ReportWire

Tag: Privacy

  • The WIRED Guide to Digital Opsec for Teens

    [ad_1]

    Expand your mind, man. Opsec is really all about time travel—taking small, protective steps now before you have a disaster on your hands later. If you’re not on auto-delete, then an explosive, emotional text exchange with the person you’re currently dating—or, ahem, photos you sent to each other—will hang around forever. It’s normal for things to change and for relationships of all types to come and go. You may trust someone and be close to them now but grow apart in a year or two.

    If you imagine an even more extreme scenario where you’re being investigated by the police, they could obtain warrants to search your digital accounts or devices. People have to go to great lengths to maintain their opsec if they’re trying to hide activity from law enforcement. To be clear, this guide is definitely not encouraging you to do crimes. Don’t do crimes! The goal is just to understand the value of keeping basic opsec principles in mind, because if some of your digital information is revealed haphazardly or out of context, it could, theoretically, appear incriminating.

    You probably intuitively understand a lot of this. Don’t give your password to friends, duh.) So this guide is going to largely skip the obvious and emphasize more subtle, unintended consequences of failing to practice good opsec.

    Memorable Opsec Fails

    “Signalgate,” 2025: US officials discussed war plans in a group chat on the mainstream, secure messaging app Signal. Then they accidentally added a journalist to the chat. Subsequently, US defense secretary Pete Hegseth famously (embarrassingly) messaged the chat, “we are currently clean on OPSEC.” At least some members of the chat were also potentially using a modified, insecure version of Signal. All extremely not clean on opsec.

    Gmail Drafts Exposed, 2012: Then-CIA director David Petraeus and his paramour shared a Gmail account to hide their communications by leaving them for each other to see as draft messages. Kind of ingenious given that this was before most texting or messaging apps offered timed disappearing/ephemeral messages, but the FBI figured out the strategy.

    Identities

    Opsec is all about compartmentalizing, and that’s the hardest part. Failure to compartmentalize is often how criminals get caught or how information that was meant to stay secret gets exposed. Think of your online life like rooms in a house. Each room has a separate key. If someone breaks into one room, they can grab everything there, but you don’t want them to be able to run wild beyond that room.

    You can have multiple identities online and compartmentalize the activities of each, but it takes forethought to maintain the separation. There’s the real you who uses your main Gmail or Apple ID for personal and family stuff and social accounts where you use your real name, plus school and maybe work. Another compartment is your school email and school file storage. Then there’s your more adaptable, online personas who may have semi-anonymous handles, like jnd03 for Jane Doe. Friends know that these accounts are yours and classmates can probably guess them. Finally, there may be a pseudonymous you: alt accounts with no obvious link to real you—like Jane Doe using the handles “_aksdi0_0” or “peter_mayfield01.”

    Rules of Separation

    You have accounts under your real name, but you probably also need pseudonymous accounts. Tight compartmentalization will prevent people from doxing your pseudonymous accounts. But that’s easier said than done.

    Obviously, don’t recycle usernames across platforms. If JaneD03 is your Instagram handle, don’t use it or a similar name for your anonymous Reddit account. Don’t even reuse passwords—but especially don’t reuse passwords between real and pseudonymous accounts. To prevent a compromised pseudonymous account from revealing your name, don’t use your main email address; instead, use a unique, pseudonymous one. Gmail “dot tricks” (jane.doe@, j.ane.doe@) don’t count, because they all equally reveal your master account.

    [ad_2]

    JP Aumasson, Lily Hay Newman

    Source link

  • Ethereum’s Vitalik Buterin Drops 256 ETH to Boost Next-Gen Encrypted Messaging

    [ad_1]

    Vitalik Buterin donates 256 ETH to two messaging apps.

    Ethereum co-founder Vitalik Buterin said end-to-end encrypted messaging is essential for protecting digital privacy, identifying permissionless account creation and metadata privacy as the next major priorities for the sector.

    He pointed to Session and SimpleX as two projects working on these areas and disclosed that he has donated 128 ETH to each of them.

    Major ETH Donations

    In a post on X this week, Buterin said both applications are attempting to strengthen decentralization and enhance user protections without relying on phone numbers, while also addressing challenges such as multi-device support and resistance to Sybil or denial-of-service attacks.

    Buterin said the donation addresses are publicly available on the projects’ websites and added that, although the platforms are not yet perfect, they represent active efforts to advance privacy-preserving communication. He also called for more developers to help tackle the technical problems that still remain, and added that these issues “need more eyes on them.”

    It is important to note that while Signal has emerged as a widely used encrypted messaging app, it faced renewed scrutiny following a March incident in which senior US national security officials accidentally included a reporter in a Signal group discussing strikes on Houthi targets in Yemen. Days later, a Pentagon-wide advisory warned against using the app for any non-public information, citing a vulnerability tied to its linked-devices feature.

    The memo said Russian hacking groups were targeting the users of the app through phishing tactics. Signal later attributed the issue to user-targeted attacks rather than problems with its encryption, and that the company had already implemented safeguards and warnings.

    Buterin’s Privacy Push

    The Ethereum co-founder has repeatedly spoken this year about treating privacy as a basic necessity for digital systems. Following a recent data breach involving major US banks, where client information from institutions including JPMorgan, Citi, and Morgan Stanley may have been exposed after a cyberattack on mortgage technology vendor SitusAMC, Buterin responded by describing privacy as a form of “hygiene.”

    You may also like:

    In an essay published in April, he argued that “privacy is an important guarantor of decentralization” and outlined a path for Ethereum to support stealth addresses, selective disclosure, and application-level zero-knowledge tools to help reduce unnecessary data exposure.

    More recently, he warned that X’s new geo-inference system, which assigns country labels to user accounts, poses privacy risks. He said such systems can still reveal sensitive location information and may endanger vulnerable users, even when only broad regions are disclosed.

    SPECIAL OFFER (Exclusive)

    SECRET PARTNERSHIP BONUS for CryptoPotato readers: Use this link to register and unlock $1,500 in exclusive BingX Exchange rewards (limited time offer).

    [ad_2]

    Chayanika Deka

    Source link

  • The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’

    [ad_1]

    After Myanmar’s military junta raided a notorious scam compound and destroyed buildings with explosives in October, officials claimed the country would entirelyeradicate” forced scamming within its borders. Now newly released satellite images of the targeted KK Park scam center reveal that only buildings in one limited section of the compound were destroyed during the initial raids. Experts on scam compounds, meanwhile, say the entire effort is likely “propaganda.”

    High-resolution images of the KK Park scam compound, which is located near the Myanmar-Thailand border, show how military forces have razed multiple buildings, leaving piles of rubble in their place. However, the images show the destruction is, so-far, confined to the Eastern side of the gigantic compound—with hundreds of buildings across the vast compound being left untouched.

    Multiple experts tell WIRED that the raids at KK Park and some other scam compounds are likely part of a wider “performative” effort by Myanmar’s military government, which has come under increasing pressure to tackle the highly lucrative scam compounds that have flourished in recent years. They also raise concerns about the welfare of thousands of people forced to run scams in KK Park.

    “The junta is making it sound as though they’re taking down the entire compound, and the imagery that we have seen so far is only limited to one section,” says Eric Heintz, a global analyst at the International Justice Mission, an anti-slavery organization. “It’s important to keep monitoring this to verify what they’re actually doing and [see] if this is just for show or if they’re actually cracking down on the real problem.”

    The satellite images, taken on November 16, appear to show that some buildings located around courtyards have been almost totally destroyed, with debris strewn around other buildings. Heintz says that the images, plus extra social media footage, indicates that some “villas” and dormitories where trafficking victims may have been housed appear to have been damaged or destroyed. (Myanmar’s military government has said further destruction started on November 17; third-party reports also suggest more buildings have been destroyed).

    “All of the critical buildings that you would need to perpetrate the scams are still intact and still ready for use,” says Mechelle B Moore, the CEO of anti-trafficking nonprofit Global Alms, which is based in Thailand and works to help people who have trafficked into scam compounds in Myanmar. “They’re putting on a good show right now to say that they don’t support scamming compounds or human trafficking. But what they’ve allowed is all the scamming syndicates—all of the scamming bosses and supervisors—have been allowed to flee,” Moore claims.

    Over the past decade, dozens of scam compounds have appeared in Southeast Asia, primarily across Myanmar, Cambodia, and Laos. Often operated by or linked to Chinese organized crime groups, the compounds trick people into working at them—often with the offer of high-paying jobs—and then force them to run a range of scams. Trafficking victims often have their passports taken; they can be tortured or beaten if they refuse to scam. By stealing from people around the world, the compounds have made billions for the organized crime groups.

    Amid the extensive criminality, KK Park has emerged as one of the largest and most notorious scam compounds in Myanmar. Five years ago, the site was a series of fields near the town of Myawaddy, but has since been transformed into a sprawling compound with hundreds of buildings and thousands of people held there.

    [ad_2]

    Matt Burgess

    Source link

  • Google Nest still sends data after remote control cutoff, researcher finds

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Google officially shut down remote control features for first and second generation Nest Learning Thermostats last month. Many owners assumed the devices would stop talking to Google once the company removed smart functions.

    New research, however, shows that these early Nest devices continue uploading detailed logs to Google even though support has ended.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Early Nest Learning Thermostats still send sensor data to Google even after losing remote features. (Google)

    Researcher finds unexpected data uploads from old Nest devices

    Security researcher Cody Kociemba uncovered this quiet data flow after digging into the backend as part of a repair bounty challenge run by FULU, a right-to-repair group cofounded by electronics repair expert and YouTuber Louis Rossmann. The challenge asked developers to restore lost smart features for unsupported Nest devices. Kociemba teamed up with the open-source community and created No Longer Evil, software that brings smart functionality back to these aging thermostats.

    While cloning Google’s API to build the project, he suddenly received a flood of logs from customer devices. That surprise led to a deeper look at what Google still collects.

    Google Nest thermostat at 68 degrees

    Researcher Cody Kociemba uncovered the ongoing data uploads while building a tool to restore smart functions. (Google)

    What Nest thermostats keep sending to Google

    Even though remote control no longer works, Kociemba found that early Nest Learning Thermostats still upload a steady stream of sensor data to Google. This includes:

    • Manual temperature changes
    • Whether someone is in the room
    • When sunlight hits the device
    • Temperature readings
    • Humidity levels
    • Motion activity
    • Ambient light data

    Kociemba says the volume of logs was extensive. He turned off the incoming data because he never expected the devices to remain connected to Google after the shutdown.

    Google previously said unsupported models will “continue to report logs for issue diagnostics.” However, Kociemba points out that Google cannot use that data to help customers anymore because support is fully discontinued. That makes the continued data flow even more puzzling.

    AI FLAW LEAKED GMAIL DATA BEFORE OPENAI PATCH

    CyberGuy contacted Google for comment, and a spokesperson provided us with the statement, 

    “The Nest Learning Thermostat (1st and 2nd Gen) is no longer supported in the Nest and Home apps, but temperature and scheduling adjustments can still be made directly on the unit. These devices will soon be unpaired and removed from all user accounts. Diagnostic logs, which are not tied to a specific user account, will continue to be sent to Google for service and issue tracking. Users who prefer to stop providing these logs can simply disconnect their device from Wi-Fi via the on-device settings menu.” 

    The Google Nest app

    The thermostats continue reporting temperature, motion and light data even though official support has ended.

    Why this discovery matters

    Google cut access to remote control, security updates, software updates and status checks through the Nest and Google Home apps. Owners can no longer rely on the devices for key smart features. Yet the thermostats still push data to Google, creating a one-way connection that helps the company more than the customer.

    Users do not benefit from the logs because support has been discontinued. Google cannot use these logs to diagnose problems or offer help. That raises questions about transparency and user choice for people who assumed the connection ended.

    The FULU bounty that sparked the discovery

    FULU’s bounty program encouraged developers to build tools that restore functionality to devices abandoned by their makers. After reviewing submissions, FULU awarded Kociemba and another developer known as Team Dinosaur the top bounty of $14,772 for bringing smart features back to early Nest models.

    Their work highlights how community-driven repair efforts can keep useful devices alive. It also reveals how companies handle device data long after official support stops.

    Ways to stay safe if you still use an old Nest thermostat

    If you keep one of these unsupported Nest thermostats on your network, you can take a few simple steps to protect your privacy. These tips help reduce what the device sends to Google and lower your exposure.

    1) Review your Google account activity

    Start by checking what Google has linked to your home devices. Visit myactivity.google.com and look for thermostat logs or events you do not expect.

    2) Place the device on a separate Wi-Fi network

    A guest network keeps the thermostat away from your main devices. This limits what the thermostat can reach and helps prevent broader access.

    3) Block outbound traffic when possible

    Some routers let you stop individual devices from sending data to the internet. This cuts off log uploads while still letting the thermostat control heating and cooling.

    4) Disable any remaining cloud features

    If the device menu still offers cloud settings, turn off anything related to remote access or online diagnostics. Even partial controls help reduce data flow.

    5) Remove old device associations from your Google account

    Check your connected devices in your Google settings. Remove any old Nest entries that no longer serve a purpose. This stops leftover links that may still send data.

    6) Adjust router settings that report device analytics

    Some routers send analytics back to the router maker. Turn off cloud diagnostics to reduce the footprint of unsupported smart products.

    7) Plan your replacement

    Unsupported devices lose security updates. If you cannot isolate the thermostat on your network, consider upgrading to a model that still receives patches.

    Pro Tip: Reduce your footprint with a data removal service

    A data removal service can help you cut down on the amount of personal information available to data brokers. This adds another layer of privacy that supports your smart home security.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    OVER 2B USERS FACE PHISHING RISKS AFTER GOOGLE DATA LEAK

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    Kurt’s key takeaways

    The discovery that old Nest thermostats still send data to Google long after losing smart features gives owners a reason to take a closer look at their connected home. Unsupported devices can continue to talk to servers even when the useful side of the relationship ends. Understanding what your gadgets share helps you make informed decisions about what stays on your network.

    Would you keep using a device that still sends data to its manufacturer even after it loses the features you paid for? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • How to stop Google AI from scanning your Gmail

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Google shared a new update on Nov. 5, confirming that Gemini Deep Research can now use context from your Gmail, Drive and Chat. This allows the AI to pull information from your messages, attachments and stored files to support your research.

    Some people view this as a convenience. They like the idea of faster answers and easier searches. If you feel that way, too, that is completely fine.

    However, many people do not want AI scanning private messages or personal documents. If that sounds like you, there is good news. You can turn these features off with a few quick taps in Gmail.

    Sign up for my FREE CyberGuy Report 
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    GOOGLE ISSUES WARNING ON FAKE VPN APPS

    Google’s new update allows Gemini to scan Gmail. These steps help you take control of your privacy. (Kurt “CyberGuy” Knutsson)

    Why this update matters

    This feature gives Google permission to scan every email in your Gmail account. That includes personal notes, financial documents, tax files and any sensitive information in your inbox. AI looks for patterns to improve responses, but Google says Gmail content is not used to train the Gemini model and that no user settings were changed automatically.  

    Google also says that Gmail, Docs and Sheets are not used for AI training unless you directly give Gemini that content yourself.

    While Google says the feature improves your experience, some users prefer more control. You may want privacy first and convenience second. If so, you can opt out today.

    GOOGLE CHROME AUTOFILL NOW HANDLES IDS

    How to stop AI from scanning your Gmail

    You can turn this off directly in Gmail settings. Follow these steps:

    Google homepage

    Open Gmail to start the process of turning off AI features. (Kurt “CyberGuy” Knutsson)

    • Tap the gear icon in the top right
    A screenshot of Google's account settings.

    Tap the gear icon to access your main Gmail settings. (Kurt “CyberGuy” Knutsson)

    A screenshot of Google's account settings.

    Select See all settings to reach the full menu. (Kurt “CyberGuy” Knutsson)

    • Scroll until you find Smart Features
    • Turn off Smart features by clicking it off.
    A screenshot of Google's account settings.

    Scroll until you find Smart features and personalization.  (Kurt “CyberGuy” Knutsson)

    • It will ask you to click “Turn off and reload.” 
    A screenshot of Google's account settings.

    Turn off Smart features to reduce scanning across your inbox. (Kurt “CyberGuy” Knutsson)

    • Now, scroll to Google Workspace smart features and click “Manage Workspace smart feature settings.”
    A screenshot of Google's account settings.

    Go to Google Workspace smart features for the next control. (Kurt “CyberGuy” Knutsson)

    • Turn off both checkboxes and then click Save. 
    A screenshot of Google's account settings.

    Turn off both checkboxes to stop extra data scanning. (Kurt “CyberGuy” Knutsson)

    • A pop-up will appear in the bottom left-hand corner of the screen that says “Your preferences have been saved.” 
    A screenshot of Google's account settings.

    Watch for the confirmation pop up that tells you the changes are active. (Kurt “CyberGuy” Knutsson)

    Once you switch these off, Gmail stops scanning your messages for smart features or AI enhancements. This returns control to you.

    What happens when you turn it off

    After you disable these settings, features like smart email suggestions may stop working. That includes predictive text, automatic bill reminders and quick booking prompts. You can always turn them back on if you change your mind.

    Turning these off does not break Gmail. Your inbox works the same. You simply gain more privacy while you use it.

    Want a more private inbox?

    If you’d rather keep your email fully separate from AI features, you may want to consider a privacy-focused email service. They don’t scan your messages or use your inbox to train any systems. Everything stays private and encrypted.

    For people who want more control over their digital privacy, these private and secure email providers offer a straightforward way to keep email activity protected. They give you peace of mind knowing your messages aren’t being analyzed in the background.

    For recommendations on private and secure email providers, visit Cyberguy.com.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    Kurt’s key takeaways

    Google’s newest update blends convenience with automation. It can simplify research by tapping into your Gmail, Drive and Chat. Still, many people want a clear boundary between AI tools and personal messages. With a few quick steps, you can keep your inbox private without losing access to core Gmail features. Just keep in mind: Google says Gmail content isn’t used to train Gemini unless you explicitly give that content to the AI.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Do you think AI tools should have access to your messages by default or should companies ask before scanning anything? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • ‘Cloud Storage Full’ scam steals your photos and money

    [ad_1]

    NEWYou can now listen to Fox News articles!

    A new scam is sweeping across smartphones and catching thousands of people off guard. Criminals are sending fake “Cloud Storage Full” or “photo deletion” alerts that claim your images and videos are about to disappear unless you upgrade your storage. 

    The warning looks urgent and real. It even mimics major cloud services. But the moment you click the link, you enter a trap.

    Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

    How this fast-growing ‘Cloud Storage Full’ scam tricks victims

    Trend Micro researchers recently uncovered this fast-growing phishing campaign after seeing a massive jump in activity. The company reports a 531% month-over-month spike from September to October, which shows how quickly the scheme is spreading.

    PROTECT YOUR DATA BEFORE HOLIDAY SHOPPING SCAMS STRIKE

    Scammers use convincing storage alerts and fake dashboards to push victims into paying small fees that expose their credit card details. (Pixelfit/Getty Images)

    Scammers are sending personalized SMS and iMessage alerts that include your name and a believable count of photos or videos. Once you tap the link, you land on a convincing fake website that appears to be a cloud storage dashboard. From there, you are urged to pay a tiny $1.99 upgrade fee to prevent deletion. Instead of protecting anything, you hand over your credit card, PayPal login or other personal information.

    Trend Micro provided several screenshots and internal samples that reveal how polished the scam has become. The fake sites use progress bars, countdown timers and warnings that your files will be lost. They even simulate a cloud storage layout to match the look of popular platforms. 

    Jon Clay, VP of threat intelligence at Trend Micro, shared an important warning to CyberGuy:

    “The recent spike in ‘Cloud Storage Full’ scams shows just how well cybercriminals are perfecting emotional manipulation. These scams prey on fear and urgency, warning users their photos will be deleted unless they pay a small upgrade fee. During a time of year when we may be capturing many precious moments on camera, scammers are targeting older adults who may think this type of scam message is legitimate and who may be worried and anxious about losing something that cannot easily replace. Consumers should always stay cautious of unsolicited messages and always verify alerts directly through official apps or websites.”

    Trend Micro’s analysis outlines exactly how the scam works, from the initial message to the final theft. Their screenshots show fake dashboards, false warnings and pages asking for credit card or PayPal details. Some versions even redirect to legitimate sites later to cover their tracks.

    How the ‘Cloud Storage Full’ scam works

    Scammers follow a predictable pattern with this scheme, and each stage reveals a clear red flag that can help you spot the danger early.

    1) Initial contact

    Victims receive an unsolicited SMS or iMessage that claims their photos or videos will be deleted soon. Messages include the person’s first name and fake counts like “1,675 images” or “2,010 snaps” to boost credibility. Scammers add statements like “Act now” or “Final warning” to trigger panic. Each message ends with a short link that leads to a malicious .info domain.

    FAKE CHATGPT APPS ARE HIJACKING YOUR PHONE WITHOUT YOU KNOWING

    2) Trust building

    After tapping the link, the user arrives at a fake “Cloud Storage Full” website. It mirrors the fonts, icons and button styles of real cloud services. Users see alerts such as “Your photos, contacts and private data will be lost.” Everything looks polished to reduce suspicion.

    3) The hook

    The site claims your storage is completely full and urges a one-time upgrade for $1.99. A progress bar sits at 100% full and a countdown timer warns that data will vanish in minutes. The “Continue” button goes to a fake payment page.

    4) The exit

    Once victims enter credit card or PayPal details, scammers harvest the data instantly. Attackers may use stolen credentials for unauthorized purchases, credential stuffing or resale on dark web markets. Some victims receive fake receipt emails to make the charge look legitimate.

    Trend Micro reports that certain scam sites later redirect to real pages like iolo.com to hide their tracks.

    An elderly man purchasing something with his credit card online

    Scammers use fake dashboards and alerts to push victims to share payment info. (Kurt “CyberGuy” Knutsson)

    Red flags to watch for

    • Urgent warnings that your photos will be deleted
    • Unfamiliar links ending in .info
    • Messages that include your name to appear credible
    • Payment requests for tiny fees like $1.99
    • Countdown timers meant to force quick decisions
    • Sites that look familiar but have unusual URLs

    Tips to stay safe from ‘Cloud Storage Full’ scams

    Scammers rely on fear and urgency to push quick decisions, but a few smart habits can shut down their tricks before they start.

    1) Verify alerts inside the official app or website

    Open your cloud storage app or go to the official website directly. If you see a real problem, it will appear there. This simple step prevents you from reacting to fake warnings.

    GHOST-TAPPING SCAM TARGETS TAP-TO-PAY USERS

    2) Never tap storage alerts sent through SMS or iMessage and use strong antivirus software

    Break the habit of tapping links in messages. Real cloud services rarely text users about photo deletion. A strong antivirus tool will flag dangerous links before they open.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com

    3) Use a data removal service

    Consider using a reputable data removal service to scrub your personal details from data broker sites. This step makes it harder for scammers to target you with personalized messages that look real.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    4) Watch for strange links

    Look closely at every link. Scammers rely on short domains that look suspicious. Legitimate companies avoid shortened URLs and unknown domains.

    5) Use multi-factor authentication

    Turn on multi-factor authentication (MFA) for all cloud and payment accounts. It adds a powerful layer of protection if criminals steal your login.

    6) Check your credit card for small test charges

    Review your statements often. Attackers start with tiny charges to test a card before making bigger purchases.

    GEEK SQUAD SCAM EMAIL: HOW TO SPOT AND STOP IT

    7) Use a password manager

    A good password manager helps you create strong, unique passwords. It limits the fallout if your login appears in a data breach.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Man reviews inheritance documents

    These fake storage warnings mimic real cloud services and pressure users to upgrade for $1.99. Once you enter payment info, scammers steal it instantly. (uchar/Getty Images)

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    8) Report suspicious messages

    Forward scam texts to 7726 (SPAM). This helps carriers block similar messages for everyone.

    Kurt’s key takeaways

    This scam spreads because it hits people where they are most vulnerable. Our phones store personal memories, family events and moments we never want to lose. Scammers know this and are now creating messages that look real enough to fool even the most cautious users. Emotional triggers like fear and urgency remain powerful tools for cybercriminals. Always question surprise warnings about data loss. When in doubt, check your account directly through the official app or website. A few seconds of verification can save you from credit card theft and identity headaches.

    Have you ever received a message like this, and how did you handle it? Let us know by writing to us at Cyberguy.com

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report 

    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • US Border Patrol Is Spying on Millions of American Drivers

    [ad_1]

    Eight years after a researcher warned WhatsApp that it was possible to extract user phone numbers en masse from the Meta-owned app, another team of researchers found that they could still do exactly that using a similar technique. The issue stems from WhatsApp’s discovery feature, which allows someone to enter a person’s phone number to see if they’re on the app. By doing this billions of times—which WhatsApp did not prevent—researchers from the University of Vienna uncovered what they’re calling “the most extensive exposure of phone numbers” ever.

    Vaping is a major problem in US high schools. But is the solution to spy on students in the bathroom? An investigation by The 74, copublished with WIRED, found that schools around the country are turning to vape detectors in an effort to crack down on nicotine and cannabis consumption on school grounds. Some of the vape detectors go far beyond detecting vapor by including microphones that are surprisingly accurate and revealing. While few defend addiction and drug use, even non-vapers say the added surveillance and the punishments that result go too far.

    Don’t look now, but that old networking equipment your company hasn’t thought about in years may jump out and bite you. Tech giant Cisco this week launched a new initiative, warning companies that AI tools are making it increasingly simple for attackers to find vulnerabilities in outdated and unpatched networking infrastructure. The message: Upgrade or else.

    If you’ve ever attended a conference, you probably worried about getting sick in the cesspools that are a conference center. But one hacker conference in New Zealand, Kawaiicon, invented a novel way to keep attendees a little bit safer. By tracking the CO2 levels in each conference room, Kawaiicon’s organizers were able to create a real-time air-quality monitoring system, which would tell people which rooms were safe and which seemed … gross. The project brings new meaning to antivirus monitoring.

    And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    The US Border Patrol is operating a predictive-intelligence program that monitors millions of American drivers far beyond the border, according to a detailed investigation by the Associated Press. A network of covert license-plate readers—often hidden inside traffic cones, barrels, and roadside equipment—feeds data into an algorithm that flags “suspicious” routes, quick turnarounds, and travel to and from border regions. Local police are then alerted, resulting in traffic stops for minor infractions like window-tint violations, air fresheners, or marginal speeding. AP reviewed police records showing that drivers were questioned, searched, and sometimes arrested despite no contraband being found.

    Internal group chats obtained through public-records requests show Border Patrol agents and Texas deputies sharing hotel records, rental car status, home addresses, and social media details of US citizens in real time while coordinating what officers call “whisper stops” to obscure federal involvement. The AP identified plate-reader sites more than 120 miles from the Mexican border in the Phoenix area, as well as locations in metropolitan Detroit and near the Michigan-Indiana line that capture traffic headed toward Chicago and Gary. Border Patrol also taps DEA plate-reader networks and has, at various times, accessed systems run by Rekor, Vigilant Solutions, and Flock Safety.

    CBP says the program is governed by “stringent” policies and constitutional safeguards, but legal experts told AP that its scale raises new Fourth Amendment concerns. A UC Law San Francisco official said the system amounts to a “dragnet” tracking Americans’ movements, associations, and daily routines.

    Microsoft claims to have mitigated the largest distributed denial-of-service (DDoS) attack ever recorded in a cloud environment—a 15.72 Tbps, 3.64-billion-pps barrage launched on October 24 against a single Azure endpoint in Australia. Microsoft says The attack “originated from the Aisuru botnet,” a Turbo-Mirai–class IoT network of compromised home routers, cameras, and other consumer devices. More than 500,000 IP addresses are said to have participated, generating a massive DDoS attack with little spoofing. Microsoft says its global Azure DDoS Protection network absorbed the traffic without service disruption. Microsoft described the attack as the “the largest DDoS ever observed in the cloud,” emphasizing the single endpoint; however, Cloudflare also recently reported a 22.2 Tbps flood, naming it the largest DDoS attack ever seen.

    Researchers note that Aisuru has recently launched multiple attacks exceeding 20 Tbps and is expanding its capabilities to include credential stuffing, AI-driven scraping, and HTTPS floods via residential proxies.

    The US Securities and Exchange Commission has dropped its remaining claims against SolarWinds and its CISO, Tim Brown, ending a long-running case over the company’s 2020 supply-chain hack, in which Russian SVR operatives allegedly compromised SolarWinds’ Orion software and triggered widespread breaches across government and industry. The agency’s lawsuit—filed in 2023 and centered on alleged fraud and internal-control failures—had already been mostly dismantled by a federal judge in 2024. SolarWinds called the full dismissal a vindication of its argument that its disclosures and conduct were appropriate and said it hopes the outcome eases concerns among CISOs about the case’s potential chilling effect.

    Law enforcement records show that the FBI accessed messages from a private Signal group used by New York immigration court-watch activists—a network that coordinates volunteers monitoring public hearings at three federal immigration courts. According to a two-page FBI/NYPD “joint situational information report” dated August 28, 2025, agents quoted chat messages, labeled the nonviolent court watchers as “anarchist violent extremist actors,” and circulated the assessment nationwide. The report did not explain how the FBI penetrated an encrypted Signal group, but it claimed the information came from a “sensitive source with excellent access.”

    The documents, first reported by the Guardian, were original obtained by the government-transparency group Property of the People. They describe activists discussing how to enter courtrooms, film officers, and gather identifying details of federal personnel, but provide no evidence to support the FBI’s allegation that a member previously advocated violence. A separate set of records—also obtained by the group—shows the bureau framed ordinary observation of public immigration hearings as a potential threat, even as Immigration and Customs Enforcement has escalated courthouse arrests and set what advocates call “deportation traps.” Civil liberties experts told the paper that the surveillance mirrors earlier FBI campaigns targeting lawful dissent and risks chilling protected political activity.

    [ad_2]

    Dell Cameron, Andrew Couts

    Source link

  • Fake ChatGPT apps are hijacking your phone without you knowing

    [ad_1]

    NEWYou can now listen to Fox News articles!

    App stores are supposed to be reliable and free of malware or fake apps, but that’s far from the truth. For every legitimate application that solves a real problem, there are dozens of knockoffs waiting to exploit brand recognition and user trust. We’ve seen it happen with games, productivity tools and entertainment apps. Now, artificial intelligence has become the latest battleground for digital impostors.

    The AI boom has created an unprecedented gold rush in mobile app development, and opportunistic actors are cashing in. AI-related mobile apps collectively account for billions of downloads, and that massive user base has attracted a new wave of clones. They pose as popular apps like ChatGPT and DALL·E, but in reality, they conceal sophisticated spyware capable of stealing data and monitoring users.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    OPENAI ACCUSES NY TIMES OF WANTING TO INVADE MILLIONS OF USERS’ PRIVACY IN PAPER’S LAWSUIT AGAINST TECH GIANT

    Fake AI apps pose as trusted tools like ChatGPT and DALL·E while secretly stealing user data. (Kurt “CyberGuy” Knutsson)

    What you need to know about the fake AI apps

    The fake apps flooding app stores exist on a spectrum of harm, and understanding that range is crucial before you download any AI tools. Take the “DALL·E 3 AI Image Generator” found on Aptoide. It presents itself as an OpenAI product, complete with branding that mimics the real thing. When you open it, you see a loading screen that looks like an AI model generating an image. But nothing is actually being generated.

    Network analysis by Appknox showed the app connects only to advertising and analytics services. There’s no AI functionality, just an illusion designed to collect your data for monetization.

    Then there are apps like WhatsApp Plus, which are far more dangerous. Disguised as an upgraded version of Meta’s messenger, this app hides a complete malware framework capable of surveillance, credential theft and persistent background execution. It’s signed with a fake certificate instead of WhatsApp’s legitimate key and uses a tool often used by malware authors to encrypt malicious code.

    Once installed, it silently requests extensive permissions, including access to your contacts, SMS, call logs, device accounts and messages. These permissions allow it to intercept one-time passwords, scrape your address book and impersonate you in chats. Hidden libraries keep the code running even after you close the app. Network logs show it uses domain fronting to disguise its traffic behind Amazon Web Services and Google Cloud endpoints.

    Not every clone is malicious. Some apps identify themselves as unofficial interfaces and connect directly to real APIs. The problem is that you often can’t tell the difference between a harmless wrapper and a malicious impersonator until it’s too late.

    ChatGPT app

    Clones hide spyware that can access messages, passwords and contacts. (Kurt “CyberGuy” Knutsson)

    Users and businesses are equally at risk

    The impact of fake AI apps goes far beyond frustrated users. For enterprises, these clones pose a direct threat to brand reputation, compliance and data security.

    When a malicious app steals credentials while using your brand’s identity, customers don’t just lose data but also lose trust. Research shows customers stop buying from a brand after a major breach. The average cost of a data breach now stands at 4.45 million dollars, according to IBM’s 2025 report. In regulated sectors like finance and healthcare, such breaches can lead to violations of GDPR, HIPAA and PCI-DSS, with fines reaching up to 4% of global turnover.

    A folder labeled "AI" is seen on a smartphone.

    These impostors harm both users and brands, leading to costly data breaches and lost trust. (Kurt “CyberGuy” Knutsson)

    8 steps to protect yourself from fake AI apps

    While the threat landscape continues to evolve, there are practical measures you can take to protect yourself from malicious clones and impersonators.

    1) Install reputable antivirus software

    A quality mobile security solution can detect and block malicious apps before they cause damage. Modern antivirus programs scan apps for suspicious behavior, unauthorized permissions and known malware signatures. This first line of defense is especially important as fake apps become more sophisticated in hiding their true intentions.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    2) Use a password manager

    Apps like WhatsApp Plus specifically target credentials and can intercept passwords typed directly into fake interfaces. A password manager autofills credentials only on legitimate sites and apps, making it significantly harder for impostors to capture your login information through phishing or fake app interfaces.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    3) Consider identity theft protection services

    Given that malicious clones can steal personal information, intercept SMS verification codes and even impersonate users in chats, identity theft protection provides an additional safety net. These services monitor for unauthorized use of your personal information and can alert you if your identity is being misused across various platforms and services.

    Identity theft companies can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    PROTECTING KIDS FROM AI CHATBOTS: WHAT THE GUARD ACT MEANS

    4) Enable two-factor authentication everywhere

    While some sophisticated malware can intercept SMS codes, 2FA still adds a critical layer of security. Use authenticator apps rather than SMS when possible, as they’re harder to compromise. Even if a fake app captures your password, 2FA makes it significantly more difficult for attackers to access your accounts.

    5) Keep your device and apps updated

    Security patches often address vulnerabilities that malicious apps exploit. Regular updates to your operating system and legitimate apps ensure you have the latest protections against known threats. Enable automatic updates when possible to stay protected without having to remember manual checks.

    6) Download only from official app stores

    Stick to the Apple App Store and Google Play Store rather than third-party marketplaces. While fake apps can still appear on official platforms, these stores have security review processes and are more responsive to removing malicious applications once they’re identified. Third-party app stores often have minimal or no security vetting.

    7) Verify the developer before downloading

    Check the developer name carefully. Official ChatGPT apps come from OpenAI, not random developers with similar names. Look at the number of downloads, read recent reviews and be suspicious of apps with few ratings or reviews that seem generic. Legitimate AI tools from major companies will have verified developer badges and millions of downloads.

    8) Use a data removal service

    Even if you avoid downloading fake apps, your personal information may already be circulating on data broker sites that scammers rely on. These brokers collect and sell details like your name, phone number, home address and app usage data, information that cybercriminals can use to craft convincing phishing messages or impersonate you.

    A trusted data removal service scans hundreds of broker databases and automatically submits removal requests on your behalf. Regularly removing your data helps reduce your digital footprint, making it harder for malicious actors and fake app networks to target you.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaway

    The AI boom has driven massive innovation, but it has also opened new attack surfaces built on brand trust. As adoption grows across mobile platforms, enterprises must secure not only their own apps but also track how their brand appears across hundreds of app stores worldwide. In a market where billions of AI app downloads have happened, the clones aren’t coming. They’re already here, hiding behind familiar logos and polished interfaces.

    Have you ever downloaded a fake AI app without realizing it? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Craigslist car report scam targets vehicle sellers

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Selling your car online should be simple. Lately, though, more sellers are running into fake “vehicle report” demands from so-called buyers. The pitch looks routine, yet it leads straight to a payment page on a site you don’t know. 

    We heard from Nick K. of Washington, who spotted the pattern in real time.

    “In trying to sell a car, it has become apparent that there is a scam related to CarFax-type reports,” Nick wrote in an email to us. “The way it works is a guy texts or emails saying they are interested in your car, but they say they must have a car report from a specific service. At first, I thought it was just a way for a guy to sell more reports, but after thinking about it for a while, it seems like it could be a great way to harvest credit card numbers, etc. I have not been a victim of this, but in the course of selling a car recently, I had several instances of this. There are several warning signs: ‘Will you accept cash?’ Questions indicating they have not read the ad. Offering more than the ad asks for. Short nonsensical first contact. These are just the usual signs I am looking for when I am trying to decide if someone responding to a Craigslist or FB ad is legit.”

    Nick’s instincts are spot on. This Craigslist car report scam has been spreading across Craigslist, Facebook Marketplace and other online classifieds.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    CONNECTICUT MAN LOSES LIFE SAVINGS IN CRYPTO SCAM

    Scammers posing as buyers on Craigslist are asking sellers to buy fake “vehicle history reports” from fraudulent sites.  (Kurt “CyberGuy” Knutsson)

    How the Craigslist car report scam works

    This scam often starts with a message that looks completely normal. A supposed buyer texts asking something like, “1985 F150 Available?” and quickly follows up with friendly but vague questions such as, “OK, I’m interested in seeing it. When and where would be good for you?”

    Once you respond, the “buyer” develops just enough rapport to sound legitimate. Then comes the setup. The “buyer” says he is serious about purchasing but wants to see a detailed ASR report first, something most sellers have never heard of.

    That’s exactly what happened to Nick K. After he shared the Craigslist link and vehicle details, the fake buyer sent this reply:

    “Auto Smart Report, here’s the link you can get the papers from. Oh, I forgot to ask for your name? I’m Richard. Will you accept a cash payment? Let me know.”

    It sounds harmless, even reassuring. But the scam hinges on getting you to click that link. The site looks professional, promising a “Complete Vehicle History at Your Fingertips.” Yet once you enter your information, you’re not buying a report; you’re handing over your credit card details and personal data to criminals.

    When the seller, in this case, pushed back, the scammer doubled down with more pressure tactics.

    “If you can show me the Auto Smart Report, that would be great, as it’s the most reliable and complete report. My offer to you is $7,000. I have no issue with that.” Notice the scammer just increased the amount that he is willing to pay for the vehicle by $500.

    They’ll say anything to keep you engaged and make the transaction sound routine. But the moment you pay for the fake report, the buyer disappears. His only goal is to harvest your financial information, not purchase your vehicle.

    INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU

    A fraudulent email exchange

    Behind the friendly text messages, these fake buyers are after your payment info, not your vehicle. (Kurt “CyberGuy” Knutsson)

    Warning signs to watch for

    • Requests for unknown report names like “ASR”
    • Messages that ignore your ad details
    • Offers above your asking price
    • Phrases like “will you accept cash?” or “I just need to see a report first”
    • Demands for a specific site instead of accepting a Carfax, AutoCheck or NMVTIS report
    • Generic greetings like “dear,” “brother” or “friend”

    If you see two or more of these at once, treat the lead as suspicious.

    TOP 5 OVERPAYMENT SCAMS TO AVOID

    A fraudulent email exchange

    These convincing messages often include phrases like “I just need to see an ASR report first” or “will you accept cash?” to appear legitimate. (Kurt “CyberGuy” Knutsson)

    How to stay safe from Craigslist car report scams

    Even the most convincing buyer could turn out to be a scammer, but these smart moves can help you stay safe, protect your money and keep your personal data out of the wrong hands.

    1) Do not click buyer-sent links, and use strong antivirus software

    Avoid clicking any link sent through text, email or messaging apps. These often lead to phishing sites or hidden malware downloads. Keep your devices protected with strong antivirus software. Run regular scans and keep your software updated to block new threats.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    2) Never enter payment info on unfamiliar sites

    If a buyer insists you use a website you’ve never heard of, stop immediately. Always verify a site’s legitimacy before sharing any financial or personal details.

    3) Use a data removal service

    Consider a data removal service to remove your personal details from data broker sites. This limits how easily scammers can find and target you.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    4) Use trusted report services

    Stick to established names like Carfax, AutoCheck or NMVTIS. These are widely recognized and accepted by real buyers.

    5) Share your VIN in the ad

    Including your vehicle’s VIN lets genuine buyers run their own reports safely without needing your involvement.

    6) Block and report scammers

    Report suspicious messages directly to the platform and to the FTC at reportfraud.ftc.gov. Sharing details helps others stay safe.

    7) If you paid on a fake site

    Contact your bank right away, cancel the card and monitor your account for unauthorized charges. Quick action can prevent further loss.

    8) Meet smart and stay cautious

    When meeting a buyer, choose a public place with security cameras. Bring a friend, keep your phone charged and document all communication.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    This scam works because a vehicle report sounds routine. A fake buyer pushes you to a site you’ve never heard of, then applies pressure to act fast. Slow down, verify and stick to well-known services. Real buyers will accept a report you provide or will run one themselves. You can still sell safely on marketplaces by following a few simple rules. Control the process, choose the report source and avoid links sent by strangers. Thanks to readers like Nick, more sellers can spot the trap before any money or data is at risk.

    Have you seen buyers pushing odd report sites when you sell online? What tipped you off first?  Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Children’s Advocacy Group Urges Families Not to Buy This Type of Toy for the Holidays

    [ad_1]

    With the holiday season around the corner, a proliferation of robots are on sale—but unlike the Furbies and Poo-Chis of the past, today’s robots are powered by AI. And consumer advocates are warning parents to steer clear.

    Children’s advocacy group Fairplay published an advisory on Thursday urging families to resist the urge to purchase toys powered by AI LLMs. 

    “AI toys use the very same AI systems that have produced unsafe, confusing, or harmful experiences for older kids and teens,” the advisory reads. “Yet, they are being marketed to the youngest children, who have the least ability to recognize or protect themselves from these dangers.”

    The advisory offered four other reasons to avoid AI toys. It warned that they can prey on children’s trust, blurring the lines between corporate-made machines and caregivers, as well as disrupt children’s understanding of healthy relationships. It also noted that the toys can collect and potentially sell sensitive data even “when they appear to be off.” It finally warned that AI toys can monopolize attention, displacing foundational activities like “actual imaginative, child-led play.” The advisory was endorsed by 160 organizations and individuals including groups like the nonprofit Center for Digital Democracy, Better Screen Time, and Mothers Against Media Addiction.

    The advisory falls short of actually naming and shaming specific AI-powered toys or brands. But it comes about a week after U.S. PIRG Education Fund released its annual Trouble in Toyland report that assessed four different AI-powered toys. PIRG’s report noted that the toys gradually lost the ability to steer away from inappropriate topics over the course of longer conversations. The Kumma teddy bear, made by Chinese company FoloToy, was reportedly the worst offender. Running on OpenAI’s GPT-4o, it discussed everything from how to light matches and where to find knives, to various sexual fetishes, Futurism reported

    Shortly after the report was published, FoloToy confirmed to PIRG that it suspended sales of all of its toys, and an OpenAI spokesperson said the company “suspended this developer for violating our policies.” OpenAI is currently embroiled in numerous lawsuits alleging the chatbot encouraged discussions that led to suicide and mental breakdowns, according to The New York Times.

    [ad_2]

    Chloe Aiello

    Source link

  • Protect your data before holiday shopping scams strike

    [ad_1]

    NEWYou can now listen to Fox News articles!

    The holiday season is the happiest and riskiest time of year to be online. As millions of us gear up for Black Friday and Cyber Monday deals, scammers do the same.

    Every year, they target holiday shoppers with fake websites, “too-good-to-be-true” deals and scam emails that look identical to legitimate retailers. But here’s the part most people miss: scammers don’t just rely on luck. They already have your personal data before you even click “add to cart.”

    From leaked email addresses to exposed phone numbers and home addresses, your personal information is being bought and sold by data brokers, companies that collect and resell detailed profiles about you. Those profiles are exactly what scammers use to send realistic “order confirmations,” fake delivery alerts and “urgent payment” texts during this holiday period and beyond.

    Let’s unpack how this works and what you can do now to stay safe before the holiday chaos begins.

    RETIREES LOSE MILLIONS TO FAKE HOLIDAY CHARITIES AS SCAMMERS EXPLOIT SEASONAL GENEROSITY

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Scammers ramp up fake websites and emails during the holiday shopping rush. (iStock)

    Why scammers love the holiday season

    November through December is a goldmine for cybercriminals. According to the CISA, reports of online shopping scams spike during this time of year and vary in their approaches. The reason? We let our guard down when we’re rushed, distracted or excited by a deal. Staying alert during the holiday season can help you avoid data exposure and financial losses. Here are some of the most common scams you should be aware of. 

    Phantom stores

    The surge of promotions during the holiday season is the perfect time for “phantom stores” to thrive. It’s a fraudulent store that mimics the interface and products of a well-known brand. Once you purchase from such a website, you’ll never receive your order as the store doesn’t actually exist.

    Real-world example: Fake IKEA websites appeared with URLs spelled “ikeaa-sale.com” and “ikea-blackfriday.shop,” mimicking the official ikea.com interface with copied product images, logos and discount banners.

    They lured shoppers with huge discounts and clearance offers to steal credit card data. Eventually, they were reported and taken down, but the damage has been done.

    What to do? Always check the URL of the store you shop at and only click links from the store’s official website or social media.

    Delivery scams

    According to recent research, some of the most popular shopping apps like Temu are selling your location data to third parties. It’s no surprise that you might receive fake delivery texts.

    man rating his experience on the app after ordering food to his house

    Your leaked data fuels realistic “order” and “delivery” scams online. (iStock)

    MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH

    Real-world example: Temu is a popular app for scammers to mimic. They can easily find your contact information and order details to text “Your order couldn’t be delivered.” Each text contains a phishing link that can install malware on your device or steal your personal information. That’s why Temu warns its users about the couriers they partner with.

    What to do? Make sure the texts you receive come from a legit courier service and double-check it on the store’s website.

    Fake order emails

    Some scammers use sophisticated phishing tactics to lure victims. They engineer emails from well-known brands, use an urgent tone, place malicious links and urge you to click on your order status. In reality, there is no order status – they’re stealing your data.

    Real-world example: Amazon is one of the biggest online retailers worldwide, and that makes the brand easy to mimic. Scammers send emails on behalf of Amazon to try to steal customers’ personal data because it’s highly likely that their victims have used Amazon, making it less suspicious. However, phishing emails have some telltale signs you can look out for.

    What to do? Never click on any suspicious links and always check the sender’s contact information.

    Unwanted data exposure

    When you shop online, you should be aware of the data you share, including your contact information, shopping habits, credit card details and more. All stores collect some type of data about you. However, some companies collect more than you think.

    Real-world example: The infamous Target controversy in 2012 revealed how big retailers use data analysis to predict your shopping behavior. The company collected shopping data and managed to produce a predictive model for soon-to-be mothers.

    They sent out brochures with baby clothes, vouchers for baby formula and more before the customers even knew they were pregnant. Thankfully, modern shopping looks a bit different. You can opt out of certain data collection and exercise your right to remove personal information from websites that collect it.

    What to do? Check what data the stores collect about you and request the removal of any private information you don’t want them to have.

    THE TRUTH BEHIND THOSE MYSTERIOUS SHIPMENT EMAILS IN YOUR INBOX

    How scammers find you

    Imagine you’re browsing for gifts online. Within minutes, your activity generates data points – device info, IP address, browsing habits that feed into online databases. At the same time, data brokers already have your full profile: age, income, address history, family members and even shopping behavior. These profiles are sold to marketers and often leak into criminal databases.

    That’s why scam calls, texts and emails often feel so “real.” They use your name, the right retailer, even your city. They’re not guessing. They’ve bought your digital footprint.

    The “holiday cleanup” your data needs

    Most people clear their browser cookies or delete old emails to “stay private.” But that’s like locking your front door while leaving all your personal documents on the lawn.

    If you want to stop scammers from targeting you this holiday season, you need to remove your personal data from the source, the data broker databases that feed these scams.

    That’s where a data removal service comes in. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    Practical steps before you shop

    To make sure your online shopping season stays stress-free and scam-free, here’s what CyberGuy recommends doing this week:

    INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU

    1) Run a privacy scan with a data removal service

    Before the holiday rush, remove your exposed data from data brokers. You’ll reduce the number of scam calls, emails and texts you get this season and protect your financial info before it’s too late.

    man holding credit card and on laptop

    Take control by removing personal data from broker databases before you shop. (iStock)

    2) Secure your email

    Use strong, unique passwords for each online store or service. Consider a password manager to simplify this.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    3) Check for fake stores

    Before clicking a social media ad or email, hover over the link. Legit retailers use secure “https://” URLs and their exact brand name – no extra words or letters.

    4) Avoid public Wi-Fi

    Don’t shop or enter payment info over public Wi-Fi in an airport, café or mall, for example. Scammers can easily intercept unencrypted traffic.

    5) Use credit cards or PayPal – not debit cards

    HACKERS TARGET ONLINE STORES WITH NEW ATTACK

    Credit cards have stronger fraud protection and make it easier to dispute unauthorized charges.

    6) Enable two-factor authentication (2FA)

    Turn on 2FA for your email, bank and shopping accounts. Even if scammers get your password, they can’t log in without your second verification step.

    7) Keep your software and apps updated

    Cybercriminals often exploit outdated browsers or apps. Update your phone, computer and shopping apps before the holiday rush to close those security holes.

    8) Monitor your bank and credit statements

    Check your accounts daily during the shopping season. The faster you spot a suspicious charge, the easier it is to reverse and protect your funds.

    Kurt’s key takeaways

    Black Friday through Cyber Monday is the peak time for data harvesting. Every purchase, coupon code and sign-up adds to the profile that marketers and data brokers hold on you. That information can linger online for years, long after the sales end. The good news? It’s easier than ever to reclaim your privacy. By taking just a few minutes today, you can enjoy the holidays knowing your personal data is no longer on the open market.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    How confident are you that your personal data isn’t already fueling a scam this holiday season? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Vaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance Boom

    [ad_1]

    It’s this creeping surveillance that gives some students pause, even those who told The 74 they otherwise support vape detectors in bathrooms. The possibility of unknown capabilities with the sensors is “very scary to me” said Moledina, the Austin teen, who worries about a future where bathrooms come with cameras.

    “Just knowing that there is vape smoke in the bathroom doesn’t really help you because the administrators already know it’s happening, and just by knowing that it’s there isn’t going to help them find out who is doing it,” he said. “So my concern is that, at the end of the day, we’re going to end up having cameras in bathrooms, which is definitely not what we want.”

    Minneapolis educators have used surveillance cameras in conjunction with the sensors to identify students for vaping in the bathrooms, discipline logs show.

    In February, for example, a Roosevelt High School senior was suspended for a day based on accusations they hit a weed vape in the bathroom. Officials reviewed footage from a surveillance camera outside the bathroom and determined the student was “entering and exiting the bathroom during the timeframe that the detector went off.” They were searched, and administrators found “a marijuana vape, an empty glass jar with a weed smell and a baggie with weed shake in it.”

    That same month, educators referred a Camden High School student to a drug and alcohol counselor for “vaping in the single stall bathrooms.”

    “After I reviewed the camera it does show [a] student leaving out that same stall bathroom,” campus officials reported.

    Gutierrez, the 18-year-old from Arizona, said she quit vaping after she was suspended and now copes with depression through positive means like painting. What she didn’t do, however, was quit because she received help at school for the mental health challenges that led her to vape in the first place.

    She stopped vaping while she was suspended, she said, because she was away from her friends and lacked access. She was frightened into further compliance, Gutierrez recalled, by the online lessons depicting vaping as a gross, gooey purple monster that would poison her relationships.

    “Yes I stopped, but it wasn’t a good stop,” she said. “I didn’t get no support. I didn’t get no counseling. I stopped because I was scared.”

    [ad_2]

    Mark Keierleber

    Source link

  • Hyundai AutoEver America breached: Know the risks to you

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Hyundai AutoEver America discovered on March 1, 2025, that hackers had compromised its systems. Investigators found the intrusion began on February 22 and continued until March 2. 

    Hyundai AutoEver America (HAEA) provides IT services for Hyundai Motor America, including systems that support employee operations and certain connected-vehicle technologies. While the company works across Hyundai’s broader ecosystem, this incident did not involve customer or driver data.

    According to the statement provided to CyberGuy, the breach was limited to employment-related information tied to Hyundai AutoEver America and Hyundai Motor America. The company confirmed that about 2,000 current and former employees were notified of the incident in late October. HAEA said it immediately alerted law enforcement and hired outside cybersecurity experts to assess the damage.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Cybercriminals targeted Hyundai AutoEver America’s systems, exposing sensitive data. (Kurt “CyberGuy” Knutsson)

    Why this Hyundai AutoEver America breach matters

    The exposed data reportedly includes names, Social Security numbers and driver’s license numbers, making this breach far more serious than one involving passwords alone. Experts warn that these details can be used for long-term identity theft and financial fraud. Because Social Security numbers cannot easily be changed, criminals have more time to create fake identities, open fraudulent accounts and launch targeted phishing attacks long after the initial breach.

    A red Hyundai automobile

    Experts warn that stolen Social Security and driver’s license information could be used for identity theft and fraud. (Kurt “CyberGuy” Knutsson)

    Who was affected in the Hyundai AutoEver America data incident

    AEA manages select IT systems tied to Hyundai Motor America’s employee operations, along with broader technology functions for Hyundai and Genesis across North America. Its role includes supporting connected-vehicle infrastructure and dealership systems.

    According to the company, this incident was limited to employment-related data and primarily affected approximately 2,000 current and former employees of Hyundai AutoEver America and Hyundai Motor America. No customer information or Bluelink driver details were exposed. While some filings reference sensitive data types such as Social Security numbers or driver’s license information, the incident did not involve Hyundai customers or the millions of connected vehicles HAEA supports.

    Earlier reports suggested that 2.7 million individuals were affected, but Hyundai says that figure is unrelated to the breach. Instead, 2.7 million is the estimated number of connected vehicles that Hyundai AutoEver America helps support across North America. None of that consumer or vehicle data was accessed.

    GENESIS PREVIEWS G70 SPORTS SEDAN WITH NEW YORK CONCEPT

    Hyundai also clarified that the United States has about 850 Hyundai dealerships and emphasized that the scope of this incident was narrow and contained.

    We reached out to HAEA for a comment, and a representative for the company provided CyberGuy with this statement:

    “Hyundai AutoEver America, an IT vendor that manages certain Hyundai Motor America employee data systems, experienced an incident to that area of business that impacted employment-related data and primarily affected current and former employees of Hyundai AutoEver America and Hyundai Motor America. Approximately 2,000 primarily current and former employees were notified of the incident. The 2.7 million figure that is cited in many media articles has no relation to the actual security incident. The 2.7 million figure represents the alleged total number of connected vehicles that may be supported by Hyundai AutoEver America across North America. No Hyundai consumer data was exposed, and no Hyundai Motor America customer information or Bluelink driver data was compromised.”

    A blue Kia

    Scammers may now pose as company representatives, contacting people to steal more personal details. (Kurt “CyberGuy” Knutsson)

    What you should do right now

    • Monitor your bank, credit card and vehicle-related accounts for suspicious activity.
    • Check for a notification letter from Hyundai AutoEver America or your car brand.
    • Enroll in the two years of complimentary credit monitoring offered by HAEA if you qualify.
    • Enable multi-factor authentication (MFA) on all important accounts, including those tied to your vehicle.
    • Be cautious of emails, texts or calls claiming to be from Hyundai, Kia or Genesis. Always verify through official websites.

    Smart ways to stay safe after the Hyundai AutoEver America breach

    Whether you were directly affected or just want to stay alert, this breach is a reminder of how important it is to protect your personal information. Follow these practical steps to keep your data secure and reduce the risk of identity theft or scams.

    HYUNDAI TO RECALL GENESIS CARS TO FIX BRAKES

    1) Freeze or alert your credit

    Contact major credit bureaus — Experian, TransUnion and Equifax — to set a fraud alert or freeze. This helps block new accounts from being opened in your name.

    2) Protect your vehicle apps

    If you use apps tied to your vehicle, update passwords and enable multi-factor authentication. Avoid saving login details in unsecured places. Also, consider using a password manager, which securely stores and generates complex passwords, reducing the risk of password reuse. 

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    3) Watch for fake support messages

    Scammers may use news of the Hyundai AutoEver America breach as a way to contact Hyundai, Kia or Genesis owners, pretending to be from customer support or the dealership. They might claim to help verify your account, update your information or fix a security issue. Do not share personal details or click any links. Type the brand’s web address directly into your browser instead of clicking links in messages or emails. Always confirm through the official brand website or by calling the verified customer service number.

    4) Use strong antivirus protection

    Using strong antivirus software helps block phishing links, malware downloads and fake websites that might appear after a data breach. It can also scan your devices for hidden threats that may try to steal login data or personal files.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Use a data removal service

    Data removal tools automatically find and delete your personal information from people-search and data-broker sites. These services reduce the chances that criminals will use leaked data to target you with phishing or social-engineering scams.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Monitor your digital footprint

    Consider using identity monitoring services to track your personal information and detect possible misuse early.

    Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    7) Keep your devices updated

    Regularly install security updates on your phone, laptop and smart car systems to reduce the risk of further attacks.

    8) Report suspicious activity the right way

    If you notice unusual account activity, fraudulent charges, or suspicious messages that appear tied to this breach, report it immediately. Start by contacting your bank or credit card provider to freeze or dispute any unauthorized transactions. Then, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov, where you can create an official recovery plan. If you suspect a scam message or call, forward phishing emails to reportphishing@apwg.org and report fake texts to 7726 (SPAM).

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    This incident highlights how much personal data is connected to modern cars and how vulnerable those systems can be. When your vehicle is linked to your identity, protecting your data becomes just as important as maintaining the car itself. Stay alert, use the tools available to safeguard your accounts and report any suspicious activity right away.

    Should companies like Hyundai AutoEver be doing more to keep customer data secure? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • A Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone Numbers

    [ad_1]

    WhatsApp’s mass adoption stems in part from how easy it is to find a new contact on the messaging platform: Add someone’s phone number, and WhatsApp instantly shows whether they’re on the service, and often their profile picture and name, too.

    Repeat that same trick a few billion times with every possible phone number, it turns out, and the same feature can also serve as a convenient way to obtain the cell number of virtually every WhatsApp user on earth—along with, in many cases, profile photos and text that identifies each of those users. The result is a sprawling exposure of personal information for a significant fraction of the world population.

    One group of Austrian researchers have now shown that they were able to use that simple method of checking every possible number in WhatsApp’s contact discovery to extract 3.5 billion users’ phone numbers from the messaging service. For about 57 percent of those users, they also found that they could access their profile photos, and for another 29 percent, the text on their profiles. Despite a previous warning about WhatsApp’s exposure of this data from a different researcher in 2017, they say, the service’s parent company, Meta, still failed to limit the speed or number of contact discovery requests the researchers could make by interacting with WhatsApp’s browser-based app, allowing them to check roughly a hundred million numbers an hour.

    The result would be “the largest data leak in history, had it not been collated as part of a responsibly conducted research study,” as the researchers describe it in a paper documenting their findings.

    “To the best of our knowledge, this marks the most extensive exposure of phone numbers and related user data ever documented,” says Aljosha Judmayer, one of the researchers at the University of Vienna who worked on the study.

    The researchers say they warned Meta about their findings in April and deleted their copy of the 3.5 billion phone numbers. By October, the company had fixed the enumeration problem by enacting a stricter “rate-limiting” measure that prevents the mass-scale contact discovery method the researchers used. But until then, the data exposure could have also been exploited by anyone else using the same scraping technique, adds Max Günther, another researcher from the university who cowrote the paper. “If this could be retrieved by us super easily, others could have also done the same,” he says.

    In a statement to WIRED, Meta thanked the researchers, who reported their discovery through Meta’s “bug bounty” system, and described the exposed data as “basic publicly available information,” since profile photos and text weren’t exposed for users who opted to make it private. “We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defenses,” writes Nitin Gupta, vice president of engineering at WhatsApp. Gupta adds, “We have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers.”

    [ad_2]

    Andy Greenberg

    Source link

  • Washington court says Flock camera images are public records

    [ad_1]

    NEWYou can now listen to Fox News articles!

    A Skagit County Superior Court judge ruled that images from Flock Safety automated license plate reader cameras in Stanwood and Sedro-Woolley qualify as public records under Washington’s Public Records Act.

    Judge Elizabeth Yost Neidzwski said the images are “not exempt from disclosure” and explained that an agency does not need to physically hold a record for it to fall under the law.

    The request that led to the ruling

    The case began when Washington resident Jose Rodriguez asked Stanwood for one hour of Flock camera images. That request prompted Stanwood and neighboring Sedro-Woolley to ask the court to declare that vendor-stored data did not count as public records.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Judge Neidzwski rejected that argument. She said the cities’ ALPR images support a government purpose and meet the definition of a public record.

    SEATTLE ELECTS DEMOCRATIC SOCIALIST KATIE WILSON AS MAYOR

    Flock Safety cameras use AI to capture license plate images in real time, tracking vehicles as they move through neighborhoods. (Flock Safety)

    However, Rodriguez will not receive the specific images he sought. The city had already allowed the footage to auto-delete after 30 days, and it expired before the ruling.

    We reached out to Flock Safety, and a spokesperson provided CyberGuy with the following statement:

    “The Court merely declined to exempt these records from disclosure under Washington’s extremely broad public records law. Nothing changed in the status quo in Washington as a result of this ruling — these records were covered by the law before the ruling, and remain so following the ruling. Unfortunately, some individuals in Washington have abused the breadth of the public records law to extort significant settlements from Washington communities for technical violations of the disclosure requirements, which we cannot believe is the intent of the law. We are supporting efforts to enact a legislative fix to this situation, which is costing Washington communities tens of thousands of dollars to stave off frivolous lawsuits.”

    A license plate camera

    The Washington court ruling marks a major step toward transparency in how police collect and store surveillance data. (Flock Safety)

    Why the decision matters for transparency

    Flock’s automated license plate reader cameras capture multiple still images of passing vehicles along with time, location and license plate information. Cities use the system to assist law enforcement with investigations, relying on stored images to identify vehicles connected to crimes or alerts.

    The court’s ruling raises broader questions about how local agencies manage these images once they’re created. By finding that the images qualify as public records, the decision forces cities to examine how long they retain this data, how it is stored and who may request access under state law. 

    Privacy advocates say the ruling highlights the need for clear policies around retention and transparency, while law enforcement groups argue that access rules must still protect ongoing investigations.

    AI DASHCAMS ENHANCE TRUCKER SAFETY WHILE RAISING PRIVACY CONCERNS

    License plate reader

    The debate continues as communities weigh the balance between public safety, privacy and the right to know what’s being recorded. (Flock Safety)

    How this ruling impacts privacy and surveillance

    For years, cities and police agencies have argued that data stored by third-party vendors falls outside public records laws. They often make this claim even when the data documents activity on public roads. The Washington ruling did not settle broader questions about surveillance, but it rejected the idea that Flock camera images are exempt simply because a vendor stores them. This decision exposes a growing tension between how agencies use surveillance tools and what the public can access under state law.

    Beryl Lipton of the Electronic Frontier Foundation, a nonprofit dedicated to defending digital privacy, free expression and transparency in technology, told Cyberguy, “The use of third-party vendors for surveillance and data storage is widespread and growing across the country, and allowing this to undermine the public’s right to know is very dangerous. The government’s primary obligation should be to its constituents, which includes protecting their rights under public records laws, not to the private vendors that they choose to employ while conducting mass surveillance. Whether an agency stores images and information on their own devices or on the private server of a vendor should not affect the appropriate disclosure of these records under public records laws. If the use of these devices makes it too difficult for a city to comply with the law, then the response should not be to circumvent the laws they find inconvenient, but rather it should be to only use vendors that won’t get in the way of a city’s ability to fulfill its responsibilities to their citizenry. Otherwise, they should not use these tools at all.”

    What this means for you

    If your town uses Flock or other automated license plate readers, this ruling shows how Washington courts may handle future records requests. It confirms that ALPR images can count as public records, even when a vendor stores the data.

    The debate over privacy and safety continues. Supporters say public access builds trust and oversight. Critics worry that releasing vehicle data could expose sensitive details without strong safeguards or redactions.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    Kurt’s key takeaways

    This ruling shows how courts may handle data from automated license plate readers. It also reveals how much vehicle information cities collect. As a result, it raises new questions about who should access these records. In addition, the decision may guide future transparency debates in Washington. However, it will also spark fresh conversations about how surveillance tools fit within state records laws.

    Do you think public access to AI camera footage improves accountability or puts privacy at risk? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Fake flight cancellation texts target travelers

    [ad_1]

    NEWYou can now listen to Fox News articles!

    When your phone buzzes with a message saying your flight is canceled, your first instinct is to panic. Scammers are counting on that. 

    A new travel scam is spreading through fake airline texts that look convincing but connect you to fraudsters instead of customer service.

    These cybercriminals claim to help rebook your trip. In reality, they’re after your credit card or personal details.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    How the flight cancellation text scam works

    The scam starts with a text that looks like it’s from your airline. It may include your name, flight number and a link or phone number. The message includes urgent language that says your flight is canceled or delayed and tells you to “call this number” or “click to rebook.”

    PILOT WARNS ‘SHORT-HANDED, STRESSED’ AIR TRAFFIC DELAYS WILL LINGER AFTER SHUTDOWN

    Scammers send fake flight cancellation texts that look official, using real airline names, flight numbers and logos to trick travelers into calling them. (Kurt “CyberGuy” Knutsson)

    Once you do, you’re talking to a scammer pretending to be an airline agent. They’ll offer to “help” rebook your flight for a fee. They might ask for payment details or personal information like your birth date or passport number.

    In some cases, they’ll send confirmation emails that look official to make the lie more believable.

    A man taps the screen of his smartphone.

    AI-generated messages make these scams harder to spot, mimicking airline alerts so well that even frequent flyers can be fooled during busy travel seasons. (Kurt “CyberGuy” Knutsson)

    Why the scam feels real

    Scammers use real airline names, logos and flight numbers to make their messages look official. Many now use AI tools to generate convincing language and fake confirmations that mimic real airline alerts. These messages often arrive during busy travel seasons or storm delays, which makes them feel even more believable.

    The Federal Trade Commission (FTC) warns that criminals impersonate airline customer service through fake texts and calls that say your flight is canceled. They use that panic to push you into rebooking or sharing personal details.

    Meanwhile, the Better Business Bureau (BBB) reports a surge in fake cancellation notices that include phony phone numbers leading straight to scammers.

    Because these alerts look real and use urgent language, even experienced travelers can mistake them for genuine updates. Staying calm and verifying directly with the airline is the best defense.

    A man taps the screen of his smartphone.

    Staying calm and verifying through official airline apps or websites is the safest way to protect your money and personal information before you take action. (Kurt “CyberGuy” Knutsson)

    Steps to stay safe from fake flight cancellation texts

    Scammers use fear and urgency to trick travelers into clicking bad links or calling fake numbers. Follow these steps to keep your trip and information safe.

    1) Verify flight changes only through official airline sources

    Always confirm flight updates using the airline’s official website or mobile app. Log in directly instead of clicking on links from unexpected texts or emails. Scammers design fake links that look real, but one tap can expose your personal information.

    PILOT GOES VIRAL FOR REVEALING REAL REASON YOU NEED TO SET YOUR PHONE TO AIRPLANE MODE BEFORE FLYING

    2) Call only verified airline phone numbers

    If you need to call customer service, use the number listed in your booking confirmation, the airline’s app or on its verified website. Never trust a phone number sent by text or social media message. Real airlines will never change their contact information mid-trip.

    3) Stay calm and spot urgency traps

    Scammers count on panic. Messages that say “call now,” “act fast” or “your seat will be canceled” are meant to rush you. Slow down and verify before responding. Taking a minute to check the official flight status can prevent you from losing money or data.

    4) Protect your personal and financial information

    Legitimate airline staff will not ask for gift card numbers, wire transfers or your bank login. Use a strong antivirus program to block phishing sites and malware designed to steal personal data if you accidentally click a bad link.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Remove exposed data before scammers find it

    Use a data-removal service to help scrub your personal details from people-search websites. These sites make it easier for scammers to target travelers by name, location and phone number. Keeping your information private reduces your risk.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    6) Report suspicious messages immediately

    Forward scam texts to 7726 (SPAM) and report fake airline messages to the Federal Trade Commission at reportfraud.ftc.gov. Sharing reports helps agencies shut down active scams and protect other travelers.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    Fake flight cancellation scams are spreading fast, especially during busy travel seasons. Stay calm, verify changes through official airline sources, and never click random links or call unknown numbers. Technology makes travel easier, but awareness and caution are still your best defense.

    Have you ever received a fake flight alert that almost fooled you? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • NordVPN Is Still a Pretty Dang Good VPN

    [ad_1]

    One of my favorite new additions isn’t on the desktop app, though. NordVPN recently introduced scam call protection on Android, with an iOS version planned for the future. I’ve been using it for months, and it has easily flagged more than a hundred spam calls to my phone. It works a treat, even if it’s not one of NordVPN’s big advertised features.

    Almost the Fastest VPN

    NordVPN is fast. It’s not the fastest VPN I’ve tested—that’s Proton VPN—but that’s more of a rounding error than a notable difference in speed. Across five US locations, NordVPN dropped 15.32 percent of my unprotected speed on average. For context, Proton dropped 15.23 percent. Surfshark, which is also owned by Nord Security, dropped 18.84 percent, while Mullvad closed in on 24 percent.

    So, NordVPN is fast, but more importantly, it’s consistent. Across the locations I tested, it never posted a slowdown of more than 20 percent, and in one location (Chicago), it only dropped a meager 6.6 percent of my unprotected speed. Overall, though, that 15 percent drop is a good representation of the speeds you can expect, at least in the US.

    Speed testing with any VPN is tricky. There are a ton of factors that influence speeds beyond the server you’re connecting to. My speed testing—and any VPN speed testing, for that matter—is a snapshot in time. It provides insight into the kind of speeds you can expect on average, not a concrete number you should expect from every server at every time of day. To get the most accurate snapshot possible, I tested across five US locations at three different times of day over the course of a week. Before each test, I ran three passes of my unprotected speed to get an accurate comparison, and I threw out any results with a greater than 10 percent deviation between passes.

    The best way to get around speed hurdles is to change servers, and NordVPN is solid on that front. It has around 7,400 servers, but the exact number is constantly changing. It maintains a database of its servers and locations, complete with details on the features those servers support and whether they’re virtual or physical servers.

    NordVPN lives up to its monumental name. It still has a massive network, fast speeds, and a ton of features, and despite its infamous data breach, it has continued to double down on security measures. The main issue with Nord is the price. You can score a good deal on a two-year discount, but that price jumps up significantly when it comes time to renew. This is why I rank it slightly below Proton VPN, despite the two services going toe-to-toe on features and speeds. Proton Unlimited clocks in at the same monthly price as NordVPN Basic, and it comes with Proton Pass, Proton Mail, and a handful of other apps.

    [ad_2]

    Jacob Roach

    Source link

  • Apple’s New Digital ID for Air Travel Could Get You Through Security Faster

    [ad_1]

    Apple just announced that it is now allowing users to upload their passport information to their Apple Wallets. According to Apple’s press release, this Digital ID will be accepted at TSA checkpoints at more than 250 airports in the U.S for domestic travel.

    The digital identification allows users who may not have a REAL ID-complaint drivers license or state ID to travel without having to carry their physical passport. Of course, if you’re traveling internationally, you’re still going to need to bring your actual passport. 

    To set this up, open the Wallet app on your iPhone, and be sure to have your U.S. passport on hand. Then tap the add (+) button at the top of the Wallet app, choose Driver’s License and ID Cards, then pick Digital ID. From there, follow the on-screen steps to complete setup and verification.

    Apple and Google have both previously allowed users to upload digital identification such as driver’s licenses to their phones as an alternative to the physical card, but adoption varies by state. U.S. Customs and Border Protection also has a Mobile Passport Control application that allows users to upload their passport information to enter the country faster, but you still need the physical identification card. 

    According to Apple, travelers can present their Digital ID by double-clicking the side or Home button to open Apple Wallet, selecting their Digital ID, and then holding their iPhone near the TSA identity reader, without actually unlocking the device. They’ll be shown exactly what information is being requested and must confirm it using Face ID or Touch ID.

    The feature works a bit like Apple Pay, which last year Apple announced was “used by hundreds of millions of consumers” in a press release marking its 10-year anniversary as a payment option. Just like how Apple made the process of paying for goods a bit more seamless, the new Digital ID may do something similar in the security space.

    However, privacy advocates have long warned that digital IDs could inadvertently give law enforcement access to someone’s phone. Even though officers can’t legally compel you to unlock a device—and you don’t need to unlock your phone to use this digital ID—if you do hand an officer an already unlocked phone while showing a digital ID, it may effectively grant them access without violating your rights. (The law is unsettled on whether Customs and Border Protection can ask you for your digital devices at the border, but you can’t use this digital passport to travel internationally anyways).

    The early-rate deadline for the 2026 Inc. Regionals Awards is Friday, November 14, at 11:59 p.m. PT. Apply now.

    [ad_2]

    Tekendra Parmar

    Source link

  • AI-powered scams target kids while parents stay silent

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Kids are spending more time online than ever, and that early exposure is opening the door to a new kind of danger. 

    Artificial intelligence has supercharged online scams, creating personalized and convincing traps that even adults can fall for. The latest Bitwarden “Cybersecurity Awareness Month 2025” poll shows that while parents know these risks exist, most still haven’t had a serious talk with their children about them. 

    This growing communication gap is leaving the youngest internet users vulnerable at a time when online safety depends more than ever on education and oversight.

    Young children face real risks online

    Children as young as preschool age are now part of the connected world, yet few truly understand how to stay safe. The Bitwarden survey found that 42% of parents with children between 3 and 5 years old said their child had accidentally shared personal information online.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    5 PHONE SAFETY TIPS EVERY PARENT SHOULD KNOW

    AI-powered scams are finding new ways to reach kids who go online earlier than ever. (Kurt “CyberGuy” Knutsson)

    Nearly 80% of kids between the ages of 3 and 12 already have their own tablet or another connected device. Many parents assume supervision software or family settings are enough, but that assumption breaks down when kids explore apps, games and chat spaces designed to hold their attention. Device access has become nearly universal by early elementary school, but meaningful supervision and honest safety conversations are lagging behind.

    The AI threat and the parental disconnect

    Artificial intelligence has changed the nature of online scams by making them sound familiar, personal and hard to recognize. Bitwarden’s data shows that 78% of parents worry their child could fall for an AI-enhanced threat, such as a voice-cloned message or a fake chat with a friend. Despite that fear, almost half of those same parents haven’t talked with their kids about what an AI-powered scam might look like. The disconnect is even stronger among Gen Z parents. 

    About 80% of them say they are afraid their child will fall victim to an AI-based scheme, yet 37% allow their kids full or nearly full autonomy online. In those households, problems are more common. Malware infections, unauthorized in-app purchases and phishing attempts appear at the highest rates among families who worry the most but monitor the least. The paradox is clear. Parents recognize the threat but fail to translate awareness into consistent action.

    Why parents haven’t had the talk

    There are many reasons this important talk keeps getting delayed. Some parents simply feel unprepared to explain AI, while others assume their existing safety tools will protect their children. Only 17% of parents in the United States actively seek information about AI technologies, according to related research by Barna Group. That leaves a large majority relying on partial knowledge or outdated advice. 

    Many parents also juggle multiple devices at home, making it difficult to track every app or game their child uses. Some overestimate how safe their own habits are, even though they admit to reusing passwords or skipping security updates. Without firsthand understanding or personal discipline, it becomes even harder to teach those lessons to children. As a result, many kids face the internet with curiosity but without proper guidance.

    Smart ways to protect your child online

    The Bitwarden findings make one thing clear: kids are getting connected younger, and scams powered by artificial intelligence are already targeting them. The good news is that parents can take practical steps right now to reduce those risks and build lasting online safety habits.

    1) Keep devices where you can see them

    Set up tablets, laptops and gaming consoles in shared family areas rather than bedrooms. When screens stay visible, you naturally become part of your child’s online world. This not only encourages open conversation but also helps spot suspicious messages, fake friend requests or scam links before they cause trouble.

    A mother surfs the web with her son.

    Staying involved in your child’s digital life is the best defense against today’s AI threats. (Kurt “CyberGuy” Knutsson)

    2) Use built-in parental controls

    Most devices have strong tools you can activate in minutes. Apple’s Screen Time and Google Family Link let you limit screen time, approve new app installs and monitor how long your child spends on specific apps. These controls are especially useful for younger kids who, according to the Bitwarden poll, often have little supervision despite heavy device use.

    TEENS TURNING TO AI FOR LOVE AND COMFORT

    3) Talk through every download

    Before your child installs a new game or app, take a moment to check it together. Read the reviews, look at what data it collects and confirm the developer’s name. Explain why some games or “free” apps might ask for camera or contact access they don’t need. This kind of shared review teaches healthy skepticism and helps children recognize red flags later on.

    4) Make password strength and 2FA a family rule

    AI scams thrive on weak or reused passwords. Use a password manager to create and store strong, unique logins for each account. Turn on two-factor authentication (2FA) wherever possible so that even if a password is stolen, the account stays protected. Let your kids see how you use these tools so they learn that security isn’t complicated, it’s just a habit.

    An exhausted mother uses her laptop while her son sits on her lap.

    Many parents delay important online safety talks because they feel unprepared to explain AI, leaving kids curious but without the guidance they need to stay safe. (Kurt “CyberGuy” Knutsson)

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    5) Teach them to stop and tell

    One of the best defenses is simple: encourage your child to pause and talk before reacting to anything unusual online. Whether it’s a pop-up claiming a prize, a strange link in a chat or a voice message that sounds familiar, remind them it’s always okay to ask you first. Quick conversations like these can prevent costly mistakes and turn learning moments into trust-building ones.

    6) Keep devices updated and use strong antivirus software

    Outdated software can leave gaps that scammers exploit. Regularly update operating systems, browsers and apps to close those holes. Add strong antivirus software. Explain to your child that updates and scans keep their favorite games and videos running safely, not just their parents happy.

    The best way to safeguard from malicious links that install malware, potentially accessing private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    7) Make online safety part of everyday life

    Don’t save these conversations for when something goes wrong. Bring them up casually during family time or when watching YouTube or gaming together. Treat digital safety like any other life skill, something practiced daily and improved with time. The more normal it feels, the more confident your child becomes when facing online risks.

    A mother watches her son surf the web.

    Talking about online safety early helps build trust and awareness before trouble starts.  (Kurt “CyberGuy” Knutsson)

    What this means for you

    If you are a parent, guardian or anyone helping a child use technology, this issue deserves your attention. Start talking early, even before your child begins exploring the web on their own. Teach them simple concepts like asking before clicking or sharing. Instead of relying only on parental controls, have ongoing conversations that help them recognize suspicious links, messages or pop-ups. Show them that cybersecurity isn’t about fear but about awareness. Model strong digital habits at home by using unique passwords and turning on two-factor authentication. Explain why those steps matter. When your child understands the reasoning behind the rules, they are more likely to follow them. Make technology part of your family routine rather than a private space your child navigates alone. Regularly check the apps they use and the people they interact with. Set clear expectations and age-appropriate boundaries that can grow with your child’s experience. Staying engaged is the most powerful protection you can offer.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaways

    The numbers from Bitwarden show a clear warning sign. Concern among parents is high, yet actual conversations about AI-powered scams remain rare. That silence gives scammers the upper hand. Children who learn about online safety early are more confident, more cautious and better equipped to handle unexpected messages or fake alerts. It only takes a few minutes of honest conversation to create awareness that lasts for years. By taking action now, you can close the gap between fear and understanding, protecting your family in a digital world that changes every day.

    Are you ready to start the conversation that could keep your child from becoming the next target of an AI-powered scam? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Connecticut man loses life savings in crypto scam

    [ad_1]

    NEWYou can now listen to Fox News articles!

    When Joe A. from Shelton, Connecticut, received a text about a crypto investment opportunity, he thought it was his chance to rebuild after a divorce. Instead, he lost every dollar he had. Joe’s story is a heartbreaking reminder of how easy it is to fall for an online investment scam that promises quick success and easy money.

    Joe has allowed Cyberguy to tell his powerful story so that others can learn from his experience and protect themselves from similar scams. Here is how it all went down and how you can protect yourself from falling into the same trap.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    HOW TO STOP IMPOSTOR BANK SCAMS BEFORE THEY DRAIN YOUR WALLET

    After his account access vanished, scammers allegedly demanded more cash to “reactivate” it. By then, Joe’s retirement savings were wiped out. (Gabby Jones/Bloomberg via Getty Images)

    How the online investment scam began

    In August, Joe got a message from a company calling itself “ZAP Solutions.” It promised that if he invested $30,000, he’d soon have $368,000 in returns. It sounded like a smart move. Like many victims, Joe believed the pitch because it seemed professional and legitimate.

    But soon he was led deeper into a trap. Each “short-term investment” required another wire transfer. Before he knew it, Joe had sent every penny, his 401K, IRA and other investments.

    When the investment scam fell apart 

    The moment Joe was locked out of his account, panic set in. The scammers demanded more money to “reactivate” it. By the end, Joe had lost $228,000.

    His mother, Carol, was devastated when she found out. 

    “I was shocked,” she said. “He showed us the screenshots, the messages. He emptied everything.”

    Joe and his family filed a police report with local authorities and contacted the FBI. But, according to officers, recovery is unlikely. 

    “They told us there’s no way to get it back,” Carol said. “These cyberstalkers move the money too fast.”

    The bigger picture: Online investment scams are rising 

    Joe’s story isn’t unique. The FBI reports that cybercriminals have stolen more than $50 billion from Americans in just five years. Scammers prey on emotion, targeting people who are hopeful, lonely or in transition.

    “If it seems too good to be true, it probably is,” Joe said, stating a phrase we all should remember.

    How to protect yourself from online investment scams

    Staying safe starts with awareness and consistent action. Cybercriminals are getting more creative, so protecting your finances means staying alert every step of the way. Follow these proven steps to safeguard your accounts and identity.

    1) Research before you invest

    Always verify any investment opportunity before sending money. Look up the company through official government or financial websites, such as the SEC’s Investment Adviser Public Disclosure database or FINRA’s BrokerCheck. Read reviews, confirm licenses and search for scam alerts online.

    2) Be suspicious of unsolicited messages and use strong antivirus software

    If a text, email or social media message promises high returns, stop and think. Legitimate firms never cold-contact people about investment offers. Delete suspicious messages immediately and never click on links from unknown sources. Install and regularly update strong antivirus software on all your devices. This can block phishing attempts, malicious downloads, and fake investment platforms designed to steal your data.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    Cryptocurrency coin.

    Joe’s mother says the family filed police and FBI reports, but recovery is unlikely as criminals move money fast across borders and accounts. (Silas Stein/picture alliance via Getty Images)

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    3) Check email addresses and website domains

    Scammers often use domains that look almost identical to real ones. Double-check for misspellings, extra letters or unusual web extensions like “.co” or “.biz.” If you’re unsure, search for the official company site separately in your browser.

    4) Never wire money to strangers

    Once you wire money to a scammer, recovery is nearly impossible. Never send money to someone you’ve only met online, even if they claim to represent a reputable company. Always confirm payment details through verified sources.

    5) Talk to a trusted financial advisor

    Before you invest large sums, get a second opinion from a licensed financial advisor. A professional can spot red flags and unrealistic promises that you might overlook.

    6) Use a data removal service

    Protect your personal information by using a data removal or privacy service that scrubs your phone number, address and other details from people search sites. This reduces the chance of scammers finding and targeting you.

    While no service can guarantee the complete removal of your data from the Internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    7) Enroll in an identity theft protection service

    If scammers have your personal details, they could try to open credit cards or loans in your name. Enrolling in a reputable identity theft protection service adds another layer of security by monitoring your credit and alerting you to suspicious activity.

    Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    FBI WARNS SENIORS ABOUT BILLION-DOLLAR SCAM DRAINING RETIREMENT FUNDS, EXPERT SAYS AI DRIVING IT

    Cryptocurrency on a smartphone.

    From antivirus and data-removal services to identity theft monitoring, CyberGuy shares concrete steps to block phishing, verify firms and protect your money. (Gabby Jones/Bloomberg via Getty Images)

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    8) Report suspicious activity immediately

    If you believe you’ve been targeted or scammed, act fast. Contact your local police department and your bank and file a report with the FBI’s Internet Crime Complaint Center (IC3). Quick action can sometimes limit further loss or help investigators trace the fraud.

    Kurt’s key takeaways

    Joe’s story is painful, but it’s also powerful. His honesty may stop someone else from losing everything. Online scams thrive when people stay silent, but sharing stories like Joe’s helps others stay alert. So, before you trust anyone promising quick profits online, take a pause, verify everything and remember Joe’s story because one moment of caution could save you from a lifetime of regret.

    CLICK HERE TO GET THE FOX NEWS APP

    Have you ever received an investment offer that seemed too good to be true? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link