Apple has been using your face data for security for seven years. You likely use your fingerprint to unlock at least a few of your devices. 

Win an iPhone 16 Pro with Apple Intelligence ($999 value). 

No purchase necessary. Enter now!

But have you paid with your palm at Whole Foods yet? Did the TSA scan your face the last time you were at the airport? Using biometric info like your fingerprint and face can save a little time, but a whole lot of potential security risks come along for the ride.

Should you give companies and agencies access to your most personal data? I’ve got the scoop so you can decide for yourself.

10 TECH TIPS AND TRICKS EVERYONE SHOULD KNOW

Catching a flight any time soon?

You’ve probably used the old TSA tech, similar to Apple’s Face ID. They snap a pic and compare it to your ID to confirm it’s really you trying to get through security. Nice to know: They say they delete images of you once you’re through the process.

The TSA’s new Touchless Identity Solution works a little differently. All you do is look at a camera and wait for an agent to give you the green light. Fast and easy! What’s the catch?

In order for this process to work, you’ll need a U.S. passport and TSA PreCheck. You’ll also need to be a member of a participating airline’s loyalty program. When you check in through your airline’s app, you’ll be prompted to opt into a biometrics scan.

THE $40K SCAM THAT ALMOST GOT ME + 3 MORE SPREADING NOW

If you opt in, you’ll allow the TSA to add your photo to a cloud-based verification service. Step up to the camera, and it matches your live image with the stored one. The TSA says both images are deleted within 24 hours of your flight’s departure.

It’s not just the airport. Here are 5 places you’re being recorded in public.

Talk to the hand

Whole Foods uses a process similar to the TSA’s with its palm scan tech. Through the Amazon One app, you can link a credit card to your “palm signature.” Scan your hand in-store, and the data is compared to palm signatures stored in the Amazon cloud. When a match is found, you’re paid up and good to go.

Fingerprinting and similar systems are used practically everywhere now, from security agencies to grocery stores. (Photo by Katherine Frey/The Washington Post via Getty Images)

Now, Amazon says they only save the mathematical data behind your palm signature, not actual photos of your hand. This means a hacker couldn’t use a high-quality pic of your palm to pass as you.

The safety dance

So are these more advanced biometric screenings hacker-proof? It’s unlikely a crook could fool a biometric reading in the airport. Agents would figure it out pretty quickly.

Even at Whole Foods, it’d be tough for someone to use an image of your palm to pay. Their systems also employ something called “liveness detection,” capturing motion, depth and texture, too.

3 SECURITY AND DATA CHECKS YOU SHOULD DO ONCE A YEAR

But remember, as technology advances, so, too, do criminals. AI deepfakes are already much better than they were just a year ago. There could come a day when a deepfake mask could fool facial recognition software, especially when there’s no real person standing there to double-check.

WATCH: Companies are paying for AI avatars in their ads. You have to see this one.

The biggest issue I see

Let’s say we trust government agencies and big companies to store this biometric data. That doesn’t mean they’re immune to data breaches. When you hand over any kind of data, it’s 100% a hacker’s target.

Biometric data isn’t exempt from the prying eyes of the average hacker. (Jakub Porzycki/NurPhoto via Getty Images)

Thinking about opting into one of these services or another like it? Here’s how to protect your biometric data:

• Before you let a company or agency access your biometric data, consider their reputation. The TSA is more reputable than a random shopping app. At the very least, search for the org or company with the term “data breach.”
• Whenever possible, use your biometric data in tandem with a strong password, 2FA or an authenticator app.
• If you have to upload biometric data online, use a VPN to secure your internet connection first — especially if you’re using a public network. This is an extra barrier between you and anyone else lurking there waiting to steal files.

Get tech-smarter on your schedule

Award-winning host Kim Komando is your secret weapon for navigating tech.

Copyright 2025, WestStar Multimedia Entertainment. All rights reserved.

The FBI created a cryptocurrency as part of an investigation into price manipulation in crypto markets, the government revealed on Wednesday. The FBI’s Ethereum-based token, NexFundAI, was created with the help of “cooperating witnesses.”

As a result of the investigation, the Securities and Exchange Commission charged three “market makers” and nine people for allegedly engaging in schemes to boost the prices of certain crypto assets. The Department of Justice charged 18 people and entities for “widespread fraud and manipulation” in crypto markets.

The defendants allegedly made false claims about their tokens and executed so-called “wash trades” to create the impression of an active trading market, prosecutors claim. The three market makers — ZMQuant, CLS Global, and MyTrade — allegedly wash traded or conspired to wash trade on behalf of NexFundAI, an Ethereum-based token they didn’t realize was created by the FBI. 

“What the FBI uncovered in this case is essentially a new twist to old-school financial crime,” Jodi Cohen, the special agent in charge of the FBI’s Boston division, said in a statement. “What we uncovered has resulted in charges against the leadership of four cryptocurrency companies, and four crypto ‘market makers’ and their employees who are accused of spearheading a sophisticated trading scheme that allegedly bilked honest investors out of millions of dollars.”

Liu Zhou, a “market maker” working with MyTrade MM, allegedly told promoters of NexFundAI that MyTrade MM was better than its competitors because they “control the pump and dump” allowing them to “do inside trading easily.”

An FBI spokesperson told CoinDesk that there was limited trading activity on the coin but didn’t share additional information. On a Wednesday press call, Joshua Levy, the acting US attorney for the District of Massachusetts, said trading on the token was disabled, according to CoinDesk.

The DOJ has reportedly secured $25 million from “fraudulent proceeds” that will be returned to investors.

Scammers use every possible method to deceive you, from social engineering through human verification pages to impersonating government agencies. You’d think there would be a limit to their tactics, that certainly they wouldn’t exploit someone’s death to scam those who are grieving. Unfortunately, you’d be wrong. 

A new scam has surfaced in which bad actors claim to offer video streaming of funeral services for the recently deceased. 

Those who follow the links to these streaming services are then prompted to provide their credit card information and asked to sign up for suspicious video streaming websites.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

How does the scam work?

The news of this scam comes from KrebsOnSecurity, who heard from several victims. It typically targets the friends and family of the deceased. Scammers begin by creating a Facebook group for the person who passed away, listing the correct time and date of the funeral service. They then claim that the service can be streamed online by following a link, which leads to a page requesting credit card information.

It’s surprisingly easy to find these fake funeral groups on Facebook. Just searching for keywords like “funeral” and “stream” brings up tons of pages, some for past services, others for upcoming ones.

These groups usually have a photo of the deceased as the profile picture and try to send users to newly created video streaming websites that ask for credit card payments before you can watch. Even worse, some of them ask for donations in the name of the deceased.

Fake funeral streaming scam on Facebook (KrebsOnSecurity)

DON’T FALL FOR THAT ‘LOOK WHO DIED’ FACEBOOK MESSAGE TRAP

But who are these scammers?

The scammers behind these fake streaming links operate primarily from Rajshahi, Bangladesh, under a group called apkdownloadweb. They have registered multiple domains, including livestreamnow.xyz, live24sports.xyz and onlinestreaming.xyz. These websites appear to offer live streams for various events, including funerals and community gatherings, but they are simply traps designed to deceive users.

The individual allegedly associated with apkdownloadweb is Mazidul Islam, who has a background in running an IT blog, per KrebsOnSecurity’s article. His LinkedIn profile reveals this connection. The email linked to their DNS provider is reportedly associated with another individual, Mohammod Mehedi Hasan, suggesting a network of scammers working together.

Scammers exploit social media, creating fake Facebook groups that promote links to their fraudulent streaming sites. They take advantage of genuine community events, misleading people into believing they can watch live streams by clicking on their links.

CLICK HERE FOR MORE US NEWS

Illustration of scam on Facebook (Kurt “CyberGuy” Knutsson)

HOW TO PROTECT YOURSELF FROM SOCIAL MEDIA SCAMMERS

5 ways to protect yourself from Facebook link scams

1. Verify the source before clicking links: Always check the source of any link before clicking. Look for official announcements from event organizers or trusted news sources. If a link appears in a social media post, confirm it by visiting the organization’s official website or social media page. Scammers often use similar-sounding domain names, so double-check for spelling errors or unusual domain endings.

The best way to safeguard yourself from malicious links is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Enable two-factor authentication: Activate two-factor authentication on your online accounts whenever possible. This adds an extra layer of security by requiring not just a password but also a second verification method, such as a text message or an authentication app. Even if scammers manage to get your password, they would need the second factor to access your accounts.

3. Regularly update your passwords: Change your passwords regularly and use strong, unique passwords for each of your accounts. This reduces the risk of multiple accounts being compromised if one password is stolen. Also, consider using a password manager to generate and store complex passwords.

4. Educate yourself about scams: Stay informed about common online scams and how they operate. Awareness is key to prevention. Research how scammers craft their messages and the types of offers that are usually too good to be true. Websites like the Federal Trade Commission provide resources for identifying and reporting scams, and you can always rely on Cyberguy.com.

5. Report suspicious activity: If you encounter a fake streaming link or a suspicious post, report it to the platform where you found it. Most social media sites have mechanisms for reporting scams or fraudulent activity. Reporting helps keep others safe by alerting the platform to potential threats. Additionally, consider sharing your experience with friends and family to help them stay informed and cautious.

GHOST-HACKING: HOW TO PROTECT YOURSELF FROM SCAMS FROM BEYOND THE GRAVE OF THOSE YOU KNEW

Kurt’s key takeaway

Scammers don’t spare anyone, and this Facebook funeral scam should make that clear. They are willing to take advantage of someone’s death and profit from those who are grieving. While this is extremely galling, it serves as a reminder that we can’t let our guard down when navigating through the darkness of the internet. Always watch out for the links you click, even if they seem perfectly safe.

Do you think Facebook does enough to protect its users from cons like funeral scams? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

New from Kurt:

Copyright 2024 CyberGuy.com. All rights reserved.