Customs and Border Protection Confirms Its Use of Hacked Signal Clone TeleMessage

CBP says it has “disabled” its use of TeleMessage following reports that the app, which has not cleared the US government’s risk assessment program, was hacked.

The Trump Administration Sure Is Having Trouble Keeping Its Comms Private

In the wake of SignalGate, a knockoff version of Signal used by a high-ranking member of the Trump administration was hacked. Today on Uncanny Valley, we discuss the platforms used for government communications.

The Signal Clone Mike Waltz Was Caught Using Has Direct Access to User Chats

A new analysis of TM Signal’s source code appears to show that the app sends users’ message logs in plaintext. At least one top Trump administration official used the app.

Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years

Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal.

US Border Agents Are Asking for Help Taking Photos of Everyone Entering the Country by Car

Customs and Border Protection has called for tech companies to pitch real-time face recognition technology that can capture everyone in a vehicle—not just those in the front seats.

Signal Clone Used by Mike Waltz Pauses Service After Reports It Got Hacked

The communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz's phone, has suspended “all services” as it investigates reports of at least one breach.

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US

The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.

Hacking Spree Hits UK Retail Giants

Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death.

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

A new study found that code generated by AI is more likely to contain made-up information that can be used to trick software into interacting with malicious code.

WhatsApp Is Walking a Tightrope Between AI Features and Privacy

WhatsApp's AI tools will use a new “Private Processing” system designed to allow cloud access without letting Meta or anyone else see end-to-end encrypted chats. But experts still see risks.

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi

Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.

Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show

Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.

Pete Hegseth’s Signal Scandal Spirals Out of Control

Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.

This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge

Welcome to the first edition of This Week in Scams, a new weekly series from McAfee breaking down the latest fraud trends, headlines, and real-time threats we’re detecting across the digital landscape. 

This week, we’re spotlighting the FBI’s shocking new cybercrime report, the rise of AI-generated deepfakes, and a sophisticated Gmail impersonation scam flagged by Google. We’re also seeing a surge in location-specific toll scams and fake delivery alerts—a reminder that staying ahead of scammers starts with knowing how they operate. 

Let’s dive in. 

Scams Making Headlines 

$16.6 Billion Lost to Online Scams in 2024
The FBI’s latest Internet Crime Report is here—and the numbers are staggering. Americans lost $16.6 billion to online scams last year, up from $12.5 billion in 2023. Older adults and crypto investors were hit especially hard, but the agency warns the real total is likely much higher, since many victims never report the crime.
Read more

AI-Powered Deepfake Scams Get More Convincing
Deepfake-enabled fraud has already caused more than $200 million in financial losses in just the first quarter of 2025.  

McAfee researchers estimate the average American sees three deepfakes per day, many of which are designed to mimic real people, services, or news stories. Whether it’s fake crypto pitches, job offers, or social media stunts—seeing is no longer believing.
Read more 

Google Warns Users of Sophisticated Email Scam  

Google is alerting Gmail users to a new type of phishing email that looks like it comes from Google itself. These messages often appear in legitimate email threads and pass all typical security checks, but lead victims to a cloned Google login page designed to steal credentials. The scam highlights how attackers are evolving to outsmart traditional filters.
Read more 

 

From Experts at McAfee 

McAfee Researchers have observed a recent surge in the following scam types: 

Fake Delivery Notifications: Scammers impersonate delivery services like USPS, UPS, and FedEx, sending fake tracking links that install malware or steal payment info

Invoice Scams: Fraudulent messages that claim you owe money for a product or service, often accompanied by a fake invoice PDF or request for payment via phone

Cloud Storage Spoofs: Emails that pretend to be from Google Drive, Dropbox, or OneDrive, prompting you to “log in” to view shared files. The links lead to phishing sites designed to capture your credentials. 

Toll Text Scams: Personalized smishing messages that claim you owe a toll and link to fake payment sites. These messages often use location data—like your area code or recent city visits—to appear legitimate. McAfee Labs saw toll scam texts spike nearly 4x between January and February.

This week, Steve Grobman, executive vice president and chief technology officer at McAfee, said the toll scam is effective because it hits all the correct social points for a consumer. 

These scams often rely on urgency and familiarity—pretending to be something you trust or expect—to get you to act quickly without double-checking. 

How to Stay One Step Ahead 

1. Be skeptical of emails—even from familiar senders.
   The Gmail scam shows that even official-looking messages can be fake. If an email asks you to log in, don’t click the link. Instead, go to the website directly through your browser and log in from there.
2. Understand how deepfakes are being used.
   Whether it’s a voice message from someone you know or a video of a public figure promoting an investment, deepfakes are designed to exploit trust. If a message pressures you to act urgently—especially involving money—slow down and verify it through another channel.
3. Don’t assume personalization means legitimacy.
   Scams like the toll fraud texts feel real because they include specific location data. But scammers can use leaked or purchased personal data to tailor messages. Just because it sounds accurate doesn’t mean it’s trustworthy.
4. Watch for emotional triggers.
   The most effective scams—whether it’s a fake support email, a travel deal, or a message about a missed toll—create urgency or panic. If something is pushing you to act fast, that’s your cue to stop and verify.
5. Protect yourself with tools that go beyond basic filters.
   Traditional spam filters aren’t enough anymore. Use security tools—like McAfee Scam Detector—that look at full message context and help flag advanced scams, impersonation attempts, and deepfakes before they cause harm.

Thanks for reading—See you next week with more scam alerts, insights, and protection tips from the McAfee team. 

The post This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge appeared first on McAfee Blog.

Gmail’s New Encrypted Messages Feature Opens a Door for Scams

Google is rolling out an end-to-end encrypted email feature for business customers, but it could spawn phishing attacks, particularly in non-Gmail inboxes.

The Tech That Safeguards the Conclave’s Secrecy

Following the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks.

How to Protect Yourself From Phone Searches at the US Border

Customs and Border Protection has broad authority to search travelers’ devices when they cross into the United States. Here’s what you can do to protect your digital life while at the US border.

Florida Man Enters the Encryption Wars

Plus: A US judge rules against police cell phone “tower dumps,” China names alleged NSA agents it says were involved in cyberattacks, and Customs and Border Protection reveals its social media spying tools.

ICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform

In a document published Thursday, ICE explained the functions that it expects Palantir to include in a prototype of a new program to give the agency “near real-time” data about people self-deporting.

New Jersey Sues Discord for Allegedly Failing to Protect Children

The New Jersey attorney general claims Discord’s features to keep children under 13 safe from sexual predators and harmful content are inadequate.

This ‘College Protester’ Isn’t Real. It’s an AI-Powered Undercover Bot for Cops

Massive Blue is helping cops deploy AI-powered social media bots to talk to people they suspect are anything from violent sex criminals all the way to vaguely defined “protesters.”

‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program

The CVE Program is the primary way software vulnerabilities are tracked. Its long-term future remains in limbo even after a last-minute renewal of the US government contract that funds it.

Here’s What Happened to Those SignalGate Messages

A lawsuit over the Trump administration’s infamous Houthi Signal group chat has revealed what steps departments took to preserve the messages—and how little they actually saved.

Suspected 4chan Hack Could Expose Longtime, Anonymous Admins

Though the exact details of the situation have not been confirmed, community infighting seems to have spilled out in a breach of the notorious image board.

TraderTraitor: The Kings of the Crypto Heist

Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.

Black Basta: The Fallen Ransomware Gang That Lives On

After a series of setbacks, the notorious Black Basta ransomware gang went underground. Researchers are bracing for its probable return in a new form.

CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide

Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk—and has already caused global disruption.

Brass Typhoon: The Chinese Hacking Group Lurking in the Shadows

Though less well-known than groups like Volt Typhoon and Salt Typhoon, Brass Typhoon, or APT 41, is an infamous, longtime espionage actor that foreshadowed recent telecom hacks.

Smishing Triad: The Scam Group Stealing the World’s Riches

Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations—and quickly innovating.

Gamaredon: The Turncoat Spies Relentlessly Hacking Ukraine

For the past decade, this group of FSB hackers—including “traitor” Ukrainian intelligence officers—has used a grinding barrage of intrusion campaigns to make life hell for their former countrymen and cybersecurity defenders.

Homeland Security Email Tells a US Citizen to ‘Immediately’ Self-Deport

An email sent by the Department of Homeland Security instructs people in the US on a temporary legal status to leave the country. But who the email actually applies to—and who actually received it—is far from clear.

China Secretly (and Weirdly) Admits It Hacked US Infrastructure

Plus: The Department of Homeland Security begins surveilling immigrants' social media, President Donald Trump targets former CISA director who refuted his claims of 2020 election fraud, and more.

Sex-Fantasy Chatbots Are Leaking a Constant Stream of Explicit Messages

Some misconfigured AI chatbots are pushing people’s chats to the open web—revealing sexual prompts and conversations that include descriptions of child sexual abuse.

Spyware Maker NSO Group Is Paving a Path Back Into Trump’s America

The Israeli spyware maker, still on the US Commerce Department’s “blacklist,” has hired a new lobbying firm with direct ties to the Trump administration, a WIRED investigation has found.

NSA Chief Ousted Amid Trump Loyalty Firing Spree

Plus: Another DOGE operative allegedly has a history in the hacking world, and Donald Trump’s national security adviser apparently had way more Signal chats than previously known.

Cybersecurity Professor Faced China-Funding Inquiry Before Disappearing, Sources Say

A lawyer for Xiaofeng Wang and his wife says they are “safe” after FBI searches of their homes and Wang’s sudden dismissal from Indiana University, where he taught for over 20 years.

Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds

As Tax Day looms and last-minute taxpayers feel the pressure, a surge of IRS scams is on the rise.  

Research by our McAfee Labs team projects a fresh wave of sophisticated tax scams as the stress of peak filing season sets in, with bogus text messages leading the way.  

Nearly half of taxpayers complete their taxes between mid-March and April 15, which gives scammers ample opportunity to cash in as people rush their filings with the IRS.  

Based on our data from 2024, here’s what we can expect in the coming days: 

• We’ll see a surge in tax scams – The number of malicious tax scam URLs nearly quadrupled from February 1 (2.9% of activity) to February 28 (10.5%) last year, with the biggest spike at the end of the month.  

• Mobile attacks will dominate – 76% of all tax scam activity in 2024 targeted mobile users via text, often using URL shorteners to disguise fraudulent links. 

• Highly coordinated scam campaigns will roll out – A single campaign accounted for 17.3% of all tax-related blocked URLs in 2024, using fake IRS-style links (like, ”irs.gov.tax-helping[.]com”). 

In addition to posing as the IRS, scammers will pose as tax prep and tax software companies as well. Just as in years past, taxpayers can further expect scams built around quick refunds and easy filing solutions that are actually fronts for scams. Yet whatever guise scammers put on, their aim remains the same. They want to dupe taxpayers out of their personal and financial info.  

Common Tax Scams To Look Out For 

Tax season is high season for scammers because so much personal info gets gathered and shared online. With that, many taxpayers have their guard down. They expect to see messages, ads, and so forth about their taxes, which can make them more willing to share some of their most personal info. That’s where scammers step in. They want to: 

1. Steal account info – Scammers try to highjack account or financial info associated with credit cards and banks to steal funds and make purchases with a victim’s card.
2. File false returns – Scammers also try to file false returns in a victim’s name and claim their refunds, which leaves the victim without their money and a fraud claim on their hands.
3. Commit identity theft – Scammers use the info they steal to open new credit lines and accounts in a victim’s name. 
4. Re-sell stolen info – Finally, scammers can also turn a profit on their victims by selling stolen info on dark web marketplaces. Instead of using it to commit identity theft
   themselves, they sell it to others who will. 

Looking at this list, you can see what makes tax scams so damaging. Many of them target our most precious of personal info—our Social Security Numbers (SSNs).  

A stolen SSN opens the door to some of the most painful forms of identity theft, like imposter fraud, insurance fraud, employment fraud, and more. These follow-on attacks can cause great harm to a victim’s finances and reputation in ways that can take months, or even years, to repair.   

How Tax Scams Work

In effect, tax scams deliver a one-two punch. 

It begins by baiting the victim with a phony message from a scammer posing as the IRS, a tax prep business, or a tax software company. That might come by email, a direct message on social media, or even in paid search results. 

Largely, scammers bait victims with texts. Mobile attacks indeed dominate the preferred contact method, just as we called out. Here, scammers often use link shorteners to disguise fraudulent links. (You’ve likely seen plenty of link shorteners like bit.ly and goo.gl. They make it easier to share long addresses, but the flipside is that there’s no quick way to tell where they really take you.) 

In some cases, scammers attempt to trick taxpayers by weaving “irs.gov” into the web address. Below you can see one example, where the domain isn’t “irs.gov.” It’s actually “entes-tax[dot]com,” which leads to a scam site. 

Scam texts that weave “irs.gov” into a malicious link 

As for the text itself, scammers send urgent-sounding messages about tax returns like, “Your refund is on hold, contact the IRS immediately.” Other scammers use fear, leveling threats like jail time for non-payment. In other cases, scammers threaten to revoke things like driver’s licenses and business licenses, or even immigration status. According to the IRS, these are common signs of a scam. The IRS never uses threats or tactics like these to resolve tax issues. 

The second punch comes by clicking the link in these messages, which leads to IRS copycat scam sites. And they can look convincing. The most sophisticated of them mirror the look and feel of the official IRS website and use URLs that look “close enough” to an IRS URL, which can trick anyone who doesn’t examine them closely. 

 

Example of a fake IRS claim website 

And that’s where the damage gets done. Under the false pretense of receiving a refund or making a payment, the scammers collect that precious personal info we talked about, which can cause short- and long-term fallout for victims. 

The same approach works for scammers who pose as tax prep services and tax software companies. The texts and websites look different, yet they’re still part of a scheme for collecting the same types of personal and financial info.  

 

How To Avoid Tax Scams

Clever as these scams are, you can avoid them. The first step is awareness. By reading this article and sharing it with others, you spread the word about these scams and just how rampant they are. 

From there, you can take several more steps that can keep you far safer during tax time: 

• Be suspicious of emails and phone calls claiming to be from the IRS. The IRS typically contacts people by physical mail, not by email or text. (See their list of ways the IRS will contact you for more details.)

• Never give out personal info on the phone. The IRS will never call to ask for personal info over the phone, and no government agency will ever ask you for money over the phone. Payments demanded in money orders, gift cards, and online payment platforms other than IRS.gov are an absolute red flag. 

• Go straight to the source. Verify all websites and emails, even when it looks like they come from a trusted tax consultant or partner. Go straight to the source instead of clicking on links in emails or texts. 

• Use online protection that sniffs out scams. Features in our McAfee+ plans can help you spot scam sites and texts and our Web Protection and Online Account Cleanup in particular alert you if a link might take you to a sketchy site and help secure your online accounts. They’ll also block those sites if you accidentally tap or click on a bad link.  

• Put preventative measures in place. Check your credit report for unusual activity, keep your social media privacy settings tight, and set strong, unique passwords on your accounts. Features in our McAfee+ plans can help you do all of that, all in one place. 

• Remove your personal info from sketchy data broker sites. Scams over email, phone, and text all require something—your contact info. In many cases, scammers get it from data broker sites. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. 

• Lastly, file your taxes as quickly as possible. One way to keep a scammer from claiming your refund is to claim it first. In some cases, taxpayers only find out they’ve been scammed once they file a return—only to discover that it’s already been filed. 

The post Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds appeared first on McAfee Blog.

Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes

Xiaofeng Wang, a longtime computer science professor at Indiana University, has disappeared along with his wife, and their profiles on the school's website were wiped ahead of recent FBI raids.

An AI Image Generator’s Exposed Database Reveals What People Really Used It For

An unsecured database used by a generative AI app revealed prompts and tens of thousands of explicit images—some of which are likely illegal. The company deleted its websites after WIRED reached out.

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online

Plus: Alleged Snowflake hacker will be extradited to US, internet restrictions create an information vacuum in Myanmar, and London gets its first permanent face recognition cameras.

Even More Venmo Accounts Tied to Trump Officials in Signal Group Chat Left Data Public

WIRED has found four new Venmo accounts that appear to be associated with Trump officials who were in an infamous Signal chat. One made a payment with a note consisting solely of an eggplant emoji.

SignalGate Is Driving the Most US Downloads of Signal Ever

Scandal surrounding the Trump administration’s Signal group chat has led to a landmark week for the encrypted messaging app’s adoption—its “largest US growth moment by a massive margin.”

Mike Waltz Left His Venmo Friends List Public

A WIRED review shows national security adviser Mike Waltz, White House chief of staff Susie Wiles, and other top officials left sensitive information exposed via Venmo—until WIRED asked about it.

SignalGate Isn’t About Signal

The Trump cabinet’s shocking leak of its plans to bomb Yemen raises myriad confidentiality and legal issues. The security of the encrypted messaging app Signal is not one of them.

Using Starlink Wi-Fi in the White House Is a Slippery Slope for US Federal IT

The ad hoc addition to the otherwise tightly controlled White House information environment could create blind spots and security exposures while setting potentially dangerous precedent.

Trump’s Aggression Sours Europe on US Cloud Giants

Companies in the EU are starting to look for ways to ditch Amazon, Google, and Microsoft cloud services amid fears of rising security risks from the US. But cutting ties won’t be easy.

How to Avoid US-Based Digital Services—and Why You Might Want To

Amid growing concerns over Big Tech firms aligning with Trump administration policies, people are starting to move their digital lives to services based overseas. Here's what you need to know.

Low-Cost Drone Add-Ons From China Let Anyone With a Credit Card Turn Toys Into Weapons of War

Chinese ecommerce giants like Temu and AliExpress sell drone accessories like those used by soldiers in the Russia-Ukraine conflict.

End-to-End Encrypted Texts Between Android and iPhone Are Coming

Plus: A nominee to lead CISA emerges, Elon Musk visits the NSA, a renowned crypto cracking firm’s secret (and problematic) cofounder is revealed, and more.

A New Era of Attacks on Encryption Is Starting to Heat Up

The UK, France, Sweden, and EU have made fresh attacks on end-to-end encryption. Some of the attacks are more “crude” than those in recent years, experts say.

‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge

Employees at the Cybersecurity and Infrastructure Security Agency tell WIRED they’re struggling to protect the US while the administration dismisses their colleagues and poisons their partnerships.

The Violent Rise of ‘No Lives Matter’

“No Lives Matter” has emerged in recent months as a particularly violent splinter group within the extremist crime network known as Com and 764, and experts are at a loss for how to stop its spread.

What Really Happened With the DDoS Attacks That Took Down X

Elon Musk said a “massive cyberattack” disrupted X on Monday and pointed to “IP addresses originating in the Ukraine area” as the source of the attack. Security experts say that's not how it works.

Cybercriminals Allegedly Used a StubHub Backdoor to Steal Taylor Swift Tickets

Plus: The world’s “largest illicit online marketplace” gets hit by regulators, police seize the Garantex crypto exchange, and scammers trick targets by making up ransomware attacks.

Trump’s Spy Chief Urged to Declassify Details of Secret Surveillance Program

Tulsi Gabbard, the director of national intelligence, has long held anti-surveillance views. Now she oversees a key surveillance program she once tried to dismantle.

Pentagon Cuts Threaten Programs That Secure Loose Nukes and Weapons of Mass Destruction

Documents obtained by WIRED show the US Department of Defense is considering cutting up to 75 percent of workers who stop the spread of chemical, biological, and nuclear weapons.

The US Army Is Using ‘CamoGPT’ to Purge DEI From Training Materials

Developed to boost productivity and operational readiness, the AI is now being used to “review” diversity, equity, inclusion, and accessibility policies to align them with President Trump’s orders.

US Charges 12 Alleged Spies in China’s Freewheeling Hacker-for-Hire Ecosystem

The Justice Department claims 10 alleged hackers and two Chinese government officials took part in a wave of cyberattacks around the globe that included breaching the US Treasury Department and more.

1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers

New research shows at least a million inexpensive Android devices—from TV streaming boxes to car infotainment systems—are compromised to allow bad actors to commit ad fraud and other cybercrime.

The Trump Administration Is Deprioritizing Russia as a Cyber Threat

Plus: The FBI pins that ByBit theft on North Korea, a malicious app download breaches Disney, spyware targets a priest close to the pope, and more.