Happy New Year 2025

Tag: sneaky

  • Don’t fall for that sneaky iCloud storage alert in your inbox

    Don’t fall for that sneaky iCloud storage alert in your inbox

    iCloud scams are becoming increasingly sophisticated, targeting unsuspecting users with urgent messages about their accounts. Our team recently received two suspicious iCloud emails. We want to share our experience and provide comprehensive steps on how to identify and protect yourself from these scams.

    GET SECURITY ALERTS + EXPERT TECH TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

    iCloud email scam (Kurt “CyberGuy” Knutsson)

    The anatomy of iCloud scams

    iCloud scams typically follow a pattern designed to create a sense of urgency and fear. Let’s break down the two emails our team received below. Here is the urgent wording that the scammers used, “Payment Failure for iCloud Storage Renewal” and “iCloud Suspended. Fix it before Mon, 13 January 2025.” Both emails share common characteristics of phishing attempts, including urgent language, threats of account suspension or data loss, requests to update payment information, links to external websites and vague or incorrect account details. These emails are crafted to look legitimate, often mimicking Apple’s branding and tone. However, they contain several red flags that indicate they are scams.

    Don't fall for that sneaky iCloud storage alert in your inbox

    iCloud email scam (Kurt “CyberGuy” Knutsson)

    BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS

    How to identify iCloud scams

    To protect yourself from falling victim to these scams, look out for these telltale signs:

    • Check the sender’s email address: Legitimate Apple emails will always come from “@apple.com” or “@icloud.com” domains. The scam email address is not even close to that.
    Don't fall for that sneaky iCloud storage alert in your inbox

    iCloud email scam showing the sender’s bogus email address (Kurt “CyberGuy” Knutsson)

    • Look for spelling and grammatical errors: Scam emails often contain mistakes that official communications wouldn’t have.
    • Be wary of urgent deadlines: Scammers create arbitrary deadlines to pressure you into acting quickly without thinking.
    • Verify account details: If the email mentions account information, check if it matches your actual iCloud details.
    • Hover over links without clicking: This allows you to preview the URL and check if it’s legitimate, as in the example below, which, as you can see, is not from Apple.
    Don't fall for that sneaky iCloud storage alert in your inbox

    iCloud email scam showing the URL preview being bogus (Kurt “CyberGuy” Knutsson)

    Steps to protect yourself

    If you receive a suspicious email claiming to be from Apple or iCloud, follow these steps:

    • Don’t click any links or download attachments: These could lead to phishing sites or install malware on your device.
    • Use strong antivirus software: Consider installing reputable antivirus software to help protect against malware. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
    • Check your account directly: Instead of using links in the email, go directly to appleid.apple.com or check your device settings.
    • Update your Apple ID password: If you suspect your account may have been compromised, change your password immediately.
    • Enable two-factor authentication (2FA): 2FA adds an extra layer of security to your Apple ID.
    • Report the phishing attempt: Forward suspicious emails to [email protected].
    Don't fall for that sneaky iCloud storage alert in your inbox

    iCloud email scam (Kurt “CyberGuy” Knutsson)

    • Invest in personal data removal services: While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

    THAT APPLE ID DISABLED MESSAGE? IT’S A DANGEROUS SCAM

    What to do if you’ve been scammed

    Follow these steps if you think you may have fallen for an iCloud scam.

    1) Change your Apple ID password immediately: Ensure you create a strong, unique password that you haven’t used on other accounts.

    2) Check for any unauthorized changes to your account settings or payment information: Go to account.apple.com and review any devices, personal information or security settings that look unfamiliar.

    3) Contact Apple Support directly through official channels for assistance: Forward the suspicious email to [email protected] or [email protected] to help Apple track and block these scams.

    4) Monitor your financial accounts for any suspicious activity: If you provided payment information, cancel and replace your credit card immediately and pay close attention to even small unauthorized charges.

    5) Consider placing a fraud alert on your credit reports: Report the scam to the Federal Trade Commission and Internet Crime Complaint Center to help combat these fraudulent activities.

    6) Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

    FBI’S NEW WARNING ABOUT AI-DRIVEN SCAMS THAT ARE AFTER YOUR CASH

    Kurt’s key takeaways

    Remember, Apple will never ask you to provide personal information, passwords or security codes via email, text message or phone call. If you’re ever in doubt about the legitimacy of a communication from Apple, always err on the side of caution and contact Apple directly through their official website or support channels. By staying vigilant and following these guidelines, you can better protect yourself from iCloud scams and keep your personal information secure. Don’t let the urgency of these messages cloud your judgment. Take a moment to verify before you act, and you’ll be much safer in the long run.

    Have you ever been targeted by an iCloud or Apple-related scam? Let us know by writing us at Cyberguy.com/Contact.

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

    Ask Kurt a question or let us know what stories you’d like us to cover.

    Follow Kurt on his social channels:

    Answers to the most asked CyberGuy questions:

    New from Kurt:

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    February 11, 2025
  • Cybercriminals’ sneaky game plan to take advantage of Super Bowl fans

    Cybercriminals’ sneaky game plan to take advantage of Super Bowl fans

    Super Bowl LIX is set to take place this Sunday at the Caesars Superdome in New Orleans and is expected to draw a record-breaking audience of 116.8 million viewers. While this massive event generates excitement, it also attracts cybercriminals looking to exploit unsuspecting fans. Here are four common ways hackers target football fans leading up to the big game.

    GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

    An American flag on the football field (Kurt “CyberGuy” Knutsson)

    Scam tactic #1: Mobile phishing and payment app scams

    Cybercriminals will try to exploit the Super Bowl’s reliance on digital ticketing and mobile apps. Fans may receive text messages or social media alerts that appear to be from official payment apps, urging them to “confirm” their information for last-minute ticket upgrades or exclusive merchandise deals. These phishing attempts could lead to fake websites designed to steal banking details.

     HOW TO SCORE A GREAT DEAL ON A TV BEFORE THE SUPER BOWL

    Scam tactic #2: Pay-to-play scams

    Scammers create fake “exclusive raffles” or contests, claiming fans have a chance to win VIP tickets or unique experiences if they pay a small entry fee. These scams often rely on urgency and the fear of missing out. The Better Business Bureau has warned about fraudulent sports betting apps encouraging users to place “guaranteed bets on upcoming games.”

    Cybercriminals' sneaky game plan to take advantage of Super Bowl fans

    Referee holding official NFL football (Kurt “CyberGuy” Knutsson)

    TECH THAT’S SURE TO MAKE YOUR SUPER BOWL PARTY A HUGE SUCCESS

    Scam tactic #3: Unauthorized ticket resellers

    Scoring last-minute Super Bowl tickets can feel like a victory until you find out they are fake. Sketchy ticket resellers flood search results and social media with deals that seem too good to be true. Online ticket fraud is becoming increasingly common. While some tickets may be legitimate, many are not, with fans spending hundreds or even thousands of dollars for nothing.

    Scammers often utilize automation and artificial intelligence to identify and target potential victims based on the language used in their posts. For instance, scammers search for popular buzzwords and hashtags that people use when looking to buy tickets, such as #SuperBowl, #SuperBowlTickets or #LookingForTickets. They then respond to these posts with messages that contain links to other platforms like WhatsApp, Telegram or Cash App, where they attempt to finalize fraudulent deals.

    Cybercriminals' sneaky game plan to take advantage of Super Bowl fans

    Super Bowl hashtags on social media (Kurt “CyberGuy” Knutsson)

    HOW TO GET YOUR TV GAME-READY FOR THE SUPER BOWL

    ​​Scam tactic #4: Social media scams

    If a social media ad is offering free NFL tickets or merchandise, there is a catch. These scams appear everywhere, promising fans exclusive giveaways if they cover a small shipping fee or provide personal details. The posts look official, sometimes even using fake endorsements from players or teams, making them easy to fall for. 

    Scammers also use cross-platform operations to evade detection and bans by social media platforms. They will identify and initiate communications with you on one social media platform before requesting you switch to another. This is likely an attempt to prevent one social media platform from gaining full insight into fraudulent activity and banning accounts.

    The moment you enter your information or payment details, you have handed cybercriminals access to your bank account. And those free tickets or jerseys never arrive. Scammers rely on the excitement of game day to push people into acting without thinking. The truth is simple. If it sounds too good to be true, it probably is.

    Scam tactic #5: Offering massive discounts

    Finally, scammers may offer massive discounts for Super Bowl tickets to entice you to buy quickly. They may state they just want to sell the tickets “last minute” to justify large, attractive discounts, such as 50% off or more. They may also claim to have a personal or professional reason for not being able to attend the event, such as a family emergency or a work conflict. Scammers often use these excuses to pressure victims into making hasty decisions and transferring money without verifying the tickets.

    Cybercriminals' sneaky game plan to take advantage of Super Bowl fans

    Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

    MOST TALKED ABOUT SUPER BOWL ADS

    Safeguarding your Super Bowl experience from cyber threats

    While scammers will try to prey on Super Bowl fans, you are not completely helpless. Dave Lewis, Global Advisory CISO at 1Password, shared some tips on staying safe leading up to the games. These are not complicated strategies, just simple cybersecurity practices that are easy to follow.

    1) Buy tickets from trusted sources: Only purchase from official sites/apps and other reputable channels. Double-check URLs to avoid lookalike sites (which are designed to mimic legitimate event pages). Platforms like Facebook Marketplace, Eventbrite and Nextdoor are also hot spots for scams, so be cautious of sellers “requiring a deposit” through peer-to-peer financial apps like Cash App, Venmo or Zelle.

    2) Watch out for event-related phishing attacks: If a deal seems too good to be true, it probably is. Cybercriminals often time their phishing attacks around large events like the Super Bowl, offering fake discount tickets, VIP experiences, free food vouchers, etc. Always verify offers through the event’s official website or app and never agree to anything over the phone. Double-check the sender’s email address and hover over links before clicking to ensure they lead to legitimate event sites. 

    The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

    3) Keep your phone software and apps updated: Regularly update your device’s operating system (i.e., iOS, macOS, Windows, Android, others). “While constant notifications can be an annoyance at the moment, these updates are essential for keeping your devices secure,” Lewis said. If you’re not sure how to get started, check out this extensive guide on how to update all your devices.

    4) Use strong, unique passwords and enable two-factor authentication (2FA): Create complex passwords for all your accounts, especially those related to ticket purchases or event information. Use a password manager to generate and store these securely. Enable 2FA wherever possible, particularly for email and payment accounts. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. For the Super Bowl, this is especially crucial for any official NFL or ticketing apps you might be using.

    5) Be wary of QR codes: While convenient, QR codes can be exploited by hackers for malicious purposes. Only scan QR codes from trusted sources, such as the official event organizer. If unsure, check for signs of tampering, like stickers placed over legitimate codes or poor print quality. When in doubt, don’t scan it. As a precaution, always keep your antivirus software running to prevent malware infections from scanning a scam QR code. If you don’t have antivirus software, check out my top recommendations here.

    6) Beware of scammers using social engineering techniques: For example, they may encourage you to transfer money immediately as they allegedly have other prospective buyers. They may also use emotional appeals, such as sympathy, guilt or urgency, to manipulate you into making a decision. Scammers often use these tactics to pressure victims into paying before verifying the tickets.

    7) Be wary of individuals showing receipts or proof of purchase: This is not a guarantee that an individual is in possession of a ticket, and it can be easily faked. Scammers can use fake receipts to convince victims that they bought the tickets from legitimate sources, such as Ticketmaster, StubHub or SeatGeek.

    8) Exercise caution when interacting with individuals asking for you to “name your price” or are selling below ticket value: This may be a sign that they are trying to lure you into a scam with a too-good-to-be-true offer. Scammers often use this strategy to attract victims who are looking for cheap or affordable tickets.

    9) Be cautious when interacting with people claiming to sell tickets on behalf of a friend or family member: This may provide an excuse for scammers using compromised bank accounts with the account holder’s name different from the social media account being used. Scammers often use this pretext to explain the discrepancy between the names on the accounts.

    10) Review the account’s recent history: Some scammers may claim to be selling tickets to multiple high-profile events, such as sports games, music concerts and conferences at one time. This may indicate that they are running a large-scale scam operation and are not genuine sellers. Scammers often post multiple ads for different events on the same or different platforms, using the same or similar images and descriptions.

    11) Exercise caution and validate ownership: Do this even when purchasing items from friends or friends of friends on social media. A family member or friend’s account can be compromised and used by a scammer. Friends of the victim can vouch for the account user as a legitimate seller, not realizing the account had been hacked.

    MASSIVE SECURITY FLAW PUTS MOST POPULAR BROWSERS AT RISK ON MAC

    Kurt’s key takeaway

    Scammers are always looking for new ways to take advantage of football fans, especially during major events like the Super Bowl. Whether it is fake ticket sales, phishing scams or bogus giveaways, the risks are real. You can easily avoid becoming a victim of these types of attacks by staying vigilant and being cautious of emails and links that ask for personal information.

    Do you think the NFL or other major sports leagues are doing enough to protect fans from these scams? Let us know by writing us at Cyberguy.com/Contact.

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

    Ask Kurt a question or let us know what stories you’d like us to cover.

    Follow Kurt on his social channels:

    Answers to the most asked CyberGuy questions:

    New from Kurt:

    Copyright 2025 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    February 4, 2025
  • Scammers find sneaky way to bypass your iPhone’s safety features

    Scammers find sneaky way to bypass your iPhone’s safety features

    In an alarming development, cybercriminals have devised a new method to circumvent Apple’s built-in phishing protection for iMessage, potentially exposing you to malicious links and scams. This sophisticated tactic exploits a security feature designed to protect you, turning it into a vulnerability that could lead to significant personal and financial risks.

    I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

    Enter the giveaway by signing up for my free newsletter.

    Scammer’s phishing text message sent to iPhone (Kurt “CyberGuy” Knutsson)

    The trick unveiled

    Apple’s iMessage automatically disables links in messages from unknown senders as a security measure. However, cybercriminals have found a way to exploit this protection. By instructing you to reply to the message, often with a simple “Y,” the attackers can re-enable previously disabled links. This seemingly innocuous action not only activates the links but also signals to the scammers that they’ve found an engaged target for future attacks.

    We reached out to Apple for a comment but did not hear back before our deadline.

    Scammers find sneaky way to bypass your iPhone's safety features

    Scammer’s phishing text message sent to iPhone (Kurt “CyberGuy” Knutsson)

    HOW TO PROTECT YOUR IPHONE & IPAD FROM MALWARE

    Common phishing lures

    These deceptive messages often masquerade as notifications from trusted organizations, such as:

    • Undeliverable packages from courier services (USPS, DHL, FedEx)
    • Unpaid road tolls
    • Outstanding payments or fees

    The messages typically end with instructions like: “(Please reply Y, then exit the SMS, re-open the SMS activation link, or copy the link to open in Safari).”

    Scammers find sneaky way to bypass your iPhone's safety features

    Scammer’s phishing text messages sent to iPhone (Kurt “CyberGuy” Knutsson)

    THE ONE SIMPLE TRICK TO HELP KEEP OUT CYBER CREEPS ON IPHONE

    The rising threat of smishing

    This new tactic is part of a broader trend of smishing (SMS phishing) attacks targeting mobile users. With the increasing reliance on smartphones for various activities, including financial transactions and personal communications, these attacks pose a significant threat to users’ security and privacy.

    DOES MY IPHONE NEED ANTIVIRUS PROTECTION?

    How to protect yourself

    To safeguard against these sophisticated phishing attempts, consider the following steps.

    1) Never reply to suspicious messages: Avoid responding to texts from unknown senders, especially those asking you to reply to activate links. Additionally, make sure to delete suspicious text messages and block the sender to prevent further attempts. Since the sender is not in your contact list, you can click Report Junk at the bottom of the text. Then click Delete and Report Junk. This will report the conversation as junk by sending it to your wireless carrier and Apple using your phone number.

    2) Verify sender identity: Contact organizations directly through official channels if you’re unsure about a message’s legitimacy.

    3) Be skeptical of urgency: Scammers often use urgent language to prompt quick, thoughtless actions.

    4) Enable message filtering: Use your device’s built-in filtering options to sort messages from unknown senders. Here are the steps:

    • Open Settings
    • Scroll down and click Apps 
    • Tap Messages
    • Turn on Filter Unknown Senders

    This feature allows you to automatically sort messages from unknown senders, easily filter unread messages and manage your message inbox more efficiently.

    5) Use two-factor authentication (2FA): 2FA adds an extra layer of security to your accounts by requiring a second form of verification, such as a text message or authentication app, in addition to your password. This significantly reduces the risk of unauthorized access, even if your password is compromised.

    6) Have strong antivirus software: The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

    7) Invest in personal data removal services: By reducing your online footprint, you make it harder for cybercriminals to obtain your contact information, potentially preventing them from sending you these deceptive iMessage phishing texts in the first place. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

    What to do if you’ve been targeted

    If you suspect you’ve fallen victim to a smishing attack:

    • Report the incident to relevant authorities and institutions
    • Freeze your credit to prevent potential identity fraud
    • Change passwords and PINs for all your accounts; consider using a password manager to generate and store complex passwords
    • Monitor your finances and online accounts for suspicious activity
    • Use an identity theft protection service: Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.

    One of the best parts of some identity theft protection services is that they have identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

    Kurt’s key takeaways

    This latest trick targeting iMessage users serves as a reminder that even seemingly secure systems can be vulnerable to social engineering. By remaining cautious and following best practices for digital security, you can significantly reduce your risk of falling victim to these sophisticated phishing attempts.

    What other cybersecurity challenges have you encountered with your mobile devices, and what questions do you have for us? Let us know by writing us at Cyberguy.com/Contact.

    For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

    Ask Kurt a question or let us know what stories you’d like us to cover.

    Follow Kurt on his social channels:

    Answers to the most asked CyberGuy questions:

    New from Kurt:

    Copyright 2024 CyberGuy.com. All rights reserved.

    Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

    January 27, 2025