The Kavalan Newsletter

Cyber security and cyber hygiene spoken simple

(This newsletter contains links to external websites. Please review their terms of use and privacy policies before using those websites.)

June 2023 Edition

EXECUTIVE SUMMARY: In this month's edition, our newest, completely fictitious and non-existent cyber reporter, Samuel the Harangued, vents about mobile app security since he is fed up trying to tell people not to connect their social media accounts to those random apps. We provide iPhone and Mac users more reasons to act snooty with some news about Android attacks while they make typos typing on that tiny iPhone keyboard. Speaking of typos, we cover some good reasons for reducing the waistline of your fat finger. Speaking of reducing waist lines, make sure to not take a bite of the wrong kind of 'Lemon' or 'Phish'.
Follow us on Social Media

Our Fat Finger Can Bite

Typo Squatting Attacks

'Fat fingers, small keyboard' used to be a funny email signature especially after the emergence of smart phones. Hackers took notice and 'Typosquatting' or 'URL Hijacking' or 'Domain Spoofing' attacks were born. Here is how bad guys go about it - Step 1: Identify a popular website. Step 2: Purchase the website names that are close in name to the popular site or are what people mistype when they try to access the real site. Step 3: Install some kind of malware or some content that tricks the user into downloading malware on to their phone or computer from that site. Step 4: Sit back and relax as people come to you to get hacked!! Before you visit a website make sure to confirm you typed in the right website address. If you are visiting a new website, make sure to check if the site has a good reputation using a URL reputation checker.

  • EXAMPLE 1: In 2022, a massive typo squatting attack campaign covering over 200 domains was discovered where attackers targeted Windows and Android users to impersonate GoogleWallet, Paypal and Snapchat to install the ERMAC banking trojan (a type of malware) onto people’s devices.

  • EXAMPLE 2: In 2016, malicious actors targeted popular news websites to redirect users to fake news sites that peddled completely false stories.


Aaargghh! with Samuel the Harangued

Scams calling out to a user

Threats from Mobile Apps

Think of something and they say 'there is an app for that'. But can you trust every app you download? Can you trust the app stores you download them from? Are there unscrupulous app makers out there? How can you protect yourself and your family? Samuel has had more than one head slap moment with his family and recommends the article below to save time for him and other family 'IT guys' like him.


Emerging Scams

A student deep in debt gets a call or email asking them to apply for student loan forgiveness before funds run out. They are told they are 'pre-qualified' but they need to act fast and call a number. They can expedite the process for free they say!

Student Loan Forgiveness Scams

You get a text message with an OTP for your bank account. Almost immediately, you get a call or an SMS that looks like it is coming from your bank asking you for that same OTP code. Should you provide it? Bots are counting you to!

One-Time Password (OTP) Bots

'FOMO' is Fear Of Missing Out. New crypto currencies pop up all the time and you are told this new 'alt coin' is the next big thing. Should you act on your FOMO? What tactics do crypto scammers use? What should we watch out for?

Crypto Currency Scams

Threats and Breaches

Well, it is not always our fault. The companies that we do business with get breached too. The apps and devices that we use get targeted with new attacks.

Hidden cyber threats

Guerilla Android Malware

Hacker group 'Lemon' pre-implanted malware on to Android phones and other Android devices such as smart TVs and children's Android-based watches.


Big School of Phish

Scammers are impersonating big brands like Nike, Puma, Crocs, Reebok, New Balance, Tommy Hilfiger using over 6000 fake websites. Careful what you click on!


Home Networks Under Attack

Cybercriminals are targeting the insecure home office networks of executives and their families. If you are an entrepreneur, proprietor or executive - watch out!