FreshRSS

🔒
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
△ 🔃
There are new available articles, click to refresh the page.
Today — February 14th 2026Your RSS feeds

Ring Kills Flock Safety Deal After Super Bowl Ad Uproar

By: Maddy Varner, Andrew Couts
Plus: Meta plans to add face recognition to its smart glasses, Jared Kushner named as part of whistleblower’s mysterious national security complaint, and more.

Robot Dogs Are on Going on Patrol at the 2026 World Cup in Mexico

By: Jorge Garay
The Mexican city of Guadalupe, which will host portions of the 2026 World Cup, recently showed off four new robot dogs that will help provide security during matches at BBVA Stadium.
Before yesterdayYour RSS feeds

Crypto-Funded Human Trafficking Is Exploding

By: Andy Greenberg
The use of cryptocurrency in sales of human beings for prostitution and scam compounds nearly doubled in 2025, according to a conservative estimate. Many of the deals are happening in plain sight.

ICE Is Crashing the US Court System in Minnesota

By: Maddy Varner
Petitions demanding people get the chance to be released from ICE custody have overwhelmed courts throughout the US.

CBP Signs Clearview AI Deal to Use Face Recognition for ‘Tactical Targeting’

By: Dell Cameron
US Border Patrol intelligence units will gain access to a face recognition tool built on billions of images scraped from the internet.

AI Is Here to Replace Nuclear Treaties. Scared Yet?

By: Matthew Gault
The last major nuclear arms treaty between the US and Russia just expired. Some experts believe a combination of satellite surveillance, AI, and human reviewers can take its place. Others, not so much.

Iran’s Digital Surveillance Machine Is Almost Complete

By: Lily Hay Newman, Matt Burgess
After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame.

ICE Agent’s ‘Dragging’ Case May Help Expose Evidence in Renee Good Shooting

By: Dell Cameron
The government has withheld details of the investigation of Renee Good’s killing—but an unrelated case involving the ICE agent who shot her could force new revelations.

ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

By: Dell Cameron, Maddy Varner
ICE has used Mobile Fortify to identify immigrants and citizens alike over 100,000 times, by one estimate. It wasn't built to work like that—and only got approved after DHS abandoned its own privacy rules.

Notepad++ Users, You May Have Been Hacked by China

By: Dan Goodin, Ars Technica
Suspected Chinese state-backed hackers hijacked the Notepad++ update infrastructure to deliver a backdoored version of the popular free source code editor and note-taking app for Windows.

The Paramilitary ICE and CBP Units at the Center of Minnesota's Killings

By: Ali Winston
Two agents involved in the shooting deaths of US citizens in Minneapolis are reportedly part of highly militarized DHS units whose extreme tactics are generally reserved for war zones.

ICE and Qatari Security Forces at the Winter Olympics Put Italians on Edge

By: Luigi Mastrodonato
The influx of security personnel from around the world is sparking concern among Italians ahead of the Milano Cortina Olympic Games.

Jeffrey Epstein Had a ‘Personal Hacker,’ Informant Claims

By: Lily Hay Newman, Matt Burgess, Andy Greenberg
Plus: AI agent OpenClaw gives cybersecurity experts the willies, China executes 11 scam compound bosses, a $40 million crypto theft has an unexpected alleged culprit, and more.

How to Film ICE

By: Matt Burgess, Lily Hay Newman, Maddy Varner, Andy Greenberg
Filming federal agents in public is legal, but avoiding a dangerous—even deadly—confrontation isn’t guaranteed. Here’s how to record ICE and CBP agents as safely as possible and have an impact.

This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion

By: Brooke Seipel

This week in scams, three headlines tell the same story: attackers are getting better at manipulating people, not just breaking into systems. We’re seeing a wave of intrusions tied to social engineering, a major delivery platform confirming a breach amid extortion claims, and a big tech headline that has a lot of people rethinking how apps handle their data. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so you can spot risk earlier and avoid getting pulled into someone else’s playbook. 

Let’s get into it. 

A Wave of Cyberattacks Hits Bumble, Match, Panera, and CrunchBase 

The big picture: Several major brands were hit by cybersecurity incidents tied to social engineering tactics like phishing and vishing. 

What happened: Bloomberg reported that Bumble, Match Group, Panera Bread, and CrunchBase each confirmed incidents.  

Bumble said a contractor account was compromised in a phishing incident, which led to brief unauthorized access to a small portion of its network, and said its member database, accounts, messages, and profiles were not accessed.  

Panera said an attacker accessed a software application it used to store data, and said the data involved was contact information.  

Match said the incident affected a limited amount of user data, and said it saw no indication that user logins, financial information, or private communications were accessed.  

CrunchBase said documents on its corporate network were impacted, and said it contained the incident. 

According to Bloomberg, cybersecurity firm Mandiant has also warned about a hacking campaign linked to a group that calls itself ShinyHunters. The group is using vishing, which means scam phone callsto trick people into giving up their login information. Once attackers get those logins, they can access cloud tools and online work systems that companies use every day. The group has said they are behind some of these recent attacks, but that has not been independently confirmed. 

Red flags to watch for: 

Calls that pressure you to approve a login, reset credentials, or share a one-time code 

Messages posing as IT support, a vendor, or “security” that try to rush you 

MFA prompts you did not initiate 

“Quick verification” requests that bypass normal internal processes 

How this works: Social engineering works because it blends into normal life. A convincing message or call gets someone to do one small “reasonable” thing. Approve a prompt. Read a code. Reset access. That is often all an attacker needs to get inside with legitimate credentials, then pivot into the tools where valuable data lives. 

TikTok’s Privacy Policy Update Sparks Backlash 

Ok, we know this is called “This Week in Scams” but this is also a cybersecurity newsletter. So when the biggest tech and privacy headline of the week is TikTok updating its privacy policy, we have to talk about it. 

The big picture: TikTok’s updated terms and privacy policy are raising fresh questions about what data is collected, especially around location. 

What happened: TikTok confirmed last week that a new U.S.-based entity is in control of the app after splitting from ByteDance earlier this year. That same day, CBS reported TikTok published updated terms and a new privacy policy, which prompted backlash on social media. 

CBS reported that one major point of concern is language stating TikTok may collect precise location information if users enable location services in device settings. This is reportedly a shift from previous policy language, and TikTok said it plans to give U.S. users a prompt to opt in or opt out when precise location features roll out. 

According to CBS, some users are also concerned the new privacy policy would allow the TikTok to more easily share their private data with the federal and local government. 

That fear is based on a change in policy language stating that TikTok “processes such sensitive personal information in accordance with applicable law.” 

A quick, practical takeaway: This is a good reminder that “privacy policy drama” usually comes down to one thing you can actually control: your app permissions. 

What to do (general privacy steps): 

Check your phone settings for TikTok and confirm whether location access is Off, While Using, or Always. 

If your device supports it, consider turning off precise location for apps that do not truly need it. 

Do a quick permission sweep across social apps: location, contacts, photos, microphone, camera, and Bluetooth. 

Make sure your account is protected with a strong, unique password and two-factor authentication. 

Note: This is not a recommendation about whether to keep or remove any specific app. It’s a reminder that your device settings matter and they are worth revisiting. 

Grubhub Confirms a Data Breach Amid Reports of Extortion 

The big picture: Even when a company says payment details were not affected, a breach can still create risk because stolen data often gets reused for phishing. 

What happened: According to BleepingComputer, Grubhub confirmed unauthorized individuals downloaded data from certain systems and that it investigated, stopped the activity, and is taking steps to strengthen security. Sources told BleepingComputer the company is facing extortion demands tied to stolen data. Grubhub said sensitive information like financial details and order history was not affected, and did not provide more detail on timing or scope. 

Red flags to watch for next: Breach headlines are often followed by scam waves. Be on alert for: 

“Refund” or “order problem” emails you did not request 

Fake customer support messages asking you to verify account details 

Password reset prompts you did not initiate 

Links to “resolve your account” that don’t come from a known, official domain 

How this works: Customer support systems can contain personal details that make scams feel real. Names, emails, and account notes are often enough for attackers to craft messages that sound like legitimate help, especially when the brand is already in the news. 

Google search tab on laptop

Fake Chrome Extensions Are Quietly Taking Over Accounts 

The big picture: Some browser extensions that look like normal workplace tools are actually designed to hijack accounts and lock users out of their own security controls. 

What happened: Security researchers told Fox News that they uncovered a campaign involving malicious Google Chrome extensions that impersonate well-known business and human resources platforms, including tools commonly used for payroll, benefits, and workplace access. 

Researchers identified several fake extensions that were marketed as productivity or security tools. Once installed, they quietly ran in the background without obvious warning signs. According to Fox News, Google said the extensions have been removed from the Chrome Web Store, but some are still circulating on third-party download sites. 

How the scam actually works: Instead of stealing passwords directly, the extensions captured active login sessions. When you sign into a website, your browser stores small files that keep you logged in. If attackers get access to those files, they can enter an account without ever knowing the password. 

Some extensions went a step further by interfering with security settings. Victims were unable to change passwords, review login history, or reach account controls. That made it harder to detect the intrusion and even harder to recover access once something felt off. 

Why this matters: This kind of attack removes the safety net people rely on when accounts are compromised. Password resets and two-factor authentication only help if you can reach them. By cutting off access to those tools, attackers can maintain control longer and move through connected systems with less resistance. 

What to watch for: 

Browser extensions you don’t remember installing 

Add-ons claiming to manage HR, payroll, or internal business access 

Missing or inaccessible security settings on accounts 

Being logged into accounts you did not recently open 

A quick safety check: Take a few minutes to review your browser extensions. Remove anything unfamiliar or unnecessary, especially tools tied to work platforms. Extensions have deep access to your browser, which means they deserve the same scrutiny as any other software you install. 

McAfee’s Safety Tips for This Week 

Be skeptical of “helpful” tools. Browser extensions, workplace add-ons, and productivity tools can have deep access to your accounts. Only install what you truly need and remove anything unfamiliar. 

Treat calls and prompts with caution. Unexpected login requests, MFA approvals, or “IT support” outreach are common entry points for social engineering. If you didn’t initiate it, pause and verify. 

Review app and browser permissions. Take a few minutes to check what apps and extensions can access your location, accounts, and data. Small changes here can significantly reduce risk. 

Protect your logins first. Use strong, unique passwords and enable two-factor authentication on email and work-related accounts. If attackers get your email, they can reset almost everything else. McAfee’s Password Manager can help you create and store unique passwords for all of your accounts.  

Expect follow-up scams after headlines. When breaches or policy changes make the news, scammers often follow with phishing messages that reference them. Extra skepticism in the days and weeks after a story breaks can prevent bigger problems later. 

The post This Week in Scams: Dating App Breaches, TikTok Data, Grubhub Extortion appeared first on McAfee Blog.

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account

By: Andy Greenberg
AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had with the company’s stuffed animals.

Buying Harry Styles Tickets? Avoid These Common Ticket Scams

By: Brooke Seipel
concert crowd

As Harry Styles concert tickets go on sale for his first tour in years, cybersecurity experts warn that the same excitement driving ticket registrations and social chatter will also drive a spike in ticket scams across social media, email, and text messages. 

“When demand spikes around a major tour, ticket scams spike too,” said Abhishek Karnik, Head of Threat Research at McAfee. “We saw this during recent major ticket releases, including the Oasis reunion, when McAfee Labs identified more than 2,000 suspicious ticket listings online.” 

“Scammers take advantage of the urgency fans already feel, and the fear of missing out, inserting themselves into social posts, DMs, and text threads with offers that sound normal and believable,” Karnik added.

“Avoid interacting with unknown sellers, especially when offers are made over social media,” Karnik said. “Payments made via wire transfers, cryptocurrency, gift cards, or peer-to-peer platforms like Venmo or Zelle are often not recoverable, which is why it’s safer to buy directly from official ticketing sites or well known resale platforms.”

Where, When, and How to Get Harry Styles Tickets 

Styles announced Together, Together on January 22, marking his first tour since 2023. 

The residency-style run spans seven cities worldwide: Amsterdam, London, São Paulo, Mexico City, New York, Melbourne, and Sydney. Shows begin in May and continue through December. 

New York City is the only North American stop, making competition for tickets especially intense for U.S. fans. In fact, a record-breaking 11.5 million people have already registered for ticket information to attend the Madison Square Garden stop alone. For context, the capacity for that venue is just 19,500 people.  

According to The Hollywood Reporter, that means just 5% of people who signed up for U.S. tickets will be able to buy them when they go on sale this week.  

American Express access presale ticket sales are already live, and Ticketmaster is the primary platform handling official sales.  

The rest of the Together, Together tour tickets will be released in two stages:  

  1. General on sale for NYC dates August 26 – October 9 begins on Friday, January 30.  
  2. General on sale for October 10 – 31 begins Wednesday, February 4. 

That staggered release schedule matters. Multiple on-sale moments mean repeated waves of urgency, which scammers often mirror with fake “last chance” messages, counterfeit presale links, or impersonations of ticketing platforms and customer support. 

What do Harry Styles tickets cost right now 

Ticket prices range widely by seat location and package, with outlets reporting lower prices starting in the $100 range. However, premium seats climb past $1,000. According to Forbes, the average ticket price of his 2022 tour was $113. 

That context matters, because it helps fans recognize the biggest red flag in ticket fraud: a too-good-to-be-true price.  

If you are seeing “floor seats for $50” while reputable platforms are showing far higher prices for comparable sections, that is not a deal. It is a hook for a scammer. 

How ticket scams work 

Ticket scams rarely start with “Buy my fake ticket.” They start with the conditions that make people easy to rush: too much noise, too many messages, and too little time to verify what’s real. 

McAfee’s State of the Scamiverse survey of 7,500 consumers found people now receive 14 scam messages per day on average, and spend a “time tax” of 114 hours a year sorting real from fake. In that environment, criminals don’t need you to be careless. They just need you to be busy. And major ticket drops create the perfect opening: high demand, fast-moving queues, and price shock that makes a “good deal” feel like something you have to grab immediately. 

What’s changed is that scams don’t even need a link anymore. The report found more than 1 in 4 people (26%) say suspicious social messages now arrive without a URL, and 44% admit they reply to those linkless DMs anyway, often triggering the next step of the scam. That’s the blueprint behind many ticket scams today: a believable message, a quick pivot to payment, and pressure to move fast before you can verify. 

Below are among the most common ticket-scam patterns to watch for, and exactly how they play out. 

Ticket fraud 

Ticket fraud is when someone advertises tickets, takes payment, and delivers nothing, or delivers tickets that do not work at the door. This includes fake screenshots, fake confirmation emails, and counterfeit QR codes. 

How it plays out: 

  • A seller claims they “cannot make the show.” 
  • They ask you to pay quickly to “hold” the tickets. 
  • They send a screenshot of a ticket or order email. 
  • The tickets never arrive, or the QR code fails when scanned. 

Resale duplication scams 

resale duplication scam happens when the scammer sells the same ticket to multiple buyers. Sometimes the scammer has one legitimate ticket and sells it repeatedly. Sometimes they have none and simply reuse the same screenshot. 

How it plays out: 

  • You receive something that looks real. 
  • Multiple people show up with the same ticket. 
  • Only the first scan gets in. 

Phishing scams 

phishing scam is a message designed to trick you into clicking a link or sharing personal information. Ticket phishing often pretends to be from Ticketmaster, a venue, a presale program, or customer support. 

How it plays out: 

  • “Your tickets are on hold, confirm within 10 minutes.” 
  • “Unusual activity detected. Verify your account.” 
  • “Your payment failed. Update billing.” 

Modern phishing messages can look polished and grammatically clean, which is why relying on spelling errors is no longer a reliable defense. 

Cloned ticket websites 

cloned ticket website is a fake site made to look like a legitimate seller. These sites are built to capture your payment info, personal data, or both. 

How it plays out: 

  • You click an ad or link from social media. 
  • The site looks legitimate, but the URL is slightly off. 
  • You “buy” tickets and either receive nothing or later see fraud on your card. 

Ticket transfer and account takeover scams 

ticket transfer scam exploits the fact that many tickets are digital and transferable. A related risk is account takeover, where scammers steal your ticketing login and transfer tickets out of your account. 

How it plays out: 

  • You get a message claiming your account needs verification. 
  • You enter credentials on a fake page. 
  • The attacker logs in and transfers tickets away. 

Fake customer support scams 

fake customer support scam is when scammers pose as a company’s help desk, often after you post publicly that you need help. 

How it plays out: 

  • You tweet, post, or comment about ticket issues. 
  • An “agent” messages you first. 
  • They ask for login details, a code, or payment to “unlock” tickets. 

A true scam story: Henry’s last-minute ticket scam 

Henry A. had been trying for weeks to score a ticket to see Tyler, the Creator in Dallas. Even without a confirmed seat, he headed to the venue hoping for a miracle. And that’s when the message came in, someone nearby claimed to have extra tickets.  

The seller said he was just outside too. The price? Reasonable enough. The tone? Casual and confident. All Henry had to do was send half the money to hold the tickets.  

Minutes later, he sent the full $280.  

“I was already in line—excited, hopeful, and just trying to get in. That made me an easy target.”  

The seller began stalling. Then came a screenshot—another buyer offering a higher price. He pressured Henry to pay more. When Henry refused, the seller blocked him. 

Just like that, the tickets were gone. So was the money. And Henry and his friend never made it into the show.  

“I sent $280 and got blocked. We never made it inside.”  

What makes Henry’s experience so common is not the platform. It is the pattern: 

  • A believable story 
  • A “reasonable” price 
  • A fast-moving negotiation 
  • A sudden change in terms 
  • Pressure, then disappearance 

How to spot a ticket scam fast 

Use these red flags as a reality filter: 

Red Flag  What It Looks Like in Real Life 
Price mismatch  Tickets priced far below or far above comparable listings on official or verified resale platforms. 
Urgency tactics  Messages pushing “last chance,” “only today,” or claiming someone else is about to buy. 
Unprotected payment requests  Asking for wire transfers, cryptocurrency, gift cards, or peer-to-peer payments to strangers. 
Off-platform pressure  Requests to move the transaction to text, DMs, or email instead of using an official site. 
Refusal to verify tickets  Sellers unwilling to use a verified resale platform or provide proof that can be independently confirmed. 
Suspicious links  Shortened URLs, unusual domains, or ticket links sent through direct messages. 

Safer ways to buy tickets 

If you want the simplest rule: buy through official ticketing and verified resale platforms that offer buyer protection. Scammers can create fake accounts anywhere, but they cannot easily bypass legitimate purchase protections. 

Practical steps: 

  1. Go direct: Type the official ticketing URL into your browser, do not follow random links. 
  2. Use protected payment: Credit cards generally offer stronger dispute options than unprotected transfers. 
  3. Avoid risky payment demands: Crypto, gift cards, and wires are common in fraud because they are hard to reverse. 
  4. Secure your accounts: Use strong passwords and enable two-factor authentication where available. 
  5. Pause before paying: Scammers depend on emotional momentum. 

How Scam Detector can help 

Tools like McAfee’s Scam Detector can act as a second set of eyes when messages or links are designed to rush you.  

Scam detection can help flag suspicious language patterns, risky links, and social engineering tactics before money leaves your account. 

The post Buying Harry Styles Tickets? Avoid These Common Ticket Scams appeared first on McAfee Blog.

ICE Is Using Palantir’s AI Tools to Sort Through Tips

By: Caroline Haskins, Makena Kelly
ICE has been using an AI-powered Palantir system to summarize tips sent to its tip line since last spring, according to a newly released Homeland Security document.

How McAfee’s Scam Detector Checks QR Codes and Social Messages

By: Brooke Seipel
QR Scan Example

Scams don’t always arrive with obvious warning signs. 

They show up as QR codes on parking meters. As casual DMs that start with “Hey.” As social messages that feel routine enough to respond to without thinking twice. 

That shift has created a new burden for consumers. According to McAfee’s 2026 State of the Scamiverse reportAmericans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That is nearly three full workweeks lost to second-guessing messages, alerts, links, and notifications. 

McAfee’s upgraded Scam Detector is designed to meet people in those exact moments, with enhancements rolling out across core McAfee plans beginning in February. 

The latest improvements add instant QR code scam checks and smarter social messaging protection, making it easier to spot scams before they escalate. 

Figure 1: An example of a suspicious text being flagged by McAfee’s Scam Detector 

Figure 1: An example of a suspicious text being flagged by McAfee’s Scam Detector 

What’s new in McAfee’s Scam Detector 

Scams now move quickly across platforms and formats, often escalating in minutes once someone engages. Among people who were harmed by a scam, the typical scam unfolded in about 38 minutes. 

That speed leaves little room for hesitation. Scam protection has to work in real time, not after the damage is done. 

McAfee’s latest Scam Detector upgrades are designed around that reality, adding: 

  • Instant QR code safety checks, so users can assess risk before tapping 
  • Smarter social messaging protection, with clearer warnings for suspicious texts, emails, and DMs, even when no link is present 

These Scam Detector upgrades will begin rolling out in February across all core McAfee plans, bringing real-time protection to the moments where scams escalate fastest. 

QR codes, quishing, and why instant scans are needed 

QR codes were designed for convenience. That is exactly why scammers use them. 

Cybercriminals increasingly hide malicious links behind QR codes placed on menus, parking meters, packages, posters, and public signage. People scan quickly, often without stopping to evaluate where the code leads. 

McAfee research shows how common this risk has become: 

  • 68% of people scanned a QR code in the past three months 
  • 18% landed on a suspicious or unsafe page after scanning 
  • Among those who did, more than half took risky actions such as entering personal information, installing an app, or connecting a digital wallet 

QR Scan Example

Figure 2. A still from a demo video, showing a risky QR code being blocked by McAfee’s Scam Detector 

Social media scams and the rise of linkless messages 

Phishing is no longer confined to emails with obvious red flags. 

Scams now arrive through WhatsApp, Instagram, Messenger, Telegram, and other social platforms, often starting as vague or friendly messages designed to lower suspicion rather than trigger alarm. 

McAfee’s research highlights a key shift: more than one in four suspicious social messages contain no link at all, and 44% of Americans say they have replied to a suspicious DM with no link. 

These messages rely on familiarity and momentum. A short greeting. A warning about an account issue. A promise of easy money. By the time a request or link appears, the conversation already feels normal. 

And the economic impact of these scams is significant. According to the FTC, social media scams drove $1.9 billion in reported losses in 2024, making social platforms one of the top channels for fraud and identity theft. 

That’s why McAfee’s Scam Detector includes smarter social messaging protection, delivering clearer warnings for suspicious texts, emails, and DMs, even those without risky links, across popular platforms. The focus is on identifying suspicious patterns and behavior, not just URLs. 

Users can take a quick screenshot of their social media content on social media, and McAfee’s Scam Detector will analyze the message for suspicious activity. 

Get protection that works before scams escalate 

The stakes are high: 

  • One in three Americans has lost money to a scam 
  • Among those who lost money, the average loss was $1,160 
  • 15% of scam victims fall for another scam within a year 

Scams are not just increasing in volume. They are becoming more personal, more believable, and easier to scale using AI. 

McAfee’s upgraded Scam Detector is designed to stay ahead of those shifts, offering real-time guidance when it matters most, whether that’s a suspicious QR code, a vague DM, or a message that feels just normal enough to trust. 

The enhanced Scam Detector, including instant QR code checks and smarter social messaging protection, will begin rolling out in February across all core McAfee plans. 

The post How McAfee’s Scam Detector Checks QR Codes and Social Messages appeared first on McAfee Blog.

McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real

By: Brooke Seipel

Merriam-Webster’s word of 2025 was “slop.” Specifically, AI slop. 

Low-effort, AI-generated content now fills social feeds, inboxes, and message threads. Much of it is harmless. Some of it is entertaining. But its growing presence is changing what people expect to see online.

McAfee’s 2026 State of the Scamiverse report shows that scammers are increasingly using the same AI tools and techniques to make fraud feel familiar and convincing. Phishing sites look more legitimate. Messages sound more natural. Conversations unfold in ways that feel routine instead of suspicious.

According to McAfee’s consumer survey, Americans now spend an average of 114 hours a year trying to determine whether the messages they receive are real or scams. That’s nearly three full workweeks lost not to fraud itself, but to hesitation and doubt.

As AI-generated content becomes more common, the traditional signals people relied on to spot scams, such as strange links and awkward grammar, are fading. That shift does not mean everything online is dangerous. It means it takes more effort to tell what is real from what is malicious.

The result is growing uncertainty. And a rising cost in time, attention, and confidence.

The average American receives 14 scam messages a day 

Scams are no longer occasional interruptions. They are a constant background noise. 

According to the report, Americans receive an average of 14 scam messages per day across text, email, and social media.  

Many of these messages do not look suspicious at first glance. They resemble routine interactions people are conditioned to respond to. 

  • Delivery notices 
  • Account verification requests 
  • Subscription renewals  
  • Job outreach 
  • Bank alerts 
  • Charity appeals 

And with the use of AI tools, scammers are churning out these scam messages and making them look extremely realistic.

That strategy is working. One in three Americans says they feel less confident spotting scams than they did a year ago.  

 

scam statsFigure 1. Types of scams reported in our consumer survey. 

Most scams move fast, and many are over in minutes 

The popular image of scams often involves long email threads or elaborate schemes. In reality, many modern scams unfold quickly. 

Among Americans who were harmed by a scam, the typical scam played out in about 38 minutes 

That speed matters. It leaves little time for reflection, verification, or second opinions. Once a person engages, scammers often escalate immediately. 

Still, some scammers play the long game with realistic romance or friendship scams that turn into crypto pitches or urgent requests for financial support. Often these scams start with no link at all, but just a familiar DM.

In fact, the report found that more than one in four suspicious social messages contain no link at all, removing one of the most familiar warning signs of a scam.  And 44% of people say they have replied to a suspicious direct message without a link 

Linkless DM scams seek to build trust before asking victims for money.

The cost is not just money. It is time and attention. 

Financial losses from scams remain significant. One in three Americans report losing money to a scam. Among those who lost money, the average loss was $1,160 

But the report argues that focusing only on dollar amounts understates the broader impact: scams also cost time, attention, and emotional energy. 

People are forced to second-guess everyday digital interactions. Opening a message. Answering a call. Scanning a QR code. Responding to a notification. That time adds up. 

And who doesn’t know that sinking feeling when you realize a message you opened or a link you clicked wasn’t legitimate?

map of annual scam losses globally 2025

Figure 3. World Map of Average Scam Losses. 

Why AI slop makes scams harder to spot 

The rise of AI-generated content has changed the baseline of what people expect online. It’s now an everyday part of life.

According to the report, Americans say they see an average of three deepfakes per day 

Most are not scams. But that familiarity has consequences. 

When AI-generated content becomes normal, it becomes harder to recognize when the same tools are being used maliciously. The report found that more than one in three Americans do not feel confident identifying deepfake scams, and one in ten say they have already experienced a voice-clone scam. Voice clone scams often feature AI deepfake audio of public figures, or even people you know, requesting urgent financial support and compromising information.

These AI-generated scams also come in the form of phony customer support outreach, fake job opportunities and interviews, and illegitimate investment pitches.

Account takeovers are becoming routine 

Scams do not always end with an immediate financial loss. Many are designed to gain long-term access to accounts. 

The report found that 55% of Americans say a social media account was compromised in the past year 

Once an account is taken over, scammers can impersonate trusted contacts, spread malicious links, or harvest additional personal information. The damage often extends well beyond the original interaction. 

What not to do in 2026Scams are blending into everyday digital life 

What stands out most in the 2026 report is how thoroughly scams have blended into normal online routines. 

Scammers are embedding fraud into the same systems people rely on to work, communicate, and manage their lives. 

  • Cloud storage alerts (such as Google Drive or iCloud notices) warning that storage is full or access will be restricted unless action is taken, pushing users toward fake login pages.
  • Shared document notifications that appear to come from coworkers or collaborators, prompting recipients to open files or sign in to view a document that does not exist.
  • Payment confirmations that claim a charge has gone through, pressuring people to click or reply quickly to dispute a transaction they do not recognize.
  • Verification codes sent unexpectedly, often as part of account takeover attempts designed to trick people into sharing one-time passwords.
  • Customer support messages that impersonate trusted brands, offering help with an issue the recipient never reported.

Cloud scam Example

Figure 4: Example of a cloud scam message. 

The Key Takeaway

Not all AI-generated content is a scam. Much of what people encounter online every day is harmless, forgettable, or even entertaining. But the rapid growth of AI slop is creating a different kind of risk.

Constant exposure to synthetic images, videos, and messages is wearing down people’s ability to tell what is real and what is manipulated. The State of the Scamiverse report shows that consumers are already struggling with that distinction, and the data suggests the consequences are compounding. As digital noise increases, so does fatigue. And fatigue is exactly what scammers exploit.

FTC data shows losses from scams continuing to climb, and McAfee Labs is tracking a rise in fraud that blends seamlessly into everyday digital routines. Cloud storage warnings, shared document notifications, payment confirmations, verification codes, and customer support messages are increasingly being mimicked or abused by scammers because they look normal and demand quick action.

The danger of the AI slop era is not that everything online is fake. The danger is that people are being forced to question everything. That constant doubt slows judgment, erodes confidence, and creates openings for fraud to scale.

In 2026, the cost of scams is no longer measured only in dollars lost. It is measured in time, attention, and trust, and those losses are still growing.

Learn more and read the full report here.

FAQ: Understanding the AI Slop Era and Modern Scams 

Q: What is AI slop?  

A: The term refers to the flood of low-quality, AI-generated content now common online. While much of it is harmless, constant exposure can make it harder to identify when similar technology is used for scams.   
Q: How much time do Americans lose to scams?  

A: Americans spend 114 hours a year determining whether digital messages and alerts are real or fraudulent. That is nearly three workweeks.   
Q: How fast do scams happen today?  

A: Among people harmed by scams, the typical scam unfolds in about 38 minutes from first interaction to harm.   
Q: How common are deepfake scams?  

A: Americans report seeing three deepfakes per day on average, and one in ten say they have experienced a voice-clone scam.   

 

The post McAfee Report: In the AI Slop Era, Americans Spend Weeks Each Year Questioning What’s Real appeared first on McAfee Blog.

Judge Delays Minnesota ICE Decision While Weighing Whether State Is Being Illegally Punished

By: Dell Cameron
A federal judge ordered a new briefing due Wednesday on whether DHS is using armed raids to pressure Minnesota into abandoning its sanctuary policies, leaving ICE operations in place for now.

Deepfake ‘Nudify’ Technology Is Getting Darker—and More Dangerous

By: Matt Burgess
Sexual deepfakes continue to get more sophisticated, capable, easy to access, and perilous for millions of women who are abused with the technology.

This Week in Scams: Netflix Phishing and QR Code Espionage

By: Brooke Seipel
Couple watching Netflix

This week in scams, attackers are leaning hard on familiar brands, everyday tools, and routine behavior to trigger fast, unthinking reactions. From fake Netflix billing alerts to malicious browser extensions and QR code phishing tied to foreign espionage, the common thread is trust being weaponized at exactly the right moment. 

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it. 

Netflix Billing Emails Are Back… And Still Catching People Off Guard 

The big picture: Subscription phishing is resurging, with scammers impersonating Netflix and using fake billing failures to push victims into handing over payment details. 

What happened: Multiple Netflix impersonation emails circulated again this month, warning recipients that a payment failed and urging them to “update payment” to avoid service interruption. The messages closely mirror Netflix’s real branding and include polished formatting, official-looking language, and even PDF attachments designed to feel like legitimate billing notices. 

What makes these scams effective is timing. Victims often receive them while actively reviewing subscriptions, updating payment methods, or considering canceling services. That context lowers skepticism just enough for a quick click before slowing down to verify. 

McAfee’s Scam Detector flagged the messages (which one of our own employees received this week) as phishing, confirming they were designed to steal payment information rather than resolve a real billing issue. 

Example of McAfee detecting the Netflix phishing scam

Red flags to watch for: 

  • Unexpected billing problems paired with urgent calls to act 
  • Payment requests delivered by email instead of inside the app 
  • Attachments or buttons asking you to “fix” account issues 
  • Sender addresses that don’t match official Netflix domains 

How this scam works: This is classic brand impersonation phishing. Scammers don’t need to hack Netflix itself. They rely on people recognizing the logo, trusting the message, and reacting emotionally to the idea of losing access. The attachment and clean design help bypass instinctive spam filters in the brain, even when technical filters catch it later. 

Netflix has warned customers about these scams and offers advice on its site if you encounter one.

What to do instead: If you get a billing alert, don’t click. Open the Netflix app or manually type the site address to check your account. If there’s no issue there, the email wasn’t real. 

Fake Ad Blocker Crashes Browsers to Push “Fix It” Malware 

The big picture: Attackers are exploiting browser crashes themselves as a social engineering tool, turning technical disruption into a pathway for malware installation. 

What happened: Researchers reported a malvertising campaign promoting a fake ad-blocking browser extension called “NexShield,” which falsely claimed to be created by the developer of a well-known, legitimate ad blocker. Once installed, the extension intentionally overwhelmed the browser, causing freezes, crashes, and system instability. 

After restart, victims were shown fake security warnings instructing them to “fix” the problem by running commands on their own computer. Following those instructions triggered the download of a remote access tool capable of spying, executing commands, and installing additional malware. The reporting was first detailed by Bleeping Computer, with technical analysis from security researchers. 

Red flags to watch for: 

  • Browser extensions promising performance boosts or “ultimate” protection 
  • Crashes immediately after installing a new extension 
  • Pop-ups instructing you to run commands manually 
  • “Security fixes” that require copying and pasting code 

How this scam works: This is a variant of ClickFix attacks. Instead of faking a problem, attackers cause a real one, then position themselves as the solution. The crash creates urgency and confusion, making people more likely to follow instructions they’d normally question. It turns frustration into compliance. 

FBI Warns QR Code Phishing Is Being Used for Cyber Espionage 

The big picture: QR codes are being used as stealth phishing tools, with highly targeted attacks tied to foreign intelligence operations. 

What happened: The Federal Bureau of Investigation issued a warning about QR code phishing, or “quishing,” campaigns linked to a North Korean government-backed hacking group. According to reporting by Fox News, attackers sent emails containing QR codes that redirected victims to fake login pages or malware-hosting sites. 

In some cases, simply visiting the site allowed attackers to collect device data, location details, and system information, even if no credentials were entered. These campaigns are highly targeted, often aimed at professionals in policy, research, and technology sectors. 

Red flags to watch for: 

  • QR codes sent by email or messaging apps 
  • QR codes leading to login pages for work tools or cloud services 
  • Messages that feel personalized but unexpected 
  • Requests to scan instead of click 

How this scam works: QR codes hide the destination URL, removing the visual cues people rely on to judge safety. Because scanning feels faster and more “passive” than clicking a link, people often skip verification entirely. That moment of trust is what attackers exploit. 

Read our ultimate guide to “quishing” and how to spot and avoid QR code scams here. 

McAfee’s Safety Tips for This Week 

  • Verify inside official apps. Billing or security issues should be confirmed directly in the app or website you normally use, not through email links or QR codes. 
  • Treat extensions like software installs. Only install browser extensions from trusted publishers you already know, and remove anything that causes instability. 
  • Slow down with QR codes. If a QR code leads to a login page or download, close it and navigate manually instead. 
  • Watch for urgency + familiarity. Scammers increasingly rely on brands, tools, and behaviors you already trust to short-circuit caution. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Netflix Phishing and QR Code Espionage appeared first on McAfee Blog.

US Judge Rules ICE Raids Require Judicial Warrants, Contradicting Secret ICE Memo

By: Dell Cameron, Matt Giles
The ruling in federal court in Minnesota lands as Immigration and Customs Enforcement faces scrutiny over an internal memo claiming judge-signed warrants aren’t needed to enter homes without consent.

CBP Wants AI-Powered ‘Quantum Sensors’ for Finding Fentanyl in Cars

By: Caroline Haskins
US Customs and Border Protection is paying General Dynamics to create prototype “quantum sensors,” to be used with an AI database to detect fentanyl and other narcotics.

149 Million Usernames and Passwords Exposed by Unsecured Database

By: Lily Hay Newman
This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware.

Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook

By: Brooke Seipel

Microsoft users across the U.S. experienced widespread disruptions Thursday after a technical failure prevented people from sending or receiving email through Outlook, a core service within Microsoft 365. 

The outage occurred during U.S. business hours and quickly affected schools, government offices, and companies that rely on Outlook for daily operations. Microsoft confirmed the issue publicly and said it was working to restore service. There is no indication the disruption was caused by a cyberattack, according to company statements.

Still, McAfee warns in these situations to be wary of phishing attempts as scammers latch onto these outages to take advantage of innocent users. 

“Outages like this create uncertainty, and scammers move fast to take advantage of it,” said Steve Grobman, McAfee’s Chief Technology Officer. “When people can’t get into email or the tools they use every day, it’s easy to assume something is wrong with your account — and that’s exactly the moment attackers look for.”

“Fake alerts start circulating that look like they’re coming from the real company, with logos and urgent language telling you to reset a password or verify your information,” Grobman added. “Some push fake support numbers or messages claiming they can restore access. If you’re impacted, slow down, go straight to the official source for updates, and don’t share passwords, verification codes, or payment details in response to an unexpected message.”

“Tools that can spot suspicious links and fake login pages help reduce risk — especially when people are trying to get back online quickly,” Grobman said.

Here, we break down what happened and why outages are prime time for scammers.

What happened to Microsoft Outlook? 

A Microsoft infrastructure failure disrupted email delivery. 

Microsoft said the outage was caused by a portion of its North American service infrastructure that was failing to properly handle traffic. Users attempting to send or receive email encountered a “451 4.3.2 temporary server issue” error message.

Microsoft also warned that related services, including OneDrive search and SharePoint Online, could experience slowdowns or intermittent failures during the incident.

When did the Microsoft outage happen? 

The disruption unfolded over several hours on Thursday afternoon (ET). 

Based on timelines reported by CNBC and live coverage from Tom’s Guide, the outage progressed as follows: 

Around 2:00 p.m. ET: User reports spike across Microsoft services, especially Outlook, according to Down Detector data cited by Tom’s Guide.

2:37 p.m. ET: Microsoft confirms it is investigating an Outlook email issue, per CNBC.

3:17 p.m. ET: Microsoft says it identified misrouted traffic tied to infrastructure problems in North America, CNBC reports.

4:14 p.m. ET: The company announces affected infrastructure has been restored and traffic is being redirected to recover service.

Tom’s Guide reported that while outage reports declined after Microsoft’s fix, some users continued to experience intermittent access issues as systems rebalanced. 

Was this a hack or cyberattack? 

No. Microsoft says the outage was caused by technical infrastructure issues. 

According to CNBC, Microsoft has not indicated that the outage was the result of hacking, ransomware, or any external attack. Instead, the company attributed the disruption to internal infrastructure handling errors, similar to a previous Outlook outage last July that lasted more than 21 hours. 

Message from Microsoft

A message sent by Microsoft about the server issue.

Why outages  cause widespread disruption 

Modern work depends on shared cloud infrastructure. 

That sudden loss of access often leaves users unsure whether: 

  • Their account has been compromised 
  • Their data is at risk 
  • They need to take immediate action 

That uncertainty is exactly what scammers look for. 

How scammers exploit big tech outages

They impersonate the company and trick users into signing in again. 

After major outages involving Microsoft, Google, or Amazon Web Services, security researchers, including McAfee, have observed scam campaigns emerge within hours. 

These scams typically work by: 

Impersonating Microsoft using logos, branding, and language copied from real outage notices 

Sending fake “service restoration” emails or texts claiming users must re-authenticate 

Linking to realistic login pages designed to steal Microsoft usernames and passwords 

Posing as IT support or Microsoft support and directing users to fake phone numbers 

Once credentials are stolen, attackers can access email accounts, reset passwords on other services, or launch further phishing attacks from a trusted address. 

How to stay safe during a Microsoft outage 

Outages are confusing. Scammers rely on urgency and familiarity. 

To reduce risk: 

  • Do not click links in emails or texts about outages or “account recovery.” 
  • Go directly to official sources, such as Microsoft’s status page or verified social accounts. 
  • Never re-enter your password through links sent during an outage. 
  • Ignore urgent fixes that ask for downloads, payments, or credentials. 

If you already clicked or entered information: 

  • Change your Microsoft password immediately 
  • Update passwords anywhere you reused it 
  • Turn on or refresh two-factor authentication 
  • Review recent account activity 
  • Run a trusted security scan to remove malicious software (check out our free trial) 

How McAfee can help 

Using advanced artificial intelligence, McAfee’s built-in Scam Detector automatically detects scams across text, email, and video, blocks dangerous links, and identifies deepfakes, helping stop harm before it happens. 

McAfee’s identity protection tools also monitor for signs your personal information may be exposed and guide you through recovery if scammers gain access. 

FAQ 

Q: Is Microsoft Outlook still down?
A: Microsoft said Thursday afternoon that it had restored affected infrastructure and was redirecting traffic to recover service, according to CNBC. Some users may still experience intermittent issues. 
Q: Was the Microsoft outage caused by hackers?
A: No. Microsoft has not reported any cyberattack or data breach related to the outage, per CNBC. 
Q: Can scammers really use outages to steal accounts?
A: Yes. During major outages, scammers often impersonate companies like Microsoft and trick users into signing in again on fake websites. 
Q: Should I reset my password after an outage?
A: Only if you clicked a suspicious link or entered your credentials somewhere outside Microsoft’s official site. Otherwise, resetting passwords isn’t necessary. 

 

The post Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook appeared first on McAfee Blog.

ICE Agents Are ‘Doxing’ Themselves

By: Maddy Varner
The alleged risks of being publicly identified have not stopped DHS  and ICE employees from creating profiles on LinkedIn, even as Kristi Noem threatens to treat revealing agents’ identities as a crime.

Didn’t Request an Instagram Password Reset? Here’s What to Do

By: Brooke Seipel

If you recently received an unexpected email from Instagram asking you to reset your password, you are not alone. Over the past several days, thousands of users reported receiving legitimate password reset emails they did not request. 

The sudden wave of messages led to widespread confusion and concern about whether Instagram had suffered a data breach. Instagram and its parent company Meta deny that a breach occurred, stating instead that they fixed an issue that allowed an external party to trigger password reset emails for some users. 

While the exact source of the activity remains disputed, the situation highlights a broader and more important issue. Password reset emails, even when legitimate, are often the first signal users get that their information may be exposed, reused, or being targeted by attackers. 

Here is what we know so far and what this incident reveals about how password compromises really happen. 

Was Instagram Hacked? 

Instagram says no. 

In statements reported by the BBC and BleepingComputer, Meta said it resolved a problem that allowed an external party to request password reset emails on behalf of users. The company maintains there was no breach of its systems and that accounts remain secure. 

At the same time, cybersecurity researchers and firms, including Malwarebytes, have warned about a dataset circulating on hacking forums that allegedly contains information linked to more than 17 million Instagram accounts. According to reporting, that data may include usernames, email addresses, phone numbers, locations, and account IDs, but not passwords. 

Some researchers believe the dataset may be a compilation of older scraped data rather than evidence of a new breach. Others say the timing of the password reset emails and the appearance of the data raises unresolved questions. 

What matters for users is this: regardless of whether this was a new breach, old scraped data, or a technical abuse of password reset systems, attackers routinely use exposed personal information to launch phishing, account takeover attempts, and social engineering attacks. 

What Counts as a Data Breach and What Does Not 

A true data breach occurs when attackers gain unauthorized access to internal systems and steal protected data such as passwords, financial information, or private communications. 

In many cases, personal data is also exposed through: 

  • API scraping of publicly accessible information 
  • Older leaks that are resold or repackaged 
  • Credential stuffing using passwords stolen from unrelated sites 
  • Abuse of account recovery or password reset features 

That distinction matters because even when passwords are not leaked, exposed personal data can still be weaponized. Names, emails, phone numbers, and locations are often enough for scammers to craft convincing phishing messages that appear legitimate. 

Why You Might Receive a Password Reset Email You Did Not Request 

There are several common reasons this happens, and none of them require your Instagram password to be stolen. 

  • Someone may be testing whether your email address is linked to an account. 
  • Attackers may be attempting credential stuffing using passwords from past breaches. 
  • Your information may appear in older datasets that are being reused or resold. 
  • A platform bug or abuse of recovery systems may trigger reset emails at scale. 

Scammers often use these moments to send fake follow-up emails that look nearly identical to legitimate ones. That is why security experts consistently recommend going directly to the app or official website rather than clicking links in unexpected messages. 

What to Do If You Received an Instagram Password Reset Email 

If you did not request the reset:  

  1. Do not click links in the email. 
  2. Open the Instagram app or visit the official site directly to review security settings.  
  3. Check recent login activity and remove any unfamiliar sessions. 
  4. Enable two-factor authentication (2FA) if it is not already turned on. 

If you decide to change your password, make sure the new one is unique and not used anywhere else. 

Meta/IG Accounts Center Screenshot

Click “Review Settings” to enable 2FA in your Account Center

How to enable multi-factor authentication for Instagram 

  1. Click More in the bottom left, then click Settings. 
  2. Click See more in Accounts Center, then click Password and Security. 
  3. Click Two-factor (2FA) authentication, then select an account. 
  4. Choose the security method you want to add and follow the on-screen instructions. 

When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp. 

And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145 

How to Manage Passwords the Right Way 

Remembering dozens of unique, strong passwords is not realistic for most people. That is why password managers exist. 

A password manager can: 

  • Generate strong, unique passwords for every account 
  • Store them securely so you do not need to remember them 
  • Alert you if your credentials appear in known breaches 
  • Reduce the risk of account takeover from reused passwords 

Using a password manager removes the pressure to reuse passwords and helps close one of the most common doors attackers walk through.  

McAfee’s password manager helps you secure your accounts by generating complex passwords, storing them and auto-filling your info for faster logins across devices. It’s secure and, best of all, you only have to remember a single password. 

FAQ: Instagram Password Reset Emails and Account Safety 

Was my Instagram password stolen?
There is no evidence that passwords were leaked in this incident. 
Should I reset my password anyway?
If you are unsure or reuse passwords elsewhere, resetting it directly in the app is a smart precaution. 
Are the emails real or phishing?
Some emails were legitimate, but scammers often mimic them. Always go directly to the app or website. 
Why is password reuse dangerous?
Because a breach on one site can expose all accounts that share the same password. 

 

The post Didn’t Request an Instagram Password Reset? Here’s What to Do appeared first on McAfee Blog.

ICE Details a New Minnesota-Based Detention Network That Spans 5 States

By: Dell Cameron
Internal ICE planning documents propose spending up to $50 million on a privately run network capable of shipping immigrants in custody hundreds of miles across the Upper Midwest.

US Hackers Reportedly Caused a Blackout in Venezuela

By: Andy Greenberg, Maddy Varner, Lily Hay Newman
Plus: AI reportedly caused ICE to send agents into the field without training, Palantir’s app for targeting immigrants gets exposed, and more.

This Week in Scams: Fake Brand Messages and Account Takeovers

By: Brooke Seipel

This week in scams, social engineering sits at the center of several major headlines, from investment platform breaches to social media account takeovers and new warnings about AI-driven fraud.  

Every week, this roundup breaks down the scam and cybersecurity stories making news and explains how they actually work, so readers can better recognize risk and avoid being manipulated. 

Let’s get into it:  

Betterment Warns Customers of Breach 

The big picture:
Attackers accessed third-party systems used by Betterment, then used the information they stole to impersonate the company, contact customers, and promise scam crypto investment opportunities with too-good-to-be-true returns. 

What happened: 

  • Attackers used social engineering to compromise third-party tools Betterment uses for marketing and operations, as reported by TechCrunch 
  • With access to internal systems, they sent messages to customers that appeared legitimate. 
  • The messages promised to triple crypto holdings if recipients sent $10,000 to a wallet controlled by the attackers, a classic “send money to get more back” lure, later detailed by The Verge. 
  • Betterment says no account logins or passwords were compromised, but personal data like names, contact details, and dates of birth were exposed, enough to make the messages feel real. 

Red flags to watch for: 

  • Promises of guaranteed or multiplied crypto returns 
  • Requests to send money first to “unlock” a benefit 
  • Messages tied to a breach but asking for immediate action outside the app 
An image of Betterment's email to customers.
An image of Betterment’s email to customers

How the breach happened: 

Social engineering is a type of scam that targets people rather than software or security systems. Instead of hacking code, scammers focus on tricking someone into giving them access 

Attackers research how a company operates, which tools it uses, and who is likely to have permissions. They then impersonate a trusted source, such as a vendor, coworker, or automated system, and send a realistic message asking for a routine action.  

That action might be approving a login, resetting credentials, sharing a file, or clicking a link. Once the person complies, the scammer gains legitimate access and can move through systems using real permissions. Social engineering works because it exploits trust, familiarity, and urgency, making normal workplace behavior the pathway to a breach. 

Social Engineering Scams Fueled by AI On the Rise 

Big picture:
Fraud is increasingly driven by impersonation, automation, and trust abuse rather than technical hacking, according to new industry forecasts. 

What happened:
A new Future of Fraud Forecast from Experian warns that fraudsters are rapidly weaponizing AI and identity manipulation. The report highlights agentic AI systems committing fraud autonomously, deepfake job candidates passing live interviews, cloned websites overwhelming takedown efforts, and emotionally intelligent bots running scams at scale. 

The scope of the problem is already visible. Federal Trade Commission data shows consumers lost more than $12.5 billion to fraud in 2024, while nearly 60% of companies reported rising fraud losses between 2024 and 2025. Experian’s forecast suggests these losses will accelerate as fraud becomes harder to attribute, trace, and interrupt. 

Red flags to watch: 

  • Requests or actions initiated without clear human ownership 
  • Identity verification steps that feel automated or unusually frictionless 
  • Transactions triggered by AI systems with unclear accountability 

Phishing Scam Locks Users Out of X Accounts 

Big picture: Officials are warning of increasing phishing attacks that steal X users’ accounts and then use their profile to sell crypto. 

What happened: The Better Business Bureau issued a warning about phishing messages targeting users on X, particularly accounts with large followings. Victims receive direct messages that appear to come from colleagues or professional contacts, often asking them to click a link to support a contest, event, or opportunity. 

Once the link is clicked, victims are locked out of their accounts. The compromised accounts are then used to promote cryptocurrency and other products, while automatically sending the same phishing message to additional contacts. 

Red flags to watch: 

  • Unsolicited direct messages containing links 
  • Requests framed as favors, votes, or professional support 
  • Sudden loss of account access after clicking a link 

How this happened and what to learn:
The scam relies on account impersonation and lateral spread. Instead of reaching strangers, attackers move through existing trust networks, using one compromised account to reach the next.  

The takeaway is that familiarity does not equal legitimacy. Even messages from known contacts should be treated with caution when links or logins are involved. 

McAfee’s Safety Tips for This Week 

  • Verify inside official apps or sites. If you get a security email, don’t click any links. Instead, open the official app or type the website address yourself for more information. 
  • Stay alert to trending scams. Weight-loss drug fraud like Ozempic offers is already surging in the new year, and awareness is your first defense. 

McAfee will be back next week with another roundup of the scams making headlines and the practical steps you can take to stay safer online. 

The post This Week in Scams: Fake Brand Messages and Account Takeovers appeared first on McAfee Blog.

McAfee’s Scam Detector Earns Third Major Award Within Months of Launch

By: Brooke Seipel
McAfee Scam Detector

McAfee’s Scam Detector has been named a Winner of the 2026 BIG Innovation Awards, presented by the Business Intelligence Group, marking the third major industry award the product has earned since launching just months ago. 

The recognition underscores a growing consensus across independent judges: as scams become more sophisticated and AI-driven, consumers need protection that works automatically, explains risks clearly, and helps stop harm before it happens. 

Big Innovation Award 2026

What Is the BIG Innovation Award? 

The BIG Innovation Awards recognize products and organizations that deliver measurable innovation with real-world impact. The program focuses not only on technical advancement, but on how solutions improve everyday life for individuals and households. 

For consumer cybersecurity products like Scam Detector, that means being evaluated on: 

  • Real-world relevance 
  • Ease of use for non-experts 
  • Societal impact 
  • Demonstrated adoption and need 

The award highlights Scam Detector’s role in helping people stay safer online as scams grow more sophisticated, more personal, and increasingly powered by AI.  

Why Scam Detector Stands Out 

According to feedback from the BIG Innovation Awards judging panel, Scam Detector was recognized for: 

Strong real-world relevance: Scams are now an everyday risk, not a niche technical issue 

Clear consumer value: Protection that runs automatically in the background without requiring expert knowledge

AI used responsibly: Applying advanced models to reduce harm, not increase it

Early impact: Rapid adoption, with more than one million users in its first months 

Judges also noted the importance of Scam Detector’s educational alerts, which don’t just block threats, but explain why something is risky, helping people build confidence over time. 

Using AI to Fight AI-Driven Scams 

Scam Detector is McAfee’s AI-powered protection designed to detect scams across text, email, and video, block dangerous links, and identify deepfakes, before harm occurs. 

As scammers increasingly use generative AI to impersonate people, brands, and institutions, protection needs to operate at the same speed and scale. Scam Detector is built to do exactly that, quietly working in the background while users go about their day. 

Scam Detector is included with all core McAfee plans and is available across mobile, PC, and web. 

In Good Company: Consumer Innovation Across Industries 

McAfee was recognized alongside other consumer-facing innovators whose products directly serve individuals and households. Fellow 2026 BIG Innovation Award winners include: 

Capital One Auto – Chat Concierge: A consumer-facing service designed to help car buyers and owners navigate financing and ownership decisions. 

Starkey – Omega AI Hearing Aid: A wearable hearing aid that integrates AI assistance, health monitoring, and real-time translation. 

Phonak – Virto R Infinio: Custom-fit hearing aids designed to deliver personalized hearing solutions for individual users. 

EZVIZ – 9c Dual 4G Series Camera: A smart home security camera built for personal and household use. 

Sinomax USA: Consumer mattresses and comfort products focused on everyday home use. 

beyoutica 1905: A wellness product designed for health- and lifestyle-focused consumers. 

Wheels – Pool CheckOut: A consumer-oriented solution designed to simplify vehicle service and checkout experiences. 

Together, these winners reflect how innovation increasingly shows up in tools people rely on at home, in their cars, and on their phones. 

Scam Detector Awards and Industry Recognition 

Since launch, McAfee’s Scam Detector has earned recognition across multiple independent award programs, each highlighting a different dimension of its impact: 

2026 BIG Innovation Awards

Winner and Top 10 Innovator – Large Business, recognizing real-world consumer impact and responsible AI use. 

2026 Big Innovation Award

2025 A.I. Awards

Winner, Best Use of AI in Cybersecurityhonoring Scam Detector’s automated scam detection and deepfake identification. 
The AI Awards - Winner 2025

2025 Tech Ascension Awards 

Winner, Best AI/ML Powered Cybersecurity Solution, recognizing real-time protection across text, email, and video. 
Tech Ascension Awards

Together, these awards reinforce a consistent message from independent judges: consumer cybersecurity works best when advanced technology is paired with clarity, usability, and trust. 

What Is McAfee’s Scam Detector? 

McAfee’s Scam Detector is an AI-powered scam protection feature designed to spot and stop scams across text messages, emails, and videos. Built in response to the rapid rise of AI-generated fraud, Scam Detector automatically analyzes suspicious content, blocks dangerous links, and identifies deepfakes, while explaining why something was flagged so users can make more confident decisions online. 

What Scam Detector Does 

Detects text message scams across popular apps and messaging platforms 

Flags phishing and suspicious emails with clear explanations, helping users learn what to watch for

Identifies AI-generated or manipulated audio in videos, including potential deepfakes

Offers on-demand scam checks, allowing users to upload a message, link, or screenshot for analysis

Runs primarily on-device, helping protect user privacy without sending personal content to the cloud 

Scam Detector is designed to work quietly in the background, providing protection without requiring constant decisions or technical expertise. Scam Detector is included at no extra cost with all core McAfee consumer plans. Learn more here. 

The post McAfee’s Scam Detector Earns Third Major Award Within Months of Launch appeared first on McAfee Blog.

Google Ends Dark Web Report. What That Means and How to Stay Safe

By: Brooke Seipel

Google has officially discontinued its Dark Web Report, the tool that alerted users when their personal information appeared in dark web breach databases. New scans stop on January 15, 2026, and on February 16, 2026, Google will permanently delete all data associated with the feature. 

This does not mean Google.com or Google Accounts are going away. It means Google is no longer scanning the dark web for leaked data tied to your account, and it is no longer storing or updating any breach information that was collected for the report. 

For people who relied on Google’s alerts, this change creates a real gap. After January 16, you will no longer get new notifications if your information shows up in breach databases. That is why it is worth taking a few minutes now to lock down the basics. 

According to reporting from TechCrunch, Google said it ended the service after concluding that it did not give users enough clarity about what to do once their data was found. 

That decision highlights a much larger shift in online security: Finding leaked data is no longer enough. Protecting identity is now the real challenge. 

What did Google’s Dark Web Report do? 

The Dark Web Report was a Google Account feature that searched known data breach dumps and dark web marketplaces for personal information tied to a user, such as email addresses, phone numbers, and other identifiers. 

If Google found a match, it sent an alert. 

What it did not do was show which accounts were at risk, whether financial or government ID data was involved, or how to prevent fraud from happening next. That gap is why some users said the tool fell short. 

What is the dark web, and why does  stolen data end up there? 

The internet has three layers: 

  1. The surface web is what search engines index. 
  2. The deep web includes anything behind a login, like email, banking, and medical portals. 
  3. The dark web is a hidden part of the deep web that is not indexed by search engines and is accessed through specialized networks or browsers like Tor. 

The dark web is where data from breaches is commonly sold, traded, and packaged for scams. When a company is hacked, stolen files often end up in dark web databases that include email addresses, passwords, Social Security numbers, bank details, and full identity profiles. 

Scammers use this data to commit account takeovers, financial fraud, tax fraud, and identity theft.  

Even without passwords, this personal information can be enough for scammers to target you with convincing phishing and social engineering scams.  

How to check if your personal information is on the dark web: 

Looking up an email address is no longer enough. Modern identity theft relies on things like Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance data, usernames, and phone numbers. 

To understand whether any of that is exposed, people need to monitor the dark web for identity-level data, not just logins. 

Here is what that looks like in practice: 

  • Scan breach databases for government ID numbers and financial data 
  • Look for full identity profiles being sold or traded 
  • Match leaked records back to real people 

Tools like McAfee’s Identity Monitoring are designed to look for those types of data so you can act before fraud happens. 

Have 30 minutes right now? Do this: 

Been meaning to bolster your security? Here are three quick ways you can enhance your identity protection and reduce real-world damage in a breach: 

Freeze your credit

Estimated time: 10 minutes 

This is a powerful free protection option that many forget about. A credit freeze blocks anyone from opening new loans, credit cards, or accounts in your name, even if they have your Social Security number and full identity profile. 

You can do this for free with any of the major credit bureaus. If you do it with one, the others are notified. 

Why this matters: Most identity theft today is not account hacking. It is criminals opening accounts in your name. A credit freeze stops that cold. 

 

Set up fraud and login alerts on your financial accounts 

Estimated time: 10 minutes 

Go into your main bank and credit card apps and turn on: 

  • Login alerts
  • Transaction alerts
  • Password or profile change alerts
  • These are not the same as marketing notifications. They tell you when someone is trying to access or move money. 

You’ll find these somewhere under Settings>Alerts.

Why this matters: Identity thieves often test stolen data with small charges or login attempts before stealing larger amounts. These alerts are how you catch it early.

Lock down account recovery paths

Estimated time: 10 minutes 

This is one of the most overlooked vulnerabilities. 

Go into: 

  • Your email account 
  • Your Apple ID or Google account 

Check and update: 

  • Recovery email 
  • Recovery phone number 
  • Backup codes 
  • Trusted devices 

Remove anything you do not recognize. 

Why this matters: Even if you change your password, attackers can still take over accounts through recovery systems if those are compromised. This closes that back door. 

 

FAQ: 

Is Google deleting my Google Account data?
No. Google is only deleting the data it collected specifically for the Dark Web Report feature. Your Gmail, Drive, Photos, and other Google Account data are not affected. 
Is Google still protecting my account from hackers?
Yes. Google continues to offer security features like two-factor authentication, login alerts, and account recovery tools. What it removed is the dark web scanning and alert system tied to breach data. 
Does the dark web report website still exist?
No. After February 16, 2026, Google no longer operates or updates the Dark Web Report feature. There is no active scanning, no dashboard, and no stored breach data tied to it. 
Does this mean dark web monitoring is useless?
No. It means email-only monitoring is not enough. Criminals use far more than emails to commit fraud, which is why identity-level monitoring is now more important. 
What kind of information is most dangerous if it appears on the dark web?
Social Security numbers, government IDs, bank and credit card numbers, tax records, insurance IDs, usernames, and phone numbers are the data types most commonly used for identity theft and financial fraud. 
How can I check if my information is exposed right now?
You can use an identity monitoring service like McAfee that scans dark web sources for sensitive personal data, not just email addresses. That is how people can see whether their identity is being traded or abused today. 

 

The post Google Ends Dark Web Report. What That Means and How to Stay Safe appeared first on McAfee Blog.

Elon Musk’s Grok ‘Undressing’ Problem Isn’t Fixed

By: Matt Burgess
X has placed more restrictions on Grok’s ability to generate explicit AI images, but tests show that the updates have created a patchwork of limitations that fail to fully address the issue.

Why ICE Can Kill With Impunity

By: Lila Hassan
Over the past decade, US immigration agents have shot and killed more than two dozen people. Not a single agent appears to have faced criminal charges.

Former CISA Director Jen Easterly Will Lead RSAC Conference

By: Lily Hay Newman
The longtime cybersecurity professional says she’s taking the helm of the legacy security organization at “an inflection point” for tech and the world beyond.

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking

By: Andy Greenberg, Lily Hay Newman
Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.

Verizon Outage Knocks Out US Mobile Service, Including Some 911 Calls

By: Lily Hay Newman
A major Verizon outage appeared to impact customers across the United States starting around noon ET on Wednesday. Calls to Verizon customers from other carriers may also be impacted.

Trump Warned of a Tren de Aragua ‘Invasion.’ US Intel Told a Different Story

By: Dell Cameron, Ryan Shapiro
Hundreds of records obtained by WIRED show thin intelligence on the Venezuelan gang in the United States, describing fragmented, low-level crime rather than a coordinated terrorist threat.

Dozens of ICE Vehicles in Minnesota Lack ‘Necessary’ Lights and Sirens

By: Caroline Haskins
A contract justification published in a federal register on Tuesday says that 31 ICE vehicles operating in the Twin Cities area “lack the necessary emergency lights and sirens” to be “compliant.”

What to Do if ICE Invades Your Neighborhood

By: Lily Hay Newman, Maddy Varner, Matt Burgess
With federal agents storming the streets of American communities, there’s no single right way to approach this dangerous moment. But there are steps you can take to stay safe—and have an impact.

Minnesota Sues to Stop ICE ‘Invasion’

By: Dell Cameron
The state of Minnesota, along with the Twin Cities, have sued the US government and several officials to halt the flood of agents carrying out an Immigration and Customs Enforcement operation.

FBI Agent’s Sworn Testimony Contradicts Claims ICE’s Jonathan Ross Made Under Oath

By: Matt Giles, Tim Marchman
The testimony also calls into question whether Ross failed to follow his training during the incident in which he reportedly shot and killed Minnesota citizen Renee Good.

GoFundMe Ignores Own Rules by Hosting a Legal-Defense Fund for the ICE Agent Who Killed Renee Good

By: Dell Cameron
The fundraiser for the ICE agent in the Renee Good killing has stayed online in seeming breach of GoFundMe’s own terms of service, prompting questions about selective enforcement.

This Week in Scams: Explaining the Fake Amazon Code Surge

By: Brooke Seipel
blogging on social media

This week in scams, the biggest threats showed up as routine security messages, viral consumer “warnings,” and AI-generated content that blended seamlessly into platforms people already trust. 

Every week, we bring you a roundup of the scams making headlines, not just to track what’s happening, but to explain how these schemes work, why they’re spreading now, and what you can do to stay ahead of them.  

Here are scams in the news this week, and safety tips from our experts at McAfee: 

Amazon One-Time Passcode Scam: How Fake Security Calls Hijack Real Accounts 

Scammers are increasingly impersonating Amazon customer support to take over accounts using real one-time passcodes (OTPs), not fake links or malware. 

Here’s how the scam works in practice. 

What is the Amazon one-time passcode scam? 

Victims receive an unsolicited phone call from someone claiming to work for Amazon. The caller says suspicious activity has been detected on the account and may reference expensive purchases, often items like smartphones, to make the threat feel credible. 

The call usually comes from a spoofed number and the scammer may already know your name or phone number, which helps lower suspicion. 

How scammers use real Amazon security codes 

While speaking to you, the scammer attempts to access your Amazon account themselves by entering your phone number or email address on the login page and selecting “forgot password” or triggering a login from a new device. 

That action causes Amazon’s real security system to send a legitimate one-time passcode to your phone or email. 

If you read that code aloud or share it, the scammer can immediately: 

  • Complete the login process 
  • Change your account password 
  • Access saved payment methods 
  • Place fraudulent orders or lock you out of the account 

The scam works precisely because the code is real—and because it arrives while the caller is convincing you it’s part of a routine security check. 

Key red flags to watch for 

  • Unsolicited calls claiming to be from Amazon 
  • Requests to share a one-time passcode 
  • Pressure to act quickly “to secure your account” 

Important to remember: Amazon will never contact you first to ask for your password, verification codes, or security details. If you receive a one-time passcode you didn’t request, do not share it with anyone. 

AI Deepfake Scam on TikTok Uses Fake Princess to Steal Money 

A growing scam on TikTok shows how AI-generated deepfake videos are now being used not just for misinformation, but for direct financial fraud. 

This week, Spanish media and officials warned that scammers are circulating fake TikTok videos appearing to show Princess Leonor, the 20-year-old heir to Spain’s throne, offering financial assistance to users.  

According to The Guardian, the videos show an AI-generated version of Leonor promising payouts running into the thousands of dollars in exchange for a small upfront “fee.”  

Once victims send that initial payment, the scam doesn’t end. Fraudsters repeatedly demand additional fees before eventually disappearing. 

This case highlights how deepfakes are moving beyond novelty and into repeatable, high-reach fraud, where trust in familiar public figures is weaponized at scale. 

Viral Reddit “Whistleblower” Scam: When AI-Generated Posts Fool Millions 

A viral post on Reddit this week shows how AI-generated text can convincingly impersonate whistleblowers, and even mislead experienced journalists. 

The post claimed to come from an employee at a major food delivery company, alleging the firm was exploiting drivers and users through opaque AI systems. Written as a long, confessional screed, the author said he was drunk, using library Wi-Fi, and risking retaliation to expose the truth. 

The claims were believable in part because similar companies have faced real lawsuits in the past. The post rocketed to Reddit’s front page, collecting over 87,000 upvotes, and spread even further after being reposted on X, where it amassed tens of millions of impressions. 

As Platformer journalist Casey Newton later reported, the supposed whistleblower provided what appeared to be convincing evidence, including a photo of an employee badge and an 18-page internal document describing an AI-driven “desperation score” used to manage drivers. But during verification attempts, red flags emerged. The materials were ultimately traced back to an AI-generated hoax. 

Detection tools later confirmed that some of the images contained AI watermarks, but only after the post had already gone viral. 

Why AI-generated hoaxes like this are dangerous 

  • They mimic real whistleblower behavior and language 
  • They exploit existing public distrust of large platforms 
  • They can mislead journalists, not just casual readers 
  • Debunking often comes too late to stop spread 

This incident underscores a growing problem: AI-generated misinformation doesn’t need to steal money directly to cause harm. Sometimes, the damage is to trust itself — and by the time the truth surfaces, the narrative has already taken hold. 

McAfee’s Safety Tips for This Week 

As scams increasingly rely on a combination of realism and urgency, protecting yourself starts with slowing down and verifying before you act. 

If a message or video promises money or financial help: 

  • Be skeptical of any offer that requires an upfront “fee,” no matter how small. 
  • Remember that public figures, charities, and foundations do not distribute money through social media DMs or comment sections. 
  • If an offer claims to come from a well-known individual or organization, verify it through official websites or trusted news sources. 

When content appears viral or emotionally convincing: 

  • Pause before sharing or acting on posts framed as warnings, whistleblower revelations, or exposés. 
  • Look for confirmation from multiple reputable outlets — not just screenshots or reposts. 
  • Be cautious of long, detailed posts that feel personal or confessional but can’t be independently verified. 

When AI may be involved: 

  • Assume that realistic images, videos, and documents can be generated quickly and at scale. 
  • Don’t rely on appearance alone to determine authenticity, even high-quality content can be fake. 
  • Treat unsolicited financial requests, account actions, or “inside information” as red flags, regardless of how credible they seem. 

If you think you’ve engaged with a scam: 

  • Stop responding immediately. 
  • Secure your accounts by changing passwords and enabling multi-factor authentication. 
  • Monitor financial statements and account activity for unusual behavior. 

Final Takeaway 

The scams making headlines this week share a common theme: they don’t look like scams at first glance. Whether it’s an AI-generated video of a public figure or a viral post posing as a consumer warning, today’s fraud relies on familiarity, credibility, and trust. 

That’s why McAfee’s Scam Detector and Web Protection help detect scam messages, dangerous sites, and AI-generated deepfake videosalerting you before you interact or click. 

We’ll be back next week with another roundup of the scams worth watching, the stories behind them, and the steps you can take to stay one step ahead. 

The post This Week in Scams: Explaining the Fake Amazon Code Surge appeared first on McAfee Blog.

X Didn’t Fix Grok's ‘Undressing’ Problem. It Just Makes People Pay for It

By: Matt Burgess
X is allowing only “verified” users to create images with Grok. Experts say it represents the “monetization of abuse”—and anyone can still generate images on Grok’s app and website.

ICE Agent Who Reportedly Shot Renee Good Was a Firearms Trainer, per Testimony

By: Matt Giles, Tim Marchman
Jonathan Ross told a federal court in December about his professional background, including “hundreds” of encounters with drivers during enforcement actions, according to testimony obtained by WIRED.

The Most Dangerous People on the Internet in 2025

By: WIRED Staff
From Donald Trump to DOGE to Chinese hackers, this year the internet’s chaos caused outsize real-world harm.

NYPD Sued Over Possible Records Collected Through Muslim Spying Program

By: Ali Winston
The New York Police Department's “mosque-raking” program targeted Muslim communities across NYC. Now, as the city's first Muslim mayor takes office, one man is fighting—again—to fully expose it.

Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone

By: McAfee

It’s the screen you never want to see.

Something is seriously wrong with your phone. Or is it? You might not have a broken phone at all. Instead, you might have a hacked phone.

This is a form of scareware, an attack that frightens you into thinking your device is broken or infected with a virus
Source: Mobile Hacker

What you see above is a form of scareware, an attack that frightens you into thinking your device is broken or infected with a virus. What the hacker wants you to do next is panic. They want you to tap on a bogus link that says it’ll run a security check, remove a virus, or otherwise fix your phone before the problem gets worse.

Of course, tapping that link takes you to a malware or phishing site, where the hacker takes the next step and installs an even nastier form of malware on your phone. In other cases, they steal your personal info under the guise of a virus removal service. (And yes, sometimes they pose as McAfee when they pull that move. In fact,

Note that in this example above, the hacker behind the phony broken screen is arguably going for a user who’s perhaps less tech savvy. After all, the message atop the “broken” screen appears clear as day. Still, in the heat of the moment, it can be convincing enough.

How does scareware get on phones?

Scareware typically finds its way onto phones through misleading ads, fake security alerts, or hacked websites. In other cases, downloading apps from places other than an official app store can lead to scareware (and other forms of malware too).

As for malware on phones, you’ll find different risk levels between Android and iOS phones. While neither platform is completely immune to threats, Android phones are reportedly more susceptible to viruses than iPhones due to differences in their app downloading policies. On Android phones, you can install apps from third-party sources outside the official Google Play Store, which increases the risk of downloading malicious software.

In contrast, Apple restricts app installations to its official App Store, making it harder for malware to get on iOS devices. (That’s if you haven’t taken steps to jailbreak your iPhone, which removes the software restrictions imposed by Apple on its iOS operating system. We absolutely don’t recommend jailbreaking because it may void warranties and make it easier for malware, including scareware, to end up on your phone.)

If you think you’ve wound up with a case of scareware, stay calm. The first thing the hacker wants you to do is panic and click that link. Let’s go over the steps you can take.

How to remove malware from your Android phone

If you don’t already have mobile security and antivirus for your phone, your best bet is to get the latest virus removal guidance from Android, which you can find on this help page.

Moving forward, you can get protection that helps you detect and steer clear of potential threats as you use your phone. You can pick up McAfee Security: Antivirus VPN in the Google Play store, which also includes our Scam Detector and Identity Monitoring. You can also get it as part of your McAfee+

How to remove malware from your iPhone

Step 1: Restart your phone

Hold down the iPhone power button until you see slide to power off on your screen. Slide it, wait for the phone to power down, and then press the power button to restart your iPhone.

Step 2: Download updates 

Having the latest version of iOS on your phone ensures you have the best protection in place. Open the Settings app.  Look for Software Update in the General tab. Select Software Update. Tap Download and Install to the latest iPhone update.

Step 3: Delete suspicious apps 

Press a suspicious app icon on your screen and wait for the Remove App to pop up. Remove it and repeat that as needed for any other suspicious apps.

More steps you can take …

If those steps don’t take care of the issue, there are two stronger steps you can take. The first involves restoring your phone from a backup as described by Apple here.

The most aggressive step you can take is to reset your phone entirely. You can return it to the original factory settings (with the option to keep your content) by following the steps in this help article from Apple.

How to avoid malware on your phone

Clearly these attacks play on fear that one of the most important devices in your life has a problem—your phone.

  1. Protect your phone.

Comprehensive online protection software can secure your phone in the same ways that it secures your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, automatically block unsafe websites and links, and detect scams, just to name a few things it can do.

  1. Update your phone’s operating system.

Along with installing security software, keeping your phone’s operating system up to date can greatly improve your security. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks. It’s another tried-and-true method of keeping yourself safe—and for keeping your phone running great too.

  1. Avoid third-party app stores.

Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.

The post Black or Scrambled Phone Screen? Here’s How to Spot a Hacked vs Broken Phone appeared first on McAfee Blog.

The Justice Department Released More Epstein Files—but Not the Ones Survivors Want

By: Brian Barrett, Maddy Varner
The DOJ says it still has “hundreds of thousands” of pages to review, as the latest Epstein files release spurred more pushback from Democratic lawmakers and other critics of the administration.

This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026

By: McAfee
The Top Scams of 2025

They came by phone, by text, by email, and they even weaseled their way into people’s love lives—an entire host of scams that we covered here in our blogs throughout the year.

Today, we look back, picking five noteworthy scams that firmly established new trends, along with one in particular that gives us a hint at the face of scams to come.

Let’s start it off with one scam that pinged plenty of phones over the spring and summer: those toll road texts.

1 – The Texts That Jammed Everyone’s Phones: The Toll Road Scam

It was the hot new scam of 2025 that increased by 900% in one year: the toll road scam.

There’s a good chance you got a few of these this year,scam texts that say you have an unpaid tab for tolls and that you need to pay right away. And as always, they come with a handy link where you can pay up and avoid that threat of a “late fee.”

 

Of course, links like those took people to phishing sites where people gave scammers their payment info, which led to fraudulent charges on their cards. In some instances, the scammers took it a step further by asking for driver’s license and Social Security numbers, key pieces of info for big-time identity theft.

Who knows what the hot new text scam for 2026 will be, yet here are several ways you can stop text scams in their tracks, no matter what form they take:

How Can I Stop Text Scams?

Don’t click on any links in unexpected texts (or respond to them, either). Scammers want you to react quickly, but it’s best to stop and check it out.

Check to see if the text is legit. Reach out to the company that apparently contacted you using a phone number or website you know is real—not the info from the text.

Get our Scam Detector. It automatically detects scams by scanning URLs in your text messages. If you accidentally tap or click? Don’t worry, it blocks risky sites if you follow a suspicious link.

2 – Romancing the Bot: AI Chatbots and Images Finagle Their Way Into Romance Scams

It started with a DM. And a few months later, it cost her $1,200.

Earlier this year, we brought you the story of 25-year-old computer programmer Maggie K. who fell for a romance scam on Instagram. Her story played out like so many. When she and her online boyfriend finally agreed to meet in person, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the money and never heard from him again.

But here’s the twist—he wasn’t real in the first place.

When she reported the scam to police, they determined his images were all made with AI. In Maggie’s words, “That was the scariest part—I had trusted someone who never even existed.”

Maggie isn’t alone. Our own research earlier this year revealed that more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.

Moreover, we found that scammers have fueled those figures with the use of AI. Of people we surveyed, more than 1 in 4 (26%) said they—or someone they know—have been approached by an AI chatbot posing as a real person on a dating app or social media.

We expect this trend will only continue, as AI tools make it easier and more efficient to pull off romance scams on an increasingly larger scale.

Even so, the guidelines for avoiding romance scams remain the same:

  • Never send money to someone you’ve never met in person.
  • Things move too fast, too soon—like when the other person starts talking about love almost right away.
  • They say they live far away and can’t meet in person because they live abroad, all part of a scammers story that they’re there for charity or military service.
  • Look out for stories of urgent financial need, such as sudden emergencies or requests for help with travel expenses to meet you.
  • Also watch out for people who ask for payment in gift cards, crypto, wire transfers, or other forms of payment that are tough to recover. That’s a sign of a scam.

3 – Paying to Get Paid: The New Job Scam That Raked in Millions

The job offer sounds simple enough … go online, review products, like videos, or do otherwise simple tasks and get paid doing it—until it’s time to get paid.

It’s a new breed of job scam that took root this spring, one where victims found themselves “paying to get paid.”

The FTC dubbed these scams as “gamified job scams” or “task scams.” Given the way these scams work, the naming fits.

It starts with a text or direct message from a “recruiter” offering work with the promise of making good money by “liking” or “rating” sets of videos or product images in an app, all with the vague purpose of “product optimization.” With each click, you earn a “commission” and see your “earnings” rack up in the app. You might even get a payout, somewhere between $5 and $20, just to earn your trust.

Then comes the hook.

Like a video game, the scammer sweetens the deal by saying the next batch of work can “level up” your earnings. But if you want to claim your “earnings” and book more work, you need to pay up. So you make the deposit, complete the task set, and when you try to get your pay the scammer and your money are gone. It was all fake.

This scam and others like it fall right in line with McAfee data that uncovered a spike in job-related scams of 1,000% between May and July,which undoubtedly built on 2024’s record-setting job scam losses of $501 million.

Whatever form they take, here’s how you can avoid job scams:

Step one—ignore job offers over text and social media

A proper recruiter will reach out to you by email or via a job networking site. Moreover, per the FTC, any job that pays you to “like” or “rate” content is against the law. That alone says it’s a scam.

Step two—look up the company

In the case of job offers in general, look up the company. Check out their background and see if it matches up with the job they’re pitching. In the U.S., The Better Business Bureau (BBB) offers a list of businesses you can search.

Step three—never pay to start a job.

Any case where you’re asked to pay to up front, with any form of payment, refuse, whether that’s for “training,” “equipment,” or more work. It’s a sign of a scam.

4 – Seeing is Believing is Out the Window: The Al Roker Deepfake Scam

Prince Harry, Taylor Swift, and now the Today show’s Al Roker, too, they’ve all found themselves as the AI-generated spokesperson for deepfake scams.

In the past, a deepfake Prince Harry pushed bogus investments, while another deepfake of Taylor Swift hawked a phony cookware deal. Then, this spring, a deepfake of Al Roker used his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”

 

The fabricated clip appeared on Facebook, which appeared convincing enough to fool plenty of people, including some of Roker’s own friends. “I’ve had some celebrity friends call because their parents got taken in by it,” said Roker.

While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.

Roker put it plainly, “We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now.”

In all, this stands as a good reminder to be skeptical of celebrity endorsements on social media. If public figure fronts an apparent deal for an investment, cookware, or a hypertension “cure” in your feed, think twice. And better yet, let our Scam Detector help you spot what’s real and what’s fake out there.

5 – September 2025: The First Agentic AI Attack Spotted in The Wild

And to close things out, a look at some recent news, which also serves as a look ahead.

Last September, researchers spotted something unseen before:a cyberattack almost entirely run by agentic AI.

What is Agentic AI?

Definition: Artificial intelligence systems that can independently plan, make decisions, and work toward specific goals with minimal human intervention; in this way, it executes complex tasks by adapting to new info and situations on its own.

Reported by AI researcher Anthropic, a Chinese state-sponsored group allegedly used the company’s Claude Code agent to automate most of an espionage campaign across nearly thirty organizations. Attackers allegedly bypassed guardrails that typically prevent such malicious use with jailbreaking techniques, which broke down their attacks into small, seemingly innocent tasks. That way, Claude orchestrated a large-scale attack it wouldn’t otherwise execute.

Once operational, the agent performed reconnaissance, wrote exploit code, harvested credentials, identified high-value databases, created backdoors, and generated documentation of the intrusion. By Anthropic’s estimate, they completed 80–90% of the work without any human involvement.

According to Anthropic: “At the peak of its attack, the AI made thousands of requests, often multiple per second—an attack speed that would have been, for human hackers, simply impossible to match.”

We knew this moment was coming, and now the time has arrived: what once took weeks of human effort to execute a coordinated attack now boils down to minutes as agentic AI does the work on someone’s behalf.

In 2026, we can expect to see more attacks led by agentic AI, along with AI-led scams as well, which raises an important question that Anthropic answers head-on:

If AI models can be misused for cyberattacks at this scale, why continue to develop and release them? The answer is that the very abilities that allow Claude to be used in these attacks also make it crucial for cyber defense. When sophisticated cyberattacks inevitably occur, our goal is for Claude—into which we’ve built strong safeguards—to assist cybersecurity professionals to detect, disrupt, and prepare for future versions of the attack.

That gets to the heart of security online: it’s an ever-evolving game. As new technologies arise, those who protect and those who harm one-up each other in a cycle of innovation and exploits. As we’re on the side of innovation here, you can be sure we’ll continue to roll out protections that keep you safer out there. Even as AI changes the game, our commitment remains the same.

Happy Holidays!

We’re taking a little holiday break here and we’ll be back with our weekly roundups again in 2026. Looking forward to catching up with you then and helping you stay safer in the new year.

The post This Year in Scams: A 2025 Retrospective, and a Look Ahead at 2026 appeared first on McAfee Blog.

ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees

By: Dell Cameron
The agency plans to renew a sweeping cybersecurity contract that includes expanded employee monitoring as the government escalates leak investigations and casts internal dissent as a threat.
❌