FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
Today — January 31st 2026Your RSS feeds

Jeffrey Epstein Had a ‘Personal Hacker,’ Informant Claims

By: Lily Hay Newman, Matt Burgess, Andy Greenberg
Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more.

This month in security with Tony Anscombe – January 2026 edition

The trends that emerged in January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year

How to Film ICE

By: Matt Burgess, Lily Hay Newman, Maddy Varner, Andy Greenberg
Filming federal agents in public is legal, but avoiding a dangerous—even deadly—confrontation isn’t guaranteed. Here’s how to record ICE and CBP agents as safely as possible and have an impact.

This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion

By: Brooke Seipel

This week in scams, three headlines tell the same story: attackers are getting better at manipulating people, not just breaking into systems. We’re seeing a wave of intrusions tied to social engineering, a major delivery platform confirming a breach amid extortion claims, and a big tech headline that has a lot of people rethinking how apps handle their data. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so you can spot risk earlier and avoid getting pulled into someone else’s playbook. 

Let’s get into it. 

A Wave of Cyberattacks Hits Bumble, Match, Panera, and CrunchBase 

The big picture: Several major brands were hit by cybersecurity incidents tied to social engineering tactics like phishing and vishing. 

What happened: Bloomberg reported that Bumble, Match Group, Panera Bread, and CrunchBase each confirmed incidents.  

Bumble said a contractor account was compromised in a phishing incident, which led to brief unauthorized access to a small portion of its network, and said its member database, accounts, messages, and profiles were not accessed.  

Panera said an attacker accessed a software application it used to store data, and said the data involved was contact information.  

Match said the incident affected a limited amount of user data, and said it saw no indication that user logins, financial information, or private communications were accessed.  

CrunchBase said documents on its corporate network were impacted, and said it contained the incident. 

According to Bloomberg, cybersecurity firm Mandiant has also warned about a hacking campaign linked to a group that calls itself ShinyHunters. The group is using vishing, which means scam phone callsto trick people into giving up their login information. Once attackers get those logins, they can access cloud tools and online work systems that companies use every day. The group has said they are behind some of these recent attacks, but that has not been independently confirmed. 

Red flags to watch for: 

Calls that pressure you to approve a login, reset credentials, or share a one-time code 

Messages posing as IT support, a vendor, or “security” that try to rush you 

MFA prompts you did not initiate 

“Quick verification” requests that bypass normal internal processes 

How this works: Social engineering works because it blends into normal life. A convincing message or call gets someone to do one small “reasonable” thing. Approve a prompt. Read a code. Reset access. That is often all an attacker needs to get inside with legitimate credentials, then pivot into the tools where valuable data lives. 

TikTok’s Privacy Policy Update Sparks Backlash 

Ok, we know this is called “This Week in Scams” but this is also a cybersecurity newsletter. So when the biggest tech and privacy headline of the week is TikTok updating its privacy policy, we have to talk about it. 

The big picture: TikTok’s updated terms and privacy policy are raising fresh questions about what data is collected, especially around location. 

What happened: TikTok confirmed last week that a new U.S.-based entity is in control of the app after splitting from ByteDance earlier this year. That same day, CBS reported TikTok published updated terms and a new privacy policy, which prompted backlash on social media. 

CBS reported that one major point of concern is language stating TikTok may collect precise location information if users enable location services in device settings. This is reportedly a shift from previous policy language, and TikTok said it plans to give U.S. users a prompt to opt in or opt out when precise location features roll out. 

According to CBS, some users are also concerned the new privacy policy would allow the TikTok to more easily share their private data with the federal and local government. 

That fear is based on a change in policy language stating that TikTok “processes such sensitive personal information in accordance with applicable law.” 

A quick, practical takeaway: This is a good reminder that “privacy policy drama” usually comes down to one thing you can actually control: your app permissions. 

What to do (general privacy steps): 

Check your phone settings for TikTok and confirm whether location access is Off, While Using, or Always. 

If your device supports it, consider turning off precise location for apps that do not truly need it. 

Do a quick permission sweep across social apps: location, contacts, photos, microphone, camera, and Bluetooth. 

Make sure your account is protected with a strong, unique password and two-factor authentication. 

Note: This is not a recommendation about whether to keep or remove any specific app. It’s a reminder that your device settings matter and they are worth revisiting. 

Grubhub Confirms a Data Breach Amid Reports of Extortion 

The big picture: Even when a company says payment details were not affected, a breach can still create risk because stolen data often gets reused for phishing. 

What happened: According to BleepingComputer, Grubhub confirmed unauthorized individuals downloaded data from certain systems and that it investigated, stopped the activity, and is taking steps to strengthen security. Sources told BleepingComputer the company is facing extortion demands tied to stolen data. Grubhub said sensitive information like financial details and order history was not affected, and did not provide more detail on timing or scope. 

Red flags to watch for next: Breach headlines are often followed by scam waves. Be on alert for: 

“Refund” or “order problem” emails you did not request 

Fake customer support messages asking you to verify account details 

Password reset prompts you did not initiate 

Links to “resolve your account” that don’t come from a known, official domain 

How this works: Customer support systems can contain personal details that make scams feel real. Names, emails, and account notes are often enough for attackers to craft messages that sound like legitimate help, especially when the brand is already in the news. 

Google search tab on laptop

Fake Chrome Extensions Are Quietly Taking Over Accounts 

The big picture: Some browser extensions that look like normal workplace tools are actually designed to hijack accounts and lock users out of their own security controls. 

What happened: Security researchers told Fox News that they uncovered a campaign involving malicious Google Chrome extensions that impersonate well-known business and human resources platforms, including tools commonly used for payroll, benefits, and workplace access. 

Researchers identified several fake extensions that were marketed as productivity or security tools. Once installed, they quietly ran in the background without obvious warning signs. According to Fox News, Google said the extensions have been removed from the Chrome Web Store, but some are still circulating on third-party download sites. 

How the scam actually works: Instead of stealing passwords directly, the extensions captured active login sessions. When you sign into a website, your browser stores small files that keep you logged in. If attackers get access to those files, they can enter an account without ever knowing the password. 

Some extensions went a step further by interfering with security settings. Victims were unable to change passwords, review login history, or reach account controls. That made it harder to detect the intrusion and even harder to recover access once something felt off. 

Why this matters: This kind of attack removes the safety net people rely on when accounts are compromised. Password resets and two-factor authentication only help if you can reach them. By cutting off access to those tools, attackers can maintain control longer and move through connected systems with less resistance. 

What to watch for: 

Browser extensions you don’t remember installing 

Add-ons claiming to manage HR, payroll, or internal business access 

Missing or inaccessible security settings on accounts 

Being logged into accounts you did not recently open 

A quick safety check: Take a few minutes to review your browser extensions. Remove anything unfamiliar or unnecessary, especially tools tied to work platforms. Extensions have deep access to your browser, which means they deserve the same scrutiny as any other software you install. 

McAfee’s Safety Tips for This Week 

Be skeptical of “helpful” tools. Browser extensions, workplace add-ons, and productivity tools can have deep access to your accounts. Only install what you truly need and remove anything unfamiliar. 

Treat calls and prompts with caution. Unexpected login requests, MFA approvals, or “IT support” outreach are common entry points for social engineering. If you didn’t initiate it, pause and verify. 

Review app and browser permissions. Take a few minutes to check what apps and extensions can access your location, accounts, and data. Small changes here can significantly reduce risk. 

Protect your logins first. Use strong, unique passwords and enable two-factor authentication on email and work-related accounts. If attackers get your email, they can reset almost everything else. McAfee’s Password Manager can help you create and store unique passwords for all of your accounts.  

Expect follow-up scams after headlines. When breaches or policy changes make the news, scammers often follow with phishing messages that reference them. Extra skepticism in the days and weeks after a story breaks can prevent bigger problems later. 

The post This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion appeared first on McAfee Blog.

Before yesterdayYour RSS feeds

ICE Pretends It’s a Military Force. Its Tactics Would Get Real Soldiers Killed

By: John Publius
WIRED asked an active military officer to break down immigration enforcement actions in Minneapolis and elsewhere.

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account

By: Andy Greenberg
AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had with the company’s stuffed animals.

AI search framework that teaches AI models to think like experts

By: Supriti Vijay
Cisco Foundation AI introduces AI search framework for more efficient search by models

Buying Harry Styles Tickets? Avoid These Common Ticket Scams

By: Brooke Seipel
concert crowd

As Harry Styles concert tickets go on sale for his first tour in years, cybersecurity experts warn that the same excitement driving ticket registrations and social chatter will also drive a spike in ticket scams across social media, email, and text messages. 

“When demand spikes around a major tour, ticket scams spike too,” said Abhishek Karnik, Head of Threat Research at McAfee. “We saw this during recent major ticket releases, including the Oasis reunion, when McAfee Labs identified more than 2,000 suspicious ticket listings online.” 

“Scammers take advantage of the urgency fans already feel, and the fear of missing out, inserting themselves into social posts, DMs, and text threads with offers that sound normal and believable,” Karnik added.

“Avoid interacting with unknown sellers, especially when offers are made over social media,” Karnik said. “Payments made via wire transfers, cryptocurrency, gift cards, or peer-to-peer platforms like Venmo or Zelle are often not recoverable, which is why it’s safer to buy directly from official ticketing sites or well known resale platforms.”

Where, When, and How to Get Harry Styles Tickets 

Styles announced Together, Together on January 22, marking his first tour since 2023. 

The residency-style run spans seven cities worldwide: Amsterdam, London, São Paulo, Mexico City, New York, Melbourne, and Sydney. Shows begin in May and continue through December. 

New York City is the only North American stop, making competition for tickets especially intense for U.S. fans. In fact, a record-breaking 11.5 million people have already registered for ticket information to attend the Madison Square Garden stop alone. For context, the capacity for that venue is just 19,500 people.  

According to The Hollywood Reporter, that means just 5% of people who signed up for U.S. tickets will be able to buy them when they go on sale this week.  

American Express access presale ticket sales are already live, and Ticketmaster is the primary platform handling official sales.  

The rest of the Together, Together tour tickets will be released in two stages:  

  1. General on sale for NYC dates August 26 – October 9 begins on Friday, January 30.  
  2. General on sale for October 10 – 31 begins Wednesday, February 4. 

That staggered release schedule matters. Multiple on-sale moments mean repeated waves of urgency, which scammers often mirror with fake “last chance” messages, counterfeit presale links, or impersonations of ticketing platforms and customer support. 

What do Harry Styles tickets cost right now 

Ticket prices range widely by seat location and package, with outlets reporting lower prices starting in the $100 range. However, premium seats climb past $1,000. According to Forbes, the average ticket price of his 2022 tour was $113. 

That context matters, because it helps fans recognize the biggest red flag in ticket fraud: a too-good-to-be-true price.  

If you are seeing “floor seats for $50” while reputable platforms are showing far higher prices for comparable sections, that is not a deal. It is a hook for a scammer. 

How ticket scams work 

Ticket scams rarely start with “Buy my fake ticket.” They start with the conditions that make people easy to rush: too much noise, too many messages, and too little time to verify what’s real. 

McAfee’s State of the Scamiverse survey of 7,500 consumers found people now receive 14 scam messages per day on average, and spend a “time tax” of 114 hours a year sorting real from fake. In that environment, criminals don’t need you to be careless. They just need you to be busy. And major ticket drops create the perfect opening: high demand, fast-moving queues, and price shock that makes a “good deal” feel like something you have to grab immediately. 

What’s changed is that scams don’t even need a link anymore. The report found more than 1 in 4 people (26%) say suspicious social messages now arrive without a URL, and 44% admit they reply to those linkless DMs anyway, often triggering the next step of the scam. That’s the blueprint behind many ticket scams today: a believable message, a quick pivot to payment, and pressure to move fast before you can verify. 

Below are among the most common ticket-scam patterns to watch for, and exactly how they play out. 

Ticket fraud 

Ticket fraud is when someone advertises tickets, takes payment, and delivers nothing, or delivers tickets that do not work at the door. This includes fake screenshots, fake confirmation emails, and counterfeit QR codes. 

How it plays out: 

  • A seller claims they “cannot make the show.” 
  • They ask you to pay quickly to “hold” the tickets. 
  • They send a screenshot of a ticket or order email. 
  • The tickets never arrive, or the QR code fails when scanned. 

Resale duplication scams 

resale duplication scam happens when the scammer sells the same ticket to multiple buyers. Sometimes the scammer has one legitimate ticket and sells it repeatedly. Sometimes they have none and simply reuse the same screenshot. 

How it plays out: 

  • You receive something that looks real. 
  • Multiple people show up with the same ticket. 
  • Only the first scan gets in. 

Phishing scams 

phishing scam is a message designed to trick you into clicking a link or sharing personal information. Ticket phishing often pretends to be from Ticketmaster, a venue, a presale program, or customer support. 

How it plays out: 

  • “Your tickets are on hold, confirm within 10 minutes.” 
  • “Unusual activity detected. Verify your account.” 
  • “Your payment failed. Update billing.” 

Modern phishing messages can look polished and grammatically clean, which is why relying on spelling errors is no longer a reliable defense. 

Cloned ticket websites 

cloned ticket website is a fake site made to look like a legitimate seller. These sites are built to capture your payment info, personal data, or both. 

How it plays out: 

  • You click an ad or link from social media. 
  • The site looks legitimate, but the URL is slightly off. 
  • You “buy” tickets and either receive nothing or later see fraud on your card. 

Ticket transfer and account takeover scams 

ticket transfer scam exploits the fact that many tickets are digital and transferable. A related risk is account takeover, where scammers steal your ticketing login and transfer tickets out of your account. 

How it plays out: 

  • You get a message claiming your account needs verification. 
  • You enter credentials on a fake page. 
  • The attacker logs in and transfers tickets away. 

Fake customer support scams 

fake customer support scam is when scammers pose as a company’s help desk, often after you post publicly that you need help. 

How it plays out: 

  • You tweet, post, or comment about ticket issues. 
  • An “agent” messages you first. 
  • They ask for login details, a code, or payment to “unlock” tickets. 

A true scam story: Henry’s last-minute ticket scam 

Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in, someone nearby claimed to have extra tickets.  

The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets.  

Minutes later, he sent the full $280.  

“I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.”  

The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him. 

Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show.  

“I sent $280 and got blocked. We never made it inside.”  

What makes Henry’s experience so common is not the platform. It is the pattern: 

  • A believable story 
  • A “reasonable” price 
  • A fast-moving negotiation 
  • A sudden change in terms 
  • Pressure, then disappearance 

How to spot a ticket scam fast 

Use these red flags as a reality filter: 

Red Flag  What It Looks Like in Real Life 
Price mismatch  Tickets priced far below or far above comparable listings on official or verified resale platforms. 
Urgency tactics  Messages pushing “last chance,” “only today,” or claiming someone else is about to buy. 
Unprotected payment requests  Asking for wire transfers, cryptocurrency, gift cards, or peer-to-peer payments to strangers. 
Off-platform pressure  Requests to move the transaction to text, DMs, or email instead of using an official site. 
Refusal to verify tickets  Sellers unwilling to use a verified resale platform or provide proof that can be independently confirmed. 
Suspicious links  Shortened URLs, unusual domains, or ticket links sent through direct messages. 

Safer ways to buy tickets 

If you want the simplest rule: buy through official ticketing and verified resale platforms that offer buyer protection. Scammers can create fake accounts anywhere, but they cannot easily bypass legitimate purchase protections. 

Practical steps: 

  1. Go direct: Type the official ticketing URL into your browser, do not follow random links. 
  2. Use protected payment: Credit cards generally offer stronger dispute options than unprotected transfers. 
  3. Avoid risky payment demands: Crypto, gift cards, and wires are common in fraud because they are hard to reverse. 
  4. Secure your accounts: Use strong passwords and enable two-factor authentication where available. 
  5. Pause before paying: Scammers depend on emotional momentum. 

How Scam Detector can help 

Tools like McAfee’s Scam Detector can act as a second set of eyes when messages or links are designed to rush you.  

Scam detection can help flag suspicious language patterns, risky links, and social engineering tactics before money leaves your account. 

The post Buying Harry Styles Tickets? Avoid These Common Ticket Scams appeared first on McAfee Blog.

Why You Still Get Spam Calls Even After Blocking Numbers

By: Brooke Seipel

You block a caller, feel a moment of relief, and then the phone rings again. If you’re wondering why you still get spam calls even after blocking numbers, you’re not alone.  

Spammers evolve quickly. They rotate phone numbers, spoof caller IDs, and use automated dialers to bypass basic defences, which is why many people see blocked calls still coming through and ask, can blocked numbers call you?

In this guide, we’ll explain what’s happening behind the scenes, share proven steps for how to stop getting spam calls, and help you protect your privacy and finances with confidence. 

What Counts as a Spam Call? 

Spam calls are unsolicited calls that aim to sell, deceive, or defraud. They include aggressive sales pitches, fake giveaways, tech support scams, and impersonations of banks or government agencies. Some are placed by people, while many are robocalls that play prerecorded messages at scale. Legality often hinges on consent and compliance with regulations, but harmful calls tend to ignore the rules. 

The typical scam call red flags: 1) Urgent or threatening language. 2) Pressure to pay right now. 3) Requests for sensitive details like Social Security numbers, bank information, or one-time passcodes.

Robocalls drive much of the volume today. They’re inexpensive, fast, and highly automated. While appointment reminders or pharmacy updates can be helpful and legitimate, scam robocalls promote fake debt collection, prize schemes, or malicious tech support. Their scale is precisely why blocked calls still coming through remains a persistent frustration. 

The familiar site of a phone inbox full of spam calls

Inbox of spam calls feel familiar?

Why Blocking Numbers Doesn’t Stop Spam 

Blocking prevents repeat calls from the same caller ID. Spammers know this and adapt. They rotate through vast pools of numbers, so each attempt looks new. You block one, and the next call arrives from a different number. It’s a cat-and-mouse game that leads many to ask, can blocked numbers call you or why is a blocked number still calling? 

Caller ID spoofing amplifies the problem. Spoofing lets scammers display any number they want, including matching your area code or appearing as a trusted organisation. This undermines caller ID and weakens number-based blocking. Some spoofed calls even show familiar names, increasing the chance you’ll answer. 

Behind the scenes, spam operations acquire and discard numbers rapidly through VoIP services and disposable lines. Large campaigns can cycle through thousands of numbers daily, which makes manual blocking a limited defense. That’s why you still get spam calls even after blocking numbers and why many people wonder how to stop getting spam calls for good. 

Layered Measures to Reduce Spam Calls 

A stronger strategy combines smarter tools with practical policies that work together. Here’s how we approach it: 

Use call-protection apps: Choose reputable apps that leverage threat intelligence, crowdsourced reports, and machine learning. These tools detect patterns, silence high-risk calls, and warn you before you answer. Many provide enhanced caller ID and category-based filtering to cut down the noise. 

Register with the National Do Not Call Registry: Add your number at donotcall.gov to reduce lawful telemarketing. It won’t stop illegal spam calls, but it trims legitimate sales outreach and supports enforcement when violators call. 

Use your mobile carrier’s protections: Most phone carriers offer built-in features that help identify and block spam calls, often at no extra cost. When these tools are turned on, your phone may label suspicious calls as “Scam Likely,” warn you before you answer, or automatically block known spam numbers. Some carriers can also verify when a call is coming from a real business, which makes it harder for scammers to fake caller IDs and pretend to be someone they’re not. 

Used together, these layers reduce the chance that a blocked number still calling will get through and provide practical answers for how to stop getting spam calls without missing important calls. 

Best Practices for Handling Incoming Calls 

Build habits that make suspicious calls easier to spot and manage: 

Spot potential spam: Be cautious with unknown numbers, urgent demands, and offers that sound too good to be true. Don’t share personal information, one-time passcodes, or payment details. If someone claims to be from your bank, healthcare provider, or a government agency, hang up and call back using a verified number from their official website. 

Report spam quickly: File complaints with the Federal Trade Commission (FTC) at reportfraud.ftc.gov and the Federal Communications Commission (FCC) at consumercomplaints.fcc.gov. Include caller ID, time, message content, and any request for data or payment. Many call-protection apps and carriers support in-app reporting, which improves filters for everyone. 

Use call screening: Turn on features like Silence Unknown Callers on iOS or Filter Spam Calls on Android. Enable voicemail transcription and consider Do Not Disturb with exceptions for contacts and verified callers. Use screening assistants where available to prompt unknown callers to state their purpose. This reduces interruptions and blocks automated spam. 

Stay Safe from Social Engineering 

Phone scams often rely on social engineering. Recognising common tactics helps you pause and protect yourself. 

Spot voice phishing: Be wary of claims that your account is locked, a payment is overdue, or an immediate verification code is needed. Legitimate organisations do not ask for full Social Security numbers, passwords, or 2FA codes over the phone. If you’re concerned, contact the company through a trusted channel. 

Protect personal information: Keep sensitive data private. Don’t share account numbers, PINs, passwords, or security codes in response to an incoming call. Use strong, unique passwords and enable multi-factor authentication. If you receive a verification code you didn’t request, secure your account right away. 

If you responded to a spam call: If you disclosed financial details or made a payment, contact your bank or card issuer immediately. Change passwords, enable account alerts, and review recent activity. Report the incident to the FTC and local law enforcement if needed. Consider a credit freeze with the major credit bureaus. If a device may be compromised, run a trusted security app to scan and remove suspicious software. 

Quick Comparison of Anti-Spam Call Options 

Option  What It Does  Pros  Limitations 
Manual Number Blocking  Blocks repeat calls from a specific caller ID  Built into phones; easy to use  Spammers rotate and spoof numbers; limited reach 
Call-Protection Apps  Uses threat intelligence, AI, and community reports  Detects patterns; warns before you answer; auto-blocks known spam  May filter legitimate calls; requires setup and permissions 
Carrier Protections  Network-level filtering and caller authentication (STIR/SHAKEN)  Flags spoofed calls early; verified caller indicators  Effectiveness varies by carrier and plan 
Do Not Call Registry  Limits lawful telemarketing to registered numbers  Reduces legitimate sales calls; supports reporting  Does not stop illegal or scam calls 
Built-In Call Screening  Silences unknown callers and transcribes voicemail  Minimises interruptions; helps you review safely  May miss important calls from new contacts 

If you’re asking why you still get spam calls even after blocking numbers or seeing a blocked number still calling, this table shows how layered options work together to reduce risks. 

Go Beyond Blocking: Remove Your Number From the Dark Web and Data Broker Lists 

Blocking spam callers treats the symptom, not the source. One reason spam keeps coming is that your phone number may already be circulating in data broker databases or dark web marketplaces after a breach, app signup, or form fill. Once your number is out there, it gets resold, bundled, and targeted repeatedly. 

McAfee Data Cleanup tackles that upstream problem. It helps find where your personal data, including your phone number, appears online and works to remove it from risky sources. Fewer listings mean fewer lists for spammers to buy and fewer campaigns aimed at your number. 

How your number ends up being targeted 

Data brokers: Many sites legally collect and resell contact details. Spammers buy access and blast calls at scale. 

Breaches and leaks: Stolen databases often end up on underground forums, where numbers are traded and reused. 

Public profiles and apps: Old accounts, giveaways, and permissions can expose your number without you realising. 

What Data Cleanup adds to your defense 

Finds exposures: Scans for your number across broker sites and known risk areas. 

Removes listings: Submits opt-out and removal requests on your behalf, reducing where your data lives online. 

Keeps watch: Monitors for reappearance so your number doesn’t quietly get relisted later. 

Think of this as turning down the tap, not just mopping the floor. When fewer databases have your number, spam operations have fewer ways to reach you. 

If you’re serious about how to stop getting spam calls, add data cleanup to your toolkit. Reducing your digital footprint won’t eliminate every bad call overnight, but over time, it lowers exposure, cuts repeat targeting, and helps reclaim your phone from constant interruptions. 

Blocking Isn’t Protection. Layering Is. 

If spam calls feel endless, it’s because blocking numbers was never designed to stop modern scam operations. Today’s callers rotate numbers, spoof trusted IDs, and pull your phone number from massive data ecosystems that don’t disappear when you tap “Block.” 

The real fix is layered protection. Call filtering and carrier tools help stop suspicious calls at the door. Screening features reduce interruptions. And addressing the source, by limiting where your number exists online, cuts down the number of campaigns that ever reach you in the first place. 

No single tool will end spam calls overnight. But when you combine smart call protections, cautious habits, and proactive data cleanup, the volume drops, the risks shrink, and your phone becomes a lot quieter. 

If you’ve been asking why you still get spam calls even after blocking numbers, this is the answer. Blocking is reactive. Protection works best when it’s proactive. 

FAQs 

Q: Why do spam calls look like they’re from my area code? 

A: Scammers use caller ID spoofing to display local-looking numbers, increasing the chances you’ll answer. Spoofing can mimic legitimate numbers, so don’t rely on caller ID alone. If you’re seeing a blocked number still calling with a local prefix, turn on carrier protections and call screening. 

Q: Do call-blocking apps really help? 

A: Yes. Quality apps combine real-time threat intelligence with community reports and machine learning to spot patterns and flag risky calls. While no tool catches everything, they significantly reduce spam calls and help address why you still get spam calls even after blocking numbers. 

Q: Will the Do Not Call Registry stop all spam calls? 

A: No. It reduces lawful telemarketing but does not stop illegal or scam calls. Registering still helps cut legitimate outreach and supports enforcement against violators, which is an important step in how to stop getting spam calls. 

Q: What should I do after receiving a suspicious call? 

A: Don’t share information. Hang up, verify the caller using a trusted number, and report the incident to the FTC or FCC. If you clicked a link or provided details, secure your accounts and contact your bank or service provider right away. 

Q: Can my mobile carrier block spoofed calls? 

A: Carriers support caller authentication through STIR/SHAKEN, which helps identify and flag spoofed calls. Turn on your carrier’s spam protection features and screening options to reduce the chances of blocked calls still coming through. 

 

The post Why You Still Get Spam Calls Even After Blocking Numbers appeared first on McAfee Blog.

ICE Is Using Palantir’s AI Tools to Sort Through Tips

By: Caroline Haskins, Makena Kelly
ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document.

Drowning in spam or scam emails? Here’s probably why

Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide.

How McAfee’s Scam Detector Checks QR Codes and Social Messages

By: Brooke Seipel
QR Scan Example

Scams don’t always arrive with obvious warning signs. 

They show up as QR codes on parking meters. As casual DMs that start with “Hey.” As social messages that feel routine enough to respond to without thinking twice. 

That shift has created a new burden for consumers. According to McAfee’s 2026 State of the Scamiverse reportAmericans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That is nearly three full workweeks lost to second-guessing messages, alerts, links, and notifications. 

McAfee’s upgraded Scam Detector is designed to meet people in those exact moments, with enhancements rolling out across core McAfee plans beginning in February. 

The latest improvements add instant QR code scam checks and smarter social messaging protection, making it easier to spot scams before they escalate. 

Figure 1: An example of a suspicious text being flagged by McAfee’s Scam Detector 

Figure 1: An example of a suspicious text being flagged by McAfee’s Scam Detector 

What’s new in McAfee’s Scam Detector 

Scams now move quickly across platforms and formats, often escalating in minutes once someone engages. Among people who were harmed by a scam, the typical scam unfolded in about 38 minutes. 

That speed leaves little room for hesitation. Scam protection has to work in real time, not after the damage is done. 

McAfee’s latest Scam Detector upgrades are designed around that reality, adding: 

  • Instant QR code safety checks, so users can assess risk before tapping 
  • Smarter social messaging protection, with clearer warnings for suspicious texts, emails, and DMs, even when no link is present 

These Scam Detector upgrades will begin rolling out in February across all core McAfee plans, bringing real-time protection to the moments where scams escalate fastest. 

QR codes, quishing, and why instant scans are needed 

QR codes were designed for convenience. That is exactly why scammers use them. 

Cybercriminals increasingly hide malicious links behind QR codes placed on menus, parking meters, packages, posters, and public signage. People scan quickly, often without stopping to evaluate where the code leads. 

McAfee research shows how common this risk has become: 

  • 68% of people scanned a QR code in the past three months 
  • 18% landed on a suspicious or unsafe page after scanning 
  • Among those who did, more than half took risky actions such as entering personal information, installing an app, or connecting a digital wallet 

QR Scan Example

Figure 2. A still from a demo video, showing a risky QR code being blocked by McAfee’s Scam Detector 

Social media scams and the rise of linkless messages 

Phishing is no longer confined to emails with obvious red flags. 

Scams now arrive through WhatsApp, Instagram, Messenger, Telegram, and other social platforms, often starting as vague or friendly messages designed to lower suspicion rather than trigger alarm. 

McAfee’s research highlights a key shift: more than one in four suspicious social messages contain no link at all, and 44% of Americans say they have replied to a suspicious DM with no link. 

These messages rely on familiarity and momentum. A short greeting. A warning about an account issue. A promise of easy money. By the time a request or link appears, the conversation already feels normal. 

And the economic impact of these scams is significant. According to the FTC, social media scams drove $1.9 billion in reported losses in 2024, making social platforms one of the top channels for fraud and identity theft. 

That’s why McAfee’s Scam Detector includes smarter social messaging protection, delivering clearer warnings for suspicious texts, emails, and DMs, even those without risky links, across popular platforms. The focus is on identifying suspicious patterns and behavior, not just URLs. 

Users can take a quick screenshot of their social media content on social media, and McAfee’s Scam Detector will analyze the message for suspicious activity. 

Get protection that works before scams escalate 

The stakes are high: 

  • One in three Americans has lost money to a scam 
  • Among those who lost money, the average loss was $1,160 
  • 15% of scam victims fall for another scam within a year 

Scams are not just increasing in volume. They are becoming more personal, more believable, and easier to scale using AI. 

McAfee’s upgraded Scam Detector is designed to stay ahead of those shifts, offering real-time guidance when it matters most, whether that’s a suspicious QR code, a vague DM, or a message that feels just normal enough to trust. 

The enhanced Scam Detector, including instant QR code checks and smarter social messaging protection, will begin rolling out in February across all core McAfee plans. 

The post How McAfee’s Scam Detector Checks QR Codes and Social Messages appeared first on McAfee Blog.

McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real

By: Brooke Seipel

Merriam-Webster’s word of 2025 was “slop.” Specifically, AI slop. 

Low-effort, AI-generated content now fills social feeds, inboxes, and message threads. Much of it is harmless. Some of it is entertaining. But its growing presence is changing what people expect to see online.

McAfee’s 2026 State of the Scamiverse report shows that scammers are increasingly using the same AI tools and techniques to make fraud feel familiar and convincing. Phishing sites look more legitimate. Messages sound more natural. Conversations unfold in ways that feel routine instead of suspicious.

According to McAfee’s consumer survey, Americans now spend an average of 114 hours a year trying to determine whether the messages they receive are real or scams. That’s nearly three full workweeks lost not to fraud itself, but to hesitation and doubt.

As AI-generated content becomes more common, the traditional signals people relied on to spot scams, such as strange links and awkward grammar, are fading. That shift does not mean everything online is dangerous. It means it takes more effort to tell what is real from what is malicious.

The result is growing uncertainty. And a rising cost in time, attention, and confidence.

The average American receives 14 scam messages a day 

Scams are no longer occasional interruptions. They are a constant background noise. 

According to the report, Americans receive an average of 14 scam messages per day across text, email, and social media.  

Many of these messages do not look suspicious at first glance. They resemble routine interactions people are conditioned to respond to. 

  • Delivery notices 
  • Account verification requests 
  • Subscription renewals  
  • Job outreach 
  • Bank alerts 
  • Charity appeals 

And with the use of AI tools, scammers are churning out these scam messages and making them look extremely realistic.

That strategy is working. One in three Americans says they feel less confident spotting scams than they did a year ago.  

 

scam statsFigure 1. Types of scams reported in our consumer survey. 

Most scams move fast, and many are over in minutes 

The popular image of scams often involves long email threads or elaborate schemes. In reality, many modern scams unfold quickly. 

Among Americans who were harmed by a scam, the typical scam played out in about 38 minutes 

That speed matters. It leaves little time for reflection, verification, or second opinions. Once a person engages, scammers often escalate immediately. 

Still, some scammers play the long game with realistic romance or friendship scams that turn into crypto pitches or urgent requests for financial support. Often these scams start with no link at all, but just a familiar DM.

In fact, the report found that more than one in four suspicious social messages contain no link at all, removing one of the most familiar warning signs of a scam.  And 44% of people say they have replied to a suspicious direct message without a link 

Linkless DM scams seek to build trust before asking victims for money.

The cost is not just money. It is time and attention. 

Financial losses from scams remain significant. One in three Americans report losing money to a scam. Among those who lost money, the average loss was $1,160 

But the report argues that focusing only on dollar amounts understates the broader impact: scams also cost time, attention, and emotional energy. 

People are forced to second-guess everyday digital interactions. Opening a message. Answering a call. Scanning a QR code. Responding to a notification. That time adds up. 

And who doesn’t know that sinking feeling when you realize a message you opened or a link you clicked wasn’t legitimate?

map of annual scam losses globally 2025

Figure 3. World Map of Average Scam Losses. 

Why AI slop makes scams harder to spot 

The rise of AI-generated content has changed the baseline of what people expect online. It’s now an everyday part of life.

According to the report, Americans say they see an average of three deepfakes per day 

Most are not scams. But that familiarity has consequences. 

When AI-generated content becomes normal, it becomes harder to recognize when the same tools are being used maliciously. The report found that more than one in three Americans do not feel confident identifying deepfake scams, and one in ten say they have already experienced a voice-clone scam. Voice clone scams often feature AI deepfake audio of public figures, or even people you know, requesting urgent financial support and compromising information.

These AI-generated scams also come in the form of phony customer support outreach, fake job opportunities and interviews, and illegitimate investment pitches.

Account takeovers are becoming routine 

Scams do not always end with an immediate financial loss. Many are designed to gain long-term access to accounts. 

The report found that 55% of Americans say a social media account was compromised in the past year 

Once an account is taken over, scammers can impersonate trusted contacts, spread malicious links, or harvest additional personal information. The damage often extends well beyond the original interaction. 

What not to do in 2026Scams are blending into everyday digital life 

What stands out most in the 2026 report is how thoroughly scams have blended into normal online routines. 

Scammers are embedding fraud into the same systems people rely on to work, communicate, and manage their lives. 

  • Cloud storage alerts (such as Google Drive or iCloud notices) warning that storage is full or access will be restricted unless action is taken, pushing users toward fake login pages.
  • Shared document notifications that appear to come from coworkers or collaborators, prompting recipients to open files or sign in to view a document that does not exist.
  • Payment confirmations that claim a charge has gone through, pressuring people to click or reply quickly to dispute a transaction they do not recognize.
  • Verification codes sent unexpectedly, often as part of account takeover attempts designed to trick people into sharing one-time passwords.
  • Customer support messages that impersonate trusted brands, offering help with an issue the recipient never reported.

Cloud scam Example

Figure 4: Example of a cloud scam message. 

The Key Takeaway

Not all AI-generated content is a scam. Much of what people encounter online every day is harmless, forgettable, or even entertaining. But the rapid growth of AI slop is creating a different kind of risk.

Constant exposure to synthetic images, videos, and messages is wearing down people’s ability to tell what is real and what is manipulated. The State of the Scamiverse report shows that consumers are already struggling with that distinction, and the data suggests the consequences are compounding. As digital noise increases, so does fatigue. And fatigue is exactly what scammers exploit.

FTC data shows losses from scams continuing to climb, and McAfee Labs is tracking a rise in fraud that blends seamlessly into everyday digital routines. Cloud storage warnings, shared document notifications, payment confirmations, verification codes, and customer support messages are increasingly being mimicked or abused by scammers because they look normal and demand quick action.

The danger of the AI slop era is not that everything online is fake. The danger is that people are being forced to question everything. That constant doubt slows judgment, erodes confidence, and creates openings for fraud to scale.

In 2026, the cost of scams is no longer measured only in dollars lost. It is measured in time, attention, and trust, and those losses are still growing.

Learn more and read the full report here.

FAQ: Understanding the AI Slop Era and Modern Scams 

Q: What is AI slop?  

A: The term refers to the flood of low-quality, AI-generated content now common online. While much of it is harmless, constant exposure can make it harder to identify when similar technology is used for scams.   
Q: How much time do Americans lose to scams?  

A: Americans spend 114 hours a year determining whether digital messages and alerts are real or fraudulent. That is nearly three workweeks.   
Q: How fast do scams happen today?  

A: Among people harmed by scams, the typical scam unfolds in about 38 minutes from first interaction to harm.   
Q: How common are deepfake scams?  

A: Americans report seeing three deepfakes per day on average, and one in ten say they have experienced a voice-clone scam.   

 

The post McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real appeared first on McAfee Blog.

Revealed: Leaked Chats Expose the Daily Life of a Scam Compound’s Enslaved Workforce

By: Andy Greenberg, Lily Hay Newman, Matt Burgess
A whistleblower trapped inside a “pig butchering” scam compound gave WIRED a vast trove of its internal materials—including 4,200 pages of messages that lay out its operations in unprecedented detail.

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive

By: Andy Greenberg
A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and then escape. This is his story.

Judge Delays Minnesota ICE Decision While Weighing Whether State Is Being Illegally Punished

By: Dell Cameron
A federal judge ordered a new briefing due Wednesday on whether DHS is using armed raids to pressure Minnesota into abandoning its sanctuary policies, leaving ICE operations in place for now.

Deepfake ‘Nudify’ Technology Is Getting Darker—and More Dangerous

By: Matt Burgess
Sexual deepfakes continue to get more sophisticated, capable, easy to access, and perilous for millions of women who are abused with the technology.

Who Operates the Badbox 2.0 Botnet?

By: BrianKrebs

The cybercriminals in control of Kimwolf — a disruptive botnet that has infected more than 2 million devices — recently shared a screenshot indicating they’d compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.

Our first story of 2026, The Kimwolf Botnet is Stalking Your Local Network, detailed the unique and highly invasive methods Kimwolf uses to spread. The story warned that the vast majority of Kimwolf infected systems were unofficial Android TV boxes that are typically marketed as a way to watch unlimited (pirated) movie and TV streaming services for a one-time fee.

Our January 8 story, Who Benefitted from the Aisuru and Kimwolf Botnets?, cited multiple sources saying the current administrators of Kimwolf went by the nicknames “Dort” and “Snow.” Earlier this month, a close former associate of Dort and Snow shared what they said was a screenshot the Kimwolf botmasters had taken while logged in to the Badbox 2.0 botnet control panel.

That screenshot, a portion of which is shown below, shows seven authorized users of the control panel, including one that doesn’t quite match the others: According to my source, the account “ABCD” (the one that is logged in and listed in the top right of the screenshot) belongs to Dort, who somehow figured out how to add their email address as a valid user of the Badbox 2.0 botnet.

The control panel for the Badbox 2.0 botnet lists seven authorized users and their email addresses. Click to enlarge.

Badbox has a storied history that well predates Kimwolf’s rise in October 2025. In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants accused of operating Badbox 2.0, which Google described as a botnet of over ten million unsanctioned Android streaming devices engaged in advertising fraud. Google said Badbox 2.0, in addition to compromising multiple types of devices prior to purchase, also can infect devices by requiring the download of malicious apps from unofficial marketplaces.

Google’s lawsuit came on the heels of a June 2025 advisory from the Federal Bureau of Investigation (FBI), which warned that cyber criminals were gaining unauthorized access to home networks by either configuring the products with malware prior to the user’s purchase, or infecting the device as it downloads required applications that contain backdoors — usually during the set-up process.

The FBI said Badbox 2.0 was discovered after the original Badbox campaign was disrupted in 2024. The original Badbox was identified in 2023, and primarily consisted of Android operating system devices (TV boxes) that were compromised with backdoor malware prior to purchase.

KrebsOnSecurity was initially skeptical of the claim that the Kimwolf botmasters had hacked the Badbox 2.0 botnet. That is, until we began digging into the history of the qq.com email addresses in the screenshot above.

CATHEAD

An online search for the address 34557257@qq.com (pictured in the screenshot above as the user “Chen“) shows it is listed as a point of contact for a number of China-based technology companies, including:

Beijing Hong Dake Wang Science & Technology Co Ltd.
Beijing Hengchuang Vision Mobile Media Technology Co. Ltd.
Moxin Beijing Science and Technology Co. Ltd.

The website for Beijing Hong Dake Wang Science is asmeisvip[.]net, a domain that was flagged in a March 2025 report by HUMAN Security as one of several dozen sites tied to the distribution and management of the Badbox 2.0 botnet. Ditto for moyix[.]com, a domain associated with Beijing Hengchuang Vision Mobile.

A search at the breach tracking service Constella Intelligence finds 34557257@qq.com at one point used the password “cdh76111.” Pivoting on that password in Constella shows it is known to have been used by just two other email accounts: daihaic@gmail.com and cathead@gmail.com.

Constella found cathead@gmail.com registered an account at jd.com (China’s largest online retailer) in 2021 under the name “陈代海,” which translates to “Chen Daihai.” According to DomainTools.com, the name Chen Daihai is present in the original registration records (2008) for moyix[.]com, along with the email address cathead@astrolink[.]cn.

Incidentally, astrolink[.]cn also is among the Badbox 2.0 domains identified in HUMAN Security’s 2025 report. DomainTools finds cathead@astrolink[.]cn was used to register more than a dozen domains, including vmud[.]net, yet another Badbox 2.0 domain tagged by HUMAN Security.

XAVIER

A cached copy of astrolink[.]cn preserved at archive.org shows the website belongs to a mobile app development company whose full name is Beijing Astrolink Wireless Digital Technology Co. Ltd. The archived website reveals a “Contact Us” page that lists a Chen Daihai as part of the company’s technology department. The other person featured on that contact page is Zhu Zhiyu, and their email address is listed as xavier@astrolink[.]cn.

A Google-translated version of Astrolink’s website, circa 2009. Image: archive.org.

Astute readers will notice that the user Mr.Zhu in the Badbox 2.0 panel used the email address xavierzhu@qq.com. Searching this address in Constella reveals a jd.com account registered in the name of Zhu Zhiyu. A rather unique password used by this account matches the password used by the address xavierzhu@gmail.com, which DomainTools finds was the original registrant of astrolink[.]cn.

ADMIN

The very first account listed in the Badbox 2.0 panel — “admin,” registered in November 2020 — used the email address 189308024@qq.com. DomainTools shows this email is found in the 2022 registration records for the domain guilincloud[.]cn, which includes the registrant name “Huang Guilin.”

Constella finds 189308024@qq.com is associated with the China phone number 18681627767. The open-source intelligence platform osint.industries reveals this phone number is connected to a Microsoft profile created in 2014 under the name Guilin Huang (桂林 黄). The cyber intelligence platform Spycloud says that phone number was used in 2017 to create an account at the Chinese social media platform Weibo under the username “h_guilin.”

The public information attached to Guilin Huang’s Microsoft account, according to the breach tracking service osintindustries.com.

The remaining three users and corresponding qq.com email addresses were all connected to individuals in China. However, none of them (nor Mr. Huang) had any apparent connection to the entities created and operated by Chen Daihai and Zhu Zhiyu — or to any corporate entities for that matter. Also, none of these individuals responded to requests for comment.

The mind map below includes search pivots on the email addresses, company names and phone numbers that suggest a connection between Chen Daihai, Zhu Zhiyu, and Badbox 2.0.

This mind map includes search pivots on the email addresses, company names and phone numbers that appear to connect Chen Daihai and Zhu Zhiyu to Badbox 2.0. Click to enlarge.

UNAUTHORIZED ACCESS

The idea that the Kimwolf botmasters could have direct access to the Badbox 2.0 botnet is a big deal, but explaining exactly why that is requires some background on how Kimwolf spreads to new devices. The botmasters figured out they could trick residential proxy services into relaying malicious commands to vulnerable devices behind the firewall on the unsuspecting user’s local network.

The vulnerable systems sought out by Kimwolf are primarily Internet of Things (IoT) devices like unsanctioned Android TV boxes and digital photo frames that have no discernible security or authentication built-in. Put simply, if you can communicate with these devices, you can compromise them with a single command.

Our January 2 story featured research from the proxy-tracking firm Synthient, which alerted 11 different residential proxy providers that their proxy endpoints were vulnerable to being abused for this kind of local network probing and exploitation.

Most of those vulnerable proxy providers have since taken steps to prevent customers from going upstream into the local networks of residential proxy endpoints, and it appeared that Kimwolf would no longer be able to quickly spread to millions of devices simply by exploiting some residential proxy provider.

However, the source of that Badbox 2.0 screenshot said the Kimwolf botmasters had an ace up their sleeve the whole time: Secret access to the Badbox 2.0 botnet control panel.

“Dort has gotten unauthorized access,” the source said. “So, what happened is normal proxy providers patched this. But Badbox doesn’t sell proxies by itself, so it’s not patched. And as long as Dort has access to Badbox, they would be able to load” the Kimwolf malware directly onto TV boxes associated with Badbox 2.0.

The source said it isn’t clear how Dort gained access to the Badbox botnet panel. But it’s unlikely that Dort’s existing account will persist for much longer: All of our notifications to the qq.com email addresses listed in the control panel screenshot received a copy of that image, as well as questions about the apparently rogue ABCD account.

Privacy and Data Governance — Keys to Innovation and Trust in the AI Era

By: Harvey Jang
Cisco 2026 Data and Privacy Benchmark Study shares insights into how privacy unlocks competitive advantage for business growth and builds trust in AI era.

The Instant Smear Campaign Against Border Patrol Shooting Victim Alex Pretti

By: David Gilbert
Within minutes of the shooting, the Trump administration and right-wing influencers began disparaging the man shot by a federal immigration officer on Saturday in Minneapolis.

ICE Asks Companies About ‘Ad Tech and Big Data’ Tools It Could Use in Investigations

By: Caroline Haskins
A new federal filing from ICE demonstrates how commercial tools are increasingly being considered by the government for law enforcement and surveillance.

This Week in Scams: Netflix Phishing and QR Code Espionage

By: Brooke Seipel
Couple watching Netflix

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix billing alerts to malicious browser extensions and QR code phishing tied to foreign espionage, the common thread is trust being weaponized at exactly the right moment. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it. 

Netflix Billing Emails Are Back… And Still Catching People Off Guard 

The big picture: Subscription phishing is resurging, with scammers impersonating Netflix and using fake billing failures to push victims into handing over payment details. 

What happened: Multiple Netflix impersonation emails circulated again this month, warning recipients that a payment failed and urging them to “update payment” to avoid service interruption. The messages closely mirror Netflix’s real branding and include polished formatting, official-looking language, and even PDF attachments designed to feel like legitimate billing notices. 

What makes these scams effective is timing. Victims often receive them while actively reviewing subscriptions, updating payment methods, or considering canceling services. That context lowers skepticism just enough for a quick click before slowing down to verify. 

McAfee’s Scam Detector flagged the messages (which one of our own employees received this week) as phishing, confirming they were designed to steal payment information rather than resolve a real billing issue. 

Example of McAfee detecting the Netflix phishing scam

Red flags to watch for: 

  • Unexpected billing problems paired with urgent calls to act 
  • Payment requests delivered by email instead of inside the app 
  • Attachments or buttons asking you to “fix” account issues 
  • Sender addresses that don’t match official Netflix domains 

How this scam works: This is classic brand impersonation phishing. Scammers don’t need to hack Netflix itself. They rely on people recognizing the logo, trusting the message, and reacting emotionally to the idea of losing access. The attachment and clean design help bypass instinctive spam filters in the brain, even when technical filters catch it later. 

Netflix has warned customers about these scams and offers advice on its site if you encounter one.

What to do instead: If you get a billing alert, don’t click. Open the Netflix app or manually type the site address to check your account. If there’s no issue there, the email wasn’t real. 

Fake Ad Blocker Crashes Browsers to Push “Fix It” Malware 

The big picture: Attackers are exploiting browser crashes themselves as a social engineering tool, turning technical disruption into a pathway for malware installation. 

What happened: Researchers reported a malvertising campaign promoting a fake ad-blocking browser extension called “NexShield,” which falsely claimed to be created by the developer of a well-known, legitimate ad blocker. Once installed, the extension intentionally overwhelmed the browser, causing freezes, crashes, and system instability. 

After restart, victims were shown fake security warnings instructing them to “fix” the problem by running commands on their own computer. Following those instructions triggered the download of a remote access tool capable of spying, executing commands, and installing additional malware. The reporting was first detailed by Bleeping Computer, with technical analysis from security researchers. 

Red flags to watch for: 

  • Browser extensions promising performance boosts or “ultimate” protection 
  • Crashes immediately after installing a new extension 
  • Pop-ups instructing you to run commands manually 
  • “Security fixes” that require copying and pasting code 

How this scam works: This is a variant of ClickFix attacks. Instead of faking a problem, attackers cause a real one, then position themselves as the solution. The crash creates urgency and confusion, making people more likely to follow instructions they’d normally question. It turns frustration into compliance. 

FBI Warns QR Code Phishing Is Being Used for Cyber Espionage 

The big picture: QR codes are being used as stealth phishing tools, with highly targeted attacks tied to foreign intelligence operations. 

What happened: The Federal Bureau of Investigation issued a warning about QR code phishing, or “quishing,” campaigns linked to a North Korean government-backed hacking group. According to reporting by Fox News, attackers sent emails containing QR codes that redirected victims to fake login pages or malware-hosting sites. 

In some cases, simply visiting the site allowed attackers to collect device data, location details, and system information, even if no credentials were entered. These campaigns are highly targeted, often aimed at professionals in policy, research, and technology sectors. 

Red flags to watch for: 

  • QR codes sent by email or messaging apps 
  • QR codes leading to login pages for work tools or cloud services 
  • Messages that feel personalized but unexpected 
  • Requests to scan instead of click 

How this scam works: QR codes hide the destination URL, removing the visual cues people rely on to judge safety. Because scanning feels faster and more “passive” than clicking a link, people often skip verification entirely. That moment of trust is what attackers exploit. 

Read our ultimate guide to “quishing” and how to spot and avoid QR code scams here. 

McAfee’s Safety Tips for This Week 

  • Verify inside official apps. Billing or security issues should be confirmed directly in the app or website you normally use, not through email links or QR codes. 
  • Treat extensions like software installs. Only install browser extensions from trusted publishers you already know, and remove anything that causes instability. 
  • Slow down with QR codes. If a QR code leads to a login page or download, close it and navigate manually instead. 
  • Watch for urgency + familiarity. Scammers increasingly rely on brands, tools, and behaviors you already trust to short-circuit caution. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

Children and chatbots: What parents should know

As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development

US Judge Rules ICE Raids Require Judicial Warrants, Contradicting Secret ICE Memo

By: Dell Cameron, Matt Giles
The ruling in federal court in Minnesota lands as Immigration and Customs Enforcement faces scrutiny over an internal memo claiming judge-signed warrants aren’t needed to enter homes without consent.

CBP Wants AI-Powered ‘Quantum Sensors’ for Finding Fentanyl in Cars

By: Caroline Haskins
US Customs and Border Protection is paying General Dynamics to create prototype “quantum sensors,” to be used with an AI database to detect fentanyl and other narcotics.

149 Million Usernames and Passwords Exposed by Unsecured Database

By: Lily Hay Newman
This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware.

Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook

By: Brooke Seipel

Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365. 

The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.

Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users. 

“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”

“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”

“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.

Here, we break down what happened and why outages are prime time for scammers.

What happened to Microsoft Outlook? 

A Microsoft infrastructure failure disrupted email delivery. 

Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.

Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.

When did the Microsoft outage happen? 

The disruption unfolded over several hours on Thursday afternoon (ET). 

Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows: 

Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.

2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.

3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.

4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.

Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced. 

Was this a hack or cyberattack? 

No. Microsoft says the outage was caused by technical infrastructure issues. 

According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours. 

Message from Microsoft

A message sent by Microsoft about the server issue.

Why outages  cause widespread disruption 

Modern work depends on shared cloud infrastructure. 

That sudden loss of access often leaves users unsure whether: 

  • Their account has been compromised 
  • Their data is at risk 
  • They need to take immediate action 

That uncertainty is exactly what scammers look for. 

How scammers exploit big tech outages

They impersonate the company and trick users into signing in again. 

After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours. 

These scams typically work by: 

Impersonating Microsoft using logos, branding, and language copied from real outage notices 

Sending fake “service restoration” emails or texts claiming users must re-authenticate 

Linking to realistic login pages designed to steal Microsoft usernames and passwords 

Posing as IT support or Microsoft support and directing users to fake phone numbers 

Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address. 

How to stay safe during a Microsoft outage 

Outages are confusing. Scammers rely on urgency and familiarity. 

To reduce risk: 

  • Do not click links in emails or texts about outages or “account recovery.” 
  • Go directly to official sources, such as Microsoft’s status page or verified social accounts. 
  • Never re-enter your password through links sent during an outage. 
  • Ignore urgent fixes that ask for downloads, payments, or credentials. 

If you already clicked or entered information: 

  • Change your Microsoft password immediately 
  • Update passwords anywhere you reused it 
  • Turn on or refresh two-factor authentication 
  • Review recent account activity 
  • Run a trusted security scan to remove malicious software (check out our free trial) 

How McAfee can help 

Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens. 

McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access. 

FAQ 

Q: Is Microsoft Outlook still down?
A: Microsoft said Thursday afternoon that it had restored affected infrastructure and was redirecting traffic to recover service, according to CNBC. Some users may still experience intermittent issues. 
Q: Was the Microsoft outage caused by hackers?
A: No. Microsoft has not reported any cyberattack or data breach related to the outage, per CNBC. 
Q: Can scammers really use outages to steal accounts?
A: Yes. During major outages, scammers often impersonate companies like Microsoft and trick users into signing in again on fake websites. 
Q: Should I reset my password after an outage?
A: Only if you clicked a suspicious link or entered your credentials somewhere outside Microsoft’s official site. Otherwise, resetting passwords isn’t necessary. 

 

The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.

Kimwolf Botnet Lurking in Corporate, Govt. Networks

By: BrianKrebs

A new Internet-of-Things (IoT) botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf’s ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.

Image: Shutterstock, @Elzicon.

Kimwolf grew rapidly in the waning months of 2025 by tricking various “residential proxy” services into relaying malicious commands to devices on the local networks of those proxy endpoints. Residential proxies are sold as a way to anonymize and localize one’s Web traffic to a specific region, and the biggest of these services allow customers to route their Internet activity through devices in virtually any country or city around the globe.

The malware that turns one’s Internet connection into a proxy node is often quietly bundled with various mobile apps and games, and it typically forces the infected device to relay malicious and abusive traffic — including ad fraud, account takeover attempts, and mass content-scraping.

Kimwolf mainly targeted proxies from IPIDEA, a Chinese service that has millions of proxy endpoints for rent on any given week. The Kimwolf operators discovered they could forward malicious commands to the internal networks of IPIDEA proxy endpoints, and then programmatically scan for and infect other vulnerable devices on each endpoint’s local network.

Most of the systems compromised through Kimwolf’s local network scanning have been unofficial Android TV streaming boxes. These are typically Android Open Source Project devices — not Android TV OS devices or Play Protect certified Android devices — and they are generally marketed as a way to watch unlimited (read:pirated) video content from popular subscription streaming services for a one-time fee.

However, a great many of these TV boxes ship to consumers with residential proxy software pre-installed. What’s more, they have no real security or authentication built-in: If you can communicate directly with the TV box, you can also easily compromise it with malware.

While IPIDEA and other affected proxy providers recently have taken steps to block threats like Kimwolf from going upstream into their endpoints (reportedly with varying degrees of success), the Kimwolf malware remains on millions of infected devices.

A screenshot of IPIDEA’s proxy service.

Kimwolf’s close association with residential proxy networks and compromised Android TV boxes might suggest we’d find relatively few infections on corporate networks. However, the security firm Infoblox said a recent review of its customer traffic found nearly 25 percent of them made a query to a Kimwolf-related domain name since October 1, 2025, when the botnet first showed signs of life.

Infoblox found the affected customers are based all over the world and in a wide range of industry verticals, from education and healthcare to government and finance.

“To be clear, this suggests that nearly 25% of customers had at least one device that was an endpoint in a residential proxy service targeted by Kimwolf operators,” Infoblox explained. “Such a device, maybe a phone or a laptop, was essentially co-opted by the threat actor to probe the local network for vulnerable devices. A query means a scan was made, not that new devices were compromised. Lateral movement would fail if there were no vulnerable devices to be found or if the DNS resolution was blocked.”

Synthient, a startup that tracks proxy services and was the first to disclose on January 2 the unique methods Kimwolf uses to spread, found proxy endpoints from IPIDEA were present in alarming numbers at government and academic institutions worldwide. Synthient said it spied at least 33,000 affected Internet addresses at universities and colleges, and nearly 8,000 IPIDEA proxies within various U.S. and foreign government networks.

The top 50 domain names sought out by users of IPIDEA’s residential proxy service, according to Synthient.

In a webinar on January 16, experts at the proxy tracking service Spur profiled Internet addresses associated with IPIDEA and 10 other proxy services that were thought to be vulnerable to Kimwolf’s tricks. Spur found residential proxies in nearly 300 government owned and operated networks, 318 utility companies, 166 healthcare companies or hospitals, and 141 companies in banking and finance.

“I looked at the 298 [government] owned and operated [networks], and so many of them were DoD [U.S. Department of Defense], which is kind of terrifying that DoD has IPIDEA and these other proxy services located inside of it,” Spur Co-Founder Riley Kilmer said. “I don’t know how these enterprises have these networks set up. It could be that [infected devices] are segregated on the network, that even if you had local access it doesn’t really mean much. However, it’s something to be aware of. If a device goes in, anything that device has access to the proxy would have access to.”

Kilmer said Kimwolf demonstrates how a single residential proxy infection can quickly lead to bigger problems for organizations that are harboring unsecured devices behind their firewalls, noting that proxy services present a potentially simple way for attackers to probe other devices on the local network of a targeted organization.

“If you know you have [proxy] infections that are located in a company, you can chose that [network] to come out of and then locally pivot,” Kilmer said. “If you have an idea of where to start or look, now you have a foothold in a company or an enterprise based on just that.”

This is the third story in our series on the Kimwolf botnet. Next week, we’ll shed light on the myriad China-based individuals and companies connected to the Badbox 2.0 botnet, the collective name given to a vast number of Android TV streaming box models that ship with no discernible security or authentication built-in, and with residential proxy malware pre-installed.

Further reading:

The Kimwolf Botnet is Stalking Your Local Network

Who Benefitted from the Aisuru and Kimwolf Botnets?

A Broken System Fueling Botnets (Synthient).

ICE Agents Are ‘Doxing’ Themselves

By: Maddy Varner
The alleged risks of being publicly identified have not stopped DHS  and ICE employees from creating profiles on LinkedIn, even as Kristi Noem threatens to treat revealing agents’ identities as a crime.

Didn’t Request an Instagram Password Reset? Here’s What to Do

By: Brooke Seipel

If you recently received an unexpected email from Instagram asking you to reset your password, you are not alone. Over the past several days, thousands of users reported receiving legitimate password reset emails they did not request. 

The sudden wave of messages led to widespread confusion and concern about whether Instagram had suffered a data breach. Instagram and its parent company Meta deny that a breach occurred, stating instead that they fixed an issue that allowed an external party to trigger password reset emails for some users. 

While the exact source of the activity remains disputed, the situation highlights a broader and more important issue. Password reset emails, even when legitimate, are often the first signal users get that their information may be exposed, reused, or being targeted by attackers. 

Here is what we know so far and what this incident reveals about how password compromises really happen. 

Was Instagram Hacked? 

Instagram says no. 

In statements reported by the BBC and BleepingComputer, Meta said it resolved a problem that allowed an external party to request password reset emails on behalf of users. The company maintains there was no breach of its systems and that accounts remain secure. 

At the same time, cybersecurity researchers and firms, including Malwarebytes, have warned about a dataset circulating on hacking forums that allegedly contains information linked to more than 17 million Instagram accounts. According to reporting, that data may include usernames, email addresses, phone numbers, locations, and account IDs, but not passwords. 

Some researchers believe the dataset may be a compilation of older scraped data rather than evidence of a new breach. Others say the timing of the password reset emails and the appearance of the data raises unresolved questions. 

What matters for users is this: regardless of whether this was a new breach, old scraped data, or a technical abuse of password reset systems, attackers routinely use exposed personal information to launch phishing, account takeover attempts, and social engineering attacks. 

What Counts as a Data Breach and What Does Not 

A true data breach occurs when attackers gain unauthorized access to internal systems and steal protected data such as passwords, financial information, or private communications. 

In many cases, personal data is also exposed through: 

  • API scraping of publicly accessible information 
  • Older leaks that are resold or repackaged 
  • Credential stuffing using passwords stolen from unrelated sites 
  • Abuse of account recovery or password reset features 

That distinction matters because even when passwords are not leaked, exposed personal data can still be weaponized. Names, emails, phone numbers, and locations are often enough for scammers to craft convincing phishing messages that appear legitimate. 

Why You Might Receive a Password Reset Email You Did Not Request 

There are several common reasons this happens, and none of them require your Instagram password to be stolen. 

  • Someone may be testing whether your email address is linked to an account. 
  • Attackers may be attempting credential stuffing using passwords from past breaches. 
  • Your information may appear in older datasets that are being reused or resold. 
  • A platform bug or abuse of recovery systems may trigger reset emails at scale. 

Scammers often use these moments to send fake follow-up emails that look nearly identical to legitimate ones. That is why security experts consistently recommend going directly to the app or official website rather than clicking links in unexpected messages. 

What to Do If You Received an Instagram Password Reset Email 

If you did not request the reset:  

  1. Do not click links in the email. 
  2. Open the Instagram app or visit the official site directly to review security settings.  
  3. Check recent login activity and remove any unfamiliar sessions. 
  4. Enable two-factor authentication (2FA) if it is not already turned on. 

If you decide to change your password, make sure the new one is unique and not used anywhere else. 

Meta/IG Accounts Center Screenshot

Click “Review Settings” to enable 2FA in your Account Center

How to enable multi-factor authentication for Instagram 

  1. Click More in the bottom left, then click Settings. 
  2. Click See more in Accounts Center, then click Password and Security. 
  3. Click Two-factor (2FA) authentication, then select an account. 
  4. Choose the security method you want to add and follow the on-screen instructions. 

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp. 

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145 

How to Manage Passwords the Right Way 

Remembering dozens of unique, strong passwords is not realistic for most people. That is why password managers exist. 

A password manager can: 

  • Generate strong, unique passwords for every account 
  • Store them securely so you do not need to remember them 
  • Alert you if your credentials appear in known breaches 
  • Reduce the risk of account takeover from reused passwords 

Using a password manager removes the pressure to reuse passwords and helps close one of the most common doors attackers walk through.  

McAfee’s password manager helps you secure your accounts by generating complex passwords, storing them and auto-filling your info for faster logins across devices. It’s secure and, best of all, you only have to remember a single password. 

FAQ: Instagram Password Reset Emails and Account Safety 

Was my Instagram password stolen?
There is no evidence that passwords were leaked in this incident. 
Should I reset my password anyway?
If you are unsure or reuse passwords elsewhere, resetting it directly in the app is a smart precaution. 
Are the emails real or phishing?
Some emails were legitimate, but scammers often mimic them. Always go directly to the app or website. 
Why is password reuse dangerous?
Because a breach on one site can expose all accounts that share the same password. 

 

The post Didn’t Request an Instagram Password Reset? Here’s What to Do appeared first on McAfee Blog.

Surveillance and ICE Are Driving Patients Away From Medical Care, Report Warns

By: Dell Cameron
A new EPIC report says data brokers, ad-tech surveillance, and ICE enforcement are among the factors leading to a “health privacy crisis” that is eroding trust and deterring people from seeking care.

What Is Quishing? How QR Code Scams Work and How to Avoid Them

By: Brooke Seipel
qr code illustration

You thought you were scanning a menu. 

Or paying for parking. Or checking a package notice taped to your door. A quick scan, a familiar logo, a page that loads instantly on your phone. 

Nothing about it felt risky. 

That’s exactly why QR code scams are spreading so quickly. 

QR codes have become part of everyday life. They’re on restaurant tables, public signs, emails, mailers, and payment screens. We’re taught to treat them as shortcuts—faster than typing a URL, easier than downloading an app, safer than clicking a link. 

Scammers know that. 

Instead of asking you to click something suspicious, they ask you to scan something ordinary. Once you do, you can be routed to fake login pages, payment requests, or malicious sites designed to steal your information before you realize anything is wrong. 

This tactic has a name: quishing.

And as QR codes continue to replace links in the real world, understanding how quishing works is essential to staying safe online. 

What Is Quishing? 

Quishing is a form of phishing that uses QR codes instead of clickable links to trick people into visiting malicious websites or giving up sensitive information. 

The term combines QR and phishing, and it reflects a simple but dangerous shift in scam tactics: instead of asking you to click, scammers ask you to scan. 

Once scanned, a fake QR code can lead to: 

  • Credential-harvesting login pages 
  • Payment requests or fake invoices 
  • Malware downloads 
  • Fake customer support portals 
  • Subscription traps 

Because QR codes don’t show a visible URL before you scan, they remove one of the most important scam warning signs people rely on. 

Common QR Code Scams to Watch Out For

While quishing attacks vary, most fall into a few predictable patterns.

1. Fake parking and payment QR codes

Scammers place stickers over legitimate parking meter QR codes. When scanned, victims are taken to fake payment pages that steal card details.

Red flag: A QR code that asks for full payment details without redirecting to a known parking or city service.

2. Restaurant menu swaps

Fraudsters replace real menu QR codes with fake ones that redirect to phishing pages or malicious downloads.

Red flag: A menu page that asks you to “sign in,” download an app, or confirm personal details.

3. Delivery and package alerts

Flyers or door tags claim you missed a delivery and instruct you to scan a QR code to reschedule.

Red flag: Vague delivery details and pressure to act quickly.

4. Fake account security warnings

QR codes claim your bank, streaming service, or email account needs verification.

Red flag: Any QR code that demands immediate action for “security reasons.”

5. Subscription traps and fake offers

Some QR codes promise discounts, refunds, or rewards but quietly enroll users in recurring charges.

Red flag: Fine print that’s hard to find, or missing entirely.

What Makes Quishing Especially Dangerous

QR scams succeed not because people are careless, but because they exploit trust and routine.

Unlike traditional phishing emails, quishing:

  • Happens offline and online at the same time
  • Often appears in trusted physical locations
  • Feels faster and more “legit”
  • Bypasses visual link inspection

Once a victim lands on a fake site, the damage can escalate quickly, from stolen credentials to drained accounts to identity theft.

How to Spot a Fake QR Code Before You Scan

You don’t need to avoid QR codes entirely, but you do need to slow down.

Check the physical context

Is the QR code taped on, scratched, or layered over another code? That’s a common tactic.

Look for branding inconsistencies

Misspellings, generic logos, or mismatched colors are red flags.

Preview the link

Most phone cameras now show the URL before opening it. Take a second to read it.

Be skeptical of urgency

Any QR code that pressures you to act immediately deserves extra scrutiny.

How to Protect Yourself From QR Scams

Step 1: Treat QR codes like links

A QR code is a shortcut to a website. Apply the same caution you would to any link.

Step 2: Avoid entering sensitive information

Legitimate services rarely ask for passwords, payment info, or personal details via QR codes.

Step 3: Use mobile security tools

Security software can help detect malicious sites and block risky downloads before damage is done.

Step 4: When in doubt, go direct

Instead of scanning, manually visit the official website or app you trust.

What to Do If You Scanned a Suspicious QR Code

If you think you interacted with a malicious QR code:

  • Stop engaging with the site immediately
  • Do not enter additional information
  • Monitor your financial accounts for unusual activity
  • Change passwords if credentials were entered
  • Run a security scan on your device, check out our free trial
  • Report the incident to the business or location involved

Early action can limit long-term fallout.

Frequently Asked Questions

What is quishing in simple terms?
Quishing is phishing that uses QR codes to trick people into visiting fake or malicious websites.

Are QR codes inherently unsafe?
No, but they can be exploited. The risk comes from where they lead, not the code itself.

Can scanning a QR code install malware?
In some cases, yes, especially if it prompts a download or redirects to a malicious site.

Are QR scams increasing?
Yes. As QR codes become more common, scammers are increasingly using them to bypass traditional defenses.

The post What Is Quishing? How QR Code Scams Work and How to Avoid Them appeared first on McAfee Blog.

Old habits die hard: 2025’s most common passwords were as predictable as ever

Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well

ICE Details a New Minnesota-Based Detention Network That Spans 5 States

By: Dell Cameron
Internal ICE planning documents propose spending up to $50 million on a privately run network capable of shipping immigrants in custody hundreds of miles across the Upper Midwest.

Engaging Cisco Talos Incident Response is just the beginning

By: Yuri Kramarz
Cisco Talos Incident Response Retainer provides expert, proactive, and reactive cybersecurity support to quickly contain threats and strengthen defenses.

Why LinkedIn is a hunting ground for threat actors – and how to protect yourself

The business social networking site is a vast, publicly accessible database of corporate information. Don’t believe everyone on the site is who they say they are.

US Hackers Reportedly Caused a Blackout in Venezuela

By: Andy Greenberg, Maddy Varner, Lily Hay Newman
Plus: AI reportedly caused ICE to send agents into the field without training, Palantir’s app for targeting immigrants gets exposed, and more.

This Week in Scams: Fake Brand Messages and Account Takeovers

By: Brooke Seipel

This week in scams, social engineering sits at the center of several major headlines, from investment platform breaches to social media account takeovers and new warnings about AI-driven fraud.  

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it:  

Betterment Warns Customers of Breach 

The big picture:
Attackers accessed third-party systems used by Betterment, then used the information they stole to impersonate the company, contact customers, and promise scam crypto investment opportunities with too-good-to-be-true returns. 

What happened: 

  • Attackers used social engineering to compromise third-party tools Betterment uses for marketing and operations, as reported by TechCrunch 
  • With access to internal systems, they sent messages to customers that appeared legitimate. 
  • The messages promised to triple crypto holdings if recipients sent $10,000 to a wallet controlled by the attackers, a classic “send money to get more back” lure, later detailed by The Verge. 
  • Betterment says no account logins or passwords were compromised, but personal data like names, contact details, and dates of birth were exposed, enough to make the messages feel real. 

Red flags to watch for: 

  • Promises of guaranteed or multiplied crypto returns 
  • Requests to send money first to “unlock” a benefit 
  • Messages tied to a breach but asking for immediate action outside the app 
An image of Betterment's email to customers.
An image of Betterment’s email to customers

How the breach happened: 

Social engineering is a type of scam that targets people rather than software or security systems. Instead of hacking code, scammers focus on tricking someone into giving them access 

Attackers research how a company operates, which tools it uses, and who is likely to have permissions. They then impersonate a trusted source, such as a vendor, coworker, or automated system, and send a realistic message asking for a routine action.  

That action might be approving a login, resetting credentials, sharing a file, or clicking a link. Once the person complies, the scammer gains legitimate access and can move through systems using real permissions. Social engineering works because it exploits trust, familiarity, and urgency, making normal workplace behavior the pathway to a breach. 

Social Engineering Scams Fueled by AI On the Rise 

Big picture:
Fraud is increasingly driven by impersonation, automation, and trust abuse rather than technical hacking, according to new industry forecasts. 

What happened:
A new Future of Fraud Forecast from Experian warns that fraudsters are rapidly weaponizing AI and identity manipulation. The report highlights agentic AI systems committing fraud autonomously, deepfake job candidates passing live interviews, cloned websites overwhelming takedown efforts, and emotionally intelligent bots running scams at scale. 

The scope of the problem is already visible. Federal Trade Commission data shows consumers lost more than $12.5 billion to fraud in 2024, while nearly 60% of companies reported rising fraud losses between 2024 and 2025. Experian’s forecast suggests these losses will accelerate as fraud becomes harder to attribute, trace, and interrupt. 

Red flags to watch: 

  • Requests or actions initiated without clear human ownership 
  • Identity verification steps that feel automated or unusually frictionless 
  • Transactions triggered by AI systems with unclear accountability 

Phishing Scam Locks Users Out of X Accounts 

Big picture: Officials are warning of increasing phishing attacks that steal X users’ accounts and then use their profile to sell crypto. 

What happened: The Better Business Bureau issued a warning about phishing messages targeting users on X, particularly accounts with large followings. Victims receive direct messages that appear to come from colleagues or professional contacts, often asking them to click a link to support a contest, event, or opportunity. 

Once the link is clicked, victims are locked out of their accounts. The compromised accounts are then used to promote cryptocurrency and other products, while automatically sending the same phishing message to additional contacts. 

Red flags to watch: 

  • Unsolicited direct messages containing links 
  • Requests framed as favors, votes, or professional support 
  • Sudden loss of account access after clicking a link 

How this happened and what to learn:
The scam relies on account impersonation and lateral spread. Instead of reaching strangers, attackers move through existing trust networks, using one compromised account to reach the next.  

The takeaway is that familiarity does not equal legitimacy. Even messages from known contacts should be treated with caution when links or logins are involved. 

McAfee’s Safety Tips for This Week 

  • Verify inside official apps or sites. If you get a security email, don’t click any links. Instead, open the official app or type the website address yourself for more information. 
  • Stay alert to trending scams. Weight-loss drug fraud like Ozempic offers is already surging in the new year, and awareness is your first defense. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Fake Brand Messages and Account Takeovers appeared first on McAfee Blog.

McAfee and Pat McAfee Turn a Name Mix-Up Into a Push for Online Safety

By: Brooke Seipel
Pat McAfee

If a message popped up in your feed tomorrow promising a cash refund, a surprise giveaway, or a limited-time crypto opportunity, would you pause long enough to question it? 

That split second matters more than ever.

Most modern scams don’t rely on panic or obvious red flags. They rely on familiarity. On things that feel normal. On moments that seem too small to question. 

And those moments are exactly what scammers exploit. 

Why Today’s Scams Are So Easy to Fall For 

There was a time when spotting a scam was relatively straightforward. The emails were badly written. The websites looked rushed. The warnings were obvious. 

Scammers don’t just rely on obvious spam or panic-driven messages. Instead, many now use: 

  • Friendly, natural language 
  • Faces of celebrities and figures you trust 
  • Messages that arrive through trusted apps 
  • Conversations that unfold gradually 
  • Requests that feel routine instead of suspicious 

McAfee’s Celebrity Deepfake Deception research shows how common and convincing these scams have become: 72% of Americans say they’ve seen a fake or AI-generated celebrity endorsement, and 39% say they’ve clicked on one that turned out to be fraudulent. When scam content shows up in the same feeds, apps, and formats people use every day, it feels normal. 

That’s the danger zone. It’s also why McAfee chose to use a familiar, culturally recognizable moment to talk about a much bigger issue.

Why McAfee Partnered with Pat McAfee 

Whether you’ve been saying mack-uh-fee or mick-affy, the long-running name mix-up is harmless in everyday conversation. 

Online, though, small moments of confusion can have outsized consequences. 

Scammers rely on quick assumptions: that a familiar name means legitimacy, that a recognizable face means trust, that a message arriving in the right place must be real. They move fast, hoping people act before stopping to verify 

Pat McAfee knows firsthand how scammers exploit familiarity and trust. 

In recent months, fake social media giveaways promising cash and prizes have circulated using Pat’s likeness, and even a fraudulent “American Heart Association fundraiser” made the rounds, falsely claiming he was collecting donations. 

Pat wants his fans to know: if you ever see a giveaway, fundraiser, or message claiming to be from him, double-check it on his official channels first. If it feels off, it probably is. 

Unfortunately, these scams work because people trust Pat. Scammers exploit that trust to lower people’s guard and make fraudulent requests feel legitimate. 

It’s the same tactic used across countless impersonation scams today: borrow the authority of a familiar face, add a sense of urgency, and move fast before anyone stops to verify, “is this legit?” We’ve seen it happen with Taylor Swift, Tom Hanks, Al Roker, Brad Pitt, and numerous others. 

Remember, no legitimate giveaway will ask for payment, banking details, login credentials, or account access. And no nonprofit fundraiser tied to a celebrity should ever come from a personal message or unfamiliar social account. 

Watch: Pat McAfee Explains How McAfee Is More Than an Antivirus 

In the video below, Pat McAfee playfully demonstrates how easily familiar moments online can turn into risk, and why digital safety today can’t rely on perfect judgment alone. 

 

How to Protect Yourself Right Now 

You don’t have to stop using your favorite platforms. But you do have to change how you verify online threats. 

Before You Trust Any Urgent Message or Offer: 

  • Be skeptical of sudden financial opportunities 
  • Assume giveaways that require payment or credentials are scams 
  • Never connect accounts, wallets, or payment methods from social links 
  • Verify claims on official websites, not just inside apps 
  • Be cautious of messages that replace clear context with urgency 

If a video or message feels real but the request feels extreme, that’s a red flag. 

McAfee offers more than traditional antivirus, combining multiple layers of digital protection in one app 

Final Takeaway 

If a scam looks obvious, most people won’t fall for it. 

But modern scams don’t look obvious. They look familiar. They use your favorite faces. They look normal. They look safe. And that’s where people get hurt. 

Staying safe now means slowing down, verifying independently, and having protection work quietly in the background while you stay focused on what you actually came online to do. 

McAfee’s built-in Scam Detector, included in all core plans, automatically detects scams across text, email, and video, blocks dangerous sites, and identifies deepfakes, stopping harm before it happens. 

And because today’s risks aren’t just about what you click, a VPN and Personal Data Cleanup add additional layers of defense by helping protect your connection and limit how much personal information is available to be exploited in the first place. 

Ready to get Pat’s Picks? Learn more here. 

FAQs 

For clarity, and because these questions come up often, here’s the straightforward explanation: 

Q: Is Pat McAfee the founder of McAfee antivirus?
A: No. Pat McAfee is not associated with the founding or leadership of McAfee. McAfee was founded by John McAfee and operates independently. 
Q: Are Pat McAfee and McAfee the same company?
A: No. Pat McAfee is a sports media personality. McAfee is a cybersecurity company. They are separate entities. 
Q: Why does McAfee work with Pat McAfee?
A: McAfee partnered with Pat McAfee to raise awareness about online scams, impersonation fraud, and digital safety using culturally relevant examples. 

 

The post McAfee and Pat McAfee Turn a Name Mix-Up Into a Push for Online Safety appeared first on McAfee Blog.

McAfee’s Scam Detector Earns Third Major Award Within Months of Launch

By: Brooke Seipel
McAfee Scam Detector

McAfee’s Scam Detector has been named a Winner of the 2026 BIG Innovation Awards, presented by the Business Intelligence Group, marking the third major industry award the product has earned since launching just months ago. 

The recognition underscores a growing consensus across independent judges: as scams become more sophisticated and AI-driven, consumers need protection that works automatically, explains risks clearly, and helps stop harm before it happens. 

Big Innovation Award 2026

What Is the BIG Innovation Award? 

The BIG Innovation Awards recognize products and organizations that deliver measurable innovation with real-world impact. The program focuses not only on technical advancement, but on how solutions improve everyday life for individuals and households. 

For consumer cybersecurity products like Scam Detector, that means being evaluated on: 

  • Real-world relevance 
  • Ease of use for non-experts 
  • Societal impact 
  • Demonstrated adoption and need 

The award highlights Scam Detector’s role in helping people stay safer online as scams grow more sophisticated, more personal, and increasingly powered by AI.  

Why Scam Detector Stands Out 

According to feedback from the BIG Innovation Awards judging panel, Scam Detector was recognized for: 

Strong real-world relevance: Scams are now an everyday risk, not a niche technical issue 

Clear consumer value: Protection that runs automatically in the background without requiring expert knowledge

AI used responsibly: Applying advanced models to reduce harm, not increase it

Early impact: Rapid adoption, with more than one million users in its first months 

Judges also noted the importance of Scam Detector’s educational alerts, which don’t just block threats, but explain why something is risky, helping people build confidence over time. 

Using AI to Fight AI-Driven Scams 

Scam Detector is McAfee’s AI-powered protection designed to detect scams across text, email, and video, block dangerous links, and identify deepfakes, before harm occurs. 

As scammers increasingly use generative AI to impersonate people, brands, and institutions, protection needs to operate at the same speed and scale. Scam Detector is built to do exactly that, quietly working in the background while users go about their day. 

Scam Detector is included with all core McAfee plans and is available across mobile, PC, and web. 

In Good Company: Consumer Innovation Across Industries 

McAfee was recognized alongside other consumer-facing innovators whose products directly serve individuals and households. Fellow 2026 BIG Innovation Award winners include: 

Capital One Auto – Chat Concierge: A consumer-facing service designed to help car buyers and owners navigate financing and ownership decisions. 

Starkey – Omega AI Hearing Aid: A wearable hearing aid that integrates AI assistance, health monitoring, and real-time translation. 

Phonak – Virto R Infinio: Custom-fit hearing aids designed to deliver personalized hearing solutions for individual users. 

EZVIZ – 9c Dual 4G Series Camera: A smart home security camera built for personal and household use. 

Sinomax USA: Consumer mattresses and comfort products focused on everyday home use. 

beyoutica 1905: A wellness product designed for health- and lifestyle-focused consumers. 

Wheels – Pool CheckOut: A consumer-oriented solution designed to simplify vehicle service and checkout experiences. 

Together, these winners reflect how innovation increasingly shows up in tools people rely on at home, in their cars, and on their phones. 

Scam Detector Awards and Industry Recognition 

Since launch, McAfee’s Scam Detector has earned recognition across multiple independent award programs, each highlighting a different dimension of its impact: 

2026 BIG Innovation Awards

Winner and Top 10 Innovator – Large Business, recognizing real-world consumer impact and responsible AI use. 

2026 Big Innovation Award

2025 A.I. Awards

Winner, Best Use of AI in Cybersecurityhonoring Scam Detector’s automated scam detection and deepfake identification. 
The AI Awards - Winner 2025

2025 Tech Ascension Awards 

Winner, Best AI/ML Powered Cybersecurity Solution, recognizing real-time protection across text, email, and video. 
Tech Ascension Awards

Together, these awards reinforce a consistent message from independent judges: consumer cybersecurity works best when advanced technology is paired with clarity, usability, and trust. 

What Is McAfee’s Scam Detector? 

McAfee’s Scam Detector is an AI-powered scam protection feature designed to spot and stop scams across text messages, emails, and videos. Built in response to the rapid rise of AI-generated fraud, Scam Detector automatically analyzes suspicious content, blocks dangerous links, and identifies deepfakes, while explaining why something was flagged so users can make more confident decisions online. 

What Scam Detector Does 

Detects text message scams across popular apps and messaging platforms 

Flags phishing and suspicious emails with clear explanations, helping users learn what to watch for

Identifies AI-generated or manipulated audio in videos, including potential deepfakes

Offers on-demand scam checks, allowing users to upload a message, link, or screenshot for analysis

Runs primarily on-device, helping protect user privacy without sending personal content to the cloud 

Scam Detector is designed to work quietly in the background, providing protection without requiring constant decisions or technical expertise. Scam Detector is included at no extra cost with all core McAfee consumer plans. Learn more here. 

The post McAfee’s Scam Detector Earns Third Major Award Within Months of Launch appeared first on McAfee Blog.

Google Ends Dark Web Report. What That Means and How to Stay Safe

By: Brooke Seipel

Google has officially discontinued its Dark Web Report, the tool that alerted users when their personal information appeared in dark web breach databases. New scans stop on January 15, 2026, and on February 16, 2026, Google will permanently delete all data associated with the feature. 

This does not mean Google.com or Google Accounts are going away. It means Google is no longer scanning the dark web for leaked data tied to your account, and it is no longer storing or updating any breach information that was collected for the report. 

For people who relied on Google’s alerts, this change creates a real gap. After January 16, you will no longer get new notifications if your information shows up in breach databases. That is why it is worth taking a few minutes now to lock down the basics. 

According to reporting from TechCrunch, Google said it ended the service after concluding that it did not give users enough clarity about what to do once their data was found. 

That decision highlights a much larger shift in online security: Finding leaked data is no longer enough. Protecting identity is now the real challenge. 

What did Google’s Dark Web Report do? 

The Dark Web Report was a Google Account feature that searched known data breach dumps and dark web marketplaces for personal information tied to a user, such as email addresses, phone numbers, and other identifiers. 

If Google found a match, it sent an alert. 

What it did not do was show which accounts were at risk, whether financial or government ID data was involved, or how to prevent fraud from happening next. That gap is why some users said the tool fell short. 

What is the dark web, and why does  stolen data end up there? 

The internet has three layers: 

  1. The surface web is what search engines index. 
  2. The deep web includes anything behind a login, like email, banking, and medical portals. 
  3. The dark web is a hidden part of the deep web that is not indexed by search engines and is accessed through specialized networks or browsers like Tor. 

The dark web is where data from breaches is commonly sold, traded, and packaged for scams. When a company is hacked, stolen files often end up in dark web databases that include email addresses, passwords, Social Security numbers, bank details, and full identity profiles. 

Scammers use this data to commit account takeovers, financial fraud, tax fraud, and identity theft.  

Even without passwords, this personal information can be enough for scammers to target you with convincing phishing and social engineering scams.  

How to check if your personal information is on the dark web: 

Looking up an email address is no longer enough. Modern identity theft relies on things like Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance data, usernames, and phone numbers. 

To understand whether any of that is exposed, people need to monitor the dark web for identity-level data, not just logins. 

Here is what that looks like in practice: 

  • Scan breach databases for government ID numbers and financial data 
  • Look for full identity profiles being sold or traded 
  • Match leaked records back to real people 

Tools like McAfee’s Identity Monitoring are designed to look for those types of data so you can act before fraud happens. 

Have 30 minutes right now? Do this: 

Been meaning to bolster your security? Here are three quick ways you can enhance your identity protection and reduce real-world damage in a breach: 

Freeze your credit

Estimated time: 10 minutes 

This is a powerful free protection option that many forget about. A credit freeze blocks anyone from opening new loans, credit cards, or accounts in your name, even if they have your Social Security number and full identity profile. 

You can do this for free with any of the major credit bureaus. If you do it with one, the others are notified. 

Why this matters: Most identity theft today is not account hacking. It is criminals opening accounts in your name. A credit freeze stops that cold. 

 

Set up fraud and login alerts on your financial accounts 

Estimated time: 10 minutes 

Go into your main bank and credit card apps and turn on: 

  • Login alerts
  • Transaction alerts
  • Password or profile change alerts
  • These are not the same as marketing notifications. They tell you when someone is trying to access or move money. 

You’ll find these somewhere under Settings>Alerts.

Why this matters: Identity thieves often test stolen data with small charges or login attempts before stealing larger amounts. These alerts are how you catch it early.

Lock down account recovery paths

Estimated time: 10 minutes 

This is one of the most overlooked vulnerabilities. 

Go into: 

  • Your email account 
  • Your Apple ID or Google account 

Check and update: 

  • Recovery email 
  • Recovery phone number 
  • Backup codes 
  • Trusted devices 

Remove anything you do not recognize. 

Why this matters: Even if you change your password, attackers can still take over accounts through recovery systems if those are compromised. This closes that back door. 

 

FAQ: 

Is Google deleting my Google Account data?
No. Google is only deleting the data it collected specifically for the Dark Web Report feature. Your Gmail, Drive, Photos, and other Google Account data are not affected. 
Is Google still protecting my account from hackers?
Yes. Google continues to offer security features like two-factor authentication, login alerts, and account recovery tools. What it removed is the dark web scanning and alert system tied to breach data. 
Does the dark web report website still exist?
No. After February 16, 2026, Google no longer operates or updates the Dark Web Report feature. There is no active scanning, no dashboard, and no stored breach data tied to it. 
Does this mean dark web monitoring is useless?
No. It means email-only monitoring is not enough. Criminals use far more than emails to commit fraud, which is why identity-level monitoring is now more important. 
What kind of information is most dangerous if it appears on the dark web?
Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance IDs, usernames, and phone numbers are the data types most commonly used for identity theft and financial fraud. 
How can I check if my information is exposed right now?
You can use an identity monitoring service like McAfee that scans dark web sources for sensitive personal data, not just email addresses. That is how people can see whether their identity is being traded or abused today. 

 

The post Google Ends Dark Web Report. What That Means and How to Stay Safe appeared first on McAfee Blog.

Elon Musk’s Grok ‘Undressing’ Problem Isn’t Fixed

By: Matt Burgess
X has placed more restrictions on Grok’s ability to generate explicit AI images, but tests show that the updates have created a patchwork of limitations that fail to fully address the issue.

Why ICE Can Kill With Impunity

By: Lila Hassan
Over the past decade, US immigration agents have shot and killed more than two dozen people. Not a single agent appears to have faced criminal charges.

Former CISA Director Jen Easterly Will Lead RSAC Conference

By: Lily Hay Newman
The longtime cybersecurity professional says she’s taking the helm of the legacy security organization at “an inflection point” for tech and the world beyond.

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking

By: Andy Greenberg, Lily Hay Newman
Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.

Is it time for internet services to adopt identity verification?

Should verified identities become the standard online? Australia’s social media ban for under-16s shows why the question matters.

How to Spot a Fake GLP-1 Weight-Loss Drug Before You Buy

By: Brooke Seipel
weight loss drugs

“I thought I was getting a trusted weight-loss medication, but instead, I ended up sick and scammed. I never imagined something like this could happen to me.” 

Fiona, like many others, turned to Ozempic as a way to lose weight. With high demand making it difficult to find and prices soaring, she turned to an online pharmacy she found on social media. After placing an order, she received the medication and began taking it, only to experience severe side effects, including migraines, dizziness, and nausea.

“When my symptoms got worse, I knew something was wrong,” she told McAfee. Concerned, she sought professional advice. “doctor friend showed me what real Ozempic packaging looks like—and it was nothing like what I had received.” 

“I was putting something in my body that I thought was safe. Instead, I was taking an unknown substance that made me seriously ill,” she told McAfee. “That’s terrifying.” 

When she reached out to the pharmacy for a refund, they cut off all communication. Nearly a year later, Fiona still avoids online shopping altogether and hopes her experience will warn others to research online pharmacies carefully before making a purchase. 

“As soon as I questioned the pharmacy about the product, they vanished. No refund, no explanation. Just silence. That’s when I knew I had been completely scammed.” 

Unfortunately, Fiona’s story is one of many as surging interest in GLP-1 medications spurs scammers into action. 

If you’ve searched for GLP-1 medications online, you’ve probably noticed how crowded and confusing it’s become. Between ads, telehealth offers, and social media posts promising easy access, it can be hard to tell what’s real. 

That confusion isn’t accidental. McAfee’s researchers previously reported a wave of fake pharmacy sites and scam messages designed to catch people in exactly that moment of uncertainty.  

What are GLP-1 medications? 

GLP-1 (glucagon-like peptide-1) medications are prescription drugs that help regulate blood sugar and appetite. Doctors have used them to treat Type 2 diabetes for nearly two decades, and some have also been approved to support weight management. 

Because these medications affect insulin levels and digestion, they require medical supervision and a valid prescription. There is currently no legitimate over-the-counter version that works the same way. 

Why GLP-1 scams are exploding 

GLP-1 drugs have moved from a specialized medical treatment to a mainstream topic almost overnight, with a recent poll finding that 1 in 8 U.S. adults say they are currently taking a GLP-1 for weight loss.  

Whenever high demand, high prices, and limited supply collide online, scammers move in 

McAfee’s threat researchers have previously found that phishing attempts and fake websites tied to GLP-1 drugs increased by more than 180% during periods when interest in these medications surged. Hundreds of risky domains and hundreds of thousands of scam messages have been linked to searches for weight-loss drugs. 

At the same time, consumer watchdogs such as the Better Business Bureau (BBB) report a spike in complaints from people who clicked on fake ads, visited fraudulent pharmacies, or received scam texts promising instant access to GLP-1 prescriptions. 

Google Trends data showing the growth in searches around weight-loss drugs.

Common GLP-1 scams to watch out for

1. AI-generated celebrity and doctor endorsements

Scammers are using artificial intelligence to create realistic-looking videos and images of public figures and medical professionals promoting weight-loss products. One recent incident saw a fake, AI Oprah selling scam weight loss drugs  

These ads often appear in social media feeds and look legitimate, but the endorsements are fabricated.  

The goal is to build trust quickly with a familiar face and then push people toward a purchase page. From there, you’re left with a fake product, or no product at all, and your information exposed. 

Red flag: Any ad claiming a celebrity or doctor is selling GLP-1 drugs through a link or social media page. 

2. Fake prescription texts and emails

Some scams arrive as urgent messages saying you are “approved” or “eligible” for GLP-1 treatment. These messages typically include a link to a fake medical website that collects personal, insurance, or payment information. 

Red flag: Real prescriptions are not issued through unsolicited texts, emails, or DMs. 

3. Fake online pharmacies

Fraudulent websites advertise GLP-1 medications at discounted prices. After payment, victims may receive nothing, diluted products, or face repeated unauthorized charges. 

Consumer reports describe sites that look professional but provide only chat-box support and ignore cancellation requests. 

Red flag: Pharmacies that don’t require a prescription or don’t list a physical U.S. address and phone number. 

4. Subscription traps

Some scam offers quietly enroll buyers in recurring billing. Be wary of a “company” trying to offer a minimal “membership” or free “trial” with plans locking you into larger, more expensive future subscription plan without your clear consent. 

Red flag: Vague billing terms or hidden subscription language.

5. Missing or fake shipments

Some scam sites provide tracking numbers that never update, claim packages were lost, or ask for more shipping fees … while continuing to charge customers. 

Red flag: No real customer service and no way to cancel or dispute orders. 

What makes these scams especially dangerous 

Unlike many online scams, GLP-1 fraud carries real health risks. 

Some victims report receiving substances that do not match what was advertised, including mislabeled or unverified injectables. 

Because GLP-1 medications affect blood sugar and metabolism, taking the wrong substance or dosage can be dangerous. 

In addition to the medical risks, illegitimate storefronts pose a real threat to your private information. During your purchase, you may be tricked into sharing our address, contact info, payment details, and insurance information.  

How to safely pursue GLP-1 treatment 

If you’re considering GLP-1 medications for health or weight management, these steps can help reduce risk: 

Step 1: Start with a licensed healthcare provider 

Only a doctor or licensed medical professional can determine if GLP-1 treatment is appropriate for you. 

Step 2: Use verified pharmacies 

If you use telehealth or online pharmacies, confirm they are properly licensed and require a prescription. 

Step 3: Research before you pay 

Look up unfamiliar pharmacies through trusted consumer-protection resources before entering payment or insurance information. If you’re in doubt, it’s better not to share any personal info. 

Step 4: Be skeptical of miracle claims 

There is no over-the-counter or legal “natural GLP-1,” patch, salt trick, or supplement that produces the same effect as prescription medication. 

What to do if you think you were targeted: 

If you clicked a link, entered information, or made a purchase: 

  1. Stop communicating with the seller 
  2. Monitor your bank and credit accounts for unusual activity 
  3. If you notice suspicious charges, contact your bank directly
  4. Change any passwords you shared 
  5. Run a security scan on your device (here’s our free trial) 
  6. Report the incident to consumer-protection agencies 

Reporting helps stop the same scams from spreading to others. This is where you can get more information from the FDA and report scams.

How to Spot a Fake GLP-1 Weight-Loss Drug If You’ve Already Bought One 

If you’ve already ordered a GLP-1 weight-loss drug and something feels off, trust that instinct. Counterfeit GLP-1 products are increasingly convincing at first glance, but many show clear warning signs once you look closely. 

Here’s what to check: 

Packaging and Label Red Flags 

Poor print quality or spelling errors
Examine the carton, label, and insert carefully. Misspelled words, inconsistent fonts, blurry printing, or incorrect manufacturer details are common signs of counterfeit medication. 

Packaging that looks tampered with or unfamiliar
Authentic GLP-1 medications come in sealed, tamper-resistant packaging. If the box appears opened, resealed, relabeled, or noticeably different from what you’ve received from a legitimate pharmacy before, stop using it and contact a pharmacist. 

Incorrect or missing language
Medications sold legally in the U.S. should include labeling and instructions in English. Missing inserts or foreign-language packaging can be a red flag. 

Unusual product form
Be especially cautious of GLP-1 products sold as powders in vials that require mixing. These formulations are not authorized and have been linked to serious health risks. 

Check Lot and Serial Numbers 

Most legitimate GLP-1 medications include lot numbers or serial information that can be verified. 

If your product includes these details, compare them against information published by the manufacturer or alerts from regulators. If the numbers don’t match, or are missing entirely, that’s a warning sign. 

What to Do If You’re Unsure 

If anything about your medication doesn’t match what you expect: 

  • Stop using the product 
  • Contact a licensed pharmacist or healthcare provider 
  • Avoid purchasing refills from the same source 

When it comes to injectable medications, uncertainty isn’t something to push through. If you can’t confidently verify what you have, it’s safer to assume it may not be real. 

Final Thoughts 

Wanting to get healthier in the new year is a good thing. Falling for fake prescriptions, AI-generated endorsements, or fraudulent pharmacies is not. 

McAfee is here to help keep your devices, identity, and finances safe while you focus on your goals in 2026. 

Frequently Asked Questions 

For clarity, and because these questions come up often, here’s the straightforward explanation: 

Are GLP-1 drugs available without a prescription?
No. Legitimate GLP-1 medications require a prescription and medical oversight. 
Are social media GLP-1 ads real?
It depends. While there are certainly real ads out there, many are fake. AI-generated celebrity and doctor endorsements are commonly used in scams. So be wary and verify who is behind a post. 
Are GLP-1 patches, gummies, or “salt tricks” legitimate?
No over-the-counter product works the same way as prescription GLP-1 medication. 
Why do scammers use crypto or payment apps?
These payment methods are harder to reverse, which makes them attractive for fraud. 

 

The post How to Spot a Fake GLP-1 Weight-Loss Drug Before You Buy appeared first on McAfee Blog.

Verizon Outage Knocks Out US Mobile Service, Including Some 911 Calls

By: Lily Hay Newman
A major Verizon outage appeared to impact customers across the United States starting around noon ET on Wednesday. Calls to Verizon customers from other carriers may also be impacted.

Trump Warned of a Tren de Aragua ‘Invasion.’ US Intel Told a Different Story

By: Dell Cameron, Ryan Shapiro
Hundreds of records obtained by WIRED show thin intelligence on the Venezuelan gang in the United States, describing fragmented, low-level crime rather than a coordinated terrorist threat.

Your personal information is on the dark web. What happens next?

If your data is on the dark web, it’s probably only a matter of time before it’s abused for fraud or account hijacking. Here’s what to do.

Patch Tuesday, January 2026 Edition

By: BrianKrebs

Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft’s most-dire “critical” rating, and the company warns that attackers are already exploiting one of the bugs fixed today.

January’s Microsoft zero-day flaw — CVE-2026-20805 — is brought to us by a flaw in the Desktop Window Manager (DWM), a key component of Windows that organizes windows on a user’s screen. Kev Breen, senior director of cyber threat research at Immersive, said despite awarding CVE-2026-20805 a middling CVSS score of 5.5, Microsoft has confirmed its active exploitation in the wild, indicating that threat actors are already leveraging this flaw against organizations.

Breen said vulnerabilities of this kind are commonly used to undermine Address Space Layout Randomization (ASLR), a core operating system security control designed to protect against buffer overflows and other memory-manipulation exploits.

“By revealing where code resides in memory, this vulnerability can be chained with a separate code execution flaw, transforming a complex and unreliable exploit into a practical and repeatable attack,” Breen said. “Microsoft has not disclosed which additional components may be involved in such an exploit chain, significantly limiting defenders’ ability to proactively threat hunt for related activity. As a result, rapid patching currently remains the only effective mitigation.”

Chris Goettl, vice president of product management at Ivanti, observed that CVE-2026-20805 affects all currently supported and extended security update supported versions of the Windows OS. Goettl said it would be a mistake to dismiss the severity of this flaw based on its “Important” rating and relatively low CVSS score.

“A risk-based prioritization methodology warrants treating this vulnerability as a higher severity than the vendor rating or CVSS score assigned,” he said.

Among the critical flaws patched this month are two Microsoft Office remote code execution bugs (CVE-2026-20952 and CVE-2026-20953) that can be triggered just by viewing a booby-trapped message in the Preview Pane.

Our October 2025 Patch Tuesday “End of 10” roundup noted that Microsoft had removed a modem driver from all versions after it was discovered that hackers were abusing a vulnerability in it to hack into systems. Adam Barnett at Rapid7 said Microsoft today removed another couple of modem drivers from Windows for a broadly similar reason: Microsoft is aware of functional exploit code for an elevation of privilege vulnerability in a very similar modem driver, tracked as CVE-2023-31096.

“That’s not a typo; this vulnerability was originally published via MITRE over two years ago, along with a credible public writeup by the original researcher,” Barnett said. “Today’s Windows patches remove agrsm64.sys and agrsm.sys. All three modem drivers were originally developed by the same now-defunct third party, and have been included in Windows for decades. These driver removals will pass unnoticed for most people, but you might find active modems still in a few contexts, including some industrial control systems.”

According to Barnett, two questions remain: How many more legacy modem drivers are still present on a fully-patched Windows asset; and how many more elevation-to-SYSTEM vulnerabilities will emerge from them before Microsoft cuts off attackers who have been enjoying “living off the land[line] by exploiting an entire class of dusty old device drivers?”

“Although Microsoft doesn’t claim evidence of exploitation for CVE-2023-31096, the relevant 2023 write-up and the 2025 removal of the other Agere modem driver have provided two strong signals for anyone looking for Windows exploits in the meantime,” Barnett said. “In case you were wondering, there is no need to have a modem connected; the mere presence of the driver is enough to render an asset vulnerable.”

Immersive, Ivanti and Rapid7 all called attention to CVE-2026-21265, which is a critical Security Feature Bypass vulnerability affecting Windows Secure Boot. This security feature is designed to protect against threats like rootkits and bootkits, and it relies on a set of certificates that are set to expire in June 2026 and October 2026. Once these 2011 certificates expire, Windows devices that do not have the new 2023 certificates can no longer receive Secure Boot security fixes.

Barnett cautioned that when updating the bootloader and BIOS, it is essential to prepare fully ahead of time for the specific OS and BIOS combination you’re working with, since incorrect remediation steps can lead to an unbootable system.

“Fifteen years is a very long time indeed in information security, but the clock is running out on the Microsoft root certificates which have been signing essentially everything in the Secure Boot ecosystem since the days of Stuxnet,” Barnett said. “Microsoft issued replacement certificates back in 2023, alongside CVE-2023-24932 which covered relevant Windows patches as well as subsequent steps to remediate the Secure Boot bypass exploited by the BlackLotus bootkit.”

Goettl noted that Mozilla has released updates for Firefox and Firefox ESR resolving a total of 34 vulnerabilities, two of which are suspected to be exploited (CVE-2026-0891 and CVE-2026-0892). Both are resolved in Firefox 147 (MFSA2026-01) and CVE-2026-0891 is resolved in Firefox ESR 140.7 (MFSA2026-03).

“Expect Google Chrome and Microsoft Edge updates this week in addition to a high severity vulnerability in Chrome WebView that was resolved in the January 6 Chrome update (CVE-2026-0628),” Goettl said.

As ever, the SANS Internet Storm Center has a per-patch breakdown by severity and urgency. Windows admins should keep an eye on askwoody.com for any news about patches that don’t quite play nice with everything. If you experience any issues related installing January’s patches, please drop a line in the comments below.

McAfee Earns 29th Consecutive AAA Rating From SE Labs

By: Brooke Seipel
McAfee earns AAA rating from SE Labs

McAfee has once again earned the highest possible AAA rating from SE Labs, marking the 29th consecutive time our consumer protection has received this top-tier recognition. 

In SE Labs’ latest Q4 Home Anti-Malware Test, McAfee Total Protection achieved 100% protection with zero false positives, reinforcing a streak that has remained unbroken since December 2018. 

SE Labs AAA Security Evaluation EPS Protection Home December 2025

What the SE Labs AAA Rating Measures 

SE Labs is an independent, UK-based security testing organization known for evaluating products against real-world threats, not just controlled lab samples. Its test results are therefore referenced and trusted by numerous journalists and product reviewers alike.  

Their Home Anti-Malware tests simulate the types of attacks people actually face, including: 

  • Email-based threats 
  • Malicious websites 
  • Targeted attacks designed to appear relevant or trustworthy 
  • Common malware encountered during everyday online activity 

To earn an AAA rating, products must demonstrate: 

  • Strong threat detection 
  • Effective prevention before harm occurs 
  • Minimal false positives that disrupt normal use 

Why This Recognition Matters for Consumers 

For people choosing security software, independent testing helps answer a simple question: Does this protection actually work when it matters? SE Labs’ results show that McAfee continues to block threats accurately, without over-flagging safe activity. 

Independent recognition like this reinforces McAfee’s ongoing commitment to consumer-first security that is tested, proven, and trusted over time. 

Learn more about McAfee’s core protection plans and how we can help keep you safe online. And find the full SE Labs report here. 

The post McAfee Earns 29th Consecutive AAA Rating From SE Labs appeared first on McAfee Blog.

Dozens of ICE Vehicles in Minnesota Lack ‘Necessary’ Lights and Sirens

By: Caroline Haskins
A contract justification published in a federal register on Tuesday says that 31 ICE vehicles operating in the Twin Cities area “lack the necessary emergency lights and sirens” to be “compliant.”

Who Decides Who Doesn’t Deserve Privacy?

By: Troy Hunt
Who Decides Who Doesn’t Deserve Privacy?

Remember the Ashley Madison data breach? That was now more than a decade ago, yet it arguably remains the single most noteworthy data breach of all time. There are many reasons for this accolade, but chief among them is that by virtue of the site being expressly designed to facilitate extramarital affairs, there was massive social stigma attached to it. As a result, we saw some pretty crazy stuff:

  1. Various websites were stood up to publicly disclose the presence of people in the data and out them as “cheaters”
  2. Churches trawled through the data and contacted the spouses of exposed parishioners
  3. The media outed noteworthy individuals they searched for in the breach
  4. A radio station back home in Australia encouraged listeners to dial in to check if their spouse was in the data

Arguably, we now live in a more privacy-conscious era, one full of acronyms such as GDPR and CCPA, among others, in different parts of the world. The right to be forgotten, the right to erasure, and, indeed, privacy as a fundamental human right feature very differently in 2026 than they did in 2015. But arguably, even back then, the impact of outing someone as a member of the site should have been obvious. It was certainly obvious to me, which is why I introduced the concept of a sensitive data breach before the data even went public. HIBP wouldn’t show results for this breach publicly because I was concerned about the impact on people being outed. My worst fear was a spouse coming home to find someone having taken their own life, an HIBP search result on the screen in front of their lifeless body.

People died as a result of the breach. Marriages ended and lives were turned upside down. People lost their jobs. The human toll of the breach was profound. The decision I made after witnessing this was that if a breach was likely to have serious personal or social consequences for people in there, it would be flagged as sensitive and not publicly searchable.

The public doxing of members of the service was often justified on a moral basis: “adultery is bad, they deserve to be outed”. But there are two massive problems with this attitude, and I’ll begin with the purpose for which accounts were sometimes made:

An email address appearing in that breach implied that the person was there to have an extramarital affair because that was literally the catch-phrase of the service: “Life is short, have an affair”. But the reality was that people were members of the service for many, many different reasons. Have a read of my post titled Here’s What Ashley Madison Members Have Told Me and you’ll begin to understand how much more nuanced the situation was:

  1. Single people had joined the service, and later married before the breach occurred
  2. People who were worried about a cheating spouse joined the service in order to try to catch them
  3. Accounts were made with some people’s names and email addresses without their consent (there are many “Barrack Obamas” in the data)

So, should everyone with an email address on Ashley Madison be considered an adulterer? Clearly, no, that completely misses the nuances of what an email address in a data breach really means. But what about the people who were there to have an affair? Well, that brings us to the second problem:

Our own personal belief systems are not a valid basis for outing people publicly because their belief systems differ. I used more generic terms than “extramarital affair” or “cheating” because there are many other data breaches that are flagged as sensitive in HIBP for the very same reason. Fur Affinity, for example: there is a social stigma around furries and outing someone as a member of that community could have negative consequences for them. Rosebutt Board is another example: anal fisting is evidently something a bunch of people are into, and equally, I’m sure there are many who take a moral objection to it. And finally, to get to the catalyst for this post, WhiteDate: the website that is ostensibly designed for white people to date other white people. Flagging that as sensitive resulted in some unsavoury commentary being directed at me:

U are a Nazi end of story

— 𝔗𝔥𝔢ℑ𝔡𝔦𝔬𝔱 (@fuckelonsob) January 6, 2026

Now, I emphasised “ostensibly” because the more you dig into this breach, the more you find tones of white supremacy and other behaviours that definitely don’t align with my personal value system. That societal view doesn’t sit well with me, and I think I’m safe in saying it wouldn’t sit well with most people. Would someone being outed as a member of that service be likely to result in “serious personal or social consequences”? Yes, and you can see that in the messaging from the same account:

Context matters. U are literally shielding Nazi hate mongering scoundrels. We can't doxx white supremacists?

If ISIS had a dating site & it got breached, would you protect it out of fear of doxxing? No.

Every database leaked is sensitive in a way.

— 𝔗𝔥𝔢ℑ𝔡𝔦𝔬𝔱 (@fuckelonsob) January 6, 2026

This behaviour is precisely what I don’t want HIBP being used for: as a weapon to attack people solely on the basis of their email address being affiliated with a website that has had a data breach.

Imagine, for a moment, if ISIS did have a dating site and it was breached, should it be flagged as sensitive? Contrary to the comment about "every database leaked is sensitive", there is a clear legal definition for sensitive personal information and it includes:

personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
trade-union membership;
genetic data, biometric data processed solely to identify a human being;
health-related data;
data concerning a person’s sex life or sexual orientation.

An ISIS dating website breach would tick many of the boxes above and would therefore constitute a sensitive data breach. That's not an endorsement of what they stand for; it's simply a data-processing decision. But there may be a nuance in there which I didn't see present in the WhiteDate data - what if it contained illegal activity? (Sidenote: for the most part, HIBP is used by people in Western Europe, North America and Australasia, so when I say "illegal", I'm looking at it through that lens. Clearly, there are parts of the world where our "illegal" is their "normal", which further complicates how I run a service accessible from every corner of the world.) I had another example recently that went well beyond moral contention and deep into the realm of illegality:

New sensitive breach: "AI girlfriend" site Muah[.]ai had 1.9M email addresses breached last month. Data included AI prompts describing desired images, many sexual in nature and many describing child exploitation. 24% were already in @haveibeenpwned. More: https://t.co/NTXeQZFr2x

— Have I Been Pwned (@haveibeenpwned) October 8, 2024

Of all the different things people can disagree on when it comes to our moral compasses, paedophilia is where we unanimously draw the line. But I still flagged it as sensitive because of the reasons outlined above. Many people using the service were just lonely guys trying to create an AI girlfriend with no prompts around age. There would be email addresses in there that weren’t entered by the rightful owner. And then, there are cases like this:

That's a firstname.lastname Gmail address. Drop it into Outlook and it automatically matches the owner. It has his name, his job title, the company he works for and his professional photo, all matched to that AI prompt. pic.twitter.com/wpXQMBLf3B

— Troy Hunt (@troyhunt) October 9, 2024

I sat there with my wife, looking at the LinkedIn profile that used the same email address as the person who posted that comment. We looked at his photo and at the veneer of professionalism that surrounded him on that site, knowing what he had written in that prompt above. It was repulsive. Further, beyond being solely an affront to our morals, it was clearly illegal. So, I had many conversations with law enforcement agencies around the world and ensured they had access to the data. Involving law enforcement where data sets contain illegal activity is absolutely the right approach here, but equally, not being the vehicle for implying someone’s affiliation or beliefs and doxing them publicly without due process is also absolutely the right approach.

I understand the gut reaction that flagging a breach like WhiteDate as sensitive protects people whom most of us do not like. But a dozen years of running this service have caused me to consider individual privacy and rights literally hundreds of times, and these conclusions aren’t arrived at hastily. Imagine for a moment, the possible ramifications for HIBP if the service were used to publicly shame someone as a "Nazi" and that, in turn, had serious real-world consequences for them. Whether that implication was right or not, there are potentially serious ramifications for us that could well leave us unable to operate at all. And, as the Ashley Madison examples show, there are also potentially life-threatening outcomes for individuals.

I don't particularly care about one random, anonymous X account making poorly thought-out statements, but the same sentiment has been expressed after loading previous similar breaches, and it deserves a blog post. Equally, I've written before about why all the other data breaches are publicly searchable and again, that conclusion is not arrived at lightly.

I’ll finish with a note about privacy that relates to my earlier comment about it being a human right. It's literally a human right under Article 12 of the Universal Declaration of Human Rights:

No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

Breaches with legally defined sensitive data will continue to be flagged as sensitive, and breaches with illegal data will continue to be forwarded to law enforcement agencies.

❌