Tag: Cybercrime

Hackers leak children’s data in major nursery breach

[ad_1]

NEWYou can now listen to Fox News articles!

Over the past few years, data breaches targeting schools, healthcare providers, and childcare services have been making headlines, exposing sensitive personal information and leaving families vulnerable. Now, a new breach has come to light that targets a nursery chain. Kido, which operates in the U.S., U.K., China and India, has reportedly had sensitive data stolen from thousands of children. Names, photos, addresses, birthdates, parental details and even safeguarding notes and medical records were allegedly accessed by a hacker group called Radiant.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

The incident highlights how stolen data threatens not just privacy but also long-term child safety. (Kurt “CyberGuy” Knutsson)

What you need to know about nursery breach

According to reports, the hacker group Radiant claims to have stolen data related to around 8,000 children. To prove possession, they posted samples, including pictures and profiles of ten children, on a darknet website. They then issued a ransom demand, threatening to release more sensitive information unless Kido paid. In addition to targeting the nursery chain directly, Radiant reportedly called some of the children’s parents, pressuring them to push Kido into paying the ransom.

FBI WARNS ABOUT NEW EXTORTION SCAM TARGETING SENSITIVE DATA

When questioned about their actions, the group defended their tactics as a form of “penetration testing” for which they supposedly deserved compensation. This defense is misleading, as such testing requires explicit permission from the organization being targeted or participation in an official bug bounty program. Without that consent, these actions are illegal and deeply unethical.

Hackers exploited children’s data in the Kido breach, exposing families to serious risks. (Kurt “CyberGuy” Knutsson)

Why is this attack so disturbing?

The Kido breach is alarming for multiple reasons. First, it involves children’s data, which is particularly sensitive and legally protected in most countries. Second, the attackers combined traditional data theft with intimidation tactics, reaching out to parents directly. History suggests that once criminals gain access to such information, the attacks can escalate.

Breaches like this highlight how personal and digital security are intertwined. The potential misuse of data extends beyond simple identity theft. It can impact children’s safety, family privacy and long-term well-being. With attackers leveraging both the stolen data and psychological pressure on parents, the threat is particularly potent and long-lasting.

Parents reported being directly contacted by attackers, showing how intimidation adds to the harm. (Kurt “CyberGuy” Knutsson)

7 steps parents can take to protect their child’s data

Even though the investigation into the Kido breach is ongoing, parents and schools can take immediate action to protect children’s data and reduce the risk of further exploitation. Here’s a detailed guide:

1) Monitor your child’s online accounts regularly

Log in to email, school portals and cloud storage accounts linked to your child. Look for unusual activity such as unrecognized logins, changes to passwords or new connected devices. Set up notifications for account activity whenever possible so you are alerted instantly if something suspicious happens.

2) Enable two-factor authentication (2FA) on all accounts

Adding 2FA creates an extra layer of security. Even if a hacker has a password, they won’t be able to access the account without the second verification step. Most email providers, school portals and messaging platforms support this, and it’s a simple step that dramatically improves security.

3) Consider a personal data removal service

Data broker sites often collect names, addresses and other personal details that hackers can use. Services that remove your child’s information from these databases can make it harder for attackers to find and exploit sensitive data.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com/Delete

Get a free scan to find out if your personal information is already out on the web: CyberGuy.com/FreeScan

THINK YOU’RE SAFE? IDENTITY THEFT COULD WIPE OUT YOUR ENTIRE LIFE’S SAVINGS

4) Use identity theft protection services

These services can continuously scan for your child’s personal information online and alert you if their data appears on suspicious websites or the dark web. This early warning allows you to take action before criminals attempt to exploit it.

Identity theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at CyberGuy.com/IdentityTheft

5) Install antivirus software on all devices

A strong antivirus program protects devices from malware, phishing scams, and suspicious scripts. It is particularly important on devices that children use to access school portals or personal accounts. This ensures that if a hacker tries to use malware to get deeper access, it is blocked.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech

6) Use a secure mail provider for sensitive communications

For communications with schools, healthcare providers or any service handling sensitive information about children, consider using an email service that offers strong encryption and built-in protection against spoofing. This makes it harder for attackers to impersonate a school or parent.

For recommendations on private and secure email providers that offer alias addresses, visit CyberGuy.com/Mail

7) Educate your children about online safety

Teach children not to share personal information online, including photos, addresses or school details. Encourage them to report anything suspicious and explain why it’s important to keep login information private.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

Data breaches targeting children are particularly concerning because they can have long-lasting consequences. The Kido incident is a stark reminder of the importance of proactive digital security measures for families. While organizations bear responsibility for protecting sensitive data, parents can take significant steps to monitor, secure and respond to potential threats.

Have you ever reviewed what personal information about your child is online? Let us know by writing to us at CyberGuy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

October 10, 2025
Scammers now impersonate coworkers, steal email threads in convincing phishing attacks

[ad_1]

Cyber expert shares tips to avoid AI phishing scams

Kurt ‘The CyberGuy’ Knutsson shares practical ways to avoid falling victim to AI-generated phishing scams and discusses a report that North Korean agents are posing as I.T. workers to funnel money into the country’s nuclear program.

NEWYou can now listen to Fox News articles!

Cybercriminals are getting smarter every day, and one of their most convincing tricks is disguising phishing emails to look like they’re coming from people you trust. Work emails are particularly dangerous because they lower your guard. After all, if the sender is your boss or IT department, why would you suspect anything? Unfortunately, scammers know this and use it to their advantage. I recently received an email from Krysti from Rockwall, Texas, who highlighted a similar issue.

“I received a spam email from my employer’s email. It had a document attached to it. I tried to open it and could not. I contacted my employer and they told me they hadn’t sent me anything. I changed my password and ran a virus scan. I also have been checking on the dark web for anything coming up on me. So far everything is okay. I did sign up for antivirus software based on your recommendation and we are signed up for identity theft protection. Is there anything else I should do?”

Incidents like this are more common than many realize, Krysti. And while it sounds like you took the right first steps by changing your password, scanning for malware and monitoring for identity misuse, there are a few additional precautions worth taking. A close call is often a warning sign that your digital habits might need tightening. Let’s break down why these attacks are so dangerous and what everyone should do to make sure they’re fully protected.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

PROTECT YOURSELF FROM SNEAKY WEB INJECTION SCAMS

Phishing emails often look like they come from someone you know, making them harder to spot. (Kurt “CyberGuy” Knutsson)

Why work email scams are so dangerous

Phishing attempts that impersonate coworkers or employers are particularly effective because they rely on trust and urgency. You’re more likely to open an attachment or click a link if you believe it’s tied to your job. Scammers often spoof legitimate email addresses or use addresses that look almost identical to the real ones, hoping you won’t notice the subtle difference.

Once you interact with these emails, the risks multiply. Opening a malicious attachment could install spyware or ransomware. Clicking a fake link might lead to a login page designed to harvest your credentials. Even if nothing obvious happens right away, attackers could still be collecting background information to use in a future attack.

These scams are becoming harder to spot, too. Some are powered by artificial intelligence-generated text, making them free of the usual grammar mistakes that used to be obvious red flags. Others use stolen email threads to insert themselves into ongoing conversations. That’s why even seasoned professionals fall for them.

GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

Opening a fake attachment can secretly install malware or spyware on your device. (Kurt “CyberGuy” Knutsson)

What to do immediately after a close call

Changing your password or running a malware scan is often not enough to stop attackers. It’s worth going a little further to make sure nothing slipped through. Start by checking your login history to see if there are any unauthorized sign-ins on your email or work accounts.

Most platforms allow you to review recent activity, including device type and location, and if anything looks suspicious, sign out of all sessions immediately and change your password again. Next, enable two-factor authentication on your email and any other critical accounts. Even if attackers manage to steal your password, they won’t be able to gain access without the second verification step.

It’s also important to alert your IT team, especially if the email appears to come from your employer’s address. This could mean the company’s email system has been compromised, and notifying them will allow them to investigate and secure other accounts if necessary. Finally, make sure all your software is up to date. Malware often exploits vulnerabilities in outdated systems, so regularly updating your operating system, antivirus and productivity tools adds another layer of protection against future attacks.

DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

Work email scams are rising, and even experienced professionals can get fooled. (Kurt “CyberGuy” Knutsson)

7 ways to check if your device or data is compromised

Some cyber threats don’t reveal themselves immediately. Scammers often collect small bits of data over time or wait weeks before trying to use what they’ve stolen. The following steps are actions anyone can take to make sure their device and personal data remain secure, and to catch any signs of compromise before they turn into serious problems.

1) Consider a personal data removal service

The more personal information about you that’s publicly available, the easier it is for scammers to target you. Data removal services can help by scanning hundreds of data broker websites and removing your details from them. Reducing this digital footprint not only makes it harder for attackers to build profiles on you but also limits how easily phishing attempts can be tailored to your life.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services, and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

HOW FAKE MICROSOFT ALERTS TRICK YOU INTO PHISHING SCAMS

2) Monitor for already exposed personal data

Your information could already be circulating in breach dumps and underground markets without you realizing it. Identity protection services monitor known dark-web sources, forums and leak sites for your email, phone, SSN and other sensitive details. If they find a match, they alert you so you can act quickly: change passwords, turn on two-factor authentication, and place fraud alerts or credit freezes with the credit bureaus.

Your information might already be circulating in dark web marketplaces without you realizing it. Identity theft protection services can help by continuously scanning those underground sites for your email, passwords or other sensitive details. If your data does show up, these services notify you right away so you can reset credentials, freeze accounts or take other protective actions before the information is misused.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

3) Watch for suspicious financial activity

Even if you never shared payment details, attackers may attempt account takeovers or fraudulent transactions using any information they have. Review your bank, credit card and online account statements frequently for unusual activity. Pairing this habit with identity theft protection tools gives you an added safety net, as they often include financial monitoring and fraud alerts to catch problems quickly.

4) Review connected accounts

Email accounts are often the central hub for many other services. If your inbox is compromised, attackers might try to break into linked accounts such as cloud storage, messaging apps or collaboration tools. Check each of these services for unfamiliar logins, permission changes or device activity, and secure them by changing passwords and enabling two-factor authentication.

5) Use a password manager

Weak or reused passwords are one of the easiest ways for attackers to break into accounts after a breach. A password manager solves this by generating and storing strong, unique passwords for every site you use. It also acts as a passive phishing detector. If the tool doesn’t autofill a login form, that’s a sign the page could be fake. Over time, this significantly reduces your risk of falling victim to credential-based attacks.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

6) Install reliable antivirus protection

Modern cyber threats go beyond viruses. A strong antivirus solution now acts as a full security layer, blocking phishing websites, detecting malicious scripts and stopping suspicious activity before it can compromise your device. If you’ve interacted with a suspicious attachment or link, a reputable antivirus tool can catch malware that might still be hiding in the background.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

7) Enable account alerts

Most major platforms allow you to turn on alerts for unusual account activity, such as new sign-ins, password resets or changes to security settings. These real-time notifications act as an early warning system, giving you a chance to lock down your accounts before significant damage occurs.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

Close calls like this are unsettling, but they are also valuable wake-up calls. Cybercriminals are constantly refining their tactics, and phishing emails that once looked laughably fake can now be nearly indistinguishable from the real thing. The key is to build layers of defense, not just reactive steps after an incident, but proactive habits that make you a harder target in the first place.

Have you ever clicked on an email that turned out to be a scam? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

October 9, 2025
She helped North Korea infiltrate American tech companies
[ad_1]
NEWYou can now listen to Fox News articles!

This isn’t a ripped-from-the-headlines new Netflix series. This really happened in a quiet neighborhood called Litchfield Park that’s about a 20-minute drive from Phoenix.

Christina Chapman, 50, looked like your average middle-aged suburban woman. But inside her humble home? A secret cyber ops center built to help North Korean IT workers buy equipment and tools for their military by infiltrating hundreds of U.S. companies.

WOMAN LEARNS FATE AFTER DOJ GUILTY PLEA ADMITTING SHE HELPED NORTH KOREAN TECH WORKERS INFILTRATE US COMPANIES

Christina Chapman, 50, of Litchfield Park, Ariz., set up a massive cyber operation that helped North Korean actors infiltrate U.S. companies. (Department of Justice)

That picture above was just a small part of her setup.

North Korean workers aren’t browsing LinkedIn or applying at Google, Amazon and Meta. They can’t. Sanctions block them from working for American companies, at least legally. So what do they do?

They steal real Americans’ identities, including names, birth dates, Social Security numbers and more. Then, they use them to pose as remote IT workers, slipping into U.S. companies under anyone’s radar.

But when companies send out laptops and phones to their “remote new hires”? Those devices can’t exactly be shipped to Pyongyang.

Enter Christina

Over the course of three years, Christina turned her suburban home into a covert operations hub for North Korea’s elite cybercriminals.

She received more than 100 laptops and smartphones shipped from companies all across the U.S. These weren’t no-name startups. We’re talking major American banks, top-tier tech firms and at least one U.S. government contractor.

All thought they were hiring remote U.S.-based workers. They had no idea they were actually onboarding North Korean operatives.

Once the gear arrived, Chapman connected the devices to VPNs, remote desktop tools like AnyDesk and Chrome Remote Desktop, and even rigged up voice-changing software.

The goal? To make it seem like the North Koreans were logging in from inside the United States. Chapman also shipped 49 laptops and other devices supplied by U.S. companies to locations overseas, including multiple shipments to a city in China on the border with North Korea.

NORTH KOREA LASHES OUT AFTER TRUMP DOJ EXPOSES MASSIVE IT INFILTRATION SCHEME

Chapman’s fake employees “showed up” from halfway around the world every day, siphoning American cash and technology directly into the Kim regime. (Department of Justice)

Follow the money

These fake employees “showed up” every day, submitting code, answering emails, taking meetings, all from halfway around the world. In reality, they were siphoning U.S. tech and cash straight into Kim Jong Un’s regime.

When HR teams requested video verification, Chapman didn’t blink.

She jumped on camera herself, sometimes in costume, pretending to be the person in the résumé. She ran the whole operation like a talent agency for cybercriminals, staging fake job interviews, coaching the operatives on what to say and even laundering their salaries through U.S. banks.

Her take? At least $800,000, paid as “service fees.”

The total haul for North Korea? Over $17 million in stolen salaries, according to the FBI, which called the scheme a national security threat. Chapman called it “helping her friends.” Really.

KIM JONG UN’S YOUNG DAUGHTER BEING GROOMED TO LEAD REGIME AFTER MILITARY PARADE VISIT IN CHINA: EXPERT

North Korea netted over $17 million in stolen salaries, courtesy Chapman’s scheme. (Edgar Su/Reuters)

Eventually, the scam began to unravel. Investigators noticed odd patterns like dozens and dozens of remote hires all listing the same Arizona address, or company systems being accessed from countries the workers supposedly had never visited.

Chapman was arrested and sentenced in July 2025 to 102 months in federal prison.

And the wildest part? She did it all from her living room. Talk about working from home!

CLICK HERE TO GET THE FOX NEWS APP

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.
- National radio: Airing on 500+ stations across the US – Find yours or get the free podcast.
- Daily newsletter: Join 650,000 people who read the Current (free!)
- Watch: On Kim’s YouTube channel
Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.
[ad_2]

Source link
October 8, 2025
How public probate records fuel inheritance scams
[ad_1]
Cyber expert shares tips to avoid AI phishing scams

Kurt ‘The CyberGuy’ Knutsson shares practical ways to avoid falling victim to AI-generated phishing scams and discusses a report that North Korean agents are posing as I.T. workers to funnel money into the country’s nuclear program.

NEWYou can now listen to Fox News articles!

Grieving the loss of a loved one is hard enough, and families are lucky if they’re able to prepare in advance for the worst. What most families aren’t prepared for, though, are the predatory calls and letters that begin just weeks after filing probate paperwork – the records necessary to officially manage the estate and assets of the decedent.

Digital scams take advantage of families during this time. They rely on probate records in particular, as they contain sensitive information and are a part of the public record. Fraudsters pose as attorneys, debt collectors and estate service providers, each demanding the immediate payment of made-up fees. This is also known as the “inheritance trap.” It’s a growing kind of cybercrime where scammers exploit public probate records to target grieving families when they’re at their most vulnerable.

HOW SCAMMERS TARGET YOU EVEN WITHOUT SOCIAL MEDIA

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

The probate system’s problem with privacy

Probate is a normal, legal process of settling a deceased person’s estate, and in most state jurisdictions, these filings become part of the public record. While transparency serves legitimate purposes, it creates an opportunity for scammers. Probate documents typically include:
- Names and addresses of heirs and beneficiaries
- Detailed asset inventories and estate values
- Property descriptions and locations
- Names of executors and personal representatives
- Court dates and filing information.
Digital inheritance scams take advantage of grieving families by relying on probate records. (uchar/Getty Images)

These records are accessible to anyone, often through online databases that make bulk scraping simple. Criminals systematically monitor probate filings, building target lists of families who are emotionally vulnerable and potentially receiving significant inheritances.

REMOVE YOUR DATA TO PROTECT YOUR RETIREMENT FROM SCAMMERS

How to spot a probate scam

There are four common types of inheritance traps that use probate records as sources for their fraudulent claims:

The fake fee scam: Just like the DMV notice scam that claims the recipient has unpaid toll fees, scammers use probate data to pose as attorneys or court officials, claiming heirs owe fees to release inheritance funds. They create urgency with threats of legal action or frozen assets, demanding payment via wire transfer or gift cards.

The fake debt collector: Fraudsters send texts or make AI-generated voice calls, claiming that the deceased person owed debts that have to be settled immediately. They often have enough information from probate records to sound legitimate, pressuring families to pay non-existent debts.

The fake estate service: Scams that offer seemingly helpful services like “property appraisals,” “finding hidden assets,” or “estate clean-out services” can look like they offer reasonable deals. Some take payment and disappear—others perform unnecessary services that families never requested.

Cyberguy lays out ways to avoid inheritance scams. (Cyberguy.com)

The “advanced fee” gift: Anyone who promises to expedite probate proceedings or secure larger inheritances for an upfront fee is probably in it to win it (for themselves). Some cases even involve disgruntled family members acting out of greed. These are not your run-of-the-mill remote scammers from a foreign country; these can be local “facilitators” who have no actual authority and simply pocket the money. If someone claims you have an inheritance coming, but they need “a fee to unlock it” or they promise to “handle your probate case” for a small upfront fee, you guessed it — nothing ever comes from it.

Why probate scams work

Grief is a beacon for fraudsters. With grief comes diminished critical thinking from even the hardiest of privacy diehards. Scammers deliberately strike during this window when defenses are low. A scammer who can reference your personal information, family information or property details doesn’t sound like a criminal, they sound like a legitimate professional. Scams often use the weapon of urgency — you have to purportedly act fast to avoid asset seizures, legal penalties or missed deadlines. When something demands immediate action, victims feel compelled to respond before verifying claims or consulting attorneys, which is exactly what fraudsters count on.

HOW TO HAND OFF DATA PRIVACY RESPONSIBILITIES FOR OLDER ADULTS TO A TRUSTED LOVED ONE

How to protect yourself against the inheritance trap

The good news is that with awareness and a few smart steps, you can lower your risk of falling victim to inheritance scams.

1) Verify, verify, verify

Never send money or give information to an unsolicited contact about an estate. If someone claims you owe fees or have obligations, independently verify their identity or company. Contact the probate court directly using publicly listed numbers, not information provided by the caller. Ask your estate attorney about any claims before making payments.

2) Limit information sharing

In most jurisdictions, you can’t prevent a probate filing from going public. But you can minimize additional data exposure by not sharing anything on social media and limiting contact to only key parties that you trust with financial information.

3) Use personal data removal services

Data removal services specialize in removing personal information from data broker sites that scammers use to supplement probate data. Personal information combined with probate records create the perfect setup for inheritance traps—scammers can make super-convincing, alarmist content that can bypass your intuition about scams, especially during times of grief.

Illustration of a cybercriminal. (Kurt “CyberGuy” Knutsson)

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

5 STEPS TO PROTECT YOUR FINANCES FROM FAMILY SCAMS

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

4) Let them leave a voicemail

Legitimate attorneys and court officials will leave detailed messages and provide callback numbers you can verify independently by searching online. Unknown callers without legit numbers are likely scams.

5) Ask about your bank’s fraud detection

Set up appropriate fraud alerts and prevention methods with the bank or estate holder, especially if the estate holds a significant value that would be a golden opportunity for thieves.

Scammers use convincing calls and messages to pressure people into paying fake debts, authorities warn. (Cyberguy.com)

6) Report inheritance scams immediately

You can report potential probate scams to your probate court. They can issue a special order to protect assets, require executors to adopt formal procedures or even remove an executor for fraudulent behavior. You can also go to ReportFraud.ftc.gov to file a complaint.

7) Share what you know

Ensure elderly relatives or those less familiar with scam tactics understand these risks. Scammers often target multiple heirs, seeking the most vulnerable respondent.

Kurt’s key takeaway

The probate system creates a privacy trade-off. You can’t prevent much of this information from entering the public record, but you can control how you respond, and how much personal data is out there. Any probate topics should come through official court channels, and never an unsolicited phone call, email or text message. When in doubt, verify with your probate court, and always consult your estate attorney. With a little vigilance and a bit of data cleanup, you can ensure that the probate process doesn’t put you in harm’s way, during the time when you’re at your most vulnerable.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Have you or someone you know ever been targeted during a vulnerable time? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
October 8, 2025
Jeep and Chrysler parent Stellantis confirms data breach

[ad_1]

NEWYou can now listen to Fox News articles!

Automotive giant Stellantis has just revealed that it suffered a data breach, exposing customer contact details, after attackers infiltrated a third-party platform used for North American customer services. The announcement comes at a time when large-scale attacks on cloud CRM systems have already shaken tech and retail sectors alike, with Salesforce clients such as Google, Allianz and Dior reporting similar intrusions. These earlier incidents exposed names, emails, and phone numbers, which were sufficient for attackers to launch phishing campaigns or extortion attempts.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

TRANSUNION BECOMES LATEST VICTIM IN MAJOR WAVE OF SALESFORCE-LINKED CYBERATTACKS, 4.4M AMERICANS AFFECTED

What you need to know about the Stellantis breach

Stellantis was formed in 2021 through the merger of the PSA Group and Fiat Chrysler Automobiles. Today, it ranks among the world’s largest automakers by revenue and is fifth in volume globally. The company houses 14 well-known brands, including Jeep and Dodge, as well as Peugeot, Maserati and Vauxhall, and operates manufacturing infrastructure across more than 130 countries. That global scale naturally makes it a tempting target for cyber adversaries.

Stellantis confirmed hackers stole customer contact details in a recent breach. (Kurt “CyberGuy” Knutsson)

In its public statement, Stellantis clarified that only contact information was taken. Since the compromised third-party platform does not host financial or deeply sensitive personal data, Stellantis asserts that social security numbers, payment details and health records were out of reach of the attackers. In response, the company activated its incident response protocols, launched a full investigation, contained the breach, notified authorities and began alerting affected customers. It also issued warnings about phishing and urged customers not to click suspicious links.

Stellantis has not revealed how many customers the breach affected. The company also has not specified which contact fields, such as email, phone, or address, attackers accessed.

The alleged culprit, ShinyHunters, and Salesforce breaches

While Stellantis has not explicitly named the hacker group behind the breach, multiple sources tie this incident to the ShinyHunters extortion campaign, which has spearheaded a wave of data thefts targeting Salesforce this year.

ShinyHunters claims to have stolen over 18 million records from Stellantis’ Salesforce instance, which includes names and contact details, according to Bleeping Computer. These attacks form part of a broader campaign aimed at Salesforce customers. In recent months, ShinyHunters has often worked in concert with groups like Scattered Spider and targeted companies including Google, Cisco, Adidas, Allianz Life, Qantas, and brands under LVMH such as Dior and Tiffany & Co.

OVER 2B USERS FACE PHISHING RISKS AFTER GOOGLE DATA LEAK

The attack is linked to a wider wave of Salesforce data thefts this year. (Kurt “CyberGuy” Knutsson)

Their reported method is fairly ingenious. Attackers exploit OAuth tokens tied to integrations like Salesloft’s Drift AI chat tool to pivot into Salesforce environments. Once inside, they can harvest valuable metadata, credentials, AWS keys, Snowflake tokens and more.

In fact, the FBI recently issued a Flash alert that surfaced numerous indicators of compromise linked to these Salesforce environment attacks and warned organizations to harden defenses. The cumulative toll is staggering. ShinyHunters asserts it has stolen over 1.5 billion Salesforce records across some 760 companies.

7 ways to protect yourself from breaches like Stellantis

Even if only contact details were exposed, that’s enough for attackers to target you. Here’s how to stay protected.

1) Clean up exposed personal data from the web

Even basic contact details can be scraped from breaches and sold on data broker platforms, where they are used for spam, scams and targeted attacks. A data removal service can help track down and request the deletion of your information from these databases, reducing your long-term exposure.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

Get a free scan to find out if your personal information is already out on the web: CyberGuy.com.

Stolen emails and phone numbers could fuel phishing campaigns. (REUTERS /Rebecca Cook)

2) Stay alert for phishing attempts and use antivirus software

The most immediate risk after a breach like this is targeted phishing. Attackers now have legitimate contact details, so their emails and texts can look convincingly real. Be skeptical of any message claiming to be from Stellantis, your car brand or a related service, especially if it urges you to click a link, download an attachment or share personal details.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com.

3) Use a password manager to secure your accounts

If attackers get your contact information, they may try the same password on other sites. This is called credential stuffing. A password manager can create strong, unique passwords for every account. That way, one breach will not put your other accounts at risk. It also helps you quickly update credentials in case you suspect a compromise.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at CyberGuy.com.

DIOR DATA BREACH EXPOSES US CUSTOMERS’ PERSONAL INFORMATION

4) Enable two-factor authentication (2FA) wherever possible

2FA adds an extra step to your logins by requiring a temporary code or approval in addition to your password. Even if attackers manage to steal your password, they will need that second factor to gain access. This significantly reduces the chances of account takeover attempts succeeding.

5) Invest in identity theft protection

Attackers often combine exposed contact information with other data to build complete identity profiles. Identity theft protection services monitor for suspicious activity, such as unauthorized credit applications or changes to official records, and alert you early so you can act before serious damage occurs. Identity theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at CyberGuy.com.

6) Regularly review account activity

After a breach, it is worth auditing your accounts, not just with Stellantis but also with related services such as financing portals, insurance accounts or loyalty programs. Look for unusual sign-ins, unfamiliar devices, or changes to your personal details. Most services offer tools to review login history and security events, making checking these a routine habit.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

Even giants in manufacturing are vulnerable when cloud platforms and third-party systems are part of their customer workflow. The same patterns seen in attacks on Google, LVMH, and others have now reached the auto industry in a serious way. As Stellantis confronts the fallout, the broader lesson is clear. Organizations must treat the surfaces exposed by their service providers and SaaS integrations with as much vigilance as their own core systems.

Do you trust companies to secure your data, or do you feel they’re not doing enough? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

[ad_2]

Source link

October 7, 2025
How a single MacBook compromise spread across a user’s Apple devices

[ad_1]

NEWYou can now listen to Fox News articles!

We trust Macs to be reliable, secure, and mostly resistant to viruses. Apple’s software reputation has long been built around the idea that macOS is harder to compromise than Windows. And while there is some truth to that, it does not mean that Macs are immune. Modern malware is smarter, more targeted, and often designed to slip past built-in defenses quietly. Recently, I heard from Jeffrey from Phoenix, AZ, who’s been dealing with this exact situation.

“I used a MacBook at work and noticed it was performing oddly. I didn’t use an Apple ID on that machine per company protocol. But I had personal devices that I could work from that are now infected. The notepad, maps, and home, among others, seem to be getting hung up. I’ve tried to advise Apple but have had little success. It’s completely taken over my devices, and I don’t know how to resolve this.”

If your Mac has started acting strange, you are not alone, Jeffrey. Malware infections are more common than many Mac users realize, and spotting them early can make all the difference. Let us break down how to tell if your system is compromised, what protections Apple already provides, and the steps you should take to keep your data safe. If you’re a Windows user facing similar issues, check out our guide: What to do if you think your PC has a virus for step-by-step help.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER

WHY IPHONE USERS ARE THE NEW PRIME SCAM TARGETS

Mac malware often hides in the background, making it hard to spot at first. (Kurt “CyberGuy” Knutsson)

Signs your Mac might be infected

Spotting malware on macOS is not always straightforward. Many threats are designed to stay hidden, running quietly in the background while collecting data or opening a backdoor for attackers. Still, there are a few red flags that usually signal something is wrong.

One of the first signs is slower performance or frequent overheating. If your Mac suddenly takes a long time to boot, runs hot during light tasks, or lags when performing simple actions, it might be doing more behind the scenes than you realize. Apps that crash or freeze more often than usual are another warning sign. Occasional app failures are normal, but if built-in tools like Safari, Notes, or Mail begin acting unstable, it may point to malicious interference.

It is also worth paying attention to what is happening under the hood. Checking Activity Monitor for unknown processes or unusually high CPU or memory usage can reveal malware that tries to hide itself with random or unfamiliar names. Redirected web traffic is another classic symptom. If your browser takes you to strange websites, shows pop-ups, or installs new extensions you never approved, adware or spyware might already be present.

Finally, unexplained changes to your security settings should always raise suspicion. If you notice your firewall turned off, privacy permissions modified, or login items appearing without your knowledge, something could have gained unauthorized control of your system.

SHAMOS MALWARE TRICKS MAC USERS WITH FAKE FIXES

Strange app behavior, pop-ups, or overheating may signal something’s wrong (Kurt “CyberGuy” Knutsson)

How macOS protects you by default

Apple has built several layers of defense into macOS, many of which run silently in the background to keep your system secure. Knowing how they work can help you understand what protections are already in place and where you might still need to add more safeguards.

Gatekeeper is one of the most important built-in security tools. It checks every app before it runs to make sure it comes from a verified developer, warning or blocking you if the app is not trusted. Another layer of defense is XProtect, Apple’s built-in malware scanner. It updates automatically and can stop many known threats from running, although it is not as thorough as specialized antivirus software.

System Integrity Protection, or SIP, is another important safeguard. It locks down critical system files and processes so that malware cannot tamper with them even if it gains access. macOS also uses sandboxing and strict permission controls to contain threats. Apps run in isolated environments and must explicitly request permission to access sensitive data such as your camera, files, or location.

Together, these features make it significantly harder for malicious software to infect your Mac or cause serious damage. However, they are not perfect. Attackers are constantly developing new techniques to bypass these protections, and many threats rely on human error rather than technical exploits. That is why taking additional precautions is still essential, even on a Mac.

10 WAYS TO SECURE YOUR OLDER MAC FROM THREATS AND MALWARE

Even Apple’s built-in protections can miss new or advanced threats (Kurt “CyberGuy” Knutsson)

What to do if your Mac is already infected

If you find yourself dealing with a Mac that’s already compromised these steps can help you get back in control:

1) Disconnect from the internet immediately

Unplug Ethernet or turn off Wi-Fi and Bluetooth. This prevents malware from sending more data out or pulling in additional malicious code.

2) Back up your important files safely

Use an external drive or cloud service you trust. Avoid copying entire system folders-just grab personal documents, photos, and files you can’t replace. You don’t want to back up the malware along with them.

3) Boot into Safe Mode

Restart your Mac and hold the Shift key. Safe Mode prevents some malware from launching and makes it easier to run cleanup tools.

4) Run a trusted malware removal tool

While macOS includes XProtect, you may need something more powerful. A strong antivirus program can detect and remove infections. Run a full system scan to catch hidden threats.

5 PHONE SETTINGS TO CHANGE RIGHT NOW FOR A SAFER SMARTPHONE

5) Check your login items and Activity Monitor

Review what apps are set to launch at startup and remove anything you don’t recognize. If you spot unfamiliar processes hogging resources, don’t just guess. Use our guides at Cyberguy.com/LockUpYourTech to compare what’s safe and learn how to shut down anything suspicious before it causes more trouble.

6) Consider a clean reinstall of macOS

If malware persists, wiping your system may be the only option. Erase your Mac’s drive and reinstall macOS from scratch. Restore only the clean files you backed up earlier.

7) Secure your other devices

If your iPhone, iPad, or other personal devices are showing strange behavior, run security scans, update their software, and reset key passwords. Malware can sometimes spread through shared Wi-Fi networks, cloud accounts, or files.

8) Reset key passwords and enable two-factor authentication

Even after cleanup, assume some of your data may have been exposed. Update your Apple ID, email, banking, and work accounts with strong, unique passwords. Turn on 2FA wherever possible.

9) Get professional help if needed

If you’re overwhelmed, you can bring your Mac to an Apple Store for in-person help at the Genius Bar, or schedule a free appointment with Apple Support.

Simple steps like scanning, updating, and using strong passwords can keep your data safe (Kurt “CyberGuy” Knutsson)

7 ways to keep your Mac from getting infected

Some cyber threats do not reveal themselves immediately. Scammers often collect small bits of data over time or wait weeks before trying to use what they have stolen. These steps can help you strengthen your defenses and reduce the chances of future infections.

1) Install strong antivirus software

macOS’s built-in protections are useful but basic. A strong antivirus adds an extra layer by detecting threats in real time, blocking malicious downloads, and even identifying new types of malware before they spread. A strong antivirus also scans email attachments and browser activity, areas where many Mac users are most vulnerable.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech

2) Consider a personal data removal service

Many cyberattacks begin with information freely available online. A data removal service scrubs your personal details from broker sites, reducing the chances of targeted attacks or identity theft. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

GOOGLE FIXES ANOTHER CHROME SECURITY FLAW BEING ACTIVELY EXPLOITED

3) Use a password manager

Many malware attacks rely on stolen credentials rather than technical exploits. A password manager stores unique, complex passwords for every account and can automatically flag weak or reused ones. It also helps protect you from phishing attempts because it will only autofill passwords on legitimate websites.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

4) Enable two-factor authentication

Even if someone steals your password, two-factor authentication (2FA) makes it much harder for them to access your accounts. It adds an extra step to the login process, requiring a code from your phone or a security key.

5) Keep macOS and apps updated

Outdated software is a common entry point for malware. Updates often patch vulnerabilities that attackers could exploit, so turning on automatic updates for both macOS and third-party apps is an easy but effective defense.

6) Review login items and background processes

Malware often tries to run at startup so it can operate undetected. Regularly check System Settings to make sure only trusted apps are launching automatically, and use Activity Monitor to investigate anything suspicious.

7) Use identity theft protection

If your personal data has already been exposed, an identity theft protection service can monitor for suspicious activity, alert you to breaches, and help you recover quickly if something does go wrong. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

Macs have a reputation for being safer than other computers, but that does not mean they are untouchable. Malware has evolved to target macOS more aggressively than ever, and many attacks now rely on tricking users rather than breaking through security software. If your device is behaving strangely, taking action early is the best way to prevent deeper damage.

How important is cybersecurity when choosing the devices you use every day? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

October 6, 2025
Protect yourself from sneaky web injection scams
[ad_1]
NEWYou can now listen to Fox News articles!

You’re checking your financial account online, moving money or paying bills, when suddenly a pop-up appears. It looks exactly like your bank’s page, complete with logo and branding, but asks for details you’ve already provided. Would you know what to do?

This is the kind of situation Kent recently faced. He emailed us saying, “Two times this week, I had a financial account open, and I was doing transactions. In the middle of a transaction, up pops a box in the middle of a full page showing the company’s logo. Real, yes, looked as real as it gets. The first time, I fell for it. It asked for my email address to confirm, then my phone number. Sadly, I did. Then I saw about four or five seconds of a screen named CREDIT DONKEY. At that point, I woke up and decided it was a scam. I immediately closed down my computer and called the number on the back of my financial card to report it.”

Kent’s quick thinking likely saved him from even more damage. But what exactly happened here?

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

A fake banking pop-up can appear while you’re making real transactions. (Kurt “CyberGuy” Knutsson)

How web injection scams trick you

This type of attack is called a web injection scam. It hijacks your browser session and overlays a fake login or verification screen. Because it appears while you’re already logged in, the fake page feels authentic. In Kent’s case, the appearance of “Credit Donkey” flashing on-screen was a red flag. Scammers sometimes abuse legitimate-looking redirects like this to convince victims they are dealing with their bank. The real aim is to capture login credentials or trick you into handing over two-factor authentication codes.

SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES

Web injection scams aim to steal your login and security details. (Kurt “CyberGuy” Knutsson)

Steps to protect yourself from web injection scams

If you ever find yourself in a situation like Kent’s, here are the most important steps you should take right away to secure your accounts and information.

1) Monitor your accounts

Check your recent transactions daily. Turn on alerts for logins, withdrawals or transfers, so you’ll know instantly if someone is trying to move money.

2) Change your passwords

Update the password for any financial account that may have been exposed. Use a strong, unique password generated by a password manager such as NordPass. Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

3) Remove your personal data from broker sites

Scammers often get phone numbers, emails and other details from data broker sites before launching attacks like the one Kent faced. A personal data removal service can help wipe this information from those shady databases, so criminals have less fuel for scams. Consider tools that automatically scan and request removal from dozens of brokers at once, saving you the time and hassle of doing it manually.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

4) Enable stronger multi-factor authentication

Strengthen your account security with multifactor authentication. If your bank offers it, switch from SMS codes to app-based codes with Google Authenticator or Authy. These methods are far harder for scammers to intercept than text messages.

5) Scan your devices with antivirus software

Since the scam appeared while Kent was logged in, malware or a browser hijack may be at play. Run a trusted antivirus to clear hidden phishing scripts. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech

6) Notify your bank in writing

Calling is smart, but also send a secure message or letter, so there’s a record. Ask them to put your account on high alert and require extra verification for any big moves.

7) Freeze your credit

Place a free credit freeze with Equifax, Experian and TransUnion. That way, scammers can’t open new accounts in your name even if they’ve stolen your personal info.

8) Consider identity monitoring

Services like Identity Guard can alert you if your Social Security number, email or phone number shows up where it shouldn’t. Identity Theft companies can monitor personal information like your Social Security number, phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

CLICK HERE TO GET THE FOX NEWS APP

The bogus page asked for personal details before revealing it was a scam (iStock)

Smart online banking habits to stay safe
- Never enter personal details into a pop-up, no matter how real it looks.
- Always log in fresh through your bank’s official website or app.
- Keep your browser and operating system fully updated.
- Use a private email address for your financial accounts that scammers won’t easily guess.
For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com/Mail

Kurt’s key takeaways

Web injection scams are designed to catch you off guard while you’re doing something routine. Kent’s quick reaction to close the page and contact his bank shows how important it is to stay alert. With the right habits and tools, you can keep scammers out of your accounts.

Have you ever experienced a scam attempt while banking online? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
October 4, 2025
Meta account suspension scam hides FileFix malware

[ad_1]

NEWYou can now listen to Fox News articles!

Cybercriminals continue to find new ways to target social media users, and Meta accounts remain one of the most common lures. Losing access to Facebook or Instagram can have real consequences for both individuals and businesses, making people more likely to fall for urgent security warnings. Attackers exploit this by sending convincing notifications that pressure you into taking quick action without thinking.

That’s exactly what makes the new FileFix campaign so dangerous; it looks like routine account maintenance, but it’s really a trap.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

HOW FAKE MICROSOFT ALERTS TRICK YOU INTO PHISHING SCAMS

Cybercriminals are targeting Facebook and Instagram accounts by sending fake security warnings. (Fox News)

How the FileFix attack works

As reported by researchers at Acronis, a leading cybersecurity and data protection company, the attack begins with a phishing page that looks like a message from Meta’s support team, claiming that your account will be disabled in seven days unless you view an “incident report.” Instead of providing an actual document, the page disguises a malicious PowerShell command as a file path.

Victims are instructed to copy it, open File Explorer, and paste it into the address bar. While it appears harmless, this action secretly runs code that starts the malware infection process.

This method is part of a family of attacks known as ClickFix, where people are tricked into pasting commands into system dialogs. FileFix, created by Red Team researcher mr.d0x, builds on that idea by exploiting the File Explorer address bar instead. In this campaign, the attackers improved the trick by hiding the malicious command behind long strings of spaces, so only the fake file path is visible to the victim.

A hidden script then downloads what looks like a JPG image from Bitbucket, but the file contains embedded code. Once executed, it extracts another script and decrypts the final payload, bypassing many security tools in the process.

DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

FileFix sends out fake alerts urging users to review their account security. (Acronis)

What StealC tries to steal

The malware delivered by this campaign is StealC, an infostealer that collects a wide range of personal and organizational data. It is designed to grab browser credentials and authentication cookies from Chrome, Firefox, Opera, and other browsers.

It also targets messaging apps like Discord, Telegram and Pidgin, along with cryptocurrency wallets such as Bitcoin, Ethereum and Exodus. StealC goes further by attempting to compromise cloud accounts from Amazon Web Services (AWS) and Azure, VPN services like ProtonVPN and even gaming accounts from Battle.net and Ubisoft. In addition, it can take screenshots of the victim’s desktop, giving attackers a live view of sensitive activity.

Acronis reported that the campaign has already appeared in several different versions over a short period, with changes in payloads and infrastructure. This suggests that the attackers are actively testing and refining their methods to avoid detection and improve success rates.

META DELETES 10 MILLION FACEBOOK ACCOUNTS THIS YEAR, BUT WHY?

StealC also targets VPN software and cryptocurrency wallets. (iStock)

5 ways you can protect yourself from FileFix attacks

To stay protected against attacks like FileFix and prevent malware such as StealC from stealing sensitive information, you need to combine caution with practical security measures. The following steps can help safeguard accounts, devices, and personal data.

1) Be skeptical of urgent warnings

Attackers rely on panic. Treat any message claiming your Meta account or other services will be disabled within days with caution. Verify the alert directly through official platforms rather than clicking links or following instructions from an email or web page.

2) Avoid copying commands from unknown sources

FileFix relies on convincing you to paste hidden PowerShell commands disguised as file paths. Never paste commands into system dialogs, File Explorer, or terminals unless you are absolutely certain of their origin.

3) Invest in personal data removal services

FileFix and StealC thrive on the information they can extract from a device or linked accounts. By using data removal services, you reduce the amount of sensitive personal information that can be found online or left exposed on old platforms. This minimizes what attackers can exploit if they manage to gain access.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

4) Install reliable antivirus software

A strong antivirus software can detect malware like StealC before it fully executes. Many solutions now include behavior-based detection that can flag suspicious scripts or hidden downloads, helping catch threats even when attackers try to disguise commands as harmless actions.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech

5) Use a password manager

While FileFix targets stored credentials, using a reputable password manager reduces risk by creating unique passwords for every site. This way, even if one browser or app is compromised, attackers cannot access your accounts elsewhere.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

Cybercriminals keep finding creative ways to trick social media users, and FileFix proves how convincing these scams can look. A fake Meta alert may feel urgent, but pausing before you click or copy anything is the best defense. Relying on strong habits and security tools gives you the upper hand. Data removal services, antivirus software, and password managers each reduce risk in different ways. When you combine them, you make it much harder for attackers to turn a scare tactic into a real threat.

Should platforms like Meta do more to warn users about these evolving phishing tactics? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

October 3, 2025
Update Chrome now: Google patches new zero-day threat
[ad_1]
NEWYou can now listen to Fox News articles!

Google has released an urgent update for its Chrome browser to fix a newly discovered zero-day security flaw that hackers are already exploiting. This is the sixth zero-day Chrome has faced this year, highlighting just how quickly attackers move to take advantage of these hidden weaknesses.

Because zero-day threats strike before developers can patch them, your personal data and browsing activity could be at risk if you don’t update right away. If you use Chrome, now is the time to upgrade.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

Chrome users are urged to update immediately to block active zero-day attacks. (Kurt “CyberGuy” Knutsson)

A critical flaw in Chrome’s V8 engine

The newly patched vulnerability, tracked as CVE-2025-10585, stems from a type confusion weakness in Chrome’s V8 JavaScript engine. Google’s Threat Analysis Group (TAG) discovered and reported the bug on Tuesday, and the company shipped a fix the following day, Bleeping Computer reported.

Google confirmed that the flaw was being exploited in the wild, though it did not share technical details or name the groups behind the attacks. TAG has a history of uncovering zero-days tied to government-sponsored spyware campaigns aimed at high-risk individuals such as opposition leaders, journalists and dissidents.

The fix was delivered through Chrome version 140.0.7339.185/.186 for Windows and macOS, and version 140.0.7339.185 for Linux. These updates will gradually reach all users in the Stable Desktop channel over the coming weeks.

While Chrome typically updates automatically, you can apply the patch immediately by navigating to the ‘About Google Chrome’ section. Google stated that it is withholding full technical details until most users have installed the update, a precaution meant to prevent attackers from exploiting lagging systems.

GOOGLE FIXES ANOTHER CHROME SECURITY FLAW BEING ACTIVELY EXPLOITED

Google races to patch the sixth major browser flaw discovered in 2025. (Kurt “CyberGuy” Knutsson)

A growing list of zero-day attacks in 2025

This marks the sixth zero-day flaw patched in Chrome this year. In March, Google addressed CVE-2025-2783, a sandbox escape bug exploited in espionage attacks against Russian organizations. In May, it pushed emergency updates for CVE-2025-4664, which let attackers hijack user accounts.

Then in June, another flaw in the V8 engine, CVE-2025-5419, was patched after being spotted by TAG. July saw the release of a fix for CVE-2025-6558, which allowed attackers to bypass Chrome’s sandbox protection. With this latest patch, Google continues a busy year of racing to secure its browser against rapidly emerging threats.

How to update Google Chrome on a desktop

Updating Chrome only takes a minute, whether you’re on Mac or Windows. Here are the steps.
- Open Chrome.
- Click the three dots in the top-right corner.
- Go to Help > About Google Chrome.
- Wait while Chrome checks for updates.
- Click Relaunch when the update finishes.
How to update Chrome on iPhone
- Open the App Store on your iPhone.
- Tap your profile icon in the top-right corner.
- Scroll down to see pending updates.
- Find Google Chrome in the list.
- Tap Update next to it (or Update All if you want to update everything).
How to update Chrome on Android

Settings may vary depending on your Android phone’s manufacturer.
- Open the Google Play Store on your Android device.
- Tap your profile icon in the top-right corner.
- Select Manage apps & device.
- Under “Updates available,” look for Google Chrome.
Tap Update to install the latest version.

CLICK HERE TO GET THE FOX NEWS APP

Hackers are already exploiting the bug to steal data from unprotected devices. (Kurt “CyberGuy” Knutsson)

5 ways to stay safe from Chrome zero-day attacks

Updating Chrome is essential, but there are additional steps you can take to stay safe from attacks.

1) Be cautious with links and downloads and use strong antivirus software

Many zero-day attacks are delivered through malicious websites or email attachments. Avoid clicking unknown links or downloading files from unverified sources, especially if they prompt you to disable security settings. Also, use strong antivirus software to add another layer of defense to detect malicious code that tries to run through compromised browsers. A strong antivirus can spot suspicious activity before it takes hold. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech

2) Enable two-factor authentication (2FA)

Even if attackers manage to steal your login details through a browser exploit, 2FA makes it much harder for them to break into your accounts. Use an authenticator app instead of SMS when possible for stronger protection.

3) Rely on a password manager

If attackers exploit the browser to steal login data, a password manager keeps your credentials safe and helps generate unique, complex passwords. Even if one account is targeted, it prevents a domino effect across your logins.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords

4) Limit browser extensions

Some extensions can be abused to make attacks worse. Stick to extensions from trusted developers, review permissions carefully and uninstall anything you no longer need.

5) Keep your operating system updated

Chrome updates are critical, but attackers can also exploit holes in Windows, macOS, Android or iOS. Regular OS updates patch vulnerabilities across the system, reducing the chances of a browser exploit spreading further.

Kurt’s key takeaway

The fact that Chrome has already faced six zero-day attacks this year shows how relentless attackers are and how even the most popular software can have serious gaps. These flaws are not just bugs, but opportunities for hackers to exploit millions of users before fixes roll out. The pattern also highlights the growing sophistication of threat actors, including state-backed groups targeting high-risk individuals. No browser is completely safe, and the battle to secure widely used software is ongoing and far from over.

Do you think Google is reacting fast enough to keep your data secure? Let us know in the comments below. Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
October 2, 2025
Inside a scammer’s day and how they target you
[ad_1]
NEWYou can now listen to Fox News articles!

You’re sipping your morning coffee when your phone rings. It’s a number you don’t recognize. On the other end is someone claiming to be from your bank, asking you to “confirm a recent charge.” Sound familiar?

Scammers don’t operate on luck. They don’t just throw darts at the phone book and hope to hit a target. Their calls, texts and emails are carefully planned. They already know things about you before they ever reach out, enough to make their pitch sound convincing.

So, what does a scammer’s day actually look like? Let’s step into their shoes for a moment.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

STOP DATA BROKERS FROM SELLING YOUR INFORMATION ONLINE

Hacker looking up the information stolen from an unsuspecting victim. (Kurt “Cyberguy” Knutsson)

Step 1: Morning scroll: Where scammers find your data

Scammers don’t need to hack into top-secret databases. They start their day by tapping into data broker sites, those shady online directories that trade your personal information like baseball cards.

Here’s what they can instantly see about you (yes, you):
- Full name and age
- Current and past addresses
- Phone numbers (landline and mobile)
- Relatives’ names
- Property records and estimated home value.
Some sites even list email addresses, voter registrations and criminal histories (whether accurate or not.) Imagine starting your morning with a full profile of someone, where they live, who their spouse is and what car they drive. For scammers, this is their to-do list.

Step 2: Building the perfect scam story

With your profile in hand, scammers craft a story that sounds tailor-made just for you.
- If you’ve recently moved (public real estate records show this), they’ll call pretending to be from a “utilities department” asking for deposits.
- If you’re retired, they might pose as Medicare reps offering “free benefits.”
- If you’ve recently lost a loved one (obituaries are public), they’ll offer fake “bereavement services.”
Scammers don’t invent details; they borrow them from your life. That’s why their calls are so believable.

HOW SCAMMERS TARGET YOU EVEN WITHOUT SOCIAL MEDIA

A man receiving a fake scam phone call. (Kurt “CyberGuy” Knutsson)

Step 3: Dialing for dollars

Once the story is ready, it’s time to call, text, or email. Scammers often use auto-dialing software, blasting out thousands of calls a day. They acquire your personal and contact details from various data brokers. Imagine hundreds of scammers scraping the same databases and finding your profile. That’s why you get repeated calls. That’s why the scammer “knows” who you are when you pick up. And even if you hang up or reject the call without picking up, they log your number as “active.” Which means you’ve just made their list for the next round of calls.

Step 4: Afternoon profit: Cashing in on stolen trust

Scammers don’t actually need every target to fall for the trick. They only need a small percentage. Here’s what happens when someone gives in:
- Banking info stolen: Fake “fraud department” calls trick people into reading out card numbers.
- Identity theft: A scammer collects your Social Security number and date of birth, then opens accounts in your name.
- Wire transfers: Many victims are convinced to “verify funds” by wiring money, which is gone forever.
It’s a numbers game, and personal data tilts the odds heavily in the scammers’ favor.

Step 5: Evening: Expanding the list

At the end of the day, scammers aren’t done. They feed the information they’ve gathered back into the data cycle:
- New phone numbers? Added to calling lists.
- Addresses confirmed during a call? Updated in their files.
- Relatives mentioned? Added as next targets.
And the cycle continues tomorrow, with an even bigger pool of potential victims.

(Kurt “CyberGuy” Knutsson)

Why removing your data makes scams harder

Now, imagine if scammers couldn’t find your data online in the first place.
- No name connected to your phone number.
- No recent address tied to your age and relatives.
- No property value or real estate history to suggest you’re “cash-rich.”
Scammers would have no storyline, no details to exploit and, most importantly, no way to personalize their attack. When you remove your data from people-search sites and data broker databases, you don’t just “clean up the internet.” You slam the door shut on scammers’ playbooks. You could spend hours (or days) going site by site, filling out opt-out forms, sending emails and keeping track of who complied. The problem? Data brokers don’t stop. New ones pop up every week, and old ones often sneak your data back in.

That’s where a data removal service comes in. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaways

Scammers don’t stumble on your phone number by accident. They map out your life, one data point at a time. That’s why protecting your information online is the single most powerful step you can take to cut down on scam calls, phishing emails and identity theft risks. Remember: every piece of personal data you remove is one less tool in a scammer’s kit.

What’s the most convincing scam attempt you’ve ever received? Let us know in the comments below. Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
October 1, 2025
The surprising reason you should not delete spam emails
[ad_1]
NEWYou can now listen to Fox News articles!

Spam is annoying and can sometimes be dangerous if it’s part of a widespread phishing attack. When you see spam, you delete it, at least that’s what conventional wisdom suggests. However, it now seems that this is the wrong approach, and spam can be used for the greater good.

So, before you delete that junk email, consider keeping it to protect others from scammers. We will also tell you what you should do with them instead.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com/Newsletter

Mail app icon on iPhone (Kurt “CyberGuy” Knutsson)

Why should you keep those spam emails?

We know this sounds counter-intuitive, but keeping spam emails, at least for a short while, serves an important purpose. Your email provider can use them to refine their spam detection algorithms. The best course of action is to report them, so providers can develop better ways to identify harmful or unwanted messages. This will improve their chances of detecting them before they hit your inbox. Deleting these emails makes them useless to anyone. Furthermore, your failure to contribute to this improvement means the problem persists not only for you but for others.

When we say “a short while,” we don’t mean forever. Usually, keeping them in your junk folder for a few days to a week is enough for your provider to process and learn from them. After you’ve reported the spam or phishing attempt, you can safely delete it.

That’s the surprising reason not to delete spam emails right away: by holding onto and reporting them briefly, you’re helping email providers spot and block scams faster—protecting not just yourself, but everyone else too.

AI-POWERED SCAM TARGETS 2.5 BILLION GMAIL USERS IN SOPHISTICATED PHISHING ATTACKS

How to report spam emails to your email provider

These algorithms that detect junk emails are already getting smarter. Just check your Spam folder, and you may have dozens of emails marked as spam that they have shielded you from. For those that slip through the cracks and appear in your inbox, reporting them is easy.

Whether you’re using a desktop client like Microsoft Outlook or a web client like Gmail, Yahoo or AOL, the steps to report spam for analysis are similar.

Report spam in Gmail (desktop or web)
- Select the spam email by ticking the checkbox on its left side. You can select more than one.
- Click Report spam in the top menu. Look for a stop sign or shield icon.
How to report spam emails in Gmail in your inbox

Report scam in iCloud (desktop browser)

If you’re using something like iCloud Mail on iCloud.com on a desktop browser, do the following:
- Open the email.
- Click the three-dot icon in the top menu.
- Select Move Message to Junk.
How to report spam on iCloud.com in your inbox (Kurt “CyberGuy” Knutsson)

Report spam in iCloud Mail (iPhone or iPad Mail app, iOS 18.6)

If you’re using the Mail app on an iPhone or iPad, follow these steps instead:
- Open the email in the Mail app.
- Tap the reply arrow icon at the bottom of the screen.
- Select Move to Junk from the menu.
Report spam in Yahoo Mail

On the web (desktop version):
- Tick the checkbox next to the unwanted email(s) in your inbox.
- Click Spam in the toolbar above. This moves the message to your Spam folder and helps Yahoo learn to catch similar messages.
- You can also open the email directly and click Spam to report it.
On the Yahoo Mail mobile app (iOS/Android):
- Open the message.
- Tap the three vertical dots or “More” icon.
- Choose Mark as Spam to report it.
Report spam or phishing in Outlook / Outlook.com

In Outlook on the web (Outlook.com):
- Select the message(s) you want to report.
- Click Report above the reading pane, then choose Report phishing or Report junk from the dropdown.
In desktop Outlook (Windows, Mac) or Outlook mobile:
- If you’re using a supported version (like Outlook for Microsoft 365, Outlook for Mac 16.89+ or recent mobile versions), you’ll see a Report button on the toolbar.
- Select the message(s), click Report and then choose Phishing or Junk.
Report spam in AOL Mail

On the web or desktop:
- Log into AOL Mail and select the spam email from your inbox.
- Click the Spam button—often shown as an exclamation mark or explicitly labeled “Spam.” This moves the email to your Spam folder and helps train AOL’s filters.
On mobile:

In the AOL Mail app, you can usually tap and hold or open the message and select Mark as Spam from the options to report it.

How to report deleted spam mail

Even for those spam emails you deleted, they’re not gone forever. If it’s been less than 30 days, they’re probably still in the Trash folder.

To report them to clients like Gmail, Outlook, Yahoo, and AOL, follow these steps:
- Open the Trash or Deleted items folder in your mail client.
- Select the spam email by ticking the checkbox on its left side.
- Click Report spam in the top menu. Look for a stop sign or shield icon.
How to report spam in Gmail when it’s in the trash folder

You make yourself a target when you unsubscribe

Some spam emails also come with an option to unsubscribe. If you think reporting is too harsh, you might think unsubscribing is the best option to stop the spam emails from coming back. However, this can make matters worse. The act of unsubscribing signals to scammers and spammers that you’re actively checking your email. This emboldens them to increase the volume of spam they send. Worse still, some unsubscribe links are malicious traps designed to steal personal information or distribute malware.

GOOGLE SHUTS DOWN SOPHISTICATED GOOGLE DOCS PHISHING SCAM

Tips to stay safe from spam

Reporting spam helps your email provider protect you and others, but you can take additional steps to keep your inbox and personal information safe.

1) Never click suspicious links and use strong antivirus software

Even if an email appears to come from a company you trust, avoid clicking links unless you’re sure they’re legitimate. Phishing scams often use convincing logos and language to trick you into revealing sensitive information.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech

2) Use a personal data protection service

Consider using a service that monitors the dark web for your personal information and requests the removal of exposed data. This reduces the chances of scammers targeting you in the first place. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com/Delete

Get a free scan to find out if your personal information is already out on the web: CyberGuy.com/FreeScan

3) Use private email providers and aliases

One of the smartest ways to cut down on spam is by using a private, secure email provider. These services prioritize privacy, don’t sell your data and offer stronger protection against trackers hidden in emails.

Another powerful feature is the ability to create email aliases. An alias is a throwaway address that forwards mail to your real inbox. You can use one when online shopping or using trial accounts. If that alias starts getting flooded with junk, you simply disable or delete it, without exposing your main address.

By using aliases and secure providers, you take back control of your inbox. Spammers can’t easily tie unwanted emails to your real account and your personal email remains far more private.

For recommendations on private and secure email providers that offer alias addresses, visit CyberGuy.com/Mail

4) Use strong, unique passwords

Create long, complex passwords that are different for every account. A password manager can store them securely and help you generate new ones that are hard to crack.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at CyberGuy.com/Passwords

5) Enable two-factor authentication (2FA)

Turn on 2FA whenever possible. Even if a scammer gets your password, they won’t be able to log in without the second verification step.

6) Keep your devices updated

Install the latest software updates on your phone, tablet, and computer. These updates often include security patches that fix vulnerabilities scammers could exploit.

7) Be cautious with email attachments

Avoid opening attachments from senders you don’t recognize. They can contain viruses, ransomware or other types of malware designed to steal your data.

8) Limit the information you share online

The less personal information available about you publicly, the harder it is for scammers to craft convincing phishing emails that appear legitimate.

By following these steps and regularly reporting spam, you’ll protect not only your own inbox but also contribute to a safer online environment for everyone.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaways

Spam emails are annoying, but deleting them right away isn’t always the best move. By holding on to them and reporting them, you help your email provider improve its filters and block more junk in the future. At the same time, learn how to protect yourself from phishing attempts so you can recognize the warning signs quickly. With a little awareness and the right tools, spotting and avoiding these scams becomes much easier.

Have you ever had a close call with a spam or phishing email? Let us know by writing to us at CyberGuy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 30, 2025
Hackers push fake apps with malware in Google searches

[ad_1]

NEWYou can now listen to Fox News articles!

When you search Google for apps, it feels natural to trust the first results you see. They’re supposed to be the most reliable, right? Unfortunately, hackers know this too. They’re sneaking fake websites into search results that look just like the real thing. If you click and download from one of these sites, you could end up with malware instead of the app you wanted. In other words, the top search results aren’t always safe, and that’s exactly how scammers trick people.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

NORTH KOREAN HACKERS USE AI TO FORGE MILITARY IDS

What you need to know about malware in Google searches

Researchers at FortiGuard Labs found that attackers are setting up websites that look almost identical to trusted providers. These sites host installers for apps like Signal, WhatsApp, Deepl, Chrome, Telegram, Line, VPN services and WPS Office. The catch is that these downloads include both the real app and hidden malware.

Once you run one, the malware drops files into your system, asks for administrator access and quietly starts spying. It can collect personal information, log everything you type, monitor your screen and even disable your antivirus.

Hackers are planting fake apps in Google search results and they look just like the real thing. (Harun Ozalp /Anadolu via Getty Images)

Some versions were designed to snoop on Telegram messages. All of this is possible because hackers use a tactic called SEO poisoning, which manipulates Google’s search results so their fake websites appear near the top. Even if you stick to “safe-looking” search links, you could still land on a fraudulent page.

How hackers disguise fake apps as real ones

So how do these fake sites end up in your search results in the first place? The attackers use a technique called SEO poisoning. They register lookalike domains, use plugins to game search algorithms and then climb up Google’s rankings. That way, when you search for a trusted app, the fake site may appear as one of the first results.

According to FortiGuard Labs, this particular campaign mainly targeted Chinese-speaking users, but the method is being used everywhere. In fact, earlier reports from Cisco Talos showed ransomware groups pushing fake downloads of AI tools like ChatGPT or InVideo. Others used spoofed sites for PayPal, Microsoft, Netflix and Apple. Sometimes, attackers even buy sponsored ads so that their malicious links appear right at the top.

The scary part is that you might not even realize you installed something dangerous. Because the fake installer includes the real app, everything seems to work fine. Meanwhile, the hidden malware is already active on your device. That makes it harder to detect and much easier for attackers to steal your data.

6 ways you can stay safe from malware in Google Searches

I have listed some steps below that you can take to protect yourself from these fake apps and the malware they carry.

1) Download apps only from official sources

The safest way to avoid malware is to get software directly from the official website or verified app stores like Google Play or the Apple App Store. Avoid third-party download sites or search results that look suspicious, even if they appear at the top of Google.

2) Double-check website domains

Before clicking “download,” carefully inspect the domain name. Hackers often create lookalike domains that look nearly identical to real ones, adding small spelling changes or extra words. Even small differences can indicate a fake site designed to deliver malware.

TOP 5 OVERPAYMENT SCAMS TO AVOID

Cybercriminals are disguising malware as trusted apps, tricking users through poisoned search results. (Dilara Irem Sancar/Anadolu via Getty Images)

3) Install a reliable antivirus software

Malware can install itself quietly and avoid detection. Using a strong antivirus solution can help identify and block malicious files before they cause damage. Make sure your antivirus is always updated so it can recognize the latest threats, including Hiddengh0st and Winos variants.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

4) Use a password manager

If malware tries to capture your passwords, a password manager can protect you. It generates strong, unique passwords for each account and stores them securely. Many password managers can also alert you if your credentials appear in a data breach.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

5) Be cautious with ads in search results

Attackers sometimes buy sponsored Google ads to push malware. Even if an ad looks like it comes from a trusted brand, verify it carefully before clicking. Stick to official websites whenever possible.

6) Keep your software and system updated

Outdated operating systems and applications can have vulnerabilities that malware exploits. Regularly updating your software ensures you have the latest security patches and reduces the risk of infection.

HOW RETIREES CAN STOP FAKE DEBT COLLECTOR SCAMS

SEO poisoning is letting hackers hijack Google results targeting user’s data. (Nicolas Economou/NurPhoto via Getty Images)

Kurt’s key takeaway

Hackers are turning Google search into their delivery system for malware. By blending real apps with hidden spyware, they can make almost anyone a victim. The rise of SEO poisoning shows that you cannot rely only on search rankings to stay safe. If you are careful about where you download your apps, you can keep your devices and data out of a hacker’s hands.

CLICK HERE TO GET THE FOX NEWS APP

How much do you trust Google to filter out malicious sites before you click? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 29, 2025
North Korean hackers use AI to forge military IDs

[ad_1]

NEWYou can now listen to Fox News articles!

A North Korean hacking group, known as Kimsuky, used ChatGPT to generate a fake draft of a South Korean military ID. The forged IDs were then attached to phishing emails that impersonated a South Korean defense institution responsible for issuing credentials to military-affiliated officials. South Korean cybersecurity firm Genians revealed the campaign in a recent blog post. While ChatGPT has safeguards that block attempts to generate government IDs, the hackers tricked the system. Genians said the model produced realistic-looking mock-ups when prompts were framed as “sample designs for legitimate purposes.”

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Example of an AI-Generated Virtual ID card. (Genians)

How North Korean hackers use AI for global espionage

Kimsuky is no small-time operator. The group has been tied to a string of espionage campaigns against South Korea, Japan and the U.S. Back in 2020, the U.S. Department of Homeland Security said Kimsuky was “most likely tasked by the North Korean regime with a global intelligence-gathering mission.” Genians, which uncovered the fake ID scheme, said this latest case underscores just how much generative AI has changed the game.

“Generative AI has lowered the barrier to entry for sophisticated attacks. As this case shows, hackers can now produce highly convincing fake IDs and other fraudulent assets at scale. The real concern is not a single fake document, but how these tools are used in combination. An email with a forged attachment may be followed by a phone call or even a video appearance that reinforces the deception. When each channel is judged in isolation, attacks succeed. The only sustainable defense is to verify across multiple signals such as voice, video, email, and metadata, in order to uncover the inconsistencies that AI-driven fraud cannot perfectly hide,” Sandy Kronenberg, CEO and Founder of Netarx, a cybersecurity and IT services company, warned.

North Korea is not the only country using AI for cyberattacks.

HACKER EXPLOITS AI CHATBOT IN CYBERCRIME SPREE

Chinese hackers also exploit AI for cyberattacks

North Korea is not the only country using AI for cyberattacks. Anthropic, an AI research company and the creator of the Claude chatbot, reported that a Chinese hacker used Claude as a full-stack cyberattack assistant for over nine months. The hacker targeted Vietnamese telecommunications providers, agriculture systems and even government databases.

According to OpenAI, Chinese hackers also tapped ChatGPT to build password brute-forcing scripts and to dig up sensitive information on US defense networks, satellite systems and ID verification systems. Some operations even leveraged ChatGPT to generate fake social media posts designed to stoke political division in the US.

Google has seen similar behavior with its Gemini model. Chinese groups reportedly used it to troubleshoot code and expand access into networks, while North Korean hackers leaned on Gemini to draft cover letters and scout IT job postings.

GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS

The above features an ilustration of a hackers’ attack scenario. (Genians)

Why AI-powered hacking threats matter now

Cybersecurity experts say this shift is alarming. AI tools make it easier than ever for hackers to launch convincing phishing attacks, generate flawless scam messages, and hide malicious code.

“News that North Korean hackers used generative AI to forge deepfake military IDs is a wake-up call: The rules of the phishing game have changed, and the old signals we relied on are gone,” Clyde Williamson, Senior Product Security Architect at Protegrity, a data security and privacy company, explained. “For years, employees were trained to look for typos or formatting issues. That advice no longer applies. They tricked ChatGPT into designing fake military IDs by asking for ‘sample templates.’ The result looked clean, professional and convincing. The usual red flags — typos, odd formatting, broken English — weren’t there. AI scrubbed all that out.”

“Security training needs a reset. We need to teach people to focus on context, intent and verification. That means encouraging teams to slow down, check sender info, confirm requests through other channels and report anything that feels off. No shame in asking questions,” Williamson added. “On the tech side, companies should invest in email authentication, phishing-resistant MFA and real-time monitoring. The threats are faster, smarter and more convincing. Our defenses need to be too. And for individuals? Stay sharp. Ask yourself why you’re getting a message, what it’s asking you to do and how you can confirm it safely. The tools are evolving. So must we. Because if we don’t adapt, the average user won’t stand a chance.”

HOW AI CHATBOTS ARE HELPING HACKERS TARGET YOUR BANKING ACCOUNTS

How to protect yourself from AI-powered scams

Staying safe in this new environment requires both awareness and action. Here are steps you can take right now:

1) Slow down, verify, and use strong antivirus

If you get an email, text or call that feels urgent, pause. Verify the request by contacting the sender through another trusted channel before you act. At the same time, protect your devices with strong antivirus software to catch malicious links and downloads.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech

2) Use a personal data removal service

Reduce your risk by scrubbing personal information from data broker sites. These services can help remove sensitive details that scammers often use in targeted attacks. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

3) Check sender details carefully

Look at the email address, phone number or social media handle. Even if the message looks polished, a small mismatch can reveal a scam.

4) Use multi-factor authentication (MFA)

Turn on multi-factor authentication (MFA) for your accounts. This adds an extra layer of protection even if hackers steal your password.

5) Keep software updated

Update your operating system, apps and security tools. Many updates patch vulnerabilities that hackers try to exploit.

6) Report suspicious messages

If something feels off, report it to your IT team or your email provider. Early reporting can stop wider damage.

7) Question the context

Ask yourself why you are receiving the message. Does it make sense? Is the request unusual? Trust your instincts and confirm before taking action.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaways

AI is rewriting the rules of cybersecurity. North Korean and Chinese hackers are already using tools like ChatGPT, Claude, and Gemini to break into companies, forge identities, and run elaborate scams. Their attacks are cleaner, faster, and more convincing than ever before. Staying safe means staying alert at all times. Companies need to update training and build stronger defenses. Everyday users should slow down, question what they see, and double-check before trusting any digital request.

Do you believe AI companies are doing enough to stop hackers from misusing their tools or is the responsibility falling too heavily on everyday users? Let us know by writing to us at CyberGuy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 27, 2025
Top 5 overpayment scams to avoid

[ad_1]

NEWYou can now listen to Fox News articles!

Overpayment scams are on the rise, and they can leave victims thousands of dollars in debt. The setup usually looks harmless: someone sends you a check for more than the agreed amount, asks you to forward the difference and disappears once the check bounces. Below are five of the most common overpayment scams you need to watch for today.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

FBI WARNS SENIORS ABOUT BILLION-DOLLAR SCAM DRAINING RETIREMENT FUNDS, EXPERT SAYS AI DRIVING IT

1. The dog walker overpayment scam

Bob from Harrison, Ohio, recently shared how he was nearly tricked by a scammer posing as a pet owner. The con began with a request for dog sitting. Bob was promised $250 for care and food, but then a fake check for $4,358 arrived.

The scammer instructed Bob to send $4,000 of it to an “appliance retailer.” Why an appliance retailer when the service was for dog sitting? Scammers often use a third party to make the request sound more believable. If they simply asked for the money back, it would raise red flags. By inventing another company, whether a retailer, shipping service or contractor, they add urgency and legitimacy to the story. In reality, that “retailer” is just another front that the scammer controls. Here’s the catch: the check appears to be real, but it’s actually counterfeit. The bank may release the funds temporarily, but once it bounces, you’re on the hook for the entire amount.

Making a payment by scanning a QR code with a phone. (Kurt “CyberGuy” Knutsson)

Tip: If you’re asked to forward money to a third party, especially one unrelated to the original deal, treat it as a scam. Keep the check and envelope as evidence, and report it to the FTC and your state attorney general.

2. The online marketplace scam

Selling a couch, bike or electronics online? Some buyers “accidentally” send too much. They then ask you to return the difference through Zelle, Venmo or a wire transfer. Once the check or payment reverses, you’ve lost both the product and the money you returned.

Tip: Always insist on verified payment methods. If a buyer pushes you for a refund quickly, walk away.

FAKE AGENT PHONE SCAMS ARE SPREADING FAST ACROSS THE US

Scammers may try to recruit buyers into buying gift cards before a false check they provided bounces. (Kurt “CyberGuy” Knutsson)

3. The mystery shopper scam

You might get an email or letter offering a job as a mystery shopper. They send you a large check to “test” stores by buying gift cards. You’re asked to send the gift card numbers back as proof of purchase. After the bank reverses the fake check, you’ve lost the money you spent on those gift cards.

Tip: Real companies never pay upfront with extra funds or ask for gift card codes by email.

4. The rental deposit scam

Scammers target renters by mailing a check for more than the deposit or rent. They claim it was a mistake and ask you to refund the difference. The check later bounces, leaving you stuck.

Tip: Only accept payments through secure online portals or in person with verified funds.

5. The work-from-home equipment scam

This one lures jobseekers. The “employer” sends a large check to buy office equipment, then directs you to forward the extra funds to a vendor. Of course, the check is fake, and the supposed vendor is also the scammer.

Tip: Legitimate employers provide equipment directly or reimburse verified expenses, not through overpayments.

CLICK HERE TO GET THE FOX NEWS APP

Scammers target remote workers by promising to provide a stipend for work-from-home tech. (iStock)

How to protect yourself from overpayment scams

Now that you’ve seen how these scams play out, from fake dog sitting gigs to marketplace frauds and bogus job offers, it’s clear they all follow the same playbook. Someone sends you too much money and pressures you to forward the extra. That “extra” never existed, and once the check bounces, you’re left holding the bag. The good news is, there are clear steps you can take to protect yourself and keep your money safe.

Pause before acting

Every scam in this article, from the dog walker hoax to rental deposit tricks, begins with an overpayment that looks harmless. If someone pays you more than you’re owed, it’s not a mistake. It’s a scam. Do not respond or send money to any third party. Save the check and envelope as evidence, then report it.

Verify funds with your bank

Scammers count on you trusting what you see in your account. In Bob’s case, his $4,358 check looked real because the bank showed it as “available.” But available isn’t the same as cleared. Always ask your bank to confirm when funds are fully verified before you spend a dime.

Avoid rushing

Urgency is the scammer’s strongest weapon. Marketplace fraudsters, renters and fake employers will pressure you to “fix” the mistake right away. Slow down, double-check and don’t let anyone force you into quick action.

Use secure payment systems

Whether it’s for rent, freelance work or selling a used item, scammers prefer paper checks because they’re easy to fake. Stick with secure, traceable payment platforms or in-person verified funds. That way, you don’t get stuck when a check bounces.

Keep records of all communication

If you receive a suspicious check, save everything: the envelope, emails, texts and any names used. In the dog sitting scam, Bob’s saved emails and the scammer’s phone number became valuable evidence. This documentation helps law enforcement and protects you if the scammer tries again under another identity.

Use a personal data removal service

Scammers often find victims by scraping personal details from online data brokers. That’s how they target renters, pet sitters or jobseekers. Using a personal data removal service can limit your exposure and make you harder to target in the first place. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

Enable fraud alerts with your bank

Many banks let you set fraud alerts for large deposits or unusual transactions. Turning these on gives you a chance to review suspicious activity before a scammer pressures you into acting on it.

Report scams

Just like Bob did when he cut contact with the fake pet owner, reporting scams helps protect others. File with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and your state attorney general. You can also alert your local police and community groups to stop scammers from targeting someone else.

Kurt’s key takeaways

Overpayment scams prey on trust and urgency. They can pop up in online sales, job offers, rental agreements and even friendly community boards. By knowing the warning signs, you can stop scammers before they reach your wallet. Stay cautious whenever you’re asked to deposit more than expected and forward the extra. If it sounds strange, it’s probably a scam.

What should be done to stop overpayment scams now that they’ve gotten out of hand? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 25, 2025
How retirees can stop fake debt collector scams
[ad_1]
NEWYou can now listen to Fox News articles!

You pick up the phone and hear a stern voice claiming you owe money. Maybe it’s for a credit card you don’t recognize, a loan you never took out or some old bill you thought was long gone. Panic sets in, especially if the caller threatens arrest, wage garnishment or lawsuits.

Unfortunately, this scenario is becoming all too common. Scammers are posing as debt collectors, and retirees are among their favorite targets. Even legitimate debt collection companies have crossed the line. One such company was ordered to pay over $8 million for harassing people into paying fake debts.

The good news? With a little knowledge and some practical steps, you can spot these calls, protect yourself and stop them before they get too close for comfort.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

JURY DUTY PHONE SCAMS ON THE RISE AS FRAUDSTERS IMPERSONATE LOCAL OFFICIALS, THREATEN ARREST

A 96-year-old woman sits in an armchair in her apartment in Germany on Sept. 1, 2025, and makes a phone call. (Matthias Balk/picture alliance via Getty Images)

Why retirees are prime targets

Scammers don’t call at random. Retirees often make ideal marks because:
- Less frequent monitoring: Many retirees check credit reports and bank accounts less often, making it easier for fraud to go unnoticed.
- Accumulated assets: Retirement savings, pensions and home equity make seniors look “cash-rich” to scammers.
- Trust factor: Politeness and trust on the phone can be exploited.
- Less tech-savvy: Some retirees feel less comfortable with online verification.
This combination creates a perfect storm for fake debt collection scams.

Red flags of fake debt collector calls

Recognizing the signs can stop scammers in their tracks.
- Immediate threats or pressure: Real collectors cannot threaten arrest or use abusive language under the Fair Debt Collection Practices Act (FDCPA).
- Unusual payment methods: Gift cards, wire transfers and cryptocurrency are red flags. Legitimate collectors use checks, debit or bank payments.
- Refusal to verify debt: If they won’t send written proof, hang up.
- Mismatch with public records: Fake companies often use official-sounding names that don’t exist.
Requests for unrelated personal information: Collectors don’t need your Social Security number or bank logins.

FAKE AGENT PHONE SCAMS ARE SPREADING FAST ACROSS THE US

Kurt “Cyberguy” Knutsson lays out red flags of fake debt collector calls. (Matthias Balk/picture alliance via Getty Images)

How to safely verify debt collector calls

Even if a call raises red flags, it’s essential to verify the information before taking action. Here’s how:

1) Request written verification

Under the FDCPA, you have the right to ask for a debt validation letter. This document should include:
- The creditor’s name
- Original amount owed
- Verification that the collector is legally authorized to collect the debt.
Ask for this before paying or sharing any personal info.

2 Look up the collector

Check with state attorneys general offices or the Consumer Financial Protection Bureau (CFPB). Verify that the company exists and is licensed to collect in your state.

3) Contact the original creditor

If you recognize the debt or think it may be legitimate, call the creditor directly using a verified phone number. Do not rely on the caller’s number; scammers often spoof official-looking numbers.

4) Use trusted resources

The FTC offers a “Debt Collection” section on its website with tips and complaint forms. If you suspect fraud, filing a report can help stop the scammers from targeting others.

CLICK HERE TO GET THE FOX NEWS APP

Experts warn retirees to be vigilant regarding fake debt collector calls. (Kurt “CyberGuy” Knutsson)

Pro tip: Extra step to protect your personal information

Fraudsters rely on personal data to make calls sound convincing. Reducing the amount of information available about you online lowers your risk. Data brokers collect and sell details like your name, phone, address and even past debts. A data removal service can automatically remove your data from hundreds of broker sites, making it harder for scammers to find and target you.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

When and where to report a scam

If you’ve encountered a fake debt collector, report them right away:
- FTC: File at FTC.gov
- State Attorney General: Use the consumer complaint division in your state
- CFPB (Consumer Financial Protection Bureau): Submit a complaint online at consumerfinance.gov/complaint/or by phone
Reporting helps protect other retirees from falling victim.

Kurt’s key takeaways

Protecting your retirement isn’t just about managing your savings; it’s about defending your personal information, too. Scammers thrive on fear, urgency and trust, but you now have the knowledge to push back. By spotting red flags, verifying calls and reducing what’s available about you online, you can stop fake debt collectors in their tracks.

If a scammer called you tomorrow, would you be ready to spot the lies and protect your hard-earned savings? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 24, 2025
Social media verification systems lose power as scammers purchase checkmarks to appear legitimate

[ad_1]

NEWYou can now listen to Fox News articles!

Social media makes it easy to connect with people, but it also makes it just as easy for fraudsters to pretend they are someone they are not. Fake accounts, misleading checkmarks and smooth-talking profiles are everywhere, and not everyone knows how to spot them. I recently received an email from Marie from Boynton Beach, Florida, with a similar concern:

“I have been on X, and it seems quite a few people turn out to be not who they say they are. Mostly the ones that are verified. I am not that good tech-wise. Is there a way other than me knowing immediately they are a fraud?? Thank God I am not the type to give personal information or money.”

It is a fair concern, Marie. With scams becoming more polished, the line between real and fake accounts is harder to see. Let’s break down why fraud is so common on social media, the red flags you should look out for, and the simple habits that can keep you from getting duped.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

WHATSAPP BANS 6.8M SCAM ACCOUNTS, LAUNCHES SAFETY TOOL

A man logs into his social media account on a laptop. Fraudsters often exploit online activity to trick users. (Kurt “CyberGuy” Knutsson)

Why social media is a playground for scammers

Social platforms are built for speed and visibility. Anyone can create an account in minutes, post content instantly and connect with strangers worldwide. This openness is what makes social media engaging, but it is also what makes it ripe for abuse. Fraudsters exploit the fact that posts, comments and messages are consumed quickly and often without much scrutiny.

Verification systems that were once meant to help users identify legitimate accounts have also lost some of their power. On platforms where checkmarks can be purchased, scammers can buy credibility without earning it. Add in the algorithms that reward viral content and sudden spikes in engagement, and you get the perfect environment for fraud to spread unnoticed.

Scammers know people often lower their guard on social media. In these spaces, users share personal details, build emotional ties with influencers and trust posts that look familiar. As a result, the combination of speed, trust and visibility creates an ideal environment for fraud to spread rapidly.

META DELETES 10 MILLION FACEBOOK ACCOUNTS THIS YEAR, BUT WHY?

A woman browses social media on her laptop. Scammers use fake accounts and misleading profiles to lure victims. (Kurt “CyberGuy” Knutsson)

The cost of falling for a scam

When people think of scams, they often imagine losing a one-time sum of money. The reality is far more damaging. Clicking a bad link or handing over credentials can snowball into long-term consequences. Once scammers get access to your information, it can be sold on dark web marketplaces, used to open fraudulent accounts or leveraged for identity theft.

There is also the reputational cost. If your social media account is hijacked, scammers can use it to trick your friends, family or followers, spreading fraud even further under your name. Cleaning up that mess can take weeks and may permanently damage your credibility.

Social media apps are prime hunting grounds for scammers who rely on speed and trust to deceive victims. (Kurt “CyberGuy” Knutsson)

Practical steps you can take to stay safe on social media

There are simple ways to protect yourself without needing technical expertise. I have listed some of the crucial steps below.

1) Scrutinize profiles before engaging

Fake accounts often have clear giveaways. Look at how long the account has existed, whether it posts original content and the kind of followers it has. Scammers usually recycle generic profile photos or steal images from real people. Reverse image searches can help you confirm if a photo belongs to someone else.

Even with verification, be skeptical. On platforms where checkmarks can be purchased, anyone can appear “official” without being trustworthy. Treat every new interaction with caution until proven otherwise.

FACEBOOK CRYPTO ADS LEAD TO DANGEROUS MALWARE SCAMS

2) Avoid clicking on random links

Fraudsters often send links over DMs, comments or even ads. These links may lead to phishing sites designed to steal your credentials or malware that installs silently on your device. One careless click can expose your information.

This is where having strong antivirus software comes in. Even if you accidentally land on a malicious site, a strong antivirus can block harmful downloads and warn you before malware runs. Think of it as a safety net for moments when curiosity gets the better of you.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com/.

3) Protect your logins

Phishing scams frequently mimic login screens for X, Instagram or Facebook. They are designed to trick you into typing your username and password into a fake form. Once you do, the scammer immediately takes over your account.

A password manager can be a lifesaver here. It only fills in your login details on the genuine site you have saved. If it does not recognize the page, that is a red flag that you are looking at a fake. On top of that, a password manager makes it easier to use strong, unique passwords for each account, which limits damage if one gets compromised.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/.

4) Keep personal info under wraps

The less information fraudsters can find about you, the weaker their scams become. Many impersonators use details like your hometown, job or relatives to build trust. If your email, phone number or address is floating around the web, scammers can weaponize that too.

A personal data removal service can help here by scrubbing your details from people-search sites and data brokers. While not foolproof, reducing your digital footprint makes you a harder target for impersonation or social engineering scams. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/.

SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES

5) Stay alert to impersonation scams

Fraudsters often pretend to be well-known figures, influencers or even customer support staff. They use urgency like “limited offer,” “you have won” or “your account will be closed” to pressure you into responding fast.

When money, gift cards or personal details are involved, slow down. Contact the real brand or person through official channels to verify. If you are unsure, simply ignore the request.

6) Trust your instincts

One of the strongest defenses you have is your gut feeling. If a verified profile is asking for money, if a giveaway sounds too good to be true or if someone’s tone feels off, it probably is. Scammers rely on you ignoring that little voice that says something is not right.

Take a breath, pause and think before you act. That moment of hesitation often makes the difference between staying safe and becoming a victim.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

Social media can be entertaining, informative and even empowering, but it is also one of the easiest hunting grounds for fraudsters. They thrive on speed, trust and distraction, hoping you will react before you think. While no tool or habit can guarantee absolute safety, combining skepticism with smart protective steps puts you in a much stronger position.

Do you think paid verification badges make it harder to spot scammers? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 23, 2025
How a SIM farm like the one found near the UN threatens telecom networks

[ad_1]

NEW YORK — The U.S. Secret Service has found and is quietly dismantling a massive network of “SIM farms” across the New York area just as world leaders gather for meetings at the United Nations.

Matt McCool, the special agent in charge of the Secret Service’s New York field office, said agents found multiple sites filled with servers and stacked SIM cards, of which more than 100,000 cards were already active. Though the investigation is ongoing and no arrests have been made, he described it as a well-funded, highly organized enterprise and possibly run by nation-state actors — perpetrators from particular countries.

Officials also warned of the havoc the network could have caused if left intact. McCool compared the potential impact to the cellular blackouts that followed the Sept. 11 attacks and the Boston Marathon bombing, when networks collapsed under strain.

So what are these SIM farms and what are they capable of?

SIM farms are hardware devices that can hold numerous SIM cards from different mobile operators. These devices then exploit voice over internet protocol (VoIP) technology to send and receive bulk messages or calls.

While initially developed for legitimate purposes, such as low cost international calling, the technology has become a cornerstone of organized fraud targeting mass audiences — phishing texts and scam calls.

“Scams have become so sophisticated now. Phishing emails, texts, spoofing caller ID, all of this technology gives scammers that edge,” said Eva Velasquez, president and CEO of the Identity Theft Resource Center.

In this case, the devices were concentrated within 35 miles of the U.N. building. The investigation is ongoing, but McCool said forensic analysis currently believe the system could have been used to send encrypted messages to organized crime groups, cartels and terrorist organizations.

Anthony J. Ferrante, the global head of the cybersecurity practice at FTI, an international consulting firm, said the photos show a very sophisticated and established SIM farm that could be used for any number of nefarious activities, including the potential to overwhelm cellular networks with millions of calls in just a few minutes.

“So if you can imagine that type of magnitude on cellular networks, it would just overwhelm them and cause them to shut down,” Ferrante said in an interview. He also notes that it’s possible the system could be used for surveillance operations, given its proximity to the United Nations, “potentially that equipment could be used to either intercept communications, eavesdrop on communications, or actually, clone devices, as well.”

Ferrante, who previously served in key security positions at the White House and the FBI, says he’s awaiting the results of the investigation before drawing any conclusions about the nature of the setup, but he emphasizes that the scale of the operation shows how simple tools can pose real risks to critical infrastructure.

“The masterminds could have set this up a long time ago and be operating from thousands of miles away,” he said. “It’s a stark reminder of how deeply interconnected our world has become, where local vulnerabilities can be exploited globally.”

[ad_2]

Source link

September 23, 2025
Beware of fake Wi-Fi networks that steal your data when traveling

[ad_1]

NEWYou can now listen to Fox News articles!

Earlier this year, Australian police arrested a passenger for running a malicious Wi-Fi network both at an airport and during a flight. The setup looked just like the airline’s own Wi-Fi service, but it wasn’t. Instead, it was what cybersecurity researchers call an “evil twin,” a fake hotspot designed to trick people into handing over their credentials.

The idea isn’t new, but the setting is. For years, fake Wi-Fi networks have been a common trick in cafes, hotels, and airports. What makes this case stand out is that the attacker took it to the skies, exploiting the growing reliance on in-flight Wi-Fi for entertainment and internet access.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

What is an evil twin Wi-Fi attack?

An evil twin hotspot is a wireless network that impersonates a legitimate one by copying its name, also known as the SSID. When multiple networks with the same name exist, your phone or laptop often connects to the one with the stronger signal, which is usually the attacker’s.

Travelers check their phones while navigating delays and flight cancellations at the Austin-Bergstrom International Airport on July 19, 2024, in Austin, Texas. (Brandon Bell/Getty Images)

Once connected, victims are often redirected to a fake login or landing page. In this case, the malicious portal requested passengers’ email addresses, passwords, or even social media credentials under the pretense of granting access to the airline’s entertainment system. The stolen information could then be used for account takeovers, identity theft, or further attacks.

Why travel Wi-Fi is a prime target

Travel creates a perfect storm for these kinds of attacks. Whether you’re in a hotel, airport, cruise ship or airplane, you often have limited choices for getting online. Mobile data may be patchy or expensive, which pushes people toward the available Wi-Fi networks. Because these services feel official and are tied to trusted brands, travelers tend to assume they’re safe and let their guard down when login requests pop up.

Another trend adds to the risk. Travel providers are increasingly moving entertainment and services onto personal devices instead of offering built-in options. Airlines replace seatback screens with streaming portals, cruise lines promote app-based services and hotels direct guests to digital check-in platforms. All of these require a Wi-Fi connection, which means more people are logging on than ever before.

QANTAS DATA BREACH EXPOSES MILLIONS OF CUSTOMER RECORDS

How hackers trick you with fake in-flight Wi-Fi

Here’s how it worked in the Australian case. The attacker carried a portable hotspot onboard and named it to match the airline’s official Wi-Fi network. Passengers, seeing the fake network with stronger signal strength, connected automatically. They were then taken to a counterfeit login page asking for personal details.

A traveler awaits their delayed luggage after United Airlines grounded flights due to a tech outage at Newark Liberty International Airport in Newark, New Jersey, Aug. 6, 2025. (REUTERS/Ryan Murphy)

On a flight, the consequences are amplified. Passengers either give in and share data or lose access to entertainment for hours. The success rate of this attack is, quite literally, sky-high.

YOUR DISCARDED LUGGAGE TAGS ARE WORTH MONEY TO SCAMMERS

Why you need a VPN for in-flight Wi-Fi security

One of the best defenses against rogue Wi-Fi is a Virtual Private Network, or VPN. A VPN creates an encrypted tunnel between your device and the internet, making it far harder for attackers to intercept your data even if you connect to the wrong hotspot.

There is a catch, though. In-flight Wi-Fi systems often require you to disable your VPN temporarily to access the onboard portal. Even then, a VPN remains an important safeguard. Once you have cleared the login page and, if you have paid, connected to the internet, enabling your VPN ensures that any browsing, messaging, or app traffic stays private.

For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at CyberGuy.com.

9 tips for using in-flight Wi-Fi safely

A VPN is important, but it isn’t the only defense you should rely on. Here are some other ways to stay safe when connecting midair:

1) Install strong antivirus software

Before you even think about connecting to in-flight Wi-Fi, make sure your device has a strong antivirus installed. It’s your first line of defense against malicious sites and apps that attackers may try to push through fake portals. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

James Garofalo of Colorado Springs is checking cellphone after his flight cancelation at Denver International Airport in Denver, Colorado, on Thursday, Dec. 22, 2022. (Hyoung Chang/The Denver Post)

2) Enable two-factor authentication (2FA)

Even if an attacker manages to steal your login credentials, 2FA can stop them from getting into your accounts. Use app-based authenticators rather than SMS codes whenever possible, since they work offline and are harder to intercept.

3) Turn off automatic Wi-Fi connections

Most phones and laptops are set to reconnect automatically to familiar networks. This makes it easier for a fake hotspot with the same name to trick your device. Before you board, switch off auto-connect and manually choose the correct airline Wi-Fi.

4) Use HTTPS everywhere

When browsing in-flight, check for the padlock icon in your browser’s address bar. HTTPS encrypts the connection between your device and the website, making it harder for attackers on public Wi-Fi to intercept your data.

5) Limit what you access

Even with precautions, in-flight Wi-Fi should be treated as untrusted. Avoid logging in to sensitive accounts like online banking or work systems. Stick to light browsing, streaming or messaging until you’re back on a secure connection.

6) Keep your device updated

Outdated operating systems and apps often have security holes attackers exploit. Before your trip, install the latest updates on your phone, tablet or laptop. Many updates include security patches that protect you against known vulnerabilities.

7) Use airplane mode with Wi-Fi only

When possible, switch your device to airplane mode and then enable only Wi-Fi. This reduces exposure from other radios (like Bluetooth or cellular roaming) that attackers sometimes target on flights.

8) Watch for phishing pop-ups and avoid suspicious clicks

Some fake in-flight portals use pop-ups or redirects designed to trick you into entering login details or clicking on malicious links. If a page asks for unnecessary information, like your full Social Security number, banking details or unrelated logins, treat it as a red flag. Close the page immediately and don’t click.

9) Log out after use

When the flight is over, sign out of the airline’s Wi-Fi portal and any accounts you accessed. This prevents session hijacking if the system keeps tokens cached.

CLICK HERE TO GET THE FOX NEWS APP

Kurt’s key takeaway

The rise of evil twin attacks in the air is a reminder that convenience often comes with hidden risks. As airlines push more passengers toward in-flight Wi-Fi, attackers are finding ways to exploit that dependency. Next time you fly, think twice before blindly connecting to the first Wi-Fi network that pops up. Sometimes, the safest choice is to stay offline until you land.

Would you rather go a few hours offline than risk using an untrusted hotspot midair? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CyberGuy.com newsletter.

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

[ad_2]

Source link

September 22, 2025
Why iPhone users are the new prime scam targets
[ad_1]
NEWYou can now listen to Fox News articles!

New research may shock a lot of Apple fans: iPhone users are actually more likely to fall for online scams than Android owners. The problem isn’t the device itself; it’s the habits of the people using it.

The survey from Malwarebytes, a global cybersecurity company, of 1,300 adults across the United States, United Kingdom, Austria, Germany and Switzerland, found that many iPhone owners put blind trust in Apple’s security. That confidence makes them easier targets for scammers who count on overconfidence.

5 PHONE SETTINGS TO CHANGE RIGHT NOW FOR A SAFER SMARTPHONE

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

New research suggests iPhone users are more likely to fall for online scams than Android users. (Kurt “CyberGuy” Knutsson)

The truth about iPhone security habits

Here’s what the Malwarebytes survey uncovered:
- More than half of iPhone users (53%) admitted they’ve fallen for a scam, compared to 48% of Android users.
- Only 21% of iPhone owners add security software, while 29% of Android users do.
- Just 35% of iPhone users set unique, strong passwords, compared to 41% of Android owners.
- 47% of iPhone users grabbed a “best price” deal from shady sellers, compared to 40% of Android users.
- 41% of iPhone owners DM’d sellers for discounts on social media, compared to 33% of Android owners.
The takeaway? It’s not the phone that makes you safe, it’s your choices every time you go online.

A survey from Malwarebytes found that many iPhone owners blindly trust Apple’s security measures, which makes them easier targets for scammers who count on overconfidence. (Kurt “CyberGuy” Knutsson)

Why this matters

For years, Apple’s reputation led iPhone users to believe they were automatically safer. This study proves otherwise. Cybercriminals don’t care what brand of phone you carry; they care about how easy it is to trick you. And right now, too many iPhone users are letting their guard down.

Many iPhone software updates contain security patches that block new threats to keep users safe. (Kurt “CyberGuy” Knutsson)

7 ways to stay safe on iPhone

Even if you love your iPhone, staying safe means making smarter choices online. Follow these steps to keep scammers one step behind you.

1) Stop and double-check

If something feels off, whether it’s a text, link, or offer, pause. Scammers rely on urgency to trick you.

2) Avoid random links and shady DMs

Never click on links or QR codes from unknown senders. Always visit the company’s website directly. Also, use strong antivirus software to block malicious links before they reach you. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com/LockUpYourTech

3) Keep your software updated

Apple pushes out updates for a reason. Many contain security patches that block new threats. Make sure your iPhone is always running the latest iOS and app updates.

How to update iOS:
- Go to Settings
- Tap General
- Click Software Update and install any available updates.
Manually updating apps:
- Open the App Store.
- Tap your profile icon at the top right.
- Scroll down to see pending updates.
- Tap Update All (or update individual apps).
Enabling Automatic App Updates:
- Open Settings.
- Scroll down and tap App Store.
- Under Automatic Downloads, toggle on App Updates.
This way, your phone will always stay current, reducing the chances that hackers can exploit old vulnerabilities.

IS YOUR PHONE HACKED? HOW TO TELL AND WHAT TO DO

4) Pick stronger, unique passwords

Using the same password everywhere is a hacker’s dream. Create unique ones for each account. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see CyberGuy.com/Passwords) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at CyberGuy.com/Passwords

5) Consider using a personal data removal service

Scammers thrive on the personal details they can easily find about you online, and iPhone users in particular tend to overshare and trust their device to keep them safe. That leaves a bigger trail for criminals to exploit. A personal data removal service helps wipe your information from data broker sites and shady lists that fuel targeted scams.

While no service can erase everything, it makes it much harder for crooks to connect the dots and trick you. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com/Delete

Get a free scan to find out if your personal information is already out on the web: CyberGuy.com/FreeScan

6) Turn on two-factor authentication (2FA)

Turning on two-factor authentication (2FA) is one of the most powerful ways to lock down your accounts. It adds an extra login step that blocks criminals, even if they already have your password. On your iPhone:
- Open the Settings app.
- Tap on [your name] (your Apple ID at the top).
- Select Sign‑In & Security.
- Tap Turn On Two‑Factor Authentication, then tap Continue.
- Enter a trusted phone number to receive verification codes (via text or call), tap Next, and enter the code sent to you to complete the setup.
Once set up, you’ll get a code each time you or someone else tries to sign in.

7) Don’t trade personal info for deals

Skip giving out your phone number or email just to snag a coupon, unlock a discount code, or enter a giveaway. Scammers use those details to target you later with spam, phishing attempts, and even identity theft schemes. Instead, create and use an alias email address for sign-ups, promotions, or contests. That way your real inbox stays private, and suspicious offers won’t expose your personal data.

For recommendations on private and secure email providers that offer alias addresses, visit CyberGuy.com/Mail

CLICK HERE TO GET THE FOX NEWS APP

What this means for you

If you own an iPhone, don’t assume Apple’s built-in tools are enough. Android users appear to be more proactive, but everyone is vulnerable. Real security comes from your habits, not your hardware.

Kurt’s key takeaways

The bottom line: iPhone users are falling for scams more often because they trust too much and protect too little. The fix is simple: be cautious, be skeptical, and add extra protection. Because when it comes to scams, it’s not about the device, it’s about you.

Do you still believe Apple makes you safer, or are you ready to admit that scammers can outsmart any phone? Let us know by writing to us at CyberGuy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 21, 2025
5 e-commerce tech terms every shopper should know
[ad_1]
NEWYou can now listen to Fox News articles!

Shopping has gone digital, and with it comes a whole new language. From the way you pay to the platforms you browse, technology is rewriting the rules of retail. We’ll break down five essential terms that directly shape how you shop today, from affiliate links powering influencer recommendations to same-day delivery that gets products to your door in hours.

Stay tuned for more in this series as we decode the tech jargon behind the evolving world of e-commerce, answering the top questions we get from readers like you.

10 THINGS I WISH I KNEW BEFORE BUYING REFURBISHED ELECTRONICS

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Online shopping comes with its own set of terms native to the digital space. (Kurt “CyberGuy” Knutsson)

1) Digital wallet

Your phone, your wallet

A digital wallet is an app that securely stores your credit cards, debit cards, tickets and even IDs on your smartphone. Instead of swiping plastic, you can simply tap your phone or smartwatch to pay at checkout.

Where you’ve likely used it:
- Apple Pay or Google Pay at a coffee shop.
- Samsung Pay at a grocery store.
- Storing boarding passes, concert tickets or loyalty cards.
Digital wallets use encryption and biometric security (like Face ID) to keep your payment data safe. They also cut down on physical clutter—no more fumbling with cards at the register.

Want to make sure your digital wallet is safe? Check out my guide to setting strong authentication and avoiding scams targeting mobile payments.

2) Buy now, pay later

How installment plans reshape shopping

You’ve probably seen “Pay in 4” or “Buy Now, Pay Later” (BNPL) at checkout. Some websites and services allow you to split purchases into smaller payments over time, typically with no interest if paid on schedule.

Why it matters:
- Makes big-ticket items more accessible.
- Helps you budget, but late fees can add up.
- Retailers sell more by lowering the upfront cost.
If you want even more ways to manage expenses, take a look at my guide on saving big at the grocery store using simple, proven hacks. For even more ways to stretch your dollars, check out my guide on the best ways to save money on gas with apps and loyalty programs.

9 ONLINE PRIVACY RISKS YOU PROBABLY DON’T KNOW ABOUT

A digital wallet is an app that securely stores your credit cards, debit cards, tickets and other items like IDs on your smartphone. (Jakub Porzycki/NurPhoto via Getty Images)

3) Same-day fulfillment

From warehouse to your doorstep in hours

The phrase same-day fulfillment describes when retailers use advanced logistics to process, pack, and ship your order so you get it within hours instead of days. Think Amazon Prime Now or Walmart’s express delivery.

How it works:
- Local warehouses and stores act as mini shipping hubs.
- Algorithms map the fastest routes for couriers.
- Automation speeds up picking, packing, and delivery.
It’s convenience at its peak, and for urgent needs (like a birthday gift you forgot), same-day fulfillment is a lifesaver. Be sure to check out my list of the 5 best secrets to shopping smarter on Amazon to save time and money.

4) Social commerce

Shopping where you scroll

Social commerce is the blend of social media and online shopping. Instead of just seeing ads, you can now buy directly through platforms like TikTok Shop, Instagram Checkout or Pinterest.

What makes it unique:
- Seamless shopping without leaving the app.
- Real-time recommendations from influencers and creators.
- Viral products can sell out within hours.
For consumers, it’s impulse buying made easier. For businesses, it’s a new way to reach audiences where they already spend time.

Want to avoid scams? Stick to verified shops and use buyer protection options when available. For more ways to stay safe while shopping online, check out my CyberGuy guide on how to tell if an online store is real or a scam.

Social commerce blends the experiences of online shopping and browsing social media. (Kurt “CyberGuy” Knutsson)

5) Dropshipping

Selling without the stockroom

Dropshipping is a retail model where the seller doesn’t keep products in stock. Instead, when you place an order, it’s sent directly to a third-party supplier who ships it straight to your door.

How it works:
- You buy from an online shop.
- The shop forwards your order to a manufacturer or wholesaler.
- That supplier handles storage, packing and shipping.
Why it’s popular:
- Entrepreneurs can start online stores without investing in warehouses.
- Stores can offer a wide variety of products without holding inventory.
The downside? Shipping times may be longer, product quality can vary and customer service sometimes suffers since the seller isn’t handling the goods directly. Still, dropshipping has become a cornerstone of e-commerce, powering countless online shops you scroll past every day. For some advice on how to start and grow an online store, visit CyberGuy’s guide on 10 easy ways to help launch a successful online shop.

CLICK HERE TO GET THE FOX NEWS APP

Pro tip: protect yourself while shopping online

Even as shopping gets more convenient, cyberthreats also grow. Fake stores, phishing scams, and shady links can put your data at risk. That’s why running a strong antivirus program is essential.

Why antivirus matters for e-commerce:
- Scans links and downloads before they harm your device
- Blocks malicious pop-ups on retail and social sites
- Warns you about suspicious checkout pages
Using strong antivirus software gives you peace of mind while shopping online. It’s a small step that keeps your personal and financial information safe as e-commerce evolves.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at CyberGuy.com/LockUpYourTech

Kurt’s key takeaways:

E-commerce is moving faster than ever. By understanding these five terms, you shop with confidence and spot trends before they become mainstream. From digital wallets to dropshipping, each concept shapes how products reach your hands. Stay curious, keep learning, and watch how retail continues to evolve.

What changes in online shopping do you think will matter most in the next few years? Let us know by writing to us at CyberGuy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

Copyright 2025 CyberGuy.com. All rights reserved.

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
[ad_2]

Source link
September 21, 2025