From its opening minutes, Moves of the Diamond Hand is upfront about what it offers: You’re going to have a lot of strange conversations, and you’re going to roll a lot of dice. Get on board with this proposition, and the reward is one of the most creative roleplaying games I’ve seen in years, even if its many mysteries won’t be resolved until 2027.
Technology
Fake Google security page can turn your browser into a spying tool
NEWYou can now listen to Fox News articles!
A new phishing scam is tricking people into installing malware by pretending to be a Google security check. The page looks convincing and tells you that your Google account needs additional protection. It walks you through a simple setup process that appears to strengthen your security and protect your devices.
If you follow those steps, you may end up installing what looks like a harmless security tool. In reality, security researchers say the page installs a malicious web app that can spy on your device. It can steal login verification codes, watch what you copy and paste, track your location and quietly send internet traffic through your browser.
The most troubling part is that nothing is technically hacked. Instead of exploiting a software flaw, attackers simply trick you into granting the permissions they need. Once that happens, your own browser can start working for them without you realizing it.
Sign up for my FREE CyberGuy Report. Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
THE #1 GOOGLE SEARCH SCAM EVERYONE FALLS FOR
The fake site mimics a Google security page and urges visitors to complete a quick “account protection” setup. (AP Photo/Don Ryan, File)
All about the fake Google security page
Security researchers at Malwarebytes, a cybersecurity company, recently discovered a phishing website that pretends to be part of Google’s account protection system. The site uses the domain google-prism[.]com and presents what looks like a legitimate security page asking you to complete a short verification process. Visitors are told they should complete a four-step setup to improve their account protection. The page explains that these steps will help secure your Google account and protect your devices from threats. During the process, the site asks you to approve several permissions and install what it claims is a security tool.
The tool it installs is actually a Progressive Web App. This type of application runs through your browser but behaves like a regular app on your computer. It opens in its own window, can send notifications and can run tasks in the background. Once installed, the malicious web app can collect contacts, read information you copy to your clipboard, track GPS location data and attempt to capture one-time login codes sent to your phone. These codes are commonly used when you sign in to accounts that use two-factor authentication.
The fake security page may also offer an Android companion app described as a “critical security update.” Researchers found that this app requests 33 permissions, including access to text messages, call logs, contacts, microphone recordings and accessibility features. Those permissions give attackers the ability to read messages, capture keystrokes, monitor notifications and maintain control over parts of the device. Even if the Android app is never installed, the web app alone can still collect sensitive information and quietly run activity through your browser.
How it works and why it matters to you
The scam works because it looks like something you would normally trust. Many people expect security alerts from the services they use, especially when it comes to protecting email or cloud accounts. Attackers take advantage of that trust by presenting the fake page as a helpful security feature. When you approve the permissions and install the web app, you are essentially giving the attackers access to certain parts of your device. One of the main things they try to capture is one-time passwords. These are the short codes you receive when logging in to accounts that require two-factor authentication.
If attackers manage to capture those codes while also knowing your password, they may be able to break into your accounts. That could include your email, financial services, or cryptocurrency wallets, depending on which accounts you use. The malware also watches what you copy and paste. Many people copy cryptocurrency wallet addresses before sending digital currency, and those addresses can be valuable to criminals. The malicious app can collect that information and send it back to the attackers.
Another feature allows attackers to route internet requests through your browser. This means they can run online activity through your device so it appears to come from your home network. The app can also send notifications that look like security alerts or system warnings. When you click those notifications, the app opens again and gains another opportunity to capture information such as login codes or clipboard data.
Google says built-in protections can block the threat
After learning about the phishing campaign, we asked Google about the malicious site and whether users are protected.
A Google spokesperson told CyberGuy that several built-in security systems are designed to stop threats like this before they cause harm.
“We can confirm that Safe Browsing in Chrome warns any user who tries to visit this site. Chrome also shows a confirmation dialog whenever anyone attempts to download an APK. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services.”
Google also said that its current monitoring shows no apps containing this malware are available on the Google Play Store.
ANDROID MALWARE HIDDEN IN FAKE ANTIVIRUS APP
Even if malicious apps are installed from outside official stores, Google says Android devices still have an additional layer of protection. Google Play Protect can warn users or block apps known to exhibit malicious behavior, including apps installed from third-party sources.
However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all known malware from Android devices, which is why we recommend additional strong antivirus software to detect malicious downloads, suspicious browser activity and phishing attempts before they cause serious damage. It acts as an early warning system that helps block dangerous apps and websites before they gain access to your device or your data.
During the process, users are prompted to approve permissions and install what appears to be a security tool. (iStock)
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
7 ways to protect yourself from fake security pages
If you ever come across a suspicious “security check” like this, a few simple habits can help you avoid falling into the trap and protect your accounts and devices.
1) Never run security checks from random websites
Google does not ask you to install security tools through pop-ups or unfamiliar websites. If a page claims your account needs a security check, close the tab and go directly to Google’s official account page by typing the address yourself. Visiting the real account settings page prevents attackers from redirecting you to a fake site.
2) Check website addresses carefully before trusting them
Phishing pages often use domains that look similar to real companies. Attackers rely on people clicking quickly without paying attention to the address bar. If the website address is not an official Google domain, do not trust it. Even a small change in the spelling can indicate a fake site designed to steal information.
3) Remove suspicious web apps from your browser
If you installed an app through a website and it opens like a standalone program, check your browser’s installed apps or extensions list. Remove anything you do not recognize or do not remember installing. Uninstalling the app immediately prevents it from collecting more information or running commands through your browser.
4) Check your Android phone for unfamiliar apps
Researchers say the malicious Android app may appear as “Security Check” or “System Service.” If you see unfamiliar apps with these names, review the permissions they request and remove them if they look suspicious. Apps asking for extensive permissions such as SMS access, accessibility features, and microphone control should always be investigated.
5) Use a password manager for your accounts
A password manager helps you create and store strong, unique passwords for every account you use online. If attackers obtain one password, they will not automatically gain access to other accounts. Password managers can also help prevent you from entering credentials on fake sites because they usually refuse to auto-fill on lookalike domains.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com
6) Enable two-factor authentication whenever possible
Two-factor authentication (2FA) adds an extra layer of protection beyond your password. Even though this attack tries to capture SMS verification codes, many services allow you to use authenticator apps instead. These apps generate login codes on your device and make it much harder for attackers to intercept them.
7) Monitor your accounts for unusual activity
If you think you interacted with a suspicious security page, keep a close eye on your accounts over the following days. Watch for login alerts, password reset emails, or transactions you do not recognize. Acting quickly after suspicious activity can help prevent attackers from gaining full control of your accounts.
Pro tip: Reduce how easily scammers can target you
Scammers often gather personal details from data broker sites to make phishing messages look more convincing. A data removal service can help remove your personal information from many of those databases, reducing the amount of information criminals can use to impersonate companies or craft targeted scams.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
Researchers say the malicious web app could collect login codes, clipboard data and other sensitive information. (Felix Zahn/Photothek via Getty Images)
Kurt’s key takeaway
Attackers are changing tactics. Instead of breaking into systems through technical flaws, they are relying on convincing security messages that persuade people to install tools themselves. All of us rely on familiar brands like Google when making security decisions, and attackers know that. Preventing these scams will likely require faster action against impersonation sites and stronger safeguards around what web apps are allowed to do once installed.
Should companies like Google be required to automatically block lookalike domains that pretend to run official security checks before people fall for them? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report. Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Moves of the Diamond Hand is an Early Access videogame available on PC, macOS, and steamOS (including the Steam Deck, where I played it) from musician and game designer Cosmo D. The game looks and feels like a 2000s-era first-person RPG or immersive sim: environments are grimy, stark, and blocky; characters’ features are stretched over smooth heads a bit too small for their faces; an eerie soundtrack pulses over all. You’ll arrive on a train and immediately meet an old mentor, disgraced by some kind of political scandal. You convey your desire to join a powerful organization called Circus X, then declare which of several wildly different paths you’ll take into its fold — you can try joining the city council, but could find equal success crafting the perfect sandwich or joining the best band.
These options help introduce the central mechanic. The game gives you one upgradeable die for each of seven stats, ranging from standard fare like Physique and Observation to the more idiosyncratic Cooking and Music. To set a challenge, it will roll a die corresponding to one of those attributes, and you’ve got to match or beat it with your own roll.
Once you emerge into the train station, the complexity quickly multiplies. There are a plethora of sub-mechanics including cooking, performing music, laundering disguises, and mixing cocktails — all of which add additional dice with unique quirks. You can selectively re-roll dice in a manner similar to Yahtzee, introducing an element of strategy within each encounter, and your final score (win or lose) is translated into experience points. The basic system was introduced in Cosmo D’s last game, Betrayal at Club Low, but in a less flexible and elegant form; Diamond Hand feels like its evolution. (Disclosure: My husband has provided outside feedback for Cosmo D’s games.)
It’s all a little intimidating at first. But the game allows you to ease into its options, which happens quickly, since you’re rolling for virtually every action and verbal exchange from making small talk to opening a door. There’s a meaningful element of chance to all this, without descending into unbounded randomness. Some rolls can be mathematically impossible to win or lose at a given skill level, but it’s possible to still damage your health or gain an unwelcome status effect with safe challenges, preventing them from becoming purely rote. You can retry most actions if you fail them, but they’ll become slightly more difficult on a second attempt, so there’s a constant balancing act of deciding when to take the initial leap. The ambient low-level risk makes even simple spaces feel substantive and engaging — it negates the common RPG urge to speed through environmental detail and flavor text while looking for the “real” parts of the game.
Through countless skill checks, you’ll internalize the odd logic of the game’s world. The setting, Off-Peak City, is a garish metropolis shaped by the machinations of sinister corporations, corrupt politicians, and shady operatives, but also musicians, restaurateurs, and literally and figuratively underground tailors — a neon retro-future for streetwise aesthetes. What might be niche skills in any other game prove extraordinarily powerful here. The Music stat, whose uses include sewing (machines can, among other options, be literally operated by improvisation), calming aggressive animal-human hybrids (by whistling tunes), and mixology (which can be performed “rhythmically”), is arguably the single strongest power in the game.
Circus X, you’ll soon learn, is a secretive arts institution that influences everything from politics to the sandwich supply chain — imagine the Factory crossed with the Freemasons. While pursuing membership, you’re embroiled in a local election between a scandal-plagued technocrat, a former boy-band star, and the corporate-controlled clone of a mayor from decades past. In place of a Maltese Falcon, everyone’s scheming for control of a sentient Big Mouth Billy Bass. And meddling behind the scenes is the mysterious, anarchic Diamond Hand, frequently alluded to but not explained.
Diamond Hand’s story evokes real-world parallels, but as a jumping-off point for something that’s rich and alive in its own right. In perhaps the most obvious example, a company in Off-Peak City is pumping the place full of clones, supplanting human artists with corporate-guardrailed regurgitations of old media. But rather than stop at commentary, the game walks this out to explore the idea that clones are also conscious beings who are frustrated by their creative limits and lack of autonomy, while letting human characters reflect on their own relationship with nostalgia and artistic taste.
Put this all together and you’ve got a hard-boiled sci-fi thriller involving subway busking, finding library books, stumping for politicians, harvesting lettuce, arguing about jazz, and doing laundry, infused with the lizard-brain appeal of a nonstop game of chance. It’s irresistible.
Most of Diamond Hand’s main quests end in roadblocks, because its Early Access build includes only the first two of six chapters, with the next scheduled for this summer and a full launch set for the spring of 2027. But even in its current state, Diamond Hand is dense and tantalizing, delivering a string of absurd premises and dry humor with a straight face. (Among many tossed-off jokes that are also actual game mechanics, local pizza-makers require everyone to bake their own pie, so if you don’t like your order, you have only yourself to blame.) You’re granted experience points for letting characters ramble through their backstories and opinions — which lands somewhere between a sly gag about RPG infodumping and a straightforwardly clever decision — but the dialogue pays off even without that prize.
And for all its dystopian elements, there’s something idealistic about a world where art, for good or ill, deeply matters. Diamond Hand may be a work in progress, but it’s a recipe for becoming obsessed with skill and perfection, chasing the world’s greatest sandwich and the string of lucky dice rolls that will get you there.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
NEWYou can now listen to Fox News articles!
Getting hacked once is scary enough. But getting hacked again after changing carriers, replacing cards and trying to recover your accounts can make it feel like the criminals are always one step ahead. That is exactly what happened to Lela in Ohio, who reached out after a frightening string of account takeovers.
“All my accounts have been hacked,” Lela said. “I had my phone number transferred to another carrier, AT&T, and I’m experiencing it again. They have hacked my phone number again.” She said criminals accessed her checking accounts, credit cards and even started charging new cards before she received them.
Then she asked the question anyone in her situation would be asking: “Should I be just getting a new phone number instead of trying to recover the number I’ve had for 20 years?”
The answer is maybe, but changing your number should rarely be the first move. A new number can help in some cases. However, if hackers still control your email, bank login, recovery settings or wireless account, they may keep breaking back in.
SCAMMERS TARGET WIRELESS CUSTOMERS IN NEW PHONE SCHEME
A SIM swap or port-out scam can let criminals take over your phone number and intercept security codes for sensitive accounts. (Jacob Wackerhausen/Getty Images)
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Why your phone number matters so much
Your phone number may feel harmless. After all, it is how friends, family, doctors and businesses reach you. But today, that number is also connected to some of your most important accounts. It may be tied to your bank accounts, credit cards, email accounts, Apple ID, Google account, medical portals, shopping accounts and password resets.
That makes it valuable to criminals. If a scammer takes control of your number, they may receive your calls and text messages. That includes security codes meant only for you. From there, they can reset passwords, break into email, access financial accounts and keep returning even after you think you fixed the problem.
What is a SIM swap or port-out scam?
A SIM swap scam happens when a criminal tricks your mobile carrier into moving your phone number to a SIM card or eSIM they control. A port-out scam happens when they move your number to another carrier.
Once that happens, your phone may suddenly lose service. Meanwhile, the scammer may start receiving your calls and texts. That can give them access to verification codes for email, banking, credit cards and other accounts.
In some cases, victims do not realize what happened until money disappears or accounts get locked.
Should Lela get a new phone number?
Maybe, but not immediately. If Lela gives up her long-time number too fast, she could lose access to accounts that still use that number for recovery. Even worse, if a criminal still controls the old number, they may continue receiving password reset codes for accounts tied to it. Before changing the number, she should secure the number she has and update her most important accounts.
A new number may make sense if the number keeps being targeted despite carrier protections. It may also help if hackers keep using it to reset accounts, the carrier confirms unauthorized SIM swaps or too many accounts tied to that number have already been compromised. A new number may also be worth considering if the old number is widely exposed on the dark web or data broker sites. Still, keeping the number may be safer for now if she needs it to recover critical accounts.
First, lock down the wireless account
Lela should call AT&T directly using the official number on AT&T’s website or on her bill. She should avoid numbers from texts, emails or voicemails. She should ask AT&T to check for SIM swap attempts, port-out requests, unauthorized account changes, new devices, call forwarding, number transfer activity and unknown authorized users.
Then she should ask AT&T to add stronger protections, including a strong account PIN, port-out freeze or number transfer lock, SIM lock if available and extra account verification. She should also remove any unknown authorized users. This makes it much harder for criminals to move her number again.
Secure your email before changing everything else
Your email is often the master key to your digital life. If a hacker controls your email, they can reset passwords for banks, credit cards, shopping accounts and social media. Before changing every password, Lela should make sure her main email account is clean and secure.
She should change her email password from a safe device, sign out of all sessions, check recovery email addresses, review recovery phone numbers and remove unknown forwarding rules. She should also review connected apps and devices and turn on stronger two-factor authentication (2FA). If email remains compromised, a hacker can keep undoing every recovery step.
Stop relying on text message codes
Text message codes are better than having no protection. However, they become risky when criminals target your phone number. For important accounts, use an authenticator app, a security key or passkeys where available.
This matters most for email, banking, credit cards, Apple ID, Google account, social media, password managers, tax accounts and government accounts. This makes your accounts much harder to break into, even if a criminal gets control of your phone number.
ARE BANK TEXT CODES ENOUGH TO PROTECT YOU?
Hackers can use a stolen phone number to reset passwords, break into email and access bank or credit card accounts. (Kurt “CyberGuy” Knutsson)
Change passwords from a safe device
If your phone, tablet or computer has malware, changing passwords from that device may hand the new passwords right back to the hacker. Before resetting passwords, make sure the device is safe. Update the operating system. Delete unknown apps. Run strong antivirus protection. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
Avoid links in suspicious texts or emails. Then use a password manager to create unique passwords for every important account. Never reuse old passwords after a hack. Check out the best expert-reviewed password managers of 2026 at CyberGuy.com.
Protect bank accounts and credit cards next
Since Lela said criminals charged new cards before she received them, she should treat this as possible identity theft or account takeover. She should call each bank and credit card company directly and ask for the fraud department. She should explain that her accounts, phone number or identity may have been compromised.
Ask each bank to cancel compromised cards, issue new card numbers, review recent activity, add verbal passwords or extra verification and remove unknown devices from online banking. She should also turn on transaction alerts and ask whether wire transfers, Zelle or other payment tools need temporary limits. Finally, she should check whether criminals opened any new accounts in her name.
Freeze your credit and file an identity theft report
If criminals have enough information to keep attacking your accounts, a credit freeze can help stop them from opening new credit in your name. Place a credit freeze with Equifax, Experian and TransUnion. You can also place a fraud alert.
Then file an identity theft report at IdentityTheft.gov. That report can help create an official recovery plan. It can also provide documentation if banks, lenders or credit bureaus need proof.
Check whether your personal information is exposed
If scammers already have your phone number, email, address, date of birth or other personal details, they may use that information to impersonate you.
A data removal service can help reduce the amount of personal information exposed on people-search sites and data broker sites. Data removal will not fix a hacked account by itself. Still, it can reduce the information scammers use to target you again. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
Warning signs your phone number may still be under attack
Even after you lock things down, keep watching for signs that criminals are still trying to use your number or accounts. These red flags should get your attention fast.
1) Your phone suddenly loses service
If your phone switches to SOS mode, loses service or stops receiving calls and texts, contact your carrier right away. That can be a sign of a SIM swap or port-out attempt.
2) You receive password reset codes you did not request
Random security codes can mean someone is trying to break into one of your accounts. Do not share the code with anyone. Go directly to the account website or app and change your password from a safe device.
3) Your carrier sends account change alerts
Take any wireless account alert seriously. This includes alerts about a new SIM, eSIM, device, PIN change or number transfer request.
HOW SIM SWAPPING LED TO A $1.8M CYBER FRAUD CASE
A new phone number may help after repeated attacks, but victims should first secure email, banking and wireless account settings. (Kurt “CyberGuy” Knutsson)
4) Your bank alerts show strange activity
Watch for small test charges, declined transactions, new payees or changes to contact information. Criminals often test an account before making bigger moves.
5) Your email shows unfamiliar logins
Check recent login activity, connected devices, forwarding rules and recovery options. If anything looks unfamiliar, remove it and change your password.
When changing your number may be the right move
If the warning signs keep showing up after you lock things down, then changing your number may be worth considering. Changing the number may help if the current number remains a constant attack path. But before switching, Lela should update her phone number on critical accounts first.
That includes email, bank accounts, credit cards, Apple ID, Google account, Social Security account, IRS account, password manager, medical portals, insurance accounts, investment accounts, utilities and shopping accounts. Then she should remove the old number from account recovery settings wherever possible.
Do not forget account recovery settings
A common mistake after a hack is changing the password but forgetting the recovery options. If the scammer added their email, phone number or device, they may still be able to get back in.
Check every important account for recovery phone numbers, recovery email addresses, trusted devices, backup codes, linked apps, forwarding settings, authorized users and payment methods. Remove anything unfamiliar.
Kurt’s key takeaways
A new phone number can help, but it is no magic fix. If hackers still have access to Lela’s email, bank logins, recovery settings or personal information, they may keep getting back in even with a new number. The smarter order is to lock down the wireless account first. Then secure email, stop using text codes, change passwords from a safe device and protect bank accounts. After that, freeze credit, file an identity theft report and remove exposed personal information from the web. Only then should you decide whether changing your number is necessary. Your phone number may feel personal, especially if you have had it for 20 years. But once criminals use it as a doorway into your life, the real goal is cutting off every way they can use it against you.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Have you ever had your phone number, email or bank account hacked? What was the first sign that something was wrong? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Nothing’s next budget phone is the latest victim of RAMageddon. As 9to5Google reports, Nothing co-founder Akis Evangelidis announced in a post on X that a follow-up to the CMF Phone 2 Pro won’t be coming this year:
We were working on a successor but with memory prices where they are right now, we can’t build a phone that feels like a genuine step forward at a price that makes sense for CMF. As a result, we’ve decided not to launch a new CMF phone this year.
Last week, Nothing CEO and co-founder Carl Pei also said the RAM shortage has impacted the cost of the company’s mid-range phone, stating, “For Phone 4A, memory costs doubled between when we decided to build the device and when it launched. They’ve doubled again since.” According to Pei, “memory is now the most expensive component in a smartphone.” Nothing is far from the only company facing RAM pricing challenges — earlier this week, Tim Cook announced Apple will be raising prices, saying “the situation has become unsustainable.”
While there won’t be a new CMF phone this year, Evangelidis added in his post that CMF still has “several new products launching as well as some entirely new categories.” He also hinted that “the smartphone launch season at Nothing isn’t over yet.”
-
Wyoming2 minutes agoWith high costs and access gaps, Wyoming’s elder care landscape is ‘in crisis’
-
Crypto5 minutes agoIran Moves to Close the Strait of Hormuz as Tensions Erupt Over Broken Ceasefire Deal
-
Finance10 minutes agoPersonal Finance: SpaceX IPO bends the rules | Chattanooga Times Free Press
-
Fitness17 minutes ago8News tries Pilates exercises for Fitness Friday
-
Movie Reviews25 minutes ago1986 Movie Reviews – Karate Kid Part II and Legal Eagles | The Nerdy
-
World35 minutes agoVideo: Moscow Tanker Blast Most Likely Russian Missile, Video Shows
-
News40 minutes agoVideo: The Sacred Catholic Site Where Trump Wants a Border Wall
-
Health1 hour agoThe Mental Trick That Ends Compulsive Eating and Makes Weight Loss Easier
