Looks like it’s curtains for the Vision Pro. Apple’s slashing production in half, and it may be the end of the line. Plus, a Nigerian man got ten years for a phishing scam, ChatGPT stepped in to save a Redditor’s life, and there’s now a “digital condom” (no, you don’t have to wrap your phone in latex).
Small-biz tip: Don't overlook this digital danger
Are you the type of business owner who forgets about ex-employees as soon as they’re gone? Failing to remove former employees’ access to your systems and data could lead to security breaches. Don’t let poor offboarding practices be the weak link in your cybersecurity chain.
How improper offboarding can hurt your business
Whenever an employee leaves the organization, you must remove their access to company systems and data. That’s especially true if you’ve laid off an employee. They may feel a sense of anger or resentment towards the company, which makes them more likely to be malicious.
It’s more common than you might think. A recent study from Beyond Identity examined how ineffective offboarding impacts a business’ cybersecurity. They found that one in three employers has been hacked due to ineffective offboarding.
Oh, and most former employees say they can still access company files. Researchers say 91% of employees can still see private files after offboarding earlier last year. Do you want former employees to know what you’re doing a year later? Probably not!
Plus, the study found only 21% of employers deactivated an employee’s account immediately after they let the worker go. It took 29% a whole week to cut the strings.
Overall, businesses estimated they lost $7,687 to ineffective offboarding. In other words, it’s a mistake you can’t afford to make. Want to build better business practices? Here are the three lessons Kim has for fellow business owners.
Offboarding dangers for small-business owners
⚠️ If you don’t completely cut off former employees, you’re taking on a ton of risks, like:
- Insider threats: Former employees who can still access company systems and data can steal confidential information or sabotage your systems.
- Social engineering: I talk a lot about how dangerous phishing scams are. They can level a company’s computer systems. Former employees are especially dangerous because they know social details about the workplace, which can help them access sensitive information or networks.
- Revenge: In some cases, fired employees may attempt to cause harm to their former employer out of revenge, such as launching a denial-of-service attack or spreading false information about the company.
Beyond Identity’s survey found that 86% of employees have considered taking negative actions against a former employer. People who actually went through with retaliation had diverse reasons: 37% said they didn’t get a raise, while 29% cited a bad relationship.
Beware: Convincing new PayPal invoice scam
“Reminder: You’ve still got a money request!” That was the subject line of the messages flooding my husband Barry’s inbox all week. He’s not the only one; there’s a sneaky scam going around that looks totally legit … because it actually comes from PayPal.
Phishing scams are getting amped up: No more copy and paste. Criminals are using AI to scrape up tons of detail and then write in the style of specific people or companies. Corporate execs and employees are getting emails with info only the sender would know, like just how they sound (paywall link) — yet another reason to wipe your info off the web.
Today, 91% of phishing scams originate from this one source. Is it … A.) Phishing emails, B.) Compromised websites, C.) Unsecured Wi-Fi or D.) That person in your life who clicks on anything?
2.5 billion Gmail users
Are at risk of hijacking. In the last half of the year, credential theft soared 700%, and phishing attempts to break into email accounts spiked 200%. Promise me you’re not using your email password for any other accounts!
Antivirus comparison: Which option is best for your PC or Mac?
If you browse the internet regularly, you can’t get around the fact that you need antivirus software. Viruses can pop up in unexpected places, and you want your device to be able to fight one off if it appears.
Dangerous malware making the rounds is what makes having antivirus software protecting you so critical. But what’s the best antivirus software for a Mac or Windows computer? Keep reading to see the best options.
3 security steps every small business needs to take right now
Business accounts can be hacked as easily as personal accounts. Imagine all your hard work being held at ransom by a hacker or your data falling into the hands of someone who can sell it to the competition.
You need to secure your business as best you can, and here are three crucial tips to get started. This tip is brought to you by our sponsor, NetSuite.
🚨 Heads-up, drivers: Scammers are sending fake phishing texts claiming you need to pay your FasTrak bill to avoid late fees or you’ll be in big legal trouble. Don’t fall for it! It’s a ploy to trick you into clicking a bogus link to steal your personal info and drain your wallet.
40% increase
In phishing attacks, thanks to one trick. Cybercriminals buy up super-cheap and easy-to-register domain extensions like .shop, .top, .xyz, .vip and .club. If you see one, move on.
🎣 Reeled in a big one: A 33-year-old Nigerian man was sentenced to 10 years for a phishing scam that stole $20 million in nest eggs from over 400 U.S. homebuyers. He sent phishing emails to real estate professionals, tricking them into providing their login credentials. Using those, he redirected home purchase payments to compromised accounts and laundered the money into bitcoin via Coinbase, according to the DOJ.
Fake Prime Day sites, emails and calls spreading
Amazon’s fall Prime Big Deal Days sale is next week on Oct. 8 and Oct. 9. Yes, I’ll be sharing all the best deals. But the most important thing I want you to know is that scammers are hard at work creating lookalike sites and emails to trick you while you’ve got your credit card out.
🔐 Change your password: Over 2 million VPN passwords were stolen using malware last year. ExpressVPN, Proton VPN and NordVPN were the biggest targets. The companies weren’t breached; hackers went after users through phishing attacks, keyloggers and credential stuffing. Change your password ASAP if you have a VPN. And remember, “beefstew” as a password isn’t stroganoff.
🚨 Bogus captcha tests: Instead of picking images or typing words, these shady tests ask you to press Windows key + R and Ctrl + V. Doing so then pastes in a Windows PowerShell script that unleashes Lumma Stealer malware. Stay alert: These fake captchas are popping up on random websites and in phishing emails.
In 2008, the U.S. Department of Defense experienced the worst breach of military computers, ever. Was the source a … A.) Phishing email, B.) USB flash drive, C.) Confused employee or D.) Stolen laptop?
🚨 Driving away with your data: Car rental company Avis says 299,006 people had their personal info stolen in an August data breach. We’re talking names, addresses, credit card numbers and driver’s license numbers. No word yet on how hackers got in. FYI, Texas was hit hardest, with 34,592 folks there exposed. Stay alert for phishing scams!
Using free antivirus? Here's what it could cost you
The internet is dangerous and laden with hidden threats. Luckily, antivirus (AV) software can spot lurking dangers that want to take over your computer. Tap or click here to find out why you need antivirus software.
You may consider a free version if you’re looking for an antivirus tool. A few solutions won’t cost you a dime, which can be appealing. But, as with all things, you get what you pay for.
🚨 Banking app scam alert: A new phishing attack is tricking people into installing an “updated” (read: bogus) banking app. Scammers contact you via email, SMS or voice call. Download their app, log in, and now they have your password. Stay safe: Only update apps via the App Store or Google Play. If you need your bank’s app, go to their website for a direct link.
🚨 CrowdStrike’s global outage isn’t over: Scammers are out in full force using fake CrowdStrike websites to push phishing emails and phone calls posing as tech support to steal your info. Don’t give info over the phone, and check unfamiliar email senders’ domains very carefully. The official CrowdStrike website and domain is crowdstrike.com.