ClickFix: How Hackers Borrow Trust Instead of Stealing It

ClickFix: How Hackers Borrow Trust Instead of Stealing It

What if the website wasn't fake — but the message it showed you was? In this episode of SipCyber, Jen Lotze stops into City on a Hill Coffee in Leadville, CO, where the Colorado Rockies rise just outside the window and a hazelnut latte sets the scene for a conversation about one of the most effective cyberattack campaigns in recent memory.  Cybersecurity researchers uncovered a massive ClickFix malware operation targeting more than 700 education and technology websites — not fake sites, real and trusted ones. Visitors were greeted by a familiar-looking verification screen, asked to prove they were human, and then walked step-by-step into installing malware themselves. No software exploit required. Just trust — and a message that felt routine.  A side trip to Leadville's straightforwardly named "The Tattoo Shop" becomes an unexpected lens on how trust is built online, how attackers exploit it, and the one question that can protect you: Is this really what it claims to be?  Key Topics Covered:   * What the ClickFix malware campaign is and how it spread across 700+ legitimate websites   * Why real, trusted sites are more dangerous attack surfaces than fake ones   * How fake CAPTCHA screens trick users into running malicious commands themselves  *  The psychology of borrowed trust — and why it's so effective   * One grounding question to ask before you follow any online instruction  ☕ Featured Coffee Shop: City on a Hill Coffee, Leadville, CO 🍵 Jen's Order: Hazelnut latte  The most dangerous attacks don't feel dangerous. Subscribe for weekly cybersecurity insights from coffee shops across the country — and share this with anyone who's ever clicked "I'm not a robot."  #Cybersecurity #ClickFix #Malware #SocialEngineering #CyberAwareness #InfoSec #CyberSafety #SipCyber #Phishing #TrustAttacks #DigitalSafety #SecurityTips #CyberEducation

One Daily Habit That Makes Hackers' Jobs Harder

Confidence isn't something you find — it's something you build, one skill at a time. In this episode of SipCyber, Jen Lotze visits Bitty and Beau's Coffee in Charleston, SC, a shop with a mission as meaningful as its coffee: creating employment opportunities for people with intellectual and developmental disabilities. That spirit of empowerment carries straight into the cybersecurity conversation.  This month, Microsoft released fixes for more than 200 security vulnerabilities in a single Patch Tuesday — one of the largest update releases in the company's history. It sounds overwhelming. It's not. Jen breaks down what these patches actually mean, why most security failures aren't technical failures, and the one simple habit that closes more gaps than most people realize: restarting your computer every day.  No advanced IT knowledge required. Just a small, consistent action — and maybe a good cup of coffee.  Key Topics Covered:   * What Microsoft's record-breaking June Patch Tuesday actually means for everyday users   * Why security updates don't fully protect you until you reboot   * The real reason most people get compromised (hint: it's not a lack of expertise)   * A dead-simple daily habit that strengthens your security posture   * Bonus tip: how to restore all your browser tabs after a restart (no more excuses)  ☕ Featured Coffee Shop: Biddy and Bo's Coffee, Charleston, SC  Small actions, big results. Subscribe for weekly cybersecurity tips from the best coffee spots across the country — and share this with the person on your team who hasn't restarted their laptop in six months.  #Cybersecurity #PatchTuesday #Microsoft #CyberHygiene #SoftwareUpdates #InfoSec #CyberSafety #SipCyber #DigitalSecurity #SecurityAwareness #SmallBusiness #CharlestonSC

Your Health App May Not Be HIPAA Protected

In this episode of SipCyber, Jen Lotze settles into The Fox and Pantry in Plymouth, MN — a space so thoughtfully designed it immediately earns your trust — and uses that feeling as the perfect lens for a conversation about AI and healthcare privacy. Over a Pineapple Mango Mint Refresher on a blazing Minnesota afternoon, Jen breaks down a growing blind spot: millions of people are using AI tools to interpret health information, but many of those tools aren't subject to HIPAA the same way your provider is.  The app looks secure. The interface feels clinical. But confidence and verification are not the same thing.  Key Topics Covered:   * Why many AI health tools aren't covered by HIPAA — even when they market as "healthcare-focused"   * What to look for in a privacy policy before uploading any medical information   * How polished design creates a false sense of data security   * What business owners need to know when employees use AI with patient or customer data  * The one-minute habit that protects your most personal information  This isn't about avoiding AI — it's about using it with eyes open. Your health history, mental health concerns, and lab results deserve the same scrutiny you'd give any tool handling your most sensitive data.  ☕ Featured Spot: The Fox and Pantry, Plymouth, MN  Don't hand your health data to an app before you know where it goes. Subscribe for weekly cybersecurity insights delivered from the best local spots across the country — and share this with someone who's ever typed a symptom into an AI chatbot.  #HealthcarePrivacy #HIPAA #AIPrivacy #HealthData #Cybersecurity #DataPrivacy #AIHealthcare #InfoSec #SipCyber #DigitalSafety #MedicalData #CyberAwareness #HealthTech

The Digital Footprint You Didn't Know You Were Leaving

Your name. Your city. Your job title. Your relatives' names. It's all out there — and attackers don't need to hack you when they can just look you up.  In this episode of SipCyber, Jen Lotze settles in at Pryes Brewing — brick walls, big windows, the river just outside — with a hop water in hand and something worth saying: most of us spend our lives trying to be known, but online, a little strategic obscurity might be the best defense you've never considered.  The data broker ecosystem is massive, largely invisible, and actively feeding the phishing emails and vishing calls that feel unsettlingly personal. That text that knew your city. That call that referenced your coworker's name. That's not magic — that's aggregated public data being weaponized against you.  Key Topics Covered:   * How attackers use publicly available personal data to manufacture trust   * Why "people search" sites are a threat actor's first stop   * Yael Privacy Lab's data broker opt-out list — free and practical   * The Intel Techniques workbook for manual removal   * Paid services (DeleteMe, Optery) that automate and monitor removals   * How Google's subscription tools can alert you to new exposures  This isn't about going off the grid. It's about being a little harder to find — and a lot harder to fool.  🍺 Featured Spot: Pryes Brewing  You can't control every breach — but you can control how much is floating out there about you. Subscribe for weekly cybersecurity insights from the best local spots across the country, and share this with someone whose name is probably on one of those sites right now.  #DataPrivacy #DataBrokers #OnlinePrivacy #Cybersecurity #PhishingPrevention #DeleteMe #Optery #DigitalFootprint #InfoSec #SipCyber #CyberSafety #PrivacyTools #OSINT

The Illusion of Safe: Instagram, Kids & Vanishing Photos

Temporary doesn't mean safe. In this episode of SipCyber, Jen Lotze stops into Happy Monday and Company in Roseville, MN — a coffee shop born from a mobile cart, built on handmade pottery, good community, and the radical idea that Mondays can actually be worth looking forward to. Over a slow-steeping loose leaf black tea, Jen unpacks Instagram's expanding disappearing message features, including its new Instgram Instance app, and what parents, educators, and digital citizens need to understand before trusting "gone forever."  Because here's the thing: Instagram says screenshots are blocked. But anyone can grab a second phone. And once something is shared digitally, you've handed partial control to someone else — whether you know it or not.  For the younger generation, features like disappearing photos don't feel suspicious. They feel normal. That normalization is exactly why this conversation matters.  Key Topics Covered:   * How Instagram's disappearing photo features (and the new Instance app) actually work   * Why "screenshot-blocked" doesn't mean your content is safe   * The low-tech workaround that defeats every privacy feature  * How to talk to kids about digital trust without creating fear  * The connection between fast digital sharing and misplaced trust online  This isn't about panic. It's about slowing down long enough to think — the same way a good cup of tea asks you to.  ☕ Featured Spot: Happy Monday and Company, Roseville, MN  Think before you share — and subscribe for weekly cybersecurity insights delivered from the best local spots across the country. Pass this one along to any parent, teacher, or anyone with kids on Instagram.  #Instagram #DigitalSafety #DisappearingMessages #SipCyber #CyberSecurity #OnlineSafety #ParentingOnline #PrivacyTips #SocialMedia #InfoSec #DigitalParenting #CyberAwareness #HappyMonday