In this newsletter:

📝 Post: Are You Giving Away Your Login Info Without Realizing It?
🗞️ In Case You Missed It: OpenAI and the Job Market
🗞️ In Case You Missed It: Google and YouTube
🗞️ In Case You Missed It: Headlines
😎 Pick of the Week: New York City Picks
📦 Featured Product: Pizza Cooking Tools

📝 Are You Giving Away Your Login Info Without Realizing It?

In the past, I’ve written a few times about your online security and privacy. Just a few posts include: Understanding Basic Security vs Privacy Online, Why You Need a Password Manager, Navigating the World of Password Security and Management, Tips to Keep Your Personal Information Private, and Tips to Spot and Avoid IRL and Online Scams. However, there are some scams and phishing attacks that are almost impossible to prepare for, and they’re always evolving.

Spoofing is a very common method of attack from scammers, but the term generally encompasses a few different methods in practice. Just using email as an example... Attackers can purchase a domain that appears similar to another domain (or uses a different language to appear similar) in order to trick users. If the website for an example bank in question is “Bank of America,” a similar domain may be BankofArnerica.com. Depending on the font of your computer, or how quickly you read that, you may have missed the “m” in America, which was actually an “r” next to an “n.”

However, even through email, there are ways to have your email show up as literally anything you’d like it to show, with the true email and domain name hidden in the email header. So there is a chance an email from “someloserhacker@gmail.com” appears to be from “John.Smith@bankofamerica.com.” Again, these aren’t always the easiest to spot, but if you look for it, you’ll start to spot them out. Most email programs allow you to set your name to be anything you’d like it to be. And some allow you to ‘hide your email address’ when sending out emails.

All that said, there is even another way to be scammed through emails. Neither of those issues can help you if the servers (or a specific user) within Bank of America had their account compromised. This means a hacker (outside of Bank of America) has full access to John Smith’s email, and no one may know the wiser. If the hacker were to send an email to you, pretending to be John Smith, they could ask you to visit their [fake, but genuine-looking] website to verify a [potential scam charge]. What’s tricky, though, is that upon receiving it, it appears — and is — 100% genuine.

Once visiting their site, you will be asked to log in, which isn’t out of the ordinary. What will probably happen is they’ll give you 3 attempts to enter your correct password before requiring you to receive an email code to change your password, which will take “up to 30 minutes to arrive,” but will never come through. By the time you realize what’s going on, they will have already logged in to your account and moved your money around - or, depending on the site, do whatever else they can to steal or cause you trouble.

So how does this happen?

Essentially, by clicking on a link in an email, you give away your session’s cookies (the file that stores your login information). Meaning - the scammers now have access to your account as they can also bypass Microsoft 365 MFA checks.

Let’s compare this to snail mail. Say you receive a letter in the mail from your electricity company. They say they’ve updated their payment systems and need you to log in and reconnect your bank account. The website they share doesn’t state the exact company in the URL, but it’s close enough, the name is accurate, as is the return address, and everything on the website looks normal. And that’s assuming you actually noticed all of that…

The scammers now have your login information (because they let whatever password you type work, whether it was accurate or not), and your bank account. They can now use their bots to try this email and password combination on tons of different sites, too. If they want, they can also use your bank account to purchase items on your dime…

This is one reason you should have different passwords for all of your accounts - and especially your bank account and other monetary-related accounts!

Not to mention, this is another reason you should never click on any link you don’t know who the sender is. Nor should you ever trust any website, service, or company that asks you via email to change your payment information. If it looks legitimate, simply go to the website on your own volition and log in. Then go to your account page and see if there are any notifications stating you should change your payment information.

Scammers are always innovating (which sounds ridiculous, I know), so there are always new crazy ways they are able to hack your account. All we can do is just be as careful as possible, don’t trust anybody virtually, and practice secure password management techniques.

Curious about other types of scams or phishing attempts? Check out this video on YouTube of Every CATASTROPIC Computer Virus Explained in 20 Minutes.

🗞️ ICYMI: OpenAI and the Job Market

OpenAI shared a paper on Evaluating AI Model Performance on Real-world Economically Valuable Tasks, helping answer whether they think AI can take our jobs. They analyzed 44 occupations across nine sectors and “the findings suggest that integrating AI can potentially save time and costs in expert workflows while acknowledging the importance of human oversight.” They must have also seen this LinkedIn Prompt to keep users from receiving automated job-related messages from random LLMs. Regardless, I still tell my LLMs “Thank you” after receiving feedback from my prompts.

🗞️ ICYMI: Google and YouTube

The Google app has been updated to include “Search Live” in the U.S. and is available for Android and iOS. Check out their blog post sharing 5 ways to get real-time help. They also launched Learn Your Way, an AI tool that “transforms content into a dynamic and engaging learning experience tailored for you.” From early reports, it has great reviews, but has a waitlist. I suggest signing up to test it out, or at least choosing from some of the topics already available.

Made On YouTube 2025 announced 30 new features to make your YouTube experience better as a viewer and a creator on the platform. These include: auto dubbing into another language, collaboration videos for multiple creators, a slew of creator support features (A/B testing, clips/shorts editing tools, streaming updates), and much more.

🗞️ ICYMI: Headlines

• Disney+ is hiking its prices again. Here’s how much it will cost.

• Microsoft looks to build an AI marketplace for publishers with Copilot

• Trump approves TikTok deal through executive order at $14 billion

😎 POTW: New York City Picks

This week’s pick is all about the Big Apple. There are some unique picks mixed in with tips worth saving for your next trip. If you want a bit more of a travel-friendly pick, check out a blog post I made years ago: A Cajun’s Guide to New York City.

• New York’s Stoops, Explained

• NYC’s Urban Textscape

• Public Bathrooms in NYC Are Easier to Find With This New Google Map

• The Clever Clothing Tip To Look Like A Local While Visiting Broadway In New York City

• The Most Fascinating Abandoned Subway Stations in NYC

• Things to Do in Coney Island: Best Rides, Restaurants & Beach Spots

• Welcome to the Frick!

• Where to Buy the Best Souvenirs, Mementos, and Gifts in NYC

• Why New York Runners Love Their Bridges

• Why Some Couples Are Saying ‘I Do’ in the Subway

📦 Featured Product

To keep the New York theme going, how about some help with your homemade Pizzas? However, before diving in too deep, consider getting some history with Scott’s Pizza Tours. In my very experienced opinion, this is probably one of the top 5 things to do in the city. After having some help on the how, here are some cooking tools to help: The Original Baking Steel to use with your home oven, and a Chef Pomodoro Pizza Peel; A Cuisinart Indoor Pizza Oven that helps reach higher temps; or the Ooni Karu Multi-Fuel Outdoor Pizza Oven.