Wednesday, December 7, 2022

Scam E-mails Pose As Retail Store Rewards Programs

by Kylene Long

This holiday season, scammers have been working hard at tricking people into giving up their credit card numbers and other personal information.

A typical scam e-mail poses as a loyalty program from a big-box department store, for example Costco, Dick's Sporting Goods, Kohl's, Sam's Club, or Walmart.

The e-mail typically claims that you've won a reward or prize. This might include a Le Creuset dutch oven, a Milwaukee tool chest, a Yeti cooler, a gift card, or some other exciting giveaway.

When you open the e-mail, you will usually be asked to click on a link, fill out a survey, and provide your credit card info to cover the cost of shipping your coveted prize.

If your e-mail provider doesn't have the best spam filters, scam e-mails like these may end up in your inbox—and you might see quite a few of them.

Don’t be fooled. If something sounds too good to be true, it probably is.

 

For more from the JoshMeister on Security, follow Josh on Twitter, LinkedIn, Mastodon, and other social networks.

Saturday, June 15, 2019

Podcasts on Facebook, Google, and Apple privacy and security, and more

It's time to catch up on sharing episodes of the Intego Mac Podcast that I've co-hosted since my last big update on the JoshMeister on Security, in reverse chronological order.

Please subscribe for free to the weekly podcast (via Apple Podcasts or elsewhere) to make sure you don't miss any future episodes!
Click on the episode titles below for show notes and MP3 download links. Each episode is about 30 minutes long.

For more from the JoshMeister on Security, please subscribe via e-mail or RSS, and follow me on Twitter and .

Articles written from October 2017 to March 2019

It's catch-up time again! Here's a list of articles I've written since my last post on the JoshMeister on Security, in reverse chronological order. Unless otherwise noted, these articles were published at Intego's The Mac Security Blog.

Articles highlighted in bold are either particularly interesting or are important and still relevant.

For more from the JoshMeister on Security, please subscribe via e-mail or RSS, and follow me on Twitter and .

Monday, November 20, 2017

Podcasts on Face ID, KRACK, Amazon Key, 2FA, Cryptojacking, iOS App Privacy, RSAC 2017, and More

It's time to catch up on sharing podcast episodes that I've co-hosted recently or published earlier this year.

Click on the episode titles for more complete show notes and MP3 download links.

Please subscribe to the Intego Mac Podcast via the button below, and if you enjoy the show, please write us a 5-star review on iTunes!  Every subscription and every review make a difference.


Also, in case you missed it…

Be sure to check out my Apple Security Month in Review article for October 2017, along with the video version (and be sure to subscribe on YouTube):





For more from the JoshMeister on Security, please subscribe via e-mail or RSS, and follow me on Twitter and .

Thursday, October 26, 2017

New Apple Security YouTube Video Series and Audio Podcast

I have two exciting announcements!

YouTube Video Series – Month in Review
First, I'm producing and starring in a brand new monthly YouTube video series featuring highlights from my Apple security month-in-review column.  You can subscribe via Intego's YouTube channel, and be sure to click on the ๐Ÿ””bell icon to get notified whenever a new video is released:



Check out the first episode by clicking here:

Audio Podcast – Weekly Apple Discussion
Second, I'm co-hosting a brand new weekly audio podcast focusing on Apple topics including Mac and iOS security.  Check out the homepage for the new Intego Mac Podcast, which features Kirk McElhearn and me as hosts:

Please subscribe via the button below, and if you enjoy the show, please write us a 5-star review on iTunes!  Every subscription and every review make a difference.


Please share!
Please share both of these new shows with your friends, family, coworkers, and social media pals to help others stay safe online.

I look forward to sharing security news with you in these new and exciting ways!  Thanks to Intego for providing the opportunity and means to create these new shows.


For more from the JoshMeister on Security, please subscribe via e-mail or RSS, and follow me on Twitter and .

Articles Written from December 2016 to September 2017

It's catch-up time!  Here's a list of articles I've written since my last post on the JoshMeister on Security (in reverse chronological order):
  • October 3, 2017 — Month in Review: Apple Security in September 2017
    • Featured stories include:
      • Apple releases macOS 10.13 High Sierra, iOS 11, tvOS 11, and watchOS 4
      • Patrick Wardle's SKEL and Keychain vulnerability discoveries
      • DolphinAttack
  • September 22, 2017 — What is BlueBorne? An Apple Device FAQ
    • Discussing BlueBorne, a Bluetooth vulnerability that affects some iPhone, iPad, iPod touch, and Apple TV models that Apple is no longer updating
  • August 30, 2017 — Month in Review: Apple Security in August 2017 
    • Featured stories include:
      • Touch ID Secure Enclave Processor firmware allegedly decrypted
      • New Mac malware: Pwnet malware distributed via supposed hack for Counter-Strike game
      • New Mac malware: Mughthesec and other Mac adware installers
  • July 31, 2017 — Month in Review: Apple Security in July 2017
    • Featured stories include:
      • New Mac malware: OSX/FruitFly.B, a variant of spy malware discovered in January
      • New Mac malware: OSX/FlashyComposer.A, a variant of OSX/Leverage backdoor malware from way back in 2013
      • DevilRobber Mac malware makes a comeback
  • June 29, 2017 — Month in Review: Apple Security in June 2017
    • Featured stories include:
      • Mac ransomware and spyware as a service
      • New Mac malware: OSX/OceanLotus returns with new variant
      • Scam software in iOS App Store
  • May 31, 2017 — Month in Review: Apple Security in May 2017
    • Featured stories include:
      • New Mac malware: OSX/Dok distributed via phishing
      • New Mac malware: OSX/Proton.B distributed via compromised Handbrake download server
      • New Mac malware: Snake gets ported from Windows
  • May 25, 2017 — WannaCry and the State of Mac Ransomware
    • Windows systems worldwide were hit by a serious SMB vulnerability called EternalBlue; Macs that run Windows could be affected
    • A summary of recent macOS-targeted ransomware is also discussed
  • April 27, 2017 — Month in Review: Apple Security in April 2017
    • Featured stories include:
      • Apple introduces security (and, oops… insecurity) updates
      • SMS phishing scams targeting iPhone users
      • Find My Mac can be disabled by anyone with physical access
      • Unofficial app store hidden in an App Store app
      • Proof-of-concept fake apple.com site revealed a Unicode implementation issue in major browsers (Chrome, Opera, Firefox) that could have facilitated phishing
  • April 20, 2017 — Windows Vista is Dead; Should You Switch to Apple?
    • Microsoft is no longer releasing security updates for Windows Vista, and the upgrade path to Windows 10 is rather bumpy; is this a good time for users of a legacy Windows operating system to switch to a Mac or iPad?
  • March 24, 2017 — Month in Review: Apple Security in March 2017
    • Featured stories:
      • Mac hackers get root at Pwn2Own
      • WikiLeaks' Vault 7 and DarkMatter disclosures highlight previously patched iOS and Mac vulnerabilities
  • March 20, 2017 — RSA Conference 2017 Highlights
  • February 24, 2017 — Month in Review: Apple Security in February 2017
    • Featured stories:
      • New Mac malware: Filecoder/Findzip ransomware
      • New Mac malware: Sofacy XAgent
      • New Mac malware: iKitten
      • New Mac malware: EmPyre Word macro
      • New Mac malware: PROTON RAT
      • iCloud was storing "deleted" Safari history
      • Alleged nude celebrity photo leak blamed on "iCloud hack" but devoid of evidence
  • January 25, 2017 — Month in Review: Apple Security in January 2017
    • Featured stories:
      • New Mac malware: ClientCapture/Fruitfly/Quimitchin
      • Scam site launched DoS attack against unpatched Macs
  • December 15, 2016 — What to Do if Your Mac Can't Run macOS Sierra
    • Apple released a major new operating system, and it isn't compatible with some Macs that could run previous versions of OS X; this article includes ideas for users of older Mac hardware (note: macOS High Sierra, released in late 2017, has the same system requirements as Sierra)

For more from the JoshMeister on Security, please subscribe via e-mail or RSS, and follow me on Twitter and .