Hey there, friends. Fridays are supposed to be getting ready for the weekend, but I have to interrupt your day with important security and data breach alerts. I only send these when your personal data, money and privacy are at risk.

🛡️ I’ve got your back with actionable ways to protect yourself no matter what happens. Do me a solid and share this with a friend or family member who could also use some help staying safe. The share buttons below are the easiest way to do it. Appreciate you! — Kim

Heads up: Google has been caught hosting an ad that's not just fake — it's convincingly fake. We're talking about an ad masquerading as coming from the open-source password manager KeePass. And the kicker? Even security buffs might be falling for it.

The devil's in the details

The fraudulent Google ad leads you to what appears to be the genuine KeePass website, but it's a trap. The folks at Malwarebytes found it's actually a lookalike site pushing malware known as FakeBat.

According to Google's Ad Transparency Center, the ads were paid for by a verified advertiser named Digital Eagle. Yep, you read that right. Google verified these guys! The tricky part? The site uses an encoding scheme called Punycode to appear authentic.

Punycode's been aiding and abetting scams for a while. It changes the way URLs appear without the regular tipoffs. Remember that fake Brave[.]com site a couple of years ago? Yeah, Punycode was behind that, too.

How to spot the fakes

Listen, there's no foolproof method to steer clear of malicious ads or Punycode URLs, but here are some pointers:

1. Maintain a healthy skepticism

If something seems too good to be true or slightly off, pause and think before clicking.

2. Manual URL entry

Type the URL yourself into a new browser tab. It's a bit tedious, but it's one of the most effective ways to dodge lookalike websites. At the very least, scroll down to the organic results past the ads.

3. Inspect the TLS certificate

This one's crucial, so let's break it down:

• In Chrome: Click on the padlock icon next to the URL. Select Certificate to view the details. Make sure the name matches the website you intended to visit.
• In Firefox: Click the padlock, then Show Connection Details, and finally, More Information. Under the Security tab, you can view the certificate.
• In Safari: Click the padlock, then Show Certificate. Validate that the certificate belongs to the site you intended to visit.
• In Microsoft Edge: Click the padlock and then View certificate to check details.

4. Established sites aren't always safe

Remember, even trusted platforms like Google can host bad ads — just like malicious apps make it into the official app stores all the time.

5. Look for small details

A tiny character can be the difference between a legitimate URL and a malicious one. Pay close attention! You might mistake k0mando[.]com for komando.com if you move too fast.

Stay alert, stay safe. There's a new trick around every corner, but you're arming yourself with knowledge. Share this with a loved one who you want to keep safe, too.

“Bark has changed our family’s lives. No exaggerating here. There are so many things I wouldn’t have known or seen if we didn’t subscribe, and I’m an IT person that knows firewalls and security.” — Stephanie W.

Don’t underestimate how good kids and teens are with tech. They can get around parental controls with no problem. That’s why the Bark Phone is unique. There’s really nothing like it on the market.

Bark uses built-in tools kids can’t tamper with or change, so you know they’re always protected. The Bark Phone scans texts, social media apps and searches (and tells you if there’s anything going on), and tracks their location in real time. Set screen time limits, too, that they can’t get around.

I’ll keep my DNA, thanks: A hacker who goes by “Golem” released the personal details of 4 million 23andMe users — including health and DNA info. If you have an account, change your password or, better yet, delete it. Be on the lookout for phishing, texting and mail scams. Now you know why I was never a fan of this site.

🌐 Yikes! 34,140 Cisco routers, switches and wireless products hit by a new hack: The bad guys are using a flaw in Cisco’s software to hijack routers. Of the 34,000, about 6,500 are in the U.S. Most at risk right now, researchers say, are internet companies. But I’m sure this risk will spread.

Before you start holiday shopping: Scammers are going all out with fake retail websites this year. Know the signs so you don’t hand over your credit card info.

I know it’s a cyber-scary world sometimes, especially if you have teens and tweens. That’s why you need to check out the Bark Phone. You get peace of mind and complete monitoring and control of how your kids use their phones. And the kids are safe.

Oh! Terry in Austin, Texas, asked me if the Bark Phone would be a good option for his older mother, who falls for phishing and other scams. My answer? YES. You can limit what she can do on the phone and get automatic alerts, too.

Hopefully, you learned a few things to make you a little more tech-savvy. Let’s outsmart hackers and criminals together. — Kim