If someone is calling you to alert you to fraud, nine out of ten times they are themselves the fraudster. These days fraud-alert fraudsters are sophisticated, and they may know information about you like your SSN, address, etc., and are playing a long game not asking for money at first. Warning signs: they prohibit you from talking to anyone else, and you can’t hang up, or call back. This very long account, How I Got Scammed Out of $50,000, by a very savvy financial advice columnist who got scammed by so-called fraud investigators has all the elements of the common tricks. It matches exactly with close friends who have been scammed. Yes, it can happen to you. Learn from others’ mistakes. — KK

In the US, mobile digital IDs can replace your state’s driver license, so there would be no need to carry a card if you had your phone. A handful of states have their own state ID app (California, Delaware, Florida, Iowa, Louisiana, Mississippi, Missouri, Oklahoma, Utah), and a handful of states allow an ID in an Apple Wallet (Arizona, Colorado, Maryland, Georgia), even fewer states accept Android wallet, and only 6 airports in the US accept digital IDs for TSA. However there are 30 states in the process of adopting digital IDs so availability is in flux. I just downloaded and enrolled in the California DMV Wallet app, which the TSA at San Francisco’s SFO will accept in their pilot program. – KK

If you're pulled over by the police and they ask to search your car, remember these key words: "Officer, you do not have permission to search my car." This is a crucial piece of advice offered by criminal defense lawyer Kirk Piccione. In his instructional video, he guides viewers through potential responses should the officer respond with, "OK, then we'll have to wait for a drug dog to sniff the outside of your car." Once more, your best response is, "Officer, you do not have permission to search my car." Beyond this, Piccione advises calmly and periodically asking if you're free to go. This underscores that you're not voluntarily remaining on the scene and that you're being unreasonably detained by the officer, which can help you in court. — MF

If you want companies to stop selling your personal information, install this app, called Permission Slip, from Consumer Reports. It automates the task of sending out email requests to companies that sell information it collects about you to data brokers. In minutes, the app sent out 18 requests on my behalf. The app’s data dashboard said it handled 54 emails and saved me 36 hours. — MF

Recently I’ve been getting a lot of “wrong number / wrong name” texts that are obviously spam. Here is a great explanation of what the intended scam is. By Max Read. — KK

One Time Secret offers an alternative to sharing passwords or credit card numbers via text message with your friends or family. To use it, enter the text you want to into the form and click “Create a secret link.” The site will create a unique link, like this: https://onetimesecret.com/secret/h5mwuomihrdz7ptv3qrphkdv6s8rag4. Share that link with your friend. Once it is viewed, it gets deleted, so you can’t share it with a group of friends. If no one visits the link in seven days, it gets deleted. Of course, you have to trust the people behind One Time Secret, which has been in operation for 8 years. — MF

After I shared last week’s graphic — How long would it take to hack your password — Recomendo reader John McConnell reached out to share that pass phrases are the new passwords. — CD

The password thing is very true. A guy named Jason Fossen (one of the absolute smartest Windows people on the planet and author of the Securing Windows SANS courses … ) showed me this back in 2017 and he actually did some calculation to push the chart all the way out to 100+ character passwords. Pass phrases are the new passwords and if long enough are virtually unbreakable at this point. Even without special characters. Your favorite passage from an obscure book is a good starting place. My pass phrases are about 40-50 characters each.

Here is a scary visual: the time it takes a hacker to brute force your password. I’m not sure how accurate this is, but considering I still have some passwords that are 8 characters or less — and those can be cracked in under 8 hours — this chart is enough for me to calendar a time block for password management. — CD

Some folks such as journalists, activists, tech executives, crypto fans, and politicians may need more online security beyond the already strong 2-factor authentication they should be using. Google offers an Advance Protection Program for the legitimately paranoid. — KK

I use my DaisyDisk app ($10) at least once a month to keep on top of what’s hogging up my disk space – usually it’s Dropbox folders that are synced locally that don’t need to be, or really large files I downloaded that I no longer need or apps I tried out that I don’t want anymore. It’s easy to use and understand, and it’s perfect if you’re like me and have a compulsive desire to organize and keep on top of what’s on your computer. — CD

This tip comes from my friend Cory Doctorow, my co-editor at Boing Boing. Last year he posted a tip on how to keep your name and address off the internet. I’ve been using his tip and it works. He wrote, “There are dozens of free “peoplefinder” sites that buy up commercial databases and combine them with other sources to make your home address searchable. You can find instances where this has happened to you by googling your name and home address, and then you can google the removal forms for each of the services and get yourself delisted. But your name will keep getting re-added: if you set a Google Alert for a search on your name and address, you’ll get a message every time you get caught in these databases and you can remove your name again. This won’t work on the for-pay background check sites that Google doesn’t index, but it will keep your name and address clear of low-level scumbags who stick with free sites for their doxing activities.” — MF

This website is a clear guide for staying safe online. There’s no fluff or marketing, just the straight dope on how to use a password manager, create a strong device passcode, use two-factor authentication, set up a mobile carrier PIN, and much more. — MF

SpyCloud is a scary and useful website. Scary, because it showed me how many times my passwords have been hacked from website databases. Useful, because I quickly changed those passwords to protect myself. A personal account is free. Do this now. — MF

As part of my regular digital hygiene I type my email into the website “Have I Been Pwned?” to see if my email/password has been leaked to hackers by a sloppy company. They will tell me if and when a breach occurred which yielded my email on a list for sale on the dark web. This is an indication to change my password for that login. The check site is free, instant, no signups, and specific in needed action. — KK

Visit Webkay to see what any website you visit knows about you including your location, the device you are using, your IP address, social media accounts you are logged in to, and more. It also tells you how to plug these information leaks by using various services. — MF

If you spot police officers doing something wrong, you can record them with the free Mobile Justice app from the ACLU. It sends the video directly to an ACLU server so even if the police illegally confiscate your phone they won’t be able to delete the incriminating video. — MF

I’m keeping my Facebook account, but for educational purposes I downloaded all the data Facebook has on me. I highly recommend you do the same, just so you know what the bargain is. Start with this link, and follow the directions. You’ll get an email with a new link that will enable you to download a zip file. The folder with the most goodies is the Index page. Go back and adjust your privacy settings as desired. — KK

If you don’t have a Ring doorbell or security camera installed, you can still be alerted of nearby crimes and theft using the Neighbors by Ring app. Once you set up the parameters for your neighborhood you can watch video footage of suspicious activity posted by neighbors (up to 5 miles away). I already own Ring products, so I set up the free Neighbors app to alert me of crimes in my Dad’s neighborhood that I can then forward on to him.— CD 

Privacy is a browser extension that generates a virtual credit card for each online purchase you make. It offers different options when you create a virtual card — you can make a one-time-use card, a card with a limit (so that it expires once a certain amount is spent), or other kinds of limits. This seems like a great way to protect yourself from getting scammed by one of those sites that trick you into unwittingly signing up for a nearly-impossible-to-cancel monthly fee for something. — MF

Edward Snowden recommends the free encrypted chat and call app Signal. It works on Android, iOS and the desktop. Built by volunteer Open Source contributors and a group of grant-funded developers, Signal is slick and solid. I’m asking everyone I know to start using it. — MF