San Diego, CA
This is the phishing scam that gets a San Diego identity theft expert ‘really, very angry’
Digital thieves are nothing if not persistent and innovative.
They keep finding new ways to try to part you from your money.
Phishing — where thieves pose as trusted entities or send legitimate looking emails or messages to trick you into giving them access to your accounts — is a widespread method. And it is constantly evolving.
“We’ve seen phishing go through the roof,” said Eva Velasquez, the CEO of the Identity Theft Resource Center, a San Diego-based national nonprofit.
But knowledge is power. So here are three emerging phishing threats to look out for, according to internet safety experts. All three threats target key parts of people’s digital lives: email attachments that lead to fake login pages, multi-factor authentication trickery and deceptive calendar invites.
Spending a few minutes reading these pointers could help you avoid getting your ID or money stolen and save you countless hours of dealing with the fallout.
HTML attachments that open fake login pages
Imagine a busy professional who is in email action mode. In the past 30 minutes on a Saturday morning, he has filled out emailed liability waivers for his seven children’s summer camps, filed an expense report for work, answered a secure portal message from the veterinarian about his sick puppy’s prescription, skimmed 182 email subject lines and paid five bills from his email inbox, including a car insurance premium and his beloved cheese-of-the-month club.
Amid this flurry of inbound emails, ads, invoices and secure messages, he is working on autopilot: opening messages, skimming, clicking and signing in.
What a perfect opportunity.
Scammers are taking advantage of user distraction — and their trust — by sending emails with HTM or HTML attachments. When clicked, those open a browser file that looks like secure, familiar login page. These pages might look like secure invoice viewers, file-sharing services like DocuSign or Dropbox, or sign-in pages to platforms including Microsoft 365.
“Once the user enters their credentials, they are sent surreptitiously to the attacker’s server,” said Vlad Cristescu, the head of cybersecurity with ZeroBounce, a Florida company that helps businesses lower their rate of bounced marketing emails.
Why this method is especially insidious: “There isn’t a clickable link in the email, so standard email security filters (which scan for malicious URLs or attachments like PDFs and ZIPs) may not catch it,” Cristescu added.
To prevent this, he added, companies should “restrict HTML attachments unless essential, and users should treat unfamiliar HTML files the same way they’d treat a suspicious link — don’t open it unless you’re absolutely sure of the sender.”
If you do receive incoming communication with an HTML link or attachment, don’t engage, said Velasquez, with the ITRC.
“Don’t click on links, people. That’s the big, overarching message,” she said. Instead, go to the source: call the phone number on the back of your credit card, visit the bank in person.
Multifactor authentication tricks
If you are one of the many people who uses multifactor authentication, take note.
Multifactor authentication is still very helpful and should be used.
But Cristescu flagged one way that scammers are taking this tool — which is designed to make people’s online accounts more secure — and using it to slither in.
As a refresher, multifactor authentication is an added layer of protection that prevents data thieves from logging into your accounts if they have your username and password. It helps ensure that you’re the one who typed in your password when you log in, and not some scammer in the Philippines or Poughkeepsie.
To use multifactor authentication, you typically download an app, such as Google Authenticator or Microsoft Authenticator. You register your sensitive online accounts, such as Facebook, bank or email, with that app. Then, every time you log into a registered website, the authenticator app generates a new, random code that you enter after your password as a second layer of verification.
With the rise of this protection, a new threat has emerged: Scammers who have your username and password can send log-in requests to your authenticator app. Next, the scammer can pose as an IT expert from your workplace and ask you to approve the log-in request.
If you fall for it, then boom — the scammer is in.
This technique “exploits a user’s frustration and trust in IT. If you’re receiving multiple (authenticator) prompts you didn’t initiate, that’s not a glitch – it’s an attack,” Cristescu said. He recommends pausing, never approving these unexpected requests and flagging the interaction with IT.
Velasquez added that if you get an authenticator notification and you didn’t just log in yourself, “That is a huge red flag. Stop and address it. Don’t ignore it.”
Anytime you interact with IT, be sure you’re the one initiating that contact, she added. If someone from IT calls or emails you, disconnect and reach back out using a trusted method, such as the same phone number you always dial.
Fake calendar invites
A third technique data thieves are using is calendar invites.
“I just get really very angry about this one,” Velasquez said. “It is super hard to detect.”
Here’s what to look out for. If you use an online calendar like Google calendar or the native iPhone calendar app, you might receive an invitation to an event you didn’t see coming. Sometimes these meetings are legitimate. Sometimes, they are not.
Scammers “are now sending meeting requests with malicious links embedded in the invite or ‘join’ button. These invitations sync directly into calendars and often go unquestioned,” according to ZeroBounce.
Scammers use calendar invites because they have “built-in credibility – they’re not usually scrutinized like emails,” Cristescu said. Look for meeting requests from unknown senders and vague event names like “Sync” or “Project Review,” he added.
In some jobs or roles, meetings routinely get added to calendars by other people — clients, prospects, coworkers, bosses, peers.
“I have gotten these repeatedly,” said Velasquez, with the ITRC. “Depending on your lifestyle and your job and how you work, these are going to be particularly challenging. They are real calendar invites. The problem is they have malicious software embedded in them — so when you click on portions of them, ‘Click to join,’ it’s like opening an attachment (or) clicking on a suspicious link. It’s the same principle.”
Cristescu, with ZeroBounce, shared this tip: “Treat those just like a phishing email. Disable auto-accept where possible and review every invite manually before clicking anything.”
Never stop questioning what lands in your inbox or calendar, Cristescu added. “Always verify the sender’s email address, ensure that any link you click matches the legitimate domain, and look out for subtle red flags like spelling errors or unusual formatting.”
A big picture pointer
“All three of these (scams) are so common that it has probably happened to every single person reading the article — at least one of them. That’s how ubiquitous these are,” Velasquez said.
She shared this broader thought: It’s less important to know how to respond to each scenario and more important to pause, be skeptical, double check.
It’s important to be ever more skeptical, because AI makes it easier and easier for thieves to create convincing ruses, Cristescu and Velasquez both said.
AI “really helps with making these phishing offers look and sound so much more legitimate,” Velasquez said. “And with the amount of data that is out there from public sources and from data breaches, it’s very easy to see what relationships people have.” Where you bank, where you do business — that is all fodder for someone to create a copycat page designed to trick you into logging in.
Adopt an “investigator mindset,” Velasquez said. Use this helpful reminder: the acronym STAR, which stands for Stop. Think. Ask questions or ask for help. Reassess.
The ITRC nonprofit can answer questions, for free, through phone and live chat. Toll-free phone: 888-400-5530. Live chat staffed by people, not bots: https://www.idtheftcenter.org/victim-help-center/
By Dave Rice
Is Measure A going to affect a significant number of properties? Is it going to affect affordable housing in any meaningful way? Come now, let’s not be dense – this hits a handful of rich people who can absolutely afford to drop $10K in the city coffers if they’re leaving a vacation home vacant on purpose – let’s say that’s their civic contribution that would be realized in other ways if they actually lived, worked, and shopped here full-time.
Or it hits STVR hosts, who can either factor the cost into their business model or give it up if margins are really that thin (maybe not everyone needs to fancy themselves an amateur hotelier). But let’s not kid ourselves and believe the kind of housing this will free up will be plentiful or affordable.
In the exceedingly rare instances where someone might be eligible for an exemption, will it be too hard to apply for? That’s something we can argue and refine but that’s the bathwater, or just the little bit of it that splashes out of the tub, not the baby. An argument that the whole proposal is DOA because military members are too stupid to file for an exemption is either dismissive of or telling tales out of school about what we really think of military intelligence.
Poor, poor grandma who needs a home near her doctor? If she’s really poor why does she have multiple houses, and if she’s not does this really affect her? I live in a neighborhood where “aren’t you afraid you’re going to get shot?” is the first thing outsiders ask me about where I’m from, and if Grandma has owned her mostly-unoccupied vacation house for any significant time I probably pay a lot more property tax than she does. You couldn’t trip over the limbo bar to gain my sympathy, it’s buried a few feet deep.
This is a tiny nod toward taxing the rich, but that’s all. It’s not significant or meaningful, it won’t do a lot, most of the housing stock in question even if returned to actual residents won’t make a dent in the astronomical cost of living in or anywhere near this city. But it’s a tiny step in the right direction – and watching how hysterical the moneyed class is about the rest of us asking for even the tiniest drop in the goddamned bucket we’re trying to fill without their help is telling.
Related
Skip to content
Contact Us
This is the first installment in a series of stories on the history of dining out in La Jolla, how it’s changed and how it continues to evolve.
It’s hard to imagine La Jolla without its restaurants, from the lines stretching down the block at The Taco Stand to the iconic views at George’s at the Cove.
But the way La Jollans eat and where has changed dramatically since the area’s founding in the 1800s.
In this first part of the new month-long series “Dining Out,” the La Jolla Light looks at local restaurants from the 1880s (when La Jolla was first developed and settled) to the early 1920s.
“La Jolla had very few people at that time,” according to local historian Carol Olten. “There weren’t a lot of restaurants, as far as we know.”
Olten said she gets information about La Jolla’s earliest days from the diaries of local pioneer Anson Mills.
“He kept track of where he went and what he did … but he did a lot of home cooking,” she said. “So when they went to a restaurant for dinner, it was a big occasion. It was something people mainly did on holidays or … a social occasion.”
One restaurant Mills would go to — believed to be one of the first in La Jolla — was Montezuma Cottage. Olten said it is believed to have opened in 1895 near the intersection of Prospect and Jenner streets.
Mills described the restaurant as a popular eating and gathering spot for locals and tourists, Olten said. He wrote an entry about a Thanksgiving dinner there with about 60 people.
Montezuma Cottage later became known as the Seaside Inn and Ocean View restaurant. It was torn down in 1931.
Culturally, eating at a restaurant was a more formal occasion at the time, Olten said.
“You didn’t go to a restaurant just to hang out with friends like you would today. It was purposeful then,” she said.
Around 1900, a restaurant known as the White Rabbit opened near the corner of Girard Avenue and Prospect Street. In addition to a rooftop garden, it featured a tea room, joining a national trend.
“Tea rooms went with the suffragette movement because in those days, [women] didn’t have a place to gather without an escort, so tea rooms started opening in hotels and women could go there and sit down and have a social tea or lunch,” Olten said. “La Jolla got in on the tail end of that thanks to [Green Dragon Colony founder] Anna Held and [La Jolla philanthropist] Ellen Browning Scripps.”
One of them, called The Cricket, opened in the early 1900s with white tablecloths. Olten said it was near what it is now Eddie V’s restaurant.
“It was originally part of the Green Dragon Colony … and was sold to a British woman named Daisy Mitchell,” she said. “It stayed a tea room for many years, and she kept a guest book that was decorated with reds and greens and had a medieval theme. So it was very British.”
Joining a trend toward more upscale dining, one of La Jolla’s “most well-established and well-known restaurants” opened in 1912 at 1227 Prospect St. The Brown Bear had “stylish, fashionable service and a menu to please the gods,” Olten said.
A house specialty was Welsh rabbit served in a silver chafing dish. The restaurant was in operation until 1941.
Several restaurants opened around 1915, about the same time as the Panama-California Exposition, a world’s fair-type event held in 1915-16 that brought 3.7 million people to San Diego.
One of La Jolla’s new restaurants, the Spindrift Inn, opened in 1916 and was considered a “last stop” out of town.
“Most restaurants at that time were located in the immediate Village area,” Olten said. “The one that was astray would have been the Spindrift Inn [in La Jolla Shores]. This was in the very early days of automobiles, so not very many people had cars, but those that did would … drive their cars and the last stop before you got out of town was Spindrift Inn.”
The Spindrift Inn later became The Marine Room, which still stands.
Olten said the restaurant was operated by the Hannay family for about 20 years. Their “rambunctious” fox terrier, Jiggs, would roam the dining room.
Another Expo-era restaurant was the Dining Car, which operated in an old trolley car parked near Goldfish Point. Dinner was $2 per person. It burned down on Halloween night in 1923.
Next installment: With new hotels being built in La Jolla in the 1920s came new hotel restaurants. But later, World War II would have an impact on La Jollans and San Diegans in general and on where and how they ate. ♦
-
North Carolina2 minutes agoFormer North Carolina officer charged in beating caught on doorbell camera video
-
North Dakota4 minutes agoNorth Dakota Attorney General’s Office issues a warning on asphalt-paving scams
-
Ohio10 minutes agoOhio blogger The Rooster arrested at Statehouse for online harassment
-
Oklahoma17 minutes agoCity leaders break ground on MAPS 4 multipurpose stadium in downtown Oklahoma City
-
Oregon19 minutes agoFBI Special Agent Bobby Gutierrez named Freedom 250 Hometown Hero in Oregon
-
Pennsylvania25 minutes agoPennsylvania House approves bill to restrict cellphones in schools
-
Rhode Island32 minutes agoRhode Island Senate approves bill requiring staffed lanes alongside self-checkout
-
South-Carolina34 minutes agoSouth Carolina early voting surges ahead of primary election
