IT News

A woman in Florida was tricked into giving thousands of dollars to a scammer after her daughter’s voice was AI-cloned and used in a scam.

Sharon Brightwell says she received a call from someone who sounded just like her daughter. The woman on the other end was sobbing and crying, telling her mom that she had caused a car accident in which a pregnant woman had been seriously injured. She said she’d been texting and driving and that her phone had now been taken by police.

“There is nobody that could convince me that it wasn’t her. I know my daughter’s cry.”

A man claiming to be her daughter’s attorney then allegedly took over the phone. He told Sharon that authorities were detaining her daughter and that she needed to provide $15,000 in cash for bail. He gave very specific instructions on what to do, including not telling the bank what the large withdrawal was for since, he said, it might affect her daughter’s credit rating.

Sharon withdrew the money, placed it in a box, and a driver picked it up. But that wasn’t the end. A new call followed, informing her that the pregnant woman’s unborn child had died in the accident, but that the family had agreed not to sue Sharon’s daughter if she paid them $30,000 dollars.

Luckily for Sharon, her grandson didn’t trust the whole thing and decided to call her daughter’s number. That call was answered by her daughter who was at work, unaware of anything that had been going on.

By then it was too late for the $15,000.

“My husband and I are recently retired. That money was our savings.”

Unfortunately, we’re hearing a lot of these and similar stories. So, what’s going on and how can we protect ourselves?

Cloning voices with AI has improved considerably over the years and has become easily available to everyone, including cybercriminals. Many of our voices are online, via video or audio that’s been posted to social media. In Sharon’s case, they believe the scammers used videos from Facebook or other social media to create the replica of her daughter’s voice.

AI-powered phone scams can range from brief, scripted robocalls to full conversations. Recent studies have shown that relying on human perception to detect AI-generated voice clones is no longer consistently reliable. I imagine it’s even harder to determine when the voice is made to sound stressful and upset and you believe it to be your child.

How to stay safe from AI-generated voice scams

• Don’t answer calls from unknown callers and be careful about where you’ve posted audio and video online in which your voice features. It only takes a recording of a few seconds of your voice to create a convincing clone.
• Agree on a family password that only you and your loved ones know. Don’t ever post or message about this online anywhere, decide on it in person and stick to it.
• If you’ve forgotten the password, ask about a long-ago memory that hasn’t featured on social media. Be sure it is definitely your loved one that you are talking to.
• Don’t try to handle situations like these alone. Find a friend, family member, friendly neighbor, or anyone who can sensitively give you their view, or support you if you’ve fallen for the scam. Sometimes having a second opinion, like Sharon’s grandson, can help to make you think twice before handing over any money.

And if you decide you don’t trust the situation:

• Call the number you have for the relative or use other channels to contact them.
• Whether you’ve fallen for the scam or not, report the incident to local authorities, the FTC, or relevant consumer protection bodies. Every report helps track and prevent future scams, and you may even help catch one of these criminals.

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

In the last week, countless Amazon Ring users on TikTok, Reddit, and X have been saying they believe their Ring cameras were hacked starting May 28.

Many posted screenshots of their accounts, showing multiple unauthorized device logins, making these claims hard to ignore. Forbes looked into the issue and even the journalist found several logins on his own device.

However, on Friday Ring claimed it’s just a minor issue with the displayed date:

“We are aware of a bug that incorrectly displays prior login dates as May 28, 2025.

Visitors who go to Ring’s site are shown the following (correct at the time of writing):

“We are aware of an issue where information is displaying inaccurately in Control Center. This is the result of a backend update, and we’re working to resolve this. We have no reason to believe this is the result of unauthorized access to customer accounts.”

This message was posted on Friday, July 18. We spoke to one user who let us know that, as of Monday morning (July 21), he was unable to log in through the website. He was, however, able to log in through the app and saw no May 28 logins.

So, what’s Ring claiming here? That it did an update and messed up the database? In a later message it claimed:

“Ring made a backend update that resulted in prior login dates for client devices to be inaccurately displayed as May 28, 2025, and device names to be incorrectly displayed as ‘Device name not found’.“

But if you look at any of the plethora of screenshots, you’ll see that there are plenty of device names displayed.

The Ring software release notes show no updates for the doorbells on or around May 28, so we think it’s safe to assume that Ring is right about it being a backend update that caused this.

There is one other thing that’s interesting in this puzzle. On July 17, founder and now CEO Jamie Siminoff announced some drastic changes. Siminoff reinstated Ring’s original mission statement, “Make neighborhoods safer,” which might suggest the business is going back to its founding identity as a crime prevention tool.

Before Siminoff came back as CEO he wasn’t working for Ring, and in that time the company leaned into a more community-focused brand, distancing itself from the surveillance tool image. Last year, the company discontinued “Request for Assistance,” a feature that allowed law enforcement officers to ask people for camera footage through Ring’s Neighbors app. At the time, the company said it would only let police request footage during “emergencies.”

However, in April, Ring announced a partnership with Axon that effectively reintroduces video sharing with law enforcement.

The two issues could be completely unrelated, but reintroducing this functionality does sound like it would need a backend update.

Either way, Amazon will not be happy about this issue, shortly after having to warn over 200 million Prime customers that their accounts are under attack.

Worried your Ring camera has been hacked?

Again, we should reiterate that Ring says that its cameras have not been hacked. However, if you’re worried, there are some things you can do:

• Since there is no evidence of an actual breach yet, the best thing to do for now is wait and keep an eye on the updates by Ring about this issue.
• In the Ring app’s Control Center, check the list of authorized devices that have access to your account and remove any unfamiliar ones.
• If you’re worried about unauthorized access and you have an alternative camera or can cope without one for a bit, you could temporarily disable your Ring doorbell and/or cameras until we hear more on the situation.
• Consider resetting your Ring account password using a strong, unique password that you have never used before and enable two step verification. There’s no harm in doing this so you may as well take this extra security step.
• Phishers and other scammers might try to take advantage of the situation by sending you emails or messages hoping to get you to click or hand over personal details. If you receive a message that appears to come from Ring, double check via another means that it really is from Ring.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

Last week on Malwarebytes Labs:

• Meta execs pay the pain away with $8 billion privacy settlement
• Adoption agency leaks over a million records
• Meta AI chatbot bug could have allowed anyone to see private conversations
• WeTransfer walks back clause that said it would train AI on your files
• Chrome fixes 6 security vulnerabilities. Get the update now!
• Dating app scammer cons former US army colonel into leaking national secrets
• Amazon warns 200 million Prime customers that scammers are after their login info
• Is AI “healthy” to use? (Lock and Code S06E14)
• CNN, BBC, and CNBC websites impersonated to scam people

Stay safe!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Meta chief Mark Zuckerberg and several other members of the social media giant’s top brass agreed to settle increasingly heated privacy violation claims for the price of $8 billion.

It is far from the first time that the company, its subsidiary Facebook, or its executives have responded to alleged user privacy violations with billions upon billions of dollars.

The lawsuit at hand accused Zuckerberg and other Meta leaders of failing to prevent years of violations of Facebook users’ privacy. The claims, which were originally filed in September 2018, took years to process, eventually resulting in a trial at the Delaware Court of Chancery. But on just the second day of proceedings, with Zuckerberg himself set to testify early next week, the multibillion-dollar settlement was announced, to timing that many observers found suspicious and revealing.

While nobody at Meta will confirm that the settlement was reached to avoid having to testify, it very much looks like it to yours truly.

The case was brought by shareholders who accused Meta executives of many years’ worth of negligence and failure to enforce a 2012 agreement that was reached by the US Federal Trade Commission, which was designed to safeguard user data. The shareholders who filed the lawsuit claimed that Zuckerberg and former Meta Chief Operating Officer Sheryl Sandberg “knowingly ran Facebook as an illegal data harvesting operation.”

The shareholders wanted the 11 defendants they sued to use their personal wealth to reimburse the company after years of alleged reputational damage due to compiling privacy fiascos. The defendants denied the allegations, which they called “extreme claims.” The parties did not disclose details of the settlement. The plaintiffs’ lawyer, Sam Closic, said the agreement “just came together quickly.”

In 2019, Facebook paid a record-breaking $5.1 billion penalty after the FTC found the company had deceived users about control over their personal data. The FTC ordered Facebook to implement new restrictions and overhaul its corporate structure, ensuring greater accountability in decisions related to user privacy. This fine was imposed by the FTC after the agency concluded that Facebook had violated the earlier 2012 FTC order by deceiving users about their ability to control the privacy of their personal information. The investigation was triggered by the Cambridge Analytica meltdown which showed the data of 50 million users was obtained without express permission and used for political purposes.

The $5 billion penalty explains a large part of the $8 billion demanded by the shareholders this week. In addition, Meta faced several fines in the European Union (EU). Among others, a 1.2 billion euro ($1.4 billion) fine for Meta’s transfers of personal data to the US without explicit consent.

All this is why the shareholders wanted Zuckerberg and others to reimburse Meta an estimated $8 billion or more for the FTC fine and other legal costs. The shareholders also questioned the timing of share sales by the executives.

By settling, Zuckerberg and other defendants avoid having to answer probing questions under oath. In January, former Meta COO Sandberg was sanctioned for deleting sensitive emails related to the Cambridge Analytica investigation, complicating her testimony.

The Delaware Chancery Court will likely manage access to full court documents for this case through its case files or release them via public interest or watchdog groups as the settlement process concludes. Until then, speculation about the settlement’s magnitude will run rampant. What will remain unrevealed is the true reason why Meta’s executives chose to settle. But it stands to reason that they expected the damages of a continued trial and the associated testimonies would have been even more damaging.

In a time where Meta sees many WhatsApp users actively switching to other messaging platforms, primarily Signal and Telegram, due to growing concerns about privacy and data sharing practices and a data breach at Instagram which sparked global privacy concerns, the last thing the company needs is a magnifying glass due to an ongoing lawsuit.

What has become very clear, even without knowing all the details, is that those in the know feel that Meta keeps abusing users’ personal data for monetary gain.

Despite promises to obtain specific user consent, offer privacy settings, and improve practices, Meta has consistently disregarded users’ privacy.

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

Security researcher Jeremiah Fowler found a publicly accessible database online that contained highly personal information from an adoption agency.

Jeremiah, who specializes in locating exposed cloud storage, is used to finding sensitive information exposed. However, because of the nature of the information, this one immediately raised his concern and he hurried to find out who owned the data.

Research indicated that the database belonged to the Fort Worth (TX) based non-profit Gladney Center for Adoption. After notifying the agency, the database was secured the following day. Let’s hope nobody else found it before that time.

In total, the unencrypted and non-password-protected database contained 1,115,061 records including the names of children, birth parents, adoptive parents, and other potentially sensitive information like case notes.

The risks of leaking this type of data and it potentially falling in the hands of cybercriminals are huge. The sensitivity of adoption-related data makes these exposures particularly damaging, both for children and families, since adoption records often include highly personal details about children, birth parents, adoptive parents, and agency staff.

Criminals that get their hands on this kind of information could engage in phishing with very specific information, making their queries plausible. And in some cases, the information could even be sensitive enough to use for extortion or identity theft.

The researcher notes:

“The records did not contain full case files, and the publicly exposed records were a combination of plain text and unique identifiers.”

He goes on to explain that unique identifiers are not necessarily a security enhancement.

“From a cybersecurity perspective, a UUID is designed for unique identification, not secrecy, and it can potentially be guessed, reverse-engineered, or enumerated. UUIDs are not recommended to be used to protect sensitive data.”

Given the long-standing reputation of an adoption center like Gladney, people feel confident to share their personal information. People providing that amount of trust should not be let down by something as basic as securing an online database with a password.

It should be noted that it is unknown whether the database was exposed by Gladney itself or a third-party provider.

Wired posted a statement by Gladney’s Chief Operating Officer, which was not very helpful in determining what went wrong:

“The Gladney Center for Adoption takes security seriously. We always work with the assistance of external information technology experts to conduct a detailed investigation into any incident. Data integrity and operations are our top priority.”

Protecting yourself after a data breach

While there are no indications that this database was found by cybercriminals before it was secured, it might have been. There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online and helps you recover after.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

A researcher has disclosed to TechCrunch that he received a $10,000 bounty for reporting a bug that let anyone access private prompts and responses with the Meta AI chatbot.

On June 13, we reported that the Meta AI app publicly exposes user conversations, often without users realizing it. In these cases, the app made “shared” conversations accessible through its Discover feed, so others could easily find them. Meta insisted this wasn’t a bug, even though many people didn’t understand that their conversations were visible to others.

However, Sandeep Hodkasia, the researcher that found the awarded bug, was able to find conversations that weren’t even shared, but “private.” To understand what he did, you need to know that the Meta AI allows users to edit their questions (prompts) to regenerate text and images.

Some of Sandeep’s testing revealed that the chatbot assigned unique numbers to queries that were the results of edited prompts. And by analyzing the network traffic generated by editing a prompt, Sandeep figured out how he could change the unique identification number.

Sending different numbers, which were easy to guess according to Sandeep, allowed him to view a prompt and AI-generated response of someone else entirely. And because the numbers were easy to guess, an attacker could have scraped a host of other users’ conversations with Meta AI.

Meta’s servers failed to check whether the person requesting the information had the authorization to access it.

According to Sandeep, Meta fixed the bug he filed on December 26, 2024, on January 24, 2025. Meta confirmed this date and stated that it found no evidence of abuse.

How to safely use AI

While we continue to argue that the developments in AI are going too fast for security and privacy to be baked into the tech, there are some things to keep in mind to make sure your private information remains safe:

• If you’re using an AI that is developed by a social media company (Meta AI, Llama, Grok, Bard, Gemini, and so on), make sure you are not logged in on that social media platform. Your conversations could be tied to your social media account which might contain a lot of personal information.
• When using AI, make sure you understand how to keep your conversations private. Many AI tools have an “Incognito Mode.” Do not “share” your conversations unless needed. But always keep in mind that there could be leaks, bugs, and data breaches revealing even those conversations you set to private.
• Do not feed any AI your private information.
• Familiarize yourself with privacy policies. If they’re too long, feel free to use an AI to extract the main concerns.
• Never share personally identifiable information (PII).

We don’t just report on threats – we help protect your social media

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

File sharing site WeTransfer has rolled back language that allowed it to train machine learning models on any files that its users uploaded. The change was made after criticisms from its users.

The company had quietly inserted the new language in the terms and conditions on its website. Sometime after July 2, it updated clause 6.3 of the document to include this claim:

“You hereby grant us a perpetual, worldwide, non-exclusive, royalty-free, transferable, sub-licensable license to use your Content for the purposes of operating, developing, commercializing, and improving the Service or new technologies or services, including to improve performance of machine learning models that enhance our content moderation process, in accordance with the Privacy & Cookie Policy.”

In short, if you upload a document, WeTransfer would be able to train AI on it. The company could also license that content to other people, and could do these things forever.

The license would also include “the right to reproduce, distribute, modify, prepare derivative works based upon, broadcast, communicate to the public, publicly display, and perform Content,” the language said, adding that users wouldn’t be paid for any of this.

You can view the offending text on the Wayback Machine, which archives snapshots of documents online.

WeTransfer displayed this version of the text on July 14. However, today the text simply reads:

“You hereby grant us a royalty-free license to use your Content for the purposes of operating, developing, and improving the Service, all in accordance with our Privacy & Cookie Policy.”

The company told the BBC that it had changed the clause “as we’ve seen this passage may have caused confusion for our customers.” It is not using AI to process content and doesn’t sell content to third parties, it added.

One studio manager posting on Reddit said that they had told their staff not to use the service anymore when they learned of the original policy change.

“Its crazy how WeTransfer is trying to tell us we ‘misunderstood’ them saying ‘perpetual license to distribute’,” they said. “I’m glad they changed the clause at least despite playing dumb.”

So what options exist for WeTransfer users still worried about the company’s motives? The best tip is to encrypt your content before uploading it. You can zip your file and password protect it, sending the password to the file’s recipient via another secure channel.

We don’t just report on data privacy—we help you remove your personal information

Cybersecurity risks should never spread beyond a headline. With Malwarebytes Personal Data Remover, you can scan to find out which sites are exposing your personal information, and then delete that sensitive data from the internet.

Google has released an update for its Chrome browser to patch six security vulnerabilities, including one zero-day.

This update is crucial since it addresses one actively exploited vulnerability which can be abused when the user visits a malicious website. It doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.

The update brings the version number to 138.0.7204.157/.158 for Windows, Mac and 138.0.7204.157 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click the more menu (three stacked dots), then choose Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is reload Chrome in order for the update to complete, and for you to be safe from the vulnerabilities.

You can find more elaborate update instructions and the version number information in our article on how to update Chrome on every operating system.

Technical details on the zero-day vulnerability

Attackers can exploit the vulnerability tracked as CVE-2025-6558 by taking advantage of insufficient validation of untrusted input in Chrome’s ANGLE and GPU components. This flaw, which affects versions of Google Chrome prior to 138.0.7204.157, enables an attacker to craft a malicious HTML page and, upon convincing a user to open it, escape the browser’s security sandbox

ANGLE (Almost Native Graphics Layer Engine) is open-source software developed by Google that acts as a translator for graphics commands in browsers like Chrome. It helps your browser display complex graphics, such as 3D games or interactive web apps, and works on a wide range of computers and devices, even if they use different underlying graphics systems.

As an everyday user you may never see or even notice ANGLE directly, but it powers a huge part of the web experience. Especially 3D content in Chrome, Edge, and Firefox on Windows, Mac, and even Android.

Its universal role means that when a security issue is found in ANGLE, everybody using Chrome (and Chromium browsers) is potentially at risk.

An attacker only needs to present a target with an especially crafted HTML file, meaning they just need to lure them to a malicious website. HTML is just the code that makes up a web page.

The sandbox escape means that successful exploitation of the vulnerability not only affects the—sandboxed—browser, but can compromise the victim’s device.

Google’s Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on June 23, 2025. The TAG group focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.

We don’t just report on browser vulnerabilities, Malwarebytes’ Browser Guard protects your browser against malicious websites and credit card skimmers, blocks unwanted ads, and warns you about relevant data breaches and scams.

Even hard-headed military types can fall victim to romance scams, it seems. A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.

David Slater was a retired colonel in the US army who took up work as a civilian at US Strategic Command, according to the Department of Justice. He spilled the beans on a foreign online dating app between February and April 2022. Russia invaded Ukraine in February 2022.

The DoJ’s indictment against Slater doesn’t reveal what app he used, but he talked to someone claiming to be a Ukrainian woman repeatedly via the app and email. The person, named as ‘co-conspirator 1’, called him ‘my secret information love’.

‘Co-conspirator 1’ whispered sweet nothings including “Beloved Dave, do NATO and Biden have a secret plan to help us?” which they sent in March that year. The following month, they sent “Sweet Dave, the supply of weapons is completely classified, which is great,” and “My sweet Dave, thanks for the valuable information, it’s great that two officials from the USA are going to Kyiv”.

The indictment said that Slater provided classified information about military targets and Russian military capabilities, even though he knew this could be damaging to the US.

The DoJ originally prosecuted Slater on three counts, covering conspiracy to disclose National Defense Information and the actual transmission of those secrets. He “willfully, improperly, and unlawfully conspiring to transmit National Defense Information classified as ‘SECRET’,” according to the indictment.

On Friday, Slater pleaded guilty to conspiracy. Under the plea deal, prosecutors have dropped the other two charges. Although he could still receive the maximum ten-year penalty, the government will recommend a sentence of between five and seven years in jail when sentenced on August 8.

Slater’s years of military experience meant he should have known better, said DoJ prosecutors. But this sad story shows just how powerful emotions can be in causing someone to cross personal and professional boundaries. It’s entirely possible, of course, that ‘co-conspirator 1’ was a legitimate love interest, but just as likely that they were working on behalf of a foreign state actor. No matter which, it was wrong to divulge secrets that might have put lives in danger.

So what can we learn from this? Most people reading this story won’t be privvy to such secrets, but many might be lonely, or know someone who is. Romance scammers target people desperate for affection and human connection. It makes it easier to scam someone when they’re eager to believe that you’re legitimate and telling them the truth.

For most romance scam victims, the target is money rather than state secrets. One in ten victims lose $10,000 or more. That’s why it’s important to continually check in on those in your life who may be vulnerable. Even those that you think are savvy and immune to scams might be at risk. Loneliness can make even the most skeptical person do some questionable things.

We don’t just report on scans—we help detect them

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

Amazon has sent out an alert to its 200 million customers, warning them that scammers are impersonating Amazon in a Prime membership scam.

In the email, sent earlier this month, Amazon said it had noticed an increase in reports about fake Amazon emails:

What’s happening:

Scammers are sending fake emails claiming your Amazon Prime subscription will automatically renew at an unexpected price.

The scammers might include personal information in the emails, obtained from other sources, in an attempt to appear legitimate.

These emails may also include a “cancel subscription” button leading to a fake Amazon login page.

Once someone clicks on the “Cancel’ button, they are taken to a fake Amazon login screen. Once they login there, the scammer then has their details that they can use to login to the actual Amazon site and purchase things, as well as login to any other online account that uses the same credentials.

The fake site might also request payment information and other personal details which, when entered, will go straight to the scammer who will be quick to use or sell them on.

Amazon’s customer base is so large that they are a target all year long. Amazon said its staff had handled cases including fake messages about Prime membership renewals, bogus refund offers, and calls claiming Amazon accounts have been hacked. At Malwarebytes, we’ve seen emails pretending to be from Amazon that tried to drive customers to fake websites like amazons.digital, a site we block for phishing.

How to avoid falling for an Amazon scam

• If you receive an email like this, don’t click on any links.
• Not sure if a message is from Amazon or not? You can check by going to the Message Centre under Your Account. Legitimate messages from Amazon will appear there.
• Report the scam to Amazon itself, whether you’ve fallen for it or not.
• Set up two-step verification for your Amazon account. This puts an extra barrier between you and the scammers if they do manage to get hold of your login details.
• Like in this particular scam that Amazon is warning about, scammers sometimes include personal details about you which they have got from other sources (such as social media, the dark web, etc.). Check what information is already out there about you using our free Digital Footprint Scanner and then remove or change as much of it as you can.
• Install web protection that can warn you of phishing sites, card skimmers, and other nasties that could lead to your data being taken.
• Lastly, if you’ve fallen for this or a similar scam, change your Amazon password and anywhere else you use that password. Also, make sure to monitor your card statements for any unfamiliar charges, and contact your bank immediately if you see anything suspicious.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.