Latest news with #dataBreach
CNET
an hour ago
- General
- CNET
Overwhelmed by Scammers? You're Not Alone. 96% of Americans Are Targeted Every Week
Like many of you, I check my email multiple times a day. Too often, as I'm scrolling through updates from my son's school, checking my bills or browsing retail deals, an email subject line or sender catches my eye that I know is a scam. I know I'm not the only one who regularly receives scam messages. A new CNET survey shows that 96% of Americans receive at least one scam message from email, phone calls or texts each week. CNET's Danni Santana, who regularly tracks and reports on cybersecurity issues, finds this number concerning, but not surprising. With a rise in data breaches, scammers likely know how to reach you and will try different methods to get you to fall for a scam. "Data breaches that leak the personal information of everyday Americans, including phone numbers, happen almost every day," said Santana. "Just about all of us have been affected by one, whether we know it or not." With scammers now using artificial intelligence to create more convincing scams to trick us into sharing our information through phone calls, texts and direct social media messages, spotting scam messages has become more difficult. As bad actors leverage AI to get faster and better at crafting scam messages, it's important to stay vigilant. Here's what else we learned and expert tips to help you avoid falling victim to a scam. Key takeaways 90% of US adults say they receive scam emails on a weekly basis; 37% receive more than 10 scam emails each week. of US adults say they receive scam emails on a weekly basis; receive more than 10 scam emails each week. 83% of US adults receive scam phone calls each week. of US adults receive scam phone calls each week. 82% of US adults receive at least one scam text per week. of US adults receive at least one scam text per week. 60% of US adults receive at least one social media scam message per week. Cole Kan/CNET Most US adults get weekly scam messages Scammers try to reach us in almost every way we communicate. It can happen when we answer the phone (they might even be trying to get a snippet of our voice to use in another scam later), via text message or through a direct social media message that feels personal and authentic. So how do you protect yourself? Here's what CNET experts recommend. Most US adults are threatened by email scams weekly CNET's survey found that email scams are the most common type of scam message US adults receive on a weekly basis -- 90% of Americans get at least one per week. Survey findings also show that older generations, Baby Boomers and Gen X, are the most targeted -- 94% of each group receive at least one scam email a week. Cole Kan/CNET Bree Fowler, CNET's senior security reporter, says phishing emails aren't as easy to spot anymore. "It used to be that scammers would go with over-the-top phishing emails that wanted you to 'Click now!' saying that you were going to miss out on a great deal, be hit with credit card charges you didn't make or even go to jail for back taxes," said Fowler. But people have caught on to what scammers are up to, and now they're trying to hide in plain sight. Before you open an email that could be a scam, look closely at the subject line and sender. Fowler said that scam subject lines are a lot less obnoxious than they used to be. For example, shipping notifications are a still popular scam email that can seem harmless because they impersonate companies, such as Amazon or a bank. If you accidentally open the email, hover over the link to see if anything looks suspicious but don't click it. Fowler also recommends looking for good antivirus software and other security measures such as two-factor authentication and a solid password. Phone call scams aren't slowing down I'm all too familiar with getting phone calls from a random phone number in the middle of the day. Scammers are even leaving voicemails now. Second to emails, phone scams are the next most common with 83% of US adults saying they receive at least one spam phone call a week. Even worse, 23% say they experience 10 or more scam calls per week. By generation, Boomers receive the most spam calls -- 89% receive at least one scam phone call a week. Cole Kan/CNET Nowadays, most phone carriers have features to spot scam calls. My carrier marks these calls as "Spam Risk" to flag suspicious calls to help me better identify them. If you answer and suspect it's a scammer, hang up right away. You can always call the company the caller claimed to work for, like your bank or utility, to check whether the phone call was legitimate. There's another risk to talking to scammers on the phone. Some are using artificial intelligence to clone your voice. The scammers then use the recording to make their calls seem more trustworthy to scam others, potentially including your family and friends. The longer a scammer can capture your voice, the more accurate their future calls become. Read more: Protect Yourself from Anonymous Calls: Unknown Caller vs. No Caller ID Text message scams can be sneaky CNET found that 82% of US adults receive text scams weekly. Thirty-four percent reported receiving one to two text scams per week, while 13% said they get 10 or more per week. Cole Kan/CNET Scam texts, also known as "smishing," can add up if you fall for them. US adults lost a whopping $470 million in text scams last year, according to the Federal Trade Commission. However, there are ways to catch text scams and keep phishers from stealing your money or identity this way. It starts with being on the lookout for any common scams that are making news headlines. "Whenever you get a random text message claiming you must take action or else, the best thing you can do is take a breath and slow down." Danni Santana, CNET's cybersecurity editor Santana said that the fact that we continue to see phishing scams is proof that they're working. How often you receive unsolicited texts or phone calls could be a coincidence or it could mean scammers think you're an easy target, he added. One text scam that's been common this year is messages from fake agencies about unpaid tolls and threats if you don't pay your unpaid balance right away. You may also receive fake messages from what appears to be your bank, a government agency like the IRS or Social Security Administration, or even a hopeful scam message about your student loans qualifying for debt relief. Most of these messages come with an urgent request for a response or a payment. Santana says it's best to slow down before taking any action if you get a suspicious text. You don't need to respond immediately. "Whenever you get a random text message claiming you must take action or else, the best thing you can do is take a breath and slow down," said Santana. "Scammers want you to make rash decisions. But if you calm down and analyze the link or even the language used in the message, you have a good chance of identifying the scam." Read more: If Someone Says, 'You Must Pay, or Else,' It's Likely a Scam. Ways to Protect Yourself If you do open a scam message, avoid clicking on suspicious links and don't respond. If you don't recognize the number, block the sender and report it as spam. It's also recommended to keep an eye out for updates to your phone's software for spamware defense and security improvements. Social media scams can look convincing "The same tactics you use to avoid falling for text messages can be applied to scammers sliding into your DMs with 'too good to be true' deals or money-making opportunities." Danni Santana, CNET's cybersecurity editor I've fallen for a social media scam before. I received an offer for discounted tickets to a college football game, and I sent the "seller" a few hundred dollars via Zelle before verifying that they were legitimate. Over half of US adults (60%) receive one or more direct social media messages per week. Gen Z sees the most social media scams -- 66% receiving at least one per week. So it's important to be vigilant and ignore messages from anyone you don't know. If you receive a suspicious direct message from someone in your contact list, reach out to them via text or the phone to confirm whether it's legitimate. Cole Kan/CNET "The same tactics you use to avoid falling for text messages can be applied to scammers sliding into your DMs with 'too good to be true' deals or money-making opportunities," said Santana. Don't respond to anyone you don't know, and if you believe your loved one is being impersonated, report the message and user right away. Most importantly, don't respond. Read more: My Kids Were Targeted by Scams. Here's How I Keep Them Safe Banks are taking action to protect customers. In March, Chase announced that it would block Zelle transactions initiated on social media to protect customers from being scammed. If you're wary of conducting a transaction online, try other trusted sites and payment methods that are verified and provide protections for both buyers and sellers, such as eBay and Mercari. Most importantly, pay attention to security features and reminders. For example, Venmo asks you to verify the last four digits of a Venmo user you're unfamiliar with before sending money and to be careful when making online purchases. Most peer-to-peer payment apps don't offer fraud protection. Methodology CNET commissioned YouGov Plc to conduct the survey. All figures, unless otherwise stated, are from YouGov Plc. Total sample size was 2,437 adults. Fieldwork was undertaken April 28-30, 2025. The survey was carried out online. The figures have been weighted and are representative of all US adults aged 18 and over.
Yahoo
2 days ago
- Business
- Yahoo
State of Crypto: Someone Tried to Scam Me (Probably)
Coinbase won't call customers to warn them that their accounts may have been compromised. It's a common scam vector. Still, someone tried it on me. You're reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions. Last weekend, an unknown California number called me. A helpful gentleman informed me that my Coinbase account had been compromised during its recent data breach and he was there to assist me in not losing my assets. Oh no, the horror! All right, so obviously this is a scam. Right after hanging up with this supposed help desk agent, I texted a Coinbase spokesperson to verify that at no point would the exchange call a customer to tell them their account was compromised. It's scam 101 — if you're getting a phone call informing you that your account's been compromised, whether at a crypto exchange, a bank, the IRS, whatever, it's a scam. Do not share your personal details and do not provide any passwords if you get a call like this. There were a few flaws in the attempt to get me to, presumably, move my funds from my supposedly compromised Coinbase account to another address. But I'm hopeful that this can be a useful teaching moment for the nearly 70,000 people who have been affected by Coinbase's recent breach disclosure, as well as anyone else who receives a phone call claiming their information has been compromised. Here's how this went down. Let's start from the beginning. On Saturday, May 24, I received a call from a number I didn't recognize to my personal phone, not my public-facing work number. It being a weekend, one where I was actually visiting family in another state, I didn't pick up. Then the same number called back and I still didn't pick up (yes I know, riveting, but it's 2025 and you can leave a voicemail or text). Ten minutes later, I received a third call from a different number, which I did pick up because at that point I was curious. A fast-talking gentleman who called himself Riccardo told me he was part of Coinbase's Actions and Protections Department and that he was reaching out because my Coinbase account information had been compromised and a new email had just been added to my account. I was pretty confused, for reasons I'll get into below. But I was also intrigued because there were immediately four red flags. For simplicity's sake, I'll refer to the caller as "the agent" from here on out, but to be absolutely clear, I doubt he is an actual customer service agent, representative or other employee of Coinbase, and he certainly was not reaching out to me as an authorized representative of the exchange. First off, the phone call itself is a big red flag. Coinbase will never call a customer about a breach, but rather will contact customers via email, it previously said in a tweet. This is actually standard. The Federal Trade Commission website notes there is a vast range of scams wherein someone will call you, and numerous other companies have warnings that their employees will never proactively call a customer about account issues. The agent I spoke to said they would freeze my account for 24 hours to ensure no funds could be stolen (thanks, I guess?) and that a supervisor would reach out to me (I continue to wait for this supervisor to call). This supposed freeze on my account can be extended to three months if there are multiple failed login attempts. To wrap up the call, he said he'd send me an email summarizing all the details we'd discussed. On Saturday night, I received an email with the subject line "your case is under review." The follow-up email this very helpful customer service representative sent was extremely informative. For one thing, the email address they had associated with my account is a public-facing address, but is not the email address attached to my actual Coinbase account (in fairness, I forgot that part until I tried to find my login information a few days later). Gmail initially (correctly) flagged this email as spam. I moved it to my inbox, where Gmail then showed me that the sender (help@ was not the actual sender — the email arrived via Even the part is sketchy — for one thing, Coinbase's website is though it does send emails from info@ — still, you wouldn't expect a hyphen in a support email domain. For another, the info-coinbase domain was first created in November 2024 (according to an ICANN lookup) and isn't a real website. The email headers were also not super helpful in terms of providing any sort of identifying information, but they did confirm that the sender appeared to have tried to obfuscate their information. Curiously, the "Visit Coinbase" link at the bottom appeared to link to the actual Coinbase website and there do not appear to be any hidden embedded images or other attached files in the email at all. I'm not totally sure what's going on there. A real scammer could have embedded a virus of some sort into the email or even a tracking pixel. Another common tool scammers might use is putting in a phishing link in place of a legitimate one in an email, tricking the user into going to a website intended to steal their login information (this is not legal, technical or any other sort of advice; if you decide to try and scam somebody using information you gleaned from this newsletter, stop it). While scammers might sometimes know how much their intended victims have in a wallet or account, the person who called me did not appear to have that information (as I have zero crypto in my Coinbase account). I called the number back on Friday to see what might happen. No one picked up. I guess my account must be secure now. : Stand With Crypto announced Soulja Boy and 070 Shake would headline a "get out the vote rally" next week ahead of New Jersey's governor primary election. SWC removed Soulja Boy a day later after discovering he was found liable for sexual battery and assault charges and ordered to pay $4 million last month, in a case stemming from 2021. : SEC Commissioner Hester Peirce told the Bitcoin 2025 Las Vegas audience that it's fine to invest in speculative assets, especially if there's no federal regulator with close oversight, but those investors can't ask for a bailout when prices sink. : House Republicans have formally introduced the Digital Asset Market Clarity Act, its market structure bill, just weeks after circulating a discussion draft. : The SEC's latest staff statement looks at staking and how the securities regulator might evaluate that part of the crypto ecosystem. : The SEC and Binance filed a joint stipulation to drop the regulator's case against Binance. : News broke over the weekend that a crypto investor had been kidnapped and tortured for his Bitcoin keys. Two suspects accused of perpetrating the kidnapping have been arrested and pled not guilty. : Jamie Raskin, the top Democrat on the House Judiciary Committee, wrote a letter to U.S. President Donald Trump calling on him to publish the names of his guests at last week's memecoin dinner. Friday 15:00 UTC (11:00 a.m. ET) A federal judge held a telephone hearing to assess Roman Storm's defense argument that the Department of Justice may have withheld information. The judge ruled that in her view, the DOJ did not have to review its materials and had not withheld information that rose to the level of affecting proceedings. () The White House published a "Make America Healthy Again" report that cited nonexistent studies and references — with telltale signs that AI may have been used to generate at least some parts of the report. () The Fed said 8% of adults who responded to a survey said they held cryptocurrency in the U.S., down from 12% four years ago. If you've got thoughts or questions on what I should discuss next week or any other feedback you'd like to share, feel free to email me at nik@ or find me on Bluesky @ You can also join the group conversation on Telegram. See ya'll next week!
Phone Arena
2 days ago
- Business
- Phone Arena
T-Mobile settlement checks now going out and they appear to exceed expectations
After months of waiting, T-Mobile is finally sending out payments to its users affected by the 2021 data breach. In February, it was reported that the settlement checks would start going out soon, with an update on the settlement website pegging April as the target month. The website later said that the payment was delayed until May. In 2021, a cyberattack exposed the personal information of 76 million T-Mobile customers in the US. T-Mobile agreed to pay $350 million to settle a claim against it by customers for not adequately protecting sensitive information. It looks like notice of payments are now being sent to T-Mobile users affected by the breach. Some users have received a Virtual Prepaid Mastercard while others have had direct deposits into their Zelle accounts. The mode of payment depends on the payment option you chose. —rruhrruh, Reddit user, May 2025 —Iluvorlando407, Reddit user, May 2025 —lerriuqS_terceS, Reddit user, May 2025 Some customers aren't sure if the emails about the payments are legitimate, but according to the settlement website, the distribution of payments has indeed started. The website notes that the payments will be sent out over the following several weeks. — T-Mobile settlement website Customers who spent money to mitigate the impact of the breach were promised up to $25,000, while others were told to expect $25, or $100 if they lived in California on August 1, not clear how much each user has received, but two user say they got $56.54, which is more than $25 promised. This might be because there were fewer claims than expected. Of course, $56.54 isn't a huge amount, but it's important to remember that the $350 settlement fund will also be used for other expenses such as paying attorney's fees and providing identity defense services. Besides, the settlement payments aren't necessarily so much about compensating customers for what they went through as they are about serving as a statement about holding huge corporations accountable for their inactions and oversights. Switch to Total 5G+ Unlimited 3-Month plan or Total 5G Unlimited and get a free iPhone. We may earn a commission if you make a purchase Buy at Total Wireless
CBC
3 days ago
- Business
- CBC
Nova Scotia Power says it believes it knows who stole customer data
The head of Nova Scotia Power says the company believes it knows who stole customer information in a recent ransomware attack. However, CEO Peter Gregg says he can't disclose that information as the company's investigation is ongoing. "We do have a good sense of who the threat actor is," Gregg told CBC's Information Morning Halifax on Friday morning. "I can't really get into the details of that." Gregg said the company believes some information may have been published on the dark web — part of the internet that requires special software to access, and which cybercriminals can use to buy and sell data and other illicit materials — but that there has been no spread of the information to other sites. The utility has said it did not give any money to the hackers as part of the ransom demand. Nova Scotia Power announced publicly on April 28 that it was dealing with a cybersecurity incident it discovered three days earlier, on April 25. The company later said the actual hack had occurred more than a month earlier, on March 19. About 280,000 customers have been affected by the attack — about half of the utility's total customers and more than a quarter of the province's population. Letters distributed to affected customers say the stolen information may include the customer's name, phone number, email address, mailing address, date of birth, account history, driver's licence number, social insurance number and bank account numbers. Gregg said if a customer has not yet received a letter, he's "fairly confident" their information was not taken. Social insurance numbers stolen Gregg told the CBC Nova Scotia Power still doesn't know exactly which information was taken from each customer, but that about 140,000 social insurance numbers were included in the stolen data. The federal government says people do not have to provide their SIN to sign up for utility service, except for Hydro Quebec customers. Gregg told Information Morning that Nova Scotia Power has used social insurance numbers as a way of authenticating customers in the past, but it will no longer do that, and it will delete social insurance numbers that are on file. Asked why Nova Scotia Power was keeping so many social insurance numbers on file long after a customer's identity had been confirmed, Gregg said, "I don't have a good answer for you for that today. "It's an unfortunate thing. I apologize to our customers that they're in that situation, but at this point in time we need to continue the investigation." Gregg said the Office of the Privacy Commissioner has its own investigation taking place, and Nova Scotia Power is co-operating. Insurance At the time the breach was announced, Nova Scotia Power said it was not expected to affect the company's financial performance. Gregg said Friday the utility has cybersecurity insurance and he anticipates that will cover the cost of dealing with the attack. Nova Scotia Power has offered affected customers free credit monitoring for two years with TransUnion. Gregg said the company chose the two-year period based on consultation with cybersecurity experts and what they said were best practices. Gregg acknowledged that "there were some bumps" early on as customers struggled to access the site and set up the monitoring service, but said those have been dealt with and the process should be smoother now. Upcoming bills Nova Scotia Power's billing system was affected by the ransomware attack, but Gregg says the meters were not. However, the company still needs to rebuild the links between those networks. So, the utility will estimate customers' next bills based on the same time period from last year so that the bills don't pile up and customers aren't hit with "multi-month large bills," Gregg said. Late fees will be waived in the meantime, he said, and the company is looking at verifying all meters before the normal ways of billing resume. Consequences for company executives? Asked whether Gregg's own position as CEO of Nova Scotia Power may be jeopardized by the security breach, he said, "the future of me is up to my board and leadership of Emera." As for executive bonuses and whether they will be warranted after the incident, Gregg said that decision is out of his hands.
CTV News
4 days ago
- Business
- CTV News
Nova Scotia Power CEO one of 280K customers impacted by data breach
Potentially 140,000 Nova Scotia Power customers could have had their social insurance numbers stolen in a recent data breach.
