ReportWire

Tag: Privacy

  • Think your New Year’s privacy reset worked? Think again

    [ad_1]

    NEWYou can now listen to Fox News articles!

    At the start of the year, you did everything right. You searched your name, opted out of several data broker sites and deleted listings that exposed your address, phone number and relatives.

    At first, it felt like a clean slate. However, here’s the uncomfortable truth: your data rarely stays gone. In many cases, February is when it quietly returns.

    Privacy does not work as a one-time cleanup. Instead, it requires ongoing maintenance, because data brokers design their systems to outlast your best intentions.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    STOP DATA BROKERS FROM SELLING YOUR INFORMATION ONLINE
     

    Cybersecurity advocates urge continuous monitoring to prevent data brokers from recreating deleted profiles. (Smith Collection/Gado/Getty Images)

    How data brokers re-list your information (even after you delete it)

    Most people assume that once they remove their profile from a data broker site, it’s gone for good.

    That’s not how the system works. Data brokers don’t “store” your information the way a normal website does. They rebuild it constantly using automated data feeds from:

    • Credit headers
    • Property and mortgage records
    • Utility registrations
    • Loyalty programs
    • App tracking efforts
    • Court filings and public databases
    • Online purchases and subscriptions

    Every few weeks, their systems can re-ingest new records and match them to your identity. That means:

    • Your old address gets replaced with your new one
    • Your new phone number appears
    • Your relatives are updated
    • Your age, job history and household data refresh
    • Your digital footprint grows more detailed over time

    Even if you removed your profile in January, the next data refresh can quietly re-create it in February under a slightly different variation of your name. This is why people often say: “I removed my data… and then found it again a month later.” It wasn’t a mistake. It’s how the business model works.

    Why January cleanups still leave you exposed

    Manual opt-outs feel empowering at first. However, they rarely last. The real issue is scale: hundreds of data brokers collect, trade and republish personal information, and many share data with one another. As a result, removing your profile from one site does not stop the spread. Instead:

    • Another broker re-adds you using a new source
    • A third site scrapes the refreshed profile
    • A fourth copies the updated record
    • The cycle starts again

    You’re not fighting one website. You’re fighting a self-healing network of databases that rebuild your profile every few weeks. That’s why January cleanups don’t protect you throughout the year. Scammers know this. They don’t just scrape old databases; they wait for newly refreshed lists that contain your:

    • Current phone number
    • Correct address
    • Relatives
    • Likely income range
    • Age and life stage

    By February and March, those lists are already circulating again.

    10 SIGNS YOUR PERSONAL DATA IS BEING SOLD ONLINE

    Data servers are shown with wires sticking out of them.

    Experts warn January privacy cleanups may not last as data broker databases refresh in February. (Jason Alden/Bloomberg via Getty Images)

    What scammers get when your profile is rebuilt

    When your data comes back, it doesn’t just sit on a website. It becomes fuel for:

    That’s why scams feel personal now.  Criminals often have access to:

    • Your current address
    • Names of relatives
    • Your age
    • Your likely income range

    Rather than guessing, scammers search your profile and build their pitch around real details. That precision is what makes today’s fraud attempts so convincing.

    What ‘ongoing removal’ actually protects against

    This is where most people misunderstand privacy tools. The real threat isn’t the old profile you deleted. It’s the next version that gets created.

    Ongoing removal means:

    • Your data is constantly scanned across broker networks
    • New profiles are detected as soon as they appear
    • Fresh listings are removed automatically
    • Re-created records don’t get time to circulate.

    Instead of playing whack-a-mole once a year, you block the rebuild cycle itself. This is the only way to stay ahead of systems designed to outlast you.

    SPYWARE CAN HIJACK YOUR PHONE IN SECONDS

    A person holds a phone with both hands.

    Ongoing data removal services aim to stop personal profiles from reappearing across broker networks. (Elisa Schu/picture alliance via Getty Images)

    How to stop data brokers from rebuilding your profile

    If you truly want to stay off data broker sites, you need a system that:

    1. Scans for new profiles
    2. Removes them as they appear
    3. Keeps doing it every month.

    That’s what a data removal service was built for. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. 

    These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. 

    By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Why this matters more in February than January

    In January, people clean up their digital footprint. By contrast, February is when many data brokers refresh their databases and scammers begin working from newly updated lists. Instead of sending alerts, brokers quietly republish your details. 

    You receive no warning when your profile reappears, and no notification when someone resells your information. As a result, most people only realize what happened after a scam email hits their inbox or a suspicious call lights up their phone. 

    For that reason, February becomes the moment of confusion. That is when readers often say, “I thought I already handled this.”

    Kurt’s key takeaways

    At the start of the year, you did what most people avoid. You searched your name, opted out of broker sites and took control of your information. However, privacy does not work like a one-time spring cleaning. Instead, it works more like lawn care. The moment you stop maintaining it, the growth returns. Data brokers constantly refresh and rebuild profiles. They pull from public records, commercial feeds and shared databases. As a result, when your profile reappears, scammers do not treat it like old data. They treat it like fresh intelligence. That is exactly why February matters. While January feels proactive, February is when many databases quietly update and republish information. So if you want lasting control, you need consistent monitoring and ongoing removal, not a single annual cleanup. The real objective is not simply deleting an old profile. Rather, it is stopping the next version from spreading in the first place. Ultimately, privacy is not about what you remove. It is about what never comes back.

    Have you ever removed your personal information from a data broker site, only to find it listed again weeks later?  Let us know your thoughts by writing to us at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved.

    Related Article

    Stop data brokers from selling your information online

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Your phone is now a crime scene in your pocket

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Take a second and look at your phone. It knows where you slept last night. Who you texted. What you searched. Where you drove.

    For investigators, that information can turn into evidence fast. In fact, a major new survey found smartphones now show up in almost every criminal investigation.

    In other words, your phone can become the primary crime scene. And that should get your attention.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Detectives say smartphones act as “a crime scene in your pocket,” storing messages, GPS history and payment records. (Anna Barclay/Getty Images)

    Why smartphones have become the center of crime investigations

    Your phone is always with you. It logs:

    • Text messages and chats
    • Photos and videos
    • GPS location history
    • App activity
    • Call logs
    • Payment records

    According to the 2026 Industry Trends Report from Cellebrite, a digital forensics company that provides tools to law enforcement and investigators, smartphones are now the most cited source of digital evidence in criminal cases at 97%. The report shows that mobile data can reveal where a person has been, who they communicate with and patterns of daily life.

    For that reason, many in law enforcement now describe the smartphone as “a crime scene in your pocket” to illustrate how deeply these devices factor into investigations. That phrase may sound dramatic. It is not. It reflects how investigations now unfold in the U.S. and around the world. In many criminal cases, phone data regularly helps:

    • Reconstruct timelines using cell site and GPS data
    • Place suspects near crime scenes
    • Confirm or contradict alibis
    • Recover deleted messages
    • Track digital payments

    Police agencies have testified in court that smartphone extractions help establish sequences of events faster than traditional methods. Modern policing no longer relies only on fingerprints and surveillance footage. It often begins with digital footprints.

    Real cases where phone data made the difference

    This is happening in courtrooms right now. Case in point, in the prosecutions tied to the Gilgo Beach serial killings in New York, investigators leaned heavily on burner phone data, cell site records and digital communications to link the suspect to victims. Mobile records helped narrow movements, connect devices and support key search warrants.

    In the ongoing University of Idaho murder case, prosecutors have relied on smartphone location data, digital mapping history and phone activity logs to build a timeline. Location records helped place the suspect’s phone near the crime scene during critical time windows.

    Fraud investigations across the U.S. tell a similar story. In large-scale romance scams and crypto investment schemes, law enforcement now uses smartphone chat logs, transaction screenshots and crypto wallet trails to follow the money. Cryptocurrency evidence appears in a growing share of cases as online scams surge.

    The pattern is clear. Phone data can protect the innocent by confirming where someone was. It can also reveal intent through messages, searches and digital payments.

    Here is what matters most for everyday Americans. Even if you are not committing a crime, your phone creates a detailed and often lasting record of your life. And in today’s justice system, that record carries real weight.

    BRYAN KOHBERGER’S PHONE RECORDS REVEAL PANICKED SEARCHES AFTER POLICE UNCOVERED KEY DETAIL

    Bryan Kohberger sits in court in an orange jumpsuit.

    Bryan Kohberger appears at the Ada County Courthouse in Boise, Idaho, on July 23, 2025, for sentencing in the University of Idaho murders case, where prosecutors relied heavily on cellphone location data and digital evidence. (Kyle Green-Pool/Getty Images)

    The rise of crypto and AI in criminal cases

    The report revealed another important trend. Cryptocurrency is now the fastest-growing source of evidence. Investigators cited crypto data in 22% of cases, largely due to the explosion of online scams and fraud. If you have followed ransomware attacks or crypto investment scams, this makes sense. Payments leave blockchain trails. Law enforcement increasingly follows the money.

    Meanwhile, 65% of detectives believe AI tools can speed up investigations. A typical case can require up to 35 hours of digital review. About 60% of that time goes to sorting and evaluating data. That creates pressure. And pressure can lead to mistakes.

    Experts warn that generative AI can deliver convincing but inaccurate results if no one double-checks them.

    The hidden bottlenecks behind digital evidence

    The report also highlights challenges investigators face behind the scenes. More than half of devices arrive locked. Many investigators report difficulty accessing iOS and Android phones due to constant software updates and encryption. Most teams still review evidence manually. Only a small share of users use advanced analytical tools to connect data across devices and cases. On top of that, agency leaders say training gaps and rising data volume are slowing investigations and stretching resources. As digital evidence grows, so do the pressure points inside the system.

    What this means for you

    Here is the part most people miss. Even if you never plan to break the law, your phone can:

    • Place you at a location
    • Show who you were with
    • Reveal what you searched
    • Expose private conversations
    • Document your purchases

    Sometimes that helps you. It can prove an alibi. It can clear your name. Other times, it raises serious privacy questions. Who has access to your data? How long is it stored? How securely is it handled?

    In most criminal investigations, law enforcement must obtain a warrant or other court-approved legal process to access the contents of your phone. But the sheer volume of data these devices hold has exploded. And that changes the stakes.

    Smartphone data and the growing privacy debate

    We live in an era where digital evidence is the backbone of modern justice. That helps solve crimes. It protects victims. It speeds up investigations. But it also means the device in your pocket contains a map of your life.

    As smartphone digital evidence becomes central to 97% of cases, we need to ask hard questions about privacy, oversight and AI accuracy. Because once data exists, it can be used.

    5 SIMPLE TECH TIPS TO IMPROVE DIGITAL PRIVACY

    A smartphone is placed in a plastic evidence bag.

    Smartphones now appear in 97% of criminal investigations, with law enforcement relying on mobile data to reconstruct timelines and track suspects. (Boris Roessler/picture alliance via Getty Images)

    Tech tips: Protect your digital footprint

    You cannot eliminate your digital trail. But you can reduce unnecessary exposure.

    1) Review location settings

    Turn off constant location access for apps that do not need it. On iPhone and Android, set most apps to “While Using” instead of “Always.”

    2) Use encrypted messaging

    Apps like Signal and WhatsApp use end-to-end encryption, which means messages are scrambled so only you and the recipient can read them. Apple’s iMessage also uses end-to-end encryption for conversations between Apple devices. Strong encryption protects your messages from hackers and data breaches. It is also why law enforcement often cannot read message content without access to the physical device. Keep in mind that encryption protects message content, not everything around it. Metadata such as who you contacted and when may still exist.

    3) Lock down cloud backups

    Check whether your messages and photos back up to the cloud. Cloud data can become part of investigations.

    4) Enable strong authentication

    Use a long passcode, not a simple four-digit PIN. Turn on biometric security and two-factor authentication (2FA).

    5) Think before you search

    Search history, voice assistant queries and in-app messages often live longer than you expect.

    6) Keep your phone updated

    Security updates patch vulnerabilities that criminals exploit. They also protect your data from being stolen in breaches.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    Kurt’s key takeaways

    Your phone is no longer just a communication tool. It is a timeline, a diary and a witness. For law enforcement, that is powerful. For you, it is a reminder that convenience comes with consequences. The next time you tap “Allow” on a permissions request, remember this. You are not just installing an app. You are adding another entry to your digital twin.

    If your phone tells the story of your life, who should control that story when it matters most? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved.

    Related Article

    Your phone is tracking you even when you think it’s not

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Reddit hit with $20 million UK data privacy fine over child safety failings

    [ad_1]

    LONDON — Britain’s data privacy watchdog slapped online forum Reddit on Tuesday with a fine worth nearly $20 million for failures involving children’s personal information.

    The Information Commissioner’s Office said it issued the penalty worth 14.5 million pounds ($19.5 million) because the failures resulted in the platform using children’s data “unlawfully.”

    “Children under 13 had their personal information collected and used in ways they could not understand, consent to or control. That left them potentially exposed to content they should not have seen,” said Information Commissioner John Edwards. “This is unacceptable and has resulted in today’s fine.”

    The U.K. privacy regulator has been escalating scrutiny of online platforms over child safety. Earlier this month it hit MediaLab, owner of image-sharing site Imgur, with a 247,590 pound fine over similar failures and it has also been investigating TikTok since last year.

    The watchdog took issue with Reddit’s age verification measures. It said that even though the platform doesn’t allow children under 13 to use its service, it didn’t have any way to check the ages of its users before July 2025.

    Edwards said online platforms that are likely to be accessed by children are responsible for protecting them by making sure they’re not exposed to any risks “through the way their data is used.” They can do this with “effective age assurance measures,” he said.

    Reddit rolled out age verification measures in July 2025 in order for users to access mature content, including asking them to declare their age when setting up an account.

    But the watchdog said “self-declaration” is easy to bypass and that it told Reddit it would continue to monitor the platform’s handling of children’s data.

    Reddit said it would appeal the decision.

    “Reddit doesn’t require users to share information about their identities, regardless of age, because we are deeply committed to their privacy and safety,” the company said in a statement. “The ICO’s insistence that we collect more private information on every UK user is counterintuitive and at odds with our strong belief in our users’ online privacy and safety.”

    [ad_2]

    Source link

  • Spyware can hijack your phone in seconds

    [ad_1]

    NEWYou can now listen to Fox News articles!

    You already know malware is out there. You hear about phishing emails, fake apps and data breaches almost every week. But every so often, something comes along that feels more personal. ZeroDayRAT spyware is one of those threats.

    If your device gets infected, attackers can see almost everything happening on your phone. That includes your messages, notifications, location and even live camera feeds. Let that sink in for a second.

    This is not some clunky virus from years ago. Security researchers at iVerify, a mobile security and digital forensics company, describe it as a complete mobile compromise toolkit. And it works on both iPhone and Android devices.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    ZeroDayRAT spyware can secretly access messages, camera feeds and banking apps on infected iPhone and Android devices. (Stefan Sauer/picture alliance via Getty Images)

    What makes ZeroDayRAT spyware so dangerous?

    Many types of malware focus on one goal. Some steal passwords. Others spy on text messages. ZeroDayRAT spyware goes much further.

    Once installed, the infected device starts transmitting data back to a central dashboard controlled by the attacker. From there, they get:

    • A full stream of incoming notifications
    • A searchable inbox of text messages
    • Device model and operating system details
    • Battery level and lock status
    • Network activity and app usage

    In other words, they can build a detailed profile of your daily life. Reports say the dashboard even shows a live activity timeline. That timeline reveals who you talk to most, which apps you use and when you are most active online. For anyone who values privacy, that is chilling.

    It can watch and listen in real time

    Here is where things get even more disturbing.

    ZeroDayRAT spyware includes keylogging and live surveillance tools. That means attackers can:

    • Capture every keystroke with context
    • See which app you opened
    • Track how long you spent inside it
    • Record gestures and inputs
    • Access your microphone
    • Activate your front or rear camera
    • View your screen in real time

    Imagine someone watching your screen as you log into your bank account. Or listening while you have a private conversation. This is not a hypothetical capability. According to reporting, those features are built directly into the platform.

    Your banking and crypto apps are targets too

    Many people assume mobile malware only steals passwords. ZeroDayRAT spyware goes after money directly. It reportedly includes tools designed to target digital payment and banking apps such as Apple Pay and PayPal. It can also intercept banking notifications and use clipboard injection to redirect cryptocurrency transfers to the attacker’s wallet.

    Even without full remote control of your phone, that level of access is enough to drain accounts and steal digital assets. And here is another troubling detail. Reports indicate the platform is openly sold on Telegram, which lowers the barrier for would-be cybercriminals. You do not need advanced hacking skills to use it. That combination of power and accessibility makes this threat especially concerning.

    Why Apple and Google are tightening app rules

    There is a reason Apple strongly discourages installing apps outside the App Store. Google is also exploring changes to how sideloading works on Android. When apps bypass official stores, security screening becomes weaker. That opens the door for spyware like ZeroDayRAT to sneak in. While no system is perfect, sticking to trusted app marketplaces dramatically lowers your risk.

    How to tell if ZeroDayRAT spyware is on your phone

    Advanced spyware is designed to stay hidden. You may not see a flashing warning that something is wrong. Still, your phone often gives subtle clues when something is off. Watch for these warning signs.

    Unusual battery drain

    Spyware that streams data, records audio or tracks location runs constantly in the background. If your battery suddenly drains much faster than normal, especially after no major app changes, that can be a red flag.

    Phone overheating without heavy use

    If your device feels hot even when you are not gaming or streaming video, background surveillance activity could be consuming resources.

    Strange data usage spikes

    Check your mobile data usage in settings. A sudden jump may indicate that your phone is transmitting large amounts of information to an external server.

    Unknown apps or configuration changes

    Look for apps you do not remember installing. On iPhone, check for unknown configuration profiles under Settings. On Android, review installed apps and device administrator permissions.

    Unexpected login alerts

    If you receive password reset emails or login alerts you did not trigger, assume your credentials may be compromised.

    Microphone or camera indicators are activating randomly

    Both iPhone and Android show visual indicators when the camera or microphone is in use. If those indicators appear when you are not actively using them, investigate immediately.

    If you suspect spyware, do not ignore it. Back up essential data, perform a factory reset and restore only trusted apps. In severe cases, consult a mobile security professional.

    149 MILLION PASSWORDS EXPOSED IN MASSIVE CREDENTIAL LEAK

    Person typing on their phone's keyboard.

    Security researchers warn ZeroDayRAT functions as a full mobile surveillance toolkit sold openly online. (Photographer: Angel Garcia/Bloomberg via Getty Images)

    How to remove ZeroDayRAT spyware from your phone

    If you believe your phone may be infected, act quickly. Do not keep using it normally while you figure things out. Follow these steps.

    1) Disconnect immediately

    Turn off Wi-Fi and cellular data. This stops the spyware from sending more data to the attacker while you take action.

    2) Change your passwords from a different device

    Do not use the potentially infected phone to change passwords. Use a trusted computer or another secure device. Update passwords for email, banking, social media and payment apps first. Enable two-factor authentication (2FA) on every account. Consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse.  Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

    3) Run a trusted mobile security scan

    Install and run strong antivirus software on your phone. Let it scan your device for malicious apps, suspicious configuration profiles or hidden spyware components. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    4) Remove suspicious apps and profiles

    On iPhone, check SettingsGeneralVPN & Device Management for unknown configuration profiles. Delete anything you do not recognize. On Android, review installed apps and remove anything unfamiliar. Also, check device administrator settings and revoke access from unknown apps.

    5) Back up essential data carefully

    If you plan to reset your phone, back up only photos, contacts and critical files. Avoid restoring full system backups that could reintroduce malicious software.

    6) Perform a factory reset

    A full factory reset on your iPhone or Android is often the most effective way to remove advanced spyware. This wipes the device and removes hidden malware components. After the reset, reinstall apps manually from the official app store instead of restoring everything automatically. Before performing a factory reset, back up important photos, contacts and files, as this process permanently deletes everything stored on the device.

    7) Monitor your financial accounts

    Because ZeroDayRAT targets banking and crypto apps, watch your accounts closely for unusual transactions. Contact your bank immediately if you see suspicious activity.

    When to replace the device

    In rare cases, if the phone was deeply compromised or jailbroken, replacing the device may be the safest option. While that sounds extreme, protecting your identity and finances is worth more than the cost of a new phone.

    Ways to stay safe from ZeroDayRAT spyware

    The good news is that you still have control over your digital safety. Start with these practical steps to reduce your risk of infection and limit the damage if spyware ever targets your phone.

    1) Avoid sideloading apps

    Only install apps from the App Store or Google Play Store. Official stores screen apps for malicious code and remove threats when discovered. Do not download apps from links in emails or text messages. If an app asks you to install it from outside the store, treat that as a red flag.

    2) Think before you tap and use strong antivirus protection

    Do not click links from unknown senders. Even one tap can trigger a malicious download or redirect you to a fake login page. Install strong antivirus software on your mobile device. Good mobile security apps scan for spyware, block malicious websites and warn you about suspicious behavior in real time. Some also alert you if your personal information appears in known data breaches, which adds another layer of protection. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    3) Keep your phone updated

    Install operating system updates as soon as they become available. Security updates patch vulnerabilities that spyware platforms like ZeroDayRAT try to exploit. Turning on automatic updates helps ensure you do not miss critical fixes.

    4) Review app permissions regularly

    Check which apps have access to your camera, microphone and location. Remove permissions that do not make sense. If a simple game wants constant microphone access, that should raise questions. Limiting permissions reduces what spyware can capture.

    5) Use strong authentication

    Turn on two-factor authentication (2FA) for banking, email and social media accounts. Even if spyware captures a password, that second verification step can stop attackers from logging in. Use a reputable password manager to create strong, unique passwords for every account.

    6) Use a data removal service to reduce your exposure

    Spyware operators often profile targets using personal data that is already available online. Data broker websites collect your phone number, address, relatives and more. A reputable data removal service can help remove your personal details from many of these sites. The less information criminals can gather about you, the harder it becomes to target you with convincing phishing attacks or social engineering.  Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com. Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Do not bypass your phone’s built-in security protections

    Some people modify their phones to remove manufacturer restrictions so they can install unofficial apps or customize the system. On an iPhone, this is called jailbreaking. On Android, it is known as rooting. While that may sound harmless, it removes important security safeguards that are designed to block spyware and malicious software. Once those protections are gone, threats like ZeroDayRAT have a much easier time installing and hiding on your device. Keeping your phone in its original security state adds a powerful layer of protection that most people never see but benefit from every day.

    YOUR PHONE SHARES DATA AT NIGHT: HERE’S HOW TO STOP IT

    Woman typing on her smartphone.

    Experts say the spyware can activate a phone’s microphone and camera without a user’s knowledge. (Karl-Josef Hildenbrand/picture alliance via Getty Images)

    Kurt’s key takeaways

    ZeroDayRAT spyware feels unsettling because it attacks something we rely on every day. Your phone holds your conversations, photos, financial apps and personal routines. When a single piece of malware can see your screen, hear your voice and track your location, the stakes get higher. The silver lining is this. Most infections still depend on user action. A bad link was clicked. A suspicious app was installed. A warning ignored. Staying cautious may not sound exciting, but it remains one of the strongest defenses you have.

    Now here is the question worth asking. If spyware can already access your camera, messages and money in one package, are tech companies and app stores doing enough to protect you? Let us know your thoughts by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Related Article

    Android malware hidden in fake antivirus app

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Police are finding suspects based on their online searches as courts weigh privacy concerns

    [ad_1]

    HARRISBURG, Pa. — Criminal investigators hoping to develop suspects in difficult cases have been asking Google to reveal who searched for specific information online, seeking “reverse keyword” warrants that critics warn threaten the privacy of innocent people.

    Unlike traditional search warrants that target a known suspect or location, keyword warrants work backward by identifying internet addresses where searches were made in a certain window of time for particular terms, such as a street address where a crime occurred or a phrase like “pipe bomb.”

    Police have used the method to investigate a series of bombings in Texas, the assassination of a Brazilian politician and a fatal arson in Colorado.

    It’s not a wild guess by investigators to conclude that people are using Google searches in all manner of crimes, as the company’s search engine has become the main gateway to the internet and users’ daily lives increasingly leave online traces. The potential value to investigators of the data Google collects is obvious in cases with no suspect, such as the search for Nancy Guthrie’s kidnapper.

    The legal tension between the need to solve crimes quickly and the U.S. Constitution’s Fourth Amendment protections against overly broad searches was at the heart of a recent Pennsylvania Supreme Court decision that upheld the use of a reverse keyword warrant in a rape investigation.

    Privacy advocates see it as giving police “unfettered access to the thoughts, feelings, concerns and secrets of countless people,” according to an amicus brief filed in the Pennsylvania appeal by the American Civil Liberties Union, the Internet Archive and several library organizations.

    In response to written questions about the warrants, Google provided an emailed statement: “Our processes for handling law enforcement requests are designed to protect users’ privacy while meeting our legal obligations. We review all legal demands for legal validity, and we push back against those that are overbroad or improper, including objecting to some entirely.”

    Pennsylvania State Police were stymied in their investigation into the violent rape of a woman in 2016 on a remote cul-de-sac outside Milton, a small community in the center of the state. With no clear leads, police obtained a warrant directing Google to disclose accounts that searched for the victim’s name or address over the week when she was attacked.

    More than a year later, Google reported two searches for the woman’s address were made a few hours before the assault from a specific IP address, a numeric designation that lists where a phone or computer lives on the internet.

    That led them to the home of a state prison guard named John Edward Kurtz.

    Police then conducted surveillance and collected a cigarette butt he discarded that matched DNA recovered from the victim, according to court records. He confessed to the rape and attacks involving four other women over a five-year period, and was convicted in 2020. Now 51, he’s been sentenced to 59 to 280 years.

    Kurtz’s attorneys argued police lacked probable cause to obtain the information and impinged on his privacy rights.

    The state Supreme Court rejected those claims late last year but split on the reasons why. Three justices said Kurtz should not have expected his Google searches to be private, while three more said police had probable cause to look for anyone who searched the victim’s address before the attack. But a dissenting justice said probable cause requires more than just a “bald hunch” and guessing that a perpetrator would have used Google.

    Kurtz lawyer Douglas Taglieri made the same point in a court filing, but conceded, “It was a good guess.”

    Julia Skinner, a prosecutor in the case, said reverse keyword searches are much more effective when there are specific and even unusual terms that can narrow results, such as a distinctive name or an address. They are also particularly effective when crimes appear to have been planned out beforehand, she said.

    “I don’t think they’re used super frequently, because what you need to target has to be so specific,” she said. There were 57 searches returned in the Kurtz case, but many of them were first responders trying to locate the home in the immediate aftermath of the crime, Skinner said.

    In the similar case in Colorado, police sought the IP addresses of anyone who searched over a 15-day period for the address of a home where a deadly arson occurred. Authorities got IP addresses for 61 searches made by eight accounts, ultimately helping identify three teenage suspects.

    The Colorado Supreme Court ruled in 2023 that although the keyword warrant was constitutionally defective for not specifying an “individualized probable cause,” the evidence could be used because police had acted in good faith about what was known about the law at the time.

    “If dystopian problems emerge, as some fear, the courts stand ready to hear argument regarding how we should rein in law enforcement’s use of rapidly advancing technology,” the majority of Colorado justices ruled.

    Courts have long permitted investigators to seek things like bank records or phone logs. However, civil liberties groups say extending those powers to online keywords turns every search user into a suspect.

    It’s unclear how many keyword warrants are issued every year — Google does not break down the total number of warrants it receives by type, according to the Electronic Frontier Foundation and the Pennsylvania Association of Criminal Defense Lawyers in a January 2024 brief.

    The two groups said police working on the bombings in Austin, Texas, sought anyone who searched for terms such as “low explosives” and “pipe bomb.” And in Brazil, investigators trying to solve the 2018 assassination in Rio de Janeiro of the politician Marielle Franco asked for those who searched for Franco’s name and the street where she lived. A Brazilian high court is expected to decide soon on the legality of those search disclosures.

    Reverse keyword warrants are distinct from “geofence” warrants, where criminal investigators seek information about who was in a given area at a particular time. The U.S. Supreme Court said last month it will rule on that method’s constitutionality.

    For many people, their Google search history contains some of their most personal thoughts, from health issues and political beliefs to financial decisions and spending patterns. Google is introducing more artificial intelligence into its search engine, seemingly a way to learn even more about users.

    “What could be more embarrassing,” asked University of Pennsylvania law professor and civil rights lawyer David Rudovsky, if every Google search “was now out there, gone viral?”

    Google warns users personal information can be shared outside the company when it has a “good-faith belief that disclosure of the information is reasonably necessary” to respond to applicable laws, regulations, legal processes or an “enforceable government request.”

    In the Kurtz case, Pennsylvania Justice David Wecht drew a distinction between Kurtz deciding to search for the victim’s name on Google and a 2018 U.S. Supreme Court decision that limited the use of broad collections of cellphone location data.

    “A user who wants to keep such material private has options,” Wecht wrote. “That user does not have to click on Google.”

    ___

    AP Technology Writer Michael Liedtke in San Francisco and writer Mauricio Savarese in Sao Paulo, Brazil, contributed.

    [ad_2]

    Source link

  • Why a credit freeze isn’t the end of identity theft

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Most U.S. data breach disclosures explain what information was leaked and any protective steps available to consumers.

    At the federal level, the Federal Trade Commission advises that after a breach involving sensitive personal information, consumers may consider placing a credit freeze to help prevent new credit accounts from being opened in their name.

    Many people place that credit freeze and assume they’re protected. But a credit freeze is not a comprehensive block against identity theft. It stops most new credit applications, but it doesn’t prevent the misuse of your Social Security number or account takeovers.

    7 SIMPLE WAYS TO PROTECT YOUR CREDIT CARDS WHILE TRAVELING

    A credit freeze limits access to your credit report, which can stop most new credit accounts from being opened in your name.  (Felix Zahn/Photothek via Getty Images)

    Sign up for my FREE CyberGuy Report: Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    What a credit freeze actually does

    A credit freeze, also called a security freeze, limits access to your credit report at Equifax, Experian, and TransUnion. Under federal law, placing a freeze is free. When a freeze is in place, most lenders can’t access your credit file to evaluate applications for new credit cards or lines of credit. If a creditor can’t see your credit report, the application will usually be denied.

    You can manage your credit freeze with each bureau individually. With Experian, for example, you sign in to your free online account at Experian’s credit freeze page and then place, lift, or schedule a thaw; you can also call Experian’s toll-free number (888-397-3742). If you plan to apply for credit, you must lift the freeze beforehand.

    A credit freeze blocks most new accounts that require a credit check. It does not extend beyond your credit file.

    Some identity protection services offer a credit lock feature that allows you to restrict access to your credit file through a mobile app. Like a freeze, it can limit new credit checks. The main difference is convenience, as you can typically turn it on or off quickly without logging into a bureau’s website or calling by phone.

    Credit freezes can’t stop every form of identity theft

    A credit freeze blocks new credit accounts, but it does not stop many common forms of identity theft that do not require a credit check.

    • Account takeovers: If someone has access to an existing credit card or bank account, they don’t need to open a new line of credit. They can change the email address, phone number, or mailing address tied to the account and begin making charges.
    • Tax identity theft: A fraudulent federal tax return does not need a credit check. If someone files a return using your SSN before you do, the IRS may reject your legitimate filing.
    • Employment fraud: If your SSN is used for employment, it will not appear as a credit inquiry. Instead, the earnings may be recorded under your Social Security record.
    • Government benefits fraud: Unemployment insurance and other state-administered benefits do not require a traditional credit check.
    • Medical identity theft: A stolen identity can be used to get medical treatment. Bills may not appear until the provider sends the account to collections.

    HOW TO SAFELY VIEW YOUR BANK AND RETIREMENT ACCOUNTS ONLINE

    Elderly man using smarphone and credit card

    Identity theft like tax fraud, account takeovers and government benefits abuse does not require a credit check. (iStock)

    What happens when the fraud doesn’t involve a credit inquiry?

    When identity theft happens outside the credit approval process, there is no automatic reversal. Each category of fraud is handled by a different agency or company.

    • If a fraudulent tax return is filed, you must work directly with the IRS and submit Form 14039, Identity Theft Affidavit. The IRS may require identity verification before releasing a refund.
    • If your SSN is used for employment, you must contact the Social Security Administration to correct your earnings record.
    • If government benefits are fraudulently claimed in your name, the state agency is involved. There is no federal clearinghouse.
    • If medical debt appears in collections, you must dispute it with both the provider and the collection agency, often in writing.

    There is no single agency coordinating these corrections. You’re responsible for identifying the fraud, filing the appropriate reports, and tracking responses across agencies.

    If a freeze isn’t the end, what is?

    A credit freeze addresses risks tied to new credit applications. Identity theft often goes beyond that. Comprehensive identity protection typically includes credit monitoring across all three major bureaus, alerts for new inquiries or accounts, and monitoring for exposed personal information such as Social Security numbers, driver’s license numbers, passport details, email addresses, and passwords.

    Some services also monitor public records, address changes, identity verification activity, and even suspicious financial transactions when accounts are linked. Early alerts can help you spot fraud before it spreads.

    If identity theft does occur, recovery can be complicated. Some identity protection plans provide access to fraud resolution specialists who help contact creditors, place fraud alerts, dispute unauthorized accounts, and prepare required documentation. Many also include identity theft insurance to help cover eligible recovery expenses, such as lost wages or legal fees.

    No service can prevent every form of identity theft. But layered monitoring, fast alerts, and guided recovery support can make the damage easier to contain and resolve.

    See my tips and best picks on Best Identity Theft Protection at Cyberguy.com.

    Kurt’s key takeaways

    Man paying for his purchase.

    When fraud happens outside your credit file, you must work directly with each agency to correct the damage. (Leonie Asendorpf/picture alliance via Getty Images)

    A credit freeze is a smart move after a data breach, but it is only one layer of protection. Many forms of identity theft do not involve a credit check, which means they can happen quietly and take time to fix. Real protection comes from understanding the gaps, monitoring your accounts, and acting quickly if something looks wrong. The more proactive you are, the easier recovery becomes.

    Have you placed a credit freeze, and did you know it does not protect against every type of identity theft? Let us know your thoughts by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report: Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • YouTube TV billing scam emails are hitting inboxes

    [ad_1]

    NEWYou can now listen to Fox News articles!

    An email arrived that looked like a routine billing alert for YouTube TV Premium. Near the top, it displayed “BILLING FAILED” in capital letters. Below that, the message claimed the payment was declined and urged immediate action to keep streaming. This email was sent to us by Jackie from New York, NY, who immediately knew something was wrong.

    “I’m not a YouTube TV Premium subscriber so I knew right away this was a scam. So why am I receiving these emails?”

    — Jackie from New York, NY

    That question matters. If a billing alert references a service you do not use, it is almost always a scam. The email still appeared legitimate. Billing notices like this are common, and scammers rely on that familiarity to slip past quick checks.

    Another warning sign appeared in the sender’s details. The message was routed through a domain with no connection to Google or YouTube. That mismatch confirmed what Jackie already suspected.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    TAX SEASON SCAMS 2026: FAKE IRS MESSAGES STEALING IDENTITIES

    Cybersecurity experts warn that billing emails from domains unrelated to Google or YouTube are a major red flag. (Photo by S3studio/Getty Images)

    Why this scam feels so convincing

    Scammers understand behavior. People skim emails. They react quickly when access to familiar services feels threatened. This message uses recognizable branding, clean formatting and simple language. It also assumes the recipient already subscribes. That assumption is intentional. These emails go out in bulk, knowing some recipients really do have YouTube TV and may act before verifying.

    Urgency language is meant to push for quick action

    Scam emails rely on pressure. This one uses several subtle cues.

    ‘BILLING FAILED’ draws immediate focus

    Capital letters pull attention to the problem first. It feels like a system notice, even though no real account check took place.

    ‘Fix your payment now to keep streaming’ creates momentum

    That line suggests access could stop at any moment. Scammers know interruptions feel urgent, so they push fast decisions.

    ‘Status: Payment declined’ sounds technical

    The word status makes the message feel automated and official. In reality, scammers use vague labels because they cannot see real billing data.

    ‘Date: Today’ adds time pressure

    Including today makes the issue feel current and unresolved. Legitimate companies rarely demand same-day action through email links alone.

    When urgency replaces clarity, that pressure itself becomes the warning sign.

    ROBINHOOD TEXT SCAM WARNING: DO NOT CALL THIS NUMBER

    YouTube playing on a TV screen.

    Scam emails mimicking YouTube TV billing notices use urgent language and fake support buttons to steal login and payment details. (Robert Michael/picture alliance via Getty Images)

    Red flags hiding in plain sight

    The layout of the email matters as much as the wording.

    “Confirm billing” buttons are designed to prompt clicks

    The red CONFIRM BILLING button encourages action before verification. Real companies usually direct users to sign in normally, not through a single email button.

    “Contact support” links can be misleading

    The black CONTACT SUPPORT button looks official and helpful. In scam emails, these links often lead to fake support pages or phishing forms.

    Color and design influence behavior

    Red suggests urgency. Dark colors suggest authority. Familiar branding builds comfort. Together, they encourage quick action.

    If an email pushes any button to fix a problem, pause and verify first.

    The biggest red flag most people miss

    The message claims to be about YouTube TV. The sending infrastructure points somewhere else. Lifeheaters.com has no legitimate relationship with Google or YouTube. Billing emails should always come from official domains tied directly to the company.

    We reached out to Google, YouTube’s parent company, and a spokesperson told us, “We can confirm that this is a phishing scam and not an official communication from YouTube.”

    How to protect yourself from YouTube TV billing email scams

    If you receive a billing alert like this, pause before acting. Scammers rely on speed and stress. These steps help you stay in control.

    1) Go straight to the official website or app

    Instead of clicking links in the email, open a new browser tab. Then go directly to the official YouTube TV website or app. Real billing issues always appear inside your account dashboard.

    2) Check billing inside your account settings

    Once you are logged in, review your payment status. If there is a real problem, you will see it there. If everything looks normal, the email is fake.

    3) Inspect links before you click

    Hover your cursor over any link in the email. Look closely at the destination. If the domain does not clearly match Google or YouTube, do not click it. That mismatch is a major warning sign. Also, installing strong antivirus software adds a critical layer of protection. It can block malicious links, flag phishing pages and stop malware before it installs. That matters if you accidentally click the wrong thing. The best way to protect yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

    4) Act fast if you already clicked

    If you clicked the link or entered information, respond quickly. Change your Google password right away. Consider using a password manager to securely store and generate complex passwords, reducing the risk of password reuse.  Then review recent account activity and payment methods for any suspicious activity.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    5) Remove your data from data broker sites

    Scammers often target people using leaked personal data. A data removal service helps reduce how much of your information is floating around online. Less exposed data means fewer targeted scam attempts.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Watch for sender domains that do not match

    Legitimate companies send billing emails from their own domains. A message about YouTube TV should never route through an unrelated site like lifeheaters.com. That disconnect alone is enough to walk away.

    7) Never update payment info through email links

    Scammers want your login details or credit card number. Avoid giving them either. Always update billing information directly inside your account, not through an email prompt.

    HOW TO SAFELY VIEW YOUR BANK AND RETIREMENT ACCOUNTS ONLINE

    YouTube app download screen.

    Google confirmed a YouTube TV “billing failed” email routed through an unrelated domain was a phishing scam. (Jakub Porzycki/NurPhoto via Getty Images)

    Kurt’s key takeaways

    This email looked polished. The message felt urgent. The branding felt familiar. Yet one small detail gave it away. Billing emails should always come from official domains and verified accounts. When they do not, trust your instincts and verify independently. Pausing for ten seconds can save you weeks of cleanup.

    Have you received a billing or subscription email that looked real but turned out to be fake? What tipped you off? Let us know your thoughts by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP 

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Cellebrite cut off Serbia citing abuse of its phone unlocking tools. Why not others? | TechCrunch

    [ad_1]

    Last year, the phone hacking tool maker Cellebrite announced it had suspended Serbian police as customers, after human rights researchers alleged local police and intelligence agencies used its tools to hack into the phones of a journalist and an activist, and plant spyware. 

    This was a rare example of Cellebrite publicly cutting off a customer following documented allegations of abuse, citing Amnesty International’s technical report for its decision. 

    But following recent similar accusations of abuse in Jordan and Kenya, the Israeli-headquartered company responded by dismissing the allegations and declining to commit to investigating them. It’s unclear why Cellebrite has changed its approach, which appears contrary to its previous actions.

    On Tuesday, researchers at The University of Toronto’s Citizen Lab published a report alleging the Kenyan government used Cellebrite’s tools to unlock the phone of Boniface Mwangi, a local activist and politician, while he was in police custody. In another report from January, the Citizen Lab accused the Jordanian government of breaking into the phones of several local activists and protesters using Cellebrite’s tools. 

    In both investigations, the Citizen Lab, an organization that has investigated abuses of spyware and hacking technologies around the world, based their conclusions on finding traces of a specific application linked to Cellebrite on the victims’ phones. 

    The researchers said that those traces are a “high confidence” signal that someone used Cellebrite’s unlocking tools on the phones in question, because the same application had been previously found on VirusTotal, a malware repository, and was signed with digital certificates owned by Cellebrite.  

    Other researchers have also linked the same application to Cellebrite.  

    “We do not respond to speculation and encourage any organization with specific, evidence-based concerns to share them with us directly so we can act on them,” Victor Cooper, a spokesperson for Cellebrite, told TechCrunch in an email. 

    When asked why Cellebrite is acting differently from the Serbia case, Cooper said “the two situations are incomparable,” and that, “high confidence is not direct evidence.”

    Cooper did not respond to multiple follow-up emails asking if Cellebrite would investigate the Citizen Lab’s latest report, and what, if any, differences there are with its case in Serbia.

    Contact Us

    Do you have more information about Cellebrite, or other similar companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.

    In both its Kenya and Jordan investigations, the Citizen Lab reached out to Cellebrite in advance of publishing the reports to provide the company with a right to respond. 

    In response to the Jordan report, Cellebrite said that “any substantiated use of our tools in violation of human rights or local law will result in immediate disablement,” but did not commit to investigating the case and declined to disclose specific information about customers. 

    For the Kenya report, however, Cellebrite acknowledged receipt of Citizen Lab’s inquiry but did not comment, according to John Scott-Railton, one of the Citizen Lab researchers who worked on the Cellebrite investigations. 

    “We urge Cellebrite to release the specific criteria they used to approve sales to Kenyan authorities, and disclose how many licenses have been revoked in the past,” Scott-Railton told TechCrunch. “If Cellebrite is serious about their rigorous vetting, they should have no problem making it public.”

    Following previous reports of abuse, Cellebrite, which claims to have more than 7,000 law enforcement customers around the world, cut off relationships with Bangladesh and Myanmar, as well as Russia and Belarus during 2021. Cellebrite previously said it stopped selling to Hong Kong and China following U.S. government regulations restricting the export of sensitive technologies to the country. Local activists in Hong Kong had accused the authorities of using Cellebrite to unlock protesters’ phones.

    [ad_2]

    Lorenzo Franceschi-Bicchierai

    Source link

  • 5 trendy tech words shaping today’s internet culture

    [ad_1]

    NEWYou can now listen to Fox News articles!

    If your social media feed feels noisier, stranger or more manipulated than it used to, you’re not alone. The internet runs on its own language now, and those buzzwords quietly shape what you see, what you don’t see and how companies target you. From viral “slop” content to shadowbans and targeted ads, these terms influence how information spreads and how platforms treat your account.

    Let’s break down five key phrases so you can understand what’s really happening behind your screen and stay in control of your digital life.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    CLEAN UP YOUR SOCIAL MEDIA FEED AND CUT THE NOISE

    If your social media feed feels louder and more chaotic, algorithm-driven trends like “slop” and shadowbanning may be shaping what you see. (Jan Woitas/picture alliance via Getty Images)

    1) Slop

    The flood of low-quality content that is taking over your social media feed

    “Slop” refers to mass-produced, low-effort digital content, often generated quickly by AI or churned out purely for clicks and engagement. This includes spammy articles, recycled videos, misleading thumbnails and content created without real value.

    While slop may seem harmless, it can crowd out reliable information, spread misinformation and overwhelm your feed with noise instead of useful content. Platforms often struggle to control it because slop is designed to game algorithms.

    Why this matters:

    • Low-quality content can drown out trustworthy sources
    • Slop is often designed to manipulate clicks and attention
    • AI-generated misinformation can spread faster than ever
    • Curating your feed helps reduce exposure to low-value content

    The good news is you can take back control by curating your feed and cutting the noise. 

    2) Burner account

    The hidden identity behind anonymous profiles

    A burner account is a secondary or anonymous social media account used to hide a person’s real identity. Some people use burner accounts for privacy, while others use them for trolling, harassment, spying or secretly viewing content.

    Because burner accounts are difficult to trace, they are often linked to online harassment, fake engagement or manipulation of public conversations. Platforms attempt to detect suspicious behavior, but many burner accounts still slip through the cracks.

    Why this matters:

    • Anonymous accounts can spread misinformation or harassment
    • Burners are often used to manipulate comments and engagement
    • They make it harder to verify who is behind the content

    Being cautious with unknown accounts protects your safety.

    3) Shadowban

    When platforms quietly decide what you don’t see

    A shadowban doesn’t only affect creators; it can affect what you see as a user. Platforms sometimes limit the visibility of certain accounts, topics, or types of content without telling you. This means posts may be hidden, pushed lower in your feed or never shown to you at all, even if you follow the account.

    This type of filtering is often driven by algorithms designed to reduce spam, harmful content or policy violations, but it can also shape what information reaches you without you realizing it. Over time, this can subtly influence your perception of what’s popular, trending or widely discussed.

    Why this matters:

    • You may not see all content from accounts you follow
    • Algorithms quietly filter what appears in your feed
    • Your view of trends and conversations can be shaped
    • Platform controls influence what information reaches you

    YOUR PHONE SHARES DATA AT NIGHT: HERE’S HOW TO STOP IT

    iPhone on a social media screen.

    From burner accounts to clickbait, online buzzwords influence how information spreads and how users are targeted. (Brent Lewin/Bloomberg via Getty Images)

    4) Clickbait

    Headlines designed to make you click, not inform you

    Clickbait uses exaggerated, misleading or emotionally charged headlines to attract attention and drive clicks. While some clickbait is harmless, it often leads to low-quality or misleading content that doesn’t deliver on its promise.

    Clickbait works because it exploits curiosity, fear or surprise, powerful emotional triggers that drive engagement. It’s a core tactic used by low-quality publishers and viral content farms.

    Why this matters

    • Clickbait can spread misinformation or distort facts
    • It’s designed to manipulate attention rather than inform
    • Recognizing it helps you avoid low-value content
    • Trustworthy sources focus on clarity, not shock value

    5) Targeted ads

    Why the internet seems to know what you want

    Targeted ads use data about your behavior, searches, location and interests to deliver personalized advertisements. This is why you might see ads related to something you recently searched, clicked or even talked about near your phone.

    Advertisers build detailed profiles based on browsing activity, app usage and online behavior to predict what you are most likely to buy or engage with.

    What this does:

    • Shows ads based on your interests and behavior
    • Uses browsing history, location and app activity
    • Builds advertising profiles over time
    • Drives highly personalized marketing

    One more thing to know: Targeted advertising relies heavily on data collection. Adjusting privacy settings, limiting ad tracking and regularly reviewing app permissions can reduce how much data advertisers use to profile you.

    Pro Tip: Control the data that fuels the system

    If targeted ads feel a little too accurate, it’s because data brokers are constantly collecting and selling your information. Beyond adjusting privacy settings, consider removing your personal data from broker sites to shrink the profile advertisers build around you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Stay tuned for more in this series as we decode the internet’s most talked-about terms and answer the top questions we hear from readers like you.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    SUPER BOWL SCAMS SURGE IN FEBRUARY AND TARGET YOUR DATA

    Phone resting on a keyboard.

    Understanding digital terms like “slop” and clickbait can help users take back control of their feeds. (Photo by Jakub Porzycki/NurPhoto via Getty Images)

    Kurt’s key takeaways

    The modern internet runs on more than just technology; it runs on attention, algorithms and influence. Understanding terms like slop, shadowban and targeted ads helps you recognize how platforms shape your experience and how companies compete for your clicks. The more you understand these trends, the easier it becomes to filter noise, protect your privacy and stay in control of what you see online.

    Confused by a trending internet term or want something explained? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Tax season scams 2026: Fake IRS messages stealing identities

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Tax season no longer begins in April. For scammers, it starts the moment the calendar flips to January. 

    While you’re waiting for your W-2 or 1099 to arrive, cybercriminals are already sending out waves of fake IRS messages, “refund problem” alerts and account verification scams. These messages feel alarmingly real, and that’s not an accident.

    The truth is, today’s tax scams don’t rely on random guessing. They rely on your personal data, pulled from online data brokers, public records and previous breaches. And once your information is in circulation, you become part of a high-value target list.

    Let’s break down what’s really happening – and how you can protect yourself before the first fake message lands in your inbox.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    ROBINHOOD TEXT SCAM WARNING: DO NOT CALL THIS NUMBER

    Tax scammers are targeting Americans as soon as January with fake IRS emails and refund alerts designed to steal personal data. (Photo illustration by Michael Bocchieri/Getty Images)

    The new wave of tax scams

    Every year, scammers refine their tactics. And every year, they get better at making their messages look legitimate. Here are the most common scams hitting Americans before tax season even peaks:

    1) Fake IRS emails and texts

    These messages look official. They use real IRS language, government-style formatting and even fake case numbers. You might see something like:

    “Your tax account is under review. Immediate action is required to avoid penalties.”

    The email may include:

    • IRS logos and official-looking headers
    • Threatening language about audits or fines
    • A link that appears to go to a government website.

    But when you click, you’re taken to a fake IRS portal designed to steal:

    • Your Social Security number
    • Your date of birth
    • Your bank account details
    • Your IRS login credentials.

    Once scammers have that, they can file fake returns, redirect your refund or impersonate you for years.

    2) ‘Refund Issue’ alerts

    This is one of the most effective tax scams because it preys on something people are already waiting for: their money. The message usually says:

    “Your tax refund has been delayed due to a verification issue. Please confirm your information.”

    It feels believable. You just filed. You are expecting a refund. And the message arrives right when you’re checking your bank account.

    The link leads to a perfect copy of:

    • A government site
    • A tax filing service
    • Or a bank login page.

    Every keystroke you enter is captured. Scammers now have your identity, your financial access and your tax data – all from one click.

    3) Benefit and identity verification scams

    These scams impersonate the:

    • IRS
    • Social Security Administration
    • State tax offices.

    Often, they use what seem to be legitimate titles like “tax resolution officer” and state that you have unresolved tax activity. They claim your benefits, tax records or identity are “on hold” and must be verified immediately.

    Typical messages say: “Your benefits account has been temporarily suspended. Verify your identity to restore access.” Or: “We detected unusual activity on your tax profile. Confirm your information now.”

    The goal is simple: panic. When people panic, they don’t slow down. They don’t double-check. They click. And once they do, scammers collect everything they need to fully impersonate the victim.

    HOW TO SAFELY VIEW YOUR BANK AND RETIREMENT ACCOUNTS ONLINE

    Multiple W-2 tax forms.

    Cybercriminals use data broker profiles and breach records to personalize tax scams and make them appear legitimate. (Andrew Harrer/Bloomberg via Getty Images)

    Why these messages feel so real

    You may wonder: How do they know my name? My address? My tax service?

    They don’t guess. They buy it. Data brokers collect and sell personal profiles that can include your:

    • Full name and address history
    • Phone numbers and email addresses
    • Family members and marital status
    • Estimated income and property records
    • Age, retirement status and employer history.

    Scammers use this data to personalize their messages. That’s why the email doesn’t feel random. It feels meant for you. And once your profile is sold or leaked, it can be reused again and again.

    The real target isn’t your refund. It’s your identity

    Once scammers steal your Social Security number, tax ID or bank details, the damage doesn’t stop with one scam.

    They can:

    • File fake tax returns
    • Open credit lines in your name
    • Redirect benefits
    • Sell your identity on criminal marketplaces.

    Tax scams are often the entry point to long-term identity theft.

    The ‘pre-tax season cleanup’ most people skip

    Most people think clearing browser cookies or changing passwords is enough. It’s not. Your information still lives in data broker databases, where scammers shop for victims.

    That’s why I recommend a data removal service that automates data removal and goes directly to the source. Instead of chasing scams one by one, these services help remove the reason you’re targeted in the first place.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Practical steps to protect yourself this tax season

    Here’s what I recommend before filing:

    • Never click tax links from emails or texts. Go directly to official websites. Strong antivirus software can help block malicious links before they install malware or steal personal information. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
    • Use strong, unique passwords for tax services and email.  A password manager helps create and store strong, unique passwords and alerts you if your email appears in known data breaches. Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
    • Enable two-factor authentication (2FA) wherever possible.
    • Freeze your credit if you’re not applying for loans. To learn more about how to do this, go to Cyberguy.com and search “How to freeze your credit.” 
    • Remove your data from brokers before scammers find it, as discussed above.

    2026 VALENTINE’S ROMANCE SCAMS AND HOW TO AVOID THEM

    1040 tax form on a table.

    Fake “refund issue” messages trick taxpayers into entering Social Security numbers and bank details on fraudulent sites. (Photo illustration by Michael Bocchieri/Getty Images)

    Kurt’s key takeaways

    Tax scams don’t start in April; they start when your data is sold. The more complete your profile becomes, the easier it is for scammers to impersonate government agencies and steal your identity. By removing your personal data now, you’re not just protecting your refund; you’re protecting your future. This tax season, don’t wait for the alert. Remove the risk.

    Have you received a suspicious IRS text or email this tax season, and what made you question whether it was real? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Grok faces more scrutiny over deepfakes

    [ad_1]

    LONDON — Elon Musk’s social media platform X faces a European Union privacy investigation after its Grok AI chatbot started spitting out nonconsensual deepfake images, Ireland’s data privacy regulator said Tuesday.

    Ireland’s Data Protection Commission said it notified X on Monday that it was opening the inquiry under the 27-nation EU’s strict data privacy regulations, adding to the scrutiny X is facing in Europe and other parts of the world over Grok’s behavior.

    Grok sparked a global backlash last month after it started granting requests from X users to undress people with its AI image generation and editing capabilities, including putting females in transparent bikinis or revealing clothing. Researchers said some images appeared to include children. The company later introduced some restrictions on Grok, though authorities in Europe weren’t satisfied.

    The Irish watchdog said its investigation focuses on the apparent creation and posting on X of “potentially harmful” nonconsensual intimate or sexualized images containing or involving personal data from Europeans, including children.

    X did not respond to a request for comment.

    Grok was built by Musk’s artificial intelligence company xAI and is available through X, where its responses to user requests are publicly visible for others to see.

    The watchdog said the investigation will seek to determine whether X complied with the EU data privacy rules known as GDPR, or General Data Protection Regulation. Under the rules, the Irish regulator takes the lead on enforcing the bloc’s privacy rules because X’s European headquarters is based in Dublin. Violations can result in hefty fines.

    The regulator “has been engaging” with X since media reports started circulating weeks earlier about “the alleged ability of X users to prompt the @Grok account on X to generate sexualized images of real people, including children,” Deputy Commissioner Graham Doyle said in a press statement.

    Earlier this month, French prosecutors raided X’s Paris offices and summoned billionaire owner Elon Musk for questioning. Meanwhile, the data privacy and media regulators in Britain, which has left the EU, have opened their own investigations into X.

    The platform is already facing a separate EU investigation from Brussels over whether it has been complying with the bloc’s digital rulebook for protecting social media users that requires platforms to curb the spread of illegal content such as child sexual abuse material.

    [ad_2]

    Source link

  • Fake ad blocker breaks PCs in new malware extension scam

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Fake browser extensions are nothing new, but this one takes things a step further by deliberately breaking your computer to scare you into infecting it.

    Security researchers have uncovered a malicious Chrome and Edge extension called NexShield that pretends to be a fast, privacy-friendly ad blocker. Once installed, it crashes your browser on purpose and then tricks you into “fixing” the problem by running dangerous commands on your own PC.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    MALICIOUS GOOGLE CHROME EXTENSIONS HIJACK ACCOUNTS

    A fake Chrome and Edge extension called NexShield crashes browsers to trick users into running malicious commands. (Sina Schuldt/picture alliance via Getty Images)

    How the NexShield ad blocker scam works

    NexShield was promoted as a lightweight ad blocker supposedly created by Raymond Hill, the real developer behind the popular uBlock Origin extension. That claim was false, but it helped the extension look legitimate enough to spread through online ads and search results before it was taken down from the Chrome Web Store.

    Once installed, NexShield immediately starts abusing Chrome or Edge in the background. Researchers at Huntress found that it opens endless internal browser connections until your system runs out of memory (via Bleeping Computer). Tabs freeze, CPU usage spikes, RAM fills up, and the browser eventually hangs or crashes completely.

    After you restart the browser, NexShield displays a scary pop-up warning that claims your system has serious security problems. When you click to “scan” or “fix” the issue, you’re shown instructions telling you to open Command Prompt and paste a command that’s already been copied to your clipboard.

    That single paste is the trap. The command launches a hidden PowerShell script that downloads and runs malware. To make detection harder, the attackers delay the payload execution for up to an hour after installation, creating distance between the extension and the damage it causes.

    Why this fake browser extension attack is especially dangerous

    This campaign is a new variation of the well-known ClickFix scam, which relies on convincing you to run commands yourself. Huntress calls this version CrashFix because instead of faking a system failure, it causes a real one.

    In corporate environments, the attack delivers a Python-based remote access tool called ModeloRAT. This malware allows attackers to spy on systems, run commands, change system settings, add more malware and maintain long-term access. Researchers say the threat group behind it, tracked as KongTuke, appears to be shifting focus toward enterprise networks where the payoff is higher.

    Home users weren’t the primary target in this campaign, but that doesn’t mean they’re safe. Even if the final payload was unfinished for consumer systems, uninstalling the extension alone is not enough. Some malicious components can remain behind. The biggest danger here isn’t a browser bug. It’s trust. The attack works because it looks like a helpful fix from a trusted tool, and it pressures you to act quickly while your system feels broken.

    “Microsoft Defender provides built in protections to help identify and stop malicious or unwanted browser extensions and the harmful behaviors associated with them,” Tanmay Ganacharya, VP of Microsoft Threat Protection, told CyberGuy. “Our security technologies are designed to detect and mitigate tactics like the ones described in this campaign, and they are continuously updated to help keep customers safe. We encourage consumers and organizations to follow our security best practices for reducing exposure to social engineering-based threats. Guidance on strengthening your security posture against techniques like this can be found in our blog, ⁠Think Before You Click (Fix): Analyzing the ClickFix Social Engineering Technique, on the Microsoft Security blog.”

    We also reached out to Google for comment.

    7 steps you can take to stay safe from malicious browser extensions

    A few smart habits and the right tools can dramatically reduce your risk, even when malicious extensions slip past official app stores.

    1) Only install extensions from trusted publishers

    Before installing any browser extension, check the publisher name, official website and update history. Reputable tools clearly identify their developer and have years of user reviews. Be cautious of “new” extensions that claim to come from well-known creators, especially if the name or branding looks slightly off.

    2) Never run unknown commands

    No legitimate browser extension will ever ask you to open Command Prompt or paste a command to fix an issue. That’s a massive red flag. If something breaks your browser and then tells you to run system commands, close it and seek help from a trusted source.

    3) Use a strong antivirus

    Strong antivirus software can detect malicious scripts, suspicious PowerShell activity and remote access tools like ModeloRAT. This is especially important because these attacks rely on delayed execution that basic defenses might miss.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    MALICIOUS MAC EXTENSIONS STEAL CRYPTO WALLETS AND PASSWORDS

    Person sitting at their desk, typing into their computer.

    After freezing your browser, the rogue extension urges users to paste a PowerShell command that installs malware. (Annette Riedl/picture alliance via Getty Images)

    4) Use a password manager to limit fallout

    If malware gains access to your system, stored browser passwords are often the first target. A password manager keeps credentials encrypted and separate from your browser, reducing the risk of account takeover even if something slips through.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    5) Keep Windows, Chrome and Edge fully updated

    Security updates don’t just patch bugs. They also improve protection against malicious extensions, script abuse and unauthorized system changes. Turn on automatic updates so you’re not relying on memory to stay protected.

    6) Consider an identity theft protection service

    If malware ever runs on your system, assume personal data could be at risk. Identity protection services can monitor for misuse of your information, alert you early and help with recovery if fraud occurs.

    Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    7) Reduce your online footprint with a data removal service

    Many attacks become more effective when criminals already have your personal details. Data removal services help pull your information from broker sites, making it harder for attackers to craft convincing follow-up scams or targeted phishing.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    FAKE ERROR POPUPS ARE SPREADING MALWARE FAST

    Woman using her laptop computer.

    Security researchers say the NexShield ad blocker scam deliberately overloads memory to force a system crash. (Photo by Sebastian Gollnow/picture alliance via Getty Images)

    Kurt’s key takeaway

    Cybercriminals are getting better at blending technical tricks with psychological pressure. Instead of relying on exploits alone, they break things on purpose and wait for you to panic. If a browser extension crashes your system and then tells you to “fix” it by running commands, stop immediately. The safest response is not to fix the problem fast, but to question why you’re being asked to fix it at all.

    CLICK HERE TO GET THE FOX NEWS APP

    How many browser extensions are installed on your computer right now? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Why physical ID theft is harder to fix than credit card fraud

    [ad_1]

    NEWYou can now listen to Fox News articles!

    It started with a voicemail from a Hertz rental car location in Miami, Florida. A 57-year-old woman in Los Alamitos, California, was asked when she planned to return a Mercedes-Benz she had never rented. A thief had stolen her driver’s license, replaced the photo with their own and used it to rent the vehicle. The same identity was used to open a credit card account, book airline tickets and reserve hotel stays. By the time she learned what happened, the fraud involved businesses in multiple states.

    Clearing her name required police reports in two jurisdictions, written disputes with the credit card issuer and repeated contact with the rental company and hotels. Her accounts were frozen while she submitted notarized copies of her identification and signed fraud affidavits. The process lasted more than a week. She reported losing $78,500 and spent nearly 10 days dealing with the fallout from one stolen ID.

    Credit card fraud is usually limited to a single account number. Physical ID theft gives someone the ability to act as you in the real world. As a result, the cleanup process is longer, more intrusive and often tied to your legal record.

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    5 MYTHS ABOUT IDENTITY THEFT THAT PUT YOUR DATA AT RISK

    A stolen driver’s license can allow someone to rent cars, open accounts and sign contracts in your name. (Photo by Silas Stein/picture alliance via Getty Images)

    How credit card fraud recovery works

    Under the Fair Credit Billing Act, you report unauthorized charges to the card issuer within 60 days of the statement date. Federal law limits your liability to $50, and most major issuers waive that entirely. The bank cancels the compromised card number, issues a replacement and removes the disputed charges after an investigation. You may need to confirm transactions and sign a fraud affidavit. The account number changes. Your name, driver’s license and Social Security number stay the same. In most cases, fraud is resolved within one or two billing cycles. That structure gives consumers clarity. There is one issuer, one investigation and one account to correct.

    Why physical ID theft recovery is more complicated

    Physical ID theft creates problems that go far beyond one financial account. When someone uses your driver’s license, they step into your legal identity. Start with reporting requirements. Most states require you to file a police report before the DMV will issue a replacement linked to fraud. That report number becomes part of your official record. If the misuse happened in another state, you may need to file a second report there.

    Next, understand what replacing the card actually does. A new physical card does not erase prior activity. Rental contracts, utility accounts, hotel stays, or police interactions tied to the stolen license still carry your name and license number. Fixing those records takes work. You must contact each business directly and submit documentation. No central agency reverses everything at once. Each company sets its own rules and timeline.

    The stakes can rise quickly. For example, if someone abandons a rental car or commits a crime using your stolen ID, law enforcement databases may record your name. At that point, the situation shifts from financial inconvenience to legal exposure.

    HOW TO PROTECT A LOVED ONE’S IDENTITY AFTER DEATH

    A passport

    Police reports and formal disputes are often required before businesses will remove fraudulent records.  (Kurt “Cyberguy” Knutsson)

    How to prove physical ID theft was not yours

    With credit card fraud, the issuer investigates the charge. With physical ID theft, businesses and agencies often require you to prove that you did not authorize the activity. That process usually starts at IdentityTheft.gov. The FTC generates an Identity Theft Report, which serves as an official statement of fraud. Most banks, collection agencies and rental companies will not proceed without it.

    You may also need:

    • A local police report
    • A copy of your driver’s license
    • A notarized identity affidavit
    • Proof of residence tied to the date of the fraud

    When thieves open fraudulent accounts in your name, dispute each one separately. Act quickly. Send a written response within 30 days of the first collection notice to protect your rights under federal law. Fraud that appears on your credit report requires another step. Contact Equifax, Experian and TransUnion individually and submit formal disputes with supporting documentation. The credit bureaus then have up to 30 days to complete their investigations. No central agency manages these corrections for you. Instead, every company sets its own documentation rules and timeline. Therefore, you must track deadlines, follow up consistently and keep detailed records of every communication.

    You cannot simply replace your driver’s license number after identity theft

    When a credit card number is stolen, the bank issues a new one. When a driver’s license is stolen, the number usually remains the same. In California, if your driver’s license is lost or stolen, you can request a replacement card through the DMV online system or at a field office. The official process gets you a new physical card. No new license number is automatically assigned when the card is stolen.

    If there is identity misuse tied to the license number, the DMV fraud review process allows you to submit documentation, including police reports, to support an identity theft claim before they take further action. A Social Security number is even harder to change. The Social Security Administration approves new numbers only in cases involving continued harm. Applicants must provide extensive documentation and appear in person.

    A stolen physical ID, such as your license, includes:

    • Full legal name
    • Date of birth
    • Address
    • Driver’s license number
    • Signature

    That information is sufficient for in-person identity checks, rental contracts, certain loan applications and travel-related transactions.

    Hands typing on a laptop with green code on screen

    Credit monitoring alerts can help you detect identity misuse before it spreads across multiple accounts. (Kurt “CyberGuy” Knutsson)

    Why ongoing identity protection matters

    There is no single agency that tracks misuse of your driver’s license across rental companies, lenders, collection agencies and law enforcement systems. That burden falls on you.

    Identity theft services monitor your identity across all three credit bureaus and alert you to new credit inquiries, account openings and changes to your credit file. If fraud appears, you are assigned a dedicated U.S.-based case manager who helps:

    • File disputes with Equifax, Experian and TransUnion
    • Prepare and submit FTC Identity Theft Reports
    • Contact creditors and collection agencies
    • Track documentation deadlines and responses
    • Assist with reimbursement claims when eligible

    Plans can include identity theft insurance of up to $1 million per adult to cover eligible expenses such as lost wages, legal fees and document replacement costs related to identity theft recovery.

    No service can prevent every misuse of a stolen ID. But when the issue involves police reports, credit bureaus, tax agencies and collection accounts, having structured support can make all the difference.

    The California woman in this case was not enrolled in an identity theft protection service. Some businesses may reverse fraudulent charges, but it is unclear whether she recovered the full $78,500.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Credit card fraud follows a defined path. You report the charge, the issuer investigates and your account number changes. In most cases, the disruption ends there. Physical ID theft moves differently. It spreads across rental companies, hotels, credit bureaus and sometimes law enforcement databases. Instead of one dispute, you may face several. Instead of replacing a number, you must protect a permanent identity marker tied to your name. That shift matters. A stolen driver’s license carries your legal identity into the real world. Therefore, recovery demands documentation, patience and persistence. Each business sets its own rules. Each agency runs its own timeline. You coordinate the process. The lesson is clear. Protecting your financial accounts is critical. However, protecting your physical identification may be even more important. Once someone uses it in person, the cleanup becomes personal, procedural and time-consuming. Layered monitoring, early alerts and fast reporting reduce long-term damage. The faster you respond, the more control you keep.

    Have you ever dealt with physical ID theft, and did the recovery process take longer than you expected? Let us know your thoughts by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Robinhood text scam warning: Do not call this number

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Most scam texts are easy to spot, but this one feels different. At first glance, the message looks polished and uses official branding that signals credibility. It also includes technical details that sound serious, which can cause even cautious people like Bob to pause instead of instantly deleting it. He shared the text message with CyberGuy after second-guessing whether it could be real.

    “I received a text message from someone, some entity I do not recognize. Normally, I just delete this phishing spam, but in this case, I wonder if someone has my personal, financially related info. Have you seen this before?”

    — Text message sent to Bob

    Yes, this exact message format has been circulating widely. The screenshot below points to a Robinhood impersonation scam, not a legitimate security alert. For those of you who might not be familiar, Robinhood is a popular financial app that lets people trade stocks, options and cryptocurrency from their phones. 

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    MICROSOFT ‘IMPORTANT MAIL’ EMAIL IS A SCAM: HOW TO SPOT IT

    Kurt “CyberGuy” Knutsson is warning of a Robinhood phishing scheme. (Kurt “CyberGuy” Knutsson)

    What the scam text actually says

    At the top of the message is a warning designed to trigger urgency:

    “Safety Reminder: If this wasn’t you, please call +1 (888) 497-####.”

    Below that, a realistic looking Robinhood graphic claims:

    • An API key was linked to an external wallet
    • Permissions include trade and transfer
    • A linked wallet labeled Robinhood-Wallet
    • An IP address listed as 128.51.100.##
    • A date and time stamp from January 23, 2026

    The message ends by calling itself a mandatory service SMS meant to keep the account secure. To most people, this feels official. That feeling is intentional.

    Why this message is designed to scare

    This scam relies on presentation, not accuracy. Technical language like API key and IP address sound authoritative. It creates pressure to act even when the details are unclear. The phone number is the real objective. Calling it connects directly to scammers trained to sound calm, helpful and urgent at the same time. The message also avoids links on purpose. A phone call feels safer than clicking, which lowers suspicion.

    The most important thing to understand

    Receiving this text does not mean an account has been accessed. Messages like this go out in bulk. Phone numbers often come from unrelated data breaches and marketing lists. The sender does not know who actually has a Robinhood account. The scam only works if someone reacts.

    A spokesperson for Robinhood told us the company is seeing a rise in financial scams and says it has safeguards in place “to monitor, report, and disrupt fraudulent activity.” The spokesperson urged customers not to engage with suspected scams and to use resources on Robinhood’s support page to help identify and avoid them.

    What to do right now if you get this text

    If this message shows up on your phone, pause for a moment. These scams succeed when fear takes over. Staying calm keeps you in control. These steps break the scam’s momentum and help protect your accounts before any real damage can occur.

    1) Do not call the phone number

    This is the single most important step. The phone number in the text connects directly to scammers posing as Robinhood security. Once on the call, they often claim there is an active threat and push for immediate action. They may ask you to verify account details, share one-time codes or approve fake transfers. No legitimate financial company handles account security through an unsolicited phone call.

    2) Do not click links or reply to the message

    Avoid interacting with the text at all. Replying confirms your number is active, while clicking anything can lead to fake login pages, follow-up scams or malware. Strong antivirus software can help block malicious links and scam sites if one is tapped accidentally, but the safest move is to ignore the message entirely. Cutting off interaction stops the scam immediately. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    3) Check your account the safe way

    If you have a Robinhood account, always go directly to the source. Open the official app or manually type the website address into your browser. Never use links or phone numbers included in the text.

    Once logged in, review:

    • Security alerts
    • Recent account activity
    • Linked apps
    • API or third-party access

    If nothing appears there, the message was fake, and your account is safe.

    TAX SEASON SCAMS SURGE AS FILING CONFUSION GROWS

    Robinhood loaded on a laptop screen.

    Cyber experts warn a widely shared “Safety Reminder” text is a Robinhood impersonation scam, not a real breach alert. (Photo Illustration by Scott Olson/Getty Images)

    4) Turn on two-factor authentication

    Two-factor authentication (2FA) adds a critical layer of protection. Even if scammers obtain a password, they cannot access an account without the second verification step. This stops many account takeover attempts in their tracks.

    5) Use strong, unique passwords

    Never reuse passwords across financial accounts. Strong, unique passwords limit the damage from unrelated data breaches. A password manager can help generate and store secure passwords, so you don’t have to remember them.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    6) Reduce exposure with a data removal service

    If scam texts like this keep appearing, it often means your phone number is circulating among data brokers. A data removal service can help reduce that exposure over time.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Remove old or unused linked apps

    Over time, accounts can accumulate connections that are no longer needed. Review linked apps and remove anything unfamiliar or unused. Fewer connections mean fewer potential attack paths.

    8) Block the sending number

    After confirming your account is safe, block the number that sent the message. This prevents repeat attempts from the same source and reduces future interruptions.

    9) Report the message as spam

    Robinhood encourages users to contact its customer support team with any scam or fraud concerns or to verify suspicious messages. Suspected phishing attempts can be reported directly to reportphishing@robinhood.com, the spokesperson said. Also, report the message as spam in your messaging app. This helps improve filtering systems and can prevent similar scams from reaching others.

    10) Save the message as evidence

    Finally, before deleting it, take a screenshot. This gives you a record in case you need to report the scam later or explain what happened. It also helps remove doubt once the message is gone.

    5 MYTHS ABOUT IDENTITY THEFT THAT PUT YOUR DATA AT RISK

    Robinhood logo on a smartphone.

    Scammers are using technical jargon and official-looking branding to trick users into revealing financial account details. (Photo illustration by Cheng Xin/Getty Images)

    Kurt’s key takeaways

    This scam works by leveraging trust in a well-known brand and using fear to push for quick decisions. The message is designed to rush and intimidate, not to inform. The strongest defense is simple. Pause. Check accounts directly through official apps. Do not let technical language or urgency force a reaction. You do not need to understand every detail to stay safe. Questioning a message like this protects something far more valuable than time. And it raises an important question worth asking every time a security alert appears on your phone.

    Have you received a suspicious security text or call recently? Tell us what it looked like and how you handled it by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP 

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Gabbard ends task force that aimed to reform intelligence gathering after less than a year

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Director of National Intelligence Tulsi Gabbard announced she was ending the work of a task force that sought to reform the U.S. intelligence community, including rooting out what she described as the politicization of intelligence gathering, after less than a year since its creation.

    Gabbard established the group in April, when it was also tasked with probing ways to reduce spending on intelligence and whether reports on high-profile topics such as COVID-19 should be declassified.

    In a statement on Wednesday, Gabbard said the task force’s work was always intended to be temporary after she was tapped to oversee coordination of the 18 U.S. intelligence agencies.

    “In less than one year, we’ve brought a historic level of transparency to the intelligence community,” Gabbard said in her statement. “My commitment to transparency, truth, and eliminating politicization and weaponization within the intelligence community remains central to all that we do.”

    TULSI GABBARD DENIES WRONGDOING OVER DELAYED WHISTLE-BLOWER COMPLAINT REFERRAL TO CONGRESS MEMBERS: ‘BASELESS’

    Director of National Intelligence Tulsi Gabbard announced she was ending the work of a task force that sought to reform the U.S. intelligence community. (Photo by ANDREW CABALLERO-REYNOLDS/AFP via Getty Images)

    The number of officers assigned to the task force, as well as their identities, are classified, according to Gabbard’s office.

    The officers will now return to other intelligence agencies to continue the work the group started, her office added.

    The group sparked criticism against Gabbard after its creation, with Democrats and some intelligence insiders raising questions about whether it would be used to undermine intelligence agencies and bring them under tighter control of President Donald Trump.

    Sen. Mark Warner, D-VA, vice chairman of the Senate Intelligence Committee, said last year that the group appeared to be a “pass for a witch hunt” designed to target intelligence officers deemed disloyal to Trump.

    TRUMP CLAIMS DNI TULSI GABBARD WAS AT GEORGIA ELECTION HUB SEARCH BECAUSE AG PAM BONDI WANTED HER THERE

    Tulsi Gabbard speaks

    The task force sought to root out alleged politicization of intelligence gathering. (Chip Somodevilla/Getty Images)

    “This seems to be just a pass for a witch hunt and that’s going to further undermine our national security,” Warner told Reuters at the time.

    Gabbard has implemented significant changes to the country’s intelligence gathering in the last year, including by using agencies to back up Trump’s claims about alleged interference in the 2016 and 2020 elections.

    In August, she revealed plans to cut her office’s workforce and slash more than $700 million from its annual budget. She also fired two top intelligence officials in May after concluding that they opposed Trump.

    Since Gabbard took over as director, the federal government has revoked the security clearances of dozens of former and current officials, including high-profile political opponents of the president, which critics have panned as being a punishment for siding against Trump rather than posing security risks.

    President Trump and DNI Tulsi Gabbard

    The officers assigned to the task force will now return to other intelligence agencies. (Andrew Harnik/Getty Images)

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Gabbard’s presence for a recent FBI search of a Georgia election office in connection to the 2020 election has led to criticism from Democrats who argue she is blurring the traditional lines between foreign intelligence collection and domestic law enforcement.

    The CIA has also released additional information about its investigations into the origins of COVID-19, such as an assessment released last year that affirmed the position that it most likely originated in a lab in China.

    The Associated Press contributed to this report.

    [ad_2]

    Source link

  • A privacy breach at the IRS: Taxpayer data wrongly shared with DHS, court filing says

    [ad_1]

    WASHINGTON — The IRS erroneously shared the taxpayer information of thousands of people with the Department of Homeland Security, as part of the agencies’ controversial agreement to share information on immigrants for the purpose of identifying and deporting people illegally in the U.S, according to a new court filing.

    The revelation stems from a data-sharing agreement signed last April by Treasury Secretary Scott Bessent and Homeland Security Secretary Kristi Noem, which allows U.S. Immigration and Customs Enforcement to submit names and addresses of immigrants inside the U.S. illegally to the IRS for cross-verification against tax records.

    A declaration filed Wednesday by IRS Chief Risk and Control Officer Dottie Romo stated that the IRS was only able to verify roughly 47,000 of the 1.28 million names ICE requested.

    For less than 5% of those individuals, the IRS gave ICE additional address information, potentially violating privacy rules created to protect taxpayer data.

    Romo added that Treasury notified DHS in January of the error and requested DHS’ assistance in “promptly taking steps to remediate the matter consistent with federal law,” which includes “appropriate disposal of any data provided to ICE by IRS based on incomplete or insufficient address information.”

    The IRS-DHS agreement set off litigation between advocacy groups and the federal government last year.

    Public Citizen filed a lawsuit against the Treasury secretary, the Homeland Security secretary and their respective agencies on behalf of several immigrant rights groups shortly after the agreement was signed.

    Most recently, a Massachusetts federal court ordered the IRS to stop sharing residential addresses with ICE. And last November, a federal court blocked the IRS from sharing information with DHS, saying the IRS illegally disseminated the tax data of some migrants last summer.

    The news of the erroneous disclosure was initially reported by The Washington Post. A spokesperson from the IRS did not respond to an Associated Press request for comment.

    Advocates fear that the potential unlawful release of taxpayer records could be used to maliciously target Americans, violate their privacy and create other ramifications.

    Lisa Gilbert, co-president of Public Citizen said that “this breach of confidential information was part of the reason we filed our lawsuit in the first place. Sharing this private taxpayer data creates chaos and, as we’ve seen this past year, if federal agents use this private information to track down individuals, it can endanger lives.”

    Tom Bowman, policy counsel for the Center for Democracy & Technology said that “the improper sharing of taxpayer data is unsafe, unlawful, and subject to serious criminal penalties.”

    “Once taxpayer data is opened to immigration enforcement, mistakes are inevitable and the consequences fall on innocent people,” Bowman said. “The disclosure of thousands of confidential records unfortunately shows precisely why strict legal firewalls exist and have — until now — been treated as an important guardrail.”

    [ad_2]

    Source link

  • 2026 Valentine’s romance scams and how to avoid them

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Valentine’s Day should be about connection. However, every February also becomes the busiest season of the year for romance scammers. In 2026, that risk is higher than ever.

    These scams are no longer simple “lonely hearts” schemes. Instead, modern romance fraud relies on artificial intelligence, data brokers and stolen personal profiles. Rather than sending random messages and hoping for a response, scammers carefully select victims using detailed personal data. From there, they use AI to impersonate real people, create convincing conversations and build trust at scale.

    As a result, if you are divorced, widowed or returning to online dating after the holidays, this is often the exact moment scammers target you.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    WHEN DATING APPS GET HACKED, YOUR PRIVATE LIFE GOES PUBLIC

    Romance scams surge around Valentine’s Day as criminals use artificial intelligence and stolen data to target widowed, divorced and older adults returning to online dating. (Omar Karim/Middle East Images/AFP via Getty Images)

    The new face of romance scams in 2026

    Romance scams are no longer slow, one-on-one cons. They’re now high-tech operations designed to target hundreds of people at once. Here’s what’s changed:

    1) AI-generated personas that look and sound real

    In the past, fake profiles used stolen photos and broken English. Today, scammers use AI-generated faces, voices and videos that don’t belong to any real person, making them almost impossible to reverse search.

    You may be interacting with a profile that:

    • Has years of realistic-looking social media posts
    • Shares daily photos that match the story they tell
    • Sends customized voice notes that sound natural
    • Appears on “video calls” using AI face-mapping software.

    Some scam networks even create entire fake families and friend groups online, so the person appears to have a real life, real friends and real history. To the victim, it feels like a genuine connection because the “person” behaves like one in every way.

    2) Automated relationship scripts that adapt to you

    Behind the scenes, many scammers now use software platforms that manage dozens of conversations at once. This is known as “scamware” and is incredibly hard to flag.

    These systems:

    • Track your replies
    • Flag emotional triggers (grief, loneliness, fear, trust)
    • Suggest responses based on your mood and history.

    When you mention that you are widowed, the tone quickly becomes more comforting. Meanwhile, if you say you are financially stable, the story shifts toward so-called “business opportunities.” And if you hesitate, the system responds by introducing urgency or guilt. It feels personal, but in reality, you’re being guided through a pre-written emotional funnel designed to lead to one outcome: money.

    3) Crypto and “investment romance” scams

    One of the fastest-growing versions of romance fraud now blends love and money. A BBC World Service investigation recently revealed that many romance scams are now run by organized criminal networks across Southeast Asia, using what insiders call the “pig butchering” model, where victims are slowly “fattened up” with trust before being financially destroyed.

    These operations use call center style setups, data broker profiles, scripted conversations and AI tools to target thousands of people at once. This is not accidental fraud. It’s an industry.

    And the reason you were selected is simple. Your personal data made you easy to find, easy to profile and easy to target.

    After weeks of trust-building, the scammer introduces:

    • A “private” crypto platform
    • A fake trading app
    • A business or investment opportunity, “they use themselves.”

    They may show fake dashboards, fake profits and even let you “withdraw” small amounts at first to build trust. But once larger sums are sent, the site disappears and so does the person. There is no investment. There is no account. And there is no way to recover the funds.

    AI DEEPFAKE ROMANCE SCAM STEALS WOMAN’S HOME AND LIFE SAVINGS

    Hacker typing code on their laptop.

    Data brokers selling personal details fuel a new wave of romance fraud by helping scammers select financially stable, older victims before contact is made. (Jens Büttner/picture alliance via Getty Images)

    How scammers find you before you ever match

    The biggest misconception is that romance scams begin on dating apps. They don’t. They begin long before that, inside massive databases run by data brokers. These companies collect and sell profiles that include:

    • Your age and marital status
    • Whether you’re widowed or divorced
    • Your home address history
    • Your phone number and email
    • Your family members and relatives
    • Your income range and retirement status.

    Scammers buy this data to build shortlists of ideal victims.

    The data brokers behind romance scams

    They filter for:

    • Age 55-plus
    • Widowed or divorced
    • Living alone
    • Financially stable
    • Not active on social media.

    That’s how they know who to target before the first message is ever sent.

    Why are widowed and retired adults targeted first?

    Scammers aren’t cruel by accident. They target people who are statistically more likely to respond. If you’ve lost a spouse, moved recently or reentered the dating world, your personal data often shows that. That makes you a priority target. And once your name lands on a scammer’s list, it can be sold again and again. That’s why many victims say, “I blocked them, but new ones keep showing up.” It’s not a coincidence. It’s data recycling.

    How the scam usually unfolds

    Most romance scams follow the same pattern:

    • Friendly introduction: A warm message. No pressure. Often references something personal about you.
    • Fast emotional bonding: They mirror your values, your experiences, even your grief.
    • Distance and excuses: They can’t meet. There’s always a reason: military deployment, overseas job, business travel.
    • A sudden “crisis”: Medical bills, business losses, frozen accounts, investment opportunities.
    • Money requests: Wire transfers, gift cards, crypto or “temporary help.”

    By the time money is involved, the emotional connection is already strong. Many victims send thousands before realizing it’s a scam.

    The Valentine’s Day cleanup that stops scams at the source

    If you want fewer scam messages this year, you need to remove your personal information from the places scammers buy it. That’s where a data removal service comes in. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. 

    These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Practical steps to protect yourself this February

    Here’s what you can do right now:

    • Never send money to someone you haven’t met in person
    • Be skeptical of fast emotional bonding
    • Verify profiles with reverse image searches
    • Don’t share personal details early
    • Remove your data from broker sites.
    • Use strong antivirus software to block malicious links and fake login pages. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    When you combine these steps, you remove the access, urgency and leverage scammers rely on.

    SUPER BOWL SCAMS SURGE IN FEBRUARY AND TARGET YOUR DATA

    Person typing on their phone.

    Cybercriminals now deploy AI-generated faces, voices and scripted conversations to impersonate real people and build trust at scale in modern romance scams. (Martin Bertrand/Hans Lucas/AFP via Getty Images)

    Kurt’s key takeaways

    Romance scams are no longer random. They are targeted, data-driven and emotionally engineered. This Valentine’s Day, the best gift you can give yourself is privacy. By removing your personal data from broker databases, you make it harder for scammers to find you, profile you and exploit your trust. And that’s how you protect not just your heart, but your identity, your savings and your peace of mind.

    Have you or someone you love been contacted by a Valentine’s Day romance scam that felt real or unsettling?  Let us know your thoughts by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • 6 ways to stop your phone from eavesdropping on your conversations – Tech Digest

    [ad_1]

    Share


    Ever felt like your phone is eavesdropping on your conversations? You mention a new pair of hiking boots to a friend, and miraculously, your Instagram feed is awash with walking clobber.

    While tech companies often claim they don’t “listen” in the traditional sense, they do use “passive listening” for wake words as well as massive amounts of behavioural data to predict your interests.

    If you want to reclaim your privacy, here is a short guide on how to shut down the digital ears of your smartphone right now.

    1. Disable Your “Virtual Assistant”

    The primary way your microphone stays “active” is to listen for wake words like “Hey Siri” or “Hey Google.” While these are meant to be helpful, they mean your microphone is technically always on.

    • For iPhone: Go to Settings > Siri & Search. Toggle off “Listen for ‘Hey Siri’” and “Press Side Button for Siri.”

    • For Android: Open the Google App, tap your profile icon, and go to Settings > Google Assistant > Hey Google & Voice Match. Toggle it off.

    2. Audit Your App Permissions

    Many apps request microphone access during installation for no logical reason. Why does a calculator or a photo editor need to hear you?

    • For iPhone: Go to Settings > Privacy & Security > Microphone. You will see a list of every app with mic access. Toggle off anything that doesn’t strictly need it (including social media apps if you don’t record stories).

    • For Android: Go to Settings > Apps > See all apps. Select an app, tap Permissions, then Microphone, and select “Don’t allow.”

    3. Kill “Personalized Advertising”

    Even if the mic is off, apps track your “cross-contextual” behaviour – in other words, they follow you from one app to another to build a profile of your life.

    • For iPhone: Go to Settings > Privacy & Security > Tracking and turn off “Allow Apps to Request to Track.” Then go to Apple Advertising at the bottom of the Privacy menu and turn off “Personalized Ads.”

    • For Android: Go to Settings > Google > Ads and tap “Delete Advertising ID.” This resets the unique string of numbers used by marketers to identify you.

    The orange dot on an iPhone screen means the mic is in use

    4. Watch for the “Warning Lights”

    Modern smartphones have built-in physical indicators to tell you when a hardware component is active.

    • iPhone users: Look for a small orange dot in the top right corner of your screen. If you see it and you aren’t on a call or recording a memo, an app is actively using your microphone.

    • Android users: On newer versions (Android 12+), a green microphone icon or dot appears in the status bar when the mic is being accessed.

    5. Clear Your Voice History

    Big Tech keeps a “memory bank” of your previous voice requests to “improve their service.” You should purge this regularly.

    • Google: Visit myactivity.google.com,click on “Web & App Activity,” and find the section for “Voice & Audio Activity” to delete your recordings.

    • Apple: Go to Settings > Siri & Search > Siri & Dictation History and tap “Delete Siri & Dictation History.”

    6. The “Hardware” Approach

    If you want to go full paranoid mode, consider physical barriers. Some privacy-conscious users use “microphone blockers” – small plugs that go into the headphone jack or charging port to trick the phone into thinking an external mic is plugged in.

    Alternatively, keep your phone in another room or inside a “Faraday bag” during sensitive private conversations.

    By following these steps, you move from being a passive data point to an empowered consumer, ensuring that your private conversations stay exactly that.

     


    For latest tech stories go to TechDigest.tv

    Discover more from Tech Digest

    Subscribe to get the latest posts sent to your email.

    [ad_2]

    Chris Price

    Source link

  • Microsoft ‘Important Mail’ email is a scam: How to spot it

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Scam emails are getting better at looking official. This one claims to be an urgent warning from Microsoft about your email account. It looks serious. It feels time sensitive. And that is exactly the point. Lily reached out after something about the message did not sit right.

    “I need help with an email that I’m unsure is valid. Hoping you can help me determine whether this is a valid or a scam. I have attached two screenshots below. Thank you in advance,” Lily wrote.

    Here is the important takeaway up front. This email is not from Microsoft. It is a scam designed to rush you into clicking a dangerous link.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    WHY CLICKING THE WRONG COPILOT LINK COULD PUT YOUR DATA AT RISK

    A closer look at the sender shows a red flag scammers hope you will miss, a free email address posing as a trusted brand. (Kurt “CyberGuy” Knutsson)

    Why this Microsoft ‘Important Mail’ email is a scam

    Once you slow down and read it closely, the red flags pile up quickly.

    A generic greeting

    It opens with “Dear User.” Microsoft uses your name. Scammers avoid it because they do not know who you are.

    A hard deadline meant to scare you

    The message claims your email access will stop on Feb. 5, 2026. Scammers rely on fear and urgency to short-circuit good judgment.

    A completely wrong sender address

    The email came from accountsettinghelp20@aol.com. Microsoft does not send security notices from AOL. Ever.

    Pushy link language

    “PROCEED HERE” is designed to trigger a fast click. Microsoft messages sent to you to are clearly labeled Microsoft.com pages.

    Fake legal language

    Lines like “© 2026 All rights reserved” are often copied and pasted by scammers to look official.

    Attachments that should not be there

    Microsoft account alerts do not include image attachments. That alone is a major warning sign.

    10 WAYS TO PROTECT SENIORS FROM EMAIL SCAMS

    Windows 10 security flaws leave millions vulnerable

    The fake Microsoft email uses urgency and vague language to pressure you into clicking before you have time to think. (Kurt “CyberGuy” Knutsson)

    What would have happened if you clicked

    If you clicked the link, you would almost certainly land on a fake Microsoft login page. From there, attackers aim to steal:

    • Your email address
    • Your password
    • Access to other accounts tied to that email

    Once they have your email, they can reset passwords, dig through old messages and launch more scams using your identity.

    HACKERS ABUSE GOOGLE CLOUD TO SEND TRUSTED PHISHING EMAILS

    Person on phone

    Scam emails often reach people on their phones, where small screens make it easier to miss warning signs and click fast. (Kurt “CyberGuy” Knutsson)

    What to do if this email lands in your inbox

    If an email like this shows up, slow down and follow these steps in order. Each one helps stop the scam cold.

    1) Do not click or interact at all

    Do not click links, buttons or images. Do not reply. Even opening attachments can trigger tracking or malware. Strong antivirus software can block phishing pages, scan attachments and warn you about dangerous links before damage happens. Make sure yours is active and up to date. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    2) Delete the message immediately

    Once it is reported, delete it. There is no reason to keep it in your inbox or trash.

    3) Check your account the safe way

    If you want peace of mind, open a new browser window and go directly to the official Microsoft account website. Sign in normally. If there is a real issue, it will appear there.

    4) Change your password if you clicked

    If you clicked anything or entered information, change your Microsoft password right away. Use a strong, unique password you do not use anywhere else. A password manager can generate and store it securely for you. Then review recent sign-in activity for anything suspicious.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    5) Enable two-factor authentication

    Turn on two-factor authentication (2FA) for your Microsoft account. This adds a second check, which can stop attackers even if they get your password.

    6) Use a data removal service for long-term protection

    Scammers often find targets through data broker sites. A data removal service helps reduce how much personal information is publicly available, which lowers your exposure to phishing in the first place.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Report it as spam or phishing 

    Use your email app’s built-in reporting tool. This helps train filters and protects other users from seeing the same scam.

    Extra protection tips for real Microsoft notices

    When Microsoft actually needs your attention, the signs look very different.

    • Alerts appear inside your Microsoft account dashboard
    • Messages do not demand immediate action through random email links
    • Notices never come from free email services like AOL, Gmail or Yahoo

    That contrast makes scams easier to spot once you know what to look for.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Scammers are counting on you being busy, distracted or worried about losing access to your email. That is why messages like this lean so hard on urgency. Your email sits at the center of your digital life, so attackers know a shutdown threat gets attention fast. The good news is that slowing down for even a few seconds changes everything. Lily did exactly the right thing by stopping and asking first. That single habit can prevent identity theft, account takeovers and a long, frustrating cleanup. Remember this rule. Emails that threaten shutdowns and demand immediate action are almost never legitimate. When something feels urgent, that is your cue to pause, verify on your own and never let an email rush you into a mistake.

    Have you seen a fake Microsoft warning like this recently, or did it pretend to come from another brand you trust? Let us know your thoughts by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter. 

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • When dating apps get hacked, your private life goes public

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Dating apps are built on trust. You share personal details, photos, preferences and conversations on the assumption that they will remain private. But recent reports suggest that even some of the biggest names in online dating aren’t immune to cyberattacks, and can’t keep your private data “private.”

    Dating apps Bumble and Match appear to have been caught up in a breach allegedly linked to the ShinyHunters hacking group, raising fresh concerns about how much of your private life could be exposed when these platforms are targeted.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    THOUSANDS OF IPHONE APPS EXPOSE DATA INSIDE APPLE APP STORE

    Bumble, Match hit by alleged hack linked to ShinyHunters group. (Yu Chun Christopher Wong/S3studio/Getty Images)

    What happened with Bumble and Match

    The ShinyHunters group recently claimed it had breached both Bumble and Match, adding the companies to its data leak site. For Bumble, the hackers say they stole thousands of internal documents, focusing on files marked restricted or confidential. According to reports, the data allegedly came from internal tools like Google Drive and Slack, not from user profiles.

    Bumble later confirmed that one of its contractors’ accounts had been compromised in a phishing attack. The company says the attacker gained brief, unauthorized access to a small part of its network before being removed. Bumble maintains that user data was not affected. It says member databases, profiles, messages and the Bumble app itself were not accessed. 

    “One of our contractor’s accounts was recently compromised in a phishing incident,” a Bumble spokesperson told CyberGuy. “The account had limited access privileges and was used to make a brief unauthorized access to a small portion of our network. Our InfoSec team quickly detected and eliminated the access, and the incident is contained. We have engaged external cybersecurity experts to investigate and have notified law enforcement. Importantly, there was no access to our member database, member accounts, the Bumble application, or member direct messages or profiles.”

    Match confirmed a cybersecurity incident on January 28 and said it is notifying affected users. The company maintains that the incident impacted only a limited set of user data and did not expose passwords, financial information or private messages.

    “We are aware of claims being made online related to a recently identified security incident,” a Match Group spokesperson said in a statement to CyberGuy. “Match Group takes the safety and security of our users seriously and acted quickly to terminate the unauthorized access. We continue to investigate with the assistance of external cybersecurity experts. There is no indication that user log-in credentials, financial information, or private communications were accessed. We believe the incident affects a limited amount of user data, and we are already in the process of notifying individuals, as appropriate.”

    Why ShinyHunters keep showing up

    ShinyHunters has been in the news repeatedly over the past few weeks after breaching several large organizations and allegedly targeting hundreds more. The group is known for phishing and vishing attacks, where attackers impersonate IT or support staff to trick employees into handing over access. Unlike traditional ransomware groups, ShinyHunters no longer focuses on encrypting systems. Instead, it concentrates on stealing data and threatening to leak it. This approach is faster, cheaper and still highly profitable. Other ransomware groups are starting to follow the same playbook.

    That shift lowers the barrier to attacks. Even a single compromised employee or contractor account can expose sensitive internal systems, documents and conversations. Even when companies say user data wasn’t accessed, breaches like this still matter. Internal documents can reveal how platforms work, what tools they use and where weaknesses exist. That information can be used to plan future attacks or craft more convincing scams aimed at users.

    Dating apps are especially sensitive targets because of the nature of the data involved. Names, photos, preferences and private conversations can be deeply personal. If attackers ever gain access to that kind of information, the fallout can include harassment, blackmail or identity theft. You should always remember that dating platforms, like all online services, are only as secure as their weakest link. Often, that link is phishing.

    9 steps you can take to protect yourself on dating apps

    When dating platforms get breached, you usually don’t get much warning. These steps help limit what attackers can do with your information if something goes wrong.

    ‘ARE YOU DEAD?’ APP TAPS INTO GLOBAL LONELINESS CRISIS

    Person selecting a dating app on their phone.

    Dating apps Bumble and Match face scrutiny after breach claims. (Alicia Windzio/picture alliance via Getty Images)

    1) Use a strong, unique password for every dating app

    If attackers steal data from one service, they almost always try the same credentials elsewhere. Using a unique password ensures that even if a dating app account is compromised, your email, social media or banking accounts remain protected. Avoid passwords tied to your name, birthday or location. A password manager generates and stores strong passwords so you don’t have to reuse them or write them down. Many managers also warn you if a password appears in a known breach or if you’re entering credentials on a suspicious site, which adds an extra layer of protection.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

    2) Enable two-factor authentication (2FA) wherever possible

    Two-factor authentication (2FA) adds a second step to the login process, usually through an app or device you control. Even if someone gets your password through phishing or a breach, 2FA makes it much harder for them to access your account.

    3) Be cautious of phishing messages

    Cybercriminals often follow up breaches with fake emails or in-app messages pretending to offer help or security updates. Always double-check the sender and avoid clicking links. When in doubt, open the app or website directly rather than responding to the message. Using strong antivirus software adds another layer of protection by flagging malicious links and blocking known threats before they can do harm. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    4) Limit the personal details you share

    Dating apps encourage openness, but oversharing can backfire. Avoid quickly sharing your phone number, employer, home address, or social media profiles. If attackers ever gain access to messages or profiles, less exposed information means less risk of harassment or identity abuse. For added protection, identity theft protection services can help monitor for misuse of your personal information and alert you early if your data shows up in fraudulent activity. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number, and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    5) Reduce your digital footprint with a data removal service

    A lot of targeted scams start with personal information pulled from data broker sites. Data removal services help take down your phone number, address and other details from these databases, making it harder for attackers to target you after a breach. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Secure your email account first

    Your email account controls password resets for most services. Protect it with a strong password and 2FA. Regularly review login activity and recovery settings so attackers can’t use your email to take over other accounts.

    HOW RING WILL USE NEW ‘FIRE WATCH’ TOOL IN REAL TIME

    Young Woman Using Dating App

    Dating apps Bumble and Match appear to have been caught up in a breach allegedly linked to the ShinyHunters hacking group, Kurt “CyberGuy” Knutsson writes. (SrdjanPav/Getty Images)

    7) Review app permissions and connected accounts

    Dating apps often ask for more access than they truly need. That can include your contacts, photos, location, or linked social media accounts like Instagram or Spotify. If a platform or connected service is ever compromised, those permissions can expose more of your personal data than you expect. Take a few minutes to review what each dating app can access on your phone. Remove permissions that are not essential. You should also disconnect any third-party accounts you no longer use inside the app. Fewer connections mean fewer ways for attackers to reach you.

    8) Watch for account changes after breach news

    Not every breach leads to immediate account takeovers. In some cases, attackers quietly test access weeks later. That is why staying alert after breach reports matters. Watch for password reset emails you did not request, profile changes you did not make, or new messages you did not send. Unexpected logouts or security alerts are also red flags. If you notice anything unusual, change your password immediately and review your security settings.

    9) Use built-in safety and privacy tools inside dating apps

    Most major dating apps now include safety features that many users ignore. These tools are designed to limit exposure and give you more control over who can contact you. Use features like in-app messaging, video chat before meeting in person, profile visibility controls and easy blocking or reporting options. Keeping conversations inside the app for as long as possible reduces the risk of scams and limits how much personal information you expose.

     CLICK HERE TO GET THE FOX NEWS APP

    Kurt’s key takeaway

    Dating apps thrive on intimacy, but cyberattacks turn that intimacy into a massive risk. Even when companies say user data wasn’t directly accessed, breaches show how easily attackers can get a foothold through phishing and weak accounts. If you think you have been affected, lock down your accounts, share thoughtfully and remember that anything you put online is only as private as the systems protecting it.

    Do you trust dating apps to keep your personal data safe, or have breaches changed how much you share? Let us know your thoughts by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2026 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link