July News from Information Security

Happy July! I hope everyone had a fantastic and safe 4th of July weekend. As you may have noticed—I’m not Dan! My name is Locke Motley, and I’m excited to be part of the Information Security office this summer as an intern. I’m grateful for the opportunity to write this month’s newsletter and share a few topics I find both interesting and important—I hope you find them helpful too! You’ll also notice that some words throughout the newsletter are hyperlinks—these link to external websites where you can find more details on each topic.

Let’s start with the basics: What is a password manager? A password manager is a secure tool that stores all your passwords, access codes, and even private information like credit card numbers. It helps keep your digital life both safe and organized. Most of us have way too many passwords to remember, and using easy-to-guess options—like your favorite pet’s name, birthdays, or sports teams—puts you at risk. Password managers solve that problem by generating strong, random passwords (often called passkeys) and storing them securely, so you don’t have to memorize them. On top of that, many password managers offer helpful features like syncing your data across all your devices in real-time, alerting you if any of your saved passwords have been compromised, enabling multi-factor authentication, and even offering single sign-on (which lets you log into multiple accounts with just one secure login).

While we’re on the topic of passwords, let’s briefly touch on passkeys and how they differ from traditional passwords. Passkeys are a newer, more secure alternative designed to improve both safety and convenience. Instead of a text-based password, passkeys rely on a cryptographic system. When you create a passkey, your device generates a pair of digital keys—one public, which is stored on the server, and one private, which stays on your device. To log in, you simply authenticate with something like your fingerprint, face scan, or a PIN. The downside? You’ll need access to the device storing the private key, so if you lose it or don’t have it with you, logging in becomes a challenge. Similarly, password managers also depend on access to a device where your credentials are stored.

Switching gears, I want to talk about a growing concern in cybersecurity: phishing emails and how artificial intelligence is making them more difficult to detect. In the past, phishing scams were fairly easy to spot due to poor grammar, awkward phrasing, or suspicious-looking email addresses. Now, AI has changed the game. The most challenging aspect is AI’s ability to personalize messages. With access to public information, AI tools can gather details about where you live, work, or what you’re interested in—making it easier to craft convincing, targeted messages. Scammers can even use your name in subject lines or greetings to make emails feel more legitimate. In addition, AI-generated messages now have nearly perfect grammar and flow, removing another clue we used to rely on. Perhaps most concerning is AI’s ability to mimic legitimate brands—scammers can now design emails and fake web pages that are almost indistinguishable from real ones.

So what can you do? Stay cautious. Always double-check the sender’s email address, be wary of unexpected attachments or links, and when in doubt, don’t click. If something feels off, it’s better to be safe than sorry.

Before I wrap up, I want to touch on a topic that hits closer to home for many of us—especially those with older parents, grandparents, or loved ones: elder fraud.

Each year, millions of elderly Americans fall victim to financial scams and confidence schemes. These can take many forms—romance scams, fake sweepstakes and lottery winnings, tech support hoaxes, or phony charity solicitations. The scammers’ goal is simple: earn trust, then exploit it.

Why are seniors often the target? Unfortunately, scammers tend to view older adults as more trusting and less likely to report suspicious activity. Many older individuals also have retirement savings, own homes, and maintain good credit—all of which make them appealing targets. Scammers may reach out through phone calls, emails, text messages, or even via television and radio ads.

What’s especially troubling is that victims often don’t report these crimes. Some aren’t sure how to report it, while others feel embarrassed or fear their independence might be questioned. And when they do report it, they may struggle to recall the details scammers used to manipulate them.

The bottom line? Elder fraud is on the rise, with seniors losing over $3 billion a year in the U.S. alone. It’s a serious issue—but we can help reduce the risk by educating our loved ones about common scams and encouraging open, nonjudgmental conversations around digital safety.

If you’re unsure how to start that conversation, consider asking a simple question like, “Have you received any strange phone calls or emails lately?” You might be surprised at what comes up.

Thank you for taking the time to read this month’s InfoSec newsletter. As technology continues to evolve, so do the threats we face—but with awareness, the right tools, and a healthy dose of caution, we can all play a role in keeping our digital lives secure. Whether it’s using a password manager, learning to spot AI-generated phishing attempts, or protecting our more vulnerable loved ones from scams, small steps can make a big difference.

I’m looking forward to continuing this conversation throughout the summer. Until next time—stay safe, stay vigilant, and don’t hesitate to reach out with questions or topics you’d like to see covered!

P.S. Keep an eye out—Phishbowl examples will be coming soon! These will feature real phishing emails received within the past month to help you learn what to watch for. Stay tuned!

Best,
Locke Motley
Summer Intern, Information Security Office