. The longer the malware stays dormant, the more time attackers have to refine their strategies [6].
  • Traditional Security Gaps: Traditional perimeter security tools, such as firewalls and antivirus software, may fail to detect dormant malware, allowing it to sit undetected for weeks, months, or even longer. As cybersecurity tools become more sophisticated, so do the methods that malware uses to remain hidden [6].
  • Case Studies of Detection: In Q3 2023, Kaspersky’s security solutions blocked banking malware on the computers of 76,551 unique users. While it’s unclear whether these infections were dormant before activation, this statistic highlights the scope of the problem and the challenges in detecting malware that lies in wait [4].

Why You Should Care About Dormant Malware

Dormant malware is particularly dangerous because systems may appear to be functioning normally while harboring malicious code that can be triggered at any time. Organizations and individuals alike must understand the threat and take proactive measures to protect their data and systems.

How to Defend Against Dormant Malware

To mitigate the risks, it’s critical to implement comprehensive cybersecurity strategies that go beyond traditional defenses:

  • Advanced Detection Tools: Rely on more sophisticated security software that can detect and analyze suspicious activities over extended periods, looking beyond the immediate threat to uncover hidden dangers.
  • Regular Security Audits: Conduct regular security audits to identify any signs of dormant malware and ensure that all components of your system are functioning properly.
  • Employee Training: Educate employees on the risks of malware, including dormant threats. Awareness and vigilance can go a long way in preventing the initial infection that could lead to dormant malware. As I’ve written multiple times, don’t click on any suspicious links – the most prevalent cyberthreat ever, PHISHING.
  • Network Segmentation: Segment networks to limit the spread of dormant malware. If malware does become active, limiting its ability to move through the system can contain the damage. Segment the data from the system !!!

While precise statistics on dormant malware infections are elusive, the data available paints a clear picture:

Dormant malware is a growing concern among all companies.

With increasing numbers of malware attacks and the sophistication of these threats, organizations must remain vigilant and employ advanced detection techniques to identify and mitigate dormant malware risks, without forgetting to train your employees. By focusing on both technological solutions and user education, we can reduce the chances of becoming the next victim of this hidden threat.

References:

[1] Astra Security, Malware Statistics – https://www.getastra.com/blog/security-audit/malware-statistics/
[2] Statista, Malware Attacks Per Year Worldwide – https://www.statista.com/statistics/873097/malware-attacks-per-year-worldwide/
[3] Tripwire, Four Common Scenarios for Dormant Functionality in Malware – https://www.tripwire.com/state-of-security/four-common-scenarios-for-dormant-functionality-in-malware
[4] Securelist, IT Threat Evolution Q3 2023 – https://securelist.com/it-threat-evolution-q3-2023-non-mobile-statistics/111228/
[5] Statista, Malware Overview – https://www.statista.com/topics/8338/malware/
[6] Node4, Why Ransomware Hides in Your Systems for Months – https://node4.co.uk/blog/why-ransomware-now-hides-in-your-systems-for-months/
[7] Gabsten, Dormant Malware: Beware the Lurking Threat to Your Data – https://www.gabsten.co.za/2024/01/19/dormant-malware-beware-the-lurking-threat-to-your-data/

How to Recognize Phishing Emails and Hidden Links

Just one simple email can halt all the production in your company, potentially causing the loss of millions of EUR/US$ per day – that’s serious!

Phishing attacks, generally via email also via SMS, one of the oldest and most effective forms of cyberattack, are becoming increasingly sophisticated. Even experienced users, including cybersecurity experts, can be tricked. Why is that?

In today’s criminal landscape, some rogue organizations or governments employ psychologists and psychiatrists to craft highly convincing emails and links, and even create mock identical websites that mimic your company’s website.

For many, identifying phishing emails – especially those with hidden or deceptive links, often through text or a button – can be challenging. This article provides a quick guide and an example on how to spot these threats:

Phishing or not a phishing email

1. Start at the top: Look for Suspicious Sender Information

Phishing emails often come from addresses that seem familiar but have subtle anomalies. Always check the sender’s email carefully:
• Misspelled company names.
• Generic email domains like @gmail.com instead of company-specific domains, as legitimate companies should use their own domain.
• “Undisclosed recipients” or other oddities in the recipient field.

2. Examine the Email Content for Urgency or Threats

Phishing emails often create a false sense of urgency, for instance “Your account will be locked or suspended!”. Legitimate companies don’t pressure users this way. If the message seems too urgent or threatening, be skeptical and call the sender directly – taking a few minutes to verify can save you much more time in the long run, and possibly even prevent legal issues.

3. Hover Over Links Without Clicking

A key sign of phishing emails is the presence of misleading links. Hover your mouse pointer over any link (without clicking) to check where it actually leads – a bubble will pop up with the address or appears in the status bar – see picture (look at the beginning, the domain name “example.com”, and not the rest behind). Look for:
• Discrepancies between the visible link and its destination.
• Misspelled domain names or extra characters in the URL.
• Shortened links, which are often used to disguise malicious destinations.
• If your web browser’s security is disabled, check for the “https://” (see picture) prefix in the URL to ensure the connection is secure.

Check thoroughly the email
Check thoroughly the email!

4. Look for Generic Greetings

Phishing emails often use generic phrases like “Dear Customer” or “Hello Dear” instead of addressing you by name. Genuine emails from companies you’ve dealt with will usually address you by your full name or username.

5. Verify with the Source Directly

If an email asks you to take immediate action (e.g., reset your password, make a payment), go directly to the company’s official website or contact their support team by phone. Never trust the links in the email itself.

6. Check for Spelling and Grammar Errors

Many phishing emails are poorly written, with awkward phrasing, missing punctuation, or spelling mistakes. Legitimate companies usually proofread their emails carefully. In case of doubt, call the sender directly to confirm (sometimes the official language isn’t the sender’s mother tongue).

Conclusion

Recognizing phishing emails requires vigilance, but by following these simple steps, you can protect yourself from falling victim to these types of attacks.
Don’t dismiss the narratives like, “he (she) is overdramatic…”. It’s better to be a bit overdramatic than to be sorry afterward.
When in doubt, don’t click any links, and always verify through official channels.

New Threats!

There’s now a new threat – although not entirely new but making a comeback – called snail mail (physical mail) phishing or scams:

Some months ago, I received a “letter” claiming to be from my bank. How did I recognize it as a scam? As simple as it was, the stamp! Everything else about the letter was identical to the official correspondence my bank typically sends. This highlights the importance of scrutinizing even traditional communication channels, as scammers are increasingly adept at mimicking legitimate mail, telephone calls, and messaging.

As a side note, I don’t even use traditional telephone calls for secure or highly private communications, instead, I rely on one of the most secure messaging apps.

But this is a topic for a future article!