Phishing

QR Codes: A New Favorite Tool For Scammers

November 17, 2025

QR codes have slipped into daily life so smoothly that most of us barely register them anymore. They’re on tables in restaurants, taped to windows, printed on flyers, and sitting on parking meters. They offer quick access to menus, payment portals, and websites without any typing.

Because of that convenience, many people scan them automatically without pausing to think about where they might lead.

Unfortunately, that same convenience is exactly what criminals are taking advantage of.

There is a growing scam called quishing. The term comes from QR code phishing, and it works the same way traditional phishing does, but with a twist. Instead of clicking a suspicious link, you hold your phone camera over a code that quietly directs you somewhere you shouldn’t go.

When you scan a malicious QR code, you might be sent to a fake payment page designed to steal your card information, a false login screen meant to harvest your username and password, or a website that attempts to install malicious apps or spyware on your device.

The code itself looks harmless, which makes people less cautious than they might be with a strange link in an email.

One of the biggest challenges with QR codes is that you can’t tell where they lead until after you’ve scanned them. The printed square gives no clues about its destination. People often assume that because a QR code looks official or appears in a familiar location, it must be safe. Criminals take full advantage of that misplaced trust.

It doesn’t take much effort for scammers to cause trouble. Many simply print their own QR code stickers and place them over legitimate ones. A quick peel-and-stick is enough to redirect unsuspecting scanners to a fraudulent site.

This happens frequently in high-traffic areas such as parking lots, transit stops, coffee shops, or shop doors. Busy people rushing from one place to another rarely stop long enough to spot the switch.

Others send scam emails crafted to look like messages from legitimate companies. They may use believable wording, familiar logos, and professional formatting. Hidden inside is a QR code that sends you somewhere dangerous.

Because people are used to scanning codes from everything from delivery services to loyalty programs, these fake emails blend in easily.

These scams often play on urgency. You might be told that your account is in danger, a bill is overdue, a delivery is waiting, or that you’ll miss out on something if you don’t act immediately.

When people feel pressured, they tend to react quickly rather than carefully. Scammers count on that moment of distraction, that second where you scan first and think later.

The good news is that there are simple ways to protect yourself. Awareness and caution go a long way.

Be careful with QR codes that arrive in unexpected emails or messages, especially if the sender is unfamiliar or something feels off. If you’re asked to log in, reset a password, or make a payment, go directly to the official website instead of using the QR code. A few extra seconds can prevent a major headache.

When scanning QR codes in public spaces, take a moment to look at them closely. If a sticker looks crooked, worn, or placed on top of another label, avoid it. If the surface appears tampered with or altered, treat it as suspicious. It may feel like you’re being overly cautious, but it’s far better than walking straight into a scam.

Even after you scan a code, stay alert. Before you enter any personal information, double-check the website address. Make sure the URL looks correct, the site is secure, and nothing seems unusual. If something feels wrong, close the page immediately.

QR codes are not going anywhere. They’ve become a convenient tool for both businesses and customers. Most codes are perfectly safe, but now that criminals have figured out how to exploit them, everyone needs to build a habit of pausing before scanning.

The same guidance applies to your staff. A simple moment of caution could prevent data, financial information, or access to systems from ending up in the wrong hands.

If you want to make sure your team stays informed about current cybersecurity threats and knows what to watch out for, we can help. Reach out anytime.

Don’t Be Fooled by a Familiar Name: The Rise of “Look-Alike” Domains

November 17, 2025

If you’ve ever received an email or clicked a link that looked almost right but something felt off, you may have brushed up against one of today’s fastest-growing cyber threats: look-alike domains.

These deceptive web addresses are designed to mimic legitimate ones, often by swapping or adding a single character. A lowercase “l” becomes a capital “I,” a hyphen sneaks into the middle of the name, or a “.ai” replaces a “.com.”

On the surface, it looks identical. But behind the scenes, it’s a trap – one that can lead to stolen passwords, fraudulent payments, or full-blown identity theft. And it’s happening more often than you might think.

A cautionary tale

Not long ago, a Chinese-based hacking group registered calvinklein as an ai domain, a site that closely mirrored the famous calvinklein.com. While it appeared authentic, it wasn’t.

The counterfeit domain was used to mislead consumers and damage the brand’s credibility. The real Calvin Klein company eventually had to take legal action to reclaim their digital identity.

Now, you might be thinking, “That’s Calvin Klein – big companies have to deal with that sort of thing.” But here’s the reality: size doesn’t matter. Small and mid-sized businesses are just as vulnerable (sometimes even more so) because they often don’t have the resources to monitor, detect, or fight back against these digital impersonations.

Why it matters for Michigan businesses

Imagine one of your clients or vendors receives an email that looks like it came from your office. The sender name matches. The logo looks right. The message says there’s been a change in your payment details – and includes a link to your “new” online portal.

They trust you, so they click.

But the site they’re taken to isn’t yours. It’s a copy designed to steal credentials or reroute payments straight into a criminal’s account.

These attacks don’t just cost money. They damage reputation and trust – the two things local businesses like ours depend on most.

Once a client has been scammed in your name, it takes months (sometimes years) to rebuild that confidence.

How to protect your brand

Thankfully, there are simple, proactive steps that can help prevent this from happening to your business:

1. Register multiple versions of your domain.

Secure the obvious variations of your company name, including .com, .net, and .org, as well as common misspellings. It’s far cheaper to own them than to buy them back later from a squatter or a scammer.

2. Set up domain monitoring.

Cybersecurity partners like Tech Experts can watch for new registrations that look suspiciously similar to your brand. If one appears, you’ll know right away – and can take action before harm is done.

3. Trademark your name and logo.

A registered trademark doesn’t just protect your branding; it gives you legal leverage if someone tries to impersonate your business online.

At Tech Experts, we’ve trademarked both our company name (“Tech Experts®”) and our company logo. There is a cost involved, but it provides a great layer of protection.

4. Train your team.

Phishing emails often use look-alike domains to slip past filters. Make sure your staff knows how to spot these red flags – things like misspelled URLs, odd payment requests, or unexpected file attachments.

5. Act fast if you suspect fraud.

If you discover a domain that’s posing as your business, notify your IT partner immediately. Early action can help minimize financial loss and legal exposure.

A final word on trust

At Tech Experts, we take these issues seriously. We will never send an email requesting funds to be transferred to a new location or payment method without direct authentication.

If you ever receive a message that seems to be from us but doesn’t feel right… pause. Do not reply or click links. Call us directly at (734) 457-5000 to confirm before taking any action. Our accounting team is the only authorized source for payment verification.

Education is still the best cybersecurity tool you have. If your team hasn’t gone through Security Awareness Training recently- or if you’d like help setting up domain monitoring for your business, let’s talk. We’ll help you stay one step ahead of the scammers who make a living pretending to be someone you trust.

Scary Cyber Scams Your Business Should Watch Out For

October 14, 2025

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Cyber scams don’t need to be sophisticated to cause serious damage to a business.

In fact, many of today’s most effective scams rely on busy people making quick decisions and not having time to double‑check what they’re doing.

Staying informed is one of the best ways to stay protected. So here are five scams we’re seeing right now:

Robocall scams

With artificial intelligence, scammers can clone someone’s voice using only a short audio clip. You get a call that sounds exactly like a supplier or even a colleague, asking you to urgently confirm bank details. It feels genuine, but it isn’t.

Some scams even use this information to carry out a “SIM swap”, tricking a phone provider into moving your number to a criminal’s SIM card so they can intercept security codes.

Crypto investment scams

A convincing email or social media post might offer an incredible return on a business investment. Some of these projects, known as “rug pulls”, are designed to collect funds and then disappear, leaving investors with nothing.

Romance scams (sometimes called pig‑butchering scams)

These might sound unrelated to business, but they’re not. Scammers build trust over weeks or months, often through social media or messaging apps, and then persuade someone to share sensitive information or even send money.

In some cases, they use AI‑generated images or videos to make the scam more believable and later threaten to leak personal material unless they’re paid.

Malvertising

Criminals hide malicious links inside paid ads on legitimate sites. An employee looking for a new supplier or tool could click an ad and unknowingly install malware onto a company laptop.

Formjacking

This is where criminals inject code into an online checkout form to steal payment or login details. If staff buy supplies or services from websites that aren’t secure, those details can be intercepted.

The common thread is simple: these scams exploit human attention and trust.

Regular reminders and training help staff stay alert, question unexpected requests, and think twice before clicking. A little extra caution can stop a scam before it starts.

We can help you make sure your team is vigilant about these scams and more. Get in touch – email info@mytechexperts.com, or call (734) 457-5000

When That “Trusting Email” Might Be the Most Dangerous

September 23, 2025

You know how you’d trust an email that looks just like one from your bank – or maybe even from your own team?

That resemblance can lull us into thinking everything’s okay… until a fraudulent link or message slips through. For small businesses, those moments can be costly.

Why it matters more than ever

Phishing isn’t just “someone asking for passwords.” It’s evolved. Messages now tug at urgency, making it harder than ever to spot what’s real. And once an email passes your “looks fine” test, that’s often when trouble starts.

The new tricks

Today’s phishing attacks are slicker than ever:

Polished, professional emails: Gone are the obvious typos and bad formatting. Many attacks now look identical to the real thing, sometimes even mimicking ongoing conversations.

Urgency tactics: Phrases like “act now” or “update immediately” push people into clicking before thinking.

AI-generated voice scams: Fraudsters can now clone voices, leaving phone messages or even “live” calls that sound eerily like someone you know.

These aren’t just theoretical risks. Businesses across industries, from law firms to healthcare practices to financial offices, are seeing these attacks land in inboxes every day.

Five smart defenses

Here’s how to build a stronger, people-first defense against phishing:

Refresh your team’s training: Short, scenario-based sessions go a long way. Ask, “What would you do if?” and keep it conversational. The goal isn’t to scare anyone, but to equip them.

Run a phishing drill: Sending a harmless test email can be a powerful teaching tool. When someone clicks, you have a chance to follow up with gentle coaching – not criticism.

Add technical checkpoints: Strong spam filters, authentication tools like DMARC, and multi-factor authentication all help reduce risk. Passwords alone aren’t enough anymore – they’re simply too easy to guess.

Create a clear response plan: If someone suspects a phishing attempt, they should know exactly who to tell. A quick, confident response is often the difference between “close call” and “serious breach.”

Pause before you click: Encourage employees to take a breath when something feels off. Verifying a request with a quick phone call – or by starting a new email thread – takes seconds but can prevent a crisis.

Why this hits close to home

For small- and mid-sized businesses, phishing isn’t just an inconvenience – it can lead to compliance headaches, financial losses, and damaged reputations. Local firms already face tight budgets, lean teams, and constant pressure to stay productive. A single wrong click can throw all of that into chaos.

That’s why prevention matters so much. These aren’t just IT issues – they’re business continuity issues. Protecting against phishing keeps the doors open, the clients confident, and your team focused on their work instead of scrambling to clean up a mess.

The bigger picture

Cybercriminals thrive on the hope that small businesses will underestimate them. They count on teams being busy, distracted, or unsure of what to look for. By putting a few safeguards in place – both technical and human – you turn that vulnerability into strength.

At the end of the day, this isn’t about technology for technology’s sake. It’s about giving yourself and your team the peace of mind that comes with knowing you’re prepared. Because once your business culture shifts from “reacting after the fact” to “noticing before it happens,” you’ve already won half the battle.

Could Social Engineering Bring Down Your Business?

August 25, 2025

One phone call could be all it takes to bring your business to its knees.

That’s the chilling reality of social engineering. It’s a type of cyberattack that doesn’t rely on clever coding or fancy tech. Instead, it targets your people. And it’s becoming one of the biggest threats to businesses of all sizes.

Social engineering is when a criminal manipulates someone into giving up sensitive information or access to systems.

It often starts with a phone call or email from someone pretending to be a colleague, a supplier, or even a senior manager. They might sound friendly, urgent, or frustrated… anything to get the response they want.

And if your staff aren’t on high alert, that one conversation could open the door to your entire network.

A favorite target for these attacks? Your customer service team. They’re trained to be helpful and solve problems quickly.

But if someone calls pretending to be locked out of their account and urgently needs a password reset, it’s easy to see how a well-meaning team member could be tricked into handing over access.

From there, it’s game over. Attackers can install ransomware, steal customer data, or snoop around in your systems undetected.

The worst part is this kind of attack is simple to pull off. And highly effective. That’s why even small businesses need to take it seriously.

So, what can you do?

Start by training your team to be cautious of unusual requests, even if they sound legitimate. And don’t rely on memory or gut instinct. Put strong identity verification procedures in place that everyone follows, every time. Technology can help with this by adding extra checks before any sensitive action is taken.

Remember, cybercriminals don’t need to break in when someone will open the door for them. But with the right awareness and safeguards, you can make sure your team knows how to keep it firmly shut.

Need help keeping your team on top of cybersecurity best practices? Get in touch.

Watch Out! “Malvertising” Is On The Rise!

December 17, 2024

This image was generated by an AI engine.

There are many types of malware. One of the most common is called “malvertising.” It crops up everywhere. You can also see these malicious ads on Google searches.

Two things are making malvertising even more dangerous. One is that hackers use AI to make it very believable. The other is that it’s on the rise, according to Malwarebytes. In the fall of 2023, malvertising increased by 42% month over month.

Below, we’ll help you understand malvertising and give you tips on identifying and avoiding it.

What is “malvertising?”

Malvertising is the use of online ads for malicious activities. One example is when the PlayStation 5 was first released. It was very hard to get, which created the perfect environment for hackers. Several malicious ads cropped up on Google searches. The ads made it look like someone was going to an official site. Instead, they went to copycat sites. Criminals design these sites to steal user credentials and credit card details.

Google attempts to police its ads, but hackers can have their ads running for hours or days before they’re caught. These ads appear just as any other sponsored search ad. They can also appear on well-known sites that have been hacked or on social media feeds.

Tips for protecting yourself from malicious online ads

Review URLs carefully

You might see a slight misspelling in an online ad’s URL. Just like phishing, malvertising often relies on copycat websites. Carefully review any links in the ads.

Visit websites directly

A foolproof way to protect yourself is not to click any ads.

Instead, go to the brand’s website directly.

If they truly are having a “big sale,” you should see it there. Just don’t click those links and go to the source directly.

Use a DNS filter

A DNS filter protects you from mistaken clicks. It will redirect your browser to a warning page if it detects danger. DNS filters look for warning signs. This can keep you safe even if you accidentally click a malvertising link. Often, you’ll see a block page.

Do not log in after clicking an ad

Malvertising will often land you on a copycat site. The login page may look identical to the real thing. One of the things phishers are trying to steal is login credentials.

If you click an ad, do not input your login credentials on the site, even if the site looks legitimate. Go to the brand’s site in a different browser tab.

Don’t call suspicious ad phone numbers

Phishing can also happen offline. Some malicious ads include phone numbers to call. Unsuspecting victims may not realize fake representatives are part of these scams. Seniors are often targeted; they call and reveal personal information to the person on the other end of the line.
Stay away from these ads. If you find yourself on a call, do not reveal any personal data.

Don’t download directly from ads

“Get a free copy of MS Word” or “Get a Free PC Cleaner.” These are common malvertising scams. They try to entice you into clicking a download link. It’s often for a popular program or freebie. The link actually injects your system with malware to do further damage.

A direct download link is likely a scam. Only download from websites you trust.

Warn others when you see malvertising

If you see a suspicious ad, warn others. This helps keep your colleagues, friends, and family more secure. If unsure, do a Google search. You’ll often run across scam alerts confirming your suspicion.

Foster a culture of cyber awareness

It’s important to arm yourself and others with this kind of knowledge. Foster a culture of cyber-awareness to ensure safety and better online security.

Could An Email Signature Be A Hidden Threat To Your Business?

October 15, 2024

You’re wrapping up a meeting when your phone buzzes with a new email. It’s from a key supplier and looks urgent. The message is short, direct, and ends with the familiar email signature you’ve seen countless times.

Without hesitation, you act on the request, but hours later, you discover that the email wasn’t from your supplier at all. The signature that convinced you it was legitimate was a clever forgery. Now you’re dealing with the fallout of a security breach that could have been avoided.

This isn’t a far-fetched scenario. It’s happening more often than you might think. Email signatures, those blocks of text at the end of every professional email, are being weaponized by cyber criminals.

While you’ve (hopefully) invested in securing your networks and training your team, the security of your email signature might be the last thing on your mind. But ignoring this small detail can open the door to big risks.

An email signature is more than just a formal way to sign off. It’s a digital fingerprint of your business identity. It contains crucial information such as your name, job title, contact details, and often your business’s logo and links.

For your clients and colleagues, it’s a mark of authenticity. But for cyber criminals, it’s a treasure trove of information that can be exploited to deceive and defraud.

What makes email signatures particularly vulnerable is their consistency and familiarity. The more frequently someone sees your signature, the more they associate it with legitimacy.

Cyber criminals take advantage of this by creating emails that appear to come from you or your trusted contacts, complete with a forged signature that looks almost identical to the real thing.

The reality is that many businesses overlook the security of their email signatures. They’re often seen as an afterthought, something that’s nice to have but not critical to protect. This can be dangerous. Without proper security measures, your email signature can easily be spoofed, making your business – and your clients – vulnerable to attacks.

Understanding the risks is the first step toward protecting your business.

For instance, if your email signature includes links, those links can be manipulated to direct recipients to malicious websites. Your title and contact details can be used to create highly authentic looking emails.

To safeguard your business, rethink how you approach email signatures. Start by standardizing the format across your company. When everyone’s signature looks the same, it’s easier to spot anomalies that could indicate a security threat.

Make sure that the links in your signatures are regularly verified to point to secure, legitimate websites. And, while it might be tempting to include lots of information in your signature, remember that the more data you provide, the more opportunities you’re giving cyber criminals to exploit it.

If you need help with this or any other aspect of your cyber security, get in touch.

Phishing 2.0: How AI Is Amplifying The Danger And What You Can Do

August 14, 2024

As technology advances, so do the threats that come with it. One of the most significant emerging threats in cybersecurity is AI-enhanced phishing. Unlike traditional phishing attempts, which are often easy to spot due to generic messages and poor grammar, AI-enhanced phishing uses sophisticated algorithms to create highly personalized and convincing attacks.

The potential damage from these attacks can be immense, leading to significant data breaches and severe consequences for individuals and organizations alike. To protect yourself and your organization, it’s crucial to adopt a proactive approach to cybersecurity.

Understanding the threat

AI-enhanced phishing leverages artificial intelligence to craft personalized emails that appear to come from trusted sources. These emails are designed to trick recipients into revealing sensitive information or clicking on malicious links. The consequences of falling victim to such attacks can be devastating, ranging from financial loss to identity theft.

How to protect yourself

Protecting yourself from AI-enhanced phishing requires vigilance and the implementation of several key security measures:

Be skeptical

Always be skeptical of unsolicited messages, especially if they ask for personal information or prompt you to click on a link or download an attachment. Cybercriminals often use urgent language to create a sense of urgency or appeal to curiosity.

Check for red flags

Even the most sophisticated phishing attempts can contain subtle red flags. Be cautious if an email seems too good to be true or if it contains slight variations in email addresses, unexpected attachments, or unusual requests. Look for inconsistencies in the sender’s address, the tone of the message, and the formatting.

Use multi-factor authentication (MFA)

Multi-factor authentication adds an extra layer of security by requiring more than one form of verification to access your accounts. This could include a combination of something you know (a password), something you have (a smartphone), and something you are (a fingerprint). MFA significantly reduces the risk of unauthorized access even if your password is compromised.

Educate yourself and others

Education is a powerful tool in the fight against phishing. Learn about the latest AI phishing tactics and share this knowledge with your colleagues, friends, and family. Regular training sessions and updates on the latest phishing techniques can help everyone stay vigilant.

Use advanced security tools

Invest in advanced security tools that can help detect and prevent phishing attempts. These tools often include email filters, anti-phishing software, and AI-based threat detection systems. Regularly update and configure these tools for maximum protection.

Report phishing attempts

If you receive a suspicious email, report it to your IT team or email provider immediately. Reporting phishing attempts helps improve security measures and prevents other potential victims from falling prey to the same scam. Your vigilance contributes to a safer digital environment.

Enable email authentication

Implement email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance). These protocols help verify the authenticity of the sender’s email address.

Conduct regular security audits

Regular security audits are essential to identify vulnerabilities in your systems and ensure that all security measures are up to date. These audits can uncover weaknesses that might be exploited by cybercriminals and provide an opportunity to strengthen your defenses.

In an era where cyber threats are becoming increasingly sophisticated, it’s essential to stay informed and proactive about cybersecurity. By understanding the nature of AI-enhanced phishing and implementing these protective measures, you can significantly reduce the risk of falling victim to these attacks. Remember, the key to cybersecurity is vigilance.

Hackers Don’t Take Holidays – Ransomware Is On The Rise

December 14, 2023

Studies have shown up to a 70% increase in attempted ransomware attacks during the holiday season.

Although we may be planning for a restful holiday ahead, full of delicious food and time with loved ones, hackers are not. Their ongoing exploitation of vulnerabilities and ever-changing tactics requires you and your team to be as vigilant as ever.

Phishing attacks have reached record highs this year. Worryingly, in the third quarter of this year alone, phishing attacks skyrocketed by a staggering 173%, compared to the previous three months.

And malware? It’s not far behind, with a 110% increase over the same period.

Let’s put this into perspective. Imagine you’re on a quiet beach, enjoying the sun and the surf. Suddenly, the tide starts to rise rapidly. Before you know it, your picnic basket is floating away, and you’re knee-deep in water. That’s what’s happening in the cyber world right now.

According to a report, the ‘phisherfolk’ group were most active in August, casting out more than 207.3 million phishing emails. That’s nearly double the amount in July. September wasn’t much better, with 172.6 million phishing emails.

But who are these cyber criminals targeting? Old favorites Facebook and Microsoft continue to top the charts, with Facebook accounting for more phishing URLs than the next seven most spoofed brands combined. Block Facebook on your network.

So, what’s the bottom line here? The attacks are coming from everywhere, and your business could be next.

Phishing attacks are like a rising tide, and if you’re not careful, they can quickly sink your business. They target everyone – from tech giants to financial institutions, and even government agencies. The question is – are you prepared?

Take a moment to consider the authenticity of emails. Are they from a trusted source? Do they contain suspicious links? Are they asking for sensitive information?

Make sure your employees are aware of the risks. Encourage them to think twice before clicking on a link or downloading an attachment. After all, a moment’s hesitation could save your business from a devastating cyber attack. [Read more…] about Hackers Don’t Take Holidays – Ransomware Is On The Rise

Eight In 10 Businesses Were Targeted With Phishing In The Last Year. Was Yours?

September 22, 2023

Despite all the buzz about high-tech threats like ransomware and malware, good old phishing has held on to its title as the number one trick in a cyber criminal’s toolkit.

Phishing is when someone tries to trick you into giving them your personal information, like your password or credit card number. They do this by sending you emails or text messages that look like they’re from a real company.

According to the latest annual cyber breaches survey, 79% of businesses were targeted with a phishing attempt in the past year. And if your employees aren’t trained in cyber security awareness, 1 in 3 of them are likely to fall for a phishing attack. Scary!

You might be thinking, “Sure, it’s bad, but it can’t be that bad, right?” Well, let’s break down the consequences of a successful phishing attack.