Don’t click that pic: Heads up! There’s a new WhatsApp scam where random numbers send you a photo with “Is this you?” Spoiler alert: It’s not you. Don’t open it. That image is loaded with hidden malware. One tap, and hackers can break into your phone, grab your data, even blackmail you. Turn off auto-downloads now, and don’t trust random “friends.”
Stop one-touch theft
Bing Image Creator
Tap-to-pay is slick, fast and super convenient until it isn’t. Scammers have figured out how to use that same technology to steal your money without you even knowing.
It’s called “ghost tapping,” and it’s spreading so fast, the BBB issued a major alert about it.
💳 How it works
A scammer carries a hidden NFC reader, the same tech used in legit payment retail terminals, and bumps up close to your credit or debit card. If your card is contactless and not protected, boom, a payment goes through.
No swipe. No PIN. No clue it happened.
These crooks hang out in crowded spots like malls, airports, festivals and train stations. If your tap-to-pay card is sitting loose in a bag or back pocket, they can charge you by brushing past. It’s that easy.
Even worse? They often start with tiny amounts, so it flies under your radar. A couple bucks here, a coffee there, and they keep draining your bank account.
🛡️ Stay a step ahead
You don’t have to give up tap-to-pay. You just need to outsmart the scammers, especially when you’re in a crowd.
- Use an RFID-blocking wallet or card sleeve. These physically block anyone from scanning your card when you’re not using it. Cheap fix, big peace of mind. Here are some great sleeves (50% off) and wallets for men (60% off) and women (40% off).
- Turn off tap-to-pay if you don’t use it. In most banking app settings, you can turn off contactless features or set a low limit. Do it.
- Watch the screen before you tap. If something looks off, like the merchant name or amount, stop. Don’t tap and hope.
- Add transaction alerts. Most banks and card apps let you turn on push notifications for every charge. If something sketchy goes through, you’ll know right away.
💪 If you found this warning helpful, forward this newsletter to a friend or family member or simply use the share icons below now. This kind of scam hits hard.
We may earn a commission from purchases, but our recommendations are always objective.
Ransomware hackers upped the game, and it’s personal
Bing Image Creator
If you read one thing today, let it be this, because the rules of ransomware have officially changed, and not in a “Yay, innovation!” kind of way.
For years, the scam was simple: Hackers locked up your computer, holding your files hostage and demanding a ransom in Bitcoin for a promise to give your data back.
📦 Stop porch pirates before the holidays hit: Online shopping season’s here, and thieves know it. SimpliSafe keeps packages, and your home, protected with flashing lights, instant alerts and live monitoring. No contracts, no hidden fees, just peace of mind all season long.
🔓 This $130 lock got picked with a water can
@McNallyOfficial via YouTube
You know I love a good tech takedown, and this one is peak internet.
Meet Trevor McNally, a former U.S. Marine staff sergeant turned full-time YouTuber with a very specific hobby: lock picking. On his channel, he tests locks the way most of us test leftovers, with low expectations and a lot of curiosity.
🔐 Seriously? Hey, quick check: Is your go‑to password “123456,” “password” or something equally predictable? If so, you’re not alone (in a bad way). It turns out that even in 2025, a study of over 2 billion leaked passwords found “123456” still appears about 7.6 million times. It’s the digital equivalent of putting a sticky note on your forehead that says “rob me.” You need a password manager. I use NordPass, just $1.24/month.
You look familiar: Ever wanted to ring a doorbell and get your face added to a database? You’re in luck. Amazon’s new Ring cameras can recognize “familiar faces,” but here’s the rub: They scan people’s faces without asking. The EFF says it might break biometric privacy laws in states like Illinois and Texas. Amazon says that’s your problem. Also, the scanning happens in the cloud. Sleep tight.
📱 Free phones aren’t really free: Big carriers hide costs in long contracts that keep you stuck for years. Consumer Cellular keeps it honest with no hidden fees and no long commitments. If you’re over 50, get two unlimited lines for $30 each and save $25 when you switch at ConsumerCellular.com/Kim.
🤖 AI joins the dark side: Add this to your “uh-oh” tech list. Google found the first real case of hackers using AI-powered malware. Two strains, PromptFlux and PromptSteal, can rewrite their own code mid-attack, hide from detection and even chat with hackers through prompts. One’s already been linked to the Russian military. It’s early tech, but a big reminder the bad guys have AI, too.
💰 Meta’s scam economy: Get this. Meta’s internal docs say it made up to 10% of its 2024 revenue, about $16 billion, from ads for scams and banned goods. That’s 15 billion sketchy ads blasted at users every day. Instead of banning most of them, Meta sometimes just charges scammers extra. It even has an internal “Scammiest Scammer” leaderboard. You can’t make this up. So much for good corporate citizenship, Mark.
💻 So those new AI browsers? I’m talking about ones like OpenAI’s Atlas and Perplexity’s Comet. Turns out they’ll hand your email to anyone who asks nicely, or sneakily. Hackers are hiding invisible “commands” in websites that trick your AI sidekick into leaking info. Basically, your browser’s a golden retriever with your bank login. Don’t use them yet, I’ll let you know when they’re safe.
🫥 Royal eviction: The royal family gave Prince Andrew the 404 treatment. He’s now just Andrew Albert Christian Edward Mountbatten Windsor. Not only is he out of his 30-room mansion, but he’s been digitally wiped off every royal website. Search his name? It reroutes to King Charles. Rumor is Prince Harry is next, but remember, the king can only move one space at a time. (Get it, chess joke? Woah, tough crowd today!)
Your inbox holds your entire life. Family photos, bank info, travel plans, everything. But here’s the problem: Free email providers aren’t really free. They scan, track and sell your data. That’s why I trust StartMail. It keeps your emails truly private, blocks trackers and spam, and even lets you create unlimited disposable addresses so you stay anonymous. No snoops. No ads. Just secure, private email. Take back your privacy today. Get a 7-day free trial and 60% off today!*
Love, loss & lies: Here’s your daily dose of “aww … ouch.” Larry, a 71-year-old from California, loses his wife, gets a wrong-number text and somehow ends up falling for “Tina,” a woman who claimed to trade crypto and sip Napa wine. Three months later? His $1 million life savings was gone. Turns out “Tina” was really good at pretending to care.
🩳 Detroit’s courtroom surprise: A cop logged into virtual court, badge up top, boxers down below, and forgot his camera was not cropped. We’ve all been there. The judge gasps, “You got some pants on, officer?” And the cop? Deadpan: “No, sir.” Detroit’s finest, apparently also Detroit’s freest. You know what they say, justice is a dish best served pantsless.
🚗 Shaq’s hacked: Have you seen a $180,000 Range Rover custom fit for a 7’1” massive human being? It’s probably Shaquille O’Neal’s, which straight-up disappeared while being shipped from Atlanta to Louisiana. Authorities think hackers hijacked the transport company’s computers, rerouted the delivery and stole the SUV. A $10,000 reward’s up, but for now … big man’s down a big ride.
Scammers targeting retirement math: Alright, if you’re over 50 and maxing out that 401(k), heads up, starting in 2026, those “catch-up” contributions won’t be tax-deferred anymore if you make over $145K. You’ll pay taxes up-front, like a Roth. Not the end of the world, but here’s the sneaky part: Scammers love changes like this. Expect fake “plan updates” and “IRS” calls any day now. Don’t fall for them.
Apple’s family problem: A mom with legal custody says her ex used Apple’s Family Sharing to spy on and control their kids, track locations, set screen limits, even block apps during her custody time. As you can imagine, Apple’s hands are tied. Turns out, only the account “organizer” holds power, leaving the other parent locked out, even with a court order. Share this with someone you know who is recently divorced.
The phone scam evolution: This is frightening. A cybersecurity firm built a real-time voice deepfake, meaning someone can sound like you on a call instantly. Cheap laptop, open-source tools, done. They tested it, and people fell for it almost every time. So when your “boss” calls asking for gift cards, maybe call back first. You should take a sec and check it out.
AWS eats its own: Here’s the cloud tea, Amazon says this week’s massive AWS outage wasn’t a hack but a software glitch so bad it fought itself. That’s right, a mini-tech civil war. Two automation systems tried to update network records at once and triggered a global domino crash. A chunk of the internet went briefly offline, even some people’s smart beds.