Today's newsletter covers:

• A scam targeting therapists

• Why you should use 2 Factor Authentication everywhere

• How to remove your information from online data brokers

I’ll also be announcing some upcoming trainings and workshops for December and/or January soon, including a “So You Want to Break-up With Google” workshop and another “Digital Security 101 for Psychotherapists” training, so stay tuned for that.

Beware of Scams Targeting Therapists

There is a clear uptick in attempts to scam therapists. I want to call attention to one in particular that folks should be watching out for:

“I want to pre-pay for 8 weeks of therapy.”

Someone requests therapy services, often for a loved one (a child, a parent, a partner, etc.) as a gift. They push for you to tell them how much services would cost for an extended period of time of therapy, and they probably want to pre-pay. The scam? They'll write a bad check, potentially use a stolen credit card, and ask for an urgent refund due to changing circumstances, leaving the therapist holding the bag on the bad check or fraudulent credit charge and out the money refunded to them.

Normal security advice is to ignore suspicious emails, but you may not realize the initial inquiry is a scam till you've had some back and forth with the potential client. So what can you do then?

One way to handle communicating with a likely scammer is to have strong policies in place to protect yourself. For example, my policies are:

1) a free consultation on zoom with the person who will be in therapy must occur before proceeding

2) no pre-payment of services is allowed, and services will only be charged at the time they are rendered

Why You Should Use 2 Factor Authentication Everywhere

2 Factor Authentication (2FA) / Multi Factor Authentication (MFA) is an additional security step you can use to secure various accounts. The premise is that you 1) have something you know (your password!) to log-in, and 2) you also have something that no one else should have (your phone, access to your email, a hardware token, your fingerprint, etc.).

This means you are using two (2FA/MFA) factors to log-in and it reduces the risk of your account being hacked if one of those factors is compromised (typically the password).

And if you're wondering, "But do I really need it on all my accounts?" -- well, that is of course up to you. But you should absolutely be using 2FA/MFA on any account that accesses/guards/stores any client related data.

Video: What is Two-Factor Authentication?

How to Remove Your Information from Data Brokers

What is a data broker? Data brokers are online entities that scrape and compile information on people and then sell it to anyone willing to pay for it. Data broker information can include a wide range of info, including your date of birth, assumed family members, your home address, your phone number, and more. If you'd like to learn more of the nitty gritty, I highly recommend Proton's privacy guide on them: What are data brokers, and how do they work?

The good news: you can opt out of many data brokers. The bad news: it's a pain in the ass.

If you're dreading the prospect of removing yourself (which this Big Ass Data Broker Opt-out List can help you DIY), then unsurprising to anyone living under capitalism, there are companies that you can pay to remove your information from data brokers. They all have various levels of effectiveness and cost, but one major benefit outside of not having to tediously manage this yourself is that these services will provide ongoing scanning and removal from existing and new data brokers as they pop-up. Here are just a few of the services that I often recommend to folks:

• https://joindeleteme.com/
• https://easyoptouts.com/
• https://incogni.com/
• https://privacybee.com/

Till next time, stay safe out there.

Warmly,

Reid