In this issue:

• Threat of the week: Fake shopping sites

• 23andMe data sold to a non-profit

• Let me know if there’s a topic you want me to cover

Fake shopping sites

Following a lead tweeted by a journalist in Mexico, another large set of fake shopping sites has been uncovered by cybersecurity company Silent Push. The English and Spanish websites have been traced back to China.

Everyday, thousands of website domains are registered, and a large majority of them are intended for scams. The cybersecurity firm identified several brand names, such as Apple, Harbor Freight Tools, Michael Kors, REI, Wayfair, Wrangler Jeans, Brooks Brothers, Jos. A. Bank, Nordstrom, Guitar Center, Tommy Hilfiger, and Tumi being targeted with copycat sites.

f you see a shopping advertisement on Facebook, Instagram, TikTok, Google, or somewhere else, it's very likely to be a scam. Always check the website address. Even if it looks legitimate, it could easily be a site created by a criminal. In this collection of websites they found harborfrieght[.]shop (e and i are reversed), brooksbrothersofficial[.]com, nordstromltems[.]com (a lowercase L instead of an i), guitarcentersale[.]com, tommyilfigershop[.]com (missing an h), and tumioutlets[.]com.

Here are some way to identify fake shopping sites:

• Look for website names that are variations of legitimate sites:

  • Switching i, l, and 1, or zero for an O.

  • Using foreign or special characters.

  • Adding sale, outlet, official, clearance, or discount into the website name.

• You can use the “lookup” tool to see when the website domain was created.

• Be suspicious of heavily discounted prices. If it's too good to be true, it probably is a scam.

• Look carefully at the website content for blurry images or logos, missing pages such as the "Returns Policy", limited company contact information, and grammatical mistakes.

You should assume that a large number of advertisements you are seeing are now created by criminals. If you want to look for a deal, go directly to the retailer's website and located the sale and clearance sections. Don't lose your money to the criminals.

23andMe data sold to a non-profit

If you are one of the 15-million 23andMe genetic DNA testing customers, and one of the 80% who have allowed their data to be used for research (like me), then you can breathe a sigh of relief. (Well, if you ignore the fact that 7 million of us were affected by their data breach in 2023.)

There were many customers and privacy groups who were extremely worried when 23andMe went into bankruptcy. The worst case scenario is that our genetic data would be sold to the highest bidder and a new owner would be allowed to do anything they wanted with our data.

When a pharmaceutical company won the bid in May to purchase, two dozen states sued to halt the deal. The bidding was re-opened and a former 23andMe CEO / co-founder purchased the company under the structure of a non-profit medical research organization. The TTAM Research Institute pledged to improve the privacy policies associated with the data and continue to allows customers to delete their data at will (which you can already do on 23andMe.com).

If you want to delete your data on 23andMe.com, you can find the option under their Settings menu. I personally deleted my data, but if they stop adding new features to 23andMe, I won't have a reason to continue using it. I've already noticed that many of my relatives are no longer showing in the family tree, so I probably will remove my data too.

Do you have an idea for a future newsletter? Please reply to this email and let me know.

Thank you so much!

Sincerely,
Cassie Crossley
Founder, Cyber Safe Center
https://www.cybersafecenter.com