• 🗒️✅ Your Security Checklist
• 🏆🎖️ Test Your Security Skills
• 📰 Your Weekly Security Update
• 🤨 This Should Be on Your Radar 📡
• 🙈 Security Fail of the Week 👎
• 🍎📱 Security Updates from Apple 🍎

If you take nothing else from this newsletter, do these three things to protect yourself:

1. Use Hide My Email to protect your privacy. The Hide My Email feature allows you to use a dummy email address and prevent advertisers from spamming your inbox.
2. Set up a Recovery Key for your Apple Account. A Recovery Key allows you to regain access to your Apple Account if you ever forget the password.
3. Before installing an app, check what data it collects. When viewing an app in the App Store, you can scroll down to see what data the app will collect after you install it.

In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.

What should you do in the following scenario?

Your uncle is involved in a new long-distance relationship. They’ve never met in person. He’s suddenly excited to tell you about an investment he’s made that’s making tons of money. You begin to suspect he may be the victim of an investment scam. How can you check? 🤔

1. Use people-search sites like whitepages.com, whatsmyname.app, or even ChatGPT to look into his partner.
2. Insist on joining a video call to meet them and pay close attention to the video.
3. Research the investments your uncle has made and try to find information that makes it clear whether they’re legitimate or not.

Scroll to the bottom to see how you did!

Just last week, we recommended that when you need to verify an online contact is a real person and not a scammer’s persona, you should use a video call. Video calls, we said, were hard to fake, even with AI, because it has to be run in real-time. This week, we’re saddened to have to report that real-time deepfake technology is catching up. Scammers can now use genAI to transpose the movements of their face onto a photograph of any person they wish, causing them to appear however they wish in a video call. They use this to pretend to be someone romantically desirable to their intended victim, then use that connection to extract investments in fraudulent cryptocurrency schemes. The videos are still stilted and somewhat error-prone, so there are still mistakes that a wary observer might notice, if you know what to look for. 404media reports, and has a bunch of example videos so you can see how it works and how to identify a scammer.

The Bottom Line: When making new contacts online, a video call is still the best way to verify that they are a real person and not a scammer’s persona, but it is getting more difficult. Consider bringing a friend along to the call, so that a second pair of eyes can also take a look.

US Victims Lost $9.3 Billion to Crypto-Enabled Scams

The FBI has released its 2024 Internet Crime Report. The report details how many complaints the Internet Crime Complaint Center (IC3) received, the amount of money American citizens lost, the age ranges of those who fell for internet scams, the types of scams, and much more. According to the report, cryptocurrency scams (such as those enabled by romance scams described above) appear to have been the most profitable scam from last year, as they resulted in over $9 billion lost. We definitely recommend taking a look if you’re interested in learning more.

The Bottom Line: In response to our last newsletter, we had several subscribers write in to describe their victimization by cryptocurrency investment scams. If you don’t already know someone who is a victim, you likely will soon. Practice due diligence when forming new online connections. Insist on video calls. Beware of niche investments with high returns.

Scam Centers Growing, Despite Massive International Effort

So, where does that 9.3 billion go? In South Asia, particularly Cambodia, Laos, and Myanmar, organized crime syndicates have built massive walled operations centers for executing scams. The workers in those facilities, sometimes numbering in the thousands, are often the victims of kidnapping or human trafficking, forced to work there and execute scams, particularly crypto investment scams enabled by false romantic connections, so-called “pig butchering.” Those scam centers are now a massive industry. China has led a series of efforts to disrupt the operations of these criminal enterprises, but the UN has a new report out warning that it is so far a losing battle: the scam centers are growing and spreading out to Africa and the Pacific islands.

The Bottom Line: As for the last two stories, be very careful about who you trust online. Use video calls to verify identities. Expect more and more innovative scamming strategies until these syndicates are dismantled.

USB Ports at Airports Are Probably Safe (But Keep Your Phone’s OS Up to Date)

Remember “juice jacking?” Juice jacking is an attack where hackers modify public charging stations, such as in malls or airports, to have the USB port infect your phone with malware when you plug it in. It made a big splash a few years ago, with lots of news coverage warning us not to use USB chargers at airports. The funny part is that there are no recorded incidents of juice jacking actually happening, then or now. Still, the potential for attacks can seem alarming, especially since the mitigations that Apple and Google installed have now been bypassed by researchers, who showed that juice jacking is extremely easy with modern devices. Thankfully, Apple and Google have both updated their respective operating systems to protect users from the new form of juice jacking.

The Bottom Line: Always keep your devices up to date. The iOS 18.4 update requires you to enter your passcode before any data transfer can take place, and fixes the new version of the attack. However, out-of-date iPhones and Android phones can both be juice-jacked now, so who knows, we might finally see a case of it actually happening!

Classic Scams Still Work: County Clerk Loses Millions

Staff at the Jefferson Parish Sheriff’s Office in Louisiana fell for a phishing email that requested a change to their banking information. The sheriff’s office, believing the email to be legitimate, complied with the request, resulting in over $1 million being stolen through wire transfers. According to the Louisiana Illuminator, the sheriff’s office has recovered almost $293,000, while there are currently no suspects behind the theft.

The Bottom Line: In this case, the email requesting a change of wire number came from inside the building. The scammers had compromised a county email account and used it to send a legitimate-looking email asking for the change. Multi-factor authentication on the email accounts would have prevented that account’s compromise, and robust verbal checks before making any changes to how money is moved would have prevented the theft.

The FBI Thinks You Should Use an Ad Blocker

A new warning from the FBI’s Internet Crime Complaint Center details what we’ve often described before: scammers take out ads on Google to make sure they control the top paid result, then anyone who clicks on the ad can be sent to a phishing page or directed to download malicious software. It’s not just promoted results in Google searches, either. Across the board, malicious advertising is a scourge. Read the warning here.

The Bottom Line: Our favorite adblocker is NextDNS, though it doesn’t play nicely with every VPN. Many VPN providers, such as NordVPN and SurfShark, have built-in adblockers. A stand-alone option would be Ghostery.

Wisconsin Couple Loses $80K to Crypto Investment Scam

In an example of exactly the sort of scam we were talking about for the first three stories of this week’s newsletter, a Wisconsin couple lost over $80,000 to a crypto investment scam. Scott Johansson says his wife invested $30,000 in cryptocurrency. At least, that’s what she was led to believe after finding out about the investment opportunity through Facebook. After just a few weeks, she was told her money had doubled, so she invested another $25,000, and paid another $30,000 after she was told she would need to pay taxes and fees to withdraw her earnings. Unfortunately, it was only afterward that she discovered the whole thing was a scam.

The Bottom Line: According to the FTC, $5.7 billion was lost to investment scams last year. If you come across an investment offer that seems too good to be true, you’re most likely looking at a scam. Be especially wary of cryptocurrency investments demonstrating high returns.

Remote Work Monitoring Tool Leaks 21 Million Screenshots of Employee Desktops

With the uptick in remote work in recent years, some companies, instead of trusting their employees to get their work done, have turned to monitoring software to track their every click. This type of software would be called spyware if it were being used outside of a professional setting, which one company has proven true after suffering a massive data breach. The app, WorkComposer, logs activity and takes screenshots of the computer screen while working. Turns out, a misconfiguration in the monitoring software sent 21 million screenshots of employees’ screens, containing sensitive logins, email inboxes, internal messages, and more, all to sit exposed on an unsecured server. Cybernews also reports that this is not the first time employee monitoring software has leaked screenshots. Perhaps security is a small price to pay to make sure employees are working?

The Bottom Line: Any software that monitors everything you do for your boss could also become a security liability if the data it collects is not secured. It’s often said that when you lose your privacy, you are likely to lose your security soon after. There are plenty of legitimate reasons to need to monitor what happens on a sensitive computer, for example, on a network dealing with classified materials, but any system with extraordinary visibility needs extraordinary security as well.

Everything you need to know about Apple’s latest software updates.

• The most recent iOS and iPadOS is 18.4.1
• The most recent macOS is 15.4.1
• The most recent tvOS is 18.4.1
• The most recent watchOS is 11.4
• The most recent visionOS is 2.4.1

The easiest and most reliable answer is B. insist on a video call and pay close attention to the video.

A. and C. are also worth a try, but online databases are incomplete. Lots of people use privacy tools for legitimate reasons, and they may not appear in social media or other people search tools. Even if you are a skilled internet sleuth with training as a reporter or detective, you may find that conclusive proof that someone is a scammer is very difficult to come by… unless you do a video call.

There is far too much security and privacy news to cover it all. When building this newsletter, we look for scams, hacks, trouble, and news to illustrate the kinds of problems Apple enthusiasts may encounter in our private lives, and the self defense we can practice to keep our devices, accounts, and lives secure. Our commentary focuses on practical advice for everyday people. This newsletter was written by Cullen Thomas and Rhett Intriago and edited by Sarah Kingsbury.

In case you missed it, be sure to check out our free class on cybersecurity for Apple enthusiasts.

Interested in Private Browsing on your iPhone? Check out:

• Can Private Browsing on iPhone be Traced?
• What Is a VPN on iPhone & How Does It Work?

If you enjoyed this newsletter, you’ll love all the security content available on iPhone Life Insider!

This premium subscription includes:

• The complete iPhone Life Privacy & Security Course for Apple Enthusiasts and other free online courses taught by expert instructors
• In-depth guides on everything from security to iPhone photography to other Apple devices
• Daily, bite-sized video tips on topics ranging from iCloud security to password management
• A digital subscription to iPhone Life Magazine, where you’ll find articles covering the best security gear, apps, and in-depth how-tos
• The monthly premium iPhone Life Security Newsletter covering everything you need to know to keep your digital life secure
• Access to the ad-free version of the iPhone Life Podcast and exclusive bonus content
• Expert help with all your most pressing Apple Watch questions in our private Ask an Expert Facebook Group

Join the Insider community today and save 30 percent!