[{"content":"What does it mean to be a \u0026ldquo;digital sheepdog\u0026rdquo;? Anyone can. It means knowing what to do to keep your loved ones safe online.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-04-20-why-you-should-be-a-digital-sheepdog/","summary":"\u003cp\u003eWhat does it mean to be a \u0026ldquo;digital sheepdog\u0026rdquo;?  Anyone can.  It means knowing what to do to keep your loved ones safe online.\u003c/p\u003e","title":"Why you should be a Digital Sheepdog"},{"content":"If you\u0026rsquo;ve spent any time on YouTube or listening to podcasts, you\u0026rsquo;ve almost certainly been pitched a VPN. \u0026ldquo;Stay safe online!\u0026rdquo; \u0026ldquo;Browse anonymously!\u0026rdquo; \u0026ldquo;Protect your data from hackers!\u0026rdquo;\nThe advertisements make VPNs sound like a magical privacy cloak that makes you invisible on the internet. The reality is more nuanced — and some VPNs are actively harmful to the people who use them.\nLet me cut through the noise.\nWhat a VPN Actually Does VPN stands for Virtual Private Network. When you use one, it does two things:\nEncrypts your internet traffic between your device and the VPN server, so anyone between you and that server — your internet provider, someone on public WiFi — can\u0026rsquo;t read it.\nHides your real IP address from the websites you visit. Instead of seeing your home or office IP, they see the VPN server\u0026rsquo;s IP.\nThat\u0026rsquo;s it. That\u0026rsquo;s the whole thing.\nThink of it like a postal service analogy. Normally, when you send a letter, the postal workers can see where it\u0026rsquo;s coming from, where it\u0026rsquo;s going, and potentially what\u0026rsquo;s in it. A VPN is like using a trusted courier: they pick up your sealed letter, drive to another city, and mail it from there. The recipient sees the courier\u0026rsquo;s city, not yours. But the courier still knows everything.\nWhen a VPN Genuinely Helps On public WiFi — coffee shops, airports, hotels, anywhere you don\u0026rsquo;t control the network. A VPN encrypts your traffic so that even if someone on that network is snooping, they see scrambled nonsense instead of your passwords and browsing. This is the legitimate, practical use case.\nFrom your internet provider — your ISP (Comcast, AT\u0026amp;T, Verizon, etc.) can see every website you visit. A VPN prevents this. Whether you care about this is a personal privacy decision.\nAccessing content while traveling — if you travel internationally and want to access streaming services or websites that are geographically restricted, a VPN can help.\nWhen a VPN Does NOT Help Protecting you from malware and viruses — a VPN is not antivirus software. If you click a bad link and download malware, a VPN won\u0026rsquo;t stop it or remove it.\nMaking you anonymous — you\u0026rsquo;re trusting the VPN company with your traffic instead of your ISP. If law enforcement asks a VPN provider for records, many cooperate. Your identity is not magically hidden.\nProtecting you from phishing — a VPN won\u0026rsquo;t stop you from entering your password on a fake banking website. That\u0026rsquo;s not what it does.\nProtecting you on HTTPS websites — if you\u0026rsquo;re on a properly secured HTTPS site (the padlock in your browser), your data is already encrypted. The VPN adds a layer but isn\u0026rsquo;t filling a gap.\nThe Free VPN Problem Here\u0026rsquo;s the part the ads don\u0026rsquo;t mention: many free VPNs are the threat.\nThink about the economics. A VPN requires servers all over the world. Servers cost money. Bandwidth costs money. If a VPN service is completely free, they\u0026rsquo;re paying for all that infrastructure somehow — and the answer is usually your data.\nA CSIRO study found that nearly 40% of free VPN apps inject malware or tracking code into users\u0026rsquo; devices. Many others log your browsing history and sell it to advertisers. Some free VPNs have been caught routing users through botnets — using your device\u0026rsquo;s internet connection to conduct attacks on others.\nYou thought you were getting protection. You were becoming the product.\nNever use a free VPN unless it\u0026rsquo;s the free tier of a well-known paid service (like Proton VPN\u0026rsquo;s free tier, which is genuinely legitimate).\nWhich VPN Should You Actually Use? If you decide a VPN makes sense for you, here are trustworthy paid options:\nMullvad — Privacy-focused, accepts anonymous payment, no accounts required. The gold standard for privacy. Proton VPN — Made by the same people as ProtonMail. Strong privacy track record, has a legitimate free tier. ExpressVPN or NordVPN — Well-known, widely reviewed. Fine for most people. The heavy advertising is a little annoying, but the products are legitimate. Expect to pay around $3–$10/month. If a \u0026ldquo;VPN service\u0026rdquo; wants significantly more than that, or nothing at all, be skeptical.\nDo You Actually Need One? Honestly? For most people doing normal browsing at home on their own network — probably not urgently. Your home router is not a public network, and HTTPS handles most of the encryption needs for everyday browsing.\nWhere it makes a real difference: public WiFi. If you regularly work from coffee shops, travel and use hotel networks, or connect to airport WiFi — a VPN on your laptop and phone is a genuinely useful layer of protection.\nBottom line: A VPN does a specific thing well — encrypts your traffic on untrusted networks and hides your browsing from your ISP. It\u0026rsquo;s not a cure-all. Never use a free one from an unknown company. If you travel or work on public WiFi regularly, a paid VPN from a reputable provider is money well spent.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-07-20-what-is-a-vpn/","summary":"VPNs are everywhere in ads, but the marketing is full of exaggeration. Here\u0026rsquo;s what a VPN actually does, when it genuinely helps, and how to avoid the ones that are worse than useless.","title":"What Is a VPN and Do You Actually Need One?"},{"content":"Walk through your home and count the things connected to your WiFi. Your phone and laptop, obviously. But also: the smart TV, the streaming stick, the Ring doorbell, the Alexa on the counter, the Nest thermostat, the kids\u0026rsquo; tablets, the connected baby monitor, maybe a smart refrigerator if you went through a phase.\nThe average American home has more than 20 connected devices. And most of them were designed to be convenient first and secure approximately never.\nWelcome to the Internet of Things — the collection of internet-connected gadgets we\u0026rsquo;ve quietly filled our homes with — and the security nightmare that comes with it.\nHow Bad Is It? Pretty bad, actually. According to a 2025 Bitdefender and Netgear report, connected homes face an average of 30 attempted attacks per day. In December 2025, hackers compromised 4.2 million smart TVs and used them to launch a coordinated attack against a major cloud provider.\nStill think your smart TV is just a TV?\nThe problem is baked into how these devices are made. An estimated 35% of consumer IoT devices ship with default usernames and passwords — think \u0026ldquo;admin/admin\u0026rdquo; or \u0026ldquo;admin/password\u0026rdquo; — that are publicly known and never changed. Streaming devices, smart TVs, and cameras account for more than half of all known IoT vulnerabilities.\nWhat Can a Hacker Actually Do With Your Smart Devices? Your smart devices can become:\nSpies. A compromised camera or baby monitor lets someone watch your home. Smart TVs with built-in cameras and microphones have been used to eavesdrop on families. This isn\u0026rsquo;t paranoia — it\u0026rsquo;s been documented in multiple cases.\nAttack platforms. Your hacked router, smart TV, or thermostat can be recruited into a botnet — a network of compromised devices used to attack other targets, send spam, or mine cryptocurrency. Your device becomes a weapon pointed at someone else\u0026rsquo;s systems, all while sitting quietly on your shelf.\nEntry points. If a criminal can compromise a connected device on your network, they have a foothold inside your home network. From there, they may be able to reach your computers, your shared files, or your other devices. Your smart lightbulb becomes a bridge into everything else.\nThe Fixes The good news: the most impactful fixes are simple and free.\nChange Default Passwords Immediately The single most important thing you can do. Every device that has a login — router, camera, smart doorbell, baby monitor — comes with a factory default password. Change it the day you set it up. Use a strong, unique password (and store it in your password manager).\nIf you bought a device years ago and never changed the password, do it today.\nPut Smart Devices on a Guest Network Your router likely supports a \u0026ldquo;guest network\u0026rdquo; — a separate WiFi network that can\u0026rsquo;t communicate with your main network. Put your smart home devices on it. Your phone and laptop stay on the main network.\nThis means if your smart TV gets compromised, the attacker can\u0026rsquo;t hop over to the network your bank accounts and work laptop are on. I\u0026rsquo;ve written about this in my home router post.\nKeep Firmware Updated Firmware is the built-in software that runs your devices. Manufacturers occasionally release firmware updates that patch security vulnerabilities. Most devices can be configured to update automatically — enable this in the device settings. If there\u0026rsquo;s no automatic update option, check periodically.\nThink Before You Buy Before purchasing a new connected device, ask: does this thing need to be connected to the internet? A smart refrigerator that sends you alerts is convenient. It\u0026rsquo;s also one more device with a default password and an attack surface. Sometimes a dumb appliance is the secure appliance.\nAudit What You Already Have Pull up your router\u0026rsquo;s connected device list (log into your router admin page — usually at 192.168.1.1) and see what\u0026rsquo;s there. You may discover devices you forgot about, or devices a previous owner of your home connected. If you don\u0026rsquo;t know what it is, change the WiFi password — anything you care about will prompt you to reconnect, and you\u0026rsquo;ll know to deal with the mystery device.\nBottom line: Your smart home is only as secure as its least-protected device, and most IoT devices ship with almost no security out of the box. Change default passwords, isolate smart devices on a guest network, keep firmware updated, and think carefully about what you actually need connected to the internet. Your Ring doorbell should be watching for intruders — not welcoming them in.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-07-13-securing-your-smart-home/","summary":"Smart TVs, video doorbells, smart speakers, connected thermostats — your home is full of devices that are potentially watching, listening, and poorly secured. Here\u0026rsquo;s how to fix that.","title":"Your Smart Home Is Watching: Securing IoT Devices"},{"content":"You\u0026rsquo;re at the coffee shop, you connect to the free WiFi, and you check your bank balance while waiting for your latte. How worried should you be?\nThe honest answer: it depends on what you\u0026rsquo;re doing — and the risk is probably a little different than what you\u0026rsquo;ve heard.\nPublic WiFi security advice ranges from \u0026ldquo;it\u0026rsquo;s completely fine, websites are encrypted now\u0026rdquo; to \u0026ldquo;never connect to public WiFi, ever, criminals are everywhere.\u0026rdquo; Both of those are wrong. Let me give you the realistic picture.\nWhat Can Actually Go Wrong? The Evil Twin Attack This is the sneakiest threat on public WiFi. A criminal sets up a fake WiFi hotspot with a name nearly identical to the legitimate one. \u0026ldquo;Starbucks WiFi\u0026rdquo; vs. \u0026ldquo;Starbucks_WiFi.\u0026rdquo; You connect to the fake one — it probably even provides internet access — but everything you send flows through the attacker\u0026rsquo;s device first.\nThis is called a rogue access point, or \u0026ldquo;evil twin\u0026rdquo;, and it requires someone to physically be there running it. It happens, but it requires deliberate effort from a criminal who has chosen your specific location.\nUnencrypted Traffic Snooping On an unencrypted network (one without a password, or an old-style WEP-encrypted network), traffic is transmitted \u0026ldquo;in the clear.\u0026rdquo; Anyone on the same network with the right software can potentially see what you\u0026rsquo;re sending and receiving.\nHere\u0026rsquo;s the important caveat: most websites you visit today use HTTPS — that little padlock in your browser\u0026rsquo;s address bar. HTTPS encrypts your traffic end-to-end, so even if someone intercepts it on the WiFi network, they can\u0026rsquo;t read it. If you\u0026rsquo;re on an HTTPS website, the contents of your browsing are protected even on sketchy public WiFi.\nIf a website shows \u0026ldquo;HTTP\u0026rdquo; (no S) in the address bar — which is increasingly rare but still exists — your traffic is readable to anyone on the same network.\nMalware Distribution On some public networks, attackers can push software update popups that are actually malware installers. If a public WiFi network asks you to \u0026ldquo;update software\u0026rdquo; or \u0026ldquo;install a certificate\u0026rdquo; before connecting, decline and leave that network.\nWhat\u0026rsquo;s Actually Safe on Public WiFi? Checking news sites, weather, sports scores — basically fine Watching streaming video — fine; encrypted and nothing sensitive Logging into accounts on HTTPS sites — reasonably safe, but read the caveats below Online banking or financial transactions — this is where I\u0026rsquo;d want a VPN or use my phone\u0026rsquo;s cellular data instead When Should You Use a VPN? A VPN (Virtual Private Network) creates an encrypted tunnel between your device and the internet, so even if someone intercepts your traffic on a public WiFi network, all they see is scrambled data. For sensitive activity on public WiFi — banking, work email, anything involving passwords or personal information — a VPN is a solid layer of protection.\nI\u0026rsquo;ve written a separate post going deep on VPNs and how to choose a trustworthy one. The short version: use a reputable paid VPN rather than a free one, since nearly 40% of free VPN apps have been found to contain malware.\nThe Simple, Practical Rules For everyday browsing (news, YouTube, etc.): Public WiFi is fine. Make sure the site has HTTPS (the padlock).\nFor logging into important accounts: Either use your phone\u0026rsquo;s cellular data (4G/5G), or use a reputable VPN on your laptop.\nFor banking and financial transactions: Use cellular data or a VPN. This is not the moment to trust that the \u0026ldquo;AirportFreeWiFi\u0026rdquo; network is legitimate.\nAlways: If a network asks you to install anything before connecting, walk away.\nOne overlooked trick: When you\u0026rsquo;re done with a public WiFi network, tell your device to \u0026ldquo;forget\u0026rdquo; it. Otherwise, your phone will automatically reconnect to any network with the same name — including a criminal\u0026rsquo;s evil twin with a matching name set up at the same location another day.\nBottom line: Public WiFi isn\u0026rsquo;t the boogeyman it\u0026rsquo;s sometimes made out to be — especially if you\u0026rsquo;re just browsing. But for anything sensitive, use cellular data or a trusted VPN, look for HTTPS on every site you log into, and don\u0026rsquo;t let your device silently reconnect to remembered networks.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-07-06-risks-of-public-wifi/","summary":"Coffee shop WiFi, hotel networks, airport hotspots — what\u0026rsquo;s actually risky, what\u0026rsquo;s overblown, and what you should actually do about it.","title":"The Risks of Public WiFi (And What to Actually Do About It)"},{"content":"The FBI\u0026rsquo;s 2025 Internet Crime Report tells a sobering story: fraud losses in the U.S. hit $20.88 billion last year, a 26% increase from the prior year. And while scams target everyone, older adults are disproportionately victimized. The FTC reports that tech support scams alone resulted in $1.23 billion in losses, with seniors filing thousands of complaints.\nThis isn\u0026rsquo;t because older adults are foolish. Criminals target them specifically because they tend to have more savings, are more likely to be home to answer calls, and often grew up in an era when trusting authority figures — police, government officials, tech companies — was a reasonable default. Scammers exploit that trust methodically.\nHere are the scams your parents are most likely to encounter, and how to help them.\nThe Tech Support Scam A popup appears on the screen: \u0026ldquo;Your computer has been infected with a virus. Call Microsoft Support immediately at 1-800-XXX-XXXX.\u0026rdquo; Or the computer slows down and they call what they believe is Apple or Microsoft for help.\nThe \u0026ldquo;support agent\u0026rdquo; is a criminal. They\u0026rsquo;ll ask for remote access to fix the \u0026ldquo;problem\u0026rdquo; — and once they\u0026rsquo;re in, they install real malware, find banking information, and often convince the victim they need to pay hundreds or thousands of dollars to remove the infection.\nThe key fact to share: Microsoft, Apple, Google, and your antivirus company will never call you unsolicited, and a popup on your screen asking you to call a phone number is never legitimate. If you see one, close your browser (or restart your computer) and call a family member before calling any number from the screen.\nThe IRS / Social Security Impersonation Call \u0026ldquo;This is the IRS. We have a warrant for your arrest due to unpaid taxes. To avoid arrest, you must pay immediately using gift cards.\u0026rdquo;\nGift cards. The IRS. Gift cards. The IRS does not accept gift cards. It does not call to threaten arrest. It sends letters — by mail, to your address on file — before escalating anything.\nNeither does the Social Security Administration threaten to suspend your Social Security number. Neither does Medicare demand payment to maintain coverage.\nAny call claiming to be a government agency and demanding immediate payment — especially via gift cards, wire transfer, or cryptocurrency — is a scam. Every single time.\nThe Romance Scam This one is particularly painful because it exploits loneliness. A stranger connects on a social platform or dating site, builds a relationship over weeks or months through messages and sometimes video calls (which may use deepfakes), and then has an \u0026ldquo;emergency\u0026rdquo; — a medical crisis, a stuck investment, trouble getting money out of the country. Could you help?\nRomance scams extracted over $1 billion from Americans in a recent year, and the victims are disproportionately widows and widowers. The emotional manipulation can be as devastating as the financial loss.\nThe \u0026ldquo;Grandchild in Trouble\u0026rdquo; Scam I covered this in detail in my post on AI voice cloning scams, but it bears repeating here: criminals call grandparents claiming to be (or to represent) a grandchild in an emergency — car accident, arrest, hospital — and beg for immediate money. The voice may now be AI-cloned from social media.\nThe defense: a family safe word that only real family members know. Ask for it before sending anything.\nHow to Have the Conversation This is the hard part. Nobody wants to make their parents feel incompetent or under surveillance. Here\u0026rsquo;s how I\u0026rsquo;d approach it:\nLead with love, not alarm. \u0026ldquo;I\u0026rsquo;ve been reading a lot about scams targeting people, and I want to make sure we\u0026rsquo;re all protected — I set up the same things on my own accounts.\u0026rdquo;\nMake it a family thing, not a parent thing. Acknowledge that these scams fool everyone. You\u0026rsquo;re not suggesting they\u0026rsquo;re not sharp — you\u0026rsquo;re suggesting that criminals are professionals at this.\nCome with solutions, not just warnings. Offering to help set up two-factor authentication, review their email settings, or add them to a credit monitoring service makes the conversation productive.\nEstablish the safe word. Make it feel like a fun family insider thing rather than a security protocol.\nPractical Protections Freeze their credit — Just like yours, a credit freeze prevents anyone from opening new accounts in their name Set up two-factor authentication on their email and financial accounts and make sure they control it Add their number to the Do Not Call Registry at donotcall.gov — it won\u0026rsquo;t stop scammers, but it reduces legitimate telemarketing noise that can be confusing Consider a call-blocking service — apps like RoboKiller or Nomorobo can significantly reduce the volume of scam calls that get through Bottom line: Criminals target the elderly deliberately and skillfully. The best protection is a combination of technical safeguards and a family that talks openly about these threats — without making anyone feel embarrassed or diminished. Have the conversation. Do it soon.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-06-29-protecting-elderly-parents-from-scams/","summary":"Criminals specifically target older adults because they tend to be more trusting and more financially secure. Here\u0026rsquo;s how to have the conversation and put protections in place — without making your parents feel like you\u0026rsquo;re treating them like children.","title":"Your Elderly Parents Are Being Targeted. Here's How to Help."},{"content":"Let me be upfront about something: there is no perfect solution for keeping kids safe online. The internet is enormous, kids are resourceful, and parental controls are never foolproof. Anyone who tells you otherwise is selling something.\nWhat I can give you is a realistic, practical approach that puts sensible guardrails in place, opens the lines of communication, and makes your children significantly safer — without requiring a computer science degree or turning your home into an episode of Black Mirror.\nStart at the Router, Not the Device The most common approach to online safety is installing parental control apps on each of your kids\u0026rsquo; devices individually. This works, but it has a weakness: it requires you to stay on top of every device, every update, every workaround your clever teenager discovers. It\u0026rsquo;s a game of whack-a-mole.\nA smarter approach is to control the internet at the source — your home router. If your router is using a security-focused DNS service, every device on your home network gets filtered automatically. No app to install. No per-device configuration. A new phone, a smart TV, a friend\u0026rsquo;s device connecting to your WiFi — all protected.\nI\u0026rsquo;ve written about how to do this in my posts on home network equipment and changing your DNS settings. Cloudflare\u0026rsquo;s free \u0026ldquo;Family\u0026rdquo; DNS can block malware and adult content with a two-minute router change.\nThe Platforms Your Kids Are Actually Using Before you can protect your kids online, you need to know where they\u0026rsquo;re spending their time. This list shifts constantly, but in 2026 it generally includes:\nTikTok, YouTube, Instagram — video and social content; can expose kids to strangers, inappropriate content, and influencer pressure Discord — popular with gamers; allows direct messaging with strangers from gaming communities Snapchat — disappearing messages make it hard to monitor; popular for peer communication Roblox, Minecraft, Fortnite — games with social/chat features; kids regularly interact with strangers here The Kids Online Safety Act was reintroduced in Congress in 2025, pushing platforms to add better protections for minors — but legislation is slow. Don\u0026rsquo;t wait for the law to catch up. Know what platforms your kids use and spend 20 minutes in those apps yourself.\nPractical Steps That Actually Help Set up separate accounts for younger kids. Apple Screen Time and Android\u0026rsquo;s Family Link let you approve app downloads, set time limits, and restrict content categories. Both are free and built into the operating systems.\nEnable SafeSearch on Google. On your kids\u0026rsquo; devices, go to Google settings and turn on SafeSearch to filter explicit content from search results.\nCheck privacy settings on social apps. Make sure your child\u0026rsquo;s accounts are set to private and that they\u0026rsquo;re not publicly broadcasting their location, school, or daily schedule.\nKeep devices in common spaces. The oldest rule still works. A phone or laptop in the bedroom at night is an invitation to problems. Chargers in the kitchen or living room overnight is a simple policy that prevents a lot of headaches.\nKnow their username, not just their password. You don\u0026rsquo;t necessarily need to read every message — but knowing your kids\u0026rsquo; usernames lets you periodically check what they\u0026rsquo;re posting publicly.\nThe Conversation Is the Most Important Control Here\u0026rsquo;s the uncomfortable truth: determined teenagers can work around almost any technical control. The ultimate protection is a kid who talks to you when something feels wrong.\nThat means having actual conversations — not lectures — about what they encounter online. What to do if someone they don\u0026rsquo;t know starts messaging them. What to do if they see something that upsets or confuses them. That they won\u0026rsquo;t get in trouble for coming to you.\nYou don\u0026rsquo;t need all the answers. You just need them to know the door is open.\nA quick note for teachers: Your students face many of these same risks on school-issued devices and personal phones during the school day. Knowing what platforms kids use and having age-appropriate conversations about online safety in the classroom can be as valuable as any content filter.\nBottom line: Start with your router-level DNS settings for whole-network protection, use built-in parental controls for device-level guardrails, know what platforms your kids actually use — and most importantly, keep talking with them. Technology can block a lot, but it can\u0026rsquo;t replace a parent who\u0026rsquo;s paying attention.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-06-22-protecting-your-kids-online/","summary":"You don\u0026rsquo;t need to be a tech expert to keep your kids safer online. Here are practical, realistic steps that actually work — without turning your home into a surveillance state.","title":"Protecting Your Kids Online: A Parent's Practical Guide"},{"content":"Your phone rings. It\u0026rsquo;s your son\u0026rsquo;s voice — panicked, urgent. He says he\u0026rsquo;s been in a car accident, he\u0026rsquo;s in trouble with the police, and he needs you to send money right now. Please don\u0026rsquo;t tell Dad.\nYou\u0026rsquo;re horrified. Of course you\u0026rsquo;re going to help. You send the money.\nExcept it wasn\u0026rsquo;t your son.\nThis is the AI voice cloning scam, and it is happening right now to real families. In 2026, AI voice cloning scams cost elderly Americans over $2.3 billion — and that\u0026rsquo;s just what was reported. The FBI estimates the unreported numbers are far higher.\nHere\u0026rsquo;s the terrifying part: all a scammer needs is about three seconds of your child\u0026rsquo;s voice. A birthday video on Facebook. A TikTok. A voicemail greeting. They feed it into an AI voice cloning tool — many of which are free and require no technical skill — and within minutes, they have an imitation convincing enough to fool a parent.\nThis Isn\u0026rsquo;t Science Fiction Sharon Brightwell of Florida received a call from her \u0026ldquo;daughter,\u0026rdquo; crying and begging for help after a supposed car accident. She sent $15,000 to a courier before realizing it was a scam. Margaret Thompson, 78, lost $45,000 after a scammer cloned her grandson\u0026rsquo;s voice. These cases are becoming routine.\n1 in 4 Americans has already been fooled by an AI-generated deepfake or voice clone, according to a 2026 survey. This is no longer a fringe threat.\nHow AI Has Changed the Game For years, you could spot a scam email by the bad grammar. \u0026ldquo;Dear Valued Customer, we have suspicious activity on you account please confirm password now.\u0026rdquo; It was almost comically obvious.\nNot anymore.\nAI tools can now generate perfectly written, grammatically flawless emails that:\nReference real events in the news to seem current Are personalized to include your name, employer, and other details found online Are translated and adjusted for any language or cultural context Are written in the specific style of your boss, bank, or insurance company That \u0026ldquo;Nigerian prince\u0026rdquo; who couldn\u0026rsquo;t spell? He\u0026rsquo;s been replaced by an AI that writes better than most humans.\nThe Simple Defense: Establish a Family Safe Word Here\u0026rsquo;s the one practical thing I want every family to do after reading this post.\nPick a secret family code word or phrase. Something unusual enough that it couldn\u0026rsquo;t be guessed but simple enough to remember. Something like \u0026ldquo;blue sailfish\u0026rdquo; or \u0026ldquo;Grandma\u0026rsquo;s kitchen.\u0026rdquo;\nIf anyone in your family ever calls in a \u0026ldquo;crisis\u0026rdquo; — accident, arrest, medical emergency, need money fast — the first thing you do is ask for the safe word. A real family member will know it instantly. An AI impersonator won\u0026rsquo;t.\nShare it privately. Don\u0026rsquo;t post it anywhere. Tell every member of your immediate family.\nThis one simple step can stop the grandparent scam cold.\nOther AI-Powered Tricks to Watch For Deepfake videos — AI can now generate convincing videos of real people saying things they never said. A video \u0026ldquo;from your bank executive\u0026rdquo; or \u0026ldquo;from a trusted friend\u0026rdquo; asking for something should raise immediate suspicion, especially if the request is unusual.\nImpersonation phone calls — AI voice cloning isn\u0026rsquo;t just for family emergencies. Criminals use it to impersonate employers, government officials, or customer service representatives. The \u0026ldquo;IRS\u0026rdquo; calling to say you owe back taxes and face arrest? Could now sound exactly like a real government employee.\nHyper-personalized phishing — AI can scan your social media and professional profiles to craft a spear-phishing email that references real things about your life — your employer, recent vacation, mutual connections. When an email seems to know a lot about you, that\u0026rsquo;s not a reason to trust it — it may be a reason to be more suspicious.\nWhat You Can Do Create a family safe word — do this today Be suspicious of urgency — whether by phone, email, or video, if someone is pressuring you to act fast, slow down Verify through a known channel — if your \u0026ldquo;bank\u0026rdquo; calls, hang up and call the number on the back of your card Limit what you share publicly — voice samples on social media are raw material for criminals; the less your family posts, the less there is to clone Talk to your elderly family members — seniors are disproportionately targeted; make sure they know about voice cloning before it happens to them Bottom line: AI has handed criminals a powerful new toolbox — perfect fake voices, flawless emails, and convincing impersonations. The technology will keep getting better. Your best defenses are skepticism, verification, and a family safe word that no machine can guess.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-06-15-ai-powered-scams/","summary":"Criminals are now using AI to clone voices, write flawless phishing emails, and create convincing deepfakes. Here\u0026rsquo;s what you need to know — and one simple trick that could save your family thousands of dollars.","title":"AI Is Being Used Against You: The Rise of AI-Powered Scams"},{"content":"If you\u0026rsquo;ve watched any crime drama in the past ten years, you\u0026rsquo;ve heard someone mention the dark web in hushed, ominous tones. It\u0026rsquo;s portrayed as this shadowy digital underworld where anything goes and terrible things happen.\nThat\u0026rsquo;s\u0026hellip; not entirely inaccurate. But it\u0026rsquo;s also not the whole story.\nLet me clear up some of the mystery, because understanding what the dark web actually is — and what criminals actually do with it — is far more useful than being scared of it.\nThe Internet Has Layers Think of the internet like an iceberg.\nThe surface web is what you use every day — Google, Amazon, Facebook, YouTube, this blog. It\u0026rsquo;s anything you can find with a search engine. Estimates suggest it represents only about 4-5% of the total internet.\nThe deep web is everything that search engines can\u0026rsquo;t index — your online banking dashboard, your email inbox, medical records, private databases. This is completely normal and boring. You use it constantly.\nThe dark web is a small, intentionally hidden slice of the internet that requires special software — most commonly a browser called Tor (The Onion Router) — to access. The content on the dark web is deliberately obscured so that users and servers can\u0026rsquo;t easily be identified.\nSo What\u0026rsquo;s Actually on the Dark Web? The dark web has legitimate uses. Journalists use it to communicate with sources in authoritarian countries. Activists and dissidents use it to avoid government surveillance. Privacy advocates use it for research.\nBut yes — it\u0026rsquo;s also a marketplace for illegal activity. And that\u0026rsquo;s the part relevant to your security.\nAccording to researchers, dark web marketplaces trade in stolen credentials, credit card data, counterfeit documents, and hacked account access. Some examples of what\u0026rsquo;s for sale and at what price:\nA stolen credit card with billing info: $5–$120 A \u0026ldquo;fullz\u0026rdquo; — a complete identity package (name, SSN, DOB, address): $16–$228 Access to a hacked corporate network: thousands of dollars It\u0026rsquo;s essentially a black market, running on cryptocurrency to avoid tracing payments, with buyer reviews and customer service — the dark web has its own grim version of Amazon. In 2024, analysts tracked over 720,000 sales totaling $17.3 million in stolen personal data on a single market.\nHow Does Your Data End Up There? When a company gets breached — Target, Equifax, a healthcare provider, a retailer you bought something from in 2018 — the stolen records don\u0026rsquo;t just disappear. They get packaged up and sold on dark web markets. The criminals who buy them then use the data to commit fraud, open accounts, or launch targeted phishing attacks.\nThis is the real danger of data breaches: not the breach itself, but the downstream market for the data.\nHow Do You Know If Your Data Is There? Here\u0026rsquo;s the good news: you don\u0026rsquo;t need to go anywhere near the dark web to check. Security researcher Troy Hunt built a completely legitimate, free service that monitors known data dumps and lets you check whether your email address has appeared in any breach.\nIt\u0026rsquo;s called Have I Been Pwned — and yes, \u0026ldquo;pwned\u0026rdquo; is internet slang for \u0026ldquo;owned\u0026rdquo; or compromised. You just type in your email address and it tells you if it\u0026rsquo;s shown up. No download, no account required.\nYou can also sign up for free email alerts, so if your address appears in a future breach, you\u0026rsquo;ll know quickly.\nIf your email address shows up: change the password you used at that site, and if you used that same password anywhere else, change it there too.\nWhat About Those \u0026ldquo;Dark Web Monitoring\u0026rdquo; Services? You may have seen advertisements or credit monitoring services offering \u0026ldquo;dark web monitoring\u0026rdquo; — often as an upsell. These services automatically scan known data dumps for your information and alert you.\nThey can be useful, but read the fine print. Most are scanning the same public data dumps that Have I Been Pwned already monitors. A legitimate service won\u0026rsquo;t actually access dark web criminal forums on your behalf — they\u0026rsquo;re scanning databases that have already been exposed publicly.\nBottom line: The dark web is real, and it\u0026rsquo;s where your stolen data ends up when companies get breached. You don\u0026rsquo;t need to go there yourself, but you should check regularly at haveibeenpwned.com to find out if your information has been exposed. Knowledge is the first step — knowing you\u0026rsquo;ve been breached means you can act before a criminal does.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-06-08-what-is-the-dark-web/","summary":"The dark web sounds terrifying. The reality is less dramatic — but still worth understanding, especially if your personal information has shown up there.","title":"What Is the Dark Web, Really?"},{"content":"Here\u0026rsquo;s an uncomfortable question: has a stranger ever had your Social Security Number, your full name, your date of birth, and your home address — all at once?\nIf you\u0026rsquo;re an American adult, the answer is probably yes. You just might not know it.\nIn 2017, one of the three major U.S. credit bureaus — Equifax — was hacked. Criminals made off with the personal information of 147 million Americans. That\u0026rsquo;s roughly half the adult population of the United States. Not passwords. Not credit card numbers. The really sensitive stuff: Social Security Numbers, birth dates, home addresses, and in many cases, driver\u0026rsquo;s license numbers.\nAnd Equifax had no idea it was happening for 78 days.\nHow Did It Happen? Here\u0026rsquo;s the maddening part. The vulnerability that allowed the breach had been publicly identified and a fix had been made available two months before the attack. Equifax simply hadn\u0026rsquo;t installed the update.\nThat\u0026rsquo;s it. The digital equivalent of leaving your front door wide open after the locksmith had already sent you a new lock and you just never got around to putting it on.\nHackers exploited that unpatched vulnerability, got inside Equifax\u0026rsquo;s systems, and spent weeks quietly siphoning data — more than 145 GB of it — before anyone noticed. When Equifax finally discovered the breach in July 2017, the theft had already been happening since mid-May. They didn\u0026rsquo;t publicly disclose it until September 7, 2017.\nWhy Should You Still Care — Years Later? This is where a lot of people tune out. \u0026ldquo;That was years ago. Old news.\u0026rdquo;\nNot quite. Here\u0026rsquo;s what makes the Equifax breach different from, say, a Target or Home Depot breach where credit card numbers were stolen.\nStolen credit card numbers expire. You cancel the card, get a new one, problem solved.\nYour Social Security Number never expires. Your birthday never expires. Your name never expires. That information is yours forever — and now it\u0026rsquo;s also a criminal\u0026rsquo;s forever.\nThose 147 million records are still out there. They\u0026rsquo;ve been sold, resold, and traded on dark web markets for years. A criminal who bought your data in 2018 can still use it in 2026 to:\nOpen credit cards or loans in your name File a fraudulent tax return and collect your refund Apply for government benefits using your identity Pass identity verification checks on new account applications The theft is over. The risk isn\u0026rsquo;t.\nWhat Can You Do? Freeze your credit. This is still the best defense against someone using your information to open fraudulent accounts. A credit freeze makes your credit report inaccessible to potential creditors — so even if a criminal has your SSN and birthday, they can\u0026rsquo;t open a new account in your name. I\u0026rsquo;ve written a complete guide to freezing your credit — it\u0026rsquo;s free and takes about 15 minutes.\nCheck if you were affected. Equifax set up a settlement site as part of a $700 million settlement with the FTC. Affected individuals were eligible for free credit monitoring and, in some cases, small cash payments.\nCheck Have I Been Pwned. Go to haveibeenpwned.com and enter your email address to see if your information has appeared in this or other known breaches.\nBe alert to identity theft signs. Unexplained accounts on your credit report, calls from debt collectors about debts you don\u0026rsquo;t recognize, or tax return rejection notices (\u0026ldquo;a return has already been filed under your SSN\u0026rdquo;) are all potential signs that your information is being used by someone else.\nBottom line: The Equifax breach isn\u0026rsquo;t history — it\u0026rsquo;s an ongoing reality for 147 million Americans. The data is still out there and it doesn\u0026rsquo;t expire. Freeze your credit, monitor your accounts, and treat your Social Security Number like the master key to your financial life, because that\u0026rsquo;s exactly what it is.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-06-01-equifax-breach-what-happened/","summary":"In 2017, hackers stole the personal information of 147 million Americans — roughly half the country. Here\u0026rsquo;s what actually happened, why it still matters, and what you can do about it.","title":"The Equifax Breach: What Really Happened to Your Data"},{"content":"In May 2021, people up and down the East Coast started panicking about gasoline. Lines at gas stations stretched around the block. Prices spiked. Some states declared emergencies. The cause? A group of hackers had taken a major fuel pipeline hostage — not with weapons, but with software.\nThat was the Colonial Pipeline attack, and it\u0026rsquo;s one of the most dramatic real-world examples of ransomware — a type of cyberattack that has quietly become one of the most destructive forces in digital crime.\nWhat Happened at Colonial Pipeline Colonial Pipeline carries about 45% of the fuel used by the East Coast. On May 7, 2021, a criminal group called DarkSide broke into their computer systems using a single stolen password for an old VPN account that didn\u0026rsquo;t have two-factor authentication enabled.\nThey encrypted Colonial\u0026rsquo;s data — essentially locking the company out of their own systems — and threatened to release sensitive information publicly unless they were paid a ransom. Colonial shut down operations as a precaution. Six days later, after paying $4.4 million in Bitcoin, they got a decryption tool and slowly restored operations.\nAll of that — the gas shortages, the panic buying, the emergency declarations — triggered by one leaked password with no second factor protecting it.\nSo What Exactly Is Ransomware? Think of ransomware like a padlock that a criminal puts on your front door from the outside. Your house, your stuff — but now you can\u0026rsquo;t get in. They hold the key and demand payment to give it back.\nIn digital terms, ransomware is a type of malicious software (malware) that:\nFinds its way onto a computer or network Encrypts your files — documents, photos, databases, everything — making them completely unreadable Displays a ransom demand: pay us (usually in cryptocurrency) and we\u0026rsquo;ll give you the key to decrypt your files No payment, no files. Or so the threat goes. (Paying doesn\u0026rsquo;t always result in getting your files back, by the way.)\nHow Does It Get In? The most common entry points are:\nPhishing emails — A convincing fake email tricks someone into clicking a link or downloading an attachment that installs the ransomware. One click by one distracted person on a Tuesday afternoon can bring down an entire company.\nWeak or stolen passwords — Exactly as happened with Colonial Pipeline. If an attacker can log in to your systems using stolen credentials, they\u0026rsquo;re in. If there\u0026rsquo;s no second layer of authentication to stop them, they have free reign.\nUnpatched software — Software vulnerabilities are discovered constantly, and software companies release \u0026ldquo;patches\u0026rdquo; (updates) to fix them. When organizations don\u0026rsquo;t install those updates promptly, they leave known doors open.\nCould This Happen to You at Home? Ransomware most commonly targets businesses, hospitals, schools, and government agencies — organizations with money to pay and urgent need to recover. But individuals are targeted too, often through:\nClicking a bad link in a phishing email Downloading something from an unofficial or sketchy source Clicking \u0026ldquo;enable macros\u0026rdquo; on a Word document you received unexpectedly If it hits your home computer, it can encrypt your family photos, tax documents, and everything else on your hard drive.\nHow to Protect Yourself Back up your data. This is the single most important thing you can do. If all your files are backed up somewhere separate — an external hard drive kept unplugged when not in use, or a cloud service — ransomware loses its leverage. They can\u0026rsquo;t hold hostage what you already have a copy of.\nDon\u0026rsquo;t click unexpected links or attachments. Refer to my earlier post on spotting phishing emails. Most ransomware starts with a click on something you shouldn\u0026rsquo;t have clicked.\nKeep your software updated. When Windows or your iPhone says there\u0026rsquo;s an update available, install it. I know, I know — nobody likes the update prompts. But those updates frequently patch vulnerabilities that ransomware exploits.\nUse strong, unique passwords with two-factor authentication. Yes, I keep coming back to this. The Colonial Pipeline attack happened because of one old account with a weak password and no 2FA. The basics matter.\nBottom line: Ransomware is digital kidnapping — it holds your files hostage until you pay up. The defense isn\u0026rsquo;t complicated: back up your important files, be careful what you click, keep your software updated, and use good passwords with two-factor authentication. Do those four things and you\u0026rsquo;ve closed the doors criminals depend on most.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-05-25-what-is-ransomware/","summary":"In 2021, a ransomware attack shut down a pipeline and caused gas shortages across the East Coast. Here\u0026rsquo;s what ransomware is, how it works, and what you can do to protect yourself.","title":"What Is Ransomware — and Could It Happen to You?"},{"content":"You probably change the batteries in your smoke detectors when daylight saving time rolls around. It\u0026rsquo;s a once-a-year habit that takes five minutes and could save your life. Your digital security deserves the same treatment.\nI\u0026rsquo;m not talking about anything complicated here. This isn\u0026rsquo;t an all-day project. Below is a straightforward checklist — things anyone can do, no technical background required — that dramatically reduces your risk of becoming a victim of identity theft, account takeover, or fraud.\nSet aside 20-30 minutes. Pour a coffee. Let\u0026rsquo;s do this.\nStep 1: Check If Your Email Has Been Exposed Go to haveibeenpwned.com and type in your email address. This free, legitimate service (run by a well-known security researcher) tells you if your email address appeared in any known data breach.\nAs of early 2026, the site tracks over 12 billion records from nearly 1,000 breached websites. If your email shows up, it doesn\u0026rsquo;t mean you\u0026rsquo;ve been hacked — but it does mean the password you used at that breached site should be changed immediately, especially if you use it anywhere else.\nDo this for every email address your family uses.\nStep 2: Update Passwords on Your Most Important Accounts You don\u0026rsquo;t need to update every password — just the ones that matter most. Work through this list:\nEmail accounts (these are the master keys — prioritize these) Banking and financial accounts Social media accounts Your Amazon, Apple ID, or Google account If you use a password manager (see my post on why you should), use it to generate new, unique passwords for each. If you don\u0026rsquo;t have one yet — today\u0026rsquo;s a good day to start.\nStep 3: Review App Permissions on Your Phone Both iPhones and Android phones let you see which apps have access to your location, camera, microphone, and contacts. It\u0026rsquo;s worth checking once a year because apps accumulate permissions quietly over time.\niPhone: Settings → Privacy \u0026amp; Security → review each category (Location Services, Microphone, Camera, etc.) Android: Settings → Privacy → Permission Manager Ask yourself: does this flashlight app really need access to my microphone? If the answer is no, revoke it.\nStep 4: Check Your Social Media Privacy Settings Social media platforms quietly adjust their privacy settings over time — often in the direction of sharing more. Take a few minutes to check:\nWho can see your posts? (Friends only is usually the right answer) Is your phone number or birthday publicly visible? (It shouldn\u0026rsquo;t be) Are you tagged in photos anyone can see? What apps have you authorized to connect to your Facebook, Google, or Apple account? That last one is a sleeper. You may have connected apps years ago that you\u0026rsquo;ve completely forgotten about — and they may still have access to your account data.\nStep 5: Freeze Your Credit (If You Haven\u0026rsquo;t Already) I\u0026rsquo;ve written a full post on how to do this, but the short version: freezing your credit at all three bureaus (Experian, TransUnion, Equifax) is free and prevents anyone — including a thief who has your Social Security Number — from opening new credit in your name.\nIf you haven\u0026rsquo;t done this, it\u0026rsquo;s the highest-value 15 minutes you\u0026rsquo;ll spend all year.\nStep 6: Make Sure Two-Factor Authentication Is On Check that your most important accounts have two-factor authentication enabled. If you\u0026rsquo;re not sure what that is or how to set it up, I\u0026rsquo;ve got a whole post on it.\nAt a minimum: email, banking, and social media accounts.\nThat\u0026rsquo;s it. You don\u0026rsquo;t have to do all of this in one sitting. Even knocking out two or three steps moves you significantly ahead of the average person — and criminals, like most predators, tend to go for easy targets.\nBottom line: Think of this like an annual physical for your digital life. You\u0026rsquo;re not trying to become unhackable; you\u0026rsquo;re just making yourself a harder target than the person who did nothing. Pick a date — maybe the first of the year, or when the clocks change — and make it a habit.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-05-18-annual-family-security-checkup/","summary":"You change the batteries in your smoke detectors once a year. Here\u0026rsquo;s the digital equivalent — a simple checklist to keep your family safer online.","title":"The 5-Minute Security Checkup Every Family Should Do Once a Year"},{"content":"The email looks completely legit. Your bank\u0026rsquo;s logo is right there. The colors match. The email address looks official. It says there\u0026rsquo;s suspicious activity on your account and you need to verify your information immediately or your account will be locked.\nYou\u0026rsquo;re being phished.\nPhishing is when a criminal impersonates a trusted organization — your bank, Amazon, the IRS, Microsoft, even your boss — to trick you into giving up your login credentials, your credit card number, or access to your computer. It\u0026rsquo;s the oldest trick in the digital playbook, and it\u0026rsquo;s only gotten more sophisticated. In 2025, Business Email Compromise phishing scams alone caused $2.77 billion in losses in the United States.\nThe reason phishing works is simple: it exploits human nature. Urgency, fear, authority — these are emotional levers that short-circuit rational thinking. When you\u0026rsquo;re worried your bank account is being locked, you stop thinking critically and start clicking.\nHere\u0026rsquo;s how to slow down and spot the trick.\nRed Flag #1: Urgency and Fear \u0026ldquo;Your account will be suspended in 24 hours.\u0026rdquo; \u0026ldquo;Unusual activity has been detected. Verify now.\u0026rdquo; \u0026ldquo;Your package cannot be delivered. Confirm your address immediately.\u0026rdquo;\nLegitimate organizations almost never send emails that demand immediate action under threat of consequences. This urgency is manufactured to get you to act before you think.\nThe rule: The more urgent an email feels, the more suspicious you should be.\nRed Flag #2: The \u0026ldquo;From\u0026rdquo; Address Doesn\u0026rsquo;t Match Look carefully at the actual email address the message came from — not just the display name. Criminals can make the display name say \u0026ldquo;Chase Bank\u0026rdquo; or \u0026ldquo;Amazon\u0026rdquo; while the actual address is something like support@chase-accounts-secure.net or amazon-billing@xyzabc.ru.\nThe rule: Hover over or tap the sender\u0026rsquo;s name to reveal the real email address. If it doesn\u0026rsquo;t end in the company\u0026rsquo;s actual domain (chase.com, amazon.com), it\u0026rsquo;s not from them.\nRed Flag #3: Suspicious Links Before you click any link, hover your mouse over it (on a phone, press and hold). The actual web address will appear. If the email claims to be from your bank but the link points to banksecurelogin.xyz or chase.accounts.verify.net — those are fakes.\nA real Chase email links to chase.com. Not chase-secure.com, not chase.verify-accounts.net. Just chase.com.\nThe new trick to watch for: Criminals are now embedding QR codes in phishing emails because traditional email filters don\u0026rsquo;t scan them. If an unsolicited email asks you to scan a QR code to \u0026ldquo;verify your account\u0026rdquo; — don\u0026rsquo;t.\nRed Flag #4: Generic Greetings \u0026ldquo;Dear Customer\u0026rdquo; or \u0026ldquo;Dear Account Holder\u0026rdquo; is a red flag. Your bank knows your name. Amazon knows your name. If they\u0026rsquo;re emailing you about your account, they\u0026rsquo;ll use it.\nRed Flag #5: They\u0026rsquo;re Asking for Information You\u0026rsquo;d Never Email No legitimate bank, government agency, or company will ask you to reply to an email with your password, Social Security Number, or credit card number. Ever. Full stop.\nThe Simple Rule: Go Around the Email Here\u0026rsquo;s the single most reliable thing you can do: don\u0026rsquo;t click the link in the email. Instead, open a new browser tab and go directly to the company\u0026rsquo;s website by typing the address yourself (or using a bookmark). Log in from there.\nIf there\u0026rsquo;s really a problem with your account, you\u0026rsquo;ll see it when you log in normally. If there\u0026rsquo;s nothing there, the email was fake.\nBottom line: When an email triggers a sense of urgency or fear, treat that feeling as a warning sign, not a call to action. Slow down, look at the actual sender address, don\u0026rsquo;t click suspicious links, and when in doubt — go directly to the website yourself rather than trusting a link in an email.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-05-11-how-to-spot-a-phishing-email/","summary":"Phishing emails have gotten frighteningly convincing. Here\u0026rsquo;s how to recognize the tricks before you click something you\u0026rsquo;ll regret.","title":"Is That Email Really from Your Bank? How to Spot a Phishing Attack"},{"content":"Imagine you came home one day to find that your house key had been copied. A stranger has an exact duplicate — but when they try to walk in, they find a dead bolt. A second lock that requires something completely different to open.\nThat\u0026rsquo;s exactly what two-factor authentication (2FA) does for your online accounts.\nYour password is the first lock. Two-factor authentication adds a second one. And increasingly, that second lock is what stands between a criminal and your email, your bank, or your social media accounts.\nWhy Your Password Alone Isn\u0026rsquo;t Enough Data breaches happen constantly. In just the first quarter of 2026, there were 486 breach events and over 72 million people were notified that their passwords were exposed. Even if your password is strong and unique, the company holding your password can be breached — and suddenly your credential is in a criminal\u0026rsquo;s hands through no fault of your own.\nOnce someone has your password, without 2FA, they\u0026rsquo;re in. Game over.\nWith 2FA enabled, they need a second thing — usually a temporary code that only you can receive. They have your password but not your phone. Locked out.\nHow It Works After you enter your password on a website, 2FA sends you (or generates for you) a short, time-sensitive code. You enter that code as the second step. The code expires after about 30 seconds, so even if someone intercepts it, it\u0026rsquo;s useless almost immediately.\nThere are two main ways to receive that code:\nSMS text message — A code is texted to your phone. This is better than nothing, but it has weaknesses. Criminals have successfully stolen people\u0026rsquo;s phone numbers in a scheme called SIM swapping, where they convince your mobile carrier to transfer your number to their device. In December 2024, federal agencies warned that major telecom breaches had exposed unencrypted text messages to hackers. So: SMS 2FA is okay, but not ideal.\nAuthenticator app — An app on your phone generates codes locally, without sending them anywhere. There\u0026rsquo;s nothing to intercept. This is the better option, and I strongly recommend it.\nWhich Authenticator App Should You Use? Two good free options:\nGoogle Authenticator — Simple, clean, gets the job done Authy — Slightly more feature-rich; allows backups if you lose your phone (important!) Setting it up on a website takes about two minutes. Go to the security settings of the account, look for \u0026ldquo;Two-Factor Authentication\u0026rdquo; or \u0026ldquo;Multi-Factor Authentication,\u0026rdquo; select \u0026ldquo;authenticator app,\u0026rdquo; and scan a QR code with your phone. That\u0026rsquo;s it.\nWhich Accounts Should You Protect First? Not every account needs 2FA, but these absolutely do:\nEmail — This is the master key. If someone controls your email, they can reset every other password you have. Protect this one above all else. Banking and financial accounts Social media accounts — Hijacked social accounts are used to scam your friends and family Work accounts and anywhere with sensitive personal data A Quick Note for Teachers and Schools If you work in a school, your email account may contain student records, parent contact information, and sensitive communications. School districts have been increasingly targeted by hackers precisely because security in education tends to lag behind. Turn on 2FA for your work account today — and ask your IT department if it isn\u0026rsquo;t already required.\nBottom line: Two-factor authentication is free, takes two minutes to set up, and makes your accounts dramatically harder to break into. Start with your email account and your bank. Do it today.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-05-04-two-factor-authentication/","summary":"A password alone isn\u0026rsquo;t enough anymore. Two-factor authentication is like adding a dead bolt — even if someone has your key, they still can\u0026rsquo;t get in.","title":"Two-Factor Authentication: The Dead Bolt for Your Online Accounts"},{"content":"Let me guess: you have a handful of passwords you cycle through, maybe with a \u0026ldquo;1\u0026rdquo; or \u0026ldquo;!\u0026rdquo; tacked on the end when a site forces you to add a number or symbol. Sound familiar?\nYou\u0026rsquo;re not alone. Research shows that 94% of leaked passwords are reused or duplicated across multiple accounts. In other words, nearly all of the passwords exposed in data breaches are ones people use everywhere. And in 2026 alone, 16 billion credentials were exposed online — affecting accounts at Google, Facebook, Apple, and more.\nHere\u0026rsquo;s the cold math: if you use the same password for your email, your bank, and that random recipe website you signed up for in 2014 — and that recipe site gets hacked — the criminals now have your email and bank password too. This is called credential stuffing, and it\u0026rsquo;s automated. Bots try your stolen username and password against hundreds of sites in seconds.\nThe Lock and Key Problem Think about your house keys. You don\u0026rsquo;t use the same key for your front door, your car, your office, and your safe deposit box. Each lock is different because if someone copies your car key, you don\u0026rsquo;t want them getting into your house.\nPasswords should work the same way. Every account should have a unique, strong password — one that can\u0026rsquo;t be easily guessed and that, if stolen, can\u0026rsquo;t be used anywhere else.\nThe problem? A truly secure password looks like K7#mQp!vX2@nLr94 — which is not something a human brain can generate or remember 50 times over.\nThat\u0026rsquo;s exactly what a password manager does for you.\nWhat Is a Password Manager? A password manager is an app that generates long, random, unique passwords for every site you use — and then remembers them all for you. You only need to remember one master password to unlock the manager itself. From there, it fills in your passwords automatically when you log in anywhere.\nThink of it like a super-secure safe that remembers every combination for every lock you own. You carry the safe; it does the remembering.\nWhich One Should You Use? There are a lot of options, but here are two I recommend:\nBitwarden — Free, open-source, and excellent. This is what I recommend for most people. \u0026ldquo;Open-source\u0026rdquo; means the code is publicly reviewed by security experts, so there are fewer places for hidden tricks. The free tier covers everything you need.\n1Password — A paid option (around $3/month) with a polished interface that many people find easier to set up, especially for families. It has a great feature that monitors your saved accounts for known data breaches.\nGetting Started Is Easier Than You Think Download Bitwarden or 1Password and create an account Install the browser extension on your computer The next time you log into a website, let the manager save your password When it\u0026rsquo;s time to update a password, use the manager\u0026rsquo;s built-in generator to create a new random one Over a few weeks, you\u0026rsquo;ll naturally update your most important accounts You don\u0026rsquo;t have to do it all at once. Start with the accounts that matter most — email, banking, and anything tied to a payment method.\nOne critical tip: Your master password — the one that unlocks the manager itself — should be something you can memorize, long, and used nowhere else. Consider a passphrase: a string of four or five random words like correct-horse-battery-staple. Easy to remember, very hard to crack.\nBottom line: A password manager is the single best thing you can do for your online security today. It sounds nerdy, but so does locking your front door. Use a unique password for every account — and let the manager remember them for you.\n","permalink":"https://www.digitalsheepdog.com/posts/2026-04-27-you-need-a-password-manager/","summary":"If you\u0026rsquo;re reusing the same passwords across multiple sites, a data breach anywhere puts you at risk everywhere. A password manager fixes this — and it\u0026rsquo;s easier than you think.","title":"You Need a Password Manager. Here's Why."},{"content":"I originally wrote and posted this back in 2017 on my other blog. I recently moved the post here.\nWhen my mom passed away several years ago, I inherited two cemetery plots at the Mount Olivet Cemetery in Nashville. I\u0026rsquo;ve been trying to sell them (with no success) on Craigslist for the past few years. Every few months I would renew the ad, and usually within a few days I would get contacted by someone expressing interest. These were always scammers. The last time I did this, the same thing happened.\nMike Jones (Tue, May 30, 2017 — via Craigslist)\nHello, In regards to your ad do you still have the Lot for sale? What the actual price you sell to me? — Mike\nI promptly responded:\nStuart (Tue, May 30, 2017)\nYes, they are still for sale. I\u0026rsquo;m asking $5,000 for both but would negotiate a little bit.\nThis wasn\u0026rsquo;t unusual — I\u0026rsquo;d answered a dozen emails like this over the years. Usually I never hear back. Surprisingly, \u0026ldquo;Mike\u0026rdquo; responded shortly:\nMike Jones\nHi, your email is encrypted by craigslist. Please Provide me with your email address so we email directly. Thanks, Mike\nMy first thought: this guy doesn\u0026rsquo;t understand what \u0026ldquo;encryption\u0026rdquo; means. I figured \u0026ldquo;what the hey\u0026rdquo; and responded with my actual Gmail address. A couple of hours later:\nMike Jones\nThanks for your email, we are in need of the lot for the burial of my father who we lost in England United Kingdom recently, so we decided to bring him for final rest back home here in the state. I will pay your asking price of $5000 and My means of payment is via cashier check. As soon as the check clear in your bank account, then I will bring in the Corpse for the burial and exchange of deed for Approval to Transfer Cemetery Property to our family.\nSend me the details below for the check to be mail out if the procedure is Ok by you.\nName / Address / City / Zip-Code / Country / Cell phone\nI will be waiting for your quick response. Thanks.. Mike\nHopefully you can see how this response immediately got my radar up. A person who claims to have lost his father in the UK wants to bury him in Nashville, TN, and pay via cashier\u0026rsquo;s check. His English is rough, so he\u0026rsquo;s likely a foreigner. And he\u0026rsquo;s willing to pay full price for two plots with no negotiation when he only needs one. Possible this isn\u0026rsquo;t a scam — but not likely. I\u0026rsquo;ll play along.\nStuart\nTo be clear this is for two plots. $5,000 for both. The cemetery location details are in the Craigslist ad. I have no idea what the land square meter is or the landscape area.\nMike Jones (Wed, May 31)\nThanks for your email. the price is okay by me. Provide me with your full names, address and telephone number for making the check payable and mailed out to you. Thanks, Mike\nYeah, this is a scam. But I decided to see how far \u0026ldquo;Mike\u0026rdquo; wanted to go. I sent him my work mailing address (not my home address) and left out my phone number. Then things got really interesting:\nMike Jones\nThanks so much for your email and the address sent to me. The check of $7,900 has been mailed out to you. Do please bear with me with this — My client owing me mail out the check of all the total is was owing me. Once you get the check do take it to your bank and have deposited and it will clear the next day. Once it clears do deduct the amount for the lot which is $5,000 and deduct additional $100 for your running expenses and wire the rest of the fund to casket man details i will provide you once you have the fund.\nDo i entrust you with the wiring of the differences to my casket man?\nNB, PLEASE PROVIDE ME WITH YOUR PHONE NUMBER. — Mike\n\u0026ldquo;What the heck is a \u0026lsquo;casket man\u0026rsquo;\u0026rdquo;? For those unfamiliar, here\u0026rsquo;s how this scam works:\nThe buyer agrees to your asking price, then sends a check for more than you\u0026rsquo;re selling it for. He asks you to wire the difference back to him (or in this case, his \u0026ldquo;casket man\u0026rdquo;). He even provides an explanation: My client who owes me money mailed me a check for the full amount, I\u0026rsquo;ll forward it to you. He even threw in an extra $100 for my \u0026ldquo;running expenses.\u0026rdquo;\nThe scam triggers when he insists you wire the extra funds the day after you deposit the check. The problem: the check is fraudulent. It will bounce — but that takes a couple of days. You wire the money thinking you\u0026rsquo;re keeping the sale price. The check bounces, the bank claws back the full amount, and you\u0026rsquo;re out the money you wired plus a returned check fee. Once a wire goes out, it\u0026rsquo;s very difficult to recover — especially 2–3 days later.\nIn this case: he sends me a bad check for $7,900. I keep $5,100, wire $2,800 to his \u0026ldquo;casket man.\u0026rdquo; Then the check bounces and I\u0026rsquo;m out $2,800. Fortunately, I knew exactly what was happening.\nStuart\nMy phone number is (470) 440-1876. I\u0026rsquo;ll be in a meeting for about another hour. But not sure why you need to call me.\nI\u0026rsquo;m a little confused. You\u0026rsquo;re sending me $7,900 instead of $5,000 and you want me to wire the balance back to the casket guy? That sounds complicated. Why don\u0026rsquo;t you just send me a check for $5,000?\n(Quick note: I was not giving this guy my real phone number. That\u0026rsquo;s a \u0026ldquo;burner\u0026rdquo; from the Burner app.)\nMike Jones (Thu, Jun 1 — 2:58 AM)\nThanks for your email.. We are doing business shouldnt i have your phone number so i can call you when payment is with you and also if i need to ask you questions? that why i requested for your number. Also i am a man of God and this is legit. Please tell other interested buyers it has been sold and also pull down the ad off Craigslist.. Let me know once the ad is pull down.\nSo he tried to guilt me, assured me he\u0026rsquo;s honest, and wanted me to pull the listing. Classic. A few more emails followed, then this one:\nMike Jones (Mon, Jun 5 — 6:50 AM)\nThe check of $7,900 has been mailed out to you and will be delivered via USPS courier service. Here is the tracking number: 9405501699320119840804. Once you get it, deduct $5,000 for the lot and $100 for your running expenses and wire the rest ($2,800) to my casket man. Once you get the check, do take it to your bank and have it DEPOSITED. Once deposited it will clear the next day — or if you have the casket man amount in your account already, withdraw it immediately and proceed to wiring. Once you get the check, do notify me, and also once deposited so i can give you the instructions immediately.\nThanks, Mike\nI checked the tracking number — it was legitimate. He paid extra for Priority Mail. I worked from home Monday and wasn\u0026rsquo;t in the office for delivery. He texted my burner number to remind me, then called (I let it go to voicemail), then emailed me again. He was itching to get his money.\nOn Tuesday I found the USPS envelope at my desk. At least this guy was out about $7 for two-day Priority Mail. The return address showed \u0026ldquo;Bros Inc, 9131 SW Urish Rd, Auburn, KS 66402\u0026rdquo; — the middle of rural Kansas on Google Maps. I suspected that wasn\u0026rsquo;t \u0026ldquo;Mike Jones\u0026rsquo;\u0026rdquo; real address.\nInside the envelope was a single cashier\u0026rsquo;s check for $7,900. I looked up the ABA routing number for Mountain America Federal Credit Union — it didn\u0026rsquo;t match the number on the check. I called their fraud department and explained the situation.\nThe agent asked: \u0026ldquo;What color is the check?\u0026rdquo;\n\u0026ldquo;Light blue,\u0026rdquo; I said.\nWithout hesitation: \u0026ldquo;Yeah, that\u0026rsquo;s a fraudulent check.\u0026rdquo;\nSo I had a decision: string him along a bit more, or call him out now? I decided to string him along.\nStuart (Tue, Jun 6 — 5:01 PM)\nThe check arrived. I\u0026rsquo;ll deposit it in the ATM and then let you know when it clears. Where do you want me to wire the balance?\nStuart (5:13 PM)\nAlso I need your mailing address so I can transfer the deeds to the cemetery plots to you.\nStuart (6:04 PM)\nWho is Victoria Ann Hill?\nMike Jones (Wed, Jun 7 — 12:42 AM)\nThanks for your email. first thing this morning go withdraw the casket man fund which is $2,800 and follow the instructions i will give you. did you made the deposit yesterday and Victoria Ann is the Remitter of the Check. Is there Any Bank of America near you. Awaiting your email. Mike\nThen he started texting:\nMike (1:15 AM): Victoria ann is the remitter of the check.. the client I told you about\u0026hellip; Have you deposited the check? pls ur urgent response is needed from this moment so we can finalise this..\nMike (10:30 AM): Morning.. the check already cleared your bank.. you can check ur balance online to confirm\nStuart: I did. It\u0026rsquo;s still showing as a \u0026ldquo;hold.\u0026rdquo;\nMike: it will clear today. just keep checking\nStuart (12:30): Will do. What are the wiring instructions? And do you want to meet so I can sign over the property deed?\nMike: I will get the details for wiring it to you later today.. also I will meet up with you on Friday or Saturday so you can give me the deed.. Just withdraw cash and you have it deposited into the account details I will give u. Some amount already available when you deposited the check right?\nStuart (1:45): No. The bank didn\u0026rsquo;t give me any credit for the cashier\u0026rsquo;s check. I called and they said the policy is to give partial credit to accounts in good standing after one year. I\u0026rsquo;ve only had this account for about 5 months. So the check is on hold until it clears.\nMike: Which Bank do you bank with? well in less than 2 to 3 hours check and you see it cleared\nStuart: A local credit union. I\u0026rsquo;ll check again later. Email me the details on wiring or where you want to meet — I\u0026rsquo;ll be in Nashville this weekend and can meet you at Mount Olivet with the cash and the deed.\nMike: you have to send the cash to the casket man to start preparation\u0026hellip; I will provide u with his account and u go deposit the cash into it and snap me the deposit slip. credit union don\u0026rsquo;t delay with clearing so am certain the fund will hit the account in some hours. I use to be a bankr (He used to be a banker, eh? Right.)\nStuart: Where do I wire the money?\nMike: Bank of America. I have explained to u. Do you have the cash now? (Missed call — I ignored it)\nMike: Don\u0026rsquo;t know what wrong with your phone. When I call it already charging me without u picking up. Is there another number I can reach u on (Note: he must be using a prepaid phone — these calls and texts are costing him money. Nice. :))\nStuart: I can\u0026rsquo;t just walk into a Bank of America and say \u0026ldquo;here is some money.\u0026rdquo; Where exactly do I send it? Sorry my phone is acting up. This is my only number.\nAt a few minutes after 5 PM, I\u0026rsquo;d had enough fun. Time to end it.\nStuart (Wed, Jun 7 — 8:19 PM — Subject: We have a problem\u0026hellip;)\nI\u0026rsquo;m not sure what kind of trick you\u0026rsquo;re trying to pull with me, but I just called my credit union and the check you sent was returned. They charged me a $25 returned check fee. The check isn\u0026rsquo;t valid. The routing number doesn\u0026rsquo;t match Mountain America Federal Credit Union.\nWhat the heck is going on here?????\nHis response made me laugh out loud:\nMike Jones\nThat not possible\nMy final message:\nStuart\nNot only is it possible, it\u0026rsquo;s reality. I called Mountain America Credit Union. The agent asked me what color the check was. I told him and he said without hesitation \u0026ldquo;that\u0026rsquo;s a fraudulent cashier\u0026rsquo;s check.\u0026rdquo; It\u0026rsquo;s not their routing number on the check. You, my friend, sent me a fraudulent check.\nSo. Mike Jones of Auburn, Kansas, if that\u0026rsquo;s who you really are — you wanna stop playing games and tell me what you\u0026rsquo;re up to?\nHe never responded. I suppose this scammer moved on to other victims. Hopefully this is a good example of why you should be cautious when dealing with anonymous folks online.\nA few tips:\nNever accept payment for more than your asking price. If someone says to wire back extra funds after depositing their check — it\u0026rsquo;s a scam. If anyone pays by check, including a cashier\u0026rsquo;s check, call the issuing bank to verify it before you do anything with it. When meeting someone in person to complete an online sale, meet in a public location. Your local police station parking lot is a great option. ","permalink":"https://www.digitalsheepdog.com/posts/2021-07-28-unfolding-of-a-scam/","summary":"A step-by-step account of a classic cashier\u0026rsquo;s check overpayment scam — with the full email and text exchange.","title":"Unfolding of a Scam"},{"content":"Every time I pay attention to the news, it seems there is an announcement about another major data breach. I often get questions from friends, family, and others about what one should do. My best advice: freeze your credit!\nWhat I have discovered is that many folks don\u0026rsquo;t understand exactly what this means, what it doesn\u0026rsquo;t mean, or how it works.\nWhat a Credit Freeze Is Very simply, a credit freeze prevents anyone from accessing your credit report from any of the three U.S. credit reporting agencies (CRAs): Experian, TransUnion, and Equifax.\nWhen you want to apply for credit — a credit card, personal loan, auto loan, mortgage, etc. — the lender will pull a copy of your credit report from one (or more) of the CRAs. A credit freeze prevents them from pulling your credit report.\nAdditionally, a credit freeze prevents a cyber criminal who has obtained your personal information (name, address, date of birth, Social Security Number) from opening new credit accounts in your name.\nWhen you legitimately want to apply for credit, you can temporarily lift the freeze using your online account at each CRA\u0026rsquo;s website. All three CRAs allow you to do a temporary unfreeze for a defined period of time — a day, a week, etc.\nWhat a Credit Freeze Is Not A credit freeze does not affect any accounts you currently have open. Your credit cards, bank accounts, home equity line of credit, and similar accounts continue to work exactly as they always have. You can make charges, payments, and conduct transactions normally. You simply cannot open any new accounts, even with the same company.\nHow Do I Freeze and Unfreeze My Credit? Freezing and unfreezing your credit is a straightforward process, and it is completely free — federal law requires all three credit bureaus to provide this service at no charge.\nThe easiest way is online via each CRA\u0026rsquo;s website. You\u0026rsquo;ll create an account with each bureau and use that account to manage your freeze going forward.\nTip: When applying for credit, ask the lender which CRAs they use, then only unfreeze your credit at that specific agency. It saves time.\nExperian Go to the Experian Security Freeze Center Create an account or log in Select \u0026ldquo;Add a security freeze\u0026rdquo; Follow the on-screen steps. You\u0026rsquo;ll need your name, address, and Social Security Number. TransUnion Go to the TransUnion Credit Freeze page Create an account with a username and strong password Select the option to freeze your credit Use this same account to manage future freezes and unfreezes — consider storing the login in a password manager Equifax Go to the Equifax Security Freeze page Create a myEquifax account if you don\u0026rsquo;t already have one Select \u0026ldquo;Add a Security Freeze\u0026rdquo; Log into your account any time you need to lift or reinstate the freeze I hope this is helpful and that you\u0026rsquo;ll take the opportunity to freeze your credit. And don\u0026rsquo;t forget about your spouse and children — the CRAs offer options to freeze your minor child\u0026rsquo;s credit as well, which you shouldn\u0026rsquo;t overlook. Children are common targets of identity theft precisely because no one is watching their credit.\n","permalink":"https://www.digitalsheepdog.com/posts/2020-12-16-guide-to-credit-freeze/","summary":"Freezing your credit is the single best thing you can do after a data breach. Here\u0026rsquo;s exactly how to do it at all three bureaus.","title":"Guide to Credit Freeze"},{"content":"Every time you type a website address into your browser — like \u0026ldquo;google.com\u0026rdquo; or \u0026ldquo;amazon.com\u0026rdquo; — your computer doesn\u0026rsquo;t actually know where that website lives. It has to look it up first. That lookup is handled by something called DNS, or Domain Name System.\nThink of DNS like the phone book of the Internet. Just like a phone book translates a person\u0026rsquo;s name into their phone number, DNS translates a website name into the numerical address your computer needs to actually connect to it. This happens automatically, every single time you visit a website, and it\u0026rsquo;s completely invisible to you.\nWhy Does DNS Matter for Your Family\u0026rsquo;s Safety? Here\u0026rsquo;s the important part: by default, your Internet provider controls which DNS service your home uses. And most ISPs use a basic DNS service that does nothing to protect you — it will happily look up the address of a malware site or an adult website just as readily as it looks up Google.\nBut you can change that. There are free DNS services specifically designed to block dangerous and objectionable content before it ever reaches your devices. When a device on your network tries to visit a malicious or blocked site, the DNS service simply doesn\u0026rsquo;t return an address — so the connection never happens.\nThis is especially effective against certain types of malware, including ransomware, which needs to \u0026ldquo;phone home\u0026rdquo; to a criminal\u0026rsquo;s server to do its damage. Block that lookup, and the malware can\u0026rsquo;t function.\nFree DNS Services Worth Using Cloudflare for Families is a free service from Cloudflare, one of the most trusted names in Internet security. It comes in two flavors:\nBlock malware only: use 1.1.1.2 (primary) and 1.0.0.2 (secondary) Block malware and adult content: use 1.1.1.3 (primary) and 1.0.0.3 (secondary) More details are on Cloudflare\u0026rsquo;s website.\nOpenDNS is a free service from Cisco that offers similar protection and additional customization options. Their DNS servers are 208.67.222.222 and 208.67.220.220. You can learn more at the OpenDNS website.\nHow Do You Change It? The best place to make this change is on your home router, so every device on your network — phones, tablets, laptops, smart TVs — is automatically protected without you having to configure each one individually.\nEvery router is a little different, but the general steps are:\nLog into your router\u0026rsquo;s admin page (usually by typing 192.168.1.1 or 192.168.0.1 into your browser) Look for a section called \u0026ldquo;DNS\u0026rdquo;, \u0026ldquo;WAN Settings\u0026rdquo;, or \u0026ldquo;Internet Settings\u0026rdquo; Replace the existing DNS addresses with the ones above Save and restart your router If you\u0026rsquo;re not sure how to do this for your specific router, search Google for \u0026ldquo;change DNS on [your router brand]\u0026rdquo; and you\u0026rsquo;ll find step-by-step instructions. Cloudflare also offers setup guides for most common routers and devices.\nBottom line: Changing your DNS takes about five minutes and costs nothing. It\u0026rsquo;s one of the single easiest things you can do to improve your family\u0026rsquo;s safety online.\n","permalink":"https://www.digitalsheepdog.com/posts/2020-09-13-dns-what-it-is-and-why-you-should-change/","summary":"DNS is the phone book of the internet — and switching to a security-focused DNS service is one of the easiest ways to protect your family online.","title":"DNS: What It Is and Why You Should Change It"},{"content":"When you sign up for Internet service, your Internet Service Provider (ISP) will send you a consumer-grade router which often also functions as a wireless router. For most people, this device is \u0026ldquo;good enough\u0026rdquo; from a security perspective. But I would like to suggest investing in your own network equipment. This has several advantages.\nCost Many ISPs charge a monthly \u0026ldquo;rental\u0026rdquo; fee for a router. While this charge may seem small, even $5 per month adds up to $120 over the course of 2 years. Having your own equipment may actually save money over the long term.\nFlexibility Having your own router gives you the flexibility to change internet service without having to reconfigure your internal network and can reduce \u0026ldquo;down time\u0026rdquo; if you change ISPs. If you use the router supplied by your ISP and you get new internet service, you will have to install a new router — set up wireless settings (including your network name and password), reconfigure other network settings, and do all of this on an unfamiliar device.\nConversely, if you have your own router, when your new ISP sets up service, all you have to do is unplug your router from your old ISP\u0026rsquo;s modem and plug it into your new ISP\u0026rsquo;s modem.\nSecurity This is where owning your own router really pays off. The router your ISP provides is designed to be simple, not secure — and it often locks you out of settings that matter. With your own router, you get full control, including:\nGuest WiFi network — Create a separate network for visitors, smart TVs, and other devices so they can\u0026rsquo;t access your computers and phones even if one of them gets compromised. Parental controls — Block specific websites or categories of content for devices used by your children, right at the router level, so it applies to every device on your network. DNS control — Change your DNS settings to a security-focused service that automatically blocks malware and objectionable websites. (I have another post explaining exactly how to do this.) These features exist on many affordable routers you can buy yourself — but are often unavailable or hidden on the router your ISP hands you.\nBottom line: I strongly recommend you purchase your own router. The security benefits alone make it worth it, and you\u0026rsquo;ll likely save money over time compared to paying a monthly rental fee.\n","permalink":"https://www.digitalsheepdog.com/posts/2020-06-14-home-network-equipment/","summary":"Your ISP\u0026rsquo;s router is \u0026lsquo;good enough\u0026rsquo; — but owning your own is better for security, flexibility, and your wallet.","title":"Home Network Equipment"},{"content":"One can\u0026rsquo;t pick up a newspaper, read a magazine, or go to their favorite news website without hearing, almost weekly, about some data breach. While attackers do go after the \u0026ldquo;big fish\u0026rdquo; (large companies with lots of people\u0026rsquo;s personal data, credit card information, etc.), they also attack individuals — and this happens much more frequently than we may realize.\nWhen an individual has their identity stolen, money taken from their bank account, has their email account compromised, or their computer infected with ransomware, this rarely (if ever) makes the news. According to the online privacy company Life Lock, some 60 million Americans have been affected by identity theft. Reports show that ransomware is the number three most common malware infection and it cost businesses $75 billion in 2018. Hundreds of thousands of businesses and individuals have their email accounts compromised every year.\nWe live in a digital age, with millions of devices connected to the Internet. Computers, smartphones, tablets, even our TVs, music players, and refrigerators are connected to the Internet. All these digital devices and online accounts pose a significant risk if we don\u0026rsquo;t take steps to protect ourselves and our loved ones.\nThis is why everyone should learn to be a digital sheepdog!\nMy hope is this blog will be informative and help the average, non-technical individual to be smarter about their online activities, smarter about how they protect their home network and connected devices, and smarter about how they keep their digital information safe and secure.\n","permalink":"https://www.digitalsheepdog.com/posts/2020-09-09-why-should-you-be-a-digital-sheepdog/","summary":"Identity theft, ransomware, and compromised accounts affect millions every year — here\u0026rsquo;s why everyone should take steps to protect themselves online.","title":"Why Should You Be a Digital Sheepdog?"},{"content":"Coming soon — a curated list of security tools, recommended products, and links for keeping your family safe online.\n","permalink":"https://www.digitalsheepdog.com/resources/","summary":"\u003cp\u003e\u003cem\u003eComing soon — a curated list of security tools, recommended products, and links for keeping your family safe online.\u003c/em\u003e\u003c/p\u003e","title":"Resources"},{"content":"My name is Stuart. I currently work as a security architect for a large, Fortune 100 company. My current areas of focus include cloud security, cryptography and post-quantum encryption, and AI security.\nI have over 25 years of professional experience in the Information Security field for both the Department of Defense and the private sector, including work as a contractor for the Army in an information assurance and intelligence role. Prior to my career in cybersecurity, I spent 11 years in the United States Army, serving at duty stations around the world and in combat operations in the Middle East. I regularly speak at security conferences and events around the country on a wide range of technology and cybersecurity topics.\nI hold a Bachelor\u0026rsquo;s in Management Information Systems, a Master\u0026rsquo;s in Cyber Security, and a Master\u0026rsquo;s in Theological Studies, all from Liberty University. My certifications include CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager).\nWhen I\u0026rsquo;m not doing computer geek/cybersecurity stuff, I officiate men\u0026rsquo;s college and high school lacrosse, boys youth baseball, and enjoy riding motorcycles.\n","permalink":"https://www.digitalsheepdog.com/about/","summary":"\u003cp\u003eMy name is Stuart. I currently work as a security architect for a large, Fortune 100 company. My current areas of focus include cloud security, cryptography and post-quantum encryption, and AI security.\u003c/p\u003e\n\u003cp\u003eI have over 25 years of professional experience in the Information Security field for both the Department of Defense and the private sector, including work as a contractor for the Army in an information assurance and intelligence role. Prior to my career in cybersecurity, I spent 11 years in the United States Army, serving at duty stations around the world and in combat operations in the Middle East. I regularly speak at security conferences and events around the country on a wide range of technology and cybersecurity topics.\u003c/p\u003e","title":"About Me"}]