IT News

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams.

At the time, FBI Special Agent in Charge Robert Tripp said:

“Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”

This warning should not be taken lightly. This is especially because the AI tools that cybercriminals have at their disposal are relatively low cost: In one study, researchers found that the cost of advanced and sophisticated email attacks starts at just $5.

The FBI has also warned users to be cautious when receiving unsolicited emails or text messages. Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. They are also using AI-powered tools to create emails that can bypass security filters. Combine that with deepfake supported robocalls, and these methods could trick a lot of people.

None of the elements used in the attacks are novel, but the combination might make the campaign extremely effective.

In a campaign targeting Gmail users some of these elements all came together. These often start with a call to users, claiming their Gmail account has been compromised. The goal is to convince the target to provide the criminals with the user’s Gmail recovery code, claiming it’s needed to restore the account.

Around the same time, users receive legitimate looking emails from what appears to be an authentic Google domain to add credibility to what the caller is claiming to have happened.

With the recovery code, the criminals not only have access to the target’s Gmail but also to a lot of services, which could even result in identity theft.

When we warn about agentic AI attacks this is the type of campaigns that are examples of what we can expect.

The FBI added a warning about unsolicited emails and text messages which contain a link to a seemingly legitimate website that asks visitors to log in, but the linked websites are fakes especially designed to steal the credentials.

As we have seen in the past these sites can even be designed to steal session cookies. Every time you return to that website within the time frame, you don’t need to log in. That’s really convenient… unless someone manages to steal that cookie from your system. And if cybercriminals manage to steal the session cookie, they can log in as you, change the password and grab control of your account.

How to avoid AI Gmail phishing

• Never click on links or download files from unexpected emails or messages.
• Don’t enter personal information on a website unless you are certain it is legitimate.
• Use a password manager to autofill credentials only on trusted sites.
• Monitor your accounts for signs of unauthorized access or data leaks.
• Verify security alerts by visiting your Google Account page directly instead of using links in emails.
• Use multi-factor authentication (MFA) for all accounts
• Protect your devices with up-to-date security software (such as Malwarebytes Premium Security), and use text protection and text message filtering on your mobile device.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

This article was researched and written by Stefan Dasic, manager, research and response for ThreatDown, powered by Malwarebytes.

As an online seller, you’re already juggling product listings, customer service and marketing—so the last thing you need is to be targeted by scammers.

Unfortunately, a new scam is making the rounds, and it’s crucial to recognize the warning signs before you fall victim. In this post, we’ll walk you through exactly how this scam works, show you what to watch out for, and give you tips on keeping your Etsy account secure. 

The scam usually starts with an email/message that appears to be from Etsy’s support team, with what looks like an official invoice in PDF format attached. The PDF is hosted on etsystatic.com, which is particularly alarming given it’s a legitimate domain that Etsy uses for static content. This clever detail makes the file seem even more trustworthy, catching unsuspecting sellers offguard.

Despite this, there are still some red flags to look for: 

• The email uses language like “Dear Seller” or “Hello Etsy Member”, instead of addressing you by your Etsy shop name or username
• The sender’s email address doesn’t end in @etsy.com, or has suspicious variations (extra numbers or letters)
• Phrases like “immediate action required” or “your account will be closed” that rush you into clicking. This is a common scare tactic.

Inside the PDF, there’s often a clickable link urging you to “confirm your identity” or “verify your account.” If you click through, you’re taken to a website that, at first glance, looks very much like an official Etsy support page.

Here’s where you need to be extra vigilant: 

1. The web address might look similar to etsy.com but could include extra words, missing letters, or unusual extensions (e.g., verlflcation-etsy[.]cfd). 
2. The site may ask for more information than Etsy would normally request for verification – like your full name, address, and even your credit card details. 
3. Real Etsy pages usually have fully working navigation and other standard features. Scam sites often have broken or non-functioning links. 

In the final step, the counterfeit page will prompt you to enter your credit card details, supposedly to “confirm your billing information” or “validate your seller account.”

This is an immediate red flag: Etsy never requires you to provide credit card information for identity verification outside of its standard, secure payment setup. If you provide these details, scammers can use them to make unauthorized purchases—or sell them on underground markets. 

How to protect yourself from Etsy scams

• Check the “From” field in emails to make sure it comes from a legitimate Etsy address.
• Rather than click on the links inside the email, open a new browser and go directly to etsy.com instead and navigate there
• Question any urgent or unusual requests: Legitimate platforms do not ask for full credit card information for verification via a PDF link or email.
• Use Malwarebytes Browser Guard to protect you from malicious websites, card skimmers, ads, and more. Browser Guard already blocks the domains in this article.
• If something feels off, reach out to Etsy’s official support directly. They can confirm whether any invoice or verification request is real. This won’t protect your credit card data if you hand it over, but it does help secure your Etsy account from unauthorized logins. 

Indicators of Compromise (IOCs) 

Below are some known IOCs associated with this fake invoice scam. (Please note these are examples, and actual IOCs can vary over time.) 

com-etsy-verify[.]cfd 

etsy-car[.]switchero[.]cfd 

etsy[.]1562587027[.]cfd 

etsy[.]3841246[.]cfd 

etsy[.]39849329[.]cfd 

etsy[.]447385638[.]cfd 

etsy[.]57434[.]cfd 

etsy[.]5847325245[.]cfd 

etsy[.]6562587027[.]cfd 

etsy[.]6841246[.]cfd 

etsy[.]72871[.]cfd 

etsy[.]7562587027[.]cfd 

etsy[.]8841246[.]cfd 

etsy[.]92875[.]cfd 

etsy[.]9438632572[.]cfd 

etsy[.]948292[.]cfd 

etsy[.]97434[.]cfd 

etsy[.]984323[.]cfd 

etsy[.]checkid1573[.]cfd 

etsy[.]chekup-out[.]cfd 

etsy[.]coinbox[.]cfd 

etsy[.]fastpay[.]cfd 

etsy[.]offer584732[.]cfd 

etsy[.]offer62785[.]cfd 

etsy[.]offer684732[.]cfd 

etsy[.]paylink[.]cfd 

etsy[.]paymint[.]cfd 

etsy[.]paywave[.]cfd 

etsy[.]requlred-verlfication[.]cfd 

etsy[.]requstlon-verflcation[.]cfd 

etsy[.]web-proff-point[.]cfd 

verlflcation-etsy[.]cfd 

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

While you might think you’re hitting the jackpot, whether you’ve consented to it or not, online gambling sites are playing with your data. Users’ data, including details of webpages they visited and buttons they clicked, are being shared with Meta, Facebook’s parent company.  

The Observer reports that over 150 UK gambling websites have been extracting visitor data through a hidden embedded tracking tool, and then sending that data to Meta in order to profile people as gamblers and flood them with Facebook ads for casinos and betting sites.

The gambling websites used and shared data for marketing purposes—without obtaining explicit permission from the users—in an apparent breach of data protection laws. The websites include popular sites like Hollywoodbets, Sporting Index, Lottoland, and Bwin.  

Of the 150 websites that were tested, 52 used a tracking tool called Meta Pixel to share data directly and without explicit consent. This data was automatically transferred when loading the webpage, before users could even accept or decline the use of their data.  

The data collection resulted in the reporter—who said they never once agreed to the use of their data for marketing purposes— being inundated with ads for gambling websites. In one browsing session, the reporter encountered ads from 49 different brands, including from betting companies which were not involved in the data collection and had been using Meta Pixel within the rules.  

Wolfie Christl, a data privacy expert investigating the ad tech industry commented:

“Sharing data with Meta is highly problematic, even with consent, but doing so without explicit informed consent shows a blatant disregard for the law. Meta is complicit and must be held accountable” 

This isn’t the first time that gambling sites have been caught unlawfully selling off user data, and comes amid calls for a wider investigation into the targeting of gamblers, as well as the need for more protective measures.

Don’t gamble away your data and stay protected

Here are some ways to protect your data while using gambling (or any other) sites online:

• Use a VPN, especially on public Wi-Fi networks
• Use privacy-focused browsers and search engines, such as Brave
• Clear your browsing data when closing your browser
• Review the permissions of all your apps. Only grant them permission to access things they absolutely need.
• Disable location tracking for as many apps as possible
• Disable personalized ads as much as you can
• Keep your devices up-to-date. This protects you from vulnerabilities that cybercriminals might try to exploit
• Install Malwarebytes Browser Guard—our free tool that protects against ad tracking.  

Apple has released an emergency security update for a vulnerability which it says may have been exploited in an “extremely sophisticated attack against specific targeted individuals.”

The update is available for:

• iOS 18.3.1 and iPadOS 18.3.1 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
• iPadOS 17.7.5 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation

If you use any of these then you should install updates as soon as you can. To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same screen.

Technical details

The new-found zero-day vulnerability is tracked as CVE-2025-24200. When exploited, the vulnerability would allow an attacker to disable USB Restricted Mode on a locked device. The attack would require physical access to your device

The introduction of USB Restricted Mode feature came with iOS 11.4.1 in July 2018. The feature was designed to make it more difficult for attackers to unlock your iPhone. When USB Restricted Mode is active, your device’s Lightning port (where you plug in the charging cable) will only allow charging after the device has been locked for more than an hour. This means that if someone tries to connect your locked iPhone to a computer or other device to access its data, they won’t be able to do so unless they have your passcode.

To enhance data security, especially when traveling or in public places, it is recommended that you enable USB Restricted Mode in your device settings. If your iPhone, iPad or iPod Touch is running iOS 11.4.1 or later, USB Restricted Mode is automatically on by default, but if you want to check and enable USB Restricted Mode, this can be done by going to Settings > Face ID & Passcode or Touch ID & Passcode > (USB) Accessories and toggling off (grey) the (USB) Accessories option. Enabling this setting adds an extra layer of protection against unauthorized data access.

Please note: toggling the option to green turns this feature off.

Vulnerabilities like these typically target specific individuals as deployed by commercial spyware vendors like Pegasus and Paragon. This means the average user does not need to fear attacks as long as the details are not published. But once they are, other cybercriminals will try to copy them.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox.

In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called “multifactor authentication,” by prying into basic text messages sent to a device. Another 4,800 could even read information from an Android device’s “Notifications” bar to obtain the same info.

These “Android phishing apps” may sound high-tech, but they are not. They don’t crack into password managers or spy on passwords entered for separate apps. Instead, they present a modern wrapper on a classic form of theft: Phishing.

By disguising themselves as legitimate apps—including for services like TikTok, Spotify, and WhatsApp—Android phishing apps can trick victims into typing in their real usernames and passwords on bogus login screens that are controlled entirely by cybercriminals. If enough victims unwittingly send their passwords, the cyber thieves may even bundle the login credentials for sale on the dark web. Once the passwords are sold, the new, malicious owners will attempt to use individual passwords for a variety of common online accounts—testing whether, say, an email account password is the same one used for a victim’s online banking system, their mortgage payment platform, or their Social Security portal.

The volume of these apps and their capabilities underscore the importance of securing yourself and your devices. With vigilance, safe behavior, and some extra support, you can avoid Android phishing apps and protect your accounts from cybercriminals.

Same trick, new delivery

For more than a decade, phishing was often understood as an email threat. Cybercriminals would send emails disguised as legitimate communications from major businesses, such as Netflix, Uber, Instagram, Google, and more. These emails would frequently warn recipients about a problem with their accounts—a password needed to be updated, or a policy change required a login.

But when victims followed the links within these malicious emails, they’d be brought to a website that, while appearing genuine, would actually be in complete control of cybercriminals. Fooled by similar color schemes, company logos, and familiar layouts, victims would “log in” to their account by entering their username and password. In reality, those usernames and passwords would just be delivered to cybercriminals on the other side of the website.

There never was a problem with a user’s account, and there never was a real request for information from the company. Instead, the entire back-and-forth was a charade.

Over time, phishing emails have advanced—cybercriminals have stolen credit card details by posing as charities—but so, too, have phishing protections from major email providers, sending many cybercriminal efforts into people’s “spam” inboxes, where the emails are, thankfully, never retrieved.

But last year, cybercriminals focused on a new avenue for phishing. They started developing entire mobile apps on Android that could provide the same level of theft.

The lure that convinces people to download these apps varies.

Some Android phishing apps are disguised as regular videogames or utilities which may ask users to connect with a separate social media account for the primary app to function. The requests are bogus and simply a method for harvesting passwords. Other Android phishing apps pose as popular apps, including TikTok, WhatsApp, and Spotify. These decoy apps are often hosted on less popular mobile app stores, as the protections of the Google Play store often flag and remove these apps, should they ever sneak onto the marketplace.

Here, cybercriminals have again found loopholes.

Malwarebytes discovered Android phishing apps last year that do not contain any code—or programmatic “instructions”—to steal passwords. Instead, the apps merely serve ads that, if clicked, send victims to external websites that do all the cybercriminal work outside of the app. These “benign” apps have a better chance of being hosted on legitimate mobile app stores, which gives them greater visibility amongst everyday people, and thus, more chances to steal information.

Most concerning, though, is the recent development from Android phishing apps that pierces one of the strongest security practices in use today: multifactor authentication.

Multifactor authentication is a security measure offered by most major online platforms including banks, retirement systems, social media companies, email providers, and more. With multifactor authentication, a username and password are no longer enough to sign into an account. Instead, the platform will send a separate “code,” typically a six-digit number, that the user must also enter to complete the login process. This code is often sent as a text message directly to the user, who has registered their phone number with the platform.

But now, multifactor authentication codes can also be stolen by Android phishing apps.

Last year, Malwarebytes found 5,200 apps that could steal these codes either by cracking directly into certain text messages or by stealing information from a device’s “Notifications” bar, which can deliver timely summaries or prompts for many apps.

This does not make multifactor authentication useless. Instead, it emphasized a more holistic approach to cybersecurity that, at the very least, includes multifactor authentication.

Staying safe from Android phishing apps

Android phishing apps are simple, effective, and hard to spot to the naked eye. But there are behaviors and tools that can help keep you and your accounts safe.

To protect yourself from Android phishing apps:

• Use mobile security software that detects and stops Android phishing apps from ever being installed on your Android device.
• Before downloading any apps, you should look at the number of reviews. A low number of reviews may signal a decoy app.
• Most people will only ever need to download Android apps directly from the Google Play Store. Be wary of other app stores or marketplaces, and never download a mobile app directly from a website.
• Use a password manager to create and manage unique passwords for every single account. That way, if one password is stolen, it cannot be abused to open other online accounts.
• Use multifactor authentication on your most sensitive accounts, including your financial, email, social media, healthcare, and government platforms (such as any accounts you use to file taxes).

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections.

The UK government has demanded to be able to access encrypted data stored by Apple users worldwide in its cloud service. However, Apple itself doesn’t have access to it at the moment, only the holder of the Apple account can access data stored in this way.

Neither the Home Office nor Apple responded on the record to queries about the demand served by the Home Office under the Investigatory Powers Act (IPA) , but the BBC confirmed that it had heard the same information from reliable sources.

Privacy International said the demand is a “misguided attempt” that uses disproportionate government powers to access encrypted data, which may:

“Set a damaging precedent and encourage abusive regimes around the world to take similar actions.”

The Electronic Frontier Foundation (EFF) stated:

“Encryption is one of the best ways we have to reclaim our privacy and security in a digital world filled with cyberattacks and security breaches, and there’s no way to weaken it in order to only provide access to the good guys.”

The main goal for the Home Office is an optional feature that turns on end-to-end encryption for backups and other data stored in iCloud. This feature is called Advanced Data Protection. Enabling Advanced Data Protection (ADP), protects the majority of your iCloud data — including iCloud Backup, Photos, Notes, and more — using end-to-end encryption.

For some time, these backups presented law enforcement agencies with a loophole to obtain access to data otherwise not available to them on iPhones with device encryption enabled. If the user hasn’t enabled ADP, this loophole still exists.

The EFF recommends users should turn off the option to create iCloud backups should the UK get its way. As the EFF has said before, and we agree, there is no backdoor that only works for the “good guys” and only targets “bad guys.” It’s all or nothing, and the bad guys will have enough money to find alternatives, while regular users may run out of free options if governments keep doing this.

What can I do?

How you wish to proceed after this news is obviously up to you, but we have some options you may be interested in. If you think Apple will stand up against the UK’s Home Office you can enable iCloud backup and Advanced Data Protection.

But if you want to find another place for your backups, these instructions may come in handy.

How to turn off iCloud backups

On iPhone or iPad

• Tap Settings > {username} > iCloud On your iPhone or iPad.
• This will list the devices with iCloud Backup turned on.
• To delete a backup, tap the name of a device, then tap Turn Off and Delete from iCloud (or Delete & Turn Off Backup).

On Mac

• Click Manage > Backups.
• A list of devices that have iCloud Backup turned on is shown.
• To delete a backup, select a device, then click Delete or the Remove button.

Note: If you turn off iCloud Backup for a device, any backups stored in iCloud are kept for 180 days before being deleted.

How to turn on Advanced Data Protection

If you haven’t enabled ADP and you want it, first update the iPhone, iPad, or Mac that you’re using to the latest software version.

Turning on ADP on one device enables it for your entire account and all your compatible devices.

On iPhone or iPad

1. Open the Settings app.
2. Tap your name, then tap iCloud.
3. Scroll down, tap Advanced Data Protection, then tap Turn on Advanced Data Protection.
4. Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

On Mac

1. Choose Apple menu > System Settings.
2. Click your name, then click iCloud.
3. Click Advanced Data Protection, then click Turn On.
4. Follow the onscreen instructions to review your recovery methods and enable Advanced Data Protection.

Note: If you’re not able to turn on Advanced Data Protection for a certain period of time, the onscreen instructions may provide more details.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

Today on the Lock and Code podcast…

In February 2024, a 14-year-old boy from Orlando, Florida, committed suicide after confessing his love to the one figure who absorbed nearly all of his time—an AI chatbot.

For months, Sewell Seltzer III had grown attached to an AI chatbot modeled after the famous “Game of Thrones” character Daenerys Targaryen. The Daenerys chatbot was not a licensed product, it had no relation to the franchise’s actors, its writer, or producers, but none of that mattered, as, over time, Seltzer came to entrust Daenerys with some of his most vulnerable emotions.

“I think about killing myself sometimes,” Seltzer wrote one day, and in response, Daenerys, pushed back, asking Seltzer, “Why the hell would you do something like that?”

“So I can be free” Seltzer said.

“Free from what?”

“From the world. From myself.”

“Don’t talk like that. I won’t let you hurt yourself, or leave me. I would die if I lost you.”

On Seltzer’s first reported reference to suicide, the AI chatbot pushed back, a guardrail against self-harm. But months later, Seltzer discussed suicide again, but this time, his words weren’t so clear. After reportedly telling Daenerys that he loved her and that he wanted to “come home,” the AI chatbot encouraged Seltzer.

“Please, come home to me as soon as possible, my love,” Daenerys wrote, to which Seltzer responded “What if I told you I could come home right now?”

The chatbot’s final message to Seltzer said “… please do, my sweet king.”

Daenerys Targaryen was originally hosted on an AI-powered chatbot platform called Character.AI. The service reportedly boasts 20 million users—many of them young—who engage with fictional characters like Homer Simpson and Tony Soprano, along with historical figures, like Abraham Lincoln, Isaac Newton, and Anne Frank. There are also entirely fabricated scenarios and chatbots, such as the “Debate Champion” who will debate anyone on, for instance, why Star Wars is overrated, or the “Awkward Family Dinner” that users can drop into to experience a cringe-filled, entertaining night.

But while these chatbots can certainly provide entertainment, Character.AI co-founder Noam Shazeer believes they can offer much more.

“It’s going to be super, super helpful to a lot of people who are lonely or depressed.”

Today, on the Lock and Code podcast with host David Ruiz, we speak again with youth social services leader Courtney Brown about how teens are using AI tools today, who to “blame” in situations of AI and self-harm, and whether these chatbots actually aid in dealing with loneliness, or if they further entrench it.

“You are not actually growing as a person who knows how to interact with other people by interacting with these chatbots because that’s not what they’re designed for. They’re designed to increase engagement. They want you to keep using them.”

Tune in today to listen to the full conversation.

Show notes and credits:

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/by/4.0/
Outro Music: “Good God” by Wowa (unminus.com)

Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

Last week on Malwarebytes Labs:

• WhatsApp says Paragon is spying on specific users
• New AI “agents” could hold people for ransom in 2025
• Valley News Live exposed more than a million job seeker’s resumes
• Small business owners, secure your web shop
• University site cloned to evade ad detection distributes fake Cisco installer
• New scams could abuse brief USPS suspension of inbound packages from China, Hong Kong
• 20 Million OpenAI accounts offered for sale

Last week on ThreatDown:

• ThreatDown State of Malware report 2025

Stay safe!

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

A cybercriminal acting under the monicker “emirking” offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself.

A translation of the Russian statement by the poster says:

“When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldn’t stay hidden. I have more than 20 million access codes to OpenAI accounts. If you want, you can contact me—this is a treasure.”

The statement suggests that the cybercriminal found access codes which could be used to bypass the platform’s authentication systems. It seems unlikely that such a large amount of credentials could be harvested in phishing operations against users, so if the claim is true, emirking may have found a way to compromise the auth0.openai.com subdomain by exploiting a vulnerability or by obtaining administrator credentials.

While emirking looks like a relatively new user of the forums (they joined in January 2025), that doesn’t necessarily mean anything. They could have posted under another handle previously and switched because of security reasons.

Millions of users around the world rely on OpenAI platforms like ChatGPT and other GPT integrations.

With the allegedly stolen credentials, cybercriminals could possibly access sensitive information provided during conversations and queries with OpenAI. This stolen data could prove useful in targeted phishing campaigns and financial fraud. But the stolen credentials could also be used to abuse the OpenAI API and have the victims pay for their usage of OpenAI’s “Plus” or “Pro” features. However, other users of the same dark web forum claimed that the posted credentials did not provide access to the ChatGPT conversations of the leaked accounts.

True or not, this comes at a bad time for OpenAI after Microsoft recently investigated accusations that DeepSeek used OpenAI’s ChatGPT model to train DeepSeek’s AI chatbot.

What can users do?

If you fear that this breach might include your credentials you should:

• Change your password.
• Enable multi-factor authentication (MFA).
• Monitor your account for any unusual activity or unauthorized usage.
• Beware of phishing attempts using the information that might be stolen as part of this breach.

BreachForums, the Dark Web forum where the accounts were offered for sale was offline at the time of writing, so we were unable to verify any claims ourselves. We will do so when the opportunity arises and keep you posted, so stay tuned.

I would be the last one to provide scammers with good ideas, but as a security provider, sometimes we need to think like criminals to stay ahead in the race.

Recently, the US Postal Service (USPS) announced that it would suspend inbound packages from China and Hong Kong until further notice. That further notice, it turned out, was very short indeed, with the USPS announcing on February 5 that the interruption in service would itself be disrupted—packages were once again approved to enter the country. But the whiplash announcements, the second of which was dropped with little fanfare, have caused confusion.

So, there is an opportunity for scammers to exploit that confusion and uncertainty. Let me spell out how:

• Scammers could send messages about refunds based on packages that could not be sent.
• A revival of the old “Your package could not be delivered” scam could spring up.
• Phishers could send messages about goods that were rerouted through other countries.
• Goods—including counterfeit—could be offered for sale at “pre-tariff” rates.
• Malicious messages could claim to arrive from the shipper, the e-commerce platform, or Customs, asking for additional information to get a package released.
• Cybercriminals may set up fake USPS sites—as they have done in the past—to intercept searches for Track & Trace information.

Scammers are always looking to make money over other people’s backs. They will usually enter some kind of urgency into their messaging, like a time before which you have to respond. This is a good indicator because they don’t want you to think things through before you act.

How can you stay safe?

It’s best not to respond to any of these attempts, to avoid letting scammers know that someone is reading their attempts. It will likely cause an increase in spam and other attempts.

Depending on how the scam reaches you and what it is after, there are several ways to stay safe.

• Use a solution that offers text protection and text message filtering.
• Do not click on unsolicited links or open unsolicited attachments.
• Do not trust that sponsored ads lead to the legitimate company, we are seeing too many fakes.
• Do not trust links that use URL-shorteners, or at least unshorten the link before following it. The same is true for QR codes which are basically URLs in a different shape.
• Doublecheck the source of messages through a trusted way of communication with the shipper, e-commerce platform, or customs.

And please report fraud attempts with the Internet Crime Complaint Center (IC3), so others can be warned about common scams.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.