Xiaomi has just given a global launch to two of its latest flagship phones, the Xiaomi 17 and 17 Ultra, along with a Leica-branded Leitzphone edition of the Ultra. There’s no sign, however, of the 17 Pro, which launched in China with an additional display mounted next to the rear cameras.
Technology
Don’t fall for this email scam that almost cost an elderly woman $25K
Unfortunately, phishing scams seem to be the new normal.
Most recently, an elderly woman in the tri-state area almost got scammed for $25,000.
According to Patch.com, what began as an average phishing scam turned even more sinister when the scammer turned up at this elderly victim’s house to retrieve money physically.
GET SECURITY ALERTS, EXPERT TIPS — SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE
Kurt “CyberGuy” Knutsson has a warning about an email scam. (Kurt “CyberGuy” Knutsson)
Geek Squad scammer caught in elaborate phishing scheme
While this Geek Squad scam isn’t new, this scammer took it to new lows and got caught in the process. In this particular scam, scammers send their victims phishing emails pretending to send them a large invoice for their Geek Squad subscription. The email recipients usually panic at the large charge and call the customer service telephone number listed in the scam email and invoice.
The scammer then pretends to be the customer service representative helping to cancel or refund the charge. They’ll usually use that moment as an opportunity to confirm bank account information with the victim to steal their money later. Even if you simply click on their links or download the invoice from the email, there is a potential risk that viruses or malware have been downloaded onto your device.
A woman on her cellphone and laptop. (Kurt “CyberGuy” Knutsson)
MORE: THE ‘UNSUBSCRIBE’ EMAIL SCAM IS TARGETING AMERICANS
Elderly victim foils scammer’s elaborate plot
The elderly victim gave her bank account number and remote access to her computer. The scam, however, doesn’t just stop there. The scammer went a step further and proceeded to convince this elderly woman that they had accidentally refunded a fake $25,000 into her bank account by mistake and that he needed her to withdraw $20,000 in cash initially for him to pick up with arrangements to pick up the remaining $5,000 the following day. This is when the elderly woman called her local authorities. Thankfully, the authorities set up surveillance and apprehended the scammer when he came to collect the $20,000.
Perhaps the elderly victim lucked out that this scammer had an extra level of greed: combining multiple scams into one.
A woman stressed out while on a phone call. (Kurt “CyberGuy” Knutsson)
MORE: 7 EFFECTIVE WAYS TO MAKE YOUR LIFE MORE SECURE AND PRIVATE ONLINE
How do you prevent this scam from happening to you?
Know your subscriptions: The better you know what active subscriptions you currently pay for, the less likely you are to realize such emails are fake.
Organize your invoices: If you’re still receiving emails or physical invoices, keep track of when they usually arrive. Invoices, for better or worse, come regularly and on a consistent schedule. If something shows up in an unusual form (an email instead of a letter in the mail per usual) or at a particular time, you are more likely to stop yourself from falling for this type of scam.
Go to the official website for contact information. If the scammers happen to pick a company that you do subscribe to, it can be even easier to fall for this type of scam. But before clicking any links, downloading any invoices or calling the number listed, you can google the company’s official website and use the contact information there. If the company did indeed send you a bill, they should be able to help you with the refund or confirm whether you were sent legitimate communications.
Watch for language and tone of voice: Most legitimate companies go out of their way to specially train their employees to provide their customers with excellent service. They are trained not to lose their temper, so if you happen to be on a call with a scammer, they often don’t use professional language or have a professional demeanor. If you push back on providing certain information, a real customer service agent wouldn’t make any threats or demands. Providing Social Security numbers or bank account information is usually frowned upon for security reasons by legitimate companies. Legitimate companies typically have other ways to validate your identity and account information. You can always hang up the phone if you get overwhelmed on a call! After all, an honest company doesn’t disappear after one disconnection.
Setup payments electronically: If you have your subscriptions paid electronically on a regular basis, you’ll know that you shouldn’t be receiving an additional invoice for a subscription service. Additionally, if you are paying with a credit card, you can try to use a specific card for all your subscriptions so you know where and when to expect the charges. You’ll also know that certain bank information shouldn’t be relevant to paying an invoice if you get one of these phishing emails. For instance, why is the scammer asking for bank account information when you charge your subscriptions on a credit card, etc.?
ASK OUR TECH EXPERT ANY QUESTION, AND GET KURT’S FREE CYBERGUY REPORT NEWSLETTER HERE
Kurt “CyberGuy” Knutsson shares his caution about an email scam. (Kurt “CyberGuy” Knutsson)
SCAMMERS ARE USING FAKE NEWS, MALICIOUS LINKS TO TARGET YOU IN AN EMOTIONAL FACEBOOK PHISHING TRAP
What to do next if you’ve been scammed?
These scammers could have obtained your email address through various methods, from email harvesting to purchasing it from the dark web; below are some active steps you can take to protect yourself if you feel you have been scammed:
1. Change passwords: For any accounts that might have been accessed or mentioned to or by the scammer, you should log in from a secure, virus- and malware-free device and change your password immediately. It is best to create unique and complex passwords, including letters, symbols and numbers, for each separate online account. If you need help generating and storing complex passwords, consider using a password manager.
2. Keep an eye on all your accounts and credit consistently: Contact the financial institution and explain the situation for all accounts impacted by the potential scammer. They can help you freeze or lock your account, so these scammers have little or no access to your money. Contact the three main credit bureaus to freeze your credit. This will prevent anyone, including hackers, from wreaking havoc on your credit. Make sure to report any errors on your credit reports with the credit agencies. Remember that you are allowed a free annual credit report. If there are too many accounts for you to keep track of regularly, a credit monitoring service can help by constantly monitoring and alerting you of any account changes or problems.
3. Setup alerts for financial accounts: Most financial institutions offer financial alerts or restrictions for all transactions for checking accounts and cards. Do use them so you can be notified of any fraudulent transactions immediately. The faster you can report these charges to your financial institution, the more likely you can stop the scammers in their tracks.
4. Enable two-factor authentication for any account impacted by the phishing scam: This would include your financial accounts and email address. If you have this additional layer of security on, the hacker or scammer would have to send a code to another device or account to gain access, even with your password.
5. Get Identity Theft Protection: While getting an identity theft service seems overkill, many identity theft protection services can help you when your accounts get compromised. They continually monitor the dark web and your financial accounts to see if any crucial personal information like your email addresses or bank account information is compromised or up for sale on the dark web. Getting those alerts immediately allows you to act faster and take the above-mentioned steps. If you have already given out your information to a potential scammer, you should follow these steps to ensure that your identity hasn’t been stolen. See my tips and best picks on how to protect yourself from identity theft.
6. Use strong antivirus software: If you have antivirus software installed on the device where the scam email was received and any links clicked or attachments downloaded, run a scan on that device to identify suspicious software, delete it, and restart your device. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android & iOS devices.
7. Call the local authorities: While you hope never to encounter a scammer like the elderly woman who was victimized, if you feel unsafe and uncertain about how scammers will use your information, definitely reach out to local authorities.
DON’T CLICK THAT LINK! HOW TO SPOT AND PREVENT PHISHING ATTACKS IN YOUR INBOX
Kurt’s key takeaways
While there is little you can do about your digital information swimming around the internet, there are active steps you can take to protect yourself from these types of phishing scams. In the worst-case scenario, there are also ways to prevent further compromise if you fall victim.
Have you been a victim of a phishing scam? How did you find out it was a scam? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on Facebook, YouTube and Instagram
Answers to the most-asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
The 17 and 17 Ultra will apparently be available soon in the UK, Europe, and select other markets. The 17 — pitched as a rival to the likes of the iPhone 17 and Samsung Galaxy S26 — will cost £899 / €999 (about $1,200), while the larger and more capable Ultra starts from £1,299 / €1,499 ($1,750). The limited-edition Leitzphone will be substantially more expensive at £1,699 / €1,999 ($2,300), though it includes 16GB of RAM and 1TB of storage, along with a few extra accessories.
The 17 is an extremely capable small-ish flagship, with a 6.3-inch OLED display, Qualcomm Snapdragon 8 Elite Gen 5, and large 6,330mAh silicon-carbon battery (though sadly smaller than the 7,000mAh version launched in China). I won’t be writing a full review of the 17, but did spend a week using it as my main phone, and found that the battery cruised past the full-day mark, though wasn’t quite enough for two full days of my typical usage. That’s far better battery life than you’d find in similarly sized phones from Apple, Samsung, or Google.
The cameras impress too, with 50-megapixel sensors behind each of the four lenses, selfie included. Pound for pound, you won’t find many better camera systems in any phone this size.
1/10
The Ultra, unsurprisingly, takes things to another level. It’s much larger, with a 6.9-inch display, and weighs a hefty 218g. Despite that, the 6,000mAh is actually smaller, though I found it delivered pretty similar longevity.
The enormous camera is, as ever for Xiaomi’s Ultra phones, the highlight. There are 50-megapixel sensors for each of the main, ultrawide, and selfie cameras, with a large 1-inch-type sensor behind the primary lens. The periscope telephoto is even more impressive: 200-megapixel resolution, a large 1/1.4-inch sensor, and continuous optical zoom from 3.2x to 4.3x, the equivalent of 75-100mm. Xiaomi isn’t the first to pull off a true zoom phone — Sony’s Xperia 1 IV got there first in 2022 — but the telephoto camera here is far more capable than that phone’s, with natural bokeh and impressive performance even in low light.
The camera capabilities are supported by Xiaomi’s ongoing photography partner Leica, but it’s the pair’s Leitzphone that really emphasizes that. Slightly redesigned from the 17 Ultra Leica Edition that was released in China last December, this includes Leica branding across the hardware and software, a range of Leica filters and shooting styles, and a rotatable rear camera ring that can be used to control the zoom. It’s the first Leica Leitzphone produced by Xiaomi — after a trio of Japan-only Sharp models — and comes with additional branded accessories, including a case with a lens cap and a microfiber cleaning cloth.
Xiaomi has plenty of other announcements alongside the 17 series phones at MWC this year, including a super-slim magnetic power bank, the Pad 8 and Pad 8 Pro tablets, and a smart tag that supports both Google and Apple’s tech-tracking networks.
Photography by Dominic Preston / The Verge
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
NEWYou can now listen to Fox News articles!
Free apps are supposed to cost you nothing but storage space. But in this case, they may have cost millions of people control over their own internet connections.
Google says it has disrupted what it believes was the world’s largest residential proxy network, one that secretly hijacked around 9 million Android devices, along with computers and smart home gadgets. Most people had no idea their devices were being used since the apps worked normally, and nothing looked broken.
But behind the scenes, those devices were quietly routing traffic for strangers, including cybercriminals.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
STOP GOOGLE FROM FOLLOWING YOUR EVERY MOVE
Google says it disrupted a massive residential proxy network that secretly hijacked about 9 million Android and smart devices. (AaronP/Bauer-Griffin/GC Images)
How your device became part of a proxy network
According to Google’s Threat Intelligence Group, the network was tied to a company known as IPIDEA. Instead of spreading through obvious malware, it relied on hidden software development kits, or SDKs, that were embedded inside more than 600 apps. These apps ranged from simple utilities to VPN tools and other free downloads. When you installed one, the app performed its advertised function. But it also enrolled your device into a residential proxy network.
That means your phone, computer or smart device could be used as a relay point for someone else’s internet traffic. That traffic might include scraping websites, launching automated login attempts or masking the identity of someone conducting shady online activity. From the outside, it looked like that activity came from your home IP address. You wouldn’t see it happening, and in many cases, you wouldn’t notice any major performance issues.
Google says in a single seven-day period earlier this year, more than 550 separate threat groups were observed using IP addresses linked to this infrastructure. That includes cybercrime operations and state-linked actors. Residential proxy networks are attractive because they make malicious traffic look like normal consumer activity. Instead of coming from a suspicious data center, it appears to come from someone’s living room.
What Google did to shut it down
Google says it took legal action in a U.S. federal court to seize domains used to control the infected devices and route proxy traffic. It also worked with companies like Cloudflare and other security firms to disrupt the network’s command-and-control systems. Google claims it also updated Play Protect, the built-in Android security system, so that certified devices would automatically detect and remove apps known to include the malicious SDKs.
However, Google also warned that many of these apps were distributed outside the official Play Store. That matters because Play Protect can only scan and block threats tied to apps installed through Google Play. Third-party app stores, unofficial downloads and uncertified Android devices carry far greater risk.
IPIDEA has claimed its service was meant for legitimate business use, such as web research and data collection. But Google’s research suggests the network was heavily abused by criminals. Even if some users knowingly installed bandwidth-sharing apps in exchange for rewards, many did not receive clear disclosure about how their devices were being used.
Google’s investigation also found significant overlap between different proxy brands and SDK names. What looked like separate services were often tied to the same infrastructure. That makes it harder for consumers to know which apps are safe and which are quietly monetizing their connection.
300,000 CHROME USERS HIT BY FAKE AI EXTENSIONS
Hidden software inside more than 600 apps allegedly turned phones and computers into internet relays for cybercriminals. (David Paul Morris/Bloomberg via Getty Images)
7 ways you can protect yourself from Android proxy attacks
If millions of devices can be quietly turned into internet relay points, the big question is, how do you make sure yours isn’t one of them? These steps reduce the risk that your phone, TV box or smart device gets pulled into a proxy network without you realizing it.
1) Stick to official app stores
Only download apps from the Google Play Store or other trusted app marketplaces. Some apps hide small pieces of code that can secretly use your internet connection. These are often spread through third-party app stores or direct app files called “APKs,” which are Android app files installed manually instead of through the Play Store. When you sideload apps this way, you bypass Google’s built-in security checks. Sticking to official stores helps keep those hidden threats off your device.
2) Avoid “earn money by sharing bandwidth” apps
If an app promises rewards for sharing your unused internet bandwidth, that’s a major red flag. In many cases, that is exactly how residential proxy networks recruit devices. Even if it sounds legitimate, you are effectively renting out your IP address. That can expose you to abuse, blacklisting or deeper network vulnerabilities.
3) Review app permissions carefully
Before installing any app, check what permissions it requests. A simple wallpaper app should not need full network control or background execution privileges. After installation, go into your phone’s settings and audit which apps have constant internet access, background activity rights or special device permissions.
4) Install strong antivirus software
Today’s mobile security tools can detect suspicious app behavior, unusual internet activity and hidden background services. Strong antivirus software adds an extra layer of protection beyond what’s built into your device, especially if you’ve installed apps in the past that you’re unsure about. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
5) Keep your devices updated
Android security updates patch vulnerabilities that proxy operators may exploit. If you’re using an older phone, tablet or Android TV box that no longer receives updates, it may be time to upgrade. Unpatched devices are easier targets for hidden SDK abuse and botnet enrollment.
6) Use a strong password manager
If your device ever becomes part of a proxy network or is otherwise compromised, attackers often try to pivot into your accounts next. That’s why you should never reuse passwords. A password manager generates long, unique passwords for every account and stores them securely, so one breach does not unlock your email, banking or social media. Many password managers also include breach monitoring tools that alert you if your credentials appear in leaked databases, giving you a chance to act before real damage is done. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
7) Remove apps you don’t fully trust
Go through your installed apps and delete or uninstall anything you don’t recognize or haven’t used in months. The fewer apps running on your device, the fewer opportunities there are for hidden SDKs to operate. If you suspect your device has been compromised, consider a full reset and reinstall only essential apps from trusted sources.
ANDROID MALWARE HIDDEN IN FAKE ANTIVIRUS APP
Threat groups and state-linked actors allegedly used compromised devices to mask online activity and automate attacks. (Photo Illustration by Serene Lee/SOPA Images/LightRocket via Getty Images)
Kurt’s key takeaway
Residential proxy networks operate in a gray area that sounds harmless on paper but can quickly become a shield for cybercrime. In this case, millions of everyday devices were quietly enrolled into a system that attackers used to hide their tracks. Google’s takedown is a major move, but the broader market for residential proxies is still growing. That means you need to be cautious about what you install and what permissions you grant. Free apps are rarely truly free. Sometimes, the product being sold is you and your internet connection.
Have you ever installed an app that promised rewards for sharing bandwidth, or used a free VPN without thinking twice about it? Let us know your thoughts by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter
Copyright 2026 CyberGuy.com. All rights reserved.
Related Article
This week, Anthropic delivered a master class in arrogance and betrayal as well as a textbook case of how not to do business with the United States Government or the Pentagon.
Our position has never wavered and will never waver: the Department of War must have full, unrestricted access to Anthropic’s models for every LAWFUL purpose in defense of the Republic.
Instead, @AnthropicAI and its CEO @DarioAmodei, have chosen duplicity. Cloaked in the sanctimonious rhetoric of “effective altruism,” they have attempted to strong-arm the United States military into submission – a cowardly act of corporate virtue-signaling that places Silicon Valley ideology above American lives.
The Terms of Service of Anthropic’s defective altruism will never outweigh the safety, the readiness, or the lives of American troops on the battlefield.
Their true objective is unmistakable: to seize veto power over the operational decisions of the United States military. That is unacceptable.
As President Trump stated on Truth Social, the Commander-in-Chief and the American people alone will determine the destiny of our armed forces, not unelected tech executives.
Anthropic’s stance is fundamentally incompatible with American principles. Their relationship with the United States Armed Forces and the Federal Government has therefore been permanently altered.
In conjunction with the President’s directive for the Federal Government to cease all use of Anthropic’s technology, I am directing the Department of War to designate Anthropic a Supply-Chain Risk to National Security. Effective immediately, no contractor, supplier, or partner that does business with the United States military may conduct any commercial activity with Anthropic. Anthropic will continue to provide the Department of War its services for a period of no more than six months to allow for a seamless transition to a better and more patriotic service.
America’s warfighters will never be held hostage by the ideological whims of Big Tech. This decision is final.
Lifestyle17 minutes ago
‘The Fall and Rise of Reggie Dinkins’ falls before it rises — but then it soars
Technology28 minutes ago
Xiaomi 17 is a small(ish) phone with a big(ish) battery
World35 minutes ago
World leaders split over military action as US-Israel strike Iran in coordinated operation
Politics41 minutes ago
Iran fires missiles at US bases across Middle East after American strikes on nuclear, IRGC sites
Health47 minutes ago
Common nighttime noise exposure may trigger heart problems, study suggests
Florida1 year ago
Florida High School Football Rankings: Top 25 teams – Oct. 21
Connecticut2 years ago
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
Oregon2 years ago
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
Virginia2 years ago
99th annual Pony Swim held in Virginia
Indiana1 year ago
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Politics41 minutes ago
Iran fires missiles at US bases across Middle East after American strikes on nuclear, IRGC sites
World2 hours ago
Israel strikes two schools in Iran, killing more than 50 people
News2 hours ago
Anthropic CEO says he’s sticking to AI “red lines” despite clash with Pentagon
Politics13 hours ago
ICE blasts Washington mayor over directive restricting immigration enforcement
World14 hours ago
Did the EU bypass Hungary’s veto on Ukraine’s €90 billion loan?
-
World2 days agoExclusive: DeepSeek withholds latest AI model from US chipmakers including Nvidia, sources say
-
Massachusetts3 days agoMother and daughter injured in Taunton house explosion
-
Montana1 week ago2026 MHSA Montana Wrestling State Championship Brackets And Results – FloWrestling
-
Louisiana5 days agoWildfire near Gum Swamp Road in Livingston Parish now under control; more than 200 acres burned
-
Denver, CO3 days ago10 acres charred, 5 injured in Thornton grass fire, evacuation orders lifted
-
Technology1 week agoYouTube TV billing scam emails are hitting inboxes
-
Technology1 week agoStellantis is in a crisis of its own making
-
Politics1 week agoOpenAI didn’t contact police despite employees flagging mass shooter’s concerning chatbot interactions: REPORT