"Love is blind" takes on a more sinister meaning when so-called artificial intelligence (AI) becomes a tool for exploiting our deepest human emotions. 

Convincing AI technologies are increasingly targeting mature online daters, turning fantasies into lucrative and dangerous criminal enterprises.

Romance scams have become the most common type of fraud in 2025 and have swindled would-be lovers out of over $1.3 billion in the United States alone. Just last year, the world heard the cautionary tale of a 53-year-old French woman who lost $850,000 to a convincing AI deepfake of Brad Pitt.

GET SECURITY ALERTS + EXPERT TECH TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

The scammers had wooed her for over 8 months with realistic (yet fake) images, voice calls, videos and even multiple social media accounts. Similarly, a 67-year-old from San Diego was tricked out of her life savings when an AI impostor gang posed as Keanu Reeves, also raising awareness about romance scams impacting the elderly. The worst side of both stories is that the fraudsters haven’t been caught, and the victims’ financial institutions did little to help them recover their funds.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

AI-powered romance scams have become far more sophisticated than "traditional" scams. Criminals use a variety of AI tools together with advanced tactics to create deeply personalized and remarkably realistic digital identities. Unlike traditional scams relying on generic scripts, these AI-powered approaches can generate nuanced, contextually appropriate conversations that adapt in real time to victims' emotional state and personal background. In short, romance scams have become so dangerous because they use multiple advanced methods.

AI-driven romance conversations are increasingly challenging for both victims and traditional anti-fraud mechanisms to detect. Spotting and preventing these scams can be tricky, but privacy experts recommend some tried-and-true ways.

BEST VALENTINE’S DAY GIFTS 2025

Spotting and preventing these sophisticated AI-driven scams can be tricky, but staying informed can help you avoid becoming a victim. By being vigilant, verifying identities and recognizing red flags, you can navigate online dating safely while protecting your finances and personal information. Here are some things to look out for:

STOP THESE V-DAY SCAMS BEFORE THEY BREAK YOUR HEART AND YOUR BANK ACCOUNT

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Your personal information is a scammer’s best tool. This includes your phone number, email and other contact details that allow them to reach you, as well as information like the celebrities you follow, your family members and even the type of content you engage with online to tailor the perfect attack. As scams become more sophisticated and reliant on loads of data, it’s more important than ever to take proactive measures to safeguard your personal information.

1. Vigilance in online dating: In the digital world, not everyone is who they claim to be. Be wary of potential romantic interests who ask for money or gifts or those who want to move the relationship along too quickly. Keep your personal and financial information private and never share it with someone you haven't met in person.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

2. Verify the identity: Request additional information or proof to verify their identity, such as video chatting or meeting in person if possible. Exercise caution before getting emotionally invested in someone you haven't met in real life.

3. Research and verify: Conduct an online search using the person's name, email address or phone number to see if any suspicious or fraudulent activities are associated with them. Reverse image search their profile pictures to check if they are stolen from elsewhere on the internet. You can also reverse-search their phone number for free by following the instructions found here.

4. Privacy settings: Keep your social media profiles private so only those you trust can see what’s going on in your life.

5. Limit sharing: Adjust the privacy settings on all of your online accounts and apps to limit data collection and sharing.

6. Use reputable dating platforms: Stick to well-known and reputable dating websites or apps with security measures to help protect their users from scams. These platforms often have guidelines for safe online dating and report suspicious users.

7. Invest in personal information removal services: I highly recommend you remove your personal information that can be found on various people search sites across the web. If you give someone your email address or phone number, they could potentially reverse-search your information and get your home address. Check out my top picks for data removal services here.

AI-powered romance scams have become a serious threat, exploiting our deepest emotions for financial gain. As you navigate the digital dating landscape, it's crucial to stay vigilant and protect yourself from these sophisticated schemes. Remember, if something seems too good to be true, it probably is. Trust your instincts, take things slow and always prioritize your safety and financial well-being.

How has the rise of AI-powered romance scams changed your approach to online dating or your views on digital relationships? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

The healthcare industry has recently been a major target for hackers. You might remember the 2024 Ascension attack, which led to significant disruptions. 

The Change Healthcare breach was also on a massive scale. UnitedHealth initially claimed that 100 million Americans were affected, but later raised that number to 190 million. 

There have been countless other incidents, and now you can add another to the list. Community Health Center, Inc. (CHC), a Connecticut-based federally qualified health center, has disclosed a data breach following a criminal cyberattack on its systems. 

The attack has affected over a million people in the U.S.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

Community Health Center, Inc. (CHC) detected a data breach on Jan. 2 after identifying unusual activity within its computer systems. An investigation confirmed that a skilled hacker had accessed and extracted data but did not delete or lock any information. If CHC's claims are accurate, this is a positive outcome, as hackers often deploy ransomware, a type of attack in which they lock systems and demand payment before restoring access.

In a regulatory filing with the Maine Attorney General’s Office, CHC said that 1,060,936 people were affected by the data breach. The type of information compromised varies depending on an individual’s relationship with CHC. Patient data that may have been accessed includes names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security numbers and health insurance information.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

For individuals who are not regular CHC patients but received COVID-19 services at a CHC clinic, the breached data may include names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity and insurance details if provided. Additional information, such as test dates, results and vaccine details, including type, dose and administration date, may also have been affected. In rare cases, Social Security numbers were also included in the breach.

The organization did not disclose how the hackers gained access to the data or whether proper cybersecurity measures were in place at the time of the breach. While CHC has assured that its systems are no longer at risk, the same cannot be said for its patients, who may now be targets of various cyberattacks.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

CHC said the hacker’s access was terminated within hours, and daily operations were not disrupted. To strengthen cybersecurity, CHC claims it has implemented advanced monitoring software and reinforced system protections. The organization said there is no evidence at this time that the compromised data has been misused.

The health center is offering free identity theft protection services for all patients and COVID-19 service recipients whose Social Security numbers were involved in the breach. The organization is also encouraging individuals whose Social Security numbers were not affected to take additional steps to protect their information.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity, and report any issues immediately to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. An identity theft protection service can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. It can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using an identity theft protection service is that it might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft. 

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

The CHC breach may not be as large as the UnitedHealth attack, but with over a million individuals affected, it’s still a serious incident. Cybercriminals can exploit stolen data in various ways, from identity theft to targeted phishing scams. While CHC has taken steps to secure its systems, those impacted should remain vigilant. Be wary of unexpected emails, calls or messages requesting personal information, and consider monitoring financial and medical accounts for any suspicious activity.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels for the latest tech tips and tricks:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web don’t help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words. 

In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there's probably a solution. 

But bad actors have caught on to this, too. They’re now mimicking Reddit to spread malware that can steal your personal information.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

Hackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services.

On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware.

All these fake pages have the following things in common:

These fake websites were discovered by Sekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware.

According to BleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Hackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password.

But Reddit isn’t the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks.

This type of malware has already played a role in major security breaches, including attacks on PowerSchool, Hot Topic, CircleCI and Snowflake. It’s a growing threat, especially for companies that rely on password-based security.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

1. Be cautious with download links: Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, it’s better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulation—like random characters added to the domain name.

2. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Verify website URLs: Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., ".org" or ".net" instead of the official ".com").

4. Use strong, unique passwords and enable 2FA: A password manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2FA) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here.

5. Keep your software updated: Regularly update your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit.

6. Watch out for malvertising and SEO traps: Hackers manipulate search engine results and run deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true. 

HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY

Hackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but they’re designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals.

Have you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

The chances of your Instagram, X, Facebook, Amazon, Threads, Rumble, Twitch or other accounts getting taken over by spammy bots and data-stealing thieves have never been higher. So, don’t sit there all smug, thinking, "Oh, Kim, that could never happen to me!"

Freebie alert: I’m giving away my latest ebook, "50 Smart Ways to Use AI" (a $9.95 value). Hope it helps you!

A lot of the advice you find online about hacked social media sites and profiles is just plain wrong or, worse, leads to a scammer who promises to get your account back but really just steals your money. Keep reading for advice you can trust.

DON’T SCAM YOURSELF WITH THE TRICKS HACKERS DON’T WANT ME TO SHARE

Step 1: Sign out on every device

It’s alarming to think about someone else’s hands all over your social media account, posting crap on your page. Fully sign out of your account on every device you’re logged in.

Pro tip: Under the Settings section in every social app, you’ll see a list of all (or the most recent) devices signed in. On Facebook, for instance, just click your profile picture > Settings & privacy > Activity log > Where you’re logged in.

This step will often boot more casual hackers piggybacking on automatic sign-ins. They’ll get asked for passwords they don’t have and won’t be able to log in again, so they can’t spam your peeps. But don’t stop here!

Step 2: Change your password

Log into your account on one device and change your password. The account or settings page will have that option, like here on Instagram. If hackers did get your password (maybe from a massive data breach), this will lock them out.

You know the drill: Replace your old password with a strong one. Make it at least 12 characters with a mix of uppercase and lowercase letters, numbers, and symbols. Better yet, have a password manager come up with a great one for you.

THIS CRIME SHOT UP 400% — HOW TO PROTECT YOURSELF

Step 3: Report the hack

Now, hackers should be mostly locked out of your socials. Before you take a deep breath, though, report the hack. This way, your social media platform can help you roll back your hacked messages and freeze your account until you’re sure everything is safe.

Account hacking is so bad, some social media sites have dedicated pages to report the problem. Here’s Facebook’s hacked page, and, no surprise, there’s also an Instagram hacked page and X’s questionnaire.

Step 4: Check for surprise changes

No one likes cleaning the house, but it has to be done. Jump over to your account settings and check for any funny business, like:

I’M A TECH EXPERT: 10 AI PROMPTS YOU’LL USE ALL THE TIME

Step 5: One last thing

Phew, you’re almost done. Be sure to enable two-factor authentication (2FA) for your account. You can get a code via text, but it’s more secure to use an authenticator app. Steps here if you’re new to the 2FA game.

FYI, you can only get 2FA on X if you pay for its $8 monthly Premium service. Annoying.

If you run into any trouble with these steps …

… Or if a hacker got your account suspended, call the social media platform. Keep in mind these companies don’t care about you, so they really don’t want to help you. You’ll have to be persistent. Here’s a list of popular tech numbers. Do not search on Google for these phone numbers.

Reminder, get my newest ebook "50 Smart Ways to Use AI" free right now.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.

UnitedHealth’s Change Healthcare unit suffered a data breach in February 2024, the news of which surfaced Feb. 21. 

Initially reported to have affected around 100 million individuals, the U.S. health insurance giant has now revealed that the actual number is significantly higher: 190 million. This makes it the largest breach of medical data in U.S. history, affecting nearly half the country’s population. 

A breach of this magnitude can have devastating consequences for the American people as malicious actors could exploit the data for a range of attacks if it finds its way to the dark web.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

UnitedHealth confirmed on Friday, Jan. 24, 2025, that the ransomware attack on its Change Healthcare unit affected approximately 190 million people in the United States. The company had previously estimated the number of affected individuals to be around 100 million in its preliminary analysis filed with the Office for Civil Rights, a division of the U.S. Department of Health and Human Services that investigates data breaches.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

UnitedHealth stated that the majority of those impacted have already been notified, either directly or through substitute notice. The final tally of affected individuals will be confirmed and submitted to the Office for Civil Rights at a later date.

The company tells CyberGuy it is "not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis." However, UnitedHealth did not disclose when it became aware of the additional 90 million victims, how the revised figure was determined or what changes led to the updated number.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

The cyberattack on Change Healthcare in February caused widespread disruptions across the U.S. healthcare sector, as the company took its systems offline to contain the breach. This shutdown impacted critical services such as claims processing, payments and data sharing, which many healthcare providers rely on.

The stolen data varied by individual but included a broad range of personal and sensitive information, such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport details.

Plus, hackers may have accessed health-related information, including diagnoses, medications, test results, imaging records, care and treatment plans, and health insurance details. Financial and banking information tied to claims and payment data was also reportedly compromised.

The breach was the result of a ransomware attack carried out by ALPHV/BlackCat, a Russian-speaking ransomware and extortion group. The attack, a form of malware intrusion, locks victims out of their data unless a ransom is paid. ALPHV/BlackCat later took credit for the attack.

During a House hearing in April, Change Healthcare admitted that the breach was made possible due to inadequate security measures, specifically the absence of two-factor authentication to protect its systems.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity and immediately report any issues to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

It’s surprising that a company of UnitedHealth’s scale failed to implement even basic cybersecurity measures when handling customer data. A breach affecting 190 million people – nearly half of the U.S. population – is staggering, leaving almost anyone at risk of becoming a target for hackers. While the company is still assessing the full extent of the breach, you can take precautions now by being cautious with any unknown links or unsolicited calls. Bad actors may use a variety of tactics to cause harm.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A sophisticated phishing campaign exploiting Google Calendar has been uncovered by Check Point Software Technologies, raising alarms among cybersecurity experts. 

Cybercriminals are sending fake meeting invitations that appear legitimate, redirecting victims to phishing sites and mimicking Google's platforms to steal sensitive information. 

This emerging threat is particularly concerning given the widespread use of Google Calendar, which serves more than 500 million users globally in 41 languages. Researchers have identified nearly 4,000 phishing attempts in a matter of weeks, impersonating more than 300 reputable brands.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Hackers leverage the trust in Google's services to carry out their attacks. Victims receive seemingly authentic meeting invites via Google Calendar. Upon clicking links within these invites, they are taken to fake web pages that prompt them to input personal data. Once compromised, this information can be used for identity theft, financial fraud and unauthorized access to other accounts. Security experts warn that attackers are now using AI to craft highly convincing fake invitations, making it even harder to spot the fraud. Reacting to the findings from Check Point, a spokesperson for Google said:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

"We recommend users enable the 'Only If The Sender Is Known' setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past."

ASK KURT: HOW TO NAVIGATE GOOGLE’S PRIVACY SETTINGS

Google has introduced the "known senders" feature in Google Calendar to combat sophisticated phishing attempts. This setting helps you filter out potentially malicious calendar invites. Here's how to enable it:

This ensures that only events from contacts, your organization or previous interactions are automatically added to your calendar.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW ONE MAN GOT SCAMMED IN SECONDS USING GOOGLE

To further protect yourself from phishing scams, follow these steps.

Scrutinize unexpected invites carefully: Examine the sender's details, including their name, domain and email address, for any inconsistencies or signs of spoofing.

Avoid clicking suspicious links or downloading attachments from unknown sources: Threat actors often embed malicious links in calendar invites that can lead to phishing websites designed to steal your personal information.

Use strong antivirus software: This provides an additional defense mechanism against malware and can help detect potential phishing attempts before they cause damage. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Enable two-factor authentication (2FA) for your Gmail account: 2FA adds an extra layer of security that can prevent unauthorized access, even if your credentials are compromised.

Keep your security settings up to date: Regularly review and adjust your calendar and email settings to protect against evolving phishing tactics.

HOW A WRONG GOOGLE SEARCH CAN COMPROMISE YOUR DATA AND BRING LAW ENFORCEMENT CALLING

As phishing tactics evolve, cybercriminals are exploiting trusted platforms like Google Calendar to bypass traditional security measures. This underscores the importance of user vigilance and proactive security practices. By enabling the "known senders" setting and implementing additional security measures, you can significantly reduce the risk of falling victim to calendar-based phishing scams.

What digital security challenges have you encountered recently? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Did you know that identity theft happens every 22 seconds? This means that, by the time you finish reading this sentence, someone has likely had their identity stolen. At best, identity theft will steal away your time and patience. But more often, identity theft leads to severe consequences, like losing control over your financial accounts, having your credit score affected or even losing lifelong savings.

However, you don't have to be a statistic. By understanding how identity thieves operate and implementing smart protection strategies, you can make your personal data a fortress that's too challenging for cybercriminals to breach. Drawing from the Federal Trade Commission's (FTC) latest Identity Theft Awareness Week insights, I'll walk you through expert-backed strategies to shield your most valuable asset: your identity.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

With so much of our lives having moved online, identity thieves are having an easier time than ever. Your most important accounts – banking, credit, Social Security – are all digital. Thieves don’t need to know much about you to steal your identity, just a few pieces of personal information can be enough. According to the Bureau of Justice Statistics, 24 million Americans reported identity theft in the past 12 months. In their lifetime, 1 in 3 Americans (more than 110 million people) have experienced identity theft. Here’s the part many people don’t realize: You might have already been a target. Maybe your identity was stolen, and the thieves failed, or maybe your good online habits saved you without you even knowing, which brings us to the next lesson: prevention.

THINK YOU'RE SAFE? IDENTITY THEFT COULD WIPE OUT YOUR ENTIRE LIFE’S SAVINGS

You don’t need to spend a fortune to guard against identity theft. While professional services can be helpful, most of what you need comes down to better habits and awareness. Here are some simple steps you can take today:

1) Check your accounts regularly: Review your bank, credit card and Social Security accounts for transactions you didn’t make, failed login attempts and password reset requests you didn’t initiate.

2) Keep an eye on your mail: Look for letters regarding accounts you didn’t open, notices of data breaches and transaction summaries that don’t match your records.

3) Monitor your email inbox: Be alert for password reset emails you didn’t request, confirmation of new accounts you didn’t open, receipts for purchases you didn’t make.

4) Use two-factor authentication (2FA): 2FA adds extra layers of security to your accounts. Even if a thief has your password, they won’t be able to log in without a second step, like a code sent via text message or app-based verification. While logging in might take an extra moment, it’s worth it; 2FA dramatically increases account security.

5) Check your credit report annually: Visit AnnualCreditReport.com to get your free credit report once a year. Use it to spot suspicious activity early. If you see something unusual, take action right away.

6) Use strong passwords: Use complex passwords and a password manager to secure your online accounts. Strong passwords are your first line of defense against cyber threats.

7) Stop oversharing: Limit the personal information you share on social media and other platforms. It’s a treasure trove for cybercriminals who use it to craft convincing fraud campaigns targeted specifically at you.

10 SIGNS YOUR IDENTITY HAS BEEN COMPROMISED

Nearly half of Americans don’t know how to respond if they fall victim to identity theft. Acting quickly can make a huge difference. Here’s what to do:

1) Contact the affected institution: Contact the company immediately if you notice something unusual, like a suspicious charge or an unfamiliar account. They’ll guide you through securing your account.

2) Change your passwords: Update the password for the affected account and any others using the same credentials. Use strong, unique passwords for each account to avoid further risks.

3) Report the theft to the FTC: Visit IdentityTheft.gov to report identity theft and get personalized recovery steps.

4) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Data breaches often start with personal information that’s readily available online. People search sites and data brokers collect and sell this information, including your name, address, phone number and more. Can you get your data removed? Yes, but it’s tricky. These companies don’t make it easy, and managing removal requests for hundreds of sites can be overwhelming. 

Instead, consider using a personal data removal service. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

CELLPHONE NIGHTMARE LEADS TO PORTED NUMBERS, IDENTITY THEFT, FIGHT FOR RECOVERY

Look, identity theft is scary, but you're not helpless. By staying smart and proactive, you can dramatically reduce your risks. Think of protecting your identity like locking your front door: It's just good common sense in today's digital world. At the end of the day, a little awareness goes a long way, and you've already taken the first step by reading this article. Now, take what you've learned and apply it to keep you safe from cybercriminals.

What situation have you found yourself in where you felt vulnerable to identity theft or needed help protecting your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Nowadays, almost every app you download asks for location permissions, meaning it wants to track where you are and your movements. For an app like Google Maps, requesting location access makes perfect sense. It's also reasonable for apps like Uber or DoorDash, which rely on location for their services. 

However, many apps that have nothing to do with location still ask for it, and we often grant these permissions without thinking twice. When you give an app access to your location, that data is stored and, in some cases, might even be sold. According to Texas Attorney General Ken Paxton, this practice is not uncommon. 

A recent lawsuit filed by Paxton alleges that the insurance company Allstate collected and sold the location data of 45 million Americans' smartphones.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

In a press release, Paxton announced that he had sued Allstate and its subsidiary, Arity, for unlawfully collecting, using and selling data about the location and movements of Texans' cellphones. The data was gathered through secretly embedded software in mobile apps, such as Life360. "Allstate and other insurers then used the covertly obtained data to justify raising Texans’ insurance rates," the press release stated.

The insurance provider allegedly collected trillions of miles' worth of location data from more than 45 million Americans nationwide. The data was reportedly used to build the "world’s largest driving behavior database." When customers sought a quote or renewed their coverage, Allstate and other insurance companies allegedly used the database to justify raising car insurance premiums.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Paxton claims the actions violated the Texas Data Privacy and Security Act. The lawsuit alleges customers were not clearly informed their data was being collected and did not consent to the practice.

"Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software," said Paxton. "The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable."

We reached out to Allstate and Arity for comments. A rep for the Allstate Corporation provided CyberGuy with this statement: "Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations."

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Car manufacturers have also been accused of selling similar data to insurance companies. Last year, Paxton sued General Motors for allegedly collecting and selling the private driving data of more than 1.5 million Texans to insurance companies without their knowledge or consent. In addition to insurance companies, data brokers are frequent buyers of customer data. Critics say these brokers fail to adequately protect the information, leaving it vulnerable to hackers. Earlier this month, hackers claimed to have breached Gravy Analytics, a major location data broker and the parent company of Venntel, which is known for selling smartphone location data to U.S. government agencies.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

1. Avoid installing the insurance company’s app: Many insurance companies encourage users to download their apps to "simplify" claims, payments or policy management. However, these apps often collect and track your location data under the guise of improving their services. If the app is not absolutely essential, manage your account through the company’s website or contact customer service directly instead.

2. Don’t give location permissions unnecessarily: When an app requests location access, ask yourself whether it genuinely needs this information to function. For example, a weather app may need approximate location data, but a flashlight app does not.  Always choose "Deny" or "Allow only while using the app" unless absolutely necessary. Most modern devices also allow you to provide an approximate location rather than a precise one, which is a safer option when location access is unavoidable.

3. Review and manage app permissions regularly: Over time, you may forget which apps have been granted permissions. Regularly go through your device’s app settings to check and adjust permissions. On most devices, you can access this under settings > privacy > app permissions (specific steps vary by operating system). Revoke access for any apps that don’t need it or seem suspicious.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Turn off location services when not in use: Keep location services off when you don’t need them. This reduces the chances of apps or devices tracking you passively in the background. For tasks like mapping or food delivery, turn location services on temporarily, then turn them off when you’re done. For added security, avoid connecting to public Wi-Fi networks, which can also be used to track your location indirectly.

5. Use privacy-focused tools and apps: Invest in tools designed to safeguard your privacy. Virtual private networks (VPNs) can mask your location online and prevent unwanted tracking while browsing.  VPNs will also protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

If Allstate is indeed unlawfully collecting and selling people’s location data, Attorney General Paxton is right to hold them accountable by filing a lawsuit. In an era where cybercriminals exploit every opportunity to scam individuals, companies that fail to protect customer data are unacceptable and should face consequences. Data has become the new oil, and everyone seems eager to exploit it — often at the expense of ordinary people. Businesses that prioritize profits over privacy erode trust and put consumers at risk, making it crucial to enforce strict accountability for such practices.

Do you think companies like Allstate should be required to make their data practices crystal clear to customers? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Virtual private networks (VPNs) are important if you care about your data and privacy. They create a secure, encrypted connection between your device and the internet, hiding your IP address and protecting your online activity. 

There are tons of apps out there that claim to offer VPN services, but not all of them are legit. Some are fakes trying to steal your data. 

In the third quarter of 2024, security researchers found that the number of users encountering fake VPN apps jumped 2½ times compared to the second quarter globally. These apps were either malware or programs that could be used by malicious actors.

I’m diving into the rise of fake VPN apps and how you can stay safe.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

According to Kaspersky, cybercriminals are taking advantage of people who want to use free VPN services. In May 2024, law enforcement shut down a botnet, a network of hijacked devices, called 911 S5. Several free VPN services, including MaskVPN, DewVPN, PaladinVPN, ProxyGate, ShieldVPN and ShineVPN, were used to create this botnet.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

When users installed these VPN apps, their devices were turned into proxy servers, meaning they were used to redirect someone else’s internet traffic. 

This huge network spread across 19 million unique IP addresses in over 190 countries, making it possibly the largest botnet ever created. The people controlling the botnet sold access to these infected devices to other criminals, who used them for cyberattacks, money laundering and fraud.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

You can’t trust free VPN apps because they have no reason to keep you or your data safe. Here's why you should be cautious:

There's a growing demand for VPN apps across all platforms, including smartphones and computers. Users often believe that if they find a VPN app in an official store, like Google Play, it's safe to use. They're especially drawn to free services, thinking it's a great deal. However, this can often be a trap.

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

If you need a VPN, stick to a service that’s well-known, trusted and not free. Look for ones that are talked about on mainstream sites and backed by solid reviews. If you’re not sure where to start, I’ve put together a handy list of my favorite VPNs. I’ve tested them myself, and you can trust them to keep your data safe. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF 

Here are seven essential steps to help you choose a reliable VPN and safeguard your online privacy.

1. Stick to official app stores: Always download apps from trusted platforms like the App Store for iOS or the Google Play Store for Android. These stores have built-in security measures that help detect and remove fake or harmful apps. Avoid downloading apps from random websites or third-party stores, as they are more likely to host malicious software. Even on official stores, check the app’s reviews, ratings and download count to ensure it’s trustworthy.

2. Pay attention to app permissions: Be careful about the permissions you grant to apps during installation. A flashlight app, for example, doesn’t need access to your contacts or location. Question any permission that doesn’t align with the app’s functionality. Both iOS and Android allow you to review and manage app permissions in your settings, so take the time to double-check what you’ve already allowed.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Use two-factor authentication (2FA): Implement 2FA for your VPN accounts to add an extra layer of security beyond just a password.

4. Keep software updated: Regularly update all VPN-related software, including clients, servers and associated networking hardware, to benefit from the latest security patches and improvements.

5. Use strong encryption: Look for VPN services that use robust encryption protocols like AES-256 to protect your data.

6. Monitor VPN traffic: Continuously monitor VPN traffic and logs for unusual patterns that might indicate security issues.

7. Invest in strong antivirus software: A strong antivirus program can help detect and remove malware before it compromises your device. Many antivirus apps also come with features like web protection, anti-phishing tools and the ability to scan new apps for threats. While there are free options, premium versions often provide more comprehensive protection. Look for a trusted name in cybersecurity when choosing an antivirus solution. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Fake VPN apps are everywhere, and they’re bad news. They’re not just useless. They can turn your device into a tool for cybercriminals. The 911 S5 botnet showed us just how dangerous free VPNs can be, turning millions of devices into a giant network for fraud and attacks. The truth is free VPNs aren’t really free. They often come with weak security, leak your data or demand permissions that put your privacy at risk. If you’re serious about protecting your online activity, invest in a trusted, paid VPN service.

How often do you check the credibility of apps you download? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

You know, it's pretty unsettling when you think about it. We spend our whole lives working hard and saving up for retirement. Then, one day, you find out that some company you've never heard of is selling your personal information to whoever wants to buy it. It's not just alarming. It could actually put your financial security at risk.

These companies are data brokers that collect and sell people's personal information, often without us even knowing about it. And get this: Some of them might be trading info that could affect your retirement savings. 

Crazy, right? But don't worry, it's not all doom and gloom. There are things we can do to protect ourselves. I want to talk about how these data brokers operate and what steps you can take to keep your retirement plans safe.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

There’s one major way in which data brokers are endangering your retirement security, and it’s right there in the name: data brokers buy, sell, trade and otherwise spread your personal information far and wide. This endangers your retirement security in three distinct ways, each more dangerous than the last:

They don’t know anything about you, but they have a way to reach you. Even if a scammer knows only your phone number or email address, it’s enough for them to reach out to you. If they don’t know who you are or anything about you, they have to take the most "one-size-fits-all" approach they can manage. Their goal is to get you to respond to them or click a link that leads to a malicious website. Once they learn more about you, they can better tailor their next moves.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

They know what you’re like but not who you are. Scammers can buy ready-made packages of personal information from data brokers. A set like this might include only the phone numbers of people over the age of 60, for example, while another might provide the addresses of elderly people who require live-in care and are experiencing cognitive decline. The potential for abuse is clear. They don’t have to know your name to target a dangerously effective scam at you.

In other words, something aimed right at you and very difficult to ignore. Scammers can also buy shockingly detailed information about you, from your full name to your health care and financial information. These scams are the most dangerous, with the attackers knowing enough about you to breeze past many of your defenses.

Any of the above types of scams can end in what might be the ultimate fraud – identity theft – but these three are more likely to get there, and in fewer steps, than the others.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

MASSIVE DATA BREACH AT FEDERAL CREDIT UNION EXPOSES 240,000 MEMBERS

You can reduce or avoid many of these risks by stopping data brokers from making it easier for scammers to target you and by arming yourself against the most common and effective tactics they use.

1. Invest in personal data removal services: A trusted personal information removal service can stop data brokers in their tracks from sharing your information. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

2. Don’t click on links: No matter how much pressure or stress a message or phone call puts you under, stick to the golden rule of never following or clicking on links. Always go to the source of the communication via official channels from a secure device to confirm what’s happening. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3. Don’t give out sensitive information: If a message or email can put you under enough pressure to do something you shouldn’t (like follow a link to a phishing site), imagine what a phone call can do. Any request for personal information should raise red flags. If something seems off, hang up.

UNDERSTANDING BRUSHING SCAMS AND HOW TO PROTECT YOURSELF 

4. Verify identities before handing over money or information: Always verify who you are dealing with before providing any personal details (name, address, date of birth, Social Security number, financial information, etc.) or money. If someone asks for this information or claims they need to send you money, follow this rule: "Hang up, look up and call back." This applies to phone calls, texts and emails. Hang up or set the message aside, find the legitimate contact information for the organization in question and reach out through official channels (not social media) to confirm the request.

 TOP 5 MISTAKES THAT COULD EXPOSE YOUR FINANCIAL DATA TO CYBERCRIMINALS

You know, it's crazy to think about how much of our personal information is out there, floating around in the digital world. But here's the thing: We're not powerless in this situation. Sure, it can feel overwhelming, but there are steps we can take to protect ourselves and our hard-earned retirement savings. It's all about being aware, staying vigilant and using the tools at our disposal. Remember, your financial security is worth fighting for. So let's not just sit back and hope for the best. Let's take action and show those data brokers that we're not going to be easy targets. After all, we've worked too hard for too long to let anyone mess with our golden years, right?

Do you think there should be regulations in place to limit the activities of data brokers, and what specific measures would you like to see implemented to better protect your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

SRP Federal Credit Union, a South Carolina-based financial institution, had a major data breach impacting more than 240,000 people. 

The credit union handles highly sensitive information of hundreds of thousands of Americans, which is now in the hands of cybercriminals. 

SRP revealed in a notice that the data breach was part of a two-month attack by hackers, raising concerns about how it took the company so long to detect unauthorized entry into its systems. I discuss the details of the data breach, its impact on people and what you need to do to stay safe.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

SRP Federal Credit Union has reported a data breach that exposed the personal information of more than 240,000 individuals, according to documents filed Friday with regulators in Maine and Texas. 

The company said it discovered suspicious activity on its network and notified law enforcement. An investigation determined that hackers accessed the credit union’s systems between Sept. 5 and Nov. 4, potentially acquiring sensitive files. The investigation concluded on Nov. 22, the company said.

SRP did not specify the exact details exposed in its notice to Maine regulators, saying only that names and government-issued identification were affected in the cyberattack. 

However, in a filing with Texas regulators, the company said names, Social Security numbers, driver’s license numbers, dates of birth and financial information, including account numbers and credit or debit card numbers, were compromised. SRP said the breach did not affect its online banking or core processing systems.

WORLD’S LARGEST STOLEN PASSWORD DATABASE UPLOADED TO CRIMINAL FORUM

SRP has not disclosed who was behind the attack or the attackers' motives. However, the ransomware group Nitrogen claimed responsibility last week, alleging it had stolen 650 GB of customer data, according to The Record. Ransomware attacks use malicious software to block access to a victim’s files, systems or networks and demand payment to restore access.

The credit union could face legal challenges following the data breach, as Oklahoma City-based Murphy Law Firm is investigating claims on behalf of individuals whose personal information was exposed. The firm is also encouraging affected individuals to join a potential class-action lawsuit.

SRP will provide impacted individuals with free-of-charge identity theft protection services, so take advantage of it to safeguard your information.

We reached out to SRP for comment but did not hear back by our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

MASSIVE DATA BREACH EXPOSES 3 MILLION AMERICANS’ PERSONAL INFORMATION TO CYBERCRIMINALS

If you have received a notice from SRP Federal Credit Union about the data breach, consider taking the following steps to protect yourself.

1. Monitor your accounts: Regularly check your bank accounts, credit card statements and other financial accounts for any unauthorized transactions or suspicious activity. Contact one of the three major credit bureaus (Equifax, Experian or TransUnion) to place a fraud alert on your credit report, making it harder for identity thieves to open accounts in your name.

2. Freeze your credit: Consider freezing your credit to prevent new accounts from being opened without your consent. This service is free and can be lifted at any time.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

4. Change your passwords: Update passwords for your online accounts, especially those related to banking and email. Use strong, unique passwords and consider using a password manager to generate and store complex passwords. Also, enable two-factor authentication for added security.

5. Beware of phishing scams: Be cautious of emails, texts or calls claiming to be from SRP or related organizations. Avoid clicking on links or providing personal information unless you verify the sender.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Keep your device's operating system updated: Make sure your cellphone and other devices automatically receive timely operating system updates. These updates often include important security patches that protect against new vulnerabilities exploited by hackers. For reference, see my guide on how to keep all your devices updated.

7. Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach. Check out my top picks for data removal services here.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

The SRP Federal Credit Union data breach is a harsh reminder of how vulnerable our sensitive information can be. Over 240,000 individuals had their personal data compromised, including Social Security numbers, driver’s licenses and financial details. Even more alarming is the two-month window hackers had to exploit the credit union's systems before being detected. This highlights significant gaps in cybersecurity protocols. If you’re an SRP customer, monitor your accounts closely, enable fraud alerts and consider identity theft protection services to stay ahead of potential threats.

Do you think financial institutions should be held more accountable for data breaches like this one? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

When you visit a webpage, you might see a CAPTCHA to make sure you’re a real person and not a bot. These usually involve jumbled words, some recognizable images or just a box that says, "I am not a robot." 

CAPTCHAs are harmless, but hackers are now using them to infect your PC with malware.

Security researchers have found a huge fake CAPTCHA campaign spreading the dangerous Lumma info-stealer malware, which can bypass security measures like Safe Browsing.

This campaign shows how malvertising works, with more than a million ad impressions every day and thousands of victims losing their accounts and money through a network of more than 3,000 sites. I’ll break down how this scam works, who’s responsible and how you can protect yourself.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

As reported by Guardio, the fake CAPTCHA scam is a sophisticated malvertising campaign that lures you into unknowingly installing malware under the guise of routine CAPTCHA verification. The cyberattack starts when you’re browsing websites, often those offering free streaming, downloads or pirated content. These sites are used by hackers to present you with what appears to be a legitimate CAPTCHA verification page.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

The page mimics a real CAPTCHA, asking you to confirm you are human. However, the instructions are designed to trick you into initiating harmful actions, like triggering the Windows "Run" dialog. Users unknowingly paste and execute a crafted PowerShell command, which silently installs the Lumma info-stealer malware onto their system.

The malware targets sensitive data, including social media accounts, banking credentials, saved passwords and personal files, potentially leading to financial and identity theft.

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

The fake CAPTCHA scam shows how messy the internet’s ad system has become, with everyone involved passing the buck. Guardio Labs points to ad networks like Monetag as a big part of the problem. They distribute malicious ads that are disguised during moderation using tricks like cloaking. Publishers, especially those offering free or pirated content, add to the issue by running these shady ads on their sites, often without checking what they’re actually showing users.

Then there are services like BeMob, which lets scammers hide their bad links behind harmless-looking URLs. These companies call themselves analytics tools, but they’re helping the scams stay hidden. Hosting providers don’t escape blame either. They’re where these fake CAPTCHA pages live, and they often don’t bother to check what’s being hosted.

Of course, the scammers themselves are the ones pulling the strings. But because they spread their operations across so many platforms, they’re almost impossible to track down. Guardio’s research shows how all these moving parts work together, creating a system where no one takes responsibility, and the scams keep running.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

BEWARE OF ENCRYPTED PDFs AS LATEST TRICK TO DELIVER MALWARE TO YOU

1. Use reliable security software: Keeping your antivirus and anti-malware software up to date is one of the most effective ways to protect yourself from fake CAPTCHA scams. A strong antivirus software will detect and block malware like the Lumma info-stealer before it can infect your device. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Enable browser protection features: Modern browsers offer built-in security features, such as Safe Browsing and phishing protection, which warn you about potentially dangerous sites. Make sure these features are enabled in your browser settings. These tools can alert you to malicious links or fake CAPTCHAs trying to trick you into downloading malware.

3. Be cautious with "free" content: There’s a saying that goes, "If something is free, you’re what they are selling." Websites that offer free downloads, streaming services or pirated content are often associated with malvertising campaigns. Fake CAPTCHA scams are commonly spread through these types of sites, where users are tricked into clicking on malicious ads or links. Even if a site seems tempting, it’s important to be cautious. Avoid clicking on suspicious links or using "free" services, as they could be traps designed to infect your device with malware.

4. Avoid clicking on suspicious ads: Always be wary of ads that appear out of nowhere or seem too good to be true. Fake CAPTCHA scams often disguise themselves as legitimate ads, asking you to click to verify you're human. Never interact with pop-up ads or unfamiliar banners, especially those that claim to give you something for free, as they may lead to malicious pages or trigger malware downloads. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5. Check for HTTPS and look for signs of a legitimate site: Before entering any personal information or interacting with a CAPTCHA, ensure that the website is secure. Look for "https://" in the website’s URL, which indicates the connection is encrypted. Legitimate websites also tend to have a professional appearance, so if something feels off or the design looks poor, trust your instincts and leave the site.

6. Enable two-factor authentication: Two-factor authentication adds an extra layer of security, making it harder for attackers to access your accounts. 

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

There’s no question that fake CAPTCHA scams are a growing threat, putting millions of us at risk of malware infections and financial loss. What’s even more concerning is that ad networks, publishers and hosting services continue to allow malicious campaigns to spread through their platforms despite the widespread awareness of the problem. The companies involved must take immediate action to improve content moderation, tighten security measures and prevent these scams from thriving. We are seeing a dangerous loophole in the digital advertising ecosystem that could have serious consequences for internet users.

Do you think ad networks and publishers should be held accountable for the spread of malware through their platforms? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Data breaches happen all the time, and while no data breach should be ignored, those involving health care institutions require special attention. 

These breaches can be very damaging and haunt people for life. Recently, hackers leaked the personal data of around 500,000 Americans. 

They breached the databases of the Center for Vein Restoration (CVR), which claims to be "America’s largest physician-led vein center," stealing not just personal data but also medical records.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

CVR, a clinic headquartered in Maryland, experienced a massive data breach where hackers stole highly sensitive personal information, including lab results and health insurance details, as reported by Cybernews. The breach occurred in early October, with the clinic detecting "unusual activity" in its systems on Oct. 6.

CVR has more than 110 branches across the country, from Alabama to Alaska. This breach has affected hundreds of thousands of individuals. According to a notice filed by CVR with the U.S. Department of Health and Human Services Office for Civil Rights, more than 445,000 people had their personal information compromised.

As the name suggests, CVR specializes in vein restoration, a very specialized procedure aimed at improving the health and function of veins. This means the clinic keeps a very elaborate record of its patients’ health, and now all that is in the hands of hackers, along with copious amounts of personal information.

The full list of exposed data includes addresses, dates of birth, Social Security numbers, driver’s license numbers, medical record numbers, diagnoses, lab results, medications, treatment information, health insurance information, provider names, dates of treatment and financial information.

WINDOWS FLAW LETS HACKERS SNEAK INTO YOUR PC OVER WI-FI

The risks of data breaches depend on the type of company affected. For instance, breaches involving companies like Ticketmaster are generally more manageable because they often expose information like contact details, addresses and, in some cases, identification documents. Even if financial data is leaked, it can typically be mitigated by replacing or blocking compromised accounts.

Health care data breaches, however, are far more severe. When companies like CVR are targeted, hackers gain access to sensitive medical records that cannot be altered. Your medical history is permanent and highly sought after on the dark web. Cybercriminals can use this information to commit identity fraud, such as obtaining prescription drugs through false insurance claims. Plus, detailed knowledge of medical treatments, lab results and medications allows attackers to create highly targeted phishing scams, exploiting victims’ vulnerabilities with alarming precision.

We reached out to CVR for a comment but did not hear back before our deadline.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS

1. Regularly monitor your financial and medical accounts: Periodically review your medical records and health insurance statements for any unusual or unauthorized activity. This can help you quickly identify and address any discrepancies or fraudulent activities.

Use patient portals provided by health care providers to access your medical records online. These portals often have features that allow you to track your medical history and appointments.

2. Use strong passwords and two-factor authentication: Create strong, unique passwords for your online accounts, including health care portals. Avoid using easily guessable information like birthdays or common words. Consider using a password manager to generate and store complex passwords.

3. Enable two-factor authentication (2FA) wherever possible: 2FA adds an extra layer of security by requiring a second form of verification, such as a text message code or authentication app, in addition to your password.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Don’t fall for phishing scams; use strong antivirus software: Be mindful of the information you share online and with whom you share it. Avoid providing sensitive personal information, such as Social Security numbers or medical details, unless absolutely necessary. Verify the legitimacy of any requests for personal information. Scammers often pose as health care providers or insurance companies to trick you into revealing sensitive data by asking you to click on links in emails or messages.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

5. Use identity theft protection services: Consider enrolling in identity theft protection services that monitor your personal information and alert you to potential threats. These services can help you detect and respond to identity theft more quickly. Some identity theft protection services also offer insurance and assistance with recovering from identity theft, providing additional peace of mind. See my tips and best picks on how to protect yourself from identity theft.

6. Freeze your credit: A credit freeze prevents anyone from opening new credit accounts in your name without your authorization, reducing the risk of identity theft. Contact the major credit bureaus (Experian, Equifax and TransUnion) to request a credit freeze. This is often free and can be temporarily lifted when you need to apply for credit.

7. Remove your personal data from the internet: After being part of a data breach, it's crucial to minimize your online presence to reduce the risk of future scams. Consider using a personal data removal service that can help you delete your information from various websites and data brokers. This can greatly diminish the chances of your data being used maliciously. Check out my top picks for data removal services here. 

DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP

The CVR data breach is deeply troubling, affecting nearly half a million individuals and exposing highly sensitive medical and personal information. What makes this breach particularly concerning is the lasting impact health care data leaks can have on victims, from identity theft to targeted phishing scams. Whether or not you’ve been directly affected, it’s a stark reminder to take proactive steps, such as monitoring your accounts, enabling multifactor authentication and staying alert to phishing attempts.

Do you think companies are doing enough to protect sensitive data, especially in health care? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Identity theft has become a pervasive issue, affecting millions of Americans each year. In 2023 alone, American adults lost a staggering $43 billion to identity fraud. The following story illustrates the devastating impact this crime can have on individuals:

Paula Disberry, a former Colgate-Palmolive employee, was living a comfortable life when she discovered that her 401(k) account had been drained of $750,000. The shock came when she tried to access her account online, only to find it blocked. 

A fraudster had impersonated her, changing her contact details and withdrawing her entire retirement savings in a single transaction. Stories like this of financial identity theft are becoming all too common. If you live in the U.S., you’ve likely already encountered one, or worse, experienced it firsthand.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

The FBI's Internet Crime Report for 2023 reveals that adults 60 and above accounted for 24.08% of all identity theft claims and suffered 41.46% of the total financial losses. While they may not face a higher risk of becoming victims, the financial toll is significantly greater than any other age group. Older adults, especially those over 60, often feel the impact more deeply. Why? They typically have more assets than younger individuals and are less likely to monitor their bank accounts daily.

DON'T GET CAUGHT IN THE ‘APPLE ID SUSPENDED’ PHISHING SCAM

Identity theft has been a concern for centuries, with one of the most famous historical impostors being Frank Abagnale Jr. Abagnale claims to have successfully impersonated various professionals in the 1960s, including a Pan Am pilot and a doctor, forging checks and documents to amass a small fortune. His alleged exploits were so notorious that they inspired the film "Catch Me If You Can."

While Abagnale's story is a dramatic example, modern identity theft has evolved into a more pervasive threat, particularly with the rise of digital technology. The widespread availability of personal information on the web, combined with a lack of regulation preventing companies from collecting data without consent, has made it easier for criminals to exploit personal data. The scale is massive, and the impact can severely disrupt your life and that of your family.

KURT’S PICK FOR REMOVING YOUR PERSONAL DATA FROM THE INTERNET

YOUR EMAIL DIDN'T EXPIRE, IT'S JUST ANOTHER SNEAKY SCAM

Being aware of the warning signs of identity theft can help you take action before it's too late. Here are some red flags to watch for.

Unexplained account activity: Keep an eye out for unfamiliar transactions or changes in your bank or credit card statements that you don’t recognize.

Credit report changes: Regularly check your credit report for new accounts that you did not open or inquiries from lenders that you did not initiate.

Missing mail or bills: If you stop receiving bills or other important mail, it could indicate that someone has changed your address without your knowledge.

Unexpected denials: If you're denied credit unexpectedly, it might be a sign that someone is using your information to apply for loans or credit cards.

Strange communication: Be cautious of emails, texts or calls asking for personal information, especially if they create a sense of urgency or fear.

Unusual password changes: If you notice changes to your online accounts that you did not make, such as password resets or security questions being altered, act quickly to secure your accounts.

Alerts from identity theft protection services: If you use an identity theft protection service and receive alerts about suspicious activity, investigate immediately.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Identity theft doesn’t have to be a devastating blow. You can significantly reduce your risk by being more mindful of your online habits. Here’s how.

1. Monitor your accounts regularly: Keep a close eye on your bank and credit card statements to spot unauthorized transactions early. This can prevent financial losses and protect your assets.

2. Use strong passwords: Use complex passwords and a password manager to secure your online accounts. Strong passwords are your first line of defense against cyber threats.

3. Stop oversharing: Limit the personal information you share on social media and other platforms. It’s a treasure trove for cybercriminals who use it to craft convincing fraud campaigns targeted specifically at you.

4. Invest in personal data removal services: Given the alarming rise in identity theft cases, taking proactive measures to safeguard your personal information is essential. One effective strategy is to invest in personal data removal services. hile no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. 

5. Freeze your credit: Initiate a credit freeze on your credit file with all three major credit bureaus. This restricts access to your credit records, making it difficult for identity thieves to open new accounts in your name.

6. Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft. 

7. Use two-factor authentication: Enable this extra layer of security on your accounts to make it more difficult for thieves to access your information, even if they obtain your password.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

8. Be cautious with public Wi-Fi: Avoid using public Wi-Fi for sensitive transactions or use a VPN to encrypt your online activity. Using a VPN (virtual private network) service can enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, helping to obscure your location and online activity. While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

9. Shred sensitive documents: Regularly shred financial documents, credit offers and other paperwork containing personal information before disposing of them.

10. Set up bank alerts: Many financial institutions offer text or email alerts for transactions on your accounts, helping you quickly spot unauthorized activity.

11. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

12. Keep software updated: Ensure your devices and antivirus software are up to date. Regular updates often include security patches that protect against vulnerabilities that scammers might exploit. Keeping your software current is a critical step in safeguarding your digital assets.

IS JUST READING THAT SKETCHY SCAMMER'S EMAIL DANGEROUS, OR DO I HAVE TO CLICK ON A LINK TO GET IN TROUBLE?

While the statistics are sobering, they don't have to leave you feeling helpless. Identity theft is a serious threat, but with awareness and proactive steps, you can significantly reduce your risk. Remember, criminals are constantly evolving their tactics, which means we must stay one step ahead. The most powerful weapon against identity theft is knowledge. Understanding how these scams work, recognizing potential red flags and taking preventive measures can make all the difference.

Do you believe that governments should impose stricter regulations on how companies collect and use personal data to better protect consumers? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.