I need to explain to you about the Facebook Highlight Tag. It’s being used right now in a viral post, and you don’t need to be a part of it.
Numerous posts right now are urging people to use the @Highlight tag in the comments or on their own posts, to find out who is watching their Facebook profile. But this is not true.
For anyone who follows these instructions, they will invoke the @Highlight tag, and that simply sends a notification to some or all of your FB friends. The notification pops up on each of their computers/devices, and leads them to wherever you placed that tag.
It’s a needless annoyance and accomplishes nothing. You should only use the Facebook Highlight Tag on something important, something you think all of your Facebook friends should be drawn to see and read. They don’t need to see your comment on someone else’s silly post. If you see this sort of thing on Facebook, just ignore it.
Google is taking a more visible stand against those who would block their ads on YouTube. Many people are meeting with special notices as they visit YouTube, if Google detects any kind of ad-blocking going on. The battle of YouTube vs. Ad Blockers may evolve further, but I’ll explain what I can, for right now.
Ad-Blocking Technology
I’ve been strongly recommending ad-blocking for a long time now. Most of the malware, adware and scams that I help people with are attributable to some ad or pop-up that they encountered. And most of those malicious ads come from normal, trusted websites, or appear at the top of ordinary, everyday search queries. I generally prescribe a free ad blocker in each person’s primary web browser, and I consider it their second-level of protection (their antivirus being the first).
Most ad blockers install right into the browser, as an extension. Many ad blockers are offered for free, although some offer a paid/premium option, if you want to support them monetarily. Also, some browsers come with ad-blocking already built-in (Brave browser, Opera browser). Also be aware that some protection-extensions, like MalwareBytes Browser Guard, strive to suppress ads as they guard over you.
I’m mentioning three avenues of ad-blocking explicitly, because any one of them can trigger warnings from YouTube:
YouTube’s New Warning Notices
If your browser is suppressing advertisements, you are likely to see this kind of warning as you use YouTube:
You can close it and continue. If you do, expect to eventually see another warning:
If you keep ignoring Google’s messages, then you will probably find that YouTube.com stops working for you.
I should also mention that defying Google’s edict on ad blockers could also result in this pop-up:
Widevine is a type of DRM software, and will help Google “fingerprint” your machine, so they can control more of what you do on YouTube. I do not recommend that anyone install this, if asked.
Do’s and Don’t’s
I hear a lot of grumblings from people over these notices, and sympathize with everyone. Ad blockers are a way of internet life, and they keep people safe. Forcing people to watch ads when they don’t want to is going to cause some people to take action, to “go off the reservation”. We need to discuss your options. Before you react, let’s go over your good and bad options:
Bad Idea: Ignore the messages and carry on with blocking ads. You’ll eventually hit a wall with Google, and be unable to play a YouTube video.
Good Idea: Allow ads on YouTube. Click on your ad blocker while on the YouTube website, and unblock YouTube.com. Your ad blocker will continue to block ads everywhere else you go, just not on YouTube. Please know that while many ads lead to danger, the advertisements on YouTube are well-vetted and not going to infect your system.
Protip: Return to your ad blocker a couple of weeks later and turn it back on for YouTube, as a test. Sometimes, silent updates will improve your ad blocker, so that it no longer triggers the YouTube warnings.
Bad Idea: Install some kind of script or advanced browser code to block ads, using TamperMonkey or scripting extensions. I suspect that YouTube will catch you on this, if not now, then soon. I worry that if Google catches you playing this game, they could ban you from YouTube or take more serious action against you and your Google account.
Good Idea: Consider paying for YouTube Premium. If you are a paying member, ads go away. You can also stream music and enjoy other perks with YouTube, under their premium plan. Check out the prices and details here.
Other Ideas (YMMV):
Try using a different browser, just for YouTube viewing. I’ve tested various browsers, and found that ad-blocking may still work well in Firefox (with AdBlockPlus or uBlock Origin) and also in the Opera browser.
Watch YouTube videos in Incognito/InPrivate browser windows. Note that you may need to adjust your ad blocker to run in these private browser modes.
Experiment with using a VPN. I don’t fully endorse this strategy, but it is possible that it could help. If YouTube sees you viewing videos from another country, it might respond to your ad-blocking differently. But I don’t fully endorse this tactic. It’s probably safe enough. But I say: if you’re willing to spend money to not see ads, I’d sooner spend that money on YouTube Premium than I would for a VPN.
Wi-Fi Calling is a commonplace function, built into most smartphones by now. But as ubiquitous as it is, I still meet people unfamiliar with it, or suffering without it. So here’s all you need to know about Wi-Fi Calling:
The Basics
Wi-Fi Calling (rarely called Voice over Wi-Fi calling or VoWiFi) is another service that allows your cellphone to make or receive phonecalls. And also text messages! Whether you have an iPhone or an Android, this feature is probably already running, inside your device.
Normally, your phone would connect a call over the cellular network, using the local cell towers. But when that cellular signal is weak or lost, Wi-Fi Calling can take over. Your call/text will still happen, but it will travel over the internet, through your local Wi-Fi network, instead.
Wi-Fi Calling is typically free and included with whatever calling plan you’ve purchased with your cellular provider.
Where Is It Useful?
They say that “Home is Where the Wi-Fi Is” but Wi-Fi Calling isn’t just for when you’re inside your house. It can help your phone work better wherever you go and the cellular reception is lacking:
Vacation at a remote location
Working in a densely built, cinderblock basement
Walking through a parking garage/warehouse/convention center
If you can connect your phone to any working wireless network, Wi-Fi Calling kicks in and you’ll have uninterrupted service. The calls and texts will flow! So, as you travel, you may want to connect your phone to every Wi-Fi network accessible to you. The public Wi-Fi at the library. The free Wi-Fi at Costco. The municipal Wi-Fi at the downtown walking mall. The hospital’s Wi-Fi.
This feature may also help you avoid international calling charges (but check with your carrier before you travel and rely on that). And, if you have a very-limited data plan, Wi-Fi Calling may also help you avoid extra charges for data usage. Calls and texts that travel over Wi-Fi Calling should not count towards your data consumption!
Finding This on Your Phone
You do not need to install any extra apps or software for this to work. It’s already inside your smartphone’s OS. But I want you to know how to find this on your phone, just to verify that it is Enabled/On. Plus, if you ever have any trouble with your Wi-Fi Calling, your first troubleshooting step should be: Find this setting, and turn it off and on again.
Use any of the following links for steps and info on where to find it:
If you have a smartphone, but cannot find this feature on your phone, call your carrier to ask about it! It cannot be used on really old phones (or flip-phones). But if this is missing from your modern smartphone, it could be that the carrier didn’t activate it for you from their end. That’s usually a quick fix, after a call in to customer support
Here’s a (hopefully? for a while?) final run-down on recurring Facebook scams I’m seeing out there. Don’t fall for any of these, please!
Celebrity Impersonation Pages
Johnny Depp is not going to private-message you on Facebook. Lori Loughlin will not respond to your comments and Likes. Margot Robbie would never send you a Friend request. Celebrities live in a different world than us and have handlers and layers of protection that separate us from them. If an ultra-famous person on Facebook is giving you explicit attention or asking you for things, please suspect a scam. You are almost certainly dealing with a con artist.
Creepers in the Comments
This should be a no-brainer, but I have to mention it. There arelurkers & creepers on Facebook and they manifest unexpectedly in the comments of Reviews and Public Posts.
Don’t ever respond to these characters. Block them or report their comments, but don’t initiate any contact. They’re just looking to start a private conversation, and try to take advantage of you after that begins.
Puppy Adoptions
Legitimate people will try to adopt out their puppies or other baby animals. And then there’s the scammers:
These scams can often be spotted with ease. The scammer will be out-of-the-area, or pressure you for a down payment before seeing the animals. As with most internet offers, don’t hand over money before seeing firsthand what’s for sale.
Much like the duct cleaning offers, you might actually get your car cleaned through one of these posts. But you’re not dealing with a local company. If you comment on one of these posts, someone from Pakistan, using a sock puppet account, will contact you to schedule your car detailing. S/he will send some unknown person to your house to “take care” of your car.
That person may actually clean your car, or not. If anything suspicious or illegal occurs, that person is going to vanish. The individual from Pakistan will block you. And you will have no one to hold accountable, the police will be unable to assist. It’s best to report these posts and find a truly local company to clean your car for you. Shop local!
Bargain Offers for TV Streaming
I’ll be breaking this out into a separate, detailed post soon, but for now, watch out for this nonsense:
Avoid these offers, as they are too good to be true. If these were legitimate, everyone would be flocking to them, and no one would ever pay for cable TV again. People who have a go at this type of streaming might actually get to watch some of their favorite shows. But the service will be spotty. The support will be non-existent. And then suddenly, the law will catch up to the copyright infringers at the top. Suddenly, the streaming service will wink out of existence as the top executives quit the country with whatever money they still have. Spoiler alert: these companies are not paying for or obtaining licenses for the shows they allow you to stream. That’s IP theft!
Facebook Account Help
If you’ve ever been locked out of your Facebook account, you know then how decidedly unhelpful Facebook is. You cannot call Facebook for help. They don’t offer any email or chat support. It’s just crickets and tumbleweed. This creates a perfect void for the scammers to fill:
Cybercriminals have crawled all over Facebook and other social media sites, creating posts, comments and even Group Pages, promising to help recover lost Facebook accounts. And anyone who comes to them for help? These bad guys will take whatever they can: your money, your Facebook account, your email and its password, and more.
These dreadful people are also constantly scanning public posts and comments for anyone looking for this kind of help. Sometimes, they will just pop up and comment back on people’s comments, promoting fake-help scammers on Instagram.
If you’ve lost access to your Facebook, check out what I’ve written on this blog post, or head straight to the legitimate Facebook article on this topic. You’re welcome to reach out to me for further advice. But please: Avoid or ignore any strangers that claim to have magic recovery powers. They don’t.
That’s not a typo. The title is not missing an ‘S’. Quishing is a new term, made by combining “QR code” and “phishing”. Like smishing, it’s yet another deceptive practice that scammers are using to take advantage of people. Here’s what you need to know, to be safe out there:
QR Codes
this is not a quish, my QR code is safe to use!
QR (quick response) Codes are those delightful Bladerunner-esque hieroglyphics that you see on windows and doors of businesses. Scan a QR code, and it will quickly take you to a website, an app download, or some other useful internet function. And as society gets more comfortable with using them, they’re coming into play in many more places:
Restaurants, for viewing menus
Parking meters, for instant/electronic payments
Hospitals, for health app downloads
Storefronts, for advertising/promotional offers
Malls and public space, for connecting to free municipal Wi-Fi
Product packaging, for access to nutrition/safety info
I’ve previously blogged about using your camera on QR codes, and also how easy it is to make your own QR code, for free. Well, as QR codes become more commonplace, scammers are looking for their angle. These opportunists are finding it handy to use QR codes as they phish, because a QR code hides the URL or true intent from the human eye.
Where Quishing Occurs
Quishing is when a bad guy creates a QR code of his own, and places it somewhere (often in public), to get unsuspecting people to scan it. Since a QR code can link to anywhere on the internet, a quish could lead your phone to:
a phishing (impostor) website
a dangerous app download
a bogus Wi-Fi hotspot
malicious sites or advertisements
There’s not a lot of data yet on how common quishing attacks are, but there are reports of specific incidents out there. Austin, TX had a scam last year, where a quisher put his own QR code stickers on their parking meters. When people scanned those bad codes, they were taken to a fraudulent app that tricked them into paying the quisher. Another BBB article references where a student received a bogus financial aid letter in the mail. The printed QR code linked to a phishing website, bent on stealing his money.
Besides quishing stickers appearing in public, unsafe QR codes are also being used in phishing emails. These messages present as if your account needs attention and that you can scan the included QR code to sign in. But scanning that QR code leads the victim to a convincing fake website that asks for your email and password. Someone tricked in this manner will deliver their login info directly to cybercriminals.
Don’t Panic. Quishing, while dangerous, is probably not going to shanghai if you remain mindful as you use QR codes.
Before scanning a QR sticker, judge it for legitimacy. Does it look clean and professional? Is there anything sloppy or suspicious about it? If so, trust your gut and look for a URL to type in or some other way to access the info/website/function. Or ask a legitimate employee about the QR code.
After scanning a QR code, confirm that you are where you expected to be. If you’re in a bakery, scanning a QR code for a chance to win a free cheesecake, you should be alarmed if instead you see an ad for dating hot singles in your area. If any weird pop-ups or downloads jump onto your screen, do not cooperate with them. Close those apps, or reboot your phone to get away from them!
Notice the URL of any website that comes up from a QR code. Does it match what you expected? Scanning a code at Starbucks should take you to a URL with “starbucks.com” in it, not “starb-buckss.tw”.
Do not sign-in to any unexpected password prompts, after using a QR code. Only enter sensitive information if you are 100% certain of the QR code’s trustworthiness. Double-check with anyone in authority where the code is posted, for peace of mind.
Consumer Reports has developed a new free app called Permission Slip. They made this tool to help the average person understand where their personal data is collected and sold, and take back some control over that information.
To use this app, you do have to sign up and hand over your personal info. CR promises to not sell it or abuse it. You’ll also have to legally agree Consumer Reports can act as your “authorized agent”. It’s some serious stuff, but they ask for this so that they can advocate on your behalf.
What This App Offers
If you cooperate and agree to the app’s requirements, you can then:
Review numerous big companies and understand what personal data they are collecting and selling.
Have Consumer Reports send an official letter (on your behalf) to any of these companies, telling them Do Not Sell My Data.
Use an easy Delete My Account function, so that the company gets rid of any and all data they have about you.
You could do these sorts of things yourself. You could visit company websites, one at a time, comb through their pages and processes for the correct forms to fill out (most companies make this deliberately difficult). Permission Slip streamlines all of that nonsense for you. Once you’ve got the app up and running, it is quick and easy to browse the companies, telling each one in turn to not sell your data.
Also, amongst the recognizable companies, you’ll notice a few data brokers, like Merkle. When you spot one of them, definitely order them stop selling your data!
Caveats
Permission Slip is relatively new, so its full benefit has yet to be realized. And when you ask a company to not sell their data, they may or may not comply. But I still think this tool is worth a try, as it is offered by a trustworthy nonprofit company, and using it sends a message to these companies that are profiting off of our personal data.
Also, you might feel a bit of schadenfreude when you realize that these big companies are suddenly having to deal with millions of privacy requests.
I’ve posted recently about several scams on Facebook; here are some more! Since Meta is so negligent at policing its platforms, bad actors and their schemes thrive on their social media platform. I may often have some new everyday Facebook scams to tell you about.
Catalytic Converter Theft
If you see post about catalytic converter theft, be suspicious. They’ll have some interesting photos but no real details about the crime or who to contact. They just want you to Share the post and boost the signal.
But don’t do it! Don’t Like the post, don’t Share it. There’s no real scam to these posts, but that comes later. These posts serve as gullibility checks. The scammers watch and notice who is spreading their nonsense info, and may PM those people later with targeted scams.
Giving Away a MacBook
This is the same plan as when the scammer tries to give away a PS5. They’ll privately message you and ask you to cover their Fedex shipping costs. If you pay that, they’ll disappear with the money and you’ll then learn that there is no such thing as a free MacBook.
Amazon Work from Home Opportunities
Amazon does offer a lot of job opportunities, and some of them are work-from-home. But you won’t find them in posts that look like these:
These posts are not associated with Amazon in any way. They often direct you to click on a Google Sites URL, which would take you to a scammy site that tries to collect all of your PII. Don’t click the links! Don’t fill out any forms on these sites! You won’t get a job, but you will become inundated with spam email and junk postal mail and other scammy offers.
I think most people know by now that these things are suspicious. But since they remain pervasive, I thought I should remind you to beware these nameless duct cleaning offers.
I’ve written at length on how these things work, but in short: The poster is in Pakistan, ready to take your info. He will schedule your duct cleaning with a mystery person in your region, and collect a commission. An unlicensed worker will come to your house and perform some kind of duct cleaning procedure. But the work may be lousy, or the bill may turn out higher than what was agreed upon. Play it safe and hire a local, licensed company for this type of work.
RV & Tiny Home Giveaways
This is another one that I’ve gone over, but deserves a mention since they are still commonplace. These posts claim that there was a lottery for a free RV or other small home, and the winner did not claim the prize! They offer the chance for someone else to step up and be a winner.
This scam presses people to Share, Share, Share their post, but please don’t do that. Don’t help the scammer get this rubbish in front of more faces. And don’t Like the post or Message the poster. They’ll just tell you that you’ve won the prize, and then try to collect a “transport fee” from you. And then, they’ll ghost you.
More Telltale Signs of a Facebook Scam
The poster Likes their own post.
The first comment is also from the poster, urging you to message them or click a URL.
The language seems off, for example: “Kindly check your private messaging.”
They ask you to text them, email them or otherwise go off-platform (away from Facebook messages).
They claim they are licensed, but won’t produce a license number or other hard details for you to verify.
Google does a whole lot to protect us as we surf the web. They study web activity the world over, analyze traffic and trends, and then use that info to protect us from harmful sites. They call this service “Safe Browsing”, and it comes built into the Chrome browser and other Google products. If you’ve ever seen a scary red screen from Google, that was Safe Browsing, stepping in to save you from harm:
Levels of Protection
But Google offers different levels of Safe Browsing protection. You should know a little more about them and choose one that feels best for you.
Enhanced Safe Browsing
Standard Safe Browsing
No Protection
Enhanced Safe Browsing is the highest level of protection you can choose in your browser/Google account. But it involves allowing Google to see more of your browsing activity, in real-time, as you surf the web. I use this option myself, but if you have privacy concerns, you may prefer to remain at the Standard level.
Standard Safe Browsing is still a good level of protection. Google will help warn you about phishing websites and malicious downloads, as you use the internet.
No Protection is not to be used. Please don’t opt for this. I suspect it is only there for development and testing purposes. Unless you a tech professional and know what you are doing, ignore this option.
Where to Check Safe Browsing Settings
On a computer, open Google Chrome and go to the 3-dots button in the upper-right corner. Click Settings, then click Privacy and Security (on the left), then click Security (in the middle). You’ll see this sort of screen, where you may adjust your protection:
On a mobile device, the steps are very similar: Open Google Chrome and go to the 3-dots button in the upper-right corner. Tap Settings, then click Privacy and Security, then scroll down to Security and tap Safe Browsing.
You can also turn on Enhanced Browsing for your entire Google account, if you have one. This extends your protection into other apps and services you may use with Google, and may also alert you if Google notices your info in data breaches. This link should take you directly to the relevant panel in your Google account.
Final Tidbits
If you check or change this setting, please review it on all of your devices and computers. In my experience, setting it on one device does not automatically carry over to others.
Most browsers offer extra protection in this way, and many use Google’s Safe Browsing service, albeit under a different label. You can open a different browser and go into its Settings -> Security panel to see what’s offered.
I generally recommend setting this browser protection to its maximum level. I see a lot of infected computers in my daily work, and I do suspect that some of the malware I remove might’ve been stopped by stricter browser security.
If you ever want to check a specific site against Google’s Safe Browsing list, go to this page and paste in any URL you want. It’ll tell you if they think the site is safe or a phishing hazard. And if you have found a dangerous site that you wish to report to Google, submit the URL at this page.
Did you know that computers offer on-screen keyboards, similar to mobile devices? They are rarely useful, since the physical keyboard is far easier to type with. But you should know where to find the on-screen keyboard on your computer. You might someday find yourself in a jam, and suddenly need it!
How To Activate
Activating the on-screen keyboard is different for each type of computer.
Microsoft describes how to open the On-Screen Keyboard at this site. But there are others ways to bring it up. If you are at the Windows login screen, you can click the Ease of Access icon to the lower-right and then click On-Screen Keyboard. You may also press WIN + R and enter “osk” in the Open field.
Once this on-screen keyboard is open, you are welcome to click on any key you see, and get the same effect as if you touched the physical keyboard’s key.
Possible Uses
The original intent behind the on-screen keyboard is to help offer a different way of typing, in case it makes the computer more usable and accessible. Let’s say you find yourself in an arm-cast — mouse-clicking might be preferable while you heal up. But consider the on-screen keyboard also as a tool for troubleshooting:
If your physical keyboard is typing erratically, or missing keystrokes, open the On-Screen Keyboard and test with it. The results might help you figure out if you have a defective physical keyboard or a systemwide problem.
What about when your wireless keyboard depletes its batteries? You’ll be hard-pressed to log in with your PIN or password, if you’re out of AAA’s. The on-screen keyboard will help you get back into your computer and you can go buy more batteries later.
Your on-screen keyboard may help you find a hard-to-find key that you want to press. It may even offer you keys that your keyboard lacks! Example: the Scroll Lock function on my laptop was disabled. I could not turn it back on, because I had no Scroll Lock key on my laptop. But I could press that key in the on-screen keyboard and fix my situation!
Caller ID spoofing, or phone number spoofing, is important to understand. If you’re not familiar with this practice, let me explain:
Caller ID Is Fallible
When you receive a phone call, most phones display some identification about the inbound call. You may see:
First Name, Last Name, Area Code and Phone Number
Business Name, Area Code and Phone Number
Private
Unknown Caller
You need to know: The info shown on your Caller ID can be altered. Both the number and the name on your Caller ID display could be inaccurate or untrue. It is easy and often free for someone to change (spoof) their Caller ID info.
Legality
Phone call spoofing, as a practice, is legal in our country. But using spoofing to defraud or cause harm is illegal. If this gives you some pause, if you’re wondering why spoofing is legal at all, consider some possible legitimate uses:
Law enforcement may need to alter their identity as they investigate crimes.
Collections agents might spoof their Caller ID info so that a debtor won’t avoid their calls.
A doctor or counselor may spoof their number when calling a patient to maintain a crucial level of privacy.
Friends might use Caller ID spoofing for pranking each other, without causing harm.
Scammers!
Of course, the main point of this post is to talk about scams, and make you alert to them. Scammers love to use Caller ID spoofing when they call their potential victims. They know that people tend to believe what they read, especially when it flashes by quickly. Robocallers and spammers also use phone spoofing, but the biggest danger is from scams like these:
Caller ID shows the name of a US Court System or the IRS, and the caller says you need to pay off your fine/charges now, or be incarcerated.
Apple/Microsoft/Amazon/Facebook Support shows on the Caller ID, and a robocall tells you that your account has had suspicious activity on it. Press 1 to be connected to an agent who will help (steal) your account.
Your bank shows on the Caller ID, and they are calling to reset your PIN and password, as someone has tried to hack into your accounts.
To be absolutely clear, the above examples are scams. The IRS, Microsoft, your bank, etc. are NOT going to call you for account changes or payments. Please hang up if you ever answer a call like these!
Scams of all kinds use spoofing to make their calls show the same area code and exchange as your number. This is called Neighbor Spoofing. They make their number look very close to your number, so that you think it is someone local to you and might answer more quickly.
It is also possible for someone to spoof your exact phone number. This can be done to confuse you and get you to answer. But it can also be done to deflect blame to you. If you ever get angry calls from other people, telling you to stop with the spam calls, understand that a bad actor may be using your number in their spoofing scheme.
How to Defend Against Call Spoofing
You’re doing it right now. Maintaining awareness that Caller ID is not to be trusted is the best defense against Caller ID spoofing. After that, you can consider some extra tactics:
Talk to your phone provider and see if they offer/recommend any particular call screening options or apps with spoofing protection.
