Latest news with #CyberGuy
Fox News
8 hours ago
- Fox News
How to detect fake Amazon emails and avoid impersonation scams
A convincing fake email claiming to be from Amazon shows up in your inbox. It warns you of a sign-in from an unknown device or says your account is locked. Or maybe it thanks you for a purchase you never made. The email urges you to click a link and take action immediately. This is exactly how scammers trick people into giving up personal details, login credentials, or even payment information. Let's break down how this scam works, what to watch for, and how Amazon is helping customers verify what's real. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Scammers are sending out emails that appear to be from Amazon. These messages might: The emails usually include Amazon's logo and familiar formatting. Some even spoof the "From" address to make it appear as if it came from @ The goal is always the same: get you to click a link or button that leads to a fake website where you're asked to log in or share sensitive information. Once you do, scammers can steal your Amazon credentials and gain access to your account, payment info, shipping addresses, and more. Below is an example of what one of these phishing emails might look like, so you can see how convincing they can be. Scam emails can be convincing, but there are a few easy ways to tell if an Amazon message is real. The most foolproof method is to use Amazon's Message Center, a secure inbox built into your account that stores every official communication sent by Amazon. If you receive an email and you're not sure it's real, go to your Amazon Message Center using a browser or the Amazon Shopping app. If the message isn't listed there, it wasn't sent by Amazon. To access your Message Center: You can also spot fake messages by looking for these signs: Get Kurt's picks for Best Early Prime Day deals: That smile logo you may see next to Amazon's name in your inbox isn't just for show. It is part of a larger verification system designed to help customers distinguish between real emails and scams. In an interview with CyberGuy, Amazon's VP of Worldwide Buyer Risk Prevention explained: "We've made it harder for bad actors to impersonate Amazon communications through implementing industry-leading tools, including the adoption of a secure email capability to make it easier for customers to identify authentic emails from Amazon and avoid phishing attempts. Customers using Gmail, Yahoo!, and other common email providers can be confident that when they receive an @ email with the smile logo in their inbox, that email is really from us." The smile icon now appears next to verified @ emails in inboxes like Gmail, Yahoo, and Apple Mail. It is a quick visual cue that the email has passed Amazon's security checks and can be trusted. This system helps reduce guesswork, but it is not foolproof. If you ever doubt the legitimacy of a message, go directly to your Amazon Message Center. Any real communication from Amazon will be listed there. How to protect yourself from fake emails Even with Amazon rolling out new safeguards like verified sender logos and the Message Center, scammers are still targeting customers with sophisticated phishing emails. Here are the top ways to protect yourself: 1. Know the signs of a scam: Fake Amazon emails often try to scare you or tempt you into clicking by using familiar tricks. You might see a message claiming your account has been locked, offering a gift card or refund, confirming an order you never placed, or asking you to verify payment details or login credentials. These tactics are meant to create urgency or curiosity. It's important to remember that Amazon will never ask for your password, banking information, or gift card codes by email. 2. Double-check every message: If something feels off, don't click anything. Instead, visit or open the app to check your order history and account messages. If the email doesn't appear in your Amazon Message Center, it's not real. Also hover over the sender's name to see the full email address. Genuine messages come from @ and may show the Amazon smile logo if your inbox supports it. 3. Avoid clicking on unknown links and use strong antivirus software: Phishing emails often contain links that appear to lead to Amazon but actually take you to fake websites designed to steal your information. Instead of clicking, it's safer to type directly into your browser to verify any claims. For added protection, consider using antivirus software that can detect scam links, block dangerous sites, and alert you to phishing emails or ransomware threats. This extra layer of security helps keep your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices by visiting 4. Reduce your exposure to scammers: Phishing emails often originate from personal information found on public databases, people-search sites, and data broker platforms. To limit how often you're targeted, consider using a data removal service. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services by visiting here 5. Report suspicious emails: If you receive a phishing message pretending to be from Amazon, report it right away. This helps Amazon investigate the scam and improve their ability to block similar messages in the future. You can forward the suspicious email to stop-spoofing@ or submit it through Amazon's official reporting form. Scam emails that pretend to be from Amazon are getting more realistic, but there are still clear ways to protect yourself. Use the Message Center to confirm any message tied to your account. Always double-check the sender's address, look for the smile logo in your inbox when supported, and never click on links unless you're certain they're safe. A few quick habits can go a long way in keeping your personal information secure. Have you ever received a suspicious email claiming to be from Amazon or another company? How did you spot the red flags, or did it almost fool you? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Fox News
a day ago
- Fox News
Meta AI's new chatbot raises privacy alarms
Meta's new AI chatbot is getting personal, and it might be sharing more than you realize. A recent app update introduced a "Discover" feed that makes user-submitted chats public, complete with prompts and AI responses. Some of those chats include everything from legal troubles to medical conditions, often with names and profile photos still attached. The result is a privacy nightmare in plain sight. If you've ever typed something sensitive into Meta AI, now is the time to check your settings and find out just how much of your data could be exposed. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Meta's AI app, launched in April 2025, is designed to be both a chatbot and a social platform. Users can chat casually or deep dive into personal topics, from relationship questions to financial concerns or health issues. What sets Meta AI apart from other chatbots is the "Discover" tab, a public feed that displays shared conversations. It was meant to encourage community and creativity, letting users showcase interesting prompts and responses. Unfortunately, many didn't realize their conversations could be made public with just one tap, and the interface often fails to make the public/private distinction clear. The feature positions Meta AI as a kind of AI-powered social network, blending search, conversation, and status updates. But what sounds innovative on paper has opened the door to major privacy slip-ups. Privacy experts are sounding the alarm over Meta's Discover tab, calling it a serious breach of user trust. The feed surfaces chats containing legal dilemmas, therapy discussions, and deeply personal confessions, often linked to real accounts. In some cases, names and profile photos are visible. Although Meta says only shared chats appear, the interface makes it easy to hit "share" without realizing it means public exposure. Many assume the button saves the conversation privately. Worse, logging in with a public Instagram account can make shared AI activity publicly accessible by default, increasing the risk of identification. Some posts reveal sensitive health or legal issues, financial troubles, or relationship conflicts. Others include contact details or even audio clips. A few contain pleas like "keep this private," written by users who didn't realize their messages would be broadcast. These aren't isolated incidents, and as more people use AI for personal support, the stakes will only get higher. If you're using Meta AI, it's important to check your privacy settings and manage your prompt history to avoid accidentally sharing something sensitive. To prevent accidentally sharing sensitive prompts and ensure your future prompts stay private: On a phone: (iPhone or Android) On the website (desktop): Fortunately, you can change the visibility of prompts you've already posted, delete them entirely, and update your settings to keep future prompts private. On a phone: (iPhone or Android) On the website (desktop): If other users replied to your prompt before you made it private, those replies will remain attached but won't be visible unless you reshare the prompt. Once reshared, the replies will also become visible again. On both the app and the website: This issue isn't unique to Meta. Most AI chat tools, including ChatGPT, Claude, and Google Gemini, store your conversations by default and may use them to improve performance, train future models, or develop new features. What many users don't realize is that their inputs can be reviewed by human moderators, flagged for analysis, or saved in training logs. Even if a platform says your chats are "private," that usually just means they aren't visible to the public. It doesn't mean your data is encrypted, anonymous, or protected from internal access. In many cases, companies retain the right to use your conversations for product development unless you specifically opt out, and finding that opt-out isn't always straightforward. If you're signed in with a personal account that includes your real name, email address, or social media links, your activity may be easier to connect to your identity than you think. Combine that with questions about health, finances, or relationships, and you've essentially created a detailed digital profile without meaning to. Some platforms now offer temporary chat modes or incognito settings, but these features are usually off by default. Unless you manually enable them, your data is likely being stored and possibly reviewed. The takeaway: AI chat platforms are not private by default. You need to actively manage your settings, be mindful of what you share, and stay informed about how your data is being handled behind the scenes. AI tools can be incredibly helpful, but without the right precautions, they can also open you up to privacy risks. Whether you're using Meta AI, ChatGPT, or any other chatbot, here are some smart, proactive ways to protect yourself: 1) Use aliases and avoid personal identifiers: Don't use your full name, birthday, address, or any details that could identify you. Even first names combined with other context can be risky. 2) Never share sensitive information: Avoid discussing medical diagnoses, legal matters, bank account info, or anything you wouldn't want on the front page of a search engine. 3) Clear your chat history regularly: If you've already shared sensitive info, go back and delete it. Many AI apps let you clear chat history through Settings or your account dashboard. 4) Adjust privacy settings often: App updates can sometimes reset your preferences or introduce new default options. Even small changes to the interface can affect what's shared and how. It's a good idea to check your settings every few weeks to make sure your data is still protected. 5) Use an identity theft protection service: Scammers actively look for exposed data, especially after a privacy slip. Identity Theft companies can monitor personal information like your Social Security Number (SSN), phone number, and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. Visit for tips and recommendations. 6) Use a VPN for extra privacy: A reliable VPN hides your IP address and location, making it harder for apps, websites, or bad actors to track your online activity. It also adds protection on public Wi-Fi, shielding your device from hackers who might try to snoop on your connection. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at 7) Don't link AI apps to your real social accounts: If possible, create a separate email address or dummy account for experimenting with AI tools. Keep your main profiles disconnected. To create a quick email alias you can use to keep your main accounts protected visit Meta's decision to turn chatbot prompts into social content has blurred the line between private and public in a way that catches many users off guard. Even if you think your chats are safe, a missed setting or default option can expose more than you intended. Before typing anything sensitive into Meta AI or any chatbot, pause. Check your privacy settings, review your chat history, and think carefully about what you're sharing. A few quick steps now can save you from bigger privacy headaches later. With so much sensitive data potentially at risk, do you think Meta is doing enough to protect your privacy, or is it time for stricter guardrails on AI platforms? Let us know by writing to us at Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my Copyright 2025 All rights reserved.
Yahoo
3 days ago
- Yahoo
New PayPal scam uses real emails to trick you
There's a new PayPal phishing scam making the rounds, and it's so convincing that even security-conscious users are getting caught in it. Unlike typical scams riddled with typos and fake domains, this one uses PayPal's own email system to send you an alert that looks 100% real. You might get a message like, "You added a new address. This is just a quick confirmation that you added in your PayPal account." Except … you didn't. And what if you don't even have a PayPal account? Here's what this scam entails, why it works and how to protect yourself. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. Fake Venmo Accounts Are Stealing Donations From Real Charities Most phishing scams try (and fail) to impersonate big companies. You've probably seen the classics: weird grammar, suspicious email addresses, Microsoft spelled with a "k". They're laughably bad. But this scam flips the script because it uses PayPal against you. Here's how the scam operates: Read On The Fox News App Exploiting real features: Scammers abuse PayPal's "add address" or "money request" tools. By entering your email, they can trigger real emails from PayPal's real domain. And this works even if you don't have a PayPal account. Bypassing filters: Because these emails come directly from PayPal's servers (service@ they pass all security checks and appear legitimate in your inbox. Lack of suspicion: Some versions contain no phishing links at all, just a scammer's phone number, making them even harder to detect. Panic bait: The message often claims a new address was added, or a large payment is being processed, getting your attention and provoking a quick reaction. Follow-up attacks: After the initial email, scammers may later contact you pretending to be PayPal support. Some urge you to click a link to "secure your account", which leads to a fake login page designed to steal your credentials. The Dark Side Of Paypal And How To Stay Safe This scam has been reported by dozens of users on Reddit and cybersecurity forums. One Reddit user posted a detailed thread in r/Scams showing screenshots of phishing emails that look like they came straight from PayPal's official address. In a newer and more sophisticated twist, scammers are removing links altogether. Instead, they include a phone number and ask you to call. Once you do, you're connected with a fake PayPal representative who says they need to verify your identity. They then instruct you to download what appears to be a PayPal-branded support tool, but really it's a customized remote access app hosted on a different server. And once it's installed, it gives the scammer full access to your device. New Phishing Scam Outsmarts Security Codes To Steal Your Info This part is still a bit of a mystery. With typical PayPal invoice scams, content is tightly controlled, which means you normally can't change the email structure or messaging. However, these new emails suggest that scammers may be exploiting internal features, like business tools or API fields, to sneak custom content into PayPal-generated alerts. It's not just phishing, it's weaponizing a legitimate system to create trust and evade detection. This scam is especially effective and dangerous because the emails come directly from PayPal's official servers, making it difficult to distinguish them from legitimate messages. Since the sender address and branding are authentic, recipients are more likely to trust the communication without suspicion. The scammers also use urgent language that creates a sense of panic, such as warnings about unauthorized activity or large charges. This pressure encourages people to act quickly and often before fully considering whether the alert is genuine. Additionally, the scam often involves follow-up contact through calls or texts from individuals posing as PayPal personnel, further exploiting the initial confusion and increasing the chances of victims giving up sensitive information. How To Protect Yourself From The Venmo, Zelle, And Cash App Scam That Can Wipe Out Your Savings In Seconds Even if you're vigilant, you can still be targeted. Here's how to stay safe: 1. Don't click links in suspicious emails, even if they look real, and use strong antivirus software. If you receive a PayPal alert you didn't expect, go to PayPal by typing into your browser or using the official app. Never click links or dial phone numbers provided in the email. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 2. Enable two-factor authentication (2FA): Adding 2Fa to your PayPal and email accounts gives you a second layer of defense even if your password gets compromised. 3. Use a password manager: Using a password manager is the best way to ensure every login you use has a unique, strong password. No repeats means no chain reaction if one site gets hacked. Get more details about my best expert-reviewed Password Managers of 2025 here. 4. Check your account manually: If you're ever in doubt, just log into your PayPal account directly. Review recent activity and see if anything looks off. There is no need to rely on alerts alone. 5. Report the scam: Forward suspicious PayPal messages to phishing@ You can also report phishing attempts to the FTC. 6. Use a personal data removal service: Since phishing scams like the recent PayPal scam often target personal information that scammers gather from data brokers and people search sites, using a reputable data removal service can help reduce your exposure. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web. This phishing scam is dangerous because it uses real PayPal emails sent from service@ Scammers exploit PayPal's built-in features to send real notifications that look legitimate. What makes it especially sneaky is the absence of links, Instead, these emails include a phone number, making them more likely to pass through spam filters. When you call, you're connected to a fake PayPal rep who pressures you into downloading a remote access tool disguised as support software. The safest move? Don't click, don't call. Just go straight to and check your account manually. If you've seen a version of this scam (or nearly fell for it), let us know by writing us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Ask Kurt a question or let us know what stories you'd like us to cover Follow Kurt on his social channels Facebook YouTube Instagram Answers to the most asked CyberGuy questions: What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked? What is the best way to stay private, secure and anonymous while browsing the web? How can I get rid of robocalls with apps and data removal services? How do I remove my private data from the internet? New from Kurt: Try CyberGuy's new games (crosswords, word searches, trivia and more!) CyberGuy's Exclusive Coupons and Deals Copyright 2025 All rights article source: New PayPal scam uses real emails to trick you
Fox News
22-06-2025
- Fox News
What to do if you get a password reset email you didn't ask for
You're checking your inbox or scrolling through your phone when something catches your attention. It's a message about a password reset, but you never asked for one. It might have arrived by email, text message or even through an authenticator app. It looks legitimate, and it could be from a service you actually use. Still, something feels off. Unrequested password reset messages are often an early warning sign that someone may be trying to access your account. In some cases, the alert is real. In others, it's a fake message designed to trick you into clicking a malicious link. Either way, it means your personal information may be at risk, and it's important to act quickly. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. There are a few reasons this might happen: In some cases, the message is legitimate, as seen in the email below, but the request didn't come from you. That is often a sign your login details are already in someone else's hands. Unsolicited password reset alerts can take several forms, each with signs of potential fraud or hacking: No matter how the alert appears, the goal is the same. Either someone is trying to trick you into handing over your credentials, or they already have your password and are trying to finish the job. If you receive a password reset alert you didn't request, treat it as a warning. Whether the message is legitimate or not, acting quickly can help prevent unauthorized access and stop an attack in progress. Here are the steps you should take right away. 1. Don't click on anything in the message: If the alert came through email or text, avoid clicking any links. Instead, go directly to the official site or app to check your account. If the request was real, there will usually be a notification inside your account. 2. Check for suspicious login activity: Most accounts have a way to view your recent logins. Look for suspicious activity like unfamiliar devices, strange locations or logins you don't recognize. A login from a location you have never been to could be a sign of a breach. 3. Change your password: Even if nothing looks wrong, it's a good idea to reset your password. Choose one that is long, complex and unique. Avoid reusing passwords across different accounts. Consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed Password Managers of 2025 here. 4. Scan your device for threats: If someone got access to your password, there is a chance your device is compromised. Use strong antivirus software to scan for keyloggers or spyware. 5. Report the incident: If the alert came from a suspicious message, report it. In Gmail, tap the three-dot menu and select Report phishing. For other services, use the official website to flag unauthorized activity. You can also file a report at the FBI's Internet Crime Complaint Center if you suspect a scam. You can take a few steps to try to reduce the number of emails you receive requesting a password reset. 1. Double-check your username and password. When accessing your account, you may have a typo in your login information. Should you repeatedly attempt to access your account with this error, the company that holds the account may believe a hacking attempt is occurring, triggering an automatic reset. If your web browser automatically populates your username and password for you, make sure this information is free of typos. 2. Remove unauthorized devices. Some accounts maintain a list of devices authorized to use your account. If a hacker manages to gain some of your personal information, it may be able to add one of his devices to your authorized list, triggering account login errors as he tries to hack your password. Check the list of authorized devices and remove any items you don't recognize. The process varies, depending on the type of account. We'll cover steps for Microsoft, Gmail, Yahoo and AOL. Microsoft Gmail: Yahoo: AOL: Remember to regularly check your account settings and authorized devices to ensure the security of your accounts. If you suspect any unauthorized access, it's also a good idea to change your passwords and review your account recovery options. 3. Sort such messages to spam. If you'd prefer to simply not see these kinds of email messages, set up your email client to sort messages like this to a spam folder. (Because many of them are spam, some email clients do this automatically.) Should you ever legitimately request a password reset, though, you'll need to remember to look in the spam folder for the message. 4. Use a static IP address. Some accounts attempt to recognize your device through your IP address. If you have a dynamic IP address, your IP address changes constantly, meaning the account may not recognize your device, triggering the reset message. This often occurs because you are using a VPN. See if your VPN allows you to use a static IP address. Even if this was a one-time scare, it is important to tighten your overall security. Here are a few simple habits that go a long way: 1. Use strong and unique passwords: Use a password manager to create secure, one-of-a-kind passwords for each account. Get more details about my best expert-reviewed Password Managers of 2025 here. 2. Consider using a personal data removal service: If you're receiving password reset emails from accounts you don't remember signing up for, or from multiple services, there's a good chance your personal information is exposed on data broker sites. These companies collect and sell your data, including your email, phone number, home address and even login information from old accounts. Using a reputable data removal service can help you automatically identify and request the removal of your personal data from these sites. This reduces your risk of identity theft, credential stuffing, phishing and spam. While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren't cheap — and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It's what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you. Check out my top picks for data removal services here. Get a free scan to find out if your personal information is already out on the web 3. Turn on two-factor authentication (2FA): Enabling 2FA is one of the most effective ways to stop unauthorized access, even if someone has your password. When 2FA is active, anyone trying to log in must also complete a second verification step, usually through an app on your phone. If an attacker triggers a login attempt, you will receive a prompt to approve or deny it. This gives you the power to block the attempt in real time and confirms that 2FA is working as intended. 4. Install strong antivirus software: Install strong antivirus software to catch malware before it causes harm. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 5. Review your account settings: Make sure your recovery phone number and email are current. Remove any outdated or unused backup methods. 6. Keep your software up to date: Keep your device software and apps up to date to patch security vulnerabilities that attackers often exploit. 7. Use a VPN to protect your online activity: Avoid public Wi-Fi or use a VPN to protect your information when browsing on unsecured networks. Consider using a VPN to protect against hackers snooping on your device as well. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices It's easy to brush off an unexpected password reset message, especially if nothing else seems out of place. But these alerts are often the digital equivalent of a knock at the door when you weren't expecting anyone. Whether it's a hacker probing for a way in or a scammer trying to bait you, the smartest move is to treat every unexpected security message as a wake-up call. Taking just a few minutes to check your login history, secure your accounts and update your passwords can make all the difference. Cybersecurity isn't just for experts anymore. It's an integral part of everyday life. And the more proactive you are now, the less likely you'll be dealing with damage control later. Are tech companies doing enough to protect users from password threats, or are they putting too much responsibility on individuals? Let us know by writing to us at For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
Fox News
19-06-2025
- Fox News
Android malware poses as fake contacts to steal your personal data
Hacking keeps evolving, just like any other profession. Cybercriminals are always upgrading their tools, especially malware, to find new ways to scam people and steal data or money. The old tricks no longer work as well. Basic phishing rarely fools anyone twice, so hackers constantly look for new ways to break in. They rely on whatever grabs your attention and doesn't raise suspicion, things like social media ads, fake banking apps or updates that look completely normal. One of the fastest-growing threats in this space is Crocodilus. First detected in early 2025, this Android banking Trojan takes over your contact list to make its scams look more legitimate and harder to spot. Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide — free when you join. The Crocodilus malware was first documented by ThreatFabric cybersecurity researchers in late March 2025. They highlighted its extensive data theft and remote control capabilities. Crocodilus uses Facebook to infect devices. It appears in ads that look normal, but once clicked, the malware installs itself on your device. In some cases, it mimicked banking and e-commerce apps in Poland, promising users free points in exchange for downloading an app. The link led to a fake site that delivered the malware. Although the ad was only live for a few hours, it still reached thousands of users, most of whom were over 35, a group more likely to have money in the bank. Smaller but growing campaigns have also been reported in the United States, where Crocodilus disguised itself as crypto wallet tools, mining apps and financial services. These fake apps are often distributed through social media ads or phishing links, targeting Android users who are less likely to question a "legit-looking" financial app. While not yet widespread, the presence of Crocodilus in the U.S. underscores its global reach and rapidly evolving tactics. The Trojan has also been spotted in Spain, where it disguised itself as a browser update, targeting nearly every major Spanish bank. In Turkey, it posed as an online casino app. And the threat doesn't stop there. One of the biggest concerns with Crocodilus is its ability to add fake contacts to your phone, inserting entries like "Bank Support" into your contact list. So, if an attacker calls pretending to be from your bank, your phone may not flag it because it appears to be a trusted number, making social engineering scams much more convincing. The latest version also includes a more advanced seed phrase collector, especially dangerous for cryptocurrency users. Crocodilus monitors your screen and uses pattern matching to detect and extract sensitive data, such as private keys or recovery phrases, all before quietly sending it to the attacker. Crocodilus shows us what the next wave of mobile threats might look like. It uses real ads to get into your phone. It blends into your digital life in ways that feel familiar. It does not need flashy tricks to succeed. It just needs to appear trustworthy. This kind of malware is designed for scale. It targets large groups, works across different regions and updates fast. It can pretend to be a bank, a shopping app or even something harmless like a browser update. The scary part is how normal it all looks. People are not expecting something this malicious to hide inside something that looks like a gift. The creators of Crocodilus understand how people think and act online. They are using that knowledge to build tools that work quietly and effectively. And they are not working alone. This kind of operation likely involves a network of developers, advertisers and distributors all working together. 1. Avoid downloading apps from ads or unknown sources: Crocodilus often spreads through ads on social media platforms like Facebook. These ads promote apps that look like banking tools, e-commerce platforms or even crypto wallets. If you click and install one, you might be unknowingly downloading malware. Always search for apps directly on trusted platforms like the Google Play Store. Do not install anything from random links, especially those shared through ads, messages or unfamiliar websites. 2. Avoid suspicious links and install strong antivirus protection: Crocodilus spreads through deceptive ads and fake app links. These can look like legitimate banking tools, crypto apps or browser updates. Clicking on them may quietly install malware that hijacks your contacts, monitors your screen or steals login credentials. To stay safe, avoid clicking on links from unknown sources, especially those that promise rewards or warn of urgent problems. Installing strong antivirus software on your Android device adds another layer of protection. It can scan downloads, block malicious behavior and warn you about phishing attempts before they become a bigger issue. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices. 3. Review app permissions carefully before and after installation: Before you install an app, take a moment to look at the permissions it asks for. If a shopping app wants access to your contacts, messages or screen, that is a red flag. After installing, go to your phone settings and double-check what permissions the app actually has. Malware like Crocodilus relies on overreaching permissions to steal data and gain control. If anything seems unnecessary, revoke the access or uninstall the app entirely. 4. Keep your Android device updated at all times: Security patches are released regularly to block known vulnerabilities. Crocodilus is designed to take advantage of outdated systems and bypass newer Android restrictions. By updating your phone and apps regularly, you reduce the chances of malware slipping through. Set your device to install updates automatically when possible and check manually every so often if you are not sure. 5. Consider using a data removal or monitoring service: While not a direct defense against malware, data removal services can help minimize the damage if your information has already been leaked or sold. These services monitor your personal data on the dark web and offer guidance if your credentials have been compromised. In a case like Crocodilus, where malware may harvest and transmit banking info or crypto keys, knowing your data exposure early can help you act before scammers do. Check out my top picks for data removal services here. 6. Turn on Google Play Protect: Google Play Protect is a built-in security feature on Android phones that scans your apps for anything suspicious. To stay protected, make sure it's turned on. You can check this by opening the Play Store, tapping your profile icon and selecting Play Protect. From there, you can see if it's active and run a manual scan of all your installed apps. While it may not catch everything, especially threats from outside the Play Store, it's still an important first layer of defense against harmful apps like Crocodilus. 7. Be skeptical of unfamiliar contacts or urgent messages: One of the newer tricks Crocodilus uses is modifying your contact list. It can add fake entries that look like customer service numbers or bank helplines. So, if you receive a call from "Bank Support," it might not be real. Always verify phone numbers through official websites or documents. The same applies to messages asking for personal details or urgent logins. When in doubt, do not respond or click any links. Contact your bank or service provider directly. Crocodilus is one of the most advanced Android banking Trojans seen so far. It spreads through social media ads, hides inside apps that look real and collects sensitive data like banking passwords and crypto seed phrases. It can also add fake contacts to your phone to trick you during scam calls. If you use Android, avoid downloading apps from links in ads or messages. Only install apps from trusted sources like the Google Play Store. Keep your phone updated, and be careful if something looks too good to be true because it probably is. Who should be held accountable when malware like Crocodilus spreads through platforms like Facebook? Let us know by writing to us at For more of my tech tips anbd security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Follow Kurt on his social channels Answers to the most asked CyberGuy questions: New from Kurt: Copyright 2025 All rights reserved.
