Tecflow Technology

The one Outlook rule you need to set to save yourself from awkward conversations.

It's called "delay delivery." You set it once in classic Outlook, and from that point on every email you send sits in your Outbox for a specific time (that you set) before it leaves.

If you spot a typo, realize you sent the wrong attachment, or wrote something in frustration you wish you hadn't, you can have a standard 2-minute delay to give you enough time to stop it.

Just delete the email from your Outbox before the timer runs out.

To set it up in classic Outlook:
1. Go to File > Manage Rules & Alerts
2. Click "New Rule" and pick "Apply rule on messages I send"
3. Skip past the conditions so it applies to every email
4. Check "defer delivery by a number of minutes" and set it to 2
5. Save the rule

This is better than Outlook's built-in "Recall" feature, because it works every single
time.

Pay attention to this fake “Microsoft” scam.

If an email asks you to enter a verification code on Microsoft's login page, don't enter the code.

That request is the giveaway for a phishing technique called device code phishing, which has hit over 340 organizations across the US, Canada, and Europe since February.

What makes this attack dangerous is that it bypasses Multi-Factor Authentication entirely, even strong MFA.

The attacker is tricking you into authorizing their device into your Microsoft 365 tenant.

You get an email about a shared SharePoint document, a payroll bonus PDF, or a meeting invitation from someone who looks legitimate.

The link sends you to login.microsoftonline.com, which is the real Microsoft login page.

The page asks you to type in a short verification code that was included in the email. You enter it and move on with your day.

But what you did was approve the attacker's device into your Microsoft 365 environment.

They now have a valid access token tied to your account.

They can read your email, download your files, and set up mailbox forwarding rules without ever needing your password again.

A turnkey phishing kit called EvilTokens started selling on Telegram in February 2026, which means even low-skill attackers can run these campaigns at scale.

To shut this attack down inside your business:
➡️ Block device code authentication flow in Entra ID for users who don't need it.
This protocol was designed for devices with limited input, which most office staff don't use. Open Conditional Access and create a policy that blocks device code flow by default.

➡️ Train your team. Microsoft will never email you a verification code to enter on its login page.
If a user gets an email instructing them to enter a code into login.microsoftonline.com, the email is phishing, no matter how legitimate the sender looks.

➡️ Use phishing-resistant MFA where possible, like FIDO2 hardware keys or Windows Hello for Business. Authenticator app prompts are better than nothing, but they don't protect against this specific technique.

If you don't know how to do these things, let us know and we’ll help you out.

If a website ever tells you to press Windows Key + R, close the tab.

That single instruction is the giveaway for a fast-growing scam called ClickFix, which has been behind a wave of infostealer infections all year.

An infostealer is malware that scrapes every saved password, browser cookie, session token, and stored credit card...

You click a Google result that takes you to a hacked website.

A fake CAPTCHA pops up and tells you to press Windows Key + R, then Ctrl + V, then Enter to verify you're human.

The second you hit Enter, you've installed malware on your own machine.

This attack slips past most security tools because you run the command yourself.

No file was downloaded, so antivirus has nothing to scan.

The browser shows no warning.

From the operating system's perspective, you typed a command into a Windows utility, the same as any admin doing real work.

A few things you can do this week:

➡️ Tell your team that if any website prompts the user to press Win+R or paste something into the Run box, they should close the tab and report it.
➡️ Restrict PowerShell for non-IT staff using AppLocker or Windows Defender Application Control. Most office employees have no work reason to run PowerShell scripts.
➡️ Make sure your endpoint protection is doing behavioral monitoring and not just signature scanning. Microsoft Defender for Endpoint and most modern EDR tools have detection rules specifically for this attack chain.

There's no shame in falling for a fake CAPTCHA. They're designed to look real. But once your team knows the keystroke trick, this scam stops working on them.

A new CNET survey found that while you can recycle or trade in your old smartphone for cash, 29% of Americans are still stashing devices at home and others are tossing them in the trash.

Trashing Your Old Tech Hurts the Environment and Your Wallet. Some Still Do It Anyways Recycling or trading in your devices is a better way to reduce e-waste, but fewer than half of US adults do either.

Don't fall for this clever trap! Hackers are using fake Google Security pages to trick users into installing malicious web apps that bypass multi-factor authentication and steal passwords. Make sure your team knows how to spot this scam!

Fake Google Security site uses PWA app to steal credentials, MFA codes A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers.

Have you ever seen a smartphone that transforms into a robot, or a laptop screen that renders 3D models right before your eyes? MWC 2026 was packed with jaw-dropping concept gadgets that look like pure sci-fi.

These Awesome Concept Gadgets Make MWC an Exciting Place to Be From robots doing backflips to video game cars that can drive on real roads, this year's show has had a lot going on.

Need maximum power for your creative business? The new 16-inch MacBook Pro hides a monster under the hood! With the blazing-fast M5 Max chip and 27 hours of battery life, it's a mobile workstation dream.

Apple MacBook Pro 16-Inch (2026, M5 Max) Review: A Monster Hiding in Plain Sight The 2026 MacBook Pro 16-inch with M5 Max is a professional-laptop powerhouse that pairs the groundbreaking efficiency of the new M5 "super core" architecture with jaw-dropping battery life and future-ready Thunderbolt 5 connectivity.

If you run a business, an employee can easily email your client list to their personal account, whether by accident or on purpose.

Most companies just trust their staff not to do this.

But you need a technical rule that stops sensitive data from leaving your network in the first place.

If you use Microsoft 365, you can use a tool called Microsoft Purview to set up Data

Loss Prevention rules.

When you turn this on, the system scans every outgoing email, Teams messages,

SharePoint/OneDrive files, endpoint devices, browser activity, and Microsoft 365

Copilot prompts before processing.

If it detects sensitive information like Social Security numbers, credit card details, or specific internal company tags, it physically blocks the email.

You do not have to monitor employees manually.

Cybercriminals are getting creative! A new "Zombie ZIP" technique is sneaking malware past 50 different antivirus engines by tricking the software into misreading the archive files. Are your business's defense systems ready for this?

New 'Zombie ZIP' technique lets malware slip past security tools A new technique dubbed "Zombie ZIP" helps conceal payloads in compressed files specially created to avoid detection from security solutions such as antivirus and endpoint detection and response (EDR) products.

Software companies are changing their terms of service to train their AI on your internal company data.

If you use tools like HubSpot, Salesforce, QuickBooks, or Asana, you need to run a privacy audit this week.

The idea that your data will be leaked to the public is a bit overstated. Most of these platforms anonymize the information...

However, they are still feeding your real business data into their external AI models.

Getting them to stop is not always a simple toggle switch in your account settings.

Many of these platforms force you to submit a formal support ticket or email request to opt out.

And even when you do, it does not retroactively remove the historical data they already grabbed.

To protect your information, prioritize enterprise software plans that include a strict "Do Not Train" clause in the contract.

You can also use automated privacy tools to enforce these rules across your entire software stack instead of doing it manually.