This week in scams, the Pokémon Trainer pursuit to “catch ’em all” is being hijacked by criminals posting fake trading card listings online; duping buyers, including young collectors, out of hundreds of dollars. 

Meanwhile, threatening email extortion scams claiming your personal data has been stolen are flooding inboxes around the world. And a viral “wedding photo” of Tom Holland and Zendaya shows how AI-generated images can blur the line between real and fake online. 

Here’s what to know. 

Pokémon Card Scams Surge on Online Marketplaces 

The booming market for collectible Pokémon cards has become a new target for scammers. 

According to reporting from The Straits Times, Singapore police recently arrested a 25-year-old man suspected of running a series of e-commerce scams involving Pokémon trading cards. Victims reportedly lost more than $135,000 after paying for limited-edition cards that never arrived. 

Authorities say the suspect allegedly advertised pre-orders for rare cards on the online marketplace Carousell. After receiving payment through bank transfers or digital payment apps, the seller either became unreachable or claimed there were delivery problems. 

Police say at least 35 reports tied to the suspect have been filed since October 2025, and more broadly there have been over 600 reported Pokémon card e-commerce scams totaling more than $1.1 million in losses during that same period. 

Why this matters: 

Collectibles create the perfect storm for online scams. Limited releases, hype, and rising resale values make buyers feel pressure to act quickly before items “sell out.” Scammers take advantage of that urgency. 

How to Stay Safe When Buying Collectibles Online 

If you’re buying trading cards or other collectibles online: 

• Buy from authorized retailers or well-established marketplaces 
• Avoid sellers who require direct bank transfers or payment apps upfront 
• Use platforms with buyer protection or escrow payment systems 
• Be cautious of sellers who suddenly move the conversation to WhatsApp, Telegram, or other messaging apps 

When demand spikes for a product, whether it’s sneakers, concert tickets, or Pokémon cards, scams usually follow. 

The “Your Data Was Stolen” Email Extortion Scam 

Another scam spreading widely right now arrives in a much more intimidating format: a threatening email claiming hackers have stolen your personal data. 

According to reporting from Fox News, many people are receiving messages that claim the sender has access to their passwords, files, or financial information. The message then demands payment in Bitcoin to prevent the data from being sold on the dark web. 

At first glance, these emails can feel frightening. They often use dramatic language like: 

• “I have your complete personal information” 
• “Your files and devices are compromised” 
• “Pay within 48 hours or your data will be leaked” 

But in most cases, there’s one major problem with the claim. 

There’s no proof. 

Security experts note that these messages usually include no screenshots, no passwords, and no evidence of a real breach. Instead, scammers send the same message to thousands of email addresses at once, hoping a small percentage of recipients will panic and pay. 

Often, the scammers obtained your email address from old data breach lists circulating online, which makes the message feel more believable. 

What to Do If You Receive One of These Emails 

If you receive a threatening extortion email: 

• Do not reply
• Do not send money
• Mark the message as spam or phishing
• Delete it

Reporting the message helps email providers improve spam filters and prevent similar scams from reaching others. 

The biggest tactic here is fear. Once you slow down and evaluate the message, the scam usually falls apart. 

That Viral Tom Holland and Zendaya “Wedding Photo”? AI 

A viral image circulating on social media this week claimed to show Tom Holland and Zendaya’s wedding, sparking massive speculation online. 

But many viewers quickly suspected the image wasn’t real. 

According to reporting on Yahoo Entertainment, the photo appeared to originate from a fan account on X (formerly Twitter) that claimed the image had been “confirmed” by major outlets like Vogue and Cosmopolitan. However, no such confirmation existed, and soon the official label was added marking the content as AI-generated. 

Celebrity rumors already spread quickly online. Add generative AI to the mix, and fabricated images can travel even faster. 

While a fake celebrity wedding photo may seem harmless, the same technology can easily be used in more serious ways. 

AI-generated visuals are already being used to create: 

• Fake celebrity endorsements 
• Fabricated news events 
• Scam ads featuring public figures 
• Fraudulent investment promotions 

The line between real and synthetic content is getting harder to spot. 

How to Spot Potential AI Images 

If a viral image seems surprising or dramatic: 

• Check whether credible news outlets or verified accounts are reporting it 
• Look for visual inconsistencies in hands, text, or background details 
• Reverse image search the photo to see where it first appeared 
• Verify through official sources before sharing 

When something looks shocking online, that’s often exactly why it spreads. McAfee’s built-in Scam Detector can help you spot AI-generated audio and video. 

McAfee’s Safety Tips This Week 

A few simple habits can help reduce your risk across all three of these scenarios: 

• Be cautious when buying high-demand collectibles online 
• Never send money in response to threatening emails 
• Treat viral images and breaking celebrity news with healthy skepticism 
• Use strong, unique passwords and enable two-factor authentication 
• Verify surprising claims through trusted sources before reacting 

Scams today don’t always look like scams. They often look like exciting deals, urgent warnings, or AI depictions of people you trust. 

The best defense is slowing down before clicking, paying, or sharing. 

We’ll Be Back Next Week 

From collectible card fraud to email extortion campaigns and AI-generated viral content, the tactics scammers use may change, but the strategy is the same: manipulate emotion and urgency. 

Stay skeptical, verify before you trust, and we’ll be back next week with another breakdown of the scams making headlines, and what they mean for your security. 

The post This Week in Scams: Pokémon Card Cons, Email Extortion, and a Viral AI Wedding Photo appeared first on McAfee Blog.

Plus: A porn-quitting app exposed the masturbation habits of hundreds of thousands of users, Russian hackers are trying to take over people’s Signal accounts, and more.

Cisco Secure Firewall 10.0 expands protection, better matches security rules to users and apps, & offers better threat detection. Learn more in our blog.

A bipartisan bill would force the FBI to get a warrant to read Americans’ messages and ban the federal purchase of commercial data on US residents ahead of a critical April deadline.

Amid a paralyzing breach of medical tech firm Stryker, the group has come to represent Iran's use of “hacktivism” as cover for chaotic, retaliatory state-sponsored cyberattacks.

The cybersecurity implications of the war in the Middle East extend far beyond the region. Here’s where to focus your defenses.

Orange Business certifies Cisco Catalyst SD-WAN integrated NGFW capabilities, enabling secure, simplified branch protection through a unified SD-WAN architecture for managed services.

Discover how MaxLiveProtect uses eBPF-powered technology to deliver real-time, in-kernel security for modern network infrastructure devices.

RBI advanced isolation controls extend how Cisco Secure Access secures internet access with fine-grained control over how users interact with web-based content.

A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.

Based in Kalamazoo, Michigan, Stryker [NYSE:SYK] is a medical and surgical equipment maker that reported $25 billion in global sales last year. In a lengthy statement posted to Telegram, a hacktivist group known as Handala (a.k.a. Handala Hack Team) claimed that Stryker’s offices in 79 countries have been forced to shut down after the group erased data from more than 200,000 systems, servers and mobile devices.

“All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption,” a portion of the Handala statement reads.

The group said the wiper attack was in retaliation for a Feb. 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. The New York Times reports today that an ongoing military investigation has determined the United States is responsible for the deadly Tomahawk missile strike.

Handala was one of several hacker groups recently profiled by Palo Alto Networks, which links it to Iran’s Ministry of Intelligence and Security (MOIS). Palo Alto says Handala surfaced in late 2023 and is assessed as one of several online personas maintained by Void Manticore, a MOIS-affiliated actor.

Stryker’s website says the company has 56,000 employees in 61 countries. A phone call placed Wednesday morning to the media line at Stryker’s Michigan headquarters sent this author to a voicemail message that stated, “We are currently experiencing a building emergency. Please try your call again later.”

A report Wednesday morning from the Irish Examiner said Stryker staff are now communicating via WhatsApp for any updates on when they can return to work. The story quoted an unnamed employee saying anything connected to the network is down, and that “anyone with Microsoft Outlook on their personal phones had their devices wiped.”

“Multiple sources have said that systems in the Cork headquarters have been ‘shut down’ and that Stryker devices held by employees have been wiped out,” the Examiner reported. “The login pages coming up on these devices have been defaced with the Handala logo.”

Wiper attacks usually involve malicious software designed to overwrite any existing data on infected devices. But a trusted source with knowledge of the attack who spoke on condition of anonymity told KrebsOnSecurity the perpetrators in this case appear to have used a Microsoft service called Microsoft Intune to issue a ‘remote wipe’ command against all connected devices.

Intune is a cloud-based solution built for IT teams to enforce security and data compliance policies, and it provides a single, web-based administrative console to monitor and control devices regardless of location. The Intune connection is supported by this Reddit discussion on the Stryker outage, where several users who claimed to be Stryker employees said they were told to uninstall Intune urgently.

Palo Alto says Handala’s hack-and-leak activity is primarily focused on Israel, with occasional targeting outside that scope when it serves a specific agenda. The security firm said Handala also has taken credit for recent attacks against fuel systems in Jordan and an Israeli energy exploration company.

“Recent observed activities are opportunistic and ‘quick and dirty,’ with a noticeable focus on supply-chain footholds (e.g., IT/service providers) to reach downstream victims, followed by ‘proof’ posts to amplify credibility and intimidate targets,” Palo Alto researchers wrote.

The Handala manifesto posted to Telegram referred to Stryker as a “Zionist-rooted corporation,” which may be a reference to the company’s 2019 acquisition of the Israeli company OrthoSpace.

Stryker is a major supplier of medical devices, and the ongoing attack is already affecting healthcare providers. One healthcare professional at a major university medical system in the United States told KrebsOnSecurity they are currently unable to order surgical supplies that they normally source through Stryker.

“This is a real-world supply chain attack,” the expert said, who asked to remain anonymous because they were not authorized to speak to the press. “Pretty much every hospital in the U.S. that performs surgeries uses their supplies.”

John Riggi, national advisor for the American Hospital Association (AHA), said the AHA is not aware of any supply-chain disruptions as of yet.

“We are aware of reports of the cyber attack against Stryker and are actively exchanging information with the hospital field and the federal government to understand the nature of the threat and assess any impact to hospital operations,” Riggi said in an email. “As of this time, we are not aware of any direct impacts or disruptions to U.S. hospitals as a result of this attack. That may change as hospitals evaluate services, technology and supply chain related to Stryker and if the duration of the attack extends.”

According to a March 11 memo from the state of Maryland’s Institute for Emergency Medical Services Systems, Stryker indicated that some of their computer systems have been impacted by a “global network disruption.” The memo indicates that in response to the attack, a number of hospitals have opted to disconnect from Stryker’s various online services, including LifeNet, which allows paramedics to transmit EKGs to emergency physicians so that heart attack patients can expedite their treatment when they arrive at the hospital.

“As a precaution, some hospitals have temporarily suspended their connection to Stryker systems, including LIFENET, while others have maintained the connection,” wrote Timothy Chizmar, the state’s EMS medical director. “The Maryland Medical Protocols for EMS requires ECG transmission for patients with acute coronary syndrome (or STEMI). However, if you are unable to transmit a 12 Lead ECG to a receiving hospital, you should initiate radio consultation and describe the findings on the ECG.”

This is a developing story. Updates will be noted with a timestamp.

Update, 2:54 p.m. ET: Added comment from Riggi and perspectives on this attack’s potential to turn into a supply-chain problem for the healthcare system.

Update, Mar. 12, 7:59 a.m. ET: Added information about the outage affecting Stryker’s online services.

Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday.

Social media is often a visibility gap for security teams. Learn how to protect against impersonation and defend this platform.

Tax season is a headache for many people, and when a shortcut promises to make filing easier, it’s hard to resist. This year, one of the newest trends is using AI chatbots like ChatGPT to help prepare tax returns.

According to new McAfee research, 30% of people say they plan to use an AI tool, such as ChatGPT, to help with their taxes, with younger adults leading the trend. 

At first glance, it makes sense. AI tools can explain confusing tax rules, summarize IRS forms, and answer questions instantly. 

But there’s an important line that should never be crossed: Do not enter your personal tax information into AI chatbots. 

That includes Social Security numbers, income records, home addresses, bank details, or anything else tied to your identity. 

Here’s why: 

Typing Your Tax Info Into a Chatbot Is Like Posting It Online 

Think about it this way: when you type something into an AI chatbot, you’re sending that information over the internet to a system that processes and stores data. 

In practical terms, entering sensitive information into an AI tool is similar to typing it directly into a search engine or submitting it to an online form. 

Once it leaves your device, you lose direct control over where it travels and how it may be stored. 

Even companies with strong security protections are transparent about this risk. 

OpenAI’s privacy documentation explains that they use encryption and strict access controls to protect user data. However, they also note that no internet transmission or digital storage system can be guaranteed completely secure. 

This is true across the internet, not just for AI tools.  

Even Secure Systems Can Experience Breaches 

Security incidents can happen anywhere online, including companies with robust security programs. 

For example, in late 2025, OpenAI disclosed a security incident involving a third-party analytics provider called Mixpanel. The breach occurred within the vendor’s systems, not OpenAI’s infrastructure, but some limited user profile data associated with the platform was exposed. 

According to OpenAI’s disclosure, the data involved information such as: 

• Names associated with accounts 
• Email addresses 
• Approximate location data 
• Browser and device information 

Importantly, chat content, passwords, payment information, and government IDs were not exposed in that incident. 

But the event highlights a broader cybersecurity reality: 

Even when a company takes strong security precautions, third-party services, vendors, and other parts of the digital ecosystem can still introduce risk. 

That’s why cybersecurity experts recommend limiting what personal information you share online whenever possible. 

Why Tax Data Is Especially Dangerous to Share 

Tax information is one of the most valuable targets for cybercriminals. 

If scammers obtain the details commonly found in tax filings, they may be able to: 

• Commit tax refund fraud 
• Open financial accounts in your name 
• Conduct identity theft 
• Launch highly personalized phishing attacks 

Tax returns typically include multiple pieces of highly sensitive data, including: 

• Social Security numbers 
• Home addresses 
• Employer and income information 
• Banking details for refunds 
• Family member information 
• Entering these details into any tool outside of a secure tax platform significantly increases risk. 

Safer Ways to File Your Taxes 

Instead of relying on AI chatbots for filing, stick with trusted tax preparation options designed to securely handle sensitive data: 

• Official tax software platforms 
• Licensed tax professionals 
• IRS-approved free filing services 

These systems are specifically built with compliance, encryption, and identity verification in mind. 

AI tools can be incredibly useful for learning and research. But they are not secure tax filing platforms. 

If you wouldn’t feel comfortable posting your Social Security number publicly online, you shouldn’t paste it into a chatbot either. When it comes to taxes, the safest rule is simple: Use AI for advice, not for your personal data. 

The post Using an AI like ChatGPT to File Your Taxes? Stop and Read This First appeared first on McAfee Blog.

Department of Homeland Security leaders removed top privacy officers who objected to mislabeling government records to block their public release, WIRED has learned.

Delivery apps are glitching and navigation routes are changing abruptly thanks to electronic warfare disrupting the satellite signals that power everything from missiles to your ride home.

Cisco Security and Splunk protected Cisco Live Amsterdam with the first conference Security Operations Center. Learn about the latest innovations for the SOC of the Future.

Cisco Secure Firewall with Encrypted Visibility Engine protected Cisco Live Amsterdam. Learn about the latest innovations for the SOC of the Future.

During Cisco Live EMEA we noticed a variety of AI tools being used across the network. Let’s take a closer look at what tools were seen in the network traffic.

Cisco XDR, Splunk, Cisco Secure Firewall, and Endace (Zeek) were used to investigate a spike in security alerts at Cisco Live EMEA, quickly distinguishing genuine threats from environmental noise through correlated incident analysis and network context.

The Cisco Live Amsterdam SOC team upgraded to Secure Firewallversion 10.0, deploying new Splunk integrations and Advanced Loggingfeatures to enhance SIEM data quality and visibility, streamlineconfiguration.