Cybersecurity Newsletter Vol. 3
VOLUME 3
Scammers Exploiting Tariffs

A boarding pass may seem harmless, but it can contain personal information that could be misused if it falls into the wrong hands. The fact-checking website Snopes says that while the risk of identity theft from a discarded pass is low, scammers have been known to use codes or travel details to access airline accounts or build phishing profiles. To be safe, avoid posting photos of your boarding pass online and shred the paper version after your trip. Use a mobile boarding pass—it’s more secure and easier to manage.

Over the past year, 1 in 5 businesses and government agencies had an employee’s email hacked—usually after clicking a bad link or using a weak password. Once attackers gained access, they could:
- Read sensitive emails and steal confidential information
- Change the user’s password to lock them out of their account
- Send emails pretending to be the employee, spreading malware to coworkers, stealing information, spying on what you’re doing, and locking them out of their files until a ransom is paid.
In its new study, the cybersecurity company Barracuda says:
- About 20% of “HTML attachments” in emails are dangerous. (An HTML attachment is an email file that opens like a mini webpage. Instead of just showing text or images, it can include links, buttons, or forms—just like what you’d see in a browser.)
- About 70% of malicious email attachments now include QR codes that link to dangerous websites.

Common Cybersecurity Questions
“You recently said that Google changed its mind and will continue using cookies to track everything I do online. Should I be worried about that?”
What Google means is that they’ll continue collecting data about the websites you visit, what you search for, and what you click on — particularly ads.
They use this information to show you tailored advertising and track what you do online, often even if you’re not actively using a Google product.
While it’s not inherently dangerous, this level of tracking reduces your privacy, builds a detailed profile of you, and can make you vulnerable if that data is ever leaked or subpoenaed.
Marketing Dive says Google had been working on a less-invasive replacement for cookies but recently decided it didn’t work well enough.
Here are steps you can take to manage your privacy online without breaking your internet:
- Install an ad blocker like uBlock Origin or Privacy Badger (though this may prevent you from accessing some websites that want to track you).
- You can use Incognito Mode by clicking the three little dots in the upper right corner of Chrome and selecting “new Incognito window” or “InPrivate Window” in Bing.
- And visit your browser’s “settings” area and explore options to limit how the browser tracks your behavior.
“Do I really need a VPN? And what is a VPN?!”
This is the most common question our readers ask.
A VPN (Virtual Private Network) creates a secure, encrypted signal between your device and the Internet. It hides your activity from hackers, advertisers, and even your internet provider. It also makes it harder for websites to track you or know your location. A VPN is software that you install on your home computer.
Do you need one? A VPN is beneficial if you frequently use public Wi-Fi, travel often, want more online privacy, or access content restricted by region. It’s optional for everyday home browsing, but it does add a layer of privacy. Do a web search to see reviews about different brands of VPNs.
Avoid free VPNs. They’re more likely to track what you do, negating the main reason you use them!
Why do they call it “phishing?”
“Phishing” is a play on the word “fishing.” Just as a fisherman uses bait to catch a fish, cybercriminals use deceptive messages (like fake emails or texts) to “bait” victims into giving up passwords, credit card numbers, or your login credentials.
The use of “ph” instead of “f” comes from early hacker culture, where using “ph” (as in “phreaking,” a term for hacking phone systems) was popular slang.
The cybersecurity tips and software recommendations in this newsletter are for general informational purposes only. While they reflect widely recognized security practices, they may reference third-party products or services not affiliated with or controlled by Citizens Business Bank. The Bank makes no representations or warranties regarding, and assumes no responsibility for, the accuracy, completeness, or effectiveness of any such tools or information, which may be subject to change without further notice. Readers should conduct their own research, exercise independent judgment, and/or consult qualified professionals before implementing any cybersecurity measures.
Cybersecurity News from Citizens Business Bank
Always Keeping You Safer Online