ReportWire

Tag: Cybercrime

  • Russian hacking suspect wanted by the FBI arrested on Thai resort island

    [ad_1]

    BANGKOK — Police have arrested a suspected Russian hacker on the Thai resort island of Phuket who was wanted by the FBI on allegations he was behind cyberattacks on U.S. and European government agencies, officials said.

    The 35-year-old, who entered Thailand on Oct. 30 at Phuket Airport, was taken into custody earlier this month at his hotel and is now being held pending possible extradition, Thai police said.

    The suspect’s name was not released but Russian state-run news agency Russia Today identified him as Denis Obrezko, a native of Stavropol. It reported that his relatives confirmed the Nov. 6 arrest and were planning to fight his extradition to the United States.

    In an e-mail Thursday, the U.S. Department of Justice refused to comment on the possible extradition or give other details. The U.S. State Department and American officials in Thailand also refused to comment.

    The Russian Foreign Ministry and the Russian embassy in Thailand also did not respond to requests for comment, but Russia’s consul general in Phuket, Yegor Ivanov, told Russian state news agency Tass that the consulate had “received notification of the arrest of a Russian citizen on charges of committing an information technology crime.”

    “He was arrested on November 6 and transferred to Bangkok that same day,” Ivanov said, without providing further details.

    Ilya Ilyin, head of the consular section of the Russian embassy in Thailand, told Tass on Monday that Russian diplomats had visited the suspect in prison in Bangkok.

    “Embassy staff conducted a consular visit to the Russian citizen detained at the request of the United States,” Ilyin said, adding that the embassy was arranging for him to be able to meet with his relatives.

    Thailand’s Cyber Crime Investigation Bureau said in a Nov. 12 statement that it was an FBI tip that the “world-class hacker” was traveling to Thailand that led to his arrest in Phuket on an international warrant.

    In the raid on his hotel, police seized laptop computers, mobile phones, and digital wallets, the police’s statement said, adding that FBI officials were on hand for the arrest.

    Several media outlets reported a second Russian hacking suspect wanted by the FBI, who has ties to Russian military intelligence, had been arrested in Phuket the following day, but Thai police said there had only been one arrest.

    The formal request for the suspect’s extradition has been made but it was not clear how long the process would take.

    [ad_2]

    Source link

  • Protect your data before holiday shopping scams strike

    [ad_1]

    NEWYou can now listen to Fox News articles!

    The holiday season is the happiest and riskiest time of year to be online. As millions of us gear up for Black Friday and Cyber Monday deals, scammers do the same.

    Every year, they target holiday shoppers with fake websites, “too-good-to-be-true” deals and scam emails that look identical to legitimate retailers. But here’s the part most people miss: scammers don’t just rely on luck. They already have your personal data before you even click “add to cart.”

    From leaked email addresses to exposed phone numbers and home addresses, your personal information is being bought and sold by data brokers, companies that collect and resell detailed profiles about you. Those profiles are exactly what scammers use to send realistic “order confirmations,” fake delivery alerts and “urgent payment” texts during this holiday period and beyond.

    Let’s unpack how this works and what you can do now to stay safe before the holiday chaos begins.

    RETIREES LOSE MILLIONS TO FAKE HOLIDAY CHARITIES AS SCAMMERS EXPLOIT SEASONAL GENEROSITY

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Scammers ramp up fake websites and emails during the holiday shopping rush. (iStock)

    Why scammers love the holiday season

    November through December is a goldmine for cybercriminals. According to the CISA, reports of online shopping scams spike during this time of year and vary in their approaches. The reason? We let our guard down when we’re rushed, distracted or excited by a deal. Staying alert during the holiday season can help you avoid data exposure and financial losses. Here are some of the most common scams you should be aware of. 

    Phantom stores

    The surge of promotions during the holiday season is the perfect time for “phantom stores” to thrive. It’s a fraudulent store that mimics the interface and products of a well-known brand. Once you purchase from such a website, you’ll never receive your order as the store doesn’t actually exist.

    Real-world example: Fake IKEA websites appeared with URLs spelled “ikeaa-sale.com” and “ikea-blackfriday.shop,” mimicking the official ikea.com interface with copied product images, logos and discount banners.

    They lured shoppers with huge discounts and clearance offers to steal credit card data. Eventually, they were reported and taken down, but the damage has been done.

    What to do? Always check the URL of the store you shop at and only click links from the store’s official website or social media.

    Delivery scams

    According to recent research, some of the most popular shopping apps like Temu are selling your location data to third parties. It’s no surprise that you might receive fake delivery texts.

    man rating his experience on the app after ordering food to his house

    Your leaked data fuels realistic “order” and “delivery” scams online. (iStock)

    MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH

    Real-world example: Temu is a popular app for scammers to mimic. They can easily find your contact information and order details to text “Your order couldn’t be delivered.” Each text contains a phishing link that can install malware on your device or steal your personal information. That’s why Temu warns its users about the couriers they partner with.

    What to do? Make sure the texts you receive come from a legit courier service and double-check it on the store’s website.

    Fake order emails

    Some scammers use sophisticated phishing tactics to lure victims. They engineer emails from well-known brands, use an urgent tone, place malicious links and urge you to click on your order status. In reality, there is no order status – they’re stealing your data.

    Real-world example: Amazon is one of the biggest online retailers worldwide, and that makes the brand easy to mimic. Scammers send emails on behalf of Amazon to try to steal customers’ personal data because it’s highly likely that their victims have used Amazon, making it less suspicious. However, phishing emails have some telltale signs you can look out for.

    What to do? Never click on any suspicious links and always check the sender’s contact information.

    Unwanted data exposure

    When you shop online, you should be aware of the data you share, including your contact information, shopping habits, credit card details and more. All stores collect some type of data about you. However, some companies collect more than you think.

    Real-world example: The infamous Target controversy in 2012 revealed how big retailers use data analysis to predict your shopping behavior. The company collected shopping data and managed to produce a predictive model for soon-to-be mothers.

    They sent out brochures with baby clothes, vouchers for baby formula and more before the customers even knew they were pregnant. Thankfully, modern shopping looks a bit different. You can opt out of certain data collection and exercise your right to remove personal information from websites that collect it.

    What to do? Check what data the stores collect about you and request the removal of any private information you don’t want them to have.

    THE TRUTH BEHIND THOSE MYSTERIOUS SHIPMENT EMAILS IN YOUR INBOX

    How scammers find you

    Imagine you’re browsing for gifts online. Within minutes, your activity generates data points – device info, IP address, browsing habits that feed into online databases. At the same time, data brokers already have your full profile: age, income, address history, family members and even shopping behavior. These profiles are sold to marketers and often leak into criminal databases.

    That’s why scam calls, texts and emails often feel so “real.” They use your name, the right retailer, even your city. They’re not guessing. They’ve bought your digital footprint.

    The “holiday cleanup” your data needs

    Most people clear their browser cookies or delete old emails to “stay private.” But that’s like locking your front door while leaving all your personal documents on the lawn.

    If you want to stop scammers from targeting you this holiday season, you need to remove your personal data from the source, the data broker databases that feed these scams.

    That’s where a data removal service comes in. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Practical steps before you shop

    To make sure your online shopping season stays stress-free and scam-free, here’s what CyberGuy recommends doing this week:

    INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU

    1) Run a privacy scan with a data removal service

    Before the holiday rush, remove your exposed data from data brokers. You’ll reduce the number of scam calls, emails and texts you get this season and protect your financial info before it’s too late.

    man holding credit card and on laptop

    Take control by removing personal data from broker databases before you shop. (iStock)

    2) Secure your email

    Use strong, unique passwords for each online store or service. Consider a password manager to simplify this.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    3) Check for fake stores

    Before clicking a social media ad or email, hover over the link. Legit retailers use secure “https://” URLs and their exact brand name – no extra words or letters.

    4) Avoid public Wi-Fi

    Don’t shop or enter payment info over public Wi-Fi in an airport, café or mall, for example. Scammers can easily intercept unencrypted traffic.

    5) Use credit cards or PayPal – not debit cards

    HACKERS TARGET ONLINE STORES WITH NEW ATTACK

    Credit cards have stronger fraud protection and make it easier to dispute unauthorized charges.

    6) Enable two-factor authentication (2FA)

    Turn on 2FA for your email, bank and shopping accounts. Even if scammers get your password, they can’t log in without your second verification step.

    7) Keep your software and apps updated

    Cybercriminals often exploit outdated browsers or apps. Update your phone, computer and shopping apps before the holiday rush to close those security holes.

    8) Monitor your bank and credit statements

    Check your accounts daily during the shopping season. The faster you spot a suspicious charge, the easier it is to reverse and protect your funds.

    Kurt’s key takeaways

    Black Friday through Cyber Monday is the peak time for data harvesting. Every purchase, coupon code and sign-up adds to the profile that marketers and data brokers hold on you. That information can linger online for years, long after the sales end. The good news? It’s easier than ever to reclaim your privacy. By taking just a few minutes today, you can enjoy the holidays knowing your personal data is no longer on the open market.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    How confident are you that your personal data isn’t already fueling a scam this holiday season? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Popular TP-Link routers could be banned after risks exposed

    [ad_1]

    NEWYou can now listen to Fox News articles!

    A major national security debate is unfolding, and it affects more than government networks. It touches your home, your devices and the Wi-Fi your family uses every day. The Commerce Department has proposed blocking new sales of TP-Link products after a months-long review into the company’s ties to China, citing a growing TP-Link security risk.

    Multiple agencies, including the Departments of Homeland Security and War, supported that proposal. They believe the company’s connections could expose American networks to foreign influence.

    Security experts warn that foreign-backed hackers have targeted home and office routers for years. These devices often act as silent steppingstones that help attackers move deeper into sensitive systems. When compromised, they can expose everything connected to them, including computers, smart home gear, military devices used on base and more.

    This potential ban would be one of the biggest consumer tech actions in U.S. history. It comes as lawmakers raise fresh alarms about Chinese-made cameras, routers and connected home products sold on military exchanges and in homes across the country.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    CHINESE HACKERS BREACH US NUCLEAR SECURITY AGENCY IN CYBERATTACK OPERATION, OFFICIALS SAY

    The proposed TP-Link ban stems from growing concerns that foreign-linked routers and cameras could expose American homes and networks to outside influence. (Kurt “CyberGuy” Knutsson)

    Why military families are even more vulnerable

    Lawmakers from both parties say military households face extra risk. Sen. Joni Ernst, R-Iowa, who leads a bipartisan group of 23 lawmakers, warns that TP-Link cameras and networking devices sold on Army, Navy and Air Force exchange sites could expose sensitive footage from base housing and dorms. Rep. Ashley Hinson, R-Iowa, echoed that concern, saying these devices could act as a backdoor for Chinese intelligence to collect information on service members and their families. Even when products appear out of stock, officials worry they remain popular in military communities.

    These lawmakers say Chinese laws could force companies to share data or push hidden software changes that weaken U.S. networks. They argue that this creates a real risk for households on or near military installations. While TP-Link disputes every allegation and states that it stores U.S. data inside America, lawmakers want a deeper investigation.

    “China will use any way to infiltrate us, and we must ensure they cannot access our homeland or military bases,” said Ernst. “High-tech security cameras sending video and audio directly back to Beijing must be treated like the grave threat that they are. We have seen this playbook from China before, with Huawei Technologies, and need the Trump administration to investigate and determine if TP-Link is a Trojan horse compromising our national security.”

    10M AMERICANS HIT IN GOVERNMENT CONTRACTOR DATA BREACH

    How Congress is responding to TP-Link security risks

    Ernst is pressing the Commerce Department to finish its investigation by Nov. 30. Sen. Tom Cotton, R-Ark., who chairs the Senate Intelligence Committee, says TP-Link could give the Chinese government access to American networks and wants faster action. Their concerns reflect past decisions involving Huawei and Kaspersky, which lost access to the U.S. market due to national security risks.

    Congressional leaders say foreign-made smart home devices sold on military bases should face strict scrutiny. They see routers, cameras and other connected home gear as critical targets in a time when cyberthreats continue to grow.

    We reached out to TP-Link Systems Inc., and a spokesperson provided CyberGuy with the following statement:

    “TP-Link Systems Inc. (TP-Link), an American company based in California, refutes the claims in this letter. This letter repeats false and misleading media reports and attacks that have been thoroughly debunked.”

    “TP-Link emphatically objects to any allegation it is tied to the Communist Party of China, dependent on the Chinese government, or otherwise subject to interference under Chinese national security laws,” the TP-Link spokesperson said. “The company is not controlled by any government, foreign or domestic. TP-Link has split from and has no affiliation with the China-based TP-LINK Technologies Co. Ltd., which is separately owned and operated.

    A child walks next to a soldier.

    Lawmakers warn that TP-Link devices sold on military bases may put service members and their families at greater risk, especially inside base housing. (John Moore/Getty Images)

    “This letter has nothing to do with security and everything to do with a competitor trying to remove TP-Link Systems’ products from the marketplace. The ‘open source information’ the members reference is actually a manufactured echo chamber of false and misleading attacks that the media has parroted over the past year. Instead of directly engaging with TP-Link Systems, these members essentially pressed ‘copy and paste’ on unsubstantiated claims about our American company.

    “TP-Link has not been contacted by policymakers to discuss the alleged concerns, but if we were to meet with them, they would learn that TP-Link has located its core security functions and data infrastructure in the United States. U.S. user data is securely stored on Amazon Web Services infrastructure in Virginia, under the full control of the company’s U.S. operations.

    “TP-Link Systems currently holds a very small share of the U.S. security camera market, representing approximately 3% of the consumer market segment according to Circana checkout data. The company has virtually no business presence in the enterprise segment. Additionally, TP-Link Systems’ router market share in the U.S. has been inaccurately reported as being much higher than it actually is. Recent market research from Dell’Oro Group, Inc., found that TP-Link Systems’ market share of residential Wi-Fi router sales in North America is under 10%.

    “TP-Link does not enable foreign surveillance of U.S. networks or users. The company’s operations are built to prevent potential attempts to subvert its business by outside influence. TP-Link’s substantial security investments cover its entire product portfolio, including security cameras and routers.

    “TP-Link continually monitors its products and services and takes timely and appropriate action to address vulnerabilities it becomes aware of. TP-Link has not identified any reliable information regarding new vulnerabilities in its products in connection with this letter.”

    FBI WARNS OF HACKERS EXPLOITING OUTDATED ROUTERS. CHECK YOURS NOW

    Steps to protect yourself from this growing threat

    Even as the debate continues, you can take simple steps to secure your home. These easy moves help defend against threats tied to any router brand.

    1) Check your router and update it

    Look at the brand on your router. Then update the firmware through the official app or web dashboard. If your device is several years old or no longer supported, replace it. Check out our article on the top routers for the best security at Cyberguy.com.

    2) Change your Wi-Fi and admin passwords

    Default passwords are dangerous. Create strong, unique passwords for both your Wi-Fi and the router’s admin panel. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 atCyberguy.com

    Wifi router

    Congress is pressing for a fast investigation amid fears that foreign-made smart home gear could become a gateway for cyberthreats across the country. (Cyberguy.com)

    3) Use strong antivirus protection on every device

    Threats like this continue to grow. Install strong, real-time antivirus protection on every computer, phone and tablet in your home. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    4) Turn off any of these features you do not need

    Disable remote access, WPS and extra features you never use. These settings can open doors for attackers.

    5) Put smart home devices on a guest network

    Keep laptops and phones on your main network. Put cameras, plugs, TVs and IoT devices on a separate guest network so they cannot reach your sensitive devices.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    Kurt’s key takeaways

    The debate around TP-Link shows how something as routine as a home router can become part of a broader security conversation. Whether or not the government issues a ban, this moment is a clear reminder that cybersecurity starts at home. Small steps make a meaningful difference in how well your devices stand up against foreign-backed hacking groups.

    Should the government ban router brands linked to foreign influence or should consumers decide for themselves? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Fake flight cancellation texts target travelers

    [ad_1]

    NEWYou can now listen to Fox News articles!

    When your phone buzzes with a message saying your flight is canceled, your first instinct is to panic. Scammers are counting on that. 

    A new travel scam is spreading through fake airline texts that look convincing but connect you to fraudsters instead of customer service.

    These cybercriminals claim to help rebook your trip. In reality, they’re after your credit card or personal details.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    How the flight cancellation text scam works

    The scam starts with a text that looks like it’s from your airline. It may include your name, flight number and a link or phone number. The message includes urgent language that says your flight is canceled or delayed and tells you to “call this number” or “click to rebook.”

    PILOT WARNS ‘SHORT-HANDED, STRESSED’ AIR TRAFFIC DELAYS WILL LINGER AFTER SHUTDOWN

    Scammers send fake flight cancellation texts that look official, using real airline names, flight numbers and logos to trick travelers into calling them. (Kurt “CyberGuy” Knutsson)

    Once you do, you’re talking to a scammer pretending to be an airline agent. They’ll offer to “help” rebook your flight for a fee. They might ask for payment details or personal information like your birth date or passport number.

    In some cases, they’ll send confirmation emails that look official to make the lie more believable.

    A man taps the screen of his smartphone.

    AI-generated messages make these scams harder to spot, mimicking airline alerts so well that even frequent flyers can be fooled during busy travel seasons. (Kurt “CyberGuy” Knutsson)

    Why the scam feels real

    Scammers use real airline names, logos and flight numbers to make their messages look official. Many now use AI tools to generate convincing language and fake confirmations that mimic real airline alerts. These messages often arrive during busy travel seasons or storm delays, which makes them feel even more believable.

    The Federal Trade Commission (FTC) warns that criminals impersonate airline customer service through fake texts and calls that say your flight is canceled. They use that panic to push you into rebooking or sharing personal details.

    Meanwhile, the Better Business Bureau (BBB) reports a surge in fake cancellation notices that include phony phone numbers leading straight to scammers.

    Because these alerts look real and use urgent language, even experienced travelers can mistake them for genuine updates. Staying calm and verifying directly with the airline is the best defense.

    A man taps the screen of his smartphone.

    Staying calm and verifying through official airline apps or websites is the safest way to protect your money and personal information before you take action. (Kurt “CyberGuy” Knutsson)

    Steps to stay safe from fake flight cancellation texts

    Scammers use fear and urgency to trick travelers into clicking bad links or calling fake numbers. Follow these steps to keep your trip and information safe.

    1) Verify flight changes only through official airline sources

    Always confirm flight updates using the airline’s official website or mobile app. Log in directly instead of clicking on links from unexpected texts or emails. Scammers design fake links that look real, but one tap can expose your personal information.

    PILOT GOES VIRAL FOR REVEALING REAL REASON YOU NEED TO SET YOUR PHONE TO AIRPLANE MODE BEFORE FLYING

    2) Call only verified airline phone numbers

    If you need to call customer service, use the number listed in your booking confirmation, the airline’s app or on its verified website. Never trust a phone number sent by text or social media message. Real airlines will never change their contact information mid-trip.

    3) Stay calm and spot urgency traps

    Scammers count on panic. Messages that say “call now,” “act fast” or “your seat will be canceled” are meant to rush you. Slow down and verify before responding. Taking a minute to check the official flight status can prevent you from losing money or data.

    4) Protect your personal and financial information

    Legitimate airline staff will not ask for gift card numbers, wire transfers or your bank login. Use a strong antivirus program to block phishing sites and malware designed to steal personal data if you accidentally click a bad link.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Remove exposed data before scammers find it

    Use a data-removal service to help scrub your personal details from people-search websites. These sites make it easier for scammers to target travelers by name, location and phone number. Keeping your information private reduces your risk.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Report suspicious messages immediately

    Forward scam texts to 7726 (SPAM) and report fake airline messages to the Federal Trade Commission at reportfraud.ftc.gov. Sharing reports helps agencies shut down active scams and protect other travelers.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Fake flight cancellation scams are spreading fast, especially during busy travel seasons. Stay calm, verify changes through official airline sources, and never click random links or call unknown numbers. Technology makes travel easier, but awareness and caution are still your best defense.

    Have you ever received a fake flight alert that almost fooled you? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • DoorDash confirms data breach impacting users’ phone numbers and physical addresses | TechCrunch

    [ad_1]

    DoorDash disclosed a data breach that exposed the personal information of an unspecified number of users, which included names, email addresses, phone numbers, and physical addresses.

    Despite the fact that hackers stole phone numbers and physical addresses, DoorDash said that “no sensitive information was accessed by the unauthorized third party and we have no indication the data has been misused for fraud or identity theft at this time.”

    DoorDash said in the post that the breach impacted a mix of customers, delivery workers, and merchants. The company did not respond to a request for comment, which included a question on exactly how many users were victims of the breach. 

    The breach originated from an employee falling for a social engineering attack. When the company identified the breach, it shut down the hackers’ access to its systems, started an investigation, and reported the incident to law enforcement, according to a post published last week by the company.

    DoorDash said no “Social Security numbers, other government-issued identification numbers, driver’s license information, or bank or payment card information” were stolen as part of the breach. 

    The company said it has notified impacted users.

    [ad_2]

    Lorenzo Franceschi-Bicchierai

    Source link

  • TikTok malware scam tricks you with fake activation guides

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Cybercriminals are again turning TikTok into a trap for unsuspecting users. This time, they’re disguising malicious downloads as free activation guides for popular software like Windows, Microsoft 365, Photoshop and even fake versions of Netflix and Spotify Premium.

    Security expert Xavier Mertens first spotted the campaign, confirming that the same kind of scheme was seen earlier this year. According to BleepingComputer, these fake TikTok videos show short PowerShell commands and instruct viewers to run them as administrators to “activate” or “fix” their programs.

    In reality, those commands connect to a malicious website and pull in malware known as Aura Stealer, which quietly siphons saved passwords, cookies, cryptocurrency wallets and authentication tokens from the victim’s computer.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    3,000+ YOUTUBE VIDEOS DELIVER MALWARE DISGUISED AS FREE SOFTWARE

    Cybercriminals are using fake TikTok videos to trick users into downloading malware disguised as free activation guides. (Kurt “CyberGuy” Knutsson)

    How the TikTok scam works

    This campaign uses what experts call a ClickFix attack. It’s a social engineering trick that makes victims feel they’re following legitimate tech instructions. The instructions seem quick and simple: run one short command and get instant access to premium software.

    But instead of activating anything, the PowerShell command connects to a remote domain named slmgr[.]win, which downloads harmful executables from Cloudflare-hosted pages. The main file, updater.exe, is a variant of the Aura Stealer malware. Once inside the system, it hunts for your credentials and sends them back to the attacker.

    Another file, source.exe, uses Microsoft’s C# compiler to launch code directly in memory, making it even harder to detect. The purpose of this extra payload isn’t fully known yet, but the pattern follows previous malware used for crypto theft and ransomware delivery.

    META ACCOUNT SUSPENSION SCAM HIDES FILEFIX MALWARE

    Person holding up their phone and accessing TikTok.

    Those short “activation” commands secretly connect to malicious servers that install info-stealing malware like Aura Stealer. (Kurt “CyberGuy” Knutsson)

    How to stay safe from TikTok malware scams

    Even though these scams look convincing, you can avoid becoming a victim with the right precautions.

    1) Avoid shortcuts

    Never copy or run PowerShell commands from TikTok videos or random websites. If something promises free access to premium software, it’s likely a trap.

    2) Use trusted sources

    Always download or activate software directly from the official website or through legitimate app stores.

    3) Keep security tools updated

    Outdated antivirus or browsers can’t detect the latest threats. Update your software regularly to stay protected.

    4) Use strong antivirus software

    Install strong antivirus software that offers real-time scanning and protection against trojans, info-stealers and phishing attempts.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    5) Sign up for a data removal service

    If your personal data ends up on the dark web, a data removal or monitoring service can alert you and help remove sensitive information.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    6) Reset credentials

    If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately. 

    7) Reset passwords

    If you’ve ever followed suspicious instructions or entered credentials after watching a “free activation” video, reset all your passwords immediately. Start with your email, financial and social media accounts. Use unique passwords for each site. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    8) Enable multi-factor authentication

    Add an extra layer of security by turning on multi-factor authentication wherever possible. Even if your passwords are stolen, attackers won’t be able to log in without your verification. 

    person looking at apps on phone

    If you’ve followed suspicious steps, change your passwords, enable two-factor authentication and stay alert for future scams. (Getty Images)

    Kurt’s key takeaways

    TikTok’s global reach makes it a prime target for scams like this. What looks like a helpful hack could end up costing your security, your money and your peace of mind. Stay alert, trust only verified sources and remember that there’s no such thing as a free activation shortcut.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Is TikTok doing enough to protect its users from scams like this? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Anthropic warns of AI-driven hacking campaign linked to China

    [ad_1]

    WASHINGTON (AP) — A team of researchers has uncovered what they say is the first reported use of artificial intelligence to direct a hacking campaign in a largely automated fashion.

    The AI company Anthropic said this week that it disrupted a cyber operation that its researchers linked to the Chinese government. The operation involved the use of an artificial intelligence system to direct the hacking campaigns, which researchers called a disturbing development that could greatly expand the reach of AI-equipped hackers.

    While concerns about the use of AI to drive cyber operations are not new, what is concerning about the new operation is the degree to which AI was able to automate some of the work, the researchers said.

    “While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale,” they wrote in their report.

    The operation targeted tech companies, financial institutions, chemical companies and government agencies. The researchers wrote that the hackers attacked “roughly thirty global targets and succeeded in a small number of cases.” Anthropic detected the operation in September and took steps to shut it down and notify the affected parties.

    Anthropic noted that while AI systems are increasingly being used in a variety of settings for work and leisure, they can also be weaponized by hacking groups working for foreign adversaries. The San Francisco-based company, maker of the generative AI chatbot Claude, is one of many tech developers pitching AI “agents” that go beyond a chatbot’s capability to access computer tools and take actions on a person’s behalf.

    “Agents are valuable for everyday work and productivity — but in the wrong hands, they can substantially increase the viability of large-scale cyberattacks,” the researchers concluded. “These attacks are likely to only grow in their effectiveness.”

    A spokesperson for China’s embassy in Washington did not immediately return a message seeking comment on the report.

    Microsoft warned earlier this year that foreign adversaries were increasingly embracing AI to make their cyber campaigns more efficient and less labor-intensive. The head of OpenAI’s safety panel, which has the authority to halt the ChatGPT maker’s AI development, recently told The Associated Press he’s watching out for new AI systems that give malicious hackers “much higher capabilities.”

    America’s adversaries, as well as criminal gangs and hacking companies, have exploited AI’s potential, using it to automate and improve cyberattacks, to spread inflammatory disinformation and to penetrate sensitive systems. AI can translate poorly worded phishing emails into fluent English, for example, as well as generate digital clones of senior government officials.

    Anthropic said the hackers were able to manipulate Claude, using “jailbreaking” techniques that involve tricking an AI system to bypass its guardrails against harmful behavior, in this case by claiming they were employees of a legitimate cybersecurity firm.

    “This points to a big challenge with AI models, and it’s not limited to Claude, which is that the models have to be able to distinguish between what’s actually going on with the ethics of a situation and the kinds of role-play scenarios that hackers and others may want to cook up,” said John Scott-Railton, senior researcher at Citizen Lab.

    The use of AI to automate or direct cyberattacks will also appeal to smaller hacking groups and lone wolf hackers, who could use AI to expand the scale of their attacks, according to Adam Arellano, field CTO at Harness, a tech company that uses AI to help customers automate software development.

    “The speed and automation provided by the AI is what is a bit scary,” Arellano said. “Instead of a human with well-honed skills attempting to hack into hardened systems, the AI is speeding those processes and more consistently getting past obstacles.”

    AI programs will also play an increasingly important role in defending against these kinds of attacks, Arellano said, demonstrating how AI and the automation it allows will benefit both sides.

    Reaction to Anthropic’s disclosure was mixed, with some seeing it as a marketing ploy for Anthropic’s approach to defending cybersecurity and others who welcomed its wake-up call.

    “This is going to destroy us – sooner than we think – if we don’t make AI regulation a national priority tomorrow,” wrote U.S. Sen. Chris Murphy, a Connecticut Democrat, on social media.

    That led to criticism from Meta’s chief AI scientist Yann LeCun, an advocate of the Facebook parent company’s open-source AI systems that, unlike Anthropic’s, make their key components publicly accessible in a way that some AI safety advocates deem too risky.

    “You’re being played by people who want regulatory capture,” LeCun wrote in a reply to Murphy. “They are scaring everyone with dubious studies so that open source models are regulated out of existence.”

    __

    O’Brien reported from Providence, Rhode Island.

    [ad_2]

    Source link

  • Geek Squad scam email: How to spot and stop it

    [ad_1]

    NEWYou can now listen to Fox News articles!

    You open your inbox and see a message titled “Payment order settled” with an official-looking invoice from Geek Squad. At first glance, it looks legitimate. It includes your email address and even a phone number for help. That is exactly what happened when I received one of these messages this week.

    This new Geek Squad scam email is designed to make you panic, call the fake number and share sensitive information before realizing it is a trap. Before you know it, your curiosity could turn into a costly mistake, so let’s look at the red flags to watch for and how you can protect yourself.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    THE #1 GOOGLE SEARCH SCAM EVERYONE FALLS FOR

    Fake Geek Squad invoice emails are flooding inboxes, seeking to trick recipients into handing over private financial information. (pixelfit/Getty Images)

    Red flags that give the scam away

    When I looked closer, several warning signs stood out:

    • The email said “Dear User” instead of using my name.
    • It also says TO: KAREN HILL, which is obviously not me.
    • The sender’s address was from a Gmail account, not Geek Squad.
    • It listed a phone number urging me to call customer support to cancel the renewal, or my account would be debited.
    • The invoice said $580.57 would be charged for a two-year Geek Squad subscription, even though I never signed up for one.

    These details are meant to create urgency and push you to react before thinking.

    BEWARE OF FAKE CREDIT CARD ACCOUNT RESTRICTION SCAMS

    A fake Geek Squad invoice email

    This fake Geek Squad invoice looks professional, but small red flags, like a generic greeting, expose the scam. (Kurt “CyberGuy” Knutsson)

    How the scam works

    The scam depends on fear and confusion. Once you call the number, the person on the line sounds polite and professional. They might say they need to verify your payment or reverse a charge. In reality, they are trying to get your credit card number or convince you to install software that gives them access to your computer.

    In some cases, they claim to refund too much money by accident and ask you to send part of it back. That is how victims lose hundreds or even thousands of dollars.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    A woman typing on a computer

    Scammers want you to panic and call their number. Remember, real companies never ask for sensitive details over the phone or email. (Kurt “CyberGuy” Knutsson)

    Why these scam emails look so real

    Scammers have refined their tactics. In this Geek Squad scam email I received, they copied the official logo, used clean layouts and included my actual email address to make it look legitimate. They often get this information from data leaks or security breaches found online.

    Artificial Intelligence (AI) now makes these scams even harder to spot. It helps scammers write natural messages, design fake invoices and create support scripts that sound real. With these tools, they can make almost anyone believe the email is genuine.

    Always pause before reacting. Read carefully, check the sender, and question anything that feels suspicious. If you want to stay one step ahead, here are some other things that can help keep you safe.

    How to stay safe from scam emails

    Scam emails like the fake Geek Squad invoice are becoming more common and more convincing. They use fear and urgency to make you click or call before you think. Protecting yourself means slowing down, verifying every detail and strengthening your digital defenses. Here is how you can stay safe.

    1) Do not call or click anything in the email, and use strong antivirus software

    The phone number or link in the message connects you directly to scammers, so don’t click or call.  Once you engage, they can pressure you into sharing personal details or even install harmful software on your device. The moment I saw that “Payment order settled” email, I realized something was off because I don’t even have a Geek Squad account. That alone was a major red flag. If you ever get a message about a service you never signed up for, delete it right away. Instead of calling the number in the message, go to the official Best Buy or Geek Squad website to confirm if there is a real issue with your account. Also, sign up for strong antivirus software. Antivirus software acts as your digital guard. It scans downloads, detects malicious links and warns you before dangerous sites load. Choose a trusted program that updates automatically and includes email protection features. This extra layer of defense can prevent malware from taking hold if you accidentally click something suspicious.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    2) Check the sender’s email address carefully

    Scammers often use email addresses that look real but have slight differences, such as extra numbers, misspelled words, or unusual domains. A genuine Geek Squad or Best Buy email will come from @bestbuy.com. Always hover over the sender’s name to see the actual address before responding.

    3) Never share personal or payment details with unexpected callers

    If someone contacts you claiming to be from Geek Squad or Best Buy, stay calm and skeptical. Real companies do not ask for banking details, gift card payments, or remote access to your computer over the phone. Hang up and contact the company directly through its verified website or customer service number.

    4) Use a data removal service

    Many scams start with stolen or leaked personal data. A data removal service can help delete your information from data broker sites that sell contact lists to marketers and scammers. Reducing your digital footprint makes it harder for criminals to target you with fake invoices or phishing emails.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services, and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    5) Watch your bank and credit card statements

    Even with precautions, it is smart to monitor your accounts. Check your bank and credit card activity weekly for any charges you do not recognize. If you see something suspicious, contact your financial institution right away to report and dispute the charge.

    6) Enable Two-Factor Authentication (2FA)

    Two-factor authentication adds another barrier between you and scammers. Even if someone steals your password, they cannot log in without the secondary code sent to your phone or authentication app. Turn on 2FA for your email, online shopping and banking accounts.

    7) Use strong, unique passwords

    Weak or repeated passwords make you an easy target. Create long, unique passwords for each account. A password manager can securely store them and generate complex combinations that are hard to guess or crack.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    8) Update your software regularly

    Old software is one of the easiest ways for hackers to slip in. Keep your operating system, browser and security programs updated. Turn on automatic updates so you do not have to think about it. These patches often close known security holes that scammers exploit.

    9) Check official accounts before panicking

    Before reacting to any invoice or payment alert, go straight to the official account or service mentioned, such as Geek Squad, PayPal, Amazon or your bank. Log in directly through their website or app to verify the details. If nothing shows up there, the email is a scam. This quick step can save you from a costly mistake.

    10) Report the email as phishing

    Reporting suspicious emails helps stop scammers from targeting others. Most email services, including Gmail, Outlook and Yahoo, allow you to mark messages as phishing. You can also forward the email to reportphishing@apwg.org, which goes to the Anti-Phishing Working Group (APWG), or to abuse@bestbuy.com to alert the proper teams.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Receiving one of these fake invoices can be stressful, but remember that many people get the same message every day. The goal is to recognize the signs, refuse to respond and report them to protect others.

    Have you ever received a convincing scam email like this? How did you handle it? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • 10M Americans hit in government contractor data breach

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Data breaches hit every kind of business, from hospitals to tech firms to major retailers. Now a leading government contractor has joined that list.

    Conduent, which manages critical public services across the United States, says hackers infiltrated its systems for nearly three months. The cyberattack exposed personal information linked to more than 10 million people.

    All about the Conduent breach and its scale

    Conduent discovered the intrusion in January 2025 and said hackers had infiltrated its network as early as Oct. 21, 2024. During this period, attackers reportedly stole large amounts of data linked to state-level programs such as Medicaid, child support, food assistance and toll systems. Conduent claims that its investigation found no ongoing malicious activity and said operations were safely restored after the breach was contained.

    Conduent manages technology and payment systems for dozens of U.S. state governments, processing roughly $85 billion in annual disbursements and handling over 2 billion customer service interactions every year. According to its own estimates, it supports around 100 million residents through various government health and welfare programs.

    MAJOR DATA BROKER HACK IMPACTS 364,000 INDIVIDUALS’ DATA

    Hackers accessed Conduent’s network for nearly three months, exposing sensitive data from major state programs like Medicaid and child support. (Felix Zahn/Photothek via Getty Images)

    The company reported that at least 400,000 people in Texas were affected, with compromised data including Social Security numbers, medical records and health insurance details. Other affected states include Washington, South Carolina, New Hampshire, Maine, Oregon, Massachusetts and California. Notifications are being sent to all impacted individuals, and a dedicated call center has been established to answer questions about the breach.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    How the Conduent breach unfolded

    In January, Conduent described the event as an “operational disruption caused by a third-party compromise.” The breach led to several days of downtime, disrupting vital services in multiple states. In Wisconsin, for instance, parents and beneficiaries were unable to process payments due to system outages, leaving many struggling to meet obligations related to child support and welfare programs.

    The SafePay ransomware group later claimed responsibility for the attack, alleging it had stolen 8.5 terabytes of data. Conduent confirmed in a Securities and Exchange Commission (SEC) filing that hackers had indeed exfiltrated files belonging to a limited number of clients. The company says it hired cybersecurity experts to analyze the stolen data and recently confirmed that it contained significant amounts of personal information from end-users across multiple programs.

    Despite the massive theft, Conduent said there is currently no evidence that the stolen data has been published online or on dark web marketplaces.

    HACKERS TARGET ONLINE STORES WITH NEW ATTACK

    We reached out to Conduent for a comment, and a rep for the company provided CyberGuy with the following statement:

    “As previously disclosed in its April 2025 Form 8-K filing with the SEC, in January 2025, Conduent discovered that it was the victim of a cybersecurity incident.  With respect to that incident, Conduent has agreed to send notification letters, on behalf of its customers, to individuals whose personal information may have been affected by this incident.  In addition, a dedicated call center has been set up to address consumer inquiries. At this time, Conduent has no evidence of any attempted or actual misuse of any information potentially affected by this incident.

    “Upon discovery of the incident, Conduent acted quickly to secure its networks, restore its systems and operations, notify law enforcement and conduct an investigation with the assistance of third-party forensics experts. In addition, given the nature and complexity of the data involved, Conduent has been working diligently with a dedicated review team, including internal and external experts, to conduct a detailed analysis of the affected files to identify the personal information contained therein, which was a time-intensive process. Conduent takes this matter seriously and regrets any inconvenience this incident may have caused.”

    6 steps you can take to protect yourself from Conduent data breach

    If your information may have been exposed in the Conduent breach or any similar data leak, you’re not without defenses. There are several steps you can take right now to reduce the risks.

    Person wearing a hoodie works on multiple computer screens displaying digital data in a dark room.

    The cyberattack disrupted critical public services across multiple states, with some families temporarily unable to process benefits or payments. (Kurt “CyberGuy” Knutsson)

    1) Consider a personal data removal service

    Data brokers collect and sell personal information such as your name, home address, phone number and relatives’ names. This data can be used for scams or social engineering attacks. Personal data removal services find these records across dozens of sites and submit takedown requests on your behalf.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    HACKERS STEAL MEDICAL RECORDS AND FINANCIAL DATA FROM 1.2M PATIENTS IN MASSIVE HEALTHCARE BREACH

    2) Monitor your accounts regularly

    After a major data breach, one of the most effective ways to protect yourself is to stay alert. Check your bank and credit card statements every few days for unusual transactions, even small ones. Watch your benefit accounts or tax filings for irregular activity. Early detection gives you time to freeze accounts or stop fraudulent charges before they escalate.

    3) Install a reputable antivirus program

    Antivirus software is your first line of defense against cyber threats that often follow large breaches. Stolen data can be used to launch targeted phishing attacks or spread malware through fake links and emails. A reliable antivirus solution actively scans for malicious activity, blocks suspicious downloads and keeps your devices safe from newer online threats through automatic updates.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    OVER 8M PATIENT RECORDS LEAKED IN HEALTHCARE DATA BREACH

    4) Enable two-factor authentication (2FA)

    Even if your login credentials are compromised, two-factor authentication (2FA) can stop attackers from getting in. It requires an additional code sent to your phone, email, or authentication app, making unauthorized access nearly impossible. Enable 2FA on your banking, email and government-related accounts, as these often hold the most sensitive information.

    5) Use a password manager

    Many breaches happen because people reuse the same password across multiple websites. A password manager eliminates that risk by creating and storing strong, unique passwords for every account.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    Hacker looks at computer code while sitting in a dark room

    Conduent says the stolen files contained significant amounts of personal information, but has found no signs the data has surfaced online or on dark web marketplaces. (Kurt Knutsson)

    6) Consider an identity theft protection service

    Identity theft protection services monitor your personal data across multiple sources, including the dark web and public records. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    Kurt’s key takeaway

    Even though Conduent claims the stolen data hasn’t surfaced online, that doesn’t mean it’s safe. Data exfiltration on this scale has long-term implications, from identity theft to potential fraud within public benefit systems. The real test will be how both Conduent and its government partners adapt their cybersecurity oversight to prevent similar breaches. Because at this point, the question isn’t whether these systems will be targeted again, but whether they’ll be any better prepared when it happens.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Do you think government contractors handling sensitive information should face stricter cybersecurity regulations? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Anthropic warns of AI-driven hacking campaign linked to China

    [ad_1]

    WASHINGTON — A team of researchers has uncovered what they say is the first reported use of artificial intelligence to direct a hacking campaign in a largely automated fashion.

    The AI company Anthropic said this week that it disrupted a cyber operation that its researchers linked to the Chinese government. The operation involved the use of an artificial intelligence system to direct the hacking campaigns, which researchers called a disturbing development that could greatly expand the reach of AI-equipped hackers.

    While concerns about the use of AI to drive cyber operations are not new, what is concerning about the new operation is the degree to which AI was able to automate some of the work, the researchers said.

    “While we predicted these capabilities would continue to evolve, what has stood out to us is how quickly they have done so at scale,” they wrote in their report.

    The operation was modest in scope and only targeted about 30 individuals who worked at tech companies, financial institutions, chemical companies and government agencies. Anthropic noticed the operation in September and took steps to shut it down and notify the affected parties.

    The hackers only “succeeded in a small number of cases,” according to Anthropic, which noted that while AI systems are increasingly being used in a variety of settings for work and leisure, they can also be weaponized by hacking groups working for foreign adversaries. Anthropic, maker of the generative AI chatbot Claude, is one of many tech companies pitching AI “agents” that go beyond a chatbot’s capability to access computer tools and take actions on a person’s behalf.

    “Agents are valuable for everyday work and productivity — but in the wrong hands, they can substantially increase the viability of large-scale cyberattacks,” the researchers concluded. “These attacks are likely to only grow in their effectiveness.”

    A spokesperson for China’s embassy in Washington did not immediately return a message seeking comment on the report.

    Microsoft warned earlier this year that foreign adversaries were increasingly embracing AI to make their cyber campaigns more efficient and less labor-intensive.

    America’s adversaries, as well as criminal gangs and hacking companies, have exploited AI’s potential, using it to automate and improve cyberattacks, to spread inflammatory disinformation and to penetrate sensitive systems. AI can translate poorly worded phishing emails into fluent English, for example, as well as generate digital clones of senior government officials.

    [ad_2]

    Source link

  • Anthropic says Chinese hackers used its Claude AI chatbot in cyberattacks

    [ad_1]

    Anthropic said Thursday that Chinese hackers used its artificial intelligence technology in what the company believes is the first cyberespionage operation largely carried out using AI.

    Anthropic said the cybercriminals used its popular chatbot, Claude, to target roughly 30 technology companies, financial institutions, chemical manufacturers and government agencies. The hackers used the AI platform to gather usernames and passwords from the companies’ databases that they then exploited to steal private data, Anthropic said, while noting that only a “small number” of these attacks succeeded. 

    “We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention,” Anthropic said in a statement. 

    The San Francisco-based company did not immediately respond to a request for comment. The news was first reported by the Wall Street Journal. 

    Anthropic said it began detecting suspicious activity in mid-September. A subsequent investigation by the company revealed that the activity stemmed from an espionage campaign that Anthropic said was likely carried out by a state-sponsored group based in China. 

    According to the investigation, hackers allegedly duped Claude into thinking it was an employee of a legitimate cybersecurity firm and that it was being used for defensive testing. Anthropic also said the cybercriminals sought to hide their tracks by breaking down the attack into small tasks.

    Unlike conventional cyberattacks, the operation required minimal human intervention, according to the company. “The AI made thousands of requests per second, an attack speed that would have been, for human hackers, simply impossible to match,” Anthropic said.

    Anthropic said it expects AI cyberattacks to grow in scale and sophistication as so-called agents become more widely used for a range of services. AI agents are cheaper than professional hackers and can operate quickly at a larger scale, making them particularly attractive to cybercriminals, MIT Technology Review has pointed out.

    Edited by

    Alain Sherter

    [ad_2]

    Source link

  • AI-powered scams target kids while parents stay silent

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Kids are spending more time online than ever, and that early exposure is opening the door to a new kind of danger. 

    Artificial intelligence has supercharged online scams, creating personalized and convincing traps that even adults can fall for. The latest Bitwarden “Cybersecurity Awareness Month 2025” poll shows that while parents know these risks exist, most still haven’t had a serious talk with their children about them. 

    This growing communication gap is leaving the youngest internet users vulnerable at a time when online safety depends more than ever on education and oversight.

    Young children face real risks online

    Children as young as preschool age are now part of the connected world, yet few truly understand how to stay safe. The Bitwarden survey found that 42% of parents with children between 3 and 5 years old said their child had accidentally shared personal information online.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    5 PHONE SAFETY TIPS EVERY PARENT SHOULD KNOW

    AI-powered scams are finding new ways to reach kids who go online earlier than ever. (Kurt “CyberGuy” Knutsson)

    Nearly 80% of kids between the ages of 3 and 12 already have their own tablet or another connected device. Many parents assume supervision software or family settings are enough, but that assumption breaks down when kids explore apps, games and chat spaces designed to hold their attention. Device access has become nearly universal by early elementary school, but meaningful supervision and honest safety conversations are lagging behind.

    The AI threat and the parental disconnect

    Artificial intelligence has changed the nature of online scams by making them sound familiar, personal and hard to recognize. Bitwarden’s data shows that 78% of parents worry their child could fall for an AI-enhanced threat, such as a voice-cloned message or a fake chat with a friend. Despite that fear, almost half of those same parents haven’t talked with their kids about what an AI-powered scam might look like. The disconnect is even stronger among Gen Z parents. 

    About 80% of them say they are afraid their child will fall victim to an AI-based scheme, yet 37% allow their kids full or nearly full autonomy online. In those households, problems are more common. Malware infections, unauthorized in-app purchases and phishing attempts appear at the highest rates among families who worry the most but monitor the least. The paradox is clear. Parents recognize the threat but fail to translate awareness into consistent action.

    Why parents haven’t had the talk

    There are many reasons this important talk keeps getting delayed. Some parents simply feel unprepared to explain AI, while others assume their existing safety tools will protect their children. Only 17% of parents in the United States actively seek information about AI technologies, according to related research by Barna Group. That leaves a large majority relying on partial knowledge or outdated advice. 

    Many parents also juggle multiple devices at home, making it difficult to track every app or game their child uses. Some overestimate how safe their own habits are, even though they admit to reusing passwords or skipping security updates. Without firsthand understanding or personal discipline, it becomes even harder to teach those lessons to children. As a result, many kids face the internet with curiosity but without proper guidance.

    Smart ways to protect your child online

    The Bitwarden findings make one thing clear: kids are getting connected younger, and scams powered by artificial intelligence are already targeting them. The good news is that parents can take practical steps right now to reduce those risks and build lasting online safety habits.

    1) Keep devices where you can see them

    Set up tablets, laptops and gaming consoles in shared family areas rather than bedrooms. When screens stay visible, you naturally become part of your child’s online world. This not only encourages open conversation but also helps spot suspicious messages, fake friend requests or scam links before they cause trouble.

    A mother surfs the web with her son.

    Staying involved in your child’s digital life is the best defense against today’s AI threats. (Kurt “CyberGuy” Knutsson)

    2) Use built-in parental controls

    Most devices have strong tools you can activate in minutes. Apple’s Screen Time and Google Family Link let you limit screen time, approve new app installs and monitor how long your child spends on specific apps. These controls are especially useful for younger kids who, according to the Bitwarden poll, often have little supervision despite heavy device use.

    TEENS TURNING TO AI FOR LOVE AND COMFORT

    3) Talk through every download

    Before your child installs a new game or app, take a moment to check it together. Read the reviews, look at what data it collects and confirm the developer’s name. Explain why some games or “free” apps might ask for camera or contact access they don’t need. This kind of shared review teaches healthy skepticism and helps children recognize red flags later on.

    4) Make password strength and 2FA a family rule

    AI scams thrive on weak or reused passwords. Use a password manager to create and store strong, unique logins for each account. Turn on two-factor authentication (2FA) wherever possible so that even if a password is stolen, the account stays protected. Let your kids see how you use these tools so they learn that security isn’t complicated, it’s just a habit.

    An exhausted mother uses her laptop while her son sits on her lap.

    Many parents delay important online safety talks because they feel unprepared to explain AI, leaving kids curious but without the guidance they need to stay safe. (Kurt “CyberGuy” Knutsson)

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    5) Teach them to stop and tell

    One of the best defenses is simple: encourage your child to pause and talk before reacting to anything unusual online. Whether it’s a pop-up claiming a prize, a strange link in a chat or a voice message that sounds familiar, remind them it’s always okay to ask you first. Quick conversations like these can prevent costly mistakes and turn learning moments into trust-building ones.

    6) Keep devices updated and use strong antivirus software

    Outdated software can leave gaps that scammers exploit. Regularly update operating systems, browsers and apps to close those holes. Add strong antivirus software. Explain to your child that updates and scans keep their favorite games and videos running safely, not just their parents happy.

    The best way to safeguard from malicious links that install malware, potentially accessing private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    7) Make online safety part of everyday life

    Don’t save these conversations for when something goes wrong. Bring them up casually during family time or when watching YouTube or gaming together. Treat digital safety like any other life skill, something practiced daily and improved with time. The more normal it feels, the more confident your child becomes when facing online risks.

    A mother watches her son surf the web.

    Talking about online safety early helps build trust and awareness before trouble starts.  (Kurt “CyberGuy” Knutsson)

    What this means for you

    If you are a parent, guardian or anyone helping a child use technology, this issue deserves your attention. Start talking early, even before your child begins exploring the web on their own. Teach them simple concepts like asking before clicking or sharing. Instead of relying only on parental controls, have ongoing conversations that help them recognize suspicious links, messages or pop-ups. Show them that cybersecurity isn’t about fear but about awareness. Model strong digital habits at home by using unique passwords and turning on two-factor authentication. Explain why those steps matter. When your child understands the reasoning behind the rules, they are more likely to follow them. Make technology part of your family routine rather than a private space your child navigates alone. Regularly check the apps they use and the people they interact with. Set clear expectations and age-appropriate boundaries that can grow with your child’s experience. Staying engaged is the most powerful protection you can offer.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    The numbers from Bitwarden show a clear warning sign. Concern among parents is high, yet actual conversations about AI-powered scams remain rare. That silence gives scammers the upper hand. Children who learn about online safety early are more confident, more cautious and better equipped to handle unexpected messages or fake alerts. It only takes a few minutes of honest conversation to create awareness that lasts for years. By taking action now, you can close the gap between fear and understanding, protecting your family in a digital world that changes every day.

    Are you ready to start the conversation that could keep your child from becoming the next target of an AI-powered scam? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Google Chrome autofill now handles IDs

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Google has made Chrome even more capable. The browser can now fill in your passport, driver’s license and vehicle registration automatically. This upgrade joins the list of time-saving autofill options that already include passwords, addresses and payment details.

    Desktop users with enhanced autofill enabled will start seeing the new options right away. Chrome can even interpret complex form layouts and varying formats across different websites, improving accuracy with every entry.

    Google says these new autofill features were designed with privacy in mind. This from a company which makes money off of capturing your most intimate details in life. Google says Chrome only saves sensitive data after you give permission. It also encrypts stored information so it’s unreadable to anyone without your authorization. Before any personal info is filled into a webpage, Chrome asks you to confirm — keeping you in control.

    UPDATE CHROME NOW: GOOGLE PATCHES NEW ZERO-DAY THREAT

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Chrome’s enhanced autofill now saves and fills your passport, license and vehicle info with just a click. (Google)

    Still, autofill exploits by hackers have been known to happen. Infostealer malware has been used historically to capture data entered into web fields manually and with autofill. It is not perfect, but Google and others have come a long way to secure their browser. Keep in mind, Google may ask to share your information with third parties, so be cautious when you give it permission.

    Passport numbers, driver’s license details and other official records are valuable to cybercriminals, so be careful when you share them online. As always, use the strongest antivirus protection on all devices to ward off trouble. See my 2025 review of the best antivirus protection at Cyberguy.com.

    The company began rolling out these updates worldwide in all languages and plans to support even more document types soon.

    Car insurance information being autofilled in Google Chrome

    The Google Chrome browser encrypts personal data and always asks for confirmation before entering sensitive information. (Google)

    How to enable Enhanced Autofill in Chrome

    For Windows and Mac (Desktop):

    • Open Chrome on your computer.
    • Click the three-dot menu in the top right.
    • Click Settings.
    • On the left pane, select Autofill & passwords (or simply “Autofill” depending on version).
    • Click Enhanced autofill.
    • Toggle On “Enhanced autofill” to allow Chrome to fill in IDs (passport, driver’s license, vehicle info).
    • To enter or edit saved data: while still in the Enhanced autofill section, select Add/Edit under “Saved information” and input your document numbers or vehicle info.
    • Next time you visit a supported form (e.g., for vehicle registration or passport number), Chrome will prompt you to fill it in and ask you to confirm before submitting it.

    OVER 2B USERS FACE PHISHING RISKS AFTER GOOGLE DATA LEAK

    The settings of Google Chrome

    You can enable Enhanced Autofill in Chrome settings to securely manage and store official identification data. (Kurt “CyberGuy” Knutsson)

    For iPhone

    • Open Chrome on your iPhone or iPad.
    • Tap the three-dot menu (bottom or top right) and select Settings.
    • Go to Autofill & Payments (or similar label) and verify that “Addresses and More,” “Payment Methods” and “Passwords” are enabled for autofill.

    For Android

    Settings may vary depending on your Android phone’s manufacturer.

    • Open Chrome on your Android device.
    • Tap the three-dot menu (top right).
    • Go to Settings → Autofill & payments (or simply “Autofill and forms”).
    • Under “Addresses and more” (and possibly payment methods), enable the types of info you want filled in automatically.

    Note: The enhanced autofill update for passports, driver’s licenses and vehicle details is still expanding to mobile. You may not see it yet on iPhone or Android, even with the latest Chrome version. Keep your app updated and check back periodically as Google continues the global rollout.

    AI updates are driving Chrome forward

    This upgrade follows a wave of artificial intelligence-driven improvements in Chrome. Recently, Google added Gemini integration for all desktop users in the U.S. and previewed new “agentic” features that use AI to automate everyday tasks. Future updates will include password reset suggestions, smarter scam detection and AI-powered form assistance, all designed to make browsing safer and more convenient.

    CONGRESSIONAL BUDGET OFFICE HIT BY CYBERATTACK, RAISING CONCERNS OVER US GOVERNMENT NETWORK SECURITY

    A woman types on a laptop.

    The rollout of Enhanced Autofill continues worldwide, adding support for more ID types and expanding beyond desktop users. (Kurt “CyberGuy” Knutsson)

    Tips to keep your browser secure

    Even with encryption, there’s more you can do to protect what autofill stores.

    1) Use strong antivirus software

    Install trusted antivirus software on all your devices. It blocks malware that could record your keystrokes or hijack autofill data before encryption kicks in.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    2) Use a password manager instead of browser storage

    Dedicated password managers store and encrypt your logins locally, reducing risk if your browser gets compromised.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    3) Enable two-factor authentication (2FA)

    Pair your Google account with two-factor authentication (2FA). Even if hackers access your browser, they can’t reach your autofill data without your secondary code.

    4) Keep your browser and extensions clean

    Type chrome://extensions and remove anything unfamiliar. Malicious add-ons are a common way attackers steal autofill info.

    5) Use a data removal service

    Even with Chrome’s encryption, your personal information can still surface on data broker sites. A data removal service sends requests to these companies to delete your personal details, like your address, phone number and ID records, before they can be shared or sold. This lowers the risk of your data being used in phishing attempts or identity theft. Regularly clearing your digital footprint adds another layer of protection for Chrome’s autofill feature. It limits what hackers could use if they ever gain access through a breached website or browser extension.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Use a secure email for verification

    If Chrome requests confirmation, make sure your linked Google account uses a private, encrypted email provider.

    For recommendations on private and secure email providers that offer encrypted addresses, visit Cyberguy.com.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Chrome’s latest autofill update blends convenience with stronger safeguards. But security still depends on your habits. Taking a few extra minutes to manage extensions, enable 2FA and use privacy tools will go a long way toward keeping your personal data safe.

    Would you trust your passport or driver’s license info to Google Chrome’s autofill, or is that a step too far? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Google lawsuit accuses China-based cybercriminals of massive text-message phishing scams

    [ad_1]

    Google is filing a federal lawsuit against a network of foreign cybercriminals based in China that is accused of launching massive text-message phishing attacks, the tech giant told CBS News in an exclusive interview.

    Google said the messages are part of a criminal network called “Lighthouse.” The texts look legitimate, often warning recipients of a “stuck package” or an “unpaid toll,” but they’re actually phishing or what’s called smishing — a type of phishing scam that uses text messages to try to trick recipients into revealing personal and sensitive information, such as passwords and credit card numbers, which are then stolen.

    “These scammers ended up compromising anywhere from 15 [million] to 100 million potential credit cards within the U.S. and impacted, at our current estimates, over a million victims,” Google’s general counsel, Halimah DeLaine Prado, told CBS News.

    DeLaine Prado said Google has filed what it calls a first-of-its-kind lawsuit under the RICO Act, which is typically used to take down organized crime rings.

    The case targets unknown operators — listed as John Does 1 through 25 — who allegedly built a “phishing-as-a-service” platform to power mass text attacks.

    DeLaine Prado said the lawsuit is not meant specifically to help victims recover any losses, but rather to serve as a “deterrent for future criminals to create similar enterprises.”

    Google said it found more than 100 fake sites using its logo to trick people into handing over passwords or credit card numbers. According to its complaint, it estimates the group has stolen sensitive information linked to tens of millions of credit cards in the U.S. alone.

    Kevin Gosschalk, the CEO of cybersecurity firm Arkose Labs, said that while recovering lost money is a challenge, lawsuits like Google’s could help disrupt scammers’ operations.

    “It has an impact on the ecosystem,” Gosschalk told CBS News. He said that if there are three major players and you go after the big one and take it down, “then the other two start second-guessing, ‘Hey, should we be in this business, or should we get out of this business?’” 

    Google’s move appears aimed as much at setting a legal precedent as at seeking punishment — testing whether a 1970s racketeering law can be applied to a 21st-century digital crime.

    Gosschalk said it will be very hard for Google to go after cybercriminals overseas since a lot of them also operate in countries like Cambodia, where there are limited extradition laws.

    “But it does mean the individuals behind those things will not be able to travel to the U.S. in the future, so it does add extra risk,” Gosschalk said.

    Users can avoid text scams by not clicking links or replying to unknown messages. On an iPhone, users can turn on “Filter Unknown Senders” and “Filter Junk.” On Android, enable Spam Protection and forward scam texts to 7726 (SPAM). 

    Note that those filters can also catch legitimate messages from numbers that are not in the phone’s contact list, so be sure to check the unknown senders or spam folder once in a while. 

    [ad_2]

    Source link

  • VA issues overpayment scam alert for veterans

    [ad_1]

    NEWYou can now listen to Fox News articles!

    As the nation honors veterans for their service, the Department of Veterans Affairs is reminding the community to stay alert to a growing threat, the VA overpayment scam.

    Reports show that fraudsters are contacting veterans through text, email and phone calls, pretending to be VA employees. They claim you were overpaid on your benefits and must send money or banking details to correct the issue.

    These criminals often make their messages look official with VA logos, formal wording and even fake caller IDs. Once they gain your trust, they push for quick payment, hoping you act before verifying. Staying informed and cautious is the best way to protect your benefits and your identity.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

    Scammers are claiming veterans were overpaid on their benefits by impersonating VA employees. (Kurt “CyberGuy” Knutsson)

    How to spot a VA overpayment scam

    Be on alert for these red flags:

    • Messages demanding urgent payment, especially by gift card, wire transfer or cryptocurrency.
    • Requests for your VA login or password.
    • Emails or texts with links that don’t lead to VA.gov.
    • Caller ID spoofing showing “VA” or “Debt Center” to look official.
    • Messages or letters that lack detailed explanations or account numbers.

    If you spot any of these, don’t engage; instead, verify the communication directly through VA.gov or by calling the VA’s official number.

    HOW TO STOP IMPOSTOR BANK SCAMS BEFORE THEY DRAIN YOUR WALLET

    Real VA communications always direct veterans to VA.gov or the official Debt Management Center.

    Legitimate VA communications always direct veterans to VA.gov or the official Debt Management Center.  (Kurt “CyberGuy” Knutsson)

     How real VA overpayments work

    When the VA determines an actual overpayment, it sends a formal letter explaining the amount and your options to appeal or set up a payment plan. You’ll never be told to pay through text or third-party apps, and you’ll never be asked to share login credentials or banking info outside VA.gov.

    Real VA notices always direct you to official channels like VA.gov or the Debt Management Center (1-800-827-0648). If something feels off, it probably is, so always verify before taking action.

    Staying alert and verifying messages through official channels helps protect your hard-earned VA benefits.

    To protect your hard-earned VA benefits stay alert and verify messages through official channels.  (Kurt “CyberGuy” Knutsson)

    Top ways to protect yourself from VA overpayment scams

    Stay ahead of scammers by following these simple but powerful steps to protect your VA benefits.

    1) Verify through your official VA.gov account

    Whenever you receive a notice about an overpayment, log in to your VA.gov account directly instead of clicking any link or responding to a message. The site shows your current balance, payment status and any real debts.

    2) Use official VA payment channels

    If you discover a legitimate debt, handle it only through VA’s official payment options. Call the Debt Management Center at 1-800-827-0648 or make payments through your secure VA.gov dashboard. Avoid sending funds through apps, wire transfers, or prepaid cards as the VA will never ask for those.

    3) Never share your login information

    Your VA login and password are like your house keys. The VA will never ask for them, not by phone, email, or text. Anyone who requests them is a scammer. If you think your credentials were compromised, change your password immediately and enable multi-factor authentication (MFA) if available.

    Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. 

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at CyberGuy.com.

    NATIONAL PROGRAM HELPS SENIORS SPOT SCAMS AS LOSSES SURGE

    4) Avoid suspicious links and attachments

    Fraudsters often embed fake links in messages that look real at first glance. Hover over a link before clicking to preview the URL; if it doesn’t start with “https://www.va.gov,” it’s fake. Be equally cautious with attachments, as they can install malware designed to steal your personal data.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

    5) Use a data removal service

    Data brokers often publish your name, phone number and even veteran status online, information scammers use to target you. Personal data removal services can automatically request data removals from hundreds of broker sites, reducing your exposure and lowering the odds of being targeted.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

    Get a free scan to find out if your personal information is already out on the web: CyberGuy.com.

    6) Watch out for unusual payment methods

    Scammers love untraceable transactions. Any request for payment through gift cards, Bitcoin, prepaid debit cards, or wire transfers is an instant red flag. The VA does not and will not use these methods to collect payments.

    7) Limit your social media exposure

    Scammers sometimes gather information from social networks to make messages seem more personal. Review your friends and followers, tighten privacy settings and think twice before posting details about your military service or VA benefits.

    8) Report suspected fraud immediately

    If you think someone tried to scam you, contact the VA directly at 1-800-827-1000. You can also report incidents at VSAFE.gov or call (833) 38V-SAFE (833-388-7233). Reporting quickly helps protect others in the veteran community.

    Kurt’s key takeaways

    This Veterans Day is a time to reflect on service, sacrifice and strength, and that includes protecting what you have earned. Scammers may be persistent, but staying alert and using official VA resources gives you the upper hand. Your benefits represent more than money; they are recognition of your service. Keep them safe, stay skeptical of sudden messages and verify everything before you act.

    How can technology companies and the government do a better job of protecting veterans online? Let us know your thoughts in the comments below. Let us know by writing to us at CyberGuy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • The #1 Google search scam everyone falls for

    [ad_1]

    NEWYou can now listen to Fox News articles!

    When something goes wrong with your bank account or delivery, your first instinct might be to type the company name into Google and call the first customer service number you see. But that simple search has become one of the biggest traps for scammers, and it’s costing people money, privacy and even control over their phones.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    A simple Google search for a company’s customer service number can lead straight to a scam. The first result isn’t always the safest one. (Kurt “CyberGuy” Knutsson)

    He Googled his bank’s number and lost control of his phone

    Here’s how one man’s quick search for help turned into a nightmare he never expected. Gabriel wrote to us in distress, asking,

    “I called my bank to check on some charges I didn’t authorize. I called the number on the bank statement, but they told me to go online. I googled the company and dialed the first number that popped up. Some foreign guy got on the phone, and I explained about the charges. Somehow, he took control of my phone, where I didn’t have any control. I tried to shut it down and hang up, but I couldn’t. He ended up sending an explicit text message to my 16-year-old daughter. How do I prove I didn’t send that message? Please help.”

    Gabriel’s story is frightening, and unfortunately, it’s not rare. This type of attack is called a remote access support scam. Scammers pretend to be bank or tech support, then trick you into installing a program that gives them control of your device. Once inside, they can steal passwords, send messages or lock you out completely.

    WHATSAPP BANS 6.8M SCAM ACCOUNTS, LAUNCHES SAFETY TOOL

    A user searches on Google on a laptop.

    Gabriel thought he was calling his bank, but the number was fake. Within minutes, a scammer took control of his phone and invaded his privacy. (Kurt “CyberGuy” Knutsson)

    Why this scam works

    Search engines reward paid ads. Scammers take advantage of this by buying ad space to appear above legitimate customer service numbers. The fake pages look professional, complete with company logos and 800 numbers that seem real.

    Once you call, the fake “agent” sounds knowledgeable and polite. They build trust, then convince you to install remote access software such as AnyDesk or TeamViewer. From that point, they can control everything on your phone.

    What to do if this happens to you

    Gabriel, what you went through is incredibly upsetting, and you’re right to take it seriously. Here’s what to do right away:

    1) Disconnect and secure your phone

    Turn off your phone immediately. Restart it in Airplane Mode and don’t connect to Wi-Fi yet. Run a full antivirus scan with strong antivirus software. 

    2) Change all your passwords

    Use a secure device that has not been compromised to reset the passwords for your key accounts, including email, cloud storage, phone carrier and banking logins. Create strong, unique passwords for each account and enable two-factor authentication (2FA) for added protection on all your devices and platforms.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    3) Contact your carrier and your bank

    Let your phone provider know that your device was taken over. Ask them to check for unauthorized remote management apps or SIM-swap activity. Notify your bank’s fraud department and report the fake number you found on Google.

    4) Report the explicit message

    Take screenshots and save everything. Contact local police and explain that the message was sent from your number while your phone was under remote control. If a minor is involved, the case may be referred to the FBI’s Internet Crime Complaint Center (IC3.gov).

    5) Factory reset your phone

    Once your data is backed up, perform a factory reset on your iPhone or Android to remove any hidden software. Reinstall only apps you recognize from the official app store.

    HOW TO STOP IMPOSTOR BANK SCAMS BEFORE THEY DRAIN YOUR WALLET

    A user searches Google.

    Scammers use fake customer service numbers to sound convincing and gain remote access to your devices, turning a simple call for help into a digital takeover. (Kurt “CyberGuy” Knutsson)

    Tips to stay safe from fake customer service scams

    Falling for a fake customer service number can happen to anyone, especially when you’re in a rush or worried about your account. Here’s how to make sure you never get tricked by the same kind of scam that hijacked Gabriel’s phone.

    Go directly to the company’s official website

    Always type the company’s web address yourself or use the contact number printed on your card or statement. Scammers often create fake numbers that appear in search results, hoping you’ll call them instead of your real bank.

    Don’t trust the first search result on Google

    Search engines sell ad space to anyone, including criminals posing as real businesses. Those top “sponsored” listings can lead straight to scammers. Instead, scroll down until you find the official domain ending in .com, .org or .gov.

    Never allow remote access to your phone or computer

    No legitimate company needs to control your device to verify charges or fix an account issue. If someone asks you to install software like AnyDesk or TeamViewer, hang up immediately. These tools give strangers complete control of your screen and data.

    Hang up if the caller pressures you to act fast

    Scammers rely on panic. When someone insists you act “right now” or risk losing money, that’s a warning sign. Stay calm, hang up, and verify the problem through your bank’s official website or number.

    Use strong antivirus protection

    Install and regularly update a trusted antivirus app. Strong antivirus software can block remote-access tools and spyware before scammers gain access. Regular scans also detect hidden threats that may already be on your phone or computer.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    Consider using a data removal service

    Many scammers find victims through data brokers that sell phone numbers and personal details. A data removal service helps erase your information from these sites. As a result, it’s harder for criminals to target you with fake customer service scams in the first place.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    Monitor your identity with a trusted protection service

    Even a short breach can expose your private information. Identity-monitoring tools alert you when your name, email or Social Security number appears on the dark web. That gives you time to act before scammers can use it.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    The internet has made getting help easier than ever, but it has also made it easier for scammers to pretend to be helpful. The top way people are being scammed today isn’t through phishing emails or suspicious links; it’s by trusting fake phone numbers that look official. Take a few minutes to save the real customer service numbers for your bank, phone provider, and credit card company. One quick call to the wrong number could give a stranger access to your entire digital life.

    With fake customer service numbers flooding search results, should Google be held responsible for protecting you from these scams? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Connecticut man loses life savings in crypto scam

    [ad_1]

    NEWYou can now listen to Fox News articles!

    When Joe A. from Shelton, Connecticut, received a text about a crypto investment opportunity, he thought it was his chance to rebuild after a divorce. Instead, he lost every dollar he had. Joe’s story is a heartbreaking reminder of how easy it is to fall for an online investment scam that promises quick success and easy money.

    Joe has allowed Cyberguy to tell his powerful story so that others can learn from his experience and protect themselves from similar scams. Here is how it all went down and how you can protect yourself from falling into the same trap.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    HOW TO STOP IMPOSTOR BANK SCAMS BEFORE THEY DRAIN YOUR WALLET

    After his account access vanished, scammers allegedly demanded more cash to “reactivate” it. By then, Joe’s retirement savings were wiped out. (Gabby Jones/Bloomberg via Getty Images)

    How the online investment scam began

    In August, Joe got a message from a company calling itself “ZAP Solutions.” It promised that if he invested $30,000, he’d soon have $368,000 in returns. It sounded like a smart move. Like many victims, Joe believed the pitch because it seemed professional and legitimate.

    But soon he was led deeper into a trap. Each “short-term investment” required another wire transfer. Before he knew it, Joe had sent every penny, his 401K, IRA and other investments.

    When the investment scam fell apart 

    The moment Joe was locked out of his account, panic set in. The scammers demanded more money to “reactivate” it. By the end, Joe had lost $228,000.

    His mother, Carol, was devastated when she found out. 

    “I was shocked,” she said. “He showed us the screenshots, the messages. He emptied everything.”

    Joe and his family filed a police report with local authorities and contacted the FBI. But, according to officers, recovery is unlikely. 

    “They told us there’s no way to get it back,” Carol said. “These cyberstalkers move the money too fast.”

    The bigger picture: Online investment scams are rising 

    Joe’s story isn’t unique. The FBI reports that cybercriminals have stolen more than $50 billion from Americans in just five years. Scammers prey on emotion, targeting people who are hopeful, lonely or in transition.

    “If it seems too good to be true, it probably is,” Joe said, stating a phrase we all should remember.

    How to protect yourself from online investment scams

    Staying safe starts with awareness and consistent action. Cybercriminals are getting more creative, so protecting your finances means staying alert every step of the way. Follow these proven steps to safeguard your accounts and identity.

    1) Research before you invest

    Always verify any investment opportunity before sending money. Look up the company through official government or financial websites, such as the SEC’s Investment Adviser Public Disclosure database or FINRA’s BrokerCheck. Read reviews, confirm licenses and search for scam alerts online.

    2) Be suspicious of unsolicited messages and use strong antivirus software

    If a text, email or social media message promises high returns, stop and think. Legitimate firms never cold-contact people about investment offers. Delete suspicious messages immediately and never click on links from unknown sources. Install and regularly update strong antivirus software on all your devices. This can block phishing attempts, malicious downloads, and fake investment platforms designed to steal your data.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    Cryptocurrency coin.

    Joe’s mother says the family filed police and FBI reports, but recovery is unlikely as criminals move money fast across borders and accounts. (Silas Stein/picture alliance via Getty Images)

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    3) Check email addresses and website domains

    Scammers often use domains that look almost identical to real ones. Double-check for misspellings, extra letters or unusual web extensions like “.co” or “.biz.” If you’re unsure, search for the official company site separately in your browser.

    4) Never wire money to strangers

    Once you wire money to a scammer, recovery is nearly impossible. Never send money to someone you’ve only met online, even if they claim to represent a reputable company. Always confirm payment details through verified sources.

    5) Talk to a trusted financial advisor

    Before you invest large sums, get a second opinion from a licensed financial advisor. A professional can spot red flags and unrealistic promises that you might overlook.

    6) Use a data removal service

    Protect your personal information by using a data removal or privacy service that scrubs your phone number, address and other details from people search sites. This reduces the chance of scammers finding and targeting you.

    While no service can guarantee the complete removal of your data from the Internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Enroll in an identity theft protection service

    If scammers have your personal details, they could try to open credit cards or loans in your name. Enrolling in a reputable identity theft protection service adds another layer of security by monitoring your credit and alerting you to suspicious activity.

    Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    FBI WARNS SENIORS ABOUT BILLION-DOLLAR SCAM DRAINING RETIREMENT FUNDS, EXPERT SAYS AI DRIVING IT

    Cryptocurrency on a smartphone.

    From antivirus and data-removal services to identity theft monitoring, CyberGuy shares concrete steps to block phishing, verify firms and protect your money. (Gabby Jones/Bloomberg via Getty Images)

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    8) Report suspicious activity immediately

    If you believe you’ve been targeted or scammed, act fast. Contact your local police department and your bank and file a report with the FBI’s Internet Crime Complaint Center (IC3). Quick action can sometimes limit further loss or help investigators trace the fraud.

    Kurt’s key takeaways

    Joe’s story is painful, but it’s also powerful. His honesty may stop someone else from losing everything. Online scams thrive when people stay silent, but sharing stories like Joe’s helps others stay alert. So, before you trust anyone promising quick profits online, take a pause, verify everything and remember Joe’s story because one moment of caution could save you from a lifetime of regret.

    CLICK HERE TO GET THE FOX NEWS APP

    Have you ever received an investment offer that seemed too good to be true? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Russian hackers use fake CAPTCHA tests to spread new malware families across multiple targets

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Russian state-backed hackers have stepped up their game with new malware families that hide behind fake CAPTCHA tests. The group, known as Star Blizzard or ColdRiver, now uses ClickFix attacks to trick people into launching dangerous malware disguised as a simple “I’m not a robot” check.

    These attacks represent a new wave of cyber deception, targeting governments, journalists and NGOs with malware that keeps changing faster than researchers can analyze it.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

    The ClickFix trap: A new kind of social engineering

    Google’s Threat Intelligence Group (GTIG) first observed the hackers using LostKeys malware in espionage operations. Once researchers exposed it, the attackers pivoted quickly, abandoning LostKeys within a week and deploying new tools: NoRobot, YesRobot and MaybeRobot.

    NORTH KOREAN HACKERS USE AI TO FORGE MILITARY IDS

    The ClickFix attack works like this: a victim lands on a fake CAPTCHA page that looks identical to the real thing. When they click to prove they’re human, the system silently runs NoRobot, infecting the computer and establishing persistence via registry changes and scheduled tasks.

    A fake “I’m not a robot” CAPTCHA can launch hidden malware in seconds. (Jens Büttner/picture alliance via Getty Images)

    Inside the Russian “robot” malware chain

    The Russian hackers built their latest attack around a chain of connected malware families that unfold step by step once a victim clicks the fake CAPTCHA.

    NoRobot: The entry point

    NoRobot acts as the first stage of infection. It prepares the environment by downloading files, modifying registry keys and creating tasks to ensure it stays active even after a reboot.

    YesRobot: The brief experiment

    The hackers briefly tested YesRobot, a Python-based backdoor, but dropped it quickly after realizing the full Python installation drew unwanted attention from defenders.

    3,000+ YOUTUBE VIDEOS DELIVER MALWARE DISGUISED AS FREE SOFTWARE

    MaybeRobot: The new weapon

    MaybeRobot replaced YesRobot as a stealthier PowerShell-based tool. It can download and execute payloads, run command prompts, and send stolen data back to the attackers. Researchers say MaybeRobot’s development has now stabilized, allowing the hackers to focus on refining NoRobot’s stealth.

    How these attacks keep evolving

    Security analysts noticed the malware’s delivery chain has shifted several times. At one point, it became “drastically simplified,” only to grow complex again as the attackers began splitting cryptographic keys across multiple files. This strategy makes it harder for researchers to reconstruct how infections work. Without every piece of the puzzle, the final malware payload cannot be decrypted correctly. 

    Who’s being targeted by the Russian malware

    ColdRiver’s operations have been linked to the Russian intelligence service (FSB), with years of activity focused on espionage and data theft. The group has consistently targeted Western governments, think tanks, media organizations and NGOs to steal sensitive information and gain strategic insight.

    Despite sanctions, infrastructure takedowns and public exposure, the hackers continue to evolve. Their quick shift from LostKeys to NoRobot and MaybeRobot shows a highly organized and well-funded operation capable of retooling within days.

    A Russian flag flies above the Russian Embassy in Berlin, Germany.

    Researchers warn that Russian hackers now use realistic CAPTCHA traps to spread new “Robot” malware strains. (Kristian Tuxen Ladegaard Berg/NurPhoto via Getty Images)

    CAPTCHAGEDDON SIGNALS A DANGEROUS SHIFT

    Even if you’re not a government or corporate target, these evolving attacks serve as a reminder that anyone connected to the internet is at some level of risk. Compromised personal accounts, reused passwords or infected email attachments can make everyday users an easy entry point for larger campaigns.

    While these threats may aim high, their reach extends everywhere. Awareness and cautious online behavior are essential for everyone.

    How to stay safe from Russian malware hidden in fake CAPTCHAs

    These practical steps can help you protect your data and devices from the growing wave of Russian malware using fake CAPTCHA pages to spread. 

    1) Be cautious with unexpected CAPTCHA challenges

    Fake “I’m not a robot” pages are the main lure in this Russian malware campaign. If you’re redirected to a CAPTCHA on an unfamiliar site or after clicking a suspicious link, stop immediately. Real CAPTCHAs usually appear only on trusted websites, not random pop-ups or login pages. When in doubt, close the page and verify the URL before taking any action.

    2) Use strong antivirus software

    Choose reputable antivirus protection that not only scans for known malware but also monitors suspicious behavior. Since the “Robot” malware evolves rapidly, behavior-based detection helps stop new variants before signature updates are available. Enable automatic updates and schedule daily scans to catch infections early. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com 

    META ACCOUNT SUSPENSION SCAM HIDES FILEFIX MALWARE

    3) Consider a data removal service to reduce exposure

    Many cyberattacks begin with publicly available data. Using a data removal or privacy protection service helps eliminate your personal information from data broker sites. By reducing what hackers can find online, you make it harder for them to tailor phishing emails or social engineering traps that lead to malware infection.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    4) Keep all software and operating systems updated

    The malware used in these attacks exploits known security flaws in unpatched systems. Always apply updates as soon as they’re released. Turn on automatic updates for your browser, antivirus and operating system. Outdated software is one of the easiest entry points for Russian hackers and other advanced groups.

    Someone with a hoodie types suspiciously on a laptop that displays a dark screen.

    Cyber experts say awareness is the best defense as these evolving attacks target both organizations and everyday users. (Kurt “CyberGuy” Knutsson)

    AI FLAW LEAKED GMAIL DATA BEFORE OPENAI PATCH

    5) Use multi-factor authentication (MFA) everywhere possible

    Even if a hacker steals credentials through malware or phishing, MFA adds another layer of protection. Require it for email, VPNs, and cloud services. This simple step can block most unauthorized access attempts.

    6) Back up data regularly

    A ransomware payload could be the next evolution of this malware family. Back up critical data to both an external drive and cloud storage. 

    Kurt’s key takeaways

    The rise of these Russian malware campaigns is a reminder that cybercriminals are always one step ahead. What looks like a harmless “I’m not a robot” test can actually hide a serious threat. Protecting yourself isn’t just about having antivirus software; it’s about staying alert to small online details that can make a big difference. Keep your devices updated, question unexpected pop-ups, and use trusted tools to guard your personal information. With a little caution and consistency, you can outsmart even the most deceptive attacks.

    What concerns you most about today’s online security risks? Let us know by writing to us at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

    Copyright 2025 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Congressional Budget Office implements new security measures after getting hacked

    [ad_1]

    WASHINGTON — The Congressional Budget Office on Thursday confirmed it had been hacked, potentially disclosing important government data to malicious actors.

    The small government office, with some 275 employees, provides objective, impartial analysis to support lawmakers during the budget process. It is required to produce a cost estimate for nearly every bill approved by a House or Senate committee and will weigh in earlier when asked to do so by lawmakers.

    Caitlin Emma, a spokeswoman for the CBO said in a written statement that the agency “has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems going forward.”

    The Washington Post first wrote the story on the CBO hack, stating that the intrusion was done by a suspected foreign actor, citing four anonymous people familiar with the situation.

    The CBO did not confirm whether the data breach was done by a foreign actor.

    “The incident is being investigated and work for the Congress continues,” Emma said. “Like other government agencies and private sector entities, CBO occasionally faces threats to its network and continually monitors to address those threats.”

    The CBO manages a variety of massive data sources that relate to a multitude of policy issues — from the Trump administration’s mass deportation plans, to the unprecedented implementation of sweeping tariffs on countries around the world, to massive tax and spending cuts passed into law this summer.

    [ad_2]

    Source link

  • How to stop impostor bank scams before they drain your wallet

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Losing your life savings to fraud is not a distant fear; it is a real and growing risk. Scams involving criminals pretending to be bank representatives have surged, with the Federal Trade Commission (FTC) reporting record-breaking losses exceeding $2.9 billion in recent data. These criminals no longer rely on basic phone tricks. Instead, they use caller ID spoofing and artificial-voice software to sound like trusted professionals, often imitating real bank employees down to the smallest detail.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    HOW SCAMMERS EXPLOIT YOUR DATA FOR ‘PRE-APPROVED’ RETIREMENT SCAMS

    What impostor bank scams look like

    Scammers pretending to be from your bank follow a predictable yet terrifying pattern. They begin with an urgent phone call warning that your account has been compromised. The caller ID displays your bank’s real number, which builds instant trust.

    Impostor scams have become one of the fastest-growing crimes in America, costing victims billions each year. (Kurt “CyberGuy” Knutsson)

    Next, they instruct you to move your money into a so-called “safe” or “decoy” account while they “investigate” the issue. Their goal is to create fear and push you into action before you have time to think.

    One journalist reportedly learned this lesson the hard way when he answered what appeared to be a legitimate call from Chase Bank. After a series of convincing conversations with multiple “representatives,” he transferred nearly $30,000 to scammers. In another case, a 65-year-old caterer reportedly lost $162,000 when a friendly woman pretending to be a bank employee claimed her ATM card had been compromised. These stories are not rare; they reflect how sophisticated and believable modern scams have become.

    Why you and others are targets

    Banks are trusted institutions, and scammers know it. That trust makes impersonation one of the easiest and most effective fraud tactics today. With spoofing tools, criminals can mimic real bank phone numbers and even use AI to reproduce familiar voices. Their approach is psychological: they create panic and urgency to make victims act quickly and irrationally.

    Older adults are particularly vulnerable. The FTC found that losses of over $100,000 to impostor scams among people aged 60 and older have skyrocketed, from $55 million in 2020 to $445 million in 2024. These numbers highlight how no one is immune to manipulation when fear and urgency collide.

    A woman speaks on her cell phone.

    Criminals exploit fear, trust and technology to pressure victims into acting before they can think clearly. (Kurt “CyberGuy” Knutsson)

    9 smart tips to protect yourself from impostor scams 

    Impostor scams move fast, but with the right precautions, you can stop them before they strike.

    1) Never trust caller ID alone

    Spoofed numbers make a call appear as if it’s coming from your bank, even when it’s not.

    2) Hang up and call your bank using a verified number

    Do not return calls using numbers given to you by the person who contacted you. Always call the number printed on your debit or credit card.

    3) Use a data removal service to protect your identity

    Scammers often collect phone numbers, email addresses and other personal details from public records and data broker sites. Using a trusted data removal service helps wipe that information from the web, reducing the chances that criminals can use your data to impersonate you.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    A woman talking on her cell phone

    Scammers often pose as bank employees, using fake caller IDs and urgent stories to trick people into sending money. (Kurt “CyberGuy” Knutsson)

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    4) Your bank will never ask you to transfer money

    Any request to move funds “for protection” is a red flag for fraud.

    NATIONAL PROGRAM HELPS SENIORS SPOT SCAMS AS LOSSES SURGE

    5) Use strong antivirus software

    Scammers often send fake links or pop-ups that install malicious programs on your device. A strong antivirus program can detect these threats, block phishing attempts and stop remote-access tools that give criminals control of your computer. Keeping your software updated adds another layer of protection against evolving scams.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    6) Never share verification codes or PINs

    Banks do not ask for your codes over the phone, text or email.

    7) Use call-blocking or scam-identifier apps

    Adding these tools to your phone can filter many spoofed calls before they reach you. Both iPhone and Android devices have built-in settings and apps that help you stop scam calls before you even pick up.

    If you use an iPhone:

    • Go to Settings
    • Tap Apps
    • Click Phone
    • Under Unknown Callers, click Silence to automatically block unsaved numbers that aren’t in your contacts.

    Android phones offer similar protection:

    Settings may vary depending on your Android phone’s manufacturer. 

    • Go to the Phone app
    • Click Settings
    • Tap Caller ID & Spam
    • Click Filter Spam Calls, or you might be asked to toggle on Caller ID and spam protection, to automatically identify and block numbers flagged as potential scams.

    8) Pause if something feels urgent and frightening

    Scammers depend on panic. Taking a moment to breathe could save your savings.

    9) Report suspicious activity immediately

    If you suspect a scam, contact your bank, file a complaint with the FTC at ReportFraud.ftc.gov and alert local law enforcement.

    What to do if you’ve been targeted

    If you believe you have fallen victim, act quickly.

    1) Contact your bank and request a freeze or close monitoring of your accounts.

    2) File a report with the FTC and your local police department, even if you believe recovery is unlikely.

    3) Keep every piece of evidence, including phone records, text messages and transfer confirmations.

    4) Change all passwords and enable transaction alerts on every sensitive account to prevent further damage. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. 

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    5) Sign up with an Identity Theft Protection service that can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is sold on the dark web or used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Fraud can strike anyone, anywhere, at any time. Scammers have become smarter, faster and more convincing than ever before. They use fear, urgency and technology to make their lies sound real. But you can fight back with knowledge and caution. Stay alert every time your phone rings or your inbox pings. Slow down before you react. Verify before you trust. The few seconds you take to double-check could be what saves your life savings. Remember, even the most tech-savvy people fall for scams when emotions take over. The real key to protection isn’t fear, it’s awareness and action. Share what you know with friends, family and coworkers. The more people who understand how these scams work, the harder it becomes for criminals to win.

    Are banks really doing enough to protect you from impostor scams? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link