Technology
Chinese hackers target US telecoms: What you need to know to protect your data
U.S. telecom giants are under constant attack from Chinese hackers. A federal investigation has uncovered a massive cyber espionage campaign by the Chinese government, targeting U.S. telecommunications networks to steal Americans’ information. A top White House official confirmed that at least eight U.S. telecom companies have been affected by this hacking spree.
To combat this, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have released advice for telecom companies to help them detect and block the hackers while preventing future attacks. I break down the details of this Chinese hacking campaign and share tips on how to keep your data safe.
GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
What you need to know about the China hacking campaign
According to the FBI, hackers linked to Beijing have infiltrated the networks of “multiple” telecom companies, gaining access to customer call records and private communications of “a limited number of individuals.” Since this is an espionage campaign, they’re not interested in the average Joe’s texts or call history. Instead, their targets are Americans involved in government and politics.
The hackers also tried to copy “certain information that was subject to U.S. law enforcement requests pursuant to court orders,” according to the FBI. This suggests they might have been attempting to breach programs like those under the Foreign Intelligence Surveillance Act, which allows U.S. spy agencies to monitor the communications of individuals suspected of working for foreign powers.
Earlier this month, Deputy National Security Advisor Anne Neuberger shared new details about the scale of the Chinese hacking campaign. According to Neuberger, the U.S. believes the hackers managed to access communications from senior government officials and prominent political figures.
She explained that while the hackers were focused on a relatively small group of individuals, a limited number of Americans’ phone calls and texts were compromised. Neuberger also mentioned that the affected telecom companies are working to address the breaches, but none have been able to completely remove the Chinese hackers from their networks yet.
This campaign is believed to have started a year or two ago, according to the Associated Press. Authorities suspect a Chinese hacking group known as Salt Typhoon to be behind the operation.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS
How are hackers able to access sensitive information?
Salt Typhoon managed to access call records and private communications by exploiting decades-old back doors in major telecom providers, including AT&T and Verizon, experts believe.
“The irony here is that the back doors exploited by the Chinese are, in fact, the same back doors that are utilized by federal law enforcement for purposes of conducting legal surveillance,” John Ackerly, CEO and co-founder of Virtru, a data-centric security company, told CyberGuy.
The vulnerabilities are a result of the Communications Assistance for Law Enforcement Act (CALEA), a federal law that mandates back doors in critical telecommunications infrastructure. CALEA enables law enforcement agencies to access phone records and metadata, including facilitating wiretaps, as part of authorized investigations.
“The problem with back doors is simple. They’re not selective. A back door created for law enforcement is, by its very nature, a vulnerability in the system. And vulnerabilities, once they exist, can be exploited by anyone who discovers them. Both good guys and bad guys can enter back doors,” said Ackerly, who previously served as a White House technology adviser.
Illustration of a hacker at work (Kurt “CyberGuy” Knutsson)
BEWARE OF ENCRYPTED PDFs AS LATEST TRICK TO DELIVER MALWARE TO YOU
The solution is end-to-end encryption
To protect private conversations and phone calls, cybersecurity experts recommend using end-to-end encrypted platforms. Jeff Greene, executive assistant director of cybersecurity at CISA, urged Americans to prioritize encrypted communication tools.
“Use your encrypted communications where you have it,” Greene advised, emphasizing the importance of secure platforms. He added, “We definitely need to do that, kind of look at what it means long term, how we secure our networks.”
An FBI official warned that citizens should be “using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant MFA for email, social media and collaboration tool accounts.”
However, cybersecurity experts warn that these measures are not foolproof. The term “responsibly managed encryption” is problematic, as it intentionally leaves room for “lawful access,” such as the back doors required by CALEA.
“It’s clear that encryption with back doors is not actually responsible at all,” Ackerly said. “It’s time for the U.S. government to acknowledge and support end-to-end encryption as a stronger protection against foreign adversaries.”
Illustration of a cybersecurity expert at work (Kurt “CyberGuy” Knutsson)
WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED
10 ways to protect your personal information against cybersecurity threats
Now that we’ve discussed the threat, let’s take a look at the solutions. Here are 10 ways you can keep your personal information safe.
1) Use end-to-end encrypted platforms: For private communications, prioritize platforms that offer end-to-end encryption. This ensures that only you and the intended recipient can access your messages or calls, preventing unauthorized access by hackers or other third parties.
“Anyone can take control of their own data and protect themselves from security threats by using applications that provide end-to-end encryption. Whether you’re emailing, sending messages and files or video chatting, the only way to truly ensure your data is safe from bad actors is to encrypt it as it travels,” Ackerly said. “Choose an app or tool that is easy to use, so that you will actually use it.”
For texting, consider apps like Signal or WhatsApp. For email services, look for ones that offer easy-to-use end-to-end encryption. These platforms ensure that your private communications remain secure from unauthorized access. See my review of the best secure and private email services here.
2) Keep your device’s operating system updated: Make sure your cellphone and other devices automatically receive timely operating system updates. These updates often include important security patches that protect against new vulnerabilities exploited by hackers. For reference, see my guide on how to keep all your devices updated.
3) Enable two-factor authentication (2FA): Set up phishing-resistant 2FA on your email, social media and collaboration tool accounts. This adds an extra layer of protection, requiring more than just a password to access your accounts, making it harder for cybercriminals to steal your information.
4) Use strong antivirus software: Be aware of phishing techniques and remain skeptical of suspicious links, emails or phone calls asking for personal information. Cybercriminals often use these methods to gain access to your sensitive data.
The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.
5) Encrypt sensitive data: Encrypt data on USB drives, SIM cards and laptops to protect information if devices are lost or stolen. Also, be sure to password-protect your sensitive files or folders by following these steps.
6) Implement strong password practices: Use unique, complex passwords for each account and consider using a password manager.
7) Regularly backup your data: Backing up your data helps protect against data loss from ransomware or device failure. You’ll want to back up your mobile device, Mac and Windows computers.
8) Be cautious with public Wi-Fi: Use a VPN (virtual private network) when connecting to public Wi-Fi networks to encrypt your internet traffic. This makes it harder for hackers and third parties to intercept your data, especially on public Wi-Fi. A VPN masks your IP address, helping to obscure your location and online activity. While VPNs don’t directly prevent phishing emails, they reduce the exposure of your browsing habits to trackers that may use this data maliciously. With a VPN, you can securely access your email accounts from anywhere, even in areas with restrictive internet policies. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.
9) Invest in personal data removal services: Consider services that scrub your personal information from public databases. This reduces the chances of your data being exploited in phishing or other cyberattacks after a breach. Check out my top picks for data removal services here.
10) Use identity theft protection: Identity theft protection services monitor your accounts for unusual activity, alert you to potential threats and can even assist in resolving issues if your data is compromised. See my tips and best picks on how to protect yourself from identity theft.
There’s no denying that the U.S. is facing a serious cyberattack that puts millions at risk. What’s even more concerning is that hackers continue to exploit telecom providers even after the issue has been made public. The government and the affected companies must prioritize addressing this threat and patching the back doors these cybercriminals are using. We’re witnessing one of the largest intelligence compromises in U.S. history.
Do you believe the current laws around encryption and lawful access are enough to protect your privacy? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most asked CyberGuy questions:
New from Kurt: Copyright 2024 CyberGuy.com. All rights reserved.
Kurt’s key takeaway
OpenAI announced yet another reorganization Friday, consolidating certain areas and making company president Greg Brockman the official lead of all things product.
In a memo viewed by The Verge, Brockman wrote that since OpenAI’s product strategy for this year is to go all-in on AI agents, the company is combining its products to “invest in a single agentic platform and to merge ChatGPT and Codex into one unified agentic experience for all.”
To do this, the company is making a suite of org chart changes, although it’s still operating under some of the same ones from last month. That’s when AGI boss Fidji Simo went on medical leave and OpenAI announced that Brockman would be in charge of product strategy and CSO Jason Kwon, CFO Sarah Friar, and CRO Denise Dresser would take control of business operations.
It’s all part of OpenAI’s recent strategic shift to focus on key revenue drivers like coding and enterprise and stop pouring resources into “side quests” ahead of its potential IPO later this year and amid investor pressure to turn a profit.
In Simo’s continued absence, Brockman’s role leading product strategy is now official, as well as the company’s “scaling” arm. Under Brockman will be four different pillars. The first is core product and platform, led by Thibault Sottiaux, who has been OpenAI’s engineering lead for Codex, and the second is critical enterprise industries, led by ChatGPT head Nick Turley. Third is the consumer pillar, such as health, commerce, and personal finance, which will be led by Ashley Alexander, who has been its healthcare products VP. The fourth pillar — core infrastructure, ads, data science, and growth — will be led by Vijaye Raji, who has been OpenAI’s CTO of applications.
Brockman wrote in the memo that OpenAI’s goal is now to “bring agents to ChatGPT scale, in order to give individuals and organizations significantly more value and utility from our products.”
NEWYou can now listen to Fox News articles!
You’re going about your day when your phone buzzes. A text hits your phone. It looks official. It sounds urgent. And suddenly, you are being told you owe money for a traffic violation. That is exactly what Todd from Texas experienced. He emailed us and said:
“I received this text message today. It was so baffling because I haven’t lived in California for nearly a decade. I didn’t click on anything or respond. How can I tell if this is for real or if this is a scam?”
If you’ve gotten a message like this, you are not alone. This type of scam is spreading fast, and it is designed to pressure you into acting before you think. Let’s break down what is really going on.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
FAKE AGENT PHONE SCAMS ARE SPREADING FAST ACROSS THE US
This message may look official, but several red flags show it is likely a scam designed to pressure you into paying quickly. (Kurt “CyberGuy” Knutsson)
What the traffic ticket scam text looks like
At first, the message seems convincing. It claims to be a “final reminder” from the California DMV, and it warns of penalties like license suspension and added fees. It even includes a link that appears somewhat official. However, once you slow down and take a closer look, the red flags quickly start to pile up.
The biggest red flags in this message
Here are the key warning signs to watch for in messages like this.
9 WAYS SCAMMERS CAN USE YOUR PHONE NUMBER TO TRY TO TRICK YOU
1) The phone number makes no sense
The message comes from a number with a +63 country code. That is the Philippines, not California. Government agencies in the U.S. do not send official legal notices from international numbers. That alone is a major warning sign.
2) No name, just “Dear Driver”
Legitimate notices from a DMV or court almost always include your full name or at least some identifying information. “Dear Driver” is vague on purpose. It allows scammers to send the same message to thousands of people.
3) The link isn’t a real DMV website
The message includes this link:
ca.mnvtl.life/dmv
That isn’t a government domain. Official DMV websites in California use “.ca.gov” or similar trusted domains. Scammers often create lookalike links to trick you into clicking.
4) Urgency and threats
The message pushes you to act quickly with a deadline. It lists consequences like license suspension and extra charges. Scammers rely on fear. When you feel rushed, you are more likely to click without thinking.
FBI WARNS OF DANGEROUS NEW ‘SMISHING’ SCAM TARGETING YOUR PHONE
5) Asking you to reply to proceed
The text says to reply with “Y” to get instructions. That is another trap. Responding confirms your number is active, which can lead to more scam messages.
6) Generic language and odd phrasing
Parts of the message feel slightly off. The tone is formal but not quite right. That subtle awkwardness is common in scam messages sent to large groups of people.
7) Overloaded threats designed to scare you
The message piles on consequences like license suspension, added fees, court action and even credit damage. In this case, it even mentions a license suspension and a $160 late payment charge. That combination is meant to overwhelm you and push you to act fast. Real agencies usually provide clear, specific notices, not a long list of escalating threats in a single text.
INSIDE A SCAMMER’S DAY AND HOW THEY TARGET YOU
Scam texts like this often arrive out of nowhere and try to create urgency before you have time to question them. (Kurt “CyberGuy” Knutsson)
What this means for you
Even if you have never driven in California, you could still receive this message. Scammers cast a wide net and hope someone takes the bait. If you click the link, you could be taken to a fake payment page. That page may ask for your credit card details, personal information or login credentials. In some cases, it can also install malware on your device or redirect you to credential-stealing pages. This isn’t about a ticket. It is about getting your data. State DMVs typically do not send final legal notices or payment demands by text message.
Why these scams keep working
These messages work because they tap into something most people fear. Legal trouble, fines and losing driving privileges. They also look just real enough to pass a quick glance. That is all scammers need. As more services move online, these scams will continue to evolve.
Unlike typical DMV scams, this message impersonates a court and escalates the threats to make the situation feel more serious (Kurt “CyberGuy” Knutsson)
Ways to stay safe from traffic ticket text scams
Start with a simple rule. Never trust a payment request that shows up out of nowhere. Here are practical steps you can take:
1) Do not click the link
If you are unsure, do not tap anything in the message. That includes links and reply options.
2) Use strong antivirus software
If you accidentally click a link, strong antivirus software can help detect malware and protect your data. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com
3) Verify directly with the DMV
Go to your state’s official DMV website by typing it yourself into your browser. Do not use the link in the text.
4) Check the sender carefully
Look at the phone number. International numbers or random strings are a clear warning sign.
5) Ignore generic greetings
Real notices will usually include your name or case details. Vague language is a red flag.
6) Consider a data removal service
Scammers often get your number from data broker sites. Removing your personal info from those databases with a data removal service can reduce these messages. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
7) Block and report the number
On your phone, block the sender and report it as spam. This helps reduce future attempts.
8) Turn on spam filtering
Enable spam filtering on your phone or through your carrier to catch more of these messages before they reach you.
Kurt’s key takeaways
Todd did the right thing. He paused, questioned the message and did not click. That one decision likely saved him from handing over personal information. When it comes to messages like this, skepticism is your best defense. If something feels off, trust that instinct.
Should phone carriers and tech companies be doing more to block scams like this before you ever see them? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Honda revealed prototypes of two new hybrid models, an Accord sedan and the Acura RDX SUV, during its annual business briefing this week, built on a platform that it says will begin launching next year. The RDX was announced earlier this year as Honda’s first SUV to feature the next-gen version of its two-motor hybrid system.
In March, Honda announced it would take a writedown of up to 2.5 trillion yen ($15.7 billion) on its EV investments. Now Honda says its EV-related losses will be “resolved” by 2029, and that it will reevaluate its EV plans in 2030.
-
New York32 minutes agoKataib Hezbollah Commander Accused of Planning Attacks on N.Y.C.
-
Los Angeles, Ca38 minutes agoRip tides, high surf forecast for Los Angeles beaches this weekend
-
Detroit, MI1 hour agoWhat time is Pistons Game 7 vs Cavs? Date, tickets in Detroit
-
San Francisco, CA1 hour agoSan Francisco prepares for Bay to Breakers run
-
Dallas, TX1 hour agoSouthwest lays off about 75 employees in latest restructuring move
-
Miami, FL1 hour agoMark Matthews Announces Commitment – Chooses Between Georgia, Miami, and Others
-
Boston, MA2 hours agoAliyah Boston Leaves Fever Game With Lower Leg Injury
-
Denver, CO2 hours agoNorthbound I-25 closed between Denver and Colorado Springs after fatal multi-vehicle crash