San Diego, CA
This is the phishing scam that gets a San Diego identity theft expert ‘really, very angry’
Digital thieves are nothing if not persistent and innovative.
They keep finding new ways to try to part you from your money.
Phishing — where thieves pose as trusted entities or send legitimate looking emails or messages to trick you into giving them access to your accounts — is a widespread method. And it is constantly evolving.
“We’ve seen phishing go through the roof,” said Eva Velasquez, the CEO of the Identity Theft Resource Center, a San Diego-based national nonprofit.
But knowledge is power. So here are three emerging phishing threats to look out for, according to internet safety experts. All three threats target key parts of people’s digital lives: email attachments that lead to fake login pages, multi-factor authentication trickery and deceptive calendar invites.
Spending a few minutes reading these pointers could help you avoid getting your ID or money stolen and save you countless hours of dealing with the fallout.
HTML attachments that open fake login pages
Imagine a busy professional who is in email action mode. In the past 30 minutes on a Saturday morning, he has filled out emailed liability waivers for his seven children’s summer camps, filed an expense report for work, answered a secure portal message from the veterinarian about his sick puppy’s prescription, skimmed 182 email subject lines and paid five bills from his email inbox, including a car insurance premium and his beloved cheese-of-the-month club.
Amid this flurry of inbound emails, ads, invoices and secure messages, he is working on autopilot: opening messages, skimming, clicking and signing in.
What a perfect opportunity.
Scammers are taking advantage of user distraction — and their trust — by sending emails with HTM or HTML attachments. When clicked, those open a browser file that looks like secure, familiar login page. These pages might look like secure invoice viewers, file-sharing services like DocuSign or Dropbox, or sign-in pages to platforms including Microsoft 365.
“Once the user enters their credentials, they are sent surreptitiously to the attacker’s server,” said Vlad Cristescu, the head of cybersecurity with ZeroBounce, a Florida company that helps businesses lower their rate of bounced marketing emails.
Why this method is especially insidious: “There isn’t a clickable link in the email, so standard email security filters (which scan for malicious URLs or attachments like PDFs and ZIPs) may not catch it,” Cristescu added.
To prevent this, he added, companies should “restrict HTML attachments unless essential, and users should treat unfamiliar HTML files the same way they’d treat a suspicious link — don’t open it unless you’re absolutely sure of the sender.”
If you do receive incoming communication with an HTML link or attachment, don’t engage, said Velasquez, with the ITRC.
“Don’t click on links, people. That’s the big, overarching message,” she said. Instead, go to the source: call the phone number on the back of your credit card, visit the bank in person.
Multifactor authentication tricks
If you are one of the many people who uses multifactor authentication, take note.
Multifactor authentication is still very helpful and should be used.
But Cristescu flagged one way that scammers are taking this tool — which is designed to make people’s online accounts more secure — and using it to slither in.
As a refresher, multifactor authentication is an added layer of protection that prevents data thieves from logging into your accounts if they have your username and password. It helps ensure that you’re the one who typed in your password when you log in, and not some scammer in the Philippines or Poughkeepsie.
To use multifactor authentication, you typically download an app, such as Google Authenticator or Microsoft Authenticator. You register your sensitive online accounts, such as Facebook, bank or email, with that app. Then, every time you log into a registered website, the authenticator app generates a new, random code that you enter after your password as a second layer of verification.
With the rise of this protection, a new threat has emerged: Scammers who have your username and password can send log-in requests to your authenticator app. Next, the scammer can pose as an IT expert from your workplace and ask you to approve the log-in request.
If you fall for it, then boom — the scammer is in.
This technique “exploits a user’s frustration and trust in IT. If you’re receiving multiple (authenticator) prompts you didn’t initiate, that’s not a glitch – it’s an attack,” Cristescu said. He recommends pausing, never approving these unexpected requests and flagging the interaction with IT.
Velasquez added that if you get an authenticator notification and you didn’t just log in yourself, “That is a huge red flag. Stop and address it. Don’t ignore it.”
Anytime you interact with IT, be sure you’re the one initiating that contact, she added. If someone from IT calls or emails you, disconnect and reach back out using a trusted method, such as the same phone number you always dial.
Fake calendar invites
A third technique data thieves are using is calendar invites.
“I just get really very angry about this one,” Velasquez said. “It is super hard to detect.”
Here’s what to look out for. If you use an online calendar like Google calendar or the native iPhone calendar app, you might receive an invitation to an event you didn’t see coming. Sometimes these meetings are legitimate. Sometimes, they are not.
Scammers “are now sending meeting requests with malicious links embedded in the invite or ‘join’ button. These invitations sync directly into calendars and often go unquestioned,” according to ZeroBounce.
Scammers use calendar invites because they have “built-in credibility – they’re not usually scrutinized like emails,” Cristescu said. Look for meeting requests from unknown senders and vague event names like “Sync” or “Project Review,” he added.
In some jobs or roles, meetings routinely get added to calendars by other people — clients, prospects, coworkers, bosses, peers.
“I have gotten these repeatedly,” said Velasquez, with the ITRC. “Depending on your lifestyle and your job and how you work, these are going to be particularly challenging. They are real calendar invites. The problem is they have malicious software embedded in them — so when you click on portions of them, ‘Click to join,’ it’s like opening an attachment (or) clicking on a suspicious link. It’s the same principle.”
Cristescu, with ZeroBounce, shared this tip: “Treat those just like a phishing email. Disable auto-accept where possible and review every invite manually before clicking anything.”
Never stop questioning what lands in your inbox or calendar, Cristescu added. “Always verify the sender’s email address, ensure that any link you click matches the legitimate domain, and look out for subtle red flags like spelling errors or unusual formatting.”
A big picture pointer
“All three of these (scams) are so common that it has probably happened to every single person reading the article — at least one of them. That’s how ubiquitous these are,” Velasquez said.
She shared this broader thought: It’s less important to know how to respond to each scenario and more important to pause, be skeptical, double check.
It’s important to be ever more skeptical, because AI makes it easier and easier for thieves to create convincing ruses, Cristescu and Velasquez both said.
AI “really helps with making these phishing offers look and sound so much more legitimate,” Velasquez said. “And with the amount of data that is out there from public sources and from data breaches, it’s very easy to see what relationships people have.” Where you bank, where you do business — that is all fodder for someone to create a copycat page designed to trick you into logging in.
Adopt an “investigator mindset,” Velasquez said. Use this helpful reminder: the acronym STAR, which stands for Stop. Think. Ask questions or ask for help. Reassess.
The ITRC nonprofit can answer questions, for free, through phone and live chat. Toll-free phone: 888-400-5530. Live chat staffed by people, not bots: https://www.idtheftcenter.org/victim-help-center/
San Diego, CA
Tijuana earns spot in Little League World Series, hoping third time’s a charm
The mariachi band broke into song as soon as the Tijuana Municipal Little League team stepped back onto its home field Monday afternoon. Cheers and applause erupted for the team, which over the weekend earned the coveted spot to represent Mexico in the Little League Baseball World Series.
The team of 11- and 12-year-olds won the Mexico region tournament title on Saturday by defeating the Matamoros Little League team 8-2 in Tamaulipas. They ended the tournament with a 7-1 record.
“We are very proud of what you have done and what you are about to embark on, because this is just the beginning,” said Darío Venegas, president of the Tijuana Municipal Children’s and Youth Baseball League, before handing out rings to commemorate the team’s regional crown.
This marks the third time that the Tijuana Municipal team has advanced to the tournament in Williamsport, Pa., following appearances in 2013 and 2023. Francisco Fimbres has been the manager for all three trips, and he hopes that the third time could be the charm.
“I feel blessed with these players,” he said. “(They) make me believe that we can get that championship.”
But the proud coach acknowledged that there’s still work to be done and that he has learned from the last two tournaments. In 2013, Mexico lost to Japan in the international championship and finished third. In 2023, they fell to Curaçao in the international semifinals.
During his speech at the Jorge Campillo baseball field in Tijuana on Monday, Fimbres urged players and parents to enjoy the moment, as he said it’s a once-in-a-lifetime experience.
He described this year’s group of players as “una generación campeona,” or a “winning generation,” whom he has followed since they were 8 years old. “These kids have too much baseball in them,” he said. “They’re growing up and learning a lot, which will be great for their development.”
In 2023, an interaction between Fimbres and one of his players went viral. During the second inning, with the bases loaded, he noticed that his pitcher was nervous. He went to the mound to encourage him and remind him to have fun and not be afraid of making mistakes. “What if he hits a home run? Exactly, nothing happens,” he told him. “You’re a good pitcher. You’re better.” For many, this moment captured the spirit of the Little League competition.
This time will be special for Fimbres. He shared that this might be his last stint with the Tijuana Municipal team.
Pitcher and outfielder Jean Paul Lavenant said that he felt happy for “Pancho,” as he fondly calls his coach, and hoped to get the title for him.
Lavenant named Major League players Jonathan Aranda of the Tampa Bay Rays and Alejandro Kirk of the Toronto Blue Jays as his inspirations. Both players came from the Tijuana Municipal league.
The players said they have their minds set on bringing home the championship. “Nothing is impossible,” said pitcher and infielder Emiliano Kerber.
Coach Marcelo Santamaría, who was part of the 2023 coaching team, said he hopes this opportunity leaves a lasting impression on the players. “It’s every young baseball player’s dream to participate in this tournament,” he noted.
That’s what they emphasized to the players throughout their journey to earn a spot in Williamsport. Tijuana Municipal will kick off its Little League World Series run on Aug. 20 against the Australian region.
“Would you rather experience it on TV or in person?” pitcher and outfielder Esteban Bautista recalled his coaches asking them before the Mexico region championship game.
In person, it will be.
San Diego, CA
“Attack of the Killer Tomatoes” After Party for San Diego Comic-Con 2026
The Killer Tomatoes are loose in San Diego, and they’re ready to get sauced.
Attack of the Killer Tomatoes is taking over Good Night John Boy (401 G Street) in the Gaslamp on Saturday, July 25 from 7pm-11pm for the official Attack of the Killer Tomatoes: Organic Intelligence after party, celebrating the wild new chapter in the cult classic franchise that first got its start in San Diego back in 1978.
Fans can party alongside cast and crew with meet and greets, “killer” cosplay, exclusive giveaways, DJs, and dancing. There will also be specialty themed cocktails and bites available for purchase, because fighting off killer produce apparently works up an appetite.
Tickets will be available here, though they’re not yet available. We’ll update once we know more.
San Diego, CA
Sports Night: Padres End 1st Half on Good Note, Midseason Grades, Manny Heats Up
Skip to content
Contact Us
-
Entertainment5 minutes ago‘Hail Satan? Not me.’ Charley Crockett fires satanic duo Twin Temple, so Jack White hires them
-
Lifestyle11 minutes agoIt’s time for the night trip to the beach — the grunion are running
-
Politics17 minutes agoAfter lawsuit, ICE pauses construction of Bay Area detention facility
-
Science23 minutes agoAnger grows in Boyle Heights as warehouse fire leaves stench, flies and vermin in its wake
-
Sports29 minutes agoSpain delivers surprise rout of France, clinches berth into World Cup final
-
World41 minutes agoUS says latest Iran strike wave over, IRGC claims damage to US Naval HQ
-
News1 hour agoSupreme Court Justices give chilling accounts of threats to their safety
-
Los Angeles, Ca3 hours agoStabbing at Chino Hills liquor store ends in attempted murder arrest


