Category: Security

Ooohhh…this scam almost got me

Carl Setzer1 Comment
scam alert letting text on black background

I just got this email a few minutes ago, ostensibly from RyanAir:

Man, this one looks pretty legitimate. The things that caught my attention? #1, I haven’t booked any travel with RyanAir.

#2, the email is one I haven’t used in ages, but it is set to auto-forward to me main one. But it’s not one I would’ve used. Perhaps I used it in the past with RyanAir? Nope. Never flown with them.

But what if, maybe, just maybe, it was someone else, some other Carl Setzer, who accidently used this email that was off in some weird capacity. Hmmm…

Oh, well if someone made a mistake, I should click on this link, right? Be nice and help a chap out, right? Knowing how many people want to be nice, I opt to hover over this link, which leads me to the big ol’ red flag

Check out THIS url:

Yep, my friends: classic phishing!

Now, you don’t need to dig around like I did. I did so mostly for the academic exercise. My first impulse was to mark this as phishing immediately, but I just was too curious.

For most folks, just mark as spam and ignore these things. Do NOT click on any of the links!

So, the world of spams & scams is evolving. Be aware and be safe, my friends!

Ah, Yes…Another Scam

Carl Setzer
scam alert letting text on black background

I posted this article to Facebook last week. My son let me know he received one that day. And I won this lottery today!

This one is text based. Watch for these E-Z Pass texts that state you have an unpaid toll. Well, it’s fraudulent. As always, DO NOT CLICK THE LINK! Report it as a scam or junk text, then delete it.

Oh, and it’s more than E-Z Pass, but also SunPass, Peach Pass, EZDriveMA…and I’m sure others. And I expect this list will expand as the scammers find other passes to spoof.

I expect this one will get larger before it fades into the next scam.

Be safe my friends!

An uptick in Facebook & Instagram Spam Messages

Carl Setzer1 Comment
scam alert letting text on black background

Last June I wrote about a scam running through my Facebook accounts. Well, I’ve now seen this a few times over the months. However, starting overnight last night, several of the pages I managed have been inundated with the message. I think I’m up to 7 or 8 on one page alone.

Here’s a screenshot of the message:

Meta Scam message: We have detected that a Facebook page associated with your Instagram account may be violating Meta policies.

Ultimately, it’s a phishing scam. If you click on the link, it’ll either ask you for your credentials or download malware…or both. Dear friends, DO NOT CLICK ON THE LINK!!!!

Part of me takes delight in reporting these…people…for spam and getting their accounts blocked. However, in the end, it’s just a game of whack-a-mole. Clearly, they are able to create new accounts as fast as they get deleted. A part of me wants to kick these folks in the gonads.

Anyway, I wanted share this ASAP and I’m sure there are some people alarmed and, thus, more likely to click on the link. Please be safe out there in cyberspace!

LastPass Clients, Watch Out For This Phishing Scheme

Carl Setzer
monochrome photo of two people having a video call

I, along with many, many others, was affected by several of LastPass’s data breaches. So, earlier this year, I shifted over to another product.

So, when I saw this in my email the other day, my suspicions were raised.

Besides no longer being a LastPass customer, the sender’s email was a huge red-flag.

Ah, there’s a link! I always recommend people do in these circumstances is hover over links in email. In the lower left-hand corner, you can see the actual link. *Note, this is not a a LastPass site.

I’m quite confident that these hackers got my information from the dark web, but found that I’ve changed all my passwords, as well as shifted away from LastPass. It’s a rather convincing email phishing for information.

So, I wanted to share this for a few reasons. Mainly, for my fellow LastPass breachees, watch for these sorts of scams. Hackers can use information in multiple ways, not just with accessing your sites with stolen credentials. Also, there are some good tools to use in any suspicious email. My main advice: never click on a link unless you’re 100% certain it’s valid. Reach out to the send via phone/text if you’re in doubt.

Anyway, be wary my friends. If you’ve ever been part of a data breach (is there anyone who hasn’t?), expect that the information collected will be used against you.

Microsoft Security Issue

Carl Setzer2 Comments
woman in black hoodie holding a bank card

Over the past few days, I’ve been receiving multiple emails from Microsoft’s Account Team with single-use codes. At first, I assumed that my son or wife was trying to access the account. And the folks at Microsoft added the text “If you didn’t request this code, you can safely ignore this email. Someone else might have typed your email address by mistake.” But I started to get concerned as the number of these messages increased and no one said “hey dad, I can’t get in the Office”. Finally, I decided it was time to figure out what was going on.

So, I first logged into my Microsoft account (account.microsoft.com) and went to the security panel. From there I opened “View My Activity”.

What I saw alarmed me. There multiple attempts to log in from places like Vietnam and Guyana.

Now, I was pretty confident in my account’s security. I update my password regularly and use a strong password. And when I looked at the “session activity” it states that “incorrect password entered”. Which seems pretty solid. I’m pretty sure that an old password has been leaked from a data breach and is in some list available on the dark web.

But I think it’s not adequate. Exploring further, I realize that I had not yet enabled two-factor authentication, nor connected it to my authentication app. So, I fixed that promptly. I firmly believe everyone really should do these steps for all their account. Do you know where to do that? I thought I’d help out by adding the steps.

One enables that from the Advanced security panel.

I encourage all of you to make sure your security settings are using the most up-to-date protocols:

  • Multifactor authenication
  • Authentication Apps
  • Pass Keys

Also, I opted to sign out of EVERY app. Yeah, it’s a bit of a pain, but I don’t want to have my information compromised. I like that I can do that from the control panel.

Anyway, we really can’t be too safe on today’s internet, can’t we?

Have you seen a spike in Microsoft Single Use Code emails that are not from you? Let me know in the comments.

Oh, Lord…LastPass

Carl Setzer

I’ve used LastPass for several years now. Even through a couple of data breaches. But this latest saga, especially with the, *ahem*, lack of transparency in their communications eroded my trust in the app. After looking over several options (if you’re looking, check out PCMag’s list of Best Password Managers), I opted for NordPass.

With all that, yesterday, this video came into my YouTube feed:

If you’re still on LastPass, why!?

It’s a rather snarky rendition of how LastPass failed in their security controls. Anyway, it reminded me of my frustrations with them. I was willing to turn a blind eye to many of their issues due, well, laziness. Porting to a new provider was going to be a pain the…you know. However, a friend of mine’s information was released in this hack, and it was brutal. This was the tipping point for me, watching the impact of this for a friend’s business.

This finally motivated me to shift to Nordpass. It turned out that the transition was nowhere near as hard as I imagined. So, so far, I find the tool works fine and have no problem recommending them. It’s only based on a few weeks of experience, though. I’ll keep exploring it further.

Anyway, I hope you have great weekend plans.

Facebook Page Spoofing: A Newer Internet Annoyance

Carl Setzer
scam alert letting text on black background

I’ve received notices from time-to-time from “friends” who I’d already friended. Random and every so often. Today, it was my turn.

It started with a good friend texting me saying he’d just gotten a friend request from me. Well, as we’ve been friends on Facebook for years, it was a tad bit suspicious.

I jumped on to my page, and up pops a message saying it looks like someone is pretending to be me and what do I want to. Actually, the whole process was pretty quick and easy. Ironically, while I was messaging a few other friends who’d let me know, I had a friend request from someone I’ve known for years. And got to report that one.

I’m really not sure the value of this, except for the ability to directly message people and solicit cash. Probably setting up a “I need emergency funds” scam.

Anyway, be duly diligent with new friend requests; especially if you suspect you already are Facebook friends. And, if someone pings you saying they’re in a Mexican jail needing bail money (or some such thing), be suspicious.

Be safe out there!