Thirty-five years ago, I graduated from Gonzaga High School just a few blocks from the U.S. Capitol in Washington, D.C. 

Last Friday, I watched my oldest daughter, Hannah, graduate at the magnificent Basilica of the National Shrine of the Immaculate Conception, not far from where I received my own diploma all those years ago (she attended my alma mater’s arch rival, SJC!).

As parents, we only have a short amount of time to shape and teach our children before they set off on their journey toward the rest of their lives.

As seasoned adults, we know the world they graduate into is not always kind. Certainly not as forgiving as the homes we build for them, brick by brick, lesson by lesson, experience by experience. At home, our children can make mistakes, pay the consequences, learn, and move on. The real world doesn't always offer a second chance.

As Hannah walked across the stage in her cap and gown and accepted her diploma, I felt pride swell in my chest. But I also felt anxiety.

Had I done enough?

Did she possess the ambition, confidence, resilience, compassion, and kindness needed not only to build a successful life, but to make the world better because she had passed through it?

I suspect every parent asks the same questions when their true legacy walks out the front door.

As I watched the ceremony, I remembered a letter my father wrote to me when my youngest daughter, Emma, was born. A few lines have stayed with me all these years:

My father prepared me for the world as best he could. I've tried to do the same for my children, adding my own practical spin along the way. After all, my kids can do more than ace a math test: they can spot a tail, pick a lock, and uncover a cyber scam.

I don't expect them to catch a spy, but I do hope they find happiness.

Letting go is hard, but life, like the best surveillance operation, requires it. If you hold on too tightly, if you follow too closely, nothing grows in a crowded field.

To the graduates of 2026, I wish you success, purpose, and joy.

And to every parent watching a son or daughter step into the world, we share a similar heart.

As those emotions swirl and the excitement builds, remember that criminals understand human nature better than most people realize. They know when we're distracted, or excited, or celebrating.

Graduation season fills our phones and inboxes with invitations, announcements, photographs, and messages from people we trust. That's exactly why scammers choose this moment to strike. Keep reading to learn how to stay safe while enjoying this amazing accomplishment.

This week, the Federal Trade Commission issued a warning about scammers sending fake graduation and summer party invitations designed to steal email credentials and hijack accounts.

The attack is remarkably simple.

A text message or email arrives claiming you've been invited to a graduation party, family gathering, or summer celebration. The invitation appears to come from a familiar service like Evite or Paperless Post. Sometimes it even lists someone you know as the host. Everything feels normal.

Curious, you click. The site then asks you to sign in and perhaps asks for your email and password. Then maybe the one-time code sent to your phone. Often, both.

The moment you provide those credentials; your inbox no longer belongs entirely to you. You have trusted something that is not true but was expected. It’s graduation season, after all.

Remember: the best scams arrive wearing a familiar face.

During my years in counterintelligence, I learned that successful spies rarely force their way through the front door. They borrow trust. They wear a disguise that seems familiar. Then they wait for the target to lower their guard.

Think about everything that passes through your email account every day of the week. Family photos, bank alerts, travel confirmations, school communications, work correspondence, legal documents and medical records are just a few categories of our lives that rely on email.

Your email inbox has become the master key to your digital life.

Once criminals gain access, they can reset passwords, impersonate you, steal information, and launch attacks against everyone in your contact list. 

What makes this attack especially dangerous is that the hidden cyberattack appears routine, buried in all the other machine parts of our lives.

The same psychology appears in fake job offers, fake scholarship notifications, fake package delivery alerts, fake DocuSign requests, and fake ticket sales.

The spy might change costumes, but the playbook stays the same.

Remember this one simple rule: No legitimate invitation needs your email password.

People make their worst decisions when they comfortably let their guard down. Act like a spy hunter and you’ll always spot the scam.

No legitimate invitation needs your password.

That's it. That's the whole rule.

Whether it's a graduation announcement, a party invitation, a scholarship offer, a ticket transfer, or a school portal, never provide your password or multi-factor authentication code through an unexpected or unsolicited link.

If the invitation matters, go to the website yourself, or call the person and ask whether they sent it to you.

A few minutes of investigation can save you from months of scam recovery.

Earlier this year, I wrote about “ghost students”—fraudsters and automated bots using stolen identities to apply for financial aid, enroll in courses, and siphon off education funds intended for real students.

Unfortunately, the problem continues.

The U.S. Department of Education recently announced it had launched real-time fraud screening for FAFSA applications after schools across the country were hit by fraud rings, ghost students, and AI-driven schemes designed to exploit the financial aid system.

For families sending graduates off to college, treat your student’s identity as a target.

Criminals aren’t just after bank accounts anymore. They’re targeting student aid accounts, college portals, scholarship applications, internship opportunities, and employment offers.

As graduates prepare for their next chapter, they will receive a flood of emails, texts, portals, forms, financial aid notices, housing information, internship opportunities, and job offers. Some will be legitimate. Others won’t.

Treat student credentials the same way you treat financial credentials.

Protecting a student’s identity may be just as important as helping them choose the right major.

The world has changed. Cybercriminals, foreign intelligence services, scammers, and AI-powered fraudsters are no longer targeting only governments and Fortune 500 companies. They are targeting all of us.

That is why I wrote SPIES, LIES, AND CYBERCRIME.

The book pulls readers inside the real world of espionage, cybercrime, betrayal, surveillance, and modern digital warfare using lessons I learned hunting spies for the FBI and protecting organizations under attack.

If you want to better understand how deception works, how cybercriminals manipulate trust, and how to think more clearly in a world filled with digital lies, start here:

Want more? My new hub, PROTECT, is now live at ericoneill.net/protect and it’s built for anyone who wants to stop cybercriminal scammers cold. And it’s FREE!

I'll be speaking in a live webinar discussing how spies, cybercriminals, and fraudsters exploit trust to manipulate people and organizations.

 If you've enjoyed today's discussion about how criminals weaponize familiarity, you'll hear many of the same real-world techniques used by nation-state spies, cybercriminal groups, and insider threats.

Register here.

MY sponsors help make this newsletter completely free to you. Please support them by clicking below - no purchase necessary!

A Guinness World Record sounds like a novelty, but it served as clear validation of the strength and real-world capability of RISE Robotics's technology. 

Their Beltdraulic™ system set the record for the strongest robotic arm prototype ever built, demonstrating performance that is relevant across many sectors. 

The arm is key to modernizing Munition Handling Units used by the Air Force, which recently awarded RISE a $3M contract. This is RISE’s 8th contract - a result of delivering successfully on past awards. 

The company has raised over $27M and just opened up a limited allocation of shares to retail investors.

See the Full Story on Wefunder

Don’t miss a newsletter! Subscribe to Spies, Lies & Cybercrime for our top espionage, cybercrime and security stories delivered right to your inbox. Always weekly, never intrusive, totally secure.

Praemonitus Praemunitus!

~ Eric