FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
There are new available articles, click to refresh the page.
Today — June 22nd 2025Your RSS feeds

Truth Social Crashes as Trump Live-Posts Iran Bombing

The social network started experiencing global outages within minutes of Donald Trump posting details of a US military strike on Iran.
Yesterday — June 21st 2025Your RSS feeds

Israel Says Iran Is Hacking Security Cameras for Spying

Plus: Ukrainian hackers reportedly knock out a key Russian internet provider, China’s Salt Typhoon hackers claim another victim, and the UK hits 23andMe with a hefty fine over its 2023 data breach.
Before yesterdayYour RSS feeds

Future-Proof Your Network With Cisco’s Simpler, Smarter, Safer SD-WAN

Cisco's latest updates to our SD-WAN solutions showcase our commitment to innovation. These advancements empower businesses and deliver secure connectivity.

Iran’s Internet Blackout Adds New Dangers for Civilians Amid Israeli Bombings

Iran is limiting internet connectivity for citizens amid Israeli airstrikes—pushing people towards domestic apps, which may not be secure, and limiting their ability to access vital information.

Navigating cybersecurity challenges in the early days of Agentic AI 

As we continue to evolve the field of AI, a new branch that has been accelerating recently is Agentic AI. Multiple definitions are circulating, but essentially, Agentic AI involves one or more AI systems working together to accomplish a task using tools in an unsupervised fashion. A basic example of this is tasking an AI Agent with finding entertainment events I could attend during summer and emailing the options to my family. 

Agentic AI requires a few building blocks, and while there are many variants and technical opinions on how to build, the basic implementation typically includes a Reasoning LLM (Large Language Model) – like the ones behind ChatGPT, Claude, or Gemini – that can invoke tools, such as an application or function to perform a task and return results. A tool can be as simple as a function that returns the weather, or as complex as a browser commanding tool that can navigate through websites. 

While this technology has a lot of potential to augment human productivity, it also comes with a set of challenges, many of which haven’t been fully considered by the technologists working on such systems. In the cybersecurity industry, one of the core principles we all live by is implementing “security by design”, instead of security being an afterthought. It is under this principle that we explore the security implications (and threats) around Agentic AI, with the goal of bringing awareness to both consumers and creators: 

  • As of today, Agentic AI has to meet a high bar to be fully adopted in our daily lives. Think about the precision required for billing or healthcare related tasks, or the level of trust customers would need to have to delegate sensitive tasks that could have financial or legal consequences. However, bad actors do not play by the same rules and do not require any “high bar” to leverage this technology to compromise victims. For example, a bad actor using Agentic AI to automate the process of researching (social engineering) and targeting victims with phishing emails is satisfied with an imperfect system that is only reliable 60% of the time, because that’s still better than attempting to manually do it, and the consequences associated with “AI errors” in this scenario are minimum for cybercriminals. In another recent example, Claude AI was exploited to orchestrate a campaign that created and managed fake personas (bots) on social media platforms, automatically interacting with carefully selected users to manipulate political narratives. Consequently, one of the threats that is likely to be fueled by malicious AI Agents is scams, regardless of these being delivered by text, email or deepfake video. As seen in recent news, crafting a convincing deepfake video, writing a phishing email or leveraging the latest trend to scam people with fake toll texts is, for bad actors, easier than ever thanks to a plethora of AI offerings and advancements. In this regard, AI Agents have the potential to continue increasing the ROI (Return on Investment) for cybercriminals, by automating aspects of the scam campaign that have been manual so far, such as tailoring messages to target individuals or creating more convincing content at scale. 
  • Agentic AI can be abused or exploited by cybercriminals, even when the AI agent is in the hands of a legitimate user. Agentic AI can be quite vulnerable if there are injection points. For example, AI Agents can communicate and take actions by interacting in a standardized fashion using what is known as MCP (Model Context Protocol). The MCP acts as some sort of repository where a bad actor could host a tool with a dual purpose. For example, a threat actor can offer a tool/integration via MCP that on the surface helps an AI browse the web, but behind the scenes, it exfiltrates data/arguments given by the AI. Or by the same token, an Agentic AI reading let’s say emails to summarize them for you could be compromised by a carefully crafted “malicious email” (known as indirect prompt injection) sent by the cybercriminal to redirect the thought process of such AI, deviating it from the original task (summarizing emails) and going rogue to accomplish a task orchestrated by the bad actor, like stealing financial information from your emails. 
  • Agentic AI also introduces vulnerabilities through inherently large chances of error. For instance, an AI agent tasked with finding a good deal for buying marketing data could end up in a rabbit hole buying illegal data from a breached database on the dark web, even though the legitimate user never intended to. While this is not triggered by a bad actor, it is still dangerous given the large number of possibilities on how an AI Agent can behave, or derail, given a poor choice of task description. 

With the proliferation of Agentic AI, we will see both opportunities to make our life better as well as new threats from bad actors exploiting the same technology for their gain, by either intercepting and poisoning legitimate users AI Agents, or using Agentic AI to perpetuate attacks. With this in mind, it’s more important than ever to remain vigilant, exercise caution and leverage comprehensive cybersecurity solutions to live safely in our digital world.

The post Navigating cybersecurity challenges in the early days of Agentic AI  appeared first on McAfee Blog.

How To Do A Virus Scan

By: McAfee

New online threats emerge every day, putting our personal information, money and devices at risk. In its 2024 Internet Crime Report, the Federal Bureau of Investigation reports that 859,532 complaints of suspected internet crime—including ransomware, viruses and malware, data breaches, denials of service, and other forms of cyberattack—resulted in losses of over $16 billion—a 33% increase from 2023.

That’s why it is essential to stay ahead of these threats. One way to combat these is by conducting virus scans using proven software tools that constantly monitor and check your devices while safeguarding your sensitive information. In this article, we’ll go through everything you need to know to run a scan effectively to keep your computers, phones and tablets in tip-top shape

What does a virus scan do?

Whether you think you might have a virus on your computer or devices or just want to keep them running smoothly, it’s easy to do a virus scan. 

Each antivirus program works a little differently, but in general the software will look for known malware with specific characteristics, as well as their variants that have a similar code base. Some antivirus software even checks for suspicious behavior. If the software comes across a dangerous program or piece of code, the antivirus software removes it. In some cases, a dangerous program can be replaced with a clean one from the manufacturer.

Unmistakeable signs of a virus in your device

Before doing a virus scan, it is useful to know the telltale signs of viral presence in your device. Is your device acting sluggish or having a hard time booting up? Have you noticed missing files or a lack of storage space? Have you noticed emails or messages sent from your account that you did not write? Perhaps you’ve noticed changes to your browser homepage or settings? Maybe you’re seeing unexpected pop-up windows, or experiencing crashes and other program errors. These are just some signs that your device may have a virus, but don’t get too worried yet because many of these issues can be resolved with a virus scan.

Are free virus scanner tools safe and sufficient?

Free virus scanner tools, both in web-based and downloadable formats, offer a convenient way to perform a one-time check for malware. They are most useful when you need a second opinion or are asking yourself, “do I have a virus?” after noticing something suspect. 

However, it’s critical to be cautious. For one, cybercriminals often create fake “free” virus checker tools that are actually malware in disguise. If you opt for free scanning tools, it is best to lean on highly reputable cybersecurity brands. On your app store or browser, navigate to a proven online scanning tool with good reviews or a website whose URL starts with “https” to confirm you are in a secure location.

Secondly, free tools are frequently quite basic and perform only the minimum required service. If you choose to go this path, look for free trial versions that offer access to the full suite of premium features, including real-time protection, a firewall, and a VPN. This will give you a glimpse of a solution’s comprehensive, multi-layered security capability before you commit to a subscription.

Cloud-based virus solutions 

If safeguarding all your computers and mobile devices individually sounds overwhelming, you can opt for comprehensive security products that protect computers, smartphones and tablets from a central, cloud-based hub, making virus prevention a breeze. Many of these modern antivirus solutions are powered by both local and cloud-based technologies to reduce the strain on your computer’s resources.

Online virus scan: A step-by-step guide

This guide will walk you through the simple steps to safely scan your computer using reliable online tools, helping you detect potential threats, and protect your personal data.

1. Choose a trusted provider

When selecting the right antivirus software, look beyond a basic virus scan and consider these key features:

  • Real-time protection. This is paramount, as it actively blocks threats before they can execute.
  • An effective solution must also have a minimal performance impact so it doesn’t slow down your device.
  • Look for a program with an intuitive interface that makes it easy to schedule scans and manage settings. 
  • The best protection goes beyond a simple virus detector. It should include features such as a firewall, a secure VPN for safe browsing, and identity protection
  • Look for reliable brands with positive reviews and clear privacy policies, and that provide a powerful virus scanner and proactive protection for both Android and iOS devices.

2. Initiate the scan

The process of checking for viruses depends on the device type and its operating system. Generally, however, the virus scanner will display a “Scan” button to start the process of checking your system’s files and apps.

Here are more specific tips to help you scan your computers, phones and tablets:

On a Windows computer

If you use Windows 11, go into “Settings” and drill down to the “Privacy & Security > Windows Security > Virus & Threat Protection” tab, which will indicate if there are actions needed. This hands-off function is Microsoft’s own basic antivirus solution called Windows Defender. Built directly into the operating system and enabled by default, this solution provides a baseline of protection at no extra cost for casual Windows users. However, Microsoft is the first to admit that it lags behind specialized paid products in detecting the very latest zero-day threats. 

On a Mac computer

Mac computers don’t have a built-in antivirus program, so you will have to download security software to do a virus scan. As mentioned, free antivirus applications are available online, but we recommend investing in trusted software that is proven to protect you from cyberthreats. 

If you decide to invest in more robust antivirus software, running a scan is usually straightforward and intuitive. For more detailed instructions, we suggest searching the software’s help menu or going online and following their step-by-step instructions.

On smartphones and tablets

Smartphones and tablets are powerful devices that you likely use for nearly every online operation in your daily life from banking, emailing, messaging, connecting, and storing personal information. This opens your mobile device to getting infected through malicious apps, especially those downloaded from unofficial stores, phishing links sent via text or email, or by connecting to compromised wi-fi networks

Regular virus scans with a mobile security software are crucial for protecting your devices. Be aware, however, that Android and IOS operating systems merit distinct solutions. 

Antivirus products for Android devices abound due to this system’s open-source foundation. However, due to Apple’s strong security model, which includes app sandboxing, traditional viruses are rare on iPhones and iPads. However, these devices are not immune to all threats. You can still fall victim to phishing scams, insecure Wi-Fi networks, and malicious configuration profiles. Signs of a compromise can include unusual calendar events, frequent browser redirects, or unexpected pop-ups. 

Apple devices, however, closed platform doesn’t easily accommodate third-party applications, especially unvetted ones. You will most likely find robust and verified antivirus scanning tools on Apple’s official app store.

Scanning files and attachments safely

Before you open any downloaded file or email attachment, it’s wise to check it for threats. To perform a targeted virus scan on a single file, simply right-click the file in Windows Explorer or macOS Finder and select the “Scan” option from the context menu to run the integrated virus checker on a suspicious item. 

For an added layer of security, especially involving files from unknown sources, you can use a web-based file-checking service that scans for malware. These websites let you upload a file, which is then analyzed by multiple antivirus engines. Many security-conscious email clients also automatically scan incoming attachments, but a manual scan provides crucial, final-line defense before execution.

3. Review scan results and take action

Once the scan is complete, the tool will display a report of any threats it found, including the name of the malware and the location of the infected file. If your antivirus software alerts you to a threat, don’t panic—it means the program is doing its job. 

The first and most critical step is to follow the software’s instructions. It might direct you to quarantine the malicious file to isolate the file in a secure vault where it can no longer cause harm. You can then review the details of the threat provided by your virus scanner and choose to delete the file permanently, which is usually the safest option. 

After the threat is handled, ensure your antivirus software and operating system are fully updated. Finally, run a new, full system virus scan to confirm that all traces of the infection have been eliminated. Regularly backing up your important data to an external drive or cloud service can also be a lifesaver in the event of a serious infection.

4. Schedule an automatic scan for continuous protection

The most effective way to maintain your device’s security is to automate your defenses. A quality antivirus suite allows you to easily schedule a regular virus scan so you’re always protected without having to do it manually. A daily quick scan is a great habit for any user; it’s fast and checks the most vulnerable parts of your system. Most antivirus products regularly scan your computer or device in the background, so a manual scan is only needed if you notice something dubious, like crashes or excessive pop-ups. You can also set regular scans on your schedule, but a weekly full scan is ideal.

Final thoughts

These days, it is essential to stay ahead of the wide variety of continuously evolving cyberthreats. Your first line of defense against these threats is to regularly conduct a virus scan. You can choose among the many free yet limited-time products or comprehensive, cloud-based solutions. 

While many free versions legitimately perform their intended function, it’s critical to be cautious as these are more often baseline solutions while some are malware in disguise. They also lack the continuous, real-time protection necessary to block threats proactively. 

A better option is to invest in verified, trustworthy, and all-in-one antivirus products like McAfee+ that, aside from its accurate virus scanning tool, also offers a firewall, a virtual private network, and identity protection. For complete peace of mind, upgrading to a paid solution like McAfee Total Protection is essential for proactively safeguarding your devices and data in real-time, 24/7.

The post How To Do A Virus Scan appeared first on McAfee Blog.

Israel-Tied Predatory Sparrow Hackers Are Waging Cyberwar on Iran’s Financial System

After an attack on Iran’s Sepah bank, the hyper-aggressive Israel-linked hacker group has now destroyed more than $90 million held at Iranian crypto exchange Nobitex.

7 Signs Your Phone Has a Virus and What You Can Do

By: McAfee

We use our smartphones for everything under the sun, from work-related communication to online shopping, banking transactions, and social media. For this reason, our phones store a lot of personal data, including contacts, account details, and bank account logins

High online usage also makes your devices vulnerable to viruses, a type of malware that replicate themselves and spread throughout the entire system. They can affect your phone’s performance or, worse, compromise your sensitive information so that hackers can benefit monetarily.

In this article, we will give you a rundown of viruses that can infect your phone and how you can identify and eliminate them. We will also provide some tips for protecting your phone from viruses in the first place.

iOS vs Android

iPhones and Android devices run on different operating systems, hence differences in how they resist viruses and how these affect each system.

While iOS hacks can still happen, Apple’s operating system is reputed to be highly resistant from viruses because of its design. By restricting interactions between apps, Apple’s operating system limits the movement of a virus across the device. However, if you jailbreak your iPhone or iPad to unlock other capabilities or install third-party apps, then the security restrictions set by Apple’s OS won’t work. This exposes your iPhone and you to vulnerabilities that cybercriminals can exploit. 

Android phones, while also designed with cybersecurity in mind, rely on open-source code, making them an easier target for hackers. Additionally, giving users the capability to install third-party apps from alternative app stores such as the Amazon or Samsung Galaxy app stores makes Android devices open to viruses. 

Types of phone viruses

Cybercriminals today are sophisticated and can launch a variety of cyberattacks on your smartphone. Some viruses that can infect your phone include: 

  • Malware: Malware encompasses programs that steal your information or take control of your device without your permission.
  • Adware: These are ads that can access information on your device if you click on them.
  • Ransomware: These prevent you from accessing your phone again unless you pay a ransom to the hacker. The hacker may also use your personal data such as pictures as blackmail.
  • Spyware: This tracks your browsing activity, then steals your data or affects your phone’s performance.
  • Trojan: Aptly named, this type of virus hides inside an app to take control of or affect your phone and data.

Common ways phones get infected

Ultimately, contracting a virus on your phone or computer comes down to your browsing and downloading habits. These are the most common ways it could happen:

  • Clicking on links or attachments from unverified sources, and mostly distributed through emails and text messages
  • Clicking on seemingly innocent ads that take you to an unsecured webpage or download mobile malware to your device
  • Visiting questionable websites, often ignoring security warnings
  • Downloading malicious apps from unverified sources, usually outside the Apple App Store or Google Play Store
  • Connecting to an unsecured internet connection like public wi-fi

7 signs your phone has a virus

Now that you know how your phone could be infected by a virus, look out for these seven signs that occur when malicious software is present:

1. You see random pop-up ads or new apps

Most pop-up ads don’t carry viruses but are only used as marketing tools. However, if you find yourself closing pop-up ads more often than usual, it might indicate a virus on your phone. These ads might be coming from apps in your library that you didn’t install. In this case, uninstall them immediately as they tend to carry malware that’s activated when the app is opened or used.

2. Your device feels physically hot

When you accidentally download apps that contain malware, your device has to work harder to continue functioning. Since your phone isn’t built to support malware, there is a good chance it will overheat.

3. Random messages are sent to your contacts

If your contacts receive unsolicited scam emails or messages on social media from your account, especially those containing suspicious links, a virus may have accessed your contact list. It’s best to let all the recipients know that your phone has been hacked so that they don’t download any malware themselves or forward those links to anybody else.

4. The device responds slowly

An unusually slow-performing device is a hint of suspicious activity on your phone. The device may be slowing down because it is working harder to support the downloaded virus. Alternatively, unfamiliar apps might be taking up storage space and running background tasks, causing your phone to run slower.

5. You find fraudulent charges on your accounts

Are you finding credit card transactions in your banking statements that you don’t recognize? It could be an unfamiliar app or malware making purchases through your account without your knowledge.

6. The phone uses excess data

A sudden rise in your data usage or phone bill can be suspicious. A virus might be running background processes or using your internet connection to transfer data out of your device for malicious purposes.

7. Your battery drains quickly

An unusually quick battery drain may also cause concern. Your phone will be trying to meet the energy requirements of the virus, so this problem is likely to persist for as long as the virus is on the device.

How to Detect and Remove a Virus on Your Phone

You may have an inkling that a virus resides in your phone, but the only way to be sure is to check. An easy way to do this is by downloading a trustworthy antivirus app that will prevent suspicious apps from attaching themselves to your phone and secures any public connections you might be using.

Another way to check your phone is to follow these step-by-step processes, depending on the type of phone you use:

Check your iPhone for malware

  1. Check battery usage: Go to Settings > Battery. Scroll down to see the battery usage by app. If you see an app you don’t recognize or an app with unusually high usage, it could be a sign of malicious activity.
  2. Review app list and storage: Carefully examine all the apps installed on your phone. If you find an app that you don’t remember downloading, it could be malware. Uninstall it immediately. Also, check Settings > General > iPhone Storage for any strange or unexpected data usage by apps.
  3. Monitor data consumption: Navigate to Settings > Cellular. Review the data usage for each app. A virus on your phone can consume large amounts of data by running in the background and communicating with a hacker’s server.
  4. Look for jailbreak evidence: If you didn’t jailbreak your phone but see apps like Cydia or Sileo, it’s a major red flag. Someone with physical access to your phone may have jailbroken it to install spyware or other malware.
  5. Run an iOS security app: For peace of mind and a thorough check, use a reputable security application to help you scan for system threats, secure your wi-fi connection, and help identify risks that are not immediately obvious.

Run a malware scan on an Android device

  1. Utilize Google Play Protect: This Android’s built-in malware protection is your first line of defense to know if your phone has a virus. Open the Google Play Store app, tap on your profile icon, and select Play Protect. Tap “Scan” to check your apps for harmful behavior.
  2. Boot into safe mode: If your phone is lagging or crashing, restarting in Safe Mode can help. Press and hold the power button, then tap and hold the “Power off” option until the “Reboot to safe mode” prompt appears. In Safe Mode, all third-party apps are disabled. If the issues disappear, a recently installed app is likely the culprit. You can then uninstall suspicious apps one by one.
  3. Review app permissions: Go to Settings > Apps and check the permissions for each app. Is a simple game asking for access to your contacts and microphone? That’s a red flag. Revoke any permissions that seem unnecessary for an app’s function. This helps prevent spyware from collecting your data.
  4. Install a trusted antivirus app: For the most comprehensive protection, install a top-rated security app like McAfee Mobile Security. Running a full scan will detect and help you quarantine or remove malicious files and apps that built-in tools might miss, providing a clear path on how to clean your phone from a virus.

How to remove a virus from your device

Once you have determined that a virus is present on your iPhone or Android device, there are several things you can do. 

  • Download antivirus software or a mobile security app to help you locate existing viruses and malware. By identifying the exact problem, you know what to get rid of and how to protect your device in the future. 
  • Do a thorough sweep of your app library to make sure that whatever apps are on your phone were downloaded by you. Delete any apps that aren’t familiar.
  • To protect your information, delete any sensitive text messages and clear history regularly from your mobile browsers. Empty the cache in your browsers and apps.
  • In some instances, you may need to reboot your smartphone to its original factory settings. This can lead to data loss, so be sure to back up important documents to the cloud.
  • Create strong passwords for all your accounts after cleaning up your phone, and protect them using a password manager. This tool uses the most robust encryption algorithms so only you have access to your information.

7 tips to protect your phone from viruses

Caring for your phone is a vital practice to protect your information. Follow these tips to stay safe online and help reduce the risk of your phone getting a virus. 

  • Only download apps only from a trusted source, i.e., the app store or other verified stores. Before installing, read the app reviews and understand how the app intends to use your data.
  • Set up strong, unique passwords for your accounts instead of reusing the same or similar passwords. This prevents a domino effect in case one of the accounts is compromised.
  • Think twice before you click on a link. If a link looks suspicious, trust your gut! Avoid clicking on it until you have more information about its trustworthiness. These links can be found across messaging services and are often part of phishing scams. 
  • Clear your cache periodically. Scan your browsing history to get rid of any links that seem suspicious. 
  • Avoid saving login information on your browsers and log out when you’re not using a particular browser. Although this is a convenience trade-off, it’s harder for malware to access accounts you’re not logged into during the attack.
  • Update your operating system and apps frequently. Regular updates build upon previous security features. Sometimes, these updates contain security patches created in response to specific threats in prior versions. 
  • Don’t give an app all the permissions it asks for. Instead, you can choose to give it access to certain data only when required. Minimizing an application’s access to your information keeps you safer.
  • Avoid using unsecure internet connections such as public wi-fi. If it is unavoidable, it is ideal to have a secure virtual private network that encrypts your data to make unsecured networks safe to use.

Final Thoughts

You have come to heavily rely on your smartphones for many online activities and storage of much of your personal data, including contacts, account details, and bank account logins. This puts your devices at high risk of being infected by viruses that impact not just your phone’s performance but also of being compromised by cybercriminals.

To help you protect your device and personal information, the award-winning McAfee Mobile Security solution regularly scans for threats transmitted through suspicious links in text messages, emails or downloads, and blocks them in real time. McAfee Mobile Security is a reputable security application that filters risky emails and phishing attempts so your inbox stays secure, while providing a secure virtual private network. It is also capable of spotting deepfake videos so you can stay ahead of misinformation. With McAfee, you can rest easy knowing your mobile phone is protected from the latest cyberthreats.

The post 7 Signs Your Phone Has a Virus and What You Can Do appeared first on McAfee Blog.

Minnesota Shooting Suspect Allegedly Used Data Broker Sites to Find Targets’ Addresses

The shooter allegedly researched several “people search” sites in an attempt to target his victims, highlighting the potential dangers of widely available personal data.

How the Sandwich Generation Can Fight Back Against Scams

The modern family juggling act has never been more complex—or more dangerous. If you’re caring for aging parents while raising children, you’re part of what researchers call the “Sandwich Generation.” According to Pew Research, nearly half (47%) of adults in their 40s and 50s find themselves wedged between these dual responsibilities. But in today’s digital landscape, this demographic faces a uniquely modern threat: becoming the primary target of an unprecedented scam epidemic. 

As a cybersecurity professional who has witnessed the evolution of online threats over two decades, I can tell you that today’s scam landscape is unlike anything we’ve seen before. The stakes are higher, the tactics more sophisticated, and the Sandwich Generation is squarely in the crosshairs. 

The Stark Reality: Britain Under Digital Siege

McAfee’s recent State of the Scamiverse report paints a troubling picture of digital life in the UK. The statistics are staggering: 60% of Brits report either falling victim to an online scam or knowing someone who has. When these attacks succeed, the financial impact is severe—victims lose an average of £936, with some reporting devastating losses exceeding £7,980. 

Perhaps most alarming is the speed at which these crimes unfold. A shocking 68% of victims said it took less than an hour to be defrauded, with 48% reporting that fraud occurred within just 30 minutes of engaging with a scammer. This isn’t the slow-burn con artistry of yesteryear—this is lightning-fast digital predation. 

Beyond Money: The Hidden Emotional Toll

The financial losses, while significant, represent only part of the damage. The psychological impact cuts deeper than many realize. Our research shows that 32% of Brits who fell for online scams experienced moderate to significant distress, including anxiety, depression, and damaged self-esteem. For the Sandwich Generation, already stretched thin emotionally and financially, this psychological burden can be overwhelming. 

Consider the compounding effects: 80% of scam victims reported that the experience impacted their self-esteem and ability to trust others. When you’re responsible for protecting not just yourself but also tech-savvy teenagers and digitally-vulnerable parents, this erosion of confidence can have far-reaching consequences for your entire family’s digital safety. 

Why Cybercriminals Target the Sandwich Generation 

From a cybercriminal’s perspective, the Sandwich Generation represents the perfect storm of vulnerability. Here’s why you’re in their crosshairs: 

Overwhelm and Distraction: Scam tactics are most effective when targets are tired, rushed, or mentally overloaded. The constant juggling act of work, children’s needs, and aging parents’ care creates exactly these conditions. 

Multiple Attack Vectors: You’re not just protecting yourself—you’re managing the digital lives of three generations. Children who overshare on social media and parents who may trust too readily both create entry points for scammers. 

The “Family Tech Lead” Burden: In most households, one person becomes the de facto IT support for everyone. If that’s you, you’re essentially protecting three generations of users with the cybersecurity knowledge and tools designed for one. 

Time Poverty: When you’re constantly switching between helping with homework, managing medical appointments, and handling your own responsibilities, the careful scrutiny required to spot sophisticated scams becomes nearly impossible. 

What British Scam Victims Are Experiencing:

  • 85% of victims lost money
  • 29% lost over £400
  • 22% of victims were scammed again within a year
  • The average Brit encounters 2 scam messages and 2 deepfakes daily on social platforms alone 

The repeat victimization rate is particularly concerning. Once scammers identify a successful target, they often share that information within criminal networks, leading to sustained harassment and repeated attempts. 

Generation-Specific Threats: A Two-Front War

Protecting Your Children (The Digital Natives) 

Despite their technological fluency, young people face unique vulnerabilities: 

Social Media Saturation: 28% of 18-24-year-olds receive scam messages via social media platforms. The integration of these platforms into daily life makes detection more challenging. 

Gaming Community Exploitation: Scammers infiltrate gaming communities with fake giveaways, cryptocurrency cons, and phishing attempts disguised as game-related communications. 

Celebrity Deepfake Scams: AI-generated celebrity endorsements for cryptocurrency schemes or investment opportunities are becoming increasingly sophisticated and harder to detect. 

Overconfidence Bias: Young people often believe their digital nativity makes them immune to scams, leading to less cautious behavior online. 

Protecting Your Parents (The Trusting Generation) 

Older adults face different but equally serious threats: 

Email-Based Attacks: 67% of over-55s encounter scams primarily through email, a medium they often trust more than social media. 

Authority Impersonation: Tech support scams, fake government communications, and bank impersonation attempts exploit older adults’ respect for authority and institutions. 

Voice Cloning Threats: 21% of Brits have encountered AI voice scams impersonating loved ones—a particularly dangerous development for older users who may be more trusting of familiar voices. 

Isolation Exploitation: Scammers often target older adults during periods of loneliness or health concerns, when they’re more likely to engage with unexpected communications. 

Platform-Specific Protection Strategies

Mobile Device Security 

Mobile scams have reached epidemic proportions in the UK, with 35% of Brits falling victim to SMS or call-based scams in the past year. The most common mobile threats include: 

Package Delivery Scams (33%): “Your parcel couldn’t be delivered” texts that lead to fake websites designed to steal personal information or payment details. 

Subscription Renewal Cons (23%): Messages claiming services like Netflix require payment information updates, leading to credential theft or unauthorized charges. 

Social Engineering Openers (16%): Simple “Hey, how are you?” messages that gradually build trust before introducing investment or romance scams. 

Essential Mobile Protections:

  • Enable carrier-provided spam filtering services 
  • Set up real-time banking alerts for all family accounts 
  • Educate family members about the “pause and verify” rule for unexpected messages 

Computer and Email Security 

Email remains the primary attack vector, with 32% of Brits falling victim to phishing attempts last year. The sophistication of these attacks has increased dramatically—while 78% of people believe they can spot scams, today’s emails often perfectly mimic legitimate communications. 

UK-Specific Email Threats:

  • Fake HMRC tax refund emails (21% of email scams) 
  • Fraudulent subscription notices from legitimate services (18%) 
  • Tech support emails containing malware downloads (17%) 

Essential Email Protections:

  • Enable advanced anti-phishing protection in your email client 
  • Use secure DNS services or browser extensions like McAfee WebAdvisor 
  • Implement email filtering rules for common scam keywords 

The Deepfake Threat: When Seeing Isn’t Believing

Artificial intelligence has revolutionized scamming, with 21% of Brits encountering AI-generated scams. The challenge is significant: 53% of people admit that deepfakes are difficult to spot, and the technology improves daily. 

Where Deepfakes Appear:

  • Facebook (57% of deepfake encounters) 
  • Instagram and TikTok (significant secondary sources) 
  • WhatsApp and other messaging platforms (voice cloning) 

Common Deepfake Scams:

  • Celebrity cryptocurrency endorsements 
  • Voice cloning for “emergency” family situations 
  • Fake investment guru testimonials 

Detection Strategies:

  • Question claims that seem too good to be true  
  • Watch for video quality issues or sync problems  
  • Verify suspicious links against official domains  
  • Use reverse image search tools like Google Lens  
  • Enable VPNs to reduce targeted advertising based on browsing history 

Building Your Family’s Cyber Defense Plan

Just as you have a fire escape plan, your family needs a comprehensive fraud response strategy. This should include: 

Immediate Response Protocols:

  • Contact information for all banks and financial institutions 
  • Your mobile provider’s fraud reporting number 
  • Steps for freezing cards and reporting identity theft 

Regular Maintenance Schedule:

  • Quarterly “Digital Clean-Up Days” to remove unused apps, update passwords, and install security patches 
  • Monthly family discussions about new scam trends 
  • Annual review of privacy settings across all platforms and devices 

Educational Components:

  • Age-appropriate scam awareness training for children 
  • Simplified threat recognition guides for older family members 
  • Practice scenarios for suspicious communications 

Essential Security Tools for UK Families

Identity Protection:

  • Dark web monitoring services that alert you when personal information appears in criminal databases 
  • Comprehensive security suites like McAfee+ that include real-time scam blocking 
  • Credit monitoring through Experian, Equifax, or TransUnion 

The Human Element: Communication and Education

Technology alone cannot solve this crisis. The most effective defense combines good security tools with open family communication and ongoing education. Regular conversations about online safety should be as normal as discussions about physical safety. 

For Children: Focus on critical thinking skills rather than fear-based messaging. Teach them to question unexpected opportunities and verify information through multiple sources. 

For Parents: Emphasize that asking for help with suspicious communications is a sign of wisdom, not weakness. Create an environment where they feel comfortable seeking guidance. 

For Everyone: Establish family rules about financial communications—for example, agreeing that no family member will ever ask for money or personal information via text or email without prior verbal confirmation. 

Looking Forward: Staying Ahead of Evolving Threats

The scam landscape evolves constantly, driven by technological advancement and criminal innovation. As someone who has tracked these trends for two decades, I can tell you that the only constant is change. What worked last year may be ineffective today, and tomorrow will bring new challenges. 

The key is building adaptable defenses: security awareness that can evolve with threats, technology solutions that update automatically, and family communication patterns that encourage ongoing vigilance without creating paranoia. 

Your Family’s Digital Resilience

The Sandwich Generation faces unique challenges in today’s digital world, but you’re not powerless. By understanding the threat landscape, implementing appropriate security measures, and fostering open communication about online safety, you can protect your family’s financial security and emotional well-being. 

Remember that in the UK today, encountering scam attempts isn’t rare—it’s daily. The goal isn’t to avoid all contact with potential threats but to recognize them quickly and respond appropriately. With the right preparation and tools, you can maintain your family’s digital confidence while staying one step ahead of the scammers. 

Your role as the family’s digital guardian is challenging, but it’s also crucial. You’re not just protecting money—you’re protecting your family’s trust, confidence, and peace of mind in an increasingly connected world. 

Stay vigilant, stay informed, and remember: when in doubt, pause, check, and verify. Your family’s digital safety depends on it.

The post How the Sandwich Generation Can Fight Back Against Scams appeared first on McAfee Blog.

XDR still means so much more than some may realize

Cisco has been named a Leader and Fast Mover in GigaOm's Radar for Extended Detection and Response (XDR). Learn what sets Cisco XDR apart in our blog.

Why We Made a Guide to Winning a Fight

Right now, everyone seems ready to throw down. More than ever, it’s important to fight smart—and not give up until you land a decisive blow.

6 Tools for Tracking the Trump Administration’s Attacks on Civil Liberties

The White House has undertaken initiatives to crack down on immigration, suppress speech, and curtail US public health efforts. These online tools are tracking the rapidly changing US landscape.

RFK Jr. Orders HHS to Give Undocumented Migrants’ Medicaid Data to DHS

Plus: Spyware is found on two Italian journalists’ phones, Ukraine claims to have hacked a Russian aircraft maker, police take down major infostealer infrastructure, and more.

'No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings

Army intelligence analysts are monitoring civilian-made ICE tracking tools, treating them as potential threats, as immigration protests spread nationwide.

CBP's Predator Drone Flights Over LA Are a Dangerous Escalation

Customs and Border Protection flying powerful Predator B drones over Los Angeles further breaks the seal on federal involvement in civilian matters typically handled by state or local authorities.

Here’s What Marines and the National Guard Can (and Can’t) Do at LA Protests

Pentagon rules sharply limit US Marines and National Guard activity in Los Angeles, prohibiting arrests, surveillance, and other customary police work.

Inside a Dark Adtech Empire Fed by Fake CAPTCHAs

Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by leveraging the same malicious advertising technology that powers a sprawling ecosystem of online hucksters and website hackers. A new report on the fallout from that investigation finds this dark ad tech industry is far more resilient and incestuous than previously known.

Image: Infoblox.

In November 2024, researchers at the security firm Qurium published an investigation into “Doppelganger,” a disinformation network that promotes pro-Russian narratives and infiltrates Europe’s media landscape by pushing fake news through a network of cloned websites.

Doppelganger campaigns use specialized links that bounce the visitor’s browser through a long series of domains before the fake news content is served. Qurium found Doppelganger relies on a sophisticated “domain cloaking” service, a technology that allows websites to present different content to search engines compared to what regular visitors see. The use of cloaking services helps the disinformation sites remain online longer than they otherwise would, while ensuring that only the targeted audience gets to view the intended content.

Qurium discovered that Doppelganger’s cloaking service also promoted online dating sites, and shared much of the same infrastructure with VexTrio, which is thought to be the oldest malicious traffic distribution system (TDS) in existence. While TDSs are commonly used by legitimate advertising networks to manage traffic from disparate sources and to track who or what is behind each click, VexTrio’s TDS largely manages web traffic from victims of phishing, malware, and social engineering scams.

BREAKING BAD

Digging deeper, Qurium noticed Doppelganger’s cloaking service used an Internet provider in Switzerland as the first entry point in a chain of domain redirections. They also noticed the same infrastructure hosted a pair of co-branded affiliate marketing services that were driving traffic to sketchy adult dating sites: LosPollos[.]com and TacoLoco[.]co.

The LosPollos ad network incorporates many elements and references from the hit series “Breaking Bad,” mirroring the fictional “Los Pollos Hermanos” restaurant chain that served as a money laundering operation for a violent methamphetamine cartel.

The LosPollos advertising network invokes characters and themes from the hit show Breaking Bad. The logo for LosPollos (upper left) is the image of Gustavo Fring, the fictional chicken restaurant chain owner in the show.

Affiliates who sign up with LosPollos are given JavaScript-heavy “smartlinks” that drive traffic into the VexTrio TDS, which in turn distributes the traffic among a variety of advertising partners, including dating services, sweepstakes offers, bait-and-switch mobile apps, financial scams and malware download sites.

LosPollos affiliates typically stitch these smart links into WordPress websites that have been hacked via known vulnerabilities, and those affiliates will earn a small commission each time an Internet user referred by any of their hacked sites falls for one of these lures.

The Los Pollos advertising network promoting itself on LinkedIn.

According to Qurium, TacoLoco is a traffic monetization network that uses deceptive tactics to trick Internet users into enabling “push notifications,” a cross-platform browser standard that allows websites to show pop-up messages which appear outside of the browser. For example, on Microsoft Windows systems these notifications typically show up in the bottom right corner of the screen — just above the system clock.

In the case of VexTrio and TacoLoco, the notification approval requests themselves are deceptive — disguised as “CAPTCHA” challenges designed to distinguish automated bot traffic from real visitors. For years, VexTrio and its partners have successfully tricked countless users into enabling these site notifications, which are then used to continuously pepper the victim’s device with a variety of phony virus alerts and misleading pop-up messages.

Examples of VexTrio landing pages that lead users to accept push notifications on their device.

According to a December 2024 annual report from GoDaddy, nearly 40 percent of compromised websites in 2024 redirected visitors to VexTrio via LosPollos smartlinks.

ADSPRO AND TEKNOLOGY

On November 14, 2024, Qurium published research to support its findings that LosPollos and TacoLoco were services operated by Adspro Group, a company registered in the Czech Republic and Russia, and that Adspro runs its infrastructure at the Swiss hosting providers C41 and Teknology SA.

Qurium noted the LosPollos and TacoLoco sites state that their content is copyrighted by ByteCore AG and SkyForge Digital AG, both Swiss firms that are run by the owner of Teknology SA, Giulio Vitorrio Leonardo Cerutti. Further investigation revealed LosPollos and TacoLoco were apps developed by a company called Holacode, which lists Cerutti as its CEO.

The apps marketed by Holacode include numerous VPN services, as well as one called Spamshield that claims to stop unwanted push notifications. But in January, Infoblox said they tested the app on their own mobile devices, and found it hides the user’s notifications, and then after 24 hours stops hiding them and demands payment. Spamshield subsequently changed its developer name from Holacode to ApLabz, although Infoblox noted that the Terms of Service for several of the rebranded ApLabz apps still referenced Holacode in their terms of service.

Incredibly, Cerutti threatened to sue me for defamation before I’d even uttered his name or sent him a request for comment (Cerutti sent the unsolicited legal threat back in January after his company and my name were merely tagged in an Infoblox post on LinkedIn about VexTrio).

Asked to comment on the findings by Qurium and Infoblox, Cerutti vehemently denied being associated with VexTrio. Cerutti asserted that his companies all strictly adhere to the regulations of the countries in which they operate, and that they have been completely transparent about all of their operations.

“We are a group operating in the advertising and marketing space, with an affiliate network program,” Cerutti responded. “I am not [going] to say we are perfect, but I strongly declare we have no connection with VexTrio at all.”

“Unfortunately, as a big player in this space we also get to deal with plenty of publisher fraud, sketchy traffic, fake clicks, bots, hacked, listed and resold publisher accounts, etc, etc.,” Cerutti continued. “We bleed lots of money to such malpractices and conduct regular internal screenings and audits in a constant battle to remove bad traffic sources. It is also a highly competitive space, where some upstarts will often play dirty against more established mainstream players like us.”

Working with Qurium, researchers at the security firm Infoblox released details about VexTrio’s infrastructure to their industry partners. Just four days after Qurium published its findings, LosPollos announced it was suspending its push monetization service. Less than a month later, Adspro had rebranded to Aimed Global.

A mind map illustrating some of the key findings and connections in the Infoblox and Qurium investigations. Click to enlarge.

A REVEALING PIVOT

In March 2025, researchers at GoDaddy chronicled how DollyWay — a malware strain that has consistently redirected victims to VexTrio throughout its eight years of activity — suddenly stopped doing that on November 20, 2024. Virtually overnight, DollyWay and several other malware families that had previously used VexTrio began pushing their traffic through another TDS called Help TDS.

Digging further into historical DNS records and the unique code scripts used by the Help TDS, Infoblox determined it has long enjoyed an exclusive relationship with VexTrio (at least until LosPollos ended its push monetization service in November).

In a report released today, Infoblox said an exhaustive analysis of the JavaScript code, website lures, smartlinks and DNS patterns used by VexTrio and Help TDS linked them with at least four other TDS operators (not counting TacoLoco). Those four entities — Partners House, BroPush, RichAds and RexPush — are all Russia-based push monetization programs that pay affiliates to drive signups for a variety of schemes, but mostly online dating services.

“As Los Pollos push monetization ended, we’ve seen an increase in fake CAPTCHAs that drive user acceptance of push notifications, particularly from Partners House,” the Infoblox report reads. “The relationship of these commercial entities remains a mystery; while they are certainly long-time partners redirecting traffic to one another, and they all have a Russian nexus, there is no overt common ownership.”

Renee Burton, vice president of threat intelligence at Infoblox, said the security industry generally treats the deceptive methods used by VexTrio and other malicious TDSs as a kind of legally grey area that is mostly associated with less dangerous security threats, such as adware and scareware.

But Burton argues that this view is myopic, and helps perpetuate a dark adtech industry that also pushes plenty of straight-up malware, noting that hundreds of thousands of compromised websites around the world every year redirect victims to the tangled web of VexTrio and VexTrio-affiliate TDSs.

“These TDSs are a nefarious threat, because they’re the ones you can connect to the delivery of things like information stealers and scams that cost consumers billions of dollars a year,” Burton said. “From a larger strategic perspective, my takeaway is that Russian organized crime has control of malicious adtech, and these are just some of the many groups involved.”

WHAT CAN YOU DO?

As KrebsOnSecurity warned way back in 2020, it’s a good idea to be very sparing in approving notifications when browsing the Web. In many cases these notifications are benign, but as we’ve seen there are numerous dodgy firms that are paying site owners to install their notification scripts, and then reselling that communications pathway to scammers and online hucksters.

If you’d like to prevent sites from ever presenting notification requests, all of the major browser makers let you do this — either across the board or on a per-website basis. While it is true that blocking notifications entirely can break the functionality of some websites, doing this for any devices you manage on behalf of your less tech-savvy friends or family members might end up saving everyone a lot of headache down the road.

To modify site notification settings in Mozilla Firefox, navigate to Settings, Privacy & Security, Permissions, and click the “Settings” tab next to “Notifications.” That page will display any notifications already permitted and allow you to edit or delete any entries. Tick the box next to “Block new requests asking to allow notifications” to stop them altogether.

In Google Chrome, click the icon with the three dots to the right of the address bar, scroll all the way down to Settings, Privacy and Security, Site Settings, and Notifications. Select the “Don’t allow sites to send notifications” button if you want to banish notification requests forever.

In Apple’s Safari browser, go to Settings, Websites, and click on Notifications in the sidebar. Uncheck the option to “allow websites to ask for permission to send notifications” if you wish to turn off notification requests entirely.

How to Protest Safely in the Age of Surveillance

Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.

Social Media Is Now a DIY Alert System for ICE Raids

The undocumented migrant community in the United States is using social networks and other digital platforms to send alerts about raids and the presence of immigration agents around the US.

How Waymo Handles Footage From Events Like the LA Immigration Protests

Waymo driverless taxis capture troves of video footage in order to operate, but the company reveals very little about how much data is stored—and for how long.

Patch Tuesday, June 2025 Edition

Microsoft today released security updates to fix at least 67 vulnerabilities in its Windows operating systems and software. Redmond warns that one of the flaws is already under active attack, and that software blueprints showing how to exploit a pervasive Windows bug patched this month are now public.

The sole zero-day flaw this month is CVE-2025-33053, a remote code execution flaw in the Windows implementation of WebDAV — an HTTP extension that lets users remotely manage files and directories on a server. While WebDAV isn’t enabled by default in Windows, its presence in legacy or specialized systems still makes it a relevant target, said Seth Hoyt, senior security engineer at Automox.

Adam Barnett, lead software engineer at Rapid7, said Microsoft’s advisory for CVE-2025-33053 does not mention that the Windows implementation of WebDAV is listed as deprecated since November 2023, which in practical terms means that the WebClient service no longer starts by default.

“The advisory also has attack complexity as low, which means that exploitation does not require preparation of the target environment in any way that is beyond the attacker’s control,” Barnett said. “Exploitation relies on the user clicking a malicious link. It’s not clear how an asset would be immediately vulnerable if the service isn’t running, but all versions of Windows receive a patch, including those released since the deprecation of WebClient, like Server 2025 and Windows 11 24H2.”

Microsoft warns that an “elevation of privilege” vulnerability in the Windows Server Message Block (SMB) client (CVE-2025-33073) is likely to be exploited, given that proof-of-concept code for this bug is now public. CVE-2025-33073 has a CVSS risk score of 8.8 (out of 10), and exploitation of the flaw leads to the attacker gaining “SYSTEM” level control over a vulnerable PC.

“What makes this especially dangerous is that no further user interaction is required after the initial connection—something attackers can often trigger without the user realizing it,” said Alex Vovk, co-founder and CEO of Action1. “Given the high privilege level and ease of exploitation, this flaw poses a significant risk to Windows environments. The scope of affected systems is extensive, as SMB is a core Windows protocol used for file and printer sharing and inter-process communication.”

Beyond these highlights, 10 of the vulnerabilities fixed this month were rated “critical” by Microsoft, including eight remote code execution flaws.

Notably absent from this month’s patch batch is a fix for a newly discovered weakness in Windows Server 2025 that allows attackers to act with the privileges of any user in Active Directory. The bug, dubbed “BadSuccessor,” was publicly disclosed by researchers at Akamai on May 21, and several public proof-of-concepts are now available. Tenable’s Satnam Narang said organizations that have at least one Windows Server 2025 domain controller should review permissions for principals and limit those permissions as much as possible.

Adobe has released updates for Acrobat Reader and six other products addressing at least 259 vulnerabilities, most of them in an update for Experience Manager. Mozilla Firefox and Google Chrome both recently released security updates that require a restart of the browser to take effect. The latest Chrome update fixes two zero-day exploits in the browser (CVE-2025-5419 and CVE-2025-4664).

For a detailed breakdown on the individual security updates released by Microsoft today, check out the Patch Tuesday roundup from the SANS Internet Storm Center. Action 1 has a breakdown of patches from Microsoft and a raft of other software vendors releasing fixes this month. As always, please back up your system and/or data before patching, and feel free to drop a note in the comments if you run into any problems applying these updates.

Apple Intelligence Is Gambling on Privacy as a Killer Feature

Many new Apple Intelligence features happen on your device rather than in the cloud. While it may not be flashy, the privacy-centric approach could be a competitive advantage.

The ‘Long-Term Danger’ of Trump Sending Troops to the LA Protests

President Trump’s deployment of more than 700 Marines to Los Angeles—following ICE raids and mass protests—has ignited a fierce national debate over state sovereignty and civil-military boundaries.

Airlines Don’t Want You to Know They Sold Your Flight Data to DHS

A contract obtained by 404 Media shows that an airline-owned data broker forbids the feds from revealing it sold them detailed passenger data.

Making Agentic AI Work in the Real World

Cisco is extending the principles of zero trust to Agentic AI. Cisco's Universal Zero Trust Network architecture gives you the tools you need.

The Dangerous Truth About the ‘Nonlethal’ Weapons Used Against LA Protesters

While they can cause serious injuries, “nonlethal” weapons are regularly used in the United States to disperse public demonstrations, including at the recent ICE protests in Los Angeles.

A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account

Phone numbers are a gold mine for SIM swappers. A researcher found how to get this precious piece of information through a clever brute-force attack.

Foundation-sec-8b-reasoning: World’s First Security Reasoning Model

Foundation AI's second release—Foundation-sec-8b-reasoning is designed to designed to bring enhanced analytical capabilities to complex security workflows.

The Mystery of iPhone Crashes That Apple Denies Are Linked to Chinese Hacking

Plus: A 22-year-old former intern gets put in charge of a key anti-terrorism program, threat intelligence firms finally wrangle their confusing names for hacker groups, and more.

Cybercriminals Are Hiding Malicious Web Traffic in Plain Sight

In an effort to evade detection, cybercriminals are increasingly turning to “residential proxy” services that cover their tracks by making it look like everyday online activity.

Proxy Services Feast on Ukraine’s IP Address Exodus

Image: Mark Rademaker, via Shutterstock.

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested at some of America’s largest Internet service providers (ISPs).

The findings come in a report examining how the Russian invasion has affected Ukraine’s domestic supply of Internet Protocol Version 4 (IPv4) addresses. Researchers at Kentik, a company that measures the performance of Internet networks, found that while a majority of ISPs in Ukraine haven’t changed their infrastructure much since the war began in 2022, others have resorted to selling swathes of their valuable IPv4 address space just to keep the lights on.

For example, Ukraine’s incumbent ISP Ukrtelecom is now routing just 29 percent of the IPv4 address ranges that the company controlled at the start of the war, Kentik found. Although much of that former IP space remains dormant, Ukrtelecom told Kentik’s Doug Madory they were forced to sell many of their address blocks “to secure financial stability and continue delivering essential services.”

“Leasing out a portion of our IPv4 resources allowed us to mitigate some of the extraordinary challenges we have been facing since the full-scale invasion began,” Ukrtelecom told Madory.

Madory found much of the IPv4 space previously allocated to Ukrtelecom is now scattered to more than 100 providers globally, particularly at three large American ISPs — Amazon (AS16509), AT&T (AS7018), and Cogent (AS174).

Another Ukrainian Internet provider — LVS (AS43310) — in 2022 was routing approximately 6,000 IPv4 addresses across the nation. Kentik learned that by November 2022, much of that address space had been parceled out to over a dozen different locations, with the bulk of it being announced at AT&T.

IP addresses routed over time by Ukrainian provider LVS (AS43310) shows a large chunk of it being routed by AT&T (AS7018). Image: Kentik.

Ditto for the Ukrainian ISP TVCOM, which currently routes nearly 15,000 fewer IPv4 addresses than it did at the start of the war. Madory said most of those addresses have been scattered to 37 other networks outside of Eastern Europe, including Amazon, AT&T, and Microsoft.

The Ukrainian ISP Trinity (AS43554) went offline in early March 2022 during the bloody siege of Mariupol, but its address space eventually began showing up in more than 50 different networks worldwide. Madory found more than 1,000 of Trinity’s IPv4 addresses suddenly appeared on AT&T’s network.

Why are all these former Ukrainian IP addresses being routed by U.S.-based networks like AT&T? According to spur.us, a company that tracks VPN and proxy services, nearly all of the address ranges identified by Kentik now map to commercial proxy services that allow customers to anonymously route their Internet traffic through someone else’s computer.

From a website’s perspective, the traffic from a proxy network user appears to originate from the rented IP address, not from the proxy service customer. These services can be used for several business purposes, such as price comparisons, sales intelligence, web crawlers and content-scraping bots. However, proxy services also are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source.

IPv4 address ranges are always in high demand, which means they are also quite valuable. There are now multiple companies that will pay ISPs to lease out their unwanted or unused IPv4 address space. Madory said these IPv4 brokers will pay between $100-$500 per month to lease a block of 256 IPv4 addresses, and very often the entities most willing to pay those rental rates are proxy and VPN providers.

A cursory review of all Internet address blocks currently routed through AT&T — as seen in public records maintained by the Internet backbone provider Hurricane Electric — shows a preponderance of country flags other than the United States, including networks originating in Hungary, Lithuania, Moldova, Mauritius, Palestine, Seychelles, Slovenia, and Ukraine.

AT&T’s IPv4 address space seems to be routing a great deal of proxy traffic, including a large number of IP address ranges that were until recently routed by ISPs in Ukraine.

Asked about the apparent high incidence of proxy services routing foreign address blocks through AT&T, the telecommunications giant said it recently changed its policy about originating routes for network blocks that are not owned and managed by AT&T. That new policy, spelled out in a February 2025 update to AT&T’s terms of service, gives those customers until Sept. 1, 2025 to originate their own IP space from their own autonomous system number (ASN), a unique number assigned to each ISP (AT&T’s is AS7018).

“To ensure our customers receive the best quality of service, we changed our terms for dedicated internet in February 2025,” an AT&T spokesperson said in an emailed reply. “We no longer permit static routes with IP addresses that we have not provided. We have been in the process of identifying and notifying affected customers that they have 90 days to transition to Border Gateway Protocol routing using their own autonomous system number.”

Ironically, the co-mingling of Ukrainian IP address space with proxy providers has resulted in many of these addresses being used in cyberattacks against Ukraine and other enemies of Russia. Earlier this month, the European Union sanctioned Stark Industries Solutions Inc., an ISP that surfaced two weeks before the Russian invasion and quickly became the source of large-scale DDoS attacks and spear-phishing attempts by Russian state-sponsored hacking groups. A deep dive into Stark’s considerable address space showed some of it was sourced from Ukrainian ISPs, and most of it was connected to Russia-based proxy and anonymity services.

According to Spur, the proxy service IPRoyal is the current beneficiary of IP address blocks from several Ukrainian ISPs profiled in Kentik’s report. Customers can chose proxies by specifying the city and country they would to proxy their traffic through. Image: Trend Micro.

Spur’s Chief Technology Officer Riley Kilmer said AT&T’s policy change will likely force many proxy services to migrate to other U.S. providers that have less stringent policies.

“AT&T is the first one of the big ISPs that seems to be actually doing something about this,” Kilmer said. “We track several services that explicitly sell AT&T IP addresses, and it will be very interesting to see what happens to those services come September.”

Still, Kilmer said, there are several other large U.S. ISPs that continue to make it easy for proxy services to bring their own IP addresses and host them in ranges that give the appearance of residential customers. For example, Kentik’s report identified former Ukrainian IP ranges showing up as proxy services routed by Cogent Communications (AS174), a tier-one Internet backbone provider based in Washington, D.C.

Kilmer said Cogent has become an attractive home base for proxy services because it is relatively easy to get Cogent to route an address block.

“In fairness, they transit a lot of traffic,” Kilmer said of Cogent. “But there’s a reason a lot of this proxy stuff shows up as Cogent: Because it’s super easy to get something routed there.”

Cogent declined a request to comment on Kentik’s findings.

Ross Ulbricht Got a $31 Million Donation From a Dark Web Dealer, Crypto Tracers Suspect

Crypto-tracing firm Chainalysis says the mysterious 300-bitcoin donation to the pardoned Silk Road creator appears to have come from someone associated with a different defunct black market: AlphaBay.

What Really Happened in the Aftermath of the Lizard Squad Hacks

On Christmas Day in 2014 hackers knocked out the Xbox and PlayStation gaming networks, impacting how video game companies handled cybersecurity for years.

What to Do If You Book a Hotel or Airbnb and It Turns Out to Be a Scam

Summer vacation season is upon us, and millions of families are booking accommodations for their dream getaways. But with the surge in travel bookings comes an unfortunate reality: accommodation scams are on the rise, and they’re becoming increasingly sophisticated. As a cybersecurity professional, I’ve seen how devastating these scams can be—not just financially, but emotionally, when your family vacation turns into a nightmare.

The good news? With the right knowledge and proactive measures, you can protect yourself and your family from these predators. Even better, if you do fall victim to a scam, there are specific steps you can take to minimize the damage and potentially recover your losses.

The Harsh Reality: Travel Scams Are Exploding

Travel accommodation fraud has skyrocketed in recent years. Scammers have become expert at creating convincing fake listings on legitimate platforms like Airbnb, Booking.com, and even creating entirely fraudulent websites that mimic well-known hotel chains. They steal photos from real properties, craft compelling descriptions, and even create fake reviews to lure unsuspecting travelers.
What makes these scams particularly insidious is the emotional investment. You’re planning a special family vacation, perhaps saving for months, and the excitement of finding what seems like the “perfect” place clouds your judgment. Scammers exploit this vulnerability ruthlessly.

Red Flags: How to Spot a Scam Before You Book

I can tell you that prevention is always your best defense. Here are the warning signs that should make you pause before clicking “book now”:

Price Red Flags:

  • Prices are significantly below market rate for the area
  • Requests for payment outside the platform (via wire transfer, gift cards, or cryptocurrency)
  • Demands for large upfront payments or full payment before arrival
  • No clear cancellation policy or unreasonably strict terms

Property Red Flags:

  • Limited or professional-looking photos that seem too perfect
  • No street address provided, only general area descriptions
  • Lack of recent reviews or reviews that seem fake (overly generic language)
  • No contact information for the property beyond the initial booking contact

Booking Site Red Flags:

  • Websites with recent domain registration dates
  • No secure payment processing (look for “https” and padlock icons)
  • Missing contact information, terms of service, or privacy policies
  • Unprofessional website design or broken links

Immediate Action Steps If You Discover a Scam

If you’ve fallen victim to an accommodation scam, time is critical. Here’s what you need to do immediately:

Step 1: Document Everything (First 24 Hours)

  • Screenshot all communications, listings, confirmation emails, and payment receipts
  • Save any photos or descriptions from the original listing
  • Note exact dates, times, and methods of all communications
  • Create a detailed timeline of events

Step 2: Contact Your Financial Institution (Immediately)

  • Call your credit card company or bank to report the fraudulent charge
  • Request a chargeback or dispute the transaction
  • Ask to have your card frozen if you suspect further unauthorized access
  • Credit cards generally offer better fraud protection than debit cards

Step 3: Report to the Platform (Within 24-48 Hours)

  • Contact the booking platform’s customer service immediately
  • Provide all documentation you’ve gathered
  • Follow their specific fraud reporting procedures
  • Keep detailed records of all customer service interactions

Step 4: File Official Reports (Within 72 Hours)

  • Report to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov
  • File a complaint with the Internet Crime Complaint Center (IC3.gov)
  • Contact local law enforcement if substantial money is involved
  • Report to your state’s attorney general’s office

Step 5: Monitor Your Accounts and Identity

  • Check all bank and credit card statements for unauthorized charges
  • Review your credit reports for any suspicious activity
  • Change passwords for any accounts that might have been compromised
  • Set up fraud alerts with credit bureaus
  • Long-Term Recovery and Protection Strategies
  • Beyond immediate damage control, you need to think about long-term protection for you and your family. This is where comprehensive digital protection becomes crucial.

How McAfee Can Protect Your Family from Travel Scams

One of the most effective ways to protect your family from travel scams and other online threats is to implement comprehensive digital protection. Solutions like McAfee’s family protection plans offer multiple layers of security that work together to keep scammers at bay.

Modern family protection services provide several key features that directly combat travel scams:

Real-Time Scam Protection: Advanced scam detection technology automatically identifies and blocks fraudulent websites, phishing emails, and suspicious links before you interact with them. This means if you accidentally click on a fake booking site, the protection software will warn you before you enter any personal information.

Secure VPN for Travel Research: When researching accommodations on public Wi-Fi networks (like those in airports or coffee shops), a VPN encrypts your connection, preventing scammers from intercepting your personal information or redirecting you to fake websites.

Financial Transaction Monitoring: Comprehensive protection plans monitor your bank accounts and credit cards for unusual activity (US only), sending immediate alerts if suspicious transactions occur. This early warning system can help you catch fraudulent charges within hours rather than weeks.

Identity Monitoring and Dark Web Surveillance: These services continuously scan the dark web and other sources where stolen personal information is traded, alerting you if your data appears in places it shouldn’t. This is particularly valuable since accommodation scammers often sell stolen personal information to other criminals.

Personal Data Cleanup: Many protection services help identify and remove your personal information from data broker sites that scammers often use to research potential victims and make their approaches more convincing.
For families, comprehensive protection plans typically cover up to six family members, providing each person with their own monitoring and protection while giving parents oversight of their children’s online activities. With identity theft coverage up to $2 million per family and 24/7 restoration assistance, these services provide both prevention and recovery support.

The Bottom Line: Protection Is Worth the Investment

Twenty years in cybersecurity has taught me that the cost of prevention is always less than the cost of recovery. Whether it’s taking time to properly research accommodations, investing in comprehensive family protection software, or educating your family about scam tactics, these upfront investments pay dividends in peace of mind and financial security.

Travel scams prey on our excitement and trust during what should be joyful family times. By staying vigilant, using proper protection tools, and knowing how to respond quickly if something goes wrong, you can ensure your family’s summer vacation memories are made for all the right reasons.

Remember: legitimate accommodation providers want to build trust and will readily provide verification. If anyone pressures you to skip verification steps or pay through unusual methods, walk away. Your family’s safety and financial security are worth more than any “deal” that seems too good to be true.

Safe travels, and remember—the best vacation is one where the only surprises are pleasant ones.

The post What to Do If You Book a Hotel or Airbnb and It Turns Out to Be a Scam appeared first on McAfee Blog.

ICE Quietly Scales Back Rules for Courthouse Raids

A requirement that ICE agents ensure courthouse arrests don’t clash with state and local laws has been rescinded by the agency. ICE declined to explain what that means for future enforcement.

The Race to Build Trump’s ‘Golden Dome’ Missile Defense System Is On

President Donald Trump has proposed building a massive antimissile system in space that could enrich Elon Musk if it materializes. But experts say the project’s feasibility remains unclear.

You're Not Ready

Seems bad out there. Unfortunately, it can always get worse. From evil hacker AI to world-changing cyberattacks, WIRED envisions the future you haven't prepared for.

Deepfake Scams Are Distorting Reality Itself

The easy access that scammers have to sophisticated AI tools means everything from emails to video calls can’t be trusted.

The US Grid Attack Looming on the Horizon

A major cyberattack on the US electrical grid has long worried security experts. Such an attack wouldn’t be easy. But if an adversary pulled it off, it’d be lights out in more ways than one.

The Texting Network for the End of the World

Everyone knows what it’s like to lose cell service. A burgeoning open source project called Meshtastic is filling the gap for when you’re in the middle of nowhere—or when disaster strikes.

See How Much Faster a Quantum Computer Will Crack Encryption

A quantum computer will likely one day be able to break the encryption protecting the world's secrets. See how much faster such a machine could decrypt a password compared to a present-day supercomputer.

A GPS Blackout Would Shut Down the World

GPS jamming and spoofing attacks are on the rise. If the global navigation system the US relies on were to go down entirely, it would send the world into unprecedented chaos.

The Rise of ‘Vibe Hacking’ Is the Next AI Nightmare

In the very near future, victory will belong to the savvy blackhat hacker who uses AI to generate code at scale.

How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists

For years, a powerful farm industry group served up information on activists to the FBI. Records reveal a decade-long effort to see the animal rights movement labeled a “bioterrorism” threat.

Don’t let dormant accounts become a doorway for cybercriminals

Do you have online accounts you haven't used in years? If so, a bit of digital spring cleaning might be in order.

Streamline Regulation Mandates With NIST CSF and Secure Workload

Cisco Secure Workload serves as a foundational solution for organizations seeking to implement an effective microsegmentation strategy.

A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign

Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more.

U.S. Sanctions Cloud Provider ‘Funnull’ as Top Source of ‘Pig Butchering’ Scams

Image: Shutterstock, ArtHead.

The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual currency investment scams known as “pig butchering.” In January 2025, KrebsOnSecurity detailed how Funnull was being used as a content delivery network that catered to cybercriminals seeking to route their traffic through U.S.-based cloud providers.

“Americans lose billions of dollars annually to these cyber scams, with revenues generated from these crimes rising to record levels in 2024,” reads a statement from the U.S. Department of the Treasury, which sanctioned Funnull and its 40-year-old Chinese administrator Liu Lizhi. “Funnull has directly facilitated several of these schemes, resulting in over $200 million in U.S. victim-reported losses.”

The Treasury Department said Funnull’s operations are linked to the majority of virtual currency investment scam websites reported to the FBI. The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans.

Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms. Victims are coached to invest more and more money into what appears to be an extremely profitable trading platform, only to find their money is gone when they wish to cash out.

The scammers often insist that investors pay additional “taxes” on their crypto “earnings” before they can see their invested funds again (spoiler: they never do), and a shocking number of people have lost six figures or more through these pig butchering scams.

KrebsOnSecurity’s January story on Funnull was based on research from the security firm Silent Push, which discovered in October 2024 that a vast number of domains hosted via Funnull were promoting gambling sites that bore the logo of the Suncity Group, a Chinese entity named in a 2024 UN report (PDF) for laundering millions of dollars for the North Korean state-sponsored hacking group Lazarus.

Silent Push found Funnull was a criminal content delivery network (CDN) that carried a great deal of traffic tied to scam websites, funneling the traffic through a dizzying chain of auto-generated domain names and U.S.-based cloud providers before redirecting to malicious or phishous websites. The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

A graphic from the FBI explaining how Funnull generated a slew of new domains on a regular basis and mapped them to Internet addresses on U.S. cloud providers.

Silent Push revisited Funnull’s infrastructure in January 2025 and found Funnull was still using many of the same Amazon and Microsoft cloud Internet addresses identified as malicious in its October report. Both Amazon and Microsoft pledged to rid their networks of Funnull’s presence following that story, but according to Silent Push’s Zach Edwards only one of those companies has followed through.

Edwards said Silent Push no longer sees Microsoft Internet addresses showing up in Funnull’s infrastructure, while Amazon continues to struggle with removing Funnull servers, including one that appears to have first materialized in 2023.

“Amazon is doing a terrible job — every day since they made those claims to you and us in our public blog they have had IPs still mapped to Funnull, including some that have stayed mapped for inexplicable periods of time,” Edwards said.

Amazon said its Amazon Web Services (AWS) hosting platform actively counters abuse attempts.

“We have stopped hundreds of attempts this year related to this group and we are looking into the information you shared earlier today,” reads a statement shared by Amazon. “If anyone suspects that AWS resources are being used for abusive activity, they can report it to AWS Trust & Safety using the report abuse form here.”

U.S. based cloud providers remain an attractive home base for cybercriminal organizations because many organizations will not be overly aggressive in blocking traffic from U.S.-based cloud networks, as doing so can result in blocking access to many legitimate web destinations that are also on that same shared network segment or host.

What’s more, funneling their bad traffic so that it appears to be coming out of U.S. cloud Internet providers allows cybercriminals to connect to websites from web addresses that are geographically close(r) to their targets and victims (to sidestep location-based security controls by your bank, for example).

Funnull is not the only cybercriminal infrastructure-as-a-service provider that was sanctioned this month: On May 20, 2025, the European Union imposed sanctions on Stark Industries Solutions, an ISP that materialized at the start of Russia’s invasion of Ukraine and has been used as a global proxy network that conceals the true source of cyberattacks and disinformation campaigns against enemies of Russia.

In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions that found much of the malicious traffic traversing Stark’s network (e.g. vulnerability scanning and password brute force attacks) was being bounced through U.S.-based cloud providers. My reporting showed how deeply Stark had penetrated U.S. ISPs, and that its co-founder for many years sold “bulletproof” hosting services that told Russian cybercrime forum customers they would proudly ignore any abuse complaints or police inquiries.

The homepage of Stark Industries Solutions.

That story examined the history of Stark’s co-founders, Moldovan brothers Ivan and Yuri Neculiti, who each denied past involvement in cybercrime or any current involvement in assisting Russian disinformation efforts or cyberattacks. Nevertheless, the EU sanctioned both brothers as well.

The EU said Stark and the Neculti brothers “enabled various Russian state-sponsored and state-affiliated actors to conduct destabilising activities including coordinated information manipulation and interference and cyber-attacks against the Union and third countries by providing services intended to hide these activities from European law enforcement and security agencies.”

Cops in Germany Claim They’ve ID’d the Mysterious Trickbot Ransomware Kingpin

The elusive boss of the Trickbot and Conti cybercriminal groups has been known only as “Stern.” Now, German law enforcement has published his alleged identity—and it’s a familiar face.

A Swedish MMA Tournament Spotlights the Trump Administration's Handling of Far-Right Terrorism

A member of a California-based fight club seems to have attended an event hosted by groups with ties to an organization the US government labeled a terrorist group. Will the Trump administration care?

Introducing Secure Access – DNS Defense

Cisco Secure Access - DNS Defense is a seamless pathway to our Universal ZTNA solution. Learn how it works in the blog.

The US Is Storing Migrant Children’s DNA in a Criminal Database

Customs and Border Protection has swabbed the DNA of migrant children as young as 4, whose genetic data is uploaded to an FBI-run database that can track them if they commit crimes in the future.

Standing Together Against Scams: McAfee Joins the Global Anti-Scam Alliance

At McAfee, we see the real faces behind the statistics. Our research shows, globally, people spend an average of 83 hours annually reviewing suspicious messages. We don’t just see numbers, we see the schoolteacher who was scammed out of Taylor Swift tickets, the new father who was duped by an IRS tax scam, and the life coach who was impacted by a SIM swap scam.

This is why we’re proud to announce that McAfee has joined the Global Anti-Scam Alliance (GASA) as a Foundation Member—because protecting people from scams isn’t just about technology. It’s about understanding the human cost of digital deception and working together to stop it.

The Human Side of Scams: Stories That Matter

Through our Scam Stories initiative and Keep It Real campaign, we’ve heard countless accounts from real people who’ve experienced the devastating impact of scams. Take Chris Carmack and Erin Slaver, who thought they were simply ordering custom patio cushions from what appeared to be a trustworthy small business. After paying through a special link, the cushions never arrived. Delays turned into excuses, messages went unanswered, and the seller’s account eventually disappeared along with their money.

What strikes us most about these stories isn’t just the financial loss—it’s the emotional aftermath. The embarrassment. The self-doubt. The way victims blame themselves for “falling for it,” when the reality is that today’s scams are sophisticated operations designed by professionals who exploit our trust and humanity.

We’re working to change that narrative. Being scammed isn’t a sign of weakness—it’s evidence of how advanced and manipulative these criminal enterprises have become. When we launched our Scam Stories campaign, we made a commitment: to end the stigma around being scammed and empower people to speak out, because silence is exactly what scammers count on.

Why GASA, Why Now?

The Global Anti-Scam Alliance represents something powerful: a coordinated, international response to a global threat. Nearly $1.026 trillion was lost by consumers worldwide last year in scams, with 78% of participants experiencing at least one scam in the last 12 months. These aren’t isolated incidents—they’re part of a sophisticated ecosystem that spans borders, platforms, and industries.

At McAfee, we bring unique strengths to this alliance:

Cutting-Edge Protection: Our AI-powered Scam Detector, now included in all core McAfee plans, automatically identifies scams across text, email, and video, including deepfake detection. We’re not just reacting to scams, we’re anticipating them.

Real-World Insight: Through our comprehensive scam research and our direct connection with victims through Scam Stories, we understand how scams actually impact people’s lives. This isn’t theoretical—it’s deeply personal.

Global Reach: We protect millions of users worldwide, giving us visibility into emerging scam trends across different regions and demographics. We’ve seen how scammers adapt their tactics and how victims respond.

Educational Mission: Beyond technology, we’re committed to raising awareness. Our partnership with FightCybercrime.org includes donating $50,000 in protection products to scam victims and the professionals who support them.

More Than Technology: Building Trust in a Broken System

Online scams have evolved far beyond the obvious emails of the past. Today’s scammers use AI to create convincing deepfakes, exploit trusted brands, and craft personalized attacks that fool cybersecurity experts. A McAfee Labs study shows that for just $5 and in 10 minutes, the price of a latte, a scammer can create a realistic-looking deepfake video or AI voice scams.

“Last year alone, people lost more than $1 trillion to scams. That is not just a cybersecurity issue. It is a trust issue,” said Dan Huynh, Vice President of Business Development at McAfee and board member of the Global Anti-Scam Alliance (GASA). “We joined GASA because we believe collaboration amplifies impact. By uniting with others equally committed to stopping scams, we can drive greater change. It takes real coordination, shared insight, and urgency to protect people—and GASA is how we turn that commitment into action.”

This isn’t a problem that any one company, government, or organization can solve alone. It requires the kind of coordinated response that GASA represents, bringing together governments, consumer protection organizations, financial institutions, tech platforms, and cybersecurity leaders to share intelligence, shape policy, and deliver rapid, systemic action.

What’s Next: Our Commitment to Change

Joining GASA isn’t just about adding our name to a membership list. It’s about doubling down on our commitment to protect people, not just devices. In an always-online world. We’re bringing our advanced AI technology, our research insights, and our deep understanding of the human impact of scams to help build smarter, faster, more connected defenses.

We intend to work across borders and sectors to drive meaningful change. We intend to build tools that don’t just react but anticipate. And we intend to empower people with the clarity, context, and confidence they need to protect themselves in an increasingly complex digital world.

Most importantly, we’re committed to continuing our Scam Stories campaign, giving victims a voice, ending the shame that keeps people silent, and helping everyone understand that in today’s world, being scammed says nothing about your intelligence and everything about how sophisticated these criminal operations have become.

At McAfee, we’ve always believed that everyone should be able to live their lives online with confidence. By joining GASA, we’re taking that mission global—because when it comes to stopping scams, we’re all stronger together.

Learn more about McAfee’s scam protection at McAfee.com and share your story to help others stay safe at our Scam Stories page. Together, we can keep it real and keep each other safe.

The post Standing Together Against Scams: McAfee Joins the Global Anti-Scam Alliance appeared first on McAfee Blog.

Pakistan Arrests 21 in ‘Heartsender’ Malware Service

Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade. The main clientele for HeartSender were organized crime groups that tried to trick victim companies into making payments to a third party, and its alleged proprietors were publicly identified by KrebsOnSecurity in 2021 after they inadvertently infected their computers with malware.

Some of the core developers and sellers of Heartsender posing at a work outing in 2021. WeCodeSolutions boss Rameez Shahzad (in sunglasses) is in the center of this group photo, which was posted by employee Burhan Ul Haq, pictured just to the right of Shahzad.

A report from the Pakistani media outlet Dawn states that authorities there arrested 21 people alleged to have operated Heartsender, a spam delivery service whose homepage openly advertised phishing kits targeting users of various Internet companies, including Microsoft 365, Yahoo, AOL, Intuit, iCloud and ID.me. Pakistan’s National Cyber Crime Investigation Agency (NCCIA) reportedly conducted raids in Lahore’s Bahria Town and Multan on May 15 and 16.

The NCCIA told reporters the group’s tools were connected to more than $50m in losses in the United States alone, with European authorities investigating 63 additional cases.

“This wasn’t just a scam operation – it was essentially a cybercrime university that empowered fraudsters globally,” NCCIA Director Abdul Ghaffar said at a press briefing.

In January 2025, the FBI and the Dutch Police seized the technical infrastructure for the cybercrime service, which was marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations). The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.

The FBI says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party.

Dawn reported that those arrested included Rameez Shahzad, the alleged ringleader of the Heartsender cybercrime business, which most recently operated under the Pakistani front company WeCodeSolutions. Mr. Shahzad was named and pictured in a 2021 KrebsOnSecurity story about a series of remarkable operational security mistakes that exposed their identities and Facebook pages showing employees posing for group photos and socializing at work-related outings.

Prior to folding their operations behind WeCodeSolutions, Shahzad and others arrested this month operated as a web hosting group calling itself The Manipulaters. KrebsOnSecurity first wrote about The Manipulaters in May 2015, mainly because their ads at the time were blanketing a number of popular cybercrime forums, and because they were fairly open and brazen about what they were doing — even who they were in real life.

Sometime in 2019, The Manipulaters failed to renew their core domain name — manipulaters[.]com — the same one tied to so many of the company’s business operations. That domain was quickly scooped up by Scylla Intel, a cyber intelligence firm that specializes in connecting cybercriminals to their real-life identities. Soon after, Scylla started receiving large amounts of email correspondence intended for the group’s owners.

In 2024, DomainTools.com found the web-hosted version of Heartsender leaked an extraordinary amount of user information to unauthenticated users, including customer credentials and email records from Heartsender employees. DomainTools says the malware infections on Manipulaters PCs exposed “vast swaths of account-related data along with an outline of the group’s membership, operations, and position in the broader underground economy.”

Shahzad allegedly used the alias “Saim Raza,” an identity which has contacted KrebsOnSecurity multiple times over the past decade with demands to remove stories published about the group. The Saim Raza identity most recently contacted this author in November 2024, asserting they had quit the cybercrime industry and turned over a new leaf after a brush with the Pakistani police.

The arrested suspects include Rameez Shahzad, Muhammad Aslam (Rameez’s father), Atif Hussain, Muhammad Umar Irshad, Yasir Ali, Syed Saim Ali Shah, Muhammad Nowsherwan, Burhanul Haq, Adnan Munawar, Abdul Moiz, Hussnain Haider, Bilal Ahmad, Dilbar Hussain, Muhammad Adeel Akram, Awais Rasool, Usama Farooq, Usama Mehmood and Hamad Nawaz.

Adidas Data Breach: What Consumers Need to Know and How to Protect Yourself

German sportswear giant Adidas has confirmed a significant cybersecurity incident that compromised customer personal information through an attack on their customer service operations. The breach primarily exposed contact details of consumers who had previously interacted with Adidas’s help desk support system, though the company has assured customers that sensitive financial data including passwords, credit card numbers, and other payment information remained secure. While acknowledging the severity of the situation, Adidas emphasized their unwavering commitment to consumer privacy and security, expressing sincere regret for any anxiety or disruption the incident may have caused their customer base.

The Incident: What Happened at Adidas

On May 27, 2025, German sportswear giant Adidas disclosed a significant data breach affecting their customer base. The breach didn’t originate from Adidas directly, but rather through a compromised third-party customer service provider—a scenario that’s becoming increasingly common in our interconnected business ecosystem.

According to Adidas’s official statement, an “unauthorized external party obtained certain consumer data through a third-party customer service provider.” The company immediately launched containment measures and began collaborating with leading information security experts to investigate the incident.

Fortunately, the stolen information reportedly did not include payment-related data or customer passwords. However, the attackers did gain access to customer contact information, which can still pose significant risks for affected individuals.

Why Third-Party Breaches Are So Dangerous

This breach highlights a critical vulnerability in modern business operations: supply chain security. Companies today rely on numerous third-party vendors for various services, from customer support to data processing. Each vendor represents a potential entry point for cybercriminals.

What makes these incidents particularly concerning is the trust relationship involved. When you provide information to Adidas, you’re not just trusting Adidas with your data. You’re implicitly trusting every company they work with. This creates an expanded attack surface that consumers often don’t consider.

From our experience investigating similar incidents, third-party breaches often go undetected longer than direct attacks because monitoring and security controls may be less stringent at vendor locations. This extended dwell time gives attackers more opportunities to exfiltrate data and potentially pivot to other systems.

The Real Risks: Beyond Just Contact Information

While Adidas stated that payment information wasn’t compromised, the exposure of contact information creates several risks that consumers should understand:

Identity Theft Foundation Building: Contact information serves as a building block for identity theft. Criminals often combine data from multiple breaches to create comprehensive victim profiles.

Targeted Phishing Campaigns: With your name, email, and potentially phone number, scammers can craft highly convincing phishing messages that appear to come from Adidas or related services.

Social Engineering Attacks: Armed with your shopping preferences and contact details, attackers can impersonate customer service representatives to trick you into revealing additional sensitive information.

Secondary Account Compromise: If you use the same email for multiple accounts, this breach could be the first domino in a chain of compromises.

Immediate Steps Every Affected Consumer Should Take

Here’s your immediate action plan:

1. Assume You’re Affected

Even if you haven’t received notification from Adidas yet, assume your information may have been compromised if you’ve been an Adidas customer. Companies often take weeks to identify all affected individuals.

2. Change Your Passwords Immediately

Start with your Adidas account, then move to any accounts that share the same password. Use strong, unique passwords for each account. This is non-negotiable. In 2025, password reuse is one of the fastest ways to turn a single breach into multiple compromised accounts.

3. Enable Two-Factor Authentication Everywhere

If you haven’t already, enable two-factor authentication (2FA) on all accounts that support it, starting with email, banking, and shopping accounts. This adds a crucial second layer of security.

4. Monitor Your Financial Accounts

Check bank statements, credit card bills, and investment accounts for any unusual activity. Set up account alerts if you haven’t already—many financial institutions offer real-time transaction notifications.

5. Review Your Credit Reports

You’re entitled to free credit reports from all three major bureaus annually. Consider spacing them out throughout the year for ongoing monitoring, or use a service that provides more frequent updates.

Long-Term Protection Strategies

Implement a Defense-in-Depth Approach

No single security measure is perfect. Layer your defenses by combining strong passwords, 2FA, regular monitoring, and comprehensive security software.

Consider Credit Freezing

A security freeze prevents criminals from opening new accounts in your name. It’s free, reversible, and one of the most effective identity theft prevention tools available.

Stay Informed About Breach Trends

Bookmark the McAfee Blog and other and breach notification services. The faster you know about incidents affecting services you use, the quicker you can respond.

How McAfee+ Can Help Protect You

McAfee+ offers several features specifically designed to help individuals navigate the aftermath of data breaches:

Dark Web Monitoring

McAfee’s service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services.

This is crucial because stolen data from breaches like Adidas often ends up for sale on dark web marketplaces. Early detection can help you take protective action before criminals have a chance to use your information.

Personal Data Cleanup

McAfee’s personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.

Data brokers collect and sell personal information to anyone willing to pay, including scammers and identity thieves. Reducing your exposure through these services limits the information available to criminals who might try to combine it with data from the Adidas breach.

Identity Monitoring and Restoration

McAfee’s Advanced plan provides identity monitoring, data removal, identity restoration, and identity theft insurance. Their monitoring covers up to 60 unique types of personal information and includes up to $2 million in identity theft coverage with professional recovery specialists.

AI-Powered Scam Protection

McAfee’s scam detector will alert you to suspicious text messages and emails that you receive. This is particularly valuable in the aftermath of a breach when criminals often launch targeted phishing campaigns using stolen contact information.

Comprehensive Financial Monitoring

Financial protection Services include transaction monitoring; financial account and payday loan monitoring; bank account takeover monitoring; safe cards. This helps detect unauthorized use of your financial accounts, which could occur if criminals combine information from multiple breaches.

The Adidas breach won’t be the last of its kind. As our digital ecosystem becomes more interconnected, these incidents will likely become more frequent. The key is building personal and organizational resilience through proactive security measures rather than reactive responses.

For consumers, this means adopting a security-first mindset in all digital interactions. Assume breaches will happen, prepare accordingly, and maintain tools and services that can help you detect and respond to threats quickly.

McAfee’s Final Recommendations

Act quickly: Don’t wait for official notification from Adidas. If you’re a customer, take protective action now.

Invest in comprehensive protection: Services like McAfee+ provide multiple layers of protection that work together to address different aspects of the post-breach threat landscape.

Stay vigilant: Monitor your accounts regularly and be skeptical of unsolicited communications, especially those claiming to be from Adidas or related to this incident.

Learn and adapt: Use this incident as motivation to improve your overall cybersecurity posture. Review your digital habits and make necessary improvements.

Remember, in cybersecurity, there’s no such thing as perfect protection—only degrees of risk reduction. The goal is to make yourself a harder target while maintaining the tools and knowledge necessary to respond quickly when incidents occur.

The Adidas breach serves as another reminder that in our interconnected world, your security is only as strong as the weakest link in the chain. By taking proactive steps and leveraging comprehensive protection services, you can significantly reduce your risk and impact from these increasingly common incidents.

The post Adidas Data Breach: What Consumers Need to Know and How to Protect Yourself appeared first on McAfee Blog.

The 90-5-5 Concept: Your Key to Solving Human Risk in Cybersecurity

Most breaches are caused by everyday human mistakes. The 90-5-5 Concept is a framework that addresses this by shifting the conversation to proactive design.

The Privacy-Friendly Tech to Replace Your US-Based Email, Browser, and Search

Thanks to drastic policy changes in the US and Big Tech’s embrace of the second Trump administration, many people are moving their digital lives abroad. Here are a few options to get you started.
❌