Every tech expert will tell you the App Store is safer than Google Play Store. Some might even claim it is impossible to download a malicious app from the App Store, but they are wrong. 

While I admit the App Store is a secure and tightly controlled ecosystem, it cannot completely shield you. Security researchers have found that hackers are targeting several apps on the App Store to spread malware that steals information from screenshots saved on a device. 

The issue also affects those downloading apps from the Google Play Store.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

According to researchers at Kaspersky, this malware campaign is more advanced than typical info stealers, both in how it works and how it spreads. Instead of relying on social engineering tricks to get users to grant permissions like most banking trojans or spyware, this malware hides inside seemingly legitimate apps and slips past Apple and Google’s security checks.

One of its standout features is Optical Character Recognition. Instead of stealing stored files, it scans screenshots saved on the device, extracts text and sends the information to remote servers.

Once installed, the malware operates stealthily, often activating only after a period of dormancy to avoid raising suspicion. It employs encrypted communication channels to send stolen data back to its operators, making it difficult to trace. Plus, it spreads through deceptive updates or hidden code within app dependencies, an approach that helps it evade initial security screenings by app store review teams.

The infection vectors vary between Apple and Google’s ecosystems. On iOS, the malware is often embedded within apps that initially pass Apple’s rigorous review process but later introduce harmful functionality through updates. On Android, the malware can exploit sideloading options, but even official Google Play apps have been found to carry these malicious payloads, sometimes hidden within SDKs (software development kits) supplied by third-party developers.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

The scope of stolen information is alarming. This malware primarily targets crypto wallet recovery phrases but is also capable of exfiltrating login credentials, payment details, personal messages, location data and even biometric identifiers. Some versions are designed to harvest authentication tokens, allowing attackers to access accounts even if users change their passwords.

The apps serving as malware carriers include ComeCome, ChatAi, WeTink, AnyGPT and more. These range from productivity tools to entertainment and utility apps. In some cases, malicious developers create these apps with full knowledge of the malware’s purpose. In others, the issue appears to be a supply chain vulnerability, where legitimate developers unknowingly integrate compromised SDKs or third-party services that introduce malicious code into their applications.

We reached out to Apple for a comment but did not hear back before our deadline. 

Apple has removed the 11 iOS apps mentioned in Kaspersky's report from the App Store. Furthermore, they discovered that these 11 apps shared code signatures with 89 other iOS apps, all of which had been previously rejected or removed for violating Apple's policies, resulting in the termination of their developer accounts.

Apps requesting access to user data such as Photos, Camera or Location must provide relevant functionality or face rejection. They must also clearly explain their data usage when prompting users for permission. iOS privacy features ensure users always control whether their location information is shared with an app. Also, starting in iOS 14, the PhotoKit API — which allows apps to request access to a user’s Photos library — added additional controls to let users select only specific photos or videos to share with an app instead of providing access to their entire library. 

The App Store Review Guidelines mandate that developers are responsible for ensuring their entire app, including ad networks, analytics services and third-party SDKs, complies with the guidelines. Developers must carefully review and choose these components. Apps must also accurately represent their privacy practices, including those of the SDKs they use, in their privacy labels.

In 2023, the App Store rejected over 1.7 million app submissions for failing to meet its stringent privacy, security and content standards. It also rejected 248,000 app submissions found to be spam, copycats or misleading and prevented 84,000 potentially fraudulent apps from reaching users.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

A Google spokesperson tells CyberGuy: 

"All of the identified apps have been removed from Google Play and the developers have been banned. Android users are automatically protected from known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services."

However, it is important to note that Google Play Protect may not be enough. Historically, it isn't 100% foolproof at removing all known malware from Android devices. Here’s why:

HOW SCAMMERS USE YOUR PERSONAL DATA FOR FINANCIAL SCAMS AND HOW TO STOP THEM

1. Use strong antivirus software: Installing strong antivirus software can add an extra layer of protection by scanning apps for malware, blocking suspicious activity and alerting you to potential threats. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Stick to trusted developers and well-known apps: Even though malware has been found in official app stores, users can still minimize their risk by downloading apps from reputable developers with a long track record. Before installing an app, check its developer history, read multiple reviews and look at the permissions it requests. If an app from an unknown developer suddenly gains popularity but lacks a strong review history, approach it with caution.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Review app permissions carefully: Many malicious apps disguise themselves as legitimate tools but request excessive permissions that go beyond their stated purpose. For example, a simple calculator app should not need access to your contacts, messages or location. If an app asks for permissions that seem unnecessary, consider it a red flag and either deny those permissions or avoid installing the app altogether. Go to your phone settings and check app permissions on your iPhone and Android. 

4. Keep your device and apps updated: Cybercriminals exploit vulnerabilities in outdated software to distribute malware. Always keep your operating system and apps updated to the latest versions, as these updates often contain critical security patches. Enabling automatic updates ensures that you stay protected without having to manually check for new versions.

5. Be wary of apps that promise too much: Many malware-infected apps lure users by offering features that seem too good to be true — such as free premium services, extreme battery optimizations or AI-powered functionality that appears unrealistic. If an app’s claims sound exaggerated or its download numbers skyrocket overnight with questionable reviews, it’s best to avoid it. Stick to apps with a transparent development team and verifiable functionalities. 

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

The new malware campaign highlights the need for stricter vetting processes, continuous monitoring of app behavior post-approval and greater transparency from app stores regarding security risks. While Apple and Google have removed the malicious apps upon detection, the fact that they made it onto the platform in the first place exposes a gap in the existing security framework. As cybercriminals refine their methods, app stores must evolve just as quickly or risk losing the trust of the very users they claim to protect.

Do you think app stores should take more responsibility for malware slipping through? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

"Love is blind" takes on a more sinister meaning when so-called artificial intelligence (AI) becomes a tool for exploiting our deepest human emotions. 

Convincing AI technologies are increasingly targeting mature online daters, turning fantasies into lucrative and dangerous criminal enterprises.

Romance scams have become the most common type of fraud in 2025 and have swindled would-be lovers out of over $1.3 billion in the United States alone. Just last year, the world heard the cautionary tale of a 53-year-old French woman who lost $850,000 to a convincing AI deepfake of Brad Pitt.

GET SECURITY ALERTS + EXPERT TECH TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

The scammers had wooed her for over 8 months with realistic (yet fake) images, voice calls, videos and even multiple social media accounts. Similarly, a 67-year-old from San Diego was tricked out of her life savings when an AI impostor gang posed as Keanu Reeves, also raising awareness about romance scams impacting the elderly. The worst side of both stories is that the fraudsters haven’t been caught, and the victims’ financial institutions did little to help them recover their funds.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

AI-powered romance scams have become far more sophisticated than "traditional" scams. Criminals use a variety of AI tools together with advanced tactics to create deeply personalized and remarkably realistic digital identities. Unlike traditional scams relying on generic scripts, these AI-powered approaches can generate nuanced, contextually appropriate conversations that adapt in real time to victims' emotional state and personal background. In short, romance scams have become so dangerous because they use multiple advanced methods.

AI-driven romance conversations are increasingly challenging for both victims and traditional anti-fraud mechanisms to detect. Spotting and preventing these scams can be tricky, but privacy experts recommend some tried-and-true ways.

BEST VALENTINE’S DAY GIFTS 2025

Spotting and preventing these sophisticated AI-driven scams can be tricky, but staying informed can help you avoid becoming a victim. By being vigilant, verifying identities and recognizing red flags, you can navigate online dating safely while protecting your finances and personal information. Here are some things to look out for:

STOP THESE V-DAY SCAMS BEFORE THEY BREAK YOUR HEART AND YOUR BANK ACCOUNT

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Your personal information is a scammer’s best tool. This includes your phone number, email and other contact details that allow them to reach you, as well as information like the celebrities you follow, your family members and even the type of content you engage with online to tailor the perfect attack. As scams become more sophisticated and reliant on loads of data, it’s more important than ever to take proactive measures to safeguard your personal information.

1. Vigilance in online dating: In the digital world, not everyone is who they claim to be. Be wary of potential romantic interests who ask for money or gifts or those who want to move the relationship along too quickly. Keep your personal and financial information private and never share it with someone you haven't met in person.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

2. Verify the identity: Request additional information or proof to verify their identity, such as video chatting or meeting in person if possible. Exercise caution before getting emotionally invested in someone you haven't met in real life.

3. Research and verify: Conduct an online search using the person's name, email address or phone number to see if any suspicious or fraudulent activities are associated with them. Reverse image search their profile pictures to check if they are stolen from elsewhere on the internet. You can also reverse-search their phone number for free by following the instructions found here.

4. Privacy settings: Keep your social media profiles private so only those you trust can see what’s going on in your life.

5. Limit sharing: Adjust the privacy settings on all of your online accounts and apps to limit data collection and sharing.

6. Use reputable dating platforms: Stick to well-known and reputable dating websites or apps with security measures to help protect their users from scams. These platforms often have guidelines for safe online dating and report suspicious users.

7. Invest in personal information removal services: I highly recommend you remove your personal information that can be found on various people search sites across the web. If you give someone your email address or phone number, they could potentially reverse-search your information and get your home address. Check out my top picks for data removal services here.

AI-powered romance scams have become a serious threat, exploiting our deepest emotions for financial gain. As you navigate the digital dating landscape, it's crucial to stay vigilant and protect yourself from these sophisticated schemes. Remember, if something seems too good to be true, it probably is. Trust your instincts, take things slow and always prioritize your safety and financial well-being.

How has the rise of AI-powered romance scams changed your approach to online dating or your views on digital relationships? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

iCloud scams are becoming increasingly sophisticated, targeting unsuspecting users with urgent messages about their accounts. Our team recently received two suspicious iCloud emails. We want to share our experience and provide comprehensive steps on how to identify and protect yourself from these scams.

GET SECURITY ALERTS + EXPERT TECH TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

iCloud scams typically follow a pattern designed to create a sense of urgency and fear. Let's break down the two emails our team received below. Here is the urgent wording that the scammers used, "Payment Failure for iCloud Storage Renewal" and "iCloud Suspended. Fix it before Mon, 13 January 2025." Both emails share common characteristics of phishing attempts, including urgent language, threats of account suspension or data loss, requests to update payment information, links to external websites and vague or incorrect account details. These emails are crafted to look legitimate, often mimicking Apple's branding and tone. However, they contain several red flags that indicate they are scams.

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

To protect yourself from falling victim to these scams, look out for these telltale signs:

If you receive a suspicious email claiming to be from Apple or iCloud, follow these steps:

THAT APPLE ID DISABLED MESSAGE? IT'S A DANGEROUS SCAM

Follow these steps if you think you may have fallen for an iCloud scam.

1) Change your Apple ID password immediately: Ensure you create a strong, unique password that you haven't used on other accounts.

2) Check for any unauthorized changes to your account settings or payment information: Go to account.apple.com and review any devices, personal information or security settings that look unfamiliar.

3) Contact Apple Support directly through official channels for assistance: Forward the suspicious email to reportphishing@apple.com or abuse@icloud.com to help Apple track and block these scams.

4) Monitor your financial accounts for any suspicious activity: If you provided payment information, cancel and replace your credit card immediately and pay close attention to even small unauthorized charges.

5) Consider placing a fraud alert on your credit reports: Report the scam to the Federal Trade Commission and Internet Crime Complaint Center to help combat these fraudulent activities.

6) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

FBI’S NEW WARNING ABOUT AI-DRIVEN SCAMS THAT ARE AFTER YOUR CASH

Remember, Apple will never ask you to provide personal information, passwords or security codes via email, text message or phone call. If you're ever in doubt about the legitimacy of a communication from Apple, always err on the side of caution and contact Apple directly through their official website or support channels. By staying vigilant and following these guidelines, you can better protect yourself from iCloud scams and keep your personal information secure. Don't let the urgency of these messages cloud your judgment. Take a moment to verify before you act, and you'll be much safer in the long run.

Have you ever been targeted by an iCloud or Apple-related scam? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

If there is one corporation that is targeted by scammers more than anyone else, it is Microsoft. From customer support scams to impersonation and phishing attacks, the company’s services are constantly under threat. Recently, even Russia-sponsored hackers managed to breach Microsoft and steal sensitive information.

While Microsoft services as a whole are prime targets, one that stands out is Teams. The collaboration tool is used by more than 300 million people worldwide, making it a goldmine for attackers. Hackers are using it to spread phishing, vishing and quishing campaigns, relying on social engineering tactics to trick victims into sharing private and sensitive data.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Cybercriminals are increasingly targeting Microsoft Teams users with sophisticated attack methods. One such technique involves malicious GIF images that exploit worm-like vulnerabilities, allowing attackers to take over accounts and infiltrate chat sessions when the image is opened. 

Hackers also insert malware-laden files into chat threads, tricking users into downloading DLL files that enable system takeover. Phishing campaigns leverage compromised accounts or domains to send deceptive invitations, luring victims into downloading harmful files. 

Some attackers use email bombing and vishing, posing as tech support to overwhelm users with spam emails before tricking them into granting remote access. Compromised email addresses and stolen Microsoft 365 credentials provide another entry point for unauthorized access. 

Plus, external access settings in Microsoft Teams, which often allow outside users to initiate chats or meetings, can be exploited if not properly restricted. Another common tactic is sending phishing links through Teams chats, often disguised as invoices or payment notifications, leading to ransomware infections.

9 WAYS SCAMMERS CAN USE YOUR PHONE NUMBER TO TRY TO TRICK YOU

Scammers have been running fake job schemes for a while, but their tactics keep evolving. Lately, I reported how fake job emails are being used to install crypto mining software that slows down computers. Now, they are using Microsoft Teams chat to trick people. 

It usually starts with an email about a job followed by a suggestion to do the interview over Teams. The first red flag is that the entire interview happens over chat with no video and no call. After that, you are "hired" and asked to submit your details, often through a Google Doc requesting personal info like your social security or tax number. Some victims are even asked to buy equipment for the job, pay a hiring fee or purchase gift cards, which are classic signs that the whole thing is a scam.

SPOTIFY PLAYLISTS ARE BEING HIJACKED TO PROMOTE PIRATED SOFTWARE AND SCAMS

1) Avoid opening suspicious links and attachments: Be cautious of unsolicited links or attachments, especially in chat messages or emails. Cybercriminals often use these to deliver malware or phishing links. Never click on links that seem unusual or come from unknown sources.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Check for red flags in job offers: If you receive a job offer that seems too good to be true or involves an interview conducted entirely via chat with no phone call or video meeting, it's likely a scam. Legitimate companies typically conduct interviews using multiple forms of communication. 

A job offer that insists on only text-based conversations is a major red flag. Other warning signs include being asked to provide personal information through Google Docs, being asked to pay for equipment, paying fees to secure the job or purchasing gift cards as part of the hiring process.

3) Use strong, unique passwords: Ensure your Microsoft 365 and other accounts are protected with strong passwords. Consider using two-factor authentication to add an extra layer of protection against unauthorized access. Also, you might want to use a password manager to generate and store complex passwords.

4) Be cautious with personal information: Never share sensitive personal details, like social security numbers or tax information, through unsecured or unsolicited channels, such as Google Docs or messages on Teams. Always verify the legitimacy of such requests.

5) Report suspicious activity: If you notice any suspicious activity on your Microsoft Teams account or receive unusual job offers, report it immediately. Prompt action can prevent a potential breach or further compromise. Notify your IT department or relevant authorities so they can investigate and take appropriate measures.

6) Verify IT support requests: Be cautious of unsolicited messages or calls claiming to be from IT support, especially those asking you to install software or grant remote access. Cybercriminals often impersonate IT staff to deploy ransomware or steal sensitive data. Always verify such requests with your actual IT department before taking any action. If in doubt, contact your IT team directly using official channels, not through the message or call you received.

ENERGY-SAVING SCAM USES ELON MUSK’S NAME – HERE’S THE TRUTH

Scammers and hackers are not slowing down, so staying sharp is the only way to stay ahead. If something feels off, like a job that sounds too good to be true, a random Teams message with a sketchy link or an interview that is just a chat, trust your instincts. You should always be careful with external messages and invites that you to receive on Microsoft Teams. Even if it seems like it is from someone you know, it is best to double-check, especially if it involves a file, a link or an invitation to a chat you were not expecting to receive.

Should Microsoft be doing more to prevent phishing and impersonation scams on Teams? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

If something is free, you’re the product being sold. This is especially true for most online services we use. For example, Google’s primary source of revenue is ads. They make money by collecting data about you and me and selling targeted advertising to companies, which then show us products relevant to our interests.

You might have noticed that the moment you search for a product on Google, you start seeing ads for it on Facebook. The same applies to apps like Instagram, Threads and LinkedIn. In fact, research shows that the apps collecting the most data about you are also among the most widely used. 

Let’s look at the top 20 of them and explore how you can take control of your personal information.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Apps collect all sorts of data about you, but let’s get one thing straight. Not all data collection is bad. Some apps genuinely need access to certain information to function properly. For example, Uber stores your location data to help you find a ride faster, while WhatsApp requires access to your contacts so you can send messages.

The real issue is data collection that serves no purpose other than showing you ads or selling your information to third parties. According to Marin Marinčić, head of IT Infrastructure at Nsoft, the top 20 most invasive apps collect data that is not necessary for their core functions.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Leading the list is Meta with all four of its major apps. Facebook, Messenger, Instagram and Threads share 68% of collected data with third parties while also using it for targeted ads. LinkedIn follows, sharing around 37% of user data, with Amazon in third place, followed by YouTube.

What makes this concerning is how deeply embedded these apps are in our daily lives, making it nearly impossible to find alternatives or avoid data collection altogether.

The list also includes Elon Musk’s X at No. 5, followed by Uber Eats, PayPal, Uber, Google and Amazon Prime Video. TikTok, despite ongoing scrutiny over its data policies, ranks 14th. While many of these names were expected, one surprising entry is the mobile game Candy Crush, which uses 28% of collected data for ads. You can find the full list in the image below.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Avoiding data collection is nearly impossible if you use the apps above. The only way to dodge these invasive apps is to switch to apps that respect your privacy. While it may seem impossible to replace some of the biggest platforms, there are alternatives that collect little to no unnecessary data.

Switching to these alternatives may require some effort, but it is the best way to limit how much of your personal data is being collected. Taking control of your privacy starts with making conscious choices about the apps you use.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW TO GET RID OF ROBOCALLS WITH APPS AND DATA REMOVAL SERVICES

If you’re not able to delete the apps listed above, follow the simple steps below to minimize how much information is being collected and shared.

1. Review app permissions: Most apps request access to data they do not actually need. Go to your phone settings and check app permissions on your iPhone and Android. Disable access to location, microphone, contacts and other sensitive data unless absolutely necessary.

2. Turn off ad personalization: Many companies track your online activity to show targeted ads. You can limit this by disabling ad personalization in Google, Facebook, and other accounts. This reduces the amount of data collected about your interests and behavior.

3. Limit social media tracking: Social media platforms track your activity even when you are not using them. Adjust privacy settings to restrict data collection.

4. Avoid signing in with Google or Facebook: Many websites offer login options using Google or Facebook. While convenient, this shares even more data with these platforms. Instead, create separate accounts using email whenever possible.

5. Use a Virtual Private Network (VPN) and private browsing mode: A VPN hides your IP address, helping to obscure your location and online activity, making it harder for websites to track you. Combined with private browsing or incognito mode, this reduces the amount of data companies can collect about your online activity. Using a VPN service can also enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. 

While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices

6. Regular app cleanup: Uninstall apps you no longer use to reduce passive data collection.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

Protect your personal information across the popular platforms mentioned above with these essential privacy adjustments.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

The best way to reduce companies from collecting your data is to remove invasive apps from your phone. Many apps request unnecessary permissions that can track your activity, so deleting them limits exposure. Instead of downloading standalone apps, try using the browser versions of popular social media platforms, as they typically have fewer permissions. 

However, web tracking still exists through cookies and fingerprinting, so using a privacy-focused browser like Brave, Firefox with enhanced tracking protection, or Safari with Intelligent Tracking Prevention (ITP) can further reduce data collection. However, some apps are so deeply integrated that replacing them is difficult. For example, if you use an Android phone, avoiding Google’s ecosystem is nearly impossible. Apple, on the other hand, offers more privacy controls, giving users better options to limit data collection.

Do you check app permissions before installing? How do you decide which permissions are acceptable? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover

Follow Kurt on his social channels

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com.  All rights reserved.

The healthcare industry has recently been a major target for hackers. You might remember the 2024 Ascension attack, which led to significant disruptions. 

The Change Healthcare breach was also on a massive scale. UnitedHealth initially claimed that 100 million Americans were affected, but later raised that number to 190 million. 

There have been countless other incidents, and now you can add another to the list. Community Health Center, Inc. (CHC), a Connecticut-based federally qualified health center, has disclosed a data breach following a criminal cyberattack on its systems. 

The attack has affected over a million people in the U.S.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

Community Health Center, Inc. (CHC) detected a data breach on Jan. 2 after identifying unusual activity within its computer systems. An investigation confirmed that a skilled hacker had accessed and extracted data but did not delete or lock any information. If CHC's claims are accurate, this is a positive outcome, as hackers often deploy ransomware, a type of attack in which they lock systems and demand payment before restoring access.

In a regulatory filing with the Maine Attorney General’s Office, CHC said that 1,060,936 people were affected by the data breach. The type of information compromised varies depending on an individual’s relationship with CHC. Patient data that may have been accessed includes names, dates of birth, addresses, phone numbers, email addresses, diagnoses, treatment details, test results, Social Security numbers and health insurance information.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

For individuals who are not regular CHC patients but received COVID-19 services at a CHC clinic, the breached data may include names, dates of birth, phone numbers, email addresses, addresses, gender, race, ethnicity and insurance details if provided. Additional information, such as test dates, results and vaccine details, including type, dose and administration date, may also have been affected. In rare cases, Social Security numbers were also included in the breach.

The organization did not disclose how the hackers gained access to the data or whether proper cybersecurity measures were in place at the time of the breach. While CHC has assured that its systems are no longer at risk, the same cannot be said for its patients, who may now be targets of various cyberattacks.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

CHC said the hacker’s access was terminated within hours, and daily operations were not disrupted. To strengthen cybersecurity, CHC claims it has implemented advanced monitoring software and reinforced system protections. The organization said there is no evidence at this time that the compromised data has been misused.

The health center is offering free identity theft protection services for all patients and COVID-19 service recipients whose Social Security numbers were involved in the breach. The organization is also encouraging individuals whose Social Security numbers were not affected to take additional steps to protect their information.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET 

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity, and report any issues immediately to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. An identity theft protection service can monitor personal information like your Social Security number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. It can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using an identity theft protection service is that it might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft. 

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

The CHC breach may not be as large as the UnitedHealth attack, but with over a million individuals affected, it’s still a serious incident. Cybercriminals can exploit stolen data in various ways, from identity theft to targeted phishing scams. While CHC has taken steps to secure its systems, those impacted should remain vigilant. Be wary of unexpected emails, calls or messages requesting personal information, and consider monitoring financial and medical accounts for any suspicious activity.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels for the latest tech tips and tricks:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Sometimes, when you need an answer to a complex life situation or a way to troubleshoot an error on your computer, regular articles on the web don’t help. Some issues are so niche that no one writes about them, and those who do often say nothing useful in 1,000 words. 

In these cases, adding Reddit to your search query can be a game changer. Nine times out of 10, someone on Reddit has faced the same issue, and there's probably a solution. 

But bad actors have caught on to this, too. They’re now mimicking Reddit to spread malware that can steal your personal information.

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

Hackers are distributing nearly 1,000 fake websites mimicking Reddit and WeTransfer to spread the Lumma Stealer malware. These sites are designed to trick you into downloading malicious software by imitating legitimate discussions and file-sharing services.

On these fake Reddit pages, attackers create a fabricated discussion where one user asks for help downloading a tool, another offers a WeTransfer link and a third expresses gratitude to make the exchange seem real. Clicking the link redirects victims to a counterfeit WeTransfer site, where the download button delivers the Lumma Stealer malware.

All these fake pages have the following things in common:

These fake websites were discovered by Sekoia researcher crep1x, who compiled a full list of the pages involved in the scheme. In total, 529 of these sites mimic Reddit, while 407 impersonate WeTransfer to trick users into downloading malware.

According to BleepingComputer, hackers may be driving traffic to these fake pages through methods like malicious ads (malvertising), search engine manipulation (SEO poisoning), harmful websites, direct messages on social media and other deceptive tactics.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Hackers are using fake Reddit pages to spread Lumma Stealer, a powerful malware designed to steal personal data while staying under the radar. Once it infects a device, it can grab passwords stored in web browsers and session tokens, allowing attackers to hijack accounts without even needing a password.

But Reddit isn’t the only way this malware spreads. Hackers also push it through GitHub comments, deepfake websites and shady online ads. Once they steal login credentials, they often sell them on hacker forums, where others can use them for further attacks.

This type of malware has already played a role in major security breaches, including attacks on PowerSchool, Hot Topic, CircleCI and Snowflake. It’s a growing threat, especially for companies that rely on password-based security.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS - CYBERGUY PICKS

1. Be cautious with download links: Avoid downloading files from random Reddit discussions, social media messages or unfamiliar websites. If an unknown user shares the link or seems out of place in the context, it’s better to err on the side of caution. If the link is directing you to a file-sharing site like WeTransfer or Google Drive, double-check the URL for any signs of manipulation—like random characters added to the domain name.

2. Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware originating from these Reddit discussions, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

3. Verify website URLs: Fake websites often look convincing but have slight differences in their URLs. Check for misspellings, extra characters or unusual domains (e.g., ".org" or ".net" instead of the official ".com").

4. Use strong, unique passwords and enable 2FA: A password manager can help generate and store strong passwords for each site. Meanwhile, enabling two-factor authentication (2FA) adds an extra layer of security, making it harder for attackers to hijack your accounts. Get more details about my best expert-reviewed Password Managers of 2025 here.

5. Keep your software updated: Regularly update your operating system, apps, browsers and other software on your PC or mobile devices. Updates often include patches for security vulnerabilities that hackers can exploit.

6. Watch out for malvertising and SEO traps: Hackers manipulate search engine results and run deceptive ads to trick users into visiting fake sites. Stick to official sources and avoid clicking on ads or search results that seem too good to be true. 

HOW TO FIGHT BACK AGAINST DEBIT CARD HACKERS WHO ARE AFTER YOUR MONEY

Hackers are getting sneakier, using fake Reddit and WeTransfer pages to spread dangerous malware like Lumma Stealer. These sites might look real, but they’re designed to steal your personal info. To stay safe, always double-check links and be cautious about downloading files from unfamiliar sources. Use strong, unique passwords, enable two-factor authentication and keep your software updated to stay one step ahead of cybercriminals.

Have you ever encountered a suspicious link on Reddit or social media? How did you handle it? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Those of us old enough to remember traveling before the age of smartphones and mobile internet know we have it pretty good these days. You can find the best flights using comparison sites, choose among hundreds of hotels on a single booking site, get tickets sent to your phone rather than picking them up in person, check in online, order a ride and you’re off. 

All this, of course, comes with downsides and trade-offs. 

Most people’s biggest concerns are "getting hacked," which, when you get down to it, really means "being robbed in ways I don’t quite understand." But that’s one of those risks that, although very real, is unlikely to happen if you take the usual precautions. 

GET SECURITY ALERTS, EXPERT TIPS - SIGN UP FOR KURT’S NEWSLETTER - THE CYBERGUY REPORT HERE

In a time when personal information is said to be worth more than oil, bad actors are often interested in getting their hands on your personal data as much as your money. And a "bad actor" need not be some guy with his hood up, hunched over a laptop in the back of a coffee shop. 

In 2024, for example, ClassAction.org reported on suspicions of major cruise lines illegally sharing consumers’ data with Facebook. Cruise lines RoyalCaribbean.com, CelebrityCruises.com, Princess.com and HollandAmerica.com are suspected of collecting personal information through the sneaky "Meta tracking pixel" and sending it to Facebook without users’ consent. 

Booking.com, a site most of us have used at one time or another, has also had its fair share of problems. The website has been battling waves of hacking attacks aimed at defrauding its customers; it’s faced accusations of not doing enough to protect its customers and has even been fined for failing to disclose a data breach on time. 

Data gathered from these kinds of incidents often ends up circulating online, being added to what was already out there before, just waiting for someone or some company to make use of it.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

THE BEST TRAVEL GEAR FOR 2025

Avoiding cruise lines and booking sites altogether is hardly a practical solution when you need to book a cruise or accommodation. Here are some things you can do to dramatically reduce the risk when booking flights, cruises, vehicles and accommodation.

1. Invest in personal data removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

2. Use personal security caution: Don't sign in to anything using your social media accounts. Sign in with your email instead and be sure to use an email address you've set aside just for these kinds of situations.

3. Do your homework online: Do an online search for the booking website, cruise line or travel agency in question, keeping an eye out for any recent reports of scams or other issues.

4. Check company reputation carefully: Check ClassAction.org, the Better Business Bureau and Trustpilot specifically. This will help you gain comprehensive insights into a company's track record, customer experiences and potential issues.

5. Verify communication legitimacy: Whenever you receive a call, email or text message from a booking service, confirm that it's really them by first checking your account directly and then contacting the company through official, publicly listed channels (not social media).

BEST TRAVEL ADAPTERS OF 2025

Here are some of the "usual precautions" that can protect you from "getting hacked" while traveling.

1. Update all your apps and operating systems before heading off: All those security patches are that much more important while you're traveling. You'll want to download and install all pending updates at least 24-48 hours before your departure, ensuring you have the latest security protections and giving yourself time to troubleshoot any potential update-related issues that might arise. 

2. Lock everything down: Use strong, unique passwords and a reliable password manager to keep track of them.

3. Turn on two-factor authentication where available: Prioritize using authenticator apps over SMS-based codes. This provides a more secure second layer of verification, as authenticator apps are less vulnerable to SIM swapping attacks and interception compared to text message-based authentication. Choose reputable authenticator apps, which generate time-based one-time passwords that change frequently and are tied directly to your device.

4. Keep location services turned off: NFC, Bluetooth and Wi-Fi should also be turned off while you’re not using them. That’ll make your battery last longer as a side benefit.

5. Go dark: Don’t publicly share news of your trip until you’re back. Avoid posting about your vacation on social media or keeping a blog about your adventures, as this information can be used by criminals to piece together a snapshot of your life.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

6. Limit social media use: Scammers and hackers often exploit social media to gather personal information and target travelers. To stay secure, avoid sharing trip details publicly and use a privacy-focused messaging app like Signal to stay in touch with family and friends.

7. Use privacy-focused browsers: You should consider using browsers like Brave or Firefox with privacy extensions. Enabling "do not track" settings and utilizing private/incognito mode can provide an extra layer of digital protection.

8. Disable automatic Wi-Fi and Bluetooth connections: Disable settings that automatically connect to networks and manually select and verify networks before connecting. This prevents your device from inadvertently joining potentially unsecured networks.

9. Use encrypted messaging and email: Protect your private communications by using services that offer end-to-end encryption for both messaging and email. These platforms ensure your data remains secure from unauthorized access, with features like encryption for non-users, multifactor authentication and tracking protection. See my review of the best secure and private email services here.

10. Travel with minimal digital gear: Consider bringing a "travel-only" phone or laptop with minimal personal data.

11. Be cautious of public charging stations: Avoid using public USB charging ports that could potentially compromise your device. Instead, carry a portable phone charger with you.

12. Monitor your accounts: Set up transaction alerts on financial accounts and use credit cards with strong fraud protection. Regularly check your accounts while traveling to quickly detect any suspicious activity.

13. Bring your own internet access with you: Find a local or international SIM, a mobile hot spot and a trusted VPN (virtual private network) service for those times you can’t help but use public Wi-Fi. Using a VPN can enhance your privacy by encrypting your internet traffic, making it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, helping to obscure your location and online activity. While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

5 WAYS TO SECURELY ACCESS WI-FI ON YOUR PHONE WHILE TRAVELING

There’s plenty of good advice out there when it comes to avoiding public Wi-Fi and protecting your documents while traveling. To really stay safe, though, it’s important to start thinking about your data privacy and data security before even booking your trip. It doesn’t take much when all is said and done, but it could make a huge difference to how you remember your trip for years to come.

When was the last time technology made your travel more stressful instead of easier? What happened? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Super Bowl LIX is set to take place this Sunday at the Caesars Superdome in New Orleans and is expected to draw a record-breaking audience of 116.8 million viewers, according to PredictHQ. 

While this massive event generates excitement, it also attracts cybercriminals looking to exploit unsuspecting fans. Here are four common ways hackers target football fans leading up to the big game.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

Cybercriminals will try to exploit the Super Bowl's reliance on digital ticketing and mobile apps. Fans may receive text messages or social media alerts that appear to be from official payment apps, urging them to "confirm" their information for last-minute ticket upgrades or exclusive merchandise deals. These phishing attempts could lead to fake websites designed to steal banking details.

 HOW TO SCORE A GREAT DEAL ON A TV BEFORE THE SUPER BOWL

Scammers create fake "exclusive raffles" or contests, claiming fans have a chance to win VIP tickets or unique experiences if they pay a small entry fee. These scams often rely on urgency and the fear of missing out. The Better Business Bureau has warned about fraudulent sports betting apps encouraging users to place "guaranteed bets on upcoming games."

TECH THAT’S SURE TO MAKE YOUR SUPER BOWL PARTY A HUGE SUCCESS

Scoring last-minute Super Bowl tickets can feel like a victory until you find out they are fake. Sketchy ticket resellers flood search results and social media with deals that seem too good to be true. Online ticket fraud is becoming increasingly common. While some tickets may be legitimate, many are not, with fans spending hundreds or even thousands of dollars for nothing.

Scammers often utilize automation and artificial intelligence to identify and target potential victims based on the language used in their posts. For instance, scammers search for popular buzzwords and hashtags that people use when looking to buy tickets, such as #SuperBowl, #SuperBowlTickets or #LookingForTickets. They then respond to these posts with messages that contain links to other platforms like WhatsApp, Telegram or Cash App, where they attempt to finalize fraudulent deals.

HOW TO GET YOUR TV GAME-READY FOR THE SUPER BOWL

If a social media ad is offering free NFL tickets or merchandise, there is a catch. These scams appear everywhere, promising fans exclusive giveaways if they cover a small shipping fee or provide personal details. The posts look official, sometimes even using fake endorsements from players or teams, making them easy to fall for. 

Scammers also use cross-platform operations to evade detection and bans by social media platforms. They will identify and initiate communications with you on one social media platform before requesting you switch to another. This is likely an attempt to prevent one social media platform from gaining full insight into fraudulent activity and banning accounts.

The moment you enter your information or payment details, you have handed cybercriminals access to your bank account. And those free tickets or jerseys never arrive. Scammers rely on the excitement of game day to push people into acting without thinking. The truth is simple. If it sounds too good to be true, it probably is.

Finally, scammers may offer massive discounts for Super Bowl tickets to entice you to buy quickly. They may state they just want to sell the tickets "last minute" to justify large, attractive discounts, such as 50% off or more. They may also claim to have a personal or professional reason for not being able to attend the event, such as a family emergency or a work conflict. Scammers often use these excuses to pressure victims into making hasty decisions and transferring money without verifying the tickets.

MOST TALKED ABOUT SUPER BOWL ADS

While scammers will try to prey on Super Bowl fans, you are not completely helpless. Dave Lewis, Global Advisory CISO at 1Password, shared some tips on staying safe leading up to the games. These are not complicated strategies, just simple cybersecurity practices that are easy to follow.

1) Buy tickets from trusted sources: Only purchase from official sites/apps and other reputable channels. Double-check URLs to avoid lookalike sites (which are designed to mimic legitimate event pages). Platforms like Facebook Marketplace, Eventbrite and Nextdoor are also hot spots for scams, so be cautious of sellers "requiring a deposit" through peer-to-peer financial apps like Cash App, Venmo or Zelle.

2) Watch out for event-related phishing attacks: If a deal seems too good to be true, it probably is. Cybercriminals often time their phishing attacks around large events like the Super Bowl, offering fake discount tickets, VIP experiences, free food vouchers, etc. Always verify offers through the event’s official website or app and never agree to anything over the phone. Double-check the sender’s email address and hover over links before clicking to ensure they lead to legitimate event sites. 

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Keep your phone software and apps updated: Regularly update your device’s operating system (i.e., iOS, macOS, Windows, Android, others). "While constant notifications can be an annoyance at the moment, these updates are essential for keeping your devices secure," Lewis said. If you’re not sure how to get started, check out this extensive guide on how to update all your devices.

4) Use strong, unique passwords and enable two-factor authentication (2FA): Create complex passwords for all your accounts, especially those related to ticket purchases or event information. Use a password manager to generate and store these securely. Enable 2FA wherever possible, particularly for email and payment accounts. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. For the Super Bowl, this is especially crucial for any official NFL or ticketing apps you might be using.

5) Be wary of QR codes: While convenient, QR codes can be exploited by hackers for malicious purposes. Only scan QR codes from trusted sources, such as the official event organizer. If unsure, check for signs of tampering, like stickers placed over legitimate codes or poor print quality. When in doubt, don’t scan it. As a precaution, always keep your antivirus software running to prevent malware infections from scanning a scam QR code. If you don’t have antivirus software, check out my top recommendations here.

6) Beware of scammers using social engineering techniques: For example, they may encourage you to transfer money immediately as they allegedly have other prospective buyers. They may also use emotional appeals, such as sympathy, guilt or urgency, to manipulate you into making a decision. Scammers often use these tactics to pressure victims into paying before verifying the tickets.

7) Be wary of individuals showing receipts or proof of purchase: This is not a guarantee that an individual is in possession of a ticket, and it can be easily faked. Scammers can use fake receipts to convince victims that they bought the tickets from legitimate sources, such as Ticketmaster, StubHub or SeatGeek.

8) Exercise caution when interacting with individuals asking for you to "name your price" or are selling below ticket value: This may be a sign that they are trying to lure you into a scam with a too-good-to-be-true offer. Scammers often use this strategy to attract victims who are looking for cheap or affordable tickets.

9) Be cautious when interacting with people claiming to sell tickets on behalf of a friend or family member: This may provide an excuse for scammers using compromised bank accounts with the account holder's name different from the social media account being used. Scammers often use this pretext to explain the discrepancy between the names on the accounts.

10) Review the account’s recent history: Some scammers may claim to be selling tickets to multiple high-profile events, such as sports games, music concerts and conferences at one time. This may indicate that they are running a large-scale scam operation and are not genuine sellers. Scammers often post multiple ads for different events on the same or different platforms, using the same or similar images and descriptions.

11) Exercise caution and validate ownership: Do this even when purchasing items from friends or friends of friends on social media. A family member or friend’s account can be compromised and used by a scammer. Friends of the victim can vouch for the account user as a legitimate seller, not realizing the account had been hacked.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Scammers are always looking for new ways to take advantage of football fans, especially during major events like the Super Bowl. Whether it is fake ticket sales, phishing scams or bogus giveaways, the risks are real. You can easily avoid becoming a victim of these types of attacks by staying vigilant and being cautious of emails and links that ask for personal information.

Do you think the NFL or other major sports leagues are doing enough to protect fans from these scams? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Generally, iPhones are considered more secure than Android devices. 

Apple’s closed ecosystem and strict App Store policies limit the risk of malware, and its centralized software updates ensure better security. In contrast, Android’s openness allows users to install apps from various sources, and updates are often rolled out at different times, making it more vulnerable to attacks. 

However, iPhones aren’t immune to security flaws. Hackers occasionally find ways to exploit them, as seen in Apple’s latest advisory. The company recently discovered that a vulnerability in iOS had been exploited for over a year. While a fix has now been released, reports suggest that hackers may have already targeted high-value individuals.

GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER — THE CYBERGUY REPORT HERE

Apple has uncovered hackers exploiting a vulnerability in iOS that appears to have been lingering for more than a year. The vulnerability is a "zero-day" flaw, meaning criminals may have already exploited it, according to the latest security advisory from the company. Zero-day flaws like this are especially dangerous because they are exploited before developers can issue fixes. Apple confirmed this marks its first zero-day patch of 2025. The vulnerability affects iPhones dating back to 2018’s XS model, as well as newer iPads, Macs, and even the Vision Pro headset.

The vulnerability, tracked as CVE-2025-24085, resides in Apple’s Core Media framework, a software layer responsible for processing multimedia files. A "use after free" memory corruption error enabled hackers to manipulate the system into executing unstable code, granting them elevated privileges to bypass security protocols. Apple’s advisory suggests hackers weaponized the flaw through malicious apps disguised as legitimate media players. These apps likely abused the Core Media framework by triggering corrupted files, enabling attackers to infiltrate devices.

The attacks reportedly targeted iOS versions predating 17.2, released in December 2023, meaning the vulnerability may have been active since late 2022. Security experts speculate that hackers focused on high-value individuals — such as activists, executives or journalists — to avoid detection. The prolonged stealth of the campaign underscores the challenges of identifying sophisticated, narrowly tailored exploits.

This underscores the critical need for you to update your devices to iOS 17.2 or later, as these versions include essential fixes to safeguard against this actively exploited vulnerability.

HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

In response, Apple has released fixes across its ecosystem, including iOS 18.3, macOS Sequoia, watchOS, tvOS and VisionOS. You should update your devices as soon as possible to stay protected. To install the update on your iPhone or iPad:

Pro Tip: I recommend you click Update Now and also turn on Automatic Updates to stay covered in the future.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

While Apple has patched this issue, it’s a reminder that staying on top of updates is key. Hackers are always looking for security gaps, so keeping your software up to date is one of the best ways to stay safe.

SCAMMERS FOUND A SNEAKY WAY TO BYPASS YOUR IPHONE'S SAFETY FEATURES

Protecting your iPhone requires proactive security measures. By following these seven essential steps, you can significantly reduce the risk of cyber threats and keep your personal information secure.

1. Keep your iPhone updated: I can’t say this enough. Updating your iPhone regularly is one of the most effective ways to protect it from security threats. Apple frequently releases updates that fix vulnerabilities, including critical zero-day flaws. 

2. Download apps only from the App Store: To minimize the risk of installing malware, only download apps from the official App Store. Apple’s strict app review process helps prevent malicious apps from being published, but some threats can still slip through. Always verify app details, check reviews and be cautious about app permissions before installation.

3. Enable lockdown mode for extra protection: For those of you who may be at higher risk, such as journalists or executives, Lockdown Mode provides an additional layer of security. This feature limits certain device functionalities to prevent sophisticated cyberattacks. It can be turned on via Settings > Privacy & Security > Lockdown Mode and is especially useful for those concerned about targeted threats.

4. Enable message filtering: Use your device's built-in filtering options to sort messages from unknown senders. This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently. Here are steps:

GET FOX BUSINESS ON THE GO BY CLICKING HERE

5. Stay cautious of phishing attacks and install strong antivirus software: Phishing remains one of the most common tactics used by hackers. Be cautious when receiving unsolicited messages or emails on your iPhone, especially those with suspicious links or attachments. Always verify the sender before opening anything. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Review your security and privacy settings: Regularly reviewing your iPhone’s security settings can help you maintain strong protection. You should also review app permissions in Settings > Privacy & Security to restrict access to sensitive data, such as location or contacts. Enable Face ID or Touch ID for secure access and turn on two-factor authentication (2FA) for Apple ID and other accounts. 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.

7. Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to obtain your contact information, potentially preventing them from sending you deceptive phishing texts and emails in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

This iOS vulnerability is a serious reminder of the importance of staying up to date with software updates. If you’re using an iPhone from 2018 or later, make sure you’ve updated to iOS 17.2 or later as soon as possible. Hackers exploited a hidden flaw for over a year, using fake media apps to gain access to devices. While Apple has now patched the issue, the fact that it remained undetected for so long is concerning. 

Do you think companies like Apple are doing enough to protect you from cyber threats?  Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Almost everything you do online asks for your email. If you have been using the same one for a while, chances are hundreds or even thousands of services have it. They send promotional messages, social media alerts, newsletters and more, turning your inbox into complete chaos. You can tame this madness using an email alias.

An email alias helps declutter your inbox by organizing emails based on their purpose. For example, you can create specific aliases for shopping, newsletters or work and set up filters to sort these messages into separate folders automatically. 

Aliases also help manage spam. If an alias starts receiving too many unwanted messages, you can disable it without affecting your main email.

Let’s dive into how to create an email alias on different platforms, including Gmail, Outlook and iCloud. 

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Gmail doesn’t allow you to create a completely separate alias, but it offers workarounds using "+ addressing" or by adding dots to your existing email address. However, these methods don’t prevent an unscrupulous sender from seeing your primary address, so exercise caution when using them with untrusted correspondents. Follow the steps below to get started.

Use your existing Gmail address and add a "+" followed by any keyword before "@gmail.com."

Example: If your email is yourname@gmail.com, you can use:

No additional setup is needed, just start using this alias when signing up for services or sharing your email.

Gmail ignores dots (.) in email addresses, so you can create variations of your email:

Example: If your email is yourname@gmail.com, you can use:

All variations will deliver emails to your main inbox automatically.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Outlook.com allows you to create additional email addresses (aliases) that are linked to your primary account. Emails sent to an alias will arrive in your primary inbox, and you can send messages using the alias as well.

If your primary email is johnsmith@outlook.com, you can create an alias like john.smith123@outlook.com. Emails sent to john.smith123@outlook.com will still go to johnsmith@outlook.com, but you can choose to send emails using either address.

Steps to create an alias:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Once added, you can send emails using your alias by selecting it in the From field when composing a new message.

Important limitations to note:

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Apple allows you to create up to three email aliases through iCloud. These aliases can be used for specific purposes, helping you manage your inbox effectively. Here’s how to create one:

It's important to note that you can still create up to three email aliases through iCloud. Remember that while these aliases provide some flexibility, they do not create separate Apple IDs or completely hide your primary iCloud email address.

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

While many email providers offer basic alias functionality, most have significant limitations. Gmail's "+" addressing and dot tricks, Outlook's linked aliases and Apple's iCloud aliases all provide some flexibility, but they often fall short of true privacy protection.

For those of you seeking comprehensive email privacy and robust alias management, my No. 1 pick for private and secure email platforms contains no ads, no tracking and powerful privacy features like password-protected email and unlimited disposable email addresses. See my review of the best secure and private email services here.

Protecting your inbox from scammers requires a combination of smart practices and proactive tools. Using email aliases is an effective first step. By creating specific aliases for different activities, such as shopping, subscriptions or work, you can track where spam is coming from and deactivate problematic aliases as needed. Below are some other steps to take.

1. Avoid sharing your primary email address publicly on forums, social media or other platforms to minimize exposure. Most email providers offer robust spam filters, so ensure they are enabled and customize them as needed

GET FOX BUSINESS ON THE GO BY CLICKING HERE

2. Invest in personal data removal services. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

3. Enable two-factor authentication on all your email accounts to add an extra layer of security.

4. Be cautious of suspicious links and attachments. Never click on links or download attachments from unknown senders, as these could be phishing attempts.

5. Use strong antivirus software to protect against potential malware that might come through spam emails. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6. Regularly update your email password and make it strong and unique, avoiding common words or easily guessable combinations. Consider using a password manager to generate and store complex passwords.

These steps will provide a more comprehensive approach to protecting your inbox from scammers and reducing unwanted emails.

SUBSCRIBE TO KURT’S YOUTUBE CHANNEL FOR QUICK VIDEO TIPS ON HOW TO WORK ALL OF YOUR TECH DEVICES

Taking charge of your inbox doesn’t have to be overwhelming. By implementing the tips and tools mentioned above, you’ll create a more secure, efficient and manageable email experience. Whether you’re battling spam or organizing your digital life, email aliases and secure services are great things to put into place.

Which email platform do you use most often, and how do you organize your messages there? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

UnitedHealth’s Change Healthcare unit suffered a data breach in February 2024, the news of which surfaced Feb. 21. 

Initially reported to have affected around 100 million individuals, the U.S. health insurance giant has now revealed that the actual number is significantly higher: 190 million. This makes it the largest breach of medical data in U.S. history, affecting nearly half the country’s population. 

A breach of this magnitude can have devastating consequences for the American people as malicious actors could exploit the data for a range of attacks if it finds its way to the dark web.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

UnitedHealth confirmed on Friday, Jan. 24, 2025, that the ransomware attack on its Change Healthcare unit affected approximately 190 million people in the United States. The company had previously estimated the number of affected individuals to be around 100 million in its preliminary analysis filed with the Office for Civil Rights, a division of the U.S. Department of Health and Human Services that investigates data breaches.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

UnitedHealth stated that the majority of those impacted have already been notified, either directly or through substitute notice. The final tally of affected individuals will be confirmed and submitted to the Office for Civil Rights at a later date.

The company tells CyberGuy it is "not aware of any misuse of individuals’ information as a result of this incident and has not seen electronic medical record databases appear in the data during the analysis." However, UnitedHealth did not disclose when it became aware of the additional 90 million victims, how the revised figure was determined or what changes led to the updated number.

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

The cyberattack on Change Healthcare in February caused widespread disruptions across the U.S. healthcare sector, as the company took its systems offline to contain the breach. This shutdown impacted critical services such as claims processing, payments and data sharing, which many healthcare providers rely on.

The stolen data varied by individual but included a broad range of personal and sensitive information, such as names, addresses, dates of birth, phone numbers, email addresses and government ID numbers, including Social Security, driver’s license and passport details.

Plus, hackers may have accessed health-related information, including diagnoses, medications, test results, imaging records, care and treatment plans, and health insurance details. Financial and banking information tied to claims and payment data was also reportedly compromised.

The breach was the result of a ransomware attack carried out by ALPHV/BlackCat, a Russian-speaking ransomware and extortion group. The attack, a form of malware intrusion, locks victims out of their data unless a ransom is paid. ALPHV/BlackCat later took credit for the attack.

During a House hearing in April, Change Healthcare admitted that the breach was made possible due to inadequate security measures, specifically the absence of two-factor authentication to protect its systems.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

FROM TIKTOK TO TROUBLE: HOW YOUR ONLINE DATA CAN BE WEAPONIZED AGAINST YOU

1. Remove your personal information from the internet: The breach has exposed sensitive personal data, making it essential to reduce your online footprint. While no service can guarantee complete data removal, a reputable data removal service can significantly limit your exposure. These services systematically monitor and erase your personal information from numerous websites and data brokers. Check out my top picks for data removal services here.

2. Be wary of mailbox communications: With addresses among the compromised data, scammers may exploit this breach to send fraudulent letters. Be aware of mail claiming missed deliveries, account suspensions or security alerts. Always verify the authenticity of such communications before responding or taking action.

3. Be cautious of phishing attempts and use strong antivirus software: Scammers may use your compromised email or phone number to target you with phishing attacks. Be wary of messages asking for personal information or containing suspicious links. To protect yourself, ensure strong antivirus software is installed on all your devices. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

4. Monitor your accounts: Given the scope of this breach, regular monitoring of your bank accounts, credit card statements and other financial accounts is critical. Look for unauthorized transactions or suspicious activity and immediately report any issues to your bank or credit card provider.

5. Recognize and report a Social Security scam: If your Social Security number is exposed, you could become a target for related scams. Official communication regarding Social Security issues usually comes via mail, not phone calls or emails. Learn more about spotting and reporting scams by visiting the Social Security Administration’s scam information page.

6. Invest in identity theft protection: Data breaches happen every day, and most never make the headlines, but with an identity theft protection service, you’ll be notified if and when you are affected. Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

It’s surprising that a company of UnitedHealth’s scale failed to implement even basic cybersecurity measures when handling customer data. A breach affecting 190 million people – nearly half of the U.S. population – is staggering, leaving almost anyone at risk of becoming a target for hackers. While the company is still assessing the full extent of the breach, you can take precautions now by being cautious with any unknown links or unsolicited calls. Bad actors may use a variety of tactics to cause harm.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A sophisticated phishing campaign exploiting Google Calendar has been uncovered by Check Point Software Technologies, raising alarms among cybersecurity experts. 

Cybercriminals are sending fake meeting invitations that appear legitimate, redirecting victims to phishing sites and mimicking Google's platforms to steal sensitive information. 

This emerging threat is particularly concerning given the widespread use of Google Calendar, which serves more than 500 million users globally in 41 languages. Researchers have identified nearly 4,000 phishing attempts in a matter of weeks, impersonating more than 300 reputable brands.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Hackers leverage the trust in Google's services to carry out their attacks. Victims receive seemingly authentic meeting invites via Google Calendar. Upon clicking links within these invites, they are taken to fake web pages that prompt them to input personal data. Once compromised, this information can be used for identity theft, financial fraud and unauthorized access to other accounts. Security experts warn that attackers are now using AI to craft highly convincing fake invitations, making it even harder to spot the fraud. Reacting to the findings from Check Point, a spokesperson for Google said:

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

"We recommend users enable the 'Only If The Sender Is Known' setting in Google Calendar. This setting helps defend against this type of phishing by alerting the user when they receive an invitation from someone not in their contact list and/or they have not interacted with from their email address in the past."

ASK KURT: HOW TO NAVIGATE GOOGLE’S PRIVACY SETTINGS

Google has introduced the "known senders" feature in Google Calendar to combat sophisticated phishing attempts. This setting helps you filter out potentially malicious calendar invites. Here's how to enable it:

This ensures that only events from contacts, your organization or previous interactions are automatically added to your calendar.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

HOW ONE MAN GOT SCAMMED IN SECONDS USING GOOGLE

To further protect yourself from phishing scams, follow these steps.

Scrutinize unexpected invites carefully: Examine the sender's details, including their name, domain and email address, for any inconsistencies or signs of spoofing.

Avoid clicking suspicious links or downloading attachments from unknown sources: Threat actors often embed malicious links in calendar invites that can lead to phishing websites designed to steal your personal information.

Use strong antivirus software: This provides an additional defense mechanism against malware and can help detect potential phishing attempts before they cause damage. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Enable two-factor authentication (2FA) for your Gmail account: 2FA adds an extra layer of security that can prevent unauthorized access, even if your credentials are compromised.

Keep your security settings up to date: Regularly review and adjust your calendar and email settings to protect against evolving phishing tactics.

HOW A WRONG GOOGLE SEARCH CAN COMPROMISE YOUR DATA AND BRING LAW ENFORCEMENT CALLING

As phishing tactics evolve, cybercriminals are exploiting trusted platforms like Google Calendar to bypass traditional security measures. This underscores the importance of user vigilance and proactive security practices. By enabling the "known senders" setting and implementing additional security measures, you can significantly reduce the risk of falling victim to calendar-based phishing scams.

What digital security challenges have you encountered recently? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

A new scam has come to light targeting residents across the United States with text messages that pretend to be from toll road operators. For many who receive these messages, it’s an easy and expensive trap to fall into.

The scam begins when people receive a message claiming they have unpaid tolls and may be charged fines. Scammers then ask for card details and a one-time password sent via SMS to steal their money. Security researchers believe that Chinese smishing groups are behind this scam, selling SMS-based phishing kits to thousands of scammers.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

As reported by KrebsOnSecurity, the scam begins with a text message claiming to be from a toll road operator, such as E-ZPass or SunPass. The message warns about unpaid tolls and the possibility of fines, forcing recipients to act quickly. Victims are directed to a fake website mimicking the toll operator’s site, where they are asked to provide sensitive information, including payment card details and one-time passwords. 

Security researchers have traced the scam to Chinese smishing groups known for creating and selling sophisticated SMS phishing kits. One such kit, "Lighthouse," makes it easy for scammers to spoof toll road operators in multiple states. These kits are designed to trick users into sharing financial information, which is then used to commit fraud. 

Reports of these phishing attacks have surfaced across the U.S., targeting users of toll systems like EZDriveMA in Massachusetts, SunPass in Florida and the North Texas Toll Authority in Texas. Similar scams have been reported in states including California, Colorado, Connecticut, Minnesota and Washington. The phishing pages are mobile-optimized and won’t load on non-mobile devices, making them even more deceptive.

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Recent advancements in phishing kits include better deliverability through integration with Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters. These methods increase the likelihood of victims receiving and engaging with fraudulent messages. The phishing sites are operated dynamically in real time by criminals, making them harder to detect and shut down. Even individuals who don’t own a vehicle have reported receiving these messages, indicating random targeting.

THAT APPLE ID DISABLED MESSAGE? IT'S A DANGEROUS SCAM

By staying vigilant and following the steps below, you can protect yourself from falling victim to toll scams. 

1) Verify directly with toll operators: If you receive a message about unpaid tolls or fines, do not click on any links. Instead, visit the official website of your toll operator or contact their customer service directly to verify the claim.

2) Install strong antivirus software: The best way to safeguard yourself from malicious links is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

3) Do not share personal information: Never provide sensitive details like payment card information, Social Security numbers or one-time passwords via text or unverified websites. Legitimate toll operators will not request such information through SMS.

4) Enable two-factor authentication (2FA): Use 2FA for your accounts whenever possible. This adds an extra layer of protection by requiring two forms of verification, reducing the risk of unauthorized access even if some details are compromised.

5) Be wary of urgency in messages: Scammers often create a sense of urgency, claiming immediate action is required to avoid penalties. Take a moment to assess the situation and verify the legitimacy of the message through official channels.

6) Report suspicious messages: If you suspect a phishing attempt, report it to the Federal Trade Commission or the FBI's Internet Crime Complaint Center. Include details like the sender’s phone number and any links in the message. Additionally, inform your mobile carrier to help block similar scams.

7) Use a personal data removal service: Employ a reputable data removal service to reduce your online footprint and minimize the risk of scammers obtaining your personal information. These services can help remove your data from various data broker sites, making it harder for scammers to target you with personalized scams. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

It’s deeply concerning how these scams are becoming increasingly sophisticated and widespread. It’s no longer just about random phishing attempts. These are carefully crafted schemes designed to exploit our trust in systems we rely on daily. The fact that scammers can impersonate toll road operators so convincingly is alarming, and it shows how vulnerable we are to such attacks. It frustrates me to think of how many people may fall victim to these tactics, losing their hard-earned money.

Have you recently received a suspicious text message claiming to be from a toll road operator or any other service? How did you react? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Did you know that identity theft happens every 22 seconds? This means that, by the time you finish reading this sentence, someone has likely had their identity stolen. At best, identity theft will steal away your time and patience. But more often, identity theft leads to severe consequences, like losing control over your financial accounts, having your credit score affected or even losing lifelong savings.

However, you don't have to be a statistic. By understanding how identity thieves operate and implementing smart protection strategies, you can make your personal data a fortress that's too challenging for cybercriminals to breach. Drawing from the Federal Trade Commission's (FTC) latest Identity Theft Awareness Week insights, I'll walk you through expert-backed strategies to shield your most valuable asset: your identity.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

With so much of our lives having moved online, identity thieves are having an easier time than ever. Your most important accounts – banking, credit, Social Security – are all digital. Thieves don’t need to know much about you to steal your identity, just a few pieces of personal information can be enough. According to the Bureau of Justice Statistics, 24 million Americans reported identity theft in the past 12 months. In their lifetime, 1 in 3 Americans (more than 110 million people) have experienced identity theft. Here’s the part many people don’t realize: You might have already been a target. Maybe your identity was stolen, and the thieves failed, or maybe your good online habits saved you without you even knowing, which brings us to the next lesson: prevention.

THINK YOU'RE SAFE? IDENTITY THEFT COULD WIPE OUT YOUR ENTIRE LIFE’S SAVINGS

You don’t need to spend a fortune to guard against identity theft. While professional services can be helpful, most of what you need comes down to better habits and awareness. Here are some simple steps you can take today:

1) Check your accounts regularly: Review your bank, credit card and Social Security accounts for transactions you didn’t make, failed login attempts and password reset requests you didn’t initiate.

2) Keep an eye on your mail: Look for letters regarding accounts you didn’t open, notices of data breaches and transaction summaries that don’t match your records.

3) Monitor your email inbox: Be alert for password reset emails you didn’t request, confirmation of new accounts you didn’t open, receipts for purchases you didn’t make.

4) Use two-factor authentication (2FA): 2FA adds extra layers of security to your accounts. Even if a thief has your password, they won’t be able to log in without a second step, like a code sent via text message or app-based verification. While logging in might take an extra moment, it’s worth it; 2FA dramatically increases account security.

5) Check your credit report annually: Visit AnnualCreditReport.com to get your free credit report once a year. Use it to spot suspicious activity early. If you see something unusual, take action right away.

6) Use strong passwords: Use complex passwords and a password manager to secure your online accounts. Strong passwords are your first line of defense against cyber threats.

7) Stop oversharing: Limit the personal information you share on social media and other platforms. It’s a treasure trove for cybercriminals who use it to craft convincing fraud campaigns targeted specifically at you.

10 SIGNS YOUR IDENTITY HAS BEEN COMPROMISED

Nearly half of Americans don’t know how to respond if they fall victim to identity theft. Acting quickly can make a huge difference. Here’s what to do:

1) Contact the affected institution: Contact the company immediately if you notice something unusual, like a suspicious charge or an unfamiliar account. They’ll guide you through securing your account.

2) Change your passwords: Update the password for the affected account and any others using the same credentials. Use strong, unique passwords for each account to avoid further risks.

3) Report the theft to the FTC: Visit IdentityTheft.gov to report identity theft and get personalized recovery steps.

4) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

Data breaches often start with personal information that’s readily available online. People search sites and data brokers collect and sell this information, including your name, address, phone number and more. Can you get your data removed? Yes, but it’s tricky. These companies don’t make it easy, and managing removal requests for hundreds of sites can be overwhelming. 

Instead, consider using a personal data removal service. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

CELLPHONE NIGHTMARE LEADS TO PORTED NUMBERS, IDENTITY THEFT, FIGHT FOR RECOVERY

Look, identity theft is scary, but you're not helpless. By staying smart and proactive, you can dramatically reduce your risks. Think of protecting your identity like locking your front door: It's just good common sense in today's digital world. At the end of the day, a little awareness goes a long way, and you've already taken the first step by reading this article. Now, take what you've learned and apply it to keep you safe from cybercriminals.

What situation have you found yourself in where you felt vulnerable to identity theft or needed help protecting your personal information? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

In an alarming development, cybercriminals have devised a new method to circumvent Apple's built-in phishing protection for iMessage, potentially exposing you to malicious links and scams. This sophisticated tactic exploits a security feature designed to protect you, turning it into a vulnerability that could lead to significant personal and financial risks.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

Apple's iMessage automatically disables links in messages from unknown senders as a security measure. However, cybercriminals have found a way to exploit this protection. By instructing you to reply to the message, often with a simple "Y," the attackers can re-enable previously disabled links. This seemingly innocuous action not only activates the links but also signals to the scammers that they've found an engaged target for future attacks.

HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

Apple defines social engineering as a targeted attack that employs impersonation, deception, and manipulation to gain access to personal data. Scammers often pose as representatives of trusted companies, using sophisticated tactics to persuade individuals to disclose sensitive information, such as passwords and financial details. Here are some of those sneaky tactics:

The messages typically end with instructions like: "(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari)."

THE ONE SIMPLE TRICK TO HELP KEEP OUT CYBER CREEPS ON IPHONE

This new tactic is part of a broader trend of smishing (SMS phishing) attacks targeting mobile users. With the increasing reliance on smartphones for various activities, including financial transactions and personal communications, these attacks pose a significant threat to users' security and privacy.

DOES MY IPHONE NEED ANTIVIRUS PROTECTION?

To safeguard against these sophisticated phishing attempts, consider the following steps.

1) Never reply to suspicious messages: Avoid responding to texts from unknown senders, especially those asking you to reply to activate links. Additionally, make sure to delete suspicious text messages and block the sender to prevent further attempts. Since the sender is not in your contact list, you can click Report Junk at the bottom of the text. Then click Delete and Report Junk. This will report the conversation as junk by sending it to your wireless carrier and Apple using your phone number.

2) Verify sender identity: Contact organizations directly through official channels if you're unsure about a message's legitimacy.

3) Be skeptical of urgency: Scammers often use urgent language to prompt quick, thoughtless actions.

4) Enable message filtering: Use your device's built-in filtering options to sort messages from unknown senders. Here are the steps:

This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently.

5) Use two-factor authentication (2FA): 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.

6) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

7) Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to obtain your contact information, potentially preventing them from sending you these deceptive iMessage phishing texts in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

If you suspect you've fallen victim to a smishing attack:

One of the best parts of some identity theft protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

This latest trick targeting iMessage users serves as a reminder that even seemingly secure systems can be vulnerable to social engineering. By remaining cautious and following best practices for digital security, you can significantly reduce your risk of falling victim to these sophisticated phishing attempts.

What other cybersecurity challenges have you encountered with your mobile devices, and what questions do you have for us? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.

Nowadays, almost every app you download asks for location permissions, meaning it wants to track where you are and your movements. For an app like Google Maps, requesting location access makes perfect sense. It's also reasonable for apps like Uber or DoorDash, which rely on location for their services. 

However, many apps that have nothing to do with location still ask for it, and we often grant these permissions without thinking twice. When you give an app access to your location, that data is stored and, in some cases, might even be sold. According to Texas Attorney General Ken Paxton, this practice is not uncommon. 

A recent lawsuit filed by Paxton alleges that the insurance company Allstate collected and sold the location data of 45 million Americans' smartphones.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

In a press release, Paxton announced that he had sued Allstate and its subsidiary, Arity, for unlawfully collecting, using and selling data about the location and movements of Texans' cellphones. The data was gathered through secretly embedded software in mobile apps, such as Life360. "Allstate and other insurers then used the covertly obtained data to justify raising Texans’ insurance rates," the press release stated.

The insurance provider allegedly collected trillions of miles' worth of location data from more than 45 million Americans nationwide. The data was reportedly used to build the "world’s largest driving behavior database." When customers sought a quote or renewed their coverage, Allstate and other insurance companies allegedly used the database to justify raising car insurance premiums.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Paxton claims the actions violated the Texas Data Privacy and Security Act. The lawsuit alleges customers were not clearly informed their data was being collected and did not consent to the practice.

"Our investigation revealed that Allstate and Arity paid mobile apps millions of dollars to install Allstate’s tracking software," said Paxton. "The personal data of millions of Americans was sold to insurance companies without their knowledge or consent in violation of the law. Texans deserve better and we will hold all these companies accountable."

We reached out to Allstate and Arity for comments. A rep for the Allstate Corporation provided CyberGuy with this statement: "Arity helps consumers get the most accurate auto insurance price after they consent in a simple and transparent way that fully complies with all laws and regulations."

MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

Car manufacturers have also been accused of selling similar data to insurance companies. Last year, Paxton sued General Motors for allegedly collecting and selling the private driving data of more than 1.5 million Texans to insurance companies without their knowledge or consent. In addition to insurance companies, data brokers are frequent buyers of customer data. Critics say these brokers fail to adequately protect the information, leaving it vulnerable to hackers. Earlier this month, hackers claimed to have breached Gravy Analytics, a major location data broker and the parent company of Venntel, which is known for selling smartphone location data to U.S. government agencies.

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

1. Avoid installing the insurance company’s app: Many insurance companies encourage users to download their apps to "simplify" claims, payments or policy management. However, these apps often collect and track your location data under the guise of improving their services. If the app is not absolutely essential, manage your account through the company’s website or contact customer service directly instead.

2. Don’t give location permissions unnecessarily: When an app requests location access, ask yourself whether it genuinely needs this information to function. For example, a weather app may need approximate location data, but a flashlight app does not.  Always choose "Deny" or "Allow only while using the app" unless absolutely necessary. Most modern devices also allow you to provide an approximate location rather than a precise one, which is a safer option when location access is unavoidable.

3. Review and manage app permissions regularly: Over time, you may forget which apps have been granted permissions. Regularly go through your device’s app settings to check and adjust permissions. On most devices, you can access this under settings > privacy > app permissions (specific steps vary by operating system). Revoke access for any apps that don’t need it or seem suspicious.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

4. Turn off location services when not in use: Keep location services off when you don’t need them. This reduces the chances of apps or devices tracking you passively in the background. For tasks like mapping or food delivery, turn location services on temporarily, then turn them off when you’re done. For added security, avoid connecting to public Wi-Fi networks, which can also be used to track your location indirectly.

5. Use privacy-focused tools and apps: Invest in tools designed to safeguard your privacy. Virtual private networks (VPNs) can mask your location online and prevent unwanted tracking while browsing.  VPNs will also protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices

BEWARE OF ENCRYPTED PDFS AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

If Allstate is indeed unlawfully collecting and selling people’s location data, Attorney General Paxton is right to hold them accountable by filing a lawsuit. In an era where cybercriminals exploit every opportunity to scam individuals, companies that fail to protect customer data are unacceptable and should face consequences. Data has become the new oil, and everyone seems eager to exploit it — often at the expense of ordinary people. Businesses that prioritize profits over privacy erode trust and put consumers at risk, making it crucial to enforce strict accountability for such practices.

Do you think companies like Allstate should be required to make their data practices crystal clear to customers? Let us know by writing us at Cyberguy.com/Contact

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

If your healthcare data hasn't been breached in 2024, then you either don't know it yet or should consider yourself very lucky. 

That's because 2024 was a nightmare year for healthcare institutions and patients in the U.S. A total of 184,111,469 records were breached. That's 53% of the 2024 population of the United States. 

This staggering figure represents a significant increase from previous years, setting a new and alarming record in healthcare data breaches. 

The healthcare sector faced unprecedented challenges in cybersecurity, with attacks becoming more frequent, sophisticated and damaging than ever before.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Being admitted to a hospital is stressful enough. It caused additional stress for the 100 million clients of Change Healthcare, whose data was exposed following a breach orchestrated by the BlackCat ransomware group. Not only did the breach expose sensitive health information, but it also caused widespread disruptions in claims processing. Patients and providers across the country faced chaos as the breach impacted their ability to access and pay for healthcare services.

The second significant breach occurred at Kaiser Foundation Health Plan, where the personal data of 13.4 million individuals was compromised. This breach involved unauthorized access and the use of tracking technologies that transmitted user interactions to third parties. 

HACKERS CLAIM MASSIVE BREACH OF COMPANY THAT TRACKS AND SELLS AMERICANS' LOCATION DATA

You’ll receive a notification letter, although be aware that it may take months before it reaches you (as was the case for victims of the Ascension Health data breach). The consequences are real and can be very painful. Medical identity theft directly affects patients' health and safety. It happens when criminals use stolen personal health information to obtain medical services or medications under another person’s name. It can result in incorrect medical records being created that can include inaccurate diagnoses, allergies or treatments. 

And as you may have guessed, it can also result in financial repercussions, such as patients getting fraudulent claims and bills for services they did not receive. Resolving these issues with insurers and healthcare providers takes time and mental strength. And you’re probably not in a hurry to see your breached healthcare provider ever again. That’s normal. A study has shown that up to 54% of patients consider switching providers after a data breach.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

ARE DATA BROKERS ENDANGERING YOUR RETIREMENT SECURITY?

Sensitive health information can easily be combined with personal identifiers from data brokers, creating comprehensive profiles that criminals can exploit. As a reminder, data brokers are companies that specialize in collecting, processing and selling personal information from various sources, including public records, online activities and social media. 

They aggregate this data to create detailed consumer profiles that can be sold to marketers, insurance companies and other entities for various purposes. The more detailed the profile, the higher the chance of identity theft and potential discrimination in employment and insurance. Employers might make hiring decisions based on perceived health risks, while insurers could deny coverage or increase premiums.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

You can’t prevent a data breach, but you can minimize its consequences by reducing your digital footprint overall.

1. Set your social media to private: Restrict access to your personal information and limit what strangers can see about your life and potentially your health status. Ensure your privacy settings are robust and regularly updated to prevent unauthorized data collection.

2. Remove your personal data from data brokers’ databases: Either by searching for your name on people search sites and requesting removals, one by one, or by using a data removal service. Data removal services automate data removal for you and let you track where exactly your data has been found and whether it was removed, not only on people search sites, which are public data brokers, but also on hidden, private databases where you can’t look yourself up (and these are the worst).

Once your data is removed, data removal services monitor data brokers for your data and remove it again as needed (because it has a tendency to be re-listed after a while). This way, you prevent data broker companies from compiling a full profile on you and selling it to the first bidder, whether that’s a hacker, a marketing agency or an insurance company. Check out my top picks for data removal services here.

3. Delete all unused apps on your phone: Unused applications can be hidden gateways for data leakage and potential security vulnerabilities. Regularly audit and remove apps that you no longer use or need.

4. Check the permissions of the ones you want to keep: Review each app's access to your personal data, location and device features to ensure you're not inadvertently sharing more information than necessary. Be particularly cautious with health and fitness tracking applications.

5. Use a VPN (virtual private network) when browsing: Encrypt your online activities and mask your digital location to add an extra layer of anonymity and protection. A reliable VPN can help shield your personal information from potential interceptors and data miners. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.

The reality of healthcare data breaches is daunting, but it’s not entirely out of your control. While you can’t prevent breaches from happening, you can take steps to minimize the risks and protect your personal information. Think of it as adding locks to your digital doors: set your social media to private, use a VPN and clean up unused apps. Remember, the less information you leave out there, the harder it is for bad actors to exploit it. Stay vigilant and don’t let your data become someone else’s advantage.

How do you feel about the growing risks to your personal information, and what steps have you taken to protect your data? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you'd like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.