Connect with us

Technology

FBI says Russian hackers hijacked old Wi-Fi routers

Published

on

FBI says Russian hackers hijacked old Wi-Fi routers

NEWYou can now listen to Fox News articles!

Your Wi-Fi router may be the least glamorous gadget in your home. It sits on a shelf, blinks in the corner and only gets attention when Netflix freezes. However, that little box controls a lot more than you may think. 

The FBI and Justice Department say a Russian military intelligence hacking group abused vulnerable small office and home office routers to help run an espionage operation. The group is known as APT28, Fancy Bear and Forest Blizzard. It has been linked to Russia’s GRU military intelligence agency.

The hackers changed router settings so internet requests could flow through servers they controlled. That gave them a way to watch for valuable targets, redirect traffic and steal sensitive login information. The Justice Department and FBI say they disrupted the U.S. portion of the network in April. That is good news. Still, law enforcement cannot walk into your house, update your router or change the password printed on an old sticker. That part is on you.

Sign up for my FREE CyberGuy Report

Advertisement
  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.  

FBI WARNS OF HACKERS EXPLOITING OUTDATED ROUTERS. CHECK YOURS NOW

Wires are connected to a router to maintain internet connectivity. (Wolf Von Dewitz/Picture Alliance via Getty Images)

How this router attack worked

This attack focused on SOHO routers. That stands for small office and home office routers. In other words, these are the kinds of devices used by small businesses, remote workers and some homes. The Justice Department says the hackers used weaknesses in older routers to change DNS settings.

DNS is like the address book for the internet. When you type a website name, DNS helps your device find the right online destination. If hackers control that address book, they can send certain requests through their own servers. That can let them spot valuable targets and try to steal passwords, authentication tokens, emails or browsing data.

That to me is scary because the victim may not see anything obvious. Your laptop may still connect. Your phone may still browse. Your router may still look normal. Meanwhile, the traffic can be quietly routed through a bad path. 

Why old routers can become a weak spot

Routers age like any other device. The problem is that many people keep them for years after the manufacturer stops supporting them. That can leave known security holes sitting open.

Advertisement

Many people also never change the router’s admin username and password. That admin login is different from your Wi-Fi password. It controls the router itself. If that login still uses a default password, a hacker has a much easier path inside.

Think of it this way. You may have strong passwords on your bank account, email and phone. But if your router is outdated and poorly protected, your network still has a soft spot.

DON’T USE YOUR HOME WI-FI BEFORE FIXING CERTAIN SECURITY RISKS

A router’s admin settings can become a security weak spot when firmware is outdated or default passwords are never changed. (TP-Link)

Which routers were targeted?

The FBI specifically referred to the TP-Link WR841N in its warning. The UK National Cyber Security Centre also listed other TP-Link models targeted by APT28. The agency says the list may not be complete.

Advertisement

Here are the routers named in the advisory:

  • TP-Link LTE Wireless N Router MR6400
  • TP-Link Wireless Dual Band Gigabit Router Archer C5
  • TP-Link Wireless Dual Band Gigabit Router Archer C7
  • TP-Link Wireless Dual Band Gigabit Router WDR3600
  • TP-Link Wireless Dual Band Gigabit Router WDR4300
  • TP-Link Wireless Dual Band Router WDR3500
  • TP-Link Wireless Lite N Router WR740N
  • TP-Link Wireless Lite N Router WR740N/WR741ND
  • TP-Link Wireless Lite N Router WR749N
  • TP-Link Wireless N 3G/4G Router MR3420
  • TP-Link Wireless N Access Point WA801ND
  • TP-Link Wireless N Access Point WA901ND
  • TP-Link Wireless N Gigabit Router WR1043ND
  • TP-Link Wireless N Gigabit Router WR1045ND
  • TP-Link Wireless N Router WR840N
  • TP-Link Wireless N Router WR841HP
  • TP-Link Wireless N Router WR841N
  • TP-Link Wireless N Router WR841N/WR841ND
  • TP-Link Wireless N Router WR842N
  • TP-Link Wireless N Router WR842ND
  • TP-Link Wireless N Router WR845N
  • TP-Link Wireless N Router WR941ND
  • TP-Link Wireless N Router WR945N

If you see your model on this list, take it seriously. Many of these routers are older. Some may no longer get normal security support. We reached out to TP-Link for comments, but did not hear back before our deadline.

What TP-Link says about the router warnings

A spokesperson from TP-Link Systems Inc. told CyberGuy the company is aware of recent public reporting involving legacy consumer routers, including TP-Link models listed in those reports. The company said the referenced legacy router models reached End of Service and Life status several years ago.

“While these products are outside our standard maintenance lifecycle, TP-Link has developed security updates for select legacy models where technically feasible,” the spokesperson said.

The spokesperson also urged customers using legacy or end-of-service devices to upgrade to currently supported hardware that receives regular security updates.

“As immediate precautions, users should update to the latest available firmware, disable remote management, and restrict device access to trusted internal networks only,” the spokesperson said.

Advertisement

TP-Link added that the security of its customers is its highest priority and said detailed mitigation guidance, along with a list of identified affected legacy products, is available on its official security advisory page.

What this means for you

Most people do not think about their router until the Wi-Fi drops. But your router sits between your devices and the internet. That gives it a powerful position in your home or small business. If a hacker changes the router’s settings, every connected device can feel the impact. That includes your laptop, smartphone, tablet, smart TV and work computer.

This is especially important if you work from home. A weak router can create a risk for your personal accounts and your workplace accounts. The good news is that you do not need to be a cybersecurity expert to lower the risk. You just need to stop treating your router like a forgotten appliance.

ETHERNET VS WI-FI SECURITY COMPARISON REVEALS SURPRISING RESULTS FOR HOME USERS SEEKING PROTECTION

Security agencies say replacing unsupported routers is one of the most important steps users can take after this kind of attack. (TP-Link)

Advertisement

How to protect your router from hackers

The good news is that a few simple router checks can reduce your risk and help keep hackers from quietly changing how your internet traffic moves.

1) Check your router model

Look at the label on your router. You can usually find the model number on the bottom or back of the device. If it matches one of the listed models, check the manufacturer’s support page for firmware updates. If the device is no longer supported, replace it. Do not keep an end-of-life router because it “still works.” A router can still provide Wi-Fi while leaving your network exposed.

2) Update your router firmware

Firmware is the software that runs your router. Updates often fix security problems. Open your router’s app or log in to its admin page. Look for a firmware update section. Turn on automatic updates if your router offers that option. If it does not, set a reminder to check for updates regularly.

3) Change the router admin password

Your router has an admin login. This is separate from your Wi-Fi network password. Change the default admin username and password. Use a long, unique password that you do not use anywhere else. A password manager can help you create and store a strong router password so you do not have to remember it. Also, change your Wi-Fi password if you have shared it widely or kept it for years. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com

4) Disable remote management

Most people do not need to manage a home router from outside the house. Remote management can give attackers another way to reach your router. Log in to your router settings and turn it off unless you truly need it. The wording may vary by brand. Look for “remote management,” “remote access” or “WAN access.”

Advertisement

5) Reboot your router

A reboot will not fix every router problem. However, security agencies often recommend restarting routers as part of basic home network hygiene. Unplug your router, wait about 30 seconds and plug it back in. This can help clear some temporary malicious activity. Still, it does not replace updates, stronger passwords or replacing an outdated device.

6) Watch browser certificate warnings

Do not click through browser warnings that say a site certificate is invalid or unsafe. Those warnings can appear when something is interfering with a secure connection. In this kind of attack, that warning could be a major red flag. Close the page instead. Then check the site by typing the address yourself on a trusted network.

7) Use a VPN for sensitive work

If you handle work files or sensitive accounts from home, use your company-approved VPN. A VPN can help protect traffic when you connect to workplace systems. It can also reduce exposure when you use networks you do not fully control. Still, a VPN isn’t a free pass to ignore router updates. You need safer habits and safer hardware. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android & iOS devices at Cyberguy.com

8) Use strong antivirus software

Strong antivirus software can help protect your devices if a bad link, a fake login page or a malicious download reaches you. It will not fix a vulnerable router, but it can add another layer of protection for your computer and phone. Look for security software that can detect malware, warn you about phishing sites and help block suspicious activity before it causes damage. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

9) Consider identity theft protection

If hackers steal your login details, the damage can spread beyond your Wi-Fi network. Identity theft protection can help monitor for signs that your personal information is being misused. It may alert you to suspicious activity involving your credit, accounts or personal data so you can act faster. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com

Advertisement

10) Use a data removal service

A data removal service can help reduce the amount of personal information about you that is available online. That is important because scammers often combine stolen logins with exposed details from data broker sites. Removing your information from those sites can make it harder for criminals to build a fuller profile of you or your family. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

11) Replace outdated routers

If your router no longer receives security updates, replace it. That may feel annoying. I get it. Nobody gets excited about buying a router the way they might get excited about a new phone. But your router protects everything connected to it. Spending money on a supported device can be cheaper than cleaning up stolen passwords later.

Kurt’s key takeaways

This router warning should make every home and small business owner pause for a minute. The scariest part is how ordinary the target is. We are talking about routers that may be sitting in homes, home offices and small businesses right now. The FBI and its partners disrupted part of the Russian operation. However, that does not magically secure old routers still sitting on shelves. So check your model. Update the firmware. Change the admin password. Turn off remote management. Replace the router if it no longer gets updates. Your router may be boring. But if it gets hijacked, it can become one of the most important security problems in your home.

Would you know how old your router is right now, or is it one of those devices you have not touched since the day it was installed? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Advertisement

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Technology

America’s greatest idea is still under threat

Published

on

America’s greatest idea is still under threat

The United States of America recently turned 250 years old. What a spectacle! The fireworks were amazing, and millions of proud people celebrated across the nation — even around the world. France lit up the Eiffel Tower; Japan had fireworks. French fighter jets flew above New York City with trails of red, white, and blue — our first major ally streaking our shared colors through the sky. Meanwhile, shameful white nationalists paraded through our nation’s capital. This has always been a country of paradoxes.

Our 250th birthday counts back to the Declaration of Independence in 1776. The declaration was a radical and astonishing document that still serves as America’s soul. But the beating heart of the nation wouldn’t come until more than a decade later, when the Constitution was ratified. That document is why I’m able to write this to you today. And we need you to help protect it.

The First Amendment to the Constitution is so potent that people across the world who live in places untouched by US law often seem to think they have the same rights it establishes. The First Amendment is our day-one theory of what makes a free society. It’s literally the first cure by the framers for a project they knew would be forever imperfect and incomplete — fixable only by way of the right to free expression.

The Verge exists today because of this great project. We believe in it deeply. The First Amendment affords us the knowledge that we’re likely free from imprisonment from expressing our freedom to speak. But journalism and speech are always under assault. It’s one of the reasons why we’ll always need lawyers despite likely having the strongest editorial ethics policy in the industry.

Here’s what the First Amendment says:

Advertisement

Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.

This is a compelling and beautiful idea. But we’ve had to fight to keep it alive from the beginning..

John Adams, one of the fiercest revolutionaries who railed against British tyrrany and helped secure independence, completely fucked up the First Amendement when he became the second US president. Adams’ series of Alien and Sedition Acts of 1798 look positively Trumpian in retrospect, railing against foreigners, expanding presidential power to arrest, imprison, or deport people, and perhaps most insidiously, making it a crime for American citizens to print “scandalous and malicious” writings against the government. Adams surely loved the country he created, but nonetheless shrunk before the magnitude of its liberties.

Fast-forward to World War I, when the First Amendment was again under attack, this time by the Supreme Court. The court’s awful decision under Oliver Wendell Holmes was later overturned, but its fearful message about free speech still sticks with us. You’ve probably heard the phrase “you can’t shout ‘fire’ in a crowded theater” — not actually true. The misquoting and misinterpretation here is darkly funny: Trevor Timm, in The Atlantic, notes the court decision the phrase refers to was actually about whether an American socialist “could be convicted under the Espionage Act for writing and distributing a pamphlet that expressed his opposition to the draft.” It almost sounds ripped from contemporary headlines. (Nearly a century later, the Espionage Act would be used again to target, this time, a New York Times journalist.)

Misunderstandings about the First Amendment still abound. On the front lines we most readily see it in police confrontations where armed agents of the state bungle their constitutional duties with disastrous results.

Cops are routinely so terrible at understanding America’s foundational law that there’s now a cottage industry of streamers and influencers who work as “First Amendment auditors” — people who intentionally flex their right to record in public to bait dummies into abridging their freedom of speech. It’s easy to go down TikTok rabbit holes where you’ll find someone recording an illegal traffic stop from inside their car, or a fully kitted streamer recording harassment on a public sidewalk. When the police inevitably show up to hassle someone for exercising their rights, the stakes are immediately raised.

Advertisement

In a best-case scenario, a higher-ranking cop arrives and dispels their colleagues’ unconstitutional conduct. In other cases, someone ends up getting detained or arrested for completely protected behavior.

It’s even worse than usual in 2026, because we now live under an administration that’s flooding cities with barely trained federal agents who see constitutionally protected behavior as a threat. This has resulted in deaths, assaults on reporters, and an untold broader cost of regular people having to endure the immense burden of confronting the justice system simply for doing things they have the fundamental right to do. The right to speak and assemble is especially valid when it’s in protest of the government. That’s the whole point of this thing! And yet.

The latest assaults on the First Amendment have been encouraged by people all the way up the chain of command. We’re being betrayed by officials who are supposed to protect us, people who swore an oath to the Constitution and ought to know better. The FCC is not supposed to regulate speech but has nonetheless become a nightmare of incompetence and civil rights suppression. Do you miss Stephen Colbert on The Late Show? Thank the Trump administration, which now operates a mob-like patronage system that has cowed the billionaire princes who own America’s broadcast networks. Or ask Jimmy Kimmel, who got kicked off the air after conservatives went nuclear over his tame remarks about Charlie Kirk, a man who spent his time poisoning our national discourse with none of the grace or wit employed by national talk show hosts.

The Trump regime in general has an incredibly disturbing record on free speech, from science to the operations of the largest social networks. Donald Trump rails against anyone who doesn’t bow to him, and the list of his victims is too long to enumerate. But here’s an important one: The president once threatened to jail Meta CEO Mark Zuckerberg for life. Zuckerberg is far more wealthy and powerful than Trump in many respects, but what did he do? Two years after the threat, Zuckerberg showed up on the White House lawn to celebrate Trump’s insane UFC fight show. He tapped out against a bully.

This is what makes everything really messy. We live in an age dominated by communication platforms that are so wealthy, powerful, and pervasive that they seem practically unrestrained by the US government, but paradoxically must still cozy up to a regime that has no actual respect for them or for their free speech. Trump once threatened to blow up the entire internet because he wanted platforms to censor things to his advantage. The CEOs of those companies still indulge him with flattery and photo ops.

Advertisement

This blurring of public and private interests has fueled a funhouse-mirror idea of “free speech culture” that’s actually designed to crack down on free speech. The loudest people crying about free speech culture do so as if theirs is not the freest ever in history, while simultaneously supporting actual government censorship, like banning books.

I can’t say it better than Ken White has, so just go read him on this point. White explains how “free speech culture” has emboldened the Trump admin and others to engage in real censorship. “When enough people think that all of free speech—including free speech law—is bullshit, then free speech rights won’t be enforced,” he writes.

Our constitutional punchbowl has been spiked by madmen who profit from confusion about our rights and the rule of law. It doesn’t have to be this way. Just remember: The First Amendment is a restraint on the government that prevents it from prohibiting your speech.

Moreover: Actual censorship is government suppression of speech. It’s entirely understandable that we’re confused about what censorship is because of how hard many people have worked to keep us confused. A social media platform moderating your post is not censorship — it’s actually free speech. Yes, that sounds completely counterintuitive, but it’s true. The alternative is a situation where the government forces private citizens to publish things they don’t want to, including hate speech.

Much was unsaid here, including the history of immense pain and suffering that has kept the First Amendment and our broader rights alive. I won’t claim to know what the fix is for our current mess, but I’ll say I really hate when our leaders say things like “this is not who we are” when they talk precisely about the things that define who we are. And part of who we are is a coalition that claims to want free speech in theory while simultaneously suppressing it in practice.

Advertisement

So what can you do? Yes, of course, vote. But there’s much more to do. Write or call your congresspeople (I promise this does matter). Participate in local elections, especially for school boards, which are on the front lines of book banning. And if you’re reading this, thank you for subscribing — but consider also supporting other newsrooms.

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Continue Reading

Technology

Fake Booking.com travel credit scam targets travelers

Published

on

Fake Booking.com travel credit scam targets travelers

NEWYou can now listen to Fox News articles!

Summer travel already costs enough. So, an email promising a $500 Booking.com travel credit can feel like a lucky break.

Advertisement

That is exactly why this message we received deserves a closer look. It uses a familiar travel brand, a big reward and a deadline to push you toward a blue “Redeem Now” button. The email also uses my real name in three places, which makes the message feel more personal and convincing.

However, the details in this email raise several red flags. The sender address does not even appear to relate to Booking.com. The subject line feels vague. The reward sounds broad. The deadline adds pressure.

Scammers know people are booking flights, hotels and last-minute trips right now. A fake travel credit can catch someone at the perfect moment.

BOOKING A SUMMER TRIP? HERE’S WHAT YOU’RE GIVING SCAMMERS

A fake Booking.com email promises a $500 travel credit while using pressure tactics and suspicious sender details to target travelers. (iStock)

Advertisement

Before you click anything, let’s break down what makes this email look suspicious.

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Fake Booking.com email starts with pressure

The subject line says “(1) Pending.” That wording is a red flag. It sounds urgent, but it does not clearly explain what is pending.

Scammers often use vague subject lines because they spark curiosity. You may open the message just to find out what needs your attention.

Also, the number “(1)” makes the email feel like an account alert. It hints that one item needs action. That can push you to click faster.

A real travel reward email should explain the offer clearly. It should not rely on mystery to get your attention.

Advertisement

Sender address does not match Booking.com

The biggest giveaway is the sender address. The display name uses a Booking. com-style label. However, the actual email address does not appear to relate to Booking.com at all. That is a major warning sign.

Scammers can copy a logo, brand colors and a button. Still, the sender address often exposes the fake. Always open the full sender details before clicking. Look past the display name. If the real address uses a strange domain, random letters or an unrelated company name, stop. That one detail can save you from a stolen password or a fake payment page.

Fake Booking.com email uses your real name

One detail makes this scam feel more personal: the email uses my real name in three places. That can make a fake message feel more legitimate.

Scammers use names, account-style details and fake customer IDs to lower your guard. They want you to think, “Well, they know who I am, so this must be real.”

But a real name does not prove an email is legitimate. Your name may already appear in old breaches, data broker lists, leaked marketing databases or public records. That personal touch should make you more cautious, not less.

Advertisement

GLOBAL SCAM CRACKDOWN LEADS TO 276 ARRESTS

Booking.com says travelers should keep communication and payments on its platform and report suspicious messages through official channels. (KairosDee/Getty Images)

Booking.com email shows a suspicious date mismatch

Another strange detail appears near the top of the message. The email itself shows “March 2026,” but it was actually sent to us on June 23, 2026.

That mismatch matters because real travel reward emails usually have consistent dates, campaign timing and account details. A March label on a June email can suggest a reused template, a sloppy scam setup or a copied brand-style message.

Scammers often move fast and recycle old layouts. So, when the date inside an email does not match when it arrived, treat that as another reason to pause before clicking.

Advertisement

Fake Booking.com credit uses a tempting reward

The message says you are eligible for a CA$500 Booking.com travel credit. That amount feels big enough to matter. It also feels believable enough to make you curious.

That combination is dangerous. Scammers do not always use wild dollar amounts. They often choose a number that feels exciting but still possible.

The email also says the credit can be applied toward hotels, flights or a Booking.com reservation in Canada. That broad wording makes the offer sound useful to almost anyone planning travel.

However, real travel rewards should be easy to confirm inside your official account. You should not need to click an email button to find out if a credit exists.

Booking.com scam email borrows loyalty language

The message mentions a Spring Genius Loyalty Event. That sounds official because Booking.com has used the Genius name for its loyalty program. Scammers use familiar program names because they make fake emails feel more believable.

Advertisement

Still, the email does not give enough proof. It does not explain real terms. It does not tell you to verify inside your account. It mainly pushes you toward the “Redeem Now” button.

That is another red flag. Real rewards usually appear in your official account, app or wallet area. A surprise email should never be your only proof.

Fake travel email uses flattery

The message says your activity placed you among a select number of loyal members. That line tries to make the reward feel personal. It suggests you earned something special because of your booking history.

However, the wording stays broad. It could apply to almost anyone. Scammers often use flattery to lower your guard. When a message makes you feel chosen, you may spend less time checking the details. That is exactly what the scammer wants.

Booking.com scam creates deadline panic

The message says you must respond before June 23, 2026, at 11:59 p.m.. That exact deadline adds pressure. It makes the credit feel like it could disappear at midnight.

Advertisement

Then the email says the allocation will be released if you take no action. In other words, it wants you to move quickly before you inspect the sender, links or account details.

Urgency is one of the most common scam tactics. When an email mixes a reward with a deadline, slow down. A real company will let you verify rewards by logging in safely through the official app or website.

The ‘Redeem Now’ button is the danger zone

The blue “Redeem Now” button is the part to avoid. A scam link can take you to a fake Booking.com sign-in page. From there, scammers may try to steal your email address, password, payment details or verification codes.

Some fake pages look convincing. They may use the same colors, fonts and logo style as the real site. However, the link behind the button tells the real story. Since you cannot fully trust a button in a suspicious email, do not click it. Open Booking.com through the official app instead. You can also type the website into your browser.

FIVE DATA BROKER OPT-OUT MYTHS THAT LEAVE RETIREES EXPOSED

Advertisement

Travelers should avoid clicking links in suspicious reward emails and verify any travel credit through the official Booking.com app or website. (martin-dm/Getty Images)

Junk folder warning should not be ignored

This email landed in our junk folder, and that is worth noting. Spam filters can flag suspicious sender patterns, bulk messages, strange links or known scam behavior. They are not perfect, but they can give you a useful warning.

So, when a reward email appears in junk, treat it with extra caution. Do not click first and investigate later. The safer move is to delete the message and check your account directly.

CyberGuy reached out to Booking.com about the suspicious email. Booking.com responded with general safety guidance for travelers and said it uses dedicated teams and machine learning tools to monitor, detect and block suspicious activity around the clock.

Booking.com responds to phishing concerns

Booking.com responded to CyberGuy after we reached out about the suspicious email. The company did not specifically verify this email, but said cybercrime and online fraud are not new or unique to Booking.com or the travel industry.

Advertisement

“At Booking.com, the security and data protection of our partners and travelers is a top priority. We have dedicated teams and employ machine learning tooling to monitor, detect and block suspicious activity around the clock and continuously work to enhance the robust security measures we have in place,” Booking.com said.

Booking.com also advises travelers to keep communication and payment on its platform, watch for unusual host requests or last-minute listing changes and report suspicious messages through its official customer service channels.

How to stay safe from Booking.com travel scams

A fake travel credit can look convincing at first, but a few quick checks can help you avoid a stolen login, fake payment page or follow-up scam.

1) Check the sender address first

Do not trust the display name alone. A scam email can say Booking.com, while the real sender address has nothing to do with the company. Open the sender details and look closely. Strange domains, random letters or unrelated addresses are clear warning signs.

2) Be cautious when an email uses your real name

Do not assume an email is safe because it knows your name. Scammers can get names from data breaches, people-search sites and marketing lists. If a message uses your name while pushing a deadline, reward or login link, treat it as suspicious.

Advertisement

3) Skip email links and open the app

Do not click “Redeem Now” from the email. Instead, open the Booking.com app or type the website into your browser. Then check your account for rewards, wallet credits or official messages. If the credit is real, it should appear there. Booking.com also advises travelers not to move communication or payment outside its platform because scammers often use that tactic to avoid platform protections.

4) Watch for pressure words

Words like Pending, Confirm, Final notice and Limited time can push you to act fast. Slow down when an email adds a deadline. Scammers use urgency because it keeps you from checking the facts.

5) Protect your login details

Never enter your password, payment details or verification codes from an email link. Also, use a password manager. It can help you avoid fake sign-in pages because it usually will not autofill your saved password on the wrong site.

6) Turn on two-factor authentication

Turn on two-factor authentication (2FA) or passkeys for your Booking.com account, email account and payment accounts. That extra step can help block a scammer who steals your password. Never share a one-time code with anyone who contacts you by email, text or phone.

7) Use strong antivirus software

Use strong antivirus software on your devices to help detect malicious links, fake websites and suspicious downloads. That extra layer can help stop a scam before it steals your information or infects your device. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.

Advertisement

8) Use a data removal service

Scammers can use your exposed personal information to make phishing emails feel more believable. A data removal service can help reduce how much of your personal data appears on people-search sites and data broker lists. That can make it harder for scammers to target you with personalized travel scams. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.

9) Report the fake email

Report the message as phishing or junk in your email app. You can also forward suspicious Booking.com-related emails to Booking.com’s customer service or report them through your account. This helps the platform track scams that impersonate its brand. Booking.com says travelers should report suspicious listings or communications through its official customer service channels so they can be investigated quickly.

10) Mark the message as junk

Since this email already appeared in the junk folder, your spam filter likely spotted something suspicious. Mark it as junk and delete it. If you already clicked, change your Booking.com password through the official site. Then check your card activity. Also, watch for follow-up scam messages that mention travel credits, refunds or account problems.

Kurt’s key takeaways

This fake Booking.com email works because it shows up when travel is already on your mind. A $500 credit sounds helpful when hotels and flights feel expensive. But the warning signs are clear. The vague subject line creates curiosity. The sender address does not appear connected to Booking.com. The use of a real name makes the scam feel more personal. The deadline adds pressure. The “Redeem Now” button pushes you toward a risky click. That is important because travel scams often work fast. One fake login page can hand scammers your account, payment details or personal information. The safest move is to ignore the email and check your account directly. If the credit is real, it should appear inside your Booking.com account. If it is fake, you just avoided a costly summer scam.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Advertisement

With scammers using trusted travel brands to push fake credits, should companies like Booking.com do more to protect customers before they fall for the click? Let us know by writing to us at CyberGuy.com.

Sign up for my FREE CyberGuy Report

  • Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
  • For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com trusted by millions who watch CyberGuy on TV daily.
  • Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.

Copyright 2026 CyberGuy.com. All rights reserved.

Advertisement
Continue Reading

Technology

Some of the nation’s rich are letting AI teach their kids

Published

on

Some of the nation’s rich are letting AI teach their kids

Most Americans don’t trust AI. It’s proven that it doesn’t know what safe toppings for pizza are. People don’t even want to listen to AI music. But none of that matters for some of America’s wealthy, who are turning to AI to teach their kids instead of traditional schools.

Companies like Forge Prep and Alpha School are charging families tens of thousands of dollars to turn their kids into beta testers for AI tutors and “interactive project-based workshops.” Unsurprisingly, Silicon Valley have been major adopters of this new model. Shaun Johnson, a San Francisco-based venture capitalist, told the Wall Street Journal that he plans to send his son to a $75,000 year Alpha Kindergarten. He said, “We recognize that education is likely broken the way it is and there’s going to be entrepreneurs that try to fix it… You want someone to be able to think on their feet and navigate the world, not necessarily a recitation of facts in a particular discipline.”

Ignoring Johnson’s fundamental lack of understanding about modern pedagogy, it’s unclear how notoriously sycophantic AI will train children to “think on their feet and navigate the world.” It’s also concerning that Alpha School co-founder MacKenzie Price has said she plans to keep “hot-button social issues” out of the classroom. Which, in the current political climate, could cover women’s rights, America’s history of slavery, and our immigrant past. That might not seem like a major issue when you’re talking about kindergarten, but in some locations, Alpha School goes through high school.

Companies like Forge also don’t share performance metrics, so there’s no evidence that these AI-guided private schools are improving educational outcomes.

Continue Reading
Advertisement

Trending