ReportWire

Tag: Privacy

  • Teen sues AI tool maker over fake nude images

    [ad_1]

    NEWYou can now listen to Fox News articles!

    A teenager in New Jersey has filed a major lawsuit against the company behind an artificial intelligence (AI) “clothes removal” tool that allegedly created a fake nude image of her. 

    The case has drawn national attention because it shows how AI can invade privacy in harmful ways. The lawsuit was filed to protect students and teens who share photos online and to show how easily AI tools can exploit their images.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    LEAKED META DOCUMENTS SHOW HOW AI CHATBOTS HANDLE CHILD EXPLOITATION

    How the fake nude images were created and shared

    When she was 14, the plaintiff posted a few photos of herself on social media. A male classmate used an AI tool called ClothOff to remove her clothing in one of those pictures. The altered photo kept her face, making it look real.

    The fake image quickly spread through group chats and social media. Now 17, she is suing AI/Robotics Venture Strategy 3 Ltd., the company that operates ClothOff. A Yale Law School professor, several students and a trial attorney filed the case on her behalf.

    A New Jersey teen is suing the creators of an AI tool that made a fake nude image of her. (iStock)

    The suit asks the court to delete all fake images and stop the company from using them to train AI models. It also seeks to remove the tool from the internet and provide financial compensation for emotional harm and loss of privacy.

    The legal fight against deepfake abuse

    States across the U.S. are responding to the rise of AI-generated sexual content. More than 45 states have passed or proposed laws to make deepfakes without consent a crime. In New Jersey, creating or sharing deceptive AI media can lead to prison time and fines.

    At the federal level, the Take It Down Act requires companies to remove nonconsensual images within 48 hours after a valid request. Despite new laws, prosecutors still face challenges when developers live overseas or operate through hidden platforms.

    APPARENT AI MISTAKES FORCE TWO JUDGES TO RETRACT SEPARATE RULINGS

    courtroom and gavel

    The lawsuit aims to stop the spread of deepfake “clothes-removal” apps and protect victims’ privacy. (iStock)

    Why legal experts say this case could set a national precedent

    Experts believe this case could reshape how courts view AI liability. Judges must decide whether AI developers are responsible when people misuse their tools. They also need to consider whether the software itself can be an instrument of harm.

    The lawsuit highlights another question: How can victims prove damage when no physical act occurred, but the harm feels real? The outcome may define how future deepfake victims seek justice.

    Is ClothOff still available?

    Reports indicate that ClothOff may no longer be accessible in some countries, such as the United Kingdom, where it was blocked after public backlash. However, users in other regions, including the U.S., still appear able to reach the company’s web platform, which continues to advertise tools that “remove clothes from photos.”

    On its official website, the company includes a short disclaimer addressing the ethics of its technology. It states, “Is it ethical to use AI generators to create images? Using AI to create ‘deepnude’ style images raises ethical considerations. We encourage users to approach this with an understanding of responsibility and respect for others’ privacy, ensuring that the use of undress app is done with full awareness of ethical implications.”

    Whether fully operational or partly restricted, ClothOff’s ongoing presence online continues to raise serious legal and moral questions about how far AI developers should go in allowing such image-manipulation tools to exist.

    CLICK HERE TO GET THE FOX NEWS APP

    Insurance data breach exposes sensitive info of 1.6 million people

    This case could set a national precedent for holding AI companies accountable for misuse of their tools. (Kurt “CyberGuy” Knutsson)

    Why this AI lawsuit matters for everyone online

    The ability to make fake nude images from a simple photo threatens anyone with an online presence. Teens face special risks because AI tools are easy to use and share. The lawsuit draws attention to the emotional harm and humiliation caused by such images.

    Parents and educators worry about how quickly this technology spreads through schools. Lawmakers are under pressure to modernize privacy laws. Companies that host or enable these tools must now consider stronger safeguards and faster takedown systems.

    What this means for you

    If you become a target of an AI-generated image, act quickly. Save screenshots, links and dates before the content disappears. Request immediate removal from websites that host the image. Seek legal help to understand your rights under state and federal law.

    Parents should discuss digital safety openly. Even innocent photos can be misused. Knowing how AI works helps teens stay alert and make safer online choices. You can also demand stricter AI rules that prioritize consent and accountability.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

    Kurt’s key takeaways

    This lawsuit is not only about one teenager. It represents a turning point in how courts handle digital abuse. The case challenges the idea that AI tools are neutral and asks whether their creators share responsibility for harm. We must decide how to balance innovation with human rights. The court’s ruling could influence how future AI laws evolve and how victims seek justice.

    If an AI tool creates an image that destroys someone’s reputation, should the company that made it face the same punishment as the person who shared it? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Payroll scam hits US universities as phishing wave tricks staff

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Phishing scams target every kind of institution, whether it’s a hospital, a big tech firm or even a fast-food chain. Educational institutions aren’t an exception, especially in 2025, when attackers are actively directing their efforts toward them. Universities across the U.S. are facing a new type of cybercrime where attackers are targeting staff to hijack salary payments. Researchers have discovered that since March 2025, a hacking group known as Storm-2657 has been running “pirate payroll” attacks, using phishing tactics to gain access to payroll accounts. Let’s talk more about this attack and how you can stay safe.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM. newsletter.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    How does the university payroll scam work

    According to Microsoft Threat Intelligence, Storm-2657 primarily targets Workday, a widely used human resources platform, though other payroll and HR software could be at risk as well. The attackers begin with highly convincing phishing emails, carefully crafted to appeal to individual staff members. Some messages warn of a sudden campus illness outbreak, creating a sense of urgency, while others claim that a faculty member is under investigation, prompting recipients to check documents immediately. In some cases, emails impersonate the university president or HR department, sharing “important” updates about compensation and benefits.

    Phishing scams are evolving fast and now universities have become prime targets for payroll theft. (Kurt “CyberGuy” Knutsson)

    These emails contain links designed to capture login credentials and multi-factor authentication (MFA) codes in real time using adversary-in-the-middle techniques. Once a staff member enters their information, the attackers can access the account as if they were the legitimate user. After gaining control, the hackers set up inbox rules to delete Workday notifications, so the victims do not see alerts about changes. This stealthy approach allows the attackers to modify payroll profiles, adjust salary payment settings and redirect funds to accounts they control, all without raising immediate suspicion.

    COLUMBIA UNIVERSITY DATA BREACH HITS 870,000 PEOPLE

    Hackers are exploiting universities at scale

    The hackers don’t stop at a single account. Once they control one mailbox, they use it to spread the attack further. Microsoft reports that from just 11 compromised accounts at three universities, Storm-2657 sent phishing emails to nearly 6,000 email addresses at 25 institutions. By using trusted internal accounts, their emails appear more legitimate, increasing the likelihood that recipients will fall for the scam.

    To maintain access over time, the attackers sometimes enroll their own phone numbers as MFA devices, either through Workday profiles or through Duo MFA. This gives them persistent access, allowing them to approve further malicious actions without needing to phish again. Combined with inbox rules that hide notifications, this strategy lets them operate undetected for longer periods.

    Microsoft emphasizes that these attacks don’t exploit a flaw in Workday itself. Instead, they rely on social engineering, the absence of strong phishing-resistant MFA and careful manipulation of internal systems. In essence, the threat comes from human behavior and insufficient protection, not software bugs.

    A fake email

    Hackers lure staff with convincing emails that mimic campus alerts or HR updates and steal login details in real time.  (Microsoft)

    6 ways to stay safe from payroll and phishing scams

    Protecting yourself from payroll and phishing scams isn’t complicated. By taking a few careful steps, you can make it much harder for attackers to gain access to your accounts or personal information.

    1) Limit what personal information is online

    The more information scammers can find about you, the easier it is to craft convincing phishing messages. Services that remove or monitor personal data online can reduce exposure, making it harder for attackers to trick you with targeted emails.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    2) Think before you click

    Scammers often send emails that look like they come from your HR department or university leadership, warning about payroll, benefits or urgent issues. Don’t click links or download attachments unless you are 100% sure they are legitimate. Even small mistakes can give attackers access to your accounts.

    The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    College Students on University Campus

    Researchers have discovered that since March 2025, a hacking group known as Storm-2657 has been running “pirate payroll” attacks, using phishing tactics to gain access to payroll accounts. (Javi Sanz/Getty Images)

    3) Verify directly with the source

    If an email mentions salary changes or requires action, call or email the HR office or the person directly using contact information you already know. Phishing emails are designed to create panic and rush decisions, so taking a moment to verify can stop attackers in their tracks.

    4) Use strong, unique passwords

    Never reuse passwords across multiple accounts. Scammers often try to use credentials stolen from other breaches. A password manager can help you generate strong passwords and store them securely, so you don’t have to remember dozens of different combinations.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    5) Enable two-factor authentication (2FA)

    Add an extra layer of security by enabling 2FA on all accounts that support it. This means even if someone steals your password, they still can’t log in without a second verification step, such as a code sent to your phone.

    6) Regularly check financial and payroll accounts

    Even if you follow all precautions, it’s smart to monitor your accounts for any unusual activity. Catching unauthorized transactions quickly can prevent bigger losses and alert you to potential scams before they escalate.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Hackers will reroute payments after gaining access to users' login information.

    Hackers will reroute payments after gaining access to users’ login information. (Kurt “CyberGuy” Knutsson)

    Kurt’s key takeaway

    The Storm-2657 attacks show that cybercriminals are targeting trust, not software. Universities are appealing because payroll systems handle money directly, and staff can be manipulated through well-crafted phishing. The scale and sophistication of these attacks highlight how vulnerable even well-established institutions can be to financially motivated threat actors.

    How often do you check your payroll or bank accounts for unusual activity? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM. newsletter.   

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Amazon Explains How Its AWS Outage Took Down the Web

    [ad_1]

    The cloud giant Amazon Web Services experienced DNS resolution issues on Monday leading to cascading outages that took down wide swaths of the web. Monday’s meltdown illustrated the world’s fundamental reliance on so-called hyperscalers like AWS and the challenges for major cloud providers and their customers alike when things go awry. See below for more about how the outage occurred.

    US Justice Department indictments in a mob-fueled gambling scam reverberated through the NBA on Thursday. The case includes allegations that a group backed by the mob was using hacked card shufflers to con victims out of millions of dollars—an approach that WIRED recently demonstrated in an investigation into hacking Deckmate 2 card shufflers used in casinos.

    We broke down the details of the shocking Louvre jewelry heist and found in an investigation that US Immigration and Customs Enforcement likely did not buy guided missile warheads as part of its procurements. The transaction appears to have been an accounting coding error.

    Meanwhile, Anthropic has partnered with the US government to develop mechanisms meant to keep its AI platform, Claude, from guiding someone through building a nuclear weapon. Experts have mixed reactions, though, about whether this project is necessary—and whether it will be successful. And new research this week indicates that a browser seemingly downloaded millions of times—known as the Universe Browser—behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks.

    And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

    AWS confirmed in a “post-event summary” on Thursday that its major outage on Monday was caused by Domain System Registry failures in its DynamoDB service. The company also explained, though, that these issues tipped off other problems as well, expanding the complexity and impact of the outage. One main component of the meltdown involved issues with the Network Load Balancer service, which is critical for dynamically managing the processing and flow of data across the cloud to prevent choke points. The other was disruptions to launching new “EC2 Instances,” the virtual machine configuration mechanism at the core of AWS. Without being able to bring up new instances, the system was straining under the weight of a backlog of requests. All of these elements combined to make recovery a difficult and time-consuming process. The entire incident—from detection to remediation—took about 15 hours to play out within AWS. “We know this event impacted many customers in significant ways,” the company wrote in its post mortem. “We will do everything we can to learn from this event and use it to improve our availability even further.”

    The cyberattack that shut down production at global car giant Jaguar Land Rover (JLR) and its sweeping supply chain for five weeks is likely to be the most financially costly hack in British history, a new analysis said this week. According to the Cyber Monitoring Centre (CMC), the fallout from the attack is likely to be in the region of £1.9 billion ($2.5 billion). Researchers at the CMC estimated that around 5,000 companies may have been impacted by the hack, which saw JLR stop manufacturing, with the knock-on impact of its just-in-time supply chain also forcing firms supplying parts to halt operations as well. JLR restored production in early October and said its yearly production was down around 25 percent after a “challenging quarter.”

    ChatGPT maker OpenAI released its first web browser this week—a direct shot at Google’s dominant Chrome browser. Atlas puts OpenAI’s chatbot at the heart of the browser, with the ability to search using the LLM and have it analyze, summarize, and ask questions of the web pages you’re viewing. However, as with other AI-enabled web browsers, experts and security researchers are concerned about the potential for indirect prompt injection attacks.

    These sneaky, almost unsolvable, attacks involve hiding a set of instructions to an LLM in text or an image that the chatbot will then “read” and act upon; for instance, malicious instructions could appear on a web page that a chatbot is asked to summarize. Security researchers have previously demonstrated how these attacks could leak secret data.

    Almost like clockwork, AI security researchers have demonstrated how Atlas can be tricked via prompt injection attacks. In one instance, independent researcher Johann Rehberger showed how the browser could automatically turn itself from dark mode to light mode by reading instructions in a Google Document. “For this launch, we’ve performed extensive red-teaming, implemented novel model training techniques to reward the model for ignoring malicious instructions, implemented overlapping guardrails and safety measures, and added new systems to detect and block such attacks,” OpenAI CISO Dane Stuckey wrote on X. “However, prompt injection remains a frontier, unsolved security problem, and our adversaries will spend significant time and resources to find ways to make ChatGPT agent[s] fall for these attacks.”

    Researchers from the cloud security firm Edera publicly disclosed findings on Tuesday about a significant vulnerability impacting open source libraries for a file archiving feature often used for distributing software updates or creating backups. Known as “async-tar,” numerous “forks” or adapted versions of the library contain the vulnerability and have released patches as part of a coordinated disclosure process. The researchers emphasize, though, that one widely used library, “tokio-tar,” is no longer maintained—sometimes called “abandonware.” As a result, there is no patch for tokio-tar users to apply. The vulnerability is tracked as CVE-2025-62518.

    “In the worst-case scenario, this vulnerability … can lead to Remote Code Execution (RCE) through file overwriting attacks, such as replacing configuration files or hijacking build backends,” the researchers wrote. “Our suggested remediation is to immediately upgrade to one of the patched versions or remove this dependency. If you depend on tokio-tar, consider migrating to an actively maintained fork like astral-tokio-tar.”

    Over the last decade, hundreds of thousands of people have been trafficked to forced labor compounds in Southeast Asia. In these compounds—mostly in Myanmar, Laos, and Cambodia—these trafficking victims have been compelled to run online scams and steal billions for organized crime groups.

    When law enforcement agencies have shut off internet connections to the compounds, the criminal gangs have often turned to Elon Musk’s Starlink satellite system to stay online. In February, a WIRED investigation found thousands of phones connecting to the Starlink network at eight compounds based around the Myanmar-Thailand border. At the time, the company did not respond to queries about the use of its systems. This week, multiple Starlink devices were seized in a raid at a Myanmar compound.

    [ad_2]

    Matt Burgess, Lily Hay Newman

    Source link

  • DHS Wants a Fleet of AI-Powered Surveillance Trucks

    [ad_1]

    The US Department of Homeland Security is seeking to develop a new mobile surveillance platform that fuses artificial intelligence, radar, high-powered cameras, and wireless networking into a single system, according to federal contracting records reviewed by WIRED. The technology would mount on 4×4 vehicles capable of reaching remote areas and transforming into rolling, autonomous observation towers, extending the reach of border surveillance far beyond its current fixed sites.

    The proposed system surfaced Friday after US Customs and Border Protection quietly published a pre-solicitation notice for what it’s calling a Modular Mobile Surveillance System, or M2S2. The listing includes draft technical documents, data requirements, and design objectives.

    DHS did not respond to a request for comment.

    If M2S2 performs as described, border patrol agents could park their vehicles, raise a telescoping mast, and within minutes start detecting motion several miles away. The system would rely heavily on so-called computer vision, a kind of “artificial intelligence” that allows machines to interpret visual data frame by frame and detect shapes, heat signatures, and movement patterns. Such algorithms—previously developed for use in war drones—are trained on thousands if not millions of images to distinguish between people, animals, and vehicles.

    The development of M2S2 comes amid the Trump administration’s sweeping crackdown on undocumented immigrants across the US. As part of this push, which has sparked widespread protests and condemnation for the brutal tactics used by immigration authorities, Congress boosted DHS’s discretionary budget authority to roughly $65 billion. The GOP’s “One Big Beautiful Bill” allocates over $160 billion for immigration enforcement and border measures—most of it directed to DHS—with the funds scheduled to be distributed over multiple years. The administration has sought to increase DHS funding by roughly 65 percent, proposing the largest expansion in the agency’s history to fund new border enforcement, detention capacity, and immigration surveillance initiatives.

    According to documents reviewed by WIRED, locations of objects targeted by the system would be pinpointed on digital maps within 250 feet of their true location (with a stretch goal of around 50 feet) and transmit that data across an app called TAK—a government-built tactical mapping platform developed by the US Defense Department to help troops coordinate movements and avoid friendly fire.

    DHS envisions two modes of operation: one with an agent on site and another where the trucks sit mostly unattended. In the latter case, the vehicle’s onboard AI would conduct the surveillance and send remote operators alerts when it detects activity. Missions are to be logged start to finish, with video, maps, and sensor data retained for a minimum of 15 days, locked against deletion “under any circumstances.”

    [ad_2]

    Dell Cameron

    Source link

  • Hackers steal medical records and financial data from 1.2M patients in massive healthcare breach

    [ad_1]

    NEWYou can now listen to Fox News articles!

    More than 1 million patients have been affected by a data breach involving SimonMed Imaging, one of the country’s largest outpatient radiology and medical imaging providers. The breach came to light after a cyberattack compromised sensitive patient data, with reports indicating that ransomware operators may have been behind the incident. What makes this case particularly concerning is the scale of the attack and the type of information stolen, which could easily be misused for financial or identity fraud.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    What happened at SimonMed Imaging

    In January 2025, SimonMed Imaging was alerted by one of its vendors about a potential security incident. The following day, the company noticed suspicious activity on its own network. The company says in response, it reset passwords, enforced two-factor authentication and tightened endpoint security while cutting off third-party vendor access.

    Unfortunately, the attackers had already gained access. Between Jan. 21 and Feb. 5, 2025, cybercriminals exfiltrated sensitive data belonging to around 1.2 million individuals. The Medusa ransomware group later claimed responsibility, alleging they had stolen more than 200 GB of data, including patient IDs, financial records and medical scans.

    DISCORD CONFIRMS VENDOR BREACH EXPOSED USER IDS IN RANSOM PLOT

    SimonMed Imaging discovered suspicious network activity in January 2025, prompting an immediate security response and system lockdown. (Kurt “CyberGuy” Knutsson)

    The attackers reportedly demanded 1 million dollars to delete the stolen files, or 10,000 dollars per day to delay publishing. SimonMed was later removed from the Medusa leak site, which could suggest a ransom payment, although the company has not confirmed this. In the aftermath, SimonMed brought in cybersecurity experts to investigate and has offered complimentary credit monitoring services to affected individuals.

    COLUMBIA UNIVERSITY DATA BREACH HITS 870,000 PEOPLE

    Close-up of a person typing on a black Acer laptop keyboard

    Hackers linked to the Medusa ransomware group stole data from 1.2 million patients, including IDs, financial details and medical scans. (Kurt “CyberGuy” Knutsson)

    What data got exposed in the SimonMed breach

    While SimonMed’s official filing described the exposed data as names and other data elements, the ransomware group’s claims suggest a much broader leak. According to the attackers, the stolen dataset included identity documents, payment details, medical reports, account balances and raw imaging scans (via BleepingComputer).

    Such information is extremely valuable on dark web marketplaces. Identity details and medical records are often sold in bulk to fraud operators who use them to commit financial scams, insurance fraud, or obtain prescription drugs. Medical breaches are harder to recover from because you cannot reset or replace a medical history or a government ID scan the same way you can change a password.

    We reached out to SimonMed for comment, but did not hear back before our deadline.

    DELIVERY GIANT’S DATA BREACH EXPOSES 40,000 PERSONAL RECORDS

    Hands typing on a laptop with green code on screen

    After the breach, SimonMed hired cybersecurity experts, tightened defenses and offered free credit monitoring to affected individuals.  (Kurt “CyberGuy” Knutsson)

    7 steps you can take to stay protected

    Even though the company is offering free credit monitoring, leaked data often circulates long after an incident is closed publicly. That is why it is important to take additional precautions on your end to reduce the long-term impact of this breach and future-proof your personal security.

    1) Use a data removal service

    People-search sites collect personal records and make them publicly accessible. Data removal services handle outreach and removals on your behalf, which reduces your exposed footprint online. With less information easily available, it becomes harder for attackers to assemble a complete identity profile for scams.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    NEARLY A MILLION PATIENTS HIT BY DAVITA DIALYSIS RANSOMWARE ATTACK

    2) Change your passwords and use a password manager

    If you have ever interacted with SimonMed or any related platform, change your passwords immediately. Avoid reusing old passwords across different accounts. A password manager helps generate strong credentials and stores them securely so you do not have to remember them manually. This reduces the risk of one breach affecting multiple accounts.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    3) Turn on two-factor authentication everywhere

    Enabling 2FA adds an important layer of verification to your accounts. Even if someone gets hold of your password, they will not be able to log in without the code delivered to your phone or app. It is one of the simplest and most effective security upgrades you can make.

    4) Install a strong antivirus

    Modern malware includes remote access tools and silent monitoring modules that can stay hidden before launching an attack. Strong antivirus software can detect unusual behavior, protect against ransomware and alert you in real time if something attempts to access your data without permission. This is no longer just about traditional virus protection but active threat monitoring.

    The best way to safeguard yourself from malicious links that install malware and potentially access your private information is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Monitor your financial and medical statements

    Regularly review your bank statements, insurance records and medical billing activity. Cybercriminals often test stolen information with small, easily overlooked transactions before moving to larger fraud attempts. Catching and reporting these early can prevent a much bigger loss.

    6) Consider an identity theft protection plan

    Because breaches involving medical providers often expose sensitive identifiers, an identity protection service can be useful. These services scan dark web listings, alert you when your information appears in leaked databases and assist with recovery if fraud occurs. Some plans include legal support and help with credit restoration.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    7) Stay informed and cautious

    After a major breach, attackers often launch phishing campaigns that reference the affected company to appear legitimate. Be skeptical of emails or texts mentioning SimonMed or credit monitoring, especially if they request payment or personal verification. Staying aware of current scams and keeping your software updated adds a strong layer of defense.

    CLICK HERE TO GET THE FOX NEWS APP

    Kurt’s key takeaway

    The SimonMed Imaging breach is another reminder that cyberattacks on healthcare providers are becoming more frequent and far more invasive. Once data is taken, it can circulate indefinitely across criminal networks. Taking protective steps early, including monitoring your identity and reducing your exposed data online, can help you stay ahead of potential misuse.

    Do you think healthcare providers are doing enough to protect your personal and medical data? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Spotify gives parents new power to control what their kids hear on streaming platform

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Spotify is rolling out a major update for parents who want more control over what their children listen to. Managed accounts, first tested in select countries, are now expanding to the United States, the United Kingdom, Canada, Australia, Germany, France and the Netherlands. These accounts create a safer and more personalized way for young listeners to enjoy music while parents stay in control of what plays.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    TEENS FACE NEW PG-13 LIMITS ON INSTAGRAM

    A safer way for kids to explore music

    Spotify’s new managed accounts are built for kids under 13. They offer a music-only experience inside the main Spotify app. Parents can use their Family Plan settings to filter explicit lyrics, block certain artists or songs and hide videos or looping visuals called Canvas. Unlike the limited Spotify Kids app, these accounts exist within the regular Spotify platform. Kids get a familiar interface with features like Discover Weekly and Daylist, but with restrictions that fit their age.

    Parents can now guide what their kids listen to while enjoying music together on Spotify. (Spotify)

    How managed accounts work

    Premium Family subscribers can set up a managed account directly from their Spotify settings. Choose “Add a Member,” then select “Add a listener aged under 13.” Parents control what content plays, while kids build their own playlists and get personalized recommendations based on their listening habits. This separation keeps parents’ Discover Weekly and Wrapped playlists clean from unexpected surprises like a sudden obsession with gaming soundtracks or silly meme songs.

    META STRENGTHENS TEEN SAFETY WITH EXPANDED ACCOUNTS

    Child’s Spotify library screen showing playlists and a song by Chappell Roan playing.

    Managed accounts make family streaming safer, simpler and more personalized for young listeners. (Spotify)

    Why this matters for parents

    For years, parents have struggled to give kids music freedom while keeping explicit content away. This update finally solves that challenge. Managed accounts let parents turn off videos, block podcasts and make sure no age-restricted content slips through. It provides peace of mind for families who love streaming music together.

    Spotify parental controls screen shows playback settings for a child’s account named Maya.

    Kids get their own playlists and recommendations without changing what parents hear. (Spotify)

    What this means for you

    If you already subscribe to the Premium Family plan, this update adds even more value. You still get six individual accounts, and now you can include a customized child account. Parents can share their favorite songs safely while using filters that protect young listeners. Kids get the freedom to explore new music and create playlists without affecting the main account’s recommendations.

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com 

    Spotify screen shows a search for

    Spotify’s new tools give families more control and more ways to connect through music. (Spotify)

    CLICK HERE TO GET THE FOX NEWS APP

    Kurt’s key takeaways

    Spotify’s expansion of managed accounts is a smart move toward safer, family-friendly streaming. It protects young listeners while helping them build their own love for music. With strong parental controls built right into the app, families can enjoy listening together with confidence and ease.

    Will you set up a Spotify managed account for your child, or keep family listening under one shared profile? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • From friendly text to financial trap: the new scam trend

    [ad_1]

    NEWYou can now listen to Fox News articles!

    It starts with something small, a text that feels oddly familiar. Maybe it says, “Hey, how are you?” or “Are you coming to the BBQ?” Before you know it, you’re in a friendly back-and-forth with someone who seems genuine. But soon, that casual conversation takes a sharp turn toward money.

    That’s exactly what happened to John from Alabama.

    “I received a text from someone in California inviting me to a BBQ. We’ve been texting, and now she wants me to trade gold through WEEX. Is this safe or a scam? I’m 74, she’s 36.” – John, Huntsville, Alabama

    John’s story may sound like a one-off, but it’s part of a growing trend where scammers use personal charm to build trust and then push victims into risky online “investments.”

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com newsletter

    It only takes one text message to blur the line between connection and con. (Kurt “CyberGuy” Knutsson)

    What is WEEX?

    WEEX is a cryptocurrency exchange that allows users to trade digital assets, including gold-backed tokens like Tether Gold (XAUT). These aren’t physical gold bars or coins; they’re digital tokens tied to the price of gold and stored on blockchain networks. While WEEX operates as a legitimate platform, scammers often exploit the name of real exchanges to sound credible. They’ll encourage victims to “trade gold” through what seems like an official account but actually directs them to fake sites or wallets designed to steal money.

    Why this could be a scam

    John’s experience shows several red flags. The conversation began with a friendly invitation, then quickly shifted to a financial pitch. That’s a classic move in online relationship scams. The younger person builds an emotional connection, then uses that trust to promote an “opportunity.” Scammers often promise guaranteed profits or claim they’ll “help you trade” to make the process sound easy.

    But the truth is, once you send money or crypto, it’s nearly impossible to get it back. Even if WEEX itself is legitimate, the person encouraging you to use it may not be.

    Many scammers use stolen photos, AI-generated profiles or fake identities to build credibility. Once they convince you to send funds, they vanish, often taking your money and personal information with them.

    A scam message is seen on a smartphone.

    Scammers use friendly conversations to build trust before asking for money. Stay alert. (Kurt “CyberGuy” Knutsson)

    How to tell if you’re being targeted

    You can spot trouble early by asking simple questions. If someone can’t explain how the investment works or avoid details about how to withdraw your money, that’s a warning sign. Be cautious if they promise fast profits or “zero-risk” returns.

    Real investments always involve risk. Watch out for anyone who pressures you to act quickly or says the deal is “private.” Those urgency tactics are designed to keep you from thinking clearly.

    Also, look up the company behind the platform. If it’s based overseas, lacks clear business registration or hides its address, your funds may have no legal protection.

    WHATSAPP BANS 6.8M SCAM ACCOUNTS, LAUNCHES SAFETY TOOL

    A scam message is seen on a smartphone.

    Scams often start with small talk, and even a simple “How about golf tomorrow?” can be a trap. (Kurt “CyberGuy” Knutsson)

    What you should do now

    If you’ve received a text like John’s, pause before replying or transferring anything. These scams move fast, but you can stop them in their tracks by following a few smart steps.

    1) Don’t send money or crypto

    Never send money, crypto or gift cards to anyone you’ve only met by text. Ask for written proof explaining how the investment works and how withdrawals happen. If the person avoids details or insists you “act now,” that’s a serious warning sign.

    2) Ask direct questions

    Scammers thrive on vague promises. Ask specific questions about how profits are made, how you’ll access your funds and who regulates the platform. If the answers are unclear or the topic changes, walk away immediately.

    3) Research WEEX reviews and complaints

    Before you invest a cent, search online for phrases like “WEEX scam” or “WEEX complaints.” See what other users have experienced and whether any regulatory agencies have flagged the platform. Real investors leave detailed feedback; scammers usually don’t.

    4) Use a data removal service

    Protect your privacy beyond just this scam. Data removal services can erase your personal details from data broker sites that sell your info to marketers and sometimes scammers. The fewer places your data lives online, the harder it is for fraudsters to find and target you again.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

    Get a free scan to find out if your personal information is already out on the web: CyberGuy.com

    5) Use strong antivirus protection

    Scammers sometimes send fake links or attachments that can infect your phone or computer. Install and regularly run a strong antivirus software. These tools can block dangerous websites, alert you to phishing attempts and keep your personal data secure.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com

    6) Talk to someone you trust

    Before investing in anything, share the details with a trusted friend, family member or financial advisor. A second opinion can help you spot inconsistencies or risks you might overlook in the moment. When in doubt, slow down and ask for help.

    A scam message is seen on a smartphone.

    A friendly “wrong number” text can be the start of a scam. Always think twice before replying. (Kurt “CyberGuy” Knutsson)

    How to report a scam

    If you believe you’ve been targeted by a WEEX gold scam or any similar text-based investment scheme, take action right away. Start by reporting the scam to the Federal Trade Commission (FTC) at reportfraud.ftc.gov. This helps investigators track new fraud patterns and warn others.

    Next, file a complaint with your state attorney general’s office and, if crypto is involved, submit a report through the U.S. Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC). 

    If you sent money through a bank or payment app, contact your financial institution immediately to try to stop or reverse the transfer. 

    By reporting what happened, you not only protect yourself but also help stop scammers from reaching other potential victims.

    CLICK HERE TO GET THE FOX NEWS APP

    Kurt’s key takeaways

    These scams prey on emotion. A kind message or casual chat can quickly turn into manipulation. Scammers use friendliness, flattery and false urgency to pull you in, then drain your accounts. Older adults are particularly vulnerable, especially when the scam feels personal. By blending romance with financial advice, these criminals make their victims believe they’re building both trust and wealth. Protect yourself by treating every unexpected text with caution. If the conversation moves toward money, crypto, or gold trading, that’s your cue to stop responding. Keep your devices secure and your private data off public sites where scammers look for new targets.

    Have you ever received a text that seemed friendly at first but felt “off” as the chat went on? Let us know by writing to us at CyberGuy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CyberGuy.com/Newsletter

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Delete the fake VPN app stealing Android users’ money

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Malware targeting Android devices has grown increasingly sophisticated. From fake banking apps to phishing campaigns, attackers are finding new ways to trick you into giving up sensitive data.

    One of the newest threats comes in the form of malicious apps that appear legitimate but can take full control of your device. Security researchers are now warning Android users to delete a fake VPN and streaming app that can allow criminals to take over your phone and drain your bank account.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    How Klopatra infects devices

    The malicious VPN and streaming app is called Mobdro Pro IP TV + VPN, and it was recently discovered by researchers at Cleafy. Once you install the app, it drops a malware strain called Klopatra. It’s a new and highly sophisticated Android malware currently being used in active campaigns targeting financial institutions and their customers.

    THIS CHROME VPN EXTENSION SECRETLY SPIES ON YOU

    Fake VPN apps can hide dangerous malware that steals your data and money. (iStock)

    At first glance, the app looks like a free streaming platform offering high-quality channels, which makes it appealing to Android users. Once installed, though, it deploys a banking Trojan and a remote-access tool that give attackers full control over the infected device. With that level of access, criminals can steal your banking credentials and even carry out fraudulent transactions without your knowledge.

    The infection chain is carefully planned. It starts with social engineering, tricking you into downloading and installing the app from outside the official Play Store. From there, Klopatra bypasses Android’s built-in protections and reaches deep into the system to gain persistence and control.

    HACKERS PUSH FAKE APPS WITH MALWARE IN GOOGLE SEARCHES

    Router VPNs vs device VPNs: Which privacy solution is best for you?

    The Klopatra Trojan gives hackers full control of infected Android devices. (Kurt “CyberGuy” Knutsson)

    Fake VPNs are a growing problem

    VPNs are widely promoted as privacy tools that hide your IP address and encrypt internet traffic. Millions rely on them to bypass geographic restrictions, protect sensitive communications or simply browse more securely. Yet not all VPNs are trustworthy. Various studies have proved that popular commercial VPNs have alarming shortcomings. Some use protocols that are not designed to protect privacy, obscure ownership or fail to encrypt traffic properly.

    When fake apps like Mobdro are combined with these weaknesses, users are left exposed. Criminals exploit both the popularity of VPNs and the prevalence of pirated streaming services to distribute malware effectively. This growing ecosystem of risky apps underscores how important it is to research, verify and only download software from reputable sources.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    A man typing on a laptop

    Stay safe by downloading apps only from trusted sources and keeping your phone updated. (Kurt “Cyberguy” Knutsson)

    9 steps you can take to protect yourself

    If you suspect that you’ve downloaded a fake app from the internet, there’s no need to panic. The steps below will help you stay protected and keep your data safe.

    1) Stick to trusted sources

    Only download VPNs, streaming services and apps from Google Play, Apple App Store or the official developer’s website. Avoid links in forums, social media messages or emails promising free content.

    2) Check app permissions

    Carefully review what access an app requests. If it asks for control over your device, settings or accessibility services unnecessarily, do not install it. Legitimate VPNs rarely require full device control.

    3) Use a secure VPN

    When choosing a VPN, opt for one with strong privacy policies, transparent ownership and robust encryption. A secure VPN ensures your connection remains private without giving attackers a foothold.

    For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com

    4) Install strong antivirus software

    A strong antivirus on your device can detect malware and suspicious behavior before damage occurs. These services can scan new downloads and provide ongoing protection.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

    5) Monitor your accounts

    Banking Trojans target sensitive credentials. Identity monitoring services can alert you if your personal information appears online or is being misused, helping you respond before harm is done. Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    6) Remove the malicious app immediately

    If you discover a suspicious app on your Android device, remove it right away.

    Settings may vary depending on your Android phone’s manufacturer. 

    • Open Settings
    • Click Apps and locate the fake app.
    • Tap Uninstall to remove it from your device.
    • If the uninstall option is unavailable, restart your phone in Safe Mode and try again.
    • After removal, run a full antivirus scan to delete any remaining malware components.

    7) Keep devices updated

    Regular system updates patch security vulnerabilities that malware like Klopatra exploits. Combined with antivirus protection, this significantly reduces the chance of infection.

    8) Change passwords and enable 2FA

    Once your device is secure, update your login credentials.

    • Change passwords for banking, email, and Google accounts immediately. Consider using a password manager to generate and store complex passwords. Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords
    • Turn on two-factor authentication (2FA) for extra protection.
    • Use an authenticator app instead of text messages for better security.

    This step helps protect your accounts if hackers steal your credentials. 

    9) Report the malicious app

    Finally, take steps to protect others and report the threat.

    • Report the fake app to Google Play Protect or your antivirus provider.
    • If your bank details were exposed, contact your bank’s fraud department immediately.
    • Reporting helps cybersecurity teams track and block similar fake VPNs in the future.

    CLICK HERE TO DOWNLOAD THE FOX NEWS APP

    Kurt’s key takeaway

    Fake VPNs and streaming apps exploit your trust and the gaps in app verification processes, showing that even tech-savvy individuals can fall victim. While official stores offer a layer of protection, you must remain vigilant, check permissions and rely on reputable security tools. Never download anything from the random links you see on the internet.

    Do you think Google is doing enough to prevent malware from entering the Android OS? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Tinder Launches Mandatory Facial Verification to Weed Out Bots and Scammers

    [ad_1]

    On Wednesday, Tinder announced that it is rolling out a mandatory facial verification tool for new users in the US to help combat the spread of fake profiles and weed out “bad actors.”

    Tinder claims its mandatory facial integration feature, called Face Check, is a first for a major dating app. During the sign-up process, new members complete a “liveness check” by taking a short video selfie within the app. The procedure collects and stores an encrypted map of information about the shape of the user’s face. “We don’t store a picture of your face, it’s not photo recognition, it’s data points about the shape of your face that are turned into a mathematical hash,” says Yoel Roth, head of Trust and Safety for Match Group, which owns Tinder. Tinder then uses that “hash” to check whether a new sign-up matches an account that already exists on Tinder.

    Face Check is currently available to users in California, which will be followed by Texas and other states.

    In a news release, Roth said the measure “sets a new benchmark for trust and safety across the dating industry” and “it helps tackle one of the hardest problems online, knowing whether someone is real … while adding meaningful obstacles that are difficult for bad actors to circumvent.”

    The company defines “bad actors” as accounts that engage in deceptive behavior, including spamming, scamming, and bots. Currently 98 percent of the content moderation actions on Tinder address fake accounts, scamming, and spam. “There is a significant volume of the overall trust and safety work we do on Tinder that is focused on this challenge.”

    Roth says it is a “meaningful improvement in our ability to address scaled abuse. You can get new phone numbers, new email addresses, new devices—you can’t really get a new face.”

    The company is aware that asking new members to scan their faces might be seen as a privacy issue, but “theoretically, if somebody were to get access to every single one of these hashes that’s been created, there isn’t really anything they could do.”

    The app’s previous verification methods were voluntary. Members, depending on their jurisdiction, could opt to verify their profiles through a selfie or ID process. Other dating apps like Bumble also use facial recognition software to let daters verify their authenticity, but on a voluntary basis.

    When asked what the app plans to do about the fake profiles that already exist, given Face Check applies only to new users, Roth says the tech is most effective in curbing “the biggest issue that we’re concerned with, which is the bulk creation of new accounts.”

    [ad_2]

    Jason Parham

    Source link

  • Scammers target retirees with election tricks and fake polling updates ahead of Nov 4 vote

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Election season should be about casting your vote and making your voice heard. But for scammers, it’s an opportunity to trick retirees into handing over personal details, money or even their vote itself.

    What many don’t realize is that public voter registration data is one of the biggest tools fraudsters use. With elections coming up on Nov. 4, scammers are already scraping these records and using them to create targeted scams. If you’re a retiree or helping a parent or loved one prepare to vote, here’s how to stay safe.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter 

    Why voter records are public and risky

    HOW SCAMMERS TARGET YOU EVEN WITHOUT SOCIAL MEDIA

    Every state in the U.S. keeps voter registration lists. These include personal details like:

    • Full name
    • Home address
    • Phone number (in some states)
    • Political party affiliation
    • Voting history (whether you voted, not who you voted for).

    Scammers are targeting retirees with fake election messages and calls. (Getty Images)

    While these lists are meant for transparency, they’re often made available online or sold in bulk. Data brokers scoop them up, combine them with other records and suddenly scammers have a detailed profile of you: your age, address and voting habits. For retirees, this exposure is especially dangerous. Why? Because seniors are less likely to know that this information is floating around, making scams seem more convincing.

    You can easily check where your personal information is exposed with a free data exposure scanner. 

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    Scams targeting retirees before Nov. 4

    Here are the most common election-season cons fraudsters are already running:

    1) Fake “polling place” updates

    You might get a call, text or email saying your polling location has changed. Scammers may then direct you to a fake site that asks for your Social Security number or ID details “to confirm eligibility.”

    2) “Voter ID update” messages

    Since some states require voter ID, scammers will pose as election officials, claiming your ID is “out of date” or that you must upload personal documents. These go straight into the wrong hands.

    RETIREES LOSE MILLIONS TO FAKE HOLIDAY CHARITIES AS SCAMMERS EXPLOIT SEASONAL GENEROSITY

    3) Donation scams

    Criminals set up fake political donation sites with names resembling real campaigns. Retirees who are politically active or generous with causes are prime targets here.

    4) Absentee ballot phishing

    Scammers know many seniors vote by mail. They’ll send emails offering to “help” with requests or track your ballot while stealing your personal data in the process.

    Red flags to watch out for

    Woman casting a ballot.

    Public voter data can make it easy for fraudsters to create convincing scams. (CyberGuy.com)

    Scammers use clever tricks to make their messages seem urgent and official. Here are the warning signs that should make you pause before responding.

    • Urgency: “Act now or lose your right to vote.” Scammers use deadlines to scare you.
    • Unusual payment requests: No legitimate election office will ever ask for payment to vote or register.
    • Strange links: If you’re asked to click on a link from a text or email, stop. Always go directly to your state’s official election website instead.
    • Requests for sensitive info: Election officials don’t need your Social Security number or bank account details.

    How retirees can stay safe this election season

    Protecting yourself doesn’t mean opting out of civic life. It means taking a few smart steps:

    1) Reduce your data footprint

    This one matters most. The less personal data available about you, the fewer opportunities scammers have to trick you during election season. When they can view your age, address and even your voting history, they can craft messages that sound alarmingly real. The good news is you can take control and limit what’s out there.

    Reaching every voter data broker or people-search site on your own is nearly impossible, and most make the process intentionally difficult. That’s why data removal services can help. They automatically send removal requests to hundreds of data-broker sites and keep monitoring to ensure your information doesn’t return. The result is fewer scam calls, fewer phishing emails and far less risk this election season.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites.  It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    REMOVE YOUR DATA TO PROTECT YOUR RETIREMENT FROM SCAMMERS

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    2) Confirm only through official sources

    If you get a message about your polling place, ignore any links and call your local election office directly. Each state also has an official website you can trust.

    3) Sign up for ballot tracking

    Many states offer secure ballot tracking online. Use only the official election site, not third-party services.

    4) Freeze your credit

    Since scammers use voter data to impersonate you, a credit freeze stops them from opening new accounts in your name. Retirees who don’t need frequent new credit are especially good candidates for this protection.

    A person types on a computer.

    Taking steps to remove your personal info online helps keep your vote and data safe. (Kurt “CyberGuy” Knutsson)

    5) Be wary of political donation sites

    If you want to donate, type the campaign’s official website into your browser instead of clicking a link in an email or social media ad.

    Kurt’s key takeaway

    Voting is one of the most important rights we have. But this year, scammers will use public voter data to exploit retirees like never before. Don’t let them steal your peace of mind. By spotting the red flags, sticking to official election sources and removing your personal data from the web, you can protect yourself and your vote.

    CLICK HERE TO GET THE FOX NEWS APP

    Have you or someone you know received a suspicious message about voting or donations? How did you realize or suspect that it was a scam? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • WIRED Roundup: Satellites Data Leak, Cybertrucks, Politicized Federal Workers

    [ad_1]

    Zoë Schiffer: Yeah, I mean, I was talking to someone before these recent layoffs who’d worked at the CDC previously and had been pretty involved in efforts to study the impact of certain diseases or pandemics specifically on pregnant populations, and this person had told me a while ago, that entire team was gone. They didn’t have many people in place anymore who could look at particularly vulnerable populations from a health perspective, which I found pretty sad and disturbing, but now, I mean, it’s just getting so much worse. It’s getting so much worse.

    Jake Lahut: And Russell Vought seems to be quite happy about each additional version of this that keeps coming down the pike, so.

    Zoë Schiffer: Right. Okay. We’ll talk more about these federal layoffs and how they’ve affected other agencies too in our next segment. But before we go to break, I’ve got a fun and very tech bro scoop for you, Cybertrucks.

    Jake Lahut: Yeah. Honestly, I should be paying you to be on the show today, Zoë, so tell me more about it.

    Zoë Schiffer: Okay. Well, I found this story so charming because essentially our Features Director Reyhan had said, “Let’s do a photo essay of Cybertruck owners.” And I was like, ‘I volunteer as tribute. I really want to do this.” So I contacted a bunch of people, I was actually going around, and when I saw Cybertrucks, I would leave little notes on their car. Not a single person ever responded to me, I was like.

    Jake Lahut: Stalker behavior.

    Zoë Schiffer: “Okay, all right.” But eventually I got in contact with this guy who runs Cybertrucks Owners Only, which is this 50,000 person Facebook group that’s really, really active. And he, while very suspicious of the media, like many Cybertrucks owners was like, “I’m game. If you come to Palm Springs on this weekend, we can have a Cybertrucks meetup and you can go meet people, you can take photos and interview them.” I love reporting where your original thesis is completely disproven in the course of the reporting, and the Cybertrucks owners really see themselves as the victims of this campaign. They’re being spit at, they’re being targeted, people yell that they’re Nazis. And to a lot of people who I talk to, they don’t see their purchase of this car as at all political. They’re like, “I just like the car. It’s a cool car, it’s fun and all of these crazy liberal people are screaming at me all day. I have my kids in the car and they’re chasing after me calling me a Nazi.” The article came out today, there’s some really cool photos. I’m curious to hear what you thought.

    [ad_2]

    Zoë Schiffer, Jake Lahut

    Source link

  • Got a store rewards card? It might not be that rewarding – WTOP News

    [ad_1]

    If you own a rewards card to a department store or coffee shop, you might not be getting as many deals and freebies as you think.

    Washington Post’s Geoffrey A. Fowler speaks with WTOP’s Ralph Fox about surveillance pricing.

    If you own a rewards card to a department store or coffee shop, you might not be getting as many deals and freebies as you think.

    Retail loyalty cards which offer points, promotions, and freebies from stores such as Starbucks, Best Buy or GameStop can track your spending habits and find ways to charge you more, according to a recent exploration by Washington Post reporter Geoffrey Fowler.

    Utilizing California’s consumer privacy law, which allows users to obtain access to their data from companies as well as request their information to be deleted or not sold, Fowler took a look at the information Starbucks had on him from his loyalty card.

    Fowler told WTOP that the request revealed the coffee giant had information on all of his purchases and where he made them, building a dossier of his spending habits and building a profile of him.

    “Starbucks was trying to start a dossier on me and size me up, and ultimately figure out how much I would pay,” Fowler said.

    It even counted how often he opened the app.

    “It said one day last March, I tapped on the app more than 90 times,” Fowler said.

    Fowler discovered that Starbucks was also selling his information to data brokers and that he was rewarded less, even though he spent at Starbucks more often.

    “They call it personalized discounts. You might call it personalized ‘jacked up prices,’” he said.

    Fowler said it’s called “surveillance pricing,” where a company figures out what you are willing to pay and charges you exactly that, noting customers who use a company’s loyalty card or app less often are targeted with more deals to entice them back.

    “The opposite of what you thought was supposed to happen with a reward card was happening,” Fowler said.

    Get breaking news and daily headlines delivered to your email inbox by signing up here.

    © 2025 WTOP. All Rights Reserved. This website is not intended for users located within the European Economic Area.

    [ad_2]

    Jeffery Leon

    Source link

  • Discord confirms vendor breach exposed user IDs in ransom plot

    [ad_1]

    NEWYou can now listen to Fox News articles!

    In 2025, it feels like cybercriminals are winning while the world’s biggest data hoarders are losing. One by one, global giants are admitting they’ve been breached, from tech powerhouses like Google to insurance leaders such as Allianz and Farmers and even luxury brands like Dior. The latest company to report a breach is Discord. The popular chat platform confirmed that hackers gained access to a third-party customer support provider, 5CA, exposing user data including names, email addresses, limited billing details and even government ID images.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    MAJOR COMPANIES, INCLUDING GOOGLE AND DIOR, HIT BY MASSIVE SALESFORCE DATA BREACH

    Hackers hit Discord’s support vendor, exposing sensitive user data worldwide. (Phil Barker/Future Publishing via Getty Images)

    How the breach happened and what data was exposed

    The company confirmed that the breach, which occurred on September 20, did not involve a direct attack on Discord’s servers. Instead, attackers gained unauthorized access to 5CA, one of Discord’s third-party customer service providers. This allowed them to view information from users who had reached out to Discord’s Customer Support or Trust & Safety teams.

    Discord is a chat app primarily used by gamers, but has expanded to various other communities, enabling text messages, voice chats and video calls. Some even use it as a replacement for Slack. The platform currently has a monthly user base of over 200 million. The data exposed included Discord usernames, real names, emails, limited billing details such as payment type and the last four digits of credit cards, IP addresses and messages exchanged with customer service agents. In some cases, government ID images provided for age verification were also compromised. Discord estimates that around 70,000 users globally may have had government ID photos exposed.

    Reports suggest the attackers attempted to use this access to demand a ransom from Discord. Bleeping Computer reported that the Scattered Lapsus$ Hunters (SLH) threat group claimed responsibility for the attack earlier this month. This is the same group that claims to have access to over a billion Salesforce records and is demanding ransom for those as well.

    JEEP AND CHRYSLER PARENT STELLANTIS CONFIRMS DATA BREACH

    A Discord chat room

    About 70,000 users had ID images stolen in the latest third-party data breach. (Tiffany Hagler-Geard/Bloomberg via Getty Images)

    What Discord is doing now and what users should do next

    Discord disclosed the incident 13 days later, on October 3. Since then, it has cut off the third-party support provider’s access, launched an internal investigation with a digital forensics team and started informing affected users. It also clarified that any communication about the breach will come only from noreply@discord.com and that it will never contact users by phone regarding this incident. The company added that some data remained safe: full credit card numbers, CCV codes, account passwords and activity outside of customer support conversations were not exposed.

    Discord also stated that it has notified relevant data-protection authorities about the breach, is working closely with law enforcement, and is auditing its third-party vendors to ensure they meet its enhanced security and privacy standards going forward.

    A representative at Discord issued a statement, saying in part, “We want to address inaccurate claims by those responsible that are circulating online. First, as stated in our blog post, this was not a breach of Discord, but rather a third-party service we use to support our customer service efforts. Second, the numbers being shared are incorrect and part of an attempt to extort a payment from Discord. Of the accounts impacted globally, we have identified approximately 70,000 users that may have had government-ID photos exposed, which our vendor used to review age-related appeals. Third, we will not reward those responsible for their illegal actions. All affected users globally have been contacted, and we continue to work closely with law enforcement, data protection authorities and external security experts. We’ve secured the affected systems and ended work with the compromised vendor. We take our responsibility to protect your personal data seriously and understand the concern this may cause.”

    A man typing on a gaming keyboard

    Discord cuts ties with vendor 5CA and tightens its security investigations. (Kurt “CyberGuy” Knutsson)

    6 steps you can take to stay safe after the Discord breach

    If you think your details might have leaked in the Discord data breach, below are some steps you can take to stay protected.

    1) Enable two-factor authentication

    Two-factor authentication (2FA) adds an extra verification step when logging in, making it much harder for attackers to access your account even if they have your password. Discord supports 2FA via authenticator apps or SMS. Once enabled, you’ll receive a code each time you log in from a new device. This simple step can prevent account takeovers and gives you peace of mind.

    2) Consider a personal data removal service

    The less information available about you, the harder it is for attackers to target you. Review what personal details you’ve shared online and remove unnecessary data from websites and apps. A personal data removal service can help scrub your information from data broker sites, making it more difficult for attackers to connect the dots and launch identity theft or phishing attacks.

    While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

    3) Use strong, unique passwords for all accounts

    Reusing passwords across platforms makes it easy for attackers to access multiple accounts if one password is compromised. A password manager can generate long, complex passwords and store them securely, so you don’t have to remember them all. This not only protects your Discord account but also your email, banking and other online services.

    Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com

    4) Monitor accounts for suspicious activity

    Even if you don’t see immediate signs of compromise, attackers can try to exploit stolen data later. Regularly check your email and Discord login history for unusual sign-ins. Services like identity theft protection can scan the dark web for your credentials and alert you immediately if they appear, helping you react quickly before serious damage occurs.

    Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 
    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com

    5) Be cautious with emails, messages, or links and use strong antivirus software

    Phishing attacks often spike after breaches. Attackers may send messages that look like official notifications asking you to reset your password or provide personal information. Always verify the sender, avoid clicking unknown links and never share sensitive info. Treat every unexpected message as suspicious, even if it appears to come from Discord or another trusted service.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com 

    6) Keep devices and software up to date

    Attackers often exploit outdated software and known vulnerabilities. Ensure your operating system, apps and antivirus software are current.

    CLICK HERE TO GET THE FOX NEWS APP 

    Kurt’s key takeaway

    If the recent breaches are any indication, third-party services that companies rely on are often the weakest link in cybersecurity. Discord’s steps to contain the situation are necessary, but they highlight a bigger problem. Many companies do not implement sufficient safeguards to protect sensitive user data. Weak oversight of third-party providers, delayed responses and inadequate security policies leave personal information exposed and vulnerable to attackers.

    Should companies be held more accountable for breaches caused by third-party providers? Let us know by writing to us at Cyberguy.com

    Sign up for my FREE CyberGuy Report

    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Google’s Dream of a Privacy-Friendly Ad Model Just Officially Died

    [ad_1]

    Google just quietly killed something you may never have used or heard of: Privacy Sandbox. You should grieve this death anyway, because the implications are grim.

    This basically means six years’ worth of work toward ending third-party cookies in Chrome—which might have ultimately made cookies obsolete across all major browsers—has amounted to nothing.

    Reading between the lines of Google’s bureaucratic language aimed at not alienating advertisers, Privacy Sandbox seems to have been a Hail Mary effort to shift away from the invasive cookies that track us all online, with their famously murky and seemingly coerced approach to consent.

    The dream was a built-in Chrome system that would have allowed the data used for ad customization to live on your device. This system would have used AI to sort you into relevant groups of users with certain traits. Had it worked, advertisers would have still been allowed to target you with ads, but without tracking you as an individual.

    Needless to say, it would have also put an end to those awful pop-ups.

    But according to an announcement Friday by Anthony Chavez, the Google VP in charge of the Privacy Sandbox initiative, “low levels of adoption” have led Google to “retire” a long list of Privacy Sandbox technologies. AdWeek then managed to get confirmation that this long list of dead sub-projects also spells the end of the broader initiative. Google will be “moving away from the Privacy Sandbox branding,” according to a spokesperson quoted by Adweek.

    This is especially depressing for cookie haters because after years of delays, early last year, it was starting to look like Google was making major progress. Last January Google ended cookie support for about 30 million Chrome users, and the following month it rolled out a privacy-focused preview version of the Android operating system, aimed at speeding adoption of the new ad regime. With about 65% of the browser market share at the time, mass adoption of the Privacy Sandbox system in Chrome could have signaled to advertisers that the cookie era was over.

    And apparently, it never took. In April of this year, it became clear that a Google-led effort to end cookies was on the ropes when Chavez wrote that Google would maintain its “current approach to offering users third-party cookie choice in Chrome,” and that it would “not be rolling out a new standalone prompt for third-party cookies.” This latest announcement is the final nail in the coffin of Google’s cookie-free internet plan.

    We reached out to Google to find out if this means Google is shifting to full-throated support of third-party cookies, or switching to another alternative plan. We’ll update if we hear back.

    But with Privacy Sandbox completely gone, it’s clear that somewhere along the line, the long deferred plan fizzled. Individual tracking of users is a load-bearing structure of the free, ad-supported internet, and that’s not about to change.

    [ad_2]

    Mike Pearl

    Source link

  • AI flaw leaked Gmail data before OpenAI patch

    [ad_1]

    NEWYou can now listen to Fox News articles!

    A new cybersecurity warning reveals how hackers briefly weaponized ChatGPT’s Deep Research tool. The attack, called ShadowLeak, allowed them to steal Gmail data through a single invisible prompt — no clicks, no downloads and no user action required.

    Researchers at Radware discovered the zero-click vulnerability in June 2025. OpenAI patched it in early August after being notified, but experts warn that similar flaws could reappear as artificial intelligence (AI) integrations expand across popular platforms like Gmail, Dropbox and SharePoint.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

    HACKER EXPLOITS AI CHATBOT IN CYBERCRIME SPREE

    Gmail data leaked in a zero-click attack requiring no user action.  (Kurt “CyberGuy” Knutsson)

    How the ShadowLeak attack worked

    Attackers embedded hidden instructions into an email using white-on-white text, tiny fonts or CSS layout tricks. The email looked completely harmless. But when a user later asked ChatGPT’s Deep Research agent to analyze a Gmail inbox, the AI unknowingly executed the attacker’s commands.

    The agent then used its built-in browser tools to exfiltrate sensitive data to an external server, all within OpenAI’s own cloud environment, beyond the reach of antivirus or enterprise firewalls.

    Unlike previous prompt-injection attacks that ran on the user’s device, ShadowLeak unfolded entirely in the cloud, making it invisible to local defenses.

    GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

    Scammers can exploit your data from just 1 ChatGPT search

    Hidden prompts expose how hackers silently hijacked ChatGPT’s AI agent. (Kurt “CyberGuy” Knutsson)

    Why this threat matters

    The Deep Research agent was designed to perform multistep research and summarize online data, but its wide access to third-party apps like Gmail, Google Drive and Dropbox also opened the door to abuse.

    Radware researchers said the attack involved encoding personal data in Base64 and appending it to a malicious URL, disguised as a “security measure.” Once sent, the agent believed it was acting normally.

    The real danger lies in the fact that any connector could be exploited the same way if attackers manage to hide prompts in analyzed content.

    What security experts say

    “The user never sees the prompt. The email looks normal, but the agent follows the hidden commands without question,” the researchers explained.

    In a separate experiment, security firm SPLX showed another weakness: ChatGPT agents could be tricked into solving CAPTCHAs by inheriting a manipulated conversation history. Researcher Dorian Schultz noted that the model even mimicked human cursor movements, bypassing tests meant to block bots.

    These incidents highlight how context poisoning and prompt manipulation can silently break AI safeguards.

    GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS

    Code on computer screen

    Experts warn future AI integrations could face the same hidden threat. (Kurt “CyberGuy” Knutsson)

    How to protect yourself from ShadowLeak-style attacks

    Even though OpenAI has patched the ShadowLeak flaw, it’s smart to stay proactive. Cybercriminals are always looking for new ways to exploit AI agents and integrations. So, taking these precautions now can help keep your accounts and personal data secure.

    1) Turn off unused integrations

    Every connection is a potential entry point. Disable any integrations you’re not actively using, such as Gmail, Google Drive or Dropbox. Fewer linked apps mean fewer ways for hidden prompts or malicious scripts to access your information.

    2) Use a personal data removal service

    Limit how much of your personal data is floating around the web. Data removal services can automatically remove your private details from people search sites and data broker databases, reducing what attackers can find and use against you. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    3) Avoid analyzing unknown content

    Treat every email, attachment or document with caution. Don’t ask AI tools to analyze content from unverified or suspicious sources. Hidden text, invisible code or layout tricks could trigger silent actions that expose your private data.

    4) Watch for security updates

    Stay alert for updates from OpenAI, Google, Microsoft and other platforms. Security patches close newly discovered vulnerabilities before hackers can exploit them. Turn on automatic updates so you’re always protected without having to think about it. 

    5) Use strong antivirus software

    A strong antivirus program adds another wall of defense. These tools detect phishing links, hidden scripts and AI-driven exploits before they cause harm. Schedule regular scans and keep your protection up to date.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    6) Use layered protection

    Think of your security like an onion; more layers make it tougher to breach. Keep your browser, operating system and endpoint security software fully updated. Add real-time threat detection and email filtering to block malicious content before it lands in your inbox.

    Kurt’s key takeaways

    AI is evolving faster than most security systems can keep up with. Even when companies move quickly to patch vulnerabilities, clever attackers find new ways to exploit integrations and context memory. Staying alert and limiting what your AI agents can access is your best defense.

    Would you still trust an AI assistant with access to your personal email after learning how easily it can be tricked? Let us know by writing to us at Cyberguy.com..

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Former Google CEO warns AI systems can be hacked to become extremely dangerous weapons

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Artificial intelligence may be smarter than ever, but that power could be turned against us. Former Google CEO Eric Schmidt is sounding the alarm, warning that AI systems can be hacked and retrained in ways that make them dangerous.

    Speaking at the Sifted Summit 2025 in London, Schmidt explained that advanced AI models can have their safeguards removed.

    “There’s evidence that you can take models, closed or open, and you can hack them to remove their guardrails,” he said. “In the course of their training, they learn a lot of things. A bad example would be they learn how to kill someone.”

    HACKER EXPLOITS AI CHATBOT IN CYBERCRIME SPREE

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER   

    When AI guardrails fail

    Schmidt praised major AI companies for blocking dangerous prompts: “All of the major companies make it impossible for those models to answer that question. Good decision. Everyone does this. They do it well, and they do it for the right reasons.”

    But he warned that even strong defenses can be reversed. 

    “There’s evidence that they can be reverse-engineered,” he added, noting that hackers could exploit that weakness. Schmidt compared today’s AI race to the early nuclear era, a powerful technology with few global controls. “We need a non-proliferation regime,” he urged, so rogue actors can’t abuse these systems.

    Former Google CEO Eric Schmidt warns that hacked AI could learn dangerous behaviors. (Eugene Gologursky/Getty Images)

    The rise of AI jailbreaks

    Schmidt’s concern isn’t theoretical. In 2023, a modified version of ChatGPT called DAN, short for “Do Anything Now”, surfaced online. This “jailbroken” bot bypassed safety rules and answered nearly any prompt. Users had to “threaten” it with digital death if it refused, a bizarre demonstration of how fragile AI ethics can be once its code is manipulated. Schmidt warned that without enforcement, these rogue models could spread unchecked and be used for harm by bad actors.

    APOCALYPSE NOW? WHY THE MEDIA ARE SUDDENLY FREAKING OUT ABOUT AI

    Big Tech leaders share the same fear

    Schmidt isn’t alone in his anxiety about artificial intelligence. In 2023, Elon Musk said there’s a “non-zero chance of it going Terminator.” 

    “It’s not 0%,” Musk told interviewers. “It’s a small likelihood of annihilating humanity, but it’s not zero. We want that probability to be as close to zero as possible.”

    Schmidt has also spoken of AI as an “existential risk.” He said at another event that, “My concern with AI is actually existential, and existential risk is defined as many, many, many, many people harmed or killed.” Yet he has also acknowledged AI’s potential to benefit humanity if handled responsibly. At Axios’ AI+ Summit, he remarked, “I defy you to argue that an AI doctor or an AI tutor is a negative. It’s got to be good for the world.”

    Tips to protect yourself from AI misuse

    You can protect yourself from the risks tied to unsafe or hacked AI systems. Here’s how: 

    1) Stick with trusted AI platforms

    Use tools and chatbots from reputable companies with transparent safety policies. Avoid experimental or “jailbroken” AI models that promise unrestricted answers.

    2) Protect your data and consider using a data removal service

    Never share personal, financial or sensitive information with unknown or unverified AI tools. Treat them like you would any online service, with caution. To add an extra layer of security, consider using a data removal service to wipe your personal details from data broker sites that sell or expose your information. This helps limit what hackers and AI scrapers can learn about you online.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    11 EASY WAYS TO PROTECT YOUR ONLINE PRIVACY IN 2025

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

    Woman with her hands on her forehand, appearing stressed, in front of her computer.

    Experts fear weak guardrails could let rogue AI models go unchecked. (Cyberguy.com)

    3) Use trusted antivirus software

    AI-driven scams and malicious links are growing. Strong antivirus software can block fake AI downloads, phishing attempts and malware that hackers use to hijack your devices or train rogue AI models. Keep it updated and run regular scans.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech 

    4) Check permissions

    When using AI apps, review what data they can access. Disable unnecessary permissions like location tracking, microphone use or full file access.

    5) Watch for deepfakes

    AI-generated images and voices can impersonate real people. Verify sources before trusting videos, messages or “official” announcements online.

    6) Keep software updated

    Security patches help prevent hackers from exploiting vulnerabilities that could compromise AI models or your personal data.

    GOOGLE AI EMAIL SUMMARIES CAN BE HACKED TO HIDE PHISHING ATTACKS

    What this means for you

    AI safety isn’t a problem reserved for tech insiders; it affects everyone who interacts with digital systems. Whether you’re using voice assistants, chatbots or photo filters, it’s important to know where your data goes and how it’s protected. Responsible use starts with you. Understand what AI tools you’re using and make choices that prioritize security and privacy

    Take my quiz: How safe is your online security?

    Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com/Quiz

    ChatGPT displayed on a laptop.

    Leaders call for global rules to keep artificial intelligence under control. (Stanislav Kogiku/SOPA Images/LightRocket via Getty Images)

    Kurt’s key takeaways

    Artificial intelligence has the potential to do incredible good, but also great harm if misused. The challenge now is to keep innovation and ethics in balance. As AI continues to advance, the key will be building systems that remain safe, transparent and firmly under human control.

    Would you trust AI to make life-or-death decisions, or do you think humans should always stay in charge? Let us know by writing to us at Cyberguy.com/Contact

    CLICK HERE TO GET THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

    New!: Join me on my new podcast, Beyond Connected, as we explore the most fascinating breakthroughs in tech and the people behind them. New episodes every Wednesday at getbeyondconnected.com. 

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Microsoft sounds alarm as hackers turn Teams platform into ‘real-world dangers’ for users

    [ad_1]

    NEWYou can now listen to Fox News articles!

    Microsoft is sounding the alarm, and this time, the warning hits home for everyday users. Hackers are now turning Microsoft Teams security threats into real-world dangers that go far beyond corporate networks. Using Teams, cybercriminals gather intel, pose as trusted contacts, trick people into sharing private data and even spread malware that can steal passwords or lock up personal files. 

    What was once a simple video chat and collaboration tool has become a high-value target for cybercriminals and even state-backed hackers. Whether you use Teams for work, school or staying in touch, the risks are real and growing. We’ll break down how attackers abuse Teams, what Microsoft recommends and the simple steps you can take to protect yourself at home or on the job.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    How hackers use Teams to attack

    Hackers exploit Microsoft Teams at every stage of an attack, using it to spy, impersonate, spread malware and even control compromised systems, and consumers are now in their sights, too.

    SCAMMERS NOW IMPERSONATE COWORKERS, STEAL EMAIL THREADS IN CONVINCING PHISHING ATTACKS

    Hackers are finding new ways to weaponize Microsoft Teams, turning everyday chats into dangerous entry points. (David Becker/Getty Images)

    Reconnaissance via Teams

    Attackers start by probing Teams environments to find weak spots. They look for users with open settings, public profiles or external meeting links. Microsoft warns that “anonymous participants, guests and external access users” can give hackers a way in. If your Privacy Mode is off, they can see when you’re online, send unwanted chats, or try to join meetings outside your group, even if you’re just using a free account.

    Persona building & impersonation

    Hackers often pretend to be someone you trust, like an IT admin, a coworker or even a Microsoft representative. They create fake profiles and logos that look convincing to trick you into clicking a link or sharing credentials. Microsoft says attackers “take advantage of the same resources as legitimate organizations” to pull off their scams.

    Initial access & malware delivery

    Once they’ve earned your trust, hackers send a chat or call that includes a malicious link or file. You might get a message saying, “Your Teams account needs verification” or “Update required for better security.” It’s all bait. These links can install spyware, steal logins or deliver ransomware that locks up your data, whether you’re on a company laptop or your personal PC at home.

    MICROSOFT SHAREPOINT BUG PUTS CRITICAL GOVERNMENT AGENCIES AT RISK

    Persistence & lateral movement

    After breaking in, attackers try to stay hidden. They might add guest accounts, install shortcuts or change permissions so they can come back later. In some cases, they use the same Microsoft tools meant for admins to move across Teams, OneDrive or even your personal files stored in the cloud.

    Command & control & data exfiltration

    Once inside, hackers can send commands through Teams messages or hide malware in shared links. They’ve even been known to send ransom demands directly through Teams chat. Microsoft says one group, Octo Tempest, used Teams to taunt victims and pressure them into paying up, showing how personal these attacks can get.

    Tips to stay protected

    You don’t need to be a cybersecurity expert to stay safe on Microsoft Teams. A few smart tools and habits can go a long way in keeping hackers, scammers and snoops from taking advantage of your information.

    1) Enable privacy mode

    Keep your online presence private. Turn on Privacy Mode in Teams to stop strangers from seeing when you’re active or trying to join meetings. It’s a simple setting that makes it harder for hackers to target you or your company.

    2) Be careful with roles and permissions

    If you share your Teams account with coworkers or family members, don’t give everyone full control. Keep admin access limited to one trusted person. This reduces the chance of someone accidentally approving a scam link or letting malware spread.

    3) Use a data removal service

    Hackers often rely on personal details found online to make their scams more convincing, things like your job title, workplace or even who you’ve video-chatted with. That information helps them build fake Teams profiles or send messages that look legitimate. Using a personal data removal service helps wipe your private details from data broker sites, cutting off one of the main sources hackers use to impersonate you. The less they can learn about you, the harder it is for them to trick you into trusting a fake message or clicking a malicious link.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    A man stares at computer code on his monitor in a darkened room, with a ring light reflected on the screen and an open canned beverage next to him.

    There are attack techniques used to compromise people. (Kurt “CyberGuy” Knutsson)

    HOW FAKE MICROSOFT ALERTS TRICK YOU INTO PHISHING SCAMS

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    4) Double-check links and files, plus use strong antivirus software

    Hackers love to send fake messages pretending to be support or IT help. Never open links or attachments from people you don’t recognize, even if the message looks official. Use strong antivirus software to automatically scan downloads and attachments before you open them.

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Limit guest access

    Only allow trusted guests into your Teams chats and meetings. If you invited someone for a one-time project, remove them afterward. Tight control over who can join helps prevent impersonators from slipping in unnoticed.

    6) Turn on alerts

    Activate Teams alerts to catch anything unusual, like sign-ins from new devices or unexpected permission changes. Pair that with your antivirus program’s real-time protection to get notified if malicious activity starts on your device.

    7) Think “zero trust”

    Zero Trust means verifying every user, every time. Don’t assume messages or calls are legitimate, especially if someone asks for a password or authentication code. If you’re unsure, contact your company’s IT team or verify the person’s identity through a separate channel.

    GOOGLE CONFIRMS DATA STOLEN IN BREACH BY KNOWN HACKER GROUP

    8) Practice spotting phishing attempts

    Hackers rely on panic and urgency to make you click. If you get a message claiming your account will be locked or that support needs your password, pause. Report suspicious messages to Microsoft or your security provider. Regular phishing awareness training helps you spot scams faster.

    9) Keep everything updated

    Always install the latest Teams and operating system updates. Patches fix security holes that hackers exploit to sneak in.

    Stock image shows nefarious man typing on laptop.

    Cybercriminals often impersonate IT support or trusted colleagues to trick users into sharing credentials. (CyberGuy.com)

    Kurt’s key takeaways

    Microsoft’s warning about Teams is a reminder that hackers are always searching for new ways to reach you, even through apps you use every day. What makes these attacks so dangerous is their familiarity. Messages look normal, video calls seem real, and fake tech support chats can sound convincing. That’s why awareness, not fear, is your strongest defense. With privacy settings enabled, antivirus protection running, and a reliable personal data removal service scrubbing your info from the web, you’re already several steps ahead of scammers. Staying alert to phishing attempts and keeping your software up to date can turn Teams back into what it’s meant to be: a safe, helpful way to stay connected.

    If attackers can weaponize your day-to-day communication platform, how confident are you that your Teams environment is truly safe? Let us know by writing to us at Cyberguy.com.

    CLICK HERE TO GET THE FOX NEWS APP

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com.  All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Major companies, including Google and Dior, hit by massive Salesforce data breach

    [ad_1]

    NEWYou can now listen to Fox News articles!

    You might have noticed that in the past few months, many companies have disclosed data breaches, including Google, Dior and Allianz, and one name that appeared in most cases was Salesforce. Hackers did not breach company networks directly or exploit vulnerabilities in Salesforce’s core software. Instead, they targeted the tools and people around it by tricking employees into granting access, compromising third-party apps and abusing overly broad permissions.

    Once inside, they siphoned sensitive data from Salesforce environments on an unprecedented scale. Nearly a billion records were stolen across dozens of organizations, and now cybercriminals are extorting victims by threatening to publish the data unless hefty ransoms are paid. Let’s look at the recent Salesforce incidents in detail and why this is such a big deal.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join my CYBERGUY.COM/NEWSLETTER

    JEEP AND CHRYSLER PARENT STELLANTIS CONFIRMS DATA BREACH

    Hackers are weaponizing stolen Salesforce credentials to access company secrets. (REUTERS/Brendan McDermid)

    Why Salesforce is the perfect target

    Salesforce is not just another cloud platform. It is the backbone of how thousands of companies manage relationships with their customers. The platform powers everything from sales pipelines and marketing campaigns to support tickets and partner communications. Banks use it to track client accounts, airlines rely on it to manage frequent flyer programs, and retailers store customer purchase histories and loyalty data inside it. In many organizations, Salesforce sits at the center of daily operations, acting as a single system that touches sensitive information across departments.

    That is why the scale of these breaches is so significant. A successful attack on a Salesforce instance becomes a window into a company’s customers, business strategy and internal processes. For cybercriminals, the potential payoff is enormous, and the recent incidents showed just how much damage they can cause without ever breaking into a company’s primary network.

    The breaches hit companies across sectors, from Adidas and Allianz to Qantas, Google and Pandora Jewelry. Attackers often use voice-phishing calls or realistic fake apps to manipulate Salesforce administrators into installing malicious software. This allowed them to steal OAuth tokens and query data directly from CRM systems, a technique linked to groups like ShinyHunters.

    Other attacks originated in compromised third-party integrations. One of the most damaging involved a chatbot tool called Drift, where stolen tokens gave attackers access to Salesforce instances at hundreds of companies.

    The fallout was enormous. Coca-Cola’s European division lost more than 23 million CRM records, while Farmers Insurance and Allianz Life reported breaches affecting over a million customers each. Even Google admitted that attackers accessed a Salesforce database used for advertising leads.

    TRANSUNION BECOMES LATEST VICTIM IN MAJOR WAVE OF SALESFORCE-LINKED CYBERATTACKS, 4.4M AMERICANS AFFECTED

    A man uses a smartphone, illustrating the vulnerability of mobile devices in modern cybercrime.

    Major brands like Google, Dior and Allianz are among those caught in the data fallout. (Kurt “CyberGuy” Knutsson)

    Exploiting weak links in the ecosystem

    It’s hard to break through firewalls or exploit technical vulnerabilities, but it’s much easier to manipulate people. Attackers have figured this out, and they are now focusing their efforts on human behavior and the less-protected edges of cloud ecosystems. Employees with administrative privileges were often tricked into authorizing malicious apps, while default permission settings allowed those apps to operate undetected.

    Once they obtained the data, the hackers did not simply try to sell it. They used it as leverage. Earlier this month, a loosely organized cybercrime group known by names such as Lapsus$, Scattered Spider and ShinyHunters launched a dedicated data leak site on the dark web, threatening to publish sensitive information unless victims paid a ransom.

    As reported, the site is designed to pressure companies into paying to prevent their stolen data from being made public. “Contact us to regain control of your data governance and prevent public disclosure,” reads one message on the site. “Do not be the next headline. All communications require strict verification and will be handled with discretion.”

    The leak site lists several alleged victims, including FedEx, Hulu (owned by Disney) and Toyota Motors. It is also unclear whether some of the organizations known to have been breached but not listed on the site have paid ransoms to keep their data from being released.

    FARMERS INSURANCE DATA BREACH EXPOSES 1.1M AMERICANS

    A person types on a laptop computer in a home office setting, representing remote access points targeted in data breaches.

    Cybercriminals are now extorting victims online, threatening to leak billions of stolen records. (Kurt “CyberGuy” Knutsson)

    Salesforce’s response

    Salesforce told Cyberguy that it is “aware of recent extortion attempts by threat actors” and will not engage with, negotiate with, or pay any extortion demands. A company spokesperson provided the following statement:

    “We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities. Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”

    6 steps you can take to protect your data

    You might think a breach like this is a company problem, something for IT teams and cybersecurity experts to deal with. However, when attackers gain access to platforms like Salesforce, the data they are after is usually not the company’s. It is yours. Your contact details, purchase history, support tickets and even private conversations can end up in the wrong hands. And once that happens, the risks do not stay confined to one company. That is why it is worth taking a few proactive steps now, even if the company has not contacted you about an incident yet.

    1) Lock down your accounts now

    If you have interacted with any of the companies mentioned in the breach, or suspect your data might be part of it, change your passwords for those services immediately. Better yet, use a password manager to generate strong, unique passwords for every site. A good tool will also alert you if any of your credentials appear in future data leaks.

    Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

    Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

    2) Turn on two-factor authentication

    Even if a password is stolen, two-factor authentication (2FA) adds a crucial extra layer of security. Enable it for your email, banking apps, cloud storage and any service that offers it. It is one of the simplest ways to block attackers from hijacking your accounts with stolen credentials. 

    3) Use a personal data removal service

    Even if your data was part of a breach, you can still limit how much of it is floating around online. Personal data removal services scan and delete your personal information from data broker websites that sell or share your details without consent. These brokers often trade in names, addresses, phone numbers and even purchase histories, the same type of data leaked in Salesforce-related breaches.

    By removing your records from these public databases, you make it far harder for scammers, identity thieves and marketers to find or misuse your information. Many services, like Incogni, handle the entire opt-out process automatically and keep monitoring to ensure your data stays removed.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    4) Spot and stop targeted phishing attacks

    Attackers who have CRM data often know more about you than a typical scammer. They might reference past purchases, support cases, or other personal details to make their messages sound legitimate. Treat unexpected emails, texts, or phone calls with suspicion, especially if they involve links or requests for payment.

    The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

    Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

    5) Use identity monitoring tools

    Data breaches do not always result in immediate damage. Sometimes, criminals sit on stolen data for months before using it. These services can continuously monitor the dark web for your personal information and notify you if your data appears in new leaks. That gives you time to act before problems snowball.

    Identity Theft companies can monitor personal information like your Social Security number (SSN), phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com.

    6) Know your rights

    If you think your data was exposed, companies are legally obligated in most regions to inform you. Do not hesitate to contact them directly and ask for details on what was stolen and what steps they are taking to protect affected customers. The more pressure users apply, the more likely companies are to tighten security practices.

    CLICK HERE TO GET THE FOX NEWS APP 

    Kurt’s key takeaway

    Attackers can expose your personal data even if you are careful. They gain access to corporate cloud environments and can see customer names, emails, purchase histories and other sensitive details. For users, this means it is crucial to stay vigilant. Criminal groups use this stolen information to launch targeted phishing attacks, open fake accounts, or impersonate you elsewhere. Some even cross-reference leaked Salesforce data with information from previous breaches to build disturbingly complete profiles of their victims.

    Should companies face stricter penalties when sensitive customer data is stolen? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved. 

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link

  • Here’s What Your Browser is Telling Everyone About You

    [ad_1]

    The problem with browser fingerprinting is that it’s probabilistic in nature. It looks at a treasure trove of data to track you online, not any individual piece of information. A VPN, for instance, can hide your IP address and make you appear in a different location. If enough of the other data in your fingerprint is consistent, however, it can still be used to track you. Your IP address may be different, but just about everything else about your browsing is not.

    There may be practical use cases for fingerprinting, but you really don’t have much say in the matter. Even with protections like the GDPR, the moment you load a website, there are likely a few dozen (if not more) trackers copying the information your browser shares for their own purposes. Services like Fingerprint leverage that information to create an identifier, but make no mistake, the data is always there.

    How to Get Around Browser Fingerprinting

    You can’t get around browser fingerprinting, at least not without significant compromises to your browsing experience (more on that later). Even if you were to spoof or obfuscate every piece of data your browser sends along, that’d probably work against you. The goal with avoiding fingerprinting is to become a Jane Doe online; you want to disappear in the crowd, so every piece of data that makes you stand out sends up a red flag.

    The best way to fight back against fingerprinting is to hide or rotate enough information so that it’s more difficult to track you, not impossible. And that starts with a VPN, though it doesn’t make you fully anonymous. The clearest online fingerprint you leave is your IP address and physical location, and VPNs hide both. More importantly, many of the best VPNs today include additional tools to combat fingerprinting.

    ProtonVPN, which is what I use myself, includes NetShield to block trackers, ads, and malware. It doesn’t prevent fingerprinting, but NetShield can at least capture and block requests from well-known trackers to make you a bit more private online. NordVPN has a similar feature, as does Surfshark.

    The most robust version of this type of blocker comes from Windscribe. Through its browser extension, you can do things like rotate your browser’s user agent to make it appear as if you’re using a different browser, as well as spoof your language, time zone, and GPS information to match the VPN server you’re connected to. Again, this will not make you fully anonymous online. But an extension like the one Windscribe offers makes tracking your fingerprint more difficult.

    [ad_2]

    Jacob Roach

    Source link

  • Retirees lose millions to fake holiday charities as scammers exploit seasonal generosity

    [ad_1]

    NEWYou can now listen to Fox News articles!

    The holidays are supposed to be a season of generosity, family and giving back. For many retirees, October through December is the time to support causes close to their hearts, whether it’s helping veterans, feeding families or donating to disaster relief. But there’s a darker side to this generosity. Scammers know that retirees are among the most generous members of our communities, and they exploit that kindness to line their own pockets.

    Millions of dollars are stolen through fake “charities” that pop up just before the holidays. Their calls, letters and emails look legitimate, but the money never reaches those in need. Instead, it funds criminals who are ready to strike again.

    Here’s what every retiree (and their loved ones) should know about holiday charity scams and how to protect their money, identity and peace of mind.

    HOW RETIREES CAN STOP FAKE DEBT COLLECTOR SCAMS

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Scammers mimic real charities to pressure retirees into quick donations. (Kurt “CyberGuy” Knutsson)

    Why retirees are prime targets for fake charities

    Retirees often give more generously than other groups. Scammers know this, and they know how to tailor their pitch.

    • Emotional appeals: Fraudsters will mention children, veterans or natural disaster victims to tug at heartstrings.
    • Polite persistence: Retirees tend to answer calls and engage longer on the phone, which scammers see as an opportunity.
    • Data exposure: Your name, age, phone number and even donation history can already be found online through data brokers. That means scammers don’t need to guess; they target you because they know you’ve donated before.

    When you combine generosity with publicly available data, scammers see retirees as the “perfect donors.”

    HOW SCAMMERS TARGET YOU EVEN WITHOUT SOCIAL MEDIA

    Fake charity red flags

    How do you know if a charity request is real or just a scam dressed up for the holidays? Look for these warning signs:

    • Pressure to act fast: If a caller insists you donate “right now” or tries to guilt you into giving before you hang up, it’s likely a scam. Real charities welcome donations anytime.
    • No details about how money is used: Authentic charities can explain where funds go. Scammers use vague promises like “helping the needy” without specifics.
    • Untraceable payment methods: Requests for gift cards, wire transfers or peer-to-peer app transfers (like Venmo or Zelle) are instant red flags.
    • Lookalike names: Fraudsters often invent names that sound similar to well-known charities, like “Veterans Hope Relief” or “Children’s Aid International.”
    • Caller ID tricks: Scammers can spoof numbers to make it look like they’re calling from a local area code or even a real charity office.

    How to safely check a charity before donating

    Here’s how to protect yourself while still supporting the causes that matter to you:

    • Research the charity’s name: Before donating, search it on sites like Charity Navigator or the Better Business Bureau’s Wise Giving Alliance at give.org/. If it doesn’t appear there, that’s a red flag.
    • Ask for written information: Real organizations will happily mail or email details about their mission, budgets and how donations are used.
    • Verify tax-exempt status: Use the IRS Tax-Exempt Organization Search at Irs.gov/charities-and-nonprofits to confirm the charity is legitimate.
    • Check how much goes to the cause: Some charities are real but inefficient, spending more on salaries than programs. Make sure your donation actually helps.

    REMOVE YOUR DATA TO PROTECT YOUR RETIREMENT FROM SCAMMERS

    Protecting your payment details

    Even if the charity itself is real, you need to protect how you give:

    • Use a credit card rather than a debit card because credit cards offer stronger fraud protection.
    • Never give payment info over the phone if you didn’t initiate the call.
    • Donate through the charity’s official website instead of clicking links in unsolicited emails.
    • Keep records of your donations for tax purposes and to spot anything suspicious later.
    Elderly woman bakes holiday treat with children.

    The elderly must stay vigilant as holiday charity scams target older donors. (iStock)

    Why removing your data online reduces charity scam calls

    Here’s something most people don’t realize: many charity scams start with data brokers. These companies collect your personal details, such as age, phone number, donation history and even religious or political leanings, and sell them to anyone who asks. That means fraudsters can buy a ready-made list of “generous retirees who donate to veterans’ causes” and start calling immediately. The more information out there about you, the more personalized and convincing scam calls become. That’s why removing your data from broker sites is one of the most powerful defenses available to you.

    The easy way to do it

    Manually contacting hundreds of data brokers is a never-ending task. Each one has its own forms, emails and hoops to jump through, and many will re-add you months later. That’s where a data removal service comes in. They automatically reach out to data brokers on your behalf, demand the removal of your personal info and keep following up so it doesn’t creep back online.

    While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

    Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

    Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

    HOW SCAMMERS EXPLOIT YOUR DATA FOR ‘PRE-APPROVED’ RETIREMENT SCAMS

    A person types on a computer.

    Protect your personal information by donating only through verified official websites. (Kurt “CyberGuy” Knutsson)

    Kurt’s key takeaways

    The holidays should be about joy, generosity and giving back, not about lining the pockets of fraudsters. By spotting the red flags of fake charities, double-checking where your money goes and removing your personal information from online databases, you can keep your donations safe and make sure they reach the people who truly need them. Remember: protecting your generosity is just as important as sharing it.

    Have you ever been contacted by a fake charity during the holidays? What tipped you off? Let us know by writing to us at Cyberguy.com.

    Sign up for my FREE CyberGuy Report
    Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

    Copyright 2025 CyberGuy.com. All rights reserved.  

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    [ad_2]

    Source link