Technology
Sending a text the wrong way could cost you money and trouble
Ever wondered why your text messages sometimes fail to send, show up pixelated or don’t appear at all on the other person’s end?
It might not be your phone, but your carrier’s messaging support. Knowing the difference between SMS, MMS and RCS and how your carrier handles them can save you money, improve message delivery and ensure you’re using the full potential of your messaging app.
A person texting on their phone (Kurt “CyberGuy” Knutsson)
Knowing the basics: SMS vs. MMS vs. RCS
Before you can figure out which phone carrier fits your messaging needs, it helps to understand the differences between the three main types of mobile messaging — SMS, MMS and RCS. Each has its own capabilities, limitations and impact on your experience.
Join The FREE CyberGuy Report: Get my expert tech tips, critical security alerts and exclusive deals — plus instant access to my free Ultimate Scam Survival Guide when you sign up!
SMS (Short Message Service) is the most basic form of text messaging and has been around since the early days of mobile phones. It allows users to send plain text messages with a strict character limit of 160 characters. SMS messages are sent over the cellular network, which means they work even if you don’t have a data plan or access to Wi-Fi. This makes SMS one of the most reliable messaging options available, especially for simple communication. It works for all phones, even older models, which makes it universal.
MMS (Multimedia Messaging Service) builds upon SMS by allowing the transmission of multimedia content. With MMS, users can send images, videos, audio files and even GIFs. The character limit is significantly higher, typically up to 1,600 characters, although this can vary depending on the carrier. MMS messages also travel over the cellular network but require mobile data to send and receive. They do not require Wi-Fi, but because media files are larger, the reliability can vary. Some carriers compress MMS files or fail to send them if they exceed certain size limits, which means your carefully chosen vacation photo might arrive as a pixelated blur.
RCS (Rich Communication Services) represents the next generation of mobile messaging. It is designed to upgrade the SMS and MMS experience by providing features that rival popular messaging apps like iMessage and WhatsApp. With RCS, users can send high-resolution photos and videos, audio clips, emoji, stickers and even read receipts and typing indicators. There is no character limit, and the service works over Wi-Fi or mobile data instead of over standard cellular channels.
While RCS allows larger files, some messaging platforms or carriers may still apply soft limits or compress images/videos to ensure consistent performance. However, for RCS to work, both the sender and the recipient need to have RCS enabled on a supported messaging app and carrier. Google Messages is the most reliable app for accessing these RCS features, especially on Android devices. However, it should be noted that Apple devices do not support RCS natively because Apple relies on iMessage for similar functionality.
HOW TO STOP SPAM TEXT MESSAGES ON YOUR PHONE
Why it matters when choosing a wireless carrier
Now that you know what SMS, MMS and RCS are, it’s important to understand how your phone carrier influences your messaging experience. From hidden fees to message delivery issues, the provider you choose can make a big difference in how well these technologies work.
Cost differences
Not all carriers treat these messaging types the same. While SMS is often free and unlimited on many plans, MMS messages may incur additional charges, especially on prepaid or international plans. RCS messages, on the other hand, use mobile data or Wi-Fi and typically do not incur per-message fees, making them a cost-effective option if supported.
For example, carrier A might offer unlimited SMS but charge for every MMS sent. Carrier B might include MMS in the plan but cap the number of SMS messages. Carrier C could fully support RCS, letting users send messages over Wi-Fi for free. Choosing the right carrier based on how you communicate can help avoid surprise charges.
Not all carriers fully support RCS
While SMS and MMS are universally supported, RCS still depends on carrier infrastructure and the messaging app being used. Some carriers support RCS only through their proprietary apps, which may not be compatible with all devices. Others support “universal RCS”, which works across multiple platforms but still requires the right app, most reliably Google Messages.
If you’re hoping to use RCS features like high-resolution image sharing, read receipts and typing indicators, it’s important to ensure your carrier not only supports RCS but also supports it universally across devices and apps. Otherwise, your message may silently fall back to SMS or MMS if the recipient’s carrier or device does not support RCS.
Illustration of text messaging on a smartphone (Kurt “CyberGuy” Knutsson)
ANDROID FEATURE PREVENTS SENSITIVE CONTENT IN GOOGLE MESSAGES
As of May 2025, all major U.S. wireless carriers and most of their sub-brands and MVNOs (mobile virtual network operators) fully support SMS, MMS and RCS messaging. This includes both Android and iPhone users (with iOS 18.4 or newer for RCS on iPhone).
You can expect full support for SMS, MMS and RCS on the following carriers: AT&T, Verizon, T-Mobile, US Cellular, C Spire, Consumer Cellular, Cricket, Family Mobile, FirstNet, H2O Wireless, Metro by T-Mobile, Mint Mobile, Boost Mobile, Google Fi, PureTalk, RedPocket Mobile, Spectrum Mobile, Straight Talk, TracFone, Ultra Mobile, US Mobile, Visible and Xfinity Mobile.
- SMS and MMS support: All of these carriers offer SMS and MMS. SMS is almost always unlimited on modern plans, while MMS may have limitations or extra charges on some prepaid or international plans.
- RCS support on iPhone: With the release of iOS 18.4, these carriers also support RCS on iPhones. If you have updated to iOS 18.4 or later, you should have access to RCS features, provided your carrier supports it.
- RCS support on Android: All these providers support RCS messaging on Android devices, most reliably through the Google Messages app.
If you are using one of these carriers, you can expect the latest messaging features, including high-resolution media sharing, read receipts, typing indicators and the ability to send messages over Wi-Fi or mobile data. For the best experience, make sure your device is updated to the latest software and that you are using a supported messaging app.
- For iPhones, RCS support requires iOS 18.4 or higher. As of spring 2025, all major U.S. carriers and most MVNOs (mobile virtual network operators) now support RCS on iPhone.
- On Android, RCS is available through Google Messages and is widely supported across all major carriers and most MVNOs.
BEST WIRELESS PHONE PLANS
International support
RCS support is expanding internationally, with carriers like Orange and Sosh in France offering RCS on iPhones running iOS 18.4 beta. To check if your international carrier supports RCS on iPhone:
- Go to Settings
- Tap General
- Click About
- Scroll down and tap Carrier. If RCS is supported, you will see Voice, SMS & RCS.
HOW TO GET RID OF ROBOCALLS WITH APPS AND DATA REMOVAL SERVICES
Recent changes and security
Apple and Google are rolling out support for RCS Universal Profile 3.0, which brings end-to-end encryption for RCS messages, enhancing privacy and security across platforms. Some carriers may still be updating their infrastructure, so check with your provider or device settings if you do not see RCS options enabled.
Pricing considerations
- SMS is typically unlimited on most plans.
- MMS may still incur charges on some plans, especially prepaid or international. For example, outbound MMS in Canada is $0.0220 per message as of May 2025.
- RCS messages use data or Wi-Fi and generally do not incur per-message fees, making them cost-effective for sending media-rich messages.
International messaging can be affected
If you use a smaller or regional provider not mentioned above, or if you plan to travel internationally, it is important to check with your carrier about its current support for RCS, especially if you use an iPhone. While international support for RCS is expanding, it is not yet universal.
When you are abroad, reliable messaging becomes even more critical. SMS is the most dependable option and works almost everywhere, making it a safe choice for staying connected. MMS, on the other hand, can be inconsistent overseas due to differences in network standards and carrier agreements. RCS is even less predictable outside your home country, as it relies on mobile data or Wi-Fi and often does not function while roaming unless your carrier specifically enables it for international use.
So, if you are traveling or using a less common carrier, always confirm whether your plan includes international MMS and RCS support. This will help you avoid unexpected gaps in communication or surprise fees and ensure your messages reach their destination reliably.
GOT A BANK TRANSFER ALERT TEXT? IT MIGHT BE A SCAM. HERE’S WHAT TO DO
Email-to-text services vary by carrier
Email-to-text is a feature that lets you send a text message to someone’s phone number directly from your email. To do this, you use a special email-to-SMS gateway provided by the recipient’s mobile carrier. For example, to text a friend on AT&T, you’d send an email to something like 1234567890@txt.att.net.
However, not all carriers support this, and some may block the feature altogether to prevent spam or limit abuse. Even among those that do support it, there can be differences between how SMS (text-only) and MMS (media messages) are handled.
Below are examples of the special email addresses (called gateways) that let you send text messages via email:
AT&T
- SMS: number@txt.att.net
- MMS: number@mms.att.net
Verizon
- SMS: number@vtext.com
- MMS: number@vzwpix.com
T-Mobile
- SMS & MMS: number@tmomail.net
If you rely on this feature, such as sending yourself reminders from your email or receiving system alerts to your phone, it is important to check whether your carrier supports it. Be aware that not all carriers clearly document this capability, especially smaller providers like Spectrum Mobile or Xfinity Mobile, which may restrict or not support it at all.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
A man texting on his iPhone (Kurt “CyberGuy” Knutsson)
Safety steps for mobile messaging
To enhance your mobile messaging security, follow these best practices:
1. Avoid clicking on unknown links or messages and install strong antivirus software: Be cautious with links or attachments from unknown sources because they can lead to phishing or malware attacks. Also, install strong antivirus software on your device to protect against malware and viruses.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
2. Enable Multi-factor Authentication (MFA): Use MFA to add an extra layer of security for your messaging apps and accounts. This can include methods like authentication apps, physical security keys, or SMS codes, which help prevent unauthorized access even if your password is compromised. By activating MFA, you significantly reduce the risk of your accounts being hacked, providing an essential safeguard against cyber threats.
3. Keep your device and apps updated: Regularly update your operating system and apps to ensure you have the latest security patches.
4. Use end-to-end encrypted messaging apps: Consider using apps with end-to-end encryption for secure communication. This ensures that only you and the intended recipient can read the messages, keeping them safe from hackers or third-party interception. Popular options include Signal, WhatsApp and iMessage, which prioritize privacy and protect sensitive conversations from unauthorized access.
5. Be mindful of public Wi-Fi and use a Virtual Private Network (VPN): Avoid using public Wi-Fi for sensitive communications, as it can be insecure and expose your data to potential eavesdropping or hacking. Consider using a VPN for secure browsing on public networks because it encrypts your internet traffic and masks your IP address, providing a safer experience even on unsecured networks. By using a VPN, you can significantly reduce the risks associated with public Wi-Fi and protect your personal data from unauthorized access. For best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices
6. Delete sensitive messages: Regularly delete sensitive messages to minimize data exposure. This practice helps protect your privacy by ensuring that confidential information isn’t stored indefinitely on your device or in the cloud, where it could potentially be accessed by unauthorized parties. Additionally, consider using messaging apps that offer features like automatic message deletion or self-destructing messages to further enhance your privacy
HOW TO BLOCK A PHONE NUMBER OR TEXT ON YOUR SMARTPHONE
Kurt’s key takeaways
Texting may seem simple, but there’s a lot going on behind the scenes, especially when your messages aren’t sending or show up weird. Understanding the difference between SMS, MMS and RCS can save you from headaches, surprise charges and blurry photos. The good news? A little knowledge goes a long way. Now that you’re in the know, you can text smarter, choose the right carrier and keep your conversations running smoothly, wherever you are.
Do you think mobile carriers should do more to protect you from phishing scams and malicious links sent via SMS and MMS? What specific measures would you like them to implement? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover
Follow Kurt on his social channels
Answers to the most asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
NEWYou can now listen to Fox News articles!
Food delivery platform Grubhub has confirmed a recent data breach after unauthorized actors accessed parts of its internal systems.
The disclosure comes as sources tell BleepingComputer the company is now facing extortion demands linked to stolen data.
In a statement to BleepingComputer, Grubhub said it detected and stopped the activity quickly.
“We’re aware of unauthorized individuals who recently downloaded data from certain Grubhub systems,” the company said. “We quickly investigated, stopped the activity, and are taking steps to further increase our security posture.”
Grubhub added that sensitive information, such as financial details or order history, was not affected. However, the company declined to answer follow-up questions about when the breach occurred, whether customer data was involved or if it is actively being extorted.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
RANSOMWARE ATTACK EXPOSES SOCIAL SECURITY NUMBERS AT MAJOR GAS STATION CHAIN
Grubhub confirmed a data breach after unauthorized actors accessed parts of its internal systems, prompting an investigation and heightened security measures. (Michael Nagle/Bloomberg via Getty Images)
What Grubhub has confirmed so far
While details remain limited, Grubhub confirmed several key points. It has brought in a third-party cybersecurity firm and notified law enforcement. Beyond that, the company has stayed largely silent. That lack of detail has raised concern, especially given Grubhub’s recent security history. Just last month, the company was linked to scam emails sent from its own b.grubhub.com subdomain. Those messages promoted a cryptocurrency scam promising large returns on Bitcoin payments. Grubhub said it contained the incident and blocked further unauthorized emails. It did not clarify whether the two events are related.
Sources link the breach to ShinyHunters extortion
According to multiple sources cited by BleepingComputer, the ShinyHunters hacking group is behind the extortion attempt. The group has not publicly commented on the claims and declined to respond when contacted. Sources say the attackers are demanding a Bitcoin payment to prevent the release of stolen data. That data reportedly includes older Salesforce records from a February 2025 breach and newer Zendesk data taken during the most recent intrusion. Grubhub uses Zendesk to run its online customer support system. That platform handles order issues, account access and billing questions, making it a valuable target for attackers.
How stolen credentials may have enabled the attack
Investigators believe the breach may be tied to credentials stolen during earlier Salesloft Drift attacks. In August 2025, threat actors used stolen OAuth tokens from Salesloft’s Salesforce integration to access sensitive systems over a 10-day period. According to a report from Google Threat Intelligence Group, also known as Mandiant, attackers used that stolen data to launch follow-up attacks across multiple platforms. “GTIG observed UNC6395 targeting sensitive credentials such as AWS access keys, passwords and Snowflake-related access tokens,” Google reported. ShinyHunters previously claimed responsibility for that campaign, stating it stole roughly 1.5 billion records from Salesforce environments tied to hundreds of companies.
Why this breach still matters
Even if payment data and order history were not affected, support systems often contain personal details. Names, email addresses and account notes can be enough to fuel phishing attacks or identity scams. More importantly, this incident highlights how older breaches can continue to cause damage long after the initial attack. Stolen credentials that are never rotated remain a powerful entry point for threat actors.
Ways to stay safe after the Grubhub data breach
If you use Grubhub or any online delivery service, a few smart steps can reduce your risk after a breach.
1) Update your password and stop re-use
Start by changing your Grubhub password right away. Make sure you do not reuse that password anywhere else. Reused passwords give attackers an easy path into other accounts. A password manager can help here. It creates strong, unique logins and stores them securely so you do not have to remember them all.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
ILLINOIS DHS DATA BREACH EXPOSES 700K RESIDENTS’ RECORDS
The food delivery platform says it quickly stopped the intrusion but has not disclosed when the breach occurred or whether customers were targeted. (Leonardo Munoz/VIEWpress)
2) Turn on two-factor authentication
If two-factor authentication (2FA) is available, enable it. This adds a second step when you sign in, such as a code sent to your phone or app. Even if a hacker steals your password, two-factor authentication can stop them from getting in.
3) Watch closely for phishing attempts and use strong antivirus software
Be alert for emails or texts that mention orders, refunds or support issues. Attackers often use stolen support data to make messages feel urgent and real. Do not click links or open attachments unless you are certain they are legitimate. Strong antivirus software can also help block malicious links and downloads before they cause harm.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
4) Remove your data from people-search sites
Consider using a data removal service to reduce your online footprint. These services help remove your personal details from data broker sites that attackers often use to build profiles. Less exposed data means fewer tools for scammers to exploit.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
5) Ignore crypto messages using trusted brands
Be skeptical of any cryptocurrency offers tied to familiar companies. Grubhub was previously linked to scam emails promoting crypto schemes, which shows how often attackers abuse trusted names. Legitimate companies do not promise fast returns or pressure you to act immediately.
6) Monitor your Grubhub account and email activity
Check your Grubhub account for anything that looks unfamiliar. Watch for unexpected password reset emails, order confirmations or support messages you did not request. Attackers often test stolen data quietly before making bigger moves.
7) Secure the email linked to your Grubhub account
Your email account is the key to password resets. Change that password and enable two-factor authentication if it is not already on. If attackers control your email, they can regain access even after you change other passwords.
8) Stay alert for delayed scams tied to the breach
Breach data is often reused weeks or months later. Phishing attempts may appear long after headlines fade. Treat any future messages claiming to reference Grubhub support, refunds or account issues with extra caution.
These steps will not undo a breach, but they can limit how attackers exploit stolen information and reduce your risk going forward.
FIBER BROADBAND GIANT INVESTIGATES BREACH AFFECTING 1M USERS
Sources tell BleepingComputer the Grubhub breach is tied to extortion demands involving allegedly stolen customer support data. (Gabby Jones/Bloomberg via Getty Images)
Kurt’s key takeaways
Grubhub’s confirmation puts an official stamp on what sources have warned about for weeks. While the company says sensitive data was not affected, unanswered questions remain. As extortion-driven breaches rise, transparency and rapid credential rotation matter more than ever. What stands out most is how past compromises continue to create new risks. When access tokens live too long, attackers do not need to break in again. They simply walk back through an open door.
If companies stay quiet after breaches, how can customers know when it is time to protect themselves? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Starting early Sunday morning, TikTok’s now under new ownership US arm started breaking down just a couple of days after Oracle & Co took the reins. Its For You page algorithm is suddenly unreliable, while features like comments are failing to load or loading slowly, and publishing new videos seems nearly impossible for many people.
Rumors of censorship targeting anti-ICE protesting or attempting to block discussion of Jeffrey Epstein appear to be misguided (even the governor of California is resharing misinformation now), with problems blocking traffic to all kinds of videos and messages on the service through Monday night.
Read on below for the latest updates about the ongoing TikTok problems.
NEWYou can now listen to Fox News articles!
Cybersecurity researchers have uncovered a serious threat hiding inside Google Chrome.
Several browser extensions pretend to be helpful tools. In reality, they quietly take over user accounts. These extensions impersonate popular human resources and business platforms such as Workday, NetSuite and SAP SuccessFactors. Once installed, they can steal login data and block security controls designed to protect users.
Many people who installed them had no warning signs that anything was wrong.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
WHY CLICKING THE WRONG COPILOT LINK COULD PUT YOUR DATA AT RISK
Cybersecurity researchers warn that fake Google Chrome extensions are silently hijacking user accounts by stealing login data and bypassing security protections. (Bildquelle/ullstein bild via Getty Images)
The fake Chrome extensions to watch out for
Security researchers from Socket’s Threat Research Team identified five malicious Chrome extensions connected to this campaign. The add-ons were marketed as productivity or security tools, but were designed to hijack accounts.
The extensions include:
- DataByCloud Access
- Tool Access 11
- DataByCloud 1
- DataByCloud 2
- Software Access
We reached out to Google, and a spokesperson told CyberGuy that the extensions are no longer available on the Chrome Web Store. However, some are still available on third-party software download sites, which continues to pose a risk. If you see any of these names installed in your browser, remove them immediately.
Why malicious Chrome extensions look legitimate
These malicious add-ons are designed to look legitimate. They use professional names, polished dashboards and business-focused descriptions. Some claim to offer faster access to workplace tools. Others say they restrict user actions to protect company accounts. Privacy policies often promise that no personal data is collected. For people juggling daily work tasks or managing business accounts, the pitch sounds helpful rather than suspicious.
What these extensions actually do
After installation, the extensions operate silently in the background. They steal session cookies, which are small pieces of data that tell websites you are already logged in. When attackers get these cookies, they can access accounts without a password. At the same time, some extensions block access to security pages. Users may be unable to change passwords, disable accounts or review login history. One extension even allows criminals to insert stolen login sessions into another browser. That lets them sign in instantly as the victim.
Why malicious Chrome extensions are so dangerous
This attack goes beyond stealing credentials. It removes the ability to respond. Security teams may detect unusual activity, but cannot fix it through normal controls. Password changes fail. Account settings disappear. Two-factor authentication tools become unreachable. As a result, attackers can maintain access for long periods without being stopped.
How to check for these extensions on your computer
If you use Google Chrome, review your extensions now. The process only takes a few minutes.
- Open Google Chrome
- Click the three-dot menu in the top right corner
- Select Extensions, then choose Manage Extensions
- Review every extension listed
Look for unfamiliar names, especially those claiming to offer access to HR platforms or business tools.
WEB SKIMMING ATTACKS TARGET MAJOR PAYMENT NETWORKS
Malicious Chrome add-ons disguised as productivity tools targeted users of popular business platforms like Workday, NetSuite and SAP SuccessFactors. (Photo by S3studio/Getty Images)
How to remove suspicious Chrome extensions
If you find one of these extensions, remove it immediately.
- Open Manage Extensions in Chrome
- Find the suspicious extension
- Click Remove
- Confirm when prompted
Restart your browser after removal to ensure the extension is fully disabled. If Chrome sync is enabled, repeat these steps on all synced devices before turning sync back on.
What to do after removing the extension
Removal is only the first step. Change passwords for any accounts accessed while the extension was installed. Use a different browser or device if possible.
A password manager can help you create strong, unique passwords for each account and store them securely. This reduces the risk of reused passwords being exploited again.
Next, see if your email has been exposed in past breaches. Our No. 1 password manager pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.
Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.
Finally, review account activity for unfamiliar logins, locations or devices and be sure to follow the steps below to stay safe moving forward.
Ways to stay safe going forward
Simple habits can significantly reduce your risk.
1) Limit browser extensions
Only install extensions you truly need. The fewer extensions you use, the smaller your attack surface becomes.
2) Be cautious with add-ons
Avoid extensions that promise premium access or special tools for enterprise platforms. Legitimate companies rarely require browser add-ons for account access.
3) Check permissions carefully
Be wary of extensions that request access to cookies, browsing data or account management. These permissions can be abused to hijack sessions.
4) Review extensions regularly
Check your browser every few months and remove tools you no longer use or recognize.
WHATSAPP WEB MALWARE SPREADS BANKING TROJAN AUTOMATICALLY
Several fake browser extensions were removed from the Chrome Web Store after researchers linked them to account takeover attacks. (Photo Illustration by Serene Lee/SOPA Images/LightRocket via Getty Images)
5) Use strong antivirus software
Strong antivirus software can help detect malicious extensions, block suspicious behavior and alert you to browser-based threats before damage occurs.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
6) Consider a data removal service
If your work or personal information has been exposed, a data removal service can help reduce your digital footprint by removing your details from data broker sites. This lowers the risk of follow-up scams or identity misuse.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
7) Avoid third-party download sites
Do not reinstall extensions from third-party websites, even if they claim to offer the same features. These sites often host outdated or malicious versions.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Kurt’s key takeaways
Browser extensions can be useful, but this research shows how easily they can also be abused. These fake Chrome add-ons did not rely on flashy tricks or obvious warnings. They blended in, looked professional and quietly did their damage in the background. The good news is that you do not need to be a tech expert to protect yourself. Taking a few minutes to review your extensions, remove anything unfamiliar and lock down your accounts can make a real difference. Small habits, repeated regularly, go a long way in reducing risk. If there is one takeaway here, it is this: convenience should never come at the cost of security. A clean browser and strong account protections give you back control.
How many browser extensions do you have installed right now that you have never looked at twice? Let us know by writing to us at Cyberguy.com.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join my CYBERGUY.COM newsletter.
Copyright 2026 CyberGuy.com. All rights reserved.
Rep. Ilhan Omar rushed by man on stage and sprayed with liquid at town hall event
Unsealed records in Idaho student murders detail victims’ injuries, final movements
GOP campaign touts MAGA bonafides as critics urge Trump not to endorse in key primary: ‘Keep Iowa red’
Houston school district trying to woo parents while losing students amid school choice competition
College soccer star, girlfriend dead as illegal immigrant’s record ignites lawmaker fury statewide
Florida High School Football Rankings: Top 25 teams – Oct. 21
Cleary's 21 help Le Moyne down Central Connecticut State 69-64 in OT
How old is Bo Nix? What to know about Oregon quarterback ahead of 2024 NFL Draft
99th annual Pony Swim held in Virginia
Indiana Members Credit Union announced as new anchor tenant at Bottleworks District
Rep. Ilhan Omar rushed by man on stage and sprayed with liquid at town hall event
Video: F.A.A. Ignored Safety Concerns Prior to Collision Over Potomac, N.T.S.B. Says
Democrats demand Kristi Noem be fired or warn impeachment will follow
EU Commissioner Virkkunen urges US to respect EU digital rules
Families of killed men file first U.S. federal lawsuit over drug boat strikes
-
Sports1 week agoMiami’s Carson Beck turns heads with stunning admission about attending classes as college athlete
-
Illinois6 days agoIllinois school closings tomorrow: How to check if your school is closed due to extreme cold
-
Pittsburg, PA1 week agoSean McDermott Should Be Steelers Next Head Coach
-
Lifestyle1 week agoNick Fuentes & Andrew Tate Party to Kanye’s Banned ‘Heil Hitler’
-
Pennsylvania2 days agoRare ‘avalanche’ blocks Pennsylvania road during major snowstorm
-
Sports1 week agoMiami star throws punch at Indiana player after national championship loss
-
Cleveland, OH1 week agoNortheast Ohio cities dealing with rock salt shortage during peak of winter season
-
Technology5 days agoRing claims it’s not giving ICE access to its cameras