It’s the digital security training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone shared this newsletter with you, please subscribe here.
More scams
It’s not just you. A new survey suggests people are experiencing more scams.
A new report by Google in collaboration with Morning Consult examines consumers’ experiences of scams across the U.S., U.K., and India, polling roughly 3,000 individuals in each country. Regardless of the region, the report suggests that 60% or more of consumers feel they have been exposed to more scams over the past year, as of March 2025. The research suggests these scams were most often seen over text messages and emails. The report also examines trends in users’ authentication habits, suggesting, “Gen Z and Millennials are noticeably more reliant on passkeys or social sign-ins.” Read more here.
What you can do
- You might wonder, what’s a passkey? You may or may not be aware of this term, but you might be using passkeys already. Increasingly on your phone and computer, websites will offer to save your credentials to your device, unlocked with a password or biometrics. Not all websites, browsers, and devices support passkeys just yet, so we still recommend enabling two-factor authentication wherever possible to maximize your safety. Check out our guide to two-factor authentication for beginners. If you want to learn more about how passkeys work, read our team’s guide to passkeys for beginners.
- We recommend using long, unique passwords to isolate the potential impact of a breach to a single website. A password manager will help you generate and securely store your passwords in a secure “vault.” By default, your passwords will not be available to anyone but you. Check out our guide to choosing a password manager.
- While the survey results suggest consumers most often notice scams when delivered via text message and email, scams are also delivered over the phone, social media, and even physical mail. If someone can contact you, it’s another way to deliver a scam. The important thing is to double-check with a reliable source before giving a stranger access to credentials or anything else of value. Scammers will try to look like trusted actors, such as a colleague, your banking institution, or a family member. They may rely on authority or a sense of urgency to try to pressure you into acting on their behalf. If you notice this feeling, it’s time to pause and think before responding. Maybe that’s bait.
- Regardless, double-check that a request is legitimate over a trusted channel. For example, we often see scammers pretending to be our executive director, and for some reason, he’s in a terrible hurry, and texts us that he needs us to purchase something for him. So, why not just double-check with him separately in our team Slack? Scammers hope you will defer to the boss’s authority. But your boss is probably going to be glad you didn’t fall for it.
Our team is always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.
Best,
Martin
–
Martin Shelton
Deputy Director of Digital Security
Freedom of the Press Foundation
