Microsoft’s changes in response to the Digital Markets Act already included allowing Windows machines in the regions it covers to uninstall Edge and remove Bing results from Windows search, but now the list is growing in some meaningful ways. New features announced Monday for Microsoft Windows users in the European Economic Area (the EU plus Iceland, Liechtenstein, and Norway) include the option to uninstall the Microsoft Store and avoid extra nags or prompts asking them to set Microsoft Edge as the default browser unless they choose to open it.

That last one is one I’d like to have readily available in the United States, and according to Microsoft, it’s already live in the EEA, starting with Edge version 137.0.3296.52 that rolled out on May 29th.

Additionally, setting a different browser, like Chrome, Firefox, Brave, or something else, will pin it to the taskbar unless the user chooses not to. While setting a different browser default already attaches it to a few link and file types like https and .html, now users in the EEA will see it apply to more types like “read,” ftp, and .svg. The default browser changes are live for some users in the beta channel and are set to roll out widely on Windows 10 and Windows 11 in July.

Microsoft also explained that even after removing the Store app from Start and Settings, “Apps installed and distributed from the Microsoft Store will continue to get updates,” and it can always be reinstalled.

Other changes mentioned include automatically enabling third-party apps to add their web search results in Windows Search upon installation, and the option to move search providers around based on user preference. With updates rolling out in “early June,” the Microsoft Bing app, as well as the Widgets Board and Lock Screen, will open web content with the default browser instead.

Given the number of phishing scams we have all faced over the past decade, most of us have developed a basic skill to spot and avoid obvious phishing emails or SMS messages. Cybercriminals are aware of this, and they have evolved their tactics by shifting to more complex and convincing schemes designed to bypass skepticism and lure victims.

Their goal remains the same: to trick you into handing over sensitive information, especially credit card data. One of the latest examples is the rise in subscription scam campaigns. Scammers are creating incredibly convincing websites selling everything from shoes and clothes to electronics, tricking people into signing up for monthly subscriptions and willingly providing their credit card information. Facebook is being used as the primary platform to promote these new and sophisticated scams.

Join the FREE “CyberGuy Report”: Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free “Ultimate Scam Survival Guide” when you sign up!

What you need to know

Bitdefender researchers have uncovered a massive and highly coordinated subscription scam campaign involving more than 200 active websites designed to look like real online stores. These sites, often promoted through Facebook ads, sell everything from clothes and electronics to beauty products, but the real goal is to trick users into signing up for recurring payments, often without realizing it.

One of the most common lures is the “mystery box” scam, where you are promised a surprise package at a bargain price. These offers are made to look fun and harmless, but behind the scenes you are giving away personal and credit card information while unknowingly agreeing to hidden subscription terms, often written in tiny fine print.

The scam doesn’t stop there. Once you’re convinced and reach the checkout page, scammers often layer in a second scam, like loyalty cards or VIP memberships that further lock you into payments. It’s all designed to confuse you, overwhelm you with supposed perks and make the scam feel like a good deal.

Researchers found that many of these websites share a single Cyprus address, possibly tied to offshore entities linked to the Paradise Papers. Despite being spread across different categories and brand names, the sites often use the same layouts, AI agents and payment structures, all pointing to a centralized fraud network.

Scammers frequently rotate the brands they impersonate and have started moving beyond mystery boxes, now peddling low-quality products, counterfeit goods, fake investment schemes, dubious supplements and more. To avoid automatic detection, they employ several tactics. These include running multiple versions of an ad, with only one of which is actually malicious while the others display harmless product images, uploading ad images from platforms like Google Drive so they can be swapped out later and cropping visuals to alter recognizable patterns.

Listing fake products (Bitdefender) (Kurt “CyberGuy” Knutsson)

DOUBLECLICKJACKING HACK TURNS DOUBLE-CLICKS INTO ACCOUNT TAKEOVERS

The scam is expanding

What started with simple “mystery box” scams has grown into a sprawling, coordinated campaign. These scams now feature fake surveys, tiered “VIP” memberships and deceptive credit systems that make the purchase process intentionally confusing. Users are promised deep discounts or access to exclusive deals, but in reality they’re just being locked into recurring payments.

Many of the scam websites trace back to the same physical address in Cyprus, pointing to what appears to be a centralized operation. Researchers also found links to entities mentioned in the Paradise Papers, suggesting these fraudsters are hiding behind offshore infrastructure.

And it’s not just mystery boxes anymore. The same scam format is being used to sell low-quality goods, fake supplements and even bogus investment opportunities. With high-quality site design, aggressive advertising and increasingly sophisticated tactics, subscription scams are becoming the new face of online fraud.

A person shopping online (Kurt “CyberGuy” Knutsson)

RELENTLESS HACKERS ABANDON WINDOWS TO TARGET YOUR APPLE ID

10 proactive measures to take to protect your data

Even as scammers become more sophisticated, there are practical steps you can take right now to protect your personal and financial information from subscription fraud and other online threats. Here are ten proactive measures to help keep your data safe:

1) Always read the fine print: One of the simplest yet most effective ways to protect yourself from subscription scams is to slow down and read the fine print, especially on checkout pages. Scammers often hide recurring payment terms in small or lightly colored text that’s easy to miss. What seems like a one-time purchase could actually sign you up for a biweekly or monthly charge. Taking just a moment to scan for hidden terms before hitting “Pay” can help you avoid weeks of silent billing.

2) Avoid mystery box or VIP-style deals: These offers often prey on curiosity and the promise of surprise or luxury for a low fee. In reality, the “mystery” is the trap: you might receive nothing or a low-quality item while being unknowingly enrolled in a recurring subscription. Scammers use the illusion of exclusivity or urgency to pressure quick decisions.

3) Don’t trust ads blindly on social media: Facebook, Instagram and other platforms are a hotbed for these scams, with criminals running paid ads that mimic well-known brands or influencers. These ads often link to professional-looking but fake storefronts. If you’re interested in a deal you see online, don’t click through immediately. Instead, look up the brand or offer in a separate tab and check if it exists outside social media.

4) Investigate before you buy: Before purchasing from any unfamiliar site, take a few quick steps to verify its legitimacy. Search the brand’s name alongside words like “scam” or “reviews” to see what others have experienced. Look up the company’s physical address and check if it actually exists using tools like Google Maps. Make sure the website uses HTTPS, review the site’s contact information and cross-check reviews on trusted third-party sites like the Better Business Bureau or Consumer Reports.

5) Use strong antivirus software: Adding a strong antivirus program to your devices can provide an extra layer of defense against fraudulent websites and phishing attempts. Strong antivirus software warns you about suspicious links, blocks malicious ads and scans downloads for malware. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

6) Invest in personal data removal services: Scammers often rely on leaked or publicly available personal information to target victims with convincing subscription scams. Investing in a personal data removal service can help minimize your digital footprint by removing your information from data broker databases and reducing the chances of being targeted in future campaigns. Regularly monitoring and cleaning up your online presence makes it harder for fraudsters to exploit your data for financial gain. Check out my top picks for data removal services here.

Get a free scan to find out if your personal information is already out on the web.

7) Be cautious with payment methods: Use secure payment options like credit cards, which often offer better fraud protection than wire transfers, gift cards or cryptocurrency.

8) Limit personal information shared on social media: Scammers often gather details from public profiles to craft convincing scams. Review your privacy settings and only share necessary information.

9) Use strong, unique passwords and enable multifactor authentication: Create strong, unique passwords for each of your online accounts, especially those tied to your finances or shopping. Enable multifactor authentication wherever possible, as this adds an extra layer of security and makes it harder for scammers to access your accounts, even if your password is compromised. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed password managers of 2025 here.

10) Keep your devices and software updated: Regularly update your operating system, browsers and apps. Security updates often patch vulnerabilities that scammers exploit to gain access to your information or install malicious software.

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

Kurt’s key takeaway

While the rise of subscription scams and deceptive ads is concerning, it’s especially troubling that platforms like Facebook continue to allow these fraudulent ads to run unchecked. Facebook has repeatedly failed to adequately vet or prevent these malicious campaigns from reaching vulnerable individuals. The platform’s ad approval system should be more proactive in spotting and blocking ads promoting scams, particularly those that impersonate well-known brands or content creators. 

How do you feel about Facebook’s role in allowing scam ads to circulate? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.

Upcoming horror threequel 28 Years Later is far from the first Hollywood movie to be shot with the help of an iPhone, but it might just be the first shot on 20 iPhones. That’s how many phones director Danny Boyle had mounted on a special rig for select shots in the movie, which releases June 20th.

For Boyle, shooting on iPhones is more than just a gimmick. He returns to the series after directing the 2002 original 28 Days Later, which was shot on a digital video camcorder, a meta nod to the fact that this was how home videos were shot at the time. He and returning cinematographer Anthony Dod Mantle took that as an “influence” in choosing to shoot partially on a phone, the camcorder’s closest modern equivalent.

It was first reported last year that Boyle had shot 28 Years Later on an iPhone 15 Pro Max, but according to IGN the movie actually uses a mix of regular cameras, drones, and iPhones, including three special rigs designed to hold eight, 10, or 20 iPhones at once.

“There is an incredible shot in the second half [of the film] where we use the 20-rig camera, and you’ll know it when you see it,” Boyle told IGN. “It’s quite graphic but it’s a wonderful shot that uses that technique, and in a startling way that kind of kicks you into a new world rather than thinking you’ve seen it before.”

Boyle calls the 20-phone rig “basically a poor man’s bullet time,” explaining that it allowed the crew to shoot some of the film’s more violent scenes in new ways. “It gives you 180 degrees of vision of an action, and in the editing you can select any choice from it, either a conventional one-camera perspective or make your way instantly around reality, time-slicing the subject, jumping forward or backward for emphasis.”

It’s not the film’s only unusual cinematographic choice. It was also shot in an especially wide 2.76:1 aspect ratio, the equivalent of 70mm film, to keep viewers guessing about where the film’s infected could pop up: “If you’re on a widescreen format, they could be anywhere… you have to keep scanning, looking around for them.”