In this issue:

  • How to use Authenticator apps

  • Fake Chrome extensions

    I was busy all weekend and am late getting the newsletter out. I’ll catch up on the breaches next week!

How to use Authenticator apps

Have you had a bank or other important account ask you if you want to use an authenticator application?

An authenticator application is a small app on your phone that helps prove you are really you when you sign in to an account. Apps like Google Authenticator and Microsoft Authenticator are popular choices (I have both on my phone). They are free and easy to set up.

Most websites walk you through it with simple instructions and a QR code you scan with your phone.

An authenticator app adds a second step, like a second lock on a door. After you type your password, the authenticator app gives you a short code (usually a 6 digit number) to type in, or it pops up a message that lets you tap “Approve.” That extra step makes it much harder for someone else to get in, even if they know your password.

Hint: When the 6-digit numbers turn red, it means the code is about to change. I wait until I get the new number and then type it into the website that I'm trying to access.

You may have seen accounts that send a code by text message. That is better than nothing, but it is not the safest option. In some scams, criminals can take over a phone number and receive those text codes. An authenticator app is safer because the codes stay inside the app on your phone.

If you only set this up for one account, do your email first. Email is the account that can reset passwords for your other accounts. Once your email is protected, add the authenticator app to banking, shopping, and social media. It takes a few minutes and can save you from a big headache later.

Fake Chrome extensions

I mainly use the Google Chrome browser and I've installed a few browser "extensions" which are special programs that work inside my browser. The extensions I use are only from well-known companies and their solutions that I trust, such as the Keeper password management system, Adobe Acrobat, and Google Translate.

Browser extensions can be genuinely useful, so it’s no surprise scammers are abusing that trust. A fast growing trick is the malicious “AI assistant” extension: it looks like a helpful productivity add-on in the Chrome Web Store, but its real job is to quietly grab your sensitive data.

Many of us have gotten used to pasting things into AI tools to “get help faster” like how to fix things or to conduct research on a topic.

Attackers are counting on that habit.

A fake AI assistant may prompt you to “connect your account,” or it may watch your browser to prove you’re already logged in. With either one, a criminal can act as you.

These extensions often look legitimate: polished icons, confident marketing language, and a handful of suspiciously generic reviews. Some copy the names and branding of real tools, or claim they’re “powered by” popular AI models.

The damage can be immediate so protect yourself with a few habits:

  • Install extensions sparingly, and remove anything you don’t use.

  • Read the permissions. If a “writing helper” wants access to every website you visit, that’s a red flag.

  • Never paste API keys, passwords, or secret tokens into a browser extension chat box.

Convenience is great. Handing an unknown extension your secrets is not. Stick with the ones you know.

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com

Keep Reading

© 2026 Cyber Safe Center.
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv