"Hello pervert" sextortion emails are going through some changes and the price they're demanding has gone up considerably.

Every so often the sextortion emails that start with “Hello pervert” get a redesign.

You may have received one yourself: The emails claim that the sender has been watching your online behavior and caught you red-handed doing activities that you would like to keep private.

The email usually starts with “Hello pervert” and then goes on to claim that you have been watching porn. The sender often says they have footage of what you were watching and what you were doing while watching it.

To stop the sender from spreading the incriminating footage to your email contact list, you are asked to pay them money. The overall tone is threatening, manipulative, and designed to provoke fear and urgency.

We know these emails are a big problem. We see thousands of people visiting our website a week looking to find information on sextortion emails like these. And now we’re seeing a new version with some features we haven’t seen in the past. Interestingly, just as the cost of food, travel, and—well—living has gone up, so has the amount of money that the scammers ask for in the email.

This most recent email we’ve seen also gives away the probable origin of the emails.

With all that we thought it would be interesting to take a closer look.

> “Hello pervert, I’ve sent thіs message from your **Microsoft** account.
> 
> I want to іnform you about a very bad sіtuatіon for you. However, you can benefіt from іt, іf you wіll act wіsely.
> 
> Have you heard of Pegasus? Thіs іs a spyware program that іnstalls on computers and smartphones and allows hackers to monіtor the actіvіty of devіce owners. It provіdes access to your webcam, messengers, emaіls, call records, etc. It works well on Androіd, іOS, macOS and Wіndows. I guess, you already fіgured out where I’m gettіng at.
> 
> It’s been a few months sіnce I іnstalled іt on all your devісes because you were not quіte choosy about what lіnks to clіck on the іnternet. Durіng thіs perіod, I’ve learned about all aspects of your prіvate lіfe, but one іs of specіal sіgnіfіcance to me.
> 
> I’ve recorded many vіdeos of you jerkіng off to hіghly controversіal рorn vіdeos. Gіven that the “questіonable” genre іs almost always the same, I can conclude that you have sіck рerversіon.
> 
> I doubt you’d want your frіends, famіly and co-workers to know about іt. However, I can do іt іn a few clіcks.
> 
> Every number іn your contact Iіst wіll suddenly receіve these vіdeos – on WhatsApp, on Telegram, on Instagram, on Facebook, on emaіl – everywhere. It іs goіng to be a tsunamі that wіll sweep away everythіng іn іts path, and fіrst of all, your former lіfe.
> 
> Don’t thіnk of yourself as an іnnocent vіctіm. No one knows where your рerversіon mіght lead іn the future, so consіder thіs a kіnd of deserved рunіshment to stop you.
> 
> I’m some kіnd of God who sees everythіng. However, don’t panіc. As we know, God іs mercіful and forgіvіng,  and so do I. But my merсy іs not free.
> 
> Transfer **1650$** to my Lіtecoіn (LTC) wallet: **{redacted}**
> 
> Once I receіve confіrmatіon of the transactіon, I wіll рermanently delete all vіdeos compromіsіng you, unіnstall Pegasus from all of your devіces, and dіsappear from your lіfe. You can be sure – my benefіt іs only money. Otherwіse, I wouldn’t be wrіtіng to you, but destroy your lіfe wіthout a word іn a second.
> 
> I’ll be notіfіed when you open my emaіl, and from that moment you have exactly **48 hours** to send the money. If cryptocurrencіes are unchartered waters for you, don’t worry, іt’s very sіmple. Just google “crypto exchange” or “buy Litecoin” and then іt wіll be no harder than buyіng some useless stuff on Amazon.
> 
> I strongly warn you agaіnst the followіng:  
> \* Do not reply to thіs emaіl. I’ve sent іt from your Mіcrosoft account.
> 
> \* Do not contact the polіce. I have access to all your devісes, and as soon as I fіnd out you ran to the cops, vіdeos wіll be publіshed.
> 
> \* Don’t try to reset or destroy your devісes. As I mentіoned above: I’m monіtorіng all your actіvіty, so you eіther agree to my terms or the vіdeos are рublіshed.
> 
> Also, don’t forget that cryptocurrencіes are anonymous, so іt’s іmpossіble to іdentіfy me usіng the provіded address.
> 
> Good luck, my perverted frіend. I hope thіs іs the last tіme we hear from each other.
> 
> And some frіendly advіce: from now on, don’t be so careless about your onlіne securіty.”

**Spoofing your email address**

One clever trick the scammers use is saying they’ve sent the email from your Microsoft account. The sender spoofs your email address, in the hope that it makes you think your device may indeed be compromised.

However, it’s easy for scammers to spoof (use a fake) email address because the email system doesn’t check if the sender is real. That’s why it’s important to be cautious. Even if an email looks like it’s from someone you know, or even yourself, it could be from a scammer.

If you’re technically savvy, taking one look at the authentication results in the email header would reveal that the email failed because the IP address does not match the domain.

However, we can assume that most people receiving the email wouldn’t think to do this, and so the email spoofing might well work to add legitimacy to the email.

**Encoding errors**

Looking at the source of the email, we got a little insight into its origin.

The intro of the email shows the repeated use of “=D1=96” and some other encoding errors. In fact, the whole text is riddled with encoding errors, which typically appear when Cyrillic or other non-Latin characters are misinterpreted as UTF-8 or quoted-printable, or when text is generated or processed by automated systems not properly handling character sets.

The sequence =D1=96 is the quoted-printable encoding for the Unicode character U+0456, which is the Cyrillic letter “i”. This encoding error strongly points towards the writer’s native language being one that uses the Cyrillic script, which is predominantly used in Eastern European and Central Asian countries, with Russian being the most prominent language using it.

These errors also tell us that this scammer doesn’t use the most sophisticated tools. Although the awkward sentence structures and repetitive language are consistent with automated text generation or translation, they are classic signs of a low-effort, high-volume campaign—not the kind where an AI has been used to add personalization or a more natural voice.

**Price hike**

Back in April, the price that scammers were asking victims to pay for being a “pervert” was $1200, and in May it was $1450.

This time we’re asked to pay no less than $1650.

There could be several reasons for this. Maybe the costs of the operation have gone up. Or the scammers feel the value of their threat and its consequences have increased.

Scammers often start with what seems a “reasonable amount” to them and, if successful, incrementally increase it for future victims. This allows them to gauge the maximum amount that people are willing to pay to avoid the threatened consequences.

I’m happy to report that both the mentioned Litecoin wallets are empty. Let’s keep it that way.

**How to spot a sextortion email**

Once you’re aware of them, it’s easy to recognize these emails. Remember that not all of the below characteristics might be included in the email you receive, but all of them are red flags in their own right.

*   They often look as if they were sent from your own email address.
*   The scammer accuses you of inappropriate behavior and claims to have footage of that behavior.
*   In the email the scammer claims to have used Pegasus or some Trojan to spy on you through your own computer.
*   The scammer says they know your password and may even offer one as “proof”. This password is likely to have been stolen in a separate data breach and is unrelated to the sextortion email itself.
*   You are urged to pay up quickly or the so-called footage will be spread to all your contacts. Often you’re only allowed one day to pay.
*   The actual message often arrives as an image or a pdf attachment. Scammers do this to bypass phishing filters.

**How to react to sextortion emails**

First and foremost, never reply to emails of this kind. It may tell the sender that someone is reading the emails sent to that address and so they will repeatedly try other methods to defraud you.

*   Don’t let yourself get rushed into action or decisions. Scammers rely on the fact that you will not take the time to think this through and subsequently make mistakes.
*   Do not open unsolicited attachments. Especially when the sender’s address is suspicious or even your own.
*   If the email includes a password, make sure you are not using it anymore and if you are, change it as soon as possible.
*   If you are having trouble organizing your passwords, have a look at a password manager.
*   For your ease of mind, turn off your webcam or buy a webcam cover so you can cover it when you’re not using the webcam.

Sextortion emails often contain passwords that have been stolen in another data breach and posted online. If you want to find out what personal data of yours has been exposed online, you can use our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and you’ll get a free report.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Sextortion email scammers increase their &#8220;Hello pervert&#8221; money demands 

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns.
The development was first reported by Axios.
The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security.
"The Office of Cybersecurity has deemed WhatsApp a high-risk to users

U.S. House Bans WhatsApp on Official Devices Over Security and Data Protection Issues

Iran is limiting internet connectivity for citizens amid Israeli airstrikes—pushing people towards domestic apps, which may not be secure, and limiting their ability to access vital information.

For years, the Iranian regime has been building the technology and infrastructure needed for it to control, censor, and shut down internet access for more than 80 million Iranians. In 2019, the country shut off internet access as police sought to silence protesters, while in 2022 WhatsApp and Instagram connections were severed following protests after the death of 22-year-old Mahsa Amini in police custody. Each shutdown deprives people of information and has huge economic costs. Now as the conflict between Israel and Iran approaches the end of its first week, internet connections within Iran have been restricted again, limiting people’s access to information and stopping them connecting with loved ones who may be in peril.

Hours after Israel’s Air Force bombed targets in Iran on June 13, escalating the shadow conflict between the two countries, the first reports of self-imposed internet disruptions inside Iran emerged. Iran’s Ministry of Communication, according to semi-official state news agency Tasnim, said “temporary restrictions” had been imposed due to the “special conditions” the country was facing. Since then, Israel and Iran have traded fire, continually raising the stakes in the conflict. US president Donald Trump has indicated, but not confirmed, that the United States could support further Israeli efforts to destroy Iranian nuclear facilities.

Internet connectivity in Iran saw a 54 percent drop on June 13, says Doug Madory, director of internet analysis at monitoring firm Kentik. Then, days later on June 17, there was an additional 49 percent drop from the already lower level of connectivity. After internet connections were briefly restored back to where they were earlier on Tuesday, it dropped again on Wednesday by another 90 percent, Madory says. “Numerous Iranian service providers \[are\] now offline in second national Internet blackout in as many days,” Madory posted on BlueSky on Wednesday. Multiple internet companies in Iran have been impacted by the restrictions, including cell providers.

“Things went to overdrive since yesterday,” says a researcher with internet freedom effort Project Ainita, who asked not to be named for safety reasons. “For a second day in a row, they have cut international connectivity, and this time it's even more severe than yesterday, affecting all domestic news sites as well.” Other internet monitoring efforts such as Cloudflare Radar and Netblocks have also observed the multiple internet shutdowns in recent days, with Netblocks calling the most recent a “near-total” blackout. Iranian news agency Khabar posted on its Telegram channel that international internet access in the country had been “temporarily restricted to prevent enemy abuse,” citing the Ministry of Communications.

Iran has reportedly also told officials to stop using internet-connected devices and claimed citizens should delete WhatsApp, which has previously introduced ways to circumvent censorship. Government officials have also said the shutdowns are to try to prevent potential cyberattacks. However, the widespread measures to control and restrict connectivity have left people in Iran struggling to communicate and find out vital information about the state of the conflict. The shutdowns come at a time when Trump has said the almost 10 million people living in the Iranian capital, Tehran, should “immediately evacuate” the area.

“This extensive censorship and internet disruption primarily serve the regime’s goal of maintaining control, especially over information,” says Mahsa Alimardani, a digital rights analyst of Iranian origin and the associate director of technology, threats, and opportunities at international human rights nonprofit Witness. “These internet blocks are jeopardizing people’s safety mainly in Tehran.”

Alimardani says that it appears mobile data services are patchy, and for many people virtual private networks, which can be used to avoid censorship, have stopped working. This means it has been difficult to reach people in the country and potentially for information to get out, Alimardani says. “Some family that left Tehran today were offline and disconnected from the internet and finally found some connectivity when they were 200 kilometers outside of Tehran in another province,” Alimardani explains. “My connections are primarily with people using home broadband Wi-Fi, but even that has been unstable.”

Over the last decade, countries have increasingly taken the draconian step of fully or partially shutting down internet connectivity for citizens in times of perceived crisis. There were 296 shutdowns last year, according to Access Now, an internet rights nonprofit that tracks the actions—the highest number of any on record. Shutdowns are often linked to repressive governments trying to restrict protests that could damage them, to limit people’s ability to gather and communicate freely, as part of conflicts, and even to try and stop cheating in exams.

“The internet is a lifeline, we have seen this in many places under conflict,” says Hanna Kreitem, director of internet technology and development at the Internet Society, which has been tracking the blackouts in Iran. Kreitem says that when the connectivity in Iran first started to drop on June 13, he heard from people with relatives in Iran that their services had significantly slowed down. “People under fire use it to get news, request help, learn of safer areas, and communicate with loved ones. And for people outside to learn about what is going on and know about their loved ones.”

To limit connectivity, countries use multiple different technical approaches. Iran has been developing its own internet alternative, an intranet system called the National Information Network, known as the NIN, for years. The NIN, according to analysis by Freedom House, allows “tiers” of internet access and lets the government censor content and push people towards home-grown Iran apps, such as alternatives messaging apps, that may have “weak privacy and security features.” (Freedom House rates Iran as “not free” in its most recent measures of internet freedom, highlighting persistent shutdowns, increasing costs, and efforts to push people to the domestic internet.)

Amir Rashidi, the director of digital rights and security at the Iran-focused human rights organization Miaan Group, says that amid the recent shutdowns, there have been increased efforts to push people towards Iranian apps. “In a climate of fear, where people are simply trying to stay connected with loved ones, many are turning to these insecure platforms out of desperation,” he posted online, telling WIRED that a messaging app called Bale appears to be getting attention. “Since they are hosted on NIN, they will work even during shutdown,” he says.

Iran is not the first country to restrict people’s access to the internet—and uncensored information—with the potential justification of protecting cybersecurity or security more broadly, says Lukasz Olejnik, an independent consultant and visiting senior research fellow at the Kings’ College London’s Department of War Studies. As global internet shutdowns have soared over the last decade, Olejnik says, officials in Myanmar, India, Russia, and Belarus have all cited security reasons for implementing blackouts.

“Internet shutdowns are largely ineffective against real-world state-level cyberattacks,” Olejnik says. He explains that military and critical infrastructure systems, like energy networks or transport systems, will typically operate on separate networks and not be accessible from the open internet. “Professional cyber operations could use other means of access, albeit it could indeed make it difficult to command and control some of the deployed malware (if this was the case),” Olejnik says. “What it would block primarily would be access to information for the society.”

Witness’ Alimardani says the technical details supporting any claims that the internet restrictions are meant to protect cybersecurity are “unclear,” and ultimately, the goal of these efforts may be to control people within Iran. “The official narrative from state news channels portrays a strong war against Israel and a path to victory,” Alimardani says. “Free and open access to media would undermine this narrative, and at worst, could incite Iranians to revolt, further eroding the regime's power.”

Iran’s Internet Blackout Adds New Dangers for Civilians Amid Israeli Bombings

Several Instagram ads have been found impersonating banks, including the usage of deepfake videos to defraud consumers.

Ads on Instagram—including deepfake videos—are impersonating trusted financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) in order to scam people, according to BleepingComputer.

There are some variations in how the scammers approach this. Some use Artificial Intelligence (AI) to create deepfake videos aimed at gathering personal information, while others link to typosquatted domains that not just look the same but also have very similar domain names as the impersonated bank.

BleepingComputer shows an example of an advertisement, which claims to be from “Eq Marketing” and closely mimics EQ Bank’s branding and color scheme, while promising a rather optimistic interest yield of “4.5%”.

_Image courtesy of BleepingComputer_

In this example, using the “Yes, continue with my account” button presents the user with a fraudulent “EQ Bank” login screen, prompting the visitor to provide their banking credentials. From there, it’s likely the scammers will empty the bank account and move on to their next victim.

Another fraudulent ad impersonates BMO bank’s Chief Investment Strategist and leader of the Investment Strategy Group Brian Belski. This may lead people to believe they are getting valuable financial advice, for example by luring them to a “private WhatsApp investment group”.

Impersonations of bank employees and authorities are increasing and can often sound very convincing. These scammers demand immediate payment or action to avoid further impacts, which can dupe individuals into inadvertently sending money to a fraudulent account.

It’s not just Instagram where WhatsApp investment groups are used as a lure by scammers. On X we see invites like these several times a week.

**Recommendations to stay safe**

As cyberthreats and financial scams become more sophisticated, it is increasingly difficult for individuals to determine if a request coming via social media, email, text, phone call or even video call is authentic.

By staying alert and proactive, you can outsmart even the most convincing deepfake scams. Remember, a healthy dose of skepticism is your best companion in the digital age.

*   **Verify before you trust:** Always double-check the legitimacy of any ad or message claiming to be from your bank. Visit your bank’s official website or contact them directly using verified contact details before taking any action.
*   **Doublecheck the advertiser account:** BleepingComputer found that the advertiser accounts running the fake ads on Instagram only had pages on Facebook, not on Instagram itself.
*   **Look for red flags:** Be wary of ads that create a sense of urgency, promise unrealistic rewards, or ask for sensitive information like passwords or PINs. Authentic banks will never request such details through social media or ads.
*   **Scrutinize visuals and language:** Deepfakes can be convincing, but subtle inconsistencies in video quality, unnatural facial movements, or awkward phrasing can be giveaways. Trust your instincts if something feels off.
*   **Enable Multi-Factor Authentication (MFA) :** Strengthen your account security by enabling two-factor authentication on your banking and social media accounts. This adds an extra layer of protection even if your credentials are compromised.
*   **Report suspicious content:** If you encounter a suspicious ad or message, report it to Instagram and notify your bank immediately. Your vigilance can help prevent others from falling victim.
*   **Use web protection:** This can range from programs that block known malicious sites, to browser extensions that can detect skimmers, to sophisticated assistants that you can ask if something is a scam.
*   **Stay informed:** Keep up to date with the latest scam tactics and security advice from your bank and reputable cybersecurity sources. Awareness is your best defense.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 Fake bank ads on Instagram scam victims out of money 

These five communication channels are favored by scammers to try and trick victims at least once a week—if not more.

Scammers love your smartphone.

They can text you fraudulent tracking links for packages you never bought. They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even trick you into visiting malicious versions of legitimate websites.

But, according to new research from Malwarebytes, while scammers can reach people through just about any modern method of communication, they have at least five favored tracts for finding new victims—emails, phone calls and voicemails, malicious websites, social media platforms, and text messages. It’s here that people are most likely to find phishing attempts, romance scams, sextortion threats, and more, and it’s here that everyday people should stay most cautious when receiving messages from unknown senders or in responding to allegedly urgent requests for money or information.

For this research, Malwarebytes surveyed 1,300 people over the age of 18 in the US, UK, Austria, Germany, and Switzerland, asking about the frequency, type, impact, and consequences of any scams they found on their smartphones. Capturing just how aggravating today’s online world is, a full 78% of people said they encountered or received a scam on their smartphone at least once a week.

Here are the top five places that people actually encountered those weekly scams:

*   65% of people encountered a scam at least once a week through their **email**
*   53% encountered a scam at least once a week through **phone calls and voicemails**
*   50% encountered a scam at least once a week through **text messages (SMS)**
*   49% encountered a scam at least once a week through **malicious websites**
*   47% encountered a scam at least once a week through **social media platforms**

Unfortunately, scam prevention cannot fixate on only these five channels, as scammers change their tactics based on how they’re trying to trick their victims. For instance, though people were least likely to encounter a scam once a week through a buying or selling platform like Facebook Marketplace or Craigslist (36%), such platforms were of course the most likely place for scam _victims_ to have their credit card details and passwords stolen by a scammer masquerading as a legitimate business.

The noise from such daily strife has become deeply confusing, as just 15% of people strongly agreed that they could confidently identify a scam on their phone.

****Daily dilemma****

While 78% of people encountered a scam on their smartphone at least once a week, a shocking 44% of people encountered a scam at least _daily_. Similar to the weekly breakdown, here are the top five ways that people encountered scams once a day:

*   34% of people encountered a scam at least once a day through their **email**
*   25% encountered a scam at least once a day through **malicious websites**
*   24% encountered a scam at least once a day through **phone calls and voicemails**
*   24% encountered a scam at least once a day through **social media platforms**
*   22% encountered a scam at least once a day through **text messages (SMS)**

This list encompasses so much of any person’s daily use of their smartphone. They use it to check emails, browse the internet, make phone calls, scroll through social media, and text family and friends. And yet, it is in these exact places that people have come to expect getting scammed. As if the 44% of people who encounter a daily scam wasn’t depressing enough, there are 28% of people who said they encounter scams “multiple times a day.”

But the frequency of scams can only reveal so much. How, exactly, are scammers trying to trick their targets?

****Social engineering and extortion****

Scams are so difficult to analyze because they vary both in their delivery method and their method of deceit. A message that tries to trick a person into clicking a package tracking link is a simple act of social engineering—relying on false urgency or faked identity to fool a victim. But that message itself can come through a text message or an email, and it can direct a person to a malicious website on the internet. A romance scam, similarly, can start on a social media platform but can move into a messaging service like WhatsApp. And sometimes, a threat to release private information—which can be categorized as “extortion”—can happen through a phone call, a text message, or any combination of other communication channels.

This is why, to understand how people were being harmed by scams, Malwarebytes asked respondents about roughly 20 types of cybercrime that they could encounter and experience.

Broadly, Malwarebytes found that 74% of people had “encountered” or come across a social engineering scam, and that 36% fell victim to such scams. These were the most common social engineering scams that people encountered and that they experienced:

*   **Phishing/smishing/vishing**: 53% encountered and 19% experienced
*   **USPS/FedEx/postal scams**: 42% encountered and 12% experienced
*   **Impersonation scams**: 35% encountered and 10% experienced
*   **Marketplace or business scams**: 33% encountered and 10% experienced
*   **Romance scams**: 33% encountered and 10% experienced

For respondents who experienced any type of scam—making them scam victims—Malwarebytes also asked where they had found or encountered that scam. Here, the results show a far more intimate picture of where scams are most likely to harm the public.

For instance, 26% of charity scam victims were originally tricked on social media platforms. 37% of postal notification scam victims were first reached, predictably, through SMS/text messages. And, interestingly, despite how frequently cryptocurrency scams spread through social media, the most likely place for such a scam victim to be contacted was through email (30% for email vs. 13% for social media).

In its research, Malwarebytes also discovered that 17% of people have fallen victim to extortion scams, which includes ransomware scares, virtual kidnapping schemes, and threats to release sexually explicit photos (sextortion) or deepfake images.

Here, scam victims again shared where these scams arrived. The most popular channels for deepfake scammers to victimize people were social media platforms and emails—both at 17%. For sextortion scam victims, the most popular channel was email, at 35%. And 24% of virtual kidnapping scam victims said they were contacted through text messages, making it the most popular way to deliver such a threat.

These numbers may look depressing, but they should instead educate. No, there is no such thing as a perfectly safe communication channel today. But that doesn’t mean there isn’t help.

**Check if something is a scam**

Malwarebytes Scam Guard is a free, AI-powered digital safety companion that reviews any concerning text, email, phone number, link, image, or online message and provides on the spot guidance to help users avert and report scams. Just share a screenshot of any questionable message—like that strange email demanding a password reset or that alarming text flagging a traffic penalty—and Scam Guard will guide you to safety.

 5 riskiest places to get scammed online 

WhatsApp has announced it will start showing its users targeted ads. Will this be yet another Meta "Pay or OK" choice?

WhatsApp has announced that it will start to show you targeted ads on the app. The ads, it says, will appear under the **Updates** tab.

WhatsApp launched the Updates tab a year ago, and now 1.5 billion people visit it every day. Updates has historically been a place for users to follow news and updates from their favorite companies, news organizations and celebrities. 

This is different to the **Chats** tab where users send and receive messages. Chats remain end-to-end encrypted and, according to Meta’s vice president for product management Nikila Srinivasan, will not display ads.

To determine your interests for ad purposes, WhatsApp says:

> “We’ll use limited info like your country or city, language, the Channels you’re following, and how you interact with the ads you see. For people that have chosen to add WhatsApp to Accounts Center, we’ll also use your ad preferences and info from across your Meta accounts.”

That means that anyone who has linked their Facebook or Instagram accounts with their WhatsApp account will now have that data used for ad targeting. This cross-platform integration feels like a significant invasion of privacy, especially for users who expected WhatsApp to remain more private than Facebook or Instagram.

The European privacy group NOYB (None Of Your Business) has already voiced concerns, warning that WhatsApp may soon adopt the same “Pay or OK” model as Facebook and Instagram to obtain the user consent that’s required under EU law.

With Meta’s “Pay or OK” system, users face a choice between two options nobody asked for: either pay a monthly subscription fee to avoid targeted ads and tracking, or accept extensive data collection and personalized advertising in exchange for free access. If you don’t want your data tracked, you must pay. If you don’t pay, you must accept tracking and profiling for ads.

Meta introduced this model in response to strict privacy regulations in Europe, especially the General Data Protection Regulation (GDPR), which requires companies to get clear, “freely given” consent from users before using their data for personalized ads.

In the past, Meta has argued that it had obtained a ruling of the Court of Justice of the European Union (CJEU) that accepted the subscription model as a valid form of consent for an ads funded service.

Meta also said its pricing was in line with those of ad-free services such as YouTube Premium and Spotify Premium. However, it conveniently forgot to consider that ad-free services are not the same as those that gather data about you and sell them to the highest bidder to create personalized ads.

WhatsApp built its reputation on privacy, with end-to-end encryption and minimal data collection. And, as privacy advocates feared, bringing it into the Meta “family” moved the platform away from its privacy-first roots.

Even if WhatsApp says it won’t read your messages, it can still use your usage patterns, contacts, and other metadata to build detailed profiles for advertisers. This increases the risk of data leaks, misuse, or surveillance.

**What can users do?**

A while back I asked whether it was a good idea to move from WhatsApp to Signal. With this new development, the question may be worth reconsidering.

If you’re on iOS 18, you can now allow WhatsApp to access only selected contacts instead of your entire address book. This reduces the amount of data WhatsApp can collect about your network.

On Android, you can technically use WhatsApp without granting access to your contacts, but you’ll need to manually start chats using wa.me links. Or, for convenience, you can use a third-party app that does the work for you.

WhatsApp frequently adds or changes privacy options, so revisit your settings periodically to maintain control.

If you can, disassociate your WhatsApp account from other Meta accounts you may have. Don’t use the same email address, handle, etc. You can remove your WhatsApp account from the Meta Accounts Center, but it is unclear whether Meta will “remember” the link if it once existed.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

 WhatsApp to start targeting you with ads 

Cybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results…

Cybersecurity researchers at Netcraft have discovered a series of new SEO poisoning related attacks exploiting Google’s search results to spread malicious content and other scams. According to researchers, an “organized” network of attackers is using compromised websites to boost the visibility of malicious content in search rankings.

Behind this operation is Hacklink, a black market platform that allows scammers to inject links to phishing pages and fraudulent services into unsuspecting websites, with search engines doing the rest.

****Hijacked Sites, Invisible Links, Manipulated Results****

Instead of defacing websites or stealing data, attackers using Hacklink insert invisible code into the source of compromised sites. These links are designed to match keywords searched by users, especially in the gambling, pharmaceutical, and adult content sectors. When someone searches for a related term, the attacker’s sites show up high in the results, often outranking legitimate businesses.

The content is prepared to be hidden from everyday users but fully visible to search engine crawlers. By doing this, the attacker piggybacks on the reputation of the compromised site, especially those ending in .gov, .edu, or popular country code domains. This tactic tricks search algorithms into treating scam sites as credible, giving them an increase in visibility.

****Hacklink: SEO Fraud as a Service****

Hacklink is an online shop for scammers. Attackers can browse a list of already-compromised domains, select keywords and target URLs, and pay to have their content injected.

According to Netcraft’s report shared with Hackread.com ahead of publishing on Tuesday, prices vary, but listings often start around $1, with premium domains costing more. All of this is done through a web-based control panel, making large-scale manipulation of search rankings accessible to anyone with money and malicious intentions.

In many cases, the website owner remains unaware. Their site looks and functions normally, even as it silently boosts fraudulent sites selling fake products, redirecting to phishing pages, or spreading malware.

Hacklink Market’s website (Screenshot: Hackread.com)

****Targeting Online Gambling in Turkey****

Netcraft’s report also notes an increase in attacks targeting the online gambling sector in Turkey. Groups like “Neon SEO Academy” and “SEOLink” are offering services to manipulate search rankings for gambling-related keywords. These operators claim access to over 15,000 compromised websites and actively market their offerings through platforms like Telegram and WhatsApp.

These groups offer much more than link injection. Some provide access to admin panels of vulnerable sites, allowing more extensive and long-term control. Others use private blog networks to further boost the legitimacy of malicious links, an approach that mixes pushy SEO tactics with questionable ethics.

****Real-Time Ranking Manipulation****

Researchers also noted that attackers are able to dynamically change the text that appears in search results by adjusting anchor text across their link network. This means they can remotely influence how a compromised site appears in Google’s results, even without full control of that site.

In more advanced setups, this method can even take search users to phishing pages or cloned versions of real websites. Users who think they’re visiting a trusted service may be entering passwords or payment information into a trap.

Screenshot shows the compromised website of the LifeBridge Christian Church – Colorado, United States

While online gambling is the most visible victim today, this method could be applied to almost any industry that relies on search engine visibility, including banking, healthcare, crypto trading, and charitable fundraising. The tactic targets both user trust and brand integrity, making it difficult for victims to even detect the problem.

****What To Do?****

Organizations should security admin panels, apply patches, and monitor file changes regularly. But awareness is just as important. SEO poisoning isn’t just a search engine problem, it’s a growing part of the cybercrime economy.

Site owners should review how their domains appear in search results, audit for unauthorized outbound links, and monitor their domain’s reputation. If suspicious links are detected, use disavow tools and report abuse to search engines promptly.

For users, verify URLs carefully, especially when dealing with financial transactions or personal information. And when in doubt, go directly to a known domain rather than trusting search engine links alone.

And most importantly, follow Hackread.com for more cybersecurity-related news and security tips!

Hacklink Market Linked to SEO Poisoning Attacks in Google Results

Meta Platforms on Monday announced that it's bringing advertising to WhatsApp, but emphasized that the ads are "built with privacy in mind."
The ads are expected to be displayed on the Updates tab through its Stories-like Status feature, which allows ephemeral sharing of photos, videos, voice notes, and text for 24 hours. These efforts are "rolling out gradually," per the company.
The media

Meta Starts Showing Ads on WhatsApp After 6-Year Delay From 2018 Announcement

The White House has undertaken initiatives to crack down on immigration, suppress speech, and curtail US public health efforts. These online tools are tracking the rapidly changing US landscape.

In just a few months, Donald Trump’s second presidential term has drastically reshaped the United States federal government and moved to consolidate the power of the executive branch. At the behest of the president, numerous federal agencies have undertaken aggressive, invasive initiatives to crack down on immigration, police speech, investigate political opponents, curtail US public health efforts and emergency preparedness, and more.

With so much happening at once, numerous organizations and individuals have launched databases, interactive maps, and other trackers to catalog these government actions and their impacts on people’s civil rights across the US. Using open source intelligence, public data, news coverage, and other research, these tools are vital resources for documenting, contextualizing, and analyzing the flood of federal activity that is fundamentally reshaping the US. Here are a few prominent examples.

**The Impact Map**

**by The Impact Project, Americans for Public Service**

This interactive map tracks changes to US federal government funding, workforce, and policy across the country, documenting things like mass worker firings, hiring freezes, funding cuts, and lease terminations. The tool also shows places where funding has subsequently been unfrozen, federal workers have been rehired or may be, or the federal government has added a new service or benefit.

The map includes notations to specifically document impacts in rural US counties, areas in which the population is majority non-white, places where 20 percent or more of the population live below the poverty line, and indigenous lands. It also catalogs responses to these initiatives, including legal actions as well as local and state responses to funding cuts.

**United States Disappeared Tracker**

**by Danielle Harlow, data analyst**

This dashboard tallies the number of people impacted by the Trump administration’s mass deportations carried out by US Immigration and Customs Enforcement (ICE). The number is already over 4,000. The tool also monitors the status of each individual to the degree that information is available, noting their names, original country of origin, and where they are being detained, when available.

The tracker crucially follows each individual’s status, noting whether they are in ICE custody, have been released temporarily or permanently, have been deported, have “self-deported,” or have died in ICE custody. The tool also lists how many days their ordeal has continued.

**ICE Flight Tracking**

**by Tom Cartwright, immigration rights advocate**

Tom Cartwright is a retired JP Morgan executive who uses flight monitoring data from around the country to track ICE Air deportation flights, return flights, and flights within the US. He posts regular, specific updates on his Bluesky social media page and produces monthly reports for the immigration rights group Witness at the Border about ICE Air flights and tallies. In the past 12 months, Cartwright has collected data on roughly 8,000 ICE Air flights, including 824 in April. More than 1,500 of that 12-month total were “removal flights,” while about 1,400 were “removal return” flights. The other roughly 5,000 trips were “ICE Air domestic flights” within the US.

**Regulatory Changes Tracker**

**by The Brookings Institution**

The think tank Brookings has built a database cataloging significant regulatory changes implemented since the start of the second Trump administration. It includes new executive orders and regulatory freezes as well as Trump administration changes to executive orders that were issued by past administrations. For example, the White House rescinded a 2022 Biden executive order aimed at lowering the cost of prescription drugs and another from that year calling for research into cryptocurrency regulation.

**Trump Administration Litigation Trackers**

**by Just Security and Lawfare**

The law and policy publications Just Security and Lawfare each offer databases that track lawsuits challenging Trump administration initiatives. The tools include case names, docket numbers, and jurisdictions, as well as the executive action being challenged and the status of the litigation. In most cases, the Trump administration has pursued its agenda without congressional oversight or corresponding legislation, and a number of Trump administration efforts that have been challenged in court thus far have either been paused or permanently blocked from continuing.

**Far Right Groups Targeting Pride Month**

**by Teddy Wilson, Radical Reports**

Anti-LGBTQ+ groups, including fundamentalist Christian nationalists and white supremacist extremist groups, have targeted Pride Month events previously and are expected to again this June, particularly given the Trump administration’s violent rhetoric and executive actions related to trans rights. This map is tracking Pride Month events around the country and indications that radical opposition groups plan to target the gatherings.

6 Tools for Tracking the Trump Administration’s Attacks on Civil Liberties

Users of the Meta AI seem to be sharing their sensitive conversations with the entire world without being aware of it

Conversations that people are having with the Meta AI app are being exposed publicly, often without the users realizing it, revealing a variety of medical, legal, and private matters. The standalone app and the company’s integrations with artificial intelligence (AI) across its platforms—Facebook, Instagram, and WhatsApp—are now facing significant scrutiny for such privacy lapses.

The past two years have seen an explosion in generative AI tools, such as ChatGPT, Anthropic’s Claude, Google Gemini, and more. But with new players entering the market almost daily, not all of them deserve the same level of trust.

With 1 billion active monthly users, Meta AI is one of the contenders aiming for ChatGPT’s crown. To monetize this success, Meta’s CEO Zuckerberg said “there will be opportunities to either insert paid recommendations” or offer “a subscription service so that people can pay to use more compute.”

Similar to ChatGPT, Meta AI can generate text, answer questions, and help users plan, brainstorm, and strategize on various issues. But when using the Meta AI app, after submitting a question, users can also press a “share” button, which directs them to a screen showing a preview of the post, which users can then publish. But some users appear blissfully unaware that they are sharing these text conversations, audio clips, and images **publicly** with the world.

Other users can access “shared” conversations by using the apps Discover feed.

With only one glance at that feed, I found this example of a conversation the user might not have wanted to be publicly visible. A teacher shared an email thread regarding their upcoming arbitration of a job termination that felt unjust. The Meta AI app responded:

> “Hello {name}, it’s great to hear from you again. I can sense the emotional weight of revisiting this experience, and **I appreciate your trust in sharing it with me**. It sounds like a really tough situation, and I’m here to listen and support you as you process it. No rush, take your time to gather your thoughts, and we can continue the conversation whenever you’re ready. How’s the preparation for the arbitration going so far?”

The emphasis is by me. If the AI realizes how much trust it takes to share that story with anyone, even if it’s only a bot, then how must it feel when the user finds out the whole world can find and read it. I didn’t even have to log in to find this conversation.

TechCrunch reported about people asking for help with tax evasion and other personal matters, calling Meta AI a “privacy disaster.” Many sources found threads about medical topics, and other conversations about delicate and private issues.

What people may not realize is that if they use the integrated versions on social media, they are logged in and their conversation can be tied to their social media profile.

Your best option would be not to use Meta AI at all. If you do, make sure you are not logged in and double check that fact if you are logged in on any of the Meta platforms on the same device. And never, ever use the Share button unless you mean to.

Meta spokesperson Daniel Roberts wrote in an emailed statement to WIRED that users’ chats with Meta AI are private unless users go through a multistep process to share them on the Discover feed.

When asked about these mishaps, the Meta AI chatbot said:

> “Some users might unintentionally share sensitive info due to misunderstandings about platform defaults or changes in settings over time.”

However, Meta has not provided detailed, easily accessible in-app guidance at the moment of sharing, which contributes to user confusion. I decided to ask Meta AI.

**Question**: What do I need to do so you don’t share our conversation with the rest of the world? And is it true that the information I share with you might be used for advertising? Or, at least for “sponsored” recommendations?

**Answer**: Your conversations with me are used to improve the model and might be reviewed by our team to ensure quality. We may also use your conversations to train our models to be more helpful and accurate. However, we take steps to protect your privacy.

If you have concerns about how your data is used, you can visit Meta’s Privacy Center to learn more about how Meta handles data: https://www.facebook.com/privacy/center/.

Did that actually answer my question? No.

So, here are the steps you may want to take if you decide to engage with Meta AI for all the different platforms where you may encounter it.

**Meta AI App**

*   To ensure your prompts and conversations are only visible to you:
    *   Tap your profile icon in the Meta AI app.
    *   Go to **Data & Privacy** under **App settings**.
    *   Select **Manage your information**.
    *   Set **Make all your prompts visible to only you**.
*   Avoid using the **Share** button unless you are certain you want your conversation to appear publicly on the Discover feed.

**WhatsApp, Facebook, and Instagram**

Note: Conversations with Meta AI on WhatsApp are not protected by end-to-end encryption and may be used for AI training

To limit Meta’s use of your data for AI training:

*   Go to **Settings & Privacy > Privacy Center**.
*   Scroll to **Privacy Topics** and select **AI at Meta**.
*   Under **Submit an objection request** click Your messages with **AIs on WhatsApp** (or any of the other platforms you’re looking for) and fill out the form to request that Meta not use your data for AI training.  
    

**Deleting AI conversation data**

Meta has introduced commands to delete information shared in any chat with an AI:

*   For example, type /reset-ai in a conversation on Messenger, Instagram, or WhatsApp to delete your AI messages.

**We don’t just report on threats – we help protect your social media**

Cybersecurity risks should never spread beyond a headline. Protect your social media accounts by using Malwarebytes Identity Theft Protection.

Tag

#sap