A list of topics we covered in the week of February 24 to March 2 of 2025

March 3, 2025 - The UK's ICO has started an investgation into how TikTok and other platforms assess age information and compliance with the children’s code for online privacy.

February 27, 2025 - Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers' phone numbers.

February 27, 2025 - While countries and companies are fighting over access to encrypted files and chats, our data privacy may get crushed.

February 26, 2025 - Roblox and Discord are charged with the facilitation of child predators, and misleading parents into believing the platforms are safe to use for their children.

February 26, 2025 - The Android app SafetyCore was silently installed and looks at incoming and outgoing pictures to check their decency.

 A week in security (February 24 &#8211; March 2) 

Malicious Google ads are redirecting PayPal users looking for assistance to fraudulent pay links embedding scammers' phone numbers.

We recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal’s infrastructure in order to trick victims calling for assistance to speak with fraudsters instead.

Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due to their screen size limitation and likelihood of not having security software.

**Overview**

Scammers are creating ads impersonating PayPal from various advertiser accounts that may have been hacked. The ad displays the official website for PayPal, yet is completely fraudulent.

A weakness within Google’s policies for landing pages (also known as final URLs), allows anyone to impersonate popular websites so long as the landing page and display URL (the webpage shown in an ad) share the same domain.

The page victims are directed to has the following format:

paypal.com/ncp/payment/\[unique ID\]

This is PayPal’s “no-code checkout”, a feature for merchants to have a simple and yet secure option to take payments:

> Small businesses that want to accept payments online or in person can set up pay links, buttons, and QR codes to accept payments on the website. You don’t need a developer, coding knowledge, or a website to accept payments

Essentially, crooks are abusing this feature to create a bogus pay link. They can customize the page by creating various fields with text designed to trick users, such as promoting a fraudulent phone number as “PayPal Assistance”.

**Mobile experience**

Phones are the best medium for this type of scams due to the device’s constraints, but more than anything because that’s how victims will get in touch with bogus tech support agents.

In the screenshot below taken on an iPhone, we can see the top sponsored result from a Google search is impersonating PayPal. During our investigation, we often encountered more than one malicious ad, although they redirected to different kinds of pages, not abusing the same scheme.

Due to the reduced screen size, it would require scrolling past the ads and the AI Overview to see organic search results. This is not a coincidence of course, and is why search advertising is worth billions of dollars.

Screen size plays a factor again when users click on the ad and look at the browser’s address bar correctly identifying that the site is “**paypal.com**“. As we saw above, pay links are on the same domain as _paypal.com_, from which they inherit trust.

We did not follow-up with the provided phone number; however we believe it likely ends with victims handing over their personal information to scammers and getting fleeced.

**Conclusion**

Tech support scammers are like vultures circling above the most popular Google search terms, especially when it comes to any kind of online assistance or customer service.

We saw how easy it is to get an ad that mimics an official brand as long as the destination URL is on the same domain as the ad URL. The rest is just a matter of creativity on the part of scammers to forcefully inject their lure as spam, search queries, shopping lists, and more…

Whenever looking up an official phone number or website, it is safer to scroll past the ads and choose a more trusted organic link. There are also security solutions that can block ads and malicious links, such as Malwarebytes for mobile devices.

We have reported this campaign to Google and PayPal, but urge caution as new ads using the same trick are still appearing.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

**Indicators of Compromise**

Archived example:

https://urlscan.io/result/3ea0654e-b446-4947-b926-b549624aa8b0

Malicious pay links:

hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/8X7JHDGLK9Z46  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/7QUEXNXR84X3L  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/BHR4AMJAPWNZW  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/FTJBPVUQFEJM6  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/2X92RZVSG8MUJ  
hxxps\[://\]www\[.\]paypal\[.\]com/ncp/payment/D8X74WYAM3NJJ

Scammers’ phone numbers:

1-802\[-\]309-1950  
1-855\[-\]659-2102  
1-844\[-\]439-5160  
1-800\[-\]782-3849

 PayPal&#8217;s &#8220;no-code checkout&#8221; abused by scammers 

Strong eCommerce customer service builds trust, boosts loyalty, and drives sales. Learn key strategies, best practices, and tools to enhance online support.

Great online customer support starts with the fundamentals that make shoppers feel valued and understood when they can’t see your face or walk into your store. The basics include responding quickly across multiple channels, writing in a friendly human tone (not corporate-speak), and making it super easy for customers to find help when they need it.

Mastering these foundational elements builds trust with online shoppers and sets the stage for turning one-time buyers into loyal repeat customers. According to WOW24-7, an e-commerce customer service outsourcing provider, recent studies highlight the impact of customer service quality on online shopping behaviour. In April 2024, reports indicated that 79% of consumers may choose not to buy from a brand again after a poor post-purchase experience.

****What is eCommerce Customer Service?****

Generally speaking, e-commerce customer service is a special department that helps and supports online businesses as you are shopping online. Think of it as the digital version of that helpful store employee, but instead of being face-to-face, they’re helping you through chat, email, or phone when you have questions about products, shipping issues, returns, or just need advice before buying something.

****Advantages of a Good eCommerce Customer Service****

Good online customer service is a total game-changer! It builds trust (super important when you can’t see products in person), turns angry customers into happy ones (like when your headphones arrived broken and they shipped new ones overnight), and makes people spend more money.

Plus, happy customers tell their friends – “one of our customer’s customers switched to a new skincare brand just because her friend raved about how they helped her find the right products for her skin type.”

****How To Provide a Stellar Customer Service: Tips For Online Support********1\. Prioritize Multiple Communication Channels****

To provide excellent customer service, be available wherever your customers want to reach you. That means providing various channels of support, including social media support. 

Some people hate phone calls but love texting, while others want to shoot a quick email or DM you on Instagram. The best online stores let me choose – like that clothing shop that lets me track my order through text, ask sizing questions on chat, or call them about complicated returns. It shows they respect how you prefer to communicate instead of forcing you to use their one preferred channel.

So, good customer service plays a key role in customer satisfaction, and it should be multichannel customer support. And what about you, how many channels does your brand offer to contact your team?

****2\. Empower Your Team with Knowledge****

Make sure your support team knows your products inside and out – they can’t help customers if they’re clueless themselves. Indeed, the product knowledge is essential. Create a searchable knowledge base where your team can quickly find answers instead of saying “Let me check on that” for every question.

Our customer, a tea company, has weekly “sip and learn” sessions where staff try new products and discuss common questions, which has cut their average response time in half. The ability to deliver almost instant answers to the customers’ questions. That’s what we call a start for the exceptional customer service. 

****3\. Implement a Full Self-Service System****

Give customers ways to help themselves with detailed FAQs, video tutorials, and searchable help centers available 24/7. That is super important for customer retention.

One of our customers, an electronics ecommerce business has this amazing interactive troubleshooting tool that walks you through fixing common issues before the customers even need to contact them. Just make sure to keep these resources updated – nothing’s more frustrating than outdated information that wastes customers’ time.  

****4\. Track Key Metrics and Analyze Performance****

You can’t improve what you don’t measure, so keep tabs on response times, customer satisfaction scores, and first-contact resolution rates. Look for patterns in customer complaints to fix underlying issues – like when that clothing store noticed a spike in size questions and added better measurement guides. Set goals for your customer service team based on these metrics, but don’t obsess over speed at the expense of actually solving problems properly.

Moreover, track and analyze your customer reviews and work with both positive customer reviews and negative ones. Here’s a tip for you: the leading ecommerce platforms also work with the so-called ‘middle customers’ (the ones that are neither positive nor negative. They are the easiest ones to become your true brand enthusiasts. 

****5\. Personalize the Customer Experience****

Use customer purchase history and preferences to make interactions feel special and relevant. One ecommerce brand, a book subscription service, remembers what genres you love and what you have already read, making their recommendations useful.

Simple touches made by your customer service representative like addressing customers by name and referencing their previous orders make people feel valued instead of just another ticket number in the queue. That is crucial if you want to be the brand that comes with the best customer service for ecommerce. 

****6\. Proactively Address Customer Issues****

A great customer service company does not wait for complaints, it reaches out when its support agents know there might be a problem. For instance, a clothing store emails you before you even notice that your package was delayed due to weather, offering options and a small discount or a free trial. 

Therefore, your customer service agent must watch social media mentions of your brand to catch issues before they escalate into full-blown problems. This customer service strategy builds trust and loyalty. 

****7\. Embrace Technology and Automation****

If you want to offer good customer service experiences, use chatbots to handle simple questions and AI to route complex issues to the right specialist. Add the frequently asked questions section to let your customers find all the answers to their questions without waiting for your reply and the personalization to help them if they contact you. 

A simple example: there’s a tech shop that uses automation to send perfectly timed setup guides after purchase, preventing tons of support calls. Just make sure there’s always an easy escape hatch to reach your ecommerce customer service team when the bot can’t help. That’s crucial if you want to deliver an excellent customer service. 

****8\. Offer Easy Returns and Exchanges****

Make returns painless with prepaid labels, clear instructions, and quick processing. Yes, in the world of e-commerce, you have to provide the customer with the possibility to return in a fast, easy and free manner.

Here’s an example. There’s a shoe company that includes a return label right in the box and lets you start the return process with a single text message. And here comes an interesting fact: Good return policies increase sales because people feel safer trying new products. 

****9\. Solicit and Respond to Feedback****

Actively ask customers how they’re doing through quick surveys after purchases or support interactions. Every ecommerce business will benefit from customer service tools or special support software that collects data about the quality of service and customer communications. 

Just a simple case from our experience. There’s a coffee subscription that sends a three-question survey after each delivery, and when somebody mentioned their packaging was excessive in the comments, they changed it within a month. Show customers that the feedback matters by implementing changes and letting them know. There’s a necessity to adapt to the changing world of customer satisfaction. 

****10\. Invest in Ongoing Training and Development****

Keep your ecommerce customer support team sharp with regular product training and customer service skill development. My cousin works at an online beauty store where they spend Friday afternoons practising tough customer scenarios and learning about new product ingredients. Well-trained agents solve problems faster and make customers happier.

****11\. Foster a Culture of Customer-Centricity****

Make customer happiness everyone’s job, not just the support team’s. One of our customers, a small electronics brand, believes that excellent service is critical and so it invites its engineers to join support calls monthly to hear customer struggles firsthand. Then their support system analyses the available customer needs and the online shopping experience and thinks of ways to improve service to customers.

Celebrate team members who go above and beyond for customers, and use customer stories in company meetings to keep their needs front and center.

****An Effective eCommerce Customer Service: Key Takeaways****

Great online customer service is crucial as it talks to your customers directly. It’s all about being focused on customer wants, needs, and expectations. Plus, since great service is important for brand success, multi-channel customer support has become the new normal for companies who want to boost the customer’s lifetime value. Response speed matters hugely, but the quality and personal touch of those responses turn one-time buyers into loyal fans who spread the word.

The best online stores use the right software like Intercom and technology to handle routine stuff while freeing up humans to solve complex problems with empathy and creativity to improve their customer experience. Track what’s working (and what isn’t) through customer feedback and solid metrics, then actually use that info to keep improving. Remember that in the digital world where competitors are just a click away, exceptional service isn’t just nice to have – it’s often your biggest competitive advantage. 

Therefore, these are the eCommerce Customer Service Best Practices that help you improve customer service and provide an amazing customer service experience. Just remember that true customer service means the real care of your customers, not just words.

****Customer Service Channels FAQ********Why is customer service important for e-Commerce businesses?****

It’s your digital storefront’s personality! Without face-to-face interaction, it’s hard to make your customers happy. When one of our customers launched her handmade jewellery store, her amazing response time and personalized packaging notes turned first-time buyers into repeat customers who shared her store all over social media. Plus, in a world where switching to a competitor takes one click, great service is often the only thing keeping customers loyal.

****What are the key challenges of providing online customer support?****

The biggest headache is managing customer expectations for instant 24/7 help when you’re a small team (or solo entrepreneur). Then there’s the challenge of explaining products people can’t touch or try on, handling shipping issues you don’t directly control, and building trust without in-person connections. For instance, a hot sauce company can struggle with international customers who fail to understand the cause of shipping delays until they create a visual tracking system that shows exactly where packages are stuck.

****How can I improve response times for customer inquiries?****

*   Create templates for common questions so you’re not typing the same shipping policy explanation fifty times a day.
*   Set up auto-responses that acknowledge messages immediately even if you’ll answer fully later.
*   Use a smartphone app connected to your help desk so you can quickly answer simple questions while on the go.
*   You can dramatically cut response times by creating a shared Google Doc where all staff will document weird questions and answers for everyone to reference.

****What are the best tools for managing eCommerce customer service?****

For small shops, Zendesk or Freshdesk are solid starting points that won’t break the bank. Gorgias is amazing if you’re on Shopify since it shows order history right alongside customer conversations. Help Scout has a super clean interface that’s easy for non-tech folks. The gaming stores often Intercom so they can chat with the customers right on their website while they are browsing, which saves from abandoning the cart multiple times.

****How can I handle difficult customers effectively?****

First, take a deep breath and remember it’s rarely personal. Listen fully before responding – sometimes people just want to be heard. Offer concrete solutions instead of excuses. Know when to give a little (like a small discount) to solve a bigger problem.

One more tip to keep in mind: if you have a super angry customer about shipping damage, remember that customer service is important and it’s imperative to react instantly. So, immediately send a replacement with a small bonus. That can help you turn your angry customer into the biggest Instagram advocate.

****What role does automation play in e-Commerce customer support?****

Automation handles the repetitive stuff so humans can focus on complex problems. Think automatic order confirmations, shipping updates, and chatbots that answer basic questions like “What’s your return policy?” The smart plant shop I order from automatically emails care instructions based on what I purchased and sends reminders when it’s time to report – this prevents tons of support questions while making me feel taken care of.

****How can live chat improve customer satisfaction?****

Live chat catches customers right when they’re considering a purchase but have questions – like when I was about to abandon a pricey camera purchase until their chat agent explained why it was worth the investment. It feels more immediate than email but less intrusive than phone calls. 

****What are the best practices for handling returns and refunds?****

Make your policy crystal clear and easy to find. Don’t make customers jump through hoops – include return labels in the original package if possible. Process refunds quickly once items are received. Be flexible when it makes sense – that clothing store that gave me store credit past their return window earned way more of my money long-term. The best companies view returns as opportunities to learn product issues and improve, not as losses to minimize.

****How can I measure the success of my ecommerce customer service?****

Track obvious stuff like response time and resolution time, but also watch customer satisfaction scores (quick post-interaction surveys) and Net Promoter Score (would they recommend you?). Look at repeat purchase rates after service interactions – my favourite coffee subscription saw that customers who had a resolved issue spent 20% more in the following six months than those who never had problems. Also, track how many support tickets you get per 100 orders – this should decrease as you improve product descriptions and FAQs.

****What are some common mistakes to avoid in online customer support?****

The biggest fails include: making customers repeat their problem to multiple agents, hiding contact information so people can’t easily reach you, using robotic templated responses without personalizing them, promising unrealistic shipping/delivery times, and not following up after resolving issues. My worst experience was with that electronics store that transferred me three times, made me re-explain my issue each time, then promised to call back and disappeared forever – I’ll never shop there again!

Featured Image via Pixabay

1.  The Basics of Ecommerce Cybersecurity
2.  Enhance customer experiences with Generative AI
3.  How Payment Orchestration Enhances Business Efficiency
4.  Software Support: 7 Essential Reasons You Can’t Overlook
5.  Future of eCommerce: Emerging Tech Shaping Online Retail in 2024

eCommerce Customer Service Tips For Online Support: The Basics

Do you want to have the best communication system at your workplace? Learn how to maximize the benefits…

Do you want to have the best communication system at your workplace? Learn how to maximize the benefits of Slack for business. This guide walks you through setting up your workspace and explores how its features can enhance team collaboration.

****Setting Up Your Slack Workspace****

The initial task to solve your company’s communication problems is to create your own Slack workspace. Start with a company-associated email and organize your workspace. 

The first step is to select a unique and attractive name, suggest the goal and purpose of your workspace, and then refer to your teammates to invite them to the channel. Communicate the objectives and construction of your Slack workspace so that you can promote the team’s organization and alignment of ideas.

After:

*   Next, have a one-off name for your workspace that is very precise.

*   Let your team know that they are welcome to join and include them in the invites.

*   So, begin by using a company-associated email to create a well-organized workspace.

*   Take a moment to clearly define the Slack workspace objective and scope, which will further boost the team members’ communication and collaboration.

After your workspace is set up, be the coordinator of the projects, ensuring that everything is done in detail. Targeted channels ensure that discussions are quick, simple, and well-organised.

Additionally, optimize apps to streamline processes and increase productivity. Implement the conversational ticketing systems to manage tasks efficiently and adapt the workspace to your team’s unique requirements.

****Create Dedicated Channels****

There is nothing more important in Slack than dedicated channels, which are the center and goal of effective communication. These channels allow for the grouping of discussions based on projects, departments, or other topics. 

Certain channels can be tailored to particular projects to bring clarity and eliminate the communication mess. Channels might be public or private, letting you decide who can access particular topics, such as sensitive information, and the discussions.

Setting up customized channels oriented towards particular projects or topics allows team members to communicate with each other in a focused manner, which results in productive conversations. This style is not only a way of information that is concerned with the flow but also diminishes the risk of information overflow.

Dedicated channels guarantee fast and efficient information retrieval for your team.

****Ticketing System for Conversation****

Conversational ticketing within Slack can simply redefine the way in which your business goes about tasks and support requests. According to Suptask, a Slack ticketing system allows users to create tickets and carry out tasks directly inside Slack, streamlining conversations into actionable items, reducing context-switching, and ensuring requests are tracked and resolved efficiently.

*   This tool can receive tickets from every corner of Slack, therefore, tracking them and managing easy. 

*   This leads to the possibility of private tickets, guaranteeing a level of security for sensitive data and collaboration among users to go on a well-resolved journey on the road of tickets.

*   Introduces options like smart and interactive Service Level Agreements (SLA), custom ticket forms, and dashboard analytics with KPI metrics.

*   It offers a range of integrations and the ability to manage tasks in Slack seamlessly. It is a type of helpdesk that uses direct messaging applications such as Slack to provide customer support.

****Integrate Essential Apps****

Integrating essential apps into Slack massively increases team productivity and significantly boosts not only employee engagement but also new skills that each employee acquires. 

Slack provides unlimited app integration options thus companies can choose the tools that fit their preferences.

There are over 2,600 different apps available, and Slack allows you to construct your ones so you can enjoy the functions tailored to your specific demands. As a result of the integrations with tools like 

1.  Trello
2.  Zoom
3.  Dropbox 
4.  Google Drive

App integration brings all the communication and task management to one place, and that is how the workspace is the most optimized. This way, communication is managed and the workflow is improved. Slack’s powerful API is also able to give developers the flexibility to design custom integrations, which means that businesses can customize Slack based on their specific requirements.

****Personalize Workspace****

Personalize your Slack workspace based on the specific needs and preferences of your team. Without any additional fees, users can add a theme to the chatroom, include seasonal emojis, and edit their links so that when opening a discussion, they can be the first to engage with the bot.

For personal notifications, the messages can be made to pop up at the right time that one is working on a specific item in the list of things. These are the tasks that matter.

Introducing a communication timeframe into existing work allows for increased team property effectiveness. The use of custom emojis, themes, and notification settings not only excites the users but also facilitates a smoother and stress-free working environment for the teammates.

****Improved Communication with Slack Features****

Due to Slack’s multitasking features that are all aimed at communication efficiency, Slack can bring people together in a team. 

1.  Specific Slack channels for various projects and teams create a proper internal communication system that helps members stay together.  
    
2.  The concept of threads in individual channels is meant to both clear the main conversation and provide the opportunity for different users to have sub-conversations. A well-organized chat reduces the use of emails and ensures that essential messages are read.  
    
3.  Direct messages on Slack, Slack Huddles, and Slack Connect are the primary communication and collaboration tools that are instant and efficient. 

These applications contribute to streamlining dialogue, regardless of whether it is fast two-person conversations, team meetings, or dealing with external partners. All those features can greatly escalate the communication between the team members.

****Chat Or Private Conversation With The Group****

Direct messages on Slack provide more effective communication as their communication paths are clearer, and the endless threads present in traditional emails are only obstacles. Direct messages are for quick questions and elaborated dialogues, and they allow you the possibility to communicate in real time as well as keep the conversations concise and private. Teams can do the same by setting up group direct messages, through which several participants can hold the conversation aside from the main channels.

Direct messages help avoid the cluttering of public or private channels and thus keep the important chats organized. This not only optimizes the communication but also keeps the direct message workspace structure.

****Slack Huddles and Video meetings****

Slack Huddles are pretty simple immediate video group calls that can be arranged to ensure the efficient flow of vital information, especially when numerous people are working remotely. 

These calls provide the live-audio multimedia element that intensifies the interactive discussion as it lets the group members communicate without being present physically. This tool can be a great asset for companies that use instant communication as their main channel for making important decisions.

Allowing Slack Huddles to become a standard part of your daily schedule will make sure that meetings using audio and video are as smooth as silk – and they are, thus, more likely to be efficient and effective. This tool is indispensable for teams working on different stages, and therefore, it is a must for those who want to solve business problems quickly, it is also needed for those who are adding new members to the team in the early stages of the project.

****Slack Connect****

Slack Connect is a feature of great potential which is deployed (or that can be set up) in the same manner as for businesses who use direct collaboration with other secure accounts. 

It also prevails as an embodiment that has, the advantage, of being based on the premise that it connects different organizations so that they can transmit messages (one-on-one and group direct messages) among them, apart from the fact that in case the number of participating organizations can exceed 250, the topic of inter-organizational communication will be the subject of a prominent content. 

The saving of time and money in centralized communication contributes not only to the efficiency of partnerships but also to the ease of collaboration with outsiders.

Slack Connect is a medium between customers and partners, who communicate frequently with their partners to improve the efficiency of their systems. This means that they can eliminate the difficulties they have using centralized communication and consequently, increase the performance of the overall organization.

****Conclusion****

Slack has a lot to offer with its various tools and features that are used to help the work environment be more efficient and productive. Right from the company to connecting channels, the vital software to be integrated, and the automation system to provide maximum security, Slack is the complete package that a company can use for streamlining.

Implementing my directions and suggestions will allow you to fully use Slack in your business. Enjoy using these functions, which will help you communicate better, manage your tasks more effectively, and, above all, sustain a friendly atmosphere in your team. Utilize Slack to the fullest and see your company rise on the digital world graph.

Image Via Unsplash

How to Use Slack for Business: Workplace Communication

A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question "can hacking be treason?" prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.

A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.

One of several selfies on the Facebook page of Cameron Wagenius.

**Cameron John Wagenius**, 21, was arrested near the Army base in Fort Cavazos, Texas on Dec. 20, and charged with two criminal counts of unlawful transfer of confidential phone records. Wagenius was a communications specialist at a U.S. Army base in South Korea, who secretly went by the nickname **Kiberphant0m** and was part of a trio of criminal hackers that extorted dozens of companies last year over stolen data.

At the end of 2023, malicious hackers learned that many companies had uploaded sensitive customer records to accounts at the cloud data storage service **Snowflake** that were protected with little more than a username and password (no multi-factor authentication needed). After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.

Among those was **AT&T**, which disclosed in July that cybercriminals had stolen personal information and phone and text message records for roughly 110 million people — nearly all of its customers. AT&T reportedly paid a hacker $370,000 to delete stolen phone records. More than 160 other Snowflake customers were relieved of data, including TicketMaster, Lending Tree, Advance Auto Parts and Neiman Marcus.

In several posts to an English-language cybercrime forum in November, Kiberphant0m leaked some of the phone records and threatened to leak them all unless paid a ransom. Prosecutors said that in addition to his public posts on the forum, Wagenius had engaged in multiple direct attempts to extort “Victim-1,” which appears to be a reference to AT&T. The government states that Kiberphant0m privately demanded $500,000 from Victim-1, threatening to release all of the stolen phone records unless he was paid.

On Feb. 19, Wagenius pleaded guilty to two counts of unlawfully transferring confidential phone records, but he did so without the benefit of a plea agreement. In entering the plea, Wagenius’s attorneys had asked the court to allow him to stay with his father pending his sentencing.

But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. According to the government, while Kiberphant0m was extorting AT&T, Wagenius’s searches included:

\-“where can i defect the u.s government military which country will not hand me over”  
\-“U.S. military personnel defecting to Russia”  
\-“Embassy of Russia – Washington, D.C.”

“As discussed in the government’s sealed filing, the government has uncovered evidence suggesting that the charged conduct was only a small part of Wagenius’ malicious activity,” the government memo states. “On top of this, for more than two weeks in November 2024, Wagenius communicated with an email address he believed belonged to Country-1’s military intelligence service in an attempt to sell stolen information. Days after he apparently finished communicating with Country-1’s military intelligence service, Wagenius Googled, ‘can hacking be treason.'”

Prosecutors told the court investigators also found a screenshot on Wagenius’ laptop that suggested he had over 17,000 files that included passports, driver’s licenses, and other identity cards belonging to victims of a breach, and that in one of his online accounts, the government also found a fake identification document that contained his picture.

“Wagenius should also be detained because he presents a serious risk of flight, has the means and intent to flee, and is aware that he will likely face additional charges,” the Seattle prosecutors asserted.

The court filing says Wagenius is presently in the process of being separated from the Army, but the government has not received confirmation that his discharge has been finalized.

“The government’s understanding is that, until his discharge from the Army is finalized (which is expected to happen in early March), he may only be released directly to the Army,” reads a footnote in the memo. “Until that process is completed, Wagenius’ proposed release to his father should be rejected for this additional reason.”

Wagenius’s interest in defecting to another country in order to escape prosecution mirrors that of his alleged co-conspirator, **John Erin Binns**, an 25-year-old elusive American man indicted by the Justice Department for a 2021 breach at T-Mobile that exposed the personal information of at least 76.6 million customers.

Binns has since been charged with the Snowflake hack and subsequent extortion activity. He is currently in custody in a Turkish prison. Sources close to the investigation told KrebsOnSecurity that prior to his arrest by Turkish police, Binns visited the Russian embassy in Turkey to inquire about Russian citizenship.

In late November 2024, Canadian authorities arrested a third alleged member of the extortion conspiracy, 25-year-old **Connor Riley Moucka** of Kitchener, Ontario. The U.S. government has indicted Moucka and Binns, charging them with one count of conspiracy; 10 counts of wire fraud; four counts of computer fraud and abuse; two counts of extortion in relation to computer fraud; and two counts aggravated identity theft.

Less than a month before Wagenius’s arrest, KrebsOnSecurity published a deep dive into Kiberphant0m’s various Telegram and Discord identities over the years, revealing how the owner of the accounts told others they were in the Army and stationed in South Korea.

The maximum penalty Wagenius could face at sentencing includes up to ten years in prison for each count, and fines not to exceed $250,000.

U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”

The Android app SafetyCore was silently installed and looks at incoming and outgoing pictures to check their decency.

Sometimes the updates we install to keep our devices safe do a little bit more than we might suspect at first glance. Take the October 2024 Android Security Bulletin.

It included a new service called Android System SafetyCore. If you can find a mention of that in the security bulletin, you’re a better reader then I am. It wasn’t until a few weeks later, when a Google security blog titled 5 new protections on Google Messages to help keep you safe revealed that one of the new protections was designed to introduce Sensitive Content Warnings for Google Messages.

Sensitive Content Warnings is an optional feature that blurs images that may contain nudity before viewing, and when an image that may contain nudity is about to be sent or forwarded, it will remind users of the risks of sending nude imagery and preventing accidental shares.

**Wait! What?**

Yes, there is now a service on my phone that checks whether your pictures are “decent enough” to send or share? I’m not oblivious to the many users that would be better off with such a service, but I’m not so sure they’d appreciate it.

However, what really concerned me is the fact that Google is looking at my incoming and outgoing pictures. I use end-to-end-encrypted (E2EE) messaging for a reason. The content is for me and the receiver, and no-one else, and that definitely includes Google.

But, again, no mention of SafetyCore in that blog or what will provide the Sensitive Content Warnings feature with the necessary data.

So, you can imagine the surprise and outrage when users found this service which doesn’t show up on the regular list of running applications that has permissions to do almost anything on the device.

And by looking up what this app called SafetyCore was all about, all of the above starts to make sense.

Google PlayStore says:

> “SafetyCore is a Google system service for Android 9+ devices. It provides the underlying technology for features like the upcoming Sensitive Content Warnings feature in Google Messages that helps users protect themselves when receiving potentially unwanted content. While SafetyCore started rolling out last year, the Sensitive Content Warnings feature in Google Messages is a separate, optional feature and will begin its gradual rollout in 2025. The processing for the Sensitive Content Warnings feature is done on-device and all of the images or specific results and warnings are private to the user.”

Google goes on to reassure:

*   The developer says that this app doesn’t collect or share any user data. 
*   The developer says that this app doesn’t share user data with other companies or organizations. 
*   The developer says that this app doesn’t collect user data.
*   The developer has committed to follow the Play Families policy for this app. 

Google promises that it only rates our pictures and does not collect or share them, but this feature has almost Artificial Intelligence (AI) written all over it. As we all know, an AI needs to be trained, and training an AI locally on your phone is hardly an option. I wish it had the necessary power, but it doesn’t.

I for one don’t see how the secretly installed service measures up to what the feature has to offer. But obviously everyone is entitled to their own opinion and the device is yours to do with as you please.

**How to uninstall or disable SafetyCore**

The good people at ZDNet provided instructions on how to get rid of SafetyCore or disable it if you would like to do so.

So, if you wish to uninstall or disable SafetyCore, take these steps:

1.  **Open Settings**: Go to your device’s Settings app
2.  **Access Apps**: Tap on ‘Apps’ or ‘Apps & Notifications’
3.  **Show System Apps**: Select ‘See all apps’ and then tap on the three-dot menu in the top-right corner to choose ‘Show system apps’
4.  **Locate SafetyCore**: Scroll through the list or search for ‘SafetyCore’ to find the app
5.  **Uninstall or Disable**: Tap on Android System SafetyCore, then select ‘Uninstall’ if available. If the uninstall option is grayed out, you may only be able to disable it
6.  **Manage Permissions**: If you choose not to uninstall the service, you can also check and try to revoke any SafetyCore permissions, especially internet access

Note: depending on the software version and manufacturer of your device, these instructions may be slightly off. I personally couldn’t test them because my Samsung has not received the October patch yet due to the patch gaps.

If you’d like to learn more about AI and encrypted messaging, we recommend listening to our podcast The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android happy to check your nudes before you forward them 

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to…

Cybersecurity threats in crypto are rising, from the Bybit hack to fake wallets stealing funds. Learn how to protect your assets with secure wallets and best practices.

Cryptocurrency has revolutionized finance forever, but it has also exposed users to cybercriminals and scams. From large-scale exchange breaches to malicious wallets sneaking into app stores, the risks are growing. If you’re in crypto, securing your assets is no longer optional; it’s a necessity.

****The Bybit Hack: A Wake-Up Call****

Just recently, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a massive security breach. Hackers from the North Korean Lazarus Group managed to steal $1.4 billion in assets, once again proving that even well-established platforms are vulnerable. While Bybit has since taken action to reinforce security, this incident clearly shows why leaving funds on exchanges is a risk.

But, it’s not just ByBit. No exchange is “unhackable”. Even giants like Binance, KuCoin, and Mt. Gox have suffered devastating hacks in the past. These breaches highlight the importance of self-custody; if you don’t control your private keys, you don’t fully own your crypto.

****Malicious Wallets: A Silent but Growing Threat****

While exchange hacks grab headlines, a more stealthy and growing problem is the rise of fake and malicious crypto wallets on iOS and Google Play Store. These malicious apps pose as legitimate wallets but are designed to steal funds the moment users deposit their assets.

Researchers have found a surge in these fraudulent wallets, often disguised as clones of popular apps. They look identical to trusted wallets like MetaMask, Trust Wallet, or Coinbase Wallet, tricking unsuspecting users into transferring their funds straight to hackers.

This issue isn’t just limited to scam wallets, even some browser extensions and fake dApps have been caught injecting malicious scripts to drain wallets. The takeaway? Never download a crypto wallet without verifying its authenticity through the official website or developer page.

****A Booming Crypto Market Means More Targets for Hackers****

According to researchers at Best Wallet, a popular crypto wallet, as of January 2025, approximately 562 million people worldwide own cryptocurrencies, with 28% of adults in the United States, equating to 65 million people, holding crypto.

With such rapid adoption, hackers have more targets than ever. From phishing scams to SIM swap attacks, crypto theft is at an all-time high. If you own crypto, taking cybersecurity seriously is no longer an option, it’s a must.

****How to Protect Your Crypto From Hacks & Scams****

Securing your cryptocurrency is essential in an era of increasing cyber threats. Here are some must-follow security tips to protect your digital assets from hacks and scams.

****1\. Use a Reliable Crypto Wallet****

One of the safest ways to store your crypto is by using a self-custodial wallet. Avoid keeping funds on exchanges, as they are frequent targets for hackers. Instead, opt for hardware wallets like Ledger, Trezor, or Coldcard, which provide offline storage and enhanced security.

If you prefer a mobile or desktop wallet, stick to reputable providers such as MetaMask, Trust Wallet, or Exodus. However, before downloading any wallet, always verify the source; ensure it’s from the official website or developer page to avoid fake apps.

****2\. Enable Multi-Factor Authentication (MFA)****

Adding an extra layer of security with Multi-Factor Authentication (MFA) can protect your exchange and wallet accounts. Use Google Authenticator, YubiKey, or similar tools to prevent unauthorized access.

Avoid using SMS-based 2FA, as it’s vulnerable to SIM swap attacks, where hackers hijack your phone number to gain control of your accounts.

****3\. Beware of Phishing Attacks****

Phishing remains one of the most common tactics used by cybercriminals. Hackers often impersonate wallet providers or exchanges, tricking users into entering their credentials on fake websites or downloading malware-infected software.

To stay safe, always type the official website URL yourself instead of clicking on links sent via email or messages. If an offer or security alert seems suspicious, double-check with the official source before taking any action.

****4\. Keep Private Keys & Seed Phrases Offline****

Your private keys and seed phrases are the most critical elements of your crypto security. Never store them digitally or on cloud storage, as they can be easily compromised. Instead, write them down on paper and keep them in a secure location.

For even greater security, consider using metal backup storage instead of paper. This protects your seed phrase from damage due to fire, water, or physical deterioration.

****5\. Regularly Update Your Security Software****

Keeping your wallet software, antivirus, and operating system updated is crucial for patching security vulnerabilities. Cybercriminals exploit outdated software to gain access to systems, so regular updates help keep your assets safe.

Additionally, consider using privacy tools like VPNs and hardware firewalls to enhance your online security. These tools help protect against tracking, phishing attempts, and potential malware attacks targeting crypto users.

The Bybit hack and the rise of malicious crypto wallets show that crypto security is more critical than ever. If you own crypto, you’re a target, but with the right precautions, you can keep your funds safe.

Remember: Not your keys, not your crypto. Invest in a secure, reliable wallet, stay cautious with online downloads, and always double-check security measures before making transactions.

_**Editor’s Note:** This article is for informational purposes only and does not constitute investment or financial advice. Always do your own research before making financial decisions._

Crypto and Cybersecurity: The Rising Threats and Why Reliable Wallets Matter

The stolen information included listed contacts, call logs, text messages, photos, and the device’s location.

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app— known as “Finance Simplified”—belongs to the SpyLoan family which specializes in predatory lending.

Sometimes malware creators manage to get their apps listed in the official app store. This is a great benefit for them since it lends a sense of legitimacy to the app, and they don’t have to convince users to sideload the app from an unofficial site.

So, it gives them a much larger audience, they can lean on the trust we invest in the official app stores and users don’t have to do anything they might perceive as suspicious.

While Google has enhanced security measures in place—including AI-powered threat detection and real-time scanning— that are designed to detect and block malicious apps more effectively, the cat-and-mouse game between cybercriminals and security measures continues, with each side trying to outsmart the other.

In this case, the loan app evaded detection on Google Play, by loading a WebView to redirect users to an external website from where they could download the app hosted on an Amazon EC2 server.

Predatory lending is any lending practice where the borrower is taken advantage of by the lender. Predatory lenders impose lending terms that are unfair or abusive.

The apps in the SpyLoan family offer attractive loan terms with virtually no background checks. But when the apps are installed, they steal information from the victim’s device that can be used to blackmail the victim. Especially when they miss any payments on the loan.

Among the stolen information are listed contacts, call logs, text messages, photos, and the device’s location.

Although the app has now been removed from Google Play, it may continue to run on affected devices, collecting sensitive information in the background.

The researchers found that the app only targets users in India with the recommended loan applications and the redirect to an external website.

The information stolen from users could well be used for malicious purposes or sold to other cybercriminals.

Losing data related to a financial account can have severe consequences. If you find an app from this family or another information stealer on your device, there are a few guidelines to follow to limit the damage:

*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Consider not storing your card details**. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail 

A new information-stealing malware, ACRStealer, is leveraging legitimate platforms like Google Docs and Steam to carry out its…

A new information-stealing malware, ACRStealer, is leveraging legitimate platforms like Google Docs and Steam to carry out its attacks, according to research from the AhnLab Security Intelligence Center (ASEC). This malware, which initially appeared in mid-2024 as a beta version, has seen a significant increase in distribution since 2025, with February’s volume mirroring January’s and indicating a potential surge.

It is worth noting that, according to Hudson Rock’s report, infostealers have become the biggest threat to critical infrastructure. The report reveals that computers belonging to the US Army, Navy, and even the FBI have been compromised, with stolen data available on the dark web for as little as $10.

In the ongoing campaign, ASEC’s monitoring confirms that ACRStealer is spread through software cracks and key generators, commonly used for software piracy, and the malware is frequently disguised as these illegal programs. 

While Lumma Stealer and Vidar have been dominant infostealers distributed this way, researchers observed that ACRStealer’s presence is growing rapidly. According to their report, the distribution trend of ACRStealer from June 2024 to February 2025 indicates a dramatic rise in 2025.

Platforms used to distribute the infostealer disguised as a crack (Screenshot via AhnLab).

ACRStealer boasts a range of malicious capabilities. It can detect installed antivirus solutions, steal cryptocurrency wallets and login credentials, extract browser data, harvest FTP credentials, and read all text files. This stolen information allows cybercriminals to target financial assets and personal accounts. Stolen credentials grant access to email, social media, and banking services. This data can also be used for identity theft or sold on dark web markets.

A key feature is ACRStealer’s C2 server communication. Instead of embedding the server’s IP, it uses a Dead Drop Resolver (DDR). This method involves the malware contacting a legitimate service, such as Google Docs or Steam, to retrieve the C2 server’s domain. ASEC has identified several platforms used as intermediary C2s, including Steam, telegra.ph, and various forms of Google Docs (Forms and Presentations).

This approach allows attackers to easily change the C2 domain if it is compromised without needing to update the malware itself. They simply modify the information within the intermediary C2. 

The actual C2 domain, retrieved from the intermediary C2, is combined with a hardcoded UUID (Universally Unique Identifier) to create the URL for downloading encrypted configuration data. This data contains crucial information like target programs, additional malware URLs, file extensions, and target extension IDs.

The configuration file specifies a wide range of data to be stolen, including browser data, text files, cryptocurrency wallets, FTP information, chat program information, email client information, remote program information, terminal program information, VPN information, password manager information, database (DB) information, and browser extension plugin information. 

Also, it targets numerous programs, from browsers like Chrome and Firefox to cryptocurrency wallets like Binance and Electrum, chat programs like Telegram and Signal, and various browser plugins. Collected files are often compressed before transmission.   

AhnLab’s research highlights ACRStealer’s adaptable approach, constantly changing platforms and the locations of C2 information within them. It operates as Malware-as-a-Service (MaaS), making infection tracking difficult. 

However, preventative measures can be taken. This involves avoiding websites distributing cracks and key generators, and downloading software only from official sources. Additionally, be cautious with links and attachments in unsolicited communications, enable multi-factor authentication (MFA) for added security, and maintain an active anti-malware solution.

Hackers Use Google Docs and Steam to Spread ACRStealer Infostealer

Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers.
The feature, currently in preview, coexists with the National Institute of Standards and Technology's (NIST) post-quantum cryptography (PQC)

Tag

#google