Checklist 288: Everything Old Is News Again
On this week’s Checklist, we’ll talk about a new type of highly convincing email scams — and Apple’s latest round of updates.
When email scams get personal
Security experts are warning about a new kind of email scam — one sophisticated enough to fool even cybersecurity experts!
According to a report from The Conversation, these next-level email scams work by taking a personal approach. The bad guys start by using social media to find detailed information that they can use to target their victims. Then, they use spam bots to begin an exchange with anyone who replies to their first email — using information from posts on social media sites like LinkedIn to appear more convincing.
Although the approach is somewhat new, the endgame is depressingly familiar: Get the victim to trust you, then ask for personal data or money.
Interestingly, the scammers seem to favor business sites like LinkedIn due to a canny grasp of human psychology. As the article in The Conversation notes:
Psychologists who research obedience to authority know we are more likely to respond to requests from people higher up in our social and professional hierarchies. And fraudsters know it too.
How to avoid email scams
Email scams like the one described above are common for a reason: They’re very profitable for the scammers. Businesses lose around $20 billion each year to these scams. One large business consulting firm and tax auditor, BDO, found that around 60% of mid-sized businesses in the United Kingdom fell victim to fraud in 2020. On average, these businesses lost around $300,000.
Email scams are obviously something you want to avoid — yet they’re getting better, and they play on our psychological weaknesses. The good news is that there are a few basic steps you can take to stay safe:
Don’t answer weird emails. If something seems off, just delete it (perhaps after reporting it). But don’t reply — this only confirms that your email is active, which puts you on the bad guys’ radar for future email scams.
Always double-check the source of incoming emails. Look at email headers to make sure the sender’s details and domain match their name.
Reach out independently. If someone contacts you from organization X, search for that company on the web and reach out to them on your own, using a phone number or email address that you found. If the company says they never sent you an email, it’s a safe bet you were being targeted for a scam.
Keep a low profile. Don’t post or share too much personal information publicly, especially on social media sites. The scammers can find that info and use it against you.
Another round of Apple updates
Apple has just released iOS 15.6, iPadOS 15.6, and macOS 12.5 — along with some supplemental security updates for older Mac OSes.
In iOS and iPadOS, Apple made 37 separate security fixes. We won’t dive too deep into the details, but the linked security update notes contain plenty of worrying phrases such as “with kernel privileges” and “arbitrary code execution”. You know the drill — update right away!
On the macOS security side, Monterey 12.5 went big this time around: There were a whopping 50 vulnerabilities patched. As with your mobile devices, it’s time to update your Mac, the sooner the better.
If you’re using an older version of macOS, Apple has you covered: macOS Big Sur 11.6.8 and Security Update 2022-005 Catalina each contain 29 security fixes to keep your Mac safe.
And as usual, there were also some updates for Apple Watch and Apple TV users. watchOS 8.7 and tvOS 15.6 both fix a number of security vulnerabilities. If you’re updating your other OSes today, the best course of action is to get everything done at the same time to make sure your watch and TV are as safe as your phone and computer!