Latest news with #badactors
WIRED
08-07-2025
- Business
- WIRED
How to Spot Counterfeit Beauty Products on Amazon
Welcome to the Wild West of online beauty shopping. Here's how not to get scammed. All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links. You'd expect your pimple patches to heal blemishes, not cause them. But when you're buying beauty products on Amazon, there's a risk you're getting more than you bargained for. And you wouldn't be alone. According to a 2023 study from Michigan State University, nearly seven in 10 consumers were fooled into purchasing counterfeit items online. That same year, Amazon reported blocking more than 700,000 attempts by 'bad actors' trying to open new storefronts and seizing more than 7 million counterfeit products worldwide. While knockoff sneakers might pose minimal safety risks, fake skin care and makeup are a whole different story. These products come into contact with your skin and can cause irritation, allergic reactions, chemical burns, or more serious health issues. According to the Personal Care Products Council, counterfeit cosmetics can come laced with carcinogens like arsenic, beryllium, and cadmium, as well as dangerous levels of aluminum, mercury, and bacteria. So, how do you protect yourself without giving up online shopping altogether? Here's how to spot fake beauty products on Amazon (ideally) before they touch your face. For more smart shopping advice, check out Here's What the FDA Label on Your Personal Care Products Means. Start With the Source On Amazon, the same product might be sold by more than one vendor. Your safest bet is sticking to products sold by the brand's official storefront. Sometimes the product is shipped and sold by While not foolproof, it's the second-best option, considering Amazon takes responsibility for the inventory it fulfills. Amazon allows independent vendors to list and sell products on its platform, and while many are legit, counterfeiters love this loophole. Click on the third-party seller and look at its storefront. If it's empty, oddly named, or redirects to nowhere on Google, move along. Vet the Seller Like It's a First Date You'd Google a Bumble match before meeting up; apply that same energy here. Run a quick search. If a third-party seller has no presence outside Amazon or is filled with one-star complaints, that's your cue to swipe left. Look for a legitimate website, positive reviews across various platforms, and clear contact information or customer service details. In this economy, we might love a mysterious man with no socials, but a mysterious seller is giving catfish. Read Between the Reviews Beware of fake reviews. Reviewer Simon Hill put together a complete guide to help you spot them, but here are a few red flags to look for: A very high percentage of five-star reviews. Lack of detail in reviews and vague praise. Generic review titles like 'Nice product' or simply 'Awesome.' Mentions of competing products. Wording similar to other reviews. Poor grammar and spelling mistakes. Multiple reviews on specific dates (especially if there are long gaps between them). The 'Customers also bought' section contains unrelated products. Glowing reviews with one small negative that isn't a deal-breaker. Explaining away cons. Inspect Before You Apply Counterfeit packaging can be scarily accurate, but there are still tells: off-color logos, misspelled ingredient lists, weird textures or smells, and broken safety seals. If you've purchased the product before from a reputable source (like Sephora or directly from the brand), compare it to an old tube. When in doubt, toss it out. Check the lot code, which is a sequence of numbers and letters printed on the product's bottom, side, or crimp. Manufacturers use these to track inventory and flag counterfeits. You can often compare your code with one from an authentic product or plug it into a checker tool on the brand's website. If the code is missing or different from what you'd expect, it's a hard pass. If You've Been Duped, Report It If you suspect a product is counterfeit or unsafe, report it directly to Amazon. The online retailer should start an investigation and issue a refund, and may take the product down. You can also leave a detailed review to warn other shoppers, and consider filing a complaint with the brand directly. Final Tips and Advice Stick to Amazon's curated storefronts, like Premium Beauty and Professional Skincare, where sellers are vetted and products are often sourced straight from the brand. You'll also see badges like 'Amazon's Choice' or 'Best Seller,' which indicate trusted picks, though again, those aren't guaranteed. If a deal seems too good to be true, it probably is. But with a little vigilance, you can enjoy the convenience of Amazon without the counterfeit drama. Power up with unlimited access to WIRED . Get best-in-class reporting that's too important to ignore for just $2.50 $1 per month for 1 year. Includes unlimited digital access and exclusive subscriber-only content. Subscribe Today.
Forbes
30-05-2025
- Business
- Forbes
Microsoft Confirms Password Deletion—Now Just 8 Weeks Away
Here's when passwords will be deleted. Microsoft wants to delete passwords for its billion-plus users, now 'the password era is ending' and set against the backdrop of hundreds of millions of email addresses and passwords being stolen. 'Bad actors know' passwords are finished, Microsoft says, 'which is why they're desperately accelerating password-related attacks while they still can.' All of which amplifies the risk for anyone yet to upgrade their account security. In parallel, Microsoft is making another headline change, deleting passwords for millions of users just 8 weeks from now. Anyone using Microsoft Authenticator is being warned that 'from August 2025, your saved passwords will no longer be accessible and any generated passwords not saved will be deleted.' You must act now. Here are your deadlines: The company's solution is to first move autofill and then any form of password management to Edge. 'Your saved passwords (but not your generated password history) and addresses are securely synced to your Microsoft account, and you can continue to access them and enjoy seamless autofill functionality with Microsoft Edge.' Passwords are ending in Authenticator Microsoft has added an Authenticator splash screen with a 'Turn on Edge' button as its ongoing campaign to switch users to its own browser continues. It's not just with passwords, of course, there are the endless warnings and nags within Windows and even pointers within security advisories to switch to Edge for safety and security. Microsoft says that 'to continue to use generated passwords, save them from Generator history (via or from the Password tab) into your saved passwords,' and that 'after July 2025, any payment information stored in Authenticator will be deleted from your device.' and 'after August 2025, your saved passwords will no longer be accessible in Authenticator and any generated passwords not saved will be deleted.' Ironically, Microsoft's Authenticator will continue to support passkeys and that's actually what all users should be doing now. Forget old school passwords and two-factor authentication (2FA), all critical accounts should have passkeys added where available, especially your Microsoft and Google accounts. Microsoft wants users to delete passwords once that's done, so no legacy vulnerability remains, albeit Google has not gone quite that far as yet. You do need to remove SMS 2FA though, and use an app or key-based code at a minimum. FIDO's latest research reports that 'over 35% of people had at least one of their accounts compromised due to password vulnerabilities… This is significant for passkey adoption, as 54% of people familiar with passkeys consider them to be more convenient than passwords, and 53% believe they offer greater security.'
Forbes
22-05-2025
- Business
- Forbes
Five AI-Powered Threats Senior Leaders Should Be Aware Of
Perry Carpenter is Chief Human Risk Management Strategist for KnowBe4, a cybersecurity platform that addresses human risk management. We're all too familiar with warnings about phishing scams, and they're still a security issue we need to be aware of. But there are a wide range of other concerns, beyond phishing, that should have your attention—and that you should be sharing with colleagues so they can collaborate with you to protect your company and assets. We're moving into what I call the 'Exploitation Zone'—a widening gap between technological advancement and human adaptability. It is, admittedly, tough to keep up unless, like me, you're singularly focused on data security and staying on top of increasingly sophisticated ploys by bad actors to exploit your human nature. Here are five AI-powered threats you need to understand and take steps to respond to. It's not just emails we have to be worried about these days. Today's hackers can spoof more than email addresses. One of the quickly emerging scams is voice phishing, or vishing. Just last year, we saw a 442% increase in vishing attacks between the first and second half of 2024, according to CrowdStrike. Using publicly available voice snippets they can access via earnings calls, podcasts, video calls or media interviews, cybercriminals are able to create hard-to-detect voice clones. This can take the form of a frantic call from a 'grandchild' to a grandparent asking for money to help get them out of a jam. It can also take the form of a demanding call from a 'CEO' to release funds through a bank transfer. Suggestion: Put steps in place to verify any requests for financial transactions, especially those received via calls or voice messages; consider using authentication questions that only legitimate business representatives would know. Since the pandemic, it's not unusual for many types of meetings to take place in a virtual environment. That includes board meetings. When your board members are participating virtually, there's a chance for manipulation by bad actors. That's not just the stuff of science fiction. Deepfakes have already been used to influence critical business decisions or access sensitive information. A U.S. judicial panel has even considered how deepfakes could disrupt legal trials. Chances are that images and video clips of your board members and senior leaders exist. All cybercriminals need to do is get access to a few seconds of a voice recording, video, or sometimes even a single image and use generative AI tools to create audio and video that most people won't be able to discern from the real. Think I'm exaggerating? You can see me demoing the tools and tactics here. Suggestion: Make sure you're using authentication to protect the security of any video calls. Implement multifactor authentication and establish verification procedures that involve different communication channels. And also, similar to the suggestion for No. 1, consider creating safe words or a verbal challenge/response procedure. In 2023, a fake, likely AI-generated photo of an alleged explosion near the Pentagon briefly caused the S&P 500 to drop. Suggestion: Develop crisis response plans to address the potential for synthetic media attacks, including rapid verification channels that can be used with targeted news outlets and financial partners. Imagine a disgruntled employee using AI voice cloning to generate a fake audio recording of their CEO making discriminatory remarks. Or, picture an AI-generated video showing a senior-level official involved in questionable activities. It's all too possible with the rise of AI-generated content that is now literally at the fingertips of anyone with an axe to grind. Even when these attempts are proven to be false, the damage remains. It used to be true that 'seeing is believing.' That's still true, but what we're seeing may not be actually believable. Suggestion: Be aggressive in monitoring digital channels for synthetic content related to your organization and your key executives, board members and other representatives. Have rapid response plans in place to address any incidents that occur, and be prepared to provide evidence of manipulation. Large language models (LLMs) are the foundational technology behind many generative AI tools. While LLMs themselves don't access real-time information, threat actors can leverage these tools—often in combination with publicly available data about your organization—to craft hyper-personalized phishing campaigns and social engineering attacks. These messages can closely mimic the tone and style of internal communications, making it increasingly difficult for recipients to distinguish between legitimate and malicious content. In a now widely reported incident, what was likely a combination of voice cloning and video deepfakes were used to convince an employee at a multinational firm in Hong Kong to pay out $25 million. After participating in what turned out to be a fake, multi-person video conference call, and despite some initial misgivings, the employee did as requested. Suggestion: Train staff members to recognize the warning signs of AI-enabled impersonation, such as limited interaction or refusal to answer unexpected questions. And encourage them to trust their gut. If something feels off, it probably is, and they should pursue additional verification options. Repeated exposure to information and examples of the many ways bad actors are attempting to infiltrate and influence organizations and employees can help keep the threats top-of-mind and help minimize the chances of falling prey to these attacks. Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
