A new scam has come to light targeting residents across the United States with text messages that pretend to be from toll road operators. For many who receive these messages, it’s an easy and expensive trap to fall into.

The scam begins when people receive a message claiming they have unpaid tolls and may be charged fines. Scammers then ask for card details and a one-time password sent via SMS to steal their money. Security researchers believe that Chinese smishing groups are behind this scam, selling SMS-based phishing kits to thousands of scammers.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

As reported by KrebsOnSecurity, the scam begins with a text message claiming to be from a toll road operator, such as E-ZPass or SunPass. The message warns about unpaid tolls and the possibility of fines, forcing recipients to act quickly. Victims are directed to a fake website mimicking the toll operator’s site, where they are asked to provide sensitive information, including payment card details and one-time passwords. 

Security researchers have traced the scam to Chinese smishing groups known for creating and selling sophisticated SMS phishing kits. One such kit, "Lighthouse," makes it easy for scammers to spoof toll road operators in multiple states. These kits are designed to trick users into sharing financial information, which is then used to commit fraud. 

Reports of these phishing attacks have surfaced across the U.S., targeting users of toll systems like EZDriveMA in Massachusetts, SunPass in Florida and the North Texas Toll Authority in Texas. Similar scams have been reported in states including California, Colorado, Connecticut, Minnesota and Washington. The phishing pages are mobile-optimized and won’t load on non-mobile devices, making them even more deceptive.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Recent advancements in phishing kits include better deliverability through integration with Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters. These methods increase the likelihood of victims receiving and engaging with fraudulent messages. The phishing sites are operated dynamically in real time by criminals, making them harder to detect and shut down. Even individuals who don’t own a vehicle have reported receiving these messages, indicating random targeting.

THAT APPLE ID DISABLED MESSAGE? IT'S A DANGEROUS SCAM

By staying vigilant and following the steps below, you can protect yourself from falling victim to toll scams. 

1) Verify directly with toll operators: If you receive a message about unpaid tolls or fines, do not click on any links. Instead, visit the official website of your toll operator or contact their customer service directly to verify the claim.

2) Install strong antivirus software: The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Do not share personal information: Never provide sensitive details like payment card information, Social Security numbers or one-time passwords via text or unverified websites. Legitimate toll operators will not request such information through SMS.

4) Enable two-factor authentication (2FA): Use 2FA for your accounts whenever possible. This adds an extra layer of protection by requiring two forms of verification, reducing the risk of unauthorized access even if some details are compromised.

5) Be wary of urgency in messages: Scammers often create a sense of urgency, claiming immediate action is required to avoid penalties. Take a moment to assess the situation and verify the legitimacy of the message through official channels.

6) Report suspicious messages: If you suspect a phishing attempt, report it to the Federal Trade Commission or the FBI's Internet Crime Complaint Center. Include details like the sender’s phone number and any links in the message. Additionally, inform your mobile carrier to help block similar scams.

7) Use a personal data removal service: Employ a reputable data removal service to reduce your online footprint and minimize the risk of scammers obtaining your personal information. These services can help remove your data from various data broker sites, making it harder for scammers to target you with personalized scams. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

It’s deeply concerning how these scams are becoming increasingly sophisticated and widespread. It’s no longer just about random phishing attempts. These are carefully crafted schemes designed to exploit our trust in systems we rely on daily. The fact that scammers can impersonate toll road operators so convincingly is alarming, and it shows how vulnerable we are to such attacks. It frustrates me to think of how many people may fall victim to these tactics, losing their hard-earned money.

Have you recently received a suspicious text message claiming to be from a toll road operator or any other service? How did you react? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Did you know that identity theft happens every 22 seconds? This means that, by the time you finish reading this sentence, someone has likely had their identity stolen. At best, identity theft will steal away your time and patience. But more often, identity theft leads to severe consequences, like losing control over your financial accounts, having your credit score affected or even losing lifelong savings.

However, you don't have to be a statistic. By understanding how identity thieves operate and implementing smart protection strategies, you can make your personal data a fortress that's too challenging for cybercriminals to breach. Drawing from the Federal Trade Commission's (FTC) latest Identity Theft Awareness Week insights, I'll walk you through expert-backed strategies to shield your most valuable asset: your identity.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

With so much of our lives having moved online, identity thieves are having an easier time than ever. Your most important accounts – banking, credit, Social Security – are all digital. Thieves don’t need to know much about you to steal your identity, just a few pieces of personal information can be enough. According to the Bureau of Justice Statistics, 24 million Americans reported identity theft in the past 12 months. In their lifetime, 1 in 3 Americans (more than 110 million people) have experienced identity theft. Here’s the part many people don’t realize: You might have already been a target. Maybe your identity was stolen, and the thieves failed, or maybe your good online habits saved you without you even knowing, which brings us to the next lesson: prevention.

THINK YOU'RE SAFE? IDENTITY THEFT COULD WIPE OUT YOUR ENTIRE LIFE’S SAVINGS

You don’t need to spend a fortune to guard against identity theft. While professional services can be helpful, most of what you need comes down to better habits and awareness. Here are some simple steps you can take today:

1) Check your accounts regularly: Review your bank, credit card and Social Security accounts for transactions you didn’t make, failed login attempts and password reset requests you didn’t initiate.

2) Keep an eye on your mail: Look for letters regarding accounts you didn’t open, notices of data breaches and transaction summaries that don’t match your records.

3) Monitor your email inbox: Be alert for password reset emails you didn’t request, confirmation of new accounts you didn’t open, receipts for purchases you didn’t make.

4) Use two-factor authentication (2FA): 2FA adds extra layers of security to your accounts. Even if a thief has your password, they won’t be able to log in without a second step, like a code sent via text message or app-based verification. While logging in might take an extra moment, it’s worth it; 2FA dramatically increases account security.

5) Check your credit report annually: Visit AnnualCreditReport.com to get your free credit report once a year. Use it to spot suspicious activity early. If you see something unusual, take action right away.

6) Use strong passwords: Use complex passwords and a password manager to secure your online accounts. Strong passwords are your first line of defense against cyber threats.

7) Stop oversharing: Limit the personal information you share on social media and other platforms. It’s a treasure trove for cybercriminals who use it to craft convincing fraud campaigns targeted specifically at you.

10 SIGNS YOUR IDENTITY HAS BEEN COMPROMISED

Nearly half of Americans don’t know how to respond if they fall victim to identity theft. Acting quickly can make a huge difference. Here’s what to do:

1) Contact the affected institution: Contact the company immediately if you notice something unusual, like a suspicious charge or an unfamiliar account. They’ll guide you through securing your account.

2) Change your passwords: Update the password for the affected account and any others using the same credentials. Use strong, unique passwords for each account to avoid further risks.

3) Report the theft to the FTC: Visit IdentityTheft.gov to report identity theft and get personalized recovery steps.

4) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Data breaches often start with personal information that’s readily available online. People search sites and data brokers collect and sell this information, including your name, address, phone number and more. Can you get your data removed? Yes, but it’s tricky. These companies don’t make it easy, and managing removal requests for hundreds of sites can be overwhelming. 

Instead, consider using a personal data removal service. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

CELLPHONE NIGHTMARE LEADS TO PORTED NUMBERS, IDENTITY THEFT, FIGHT FOR RECOVERY

Look, identity theft is scary, but you're not helpless. By staying smart and proactive, you can dramatically reduce your risks. Think of protecting your identity like locking your front door: It's just good common sense in today's digital world. At the end of the day, a little awareness goes a long way, and you've already taken the first step by reading this article. Now, take what you've learned and apply it to keep you safe from cybercriminals.

What situation have you found yourself in where you felt vulnerable to identity theft or needed help protecting your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

In an alarming development, cybercriminals have devised a new method to circumvent Apple's built-in phishing protection for iMessage, potentially exposing you to malicious links and scams. This sophisticated tactic exploits a security feature designed to protect you, turning it into a vulnerability that could lead to significant personal and financial risks.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Apple's iMessage automatically disables links in messages from unknown senders as a security measure. However, cybercriminals have found a way to exploit this protection. By instructing you to reply to the message, often with a simple "Y," the attackers can re-enable previously disabled links. This seemingly innocuous action not only activates the links but also signals to the scammers that they've found an engaged target for future attacks.

HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

Apple defines social engineering as a targeted attack that employs impersonation, deception, and manipulation to gain access to personal data. Scammers often pose as representatives of trusted companies, using sophisticated tactics to persuade individuals to disclose sensitive information, such as passwords and financial details. Here are some of those sneaky tactics:

The messages typically end with instructions like: "(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari)."

THE ONE SIMPLE TRICK TO HELP KEEP OUT CYBER CREEPS ON IPHONE

This new tactic is part of a broader trend of smishing (SMS phishing) attacks targeting mobile users. With the increasing reliance on smartphones for various activities, including financial transactions and personal communications, these attacks pose a significant threat to users' security and privacy.

DOES MY IPHONE NEED ANTIVIRUS PROTECTION?

To safeguard against these sophisticated phishing attempts, consider the following steps.

1) Never reply to suspicious messages: Avoid responding to texts from unknown senders, especially those asking you to reply to activate links. Additionally, make sure to delete suspicious text messages and block the sender to prevent further attempts. Since the sender is not in your contact list, you can click Report Junk at the bottom of the text. Then click Delete and Report Junk. This will report the conversation as junk by sending it to your wireless carrier and Apple using your phone number.

2) Verify sender identity: Contact organizations directly through official channels if you're unsure about a message's legitimacy.

3) Be skeptical of urgency: Scammers often use urgent language to prompt quick, thoughtless actions.

4) Enable message filtering: Use your device's built-in filtering options to sort messages from unknown senders. Here are the steps:

This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently.

5) Use two-factor authentication (2FA): 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.

6) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

7) Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to obtain your contact information, potentially preventing them from sending you these deceptive iMessage phishing texts in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

If you suspect you've fallen victim to a smishing attack:

One of the best parts of some identity theft protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

This latest trick targeting iMessage users serves as a reminder that even seemingly secure systems can be vulnerable to social engineering. By remaining cautious and following best practices for digital security, you can significantly reduce your risk of falling victim to these sophisticated phishing attempts.

What other cybersecurity challenges have you encountered with your mobile devices, and what questions do you have for us? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

If your healthcare data hasn't been breached in 2024, then you either don't know it yet or should consider yourself very lucky. 

That's because 2024 was a nightmare year for healthcare institutions and patients in the U.S. A total of 184,111,469 records were breached. That's 53% of the 2024 population of the United States. 

This staggering figure represents a significant increase from previous years, setting a new and alarming record in healthcare data breaches. 

The healthcare sector faced unprecedented challenges in cybersecurity, with attacks becoming more frequent, sophisticated and damaging than ever before.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Being admitted to a hospital is stressful enough. It caused additional stress for the 100 million clients of Change Healthcare, whose data was exposed following a breach orchestrated by the BlackCat ransomware group. Not only did the breach expose sensitive health information, but it also caused widespread disruptions in claims processing. Patients and providers across the country faced chaos as the breach impacted their ability to access and pay for healthcare services.

The second significant breach occurred at Kaiser Foundation Health Plan, where the personal data of 13.4 million individuals was compromised. This breach involved unauthorized access and the use of tracking technologies that transmitted user interactions to third parties. 

HACKERS CLAIM MASSIVE BREACH OF COMPANY THAT TRACKS AND SELLS AMERICANS' LOCATION DATA

You’ll receive a notification letter, although be aware that it may take months before it reaches you (as was the case for victims of the Ascension Health data breach). The consequences are real and can be very painful. Medical identity theft directly affects patients' health and safety. It happens when criminals use stolen personal health information to obtain medical services or medications under another person’s name. It can result in incorrect medical records being created that can include inaccurate diagnoses, allergies or treatments. 

And as you may have guessed, it can also result in financial repercussions, such as patients getting fraudulent claims and bills for services they did not receive. Resolving these issues with insurers and healthcare providers takes time and mental strength. And you’re probably not in a hurry to see your breached healthcare provider ever again. That’s normal. A study has shown that up to 54% of patients consider switching providers after a data breach.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

ARE DATA BROKERS ENDANGERING YOUR RETIREMENT SECURITY?

Sensitive health information can easily be combined with personal identifiers from data brokers, creating comprehensive profiles that criminals can exploit. As a reminder, data brokers are companies that specialize in collecting, processing and selling personal information from various sources, including public records, online activities and social media. 

They aggregate this data to create detailed consumer profiles that can be sold to marketers, insurance companies and other entities for various purposes. The more detailed the profile, the higher the chance of identity theft and potential discrimination in employment and insurance. Employers might make hiring decisions based on perceived health risks, while insurers could deny coverage or increase premiums.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

You can’t prevent a data breach, but you can minimize its consequences by reducing your digital footprint overall.

1. Set your social media to private: Restrict access to your personal information and limit what strangers can see about your life and potentially your health status. Ensure your privacy settings are robust and regularly updated to prevent unauthorized data collection.

2. Remove your personal data from data brokers’ databases: Either by searching for your name on people search sites and requesting removals, one by one, or by using a data removal service. Data removal services automate data removal for you and let you track where exactly your data has been found and whether it was removed, not only on people search sites, which are public data brokers, but also on hidden, private databases where you can’t look yourself up (and these are the worst).

Once your data is removed, data removal services monitor data brokers for your data and remove it again as needed (because it has a tendency to be re-listed after a while). This way, you prevent data broker companies from compiling a full profile on you and selling it to the first bidder, whether that’s a hacker, a marketing agency or an insurance company. Check out my top picks for data removal services here.

3. Delete all unused apps on your phone: Unused applications can be hidden gateways for data leakage and potential security vulnerabilities. Regularly audit and remove apps that you no longer use or need.

4. Check the permissions of the ones you want to keep: Review each app's access to your personal data, location and device features to ensure you're not inadvertently sharing more information than necessary. Be particularly cautious with health and fitness tracking applications.

5. Use a VPN (virtual private network) when browsing: Encrypt your online activities and mask your digital location to add an extra layer of anonymity and protection. A reliable VPN can help shield your personal information from potential interceptors and data miners. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

The reality of healthcare data breaches is daunting, but it’s not entirely out of your control. While you can’t prevent breaches from happening, you can take steps to minimize the risks and protect your personal information. Think of it as adding locks to your digital doors: set your social media to private, use a VPN and clean up unused apps. Remember, the less information you leave out there, the harder it is for bad actors to exploit it. Stay vigilant and don’t let your data become someone else’s advantage.

How do you feel about the growing risks to your personal information, and what steps have you taken to protect your data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Robocalls can be a real headache, no matter what type of phone you use. If you’re like many people who prefer the simplicity of a flip phone, you might be wondering how to tackle this issue. 

Donna reached out to us with a simple but great question, asking, "Is there a way to eliminate robocalls from a flip phone?"

We've reported extensively on how to stop spam calls from coming to your smartphone, but what if you don't like using a smartphone and prefer a flip phone? While flip phones are generally harder to block spam calls from, it's not impossible, but it's not as easy as dealing with robocalls on your smartphone.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Dealing with robocalls on a flip phone can be challenging, but you can take a few steps to minimize them. You'll have to make some phone calls, so it won't be as simple as blocking spam callers on a smartphone. But if you're willing to place a few phone calls and do some extra work, you can live happily without spam calls on your flip phone. Here are the steps you can take:

1. Avoid answering unknown numbers: If you don’t recognize the number, let it go to voicemail. Legitimate callers will leave a message.

2. Be cautious with your number: Be mindful of where you share your phone number to reduce the chances of it being added to robocall lists.

3. Register on the Do Not Call List: Register your phone number on the National Do Not Call Registry. This can help reduce the number of legitimate telemarketing calls you receive. You can register a phone number with the National Do Not Call Registry online at donotcall.gov or by calling 1-888-382-1222 from the phone you want to be registered with the Do Not Call Registry.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

AN ALARMING SPIKE IN SCAM CALLS COMING FROM ROBOCALLS

4. Contact your carrier: Many carriers offer call-blocking services. Contact your carrier (e.g., Verizon, AT&T, T-Mobile) and ask if they provide robocall-blocking features for flip phones. Many carriers do, but it depends on the brand of flip phone you have and which carrier you have.

5. Manual call blocking: If your flip phone has the option, you can manually block specific numbers. Check your phone’s user manual for instructions on how to do this. While this feature is common with all smartphones, many newer flip phones can also manually block callers, but, as we mentioned, you'll need to check your instruction manual.

END OF ANNOYING ROBOCALLS? FTC CRACKS DOWN ON DECEPTIVE PRACTICES

6. Report robocalls to the FTC: Report unwanted calls to the Federal Trade Commission (FTC). This helps authorities track and take action against robocalls. While this method doesn't block robocalls from calling your flip phone, it does help the FTC locate robocalls and prevent them from calling. It's a good way to help the FTC fight back against robo-spam callers. Here's what you need to do to report a robocall to the FTC:

7. Consider using a data removal service: Regrettably, there is a high probability that your phone number is readily available on many lists sold by data brokers to hundreds of people search websites.  However, removing it from the web can reduce the likelihood of spammers and telemarketers obtaining your number and contacting you.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

Robocalls can be a real nuisance, especially for flip phone users. To tackle this issue, consider registering your number on the National Do Not Call List and avoid answering unknown numbers. Additionally, check with your carrier for any call-blocking services it may offer. With a few proactive steps, you can significantly reduce those pesky interruptions.

What do you find most frustrating about robocalls, and how do you typically handle them? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter 

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

Apple’s Macs are generally considered more secure than Windows PCs, but they are not immune to hackers. Numerous incidents demonstrate that Macs are not impenetrable, and a new one has recently been added to the list. Security researchers have discovered a new variant of stealer malware that targets browser credentials, cryptocurrency wallets and other personal data. I reported on this malware in 2024 as well. Previously, it relied on macOS browser extensions to steal data. Now, it uses phishing websites and fake GitHub repositories to target Macs, which have a user base of 100 million people.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Cybersecurity company Check Point has discovered a new variant of info-stealer malware, BanShee. Elastic Security Labs first highlighted this malware in mid-2024, noting that it operates as malware-as-a-service, a business model in which cybercriminals provide access to malicious software and related infrastructure for a fee. At that time, it was available for as much as $3,000 per month.

Check Point says this malware evolved in September after being exposed. This time, its developers had "stolen" a string encryption algorithm from Apple’s own XProtect antivirus engine, which replaced the plain text strings used in the original version. Since antivirus programs expect to see this kind of encryption from Apple’s legitimate security tools, they weren’t flagged as suspicious, allowing the BanShee to remain undetected and quietly steal data from targeted devices.

4.3 MILLION AMERICANS EXPOSED IN MASSIVE HEALTH SAVINGS ACCOUNT DATA BREACH

BanShee Stealer is a prime example of how advanced malware has become. Once it’s on a system, it gets straight to work stealing all kinds of sensitive information. It goes after data from browsers like Chrome, Brave, Edge and Vivaldi, as well as cryptocurrency wallet extensions. It even takes advantage of two-factor authentication (2FA) extensions to grab credentials. On top of that, it collects details about the device’s software and hardware, as well as the external IP address.

The Mac malware also tricks users with fake pop-ups that look like real system prompts, tricking victims into entering their macOS passwords. Once it has gathered the stolen information, BanShee exfiltrates it to command-and-control servers, using encrypted and encoded files to ensure the data remains secure.

The malware’s creators used GitHub repositories to spread BanShee. They set up fake repositories that looked like they hosted popular software, complete with stars and reviews, to seem trustworthy. These campaigns didn’t just target macOS users with BanShee. They also hit Windows users with a different malware called Lumma Stealer. Over three waves, the attackers used these fake repositories to trick people into downloading their malicious files.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Follow these essential tips to safeguard your Mac from the latest malware threats, including the notorious BanShee Stealer.

1) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Be cautious with downloads and links: Only download software from reputable sources such as the Mac App Store or official websites of trusted developers. Be wary of unsolicited emails or messages prompting you to download or install updates, especially if they contain links. Phishing attempts often disguise themselves as legitimate update notifications or urgent messages.

3) Keep your software updated: Ensure that both macOS and all installed applications are up to date. Apple frequently releases security patches and updates that address vulnerabilities. Enable automatic updates for macOS and your apps to stay protected without having to manually check for updates. If you need more help, see my guide on keeping all your devices updated.

4) Use strong and unique passwords: To protect your Mac from malware, it’s also crucial to use strong, unique passwords for all your accounts and devices. Avoid reusing passwords across different sites or services. A password manager can be incredibly helpful here; it generates and stores complex passwords for you, making them difficult for hackers to crack.

It also keeps track of all your passwords in one place and automatically fills them in when you log into accounts, so you don’t have to remember them yourself. By reducing the number of passwords you need to recall, you’re less likely to reuse them, which lowers the risk of security breaches. Get more details about my best expert-reviewed password managers of 2025 here.

5) Use two-factor authentication (2FA): Enable 2FA for your important accounts, including your Apple ID, email and any financial services. This adds an extra step to the login process, making it harder for attackers to gain access even if they have your password.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

No device is immune to cyberattacks when a human operator is involved. Take the BanShee Stealer, for example. It managed to target Macs not due to weak cybersecurity measures by Apple but because it successfully tricked users into installing it and granting the required permissions. Most breaches, hacks and other cyberattacks stem from human error. This highlights the importance of maintaining basic cybersecurity hygiene. It's crucial to know what you’re downloading, ensure it’s from a trusted source and carefully review the permissions you grant to any online service or application.

When downloading new software, how do you determine if it’s safe to install? Do you rely on app store ratings, reviews or something else? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

When we talk about data privacy, tech giants like Google and Facebook are often blamed for using personal data to show ads and recommendations. Less discussed are the businesses whose entire business model revolves around collecting your data and selling it to other companies and governments. These companies often operate in legal gray areas, with the consent required to collect user data buried deep in the fine print.

What’s even more concerning is that these data brokers fail to adequately protect the data they collect. Last year, National Public Data made headlines for failing to secure 2.7 billion records of individuals whose data it had harvested. Now, hackers have reportedly stolen data from Gravy Analytics, the parent company of Venntel, which has sold vast amounts of smartphone location data to the U.S. government.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Hackers claim to have breached Gravy Analytics, a major location data broker and parent company of Venntel, a firm known for selling smartphone location data to U.S. government agencies. The compromise is massive, including sensitive location data that tracks precise smartphone movements, customer information and even internal infrastructure, according to a 404 Media report.

The hackers are threatening to make the stolen data public. The files contain precise latitude and longitude coordinates of the phone and the time at which the phone was there. Some even indicate what country the data has been collected from.

Hackers have claimed access to Gravy's systems since 2018. If true, this represents a serious security lapse on the company’s part. It is baffling how companies that collect and sell user data (a practice that arguably shouldn’t be allowed in the first place) failed to protect it from being leaked.

404 Media also suggests that the hackers gained deep access to the company’s infrastructure, including Amazon S3 buckets and server root access. The exposed customer list reportedly includes major companies like Uber, Apple and Equifax as well as government contractors like Babel Street.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

This data breach highlights the serious security flaws in the location data industry. Companies like Gravy Analytics and Venntel have been profiting from collecting and selling sensitive location data, often without proper user consent. They've prioritized profit over security, and now the privacy of millions is at risk. This data could end up on black markets, endangering individuals, especially those in vulnerable situations, by making them targets for harassment or worse.

The FTC's recent crackdown on Gravy, announced in December, underscores their negligence. The proposed order will prohibit these companies from selling or using location data, except in specific cases like national security or law enforcement. The implications are worrying. Sensitive locations like schools and workplaces could become easy targets for those with malicious intent.

BEWARE OF ENCRYPTED PDFs AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

The Gravy Analytics breach serves as a sobering reminder of the vulnerabilities in the digital age. While it’s impossible to control how every company handles data, you can take steps to minimize your exposure and protect your privacy. Here are five actionable tips to stay safe.

1) Limit app permissions: Many apps request access to location data, contacts and more, even when it's not necessary for their functionality. Regularly review the permissions for apps on your smartphone and revoke access to anything that feels excessive. For instance, a weather app doesn’t need access to your microphone or camera.

2) Use a VPN: Virtual private networks (VPNs) can mask your IP address and encrypt your internet activity, making it harder for data brokers and hackers to track your online behavior. A good VPN adds an extra layer of security, especially when using public Wi-Fi networks. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

3) Opt out of data sharing where possible: Some companies allow you to opt out of having your data collected or shared. Services like Your Ad Choices and privacy settings within platforms like Google can help you reduce the amount of data collected. Check for opt-out options with any apps or services you use frequently.

4) Avoid free apps that monetize data: Free apps often generate revenue by selling user data. Instead, consider paid versions of apps that explicitly prioritize privacy. Research the company behind the app to understand its data handling policies before downloading.

5) Invest in data removal services: Data removal services can help you regain some control over your personal information by identifying and removing it from people-search websites, data broker platforms and other online databases. Check out my top picks for data removal services here.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Companies that collect and sell user data pose a significant threat to privacy, and when they fail to protect this data, it often ends up in the hands of even worse actors. Cybercriminals, and even some governments, can exploit this information to target individuals. It is crucial to implement stringent repercussions for these companies when they fail in their duty to safeguard user data. A mere slap on the wrist is not enough. We need real accountability to deter negligence and protect individual privacy rights.

Should companies face stronger penalties for failing to protect personal data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

German automaker Volkswagen isn't having a great time. The company is planning to cut capacity at five factories, reducing production by about 700,000 vehicles, while also laying off more than 35,000 workers in its home country. Now, reports suggest the company had a massive data leak at its subsidiary software company Cariad, which exposed personal data, including geolocation data, of around 800,000 EV owners online and accessible for months. Such information could be valuable to criminals for extortion purposes. What's interesting is that a hacker association informed the company about this data leak after receiving a tip from an anonymous hacker.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

As reported by Germany’s Der Spiegel magazine, Volkswagen is facing a major data security issue after movement data from 800,000 electric cars and the personal contact information of their owners were left exposed on the internet. This data revealed sensitive details, such as the precise locations where cars were parked, including private locations like people’s homes, government buildings and even questionable spots like brothels.

The exposed data includes detailed movement patterns of these vehicles, allowing for the creation of comprehensive profiles of individuals' daily activities. This could be particularly concerning for public figures or anyone with privacy concerns.

Several car brands under the Volkswagen group, including VW, Audi, Seat and Skoda, were affected by the breach, which exposed sensitive data across multiple countries. The information was stored on Amazon cloud servers without adequate protection, leaving it vulnerable for months before the issue was discovered.

For around 466,000 of the 800,000 affected vehicles, the location data was detailed enough to map out drivers’ daily routines. Spiegel reported that the list of affected users included German politicians, business leaders, the entire EV fleet used by Hamburg police and even suspected intelligence agents.

The breach came to light when an anonymous hacker tipped off the Chaos Computer Club. While Volkswagen left the data easily accessible during this time, there is no indication so far that anyone misused or accessed it maliciously.

We reached out to Volkswagen for comment but did not hear back by our deadline.

THE AI-POWERED GRANDMA TAKING ON SCAMMERS

The Volkswagen data leak is more than just a tech issue. It is a real concern for anyone who values their privacy. With precise location data out in the open, someone could figure out where you live, work or spend your free time. This information could be misused in many ways, from targeted scams where hackers pretend to be Volkswagen or its partners to trick you into giving up sensitive information, to more personal threats like stalking or harassment.

Imagine someone knowing your daily routine or identifying places you visit that you would prefer to keep private. Visits to clinics, legal offices or other sensitive locations could expose you to embarrassment or blackmail. 

The breach also raises concerns for business leaders, government officials and military personnel as their movements linked to high-security or restricted areas could be exposed, increasing the risk of corporate espionage or national security threats. Moreover, when paired with other vulnerabilities, such as app credentials, hackers could potentially exploit the data to unlock or even control vehicles remotely.

THE ONE SIMPLE TRICK TO HELP KEEP OUT CYBER CREEPS ON IPHONE

In light of the recent Volkswagen data breach, it is crucial to take proactive measures to safeguard your personal data. Here are 6 ways you can stay safe after this leak:

1) Check your app settings: Review the permissions and data-sharing settings in your car's companion app. Disable features that track or share your location if they are not essential for your use. Regularly update the app to ensure you have the latest security patches.

2) Be alert to scams: Keep an eye out for suspicious emails, messages or calls pretending to be from Volkswagen or related services. Avoid clicking on links or sharing sensitive information without verifying the sender.

3) Consider data opt-out options: Many vehicles with online features allow you to limit or disable certain data-sharing functionalities. Check your car’s settings to reduce the amount of personal data being collected.

4) Strengthen your online accounts: If you use the same email or password across multiple accounts, update them immediately. Enable two-factor authentication wherever possible to add an extra layer of security to your accounts.

5) Beware of snail mail scams: While most people focus on digital threats, physical mail scams can also follow a data breach like this. If your contact information was exposed, you might receive fraudulent letters pretending to be from Volkswagen or related services. These could ask for payments, personal details or even encourage you to visit fake websites.

6) Install strong antivirus software: Ensure that you have strong antivirus software installed on all your devices, especially those connected to your vehicle or its apps. This can help protect you from malicious links that install malware, potentially accessing your private information. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

30% OF AMERICANS OVER 65 WANT TO BE REMOVED FROM THE WEB. HERE’S WHY

The Volkswagen data leak is a glaring example of how companies need to take user data security more seriously. Exposing personal details and precise locations is not just a technical mistake. It is a massive breach of trust. While VW has patched the issue, the damage shows how important it is for businesses to be more responsible with the data they collect. People deserve to know their information is safe and used only when necessary. If companies cannot protect their customers’ privacy, they risk losing their confidence altogether. It is time for the industry to step up and do better.

Do you think stricter regulations should be in place for companies that handle user data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

With our lives so intertwined with digital communication these days, the threat of email fraud is something we all need to take seriously. Recently, Teresa W. shared a scary experience that underscores the dangers of business email compromise (BEC).

"I almost lost many thousands of dollars through an internet fraud scam. I got a call from our personal banker who said she saw nearly all the money in our business account being withdrawn. She said she got an email from me along with the money wiring directions. I told her I didn't send that and she said my email came from me directly to her. I said to stop everything and I will get to the bottom of it.

"Apparently the thieves got hold of a wiring instruction paper from my email, which they hacked into. They created a rule in Outlook to bypass me if anything came from them and go straight to the banker. They changed the wiring instructions to go into their account but thank goodness our banker alerted me so I could get to the bottom of it. Too close for comfort!"

This incident highlights a sophisticated scam where cybercriminals gain access to legitimate email accounts and use them to deceive others into transferring funds. Teresa’s quick action, combined with her banker's vigilance, prevented a significant financial loss, but it serves as a wake-up call for many businesses.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Business email compromise (BEC) is a form of cybercrime that targets companies engaged in wire transfer payments and other financial transactions. The FBI reports that BEC scams have caused billions in losses globally. These scams exploit human psychology rather than technical vulnerabilities, making them particularly insidious.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

Email hacking: Scammers often gain access to email accounts through phishing attacks, where they trick users into revealing their login credentials or by deploying malware that captures sensitive information.

Email rule creation: Once inside the account, scammers can create rules in email clients like Outlook that redirect or hide specific emails. This means that any communication related to fraudulent activities may go unnoticed by the victim.

Impersonation: The scammer impersonates the victim and sends emails to contacts, such as banks or vendors, requesting urgent wire transfers or sensitive information.

Execution: The scammer provides convincing details and urgency in their requests, making it appear as though the email is genuinely from the victim. They may use specific language or references only known to the victim and their contacts.

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

The consequences of BEC scams can be devastating for businesses. In addition to direct financial losses, companies may face reputational damage, loss of customer trust and potential legal ramifications. For small businesses like Teresa's, which may not have extensive cybersecurity measures in place, the impact can be particularly severe.

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

To combat BEC and similar scams, businesses must adopt a proactive approach to cybersecurity.

1) Have strong antivirus software: Use reputable, up-to-date, strong antivirus software to check your system. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Use strong passwords: Ensure passwords are complex (a mix of letters, numbers and symbols) and unique for each account. Make sure to create strong, unique passwords. Consider using a password manager to generate and store complex passwords.

3) Enable two-factor authentication: Where possible, enable multifactor authentication. This adds an extra layer of security to your accounts.

4) Monitor your accounts: Keep an eye on your financial accounts, email accounts and social media for any unusual activity. If you think scammers have stolen your identity, consider identity theft protection here.

Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

5) Invest in personal data removal services: Using a data removal service can be an effective additional step to protect your personal information after a potential BEC scam. These services locate and remove your information from various online platforms, databases and data brokers. By eliminating unnecessary or outdated information, data removal services minimize your online presence, making it harder for scammers to find and exploit your data.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

6) Regularly update security questions: Change security questions and answers periodically to enhance protection.

7) Regularly review email rules: Check for unauthorized changes in email settings that could indicate compromise.

8) Disable auto-forwarding: Unless absolutely necessary, turn off auto-forwarding features to prevent sensitive information from being sent elsewhere without your knowledge.

9) Verify requests: Always verify any financial requests through a secondary communication method (e.g., a phone call) before proceeding with transactions.

10) Limit access: Restrict access to financial information and transactions only to those who need it within your organization.

11) Contact professionals: If you’re unsure about any steps or if the situation seems severe, consider reaching out to a professional IT service.

12) Report the incident: Report the scam to your local authorities and the Federal Trade Commission in the U.S.

13) Create alias email addresses: My top recommendation to avoid being inundated with spam emails is to use an alias email address. An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address.

In addition to creating throwaway email accounts for online sign-ups and other circumstances where you would not want to disclose your primary email address, alias email addresses are helpful for handling and organizing incoming communications.

Sometimes, it's best to create various email aliases so that you don't have to worry about getting tons of spam mail and having your email eventually stolen in a data breach. An alias email address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address. See my review of the best secure and private email services here.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

The story shared by Teresa W. serves as a crucial reminder of the vulnerabilities inherent in our digital communications. The rise of BEC scams not only threatens financial security but also erodes trust in electronic transactions. By implementing robust security measures and maintaining vigilance at all levels of an organization, individuals and businesses can protect themselves from these insidious attacks.

What additional measures do you think businesses and government agencies should implement to effectively combat the rising threat of email scams? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

The FBI is issuing a warning that criminals are increasingly using generative AI technologies, particularly deepfakes, to exploit unsuspecting individuals. This alert serves as a reminder of the growing sophistication and accessibility of these technologies and the urgent need for vigilance in protecting ourselves from potential scams. Let’s explore what deepfakes are, how they’re being used by criminals and what steps you can take to safeguard your personal information.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Deepfakes refer to AI-generated content that can convincingly mimic real people, including their voices, images and videos. Criminals are using these techniques to impersonate individuals, often in crisis situations. For instance, they might generate audio clips that sound like a loved one asking for urgent financial assistance or even create real-time video calls that appear to involve company executives or law enforcement officials. The FBI has identified 17 common techniques used by criminals to create these deceptive materials.

THE AI-POWERED GRANDMA TAKING ON SCAMMERS

The FBI has identified 17 common techniques that criminals are using to exploit generative AI technologies, particularly deepfakes, for fraudulent activities. Here is a comprehensive list of these techniques.

1) Voice cloning: Generating audio clips that mimic the voice of a family member or other trusted individuals to manipulate victims.

2) Real-time video calls: Creating fake video interactions that appear to involve authority figures, such as law enforcement or corporate executives.

3) Social engineering: Utilizing emotional appeals to manipulate victims into revealing personal information or transferring funds.

4) AI-generated text: Crafting realistic written messages for phishing attacks and social engineering schemes, making them appear credible.

5) AI-generated images: Using synthetic images to create believable profiles on social media or fraudulent websites.

6) AI-generated videos: Producing convincing videos that can be used in scams, including investment frauds or impersonation schemes.

7) Creating fake social media profiles: Establishing fraudulent accounts that use AI-generated content to deceive others.

8) Phishing emails: Sending emails that appear legitimate but are crafted using AI to trick recipients into providing sensitive information.

9) Impersonation of public figures: Using deepfake technology to create videos or audio clips that mimic well-known personalities for scams.

10) Fake identification documents: Generating fraudulent IDs, such as driver’s licenses or credentials, for identity fraud and impersonation.

11) Investment fraud schemes: Deploying AI-generated materials to convince victims to invest in non-existent opportunities.

12) Ransom demands: Impersonating loved ones in distress to solicit ransom payments from victims.

13) Manipulating voice recognition systems: Using cloned voices to bypass security measures that rely on voice authentication.

14) Fake charity appeals: Creating deepfake content that solicits donations under false pretenses, often during crises.

15) Business email compromise: Crafting emails that appear to come from executives or trusted contacts to authorize fraudulent transactions.

16) Creating misinformation campaigns: Utilizing deepfake videos as part of broader disinformation efforts, particularly around significant events like elections.

17) Exploiting crisis situations: Generating urgent requests for help or money during emergencies, leveraging emotional manipulation.

These tactics highlight the increasing sophistication of fraud schemes facilitated by generative AI and the importance of vigilance in protecting personal information.

FCC NAMES ITS FIRST-EVER AI SCAMMER IN THREAT ALERT

Implementing the following strategies can enhance your security and awareness against deepfake-related fraud.

1) Limit your online presence: Reduce the amount of personal information, especially high-quality images and videos, available on social media by adjusting privacy settings.

2) Invest in personal data removal services: The less information is out there, the harder it is for someone to create a deepfake of you. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

3) Avoid sharing sensitive information: Never disclose personal details or financial information to strangers online or over the phone.

4) Stay vigilant with new connections: Be cautious when accepting new friends or connections on social media; verify their authenticity before engaging.

5) Check privacy settings on social media: Ensure that your profiles are set to private and that you only accept friend requests from trusted individuals. Here's how to switch any social media accounts, including Facebook, Instagram, Twitter and any others you may use, to private.

6) Use two-factor authentication (2FA): Implement 2FA on your accounts to add an extra layer of security against unauthorized access.

7) Verify callers: If you receive a suspicious call, hang up and independently verify the caller's identity by contacting their organization through official channels.

8) Watermark your media: When sharing photos or videos online, consider using digital watermarks to deter unauthorized use.

9) Monitor your accounts regularly: Keep an eye on your financial and online accounts for any unusual activity that could indicate fraud.

10) Use strong and unique passwords: Employ different passwords for various accounts to prevent a single breach from compromising multiple services. Consider using a password manager to generate and store complex passwords.

11) Regularly backup your data: Maintain backups of important data to protect against ransomware attacks and ensure recovery in case of data loss.

12) Create a secret verification phrase: Establish a unique word or phrase with family and friends to verify identities during unexpected communications.

13) Be aware of visual imperfections: Look for subtle flaws in images or videos, such as distorted features or unnatural movements, which may indicate manipulation.

14) Listen for anomalies in voice: Pay attention to the tone, pitch and choice of words in audio clips. AI-generated voices may sound unnatural or robotic.

15) Don't click on links or download attachments from suspicious sources: Be cautious when receiving emails, direct messages, texts, phone calls or other digital communications if the source is unknown. This is especially true if the message is demanding that you act fast, such as claiming your computer has been hacked or that you have won a prize. Deepfake creators attempt to manipulate your emotions, so you download malware or share personal information. Always think before you click.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

16) Be cautious with money transfers: Do not send money, gift cards or cryptocurrencies to people you do not know or have met only online or over the phone.

17) Report suspicious activity: If you suspect that you have been targeted by scammers or have fallen victim to a fraud scheme, report it to the FBI’s Internet Crime Complaint Center. 

By following these tips, individuals can better protect themselves from the risks associated with deepfake technology and related scams.

30% OF AMERICANS OVER 65 WANT TO BE REMOVED FROM THE WEB. HERE’S WHY

The increasing use of generative AI technologies, particularly deepfakes, by criminals highlights a pressing need for awareness and caution. As the FBI warns, these sophisticated tools enable fraudsters to impersonate individuals convincingly, making scams harder to detect and more believable than ever. It's crucial for everyone to understand the tactics employed by these criminals and to take proactive steps to protect their personal information. By staying informed about the risks and implementing security measures, such as verifying identities and limiting online exposure, we can better safeguard ourselves against these emerging threats.

In what ways do you think businesses and governments should respond to the growing threat of AI-powered fraud? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Your web browser is an ecosystem of its own. It stores your passwords, search history, financial details like credit card numbers, addresses and more. Just like how malicious apps and services can compromise data on your phone or PC, malicious extensions can expose the data stored in your browser. 

There are a ton of extensions out there that do more harm than good. In fact, security researchers have just found a dangerous new campaign that is going after browser extensions. So far, around 36 extensions have been compromised, putting over 2.6 million Chrome users at risk of having their browsing data and account credentials exposed.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Hackers are exploiting browser extensions as a gateway to steal sensitive user data through a variety of methods. These compromised extensions are exposing over 2.6 million users to data exposure and credential theft, as reported by The Hacker News. 

One common attack involves phishing campaigns targeting the publishers of legitimate extensions on platforms like the Chrome Web Store. In these campaigns, attackers trick developers into granting permissions to malicious applications, which then insert harmful code into popular extensions. This code can steal cookies, access tokens and other user data.

The first company to shed light on the campaign was cybersecurity firm Cyberhaven, one of whose employees were targeted by a phishing attack on December 24, allowing the threat actors to publish a malicious version of the extension.

Once these malicious extensions are published and pass the Chrome Web Store's security review, they are made available to millions of users, putting them at risk of data theft. Attackers can use these extensions to exfiltrate browsing data, monitor user activity and even bypass security measures such as two-factor authentication.

In some cases, developers themselves may unknowingly include data-gathering code as part of a monetization software development kit, which stealthily exfiltrates detailed browsing data. This makes it difficult to determine whether a compromise is the result of a hacking campaign or an intentional inclusion by the developer.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

The browser extension security platform Secure Annex has launched its own investigation into this hacking campaign. So far, it has uncovered over twenty additional compromised extensions, which are listed below. If you have any of the compromised extensions listed in Secure Annex's investigation installed on your browser, it’s essential to remove them immediately to protect your data.

Keeping these extensions installed is a serious risk since hackers can still access your data even if the malicious version has been taken down from the Chrome Web Store. Secure Annex is still investigating and has shared a public Google Sheet with details about the malicious extensions it has found so far, like whether they’ve been updated or removed. They’re also adding new extensions to the list as they discover them.

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

If you have installed one of the above-mentioned extensions on your browser, remove it as soon as possible. To remove an extension from Google Chrome, follow these steps:

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

1) Verify emails and links before clicking: Many attacks begin with phishing emails that impersonate trusted entities like Google Chrome Web Store Developer Support. These emails often create a false sense of urgency, urging you to click on malicious links. Always verify the sender’s email address and avoid clicking on links without double-checking their authenticity. When in doubt, go directly to the official website rather than using a provided link.

2) Use strong antivirus software: Having strong antivirus software is an essential line of defense against malicious software. These tools can detect and block malicious code, even if it has been embedded in browser extensions. The best way to safeguard yourself from malicious links that install strong malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Limit extension permissions: Be cautious about the permissions you grant to browser extensions. Many require access to sensitive data like browsing history, cookies or account information, but not all requests are necessary. Review what each extension asks for and deny permissions that seem excessive. If possible, opt for extensions with limited access to ensure your data remains protected.

4) Limit the number of extensions: Only install extensions that are genuinely needed and regularly review and uninstall those no longer in use.

5) Keep your browser updated: Always update your browser to the latest version. Updates often include critical security patches that protect against vulnerabilities exploited by malicious software. Using an outdated browser increases the risk of being targeted by attacks that could have been prevented with a simple update. Enable automatic updates to ensure you’re always protected. If you are unsure how to update your browser, check out my detailed guide for Google Chrome.

6) Regularly audit your extensions: Conduct periodic reviews of installed extensions and remove any that are unnecessary or pose potential security risks.

7) Report suspicious extensions: If you encounter a suspicious extension, report it to the official browser extension marketplace.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Hackers are getting smarter, and browser extensions have become a new favorite target for stealing sensitive data. The discovery of over 35 compromised Chrome extensions, putting 2.6 million users at risk, is a wake-up call for everyone. Removing suspicious extensions is an essential step to protect your data. This also puts Google’s Chrome Web Store review process under scrutiny, proving that even trusted platforms can be exploited. 

How often do you review and remove unused or suspicious browser extensions? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Privacy is a growing concern, especially regarding location tracking. Google has taken steps to enhance your control over location sharing on your Android, making it simpler for you to manage who can see your whereabouts. Let's dive into this new feature that Google is rolling out and how you can utilize it effectively. (iPhone users, follow these tips)

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Google has introduced a new "Google Location Sharing" toggle that is now integrated directly into the Android settings. This update eliminates the need to navigate through Google Maps to manage your Location Sharing preferences. The new feature is part of the latest updates to Google Play Services and is designed to simplify and enhance your control over location sharing.

Before you toggle this off, let’s take a moment to understand why you might want it on and what happens when you turn it off.

Imagine this: You’re meeting a friend in a busy city, and instead of sending a dozen texts back and forth, they can simply see your real-time location on Google Maps. That’s the power of location sharing. It allows you to share your exact position with specific contacts, along with useful details like your device’s battery level or your estimated arrival time if you’re navigating.

But when location sharing is off, your movements stay private. No one can track where you are, and your personal information is better protected from potential misuse. Apps and services lose access to your location data, which not only boosts your privacy but can also save battery life by cutting down on background tracking.

So, before deciding, think about what fits your needs best: staying connected or staying private.

BEST ANTIVIRUS FOR ANDROIDS - CYBERGUY PICKS 2025

The feature is primarily available on Android smartphones, including popular models from brands such as the Google Pixel series (e.g., Pixel 6, Pixel 7), Samsung Galaxy series (e.g., Galaxy S21, Galaxy S23) and other manufacturers that run stock or near-stock Android versions. Certain Android tablets that support the latest versions of the operating system may also have access to this feature. The Location Sharing toggle is part of recent updates to the Android OS, specifically through Google Play Services. You should ensure your devices are running at least Android 12 or later to access this functionality effectively.

BEST VPNs FOR ANDROIDS

Ready to upgrade? Here's how to do it, but first back up your device data (just in case):

Settings may vary depending on your Android phone’s manufacturer.

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA

Settings may vary depending on your Android phone’s manufacturer. 

This new feature not only simplifies turning off location sharing but also enhances privacy management by providing transparency about who can track you. You can now feel more secure knowing you have control over your shared information, which is particularly beneficial in situations where privacy is paramount.

Location sharing can be very useful for coordinating meetups, ensuring safety during travel or simply letting loved ones know you've arrived safely. Now, we have shown you how to disable location sharing, but here’s how you can share your real-time location with trusted contacts using Google Maps when Use Location is toggled on.

Remember that people you share your location with can always see:

They may also see other info depending on how you're sharing. Learn more about Location Sharing.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Google's new "Google Location Sharing" toggle, now integrated into Android settings, simplifies and enhances your control over location sharing. With this feature, Google is striking a balance between convenience and robust privacy management, making it a welcome improvement for Android users.

Have you ever had a situation where turning your location sharing on or off was crucial? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Apple AirTags can be a great way to outsmart car thieves, but there are some drawbacks to consider. A key limitation is that thieves who also have iPhones can usually detect a hidden AirTag in vehicles they are trying to steal. This makes hiding an AirTag tricky.

That’s why we were intrigued by Brian’s inquiry about using other ways to make Apple AirTags undetectable to car thieves or outsmarting them twice.

"If an AirTag is put in an RFID wallet and hidden in a car, can the AirTag be located by a thief using a locator? I know the AirTag will function in the wallet, but will it be undetectable by the thief?" — Brian, LaSalle, Illinois

Below are reasons why using an RFID wallet might end up leaving you outsmarted instead.

I’M GIVING AWAY THE LATEST AND GREATEST AIRPODS PRO 2

Some thieves use RFID readers, which use radio waves, to scan and read data such as credit cards in wallets. The function of RFID wallets and bags is to protect items or devices from these radio waves by blocking them.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Apple AirTags use different technology, so even if it was placed in an RFID-blocking wallet or bag, it could still be detected by a thief with an iPhone or locator. Unlike the radio waves used to scan for credit cards and other data, Apple AirTags use Bluetooth and Ultra-Wideband (UWB) technology. Neither technology can be shielded by RFID-blocking material because those materials cannot block Bluetooth and UWB signals.

DO EMF BLOCKERS REALLY PROTECT US?

Faraday bags, on the other hand, use electromagnetic shielding and can successfully block Apple AirTag signals, such as Bluetooth and Wi-Fi signals, from being detected by thieves. The only issue with putting an Apple AirTag in a Faraday bag to hide in your car is that if the car thief cannot read or locate the signal it emits, you cannot either.

While the Apple AirTag may go undetected when in a Faraday bag, you will likely not be able to use FindMy or any other tracking methods to locate it either, because those methods require signals pinged from the AirTag to other iPhones and Apple Devices to track location.

BEST CAR ACCESSORIES

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

While Apple AirTags offer some benefits, there are other technologies and methods to consider for enhancing car security. For example, GPS trackers provide real-time location data without the risk of being detected by a nearby iPhone. Additionally, physical deterrents like steering wheel locks and alarm systems can act as effective safeguards. Combining multiple layers of security can better protect your vehicle against theft. Check out how to prevent your car from being stolen.

HOW TO OUTSMART CAR THIEVES WITH THESE SMART AIRTAG TACTICS

While Apple AirTags can be a useful device to help you keep track of your vehicle, whether it is lost or stolen, it does not replace the reliability of a GPS system installed in your vehicle if you are trying to outsmart car thieves. Because car thieves might be able to locate an Apple AirTag hidden in your vehicle, it may not provide the layer of protection you hope for. Though the technology in RFID wallets will not block signals from an Apple AirTag, which will make them detectable to locators and scanners, Faraday bags will. Unfortunately, you will end up outsmarting yourself in trying to outsmart car thieves if you use a Faraday bag because you will then not be able to track the Apple AirTags either. If you are looking for the optimal way to outsmart car thieves, the Apple AirTags might not be the answer you are looking for.

What personal experiences have you had with technology aiding in theft prevention? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Receiving unexpected international calls can be a source of anxiety for many individuals. Whether it’s a single ring from an unknown number or multiple missed calls from abroad, the uncertainty can leave you wondering about the implications for your privacy and security.

Kathy S. recently reached out with a concern many of us can relate to: "I have received calls from Beijing and Russia on my cellphone. I did not answer them. Can you tell me why this is happening? Is my phone at risk?"

If you've experienced similar calls, you're not alone. Let's examine this issue and discover what's really going on.

GET SECURITY ALERTS, EXPERT TIPS, SIGN UP FOR KURT'S NEWSLETTER - THE CYBERGUY REPORT

International call scams have become increasingly common in recent years. One particularly prevalent scam is known as "Wangiri," which originates from Japan and means "one-ring-and-cut." These scammers typically let your phone ring once or twice before hanging up, hoping to pique your curiosity and prompt a callback.

HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

There are several reasons why you might be receiving calls from unfamiliar international numbers.

Wangiri scam: Scammers use automated systems to call thousands of numbers, disconnecting after one ring. If you call back, you may be connected to a premium rate number, incurring significant charges.

Telemarketing and robocalls: Some companies use international numbers to bypass local regulations and reach a wider audience.

Number spoofing: Scammers can make their calls appear to come from different countries, tricking you into answering.

HOW TO STOP ANNOYING ROBOCALLS

While receiving unexpected international calls doesn't necessarily put your phone at immediate risk, there are several potential dangers to be aware of. The primary risk lies in potential financial losses if you engage with these scammers. If you call back, you may be connected to a premium rate service number owned by the fraudster. You could also be charged heavily for these calls, with the scammer aiming to keep you on the line to increase the billed amount.

While less common with Wangiri scams, there's always a risk of personal information theft if you engage with unknown callers. Sharing sensitive data like bank account numbers or Social Security numbers could lead to identity theft.

Answering or returning these calls may signal to scammers that your number is active, potentially leading to more scam calls in the future. Although not typically associated with Wangiri scams, some sophisticated phone scams can potentially install malware on your device if you click on certain links, prompts or follow instructions given by the scammer.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

While these international calls can be concerning, there are several steps you can take to safeguard yourself and your personal information. Here are six effective strategies to help protect against potential scams and unwanted calls.

1) Don't answer or call back: If you receive a call from an unknown international number, resist the urge to answer or return the call.

2) Block suspicious numbers: Use your phone's built-in features to block these numbers and prevent future calls.

3) Report the calls: Inform your phone carrier and the Federal Communications Commission (FCC) about these suspicious calls.

4) Use call-blocking apps: Consider installing call-blocking apps to identify and block spam calls.

5) Be cautious with personal information: Never share sensitive data over the phone, especially with unfamiliar callers.

6) Invest in personal data removal services: Consider using services that remove your personal data from the internet, reducing the chances of scammers obtaining your information. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

HOW TO GET RID OF ROBOCALLS WITH APPS AND DATA REMOVAL SERVICES

While unexpected international calls can be alarming, understanding the nature of these scams empowers you to protect yourself. By staying informed and following the preventive measures outlined above, you can significantly reduce your risk of falling victim to these schemes. Remember, your best defense is a combination of caution, awareness and proactive steps to safeguard your personal information.

Are phone companies doing enough to help protect consumers from international scam calls? Let us know what you think by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

As cyber threats continue to evolve and become more sophisticated, many people like yourself are seeking effective ways to safeguard their online presence. That includes Keith from Lisbon, Iowa, who asked, "If I have a VPN, do I still need an antivirus app?"

The answer is a resounding yes. While a VPN (virtual private network) provides crucial privacy and security benefits, it doesn't protect your device from malware, viruses or other cyber threats. Let's get into why you need both and how they complement each other to provide comprehensive digital security.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

To achieve comprehensive online security, it’s crucial to understand the distinct yet complementary roles that VPNs and antivirus software play in protecting your digital life.

A VPN is your first line of defense for online privacy and security. It works by:

1) Encrypting your internet connection: This makes it extremely difficult for hackers, ISPs or other third parties to intercept and read your data.

2) Masking your IP address: By hiding your real IP address, a VPN allows you to browse the internet anonymously, making it harder for websites and advertisers to track your online activities.

3) Bypassing geo-restrictions: VPNs can help you access content that might be blocked in your region, giving you more freedom online.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

While a VPN protects your online activities, antivirus software focuses on defending your device itself. Here's what antivirus does:

1) Malware detection and removal: Antivirus software scans your device for viruses, trojans, spyware and other malicious software, then removes or quarantines these threats.

2) Real-time protection: Modern antivirus programs continuously monitor your system, preventing malware from infecting your device in the first place.

3) Phishing protection: Many antivirus solutions include features that block malicious websites and warn you about potential phishing attempts.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

VPNs and antivirus software serve different but complementary purposes in your digital security arsenal.

VPNs secure your internet connection: They focus on protecting your data as it travels across the internet, ensuring your online activities remain private. Using a VPN service can enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, helping to obscure your location and online activity. While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

Antivirus protects your device: It guards against threats that could compromise your device's security, regardless of how they reach your system. Therefore, it's important to have strong antivirus software actively running on your devices. Antivirus software helps protect your devices from malware, viruses and other security threats. Regularly update the software to ensure it can detect and remove the latest threats.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

By using both a VPN and strong antivirus software, you create a robust defense system that protects both your online activities and your device itself.

CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS

Remember, Keith and the rest of you: Cybersecurity is not about choosing between a VPN and antivirus; it's about leveraging both to create a multi-layered defense against the ever-evolving landscape of online threats. Combining these two powerful tools allows you to enjoy a safer, more secure and more private online experience.

What are your biggest cybersecurity concerns, and what specific help would you like from us to address them? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Let’s be honest: How many times have you used something like "123456" or "123123" as your password? With so many online accounts to juggle, it’s tempting to go for simple passwords, even though we know they’re weak. Unfortunately, a report from NordPass shows we’re still making the same mistakes when it comes to keeping our accounts secure.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

NordPass has released its compilation of the top 200 most popular passwords used for personal and business purposes. Collaborating with threat management company NordStellar, NordPass analyzed a massive 2.5TB database of global passwords, including those sourced from the dark web. Spoiler alert: They’re still shockingly insecure.

TIRED OF GETTING THOSE MYSTERIOUS PASSWORD RESET EMAILS? HERE'S WHAT TO DO ABOUT IT

We're all guilty of using weak passwords at some point, but the extent of this digital negligence is truly staggering. For the sixth consecutive year, "123456" claims the dubious honor of being the most common password used by over 3 million people.

It's followed closely by its slightly more "complex" cousins: "123456789" and "12345678." But wait, it gets worse. The password "password" still ranks high on the list, used by nearly 700,000 people. It's as if we're collectively daring hackers to break into our accounts.

THIS SNEAKY MALWARE IS AFTER YOUR PASSWORDS AND PERSONAL DATA

Here are the top 10 most common passwords of 2024, according to NordPass:

1) 123456 

2) 123456789 

3) 12345678 

4) password 

5) qwerty123 

6) qwerty1 

7) 111111 

8) 12345 

9) secret 

10) 123123

You might think that in professional settings, where sensitive data is at stake, people would be more cautious. Think again. The corporate world mirrors personal password habits alarmingly closely. The same weak passwords dominate business accounts, with "123456" leading the pack, used in over 1.2 million instances.

DATA BROKER BLUNDERS AS MILLIONS ARE EXPOSED WITH PUBLIC PASSWORDS

Using such easily guessable passwords is like leaving your front door wide open in a neighborhood full of burglars. These passwords can be cracked in less than a second, potentially leading to account compromise, identity theft and a host of other digital nightmares.

So, how can we break this cycle of password mediocrity?

1) Go long: Aim for passwords that are at least 20 characters long.

2) Mix it up: Use a combination of uppercase and lowercase letters, numbers and special symbols.

3) Unique is key: Never reuse passwords across multiple accounts.

4) Regular reviews: Periodically assess and update your passwords.

5) Consider using a password manager: A password manager will securely store and generate complex passwords. It will also help you to create unique and difficult-to-crack passwords that a hacker could never guess. In addition, it keeps track of all your passwords in one place and fills passwords in for you when you're logging into an account so that you never have to remember them yourself. The fewer passwords you remember, the less likely you will be to reuse them for your accounts.

When it comes to choosing the best password manager for you, here are some of my top tips:

Get more details about my best expert-reviewed password managers of 2024 here.

6) Start using passkeys: Passkeys are designed to replace traditional passwords and are steadily gaining traction, particularly among major companies and websites. Far more secure and reliable than conventional passwords, passkeys enable automatic sign-ins to websites and apps using facial recognition, fingerprint authentication or a physical security key.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

It’s clear that we need to step up our password game. Using weak passwords like "123456" is a gamble we can’t afford to take, especially with so much of our lives online. By taking simple steps, like creating longer, more complex passwords and using a password manager, we can better protect ourselves from cyber threats. Let’s make 2025 the year we prioritize our digital security and leave those outdated passwords behind.

What’s the worst password you’ve ever used, and did anything bad happen because of it? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

In an email we received from Janet D., she shared her recent unsettling experience. Here’s what she described:

"I received a pop-up that froze my computer and read, ‘Access to this system is blocked for security reasons’ from Windows Defender Security Center. It came with an audio message and siren."

Janet did what many might do in such a panic-inducing situation: She called the number displayed on her screen. She was instructed to press Ctrl + Shift + Esc, unfreezing her computer, but the instructions didn’t stop there. The scammer directed her to download software from UltraViewer.net, a legitimate remote access tool often exploited by bad actors. Here’s what you should know if you ever encounter a similar scam.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

1) Unsolicited pop-ups claiming to be from Microsoft or other security services: Janet’s story highlights a common scam tactic, which is fake alerts masquerading as official warnings. Microsoft and other legitimate companies do not issue pop-ups with support numbers or direct you to download remote access software.

2) Urgent audio and visual cues: Scammers create a sense of urgency with sirens, flashing messages and warnings of dire consequences to push victims into immediate action without thinking critically.

3) Requests to install remote access software: Scammers often use tools like UltraViewer, TeamViewer or AnyDesk to gain access to victims’ systems. While these tools are legitimate for remote tech support, downloading them at the request of an unknown party is a red flag.

DON'T GET CAUGHT IN THE ‘APPLE ID SUSPENDED’ PHISHING SCAM

If you come across a scam, it's important to act quickly and take the following steps to protect yourself and your information.

If you receive a suspicious pop-up, do not call the number provided or follow any on-screen instructions. Look up any suspicious phone numbers or messages independently. Use Ctrl + Alt + Del to open the Task Manager and close the browser or application displaying the message.

Scammers thrive on urgency. Take a moment to assess the situation calmly. Janet asked if the scammers could have taken any information. Here’s what to do. 

If you installed UltraViewer or similar tools, uninstall them immediately. Update passwords for critical accounts, prioritizing your email and banking logins. Consider using a password manager to generate and store complex passwords. Enable two-factor authentication, as this adds a layer of security even if someone obtains your login credentials.

If you suspect that your computer is still compromised, it might be best to consult with a professional to ensure your system is secure. You may want to reach out to Microsoft Support for additional guidance and to report the incident to help prevent others from falling victim.

YOUR EMAIL DIDN'T EXPIRE, IT'S JUST ANOTHER SNEAKY SCAM

Janet also mentioned that her antivirus software didn’t flag the scam. Unfortunately, many of these scams rely on social engineering rather than malware to bypass antivirus detection. They exploit human psychology, not just technical vulnerabilities. However, running regular scans can still help detect hidden threats.

IS JUST READING THAT SKETCHY SCAMMER'S EMAIL DANGEROUS OR DO I HAVE TO CLICK ON A LINK TO GET IN TROUBLE?

First, don't be the slightest bit embarrassed, as it could have happened to genuinely anyone. And the worst thing you can do is stay silent. You can help prevent this from happening to others.

Stop all communication: Cease all contact with the scammer immediately. Do not engage further or respond to any messages or calls from them.

Report the scam: Report the incident to your local law enforcement agency or the cybercrime unit in your country. Provide them with all the information you have about the scammer and the communication you had with them.

Notify your bank and credit card companies: If you shared any financial information, contact your bank and credit card companies right away. Inform them about the potential scam and ask for advice on how to secure your accounts.

Monitor your accounts: Keep a close eye on your bank accounts, credit cards and other financial accounts for any suspicious activity. Report any unauthorized transactions immediately.

Inform credit bureaus: Consider contacting credit reporting agencies to put a fraud alert on your credit report. This can help prevent the scammer from opening new accounts in your name.

Be cautious about future communications: Be vigilant regarding any future communications from unknown sources. Scammers may try to target you again using different tactics.

Use identity theft protection: If a scammer gets a hold of your personal information, you may consider a service that will walk you through every step of the reporting and recovery process. One of the best things you can do to protect yourself from this type of fraud is to subscribe to an identity theft service. One of the best parts of using an identity theft protection service is that it can include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. Read more of my review of the best identity theft protection services here.

Janet’s experience is a reminder that even the most vigilant among us can fall prey to clever scams designed to exploit fear and urgency. By recognizing red flags like unsolicited pop-ups, high-pressure tactics and requests for remote access, you can protect yourself and your personal information. If you ever encounter a situation like Janet’s, remember to stay calm, verify the legitimacy of any alerts and take the necessary steps to secure your system. Scammers rely on quick reactions, so slow down, stay in control and don’t let them manipulate your next move.

Have you seen any new scams lately that others should know about? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

We've all been here before. All of us have, at one point or another, accidentally deleted an important text. Gloria, from Chepachet, Rhode Island, reached out to us with this question:

"I accidentally deleted a text message; how can I get it back on my Android phone?"

We’re sorry to hear that you’ve accidentally deleted a text message. The ability to recover it depends on several factors, including your phone model, whether a backup was made and the specific messaging app you’re using. Here are some general methods you can try. (iPhone users, follow these tips.)

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

If you have an Android-based phone or a Google account, you may use Google Messages as your primary platform for text messages. Here's how to check if your message was archived within Google Messages.

Settings may vary depending on your Android phone’s manufacturer. 

ACTIVATE AUTO-REPLY FOR TEXT MESSAGES ON ANDROID

Settings may vary depending on your Android phone’s manufacturer. 

If you are using a Samsung-based smartphone, your text messages can be stored in the Samsung OS's Recycle Bin for up to 30 days. If you are using a Samsung smartphone, here's how to check the built-in recycling bin app to see if your messages are in there:

GET QUICK ACCESS TO YOUR FAVORITE APPS WITH SAMSUNG GALAXY'S EDGE PANELS

If you don’t have a backup and your messages are permanently deleted, you might still have a chance to recover them using a third-party Android data recovery app. You can find Kurt’s picks for data recovery software here. Different apps will have different features, so be sure to pay close attention to which third-party recovery solution is the right one for your needs.

If you’ve backed up your phone to Google Drive, you may be able to restore your backup to recover the deleted text messages. Please note that restoring a backup might overwrite the existing data on your phone. Here's how to check and see if you have a Google Drive backup for your smartphone:

Settings may vary depending on your Android phone’s manufacturer. 

7 THINGS GOOGLE JUST ANNOUNCED THAT ARE WORTH KEEPING AN EYE ON

Gloria, hopefully, we were able to help you restore the missing Android message. Regularly backing up your data to prevent future data loss is always a good idea. If you have an Android smartphone, I strongly recommend using Google Drive to back up your phone; that way, you can always access the backup within your Google account. If you can't find your deleted messages in your phone's trash bin or recycling bin, don't panic. You can still most likely get any deleted data back with a third-party program, but check any program's features before paying.

Have you ever experienced significant data loss? What lessons did you learn from that experience? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Google is rolling out significant changes to its Maps Timeline feature, which tracks your location history. As part of this update, you will soon receive notifications that your Timeline data will be automatically deleted after a specific deadline unless you take action to back it up. This transition represents a shift towards enhanced privacy as Google plans to store Timeline data locally on your device instead of on its servers. While this change aims to protect your data from unauthorized access, it also means that any unbacked location history may be permanently lost.

GET SECURITY ALERTS, EXPERT TIPS, SIGN UP FOR KURT'S NEWSLETTER - THE CYBERGUY REPORT HERE

Google Maps' location-tracking feature, known as Timeline, is undergoing a major update. Previously, Google announced plans to shift this data to local storage. Now, the company is sending out emails alerting you to this upcoming change.

Google will start deleting the last three months of Timeline data unless you take action. While this shift to local storage offers more privacy for those concerned about sharing location data with Google, it also means that if you don’t act, your past location history may be permanently lost.

After receiving the notification, you will have about six months to save or transfer your Timeline data before it’s deleted. The email will be sent by "Google Location History," with the subject line: "Keep your Timeline? Decide by [date]."

Keep in mind that not everyone has received these notifications yet, so there’s no immediate rush. But once you get the email, you'll have a six-month window to decide.

HOW GOOGLE MAPS IS GIVING YOU MORE POWER OVER YOUR LOCATION DATA

There are several compelling reasons why users may want to save their Google Maps Timeline data.

Personal memories: The Timeline feature allows you to revisit past trips and experiences, serving as a digital diary of places visited and routes taken. For many, these memories are valuable and worth preserving.

Travel planning: Accessing historical location data can aid in future travel planning. You can analyze previous trips to make informed decisions about destinations, accommodations and activities based on past experiences.

Safety and security: Keeping a record of locations visited can be beneficial for personal safety. In case of emergencies or disputes, having a detailed history of movements can provide crucial information.

Data ownership: With the shift to local storage, you have greater control over your data. Saving this information ensures that it remains accessible and private without relying on cloud services that may be vulnerable to breaches.

Avoiding loss: Google has indicated that any unbacked location history will be deleted after the transition. Those of you who wish to retain your data must act promptly to prevent permanent loss.

BRUSSELS SPROUTS CHRISTMAS TREE LIGHTS UP SCIENCE

If you've received the above email or simply want to make sure your Timeline data is preserved, here’s what you can do:

1) Google’s Timeline export tool:

2) Google is rolling out a feature that allows you to export your Timeline data directly from your devices. To use it:

On your phone or tablet:

On your computer:

Keep in mind that this backup will be specific to that device, so you may need to repeat the process on other devices you use.

Note: Some users have reported their data being deleted even after they requested not to lose anything. To avoid this, we recommend regularly backing up your Timeline data.

THIS GOOGLE MAPS TRICK CAN SUPERCHARGE YOUR ABILITY TO NAVIGATE DIRECTIONS

While this update may help you avoid sharing location data with Google, it's important to remember that Google collects personal data in other ways as well. Here are some additional steps you can take to protect your privacy.

1) Turn off location data on Google: This prevents Google Photos from estimating where your photo was taken. Here’s how to do it.

On your phone or tablet:

2) Disable facial recognition: Sharing your facial data with Google puts you at risk of the company collecting information without your consent, potentially sharing it with third parties and using it in ways you may not be aware of. Here’s how to turn it off.

3) Delete your YouTube history: Google tracks your YouTube viewing history and suggests videos based on your past activity. While this can be convenient for discovering similar content, it can also feel like an intrusion on your privacy. Here’s how to end it.

On desktop:

On mobile:

4) Use a VPN: A virtual private network (VPN) can significantly enhance your privacy when using Google Maps and other online services. Here's how it helps:

To use a VPN with Google Maps:

Important caveat: While using a VPN can enhance your privacy, it may interfere with Google Maps’ ability to provide accurate directions. This is because a VPN may route your connection through a server in a different location, causing the app to misidentify your current position. If you need precise navigation or directions from your current location, consider temporarily disabling the VPN while using Google Maps to ensure accurate results.

Pro tip: For maximum privacy, combine the use of a VPN with Google Maps’ incognito mode. This ensures that your searches and location data aren’t tied to your Google account, providing an added layer of anonymity.

Recommended VPN Services: To find the best VPNs that work across devices like Windows, Mac, Android and iOS, check out my expert reviews of top VPN software. These reviews highlight options that prioritize privacy, speed and reliability.

6 WAYS TO TAKE BACK YOUR PRIVACY ON GOOGLE

Google’s decision to delete location history after three months is a big move toward giving you more control over your data and offering improved privacy by storing information locally. As privacy concerns grow, it's encouraging to see companies like Google take steps toward greater transparency and user choice.

What other Google privacy concerns do you have? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.