Apple has at long last released the promised Apple Music Classical app. It’s a free iPhone app for Apple Music subscribers that looks and works much like the standard Music app. However, Apple has adjusted it extensively under the hood to work better with classical music, where there are many recordings of the same work by different artists. Apple also improved the metadata—normalizing composer names and adding work and movement tags—for the 5 million classical tracks in Apple Music. For instance, you can search by work, composer, conductor, opus number, and key, something that worked poorly before. Apple Music Classical is a significant improvement for classical music fans, and it provides expert recommendations and playlists for those interested in getting started. Alas, there’s no Mac version yet, and the iPad is limited to using the scaled-up iPhone app.

(Featured image by iStock.com/cyano66)

Many businesses, schools, and other organizations have adopted cloud storage services like Box, Dropbox, Google Drive, and Microsoft OneDrive for excellent reasons. Cloud storage provides a centralized spot for shared data without the up-front cost or maintenance issues of a network-attached storage device. It also allows individuals to access the same files on multiple devices and significantly enhances collaboration by allowing multiple people to work on the same file.

All cloud storage services provide a simple Web-based interface that’s the least common denominator. The Web interfaces look and work the same for everyone, regardless of platform. Unfortunately, they’re clumsier—sometimes much more so— than working with the same files in the Mac’s Finder.

Luckily, cloud storage services also provide deep integration with the Finder. If you haven’t already installed your cloud storage service’s Mac app, we strongly encourage you to do so. Here are links for the big four; others will likely provide similar apps.

• Box Drive
• Dropbox
• Google Drive for Desktop
• OneDrive for Mac

Once the software is installed, you’ll find an item in the Locations portion of your Finder window sidebar that provides access to everything in your cloud storage, as though it were on an external hard drive connected to your Mac. You can quickly rename files, add folders, move files between folders, and perform other basic Finder tasks. The services also install menu bar items you can click to access settings, activity, and other controls (Dropbox shown below).

Cloud storage is not the same as an external hard drive, of course, so you need to keep certain facts in mind when using cloud-based data in the Finder. Some of this information has changed within the last few months, as cloud storage providers have migrated from Apple-deprecated custom kernel extensions to Apple’s recommended File Provider extension. (The migration is still underway for Dropbox users.) Here are the most important things to know.

Data May or May Not Be Stored on Your Mac’s Drive

When integrating a cloud storage service into the Finder, it’s reasonable to ask where the data is actually stored. The short answer is that it’s always stored online, but it might also be stored on your Mac. All cloud-based files are either online-only, at which point all you see is a placeholder icon on your Mac, or offline, which means a copy of the files exists on your Mac. Online-only files and folders have a little cloud icon next to their names in the Finder; offline files lack that icon.

When you double-click an online-only file, the service’s Mac software downloads it in the background so it can open in the appropriate app. You shouldn’t notice a delay with small files, although it may become more noticeable with very large files or over slow Internet connections. And, of course, if you’re on an airplane or somewhere without connectivity, you can’t open online-only files at all. On the plus side, they don’t take up any space on your Mac’s drive until you open them.

You can control which files and folders are online-only and which are offline. Control-click the file or folder and look for commands like Download Now or Make Available Offline to bring its contents down to your Mac, or use commands like Remove Download or Make Online-Only to remove the download to save space.

All Your Files Live In ~/Library/CloudStorage

So where are the offline copies of cloud-based files stored on your Mac? It may seem like they’re on a drive of their own, but in reality, they’re stored in your home folder’s hidden Library folder, in a folder called CloudStorage. (To see the Library folder, open the Finder’s Go menu and press Option.) You never have to go there directly, but it can be useful to keep in mind when setting up backups, moving data between Macs, and more.

Only OneDrive Supports External Drives

There is an important caveat to the requirement that all cloud-based files live in ~/Library/CloudStorage. That folder lives on your Mac’s internal drive, which may not have sufficient space to store offline copies of all your cloud-based data. Before the switch to Apple’s File Provider extension, the cloud storage services let you store the offline copies of your files on an external hard drive. That’s no longer possible with Box, Dropbox, and Google Drive. Microsoft OneDrive has worked around this limitation, allowing you to specify an external drive as your cache to maintain a copy of offline data separately from the state of the items in the CloudStorage folder. (If you manage terabytes of offline files, particularly for audio or video editing work, check out the completely different LucidLink service.)

Dragging Files Moves Rather than Copies

When you work with an external hard drive or network drive, dragging a file from your Mac’s internal drive to one of those copies it because it’s going to a different volume. Although the cloud storage services seem to be separate volumes (some were in the past), they no longer act that way. That’s because all the data lives in the CloudStorage folder on your internal drive, so dragging a file out of Google Drive, say, moves it, just as though you dragged a file from one folder on your internal drive to another. It’s not a problem—and the services warn you about it—but keep it in mind.

Moved or Trashed Files Remain Available Online, at Least Temporarily

What happens to the online version of a file when you move it from the cloud storage service on your Mac to another location on your Mac’s internal drive? Good question, and the answer is that it ends up in the trash equivalent on the service’s website. Cloud storage services generally retain such files for some time—30 days is common—after which they go away for good.

When you delete a cloud-based file in the Finder, the same thing happens: it ends up in the service’s online trash equivalent. However, what happens on your Mac varies by service, so testing with a sacrificial file is worthwhile. For example, if you delete an offline file in Dropbox, it moves to the Mac’s Trash. However, if you delete an online-only file, Dropbox warns you that it will be deleted immediately, and it disappears instantly from the Mac rather than moving to the Trash. You can still find it in Dropbox’s Deleted Files folder on the Dropbox website. In contrast, deleting either type of file from Google Drive moves it to the Mac’s Trash (and puts it in Google Drive’s online Trash folder).

Sharing Files and Paths with Colleagues

All the cloud storage services let you Control-click a file and copy a link. When a co-worker clicks that link, it will open in the cloud storage service’s Web interface or possibly in an online version of the app that created it. That may be fine, but our experience is that they won’t be able to find the file again in the future.

To help colleagues learn where files are in a shared cloud-based folder structure, send them the path to the file—the full list of folders containing the file. The trick for getting it is to select the file in the Finder, Option-click the Edit menu, and choose Copy “MyFile” as Pathname.

The start of the path is specific to your Mac, so delete that and leave the rest. For instance, when you paste the path, if you get this:

/Users/foobar/Library/CloudStorage/GoogleDrive-foobar@example.com/My Drive/GroupShared/Buzz/Posts/Buzz-0004.pdf

Trim it as follows to clarify that the file is in the Posts folder, which is in the Buzz folder, and that’s in  a top-level folder called GroupShared:

/GroupShared/Buzz/Posts/Buzz-0004.pdf

Searches May Work Poorly for Online-Only Content

The split between online-only and offline files also affects how Spotlight and other content-based searches work. As you would imagine, if a file is online-only, there’s no way Spotlight can index its content, so Spotlight won’t be able to find such files based on content searches. Some of the cloud storage services offer content-based searches, so with Google Drive, for instance, if you initiate a search from its Web interface, it will find all files containing the search terms even when they’re set to online-only on your Mac.

Filename searches in Finder windows should work regardless of online-only/offline state, although we’ve experienced problems when trying to limit the scope within the service’s Mac folder—search the This Mac scope for the best results. (Click the This Mac button after starting the search if necessary.) You may also have good luck with third-party search utilities like EasyFind and Find Any File.

Backups Work Only for Offline Content

Finally, remember that Mac backup systems like Time Machine and Backblaze cannot back up online-only files because they don’t actually exist on your drive. At best, such backup apps will show the placeholder for the file but won’t back up its content. They work fine for offline files, of course, but if you have to find a particular file or folder when restoring, remember that backup apps other than Time Machine will probably see it as stored in ~/Library/CloudStorage.

Should you care if your cloud-based files are backed up locally? Cloud storage systems automatically protect data against drive failure or other problems in the cloud. Plus, any shared data that one of your collaborators deletes from their Mac—inadvertently or maliciously—should be maintained in that person’s online trash, even if it seems to disappear.

However, we’d argue that it’s all too easy to lose or corrupt cloud-based data such that you want a local backup. We’ve seen too many situations where cloud-based files went missing or had problems. In those cases, a local backup provided an essential fallback or welcome peace of mind.

To ensure that your cloud-based files are backed up alongside your other files, you must make sure they’re stored offline long enough to get into your backups. Select top-level folders, make them offline, and wait until everything has downloaded and been backed up. If you need the space back, you can return some folders to being online-only. Pay attention to new files added by other devices or people since they may be online-only by default and thus fail to be included in your backups.

For backup of an organizational cloud storage account, it might make more sense to use a service like Backupify, CloudAlly, or CubeBackup, or to rely on something like a Synology NAS device with Cloud Sync. But that’s a topic for another day or another discussion—get in touch to learn more.

(Featured image by iStock.com/Galeanu Mihai)

The Mac’s Desktop is a remarkably useful place. It’s a good spot for in-progress documents, screenshots, images dragged out of Web pages, and more. However, app windows tend to obscure the Desktop, making it harder to use. There are two quick ways you can temporarily hide windows, making it easy to access icons on the Desktop. In macOS 13 Ventura, in System Settings > Desktop & Dock, click the Shortcuts button at the bottom and assign a keyboard shortcut to Show Desktop (we like the Right Option key). Or click Hot Corners and choose Desktop for one of the corners. (In macOS 12 Monterey and earlier, look in System Preferences > Mission Control.) Then, press that keyboard shortcut or put your pointer in that corner to move your windows aside temporarily. When you’re done, press the key or move the pointer there again to put the windows back.

(Featured image based on an original by iStock.com/AmnajKhetsamtip)

Social Media: The Mac’s Desktop is a great place for in-progress documents, screenshots, and other things you’re working on, but only if you can get to it easily. Read on for two little-known tricks for temporarily pushing windows aside.

Have you heard of ChatGPT? It’s likely—the service was launched in November 2022 and gathered 1 million users in the first week. It now has over 100 million users. However, many people are still unaware of it. If you haven’t heard of ChatGPT—or have heard of it but are unclear on what it is or what effect it and similar AI services might have on the world—read on.

ChatGPT is an AI-powered chatbot designed to mimic a human conversationalist. Its goal is to make communicating with computers more natural. Type anything into ChatGPT, and it will respond in clearly written English. You can also ask it to write things for you, like email responses or school essays, and it can generate text in a wide variety of styles, generating fairy tales, poetry, and even computer code. Unlike most chatbots, ChatGPT remembers what you’ve said and considers that context in its replies.

One way to think of ChatGPT is as a sort of search engine like Google or Microsoft’s Bing. There are three huge differences, however. First, ChatGPT answers your queries directly, rather than presenting you with a list of websites that contain information about your query. Second, although it sounds confident, ChatGPT often gets facts wrong. Third, if you ask ChatGPT the same question twice, you might not get precisely the same answer—there’s an element of randomness in its responses.

How could this be? ChatGPT is what’s called a “large language model,” a neural network that trains itself on extremely large quantities of text—reportedly 300 billion words from 570 GB of datasets. That means ChatGPT doesn’t “know” anything. Instead, it looks at a prompt and generates a response based on the probability that one word follows another. In some ways, it’s the ultimate form of auto-complete. Ask ChatGPT to write a fairy tale, and it will start “Once upon a time” because in its training data, text that matches the prompt of “fairy tale” very likely begins with those words. That’s also the source of its mistakes—just because words occur near one another says nothing about their relationship.

It’s difficult to avoid anthropomorphizing ChatGPT and similar AI-driven chatbots that are flooding the market. Their answers sound utterly convincing, but again, they don’t “know” anything. Despite AI being short for “artificial intelligence,” they don’t think (whatever that might mean). They have no agenda and aren’t trying to convince or mislead.

Rather than think of an AI as a person on the other side of the screen, it’s essential to realize its limitations, a few of which include the following:

• AI-generated text tends to use generalities without much supporting detail, at least without further prompting. Non-experts may not notice, but experts often cringe when they read AI-generated text.
• When details are present, there’s no guarantee that they’re correct. They could be slightly off or ludicrously wrong, so you must double-check everything before assuming it’s true.
• If the desired information isn’t in the training set or is only weakly included, conversations about it can get weird. Notably, ChatGPT’s training data is from before 2021, so it can’t converse about anything more recent than that. Plus, it can completely fabricate answers. (When asked about American marathoner Keira D’Amato, ChatGPT stated that she held the world record for the mile while balancing a fruit basket on her head, which has no basis in reality.)
  
• When prompts contain words that have multiple meanings, like break, run, and set, AI chatbots can return nonsensical results that confuse the different meanings.
• Although the programmers behind AI chatbots try to head off requests aimed at producing obviously racist, sexist, or otherwise offensive responses, the training data includes all sorts of biased and even hateful text. As a result, AI chatbots can say things that are either explicitly or implicitly problematic.

Despite these very real concerns, the AI genie is out of the bottle. The two highest-profile announcements have come from Microsoft and Google. Microsoft has invested in ChatGPT-maker OpenAI and integrated the technology behind ChatGPT into a new version of its Bing search engine (available only in the Microsoft Edge browser for now), whereas Google, which pioneered the technology underpinning ChatGPT, has now released its own AI chatbot, Bard.

Those are just the tip of the iceberg. We’ve also seen AI appearing in products that can help write code, summarize meeting notes, polish email messages, and even create unlimited text adventure games. CARROT Weather, the famously snarky iPhone weather app, has even integrated ChatGPT and tuned it to respond with attitude.

It’s early days, but many people have already found good uses for ChatGPT. For instance:

• If you’re faced with writing a difficult email, consider asking ChatGPT to draft it for you. It likely won’t be perfect, but you might get some text that you can tweak to make it better serve your needs. In fact, for many forms of writing, ChatGPT can both give you a draft to start from and suggest improvements to what you write. This is especially useful for people who struggle with writing in English.
• ChatGPT can help generate code. For inexperienced programmers, it’s a good start, and for long-time coders, ChatGPT can save typing and debugging time. We tried asking it to write an AppleScript that would create a sequentially numbered calendar event every Monday, and although it didn’t work on the first try, after telling it about the errors generated by the code, it arrived at a functional script.
• We know people who enjoy composing doggerel for birthday cards. If you’d like to do that but can’t come up with the words or rhymes, ask ChatGPT. For instance, try asking it to write a “roses are red” poem on a particular topic. Or ask it for a country music song— but don’t buy a ticket to Nashville.
• Need to come up with a clever name for a project or event? Ask ChatGPT to give you ideas that are three or four words long and include certain concepts. Keep asking it to refine or nudge it in new directions. It may not generate exactly what you want, but it will give you lots of ideas to combine on your own.
• If you’re editing some confusingly written text, you can ask ChatGPT to simplify the language in the paragraph. Again, it may not be perfect, but it might point you in a useful direction.

What all these examples have in common is that they use ChatGPT as a tool, not as a replacement for a person. It’s at its best when it’s helping you to improve what you already do. For instance, it won’t replace a programmer, but it can help get you started with simple scripts. The hard part is learning how to prompt it to output the results you want, but remember, it’s not a person, so you can keep asking and nudging until you’re happy with the results.

There are many reasons to be skeptical of how AI services are being used, and we recommend using them cautiously. But given the levels of interest from businesses and users alike, it seems that they’re here to stay.

(Featured image by iStock.com/Userba011d64_201)

Occasionally, we hear from a client who needs to document a Messages conversation with timestamps, perhaps as part of a lawsuit. The only way to do that on an iPhone or iPad is to take a series of screenshots, but if you have a Mac, there are additional options. The easiest approach is to select the conversation, choose File > Print, and save it as a PDF. If you need a different format, try the macOS iMazing app, which can export all or selected messages from an iPhone backup in PDF, Excel, CSV, and text. It can also export attachments. The trial version lets you extract up to 25 items, and it’s only $39.99 if you have more significant iPhone exporting needs.

(Featured image by iStock.com/Morakot Kawinchan)

When upgrading to a new version of macOS, we err on the side of caution, at least in our recommendations. (We’ve been using macOS 13 Ventura for some time now and often install beta releases on secondary machines for testing purposes.) Upgrading is easy, but if you upgrade too soon, the new macOS version could make key apps inoperable, create workflow interruptions, or cause other negative consequences. On the other hand, waiting too long can cause problems—it’s important to stay in sight of the cutting edge for security reasons and to take advantage of Apple’s advances. Upgrading is not an if question; it’s a when question.

That when could be now. There’s no reason you must upgrade to macOS 13 Ventura right away, but if you want to, you should now be able to do so without undue interruptions. Ventura has been quite stable and has received only three updates since its initial release in October 2022:

• macOS 13.0.1 provided just unspecified bug fixes and two security fixes.
• macOS 13.1 introduced the Freeform digital whiteboard app, Advanced Data Protection for iCloud, improved searching for photos in Messages, participant cursors for shared notes in Notes, and the option to play sounds in the Find My app. There were also a couple of bug fixes and important security fixes.
• macOS 13.2 added support for Security Keys for Apple ID for those who need the utmost security, fixed a few bugs, and blocked more security vulnerabilities.

Apple may have another feature or two up its sleeve for Ventura, and we’ll undoubtedly see more updates to address bugs and newfound security vulnerabilities, but there’s no significant reason to wait any longer.

That said, you can continue to delay as long as you’re running macOS 11 Big Sur or macOS 12 Monterey and are staying up to date with Apple’s security releases. (Both have received important updates recently.) Earlier versions of macOS no longer receive security fixes, rendering them more vulnerable to attack. Reasons to delay include:

• You’re too busy. The upgrade process will take a few hours, and it may take additional time to configure everything properly afterward. When you are ready to upgrade, aim for when a little downtime will be convenient.
• You’re still using incompatible software. The jump from Big Sur or Monterey to Ventura isn’t a big one, so most modern apps should have been updated to ensure compatibility with Monterey by now. But if you’re still running macOS 10.14 Mojave or earlier with 32-bit apps, you’ll lose access to them if you upgrade. (That first happened with macOS 10.15 Catalina in 2019.) With Mojave no longer receiving security updates, you need to find replacements for those apps and upgrade soon.
• You need consistent versions for workflow reasons. We’re unaware of any examples here, but it’s not inconceivable that a coworker could be stuck on an older version of macOS and thus older versions of shared productivity apps. If your upgrade would force you to update those apps and introduce compatibility issues when collaborating with that coworker, you may have to wait until your coworker can upgrade as well.

Ventura won’t upend your experience of using a Mac, but it has numerous useful features, large and small. Along with the features mentioned above that shipped in updates, the new iCloud Shared Photo Library enables you to share photos and videos with up to five family members in a separate shared library. Stage Manager provides a new paradigm for window management. Messages lets you edit messages, undo sending, and mark conversations as unread. Similarly, Mail lets you undo sending, schedule messages to send later, and get follow-up reminders for replying. For better videoconferencing quality, Continuity Camera enables you to use your iPhone as a webcam, complete with Desk View for showing what’s on your desk during a call. The Mac finally gets its own Weather app. Perhaps even more important, Ventura shares some of these features with Apple’s other operating systems: iOS 16, iPadOS 16, watchOS 9, and tvOS 16. To take full advantage of those features across all your Apple devices, your Mac must be running Ventura.

However, we want to be upfront about one downside to upgrading to Ventura. Apple replaced System Preferences with System Settings. While we wouldn’t have described System Preferences as having a stellar user interface, it was at least familiar after decades of use. The new System Settings, which tries to mimic the Settings app in iOS and iPadOS, moves numerous settings around and makes some odd and unfortunate design decisions. You may find yourself relying heavily on its search field to find commonly used options.

Before You Upgrade

Once you’ve decided to upgrade to Ventura, you have three main tasks:

• Update apps: Make sure all your apps are as up-to-date as possible. If you regularly put off updates, now’s the time to let them complete so you have Ventura-compatible versions.
  
• Clear space: Ventura needs about 25 GB of free space to upgrade, and the Ventura installer itself is about 12 GB, so we recommend making sure you have at least 37 GB free. Don’t cut this close—you should always have at least 10–20% free space for virtual memory, cache files, and breathing room. Check by choosing About This Mac from the Apple menu and then clicking Storage.
  
• Make a backup: Never, ever install an update to macOS without ensuring that you have at least one current backup first. In an ideal world, you’d have an updated Time Machine backup, a bootable duplicate, and an Internet backup. That way, if something goes wrong, you can easily restore.
  

Upgrading

After completing the above-listed tasks, ensure you don’t need your Mac for a few hours. There’s no telling exactly how long the upgrade will take, so never start an upgrade if you need the Mac soon.

Initiating the upgrade is just a matter of opening System Preferences > Software Update, clicking the Upgrade Now button, and following the instructions. If you’d like more handholding, check out Joe Kissell’s ebook Take Control of Ventura.

After You Upgrade

Part of the reason to set aside plenty of time for your Ventura upgrade is that there are usually cleanup tasks afterward. We can’t predict precisely what you’ll run into, depending on what version of macOS you’re running now and what apps you use, but here are a few situations we’ve noticed in the past:

• macOS may need to update its authentication situation by asking for your Apple ID password, your Mac’s password, and if you have another Mac, its password too. Don’t worry that your Mac has been compromised by malware—it’s fine.
• Some apps may have to ask for various permissions even though you previously granted them. Again, that’s fine and won’t happen again.
• If you use your Apple Watch to unlock your Mac and apps (and you should, it’s great!), you may need to re-enable that in System Settings > Touch ID & Password (it’s an example of something that moved; previously, it was in System Preferences > Security & Privacy > General).
• If you use Gmail, Google Calendar, or other Google services, you may need to log in to your Google account again.
• Websites that usually remember your login state may require that you log in again. If you’re using a password manager like 1Password, that’s easy.
• You may have to re-enable text message forwarding to your Mac. You do this on your iPhone in Settings > Messages > Text Message Forwarding.

With all that housekeeping done, it’s time to check out all the new features in Ventura!

(Featured image by Apple)

This feature evokes one of those “living in the future” moments for us. The recently released HomePod Software 16.3 now supports Find My, which means you can ask Siri to locate one of your devices or a friend or family member who shares their location with you. If you have a HomePod, ask Siri, “Where is my iPhone?” Assuming your HomePod has updated (and if not, update it manually in the Home app), Siri will respond by causing your iPhone to play a sound. Or ask where someone is—Siri will respond with more details for nearby people and city locations for those far away.

(Featured image based on an original by Apple)

Phishing is becoming an ever more common way for people to get in trouble when using the Internet. A phishing attack is some communication, usually an email, that tries to lure you into revealing login credentials, financial information, or other confidential details.

A State of Phishing report from security firm SlashNext claims that there were more than 255 million phishing attacks in 2022, a 61% increase from the year before. Luckily, according to the Verizon Data Breach Investigations Report for 2022, only 2.9% of employees click through from phishing emails, but with hundreds of millions of email addresses targeted, the raw numbers are still high. We’ve been noticing—and hearing from clients—that phishing emails are also slipping through spam filters more than in the past.

To help you avoid falling prey to phishing tricks, check out our example screenshots below from real phishing emails, complete with annotations calling out the parts of a message that give it away. All phishing emails are trying to lure you into clicking a link or button to a website that will encourage you to enter your password or other confidential information. Once you realize that a message is a phishing attack, you won’t get suckered into clicking a link or revealing your personal information.

Fake Password Expiration Scam

Our first example is a password expiration scam—it’s trying to get you to click a button to keep your password from expiring. What’s ironic about this scam is that passwords should never expire—forcing users to change them regularly is terrible security practice. If a password is strong and unique, there is no reason to change it unless the site suffers a breach. Let’s look at what identifies this message as a phishing attack.

1. Note that the Reply-To address is generic and doesn’t match either the email domain used throughout the message or even a major email service provider, which would never send such a message.
2. Using your email address instead of your name is something scammers do to make the message seem personalized. If this email really came from your IT support staff, they’d be more likely to use your name or leave the email address out. And they’d never send such a message either.
3. The body of the message uses likely words, but they don’t quite sound like a native English speaker wrote them. The phrasing is slightly off, and quoting words like “send and receive” while not quoting the button name feels strange.
4. Be careful of things that look like buttons—we’re trained to click them without thinking. In many email apps, you can hover the pointer over a button or link to see where it will go. If you look at the URL at the bottom of the window, you can see that it’s completely different from any other domain listed—a clear sign that this is a phishing message.
5. “See full terms and conditions” is a strange thing to say in a password-expiration message. What terms and conditions could possibly apply? This is an example of someone who’s not a native English speaker throwing in random phrases they’ve seen elsewhere.
6. The copyright line is a similar tell. No organization would go to the effort of claiming copyright on a simple support message, and even if it did, it would use its name, not “Email server.”

Spurious Account Access Scam

Our second example pretends to be alerting you to a sign-in to your email account, with the goal of trying to scare you into resetting your password. Frankly, this phishing email stands a good chance of fooling people. You have no way of knowing if your account has been compromised, and if it were compromised, resetting your password is the right thing to do. However, never click through from an email to change a password! You can’t tell if you’re on the right site. Instead, navigate to the site manually, log in, and then change the password. Persuasive though this message is, it does make some mistakes.

1. The capitalization of “Mail” in the Subject and this line should give you pause. Most people wouldn’t capitalize the word, or they’d refer to something more specific, like your “Gmail” or “Outlook” account.
2. Another slight strike against this message is the specificity in the timestamp. There’s no reason to include the seconds or the time zone, and most normal people wouldn’t.
3. There are three mistakes in this line that could tip off a savvy Internet user. It claims to provide the IP address from which the sign-in occurred, but real IP addresses are four sets of numbers from 0 to 255. This one has five sets of numbers, the first of which is way too high at 719. The missing space before the parenthetical makes it look wrong, and finally, the parenthetical claim that the IP address is located in Moscow is overdoing it by invoking scary Russian hackers.
4. Note that the “reset your password” link doesn’t have an underline, unlike the other two links. Again, that could happen in a legitimate message, but it’s another slight tell. Hovering over the link reveals the fleek.ipfs.io URL at the bottom—clearly nothing associated with your email account and a dead giveaway.
5. A line saying “Please do not reply to this message” is commonplace in transactional messages, so it makes the message seem more real, but a real warning from an IT department would want to make sure you could contact the support staff.

Fraudulent DocuSign Confirmation

Our final example pretends to be confirmation of a document that you’ve already signed in DocuSign. That’s more clever than trying to get you to sign a document (which we’ve seen in other phishing messages) because most people won’t sign something without looking at it carefully. But you might want to see what document this message is talking about and be suckered into clicking through. What’s trickiest about this message is that it has merely changed some of the text in a real DocuSign message, so someone familiar with DocuSign might think it was real. But there are always giveaways.

1. The Subject line of this message is a tell because its grammar is atrocious.
2. The Reply-To address should also ring warning bells because it’s so generic that it couldn’t possibly go with an organization with which you were signing documents.
3. The yellow line claiming that the email has been scanned for viruses will likely seem unusual to you—even if an email app presented such a message, it likely wouldn’t do so in the body of the message.
4. There’s nothing wrong with the View Completed Documents button, which looks exactly as it would in a real DocuSign message. However, hovering over it reveals the URL at the bottom, which has nothing to do with docusign.net.
5. Someone familiar with DocuSign messages might notice that there’s no email address under “Administrator,” as there should be. But that’s a long shot, we know.
6. As with an earlier example, personalizing with an email address is a definite tell. A real person would have entered your name there, if anything.
7. Once again, the phrasing isn’t what a native English speaker would say, but even more problematic is how it asks you to sign the enclosed file, whereas the text and button in the blue box say that the document is completed. The mismatch is a complete giveaway.

We didn’t have room to show the rest of this message, which adds to the verisimilitude by continuing to copy text from a real DocuSign message. The two remaining tells further down are links that are empty when you hover over them and an unknown name in the fine print at the bottom, which reads (bold added for emphasis):

This message was sent to you by sefanya maitimoe who is using the DocuSign Electronic Signature Service. If you would rather not receive email from this sender you may contact the sender with your request.

Overall Advice

Let’s distill what we’ve seen in the examples above into advice you can apply to any message:

• Pay close attention to emails that are very simple, like our second example above, because there’s less they might get wrong.
• With legitimate-looking messages copied from large firms like DocuSign or PayPal, pay special attention to unfamiliar names and email addresses.
• Don’t click anything in an email unless you’ve given it a close-enough look that you’re sure it’s legitimate. It’s too easy to skim and click without thinking, which the scammers count on.
• Read the text of messages with an eye for capitalization, spelling, and grammatical mistakes. Scammers could write correct English, but if they don’t speak the language natively, they’re likely to make mistakes.
• Evaluate any claim about something happening within your organization against what you know to be true. It’s always better to ask someone if passwords need to be reset or accounts are being deactivated instead of assuming a random email message is true.
• Fight the urge to click big, legitimate-looking buttons. They’re easy to make and hard to resist, but if you can preview the URL under one before clicking, it will often reveal the scam.
• None of our examples fell into this category, but if an email message is just an image that’s being displayed in the body, it’s certainly fake.

Stay safe out there!

(Featured image by iStock.com/Philip Steury)

Imagine that you’re working with a bunch of files, and you want to put a set of them in a new folder. You could stop what you’re doing, make a new folder, select all the files, and drag them into the folder, like an animal. Or you could take advantage of a slick Finder command that Apple added in macOS 11 Big Sur. Simply select the files you want to put in a folder, Control-click one of them, and choose New Folder with Selection (X Items) from the top of the contextual menu. A folder called “New Folder With Items” appears, with your selected files inside. This feature may not be life-changing, but some people use it often.

(Featured image by iStock.com/ArLawKa AungTun)

Most of us rely on Messages every day to text with family, friends, and colleagues. Not surprisingly, we’ve fielded numerous questions surrounding common confusions with this popular app. We hope our answers here will help you use Messages more effectively and work around problems.

What’s the difference between blue and green bubble conversations?

A common question is why some conversations have blue bubbles and others have green bubbles. The answer is that the color indicates whether the conversation uses iMessage or SMS/MMS. Blue bubble conversations use iMessage and are solely between Apple users, whereas green bubble conversations are with friends using SMS/MMS on Android or other phones.

What are iMessage and SMS/MMS, and how do they differ?

Messages supports two protocols for text messaging: iMessage and SMS/MMS. Although the end result is the same, apart from the color of the conversation bubbles, the two are quite different.

SMS (Short Message Service) and MMS (Multimedia Messaging Service) are cellular technologies that require only a wireless plan from a cellular carrier. SMS is limited to 160 characters of text, though longer messages are usually broken into multiple segments and reassembled upon receipt. MMS enables sending of pictures, audio, video, and more, as long as the message size doesn’t exceed carrier limits, which range from 300 KB to 3 MB). Because SMS uses extremely small amounts of bandwidth, SMS text messages may get through even when cellular service is too weak to place a call, a useful fact to know in emergencies.

In contrast, iMessage is proprietary to Apple and works only in Messages on Apple devices, including the iPhone, iPad, Mac, and Apple Watch. Apple has said the size limit for a message is 100 MB, but people have transferred even larger files. That’s possible in part because iMessage relies on Internet access, which requires either Wi-Fi or a sufficiently strong cellular connection. If an Internet connection isn’t available for either party when you want to send a message using iMessage, Messages tries to fall back on SMS/MMS, which can result in blue and green bubbles in the same conversation.

How does Messages work on Apple devices that lack cellular connectivity?

It’s no problem for all Apple devices to use iMessage when they have Internet connectivity through Wi-Fi, but you can also send and receive SMS/MMS messages on a Mac or iPad that has no native cellular connectivity. Apple extends SMS/MMS support to Messages on such devices by routing through your iPhone. In the iPhone’s Settings > Messages > Text Message Forwarding, you can specify which of your devices can send and receive SMS/MMS messages through your iPhone.

Keep this setting in mind if you stop receiving SMS/MMS text messages on your Mac or iPad, for instance. It’s not unheard of for it to get turned off after a major operating system upgrade.

How are iMessages addressed, and can that cause problems?

As cellular technologies, SMS and MMS are tied to a phone number. iMessage, however, can send and receive messages from one or more phone numbers and email addresses. The first time someone sets up an iPhone, it registers that iPhone’s number with Apple’s iMessage servers. That’s why, when you type in a phone number to start a new Messages conversation, Messages knows whether to make the conversation blue or green.

Because iMessage also supports email addresses, you can start Messages conversations with a fellow iMessage user when all you know is their email address, as long as they’ve enabled that email address to send and receive messages.

In Settings > Messages > Send & Receive, you can specify which of your email addresses can receive messages and reply to them. If you want to be easily findable, select all of them, in addition to your phone number. Otherwise, turn off the email addresses you don’t want used. You can add an email address or phone number to this list on appleid.apple.com in Personal Information > Reachable At.

You can also specify which of your phone numbers or email addresses is used to start new iMessage conversations. In general, we recommend sticking with your phone number unless you plan to change it soon.

As you can imagine, changing these settings can cause problems. If you disable receiving for an email address used by an existing conversation, people in that conversation won’t be able to send you messages anymore. Even worse would be changing your main Apple ID address, which would break a lot of conversations, all of which would have to be started afresh with the new Apple ID.

Changing phone numbers is also problematic for the same reasons, though that probably happens less often. If you’ve temporarily attached a second phone number to your iPhone using eSIM while traveling, for instance, be careful how you initiate conversations from it because they’ll break as soon as you disable the associated plan.

Finally, switching from an iPhone to a non-Apple phone can cause delivery problems for SMS/MMS messages. To prevent that, either turn off iMessage in Settings > Messages before you switch or deregister iMessage online.

What happens when a message fails to send, and how do I fix it?

Occasionally, when you try to send a message, you may see one or more red exclamation points and an alert that says “Not Delivered.”

Most of the time, the problem is just poor connectivity, either for you or your recipient. First, just click an exclamation point and try again in case it was a one-time problem. If a second try doesn’t succeed, check your Internet connection in Safari, and if it seems to be working, tap Try Again. If you’re using iMessage and it remains stuck, tap Send as Text Message, which switches from iMessage to SMS. If that’s not it, there are a few other possibilities:

• Make sure iMessage is enabled in Settings > Messages.
• See if you have another phone number or email address for the recipient. If they disabled message receiving for the one you were using, that could cause failures.
• If the problem occurs when sending to an SMS recipient while using a device without cellular connectivity, make sure the device is enabled in Settings> Messages > Text Forwarding.
• If the problem occurs with an image or other file sent via MMS, it might be too large. If so, you may have to resort to email.
• To ensure the iPhone isn’t temporarily confused, restart it (which is best done using Siri if you’re running iOS 16—just say, “Hey Siri, reboot.”) and try again.

Why do I see slightly different conversations on my iPhone and Mac?

With text message forwarding turned on for all your devices and each device logged into the same Apple ID, Messages should have the same conversations everywhere. In practice, that’s not always true, so Apple introduced Messages in iCloud, which uses iCloud as a centralized location for all messages. When it’s turned on, everything (other than failed SMS messages) should stay in sync.

Turn on Messages in iCloud in Messages > Settings/Preferences > iMessage on the Mac and in Settings > Your Name > iCloud > Apps Using iCloud > Show All > Messages on the iPhone or iPad. Make sure to enable it for every device.

Can someone eavesdrop on my Messages conversations?

SMS isn’t at all secure, so don’t use it for truly sensitive information (and whenever possible, use an authentication app instead of SMS for two-factor authentication codes). In contrast, Apple encrypts all iMessage conversations, so there’s no worry about someone listening in when you’re using a public Wi-Fi network at a hotel. However, iMessage conversations are not end-to-end encrypted by default, which means that law enforcement could compel Apple to turn over your data stored in its data centers. To provide full end-to-end encryption, Apple lets you turn on Advanced Data Protection for iCloud; the downside is that Apple can no longer help you recover your account if you forget your Apple ID password.

Other messaging apps also focus on security, most notably the free Signal, which is open source, provides end-to-end encryption, and lets you secure the app with an additional password. Messages can be set to self-destruct after a certain amount of time. The only downside is that you have to convince the people you want to message to use it. WhatsApp also provides end-to-end encryption, but you have to enable encryption for backups. It also shares a boatload of other information with Facebook to help it personalize ads, including your phone number, contacts, location information, device information, and more.

Don’t get the wrong impression—Messages usually works well. But on those rare occasions when you have problems, we hope this information explains more of what’s happening and helps you work around your issues.

(Featured image based on an original by iStock.com/fizkes)