In this issue:

• Risks of using browser password managers

• Threat of the week: Fake recruiters on the rise

• Data breaches this week

Risks of using browser password managers

I know. You probably have tons of passwords saved directly in your browser, but I want you to be aware of some security risks with using the "save password in browser" feature.

Saving passwords in your browser might feel super convenient—you log in once, and it remembers everything for you. But that convenience can come with a big downside. If someone gets their hands on your laptop or phone, they might not need your password at all. If your browser is already open and logged in, they could just click and get into your accounts.

Browsers are also a favorite target for hackers because they store so much in one place. If you accidentally download something malicious, install a bad browser extension, or there is a new browser vulnerability, all your saved passwords could be up for grabs. And if your browser syncs across devices, one weak link—like a stolen phone—can give away everything.

How to manage passwords in Google Chrome:

1. Click the three-line menu icon (More) in the top-right corner and select "Settings". 

2. Select "Autofill and passwords" and then "Google Password Manager" to manage your saved passwords.

How to manage passwords in Firefox:

1. Click the three-line menu icon (More) in the top-right corner and select "Settings". 

2. Select "Privacy & Security" and then "Logins and Passwords" to manage your saved passwords.

How to manage passwords in Microsoft Edge:

1. Click the three-dot menu icon (More) in the top-right corner and select "Settings". 

2. Select "Profiles" and then "Passwords" to access the Microsoft Wallet and manage your saved passwords.

Fake recruiters on the rise

A human resources (HR) leader that I worked with twenty years ago posted on LinkedIn that criminals were imitating her LinkedIn account and using her name in emails and direct messages.

I personally received two emails this week from fake recruiters as shown in the following image. Notice the gmail account and that the last name doesn't match (a sure sign of generative artificial intelligence or a foreign actor). I checked LinkedIn and Debbie Wexler is a real recruiter but I know this email isn't from her.

Here’s how it usually works: someone reaches out on LinkedIn, email, or even text, saying they’re hiring for a well-known company. The job sounds amazing: great pay, work-from-home, flexible hours.

But once you show interest, they’ll ask for personal info, like your Social Security number, bank details, or a “small fee” for training materials. Some will even send you a fake check for “equipment” and then ask you to send some of the money back. By the time the bank flags it as fake, your money’s gone.

What's worse than losing some money is that people are quitting their current jobs for these fake jobs!

To avoid getting scammed, slow down before you respond. Look up the recruiter’s name and the company directly—don’t just trust the email address or profile. Real recruiters won’t pressure you to hand over personal details before an official interview.

Data breaches this week

Most of the time these will be companies that you don’t have any personal data with, but scan the names to make sure you aren’t affected.

DaVita: 1M individuals: Over 1 Million Impacted by DaVita Data Breach

Northwest Radiologists: 350k patients: Northwest Radiologists Data Breach Impacts 350,000 Washingtonians

Columbia University: 860k persons: Columbia University Data Breach Impacts 860,000

Bouygues: 6.4M customers: French Telecom Firm Bouygues Says Data Breach Affects 6.4M Customers

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com