The section specifically responding to the rumors reads:

Apple has never used Siri data to build marketing profiles, never made it available for advertising, and never sold it to anyone for any purpose. We are constantly developing technologies to make Siri even more private, and will continue to do so.

After The Guardian’s report in 2019, Apple apologized and changed its policy, making the default setting not to retain audio recordings from Siri interactions and saying that for users who opt-in to sharing recordings, those recordings would not be shared with third-party contractors.

However, reports about the settlement noted that in earlier filings like this one from 2021, some of the plaintiffs claimed that after they mentioned brand names like “Olive Garden,” “Easton bats,” “Pit Viper sunglasses,” and “Air Jordans,” they were served ads for corresponding products, which they attributed to Siri data.

Apple’s statement tonight says it “does not retain audio recordings of Siri interactions unless users explicitly opt in to help improve Siri, and even then, the recordings are used solely for that purpose. Users can easily opt-out at any time.”

Facebook responded to similar theories in 2014 and 2016 before Mark Zuckerberg addressed it directly, saying “no” to the question while being grilled by Congress over the Cambridge Analytica scandal in 2018.

So, if Apple (and Facebook, Google, etc.) is telling the truth, then why would you see an ad later for something you only talked about?

There are other explanations, and attempts to check the rumors out include an investigation in 2018 that didn’t find evidence of microphone spying but did discover that some apps secretly recorded on-screen user activity that they shipped to third parties.

With our lives so intertwined with digital communication these days, the threat of email fraud is something we all need to take seriously. Recently, Teresa W. shared a scary experience that underscores the dangers of business email compromise (BEC).

“I almost lost many thousands of dollars through an internet fraud scam. I got a call from our personal banker who said she saw nearly all the money in our business account being withdrawn. She said she got an email from me along with the money wiring directions. I told her I didn’t send that and she said my email came from me directly to her. I said to stop everything and I will get to the bottom of it.

“Apparently the thieves got hold of a wiring instruction paper from my email, which they hacked into. They created a rule in Outlook to bypass me if anything came from them and go straight to the banker. They changed the wiring instructions to go into their account but thank goodness our banker alerted me so I could get to the bottom of it. Too close for comfort!”

This incident highlights a sophisticated scam where cybercriminals gain access to legitimate email accounts and use them to deceive others into transferring funds. Teresa’s quick action, combined with her banker’s vigilance, prevented a significant financial loss, but it serves as a wake-up call for many businesses.

I’M GIVING AWAY THE LATEST & GREATEST AIRPODS PRO 2

Enter the giveaway by signing up for my free newsletter.

What is business email compromise (BEC)?

Business email compromise (BEC) is a form of cybercrime that targets companies engaged in wire transfer payments and other financial transactions. The FBI reports that BEC scams have caused billions in losses globally. These scams exploit human psychology rather than technical vulnerabilities, making them particularly insidious.

A hacker at work (Kurt “CyberGuy” Knutsson)

HERE’S WHAT RUTHLESS HACKERS STOLE FROM 110 MILLION AT&T CUSTOMERS

How the scam works

Email hacking: Scammers often gain access to email accounts through phishing attacks, where they trick users into revealing their login credentials or by deploying malware that captures sensitive information.

Email rule creation: Once inside the account, scammers can create rules in email clients like Outlook that redirect or hide specific emails. This means that any communication related to fraudulent activities may go unnoticed by the victim.

Impersonation: The scammer impersonates the victim and sends emails to contacts, such as banks or vendors, requesting urgent wire transfers or sensitive information.

Execution: The scammer provides convincing details and urgency in their requests, making it appear as though the email is genuinely from the victim. They may use specific language or references only known to the victim and their contacts.

A hacker at work (Kurt “CyberGuy” Knutsson)

BEWARE OF ENCRYPTED PDFs AS THE LATEST TRICK TO DELIVER MALWARE TO YOU

Real-life implications

The consequences of BEC scams can be devastating for businesses. In addition to direct financial losses, companies may face reputational damage, loss of customer trust and potential legal ramifications. For small businesses like Teresa’s, which may not have extensive cybersecurity measures in place, the impact can be particularly severe.

Illustration of security on a computer (Kurt “CyberGuy” Knutsson)

WHAT TO DO IF YOUR BANK ACCOUNT IS HACKED

Proactive steps to avoid being a victim of BEC scams

To combat BEC and similar scams, businesses must adopt a proactive approach to cybersecurity.

1) Have strong antivirus software: Use reputable, up-to-date, strong antivirus software to check your system. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2) Use strong passwords: Ensure passwords are complex (a mix of letters, numbers and symbols) and unique for each account. Make sure to create strong, unique passwords. Consider using a password manager to generate and store complex passwords.

3) Enable two-factor authentication: Where possible, enable multifactor authentication. This adds an extra layer of security to your accounts.

4) Monitor your accounts: Keep an eye on your financial accounts, email accounts and social media for any unusual activity. If you think scammers have stolen your identity, consider identity theft protection here.

Identity theft companies can monitor personal information like your Social Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white-glove fraud resolution team where a U.S.-based case manager helps you recover any losses. See my tips and best picks on how to protect yourself from identity theft.

5) Invest in personal data removal services: Using a data removal service can be an effective additional step to protect your personal information after a potential BEC scam. These services locate and remove your information from various online platforms, databases and data brokers. By eliminating unnecessary or outdated information, data removal services minimize your online presence, making it harder for scammers to find and exploit your data.

While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.

6) Regularly update security questions: Change security questions and answers periodically to enhance protection.

7) Regularly review email rules: Check for unauthorized changes in email settings that could indicate compromise.

8) Disable auto-forwarding: Unless absolutely necessary, turn off auto-forwarding features to prevent sensitive information from being sent elsewhere without your knowledge.

9) Verify requests: Always verify any financial requests through a secondary communication method (e.g., a phone call) before proceeding with transactions.

10) Limit access: Restrict access to financial information and transactions only to those who need it within your organization.

11) Contact professionals: If you’re unsure about any steps or if the situation seems severe, consider reaching out to a professional IT service.

12) Report the incident: Report the scam to your local authorities and the Federal Trade Commission in the U.S.

13) Create alias email addresses: My top recommendation to avoid being inundated with spam emails is to use an alias email address. An alias email address is an additional email address that can be used to receive emails in the same mailbox as the primary email address. It acts as a forwarding address, directing emails to the primary email address.

In addition to creating throwaway email accounts for online sign-ups and other circumstances where you would not want to disclose your primary email address, alias email addresses are helpful for handling and organizing incoming communications.

Sometimes, it’s best to create various email aliases so that you don’t have to worry about getting tons of spam mail and having your email eventually stolen in a data breach. An alias email address is a great way for you to stop receiving constant spam mail by simply deleting the email alias address. See my review of the best secure and private email services here.

What additional measures do you think businesses and government agencies should implement to effectively combat the rising threat of email scams? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Nintendo isn’t officially at CES, but it might have stolen the show anyway: accessories-maker Genki brought a 3D-printed mockup of what it says is Nintendo’s Switch successor, and we got to hold it and take some high-resolution pictures.

Based on the mockup of what we’ll call the Switch 2, Nintendo’s next console appears to be wider than the original, with slightly larger Joy-Con controllers that seem like they’ll be more comfortable to hold. Compared to a Steam Deck OLED, the Switch 2 mockup still feels noticeably smaller, in part because the Joy-Cons are not as pronounced and ergonomic as the Deck’s grips. But the mockup still feels closer in size to Valve’s handheld than the original Switch.

As previous rumors have indicated, the Switch 2’s Joy-Cons will attach to the console via magnets instead of a sliding rail, Genki cofounder and CEO Eddie Tsai tells The Verge. To detach a Joy-Con from the Switch 2, you press a big button at the top of the backside of each controller, Tsai says, and that button apparently pushes out a pin that nudges against the chassis of the console, disconnecting the magnets.

You can remove the Joy-Cons with brute force if you really wanted to, according to Tsai, but he says, overall, they feel secure for regular use and that the big release button detaches the Joy-Cons with ease. Tsai declined to share where he’d learned details of the new console.

Tsai also tells The Verge that housed within the mounting channel of the Joy-Cons is an optical sensor, and by using another attachment the new Joy-Cons may offer mouse-like functionality. It sounds a bit like what Lenovo does with its Legion Go handheld.

Nintendo has promised that it will announce the Switch’s successor before April 2025, and as that deadline creeps closer, there have been waves of leaks and rumors about the new hardware. In December, YouTube channel SwitchUp posted a video showing a 3D-printed, non-functional Switch 2 mockup provided by a Chinese case manufacturer. That mockup basically looked like the current Switch but bigger, and it revealed a few other potential changes like a new USB-C port on the top of the device and a mysterious new square button under the Home button on the right Joy-Con.

Days later, accessories-maker Dbrand announced its “Killswitch 2” case, and CEO Adam Ijaz told The Verge that it was designed based on “actual dimensions” based on a “3D scan of the real hardware.” Ijaz also said that it was his “understanding” that the console’s Joy-Cons are magnetically attached. And Dbrand’s imagery showed that the new square button had a “C” printed on it, though Ijaz didn’t know what it was. Days after that, our colleague Sean Hollister spoke with a Redditor who shared apparent photos of the Switch 2’s dock and the inside of what appears to be a Switch 2 Joy-Con.

With that April 2025 deadline inching closer every day, it seems like it won’t be long until Nintendo officially, finally reveals the Switch 2. But until that happens, at least we have these pictures to look at.

Photography by Antonio G. Di Benedetto / The Verge