Resetting a password is different than changing a password while logged into the user account. Administrator reset of a user login password creates a new keychain and thereby can disconnect user from services tied to saved passwords (email, website, etc.), and it is generally advised to avoid except if necessary and after exhausting other options. Can be sort of like breaking your car window because you cannot find your key. -rws

When a user resets their login password, macOS automatically creates a new login keychain to keep the account and login keychain passwords in sync. macOS archives the old login keychain so that if a user remembers the old password, they can unlock and access the archived login keychain items.

Importing keychain entries (if password is later determined), is a tedious process of manually importing (copy/paste) keychain entries one at a time. -rws

No matter how robust your firewalls and filters, phishing attempts - i.e., messages designed to dupe you into divulging information, enacting transactions, or downloading malware - can still very easily land in your inbox. 

What is a phishing attack?

A phishing attack is where a threat actor sends a fraudulent communication that appears to come from a trusted sender. If successful, the victim is coaxed into taking a specific action, such as disclosing information or clicking on a link to execute malware.

What is the goal of a phishing attack?

Phishing attacks are usually designed to coax the victim into disclosing valuable information (e.g., bank details or login credentials), to execute financial transactions, or to launch malicious scripts (e.g., to trigger a ransomware attack).

What tools are used to commit a phishing attack

A few of the types of tools used by hackers in phishing campaigns include the following:

• Domain name permutation engines to help them generate convincing-looking domains where their bogus service will be hosted. 
• Legitimate email services (e.g., Gmail for Business) to manage the sending of messages. 
• Email extractor tools to harvest large volumes of email addresses. 
• Spam assessment tools that make it easier for scammers to create and edit messages in such a way that they avoid getting caught in spam filters. 
• Tools like BeEF and SET to generate convincing login portals, steal credentials, and send mass phishing emails.
• ChatGPT to automate the creation of phishing emails.

1. Phishing is the single most common form of cyber crime. An estimated 3.4 billion emails a day are sent by cyber criminals, designed to look like they come from trusted senders. This is over a trillion phishing emails per year. 

2. Email impersonation accounts for an estimated 1.2% of all email traffic globally. 

3. Around 36% of all data breaches involve phishing. 

Spear Phishing 

Definition: Sending messages - ostensibly from a known or trusted party - to induce specifically targeted individuals to reveal information to take specific actions. 

30. Spear phishing campaigns make up only 0.1% of all email-based phishing attacks, but they are responsible for 66% of all breaches. 

31. 50% of large organizations were targeted with spear phishing in 2022, receiving an average of five spear-phishing emails a day. 

Whaling

Definition: Also known as big phishing and CEO-fraud, this involves using precisely-engineered spoofing emails to trick senior figures within organizations into disclosing credentials, money, or information. 

Common Features of Scams 

A large proportion of attackers use fake messages that look as if they are from well-known companies. A growing number of attackers also seem to be putting AI to work to make their messages sound more convincing.   

Top Phishing Brands 

33. 55% of phishing attacks use established brand names to build credibility in their messages. 

Phishing Trigger Words 

36. The most frequently-used keywords used by phishing scammers in email subject lines:

• Invoice 

• New

• Message

• Required

• File

• Request

• Action

• Document

• Verification 

• eFax

• VM

Protect your web browsing with iCloud Private Relay on iPad

When you subscribe to iCloud+, you can use iCloud Private Relay to help prevent websites and network providers from creating a detailed profile about you. When iCloud Private Relay is on, the traffic leaving your iPad is encrypted and sent through two separate internet relays. This prevents websites from seeing your IP address and exact location while preventing network providers from collecting your browsing activity in Safari.

Turn iCloud Private Relay on or off for a Wi-Fi network

1. Go to Settings  > Wi-Fi.

2. Tap , then turn Limit IP Address Tracking on or off.

If you turn off Limit IP Address Tracking for a Wi-Fi network on your iPad, iCloud Private Relay is turned off for this network across all your devices where you’re signed in with the same Apple ID.

Turn iCloud Private Relay on or off for a cellular network (Wi-Fi + Cellular models)

1. Go to Settings  > Cellular Data, then do one of the following:

   • If your iPad has a single plan: Tap Cellular Data Options.

   • If your iPad has multiple plans: Select a plan (below Cellular Plans).

2. Turn Limit IP Address Tracking on or off.

The network setting is specific to a physical SIM or eSim in your iPad (eSIM not available in all countries or regions). See View or change your cellular data account.

Set the specificity of your IP address location

Go to Settings  > [your name] > iCloud > Private Relay > IP Address Location, then choose one of the following:

• Maintain General Location (for example, to see local content in Safari)

• Use Country and Time Zone (to make your location more obscure)

IP Addresses, Identity, and Location

Private Relay is designed to protect users’ privacy, while maintaining sufficiently accurate location information to support a personalized experience on the web. It does not provide any methods to spoof location or circumvent regional content restrictions. The Relay IP addresses issued by Private Relay are representative IP addresses that map to the actual country or region the user is connecting from. The selection of Relay IP addresses is influenced by the user’s original IP address and IP Address Location setting preference. Furthermore, since the second internet relay does not know the original IP address of the user, the Relay IP addresses rotate over time and between sessions, helping to prevent their use as a stable identifier for the user. The first internet relay uses a traditional geo-IP lookup to determine which geographic area best represents the user’s original IP address. It then sends this information back to the user’s device in the form of a geohash (truncated to four characters, representing roughly an 800 km2 area). If the user has selected “Maintain general location,” the user’s device will share the geohash information with the second internet relay. This information allows the second internet relay to select a representative Relay IP address from a pool of addresses assigned to the location. If “Use country and time zone” is selected, geohash information is not shared and the second internet relay will select a Relay IP address from the much larger region that represents the country and time zone the user is connecting from. The second internet relay has no knowledge of the user’s original IP address. This helps ensure the selection of a Relay IP address is random within the corresponding geohash or country information, and helps prevent any manipulation or spoofing of location. Websites and apps can continue to use existing location mechanisms, such as geo-IP mappings, to map the location provided by the Relay IP address. If required, Core Location APIs are available to request a precise location from the user with explicit permission.