Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Investment scams aren't anything new: Bad actors have long used pump-and-dump tactics to hype stocks or cryptocurrencies, preying on emotions like fear and greed. And who wouldn't want big—or even steady—returns on their money, especially amidst tariffs and other economic turmoil? Scammers are currently capitalizing on this with fraudulent Facebook ads to lure users into handing over large sums of money. Here's how to spot these schemes and avoid falling victim. Investment scams on Meta platformsAccording to a group of 42 state attorneys general, the current fraudulent investment campaigns also happen to have elements of impersonation scams. The scheme begins with ads on Facebook that feature prominent investors, including ARK Investment Management's Cathie Wood, CNBC's Joe Kernan, and Fundstrat's Tom Lee, along with other wealthy individuals like Warren Buffet and Elon Musk (none of whom have any actual affiliation with the ad). If you click the ad, you'll be prompted to download or open WhatsApp to join an investment group. This is where the pump-and-dump kicks off. "Experts" in the group advise members to purchase specific stocks, inflating the price, which they in turn sell and profit from. The AG letter to Meta detailing the scam includes reports of individuals losing anywhere from $40,000 to $100,000 or more after clicking on a fraudulent ad on Facebook. Other investment scams originating on Facebook involve cyber criminals harvesting sensitive personal information via fraudulent investing platforms (also by spoofing celebrity endorsements). Investment scam red flags to watch forFor many people, it seems obvious that you shouldn't get your investment advice from a Facebook ad or WhatsApp group. But fear and greed are powerful emotions, and scammers are counting on these social engineering tactics working at least some of the time. That's why you should be wary of any advice that promises an unrealistic rate of return in a short period of time with no risk of loss as well as endorsements from celebrities, political figures, and well-known investors (who are almost certainly not endorsing anything). It's also just good practice not to click ads on Facebook, which are easy vectors for spreading scams and malware. Another sign of a scam is content or communication that appears to be generated by AI. After joining a WhatsApp group, an investigator from the New York Office of the Attorney General was called by a scammer who used AI to translate her speech into English. Unfortunately, emotions can cloud our ability to identify AI-generated content if we want to believe what we're seeing.

The Minions pose during the world premiere of the film "Despicable Me 4" in New York City, June 9, 2024.  (REUTERS/Kena Betancur) NEWYou can now listen to Fox News articles! Welcome to Fox News’ Artificial Intelligence newsletter with the latest AI technology advancements.IN TODAY’S NEWSLETTER:- Major Hollywood studios sue AI company over copyright infringement in landmark move- Meta's Zuckerberg aiming to dominate AI race with recruiting push for new ‘superintelligence’ team: report- OpenAI says this state will play central role in artificial intelligence development The website of Midjourney, an artificial intelligence (AI) capable of creating AI art, is seen on a smartphone on April 3, 2023, in Berlin, Germany. (Thomas Trutschel/Photothek via Getty Images)'PIRACY IS PIRACY': Two major Hollywood studios are suing Midjourney, a popular AI image generator, over its use and distribution of intellectual property.AI RACE: Meta CEO Mark Zuckerberg is reportedly building a team of experts to develop artificial general intelligence (AGI) that can meet or exceed human capabilities.TECH HUB: New York is poised to play a central role in the development of artificial intelligence (AI), OpenAI executives told key business and civic leaders on Tuesday. Attendees watch a presentation during an event on the Apple campus in Cupertino, Calif., Monday, June 9, 2025.  (AP Photo/Jeff Chiu)APPLE FALLING BEHIND: Apple’s annual Worldwide Developers Conference (WWDC) kicked off on Monday and runs through Friday. But the Cupertino-based company is not making us wait until the end. The major announcements have already been made, and there are quite a few. The headliners are new software versions for Macs, iPhones, iPads and Vision. FROM COAL TO CODE: This week, Amazon announced a $20 billion investment in artificial intelligence infrastructure in the form of new data centers, the largest in the commonwealth's history, according to the eCommerce giant.DIGITAL DEFENSE: A growing number of fire departments across the country are turning to artificial intelligence to help detect and respond to wildfires more quickly. Rep. Darin LaHood, R-Ill., leaves the House Republican Conference meeting at the Capitol Hill Club in Washington on Tuesday, May 17, 2022.  (Bill Clark/CQ-Roll Call, Inc via Getty Images)SHIELD FROM BEIJING: Rep. Darin LaHood, R-Ill., is introducing a new bill Thursday imploring the National Security Administration (NSA) to develop an "AI security playbook" to stay ahead of threats from China and other foreign adversaries. ROBOT RALLY PARTNER: Finding a reliable tennis partner who matches your energy and skill level can be a challenge. Now, with Tenniix, an artificial intelligence-powered tennis robot from T-Apex, players of all abilities have a new way to practice and improve. DIGITAL DANGER ZONE: Scam ads on Facebook have evolved beyond the days of misspelled headlines and sketchy product photos. Today, many are powered by artificial intelligence, fueled by deepfake technology and distributed at scale through Facebook’s own ad system.  Fairfield, Ohio, USA - February 25, 2011 : Chipotle Mexican Grill Logo on brick building. Chipotle is a chain of fast casual restaurants in the United States and Canada that specialize in burritos and tacos. (iStock)'EXPONENTIAL RATE': Artificial intelligence is helping Chipotle rapidly grow its footprint, according to CEO Scott Boatwright. AI TAKEOVER THREAT: The hottest topic nowadays revolves around Artificial Intelligence (AI) and its potential to rapidly and imminently transform the world we live in — economically, socially, politically and even defensively. Regardless of whether you believe that the technology will be able to develop superintelligence and lead a metamorphosis of everything, the possibility that may come to fruition is a catalyst for more far-leftist control.FOLLOW FOX NEWS ON SOCIAL MEDIASIGN UP FOR OUR OTHER NEWSLETTERSDOWNLOAD OUR APPSWATCH FOX NEWS ONLINEFox News GoSTREAM FOX NATIONFox NationStay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future with Fox News here. This article was written by Fox News staff.

Published June 14, 2025 10:00am EDT close Top lawmaker on cybersecurity panel talks threats to US agriculture Senate Armed Services Committee member Mike Rounds, R-S.D., speaks to Fox News Digital NEWYou can now listen to Fox News articles! Your home address might be easier to find online than you think. A quick search of your name could turn up past and current locations, all thanks to people finder sites. These data broker sites quietly collect and publish personal details without your consent, making your privacy vulnerable with just a few clicks.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. A woman searching for herself online. (Kurt "CyberGuy" Knutsson)How your address gets exposed online and who’s using itIf you’ve ever searched for your name and found personal details, like your address, on unfamiliar websites, you’re not alone. People finder platforms collect this information from public records and third-party data brokers, then publish and share it widely. They often link your address to other details such as phone numbers, email addresses and even relatives.11 EASY WAYS TO PROTECT YOUR ONLINE PRIVACY IN 2025While this data may already be public in various places, these sites make it far easier to access and monetize it at scale. In one recent breach, more than 183 million login credentials were exposed through an unsecured database. Many of these records were linked to physical addresses, raising concerns about how multiple sources of personal data can be combined and exploited.Although people finder sites claim to help reconnect friends or locate lost contacts, they also make sensitive personal information available to anyone willing to pay. This includes scammers, spammers and identity thieves who use it for fraud, harassment, and targeted scams. A woman searching for herself online. (Kurt "CyberGuy" Knutsson)How do people search sites get your home address?First, let’s define two sources of information; public and private databases that people search sites use to get your detailed profile, including your home address. They run an automated search on these databases with key information about you and add your home address from the search results. 1. Public sourcesYour home address can appear in:Property deeds: When you buy or sell a home, your name and address become part of the public record.Voter registration: You need to list your address when voting.Court documents: Addresses appear in legal filings or lawsuits.Marriage and divorce records: These often include current or past addresses.Business licenses and professional registrations: If you own a business or hold a license, your address can be listed.WHAT IS ARTIFICIAL INTELLIGENCE (AI)?These records are legal to access, and people finder sites collect and repackage them into detailed personal profiles.2. Private sourcesOther sites buy your data from companies you’ve interacted with:Online purchases: When you buy something online, your address is recorded and can be sold to marketing companies.Subscriptions and memberships: Magazines, clubs and loyalty programs often share your information.Social media platforms: Your location or address details can be gathered indirectly from posts, photos or shared information.Mobile apps and websites: Some apps track your location.People finder sites buy this data from other data brokers and combine it with public records to build complete profiles that include address information. A woman searching for herself online. (Kurt "CyberGuy" Knutsson)What are the risks of having your address on people finder sites?The Federal Trade Commission (FTC) advises people to request the removal of their private data, including home addresses, from people search sites due to the associated risks of stalking, scamming and other crimes.People search sites are a goldmine for cybercriminals looking to target and profile potential victims as well as plan comprehensive cyberattacks. Losses due to targeted phishing attacks increased by 33% in 2024, according to the FBI. So, having your home address publicly accessible can lead to several risks:Stalking and harassment: Criminals can easily find your home address and threaten you.Identity theft: Scammers can use your address and other personal information to impersonate you or fraudulently open accounts.Unwanted contact: Marketers and scammers can use your address to send junk mail or phishing or brushing scams.Increased financial risks: Insurance companies or lenders can use publicly available address information to unfairly decide your rates or eligibility.Burglary and home invasion: Criminals can use your location to target your home when you’re away or vulnerable.How to protect your home addressThe good news is that you can take steps to reduce the risks and keep your address private. However, keep in mind that data brokers and people search sites can re-list your information after some time, so you might need to request data removal periodically.I recommend a few ways to delete your private information, including your home address, from such websites.1. Use personal data removal services: Data brokers can sell your home address and other personal data to multiple businesses and individuals, so the key is to act fast. If you’re looking for an easier way to protect your privacy, a data removal service can do the heavy lifting for you, automatically requesting data removal from brokers and tracking compliance.While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web2. Opt out manually : Use a free scanner provided by a data removal service to check which people search sites that list your address. Then, visit each of these websites and look for an opt-out procedure or form: keywords like "opt out," "delete my information," etc., point the way.Follow each site’s opt-out process carefully, and confirm they’ve removed all your personal info, otherwise, it may get relisted.3. Monitor your digital footprint: I recommend regularly searching online for your name to see if your location is publicly available. If only your social media profile pops up, there’s no need to worry. However, people finder sites tend to relist your private information, including your home address, after some time.4. Limit sharing your address online: Be careful about sharing your home address on social media, online forms and apps. Review privacy settings regularly, and only provide your address when absolutely necessary. Also, adjust your phone settings so that apps don’t track your location.Kurt’s key takeawaysYour home address is more vulnerable than you think. People finder sites aggregate data from public records and private sources to display your address online, often without your knowledge or consent. This can lead to serious privacy and safety risks. Taking proactive steps to protect your home address is essential. Do it manually or use a data removal tool for an easier process. By understanding how your location is collected and taking measures to remove your address from online sites, you can reclaim control over your personal data.CLICK HERE TO GET THE FOX NEWS APPHow do you feel about companies making your home address so easy to find? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 13, 2025Ravie LakshmananWeb Security / Network Security Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute code. The cybersecurity company has given the technique an alternate name JSFireTruck owing to the profanity involved. "Multiple websites have been identified with injected malicious JavaScript that uses JSFireTruck obfuscation, which is composed primarily of the symbols [, ], +, $, {, and }," security researchers Hardik Shah, Brad Duncan, and Pranay Kumar Chhaparwal said. "The code's obfuscation hides its true purpose, hindering analysis." Further analysis has determined that the injected code is designed to check the website referrer ("document.referrer"), which identifies the address of the web page from which a request originated. Should the referrer be a search engine such as Google, Bing, DuckDuckGo, Yahoo!, or AOL, the JavaScript code redirects victims to malicious URLs that can deliver malware, exploits, traffic monetization, and malvertising. Unit 42 said its telemetry uncovered 269,552 web pages that have been infected with JavaScript code using the JSFireTruck technique between March 26 and April 25, 2025. A spike in the campaign was first recorded on April 12, when over 50,000 infected web pages were observed in a single day. "The campaign's scale and stealth pose a significant threat," the researchers said. "The widespread nature of these infections suggests a coordinated effort to compromise legitimate websites as attack vectors for further malicious activities." Say Hello to HelloTDS The development comes as Gen Digital took the wraps off a sophisticated Traffic Distribution Service (TDS) called HelloTDS that's designed to conditionally redirect site visitors to fake CAPTCHA pages, tech support scams, fake browser updates, unwanted browser extensions, and cryptocurrency scams through remotely-hosted JavaScript code injected into the sites. The primary objective of the TDS is to act as a gateway, determining the exact nature of content to be delivered to the victims after fingerprinting their devices. If the user is not deemed a suitable target, the victim is redirected to a benign web page. "The campaign entry points are infected or otherwise attacker-controlled streaming websites, file sharing services, as well as malvertising campaigns," researchers Vojtěch Krejsa and Milan Špinka said in a report published this month. "Victims are evaluated based on geolocation, IP address, and browser fingerprinting; for example, connections through VPNs or headless browsers are detected and rejected." Some of these attack chains have been found to serve bogus CAPTCHA pages that leverage the ClickFix strategy to trick users into running malicious code and infecting their machines with a malware known as PEAKLIGHT (aka Emmenhtal Loader), which is known to server information stealers like Lumma. Central to the HelloTDS infrastructure is the use of .top, .shop, and .com top-level domains that are used to host the JavaScript code and trigger the redirections following a multi-stage fingerprinting process engineered to collect network and browser information. "The HelloTDS infrastructure behind fake CAPTCHA campaigns demonstrates how attackers continue to refine their methods to bypass traditional protections, evade detection, and selectively target victims," the researchers said. "By leveraging sophisticated fingerprinting, dynamic domain infrastructure, and deception tactics (such as mimicking legitimate websites and serving benign content to researchers) these campaigns achieve both stealth and scale." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Scammers are using AI tools to create increasingly convincing ways to trick victims into sending money, and to access the personal information needed to commit identity theft. Deepfakes mean they can impersonate the voice of a friend or family member, and even fake a video call with them! The result can be criminals taking out thousands of dollars worth of loans or credit card debt in your name. Fortunately there are steps you can take to protect yourself against even the most sophisticated scams. Here are the security and privacy checks to run to ensure you are safe … 9to5Mac is brought to by Incogni: Protect your personal info from prying eyes. With Incogni, you can scrub your deeply sensitive information from data brokers across the web, including people search sites. Incogni limits your phone number, address, email, SSN, and more from circulating. Fight back against unwanted data brokers with a 30-day money back guarantee. Use a password manager At one time, the advice might have read “use strong, unique passwords for each website and app you use” – but these days we all use so many that this is only possible if we use a password manager. This is a super-easy step to take, thanks to the Passwords app on Apple devices. Each time you register for a new service, use the Passwords app (or your own preferred password manager) to set and store the password. Replace older passwords You probably created some accounts back in the days when password rules were much less strict, meaning you now have some weak passwords that are vulnerable to attack. If you’ve been online since before the days of password managers, you probably even some passwords you’ve used on more than one website. This is a huge risk, as it means your security is only as good as the least-secure website you use. What happens is attackers break into a poorly-secured website, grab all the logins, then they use automated software to try those same logins on hundreds of different websites. If you’ve re-used a password, they now have access to your accounts on all the sites where you used it. Use the password change feature to update your older passwords, starting with the most important ones – the ones that would put you most at risk if your account where compromised. As an absolute minimum, ensure you have strong, unique passwords for all financial services, as well as other critical ones like Apple, Google, and Amazon accounts. Make sure you include any accounts which have already been compromised! You can identify these by putting your email address into Have I Been Pwned. Use passkeys where possible Passwords are gradually being replaced by passkeys. While the difference might seem small in terms of how you login, there’s a huge difference in the security they provide. With a passkey, a website or app doesn’t ask for a password, it instead asks your device to verify your identity. Your device uses Face ID or Touch ID to do so, then confirms that you are who you claim to be. Crucially, it doesn’t send a password back to the service, so there’s no way for this to be hacked – all the service sees is confirmation that you successfully passed biometric authentication on your device. Use two-factor authentication A growing number of accounts allow you to use two-factor authentication (2FA). This means that even if an attacker got your login details, they still wouldn’t be able to access your account. 2FA works by demanding a rolling code whenever you login. These can be sent by text message, but we strongly advise against this, as it leaves you vulnerable to SIM-swap attacks, which are becoming increasingly common. In particular, never use text-based 2FA for financial services accounts. Instead, select the option to use an authenticator app. A QR code will be displayed which you scan in the app, adding that service to your device. Next time you login, you just open the app to see a 6-digit rolling code which you’ll need to enter to login. This feature is built into the Passwords app, or you can use a separate one like Google Authenticator. Check last-login details Some services, like banking apps, will display the date and time of your last successful login. Get into the habit of checking this each time you login, as it can provide a warning that your account has been compromised. Use a VPN service for public Wi-Fi hotspots Anytime you use a public Wi-Fi hotspot, you are at risk from what’s known as a Man-in-the-Middle (MitM) attack. This is where someone uses a small device which uses the same name as a public Wi-Fi hotspot so that people connect to it. Once you do, they can monitor your internet traffic. Almost all modern websites use HTTPS, which provides an encrypted connection that makes MitM attacks less dangerous than they used to be. All the same, the exploit can expose you to a number of security and privacy risks, so using a VPN is still highly advisable. Always choose a respected VPN company, ideally one which keeps no logs and subjects itself to independent audits. I use NordVPN for this reason. Don’t disclose personal info to AI chatbots AI chatbots typically use their conversations with users as training material, meaning anything you say or type could end up in their database, and could potentially be regurgitated when answering another user’s question. Never reveal any personal information you wouldn’t want on the internet. Consider data removal It’s likely that much of your personal information has already been collected by data brokers. Your email address and phone number can be used for spam, which is annoying enough, but they can also be used by scammers. For this reason, you might want to scrub your data from as many broker services as possible. You can do this yourself, or use a service like Incogni to do it for you. Triple-check requests for money Finally, if anyone asks you to send them money, be immediately on the alert. Even if seems to be a friend, family member, or your boss, never take it on trust. Always contact them via a different, known communication channel. If they emailed you, phone them. If they phoned you, message or email them. Some people go as far as agreeing codewords with family members to use if they ever really do need emergency help. If anyone asks you to buy gift cards and send the numbers to them, it’s a scam 100% of the time. Requests to use money transfer services are also generally scams unless it’s something you arranged in advance. Even if you are expecting to send someone money, be alert for claims that they have changed their bank account. This is almost always a scam. Again, contact them via a different, known comms channel. Photo by Christina @ wocintechchat.com on Unsplash Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

In addition to the flood of spam texts you receive on a daily basis, your email inbox is likely filled with newsletters, promotions, and other messages that you don't care to read and perhaps don't know why you receive. But you shouldn't just start clicking unsubscribe links, which may open you up to certain cybersecurity risks. Email unsubscribe links may be maliciousWhile email unsubscribe links may seem innocuous, especially if you generally trust the sender, security experts say there are a number of ways in which threat actors can leverage these links for malicious purposes. Like responding to a spam text or answering a spam call, clicking "unsubscribe" confirms that your email address is active, giving cyber criminals an incentive to keep targeting you.In some cases, unsubscribe links can be hijacked to send users to phishing websites, where you are asked to enter your login credentials to complete the process. According to the folks at DNSFilter, one in every 644 clicks of email unsubscribe links can land you on a malicious website. While you do have to confirm your email address in some legitimate cases, you shouldn't enter a password, which is likely a scam. Bottom line: If you don't trust the sender, you certainly shouldn't trust any links contained within the email. How to safely unsubscribe from emails Even if unsubscribe links are safe, it's a pain to go through the multi-step process of clicking through individual emails and opening new browser windows to confirm. To minimize hassle and avoid the risk of malicious links in individual emails, you can use unsubscribe features built into your email client, which are less likely to be compromised by threat actors because they aren't tied to the email itself. In Gmail, tap More > Manage subscriptions in your left-hand navigation bar (Menu > Manage subscriptions on mobile) and scroll to the sender. Click Unsubscribe to the right of the number of emails sent recently. You can also unsubscribe from individual emails by opening the message and clicking Unsubscribe next to the sender's name. In some cases, you may be directed to the sender's website to complete the process. (Note that Gmail may not consider all email campaigns eligible for one-click unsubscribe.) You can also mark the message as spam or block the sender. In Outlook, go to Settings > Mail > Subscriptions > Your current subscriptions and select Unsubscribe, then tap OK. Alternatively, you can block the sender by clicking the three dots and selecting Block > OK. Alternatively, you can filter unwanted emails to a different folder (including spam), so while you'll still receive them, they won't clog up your main inbox. In Gmail, open the message then click More > Filter messages like these to set up filter criteria, whether that's sending to another folder, deleting it, or marking it as spam. You can create similar rules in Outlook by right-clicking the message in your message list and going to Rules > Create rule. A final option is to use a disposable email alias to subscribe to newsletters and promotional emails or when signing up for accounts, which makes it easy to filter messages or delete the address entirely without affecting your main inbox.