Hi, friends! Welcome to Installer No. 124, your guide to the best and Verge-iest stuff in the world. (If you’re new here, welcome, send me your Coachella fits, and also you can read all the old editions at the Installer homepage.)
Technology
DocuSign email scam targets healthcare workers
Cyber expert shares tips to avoid AI phishing scams
Kurt ‘The CyberGuy’ Knutsson shares practical ways to avoid falling victim to AI-generated phishing scams and discusses a report that North Korean agents are posing as I.T. workers to funnel money into the country’s nuclear program.
NEWYou can now listen to Fox News articles!
Most of us sign documents online without thinking twice. A quick DocuSign request appears in your inbox. You click the link, review the document and move on with your day. That convenience is exactly what scammers rely on. Recently, we received a message from a CyberGuy reader that shows how convincing these scams can look. In this case, the email appeared to come from a health licensing authority and asked the recipient to review a document tied to a professional license renewal.
Here is the email we received from Susie, a registered nurse in Florida who nearly fell for the scam.
“I am a Registered Nurse, and my bi-annual renewal is approaching. Last month, I received a surprising (at least to me) email with a document to DocuSign from the state Board of Health. It didn’t feel right, even though I have used DocuSign multiple times in the past. Those experiences were known transactions. I contacted the state board, and they confirmed that it IS a SCAM. I sent them screenshots, etc. and reported the message for phishing. I want to thank you, Kurt, because it was thanks to you that I questioned the veracity of this outreach. Reading the articles and tips you provide saved me a great deal of trouble. Thanks again, and all you nurses out there renewing your license, be wary.” – Susie C, Orlando, FL
Susie did exactly what security experts recommend. She paused and verified the message before clicking anything. That one step likely prevented a phishing attack.
SCAMMERS ARE USING DOCUSIGN EMAILS TO PUSH APPLE PAY FRAUD
Security experts warn that DocuSign scams exploit routine online habits to steal passwords and access personal or professional accounts. (ilkercelik/Getty Images)
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
What the suspicious DocuSign email looked like
Susie also shared a screenshot of the message she received. At first glance, the email looks familiar. The blue layout resembles real DocuSign notifications. There is even a large yellow Review Document button. But one detail stood out immediately.
The email address sending the message was:
info.florida-department-of-health-email-notification@cc.ncu.edu.tw
That address has nothing to do with a U.S. state health department.
Why DocuSign scams work so well
DocuSign is used by millions of businesses and government agencies. Because people expect these requests, they often click without hesitation. Scammers exploit that habit. A typical DocuSign phishing email tries to create urgency. It may claim a license renewal, a contract update, or a payroll form requires immediate action. Once you click the button, several things may happen:
- You may land on a fake login page designed to steal your email password.
- The site may prompt you to download a malicious file.
- The link may redirect you to several phishing pages.
In many cases, the goal is simple. Attackers want your email credentials so they can take over your account or launch more scams.
10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS
A Florida nurse avoided a DocuSign phishing scam after spotting a suspicious email tied to a fake health license renewal request. (Smith Collection/Gado/Getty Images)
Red flags in the DocuSign scam email
A few warning signs can help you spot a fake request quickly.
Suspicious sender address
Always look closely at the sender’s domain. Government agencies rarely send messages from foreign academic domains like .edu.tw. That alone signals something is wrong.
Unexpected documents
Legitimate DocuSign requests usually follow a known interaction. For example, a contract you discussed or paperwork you expect. An unexpected document should always raise questions.
Pressure to act quickly
Many phishing emails include language that urges immediate action. The goal is to stop you from thinking. Take a moment before clicking any button.
Generic document descriptions
The message shown in the screenshot simply states that a document is ready to review. It provides no real context or explanation. Legitimate documents often include details about the transaction.
How clicking the link could compromise you
Many people assume they will recognize a fake page. In reality, phishing sites look very convincing. Some scams even use cloned DocuSign pages. Once victims enter their credentials, attackers gain access to their email accounts.
From there, criminals can:
- Reset passwords for financial services
- Send phishing emails to contacts
- Search inboxes for sensitive documents
In healthcare professions, that risk can also expose licensing information or patient-related communications.
APPLE APP PASSWORD SCAM EMAIL WARNING
Cybercriminals are using fake DocuSign emails to trick users into clicking malicious links and handing over sensitive login credentials. (Gabby Jones/Bloomberg via Getty Images)
Ways to stay safe from DocuSign phishing scams
Fortunately, a few habits can dramatically lower your risk.
1) Verify the request separately
If a document claims to come from a government agency or employer, contact them directly using a known phone number or website. Never use the contact information inside the suspicious email.
2) Hover over links before clicking
Move your cursor over the button and check the destination link. If the URL looks unfamiliar or unrelated to DocuSign, do not click it.
3) Don’t click links and use strong antivirus software
If an email seems suspicious, do not click the link or open any attachment. Strong antivirus software can help block malicious downloads, warn you about dangerous websites and catch threats before they spread across your device. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
4) Use a data removal service
Scammers often gather personal details from data broker sites and public records to make phishing emails seem more believable. A data removal service can help reduce your exposed information online, which may make it harder for criminals to target you with convincing messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
5) Access documents through official accounts
If you regularly use DocuSign, sign in directly at the official website and check your pending documents there. That approach avoids email traps entirely.
6) Report phishing attempts
Forward suspicious messages to your organization’s security team or the Federal Trade Commission phishing reporting system at ReportFraud.ftc.gov. The FTC also advises forwarding phishing emails to the Anti-Phishing Working Group at reportphishing@apwg.org. Reporting scams helps protect others from the same attack.
Kurt’s key takeaways
Scams succeed because they blend into everyday routines. Signing documents online has become normal for work, healthcare licensing and financial paperwork. That convenience also gives criminals a perfect disguise. Susie’s story shows how a small moment of doubt can stop a phishing attack before it begins. A quick call to the licensing board revealed the truth. The message was never legitimate.
Now the question is one every reader should consider. If a DocuSign email arrived in your inbox right now, would you notice the warning signs before clicking the button? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2026 CyberGuy.com. All rights reserved.
According to Nikkei Asia, even as suppliers ramp up DRAM production, manufacturers are only expected to meet 60 percent of demand by the end of 2027. SK Group chairman has even said that shortages could last until 2030.
The world’s largest memory makers — Samsung, SK Hynix, and Micron — are all working to add new fabrication capacity, but almost none of it will be online until at least 2027, if not 2028. SK opened a fab in Cheongju in February, but that is the only increase in production among the three for 2026.
Nikkei says that production would need to increase by 12 percent a year in 2026 and 2027 to meet demand. But according to Counterpoint Research, an increase of only 7.5 percent is planned.
The new facilities will primarily focus on producing high-bandwidth memory (HBM), which is used in AI data centers. With the companies already prioritizing HBM over general-purpose DRAM used in computers and phones, it’s not clear how much these new fabs will help alleviate the price crunch facing consumer electronics. Everything from phones and laptops, to VR headsets and gaming handhelds have seen price increases due to the RAM shortage.
NEWYou can now listen to Fox News articles!
Most people assume scammers need to hack something. A database. A password. A bank system. They don’t.
In most cases, everything a scammer needs to target you is already sitting online, publicly available, completely legal to access, and surprisingly easy to find.
Here’s what they’re actually looking at before they ever pick up the phone.
Sign up for my FREE CyberGuy Report
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Data broker listings often include sensitive details like your address, phone number and relatives, making removal a critical first step. (Kurt “CyberGuy” Knutsson)
Your personal profile is already out there, and it’s more complete than you think
There’s an entire industry built around collecting and selling your personal information. It’s called data brokering, and most people have never heard of it.
Right now, without your knowledge or consent, your details are being published by dozens of websites, including:
- People search sites (like Whitepages, Spokeo, and BeenVerified): your full name, current address, phone numbers, and age.
- Address lookup tools: your current and past home addresses, sometimes going back decades.
- Relatives databases: the names and contact information of your family members, automatically linked to your profile.
- Property records: whether you own your home, what it’s worth, and when you bought it.
None of this requires a hack. It’s all pulled from public records, voter registrations, court filings, real estate transactions, marriage and divorce records and assembled into a profile that anyone can search for a few dollars or sometimes for free.
They’re not guessing. They’re researching
In 2024, federal prosecutors indicted a network of scam call centers operating out of Montreal that had defrauded hundreds of elderly Americans out of more than $21 million. What made the scheme so effective wasn’t sophisticated technology. It was a spreadsheet.
The scammers were working from lists of potential victims that included names, ages, and household income information pulled from commercial databases. They used those lists to identify targets, then called them pretending to be grandchildren in trouble. The calls were convincing enough that victims handed over thousands of dollars, sometimes in cash picked up at the door.
They didn’t hack anyone. They just did their research first.
WHY WIDOWS AND DIVORCED WOMEN ARE TARGETS FOR RETIREMENT SCAMS
A call that sounds personal or urgent often relies on real information found about you online. (Kurt “CyberGuy” Knutsson)
Three ways scammers turn your public data into a weapon
Scammers use your publicly available data to make their attacks more personal, believable and harder to detect. Here are three ways they do it.
1) Impersonating your bank
A scammer calls and says, “Hi, this is fraud prevention at [your bank]. We’re seeing suspicious activity on your account ending in 4721.”
They already know your bank, your name, and possibly your address. That’s enough to sound legitimate. From there, they walk you through “confirming your identity,” which is really just you handing over the information they need to access your account.
This kind of scam starts with a simple people-search lookup. Your name and address lead to property records. Property records suggest your income range.
2) The family emergency call
Imagine getting a call: “Meemaw, it’s me. I’m in trouble. Please don’t tell Mom.” Scammers don’t guess. Instead, they research your family first. They use relatives’ databases to find your children’s names, ages and connections.
With that information, they build a story that sounds real. For example, they know to call you “Meemaw.” They also know which grandchild to impersonate. In some cases, they even mention a sibling’s name to make the story more convincing.
As a result, the call feels personal and urgent. However, none of it is random. It’s all based on information that was publicly available the entire time.
3) Targeted phishing with your own details
A phishing email that says “Dear Customer” is easy to ignore. One that says “Dear [your full name], we noticed unusual activity on your account registered to [your home address]” is a lot harder to dismiss.
Scammers use publicly available data to personalize attacks, adding your real name, city, or even a reference to your neighborhood to make a fake email or text look authentic. The more specific the details, the more likely you are to believe it.
“But I’m not on social media.” This is the most common objection, and it misses the point entirely.
You don’t have to be on social media for your information to be online. Data brokers pull from public records, not your Facebook profile. Your information is likely already listed on dozens of sites because of:
The less they think they’ve shared, the more surprised people usually are when they search for themselves on a people-search site for the first time.
DATA BROKERS ACCUSED OF HIDING OPT-OUT PAGES FROM GOOGLE
The more details a scam includes, the more likely it is built from your publicly available data. (Kurt “CyberGuy” Knutsson)
How to reduce your exposure
You don’t have to accept this as permanent. A few practical steps can help:
- Search your full name on Whitepages, Spokeo, FastPeopleSearch, and other people-search sites and submit opt-out requests.
- Look up your address directly, not just your name, since many listings are organized by location.
- Ask elderly family members to search for themselves, too, since older adults are disproportionately targeted.
- Be skeptical of any call that opens with personal details, as it can be a sign that someone researched you first.
How to remove your personal data and stop scammers from finding you
The challenge is that there are hundreds of data broker sites, each with its own removal process. Manually opting out of all of them can take hours, and your information often reappears weeks later when brokers refresh their databases.
That’s why ongoing automated removal is the only approach that actually works. That’s why I recommend using a trusted data removal service.
These services automatically contact data brokers on your behalf and request the removal of your personal information. They also continue monitoring those sites and submit new removal requests if your data reappears.
Many services remove personal data from hundreds of data broker and people-search websites, and some plans allow you to request removals from additional sites as needed.
Some have also received third-party assurance from independent firms, helping validate their claims.
The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
These services often include a money-back guarantee, so you can try them risk-free and see how much of your information is exposed online.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
Kurt’s key takeaways
Most scams don’t start with a breach. They start with a search. Your name, address, relatives and even income clues are already out there, quietly fueling more convincing and more dangerous attacks. That’s what makes this so unsettling. You can do everything “right” online and still be exposed because the system itself is built to share your information. The good news is you’re not powerless. Once you understand how scammers build their playbook, you can start disrupting it. Removing your data, limiting exposure and staying skeptical of anyone who knows a little too much about you can dramatically reduce your risk. The goal isn’t to disappear completely. It’s to make yourself a much harder target.
What should be done to stop scammers from using your publicly available data against you in the first place? Let us know by writing to us at Cyberguy.com
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
This week, I’ve been reading about restaurant bread and GLP-1s and Lenny Rachitsky and Artemis II fashion, watching the new boy band doc because I will always watch a boy band doc, also watching every clip I can find from Justin Bieber’s Coachella set, filling the Schitt’s Creek-shaped hole in my heart with Big Mistakes, getting increasingly excited about The Mandalorian and Grogu, and watering my new lawn so it doesn’t die. Please don’t die, lawn. You were so expensive.
I also have for you a couple of new AI apps to install on your computer, new action cameras worth planning a trip around, a new sci-fi action game to play, and much more.
Oh, and a reminder: Send me the thing you made! We’re doing self-promotion week in Installer (probably next week but maybe the week after), and either way I want to hear about the things you’ve been making, building, coding, creating, whatever-ing that you think the Installerverse might like. I’ve already heard from SO MANY of you, and it rules — keep the good stuff coming! Let’s dig in.
(As always, the best part of Installer is your ideas and tips. What are you watching / reading / playing / listening to / storing on your NAS this week? Tell me everything: installer@theverge.com. And if you know someone else who might enjoy Installer, forward it to them and tell them to subscribe here.)
- OpenAI Codex. Here’s OpenAI’s latest stab at an all-in-one AI superapp, which includes a web browser, new coding tools, and a setting that allows Codex to just use your computer for you. Tread lightly, as always, but people seem to be liking Codex a lot recently.
- Gemini for Mac. I’m mad at Google for tying its Mac app to a keyboard shortcut lots of people use for other things, and for making the app a login item by default. But! This is immediately the best way yet to interact with Gemini, and even Google Drive and Photos, from your computer. Into my dock it goes.
- Beef season two. Beef is one of the very best shows nobody ever seems to talk about. I’ve been burned before by the “we’ll just do it again but with a whole new cast” premise — looking at you, True Detective — but this is a win even just as a reason to rewatch the first season.
- Gradient Weather. Y’all, I think somebody finally made the gorgeous, simple weather app Android has been desperately needing. It’s very new and very beta, but I love the look, and I love that the whole aesthetic shifts with the weather. Insta-install.
- Lorne. By all accounts this is about as close as anyone has ever gotten to a truly inside look at Saturday Night Live and its semi-mythological creator, Lorne Michaels. Morgan Neville mostly makes great docs and got a ton of access for this one; I’m very excited to watch it.
- “Where Are All Of These GPUs Actually Going?” A very fun answer to a surprisingly complex question: What are companies doing with the unbelievable quantities of chips they’re buying? The numbers are all kind of pretend, and How Money Works does a good job making them make sense.
- The DJI Osmo Pocket 4. It’s very sad that this gimbal camera isn’t coming to the US in the near future, because more buttons, better slo-mo, and more built-in storage are all terrific upgrades. I use a Pocket 3 all the time, and will be keeping an eye out for the upgrade.
- The GoPro Mission 1 Pro ILS. This one’s still in “coming soon” mode, but it is the first GoPro in a long time I’ve been excited about. Adding an interchangeable lens mount, along with all the other Mission 1 upgrades, is going to completely change the kinds of things people do with GoPros. I can’t wait to see this thing out in the wild.
- Coachella TV. I’ve never spent much time with YouTube’s Coachella livestream, but this year’s show has been terrific. It almost feels like a concert doc being shot in real time — and there’s more Bieber to come!
- Pragmata. I am always here for a game that’s not trying to be a live-service, battle-royale, open-world anything, and instead just sends you on an adventure. It may suffer from being a touch too derivative, but it still appears to be very much my kind of game.
I’ve been a fan of Maria Popova’s work for… about as long as I can remember. Maria runs a site called The Marginalian, which I started following back when it was called Brain Pickings; under both names the site has been a fountain of stuff to read, with surprising and smart ideas about just about everything. I spend a lot of time reading, and on the internet, and I can’t think of anyone who shows me more stuff I never would have found otherwise.
Maria put out a book earlier this year, called Traversal, that is all about how people look at, think about, and reckon with the world around them. There is a lot going on in this book, and I suspect you’ll like it. I asked Maria to share her homescreen with us, curious if she also had a more enlightened take on all things technology.
Here’s Maria’s homescreen, plus some info on the apps she uses and why:
The phone: iPhone 16 – still too large for me, but I had to grudgingly resign to it after my last 13 mini gave up Moore’s ghost.
The wallpaper: Spring moonrise behind leafing maple in the forest where I live much of the year.
The apps: Evernote, Phone, Safari. (Blank Spaces is the app that turns the icons to text.)
The usual life-management tools (calendar, connection, climate) plus Evernote, which I have been using since 2003 and which is by now an Alexandria of meticulously organized information that just about runs my life.
I also asked Maria to share a few things she’s into right now. Here’s what she sent back:
- Robert Macfarlane and Jackie Morris’s Book of Birds: A Field Guide to Wonder and Loss.
- Joan As Police Woman’s record Lemons, Limes and Orchids.
- Jad Abumrad’s miniseries Fela Kuti: Fear No Man.
- The lovely reminder of who we can be in the story of how humanity saved the ginkgo.
Here’s what the Installer community is into this week. I want to know what you’re into right now as well! Email installer@theverge.com or message me on Signal — @davidpierce.11 — with your recommendations for anything and everything, and we’ll feature some of our favorites here every week. For even more great recommendations, check out the replies to this post on Threads and this post on Bluesky.
“Becca Farsace recommended the OhSnap Mcon on her channel recently and I picked one up. It’s super slick and works great with the Delta emulator so far. I got Goldeneye running just fine with it after a little tuning.” — Ian
“Really been enjoying Plain Text Sports to follow the start of baseball season. Loads fast, has everything I want with none of the ESPN cruft” — Rich
“I’ve almost finished reading Service Model by Adrian Tchaikovsky and I’m obsessed: equal amounts of humor and existential dread. It’s very silly, very thoughtful, and frankly a very Verge-y take on technology.” — Olof
“YouTube has been my recent go-to for surprisingly good short films that you would probably never hear about or would probably get lost in the Hollywood machine. For instance, this one called Aborted was amazing and there are more like it out there.” — Steve
“Definitely watch Jon Bois’ hilarious, quirky, and informative series about the birth of the internet mashed up with Home Improvement TV show references.” — Logan
“I bought a MacBook Air a few weeks ago after looking at the Neo and getting fed up by Windows, and I bought a few helper apps to fix small annoyances I had with the notch and
Spotlight. There are a lot of good notch applications but I bought Alcove — having the notch show me when I raise and lower volume makes the giant black bar in the middle of my screen feel slightly less useless somehow. I’ve also been using TinyStart, which is really
fast and nice! These two helper apps have made using the Mac as my main computer feel much nicer than it did the last time I tried.” — Iris
”My passion for discovering TTRPGs and learning about game design has led me into a deep dive on the Youtube channel Knights of Last Call. Long live-streams and VODs and a super active community have opened my eyes to even more of what is possible in TTRPGs.” — Simeon
“Season 3 of Shrinking on Apple TV just ended on such a powerful note. The ensemble cast just keeps bringing it and the writing realistically takes on all kinds of human problems we all deal with or know about. A+” — Aaron
“I find SO MANY great book recommendations thanks to The Big Idea feature on John Scalzi’s blog, Whatever!” — Steve
You surely already know this, but I spend way too much time on snacks. Eating them. Researching them. Thinking about them. Longing for more of them. And I know I’m not alone! So I have big news: My wife recently brought home a variety pack of candy from YumEarth, and it’s all excellent. It’s basically Skittles, Starbursts, and Sour Patch Kids, but with more natural ingredients and a lot less sugar. (But still a lot of sugar, because it’s candy. Sugar-free candy is a lie.)
I am constantly on the lookout for a way to make my bad habits a little better, without making my life worse in the process. This is a perfect one. The Skittles equivalent are called “Giggles,” which is awful, but they’re delicious. So I’ll allow it. I’m gonna go get some right now.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
-
Florida2 minutes agoSNAP benefits will be changing in Florida starting Monday
-
Georgia8 minutes agoGeorgia on nobody’s mind: The Dawgs are under the radar, and that’s a compliment
-
Hawaii14 minutes agoLarge section of Aloha Stadium demolished as project proceeds – West Hawaii Today
-
Idaho20 minutes ago
Idaho Lottery results: See winning numbers for Powerball, Pick 3 on April 18, 2026
-
Illinois26 minutes ago5 tornadoes confirmed in Illinois from Friday’s storms
-
Indiana32 minutes agoAn Indiana district turned to voters to fund more preschool seats. Here’s what happened next.
-
Iowa38 minutes agoVote: Who Should be Iowa’s High School Athlete of the Week? (4/19/2026)
-
Kansas44 minutes agoKansas Losing Momentum With Key Transfer Target After New Visits