Technology
New email scam uses hidden characters to slip past filters
NEWYou can now listen to Fox News articles!
Cybercriminals keep finding new angles to get your attention, and email remains one of their favorite tools. Over the years, you have probably seen everything from fake courier notices to AI-generated scams that feel surprisingly polished. Filters have improved, but attackers have learned to adapt. The latest technique takes aim at something you rarely think about: the subject line itself. Researchers have found a method that hides tiny, invisible characters inside the subject so automated systems fail to flag the message. It sounds subtle, but it is quickly becoming a serious problem.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
NEW SCAM SENDS FAKE MICROSOFT 365 LOGIN PAGES
Cybercriminals are using invisible Unicode characters to disguise phishing email subject lines, allowing dangerous scams to slip past filters. (Photo by Donato Fasano/Getty Images)
How the new trick works
Researchers recently uncovered phishing campaigns that embed soft hyphens between every letter of an email subject. These are invisible Unicode characters that normally help with text formatting. They do not show up in your inbox, but they completely throw off keyword-based filters. Attackers use MIME encoded-word formatting to slip these characters into the subject. By encoding it in UTF-8 and Base64, they can weave these hidden characters through the entire phrase.
One analyzed email decoded to “Your Password is About to Expire” with a soft hyphen tucked between every character. To you, it looks normal. To a security filter, it looks scrambled, with no clear keyword to match. The attackers then use the same trick in the body of the email, so both layers slide through detection. The link leads to a fake login page sitting on a compromised domain, designed to harvest your credentials.
If you have ever tried spotting a phishing email, this one still follows the usual script. It builds urgency, claims something is about to expire and points you to a login page. The difference is in how neatly it dodges the filters you trust.
Why this phishing technique is super dangerous
Most phishing filters rely on pattern recognition. They look for suspicious words, common phrases and structure. They also scan for known malicious domains. By splitting every character with invisible symbols, attackers break up these patterns. The text becomes readable for you but unreadable for automated systems. This creates a quiet loophole where old phishing templates suddenly become effective again.
The worrying part is how easy this method is to copy. The tools needed to encode these messages are widely available. Attackers can automate the process and churn out bulk campaigns with little extra effort. Since the characters are invisible in most email clients, even tech-savvy users do not notice anything odd at first glance.
Security researchers point out that this method has appeared in email bodies for years, but using it in the subject line is less common. That makes it harder for existing filters to catch. Subject lines also play a key role in shaping your first impression. If the subject looks familiar and urgent, you are more likely to open the email, which gives the attacker a head start.
How to spot a phishing email before you click
Phishing emails often look legitimate, but the links inside them tell a different story. Scammers hide dangerous URLs behind familiar-looking text, hoping you will click without checking. One safe way to preview a link is by using a private email service that shows the real destination before your browser loads it.
Our top-rated private email provider recommendation includes malicious link protection that reveals full URLs before opening them. This gives you a clear view of where a link leads before anything can harm your device. It also offers strong privacy features like no ads, no tracking, encrypted messages and unlimited disposable aliases.
For recommendations on private and secure email providers, visit Cyberguy.com
PAYROLL SCAM HITS US UNIVERSITIES AS PHISHING WAVE TRICKS STAFF
A new phishing method hides soft hyphens inside subject lines, scrambling keyword detection while appearing normal to users. (Photo by Silas Stein/picture alliance via Getty Images)
9 steps you can take to protect yourself from this phishing scam
You do not need to become a security expert to stay safe. A few habits, paired with the right tools, can shut down most phishing attempts before they have a chance to work.
1) Use a password manager
A password manager helps you create strong, unique passwords for every account. Even if a phishing email fools you, the attacker cannot use your password elsewhere because each one is different. Most password managers also warn you when a site looks suspicious.
Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.
2) Enable two-factor authentication
Turning on 2FA adds a second step to your login process. Even if someone steals your password, they still need the verification code on your phone. This stops most phishing attempts from going any further.
3) Install a reliable antivirus software
Strong antivirus software does more than scan for malware. Many can flag unsafe pages, block suspicious redirects and warn you before you enter your details on a fake login page. It is a simple layer of protection that helps a lot when an email slips past filters.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
4) Limit your personal data online
Attackers often tailor phishing messages using information they find about you. Reducing your digital footprint makes it harder for them to craft emails that feel convincing. You can use personal data removal services to clean up exposed details and old database leaks.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
AI FLAW LEAKED GMAIL DATA BEFORE OPENAI PATCH
Researchers warn that attackers are bypassing email defenses by manipulating encoded subject lines with unseen characters. (Photo by Lisa Forster/picture alliance via Getty Images)
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com
5) Check sender details carefully
Do not rely on the display name. Always check the full email address. Attackers often tweak domain names by a single letter or symbol. If something feels off, open the site manually instead of clicking any link inside the email.
6) Never reset passwords through email links
If you get an email claiming your password will expire, do not click the link. Go to the website directly and check your account settings. Phishing emails rely on urgency. Slowing down and confirming the issue yourself removes that pressure.
7) Keep your software and browser updated
Updates often include security fixes that help block malicious scripts and unsafe redirects. Attackers take advantage of older systems because they are easier to trick. Staying updated keeps you ahead of known weaknesses.
8) Turn on advanced spam filtering or “strict” filtering
Many email providers (Gmail, Outlook, Yahoo) allow you to tighten spam filtering settings. This won’t catch every soft-hyphen scam, but it improves your odds and reduces risky emails overall.
9) Use a browser with anti-phishing protection
Chrome, Safari, Firefox, Brave, and Edge all include anti-phishing checks. This adds another safety net if you accidentally click a bad link.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaway
Phishing attacks are changing fast, and tricks like invisible characters show how creative attackers are getting. It’s safe to say filters and scanners are also improving, but they cannot catch everything, especially when the text they see is not the same as what you see. Staying safe comes down to a mix of good habits, the right tools, and a little skepticism whenever an email pushes you to act quickly. If you slow down, double-check the details, and follow the steps that strengthen your accounts, you make it much harder for anyone to fool you.
Do you trust your email filters, or do you double-check suspicious messages yourself? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Valve has some good news and bad news about Steam Controllers. The good news: if you make a reservation for a Steam Controller, the company will now show you one of three estimates of when you’ll be able to actually order your gamepad: by September 2026, by December 2026, or sometime in 2027. The bad news: any reservations made today “indicate a 2027 date for shipping,” Valve says.
“We have no plans to stop making Steam Controller,” according to Valve. “But as we look at the current demand compared to how many we know we can make by the end of the year, we want to manage expectations as much as we can with regards to when folks can expect to receive their order.”
Valve’s very good new Steam Controller went on sale in early May, and the initial rush led some people to run into frustrating problems with trying to check out ahead of the controllers eventually going out of stock. A few days later, the company announced that it would be implementing a reservations queue for interested buyers so they could get on a waitlist. If you’re on the waitlist, when you get notified that a Steam Controller is ready for you to buy, you have 72 hours to actually make the order.
“When we launched Steam Controller last month, we quickly saw that initial demand exceeded our expectations,” Valve says. “Switching to a reservation queue has (hopefully) cut down on the headaches on the customer side, and for us it’s also been helpful as we plan ahead and try to get as many out as quickly as we are able.”
All three of Valve’s big hardware products were delayed from a planned early 2026 launch because of the component crisis, Valve still hasn’t announced when the Steam Machine PC or Steam Frame VR headset might go on sale. However, just yesterday, Valve officially launched its big SteamOS 3.8 update with support for the Steam Machine. It’s also been importing a lot of hardware into the US as of late.
NEWYou can now listen to Fox News articles!
The next time you pull up to a McDonald’s drive-thru, the voice taking your order may not be human. McDonald’s is testing a new AI-powered system called ArchIQ at five U.S. locations. The company has not said where those restaurants are located. The voice assistant, nicknamed Archy, can take drive-thru orders and has shown it can handle both English and Spanish.
For anyone who has repeated “no pickles” into a speaker box more than once, this could sound helpful. However, if you remember McDonald’s last AI drive-thru experiment, you may also wonder whether your burger order could somehow turn into a bag full of surprise McNuggets.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
WOULD YOU EAT AT A RESTAURANT RUN BY AI?
McDonald’s is testing an AI drive-thru system called ArchIQ at five U.S. restaurants. (Kurt “CyberGuy” Knutsson)
What is McDonald’s AI drive-thru?
ArchIQ is McDonald’s new AI system for restaurants. It can take drive-thru orders and also help with operations behind the scenes.
In a post on X, McFranchisee, an anonymous McDonald’s franchisee account, said the system is currently in five test stores and has processed more than one million transactions. The account also said about 90% of orders were completed without a human stepping in. That number sounds promising. Still, McDonald’s has not confirmed a nationwide launch date. For now, this remains a limited test.
The system also appears to connect with a bigger McDonald’s plan called “McDonald’s > NEXT.” CEO Chris Kempczinski described the strategy as a way to bring in more customers and improve restaurant productivity. The plan also includes menu changes, restaurant redesigns, technology upgrades and more focus on hospitality.
Why McDonald’s is testing AI ordering
Drive-thrus can get chaotic fast. Someone changes an order after the total appears. A child calls out from the back seat. Road noise makes the speaker hard to hear. Then the driver remembers the extra sauce after everything has already gone through. That is the type of pressure McDonald’s wants AI to handle.
If ArchIQ works well, it could help restaurants move cars through the line faster. It may also reduce mistakes during busy hours. Workers could then focus more on preparing food, handling payments and helping customers who need a real person.
ArchIQ also appears to have a management role. In the same X post, McFranchisee described Archy as a tool that could alert managers to bottlenecks or other issues before they slow down operations.
STARBUCKS USES CHATGPT TO SUGGEST DRINKS BASED ON MOOD AS EXPERT WARNS OF HIDDEN DOWNSIDES
The AI assistant, nicknamed Archy, can take drive-thru orders and may also help managers spot restaurant slowdowns. (McFranchisee)
McDonald’s tried AI drive-thru ordering before
This new test follows McDonald’s earlier AI drive-thru experiment with IBM. That program involved more than 100 restaurants. McDonald’s ended the test in 2024 after customers complained about order accuracy. Some mistakes also went viral, creating an embarrassing moment for McDonald’s and raising questions about whether the technology was ready for the drive-thru. Customers reported wrong items, strange quantities and other order mix-ups. That history is why this new test will get extra attention.
This time, McDonald’s is working with Google technology. McFranchisee also claimed every McDonald’s in the U.S. is getting Google Edge Cloud hardware in anticipation of the rollout. McDonald’s seems to believe the newer system can perform better than the last one. The real test will come when regular customers use it during real drive-thru rushes.
How McDonald’s AI drive-thru could help customers
If McDonald’s gets this right, the most obvious benefit is speed. An AI ordering system does not get tired during a long shift. It may also help more customers order in the language they prefer. That could make a busy drive-thru feel less frustrating, especially during breakfast or late-night hours.
The system may also ask clearer follow-up questions and catch missing details before the order reaches the kitchen. That would be a win for customers who want to get in, get their food and get on with the day.
The biggest problem with AI drive-thru orders
The biggest concern is accuracy. AI can still misunderstand people. That gets frustrating fast when you are trying to grab lunch between errands or get your kids fed from the back seat. A wrong order wastes time. It also puts workers in the position of fixing a mistake the machine made.
There is also the customer service side. Some people like hearing a real person at the speaker. Others may find an AI voice cold or annoying, especially if the system gets confused.
Then there is the privacy question. If an AI system takes your order, customers may wonder what gets collected, how long it is kept and who can access it. McDonald’s has not publicly explained those specifics for this current ArchIQ test.
ALEXA+ LETS YOU ORDER FOOD LIKE A REAL CONVERSATION
A drive-thru menu board stands outside a McDonald’s restaurant in Hercules, Calif., on Oct. 23, 2024, amid an E. coli outbreak linked to onions in Quarter Pounder sandwiches that has sickened dozens and killed one person across the U.S. (David Paul Morris/Bloomberg via Getty Images)
How to avoid AI drive-thru mistakes
Before you leave the drive-thru, take a moment to check the order screen. Make sure the items match what you said. Listen when the system repeats your order. Keep your receipt until you confirm the food is right.
Also, avoid sharing extra personal details at the speaker box. Your order should only require your food choices and payment.
If the AI gets confused, ask for a crew member. You do not need to keep going back and forth with a machine over fries.
What this means for you
For now, you probably will not notice a change at your local McDonald’s. The ArchIQ test appears limited to five U.S. restaurants, and the company has not said when it could expand.
Still, this gives customers a preview of where fast food may be heading. AI could soon play a bigger role in how restaurants take orders and manage the kitchen. That may speed up the line, though it could also make the experience feel less personal.
Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com
Kurt’s key takeaways
McDonald’s clearly wants AI to play a bigger role in its restaurants. From a business point of view, the idea makes sense. Shorter drive-thru lines could help franchisees and customers. Better restaurant data could also help managers fix problems faster. But I still want the human backup. Food orders can be messy because people are messy. We change our minds. We talk over each other. We forget the extra ketchup until the last second. AI may handle much of that one day. For now, I would treat it like any busy drive-thru interaction. Speak clearly. Check the order. Do not pull away until you know your food is right.
Would you trust an AI voice to take your McDonald’s order, or do you still want a real person on the other end of the speaker? Let us know by writing to us at Cyberguy.com
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Midjourney CEO David Holz just showed off the company’s first hardware product and plans to build a San Francisco spa, which he admitted is a bit different from the “cat pictures” produced by its AI image generator. Dubbed The Midjourney Scanner, it’s an ultrasound-based full-body scanner that uses a ring of sensors to capture vertical slices of the inside of your body, looking at the composition of your muscle, fat, bone, and organs to start. Holz said ideally, you could do this once a year or every single day, as it “aims for image quality comparable to MRI in many ways.”
He mentioned that one way he’d like to use it would be to see how his body changes in response to diet and workout changes, saying, “I’m not the most measured man on Earth yet, you know, but maybe I want to have that daily [measurable information].” A set of job listings advertises the company’s goal as trying to “build and launch the world’s first full-body ultrasound CT scanner, ultimately bringing safe, fast, and high fidelity preventative scanning to billions via a magical spa experience.”
The Midjourney Scanner was developed in a partnership with ultrasound tech company Butterfly Network, which said it uses “40 Butterfly Ultrasound-on-Chip imaging modules per system.”
The scanning process starts with stepping onto a platform that drops down into the water on rails through a ring of thousands of transducers that create ultrasonic waves. It then records the ripples passing through your body to analyze them and create detailed 3D images. The scan takes about 60 seconds. Holz said about a dozen people have been scanned so far.
It starts by stepping into a shallow pool of golden light. You then begin to descend into the water. Your body passes through a ring of underwater sensors, each acting like a dolphin, using its echolocation. The sensors send ultrasonic sound waves through your body from every angle. With enough waves, and enough angles, we form an image of what’s happening inside your body.
It combines those sensors with two petaflops of processing power. But after watching the livestreamed reveal, I’m still unclear on what Midjourney’s AI image generation tech exactly has to do with the Midjourney Medical effort, beyond an alternative business for otherwise-unused AI compute.
Holz hopes to put 10 of the scanners into a Midjourney Spa location in San Francisco’s Union Square that will open before the end of 2027 and offered to scan the hands of attendees at its launch event. The Midjourney Spa will have a gym, saunas, and cold plunges to go along with the hot tub–equipped scanning rooms where visitors will get into the water to be scanned.
He did mention that various medical applications would require FDA clearances, but for now, Midjourney Medical says it’s working on “body composition maps” that don’t require the same level of clearance as diagnostic imaging. It also says the “library of scans” users create can be shared with doctors, AI health tools, or others, and that, “We take data privacy seriously — more details on our data policies will come as we get closer to launch.”
Holz suggested that eventually these scans could become better than an MRI, without radiation, powerful magnets, or other complicating factors, to get a look at what’s going on inside people’s bodies “real fast.” In response to a question, he imagined a future where the FDA had a class of devices to look at “weird” things and allowed people to “just try to get as much data as we can.”
-
World5 minutes agoUS-Iran talks postponed as Israel attacks Lebanon
-
News30 minutes agoLuigi Mangione’s lawyers withdraw plans for psychiatric defense
-
New York2 hours agoVideo: Knicks Fans Celebrate With Ticker-Tape Parade
-
Los Angeles, Ca2 hours agoArmed, dangerous CHP pursuit suspect tied to double homicide in Pomona
-
Detroit, MI2 hours agoFirst responders honored after rescuing 12 people from capsized sailboats near Belle Isle
-
San Francisco, CA2 hours agoOakland man faces hate crime charges for Castro District attack
-
Dallas, TX2 hours agoAt least 4 injured after vehicle drives into Dallas crowd, driver arrested
-
Miami, FL3 hours agoMiami Central students prepare for life changing trip to Zimbabwe amid funding challenges
