UnitedHealth’s Change Healthcare unit suffered a data breach in February 2024, the news of which surfaced Feb. 21. 

Initially reported to have affected around 100 million individuals, the U.S. health insurance giant has now revealed that the actual number is significantly higher: 190 million. This makes it the largest breach of medical data in U.S. history, affecting nearly half the country’s population. 

A breach of this magnitude can have devastating consequences for the American people as malicious actors could exploit the data for a range of attacks if it finds its way to the dark web.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

UnitedHealth confirmed on Friday, Jan. 24, 2025, that the ransomware attack on its Change Healthcare unit affected approximately 190 million people in the United States. The company had previously estimated the number of affected individuals to be around 100 million in its preliminary analysis filed with the Office for Civil Rights, a division of the U.S. Department of Health and Human Services that investigates data breaches.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

UnitedHealth stated that the majority of those impacted have already been notified, either directly or through substitute notice. The final tally of affected individuals will be confirmed and submitted to the Office for Civil Rights at a later date.

The company tells CyberGuy it is "not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis." However, UnitedHealth did not disclose when it became aware of the additional 90 million victims, how the revised figure was determined or what changes led to the updated number.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

The cyberattack on Change Healthcare in February caused widespread disruptions across the U.S. healthcare sector, as the company took its systems offline to contain the breach. This shutdown impacted critical services such as claims processing, payments and data sharing, which many healthcare providers rely on.

The stolen data varied by individual but included a broad range of personal and sensitive information, such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport details.

Plus, hackers may have accessed health-related information, including diagnoses, medications, test results, imaging records, care and treatment plans, and health insurance details. Financial and banking information tied to claims and payment data was also reportedly compromised.

The breach was the result of a ransomware attack carried out by ALPHV/BlackCat, a Russian-speaking ransomware and extortion group. The attack, a form of malware intrusion, locks victims out of their data unless a ransom is paid. ALPHV/BlackCat later took credit for the attack.

During a House hearing in April, Change Healthcare admitted that the breach was made possible due to inadequate security measures, specifically the absence of two-factor authentication to protect its systems.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity and immediately report any issues to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

It’s surprising that a company of UnitedHealth’s scale failed to implement even basic cybersecurity measures when handling customer data. A breach affecting 190 million people – nearly half of the U.S. population – is staggering, leaving almost anyone at risk of becoming a target for hackers. While the company is still assessing the full extent of the breach, you can take precautions now by being cautious with any unknown links or unsolicited calls. Bad actors may use a variety of tactics to cause harm.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A sophisticated phishing campaign exploiting Google Calendar has been uncovered by Check Point Software Technologies, raising alarms among cybersecurity experts. 

Cybercriminals are sending fake meeting invitations that appear legitimate, redirecting victims to phishing sites and mimicking Google's platforms to steal sensitive information. 

This emerging threat is particularly concerning given the widespread use of Google Calendar, which serves more than 500 million users globally in 41 languages. Researchers have identified nearly 4,000 phishing attempts in a matter of weeks, impersonating more than 300 reputable brands.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Hackers leverage the trust in Google's services to carry out their attacks. Victims receive seemingly authentic meeting invites via Google Calendar. Upon clicking links within these invites, they are taken to fake web pages that prompt them to input personal data. Once compromised, this information can be used for identity theft, financial fraud and unauthorized access to other accounts. Security experts warn that attackers are now using AI to craft highly convincing fake invitations, making it even harder to spot the fraud. Reacting to the findings from Check Point, a spokesperson for Google said:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

"We recommend users enable the 'Only If The Sender Is Known' setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past."

ASK KURT: HOW TO NAVIGATE GOOGLE’S PRIVACY SETTINGS

Google has introduced the "known senders" feature in Google Calendar to combat sophisticated phishing attempts. This setting helps you filter out potentially malicious calendar invites. Here's how to enable it:

This ensures that only events from contacts, your organization or previous interactions are automatically added to your calendar.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW ONE MAN GOT SCAMMED IN SECONDS USING GOOGLE

To further protect yourself from phishing scams, follow these steps.

Scrutinize unexpected invites carefully: Examine the sender's details, including their name, domain and email address, for any inconsistencies or signs of spoofing.

Avoid clicking suspicious links or downloading attachments from unknown sources: Threat actors often embed malicious links in calendar invites that can lead to phishing websites designed to steal your personal information.

Use strong antivirus software: This provides an additional defense mechanism against malware and can help detect potential phishing attempts before they cause damage. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Enable two-factor authentication (2FA) for your Gmail account: 2FA adds an extra layer of security that can prevent unauthorized access, even if your credentials are compromised.

Keep your security settings up to date: Regularly review and adjust your calendar and email settings to protect against evolving phishing tactics.

HOW A WRONG GOOGLE SEARCH CAN COMPROMISE YOUR DATA AND BRING LAW ENFORCEMENT CALLING

As phishing tactics evolve, cybercriminals are exploiting trusted platforms like Google Calendar to bypass traditional security measures. This underscores the importance of user vigilance and proactive security practices. By enabling the "known senders" setting and implementing additional security measures, you can significantly reduce the risk of falling victim to calendar-based phishing scams.

What digital security challenges have you encountered recently? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Did you know that identity theft happens every 22 seconds? This means that, by the time you finish reading this sentence, someone has likely had their identity stolen. At best, identity theft will steal away your time and patience. But more often, identity theft leads to severe consequences, like losing control over your financial accounts, having your credit score affected or even losing lifelong savings.

However, you don't have to be a statistic. By understanding how identity thieves operate and implementing smart protection strategies, you can make your personal data a fortress that's too challenging for cybercriminals to breach. Drawing from the Federal Trade Commission's (FTC) latest Identity Theft Awareness Week insights, I'll walk you through expert-backed strategies to shield your most valuable asset: your identity.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

With so much of our lives having moved online, identity thieves are having an easier time than ever. Your most important accounts – banking, credit, Social Security – are all digital. Thieves don’t need to know much about you to steal your identity, just a few pieces of personal information can be enough. According to the Bureau of Justice Statistics, 24 million Americans reported identity theft in the past 12 months. In their lifetime, 1 in 3 Americans (more than 110 million people) have experienced identity theft. Here’s the part many people don’t realize: You might have already been a target. Maybe your identity was stolen, and the thieves failed, or maybe your good online habits saved you without you even knowing, which brings us to the next lesson: prevention.

THINK YOU'RE SAFE? IDENTITY THEFT COULD WIPE OUT YOUR ENTIRE LIFE’S SAVINGS

You don’t need to spend a fortune to guard against identity theft. While professional services can be helpful, most of what you need comes down to better habits and awareness. Here are some simple steps you can take today:

1) Check your accounts regularly: Review your bank, credit card and Social Security accounts for transactions you didn’t make, failed login attempts and password reset requests you didn’t initiate.

2) Keep an eye on your mail: Look for letters regarding accounts you didn’t open, notices of data breaches and transaction summaries that don’t match your records.

3) Monitor your email inbox: Be alert for password reset emails you didn’t request, confirmation of new accounts you didn’t open, receipts for purchases you didn’t make.

4) Use two-factor authentication (2FA): 2FA adds extra layers of security to your accounts. Even if a thief has your password, they won’t be able to log in without a second step, like a code sent via text message or app-based verification. While logging in might take an extra moment, it’s worth it; 2FA dramatically increases account security.

5) Check your credit report annually: Visit AnnualCreditReport.com to get your free credit report once a year. Use it to spot suspicious activity early. If you see something unusual, take action right away.

6) Use strong passwords: Use complex passwords and a password manager to secure your online accounts. Strong passwords are your first line of defense against cyber threats.

7) Stop oversharing: Limit the personal information you share on social media and other platforms. It’s a treasure trove for cybercriminals who use it to craft convincing fraud campaigns targeted specifically at you.

10 SIGNS YOUR IDENTITY HAS BEEN COMPROMISED

Nearly half of Americans don’t know how to respond if they fall victim to identity theft. Acting quickly can make a huge difference. Here’s what to do:

1) Contact the affected institution: Contact the company immediately if you notice something unusual, like a suspicious charge or an unfamiliar account. They’ll guide you through securing your account.

2) Change your passwords: Update the password for the affected account and any others using the same credentials. Use strong, unique passwords for each account to avoid further risks.

3) Report the theft to the FTC: Visit IdentityTheft.gov to report identity theft and get personalized recovery steps.

4) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Data breaches often start with personal information that’s readily available online. People search sites and data brokers collect and sell this information, including your name, address, phone number and more. Can you get your data removed? Yes, but it’s tricky. These companies don’t make it easy, and managing removal requests for hundreds of sites can be overwhelming. 

Instead, consider using a personal data removal service. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

CELLPHONE NIGHTMARE LEADS TO PORTED NUMBERS, IDENTITY THEFT, FIGHT FOR RECOVERY

Look, identity theft is scary, but you're not helpless. By staying smart and proactive, you can dramatically reduce your risks. Think of protecting your identity like locking your front door: It's just good common sense in today's digital world. At the end of the day, a little awareness goes a long way, and you've already taken the first step by reading this article. Now, take what you've learned and apply it to keep you safe from cybercriminals.

What situation have you found yourself in where you felt vulnerable to identity theft or needed help protecting your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Nowadays, almost every app you download asks for location permissions, meaning it wants to track where you are and your movements. For an app like Google Maps, requesting location access makes perfect sense. It's also reasonable for apps like Uber or DoorDash, which rely on location for their services. 

However, many apps that have nothing to do with location still ask for it, and we often grant these permissions without thinking twice. When you give an app access to your location, that data is stored and, in some cases, might even be sold. According to Texas Attorney General Ken Paxton, this practice is not uncommon. 

A recent lawsuit filed by Paxton alleges that the insurance company Allstate collected and sold the location data of 45 million Americans' smartphones.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

In a press release, Paxton announced that he had sued Allstate and its subsidiary, Arity, for unlawfully collecting, using and selling data about the location and movements of Texans' cellphones. The data was gathered through secretly embedded software in mobile apps, such as Life360. "Allstate and other insurers then used the covertly obtained data to justify raising Texans’ insurance rates," the press release stated.

The insurance provider allegedly collected trillions of miles' worth of location data from more than 45 million Americans nationwide. The data was reportedly used to build the "world’s largest driving behavior database." When customers sought a quote or renewed their coverage, Allstate and other insurance companies allegedly used the database to justify raising car insurance premiums.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Paxton claims the actions violated the Texas Data Privacy and Security Act. The lawsuit alleges customers were not clearly informed their data was being collected and did not consent to the practice.

"Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software," said Paxton. "The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable."

We reached out to Allstate and Arity for comments. A rep for the Allstate Corporation provided CyberGuy with this statement: "Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations."

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Car manufacturers have also been accused of selling similar data to insurance companies. Last year, Paxton sued General Motors for allegedly collecting and selling the private driving data of more than 1.5 million Texans to insurance companies without their knowledge or consent. In addition to insurance companies, data brokers are frequent buyers of customer data. Critics say these brokers fail to adequately protect the information, leaving it vulnerable to hackers. Earlier this month, hackers claimed to have breached Gravy Analytics, a major location data broker and the parent company of Venntel, which is known for selling smartphone location data to U.S. government agencies.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

1. Avoid installing the insurance company’s app: Many insurance companies encourage users to download their apps to "simplify" claims, payments or policy management. However, these apps often collect and track your location data under the guise of improving their services. If the app is not absolutely essential, manage your account through the company’s website or contact customer service directly instead.

2. Don’t give location permissions unnecessarily: When an app requests location access, ask yourself whether it genuinely needs this information to function. For example, a weather app may need approximate location data, but a flashlight app does not.  Always choose "Deny" or "Allow only while using the app" unless absolutely necessary. Most modern devices also allow you to provide an approximate location rather than a precise one, which is a safer option when location access is unavoidable.

3. Review and manage app permissions regularly: Over time, you may forget which apps have been granted permissions. Regularly go through your device’s app settings to check and adjust permissions. On most devices, you can access this under settings > privacy > app permissions (specific steps vary by operating system). Revoke access for any apps that don’t need it or seem suspicious.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Turn off location services when not in use: Keep location services off when you don’t need them. This reduces the chances of apps or devices tracking you passively in the background. For tasks like mapping or food delivery, turn location services on temporarily, then turn them off when you’re done. For added security, avoid connecting to public Wi-Fi networks, which can also be used to track your location indirectly.

5. Use privacy-focused tools and apps: Invest in tools designed to safeguard your privacy. Virtual private networks (VPNs) can mask your location online and prevent unwanted tracking while browsing.  VPNs will also protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

If Allstate is indeed unlawfully collecting and selling people’s location data, Attorney General Paxton is right to hold them accountable by filing a lawsuit. In an era where cybercriminals exploit every opportunity to scam individuals, companies that fail to protect customer data are unacceptable and should face consequences. Data has become the new oil, and everyone seems eager to exploit it — often at the expense of ordinary people. Businesses that prioritize profits over privacy erode trust and put consumers at risk, making it crucial to enforce strict accountability for such practices.

Do you think companies like Allstate should be required to make their data practices crystal clear to customers? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Virtual private networks (VPNs) are important if you care about your data and privacy. They create a secure, encrypted connection between your device and the internet, hiding your IP address and protecting your online activity. 

There are tons of apps out there that claim to offer VPN services, but not all of them are legit. Some are fakes trying to steal your data. 

In the third quarter of 2024, security researchers found that the number of users encountering fake VPN apps jumped 2½ times compared to the second quarter globally. These apps were either malware or programs that could be used by malicious actors.

I’m diving into the rise of fake VPN apps and how you can stay safe.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

According to Kaspersky, cybercriminals are taking advantage of people who want to use free VPN services. In May 2024, law enforcement shut down a botnet, a network of hijacked devices, called 911 S5. Several free VPN services, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN, were used to create this botnet.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

When users installed these VPN apps, their devices were turned into proxy servers, meaning they were used to redirect someone else’s internet traffic. 

This huge network spread across 19 million unique IP addresses in over 190 countries, making it possibly the largest botnet ever created. The people controlling the botnet sold access to these infected devices to other criminals, who used them for cyberattacks, money laundering and fraud.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

You can’t trust free VPN apps because they have no reason to keep you or your data safe. Here's why you should be cautious:

There's a growing demand for VPN apps across all platforms, including smartphones and computers. Users often believe that if they find a VPN app in an official store, like Google Play, it's safe to use. They're especially drawn to free services, thinking it's a great deal. However, this can often be a trap.

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

If you need a VPN, stick to a service that’s well-known, trusted and not free. Look for ones that are talked about on mainstream sites and backed by solid reviews. If you’re not sure where to start, I’ve put together a handy list of my favorite VPNs. I’ve tested them myself, and you can trust them to keep your data safe. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF 

Here are seven essential steps to help you choose a reliable VPN and safeguard your online privacy.

1. Stick to official app stores: Always download apps from trusted platforms like the App Store for iOS or the Google Play Store for Android. These stores have built-in security measures that help detect and remove fake or harmful apps. Avoid downloading apps from random websites or third-party stores, as they are more likely to host malicious software. Even on official stores, check the app’s reviews, ratings and download count to ensure it’s trustworthy.

2. Pay attention to app permissions: Be careful about the permissions you grant to apps during installation. A flashlight app, for example, doesn’t need access to your contacts or location. Question any permission that doesn’t align with the app’s functionality. Both iOS and Android allow you to review and manage app permissions in your settings, so take the time to double-check what you’ve already allowed.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Use two-factor authentication (2FA): Implement 2FA for your VPN accounts to add an extra layer of security beyond just a password.

4. Keep software updated: Regularly update all VPN-related software, including clients, servers and associated networking hardware, to benefit from the latest security patches and improvements.

5. Use strong encryption: Look for VPN services that use robust encryption protocols like AES-256 to protect your data.

6. Monitor VPN traffic: Continuously monitor VPN traffic and logs for unusual patterns that might indicate security issues.

7. Invest in strong antivirus software: A strong antivirus program can help detect and remove malware before it compromises your device. Many antivirus apps also come with features like web protection, anti-phishing tools and the ability to scan new apps for threats. While there are free options, premium versions often provide more comprehensive protection. Look for a trusted name in cybersecurity when choosing an antivirus solution. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Fake VPN apps are everywhere, and they’re bad news. They’re not just useless. They can turn your device into a tool for cybercriminals. The 911 S5 botnet showed us just how dangerous free VPNs can be, turning millions of devices into a giant network for fraud and attacks. The truth is free VPNs aren’t really free. They often come with weak security, leak your data or demand permissions that put your privacy at risk. If you’re serious about protecting your online activity, invest in a trusted, paid VPN service.

How often do you check the credibility of apps you download? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

You know, it's pretty unsettling when you think about it. We spend our whole lives working hard and saving up for retirement. Then, one day, you find out that some company you've never heard of is selling your personal information to whoever wants to buy it. It's not just alarming. It could actually put your financial security at risk.

These companies are data brokers that collect and sell people's personal information, often without us even knowing about it. And get this: Some of them might be trading info that could affect your retirement savings. 

Crazy, right? But don't worry, it's not all doom and gloom. There are things we can do to protect ourselves. I want to talk about how these data brokers operate and what steps you can take to keep your retirement plans safe.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

There’s one major way in which data brokers are endangering your retirement security, and it’s right there in the name: data brokers buy, sell, trade and otherwise spread your personal information far and wide. This endangers your retirement security in three distinct ways, each more dangerous than the last:

They don’t know anything about you, but they have a way to reach you. Even if a scammer knows only your phone number or email address, it’s enough for them to reach out to you. If they don’t know who you are or anything about you, they have to take the most "one-size-fits-all" approach they can manage. Their goal is to get you to respond to them or click a link that leads to a malicious website. Once they learn more about you, they can better tailor their next moves.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

They know what you’re like but not who you are. Scammers can buy ready-made packages of personal information from data brokers. A set like this might include only the phone numbers of people over the age of 60, for example, while another might provide the addresses of elderly people who require live-in care and are experiencing cognitive decline. The potential for abuse is clear. They don’t have to know your name to target a dangerously effective scam at you.

In other words, something aimed right at you and very difficult to ignore. Scammers can also buy shockingly detailed information about you, from your full name to your health care and financial information. These scams are the most dangerous, with the attackers knowing enough about you to breeze past many of your defenses.

Any of the above types of scams can end in what might be the ultimate fraud – identity theft – but these three are more likely to get there, and in fewer steps, than the others.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

MASSIVE DATA BREACH AT FEDERAL CREDIT UNION EXPOSES 240,000 MEMBERS

You can reduce or avoid many of these risks by stopping data brokers from making it easier for scammers to target you and by arming yourself against the most common and effective tactics they use.

1. Invest in personal data removal services: A trusted personal information removal service can stop data brokers in their tracks from sharing your information. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

2. Don’t click on links: No matter how much pressure or stress a message or phone call puts you under, stick to the golden rule of never following or clicking on links. Always go to the source of the communication via official channels from a secure device to confirm what’s happening. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3. Don’t give out sensitive information: If a message or email can put you under enough pressure to do something you shouldn’t (like follow a link to a phishing site), imagine what a phone call can do. Any request for personal information should raise red flags. If something seems off, hang up.

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF 

4. Verify identities before handing over money or information: Always verify who you are dealing with before providing any personal details (name, address, date of birth, Social Security number, financial information, etc.) or money. If someone asks for this information or claims they need to send you money, follow this rule: "Hang up, look up and call back." This applies to phone calls, texts and emails. Hang up or set the message aside, find the legitimate contact information for the organization in question and reach out through official channels (not social media) to confirm the request.

 TOP 5 MISTAKES THAT COULD EXPOSE YOUR FINANCIAL DATA TO CYBERCRIMINALS

You know, it's crazy to think about how much of our personal information is out there, floating around in the digital world. But here's the thing: We're not powerless in this situation. Sure, it can feel overwhelming, but there are steps we can take to protect ourselves and our hard-earned retirement savings. It's all about being aware, staying vigilant and using the tools at our disposal. Remember, your financial security is worth fighting for. So let's not just sit back and hope for the best. Let's take action and show those data brokers that we're not going to be easy targets. After all, we've worked too hard for too long to let anyone mess with our golden years, right?

Do you think there should be regulations in place to limit the activities of data brokers, and what specific measures would you like to see implemented to better protect your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

SRP Federal Credit Union, a South Carolina-based financial institution, had a major data breach impacting more than 240,000 people. 

The credit union handles highly sensitive information of hundreds of thousands of Americans, which is now in the hands of cybercriminals. 

SRP revealed in a notice that the data breach was part of a two-month attack by hackers, raising concerns about how it took the company so long to detect unauthorized entry into its systems. I discuss the details of the data breach, its impact on people and what you need to do to stay safe.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

SRP Federal Credit Union has reported a data breach that exposed the personal information of more than 240,000 individuals, according to documents filed Friday with regulators in Maine and Texas. 

The company said it discovered suspicious activity on its network and notified law enforcement. An investigation determined that hackers accessed the credit union’s systems between Sept. 5 and Nov. 4, potentially acquiring sensitive files. The investigation concluded on Nov. 22, the company said.

SRP did not specify the exact details exposed in its notice to Maine regulators, saying only that names and government-issued identification were affected in the cyberattack. 

However, in a filing with Texas regulators, the company said names, Social Security numbers, driver’s license numbers, dates of birth and financial information, including account numbers and credit or debit card numbers, were compromised. SRP said the breach did not affect its online banking or core processing systems.

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

SRP has not disclosed who was behind the attack or the attackers' motives. However, the ransomware group Nitrogen claimed responsibility last week, alleging it had stolen 650 GB of customer data, according to The Record. Ransomware attacks use malicious software to block access to a victim’s files, systems or networks and demand payment to restore access.

The credit union could face legal challenges following the data breach, as Oklahoma City-based Murphy Law Firm is investigating claims on behalf of individuals whose personal information was exposed. The firm is also encouraging affected individuals to join a potential class-action lawsuit.

SRP will provide impacted individuals with free-of-charge identity theft protection services, so take advantage of it to safeguard your information.

We reached out to SRP for comment but did not hear back by our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

If you have received a notice from SRP Federal Credit Union about the data breach, consider taking the following steps to protect yourself.

1. Monitor your accounts: Regularly check your bank accounts, credit card statements and other financial accounts for any unauthorized transactions or suspicious activity. Contact one of the three major credit bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your credit report, making it harder for identity thieves to open accounts in your name.

2. Freeze your credit: Consider freezing your credit to prevent new accounts from being opened without your consent. This service is free and can be lifted at any time.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

4. Change your passwords: Update passwords for your online accounts, especially those related to banking and email. Use strong, unique passwords and consider using a password manager to generate and store complex passwords. Also, enable two-factor authentication for added security.

5. Beware of phishing scams: Be cautious of emails, texts or calls claiming to be from SRP or related organizations. Avoid clicking on links or providing personal information unless you verify the sender.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Keep your device's operating system updated: Make sure your cellphone and other devices automatically receive timely operating system updates. These updates often include important security patches that protect against new vulnerabilities exploited by hackers. For reference, see my guide on how to keep all your devices updated.

7. Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach. Check out my top picks for data removal services here.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

The SRP Federal Credit Union data breach is a harsh reminder of how vulnerable our sensitive information can be. Over 240,000 individuals had their personal data compromised, including Social Security numbers, driver’s licenses and financial details. Even more alarming is the two-month window hackers had to exploit the credit union's systems before being detected. This highlights significant gaps in cybersecurity protocols. If you’re an SRP customer, monitor your accounts closely, enable fraud alerts and consider identity theft protection services to stay ahead of potential threats.

Do you think financial institutions should be held more accountable for data breaches like this one? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

When you visit a webpage, you might see a CAPTCHA to make sure you’re a real person and not a bot. These usually involve jumbled words, some recognizable images or just a box that says, "I am not a robot." 

CAPTCHAs are harmless, but hackers are now using them to infect your PC with malware.

Security researchers have found a huge fake CAPTCHA campaign spreading the dangerous Lumma info-stealer malware, which can bypass security measures like Safe Browsing.

This campaign shows how malvertising works, with more than a million ad impressions every day and thousands of victims losing their accounts and money through a network of more than 3,000 sites. I’ll break down how this scam works, who’s responsible and how you can protect yourself.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

As reported by Guardio, the fake CAPTCHA scam is a sophisticated malvertising campaign that lures you into unknowingly installing malware under the guise of routine CAPTCHA verification. The cyberattack starts when you’re browsing websites, often those offering free streaming, downloads or pirated content. These sites are used by hackers to present you with what appears to be a legitimate CAPTCHA verification page.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The page mimics a real CAPTCHA, asking you to confirm you are human. However, the instructions are designed to trick you into initiating harmful actions, like triggering the Windows "Run" dialog. Users unknowingly paste and execute a crafted PowerShell command, which silently installs the Lumma info-stealer malware onto their system.

The malware targets sensitive data, including social media accounts, banking credentials, saved passwords and personal files, potentially leading to financial and identity theft.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

The fake CAPTCHA scam shows how messy the internet’s ad system has become, with everyone involved passing the buck. Guardio Labs points to ad networks like Monetag as a big part of the problem. They distribute malicious ads that are disguised during moderation using tricks like cloaking. Publishers, especially those offering free or pirated content, add to the issue by running these shady ads on their sites, often without checking what they’re actually showing users.

Then there are services like BeMob, which lets scammers hide their bad links behind harmless-looking URLs. These companies call themselves analytics tools, but they’re helping the scams stay hidden. Hosting providers don’t escape blame either. They’re where these fake CAPTCHA pages live, and they often don’t bother to check what’s being hosted.

Of course, the scammers themselves are the ones pulling the strings. But because they spread their operations across so many platforms, they’re almost impossible to track down. Guardio’s research shows how all these moving parts work together, creating a system where no one takes responsibility, and the scams keep running.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

BEWARE OF ENCRYPTED PDFs AS LATEST TRICK TO DELIVER MALWARE TO YOU

1. Use reliable security software: Keeping your antivirus and anti-malware software up to date is one of the most effective ways to protect yourself from fake CAPTCHA scams. A strong antivirus software will detect and block malware like the Lumma info-stealer before it can infect your device. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Enable browser protection features: Modern browsers offer built-in security features, such as Safe Browsing and phishing protection, which warn you about potentially dangerous sites. Make sure these features are enabled in your browser settings. These tools can alert you to malicious links or fake CAPTCHAs trying to trick you into downloading malware.

3. Be cautious with "free" content: There’s a saying that goes, "If something is free, you’re what they are selling." Websites that offer free downloads, streaming services or pirated content are often associated with malvertising campaigns. Fake CAPTCHA scams are commonly spread through these types of sites, where users are tricked into clicking on malicious ads or links. Even if a site seems tempting, it’s important to be cautious. Avoid clicking on suspicious links or using "free" services, as they could be traps designed to infect your device with malware.

4. Avoid clicking on suspicious ads: Always be wary of ads that appear out of nowhere or seem too good to be true. Fake CAPTCHA scams often disguise themselves as legitimate ads, asking you to click to verify you're human. Never interact with pop-up ads or unfamiliar banners, especially those that claim to give you something for free, as they may lead to malicious pages or trigger malware downloads. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5. Check for HTTPS and look for signs of a legitimate site: Before entering any personal information or interacting with a CAPTCHA, ensure that the website is secure. Look for "https://" in the website’s URL, which indicates the connection is encrypted. Legitimate websites also tend to have a professional appearance, so if something feels off or the design looks poor, trust your instincts and leave the site.

6. Enable two-factor authentication: Two-factor authentication adds an extra layer of security, making it harder for attackers to access your accounts. 

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

There’s no question that fake CAPTCHA scams are a growing threat, putting millions of us at risk of malware infections and financial loss. What’s even more concerning is that ad networks, publishers and hosting services continue to allow malicious campaigns to spread through their platforms despite the widespread awareness of the problem. The companies involved must take immediate action to improve content moderation, tighten security measures and prevent these scams from thriving. We are seeing a dangerous loophole in the digital advertising ecosystem that could have serious consequences for internet users.

Do you think ad networks and publishers should be held accountable for the spread of malware through their platforms? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Data breaches happen all the time, and while no data breach should be ignored, those involving health care institutions require special attention. 

These breaches can be very damaging and haunt people for life. Recently, hackers leaked the personal data of around 500,000 Americans. 

They breached the databases of the Center for Vein Restoration (CVR), which claims to be "America’s largest physician-led vein center," stealing not just personal data but also medical records.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

CVR, a clinic headquartered in Maryland, experienced a massive data breach where hackers stole highly sensitive personal information, including lab results and health insurance details, as reported by Cybernews. The breach occurred in early October, with the clinic detecting "unusual activity" in its systems on Oct. 6.

CVR has more than 110 branches across the country, from Alabama to Alaska. This breach has affected hundreds of thousands of individuals. According to a notice filed by CVR with the U.S. Department of Health and Human Services Office for Civil Rights, more than 445,000 people had their personal information compromised.

As the name suggests, CVR specializes in vein restoration, a very specialized procedure aimed at improving the health and function of veins. This means the clinic keeps a very elaborate record of its patients’ health, and now all that is in the hands of hackers, along with copious amounts of personal information.

The full list of exposed data includes addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnoses, lab results, medications, treatment information, health insurance information, provider names, dates of treatment and financial information.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

The risks of data breaches depend on the type of company affected. For instance, breaches involving companies like Ticketmaster are generally more manageable because they often expose information like contact details, addresses and, in some cases, identification documents. Even if financial data is leaked, it can typically be mitigated by replacing or blocking compromised accounts.

Health care data breaches, however, are far more severe. When companies like CVR are targeted, hackers gain access to sensitive medical records that cannot be altered. Your medical history is permanent and highly sought after on the dark web. Cybercriminals can use this information to commit identity fraud, such as obtaining prescription drugs through false insurance claims. Plus, detailed knowledge of medical treatments, lab results and medications allows attackers to create highly targeted phishing scams, exploiting victims’ vulnerabilities with alarming precision.

We reached out to CVR for a comment but did not hear back before our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS

1. Regularly monitor your financial and medical accounts: Periodically review your medical records and health insurance statements for any unusual or unauthorized activity. This can help you quickly identify and address any discrepancies or fraudulent activities.

Use patient portals provided by health care providers to access your medical records online. These portals often have features that allow you to track your medical history and appointments.

2. Use strong passwords and two-factor authentication: Create strong, unique passwords for your online accounts, including health care portals. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to generate and store complex passwords.

3. Enable two-factor authentication (2FA) wherever possible: 2FA adds an extra layer of security by requiring a second form of verification, such as a text message code or authentication app, in addition to your password.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Don’t fall for phishing scams; use strong antivirus software: Be mindful of the information you share online and with whom you share it. Avoid providing sensitive personal information, such as Social Security numbers or medical details, unless absolutely necessary. Verify the legitimacy of any requests for personal information. Scammers often pose as health care providers or insurance companies to trick you into revealing sensitive data by asking you to click on links in emails or messages.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

6. Freeze your credit: A credit freeze prevents anyone from opening new credit accounts in your name without your authorization, reducing the risk of identity theft. Contact the major credit bureaus (Experian, Equifax and TransUnion) to request a credit freeze. This is often free and can be temporarily lifted when you need to apply for credit.

7. Remove your personal data from the internet: After being part of a data breach, it's crucial to minimize your online presence to reduce the risk of future scams. Consider using a personal data removal service that can help you delete your information from various websites and data brokers. This can greatly diminish the chances of your data being used maliciously. Check out my top picks for data removal services here. 

DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP

The CVR data breach is deeply troubling, affecting nearly half a million individuals and exposing highly sensitive medical and personal information. What makes this breach particularly concerning is the lasting impact health care data leaks can have on victims, from identity theft to targeted phishing scams. Whether or not you’ve been directly affected, it’s a stark reminder to take proactive steps, such as monitoring your accounts, enabling multifactor authentication and staying alert to phishing attempts.

Do you think companies are doing enough to protect sensitive data, especially in health care? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Identity theft has become a pervasive issue, affecting millions of Americans each year. In 2023 alone, American adults lost a staggering $43 billion to identity fraud. The following story illustrates the devastating impact this crime can have on individuals:

Paula Disberry, a former Colgate-Palmolive employee, was living a comfortable life when she discovered that her 401(k) account had been drained of $750,000. The shock came when she tried to access her account online, only to find it blocked. 

A fraudster had impersonated her, changing her contact details and withdrawing her entire retirement savings in a single transaction. Stories like this of financial identity theft are becoming all too common. If you live in the U.S., you’ve likely already encountered one, or worse, experienced it firsthand.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

The FBI's Internet Crime Report for 2023 reveals that adults 60 and above accounted for 24.08% of all identity theft claims and suffered 41.46% of the total financial losses. While they may not face a higher risk of becoming victims, the financial toll is significantly greater than any other age group. Older adults, especially those over 60, often feel the impact more deeply. Why? They typically have more assets than younger individuals and are less likely to monitor their bank accounts daily.

DON'T GET CAUGHT IN THE ‘APPLE ID SUSPENDED’ PHISHING SCAM

Identity theft has been a concern for centuries, with one of the most famous historical impostors being Frank Abagnale Jr. Abagnale claims to have successfully impersonated various professionals in the 1960s, including a Pan Am pilot and a doctor, forging checks and documents to amass a small fortune. His alleged exploits were so notorious that they inspired the film "Catch Me If You Can."

While Abagnale's story is a dramatic example, modern identity theft has evolved into a more pervasive threat, particularly with the rise of digital technology. The widespread availability of personal information on the web, combined with a lack of regulation preventing companies from collecting data without consent, has made it easier for criminals to exploit personal data. The scale is massive, and the impact can severely disrupt your life and that of your family.

KURT’S PICK FOR REMOVING YOUR PERSONAL DATA FROM THE INTERNET

YOUR EMAIL DIDN'T EXPIRE, IT'S JUST ANOTHER SNEAKY SCAM

Being aware of the warning signs of identity theft can help you take action before it's too late. Here are some red flags to watch for.

Unexplained account activity: Keep an eye out for unfamiliar transactions or changes in your bank or credit card statements that you don’t recognize.

Credit report changes: Regularly check your credit report for new accounts that you did not open or inquiries from lenders that you did not initiate.

Missing mail or bills: If you stop receiving bills or other important mail, it could indicate that someone has changed your address without your knowledge.

Unexpected denials: If you're denied credit unexpectedly, it might be a sign that someone is using your information to apply for loans or credit cards.

Strange communication: Be cautious of emails, texts or calls asking for personal information, especially if they create a sense of urgency or fear.

Unusual password changes: If you notice changes to your online accounts that you did not make, such as password resets or security questions being altered, act quickly to secure your accounts.

Alerts from identity theft protection services: If you use an identity theft protection service and receive alerts about suspicious activity, investigate immediately.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Identity theft doesn’t have to be a devastating blow. You can significantly reduce your risk by being more mindful of your online habits. Here’s how.

1. Monitor your accounts regularly: Keep a close eye on your bank and credit card statements to spot unauthorized transactions early. This can prevent financial losses and protect your assets.

2. Use strong passwords: Use complex passwords and a password manager to secure your online accounts. Strong passwords are your first line of defense against cyber threats.

3. Stop oversharing: Limit the personal information you share on social media and other platforms. It’s a treasure trove for cybercriminals who use it to craft convincing fraud campaigns targeted specifically at you.

4. Invest in personal data removal services: Given the alarming rise in identity theft cases, taking proactive measures to safeguard your personal information is essential. One effective strategy is to invest in personal data removal services. hile no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

5. Freeze your credit: Initiate a credit freeze on your credit file with all three major credit bureaus. This restricts access to your credit records, making it difficult for identity thieves to open new accounts in your name.

6. Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft. 

7. Use two-factor authentication: Enable this extra layer of security on your accounts to make it more difficult for thieves to access your information, even if they obtain your password.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

8. Be cautious with public Wi-Fi: Avoid using public Wi-Fi for sensitive transactions or use a VPN to encrypt your online activity. Using a VPN (virtual private network) service can enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, helping to obscure your location and online activity. While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

9. Shred sensitive documents: Regularly shred financial documents, credit offers and other paperwork containing personal information before disposing of them.

10. Set up bank alerts: Many financial institutions offer text or email alerts for transactions on your accounts, helping you quickly spot unauthorized activity.

11. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

12. Keep software updated: Ensure your devices and antivirus software are up to date. Regular updates often include security patches that protect against vulnerabilities that scammers might exploit. Keeping your software current is a critical step in safeguarding your digital assets.

IS JUST READING THAT SKETCHY SCAMMER'S EMAIL DANGEROUS, OR DO I HAVE TO CLICK ON A LINK TO GET IN TROUBLE?

While the statistics are sobering, they don't have to leave you feeling helpless. Identity theft is a serious threat, but with awareness and proactive steps, you can significantly reduce your risk. Remember, criminals are constantly evolving their tactics, which means we must stay one step ahead. The most powerful weapon against identity theft is knowledge. Understanding how these scams work, recognizing potential red flags and taking preventive measures can make all the difference.

Do you believe that governments should impose stricter regulations on how companies collect and use personal data to better protect consumers? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

You're pulling your hair out, trying to fix something on your computer. You Google it and find what looks like a helpful website or a tutorial with easy step-by-step instructions.

Phew, you’re finally solving your problem, but hold up! You’ve just walked into a "scam-yourself" attack. Cybercreeps use this clever strategy to trick you into compromising your tech so they don’t have to do the dirty work.

BIOMETRIC DATA: IS IT SAFE TO HAND IT OVER TO ANY COMPANY THAT ASKS?

I’m giving away a $500 Amazon gift card. Enter here, no purchase necessary! 

How bad is it?

Bad. Really bad. "Scam-yourself" attacks shot up 614% in the third quarter of this year alone. Lumma Stealer, the top data-stealing malware type that grabs banking info and browser extensions, spiked by 1,154%.

Why do these scams work so well? When something’s broken, our instinct is to rush and fix it as quickly as possible. Now, add to this the fact you’re going through the steps yourself so it feels like you’re in control. That’s exactly what makes these tricks so dangerous.

Scammers are also shockingly good at mimicking trusted sources with professional-looking websites or tutorials, making it easy to believe you’re on safe ground. Add frustration and impatience to the mix, and it’s no wonder so many folks take the bait.

TALK TECHY TO ME: GET YOUR WORK DONE FASTER WITH THIS PRO TIP

RELATED: How to spot a fake retail website before you buy

How they snag you

RELATED: Another scammer is now rich

How to protect yourself

These scammers are savvy, but you can outsmart them.

Think twice before downloading: If a tutorial tells you to turn off antivirus software or download a random link, bail. Rely on big names like Google, Apple and Microsoft that publish steps for help online … or, you know, me!

Check URLs and sources: Cybercriminals mimic legitimate sites. Always double-check the web address, especially when you’re looking at updates or troubleshooting guides. If the URL feels off, trust your gut and close it.

3 SECURITY AND DATA CHECKS YOU SHOULD DO ONCE A YEAR

Be careful what you copy and paste: Never copy commands from unknown sources into your computer’s terminal or command prompt. That’s a classic malware delivery tactic.

Update the right way: Don’t click random pop-ups to update your software. Always go through your device settings or the app store.

RELATED: Hackers have a sneaky trick to get you to click their fake links - See it in action

Let’s say the worst happens.

Despite being careful, you fell for it. Don’t panic, just act fast to limit the damage:

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.

The holiday season is upon us, bringing joy and celebration. But it also comes with a surge in cybercrime. As we focus on shopping and connecting with loved ones, scammers are hard at work using phishing emails to trick us into revealing personal and financial information. 

These deceptive messages often look like they’re from trusted sources such as banks or delivery services, making it easy to fall for their traps.

Below are some phishing attempts that have ended up in CyberGuy's inboxes. By examining these examples of fake phishing emails, you’ll be better equipped to spot the red flags and protect yourself from potential scams this holiday season.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

This phishing email claims to be from Apple and promises you a free iPhone 15 Pro.

 It says, "NO CATCH, NO COST, WIN IN MINUTES." It uses the official Apple logo and the word FREE in capital letters to catch your attention. It asks you to confirm your shipping address to receive your prize and says, "Just answer a few questions, WIN a iPhone 15 Pro. It is that simple!" 

It even shows you a picture of an iPhone 15 to make it look authentic. You’ll notice it has two green buttons for you to click that say, "GET STARTED." 

This scammer tries to fool you by using the words "Temu Confirmation," which sounds like a legitimate email confirming that your package is on its way. They urge you to click on the link that says, "Please Confirm Receipt," implying that you need to do so to receive your package.

They also add a deceptive message that says, "If you cannot see the images below, Click show images," highlighted in red. This is another way to trick you into clicking on the link.

Moreover, they use a sneaky tactic of labeling the message as "This message is from a trusted sender" and highlighting it in green, as if to reassure you that it is safe and authentic.

This email is a fake one that tries to imitate the Chinese shopping platform Temu. 

It uses the phrase "YOUR OPINION IS IMPORTANT!" in capital letters to get your attention. It then offers you a tempting reward: "a pallet of products from TEMU" with a picture to make it look real. It asks you to take a short survey to claim your reward by clicking on the big orange button that says "CLICK HERE" in capital letters. Don’t do it!

BEWARE OF THIS LATEST PHISHING ATTACK DISGUISED AS AN OFFICIAL EMAIL SENT BY GOOGLE

The scam email pretending to be from Target wants you to believe that you are a lucky winner. 

It uses the words "GIVEAWAY ENTRY WINNER" in large and bold capital letters. It also puts "Final notice" in the subject header, giving you a sense of urgency. The email asks you to take a short survey about your Black Friday shopping experience to claim your prize and wants you to click on the GET STARTED button. Don’t do it.

SCAMMERS EXPLOIT GRIEF WITH FAKE FUNERAL STREAMING ON FACEBOOK

As you’ll see in the "Delivery" messages below, the scammers are getting clever by sending a series of emails to make you think that you have a real package on its way to you, and/or you keep missing the delivery of this package. The emails say things like "We tried delivering your package," "Uncompleted Dispatch," "Third attempt," "Delivery unsuccessful" and "Your order will be canceled in the next 24 hours."

These emails are designed to create a sense of urgency and pressure you into clicking on the links that they provide. They want you to think that this company is really trying to reach you, so it must be real. But it’s a scam! However, these links are not from legitimate delivery companies but from scammers who want to steal your information or infect your device. If you are expecting a package, check the tracking number and the sender’s address carefully. Do not click on any links or attachments that you do not recognize.

This email claims to be from UPS, but it is actually a scam. It uses the UPS logo and colors to look authentic and is designed to trick you into clicking on malicious links. It starts with the alarming phrase "Delivery Unsuccessful" and tells you that you have one package waiting for delivery.

It then asks you to confirm your shipping details by clicking on either the "CONTINUE" or the "SCHEDULE YOUR DELIVERY" buttons, both in capital letters. Don’t do it!

HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

This is another email pretending to be from UPS. It uses the words "order pending" to catch your attention, and it shows a picture of a package to make you think you have a delivery.

It then tells you that your parcel is stuck at a distribution center because you need to pay more postage. It asks you to go to a link to pay the fee. And it warns you that you have only 48 hours to do so, or else your package will be returned to the sender. It tries to create a sense of urgency by making you click on the yellow button that says "SCHEDULE FOR DELIVERY" in capital letters. Don’t do it!

One of the phishing scams we encountered recently is an email claiming that you've won a Rachel Ray Cucina Cookware Set. This email is particularly deceptive because it appears to come from a reputable retailer, Kohl's, but there are several red flags to watch out for. The email falsely claims to be from "Kohl's Department" instead of the official "Kohl's." This slight alteration is a common tactic used by scammers to trick recipients into believing the email is legitimate.

The email's reply-to address is tech@student.lvusd.org, which is clearly unrelated to Kohl's. Official emails from Kohl's would not use a student email address. The message includes phrases like "You have won a Rachel Ray Cucina Cookware Set" to create a sense of urgency and excitement, prompting you to click on the provided link without proper verification.

As you can see, phishing emails can be hard to distinguish from genuine ones, especially during the busy holiday season when you may receive many emails from various sources. However, there are some additional red flags beyond the ones we've already mentioned that can help you identify a fake email. Here are some of them:

Check the sender’s address and domain name. Fake emails often use spoofed or similar-looking addresses and domain names to deceive you. For example, an email from support@amaz0n.com or info@fedex.delivery.com is likely a phishing attempt. You'll notice in the Apple phishing email below the email address has just a bunch of letters and numbers. Always verify the sender’s address and domain name before opening or responding to an email.

Check the spelling and grammar. Phishing emails often contain spelling and grammar errors or use poor or unnatural language. For example, an email that says, "Dear Customer, Your order has been shipped. Please confirm your delivery address by clicking here." It is suspicious because it does not address you by name, uses a generic greeting and asks you to click on a link. Always read the email carefully and look for any mistakes or inconsistencies.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Check the links and attachments. Fake emails often contain links and attachments that lead to malicious websites or download malware to your device. For example, an email that says, "You have won a $100 gift card from Walmart. Click here to claim your prize." It is likely a scam. On a laptop or desktop, always carefully hover your mouse over the links and check the URL before clicking on them, and never open or download any attachments from unknown or suspicious sources.

Use strong antivirus software: The first and most crucial step to protect yourself from accidentally clicking on fake links in spam emails is to have strong antivirus software installed on your device. This software can detect and block malicious emails and links, providing an extra layer of security. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

Do not open or reply to spam emails. This can confirm your email address to the sender and encourage them to send you more spam. It can also expose you to malicious links or attachments that can harm your device or data.

Mark spam email as junk or spam. Most email providers have a feature that allows you to flag spam emails and move them to a separate folder. This can help you filter out spam emails from your inbox and also improve the spam detection of your email provider.

Do not share your email address publicly or with unknown sources. This can reduce the chances of your email address being collected by spammers. You can also use a disposable or email alias for signing up for online services that you do not trust or need.

Use a personal data removal service: Scammers can obtain your information from various online sources, including data brokers, people search sites and public records. Using a data removal service can help reduce your digital footprint, making it harder for scammers to access your personal information. This proactive step can be crucial in preventing identity theft and minimizing the chances of falling victim to scams during the busy holiday season.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

YOUR EMAIL DIDN'T EXPIRE, IT'S JUST ANOTHER SNEAKY SCAM

If you realize that you have clicked on a link or opened an attachment from a fake email, don’t panic. Here are some steps that you can take to minimize the damage and protect yourself:

1. Disconnect your device from the internet. This will prevent any further communication or data transfer between your device and the malicious website or malware. You can do this by turning off your Wi-Fi or unplugging your ethernet cable.

2. Scan your device for malware. Use a reputable antivirus software to scan your device and remove any potential threats. Having good antivirus software actively running on your devices will alert you of any malware in your system, warn you against clicking on any malicious links in phishing emails, and ultimately protect you from being hacked.  Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.

3. Change your passwords. If you have entered or provided any passwords or personal information on the malicious website, you should change them as soon as possible. Consider using a password manager to generate and store complex passwords.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. You should also enable two-factor authentication for your online accounts, which adds an extra layer of security by requiring a code or a device confirmation in addition to your password.

5. Monitor your accounts and credit reports. If you have entered or provided any financial information on the malicious website or link you clicked on, you should monitor your bank accounts, credit cards and credit reports for any suspicious or unauthorized activity.

6. You should also contact your bank or credit card company and inform them of the incident. You may need to cancel or freeze your cards or accounts to prevent any further fraud.

7. Report the phishing email. You should also report the phishing email to the sender’s legitimate organization, such as your bank, retailer or delivery service, and to the authorities, such as the Federal Trade Commission (FTC) or the Anti-Phishing Working Group (APWG). This will help them to take action and prevent others from falling for the same scam.

8. Use identity theft protection services if you entered your personal information on any links you clicked on or websites that you were directed to. Identity theft protection companies can monitor your personal information (home title, Social Security number, phone number, email address) and alert you in the event they become breached. It can also alert you if any of these are being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

Unfortunately, as the holiday season unfolds, cybercriminals are also getting into the "holiday spirit" by increasing their efforts to exploit your trust and distractions. By staying alert and applying the tips we’ve discussed, you can enjoy the season without falling victim to their schemes. Remember, phishing emails are designed to play on your emotions — whether it's excitement, urgency or curiosity. Always take a moment to verify the authenticity of any message before clicking on links or sharing personal information. When in doubt, reach out directly to the company or service in question through its official website or app.

Do you feel that companies are doing enough to protect consumers from phishing scams? Why or why not?  Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Scammers have various methods when it comes to getting their hands on your phone number. You might think, "Well, what's the big deal? Isn't it easy to find someone's number these days, no matter what?" Yes. And if you've already had your fair share of telemarketers call you, maybe you feel like you've got it under control.

The problem is that scammers with the right knowledge and the wrong intentions can wreak havoc just by having your phone number in their possession. 

Once they do, they can use it to trick you in all sorts of ways. 

The good news is that by familiarizing yourself with their tactics, you can be one step closer to preventing yourself from falling victim to them. Here's what you need to know.

2 DAYS LEFT! I’M GIVING AWAY A $500 GIFT CARD FOR THE HOLIDAYS (Ends 12/3/24, 12 pm PT)

In today’s digital age, your phone number is more than just a way for friends and family to reach you. It can be a gateway for scammers to access your personal information and wreak havoc on your life. From phishing attempts to extortion, the risks are numerous and varied. Here are nine ways scammers can exploit your phone number if it falls into the wrong hands:

Scammers can also use your phone number to launch rather easy phishing attacks. They might send text messages or make calls posing as your bank or a popular online service that you subscribe to. The goal is to call you and trick you into providing login credentials, credit card details or other personal information, which they can then use for fraudulent activities. And once they have all your other information, they can do a lot more damage just by having your phone number as that initial segue.

In some cases, scammers use your phone number for extortion or blackmail. They may claim to have compromising information about you and demand payment to keep it private. By contacting you directly, they can apply continuous pressure, making their threats seem more real and immediate.

One unique way they do this to target elderly people is by pretending to be your grandchild or another relative in distress. The scammer often claims that your grandchild is in an emergency situation — such as needing bail money or medical assistance — and urgently requests financial help. With AI voice cloning technology, they may even be able to use your grandchild's voice. This emotional manipulation usually gets the victim to pay up.

This one may not be as dramatic, but your phone number can be sold to robocall and spam message services. These automated systems bombard you with unwanted calls and texts, often promoting scams or fraudulent products. While these may seem like minor annoyances, they can lead to bigger scams if you engage with the messages or follow their instructions. Hang up on them.

HOW TO STOP ANNOYING ROBOCALLS

Phone number spoofing is a common tactic where scammers disguise their caller ID to appear as a trusted contact by calling from what appears to be a familiar number as it may have the same area code where you live, an area code where your friends or family live or even the actual phone number of someone close which you can recognize.

This makes it more likely that you'll answer the call, giving them the opportunity to deceive you into revealing personal information or transferring money. This is, of course, the case when phone spoofing is used against you. But in situations where they use YOUR phone number, they can be scamming those close to you without you even knowing!

With these phone spoofing tactics, scammers can use your phone number to impersonate government officials, such as IRS agents or Social Security administrators. They may call you claiming there’s an urgent issue, like unpaid taxes or suspicious activity involving your Social Security number. This ploy often involves threats of legal action or arrest to pressure you into providing sensitive information or making immediate payments.

Instead of pretending to be from a government agency, another trick is for scammers to try their luck by posing as a representative from a utility company, like an electric or water company. Scammers will claim that you have an overdue invoice and threaten to cut off your service unless you pay immediately. Using your phone number, they can contact you repeatedly, making the scam seem more legitimate (and pressing).

SIM swapping or a port-out scam is when scammers transfer your phone number to a new SIM card in their possession. By convincing your mobile carrier to reroute your number, they can receive all your calls and messages, including those containing two-factor authentication codes. This allows them to bypass security measures and take over your online accounts.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

With SIM swapping techniques/port-out, scammers can also use your phone number as a key to access sensitive data stored in your online accounts. By initiating password resets and intercepting verification codes sent via SMS, they can gain unauthorized access to your email, social media and banking accounts, leading to significant personal and financial damage.

Finally, scammers can use all the tactics above to not only access the accounts you already have but also create fake online accounts in your name. These accounts can be used for a variety of malicious purposes, such as spreading malware, launching further scams or conducting identity theft. The presence of your phone number makes these accounts appear more legitimate, increasing the chances of deceiving others.

10 SIMPLE STEPS TO IMPROVE YOUR SMARTPHONE'S SECURITY AND PRIVACY

To protect your phone number from falling into the hands of scammers, here’s what you can do:

1. Be cautious about sharing your phone number publicly: Avoid posting your phone number on public forums, websites or social media platforms where it can be easily accessed by scammers.

2. Limit exposure of your phone number on social media and other online platforms: Use privacy settings to restrict who can see your contact information. Most social media platforms and online services offer privacy settings that allow you to control who can view your personal information. Make sure to review and adjust these settings regularly. Only share your phone number with trusted contacts.

3. Consider using a secondary number for online registrations and transactions: Services like Google Voice can provide you with a secondary number that you can use for online activities, keeping your primary number private.

4. Monitor your accounts regularly for unusual activity: Check your bank accounts, email and other online accounts for any signs of unauthorized access or suspicious activity.

5. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Use two-factor authentication apps instead of SMS-based verification where possible: Two-factor authentication (2FA) provides an extra layer of security that is more difficult for scammers to bypass compared to SMS-based verification.

7. Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account.  They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

8. Remove your personal information from the internet: While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice.  They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet.  By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with the information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. 

GET FOX BUSINESS ON THE GO BY CLICKING HERE

If you suspect that scammers already have your phone number, take the following steps:

Contact your mobile carrier to alert them of the scam calls, especially if they come from the same number. Your carrier may be able to block the number or provide additional security measures.

Consider changing your phone number if the issue persists: If scam calls continue despite your efforts, changing your phone number may be the best solution.

Report any suspicious activity to the appropriate authorities: Contact your local law enforcement or consumer protection agency to report scams and seek advice on further actions.

Consider placing fraud alerts on your accounts: Fraud alerts can help protect your credit and financial accounts from unauthorized access.

Monitor your phone for unusual calls or messages: Keep an eye out for any unexpected calls or messages, and do not respond to them.

Check your phone bill for unauthorized charges: Regularly review your phone bill to ensure there are no unexpected charges, which could indicate that your number has been used fraudulently.

By following these steps, you can significantly reduce the risk of falling victim to phone number scams and protect your personal information.

RECLAIM YOUR PRIVACY BY DISABLING YOUR CELL PHONE CARRIER'S DATA TRACKING

Scams have become much more sophisticated these days, especially with artificial intelligence, making it easier for scammers to target more people and get away with it. Always be wary of a scam. If you think something seems strange, it's probably best to go with your gut.

Have you ever experienced a scam involving your phone number? If so, how did you handle it? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com.  All rights reserved.