Hyperlink heist: You know how your package says “out for delivery” and then vanishes? Turns out hackers are inside freight and shipping networks, rerouting orders before they land. They’re going after the good stuff like phones, tablets and whatever sells fast. Clicking one sketchy email shouldn’t mean a truckload of MacBooks goes missing, but here we are.
Watch out for these cunning scams
Bing Image Creator
I don’t want you to be a statistic.
Google put out a quiet but urgent warning: Online scams are on the rise, and they’re getting harder to spot. Even savvy folks are getting blindsided.
According to FTC data cited in Google’s November 2025 advisory, 57% of adults were targeted by a scam in the past year, and 23% had their money stolen.
Let those numbers sink in for a bit. I’ll wait.
🥷🏼 Scammers go pro
These scams don’t come from a sketchy email with misspelled words and cartoonish logos anymore. They’re polished. Professional. Powered by AI.
A fake job offer that looks like it’s from a company you trust. A holiday travel deal that matches exactly what you searched for. A banking app that appears like your real one, down to the logo and interface. A phone call with a caller ID saying it’s your financial manager.
And scammers know the season. Around the holidays, we’re all clicking more links, scanning more emails, tracking more packages. The bad guys are counting on it.
✋ If it feels off, pause
Scammers aren’t simply phishing anymore. They’re spearphishing. That means they’re using personal info they buy from data brokers, including your name, job title, hometown and more to tailor scams to you.
A few quick tips that make a big difference:
- Double-check URLs. Scammers use ones that look almost identical to the real deal but with one letter off or a different domain.
- Don’t pay to apply for a job. If a listing wants money up front, it’s a red flag.
- Use two-factor authentication on every account you can, especially your email and bank. Better yet, use an authenticator app from Google (Android, iOS) or Authy (Android, iOS).
- Be cautious with unfamiliar apps, even on official stores. Look at the reviews, publisher and number of downloads.
See if license plate readers are in your neighborhood
ChatGPT
A woman in Colorado was falsely accused of theft because a Flock camera that looks like the one in the image above spotted her car near the scene. She wasn’t even close. She had to dig up dashcam footage, GPS, even her outfit to prove it. The charges were dropped, but the stress? Very real.
Stop one-touch theft
Bing Image Creator
Tap-to-pay is slick, fast and super convenient until it isn’t. Scammers have figured out how to use that same technology to steal your money without you even knowing.
It’s called “ghost tapping,” and it’s spreading so fast, the BBB issued a major alert about it.
📱 Google vs. phishing factory: Google’s going full Liam Neeson, suing the China-based crew behind “Lighthouse,” a subscription service for scammers. For a monthly fee, users get templates to make fake USPS or bank websites that steal your info, even without hitting submit. It’s basically a plug-and-play scam factory (paywall link). A Squarespace for criminals, if you will. In 20 days, they made 200,000 fake sites and hit over a million victims. The only square space they need is behind locked bars.
🍷 OpenTable’s open secret: Every time you book through OpenTable, it’s quietly tracking you like the NSA. Not just your favorite drink but how long you stay, how much you spend and even if you’re a “late canceler.” Hosts see AI-generated notes like “frequent reviewer,” “high spender” or my personal favorite, “dines longer than average.” It’s only a matter of time before a class-action lawsuit blows the doors open and we see the dirt on us. I’m sure mine says, “Takes 10 minutes to explain how she wants her salmon cooked. Olive oil only, no butter. Center cut. Medium well with a light dusting of blackened seasoning. Two fresh lemon wedges on the side.” Although I would prefer, “Warning: Has strong opinions on fish and isn’t afraid to scale up.”
Hyundai’s data spill: Drive a Hyundai? There’s a small chance (OK, not that small) your personal info took a road trip without you. Hackers hit Hyundai’s IT arm back in February, scooping up the names, driver’s licenses and SSNs of up to 2.7 million people. The company’s only now sending out the “oops” letters.
🔥 Fire fake-out: A Texas high school got evacuated after a fire alarm, and before anyone could finish their Starbucks, an AI-generated image started flying around social media showing the entire school on fire. Total fake. Parents panicked, cops got calls, and the fire department showed up to find, wait for it, an HVAC leak and a bunch of kids happy to get out of school.
💳 You didn’t pay twice: Ever checked out of a hotel, then realized your card got hit again? That’s the new “I Paid Twice” scam. Hackers email fake “bank verification” links to hotels, drop PureRAT malware and snag booking credentials to bill guests twice. Always recheck links before you click. PureRAT sounds like an energy drink for hackers.
⚠️ Fake “found” texts: You lose your iPhone, panic sets in, then, boom, you get a text saying it’s been found. Feels like hope, right? Don’t fall for it. Swiss cyber folks say scammers are using that Find My feature to trick you into typing your Apple ID into a fake site. That’s how they unlock your phone for resale.
Don’t click that pic: Heads up! There’s a new WhatsApp scam where random numbers send you a photo with “Is this you?” Spoiler alert: It’s not you. Don’t open it. That image is loaded with hidden malware. One tap, and hackers can break into your phone, grab your data, even blackmail you. Turn off auto-downloads now, and don’t trust random “friends.”
🔐 Seriously? Hey, quick check: Is your go‑to password “123456,” “password” or something equally predictable? If so, you’re not alone (in a bad way). It turns out that even in 2025, a study of over 2 billion leaked passwords found “123456” still appears about 7.6 million times. It’s the digital equivalent of putting a sticky note on your forehead that says “rob me.” You need a password manager. I use NordPass, just $1.24/month.
You look familiar: Ever wanted to ring a doorbell and get your face added to a database? You’re in luck. Amazon’s new Ring cameras can recognize “familiar faces,” but here’s the rub: They scan people’s faces without asking. The EFF says it might break biometric privacy laws in states like Illinois and Texas. Amazon says that’s your problem. Also, the scanning happens in the cloud. Sleep tight.
📱 Free phones aren’t really free: Big carriers hide costs in long contracts that keep you stuck for years. Consumer Cellular keeps it honest with no hidden fees and no long commitments. If you’re over 50, get two unlimited lines for $30 each and save $25 when you switch at ConsumerCellular.com/Kim.
🤖 AI joins the dark side: Add this to your “uh-oh” tech list. Google found the first real case of hackers using AI-powered malware. Two strains, PromptFlux and PromptSteal, can rewrite their own code mid-attack, hide from detection and even chat with hackers through prompts. One’s already been linked to the Russian military. It’s early tech, but a big reminder the bad guys have AI, too.
💰 Meta’s scam economy: Get this. Meta’s internal docs say it made up to 10% of its 2024 revenue, about $16 billion, from ads for scams and banned goods. That’s 15 billion sketchy ads blasted at users every day. Instead of banning most of them, Meta sometimes just charges scammers extra. It even has an internal “Scammiest Scammer” leaderboard. You can’t make this up. So much for good corporate citizenship, Mark.
💻 So those new AI browsers? I’m talking about ones like OpenAI’s Atlas and Perplexity’s Comet. Turns out they’ll hand your email to anyone who asks nicely, or sneakily. Hackers are hiding invisible “commands” in websites that trick your AI sidekick into leaking info. Basically, your browser’s a golden retriever with your bank login. Don’t use them yet, I’ll let you know when they’re safe.
🫥 Royal eviction: The royal family gave Prince Andrew the 404 treatment. He’s now just Andrew Albert Christian Edward Mountbatten Windsor. Not only is he out of his 30-room mansion, but he’s been digitally wiped off every royal website. Search his name? It reroutes to King Charles. Rumor is Prince Harry is next, but remember, the king can only move one space at a time. (Get it, chess joke? Woah, tough crowd today!)
Your inbox holds your entire life. Family photos, bank info, travel plans, everything. But here’s the problem: Free email providers aren’t really free. They scan, track and sell your data. That’s why I trust StartMail. It keeps your emails truly private, blocks trackers and spam, and even lets you create unlimited disposable addresses so you stay anonymous. No snoops. No ads. Just secure, private email. Take back your privacy today. Get a 7-day free trial and 60% off today!*
Love, loss & lies: Here’s your daily dose of “aww … ouch.” Larry, a 71-year-old from California, loses his wife, gets a wrong-number text and somehow ends up falling for “Tina,” a woman who claimed to trade crypto and sip Napa wine. Three months later? His $1 million life savings was gone. Turns out “Tina” was really good at pretending to care.