Sen. Ron Wyden, D-Ore., and Rep. Andy Biggs, R-Ariz., penned a letter to newly sworn-in Director of National Intelligence Tulsi Gabbard, warning that the United Kingdom's reported new order demanding backdoor Apple data jeopardizes Americans.

The letter, obtained by Fox News Digital, referenced recent press reports that the U.K.’s home secretary "served Apple with a secret order last month, directing the company to weaken the security of its iCloud backup service to facilitate government spying." The directive reportedly requires the company to weaken the encryption of its iCloud backup service, giving the U.K. government the "blanket capability" to access customers’ encrypted files. 

Reports further state that the order was issued under the U.K.’s Investigatory Powers Act 2016, commonly known as the "Snoopers’ Charter," which does not require a judge’s approval. 

"Apple is reportedly gagged from acknowledging that it received such an order, and the company faces criminal penalties that prevent it from even confirming to the U.S. Congress the accuracy of these press reports," Wyden and Biggs note. 

TULSI GABBARD SWORN IN AT WHITE HOUSE HOURS AFTER SENATE CONFIRMATION

The United Kingdom has been increasingly cracking down on British citizens for opposition commentary, especially online posts and memes opposing mass migration. As riots broke out in the U.K. last August after a mass stabbing at a Taylor Swift-themed dance event left three girls dead and others wounded, London's Metropolitan Police chief warned that officials could also extradite and jail U.S. citizens for online posts about the unrest. 

The letter, however, described the threat of China, Russia and other adversaries spying on Americans.

Wyden, who sits on the Senate Intelligence Committee, and Biggs, who chairs a House Judiciary subcommittee on Crime and Federal Government Surveillance, asked Gabbard to "act decisively to protect the security of Americans’ communications from dangerous, shortsighted efforts by the United Kingdom (U.K.) that will undermine Americans’ privacy rights and expose them to espionage by China, Russia and other adversaries." 

The Washington Post was among the outlets to report about the U.K. order. 

"These reported actions seriously threaten the privacy and security of both the American people and the U.S. government," Wyden and Biggs wrote. "Apple does not make different versions of its encryption software for each market; Apple customers in the U.K. use the same software as Americans. If Apple is forced to build a backdoor in its products, that backdoor will end up in Americans’ phones, tablets, and computers, undermining the security of Americans’ data, as well as of the countless federal, state and local government agencies that entrust sensitive data to Apple products." 

The letter also references a Chinese hacking operation known as "Salt Typhoon." Last year, the Biden White House admitted the Chinese hacked at least nine U.S. telecommunications companies. 

"The Salt Typhoon hack of U.S. telephone carriers’ wiretapping systems last year – in which President Trump and Vice President Vance’s calls were tapped by China – provides a perfect example of the dangers of surveillance backdoors," the letter says. "They will inevitably be compromised by sophisticated foreign adversaries and exploited in ways harmful to U.S. national security. As the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI confirmed last November, People’s Republic of China (PRC)-affiliated actors were involved in ‘copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders.’" 

TRUMP LANDS KEY TULSI GABBARD CONFIRMATION FOLLOWING UPHILL SENATE BATTLE

"While the U.K has been a trusted ally, the U.S. government must not permit what is effectively a foreign cyberattack waged through political means. If the U.K. does not immediately reverse this dangerous effort, we urge you to reevaluate U.S.-U.K. cybersecurity arrangements and programs as well as U.S. intelligence sharing with the U.K.," the letter says.

Citing a December 2023 report by the U.K. Parliament’s intelligence oversight committee, the letter states that the U.K. benefits greatly from a "mutual presumption towards unrestricted sharing of [Signals Intelligence]" between the U.S. and U.K. and that "[t]he weight of advantage in the partnership with the [National Security Agency] is overwhelmingly in [the U.K.’s] favour." 

"The bilateral U.S.-U.K. relationship must be built on trust. If the U.K. is secretly undermining one of the foundations of U.S. cybersecurity, that trust has been profoundly breached," Wyden and Biggs wrote. 

At her confirmation hearing, Gabbard stated that "backdoors lead down a dangerous path that can undermine Americans' Fourth Amendment rights and civil liberties." In written responses to senators' questions, she also said, "mandating mechanisms to bypass encryption or privacy technologies undermines user security, privacy, and trust and poses significant risks of exploitation by malicious actors."

"We urge you to put those words into action by giving the U.K. an ultimatum: back down from this dangerous attack on U.S. cybersecurity, or face serious consequences," Wyden and Biggs wrote.

The letter asks Gabbard specifically whether the Trump administration was made aware of the reported order, either by the U.K. or Apple, prior to the press reports and, if so, when and by whom. They also ask what the Trump administration's understanding is of U.K. law "and the bilateral CLOUD Act agreement with regard to an exception to gag orders for notice to the U.S. government." Wyden and Biggs asked what the Trump administration's understanding is "of its obligation to inform Congress and the American public about foreign government demands for U.S. companies to weaken the security of their products, pursuant to the CLOUD Act?" The letter asked that unclassified answers be provided by March 3. 

Fox News Digital reached out to Apple and the White House regarding the letter, but neither immediately responded.

The latest stats say 80% of stalking victims are tracked using tech. One of the most popular ways to do it? GPS trackers, like an AirTag. They’re small enough to slip into a bag, pocket or your car undetected.

"Kim, this doesn’t impact me." I wish that was true. Maybe you have an ex or friend who won’t buzz off, or maybe you met a stranger at a bar or store who was acting creepy. You’re at risk. Did you drive across the U.S. border? Yep, crooks are targeting tourists, too.

Win an iPhone 16 Pro with Apple Intelligence ($999 value). 

No purchase necessary. Enter to win now!

The good news is your phone can alert you when an unknown tracker is with you. If all else fails, good old-fashioned sleuthing works, too. I’ll show you how.

THE BIGGEST WI-FI MISTAKE YOU DIDN’T KNOW YOU WERE MAKING

The clock is ticking

An AirTag starts beeping only after 24 hours away from its owner. That gives the stalker plenty of time to reach you, especially if they’re local. If a carjacker tags your ride, they could learn your routine and follow you home before you even know what’s going on.

The rumor mill says Apple’s AirTags 2, coming later this year, will have antistalking tech. With the most current AirTags, tech-savvy stalkers can rip out the built-in speaker so you won’t get alert, but the new ones should make it harder.

For now, you need to do everything you can to stay safe.

RELATED: AirTags aren’t just for creeps. I always toss one in my luggage.

On your iPhone, make sure a few settings are enabled:

5-MINUTE CLEANUP FOR YOUR PHONE AND COMPUTER

On Android, the process is similar as long as your phone is running Android 6.0 or newer. If it’s not, you really need a new phone!

The alerts aren’t foolproof

It’s not just ripping out the speakers. Older tracking devices might not set off an alert, and savvy creeps can reconfigure new trackers to follow you undetected for months. 

That’s why it’s important to check your car now and then, even if you don’t hear that telltale beep. First, grab a flashlight and a mirror.

If you don’t find anything but still feel uneasy, try a bug detector. This well-rated option ($37) works for cars, homes, bags or whatever.

Small hidden cameras are popular with creeps now, too. Here’s my guide on spotting cameras in a rental, dressing room, private space at the gym or anywhere else you expect privacy.

I’M A TECH EXPERT: 10 AI PROMPTS YOU’LL USE ALL THE TIME

‘I found a tracker. What now?’

Don’t smash it or disable it. You want to give the police all the info they need to catch whoever planted it. 

First, hold your iPhone or NFC device to the white side of the AirTag. Tap that notification that pops up to see info about its owner. Jot down the serial number and phone number so you can share them with the cops.

Now, make an aluminum foil envelope. Wrap the tracker inside, making sure there are no gaps or holes. This will block any signals, so the person who installed it will just think it’s out of range. Take the foil-wrapped tracker to a police station. They’ll know how to pin down who put it there.

Are you being stalked or just paranoid? It’s a fine line. Read this if you can’t shake that "someone’s watching" feeling.

I’ve heard too many stories from stalking victims. I don’t want you or a loved one to be another. Share this with folks in your life.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.

"Love is blind" takes on a more sinister meaning when so-called artificial intelligence (AI) becomes a tool for exploiting our deepest human emotions. 

Convincing AI technologies are increasingly targeting mature online daters, turning fantasies into lucrative and dangerous criminal enterprises.

Romance scams have become the most common type of fraud in 2025 and have swindled would-be lovers out of over $1.3 billion in the United States alone. Just last year, the world heard the cautionary tale of a 53-year-old French woman who lost $850,000 to a convincing AI deepfake of Brad Pitt.

GET SECURITY ALERTS + EXPERT TECH TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

The scammers had wooed her for over 8 months with realistic (yet fake) images, voice calls, videos and even multiple social media accounts. Similarly, a 67-year-old from San Diego was tricked out of her life savings when an AI impostor gang posed as Keanu Reeves, also raising awareness about romance scams impacting the elderly. The worst side of both stories is that the fraudsters haven’t been caught, and the victims’ financial institutions did little to help them recover their funds.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

AI-powered romance scams have become far more sophisticated than "traditional" scams. Criminals use a variety of AI tools together with advanced tactics to create deeply personalized and remarkably realistic digital identities. Unlike traditional scams relying on generic scripts, these AI-powered approaches can generate nuanced, contextually appropriate conversations that adapt in real time to victims' emotional state and personal background. In short, romance scams have become so dangerous because they use multiple advanced methods.

AI-driven romance conversations are increasingly challenging for both victims and traditional anti-fraud mechanisms to detect. Spotting and preventing these scams can be tricky, but privacy experts recommend some tried-and-true ways.

BEST VALENTINE’S DAY GIFTS 2025

Spotting and preventing these sophisticated AI-driven scams can be tricky, but staying informed can help you avoid becoming a victim. By being vigilant, verifying identities and recognizing red flags, you can navigate online dating safely while protecting your finances and personal information. Here are some things to look out for:

STOP THESE V-DAY SCAMS BEFORE THEY BREAK YOUR HEART AND YOUR BANK ACCOUNT

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Your personal information is a scammer’s best tool. This includes your phone number, email and other contact details that allow them to reach you, as well as information like the celebrities you follow, your family members and even the type of content you engage with online to tailor the perfect attack. As scams become more sophisticated and reliant on loads of data, it’s more important than ever to take proactive measures to safeguard your personal information.

1. Vigilance in online dating: In the digital world, not everyone is who they claim to be. Be wary of potential romantic interests who ask for money or gifts or those who want to move the relationship along too quickly. Keep your personal and financial information private and never share it with someone you haven't met in person.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

2. Verify the identity: Request additional information or proof to verify their identity, such as video chatting or meeting in person if possible. Exercise caution before getting emotionally invested in someone you haven't met in real life.

3. Research and verify: Conduct an online search using the person's name, email address or phone number to see if any suspicious or fraudulent activities are associated with them. Reverse image search their profile pictures to check if they are stolen from elsewhere on the internet. You can also reverse-search their phone number for free by following the instructions found here.

4. Privacy settings: Keep your social media profiles private so only those you trust can see what’s going on in your life.

5. Limit sharing: Adjust the privacy settings on all of your online accounts and apps to limit data collection and sharing.

6. Use reputable dating platforms: Stick to well-known and reputable dating websites or apps with security measures to help protect their users from scams. These platforms often have guidelines for safe online dating and report suspicious users.

7. Invest in personal information removal services: I highly recommend you remove your personal information that can be found on various people search sites across the web. If you give someone your email address or phone number, they could potentially reverse-search your information and get your home address. Check out my top picks for data removal services here.

AI-powered romance scams have become a serious threat, exploiting our deepest emotions for financial gain. As you navigate the digital dating landscape, it's crucial to stay vigilant and protect yourself from these sophisticated schemes. Remember, if something seems too good to be true, it probably is. Trust your instincts, take things slow and always prioritize your safety and financial well-being.

How has the rise of AI-powered romance scams changed your approach to online dating or your views on digital relationships? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

iCloud scams are becoming increasingly sophisticated, targeting unsuspecting users with urgent messages about their accounts. Our team recently received two suspicious iCloud emails. We want to share our experience and provide comprehensive steps on how to identify and protect yourself from these scams.

GET SECURITY ALERTS + EXPERT TECH TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

iCloud scams typically follow a pattern designed to create a sense of urgency and fear. Let's break down the two emails our team received below. Here is the urgent wording that the scammers used, "Payment Failure for iCloud Storage Renewal" and "iCloud Suspended. Fix it before Mon, 13 January 2025." Both emails share common characteristics of phishing attempts, including urgent language, threats of account suspension or data loss, requests to update payment information, links to external websites and vague or incorrect account details. These emails are crafted to look legitimate, often mimicking Apple's branding and tone. However, they contain several red flags that indicate they are scams.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

To protect yourself from falling victim to these scams, look out for these telltale signs:

If you receive a suspicious email claiming to be from Apple or iCloud, follow these steps:

THAT APPLE ID DISABLED MESSAGE? IT'S A DANGEROUS SCAM

Follow these steps if you think you may have fallen for an iCloud scam.

1) Change your Apple ID password immediately: Ensure you create a strong, unique password that you haven't used on other accounts.

2) Check for any unauthorized changes to your account settings or payment information: Go to account.apple.com and review any devices, personal information or security settings that look unfamiliar.

3) Contact Apple Support directly through official channels for assistance: Forward the suspicious email to reportphishing@apple.com or abuse@icloud.com to help Apple track and block these scams.

4) Monitor your financial accounts for any suspicious activity: If you provided payment information, cancel and replace your credit card immediately and pay close attention to even small unauthorized charges.

5) Consider placing a fraud alert on your credit reports: Report the scam to the Federal Trade Commission and Internet Crime Complaint Center to help combat these fraudulent activities.

6) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

FBI’S NEW WARNING ABOUT AI-DRIVEN SCAMS THAT ARE AFTER YOUR CASH

Remember, Apple will never ask you to provide personal information, passwords or security codes via email, text message or phone call. If you're ever in doubt about the legitimacy of a communication from Apple, always err on the side of caution and contact Apple directly through their official website or support channels. By staying vigilant and following these guidelines, you can better protect yourself from iCloud scams and keep your personal information secure. Don't let the urgency of these messages cloud your judgment. Take a moment to verify before you act, and you'll be much safer in the long run.

Have you ever been targeted by an iCloud or Apple-related scam? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

If there is one corporation that is targeted by scammers more than anyone else, it is Microsoft. From customer support scams to impersonation and phishing attacks, the company’s services are constantly under threat. Recently, even Russia-sponsored hackers managed to breach Microsoft and steal sensitive information.

While Microsoft services as a whole are prime targets, one that stands out is Teams. The collaboration tool is used by more than 300 million people worldwide, making it a goldmine for attackers. Hackers are using it to spread phishing, vishing and quishing campaigns, relying on social engineering tactics to trick victims into sharing private and sensitive data.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Cybercriminals are increasingly targeting Microsoft Teams users with sophisticated attack methods. One such technique involves malicious GIF images that exploit worm-like vulnerabilities, allowing attackers to take over accounts and infiltrate chat sessions when the image is opened. 

Hackers also insert malware-laden files into chat threads, tricking users into downloading DLL files that enable system takeover. Phishing campaigns leverage compromised accounts or domains to send deceptive invitations, luring victims into downloading harmful files. 

Some attackers use email bombing and vishing, posing as tech support to overwhelm users with spam emails before tricking them into granting remote access. Compromised email addresses and stolen Microsoft 365 credentials provide another entry point for unauthorized access. 

Plus, external access settings in Microsoft Teams, which often allow outside users to initiate chats or meetings, can be exploited if not properly restricted. Another common tactic is sending phishing links through Teams chats, often disguised as invoices or payment notifications, leading to ransomware infections.

9 WAYS SCAMMERS CAN USE YOUR PHONE NUMBER TO TRY TO TRICK YOU

Scammers have been running fake job schemes for a while, but their tactics keep evolving. Lately, I reported how fake job emails are being used to install crypto mining software that slows down computers. Now, they are using Microsoft Teams chat to trick people. 

It usually starts with an email about a job followed by a suggestion to do the interview over Teams. The first red flag is that the entire interview happens over chat with no video and no call. After that, you are "hired" and asked to submit your details, often through a Google Doc requesting personal info like your social security or tax number. Some victims are even asked to buy equipment for the job, pay a hiring fee or purchase gift cards, which are classic signs that the whole thing is a scam.

SPOTIFY PLAYLISTS ARE BEING HIJACKED TO PROMOTE PIRATED SOFTWARE AND SCAMS

1) Avoid opening suspicious links and attachments: Be cautious of unsolicited links or attachments, especially in chat messages or emails. Cybercriminals often use these to deliver malware or phishing links. Never click on links that seem unusual or come from unknown sources.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Check for red flags in job offers: If you receive a job offer that seems too good to be true or involves an interview conducted entirely via chat with no phone call or video meeting, it's likely a scam. Legitimate companies typically conduct interviews using multiple forms of communication. 

A job offer that insists on only text-based conversations is a major red flag. Other warning signs include being asked to provide personal information through Google Docs, being asked to pay for equipment, paying fees to secure the job or purchasing gift cards as part of the hiring process.

3) Use strong, unique passwords: Ensure your Microsoft 365 and other accounts are protected with strong passwords. Consider using two-factor authentication to add an extra layer of protection against unauthorized access. Also, you might want to use a password manager to generate and store complex passwords.

4) Be cautious with personal information: Never share sensitive personal details, like social security numbers or tax information, through unsecured or unsolicited channels, such as Google Docs or messages on Teams. Always verify the legitimacy of such requests.

5) Report suspicious activity: If you notice any suspicious activity on your Microsoft Teams account or receive unusual job offers, report it immediately. Prompt action can prevent a potential breach or further compromise. Notify your IT department or relevant authorities so they can investigate and take appropriate measures.

6) Verify IT support requests: Be cautious of unsolicited messages or calls claiming to be from IT support, especially those asking you to install software or grant remote access. Cybercriminals often impersonate IT staff to deploy ransomware or steal sensitive data. Always verify such requests with your actual IT department before taking any action. If in doubt, contact your IT team directly using official channels, not through the message or call you received.

ENERGY-SAVING SCAM USES ELON MUSK’S NAME – HERE’S THE TRUTH

Scammers and hackers are not slowing down, so staying sharp is the only way to stay ahead. If something feels off, like a job that sounds too good to be true, a random Teams message with a sketchy link or an interview that is just a chat, trust your instincts. You should always be careful with external messages and invites that you to receive on Microsoft Teams. Even if it seems like it is from someone you know, it is best to double-check, especially if it involves a file, a link or an invitation to a chat you were not expecting to receive.

Should Microsoft be doing more to prevent phishing and impersonation scams on Teams? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

If something is free, you’re the product being sold. This is especially true for most online services we use. For example, Google’s primary source of revenue is ads. They make money by collecting data about you and me and selling targeted advertising to companies, which then show us products relevant to our interests.

You might have noticed that the moment you search for a product on Google, you start seeing ads for it on Facebook. The same applies to apps like Instagram, Threads and LinkedIn. In fact, research shows that the apps collecting the most data about you are also among the most widely used. 

Let’s look at the top 20 of them and explore how you can take control of your personal information.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Apps collect all sorts of data about you, but let’s get one thing straight. Not all data collection is bad. Some apps genuinely need access to certain information to function properly. For example, Uber stores your location data to help you find a ride faster, while WhatsApp requires access to your contacts so you can send messages.

The real issue is data collection that serves no purpose other than showing you ads or selling your information to third parties. According to Marin Marinčić, head of IT Infrastructure at Nsoft, the top 20 most invasive apps collect data that is not necessary for their core functions.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Leading the list is Meta with all four of its major apps. Facebook, Messenger, Instagram and Threads share 68% of collected data with third parties while also using it for targeted ads. LinkedIn follows, sharing around 37% of user data, with Amazon in third place, followed by YouTube.

What makes this concerning is how deeply embedded these apps are in our daily lives, making it nearly impossible to find alternatives or avoid data collection altogether.

The list also includes Elon Musk’s X at No. 5, followed by Uber Eats, PayPal, Uber, Google and Amazon Prime Video. TikTok, despite ongoing scrutiny over its data policies, ranks 14th. While many of these names were expected, one surprising entry is the mobile game Candy Crush, which uses 28% of collected data for ads. You can find the full list in the image below.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Avoiding data collection is nearly impossible if you use the apps above. The only way to dodge these invasive apps is to switch to apps that respect your privacy. While it may seem impossible to replace some of the biggest platforms, there are alternatives that collect little to no unnecessary data.

Switching to these alternatives may require some effort, but it is the best way to limit how much of your personal data is being collected. Taking control of your privacy starts with making conscious choices about the apps you use.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW TO GET RID OF ROBOCALLS WITH APPS AND DATA REMOVAL SERVICES

If you’re not able to delete the apps listed above, follow the simple steps below to minimize how much information is being collected and shared.

1. Review app permissions: Most apps request access to data they do not actually need. Go to your phone settings and check app permissions on your iPhone and Android. Disable access to location, microphone, contacts and other sensitive data unless absolutely necessary.

2. Turn off ad personalization: Many companies track your online activity to show targeted ads. You can limit this by disabling ad personalization in Google, Facebook, and other accounts. This reduces the amount of data collected about your interests and behavior.

3. Limit social media tracking: Social media platforms track your activity even when you are not using them. Adjust privacy settings to restrict data collection.

4. Avoid signing in with Google or Facebook: Many websites offer login options using Google or Facebook. While convenient, this shares even more data with these platforms. Instead, create separate accounts using email whenever possible.

5. Use a Virtual Private Network (VPN) and private browsing mode: A VPN hides your IP address, helping to obscure your location and online activity, making it harder for websites to track you. Combined with private browsing or incognito mode, this reduces the amount of data companies can collect about your online activity. Using a VPN service can also enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. 

While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices

6. Regular app cleanup: Uninstall apps you no longer use to reduce passive data collection.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Protect your personal information across the popular platforms mentioned above with these essential privacy adjustments.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

The best way to reduce companies from collecting your data is to remove invasive apps from your phone. Many apps request unnecessary permissions that can track your activity, so deleting them limits exposure. Instead of downloading standalone apps, try using the browser versions of popular social media platforms, as they typically have fewer permissions. 

However, web tracking still exists through cookies and fingerprinting, so using a privacy-focused browser like Brave, Firefox with enhanced tracking protection, or Safari with Intelligent Tracking Prevention (ITP) can further reduce data collection. However, some apps are so deeply integrated that replacing them is difficult. For example, if you use an Android phone, avoiding Google’s ecosystem is nearly impossible. Apple, on the other hand, offers more privacy controls, giving users better options to limit data collection.

Do you check app permissions before installing? How do you decide which permissions are acceptable? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

The healthcare industry has recently been a major target for hackers. You might remember the 2024 Ascension attack, which led to significant disruptions. 

The Change Healthcare breach was also on a massive scale. UnitedHealth initially claimed that 100 million Americans were affected, but later raised that number to 190 million. 

There have been countless other incidents, and now you can add another to the list. Community Health Center, Inc. (CHC), a Connecticut-based federally qualified health center, has disclosed a data breach following a criminal cyberattack on its systems. 

The attack has affected over a million people in the U.S.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

Community Health Center, Inc. (CHC) detected a data breach on Jan. 2 after identifying unusual activity within its computer systems. An investigation confirmed that a skilled hacker had accessed and extracted data but did not delete or lock any information. If CHC's claims are accurate, this is a positive outcome, as hackers often deploy ransomware, a type of attack in which they lock systems and demand payment before restoring access.

In a regulatory filing with the Maine Attorney General’s Office, CHC said that 1,060,936 people were affected by the data breach. The type of information compromised varies depending on an individual’s relationship with CHC. Patient data that may have been accessed includes names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security numbers and health insurance information.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

For individuals who are not regular CHC patients but received COVID-19 services at a CHC clinic, the breached data may include names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity and insurance details if provided. Additional information, such as test dates, results and vaccine details, including type, dose and administration date, may also have been affected. In rare cases, Social Security numbers were also included in the breach.

The organization did not disclose how the hackers gained access to the data or whether proper cybersecurity measures were in place at the time of the breach. While CHC has assured that its systems are no longer at risk, the same cannot be said for its patients, who may now be targets of various cyberattacks.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

CHC said the hacker’s access was terminated within hours, and daily operations were not disrupted. To strengthen cybersecurity, CHC claims it has implemented advanced monitoring software and reinforced system protections. The organization said there is no evidence at this time that the compromised data has been misused.

The health center is offering free identity theft protection services for all patients and COVID-19 service recipients whose Social Security numbers were involved in the breach. The organization is also encouraging individuals whose Social Security numbers were not affected to take additional steps to protect their information.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity, and report any issues immediately to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. An identity theft protection service can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. It can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using an identity theft protection service is that it might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft. 

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

The CHC breach may not be as large as the UnitedHealth attack, but with over a million individuals affected, it’s still a serious incident. Cybercriminals can exploit stolen data in various ways, from identity theft to targeted phishing scams. While CHC has taken steps to secure its systems, those impacted should remain vigilant. Be wary of unexpected emails, calls or messages requesting personal information, and consider monitoring financial and medical accounts for any suspicious activity.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels for the latest tech tips and tricks:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web don’t help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words. 

In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there's probably a solution. 

But bad actors have caught on to this, too. They’re now mimicking Reddit to spread malware that can steal your personal information.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

Hackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services.

On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware.

All these fake pages have the following things in common:

These fake websites were discovered by Sekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware.

According to BleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Hackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password.

But Reddit isn’t the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks.

This type of malware has already played a role in major security breaches, including attacks on PowerSchool, Hot Topic, CircleCI and Snowflake. It’s a growing threat, especially for companies that rely on password-based security.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

1. Be cautious with download links: Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, it’s better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulation—like random characters added to the domain name.

2. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Verify website URLs: Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., ".org" or ".net" instead of the official ".com").

4. Use strong, unique passwords and enable 2FA: A password manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2FA) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here.

5. Keep your software updated: Regularly update your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit.

6. Watch out for malvertising and SEO traps: Hackers manipulate search engine results and run deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true. 

HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY

Hackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but they’re designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals.

Have you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

The chances of your Instagram, X, Facebook, Amazon, Threads, Rumble, Twitch or other accounts getting taken over by spammy bots and data-stealing thieves have never been higher. So, don’t sit there all smug, thinking, "Oh, Kim, that could never happen to me!"

Freebie alert: I’m giving away my latest ebook, "50 Smart Ways to Use AI" (a $9.95 value). Hope it helps you!

A lot of the advice you find online about hacked social media sites and profiles is just plain wrong or, worse, leads to a scammer who promises to get your account back but really just steals your money. Keep reading for advice you can trust.

DON’T SCAM YOURSELF WITH THE TRICKS HACKERS DON’T WANT ME TO SHARE

Step 1: Sign out on every device

It’s alarming to think about someone else’s hands all over your social media account, posting crap on your page. Fully sign out of your account on every device you’re logged in.

Pro tip: Under the Settings section in every social app, you’ll see a list of all (or the most recent) devices signed in. On Facebook, for instance, just click your profile picture > Settings & privacy > Activity log > Where you’re logged in.

This step will often boot more casual hackers piggybacking on automatic sign-ins. They’ll get asked for passwords they don’t have and won’t be able to log in again, so they can’t spam your peeps. But don’t stop here!

Step 2: Change your password

Log into your account on one device and change your password. The account or settings page will have that option, like here on Instagram. If hackers did get your password (maybe from a massive data breach), this will lock them out.

You know the drill: Replace your old password with a strong one. Make it at least 12 characters with a mix of uppercase and lowercase letters, numbers, and symbols. Better yet, have a password manager come up with a great one for you.

THIS CRIME SHOT UP 400% — HOW TO PROTECT YOURSELF

Step 3: Report the hack

Now, hackers should be mostly locked out of your socials. Before you take a deep breath, though, report the hack. This way, your social media platform can help you roll back your hacked messages and freeze your account until you’re sure everything is safe.

Account hacking is so bad, some social media sites have dedicated pages to report the problem. Here’s Facebook’s hacked page, and, no surprise, there’s also an Instagram hacked page and X’s questionnaire.

Step 4: Check for surprise changes

No one likes cleaning the house, but it has to be done. Jump over to your account settings and check for any funny business, like:

I’M A TECH EXPERT: 10 AI PROMPTS YOU’LL USE ALL THE TIME

Step 5: One last thing

Phew, you’re almost done. Be sure to enable two-factor authentication (2FA) for your account. You can get a code via text, but it’s more secure to use an authenticator app. Steps here if you’re new to the 2FA game.

FYI, you can only get 2FA on X if you pay for its $8 monthly Premium service. Annoying.

If you run into any trouble with these steps …

… Or if a hacker got your account suspended, call the social media platform. Keep in mind these companies don’t care about you, so they really don’t want to help you. You’ll have to be persistent. Here’s a list of popular tech numbers. Do not search on Google for these phone numbers.

Reminder, get my newest ebook "50 Smart Ways to Use AI" free right now.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.

Super Bowl LIX is set to take place this Sunday at the Caesars Superdome in New Orleans and is expected to draw a record-breaking audience of 116.8 million viewers, according to PredictHQ. 

While this massive event generates excitement, it also attracts cybercriminals looking to exploit unsuspecting fans. Here are four common ways hackers target football fans leading up to the big game.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Cybercriminals will try to exploit the Super Bowl's reliance on digital ticketing and mobile apps. Fans may receive text messages or social media alerts that appear to be from official payment apps, urging them to "confirm" their information for last-minute ticket upgrades or exclusive merchandise deals. These phishing attempts could lead to fake websites designed to steal banking details.

 HOW TO SCORE A GREAT DEAL ON A TV BEFORE THE SUPER BOWL

Scammers create fake "exclusive raffles" or contests, claiming fans have a chance to win VIP tickets or unique experiences if they pay a small entry fee. These scams often rely on urgency and the fear of missing out. The Better Business Bureau has warned about fraudulent sports betting apps encouraging users to place "guaranteed bets on upcoming games."

TECH THAT’S SURE TO MAKE YOUR SUPER BOWL PARTY A HUGE SUCCESS

Scoring last-minute Super Bowl tickets can feel like a victory until you find out they are fake. Sketchy ticket resellers flood search results and social media with deals that seem too good to be true. Online ticket fraud is becoming increasingly common. While some tickets may be legitimate, many are not, with fans spending hundreds or even thousands of dollars for nothing.

Scammers often utilize automation and artificial intelligence to identify and target potential victims based on the language used in their posts. For instance, scammers search for popular buzzwords and hashtags that people use when looking to buy tickets, such as #SuperBowl, #SuperBowlTickets or #LookingForTickets. They then respond to these posts with messages that contain links to other platforms like WhatsApp, Telegram or Cash App, where they attempt to finalize fraudulent deals.

HOW TO GET YOUR TV GAME-READY FOR THE SUPER BOWL

If a social media ad is offering free NFL tickets or merchandise, there is a catch. These scams appear everywhere, promising fans exclusive giveaways if they cover a small shipping fee or provide personal details. The posts look official, sometimes even using fake endorsements from players or teams, making them easy to fall for. 

Scammers also use cross-platform operations to evade detection and bans by social media platforms. They will identify and initiate communications with you on one social media platform before requesting you switch to another. This is likely an attempt to prevent one social media platform from gaining full insight into fraudulent activity and banning accounts.

The moment you enter your information or payment details, you have handed cybercriminals access to your bank account. And those free tickets or jerseys never arrive. Scammers rely on the excitement of game day to push people into acting without thinking. The truth is simple. If it sounds too good to be true, it probably is.

Finally, scammers may offer massive discounts for Super Bowl tickets to entice you to buy quickly. They may state they just want to sell the tickets "last minute" to justify large, attractive discounts, such as 50% off or more. They may also claim to have a personal or professional reason for not being able to attend the event, such as a family emergency or a work conflict. Scammers often use these excuses to pressure victims into making hasty decisions and transferring money without verifying the tickets.

MOST TALKED ABOUT SUPER BOWL ADS

While scammers will try to prey on Super Bowl fans, you are not completely helpless. Dave Lewis, Global Advisory CISO at 1Password, shared some tips on staying safe leading up to the games. These are not complicated strategies, just simple cybersecurity practices that are easy to follow.

1) Buy tickets from trusted sources: Only purchase from official sites/apps and other reputable channels. Double-check URLs to avoid lookalike sites (which are designed to mimic legitimate event pages). Platforms like Facebook Marketplace, Eventbrite and Nextdoor are also hot spots for scams, so be cautious of sellers "requiring a deposit" through peer-to-peer financial apps like Cash App, Venmo or Zelle.

2) Watch out for event-related phishing attacks: If a deal seems too good to be true, it probably is. Cybercriminals often time their phishing attacks around large events like the Super Bowl, offering fake discount tickets, VIP experiences, free food vouchers, etc. Always verify offers through the event’s official website or app and never agree to anything over the phone. Double-check the sender’s email address and hover over links before clicking to ensure they lead to legitimate event sites. 

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Keep your phone software and apps updated: Regularly update your device’s operating system (i.e., iOS, macOS, Windows, Android, others). "While constant notifications can be an annoyance at the moment, these updates are essential for keeping your devices secure," Lewis said. If you’re not sure how to get started, check out this extensive guide on how to update all your devices.

4) Use strong, unique passwords and enable two-factor authentication (2FA): Create complex passwords for all your accounts, especially those related to ticket purchases or event information. Use a password manager to generate and store these securely. Enable 2FA wherever possible, particularly for email and payment accounts. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. For the Super Bowl, this is especially crucial for any official NFL or ticketing apps you might be using.

5) Be wary of QR codes: While convenient, QR codes can be exploited by hackers for malicious purposes. Only scan QR codes from trusted sources, such as the official event organizer. If unsure, check for signs of tampering, like stickers placed over legitimate codes or poor print quality. When in doubt, don’t scan it. As a precaution, always keep your antivirus software running to prevent malware infections from scanning a scam QR code. If you don’t have antivirus software, check out my top recommendations here.

6) Beware of scammers using social engineering techniques: For example, they may encourage you to transfer money immediately as they allegedly have other prospective buyers. They may also use emotional appeals, such as sympathy, guilt or urgency, to manipulate you into making a decision. Scammers often use these tactics to pressure victims into paying before verifying the tickets.

7) Be wary of individuals showing receipts or proof of purchase: This is not a guarantee that an individual is in possession of a ticket, and it can be easily faked. Scammers can use fake receipts to convince victims that they bought the tickets from legitimate sources, such as Ticketmaster, StubHub or SeatGeek.

8) Exercise caution when interacting with individuals asking for you to "name your price" or are selling below ticket value: This may be a sign that they are trying to lure you into a scam with a too-good-to-be-true offer. Scammers often use this strategy to attract victims who are looking for cheap or affordable tickets.

9) Be cautious when interacting with people claiming to sell tickets on behalf of a friend or family member: This may provide an excuse for scammers using compromised bank accounts with the account holder's name different from the social media account being used. Scammers often use this pretext to explain the discrepancy between the names on the accounts.

10) Review the account’s recent history: Some scammers may claim to be selling tickets to multiple high-profile events, such as sports games, music concerts and conferences at one time. This may indicate that they are running a large-scale scam operation and are not genuine sellers. Scammers often post multiple ads for different events on the same or different platforms, using the same or similar images and descriptions.

11) Exercise caution and validate ownership: Do this even when purchasing items from friends or friends of friends on social media. A family member or friend’s account can be compromised and used by a scammer. Friends of the victim can vouch for the account user as a legitimate seller, not realizing the account had been hacked.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Scammers are always looking for new ways to take advantage of football fans, especially during major events like the Super Bowl. Whether it is fake ticket sales, phishing scams or bogus giveaways, the risks are real. You can easily avoid becoming a victim of these types of attacks by staying vigilant and being cautious of emails and links that ask for personal information.

Do you think the NFL or other major sports leagues are doing enough to protect fans from these scams? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Almost everything you do online asks for your email. If you have been using the same one for a while, chances are hundreds or even thousands of services have it. They send promotional messages, social media alerts, newsletters and more, turning your inbox into complete chaos. You can tame this madness using an email alias.

An email alias helps declutter your inbox by organizing emails based on their purpose. For example, you can create specific aliases for shopping, newsletters or work and set up filters to sort these messages into separate folders automatically. 

Aliases also help manage spam. If an alias starts receiving too many unwanted messages, you can disable it without affecting your main email.

Let’s dive into how to create an email alias on different platforms, including Gmail, Outlook and iCloud. 

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Gmail doesn’t allow you to create a completely separate alias, but it offers workarounds using "+ addressing" or by adding dots to your existing email address. However, these methods don’t prevent an unscrupulous sender from seeing your primary address, so exercise caution when using them with untrusted correspondents. Follow the steps below to get started.

Use your existing Gmail address and add a "+" followed by any keyword before "@gmail.com."

Example: If your email is yourname@gmail.com, you can use:

No additional setup is needed, just start using this alias when signing up for services or sharing your email.

Gmail ignores dots (.) in email addresses, so you can create variations of your email:

Example: If your email is yourname@gmail.com, you can use:

All variations will deliver emails to your main inbox automatically.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Outlook.com allows you to create additional email addresses (aliases) that are linked to your primary account. Emails sent to an alias will arrive in your primary inbox, and you can send messages using the alias as well.

If your primary email is johnsmith@outlook.com, you can create an alias like john.smith123@outlook.com. Emails sent to john.smith123@outlook.com will still go to johnsmith@outlook.com, but you can choose to send emails using either address.

Steps to create an alias:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Once added, you can send emails using your alias by selecting it in the From field when composing a new message.

Important limitations to note:

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Apple allows you to create up to three email aliases through iCloud. These aliases can be used for specific purposes, helping you manage your inbox effectively. Here’s how to create one:

It's important to note that you can still create up to three email aliases through iCloud. Remember that while these aliases provide some flexibility, they do not create separate Apple IDs or completely hide your primary iCloud email address.

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

While many email providers offer basic alias functionality, most have significant limitations. Gmail's "+" addressing and dot tricks, Outlook's linked aliases and Apple's iCloud aliases all provide some flexibility, but they often fall short of true privacy protection.

For those of you seeking comprehensive email privacy and robust alias management, my No. 1 pick for private and secure email platforms contains no ads, no tracking and powerful privacy features like password-protected email and unlimited disposable email addresses. See my review of the best secure and private email services here.

Protecting your inbox from scammers requires a combination of smart practices and proactive tools. Using email aliases is an effective first step. By creating specific aliases for different activities, such as shopping, subscriptions or work, you can track where spam is coming from and deactivate problematic aliases as needed. Below are some other steps to take.

1. Avoid sharing your primary email address publicly on forums, social media or other platforms to minimize exposure. Most email providers offer robust spam filters, so ensure they are enabled and customize them as needed

GET FOX BUSINESS ON THE GO BY CLICKING HERE

2. Invest in personal data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

3. Enable two-factor authentication on all your email accounts to add an extra layer of security.

4. Be cautious of suspicious links and attachments. Never click on links or download attachments from unknown senders, as these could be phishing attempts.

5. Use strong antivirus software to protect against potential malware that might come through spam emails. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Regularly update your email password and make it strong and unique, avoiding common words or easily guessable combinations. Consider using a password manager to generate and store complex passwords.

These steps will provide a more comprehensive approach to protecting your inbox from scammers and reducing unwanted emails.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Taking charge of your inbox doesn’t have to be overwhelming. By implementing the tips and tools mentioned above, you’ll create a more secure, efficient and manageable email experience. Whether you’re battling spam or organizing your digital life, email aliases and secure services are great things to put into place.

Which email platform do you use most often, and how do you organize your messages there? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

UnitedHealth’s Change Healthcare unit suffered a data breach in February 2024, the news of which surfaced Feb. 21. 

Initially reported to have affected around 100 million individuals, the U.S. health insurance giant has now revealed that the actual number is significantly higher: 190 million. This makes it the largest breach of medical data in U.S. history, affecting nearly half the country’s population. 

A breach of this magnitude can have devastating consequences for the American people as malicious actors could exploit the data for a range of attacks if it finds its way to the dark web.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

UnitedHealth confirmed on Friday, Jan. 24, 2025, that the ransomware attack on its Change Healthcare unit affected approximately 190 million people in the United States. The company had previously estimated the number of affected individuals to be around 100 million in its preliminary analysis filed with the Office for Civil Rights, a division of the U.S. Department of Health and Human Services that investigates data breaches.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

UnitedHealth stated that the majority of those impacted have already been notified, either directly or through substitute notice. The final tally of affected individuals will be confirmed and submitted to the Office for Civil Rights at a later date.

The company tells CyberGuy it is "not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis." However, UnitedHealth did not disclose when it became aware of the additional 90 million victims, how the revised figure was determined or what changes led to the updated number.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

The cyberattack on Change Healthcare in February caused widespread disruptions across the U.S. healthcare sector, as the company took its systems offline to contain the breach. This shutdown impacted critical services such as claims processing, payments and data sharing, which many healthcare providers rely on.

The stolen data varied by individual but included a broad range of personal and sensitive information, such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport details.

Plus, hackers may have accessed health-related information, including diagnoses, medications, test results, imaging records, care and treatment plans, and health insurance details. Financial and banking information tied to claims and payment data was also reportedly compromised.

The breach was the result of a ransomware attack carried out by ALPHV/BlackCat, a Russian-speaking ransomware and extortion group. The attack, a form of malware intrusion, locks victims out of their data unless a ransom is paid. ALPHV/BlackCat later took credit for the attack.

During a House hearing in April, Change Healthcare admitted that the breach was made possible due to inadequate security measures, specifically the absence of two-factor authentication to protect its systems.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity and immediately report any issues to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

It’s surprising that a company of UnitedHealth’s scale failed to implement even basic cybersecurity measures when handling customer data. A breach affecting 190 million people – nearly half of the U.S. population – is staggering, leaving almost anyone at risk of becoming a target for hackers. While the company is still assessing the full extent of the breach, you can take precautions now by being cautious with any unknown links or unsolicited calls. Bad actors may use a variety of tactics to cause harm.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A sophisticated phishing campaign exploiting Google Calendar has been uncovered by Check Point Software Technologies, raising alarms among cybersecurity experts. 

Cybercriminals are sending fake meeting invitations that appear legitimate, redirecting victims to phishing sites and mimicking Google's platforms to steal sensitive information. 

This emerging threat is particularly concerning given the widespread use of Google Calendar, which serves more than 500 million users globally in 41 languages. Researchers have identified nearly 4,000 phishing attempts in a matter of weeks, impersonating more than 300 reputable brands.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Hackers leverage the trust in Google's services to carry out their attacks. Victims receive seemingly authentic meeting invites via Google Calendar. Upon clicking links within these invites, they are taken to fake web pages that prompt them to input personal data. Once compromised, this information can be used for identity theft, financial fraud and unauthorized access to other accounts. Security experts warn that attackers are now using AI to craft highly convincing fake invitations, making it even harder to spot the fraud. Reacting to the findings from Check Point, a spokesperson for Google said:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

"We recommend users enable the 'Only If The Sender Is Known' setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past."

ASK KURT: HOW TO NAVIGATE GOOGLE’S PRIVACY SETTINGS

Google has introduced the "known senders" feature in Google Calendar to combat sophisticated phishing attempts. This setting helps you filter out potentially malicious calendar invites. Here's how to enable it:

This ensures that only events from contacts, your organization or previous interactions are automatically added to your calendar.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW ONE MAN GOT SCAMMED IN SECONDS USING GOOGLE

To further protect yourself from phishing scams, follow these steps.

Scrutinize unexpected invites carefully: Examine the sender's details, including their name, domain and email address, for any inconsistencies or signs of spoofing.

Avoid clicking suspicious links or downloading attachments from unknown sources: Threat actors often embed malicious links in calendar invites that can lead to phishing websites designed to steal your personal information.

Use strong antivirus software: This provides an additional defense mechanism against malware and can help detect potential phishing attempts before they cause damage. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Enable two-factor authentication (2FA) for your Gmail account: 2FA adds an extra layer of security that can prevent unauthorized access, even if your credentials are compromised.

Keep your security settings up to date: Regularly review and adjust your calendar and email settings to protect against evolving phishing tactics.

HOW A WRONG GOOGLE SEARCH CAN COMPROMISE YOUR DATA AND BRING LAW ENFORCEMENT CALLING

As phishing tactics evolve, cybercriminals are exploiting trusted platforms like Google Calendar to bypass traditional security measures. This underscores the importance of user vigilance and proactive security practices. By enabling the "known senders" setting and implementing additional security measures, you can significantly reduce the risk of falling victim to calendar-based phishing scams.

What digital security challenges have you encountered recently? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A new scam has come to light targeting residents across the United States with text messages that pretend to be from toll road operators. For many who receive these messages, it’s an easy and expensive trap to fall into.

The scam begins when people receive a message claiming they have unpaid tolls and may be charged fines. Scammers then ask for card details and a one-time password sent via SMS to steal their money. Security researchers believe that Chinese smishing groups are behind this scam, selling SMS-based phishing kits to thousands of scammers.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

As reported by KrebsOnSecurity, the scam begins with a text message claiming to be from a toll road operator, such as E-ZPass or SunPass. The message warns about unpaid tolls and the possibility of fines, forcing recipients to act quickly. Victims are directed to a fake website mimicking the toll operator’s site, where they are asked to provide sensitive information, including payment card details and one-time passwords. 

Security researchers have traced the scam to Chinese smishing groups known for creating and selling sophisticated SMS phishing kits. One such kit, "Lighthouse," makes it easy for scammers to spoof toll road operators in multiple states. These kits are designed to trick users into sharing financial information, which is then used to commit fraud. 

Reports of these phishing attacks have surfaced across the U.S., targeting users of toll systems like EZDriveMA in Massachusetts, SunPass in Florida and the North Texas Toll Authority in Texas. Similar scams have been reported in states including California, Colorado, Connecticut, Minnesota and Washington. The phishing pages are mobile-optimized and won’t load on non-mobile devices, making them even more deceptive.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Recent advancements in phishing kits include better deliverability through integration with Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters. These methods increase the likelihood of victims receiving and engaging with fraudulent messages. The phishing sites are operated dynamically in real time by criminals, making them harder to detect and shut down. Even individuals who don’t own a vehicle have reported receiving these messages, indicating random targeting.

THAT APPLE ID DISABLED MESSAGE? IT'S A DANGEROUS SCAM

By staying vigilant and following the steps below, you can protect yourself from falling victim to toll scams. 

1) Verify directly with toll operators: If you receive a message about unpaid tolls or fines, do not click on any links. Instead, visit the official website of your toll operator or contact their customer service directly to verify the claim.

2) Install strong antivirus software: The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Do not share personal information: Never provide sensitive details like payment card information, Social Security numbers or one-time passwords via text or unverified websites. Legitimate toll operators will not request such information through SMS.

4) Enable two-factor authentication (2FA): Use 2FA for your accounts whenever possible. This adds an extra layer of protection by requiring two forms of verification, reducing the risk of unauthorized access even if some details are compromised.

5) Be wary of urgency in messages: Scammers often create a sense of urgency, claiming immediate action is required to avoid penalties. Take a moment to assess the situation and verify the legitimacy of the message through official channels.

6) Report suspicious messages: If you suspect a phishing attempt, report it to the Federal Trade Commission or the FBI's Internet Crime Complaint Center. Include details like the sender’s phone number and any links in the message. Additionally, inform your mobile carrier to help block similar scams.

7) Use a personal data removal service: Employ a reputable data removal service to reduce your online footprint and minimize the risk of scammers obtaining your personal information. These services can help remove your data from various data broker sites, making it harder for scammers to target you with personalized scams. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

It’s deeply concerning how these scams are becoming increasingly sophisticated and widespread. It’s no longer just about random phishing attempts. These are carefully crafted schemes designed to exploit our trust in systems we rely on daily. The fact that scammers can impersonate toll road operators so convincingly is alarming, and it shows how vulnerable we are to such attacks. It frustrates me to think of how many people may fall victim to these tactics, losing their hard-earned money.

Have you recently received a suspicious text message claiming to be from a toll road operator or any other service? How did you react? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Did you know that identity theft happens every 22 seconds? This means that, by the time you finish reading this sentence, someone has likely had their identity stolen. At best, identity theft will steal away your time and patience. But more often, identity theft leads to severe consequences, like losing control over your financial accounts, having your credit score affected or even losing lifelong savings.

However, you don't have to be a statistic. By understanding how identity thieves operate and implementing smart protection strategies, you can make your personal data a fortress that's too challenging for cybercriminals to breach. Drawing from the Federal Trade Commission's (FTC) latest Identity Theft Awareness Week insights, I'll walk you through expert-backed strategies to shield your most valuable asset: your identity.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

With so much of our lives having moved online, identity thieves are having an easier time than ever. Your most important accounts – banking, credit, Social Security – are all digital. Thieves don’t need to know much about you to steal your identity, just a few pieces of personal information can be enough. According to the Bureau of Justice Statistics, 24 million Americans reported identity theft in the past 12 months. In their lifetime, 1 in 3 Americans (more than 110 million people) have experienced identity theft. Here’s the part many people don’t realize: You might have already been a target. Maybe your identity was stolen, and the thieves failed, or maybe your good online habits saved you without you even knowing, which brings us to the next lesson: prevention.

THINK YOU'RE SAFE? IDENTITY THEFT COULD WIPE OUT YOUR ENTIRE LIFE’S SAVINGS

You don’t need to spend a fortune to guard against identity theft. While professional services can be helpful, most of what you need comes down to better habits and awareness. Here are some simple steps you can take today:

1) Check your accounts regularly: Review your bank, credit card and Social Security accounts for transactions you didn’t make, failed login attempts and password reset requests you didn’t initiate.

2) Keep an eye on your mail: Look for letters regarding accounts you didn’t open, notices of data breaches and transaction summaries that don’t match your records.

3) Monitor your email inbox: Be alert for password reset emails you didn’t request, confirmation of new accounts you didn’t open, receipts for purchases you didn’t make.

4) Use two-factor authentication (2FA): 2FA adds extra layers of security to your accounts. Even if a thief has your password, they won’t be able to log in without a second step, like a code sent via text message or app-based verification. While logging in might take an extra moment, it’s worth it; 2FA dramatically increases account security.

5) Check your credit report annually: Visit AnnualCreditReport.com to get your free credit report once a year. Use it to spot suspicious activity early. If you see something unusual, take action right away.

6) Use strong passwords: Use complex passwords and a password manager to secure your online accounts. Strong passwords are your first line of defense against cyber threats.

7) Stop oversharing: Limit the personal information you share on social media and other platforms. It’s a treasure trove for cybercriminals who use it to craft convincing fraud campaigns targeted specifically at you.

10 SIGNS YOUR IDENTITY HAS BEEN COMPROMISED

Nearly half of Americans don’t know how to respond if they fall victim to identity theft. Acting quickly can make a huge difference. Here’s what to do:

1) Contact the affected institution: Contact the company immediately if you notice something unusual, like a suspicious charge or an unfamiliar account. They’ll guide you through securing your account.

2) Change your passwords: Update the password for the affected account and any others using the same credentials. Use strong, unique passwords for each account to avoid further risks.

3) Report the theft to the FTC: Visit IdentityTheft.gov to report identity theft and get personalized recovery steps.

4) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Data breaches often start with personal information that’s readily available online. People search sites and data brokers collect and sell this information, including your name, address, phone number and more. Can you get your data removed? Yes, but it’s tricky. These companies don’t make it easy, and managing removal requests for hundreds of sites can be overwhelming. 

Instead, consider using a personal data removal service. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

CELLPHONE NIGHTMARE LEADS TO PORTED NUMBERS, IDENTITY THEFT, FIGHT FOR RECOVERY

Look, identity theft is scary, but you're not helpless. By staying smart and proactive, you can dramatically reduce your risks. Think of protecting your identity like locking your front door: It's just good common sense in today's digital world. At the end of the day, a little awareness goes a long way, and you've already taken the first step by reading this article. Now, take what you've learned and apply it to keep you safe from cybercriminals.

What situation have you found yourself in where you felt vulnerable to identity theft or needed help protecting your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

In an alarming development, cybercriminals have devised a new method to circumvent Apple's built-in phishing protection for iMessage, potentially exposing you to malicious links and scams. This sophisticated tactic exploits a security feature designed to protect you, turning it into a vulnerability that could lead to significant personal and financial risks.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Apple's iMessage automatically disables links in messages from unknown senders as a security measure. However, cybercriminals have found a way to exploit this protection. By instructing you to reply to the message, often with a simple "Y," the attackers can re-enable previously disabled links. This seemingly innocuous action not only activates the links but also signals to the scammers that they've found an engaged target for future attacks.

HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

Apple defines social engineering as a targeted attack that employs impersonation, deception, and manipulation to gain access to personal data. Scammers often pose as representatives of trusted companies, using sophisticated tactics to persuade individuals to disclose sensitive information, such as passwords and financial details. Here are some of those sneaky tactics:

The messages typically end with instructions like: "(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari)."

THE ONE SIMPLE TRICK TO HELP KEEP OUT CYBER CREEPS ON IPHONE

This new tactic is part of a broader trend of smishing (SMS phishing) attacks targeting mobile users. With the increasing reliance on smartphones for various activities, including financial transactions and personal communications, these attacks pose a significant threat to users' security and privacy.

DOES MY IPHONE NEED ANTIVIRUS PROTECTION?

To safeguard against these sophisticated phishing attempts, consider the following steps.

1) Never reply to suspicious messages: Avoid responding to texts from unknown senders, especially those asking you to reply to activate links. Additionally, make sure to delete suspicious text messages and block the sender to prevent further attempts. Since the sender is not in your contact list, you can click Report Junk at the bottom of the text. Then click Delete and Report Junk. This will report the conversation as junk by sending it to your wireless carrier and Apple using your phone number.

2) Verify sender identity: Contact organizations directly through official channels if you're unsure about a message's legitimacy.

3) Be skeptical of urgency: Scammers often use urgent language to prompt quick, thoughtless actions.

4) Enable message filtering: Use your device's built-in filtering options to sort messages from unknown senders. Here are the steps:

This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently.

5) Use two-factor authentication (2FA): 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.

6) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

7) Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to obtain your contact information, potentially preventing them from sending you these deceptive iMessage phishing texts in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

If you suspect you've fallen victim to a smishing attack:

One of the best parts of some identity theft protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

This latest trick targeting iMessage users serves as a reminder that even seemingly secure systems can be vulnerable to social engineering. By remaining cautious and following best practices for digital security, you can significantly reduce your risk of falling victim to these sophisticated phishing attempts.

What other cybersecurity challenges have you encountered with your mobile devices, and what questions do you have for us? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Nowadays, almost every app you download asks for location permissions, meaning it wants to track where you are and your movements. For an app like Google Maps, requesting location access makes perfect sense. It's also reasonable for apps like Uber or DoorDash, which rely on location for their services. 

However, many apps that have nothing to do with location still ask for it, and we often grant these permissions without thinking twice. When you give an app access to your location, that data is stored and, in some cases, might even be sold. According to Texas Attorney General Ken Paxton, this practice is not uncommon. 

A recent lawsuit filed by Paxton alleges that the insurance company Allstate collected and sold the location data of 45 million Americans' smartphones.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

In a press release, Paxton announced that he had sued Allstate and its subsidiary, Arity, for unlawfully collecting, using and selling data about the location and movements of Texans' cellphones. The data was gathered through secretly embedded software in mobile apps, such as Life360. "Allstate and other insurers then used the covertly obtained data to justify raising Texans’ insurance rates," the press release stated.

The insurance provider allegedly collected trillions of miles' worth of location data from more than 45 million Americans nationwide. The data was reportedly used to build the "world’s largest driving behavior database." When customers sought a quote or renewed their coverage, Allstate and other insurance companies allegedly used the database to justify raising car insurance premiums.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Paxton claims the actions violated the Texas Data Privacy and Security Act. The lawsuit alleges customers were not clearly informed their data was being collected and did not consent to the practice.

"Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software," said Paxton. "The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable."

We reached out to Allstate and Arity for comments. A rep for the Allstate Corporation provided CyberGuy with this statement: "Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations."

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Car manufacturers have also been accused of selling similar data to insurance companies. Last year, Paxton sued General Motors for allegedly collecting and selling the private driving data of more than 1.5 million Texans to insurance companies without their knowledge or consent. In addition to insurance companies, data brokers are frequent buyers of customer data. Critics say these brokers fail to adequately protect the information, leaving it vulnerable to hackers. Earlier this month, hackers claimed to have breached Gravy Analytics, a major location data broker and the parent company of Venntel, which is known for selling smartphone location data to U.S. government agencies.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

1. Avoid installing the insurance company’s app: Many insurance companies encourage users to download their apps to "simplify" claims, payments or policy management. However, these apps often collect and track your location data under the guise of improving their services. If the app is not absolutely essential, manage your account through the company’s website or contact customer service directly instead.

2. Don’t give location permissions unnecessarily: When an app requests location access, ask yourself whether it genuinely needs this information to function. For example, a weather app may need approximate location data, but a flashlight app does not.  Always choose "Deny" or "Allow only while using the app" unless absolutely necessary. Most modern devices also allow you to provide an approximate location rather than a precise one, which is a safer option when location access is unavoidable.

3. Review and manage app permissions regularly: Over time, you may forget which apps have been granted permissions. Regularly go through your device’s app settings to check and adjust permissions. On most devices, you can access this under settings > privacy > app permissions (specific steps vary by operating system). Revoke access for any apps that don’t need it or seem suspicious.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Turn off location services when not in use: Keep location services off when you don’t need them. This reduces the chances of apps or devices tracking you passively in the background. For tasks like mapping or food delivery, turn location services on temporarily, then turn them off when you’re done. For added security, avoid connecting to public Wi-Fi networks, which can also be used to track your location indirectly.

5. Use privacy-focused tools and apps: Invest in tools designed to safeguard your privacy. Virtual private networks (VPNs) can mask your location online and prevent unwanted tracking while browsing.  VPNs will also protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

If Allstate is indeed unlawfully collecting and selling people’s location data, Attorney General Paxton is right to hold them accountable by filing a lawsuit. In an era where cybercriminals exploit every opportunity to scam individuals, companies that fail to protect customer data are unacceptable and should face consequences. Data has become the new oil, and everyone seems eager to exploit it — often at the expense of ordinary people. Businesses that prioritize profits over privacy erode trust and put consumers at risk, making it crucial to enforce strict accountability for such practices.

Do you think companies like Allstate should be required to make their data practices crystal clear to customers? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Can’t remember the last time you turned your phone off? Is Bluetooth always on? Do you plug into any charger you can find?

Win a pair of $329 Ray-Ban Meta smart glasses. Enter here, no purchase necessary!

If you answered yes to any of these questions, the NSA says you’re playing a crapshoot with your privacy. The National Security Agency’s purpose is to listen and collect communications from satellites, cellphones and anywhere else, really. 

THESE MISTAKES COULD TANK YOUR CREDIT SCORE

Let’s take a deeper look at five smartphone rules they use that you can, too.

1. Restart your phone once a week

It’s dead simple and absolutely worth doing. Turn off your phone, wait 10 seconds, then turn it back on. This works to combat zero-click exploits where a hacker can get in simply by sending you the right code.

Heads up: A restart won’t work for other types of malware. If your phone becomes infected, you’ll need to do a full factory reset.

2. Disable Bluetooth when you don’t need it

Bluetooth works similarly to Wi-Fi and cellular networks but performs simpler tasks at shorter ranges. You don’t need a cellular signal or network connection to use Bluetooth, and it doesn’t use data. And like any other connection, it’s not 100% safe.

Hackers and scammers must be close to you to use Bluetooth to hijack your phone. But in just about any public space, you’re arm’s length from strangers.

The NSA’s advice: Turn off Bluetooth when you’re not using it. It’ll help battery life, too.

Airplane mode also disables Bluetooth and Wi-Fi, among other things, so it works in a pinch — but you won’t receive calls or texts.

THE STEP I TAKE TO CLEAR MY INBOX EVERY JANUARY

3. Skip public USB ports

In spaces like the airport or coffee shop, hackers can use them to install malware or steal your data. Now, actual cases of juice jacking are rare in the U.S. but it’s still a real threat. They happen through USB connections, so if a kiosk has actual power outlets to charge your phone using your own adapter, you’re good to go.

Stay away from USB ports of any size, especially when traveling overseas. USB standards are international, and foreign hackers can target USB ports in hotels or rentals to steal your data, even if you’re not using a kiosk.

More and more public kiosks have wireless charging pads instead of USBs. This method doesn’t exchange data directly with your phone, so it’s virus-free by default. 

If you’re desperate for juice, you can use a USB connection safely … with the right cable. Pack a charge-only cable for your trip. They’re cheap and compact, and they don’t allow for data transfers.

4. Don’t use public Wi-Fi

It's a playground for snoopers. Public Wi-Fi is open to everyone, and every device is susceptible, whether it’s your smartphone, laptop or tablet.

Just because a public Wi-Fi network pops up and asks if you want to join doesn’t mean it’s legitimate. If you’re at a coffee shop or hotel, ask an employee for the specific name of their Wi-Fi network. Scammers will sometimes create networks called "Coffee Shop" or "Hotel Guest" to make you believe you’re connecting to the real thing when, actually, you’re not.

Here’s a good rule of thumb: If it requires a username and password to log in, you should only access that site from your own private network. If you do need to access sensitive sites or info on a public network, don’t do it without a VPN enabled.

AI ISN’T GOING ANYWHERE: PROMPTS TO MAKE LIFE EASIER

5. Cover your mic and camera

The NSA says it’s best to use a protective case that drowns out your microphone and covers your camera when you’re not using it.

In "hot-miking" attacks, hackers activate your microphone without you knowing it so they can listen into your conversations. It happens when your device has been compromised in some way, usually through malware or an app that’s exploiting permissions you granted. Most folks aren’t targets for attacks like this, but I’d rather be safe than sorry.

Start with app permissions to check what access you’ve handed out:

It’s not just hackers to worry about. Most of what you type, say, search and buy is being tracked in one way or another.

The only unhackable layer of security is physically blocking the sound or camera feed. There are expensive cases out there that do the job, or you can buy a mic blocker for around $10. 

It slides into your headphone port to stop recording. You’ll need an adapter unless your phone still has an audio jack. For a cheaper DIY option, grab your oldest corded headphones, snip them off and plug that into an adapter.

Pro tip: When your phone’s microphone is on or was recently accessed, you’ll see a small orange dot at the top of the screen. You’ll see a green dot if your camera is in use or was recently recording. 

While this is on your mind, go a step further. Here’s a quick 5-minute phone cleanup I like to do a few times a year.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved. 

If your healthcare data hasn't been breached in 2024, then you either don't know it yet or should consider yourself very lucky. 

That's because 2024 was a nightmare year for healthcare institutions and patients in the U.S. A total of 184,111,469 records were breached. That's 53% of the 2024 population of the United States. 

This staggering figure represents a significant increase from previous years, setting a new and alarming record in healthcare data breaches. 

The healthcare sector faced unprecedented challenges in cybersecurity, with attacks becoming more frequent, sophisticated and damaging than ever before.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Being admitted to a hospital is stressful enough. It caused additional stress for the 100 million clients of Change Healthcare, whose data was exposed following a breach orchestrated by the BlackCat ransomware group. Not only did the breach expose sensitive health information, but it also caused widespread disruptions in claims processing. Patients and providers across the country faced chaos as the breach impacted their ability to access and pay for healthcare services.

The second significant breach occurred at Kaiser Foundation Health Plan, where the personal data of 13.4 million individuals was compromised. This breach involved unauthorized access and the use of tracking technologies that transmitted user interactions to third parties. 

HACKERS CLAIM MASSIVE BREACH OF COMPANY THAT TRACKS AND SELLS AMERICANS' LOCATION DATA

You’ll receive a notification letter, although be aware that it may take months before it reaches you (as was the case for victims of the Ascension Health data breach). The consequences are real and can be very painful. Medical identity theft directly affects patients' health and safety. It happens when criminals use stolen personal health information to obtain medical services or medications under another person’s name. It can result in incorrect medical records being created that can include inaccurate diagnoses, allergies or treatments. 

And as you may have guessed, it can also result in financial repercussions, such as patients getting fraudulent claims and bills for services they did not receive. Resolving these issues with insurers and healthcare providers takes time and mental strength. And you’re probably not in a hurry to see your breached healthcare provider ever again. That’s normal. A study has shown that up to 54% of patients consider switching providers after a data breach.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

ARE DATA BROKERS ENDANGERING YOUR RETIREMENT SECURITY?

Sensitive health information can easily be combined with personal identifiers from data brokers, creating comprehensive profiles that criminals can exploit. As a reminder, data brokers are companies that specialize in collecting, processing and selling personal information from various sources, including public records, online activities and social media. 

They aggregate this data to create detailed consumer profiles that can be sold to marketers, insurance companies and other entities for various purposes. The more detailed the profile, the higher the chance of identity theft and potential discrimination in employment and insurance. Employers might make hiring decisions based on perceived health risks, while insurers could deny coverage or increase premiums.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

You can’t prevent a data breach, but you can minimize its consequences by reducing your digital footprint overall.

1. Set your social media to private: Restrict access to your personal information and limit what strangers can see about your life and potentially your health status. Ensure your privacy settings are robust and regularly updated to prevent unauthorized data collection.

2. Remove your personal data from data brokers’ databases: Either by searching for your name on people search sites and requesting removals, one by one, or by using a data removal service. Data removal services automate data removal for you and let you track where exactly your data has been found and whether it was removed, not only on people search sites, which are public data brokers, but also on hidden, private databases where you can’t look yourself up (and these are the worst).

Once your data is removed, data removal services monitor data brokers for your data and remove it again as needed (because it has a tendency to be re-listed after a while). This way, you prevent data broker companies from compiling a full profile on you and selling it to the first bidder, whether that’s a hacker, a marketing agency or an insurance company. Check out my top picks for data removal services here.

3. Delete all unused apps on your phone: Unused applications can be hidden gateways for data leakage and potential security vulnerabilities. Regularly audit and remove apps that you no longer use or need.

4. Check the permissions of the ones you want to keep: Review each app's access to your personal data, location and device features to ensure you're not inadvertently sharing more information than necessary. Be particularly cautious with health and fitness tracking applications.

5. Use a VPN (virtual private network) when browsing: Encrypt your online activities and mask your digital location to add an extra layer of anonymity and protection. A reliable VPN can help shield your personal information from potential interceptors and data miners. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

The reality of healthcare data breaches is daunting, but it’s not entirely out of your control. While you can’t prevent breaches from happening, you can take steps to minimize the risks and protect your personal information. Think of it as adding locks to your digital doors: set your social media to private, use a VPN and clean up unused apps. Remember, the less information you leave out there, the harder it is for bad actors to exploit it. Stay vigilant and don’t let your data become someone else’s advantage.

How do you feel about the growing risks to your personal information, and what steps have you taken to protect your data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

The unveiling of the Skyrider X1, which claims to be the "world’s first amphibious flying passenger motorcycle," has certainly stirred up excitement. 

This innovative vehicle promises to change how we think about personal mobility by combining land and air travel in one sleek design.

Developed by Rictor, a sub-brand of the Chinese company Kuickwheel, the Skyrider X1 marks a big progression from Rictor's previous product, the K1 e-bike. Transitioning from an electric bicycle to a flying motorcycle is no small feat, and it shows Rictor's ambition to push the boundaries of eco-friendly and energy-efficient transportation.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

The Skyrider X1 features amphibious functionality, allowing it to operate on both land and water, although some skeptics are curious about how well it will perform in real-world conditions. This vehicle can reach speeds of up to 62 mph (100 km/h) and offers flight times of around 25 minutes for the base model with a 10.5-kWh battery. The premium version, equipped with a 21-kWh battery, boasts up to 40 minutes of flight time.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Made from lightweight carbon fiber composites and aviation-grade aluminum, the Skyrider X1 balances durability with flight capability. It also incorporates smart technology that includes automatic route planning to determine optimal flight paths based on your destination and real-time adaptability that adjusts altitude, speed and direction according to weather conditions.

CHINESE AUTO GIANT WANTS TO MAKE FLYING CARS YOUR NEXT COMMUTE OPTION

Safety is a top priority for Rictor in the design of the Skyrider X1. The vehicle includes triple-redundant flight control systems that ensure safe operation even if an engine fails. Additionally, it features an integrated emergency parachute for added peace of mind.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

AN ELECTRIC AIRCRAFT THE MILITARY HAS ITS EYES ON CAN TAKE OFF WITH ONLY 150 FEET OF RUNWAY

With an expected price tag of around $60,000, the Skyrider X1 aims to make personal air travel more accessible compared to other eVTOL options. By blending performance with affordability, Rictor hopes to bring flying within reach for more people.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

As cities grow and traffic congestion worsens, innovative solutions like the Skyrider X1 could become essential. This vehicle not only aims to ease urban travel but also promotes sustainable options in personal transportation. With advancements in battery technology and autonomous systems, eVTOL vehicles may soon transform how we navigate our environments.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

The Skyrider X1 is a glimpse into a future where flying could actually be part of our everyday lives. Imagine zipping through the skies instead of sitting in traffic. It sounds pretty cool, right? However, there are still some big questions to tackle about how this will all work in practice. We need to think about safety and whether it can really handle the demands of real-world travel. So, while the idea of flying motorcycles is exciting, we’ll have to wait and see how they fit into real-world scenarios.

So, what do you think? Would you be ready to hop on a flying motorcycle like the Skyrider X1? Let us know what you think by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.