Information Technology

Google/ZDNETCybercriminals have increasingly been using AI to scam their victims, often through text messages and phone calls. Now, Google is using a similar tactic to protect you from those scammers.Also: Did you get an E-ZPass text demanding payment? Don’t click – it’s a scamOn Tuesday, Google announced two AI-powered scam detection features for calls and text messages on Android devices. The goal is to thwart more complex and sophisticated attacks, especially those that may seem harmless at first but then devolve into riskier territory. 1. Scam detection for MessagesFirst up is scam detection for messages. Enhancing the existing spam protection in Google’s Messages app, the new scam detection is designed to look for a greater variety of threats. With this option enabled in Google Messages, the built-in AI uses real-time detection to determine if and when a text conversation seems suspicious. Let’s say you receive a text from a stranger that starts off innocently enough. But after a few back-and-forth messages, the conversation veers into an unexpected area. Once it detects a suspicious text, the on-device AI steps in to warn you that this is likely a scam. You’ll then be given the option to dismiss the warning or report and block the sender. By checking the ongoing conversation for any red flags, Google’s detection should prove more effective than other security tools that can only block or allow an initial text. The new detection works with SMS, MMS, and RCS messages, so you’re covered no matter which format is used.Turned on by default in MessagesScam detection for Google Messages is turned on by default, though you can turn it off at any time if you want to opt out. It also affects conversations only with people not in your contact list. Also: Why rebooting your phone daily is your best defense against zero-click attacksFurther, Google promises that your conversations will remain private. If you report a suspicious exchange, only the sender details and recent texts with that person are shared with Google and your mobile carrier. The new option is now rolling out in English across the US, UK, and Canada and will soon head to other countries. More

ZDNETIt’s tax season again. And that means it’s time not only to file your taxes, but also to watch out for scammers looking to con tax-paying citizens. In a new report out today, McAfee highlights the most popular tax-related scams and offers advice on how to protect yourself against them.Based on a new 2025 tax season survey conducted by McAfee, about 48% of people revealed that they, or someone they know, were contacted by a person claiming to be from the IRS or a state tax agency. The scammers used a variety of methods to target potential victims, including social media posts, emails, text messages, and phone calls. Also: What is vishing? Voice phishing is surging – expert tips on how to spot it and stop itPeople ages 18 to 24 reported the highest number of successful scams, with 40% of them saying that they, or someone they know, had been scammed. But older adults ages 65 to 74 suffered the greatest financial losses. Among the people in that group who lost money in a tax-related scam, 40% said they were out between $751 and $1,000. The highest losses were found among those in the 45 to 54 age range, with 10% reporting that they had lost more than $10,000. Today’s cybercriminals also know how to use the latest sophisticated techniques. With deepfake audios, scammers can sound like actual IRS agents. And with AI-generated phishing emails, they can duplicate actual messages from legitimate tax preparation services. More than half of the people surveyed said they think that tax-related scam attempts have become more realistic, with most of them worried that AI is making the scams more difficult to detect. How tax scams workIn its report, McAfee illustrated how one type of tax scam might work. You receive an urgent text or email claiming that your refund was rejected or that you owe back taxes. Looking like a real notice you might get from the IRS, the message typically includes a link for you to click or a phone number for you to call. If you take the bait, the scammer will often tell you that they need your Social Security number, bank account details, or credit card information to help you. Give them what they want, and now the criminals have easy access to your money or your identity. Also: Did you get an E-ZPass text demanding payment? Don’t click – it’s a scamBased on the survey results, scammers like to try different variations on a familiar theme: Fake IRS messages – Almost half of those polled by McAfee have received messages from someone posing as an IRS official.Impersonating tax services – One-third of the respondents said that they, or someone they know, was targeted by scammers pretending to be from TurboTax, H&R Block, or another tax provider.Baiting victims with fake refunds – More than a third of those surveyed said they’ve gotten suspicious messages that promised tax refunds and included malicious links.Cryptocurrency scams – Based on the survey, men are three times more likely than women to be hit by phony cryptocurrency tax payment schemes. More

<!–> ZDNET’s key takeaways The Aqara Camera Hub G5 Pro is available for $180 for the Wi-Fi version and $200 for the PoE version. This indoor/outdoor security camera doubles as a smart home hub, features 1520p resolution for crystal-clear images, RTSP support, and has a built-in NPU to process video with AI for visual recognition. […] More

ZDNETBuying stuff online can be a risky proposition. Sure, the big vendors do their best to make you feel safe, but what if you have to give up your credit card digits to a vendor you don’t know?As it turns out, there’s a type of financial instrument — called a virtual card — that can help. A virtual debit card can be turned on and off, spending limits can be set, and create unique card numbers created.  Also: 10 common dangers VPNs won’t protect you from online – and how to avoid themNot only will a virtual card come in handy when shopping at unfamiliar online merchants, but you can also use it for those free trials that renew automatically — and can be difficult to cancel. Use a virtual card, allow it to have one charge, and then it shuts down. No unfair renewals. Similarly, you can use it to prevent overcharges on subscriptions. Set a maximum limit, and you won’t suddenly find yourself with a huge bill you must dispute.I use a service that enables me to limit how my card is charged without my express permission. Privacy.com lets me limit the amount that can be spent on any card I create, limit how many times a card can be used, and more. Let’s discuss how to get started, how the process works, and the benefits you get from Privacy.com. Getting started with Privacy.com To get started, point your browser to Privacy.com.  Note: Privacy asks you for some personal information, including your name, residential address, date of birth, and possibly a copy of your driver’s license. They may also request other documents.Why? The company explains its reasoning for these fairly intrusive requests:To help the government fight the funding of terrorism and money laundering activities, federal law requires all financial institutions to obtain, verify and record information that identifies each person who opens a Privacy Account. You’ll also need to set up a funding source. This is the account from which Privacy will pull your money in order to pay it out to the vendor you’re paying. Remember that although Privacy will issue you credit card numbers, it does not provide credit. Everything you pay using Privacy will be removed from your bank account directly or via a debit card linked to your bank account.Those are your two funding source possibilities: a personal bank account or its associated debit card. Privacy — at least the free version — will not work with a business bank account. You’ll be asked for a funding source when you first create your Privacy account. If you later want to change sources, go to the Account menu item under the little head icon in the upper-right corner of the page.You can have multiple bank accounts as funding sources, but you can’t have multiple debit cards, and you can’t have both a bank account and a debit card.It’s been a while, but I recall it taking a few days after I signed up for Privacy to fully enable my account. So, if you plan on using this service, don’t wait until the last minute when you really need it. More

ZDNETI often need random passwords. Mostly, those passwords are used for the creation of user accounts on apps and services, at which point I’ll use my password manager that includes a very good random password generator.But other times, I might need a temporary password that doesn’t require saving in a password manager. Or maybe it’s a permanent password, but I’m logged into my desktop from a remote machine, and the command line is the only tool I have. Also: 5 Linux commands I use to keep my device running smoothlyRegardless of why, there’s a simple Linux command that makes it very easy to generate random passwords. That tool is called pwgen, and here’s how you install and use it. How to install pwgen What you’ll need: The only things you’ll need for this are a Linux distribution and a user with sudo privileges. More

<!–> ZDNET’s key takeaways The Aqara Camera Hub G5 Pro is available for $180 for the Wi-Fi version and $200 for the PoE version This indoor/outdoor security camera doubles as a smart home hub, features 1520p resolution for crystal-clear images, RTSP support, and has a built-in NPU to process video with AI for visual recognition […] More

Adrian Kingsley-Hughes/ZDNETI’ve been flying drones, both recreationally and commercially, for over a decade — and hold a handful of drone licenses and certifications. Over those hundreds of hours of flying, I’ve yet to lose a drone. Yet, almost daily, I come across stories on social media of people losing their drones. Some drones crash on their first flight, some after months or years of problem-free service. Also: I tested DJI’s new foldable drone, and would recommend it to both beginners and professionalsI attribute my success, luck, and good fortune in part to experience, but mostly to the fact that I carry out regular safety checks on my drone. A drone is an aircraft, and just as you wouldn’t put a plane in the sky that hadn’t had safety checks carried out on it, I wouldn’t put a drone in the sky without doing the same. So, what tests should you do, and when?I have three sets of checks that I do: pre-flight checks, post-flight checks, and checks carried out every two weeks to a month (depending on how often I’m flying… the more I fly, the more often I check). Why pre-flight and post-flight checks? One set is to catch damage that might have occurred while storing or transporting the drone (and anything I might have missed after the last post-flight check). The post-flight checks are there to catch anything that might have happened during the flight. Also: The DJI Mini 2 SE drone is a great starter droneThe biweekly/monthly checks are there to again take a fresh look at the drone, as well as a deeper look at things like the batteries. And it’s not just looking at the drone. Pre-flight checks take into consideration other things that can affect your drone. Pre-flight checks Drone checksCarefully check the drone for any visible damage to the frame, propellers, or landing gear. You’re looking for anything from cracks and chips to bending and seams popping open.Ensure propellers are securely attached and free of cracks or chips. Propellers are cheap, your drone isn’t. Replace them if they show any signs of damage. I always recommend using genuine propellers rather than third-party accessories.Ensure that all the propeller motors rotate freely.Check that the battery is fully charged and securely fitted. The last thing you want to happen is for the battery to fall out mid-flight (yes, that does happen).Also: I tested DJI’s palm-sized drone, and it captured things I had never seen before More

ZDNETCybercriminals and hackers employ a variety of methods to access and steal sensitive information from individuals and organizations. One increasingly popular approach is vishing, or voice phishing. Here, the attacker tricks someone into sharing account credentials or other information through a simple phone call. According to the latest data from security firm CrowdStrike, these types of attacks have been skyrocketing. Also: Hackers stole this engineer’s 1Password database. Could it happen to you?In its 11th annual 2025 CrowdStrike Global Threat Report, the security provider revealed that vishing attacks jumped 442% in the second half of 2024 compared with the first half. Throughout the year, CrowdStrike Intelligence tracked at least six similar but distinct campaigns in which attackers pretending to be IT staffers called employees at different organizations. Help desk social engineering In these particular campaigns, the scammers tried to convince their intended victims to set up remote support sessions, typically using the Microsoft Quick Assist tool built into Windows. In many of these, the attackers used Microsoft Teams to make the phone calls. At least four of the campaigns seen by CrowdStrike used spam bombing to send thousands of junk emails to the targeted users as a pretext for the alleged support call. Also: How to protect yourself from phishing attacks in Chrome and FirefoxThe type of vishing used in these attacks is often known as help desk social engineering. Here, the cybercriminal posing as a help desk or IT professional stresses the urgency of the call as a response to some made-up threat. In some cases, the attacker requests the person’s password or other credentials. In other cases, such as the ones documented in the report, the scammer tries to gain remote access to the victim’s computer. Callback phishing Another tactic seen by CrowdStrike is callback phishing. Here, the criminal sends an email to an individual over some type of urgent but phony matter. This could be a claim for an overdue invoice, a notice that they’ve subscribed to some service, or an alert that their account has been compromised. The email contains a phone number for the recipient to call. But naturally, that number leads them directly to the scammer, who tries to con them into sharing their credit card details, account credentials, or other information. Because these attacks are usually aimed at organizations, ransomware is another key component. By gaining access to network resources, user or customer accounts, and other sensitive data, the attackers can hold the stolen information for ransom. Also: The top 10 brands exploited in phishing attacks – and how to protect yourselfIn its report, CrowdStrike identified a few different cybercrime groups that use vishing and callback phishing in their attacks. One group known as Chatty Spider focuses mostly on the legal and insurance industries and has demanded ransoms as high as $8 million. Another group called Plump Spider targeted Brazil-based businesses throughout 2024 and uses vishing calls to direct employees to remote support sites and tools. “Similar to other social engineering techniques, vishing is effective because it targets human weakness or error rather than a flaw in software or an operating system (OS),” CrowdStrike said in its report. “Malicious activity may not be detected until later in an intrusion, such as during malicious binary execution or hands-on-keyboard activity, which can delay an effective response. This gives the threat actor an advantage and puts the onus on users to recognize potentially malicious behavior.” Other security firms have seen a dramatic rise in vishing attacks. Last October, Zimperium’s zLabs research team uncovered a malware known as FakeCall, notable for its advanced use of vishing. Here, the scammers use phone calls to try to trick potential victims into sharing sensitive information such as credit card numbers and banking credentials. FakeCall itself works by hijacking the call functions on Android phones to install the malware. More