Author: Jesse Mueller (Page 1 of 42)

23andMe Worries

When 23andMe went public in 2021, it was a big deal. The popularity of its genetic tests carried the company to a valuation of US$6 billion. But in recent times, some dramatic changes have occured with its leadership and finances, and now 23andMe is worth very little. This leads to some worries about the future of 23andMe. Specifically, customers are concerned about what will happen to their DNA data.

I am sorry to say that I have very few answers for you. No one knows what their future holds. Will 23andMe rescue themselves from their financial jam? Could they fold? Will they be bought up by another company? If you’ve paid for a 23andMe DNA test, your genetic data is entwined in what comes next.

The CEO has recently said that she will no longer consider selling the company. But I’m not sure how assured we should be. They are not promising anything about our data, other than to keep it secure. And considering their 2023 data breach, that promise has limited value. If you have patronized 23andMe, please understand that HIPAA does not apply to their company or operations.

If you have 23andMe worries, here are a few things for you to consider:

Read the Privacy Statements

23andMe allows everyone to read their privacy terms on their website. They may or may not give you some assurance about your data.

Download Your Data

For now, you may login to 23andMe and go to this link (you.23andme.com/user) to download all of your data and reports. You may have to enter your birthdate and other confirming info, then you’ll be able to save your info to your hard drive or other storage locations. If 23andMe ceases to exist, at least you’ll have those reports in your possession!

Delete Your Account and Its Data

After downloading and saving one’s genetic info, some people feel the need to sever from 23andMe. If you terminate your account with them, it sounds like they will delete almost all data they have on you. You may “permanently delete your data” from 23andMe at the same page as for downloading your data, above. Once at that page, scroll all the way to the bottom and use the big red button.

23andMe Worries

The Microsoft 365 Renewal Scam, v2.0

This scam has been around for a long time, and when I blogged about it in 2022, I was able to show you how easy it was to recognize. Not so with the latest edition. The Microsoft 365 Renewal Scam, v2.0 is “new & improved”, and much more likely to fool someone.

Here’s what to look out for:

The Microsoft 365 Renewal Scam, v2.0

This phishing attempt is very convincing, and avoids the easy tells of its predecessor. This email uses:

  • proper spelling & grammar
  • the same logo and layout of a legitimate Microsoft email
  • buttons, weblinks & URLs that take you to real Microsoft websites
  • email address ending in “onmicrosoft.com”

I must admit I scratched my head at this one for a minute…

How This Scam Works

Even though the links work, and lead to real Microsoft sites, they will (usually) confound the recipient. Those URLs lead to business-grade Microsoft logins that will not allow you to login with your personal/individual Microsoft credentials. You’ll just get an error, denying you access to their business side.

This is what the scammers want. They want you to futz with the buttons and links, get frustrated and return to their email message. Once you’re aggravated and worried, they’re expecting you to scour the email for other options, at which point, you’ll see the toll-free number as another option.

Do. NOT. Call. The. Number.

Anyone who calls the number is participating in the same old Thank You for your Purchase Scam that’s been around for a decade. That number does not lead to Microsoft. Cybercrooks are waiting by the phone for anyone to dial that number.

And they are ready to tell you outlandish tales about refunding you your money. They’d love to remotely connect to your system to gain access to your bank accounts. But this never ends well. When they get a victim to cooperate, that person is often left with a broken computer and an empty bank account.

In short, if you receive this email, do not respond or cooperate with it. Just move on! Mark it as spam and delete it. And if you need more peace of mind, feel free to go to the consumer-grade Microsoft Office website, to sign in and check your subscription and billing facts. You won’t see any evidence of the fictitious order from the scammer.

One Last Surprise for Kaspersky Users

One Last Surprise for Kaspersky Users

Concerns over the use of Kaspersky Antivirus grew for several years, until our government enacted a full ban on their software in 2024. Here we are, just 4 days from the total shutdown of Kaspersky software on American computers, and there’s one last surprise for Kaspersky users. For anyone still using their antivirus, they may notice a new program on their computers…

Kaspersky has arranged to replace its software with UltraAV. And it is doing so silently and automatically on PCs everywhere. This is causing some concern, as you may imagine. No one wants to come in to their PC and meet with a wholly unfamiliar program, popping up on the desktop and in the taskbar!

Kaspersky claims they’ve notified their users in advance of this change. But I’m not comforted or convinced that this is all on the level. If you are affected by this, I will say: I cannot vouch for this UltraAV software product. I’ve never before encountered it. You do not need it. If it were my computer, I would uninstall any and all Ultra AV product and simply rely on the built-in Microsoft Defender Antivirus.

As soon as you uninstall Ultra AV (or any other antivirus) from a PC, Microsoft Defender Antivirus is already there and turns on automatically. It won’t ask for any money. It stays up-to-date along with everyday Windows Updates. But if you really want another antivirus, I can also mention that most of the antiviruses on this list are legitimate and good at what they do.

Miscellany

If you are running Kaspersky software on an Apple computer, this automatic install should not happen. Kaspersky Antivirus may or may not uninstall on its own, and you will have the choice of downloading UltraAV or some other protection.

I do not intend to disparage the UltraAV product. I strive to promote products only when I am familiar with them and can expect that they will not cause problems for my clients. UltraAV is simply an unknown for me. If you care to learn more about this company, I can give you this cookie-crumb trail to follow: UltraAV is owned by Pango Group in Ponte Vedra, Florida. Pango is an Aura company. Aura’s CEO is Hari Ravichandran.

Hide Your Venmo History

If you use Venmo, I want you to stop and take a moment to check its privacy settings. Your payment activity in Venmo may be visible to the world! I wager that many people would not want that, so I’ll describe how to hide your Venmo history:

You’ll want to pay attention to two settings that cover your past transactions and also your future ones:

In the Venmo App

  • Tap the cogwheel in the upper-right corner
  • Tap Privacy
  • Adjust the Default Privacy Settings, preferably to Private
  • Tap Past Transactions
  • Tap Change All to Private
  • Tap Change to Private to confirm

On the Venmo Website

  • On the left, scroll down to click Settings, then click Privacy
  • On the right, under Future Payments, click Private
  • Under, Past Payments, click Change to Private

Keep in mind that if you have multiple Venmo accounts (personal and business, for example), you’ll want to login to each in turn, and check the settings for both.

Now, I might imagine a scenario where you want your payments to be visible to others. Some content creators or celebrities might actually want that kind of attention. But for the majority of us, I think this is a security and privacy problem. Having your Venmo history out there could lead to undue attention, uncomfortable questions, and worse. For you and those you’ve transacted with.

Hide Your Venmo History
Divorce lawyers love having this kind of evidence in court…

Opt Out of AI?

More and more websites are using your info to train their artificial intelligence. And not everyone wants that. So I am frequently asked: What I can do about it? Am I allowed to opt out of AI?

It depends on the company:

LinkedIn

LinkedIn just opted everyone in to their AI program. Everything you post on LinkedIn will now be used to train their artifical intelligence programs. But they did provide each user with a way to switch it off. If you want to opt out of this, visit this link and turn “Data for Generative AI Improvement” off.

Adobe

Adobe also uses the content you store in their Creative Cloud and Document Cloud spaces to improve their generative AI models. They do not use files stored locally (on your computer). If you want to opt out of their use of your Creative Cloud data, sign in to your account at this Adobe site, and turn off “Content Analysis for product improvement.”

Facebook

Can you opt out of Facebook‘s AI training? In the USA, no, not really. But there is a lot of misinformation circulating about this. Some social media posts (on Facebook, TikTok and more) claim that you can go to a particular Facebook page and submit a request

But those requests amount to nothing, at least for North Americans. In other countries, where there are better consumer protection laws, Facebook may heed those requests. But in the USA, Meta is very clear that they will do whatever they want with our data, so long as it is legally permitted.

Opt Out of AI?

If you do not want your data to train Meta/Facebook’s AI, delete it from the site or don’t post it there in the first place.

Other Sites

Every website may or may not give you a way to opt out of training their AI. If I discover other big-name websites that make it easy to opt out of, I will add the details to this post!

Spotting Fake Facebook Profiles

I am frequently asked on Facebook, “How can you tell?“, when I call out a bogus poster. And there’s no short answer. There are many, many different tells. I’ll try to compile them all here, as a “Guide to Spotting Fake Facebook Profiles.”

Major Giveaways

Does their Facebook URL match their Display Name? A lot of sock puppet accounts are set up with the user’s true name, and they later change the Display Name to something American-sounding. But they forget to go back and change the end of their Facebook URL!

Spotting Fake Facebook Profiles
Spotting Fake Facebook Profiles

They “Like” their own posts and photos. I’m not 100% sure why they do this. Maybe they hope it boosts their credibility? But regular folks on Facebook usually do not Like their own stuff.

Spotting Fake Facebook Profiles

If the profile shows where the person works, be leery of generic employment words. If you see “Works at Clinic Office” or “Self Employed”, that’s a red flag. It’s more common for even a self-employed person to give a specific name for their company!

Does the profile say that it is “locked”? That’s a tell-tale sign that the account was created in another country. Facebook does not allowlocked profiles” in the USA. So, if a Facebook user is claiming to be from somewhere in the 50 states, but their profile shows that it is locked, we have found a lie!

Spotting Fake Facebook Profiles

Also, I often peruse the different people on a suspicious account’s Friend List. Or I consider the other people that are Liking their photos and posts. If a Facebook account claims to be from Wisconsin, but most of their Friends hail from Pakistan, that gives me pause, leads me to dig further…

More Advanced Techniques

Sometimes, a fake Facebook profile is really buttoned up. They’ve hidden their Friends List and all other personal information. Their photos are unremarkable. But click through each part of their profile, to see if anything is shown. Even if they’ve just left one review with their account, it could be a clue:

Looking over that “Vents Cleaning” page, I get the impression that it’s just another scam page for a service referral scheme. These fake accounts often comment and place reviews on each others pages, again, to boost their legitimacy and credibility.

Many bogus Facebook profiles still post a lot of normal looking things on their feeds, like inspirational quotes and cat pictures. It helps them fit in and look normal. But if you scroll through an account and see a lot of Shared posts, where the content is missing, that’s another red flag. That’s a sign that they’ve been promoting a lot of content that Facebook has later nixed, due to it violating their TOS.

Lastly, you should know that the Facebook Search field is your friend. When you see a suspicious name or post, copy that name and/or the first sentence or two of what they typed. Paste it into the search field and see what posts turn up. If you’ve found a scammer, then their name or post is going to show in many other places on Facebook.

Reporting Fake Profiles

Now that you’re feeling more capable of spotting fake Facebook profiles, you should be ready to report any you encounter.

  • Click on the account’s name to visit their profile page.
  • Below the masthead photo, click on the three-dots button to the right.
  • Click Report Profile
  • Click Something about this profile
  • Click Scam, fraud or impersonation
  • Click Impersonation
  • Click Fake profile
  • Click Submit
  • Optional: Click Next and Done

For some profiles (labeled Digital Creators), the steps are a little different:

  • Click on the account’s name to visit their profile page.
  • Below the masthead photo, click on the three-dots button to the right.
  • Click Report Profile
  • Click Fake Profile
  • Click They’re not a real person
  • Click Submit
  • Optional: Click Next and Done

After you report a profile, you’ll get a boilerplate message like this:

And later on, you might receive another message like this:

And I can wrap up this post with surprisingly good news. Facebook is now acting on some of these types of reports. I don’t know what or when they changed, but today, I am noticing that many of the accounts I report are being removed and deleted, often within an hour!

AI-Generated Books

Is there anything that AI can’t do (badly)? I am a bit fascinated and alarmed to notice that AI-generated books are readily found online, available for purchase. If you’re not sure what a book written by AI looks like, here’s what I’ve learned so far:

Amazon, Of Course

Where will you find AI-generated books? Your first hunch would be correct: Amazon. They can be bought as dead-tree editions or as downloads for your e-reader, just like regular books. But they don’t disclose that they were made by AI. Here are some example listings for your consideration:

I’ve checked a few other online bookstores and not found signs of these types of books (yet). I suspect Amazon is the current marketplace for AI-generated books, because they make it so easy for anyone to self-publish and sell written works. And while it appears that authors must disclose AI-generated content to Amazon, I cannot find any mention that consumers must be informed. That means: It’s on you to distinguish books written by humans vs. those written by bots!

Why is This Attention-worthy?

At this time, I don’t want to levy any harsh criticisms on AI. Artifical intelligence can be used for good: to synopsize lengthy works, debug complicated code and even detect cancer earlier. But regarding these books being sold through Amazon, I have misgivings.

AI has a history of making odd mistakes. From recommending glue in a pizza recipe to misspelling “strawberry“, it’s clear that AI has some unexpected limits and flaws. Those who are using AI as a tool should do so mindfully, and be prepared for the occasional oddity.

I don’t presume the “authors” of AI-generated books are being careful or mindful. Rather, this looks like the low-effort work of lazy people looking to make a quick and easy buck. Lazy people typically don’t check their work. They don’t care about the harm that they could cause. Some examples of the damage they can cause are:

A Spotter’s Guide to AI-Generated Books

I imagine I’ll be revisiting and revising this, as these books evolve, but for now, here’s what tips me off to a book that may have been written by an AI:

AI-Generated Books
AI-generated headshot, created at Canva.com for free in under 30 seconds
  • title of book uses the word “Bible” to suggest it contains everything you’ll every need to know
  • volume claims to be “5 books in 1”
  • author’s name cannot be Googled or found elsewhere on the internet
  • author has no photo or uses an AI-generated headshot
  • author bio is extremely vague, vapid and full of soulless buzzwords
  • book previews show lots of AI-generated images, large-print text and wodges of text that seem flavorless and generic
  • no publisher name, or “independently published”

You may use the AI-generated book listings I’ve linked to above as training material. Once you’ve perused those Amazon pages and gotten familiar with the nuances of AI-written works, you’ll probably be able to recognize others in the future.

Also, compare any of those uncanny offerings to a human-written book, from a real-life, talented author. You can verify that an author is legitimate by:

  • Reading the author bio and searching the web to confirm some details
  • Performing a reverse-image search on their bio picture — real authors often reuse their best headshots throughout their digital footprint
  • Finding the author on social media or library websites
  • Shopping for the book on other sites, new or used
  • Finding the publisher of their book, under “See All Details” of the book listing

Final Comments

Remember, you cannot always trust in reviews on Amazon. Certainly, check them out and you may glean some useful information. But many AI-generated book “authors” have gamed the system, and their titles show a lot of manufactured 5-star reviews.

If you think you’ve purchased a book from Amazon that may have been written by AI, you can certainly contact their support agents about it. I don’t see anything in their return policies that addresses this sort of product. But if you chose to seek a refund, using phrases like “failed to disclose AI-generated content” and “deceptive business practices” will go a long way. I doubt they will stop selling an AI-written title, though. Unless you can convince them that it has caused tangible harm.

Many people often urge others to “Shop Local” versus shopping online. In a similar spirit, I hope this post may help some of you to “Shop Human” as opposed to giving money to these shysters and opportunists.

Meta Legal Phishing

Many people are getting a scary type of message right now. It claims to be a legal notice about Walt Disney Studios and copyright infringement. While the email is realistic and scary-looking, I am sure it is a fake. If you receive this Meta Legal Phishing in your inbox, do not cooperate with it!

The Phishing Message

Here is Exhibit A for you to look out for:

Meta Legal Phishing

As phishing scams go, this one is pretty sharp. Only the sender email address is a giveaway, and I realize that some email apps hide that. Many recipients may have little indication, at the start, that this is a fake. The spelling is decent. The logos and signature are accurate. If you hover over the CONTACT US button, the URL preview shows a real Facebook.com address!

Deeper into the Scam

Meta Legal Phishing

The reason that the contact-button shows a real Facebook URL is because it leads to a specific Facebook profile. Scammers have created a new profile page, named it Legal Department, and linked directly to their Messenger Chat function. Anyone who clicks the button will begin a Facebook chat with the scammers. And they are ready to chat with you!

Meta Legal Phishing

Well, “chat” is not the right word. They have various auto-replies set up, and you will get messages that urge you to click other links and “appeal” the scary legal action against you.

I tried chatting with these criminals. Posing as a remorseful and naive Facebook user, I claimed that I regretted my actions and wanted to settle the fine ASAP. Even when I offered to pay whatever it was that I owed, they kept repeating that I was to click their links and buttons to appeal.

If they don’t want money, then what is the goal here? They aim to steal your Facebook account.

Phishing for Your Password

Anyone tricked into clicking the button to Appeal is transported off of Facebook to a dangerous website. At this point, some browsers will pop-up phishing alerts. Others will simply prevent you from loading the page. But if the next page loads, it shows a clever fake that may make you think you are still on a legit site:

After this they ask for your email and other info:

And finally they demand:

Anyone who types info into this window is delivering their Facebook password to cybercrooks. After this happens, they will:

  • Log into the Facebook account, using the provided email and password
  • Change the account password, as well as the primary email and recovery methods
  • Start doing crimes, using the victim’s identity

Facebook offers these steps to follow, if an account has been hacked and stolen. But I must warn: These steps often don’t work, if the criminal inside the account is thorough. Phishing victims often lose their Facebook accounts for good to this sort of scheme.

Dos & Don’ts

Don’t believe in thse emails! Facebook is not going to harass or threaten you with legal action because of Disney IP violations. If anything, they would just remove your post. Facebook/Meta does not have enough staff to police itself or help people recover their lost accounts, so they certainly don’t have the manpower to chase down small infringement matters.

Don’t waste your time contacting the scammers, even to tell them what-for. It’s just not worth it. And remember: Facebook is powered on engagement. That means they may recommend more of the things that you click and comment on. Do you really want Facebook steering you towards other suspicious pages and posts?

Do report this sort of scam, if you are comfortable doing so. You may mark the email as Spam/Junk Mail, if your mail provider allows for that. If a scammer has used FB Messenger to chat you, look to the right side for an option to Report the conversation (this may be hidden under Privacy and Support). If you have visited a scammer’s FB Page, the entire profile can be reported as well, using the 3 dots button under the masthead photo.


Unfortunately, Meta Support is now largely run by AI, so your reports of these scammers may be disregarded. But we should still report these scammers. The hope is that if enough reports come in, Meta will pay better attention and do their job to protect us.

DirecTV Scam – “Receiver Upgrades”

DirecTV Scam - "Receiver Upgrades"

DirecTV subscribers need to beware unexpected calls about upgrading their receivers. Anyone calling you to upgrade or replace your DirecTV receiver is likely a scammer.

How The Scam Works

A scammer calls and identifies himself as a DirecTV representative. They’ll claim that the DTV receivers in the house urgently need a software update. “We can send a technician to your home to do this upgrade for $300, or I can walk you through it over the phone for only $199.”

Alternatively, the scammer may propose to send you a new receiver unit through the mail. In this scenario, s/he will offer to charge you $480 for the new unit, but mark it down to $200, claiming they “want to do you a favor.” And they may offer to credit your bill $20 for 10 months to offset that fee.

In either case, the scammer is lying. They may have partial access to your DirecTV account, but they are not a company employee. They are spinning a tale, looking to get your money, and once they have it, they will disappear without a trace.

Why This Scam Is Convincing

This scam has a lot going for it, and has the potential to dupe a lot of people.

  • If the scammer learns your DirecTV account PIN, s/he may make changes to your account or add discounts to your billing, to convince the victim they are a capable Dish rep.
  • The scammer on the phone already knows your name, address and your phone number. This info was likely leaked from one of the many data breaches we see in this country.
  • Your CallerID may be spoofed to show “DirecTV” or “AT&T”.
  • They may instruct the victim to press buttons and navigate menus on the DirecTV receiver with a convincing level of accuracy.

Do’s & Don’ts

  • If you find yourself on this kind of call, hang up ASAP. The less you say to the scammer, the better.
  • Never antagonize or berate the caller. Remember: They have your address. These crooks can get hostile and the worst-case scenario could result in you getting swatted.
  • Don’t volunteer any extra info, especially your DirecTV account number or PIN. True DTV representatives won’t ask for this info over the phone.
  • To verify any DirecTV communications, or to report a fraudulent call, contact them at 1-800-531-5000 or chat them up on their website.
  • If you speak with a scammer and feel that they already know too many details about your DTV service, hang up and call the real DirecTV and ask about increasing your account security or changing your PIN and password.

Data Breaches

data breaches

I have a lot of conversations that start with “Did you hear about the big data breach?” My response is typically: “Which one?”, because there are just so many of them. I honestly can’t keep track of all of them. Data breaches are, sadly, common, and there’s very little we can do to prevent them.

What should you do about data breaches, if there’s no prevention? Data breaches lead to account and identity theft, so you are looking to guard against those hazards. Here are the standard recommendations:

  • Keep an eye on your credit reports
  • Freeze your credit with the 3 big credit agencies
  • File your taxes early
  • Watch all revolving accounts for unexpected/mystery charges
  • Consider & discuss the value of credit monitoring services with your bank or financial advisor
  • Avoid password reuse, set a unique password for each and every account
  • Enable 2FA where possible
  • Remain skeptical towards any unexpected emails/phone calls/texts and do not give out personal information if your spidey sense is tingling.

I wish I had more advice, but for now, we just have to hang on. For some perspective, I’ll be listing out (and adding future) noteworthy data breaches below. Note the recent National Public Data breach, as it probably affects every American and involved our addresses and SSNs. At this point, everyone should presume their info is on a list out there on the dark web.

Notable American Data Breaches

Company NameFirst ReportedNumber AffectedRelevant Links
Centers for Medicare & Medicaid SvcsSeptember 20243.1MLink, Link
MC2 DataSeptember 2024100,000Link, Link
ToyotaAugust 2024???Link, Link, Link
National Public DataAugust 20242.9BLink, Link, Link
City of Columbus, OHJuly 2024500,000Link, Link, Link, Link, Link
AT&TJuly 202473MLink, Link, Link
UnitedHealth / Change HealthcareJuly 2024100M?Link, Link, Link
TicketMasterJune 2024560MLink, Link
Advance Auto PartsJune 2024380MLink
Life360 / TileJune 2024450,000Link
Christie’sMay 2024500MLink, Link
Financial Business & Consumer SolutionsApril 202442MLink
DellApril 202449MLink, Link, Link
Virginia Farm BureauFebruary 2024261,187Link, Link
XfinityDecember 202335MLink, Link, Link
Real Estate Wealth NetworkDecember 20231.5BLink, Link
MOVEitJune 202311.3MLink, Link, Link
TwitchOctober 2021???Link, Link, Link
Marriott InternationalNovember 2018500MLink, Link
EquifaxSeptember 2017163MLink

« Older posts

© 2024 BlueScreen Computer

Theme by Anders NorenUp ↑