Technology

1 click cost a father $4 million in bitcoin to vishing scammers

Published

11 months ago

March 6, 2025

1 click cost a father million in bitcoin to vishing scammers

Many of us have families to look after. We save money not only for our own future but also – perhaps even more so – for our kids and grandkids. We want to secure a good education, help them buy a home or simply set aside something for when they need it.

So did Tony. He’d saved a substantial amount for his sons’ future, more than $4 million in bitcoin. And with just one click, he lost it all to vishing, a type of scam that uses phone calls to trick people into giving up sensitive information.

Scammers posed as Google Support agents and, after an elaborate scheme, first caught his attention, then gained his trust and ultimately left him with nothing.

“Please, man. Is there anything you can do to give me something back?” was Tony’s final, desperate plea to the scammers, hoping to appeal to their humanity.

GET EXPERT SECURITY ALERTS, MUST-KNOW TECH TIPS AND THE LATEST DIGITAL TRENDS STRAIGHT TO YOUR INBOX. SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

A man typing on his computer keyboard (Kurt “CyberGuy” Knutsson)

What is vishing?

Vishing, short for “voice phishing,” is a type of cybercrime that uses phone calls to deceive individuals into revealing personal or financial information. Unlike traditional phishing, which relies on emails or text messages, vishing leverages the power of human voice and social engineering to manipulate victims. Scammers often impersonate legitimate organizations, such as banks, tech companies, or government agencies, to gain trust and create a sense of urgency. They may ask for passwords, credit card numbers, or other sensitive details, which they then use for fraudulent purposes.

Because vishing relies heavily on social engineering tactics, it can be difficult to detect, making it a particularly dangerous form of cybercrime.

Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)

BEST ANTIVIRUS FOR MAC, PC, IPHONES AND ANDROIDS – CYBERGUY PICKS

The scam is a well-orchestrated play

Let’s break down these vishing schemes to understand why they are so effective. Once you see them as a staged play consisting of different acts, it becomes easier to recognize the individual tactics.

Act 1: The setup and targeting

Scammers start by identifying potential victims through social media, public transaction records, leaked databases, and more. Once they select a target, they gather personal details (email, phone number, financial holdings) to build credibility. And you could easily be a target. That’s because data brokers – companies that buy and sell your personal information – are goldmines for scammers. Your entire profile is likely out there, containing everything they need to run a successful scam: your name, address, contact details, family members, owned properties and more.

How to protect yourself at this stage:

Limit what you share online, especially financial details
Sign up for data removal services that erase your personal information from company databases

Act 2: The first contact

Scammers always initiate contact first. Let’s walk through a vishing scam using a Google account as an example.

Triggering a real security alert: Scammers may attempt to recover your Google Account to prompt real security alerts, like verification codes sent to your phone. Their goal isn’t to reset your password but to make you believe there’s a real security issue.

Google verification code text (Kurt “CyberGuy” Knutsson)

Sending a fake security message: They create a fake Google Form using your email address, designed to mimic an official security alert. The message often claims there’s been a security breach and that a named support agent will contact you soon.

Fake Google form (Kurt “CyberGuy” Knutsson)

Placing a call: Shortly after you receive the email, scammers call using a spoofed Google number, guiding you through fake security steps.

How to protect yourself at this stage:

Pause and verify – Real companies don’t call or email you for sensitive security actions
Contact the company directly – Use official contact details (don’t trust the caller’s number or email)
Be skeptical of urgent security warnings – Scammers create fake emergencies to make you act without thinking

HOW TO REMOVE YOUR PRIVATE DATA FROM THE INTERNET

Act 3: Building trust

Scammers no longer ask for passwords outright. That trick doesn’t work anymore. Here’s what they do instead.

Introducing themselves as support agents: They remain calm and friendly, claiming they’re here to help investigate the issue. They reference details from the fake Google Form to seem legitimate.
Walking through a real password recovery process: While on the phone, scammers instruct you to change your password as a security measure. They don’t send any suspicious links but instead guide you through the real recovery process. At this point, they still don’t have access to your account. But that’s about to change.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Illustration of username and password credential page (Kurt “CyberGuy” Knutsson)

Act 4: The scam

After you successfully reset your password, scammers ask for one final step: log in. This is where the real scam happens.

Sending a phishing link: Now that you trust them, they send a message using a spoofed Google number with a link to log in. However, the link leads to a phishing site designed to look like Google’s login page.
Logging into the real site: As soon as you enter your credentials into the fake page, scammers input them into the real Google site. Seconds later, you receive a genuine Google security prompt asking, “Is this you?”
Clicking “Yes, it’s me” completes the scam: While you were on their fake platform, they were simultaneously logging into your real account using your credentials. The Google security prompt? It wasn’t for your device. It was for theirs. As a result, you’ve just given scammers access to your account.

How to protect yourself at this stage:

Never log in to your accounts using links that were sent to you
Always check the URL before entering credentials and look for “https://” and correct spellings
Use a password manager that autofills only on legitimate sites. A high-quality password manager ensures security with zero-knowledge encryption, military-grade protection and support for multiple platforms, including Windows, macOS, Linux, Android, iOS and major browsers. Look for features like unlimited password storage, secure sharing, password health reports, data breach monitoring, autofill and emergency access. Check out my expert-reviewed best password managers of 2025 here

THE HIDDEN COSTS OF FREE APPS: YOUR PERSONAL INFORMATION

Act 5: The heist

At this stage, the scammers end the call, leaving you feeling at ease. You won’t realize what happened until it’s too late. And it’s not just Google accounts at risk. The same method can be used to access Apple accounts, banking services and cryptocurrency wallets. For some, losing access to Google alone is devastating; after all, Google Drive, Google Photos and other cloud services store vast amounts of personal and financial data. But by the time you realize what’s happened, it’s already too late.

How to protect yourself at this stage:

Secure your accounts immediately – Reset your passwords, enable two-factor authentication with an authenticator app and log out of all active sessions to remove unauthorized access.
Report and monitor for fraud – Alert your bank, credit card provider or crypto exchange to freeze transactions if needed. Report the scam to the FTC (reportfraud.ftc.gov), IC3 (ic3.gov) and the affected platform. Monitor your accounts for suspicious activity and consider a credit freeze to prevent identity theft.

While securing your accounts and reporting fraud are crucial after a scam has already occurred, the best defense is preventing these attacks in the first place. Taking these steps can help ensure you don’t fall victim to a vishing scam in the first place.

How to protect yourself from vishing scams

1. Invest in personal data removal services: These scams all have one thing in common: they need some of your personal info to work. Without your name, phone number or email, these scams can’t happen. Scammers might even try to gain your trust by sharing more of your personal info, like your Social Security number, to seem more believable. I strongly suggest you remove your personal info from people search sites online. If you give someone your email or phone number, they might be able to find your home address through a reverse search. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

2. Set up recovery contacts: Establish backup contacts for your accounts (Google, Apple and bank) to ensure you have a way to regain access if locked out.

3. Monitor financial accounts: Regularly check your financial accounts for any suspicious activity or unauthorized transactions.

4. Enable two-factor authentication (2FA): Enable 2FA on all accounts, especially Google, Apple and financial services. This adds an extra layer of security, making it harder for scammers to access your accounts even if they obtain your login credentials.

5. Secure devices: Ensure your devices are secured with screen locks or biometric authentication and keep software up to date to prevent malware attacks.

6. Report scams promptly: If you’ve been scammed, report the fraud immediately to the FTC at reportfraud.ftc.gov and notify the affected platforms.

7. Use strong antivirus software: Install and regularly update strong antivirus software to protect your devices from malware, viruses and other cyber threats. Antivirus software provides real-time protection, scans for malicious files and helps prevent infections by blocking access to harmful websites and downloads. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

Kurt’s key takeaways

Tony’s story is a chilling reminder that even the most diligent savers can fall victim to sophisticated scams. These vishing schemes, carefully orchestrated like a theatrical play, exploit our trust and leverage real security alerts to gain access to our accounts. Protecting ourselves requires constant awareness, skepticism towards unsolicited communications, and proactive measures to safeguard our personal information. While the tactics may evolve, the underlying principle remains the same: scammers rely on deception to exploit our vulnerabilities. By understanding their methods and taking preventative steps, we can make it harder for them to succeed.

What more do you think companies and the government should do to combat this growing threat? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Kurt “CyberGuy” Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on “FOX & Friends.” Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Technology

Grubhub confirms data breach amid extortion claims

Published

6 hours ago

January 27, 2026

Press Room

Grubhub confirms data breach amid extortion claims

NEWYou can now listen to Fox News articles!

Food delivery platform Grubhub has confirmed a recent data breach after unauthorized actors accessed parts of its internal systems.

The disclosure comes as sources tell BleepingComputer the company is now facing extortion demands linked to stolen data.

In a statement to BleepingComputer, Grubhub said it detected and stopped the activity quickly.

“We’re aware of unauthorized individuals who recently downloaded data from certain Grubhub systems,” the company said. “We quickly investigated, stopped the activity, and are taking steps to further increase our security posture.”

Grubhub added that sensitive information, such as financial details or order history, was not affected. However, the company declined to answer follow-up questions about when the breach occurred, whether customer data was involved or if it is actively being extorted.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.

RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR GAS STATION CHAIN

Grubhub confirmed a data breach after unauthorized actors accessed parts of its internal systems, prompting an investigation and heightened security measures. (Michael Nagle/Bloomberg via Getty Images)

What Grubhub has confirmed so far

While details remain limited, Grubhub confirmed several key points. It has brought in a third-party cybersecurity firm and notified law enforcement. Beyond that, the company has stayed largely silent. That lack of detail has raised concern, especially given Grubhub’s recent security history. Just last month, the company was linked to scam emails sent from its own b.grubhub.com subdomain. Those messages promoted a cryptocurrency scam promising large returns on Bitcoin payments. Grubhub said it contained the incident and blocked further unauthorized emails. It did not clarify whether the two events are related.

Sources link the breach to ShinyHunters extortion

According to multiple sources cited by BleepingComputer, the ShinyHunters hacking group is behind the extortion attempt. The group has not publicly commented on the claims and declined to respond when contacted. Sources say the attackers are demanding a Bitcoin payment to prevent the release of stolen data. That data reportedly includes older Salesforce records from a February 2025 breach and newer Zendesk data taken during the most recent intrusion. Grubhub uses Zendesk to run its online customer support system. That platform handles order issues, account access and billing questions, making it a valuable target for attackers.

How stolen credentials may have enabled the attack

Investigators believe the breach may be tied to credentials stolen during earlier Salesloft Drift attacks. In August 2025, threat actors used stolen OAuth tokens from Salesloft’s Salesforce integration to access sensitive systems over a 10-day period. According to a report from Google Threat Intelligence Group, also known as Mandiant, attackers used that stolen data to launch follow-up attacks across multiple platforms. “GTIG observed UNC6395 targeting sensitive credentials such as AWS access keys, passwords and Snowflake-related access tokens,” Google reported. ShinyHunters previously claimed responsibility for that campaign, stating it stole roughly 1.5 billion records from Salesforce environments tied to hundreds of companies.

Why this breach still matters

Even if payment data and order history were not affected, support systems often contain personal details. Names, email addresses and account notes can be enough to fuel phishing attacks or identity scams. More importantly, this incident highlights how older breaches can continue to cause damage long after the initial attack. Stolen credentials that are never rotated remain a powerful entry point for threat actors.

Ways to stay safe after the Grubhub data breach

If you use Grubhub or any online delivery service, a few smart steps can reduce your risk after a breach.

1) Update your password and stop re-use

Start by changing your Grubhub password right away. Make sure you do not reuse that password anywhere else. Reused passwords give attackers an easy path into other accounts. A password manager can help here. It creates strong, unique logins and stores them securely so you do not have to remember them all.

Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS

The food delivery platform says it quickly stopped the intrusion but has not disclosed when the breach occurred or whether customers were targeted. (Leonardo Munoz/VIEWpress)

2) Turn on two-factor authentication

If two-factor authentication (2FA) is available, enable it. This adds a second step when you sign in, such as a code sent to your phone or app. Even if a hacker steals your password, two-factor authentication can stop them from getting in.

3) Watch closely for phishing attempts and use strong antivirus software

Be alert for emails or texts that mention orders, refunds or support issues. Attackers often use stolen support data to make messages feel urgent and real. Do not click links or open attachments unless you are certain they are legitimate. Strong antivirus software can also help block malicious links and downloads before they cause harm.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

4) Remove your data from people-search sites

Consider using a data removal service to reduce your online footprint. These services help remove your personal details from data broker sites that attackers often use to build profiles. Less exposed data means fewer tools for scammers to exploit.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

5) Ignore crypto messages using trusted brands

Be skeptical of any cryptocurrency offers tied to familiar companies. Grubhub was previously linked to scam emails promoting crypto schemes, which shows how often attackers abuse trusted names. Legitimate companies do not promise fast returns or pressure you to act immediately.

6) Monitor your Grubhub account and email activity

Check your Grubhub account for anything that looks unfamiliar. Watch for unexpected password reset emails, order confirmations or support messages you did not request. Attackers often test stolen data quietly before making bigger moves.

7) Secure the email linked to your Grubhub account

Your email account is the key to password resets. Change that password and enable two-factor authentication if it is not already on. If attackers control your email, they can regain access even after you change other passwords.

8) Stay alert for delayed scams tied to the breach

Breach data is often reused weeks or months later. Phishing attempts may appear long after headlines fade. Treat any future messages claiming to reference Grubhub support, refunds or account issues with extra caution.

These steps will not undo a breach, but they can limit how attackers exploit stolen information and reduce your risk going forward.

FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS

Sources tell BleepingComputer the Grubhub breach is tied to extortion demands involving allegedly stolen customer support data. (Gabby Jones/Bloomberg via Getty Images)

Kurt’s key takeaways

Grubhub’s confirmation puts an official stamp on what sources have warned about for weeks. While the company says sensitive data was not affected, unanswered questions remain. As extortion-driven breaches rise, transparency and rapid credential rotation matter more than ever. What stands out most is how past compromises continue to create new risks. When access tokens live too long, attackers do not need to break in again. They simply walk back through an open door.

If companies stay quiet after breaches, how can customers know when it is time to protect themselves? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Technology

TikTok is still down, here are all the latest updates

Published

17 hours ago

January 27, 2026

Press Room

TikTok is still down, here are all the latest updates

Starting early Sunday morning, TikTok’s now under new ownership US arm started breaking down just a couple of days after Oracle & Co took the reins. Its For You page algorithm is suddenly unreliable, while features like comments are failing to load or loading slowly, and publishing new videos seems nearly impossible for many people.

Rumors of censorship targeting anti-ICE protesting or attempting to block discussion of Jeffrey Epstein appear to be misguided (even the governor of California is resharing misinformation now), with problems blocking traffic to all kinds of videos and messages on the service through Monday night.

Read on below for the latest updates about the ongoing TikTok problems.

Technology

Malicious Google Chrome extensions hijack accounts

Published

18 hours ago

January 27, 2026

Press Room

Malicious Google Chrome extensions hijack accounts

NEWYou can now listen to Fox News articles!

Cybersecurity researchers have uncovered a serious threat hiding inside Google Chrome.

Several browser extensions pretend to be helpful tools. In reality, they quietly take over user accounts. These extensions impersonate popular human resources and business platforms such as Workday, NetSuite and SAP SuccessFactors. Once installed, they can steal login data and block security controls designed to protect users.

Many people who installed them had no warning signs that anything was wrong.

WHY CLICKING THE WRONG COPILOT LINK COULD PUT YOUR DATA AT RISK

Cybersecurity researchers warn that fake Google Chrome extensions are silently hijacking user accounts by stealing login data and bypassing security protections. (Bildquelle/ullstein bild via Getty Images)

The fake Chrome extensions to watch out for

Security researchers from Socket’s Threat Research Team identified five malicious Chrome extensions connected to this campaign. The add-ons were marketed as productivity or security tools, but were designed to hijack accounts.

The extensions include:

DataByCloud Access
Tool Access 11
DataByCloud 1
DataByCloud 2
Software Access

We reached out to Google, and a spokesperson told CyberGuy that the extensions are no longer available on the Chrome Web Store. However, some are still available on third-party software download sites, which continues to pose a risk. If you see any of these names installed in your browser, remove them immediately.

Why malicious Chrome extensions look legitimate

These malicious add-ons are designed to look legitimate. They use professional names, polished dashboards and business-focused descriptions. Some claim to offer faster access to workplace tools. Others say they restrict user actions to protect company accounts. Privacy policies often promise that no personal data is collected. For people juggling daily work tasks or managing business accounts, the pitch sounds helpful rather than suspicious.

What these extensions actually do

After installation, the extensions operate silently in the background. They steal session cookies, which are small pieces of data that tell websites you are already logged in. When attackers get these cookies, they can access accounts without a password. At the same time, some extensions block access to security pages. Users may be unable to change passwords, disable accounts or review login history. One extension even allows criminals to insert stolen login sessions into another browser. That lets them sign in instantly as the victim.

Why malicious Chrome extensions are so dangerous

This attack goes beyond stealing credentials. It removes the ability to respond. Security teams may detect unusual activity, but cannot fix it through normal controls. Password changes fail. Account settings disappear. Two-factor authentication tools become unreachable. As a result, attackers can maintain access for long periods without being stopped.

How to check for these extensions on your computer

If you use Google Chrome, review your extensions now. The process only takes a few minutes.

Open Google Chrome
Click the three-dot menu in the top right corner
Select Extensions, then choose Manage Extensions
Review every extension listed

Look for unfamiliar names, especially those claiming to offer access to HR platforms or business tools.

WEB SKIMMING ATTACKS TARGET MAJOR PAYMENT NETWORKS

Malicious Chrome add-ons disguised as productivity tools targeted users of popular business platforms like Workday, NetSuite and SAP SuccessFactors. (Photo by S3studio/Getty Images)

How to remove suspicious Chrome extensions

If you find one of these extensions, remove it immediately.

Open Manage Extensions in Chrome
Find the suspicious extension
Click Remove
Confirm when prompted

Restart your browser after removal to ensure the extension is fully disabled. If Chrome sync is enabled, repeat these steps on all synced devices before turning sync back on.

What to do after removing the extension

Removal is only the first step. Change passwords for any accounts accessed while the extension was installed. Use a different browser or device if possible.

A password manager can help you create strong, unique passwords for each account and store them securely. This reduces the risk of reused passwords being exploited again.

Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

Finally, review account activity for unfamiliar logins, locations or devices and be sure to follow the steps below to stay safe moving forward.

Ways to stay safe going forward

Simple habits can significantly reduce your risk.

1) Limit browser extensions

Only install extensions you truly need. The fewer extensions you use, the smaller your attack surface becomes.

2) Be cautious with add-ons

Avoid extensions that promise premium access or special tools for enterprise platforms. Legitimate companies rarely require browser add-ons for account access.

3) Check permissions carefully

Be wary of extensions that request access to cookies, browsing data or account management. These permissions can be abused to hijack sessions.

4) Review extensions regularly

Check your browser every few months and remove tools you no longer use or recognize.

WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY

Several fake browser extensions were removed from the Chrome Web Store after researchers linked them to account takeover attacks. (Photo Illustration by Serene Lee/SOPA Images/LightRocket via Getty Images)

5) Use strong antivirus software

Strong antivirus software can help detect malicious extensions, block suspicious behavior and alert you to browser-based threats before damage occurs.

Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Consider a data removal service

If your work or personal information has been exposed, a data removal service can help reduce your digital footprint by removing your details from data broker sites. This lowers the risk of follow-up scams or identity misuse.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

7) Avoid third-party download sites

Do not reinstall extensions from third-party websites, even if they claim to offer the same features. These sites often host outdated or malicious versions.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Kurt’s key takeaways

Browser extensions can be useful, but this research shows how easily they can also be abused. These fake Chrome add-ons did not rely on flashy tricks or obvious warnings. They blended in, looked professional and quietly did their damage in the background. The good news is that you do not need to be a tech expert to protect yourself. Taking a few minutes to review your extensions, remove anything unfamiliar and lock down your accounts can make a real difference. Small habits, repeated regularly, go a long way in reducing risk. If there is one takeaway here, it is this: convenience should never come at the cost of security. A clean browser and strong account protections give you back control.

How many browser extensions do you have installed right now that you have never looked at twice? Let us know by writing to us at Cyberguy.com.