Phishing: How They Almost Got Me This Time

Cybercriminals are getting better…and a lot more sneaky.

Face it, I’m totally paranoid. I keep all my logins in a password manager. I use two-factor authentication wherever it’s available. And yet…

I totally almost fell for a phishing attempt a few days ago. At first, second and third views of this email, it seemed totally legit that it came from Apple support.

screenshot of phishing email

My first reaction was wracking my brain to remember when the last time I did any telephone support at Apple. The fact that I could not remember anything more recent than a year or so ago raised red flags.

So instead of taking the “survey,” I Googled and discovered that this was probably phishing. I forwarded the email to Apple’s reportphishing account.

Why this was such a good attempt:

  • Apple branding was on point
  • All the links at the bottom of the email seemed to be right

The sneaky thing that I should’ve checked right away: Hovering over the Survey Link showed that the URL went to When I checked that domain name against WhoIs I found that it’s registered to a company called So, yeah, not Apple.

Moral of the story: It might actually look real – no misspellings, no weird graphics. Be aware and be careful!

Doing the Two-Step…Verification, that is

Have you seen those commercials about identity theft – you know, the ones where a petite woman is shopping, but in reality, it’s some bruiser of a guy who’s stolen her identity. Funny, right? Only, not really.

In today’s online world, keeping yourself safe isn’t as easy as having passwords to your accounts. Sure, you can use a password management software (LastPass, 1Password, etc) and have unique, complicated password for each website, but is that enough?

Not anymore.

Passwords are only the first step in keeping that gate closed. They are a single point of failure. If someone can guess (or get access to) your password, then Burly Guy is now pretending to be you and going on a shopping spree at Best Buy.

What do you do? hand holding smartphone

As with guarding your car against thieves, you want to have double protection. You lock your car and have an anti-theft system, right? To achieve this online, you should adopt two-step verification (sometimes called two-factor authentication or 2FA.) It’s a much more secure solution than just passwords.

A good example of this is your ATM card – you have the card (1 step) and you have a PIN (2nd step). If you lose your card, unless you wrote the PIN on the card itself, it’s highly unlikely that someone can use the card to withdraw cash.

That’s the point of 2FA – make it harder for potential online thieves to access your accounts.

Using Two-Step Verification

Setting up 2FA is done individually for each account and many online services offer it as a matter of course. Google, Twitter, Facebook and more are prime examples. These are all high-level targets of cyber thieves.

To set up the two-step verification, simply follow the directions provided by your online service. Usually, it’s as simple as providing a mobile phone number. The service then uses your phone to text you when you log in. They’ll send a text message with a unique code (usually a string of numbers), which you then enter after log in. Simple, right?

So, what are you waiting for? Go on, log in to your accounts and set it up. It’s an easy way to throw up another barrier to cyber criminals.

For more information:

Two-factor authentication: What you need to know (FAQ)
Here’s Everywhere You Should Enable Two-Factor Authentication Right Now

Staff Favorite: Mental Floss

If you’re a knowledge junkie like I am, you’ll absolutely love Mental Floss. Daily blog posts topics throughout the day give readers topics as diverse as daily quizzes to NASA videos and much more.

One of my recent favorites is finding out that the Star Trek theme song has lyrics. As a long time fan, I should’ve known that. Now, I do.

What’s one of your favorite knowledge sites?

Tools: Online backup with an external hard drive?

We’ve touted the need for backing up in a previous post. However, with today’s ginormous hard drives and super-large media libraries, trying to back up your data to an online service via an internet connection is an exercise in patience and frustration. It can take many days for your data to upload and in many cases, the backup files can end up corrupt or missing data. iDrive logo

The solution? A service that sends you a portable terabyte drive that you then mail back!

In a recent article in TechCrunch, reporter Frederic Lardinois reported that the service iDrive now ships 1TB hard disks to users who want to back up large amounts of data. Evidently, Mozy, another well-known provider of online backups does the same, but for a higher price. Google and Amazon also allow developers who use the respective cloud services to send in drives.

Pretty cool, huh? A great way to back up your data without being tied to slow upload speeds. I’ve not tried this, as I primarily use Dropbox for my essential files, but it’s tempting.

What’s your favorite method of backing up terabytes of data?

Tools: What’s the next Google Reader?

When I first heard that Google was killing my all-time favorite app of theirs, Google Reader, I’m pretty sure I threw something against the wall (no, not my laptop!). Sure, it wasn’t an income stream for the company and social media has become the next, hot thing, but for the tens of thousands of us who are journalists, writers, bloggers and others who rely on aggregating RSS feeds, Google Reader was king. screenshot of feedly

After the initial denial & anger phases, I started researching alternatives. After all, I couldn’t lose my hundreds of feed URLs!

After struggling with NewsBlur, tearing my hair out with TheOldReader, I settled in to try out Feedly. “It’s the best!” cried all the tech bloggers. “Try it, you’ll like it.”

At first, I wasn’t so sure, but now, after two months of using only Feedly (clutching the dying gasps of Google Reader as my backup), I’m hooked.

Feedly is flexible, easy to read and best of all, they’ve developed Android and iOS apps. Plus (a huge plus in my book!) the transition from Google Reader was seamless!

What alternative RSS aggregator have you chosen to use?