Do Not Click This Message—Just 10 Minutes To Hack Your Phone
You have been warned — do not click here.
getty
It all starts with a link. Whether it's an AI-perfected phishing email that's impossible to defend, or an unpaid toll or undelivered package text that should be easier to detect. There's an entire industry now crafting the malicious domains that trick millions of smartphone and PC users into clicking when they shouldn't.
'We've found that the average malicious site exists for less than 10 minutes,' Google says. That's the lifespan during which you receive, click and surrender your credentials or install malware, before the site is found and blocked or taken down. And you're much more likely to be hacked on a phone than a PC. Attackers know this, Zimperium warns, and so links may be benign on a PC and only dangerous on on a phone.
DomainTools says 'the sheer volume of newly observed domains in 2024 was over 106 million — approximately 289,000 daily creating a significant challenge for security teams.' And now its security research team has issued a new report that highlights just how fast the turnaround time is behind these malicious domains.
'Viral media events capture global attention,' DomainTools says. 'Our security research team recently undertook a project to identify and analyze scam and malicious domains and websites that emerge in the wake of high-profile viral media events.' This meant sampling multiple events 'including the Los Angeles Fire, NoKings, DeepSeek / China AI developments, the ongoing Trade War, and the Ukraine War.'
While the team expected credential phishing to be the primary objective, what they actually discovered was 'the predominant motivation across sampled events was direct financial profit.' This was mainly fraudulent charity websites for tragedies such as the LA fires or Myanmar earthquake, but also 'selling merchandise related to the event topic and creating and promoting meme cryptocurrency coins based on the event.'
The team cites DeepSeek as a prime example, with BeInCrypto data suggesting 'fake meme coins accrued over 46 million dollars worth before the rug was pulled. presumably indicating the scammers had cashed out.'
DomainTools used AI to generate keywords and then scoured recent domains for hits. Suspect domains are not complex — the simpler and more precise the better: 'Lafirevictimsupport[.]com, lafireonsol[.]xyz purported to collect donations on behalf of the American Red Cross.'
The FBI and others urge caution when it comes to viral events, especially when there is a sense of urgency to act now in campaigns. As ever, don't click through. If it's the American Red Cross you want to help, for example, navigate to their website directly. Similarly, any event with a one-off crafted domain is likely a scam. You can also check the top level domain. A legitimate website is unlikely to sport a .XYZ or .TOP website.
Google's new scam detection will help flag these threats, but it should be easier than it's proving to block such blatant fraud from hitting millions of phones daily.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
39 minutes ago
- Yahoo
Pixalate's May 2025 LATAM Top 100 Mobile App Bundle IDs: ‘Grindr' Leads on Apple App Store in Brazil, ‘TeraBox' No. 1 on Google Play Store in Mexico
According to Pixalate's research, the 'Screwdom' Bundle ID (6740043080) led on Apple App Store in Mexico and the 'TeraBox' Bundle ID ( led on Google Play Store London, June 06, 2025 (GLOBE NEWSWIRE) -- Pixalate, the leading global platform for ad fraud protection, privacy, and compliance analytics, today released the May 2025 Top 100 LATAM Mobile App Bundle IDs Rankings for Open Programmatic Mobile Advertising on the Google Play Store and Apple App Store. The reports highlight the top mobile app Bundle IDs in key LATAM ad economies, including Mexico and Brazil. In addition to the Mexico and Brazil reports, Pixalate released Bundle ID rankings for the United Kingdom (UK), Spain, France, the Netherlands, Germany, China, Japan, India, Singapore, the United States (U.S.), and Canada. Pixalate's data science team analyzed global programmatic advertising activity across over 20 billion impressions on Apple App Store and Google Play Store app traffic in May 2025 to compile the research in this series. The rankings are based on open programmatic advertising volume measured by Pixalate. The Bundle IDs are ranked after invalid traffic (IVT) is removed. Top LATAM Mobile App Bundle IDs (May 2025) Brazil - Apple App Store Bundle ID App Name Developer Name 319881193 Grindr - Gay Dating & Chat Grindr LLC 306310789 Wattpad - Read & Write Stories Wattpad Corp 1617391485 Block Blast! ARETIS LIMITED Brazil - Google Play Store Bundle ID App Name Developer Name TeraBox: Cloud Storage Space Flextech Inc. Moovit: Your Transit Tracker Moovit Grindr - Gay Dating & Chat Grindr LLC Mexico - Apple App Store Bundle ID App Name Developer Name 6740043080 Screwdom Zego Global Pte Ltd 319881193 Grindr - Gay Dating & Chat Grindr LLC 306310789 Wattpad - Read & Write Stories Wattpad Corp Mexico - Google Play Store Bundle ID App Name Developer Name TeraBox: Cloud Storage Space Flextech Inc. Vita Mahjong Vita Studio. Happy Color®: Coloring Book X-FLOW Download the Global Top 100 Mobile App Bundle IDs (May 2025) United States (Google Play Store & Apple App Store) Canada (Google Play Store & Apple App Store) Spain (Google Play Store & Apple App Store) Germany (Google Play Store & Apple App Store) United Kingdom (Google Play Store & Apple App Store) Mexico (Google Play Store & Apple App Store) Brazil (Google Play Store & Apple App Store) China Apple App Store) &(Google Play Store) Japan (Google Play Store & Apple App Store) Singapore (Google Play Store & Apple App Store) France (Google Play Store & Apple App Store) Netherlands (Google Play Store & Apple App Store) India (Google Play Store & Apple App Store) About Pixalate Pixalate is a global platform specializing in privacy compliance, ad fraud prevention, and digital ad supply chain data intelligence. Founded in 2012, Pixalate is trusted by regulators, data researchers, advertisers, publishers, ad tech platforms, and financial analysts across the Connected TV (CTV), mobile app, and website ecosystems. Pixalate is accredited by the MRC for the detection and filtration of Sophisticated Invalid Traffic (SIVT). Disclaimer The content of this press release, and the Top 100 Mobile App Bundle IDs Rankings (the 'Reports'), reflect Pixalate's opinions with respect to factors that Pixalate believes may be useful to the digital media industry. Any insights shared are grounded in Pixalate's proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources in the Indexes and herein should not be construed as endorsements. Pixalate's opinions are just that, opinions, which means that they are neither facts nor guarantees. Pixalate is sharing this data not to impugn the standing or reputation of any entity, person or app, but, instead, to report findings and trends pertaining to programmatic advertising activity in the time period studied. CONTACT: Nina Talcott ntalcott@
Android Authority
an hour ago
- Android Authority
New Pixel Watch setting could automatically lock your left-behind phone (APK teardown)
Rita El Khoury / Android Authority TL;DR Watch Unlock on the Pixel Watch allows your smartwatch's presence to keep your phone unlocked. Right now, that doesn't work in the opposite direction, and walking away from your phone won't automatically lock it. Google appears to be working on a 'lock on disconnect' option that would finally offer that ability. While there's no guaranteed way to prevent phone theft, making sure you keep your handset locked is probably the single easiest and most effective step you can take. Android already offers plenty of ways to help make sure your phone is locked when it needs to be, like how Theft Detection Lock can use device sensors to recognize when it's been snatched out of your hands, and accordingly lock things down. Today we're looking into another development in this direction, as we spot evidence for a new auto-lock feature. Authority Insights story on Android Authority. Discover You're reading anstory on Android Authority. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won't find anywhere else. An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release. Pixel Watch users can already take advantage of Watch Unlock to use the presence of their wearable to keep their phone unlocked — so long as your Watch itself is unlocked, when it's nearby and connected to your phone over Bluetooth, you won't need to enter your PIN or use biometrics on the phone. Watch Unlock works great for what it is — you even get a notification on your wrist and can manually re-lock the phone — but so far it's only really functioned in this one direction. That is, while the presence of your Pixel Watch can be used to unlock your phone, we haven't had the option where its absence locks your phone. That's a shame, because something like that could be handy if you've got an especially long screen timeout setting, and are worried about accidentally wandering off and leaving your phone somewhere while it's unlocked. Code Copy Text Phone will lock when it disconnects from your watch, like when it's far away Lock phone when left behind Looking at version 3.5.0.758720535 of the Google Pixel Watch app, we spot some new text strings that appear to quite clearly describe just that kind of auto-lock ability. This 'lock on disconnect' feature would look for the presence of your connected Pixel Watch, and activate your screen lock when that connection is lost. While we're not seeing this in the app just yet, Telegram user nailsad_eleos was able to coax out an early appearance in the settings menu: @nailsad_eleos / Telegram As you can see, it's not at all functional at the moment, but this is at least where we should expect this control to show up once Google's ready to share it. Admittedly, this feature might be a bit of an edge case in terms of the security need it addresses, but we can imagine that lots of Pixel Watch owners might still appreciate the peace of mind from this kind of extra protection. We'll let you know if and when we're able to get it working. Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
Washington Post
an hour ago
- Washington Post
Meta found a new way to violate your privacy. Here's what you can do.
Researchers recently caught Meta using tactics that one expert called similar to those of digital crooks to secretly compile logs of people's web browsing on Android devices. No one, including Android owner Google, knew that Meta's Facebook and Instagram apps were siphoning people's data through a digital back door for months. (After the researchers publicized their findings, Meta said it stopped.)
