ItsGeekToMe.co
The official home of It's Geek to Me on the web!
Issue #990: July 12-18, 2026
Geek Note: Today’s edition of It’s Geek To Me is what you might call an “Unfinished Business” issue. In recent submissions, a couple of readers asked questions with “extra” parts that I simply didn’t have room to cover in that column. So, let’s take care of one of these unfinished business issues now, shall we?
From Issue #980, May 3, 2026:
Q: My other issue is a little different than the typical issues you write about, but I think an outline of red flags to look out for in possible phishing attempts might be useful to your audience. It seems that the scammers are becoming more sophisticated and it’s no longer enough to check for spelling and grammatical errors.
– Matt L.
Odessa, Texas
A: On the contrary, Matt, this is exactly the type of issue that I write about, and I’m happy to cover it for the security and benefit of all my readers. After all, being informed is your first line of defense against this kind of thing.
Modern cybercriminals are actually using AI tools to write highly convincing emails, free of the kind of errors that you mentioned. You’re spot-on in supposing that it’s no longer sufficient to rely on the presence of “spelling and grammatical errors” alone to identify scams. In addition to these, some of the things to watch out for include an artificial sense of urgency; that is, trying to force you to make a quick choice under threat of some dire result, such as immediate legal action, or account deactivation. The idea is to make you careless so you provide your credentials to some phony web site in the hope of preventing the non-existent catastrophe.
There are also a number of technical red flags to watch out for. Examples include:
- Look-alike domain names: Attackers get their hands on domains that look almost identical to those trusted brands. They use homoglyphs – for example, replacing a lowercase “L” with the number 1, or using foreign alphabet characters that look exactly like English letters to human eyes. Always hover your mouse over the sender’s address to see the actual structure.
- The Link Disconnect: The text for a hyperlink can be anything, and does not need to match the underlying link. Again, a quick hover will reveal where it actually plans to take you. If it says one thing, but does another, it’s probably a data-harvesting trap.
- Malicious QR Codes (Quishing): This happens when a QR code is contained in an email or embedded on a website. Think about it. Why would a company need to put a QR code in front of you when you are already online? A legitimate company will rarely force you to scan an emailed QR code to access their site, update your billing profile, or look at an invoice. That’s not to say don’t scan QR codes on TV or in paper advertising, but be wary of those on websites, or that get emailed to you.
- Web Page Spoofing: For sophisticated phishers, it is a trivial matter to build landing pages that are indistinguishable from legitimate login portals. They display legitimate logo graphics and even copyright statements (these guys have no shame!). The one thing they can’t spoof is what appears in your browser’s address bar, so keep an eye on it for those homoglyphs, which can make a fake URL look legitimate.
Everything I mentioned above falls into the category of “reactive” solutions. In other words, you, the user, are reacting to the threat. There are also “proactive” steps you can take to protect yourself. These include:
- Proper Password Management: Choose strong, robust passwords that would be difficult for a hacker to guess. Don’t reuse passwords on multiple sites. Best case scenario, employ one of the many free password managers out there that automate the process, completely taking the hassle out of your hands.
- Use Multi-factor Authentication (MFA) when available: When a site offers MFA, always opt-in. This bullet-proofs your passwords, so even if they get compromised, a hacker can’t access your data without being able to provide the second “factor” which usually requires access to your email, or better still, physical possession of your smart phone.
To view additional content, comment on articles, or submit a question of your own, visit my website at ItsGeekToMe.co (not .com!)
Leave a Reply
You must be logged in to post a comment.