A local PTO just received the invoice pictured below. They recognized this as a scam but I worry that it could fool some people. So let’s get familiar with this: This invoice was faxed to a local public school, and then handed over to the PTO members. It looks like a legitimate invoice, but: Invoice … Read more
Many people are finding my 2025 blog post, detailing how ScreenConnect is used in scams. I’m glad to hear how it helps people figure things out and free their computers of this particular problem. Since that writing, I’ve seen an increase in the abuse of this remote access program. I intend for this blog post … Read more
An esteemed client sent me the latest example of Shentel Webmail phishing this evening. I thought I would share the details, as I have many times before, but I later uncovered a phishing motherlode behind the fake Shentel website… A Phishing Email It typically starts with an email like this: It’s pretty standard fare, here. … Read more
Apple Account Update phishing emails are everywhere today! If you receive the email (shown below), please know that it is a phishing attempt and a fake. There has been no update; there were no charges to your card. Do not call the phone number in the message, and just delete the email! I can understand … Read more
I’m seeing phishing emails that look like friendly ecards, and this post is your heads-up on what to look out for. These phishes resemble the Email-Invitation scams that have been circulating for awhile now. Today, I’ll focus on this Blue Mountain eCard phishing example: This scammy email looks very similar to the real deal. But … Read more
Here’s an unexpected scenario for you to think about: While sitting quietly at home, your doorbell rings. A couple of strangers are darkening your doorstep and they claim that they’re tracking down their lost iPhone and it is pinging from inside your house. They hold up their device to show you a map with a … Read more
The latest phish to go around arrives in your inbox as a Microsoft Azure Alert: This email is quite convincing. The sender’s address truly is from a Microsoft.com domain, so it is likely to skirt your spam filter. It uses real Microsoft graphics and links. The language is fairly clean. There’s a lot of truthiness … Read more
We have a growing problem in 2026 with Account Takeover Fraud. Account Takeover (ATO) fraud is when a bad actor logs into someone else’s online account, and changes all of the login/security information. This locks out the true owner of the account, and gives the the criminal power to do anything s/he wants with it. … Read more
I’m sorry for the clunky title, but this nasty business is hard to name. The Outlook Reappearing-Scam-Email Hack is really troublesome, and only seems to affect Microsoft-based email addresses (often ending in Outlook/Live/Hotmail.com). And that’s because the hackers are using some unique Microsoft weaknesses with this hijack. I can’t fully explain their techniques yet, but … Read more
Docusign is a legitimate company that we may use to electronically submit signatures on documents. It’s quick and convenient and just as legally binding as ink on paper. You’ll probably encounter Docusign when finishing out a mortgage or working with a CPA to prepare your taxes. And also in Docusign Phishing emails… As phishing goes, … Read more