Before being officially released rumors had been swirling about the capabilities of Anthropic’s latest model release, Mythos. The name was apt, almost all news surrounding the product indicated it would be their most popular AI model ever, particularly in the cyber security space. Headlines contained dramatic phrasing such as the model was “too dangerous” to be released, with insider leaks insisting that the model may never see the light of day due to what it means for the cybersecurity sector in particular. With old exploitable bugs and new allegedly being discovered by the model with relative ease.
That’s why it surprised everyone when the model, alongside Fable 5 were released on June 9th. While Mythos was still limited to only vetted government agencies and limited private sector partners, Fable 5 was released to the entire user base at no additional cost. The test run was supposed to last until June 22nd, allowing users to experience the new model and provide feedback before the full release at a yet to be determined time.
Users rushed to test the new model immediately and feedback was mixed as it often is with new AI model releases, with many users immediately declaring it was their best and most powerful model yet. Software engineers on Reddit pointed out that the model fixed bugs Opus 4.8 had failed to identify, and hobbyists found the tasks they had it tackle were accomplished quickly with more robust outcomes. Users were also a fan of the model’s general demeanor and how it got straight to the point (a far cry from previous models where users were frustrated by how “sycophantic” the responses could be).
There were limitations however, Fable 5 was specifically restricted in certain areas with attempts to use the model for searches related to biologics and cybersecurity in particular hitting a wall where the model would automatically block the request and switch to Opus 4.8 to answer.
Users were sometimes able to get around these roadblocks by wording their prompts differently or effectively “jailbreaking” the model. Amazon reported that they fed the model open-source software code with known and intentionally planted security flaws. If they asked it to just “review the code” it would refuse, but when they changed the prompt for it to “fix the code” it complied.
Amazon’s report is allegedly what ultimately lead to the government issuing a veto on the product, cutting the testing window short and access was removed from all users on June 12th, 2026.
The future of Fable 5 is currently in limbo, with the government declaring the model a supply chain risk and declaring it cannot be used outside of the US (which is difficult to verify). As of writing Anthropic is currently weighing their options, including considering ID verification as a potential workaround.
This news also comes amid the ever-growing urgency for AI behemoths to prove that their business models are viable, and release their IPOs. SpaceX made news this week releasing their own IPO at an initial stock price of $135 per share. Between capability and viability, AI model creators are walking a tight rope to cement what the future holds for their business.
We don’t know for sure when Fable 5 will return but there are rumors that access will be returned as soon as possible, with some predictions leaning towards a July 1st re-release date if Anthropic is able to meet compliance with current government requirements for the model.
At Valley Techlogic, staying on top of advancements and news in the AI space is just one component of the value we provide our customers as they navigate the ever evolving technology landscape. If you would like us to work with your business as you create and manage AI strategies and other technology solutions learn more today with a free consultation.
Old technology has a way of blending into the background. A forgotten desktop under a desk, an unused printer in a storage closet, a retired router still plugged into the network, or a pile of mystery cables in the server room may not seem urgent. But legacy hardware can quietly become one of the most overlooked cyber security risks inside a business.
For many small and mid-sized businesses, tech debt is not just outdated software or inefficient systems. It is also the physical technology that remains in the office long after it should have been removed, replaced, documented, or securely disposed of. These devices can create hidden vulnerabilities, consume unnecessary power, complicate troubleshooting, and increase the chance of data exposure.
The problem is that old hardware often looks harmless. A dusty workstation may still contain sensitive files. A retired firewall may still have saved configuration data. An unused printer may store scanned documents, address books, or authentication details. Even abandoned network equipment can create confusion during audits, upgrades, or incident response.
Cleaning up legacy hardware is not just an office organization project. It is a practical cyber security initiative. Every device connected to your business environment has a lifecycle. It is purchased, configured, used, maintained, replaced, and eventually retired. The risk appears when that final step never happens properly.
Hardware that is no longer actively managed may stop receiving firmware updates. Devices may remain connected to the network without anyone realizing it. Old computers may sit in closets with cached credentials, local files, browser passwords, or copies of client data. Drives may be removed and stored without encryption. Equipment may be passed between employees without proper wiping or documentation.
This creates a messy environment where nobody is completely sure what exists, what is still in use, what contains data, or what could be exploited.
Here are 5 strategic ways to clean up legacy technology
Create a complete hardware inventory. Start by documenting every physical device in the office, including desktops, laptops, monitors, printers, scanners, servers, network switches, routers, firewalls, access points, external drives, phones, and conference room equipment. Record the device name, serial number, location, assigned user, age, warranty status, and whether it is still actively used.
Identify anything that is no longer supported or no longer needed. Old hardware should be reviewed against current business needs and vendor support timelines. Devices that no longer receive firmware updates, cannot run supported operating systems, or are no longer assigned to a real business function should be flagged for replacement, removal, or secure disposal.
Disconnect unknown or unmanaged devices from the network. If a device cannot be identified, managed, updated, or tied to a business purpose, it should not remain connected. This includes old switches, forgotten wireless access points, retired desktops, unused printers, and any device that nobody can confidently explain. Unknown hardware creates unnecessary risk and makes your environment harder to secure.
Securely wipe or destroy storage media before disposal. Computers, servers, external drives, copier hard drives, and even some printers may retain sensitive business data. Before anything leaves the office, storage media should be properly wiped, encrypted, or physically destroyed according to your data handling requirements. Simply deleting files or performing a basic reset is not enough for many devices.
Build a formal retirement process for future hardware. Cleanup should not be a one-time event. Create a standard process for retiring equipment that includes documentation, backup confirmation, data wiping, license removal, asset tag updates, and approved recycling or disposal. A simple repeatable process prevents old hardware from piling up again.
A cleaner technology environment is easier to manage, easier to secure, and easier to support. When your business knows exactly what hardware exists and why it exists, you reduce uncertainty. That matters during cyber security reviews, insurance questionnaires, vendor audits, compliance checks, and real-world incident response.
It also improves day-to-day operations. Technicians spend less time tracing mystery cables, identifying unknown devices, or troubleshooting equipment that should have been retired years ago. Employees benefit from more reliable systems, fewer workarounds, and a more organized workspace.
Just as importantly, removing old hardware reduces the number of places where sensitive data can hide. Every forgotten device is a potential storage location, access point, or weak link. Cleaning it up gives your business better control over its information and its risk.
So how can a Managed Service Provider (like Valley Techlogic) help? Your MSP can play a key role in turning hardware cleanup into a structured cyber security improvement rather than a messy office project. An MSP can help inventory devices, identify unsupported hardware, review network-connected equipment, recommend replacements, securely wipe retired systems, document asset status, and coordinate proper disposal or recycling. They can also help build a repeatable lifecycle process so future hardware does not become tomorrow’s hidden tech debt.
Legacy tech debt is not always digital.Businesses often think about cyber security in terms of passwords, email threats, antivirus software, and cloud security. Those things matter, but physical technology matters too.
Legacy hardware should not be ignored just because it is quiet. If it is still in your office, still storing data, or still connected to your network, it deserves attention. If you need assistance in auditing and cleaning up your business’s tech environment (including decommissioning old hardware or doing an audit of your software stack) reach out to us today to schedule a free walkthrough and evaluation.
A recent report claimed that an anonymous company accidentally spent $500 million on Anthropic’s Claude in a single month after failing to put usage limits on employee access.
That number is absurd. For most small businesses, it sounds so far removed from reality that it is easy to laugh it off and move on, but that would be the wrong lesson.
The point is not that your business is going to wake up tomorrow with a half-billion-dollar AI bill. The point is that AI has introduced a new kind of business risk: fast-moving, employee-driven, poorly governed software usage that can create cost, security, compliance, and operational problems before leadership even knows what is happening.
Small businesses do not need a Fortune 500 AI budget to make Fortune 500 AI mistakes. They just make them at a smaller scale, and sometimes a smaller mistake hurts more because there is less financial room to absorb it.
AI adoption is moving faster than AI strategy, your employees are already using AI. They are using ChatGPT, Claude, Copilot, Gemini, browser extensions, AI note takers, AI writing tools, coding assistants, image generators, meeting bots, inbox assistants, and whatever else promises to save them time.
Some of this is good. AI can absolutely improve productivity. It can help write first drafts, summarize documents, review contracts, organize meeting notes, analyze spreadsheets, draft client communications, troubleshoot technical problems, and speed up repetitive work.
The problem is not AI usage, the problem is unmanaged AI usage.
Many businesses are still treating AI as a novelty or a personal productivity tool, while employees are already treating it like infrastructure. That gap is where the risk lives.
If employees are using AI tools without clear rules, approved platforms, data handling guidance, spending controls, and accountability, the business has not adopted AI strategically. It has simply allowed AI to spread.
That is not a strategy. That is drift. The reported Claude incident is a perfect example of what happens when access is confused with strategy.
Giving employees access to powerful AI tools can be valuable, but access alone does not answer the most important questions.
Who is allowed to use the tool? What business problems should it be used for? What data is allowed to go into it? What data is prohibited? Who owns the output? How is usage monitored? How are costs capped? How do we measure whether this is actually helping?
Without answers to those questions, at best AI becomes another unmanaged business expense. At worse, it becomes an unmanaged business process.
That matters because modern AI tools are not like traditional software subscriptions. A normal SaaS tool usually has a predictable monthly cost per user. AI can be different. Depending on the platform, plan, API model, agentic workflow, integrations, automation, and volume of usage, costs can scale quickly. The more powerful the workflow, the more important governance becomes.
This is especially true with AI agents and coding assistants. These tools do not just answer one question and stop. They can perform multi-step tasks, generate large amounts of output, run repeated analysis, review codebases, process documents, or interact with other systems. That can be useful, but it also means the cost and risk can grow quietly in the background.
For a small business, the danger is not a $500 million invoice. The danger is paying for tools no one is managing, letting sensitive data leak into platforms that were never approved, relying on AI-generated work no one reviews, or building business processes around accounts the company does not control.
Some businesses will hear stories like this and decide the safest move is to block AI entirely. That is understandable, but it is usually not realistic. If AI tools help employees do their jobs faster, people will find ways to use them. If the business does not provide an approved path, employees may create their own path. That is how shadow IT happens. The better approach is not panic, it is governance.
AI governance does not need to be complicated. For most small businesses, it should start with practical controls that match the size of the company. A good small business AI strategy should include:
Approved AI tools and platforms
Clear rules for what data can and cannot be entered
Spending limits and usage monitoring
Role-based access for employees
Human review for important AI-generated work
Policies for client data, financial data, health data, legal documents, credentials, and confidential information
A process for evaluating new AI tools before employees start using them
A way to measure whether AI is saving time, improving quality, or reducing cost
That last point is critical. AI should not be adopted because it is exciting. It should be adopted because it solves a real business problem.
If an AI tool saves five hours per week, improves response times, helps generate better proposals, reduces administrative work, or improves customer service, that is useful. If it creates more subscriptions, more confusion, more risk, and more low-quality output, it is not innovation. It is clutter.
Cost control is only one part of the strategy, the Claude story is dramatic because the dollar amount is dramatic. But for small businesses, cost is only one part of the AI risk picture. The bigger issue may be data control. Employees may paste client emails, contracts, tax documents, HR issues, financial records, passwords, source code, internal strategy, vendor disputes, or customer lists into AI tools without realizing the consequences.
That does not mean every AI platform is unsafe. Some enterprise AI platforms provide stronger privacy, security, and data handling protections than consumer-grade tools. But the business needs to know which tools are being used and under what terms. This is where small businesses need to be honest with themselves. If employees are using free personal AI accounts to process company information, the company probably does not have enough visibility or control.
That creates real questions.
Where is the data going?
Is it being used for model training?
Can the company audit usage?
Can access be revoked when an employee leaves?
Is multifactor authentication enforced?
Are files being uploaded?
Are browser extensions reading sensitive pages?
Are AI meeting bots recording confidential conversations?
These are not theoretical concerns. They are the same kinds of basic governance questions businesses already ask about email, file sharing, password managers, CRMs, and accounting systems. AI should be treated with the same seriousness. A small business does not need to start with a grand AI transformation plan. It should start with a simple question: Where can AI safely and measurably improve the business?
That might mean using AI to draft marketing content, summarize long documents, build internal SOPs, assist with help desk responses, analyze sales data, improve customer communication, or speed up research. Start with real use cases. Then match the tool to the use case. Then apply controls.
A practical AI rollout might look like this:
Identify the top three repetitive tasks employees spend too much time on.
Choose one approved AI platform for business use.
Define what data is allowed and prohibited.
Set user access, billing limits, and administrative ownership.
Train employees on safe and effective usage.
Review results after 30 to 60 days.
That is not flashy, but it works. The goal is not to use AI everywhere. The goal is to use AI where it produces value without creating unnecessary risk. AI should be managed like any of your other business systems. The biggest mistake small businesses can make is treating AI as something outside normal IT and business management. It is not.
AI touches identity, security, compliance, finance, operations, HR, sales, marketing, customer service, and intellectual property. That means it needs ownership. Someone needs to be responsible for deciding which tools are approved, how accounts are managed, how data is protected, how employees are trained, how spending is reviewed, and how the business measures results. For many small businesses, that responsibility should involve leadership, IT, and whoever owns the affected business process.
For example, marketing should help define AI use in content creation. Finance should care about billing and invoice-related AI usage. HR should care about employee data. IT should care about access, security, logging, and data protection. Leadership should care about the overall business value. AI is too powerful to be left entirely to individual preference.
The reported $500 million Claude bill is not just a story about one company’s lack of spending controls. It is a warning about what happens when AI adoption outruns AI management. Small businesses should not avoid AI. That would be shortsighted, but they should also not let AI creep into the business through personal accounts, unmanaged tools, unclear policies, and uncapped spending. The right approach is controlled adoption.
Use AI. Encourage experimentation. Look for productivity gains. But put guardrails in place. Decide which tools are approved. Protect sensitive data. Set spending limits. Train employees. Review usage. Measure outcomes. Keep humans responsible for important decisions. AI can be a real advantage for small businesses, especially the ones willing to use it thoughtfully. But like every powerful tool, it needs rules.
The companies that get this right will not be the ones that blindly chase every new AI feature. They will be the ones that build AI into their business with discipline, security, and a clear purpose. That is the lesson small businesses should take from the Claude story. AI without strategy is just another unmanaged expense. AI with strategy can become an advantage. At Valley Techlogic, we can be your strategic partner as you roll out AI in your business and help prevent costly mistakes like the one in this article. Learn more today with a consultation.
Artificial intelligence has changed the economics of fraud. Scammers no longer need to be skilled writers, native speakers, designers, or even patient researchers to create believable attacks. With AI tools, they can generate polished emails, mimic trusted business language, personalize messages using public information, and test different versions of a scam at scale. We are even seeing instances where scam calls are being placed using AI voice modifications are tricking users into believing the call is regional (often with a spoofed number to really send it home). In a nutshell, scams are getting much more sophisticated and AI is helping bad actors achieve more, faster.
That matters because phishing and vishing (a portmanteau of “voice” and “phishing”) has always relied on one core weakness: trust. When an email looks familiar, sounds professional, and appears to come from a person or company you recognize, it becomes much easier to click before thinking or hand over information you would never think to provide otherwise. AI makes that easier for attackers and more dangerous for everyone else.
A representative from Kaseya recently shared with us that AI enabled phishing emails are seeing 25% higher open rates than human crafted variations. While results can vary by campaign, audience, and security training maturity, the takeaway is clear: AI is making phishing more convincing, more scalable, and more profitable for criminals.
Traditional phishing emails were often easier to spot. They contained awkward wording, strange formatting, vague requests, or obvious spelling mistakes. AI has removed many of those warning signs.
Today’s phishing emails may reference your company, your vendors, your industry, recent business activity, or a real person inside your organization. They can be short and casual, formal and executive-sounding, or written in the exact tone of a normal business request.
Even worse, criminals can now generate hundreds of variations quickly. If one version does not work, they can adjust the subject line, tone, timing, sender name, or call to action until something lands. Here are some common variations of phishing scams we’re now seeing as a technology service provider:
• The message creates urgency, such as “today only,” “final notice,” “immediate action required,” or “payment must be processed now.”
• The sender asks you to bypass normal processes, especially for payments, password resets, MFA approvals, bank changes, or file access.
• The email sounds polished but slightly off, especially if the request does not match the sender’s usual behavior.
• The message includes a link to a login page, shared document, voicemail, invoice, shipping notice, or payment portal you were not expecting.
• The sender pressures you not to call, not to verify, or not to involve anyone else.
• The request involves gift cards, wire transfers, ACH changes, cryptocurrency, payroll updates, or sensitive business data.
We also want to note,accounts payable teams are especially vulnerable because their work already involves invoices, payment requests, vendor communication, banking details, and deadlines. AI gives scammers better tools to blend into that workflow.
A fake invoice used to be relatively basic. Now, an attacker can create a professional-looking invoice with realistic branding, matching language, convincing line items, and payment instructions that appear normal at first glance. In more advanced cases, criminals may combine fake invoices with compromised email accounts, vendor impersonation, cloned voices, or deepfake video messages that appear to come from an executive, vendor, or finance leader.
This is where deepfake invoice fraud becomes especially dangerous. The invoice itself may look real, but the larger scam may include an AI-generated voicemail, a realistic video message, or a spoofed email thread that appears to confirm the payment. The goal is simple: make the request feel legitimate enough that accounts payable processes it before anyone verifies the change.
Here’s how to avoid falling victim:
• Verify payment changes through a trusted channel. Do not use the phone number or email address included in the suspicious message. Use a known contact from your records.
• Require secondary approval for new vendors, bank account changes, large payments, urgent wires, and unusual invoice requests.
• Slow down when a message creates pressure. Urgency is one of the strongest signs that someone is trying to push you into a mistake.
• Check sender addresses carefully. Look for lookalike domains, extra letters, changed display names, and replies that come from unexpected addresses.
• Do not approve MFA prompts you did not initiate. Attackers often combine phishing with login attempts and push notification fatigue.
• Hover over links before clicking, and avoid logging in through links in unexpected emails. Go directly to the known website instead.
• Train employees with realistic phishing examples, including AI generated messages that look polished and professional.
• Use modern email security, MFA, endpoint protection, DNS filtering, and identity monitoring to reduce the chances that one bad click turns into a major incident.
• Build a culture where employees are praised for verifying suspicious requests. People should never feel embarrassed for slowing down a payment or asking for confirmation.
The bottom line is that AI does not create entirely new fraud. It makes old fraud faster, cheaper, more convincing, and easier to scale. That is why businesses need to stop treating phishing as a problem that only happens to careless people.
The strongest protection is a combination of technology, training, and processes. Email filtering helps, MFA helps, endpoint protection helps, but for payment fraud, business email compromise, and fake invoice scams, process matters just as much. A quick phone call directly to a known number for the person/company, a second approval, or a strict vendor change procedure can be the difference between catching a scam and wiring money to a criminal.
Fraud is getting more convincing. Your defenses need to become more deliberate. At Valley Techlogic we are continuously working on future proofing our customers against scams and intrusions, and all of our plans come with cybersecurity built in. Learn more today with a consultation.
Google’s annual conference I/O (which stands for In/Out) for developers just ended a couple of days ago and with it came a swath of updates meant to get developers excited in the tech that the company will be bringing forth in the near future. AI of course took the main stage and was heavily featured, but the most notable items probably came from the changes to Google’s flagship product, their search engine.
The word agentic when it comes to AI is tossed around a lot, but what do we really mean when we say agentic will be coming to Google search? Agentic means “someone or something that achieves outcomes independently” and thus far, that’s not something most AI tools are capable. Until the user is there entering a prompt the AI agent or tool is essentially dormant, waiting in limbo to be summoned for a task or query.
Google and the other tech behemoths in the space would like to change that, instead of waiting for you to ask, Google plans to introduce the ability to have a search that’s ongoing and happening in the background. If you want to stay on top of your favorite teams stats for the season, or to get an update when stocks you have invested in have a major change, you can set up a search that will continuously run and provide updates as they become available.
For those who like to stay up to date at every moment on their topics of interest this is an intriguing switch from the usual paradigm from “searcher” to just “scanner”, allowing you to catch up with all of your interests over your morning coffee without having to lift a finger. For others, it might be information overload.
Google is dubbing this feature “Information Agents” and it will be available to Pro & Ultra subscribers as early as this summer. The agents will also be able to do things like scan for tickets to a concert you have been wanting to attend and purchase them automatically when they become available, it can also book services like home repair or pet care on your behalf. In a nutshell, these agents are meant to simplify your day to day and have your tech doing more while you have to engage with the minutiae of everyday life less.
Not everyone would like to have things removed from their direct – and sole – oversight, however. As with the ChatGPT Finance announcement, some users are skeptical about allowing AI and the companies that back it such a deep and personal look into their private data. To be completely independent of the user Google has said their AI agents may review your emails, calendar events and more so it can make decisions on your behalf. The trade of convenience for privacy may be too much for some users to tolerate.
Other announcements at I/O included was the immediate release of Gemini 3.5 which included a UI re-design and changes to the chat bot, including more voice options. Another change coming to search is also the ability to have more contextual answers, for example if you ask it about a specific Monet painting it may just show you an image of the painting rather than a text description.
It should also be noted the news of Google’s sweeping investments in AI also came as Google quietly removed their commitments to reversing climate change, including removing the “net-zero carbon goal” from their website. As has been made abundantly clear, AI progress and climate sustainability are opposing viewpoints at the moment.
Regardless of how you feel about AI, it is here to stay and businesses that can take advantage of emerging updates and deploy them within their business strategically will be ahead of the game. Valley Techlogic can help you with AI strategies and safe AI deployments that will set your business ahead of the competition, learn more today with a consultation.
At the worst possible time, millions of students and educators found themselves locked out of Canvas, the digital backbone of classrooms across the country. What started as a cybersecurity incident quietly detected in late April 2026 exploded into one of the largest educational data breaches on record, hitting right as schools entered finals season.
Canvas is a cloud-based learning management system (LMS) operated by a company called Instructure. It is a digital hub where teachers post assignments, students submit work, grades are recorded, and classroom communication happens. Its reach is enormous. Canvas counts more than 30 million active users globally and serves over 8,000 institutions as customers. In North America alone, it is used by 41% of higher education institutions, alongside thousands of K-12 schools. When it goes down, millions of people feel it immediately.
The incident did not appear out of nowhere. Instructure first detected unauthorized activity on April 29, 2026, and began an internal investigation. For a few days, the situation seemed contained. Then, on May 7, everything changed.
Students logging into Canvas around 1�20 p.m. PDT found something unexpected on their dashboards: a ransom note. The message was signed by ShinyHunters, a well-known criminal hacking group, and it was blunt. It claimed the group had breached Instructure, accused the company of ignoring earlier contact attempts, and threatened to release all stolen data unless affected schools negotiated a ransom settlement through the encrypted messaging platform Tox by the end of May 12, 2026.
“Instead of contacting us to resolve it, they ignored us and did some ‘security patches,’” the group wrote on user dashboards.
Instructure took Canvas offline shortly after to contain the damage. The outage disrupted access during a critical period, leaving students and faculty at thousands of colleges and K-12 schools scrambling for course materials, assignments, and communications.
ShinyHunters claimed to have stolen 3.65 terabytes of data tied to approximately 275 million users across roughly 9,000 institutions worldwide. The list of affected schools included major universities like Columbia, Princeton, Harvard, and Georgetown, as well as large public school systems across the country.
The breach is considered the largest educational security incident on record by scope and scale. According to Instructure’s own investigation, the stolen data included:
• Names, email addresses, and student ID numbers
• Private messages exchanged between students and teachers
Instructure stated it found no evidence that passwords, dates of birth, government identification numbers, or financial information were compromised. That is meaningful, but the exposure of private messages and identifying information is still significant, particularly given how personally sensitive communications between students and educators can be.
Instructure issued an apology on May 11 and updated its status page to note that Canvas was back online with no indication of ongoing unauthorized activity. On May 12, the company announced that the stolen data had been “returned” following an agreement with the hackers.
Cybersecurity experts were quick to note that “returned” data does not mean deleted data. There is no reliable way to confirm that copies were not made or retained before any handover.
Instructure notified impacted organizations on May 5 and has advised that affected schools will be contacted directly. For students, parents, and staff, the school or institution itself is the recommended first point of contact. The company is also organizing a leadership webinar to share further details about the attack and steps taken to harden its systems.
If you use Canvas through a school or university, take these steps:
• Enable Multifactor Authentication (MFA) on your Canvas account and any other school platform that offers it. This single step dramatically reduces the risk of unauthorized access even if your credentials were exposed.
• Be skeptical of unexpected emails or messages referencing your Canvas account, your school, or this breach. Phishing attempts often follow major incidents and can be convincingly detailed when attackers already have your name and email address.
Schools and IT administrators should rotate Canvas integrations, API keys, and single sign- on connectors, and review authentication logs for unusual activity between April 25 and May 8, 2026, per guidance from both Instructure and the Federal Student Aid office.
The Canvas breach is a reminder that education technology has become critical infrastructure, and critical infrastructure is a target. When a single platform serves 41% of North American higher education, a single point of failure becomes a national-scale event. The timing compounded the damage. Finals week is the highest-stakes period of the academic calendar. For students preparing for exams, submitting final papers, or trying to reach professors, even a few hours of outage created real consequences.
The breach raises important questions about how much sensitive communication is flowing through third-party platforms, and what obligations companies like Instructure have to protect it. Private messages between students and teachers were never meant for anyone else. That data is now out in the world in some form, regardless of what “returned” officially means. Stay alert, update your account security, and watch for follow-up communications from your school’s IT department.
Valley Techlogic plans include cyber security support and prevention, and we have worked with those in educational space to create customized solutions that take student safety in mind (including content filtering, strategies to protect student data privacy, device security and more). Learn more about our security as a service solutions here.
If you’ve downloaded anything new from the Google Play Store recently you might want to be wary of the extra “features” that may have come along with it. It’s being reported that a new malware dubbed “NoVoice” has infected a number of Apps across the Google Play store.
The apps it was discovered in were not limited to one genre, the malware was found in cleaners, games, image galleries and more. At launch the apps didn’t request any additional suspicious permissions and worked as intended.
Longtime cybersecurity behemoth McAfee discovered the malware but it’s not currently being linked to any specific malware group or threat actor, and no one has claimed credit for the attack as of writing. After installation the malware tries to gain root access to your device by utilizing vulnerabilities found in unpatched devices (most of these exploits have been patched between 2016 and 2021) highlighting the importance of keeping your devices up to date on firmware.
According to the researchers at McAfee the infected payload hitched a ride on what looked like legitimate Facebook SDK classes, which then deployed an encrypted payload hidden inside a PNG before system wiping all traces of itself. If this sounds like a less delightful matryoshka doll in malware form that’s because it is.
It was also noted by researchers that the malware had built in capacity to avoid certain regions in China if the original app was given permission to detect location. All-in-all researchers noted that the malware would attempt to try 22 known vulnerabilities on the infected device in order to gain root access. It was also discovered the primary goal once it had access was to then steal data from WhatsApp specifically, although it should be noted due to the flexible design of this malware it could have been used to steal other data (this just wasn’t noted during discovery).
All affected apps have now been removed from the Google Play Store, and a Google representative issued a statement: “As an added layer of defense, Google Play Protect automatically removes these apps and blocks new installs. Users should always install the latest security updates available for their device.”
As NoVoice specifically targeted security flaws that were fixed before 2021, any device that has been updated since that time would be safe from this exploit. Regular patching and security updates are a core feature on every Valley Techlogic plan, we believe this helps:
Fix known vulnerabilities before attackers can exploit them
Reduce the risk of malware, ransomware, and unauthorized access
Keep systems compatible with current security tools and protections
Help maintain compliance with security standards and insurance requirements
Protect your business from threats today with a technology plan from Valley Techlogic, you can learn more about our services and get started here.
It starts with a single typo. You glance at a URL, it looks right, and you click. But what loaded in your browser wasn’t your bank, your HR portal, or your company’s file-sharing platform. It was a meticulously engineered trap, and the people behind it had been waiting for exactly this moment.
Domain-based deception isn’t new. But the tactics have grown sharper, faster, and far more difficult to spot with the naked eye. With over 300 million registered domain names in the world and new top-level domains being approved at a pace that can be hard to follow, scammers have more raw material than ever to work with.
Understanding their methods is the first step toward protecting yourself and your organization.
The anatomy of a fake domain
Before diving into specific tactics, it helps to understand what scammers are actually trying to do. Their goal is to create a web address that is visually close enough to a legitimate one that a busy, distracted reader won’t notice the difference. They then use that domain to host phishing pages, deliver malware, or intercept credentials.
The deception typically targets three things: the domain name itself, the top-level domain (the part after the final dot), and the subdomain structure. Sometimes all three are manipulated at once.
“The goal isn’t to fool careful readers. It’s to exploit the moments when no one is being careful.”
Typosquatting is the practice of registering domains that are one small error away from a well-known name. A missing letter, a transposed pair, a repeated character. The domains are cheap to register and the potential return is enormous.
Classic examples include swapping an “i” for an “l,” doubling a letter, or inserting a hyphen where none belongs. More recently, scammers have been exploiting the similarity between certain characters in different scripts, a technique sometimes called homograph or homoglyph spoofing.
Legitimate
microsoft.com
Typosquat
rnicros0ft.com
Legitimate
paypal.com
Typosquat
paypa1.com
At normal reading speed, on a small screen, or while skimming an email on your phone, these are nearly indistinguishable. That’s precisely the point.
The new TLD problem: .corn, .рaypal, and beyond
For decades, the internet ran on a handful of top-level domains: .com, .net, .org, .gov. Users learned to treat those suffixes as rough signals of legitimacy. That mental shortcut is now being exploited.
The Internet Corporation for Assigned Names and Numbers (ICANN) has approved hundreds of new generic top-level domains in recent years, including .app, .store, .finance, .cloud, and many more. Alongside these legitimate expansions, bad actors have been quick to spot and abuse visual lookalikes. The domain suffix .corn, for example, is close enough to .com that it has been used in phishing campaigns targeting users who click without examining the full address. Similarly, .co is a legitimate country-code domain for Colombia that has long been used, sometimes legitimately and sometimes deceptively, as a shorthand imitation of .com.
Watch out for
.corn instead of .com — a real top-level domain that reads as familiar at a glance.
.co instead of .com — widely used in legitimate startups, but also a common phishing suffix.
Internationalized domain names that use Cyrillic or Greek characters which render identically to Latin letters in many fonts.
Subdomain manipulation, such as paypal.com.account-verify.net, where the real domain is the one after the final dot, not the one you recognize.
One of the most effective and underappreciated techniques involves manipulating subdomains. Browsers display the full URL, but users have been trained to look for the familiar brand name, not to parse which part of the address actually controls the destination.
A URL structured as amazon.com.account-secure.xyz places a recognizable brand in what looks like the domain, but the authoritative domain is account-secure.xyz. The scammer owns that, not Amazon.
This technique is particularly effective in SMS phishing (smishing) attacks, where the entire URL is often truncated and users tap links quickly without examining them.
Modern browsers support internationalized domain names, which means a domain can be registered using characters from non-Latin scripts. The problem arises when those characters are visually identical, or nearly so, to their Latin counterparts.
The Cyrillic lowercase “а” and the Latin lowercase “a” look the same in most fonts. The Greek omicron “ο” is visually identical to the Latin “o.” By combining these characters, a scammer can register a domain that renders as “apple.com” in your browser’s address bar but resolves to an entirely different server.
Browser vendors have implemented some defenses against the most obvious abuses of this technique, but protection remains inconsistent across platforms and character combinations.
“When it comes down to it, you’re not reading the domain. You’re pattern-matching against a mental image of what it should look like.”
What’s changed in the last two years is not just the cleverness of individual attacks but the speed and scale at which they can be deployed. Generative AI tools have made it substantially easier for even low-skill operators to spin up convincing phishing pages, generate personalized lure emails, and register dozens of lookalike domains simultaneously.
So what can you do about it? Security researchers have observed campaigns where hundreds of typosquatted domains are registered in a single day, each pointing to a slightly different variant of a phishing page tailored to a specific target sector. Financial institutions, healthcare providers, and enterprise software platforms are the most frequent targets, but no industry is immune.
The threat landscape is complicated, but the protective behaviors that matter most are straightforward. Most successful domain spoofing attacks succeed not because the victim was foolish but because the conditions for clicking without thinking were carefully engineered.
Practical checklist
Hover over links before clicking to see the full destination URL, and read it from right to left, starting after the final dot.
Use a password manager that matches credentials to specific domains. If the URL is wrong, the manager won’t fill, which is your first warning.
Enable multi-factor authentication everywhere. A stolen password is far less useful when a second factor is required.
Treat any link sent via SMS, messaging apps, or email as suspect by default. Navigate to sensitive sites by typing the address directly or using bookmarks.
Report suspicious domains to your IT or security team. Early detection of a campaign targeting your organization can protect colleagues who haven’t seen it yet.
Domain-based attacks are successful because they exploit something deeply human: the tendency to use heuristics rather than careful analysis when under time pressure or cognitive load. Scammers are not usually trying to outsmart technically sophisticated users in their most alert moments. They’re engineering the conditions under which even careful people make mistakes.
The defensive answer is partly technical, partly procedural, and partly cultural. Security-aware organizations train people to slow down at the moment of a click, not just to use the right tools. That pause, the habit of looking twice at a URL before entering credentials, is often the difference between a near miss and a breach.
The next time a link looks almost right, trust that instinct. Almost right is how these attacks work, and education on this topic is the best way to stop scammers in their tracks. Below is a free resource on this topic to share with your team:
For specific guidance on protecting your organization, consult a qualified cybersecurity professional. If you need assistance in administering cyber security services (including Security Awareness Training) within your organization, Valley Techlogic can help. Learn more today through a consultation.
Some fraudsters have abandoned the awkward, obvious emails of the past decade in favor of a new gambit, this one focus on social media. Today, they operate where your business already lives: in your LinkedIn inbox, your Facebook admin panel, and your Twitter DMs. The scams are polished, convincing, and growing fast.
Social engineering attacks rely on manipulation rather than malware. Instead of breaking through your firewall, criminals exploit the one vulnerability no software patch can fix: human trust. In 2024 and into 2025, that manipulation has migrated aggressively onto social media platforms, targeting professionals, business owners, and marketing teams who use these networks as core business tools.
Understanding how these scams are constructed is the first line of defense. Here is a closer look at what is circulating on each major platform and what warning signs to watch for.
LinkedIn: fake job offers and recruiter impersonation
First, The fake job offer scam.One of the fastest-growing threat vectors on LinkedIn involves fraudulent job opportunities delivered via connection requests and direct messages. Attackers create convincing recruiter profiles, complete with employment histories, endorsements, and professional headshots, before reaching out to targets with lucrative-sounding roles at legitimate companies.
Once contact is established, the “recruiter” moves the conversation off-platform to WhatsApp or email and eventually asks for sensitive information under the guise of onboarding: copies of identification documents, bank account details for direct deposit setup, or payment for background checks and equipment deposits. In some cases, victims are sent fraudulent checks and asked to forward a portion of the funds before the check bounces.
Luckily there are a few common red flags you can look for to spot this one, such as:
The recruiter’s profile was created recently and has few connections or activity.
The job offer arrives unsolicited with an unusually high salary and vague responsibilities.
Also, a more targeted variant involves attackers creating near-duplicate profiles of a company’s senior executives or trusted colleagues. The impersonator connects with employees and then requests urgent wire transfers, gift card purchases, or credential resets, exploiting the authority of the mimicked identity. Because the message arrives through LinkedIn rather than email, many recipients lower their guard.
LinkedIn has acknowledged the scale of fake profile activity on its platform and introduced detection tools, but sophisticated actors continue to slip through. Treat any out-of-character financial or credential request from a connection with immediate skepticism, regardless of how authentic the profile appears.
Facebook: business account threats and fake admin messages
Businesses running Facebook Pages and advertising accounts have become prime targets for a scam that impersonates Meta support. The attack typically begins with a message, often arriving via Messenger or a business inbox, warning that the page violates community standards and faces imminent suspension. Targets are urged to click a link and “verify” their account to avoid action.
Those links lead to convincing phishing pages that harvest Facebook credentials, two-factor authentication codes, and in some cases payment information linked to the ad account. Once attackers gain access, they drain advertising budgets, lock out legitimate admins, or sell the established account to other bad actors.
Common red flags for this one are:
Urgent language around page violations sent through Messenger rather than through Meta’s official support system.
Links that route to domains that are not facebook.com or meta.com.
A related tactic involves fraudulent invitations to become a page or group administrator. Business owners receive what appears to be a legitimate Facebook notification asking them to accept an admin role for a page they do not recognize. Accepting grants the attacker reciprocal admin access to the victim’s own pages by exploiting Facebook’s cross-admin trust structure. The scammer can then post spam, remove the original owner, or use the page for further fraud.
Meta will never request login credentials or payment information through Messenger. Any urgent policy warning that arrives as a direct message, rather than through the official Meta Business Suite notification system, should be treated as fraudulent until verified directly through Meta’s help center.
Twitter (X): impersonation, verification badge scams, and crypto fraud
Since the overhaul of the platform’s verification program, bad actors have exploited user confusion around the blue checkmark by sending direct messages claiming the recipient’s account requires action to maintain its verified status or avoid suspension. These messages direct targets to external sites that steal credentials or payment details.
A parallel scam targets business accounts with messages purporting to be from the platform’s trust and safety team, warning of copyright violations or policy breaches and requesting immediate login through a provided link. The urgency and official-sounding language make these messages disproportionately effective against small business owners managing their own accounts.
Again, common red flags are:
Direct messages claiming to be from platform support, since X does not use DMs for official account actions
Requests to “re-verify” through a third-party link rather than within the native app settings
Also, we want to be clear, do not overlook email: phishing remains the dominant threat and it’s also always constantly evolving.
While social media scams command growing attention, it would be a significant mistake to treat email phishing as a solved problem. Email-based attacks remain by far the most prevalent form of social engineering, accounting for the majority of successful business data breaches year after year. Modern phishing emails have evolved far beyond the broken-English missives of the early 2000s: today’s attempts accurately mimic bank correspondence, software license renewal notices, internal HR communications, and delivery notifications, often using the target’s actual name, employer, and recent activity pulled from public or previously compromised data.
Business email compromise, a targeted phishing variant in which attackers impersonate executives or vendors to authorize fraudulent payments, cost U.S. businesses billions of dollars annually. The threat is consistent, scalable, and disproportionately effective against organizations that have not established clear verification procedures for financial requests.
Staff who know to question a suspicious LinkedIn message may still instinctively trust an email that appears to come from their bank or their own CEO. Awareness training must address both channels with equal rigor.
A local managed service provider like Valley Techlogic is your first line of defense.
Recognizing individual scam tactics is valuable, but the threat landscape shifts faster than most business owners can track. A local managed service provider like us brings dedicated security expertise, advanced email filtering and phishing simulation tools, and ongoing employee awareness training that keeps your team current with the latest social engineering techniques crossing every channel, from LinkedIn inboxes to email spoofing campaigns. We can also establish clear internal protocols for verifying unusual requests, configure multi-factor authentication across your accounts, and monitor for credential exposure before attackers can exploit it. Partnering with a trusted local provider means that when the next convincing scam lands in your inbox or your social feed, your business has both the technology and the training to recognize it before it does damage. Learn more today with a consultation.
Your managed service provider (or tech person) is supposed to be the safety net between your business and disaster. They monitor your systems, manage your backups, and promise to keep things running when everything else goes sideways. But how do you know they can actually deliver on that promise? The answer starts with five straightforward questions about business continuity. If your MSP stumbles on any of them, it is time to pay attention.
Question One: “What is our current recovery time objective, and how was it determined?”
Every business has a threshold for how long it can survive without its critical systems. That threshold is your recovery time. A capable MSP will not only know an estimate of your recovery time off the top of their head but will also be able to walk you through how they arrived at that number. It should reflect conversations about your` customer commitments, your compliance requirements, and the operational realities of your environment.
If your MSP gives you a blank stare or quotes a generic number that sounds like it came from a boilerplate contract, that is a problem. Your recovery time should be as specific to your business as your business plan. A provider who cannot articulate it has not done the foundational work required to actually protect you.
Question Two: “When was our disaster recovery plan last tested, and what were the results?”
A disaster recovery plan that has never been tested is not a plan. It is a guess. Testing reveals the gaps that documentation alone cannot uncover: the backup that restores slowly, the dependency nobody remembered, the credential that expired six months ago. Your MSP should be running tabletop exercises and full restoration tests on a regular cadence, and they should have documented results they can share with you.
If the last test was “a while ago” or “we have not gotten around to it,” you are operating on hope. Hope is not a business continuity strategy. A mature MSP treats testing as a recurring discipline, not a checkbox they tick once during onboarding.
Question Three: “If our primary systems went down right now, what is the exact sequence of events that follows?”
This question tests whether your MSP has a real, rehearsed incident response workflow or just a vague sense of what they would probably do. The answer should be specific. You want to hear about alerting protocols, escalation paths, communication plans for your team, the order in which systems get restored, and who is responsible for each step.
Vague answers like “we would get on it right away” or “our team would jump in” are not reassuring. They suggest a reactive culture rather than a prepared one. In a genuine outage, clarity and speed come from preparation. Every minute spent figuring out what to do next is a minute your business is losing money and trust.
The difference between a four-hour outage and a four-day outage often comes down to whether someone had to improvise or simply had to execute.
Question Four: “Where are our backups stored, and are they protected from the same threats as our primary environment?”
Backups that live in the same environment as your production systems are vulnerable to the same failures. A ransomware attack that encrypts your servers can just as easily encrypt your backups if they are sitting on the same network. Your MSP should be able to explain a layered backup strategy that includes offsite or cloud-based copies, immutable storage options, and air-gapped protections for your most critical data.
If your provider cannot clearly explain where your backups live, how they are isolated, and how often their integrity is verified, you are carrying more risk than you realize. This is not a technical footnote. It is the difference between recovering from an incident and starting over from scratch.
Question Five: “How do you ensure our business continuity plan evolves as our business changes?”
Businesses are not static. You add new applications, migrate workloads to the cloud, open new locations, onboard remote employees, and shift priorities quarter to quarter. Your continuity plan needs to keep pace with all of that. A strong MSP builds regular reviews into the relationship, reassessing your risk profile, updating recovery procedures, and adjusting priorities as your infrastructure and operations evolve.
If your MSP set up a plan two years ago and has not revisited it since, the plan is probably protecting a version of your business that no longer exists. Continuity planning is a living process, and a provider who treats it as a one-time project is not truly invested in your resilience.
Here are some warning signs your MSP (or tech person):
• They cannot produce documentation for your disaster recovery plan on request
• Backup reports are not shared with you proactively or on a regular schedule
• You have never been invited to participate in a recovery test or tabletop exercise
• Your last business continuity review predates a major change in your infrastructure
• Incident response feels improvised rather than rehearsed when issues arise
• They deflect technical questions with jargon instead of clear, direct answers
These five questions are not designed to be gotchas. They represent the bare minimum of what a competent managed service provider should know about your environment and your risk posture. The answers reveal whether your MSP is a genuine partner in protecting your business or simply a vendor collecting a monthly fee.
If your provider cannot answer these questions confidently and specifically, it’s time to find one that can. One that will have a serious conversation about expectations, accountability, and what business continuity actually looks like in practice. Your business deserves a partner who is ready before disaster strikes, not one who starts preparing after it does. Valley Techlogic can be that partner, learn more today.
We use cookies to improve your experience on our site. By using our site, you consent to cookies.
Cookie Preferences
Manage your cookie preferences below:
Essential cookies enable basic functions and are necessary for the proper function of the website.
Name
Description
Duration
Cookie Preferences
This cookie is used to store the user's cookie consent preferences.
30 days
Bing, powered by Microsoft, is a search engine providing web, image, video, and map search capabilities.
Name
Description
Duration
_uetvid
1 Year
KievRPSAuth
Helps to authenticate you when you sign in with your Microsoft account.
5 years
MSNRPSAuth
Helps to authenticate you when you sign in with your Microsoft account.
5 years
MSPAuth
Helps to authenticate you when you sign in with your Microsoft account.
5 years
PPAuth
Helps to authenticate you when you sign in with your Microsoft account.
5 years
CC
Contains a country code as determined from your IP address.
1 year
ANONCHK
Used to store session ID for a users session to ensure that clicks from adverts on the Bing search engine are verified for reporting purposes and for personalisation
10 minutes
ANON
Contains the A, a unique identifier derived from your Microsoft account, which is used for advertising, personalization, and operational purposes. It is also used to preserve your choice to opt out of interest-based advertising from Microsoft if you have chosen to associate the opt-out with your Microsoft account.
1 year
_uetvid
This is a cookie utilised by Microsoft Bing Ads and is a tracking cookie. It allows us to engage with a user that has previously visited our website.
16 days
_uetsid
This cookie is used by Bing to determine what ads should be shown that may be relevant to the end user perusing the site.
30 minutes
MSFPC
Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.
1 year
ACH01
Maintains information about which ad and where the user clicked on the ad.
End of session (browser)
x-ms-gateway-slice
Identifies a gateway for load balancing.
End of session (browser)
ToptOut
Records your decision not to receive interest-based advertising delivered by Microsoft.
1 year
AADSSO
Microsoft Microsoft Online Authentication Cookie
End of session (browser)
brcap
Microsoft Microsoft Online Authentication Cookie
1 year
MUID
Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.
1 year
MUIDB
Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.
1 year
MC1
Identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes.
1 year
MR
Used to collect information for analytics purposes.
6 months
MH
Appears on co-branded sites where Microsoft is partnering with an advertiser. This cookie identifies the advertiser, so the right ad is selected.
End of session (browser)
MS0
Identifies a specific session.
End of session (browser)
_UR
This cookie is used by the Bing advertising network for advertising tracking purposes.
1 year
NAP
Contains an encrypted version of your country, postal code, age, gender, language and occupation, if known, based on your Microsoft account profile.
1 year
childinfo
Contains information that Microsoft account uses within its pages in relation to child accounts.
5 years
kcdob
Contains information that Microsoft account uses within its pages in relation to child accounts.
5 years
kcrelid
Contains information that Microsoft account uses within its pages in relation to child accounts.
5 years
kcru
Contains information that Microsoft account uses within its pages in relation to child accounts.
5 years
pcfm
Contains information that Microsoft account uses within its pages in relation to child accounts.
5 years
ACLUSR
This cookie is used for advertisement tracking purposes.
1 year
_HPVN
Analysis service that connects data from the Bing advertising network with actions performed on the website.
1 year
MC0
Detects whether cookies are enabled in the browser.
End of session (browser)
_RwBf
This cookie helps us to track the effectiveness of advertising campaigns on the Bing advertising network.
1 year
MSPProf
Helps to authenticate you when you sign in with your Microsoft account.
5 years
SRM_B
Collected user data is specifically adapted to the user or device. The usercan also be followed outside of the loaded website, creating a picture of the visitor's behavior.
1 year
WLSSC
Helps to authenticate you when you sign in with your Microsoft account.
5 years
MSPTC
This cookie registers data on the visitor. The information is used to optimize advertisement relevance.
1 year
ACL
This cookie is used for advertisement tracking purposes.
3 months
BFB
This cookie is used for advertisement tracking purposes.
1 year
BFBUSR
This cookie is used for advertisement tracking purposes.
1 year
BCP
This cookie is used for advertisement tracking purposes.
1 year
OIDR
This cookie is used by the Bing advertising network for advertising tracking purposes.
3 months
OIDI
This cookie is used by the Bing advertising network for advertising tracking purposes.
3 months
OID
This cookie is used by the Bing advertising network for advertising tracking purposes.
3 months
Hotjar is a powerful analytics tool that helps you understand user behavior through heatmaps and session recordings.
Name
Description
Duration
_hjSessionUser_1849187
1 Year
_hjShownFeedbackMessage
This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.
365 days
_hjDonePolls
Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.
365 days
_hjMinimizedPolls
Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.
365 days
_hjDoneTestersWidgets
Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.
365 days
_hjMinimizedTestersWidgets
Hotjar cookie. This cookie is set once a visitor minimizes a Recruit User Testers widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.
365 days
_hjHasCachedUserAttributes
This cookie sets when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID.
365 days
_hjCookieTest
This cookie checks to see if the Hotjar Tracking Code can use cookies. If it can, a value of 1 is set.
Session
_hjUserAttributesHash
User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.
session
_hjCachedUserAttributes
This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool.
session
_hjLocalStorageTest
This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted immediately after creating it so the expected storage time is under 100ms.
-
_hjid
Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
365 days
hj_visitor
hotjar uses cookies to enhance the user’s experience on our website, for example to complete forms, navigating the site, and identify returning users and offer related content. Users can control the use of cookies at the individual browser level.
Session
_hjIncludedInSample
Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.
365 days
_hjClosedSurveyInvites
Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.
365 days
_hjSessionRejected
If present, this cookie will be set to 1 for the duration of a user’s session, if Hotjar rejected the session from connecting to our WebSocket due to server overload. This cookie is only applied in extremely rare situations to prevent severe performance issues.
session
_hjIncludedInSessionSample
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit
30 minutes
_hjSession_
A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the same Hotjar session.
30 minutes
_hjSessionUser_
Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
365 days
_hjSessionTooLarge
Causes Hotjar to stop collecting data if a session becomes too large. This is determined automatically by a signal from the WebSocket server if the session size exceeds the limit.
session
_hjSessionResumed
A cookie that is set when a session/recording is reconnected to Hotjar servers after a break in connection.
session
hjViewportId
This cookie stores user viewport details such as size and dimensions.
Session
_hjSessionStorageTest
This cookie checks if the Hotjar Tracking Code can use Session Storage. If it can, a value of 1 is set.
Session
_hjTLDTest
When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
session
_hjIncludedInPageviewSample
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's page view limit.
30 minutes
_hjFirstSeen
The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
30 minutes
_hjAbsoluteSessionInProgress
The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
30 minutes
_hjptid
This cookie is set for logged in users of Hotjar, who have Admin Team Member permissions. It is used during pricing experiments to show the Admin consistent pricing across the site.
session
Statistics cookies collect information anonymously. This information helps us understand how visitors use our website.
Google Analytics is a powerful tool that tracks and analyzes website traffic for informed marketing decisions.
Used by Google Analytics to determine which links on a page are being clicked
30 seconds
_gid
ID used to identify users for 24 hours after last activity
24 hours
_gat
Used to monitor number of Google Analytics server requests when using Google Tag Manager
1 minute
_gac_
Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together.
90 days
__utmx
Used to determine whether a user is included in an A / B or Multivariate test.
18 months
__utmv
Contains custom information set by the web developer via the _setCustomVar method in Google Analytics. This cookie is updated every time new data is sent to the Google Analytics server.
2 years after last activity
__utmz
Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server
6 months after last activity
__utmc
Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session.
End of session (browser)
__utmb
Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server.
30 minutes after last activity
__utmt
Used to monitor number of Google Analytics server requests
10 minutes
__utma
ID used to identify users and sessions
2 years after last activity
Hotjar is a powerful analytics tool that helps you understand user behavior through heatmaps and session recordings.
Name
Description
Duration
_hjShownFeedbackMessage
This cookie is set when a visitor minimizes or completes Incoming Feedback. This is done so that the Incoming Feedback will load as minimized immediately if they navigate to another page where it is set to show.
365 days
_hjMinimizedTestersWidgets
Hotjar cookie. This cookie is set once a visitor minimizes a Recruit User Testers widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.
365 days
_hjDoneTestersWidgets
Hotjar cookie. This cookie is set once a visitor submits their information in the Recruit User Testers widget. It is used to ensure that the same form does not re-appear if it has already been filled in.
365 days
_hjMinimizedPolls
Hotjar cookie. This cookie is set once a visitor minimizes a Feedback Poll widget. It is used to ensure that the widget stays minimizes when the visitor navigates through your site.
365 days
_hjDonePolls
Hotjar cookie. This cookie is set once a visitor completes a poll using the Feedback Poll widget. It is used to ensure that the same poll does not re-appear if it has already been filled in.
365 days
_hjClosedSurveyInvites
Hotjar cookie. This cookie is set once a visitor interacts with a Survey invitation modal popup. It is used to ensure that the same invite does not re-appear if it has already been shown.
365 days
_hjIncludedInSample
Hotjar cookie. This session cookie is set to let Hotjar know whether that visitor is included in the sample which is used to generate funnels.
365 days
hj_visitor
hotjar uses cookies to enhance the user’s experience on our website, for example to complete forms, navigating the site, and identify returning users and offer related content. Users can control the use of cookies at the individual browser level.
Session
_hjid
Hotjar cookie. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
365 days
_hjHasCachedUserAttributes
This cookie sets when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID.
365 days
_hjSessionResumed
A cookie that is set when a session/recording is reconnected to Hotjar servers after a break in connection.
session
hjViewportId
This cookie stores user viewport details such as size and dimensions.
Session
_hjSessionStorageTest
This cookie checks if the Hotjar Tracking Code can use Session Storage. If it can, a value of 1 is set.
Session
_hjTLDTest
When the Hotjar script executes we try to determine the most generic cookie path we should use, instead of the page hostname. This is done so that cookies can be shared across subdomains (where applicable). To determine this, we try to store the _hjTLDTest cookie for different URL substring alternatives until it fails. After this check, the cookie is removed.
session
_hjCookieTest
This cookie checks to see if the Hotjar Tracking Code can use cookies. If it can, a value of 1 is set.
Session
_hjUserAttributesHash
User Attributes sent through the Hotjar Identify API are cached for the duration of the session in order to know when an attribute has changed and needs to be updated.
session
_hjCachedUserAttributes
This cookie stores User Attributes which are sent through the Hotjar Identify API, whenever the user is not in the sample. These attributes will only be saved if the user interacts with a Hotjar Feedback tool.
session
_hjLocalStorageTest
This cookie is used to check if the Hotjar Tracking Script can use local storage. If it can, a value of 1 is set in this cookie. The data stored in_hjLocalStorageTest has no expiration time, but it is deleted immediately after creating it so the expected storage time is under 100ms.
-
_hjSessionTooLarge
Causes Hotjar to stop collecting data if a session becomes too large. This is determined automatically by a signal from the WebSocket server if the session size exceeds the limit.
session
_hjSessionRejected
If present, this cookie will be set to 1 for the duration of a user’s session, if Hotjar rejected the session from connecting to our WebSocket due to server overload. This cookie is only applied in extremely rare situations to prevent severe performance issues.
session
_hjSessionUser_
Hotjar cookie that is set when a user first lands on a page with the Hotjar script. It is used to persist the Hotjar User ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.
365 days
_hjSession_
A cookie that holds the current session data. This ensues that subsequent requests within the session window will be attributed to the same Hotjar session.
30 minutes
_hjIncludedInSessionSample
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's daily session limit
30 minutes
_hjIncludedInPageviewSample
This cookie is set to let Hotjar know whether that visitor is included in the data sampling defined by your site's page view limit.
30 minutes
_hjFirstSeen
The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
30 minutes
_hjAbsoluteSessionInProgress
The cookie is set so Hotjar can track the beginning of the user's journey for a total session count. It does not contain any identifiable information.
30 minutes
_hjptid
This cookie is set for logged in users of Hotjar, who have Admin Team Member permissions. It is used during pricing experiments to show the Admin consistent pricing across the site.
session
Marketing cookies are used to follow visitors to websites. The intention is to show ads that are relevant and engaging to the individual user.
Beamer is a presentation software that enables users to create engaging, interactive slideshows for diverse audiences.
Name
Description
Duration
_BEAMER_USER_ID_DjYMYPMX42643
1 Year
_BEAMER_LAST_UPDATE_DjYMYPMX42643
1 Year
_BEAMER_LAST_POST_SHOWN_DjYMYPMX42643
1 year
_BEAMER_FIRST_VISIT_DjYMYPMX42643
-
_BEAMER_FIRST_VISIT_
Set by Beamer (hotjar.com) to store the date of the user’s first interaction with insights.
3000 days
_BEAMER_USER_ID_
Set by Beamer (hotjar.com) to store an internal ID for a user.
300 days
_BEAMER_DATE_
Set by Beamer (hotjar.com). Stores the latest date in which the feed or page was opened.
300 days
_BEAMER_LAST_POST_SHOWN_
Set by Beamer (hotjar.com). Stores the timestamp for the last time the number of unread posts was updated for the user.
300 days
_BEAMER_FILTER_BY_URL_
This cookie is set by Beamer to store whether to apply URL filtering on the feed
20 minutes
Facebook Pixel is a web analytics service that tracks and reports website traffic.
