 Whether it’s the FBI warning about smartphone attacks leveraging fears of deportation in the U.S. foreign student population, recommendations to use a secret code as AI-powered phishing campaigns evolve, instant takeover attacks targeting Meta and PayPal users, or confirmed threats aimed at compromising your Gmail account, there is no escaping the cyber-scammers. Indeed, the Global Anti-Scam Alliance, whose advisory board includes the head of scam prevention at Amazon, Microsoft’s director of fraud and abuse risk, and the vice president of security solutions with Mastercard, found that more than $1 trillion was lost globally to such fraud in 2024. But do not despair, despite the Federal Trade Commission warning of a 25% year-on-year increase in losses, Google is fighting back. Here’s what you need to know. There can be no doubt that online scams, of all flavors, are not only increasing in volume, but they are also evolving. We’ve seen evidence of this in the increasing availability and cost-effectiveness of employing AI to empower such threat campaigns. No longer the sole stomping ground of solo actors and chancers looking to make a few bucks here and there, the scams threat landscape is now dominated by organized international groups operating at scale. The boundary between online and physical, offline fraud is blurring. Hybrid campaigns are a reality, combining phone calls with internet calls to action. The Global Anti-Scam Alliance State of Scams Report, published in November 2024, revealed the true cost of such crimes: $1.03 trillion globally in just 12 months. A March 2025 report from the Federal Trade Commission showed that U.S. consumers alone had lost $12.5 billion last year, up 25% from 2023. And that GASA report also found that only 4% of victims worldwide reported being able to recover their losses. Something has to be done, and Google’s Trust and Safety teams, responsible for tracking and fighting scams of all kinds, are determined that they are the people to help do it. “Scammers are more effective and act without fear of punishment when people are uninformed about fraud and scam tactics,” Karen Courington, Google’s vice president of consumer trusted experiences, trust & safety, said. In addition to tracking and defending against scams, Google’s dedicated teams also aim to inform consumers by analyzing threats and sharing their observations, along with mitigation advice. The May 27 Google fraud and scams advisory, does just that, describing the most pressing of recent attack trends that have been identified. These are broken down into five separate scams, each complete with mitigating best practice recommendations, as follows: Customer support scams, often displaying fake phone numbers while pretending to be legitimate help services, are evolving and exploiting victims through a combination of social engineering and web vulnerabilities, Google warned. Along with the protection offered by Gemini Nano on-device to identify dangerous sites and scams, Google advised users should “seek out official support channels directly, avoid unsolicited contacts or pop-ups and always verify phone numbers for authenticity." Malicious advertising scams, often employing the use of lures including free or cracked productivity software and games, have also evolved. “Scammers are setting their sights on more sophisticated users,” Courington said, “those with valuable assets like crypto wallets or individuals with significant online influence.” Google uses AI and human reviews to combat the threat and block ad accounts involved in such activity. Only download software from official sources, beware of too good to be true offers, and pay particular attention browser warnings when they appear, Google said. Google’s teams have seen an increase in fake travel websites as the summer vacations get closer, usually luring victims with cheap prices and unbelievable experiences. Again, these will likely impersonate well-known brands, hotels, and agencies. Google advised users to use its tools such as “about this result’ to verify website authenticity. “Avoid payment methods such as wire transfers or direct bank deposits,” Courington said, “especially if requested via email or phone.” There are some people who just demand to be listened to, not through the loudness of their voice or the position of power they find themselves in, but rather because of the sheer experience they bring to the table. When it comes to the phishing threat, one of these people has to be Paul Walsh. I have been around the online business more than long enough to remember when, in 2004, Walsh was tasked with refining the World Wide Web creator, Tim Berners-Lee’s, vision of one web. This was when the W3C Mobile Web Initiative was co-founded by Walsh, who also happened to be head of the New Technologies Team at AOL in the 90s. See, I told you I had been around a long time, and AOL wasn’t even my first rodeo on the internet. The point being that Walsh has huge experience when it comes to the phishing threat, having helped launch AOL’s Instant Messenger AIM client and becoming one of the first people online to fall victim to impersonation attacks as a result. But, it doesn’t need there: “When I co-founded the W3C standard for URL Classification and Content Labeling in 2004,” Walsh told me, “I co-invented the very concept of classifying/labeling folders, user accounts, etc., on the web,” Walsh said. Now he’s the CEO at MetaCert, a business that seeks to cut off the phishing threat directly at its source with a network-based solution for carriers to shield subscribers from SMS phishing attacks. Walsh told me that when it comes to phishing protection, threat intelligence is a fundamentally flawed method. “Relying on historical data is useless—new URLs evade existing intelligence by design,” Walsh advised, adding that it is, in his opinion, the biggest threat in cybersecurity currently. While the advice from Google is certainly not to be ignored by users, in my never humble opinion, Walsh does not agree. Suspicious links and unexpected attachments, as red flags, Walsh claimed, are not only poor warning signs but positively harmful in 2025. With SMS taking over from email as the primary attack vector for phishing campaigns in 2024, Walsh said that “authenticating URLs before delivery” is the only way to ensure they are safe, “without relying on outdated historical data or AI.” For complete details visit OUR FORUM.  Google’s 2 billion Gmail users have a critical decision to make. But so does Google. And the tech giant’s might be the more critical. Gmail’s latest upgrade gives Gemini free reign over all your past emails and even your stored files. If you let it. That’s the decision you need to make. As for Google, it’s sitting on a critical decision of a different kind. "Gmail is getting personalized smart replies that incorporate your context and tone,” Google confirmed last week. “Draft replies will sound authentically like you and match your typical tone, as the responses are created from past emails and Drive files.” But as I’ve already warned, "we are still at the early stages of these changes, and we have no clue yet as to the privacy and security risks.” There is also an awkward disconnect: Gmail’s recent encryption upgrade clashes with its AI upgrades. What Gmail users really need is Google’s ode to Apple’s HideMyEmail. which “is a service that lets you keep your personal email address private, whether you’re creating a new account with an app, signing up for a newsletter online, making a purchase with Apple Pay or sending an email to someone you don’t know well.” For iPhone users, it has been described as “the best Apple product you aren’t using.” Spam is out of control despite AI hunting and filtering, the problem remains. But there’s a more important reason for this email address shielding. Per How-To-Geek this weekend, “I seem to get emails almost every week informing me that one of my online accounts has been part of a data breach… That's why using a service such as Apple's Hide My Email is more important than ever.” That’s fine for iPhone and Apple Mail, but what about Android and Gmail? There is a solution. First revealed last November, Android’s Shielded Email feature does the same as HideMyEmail. In late February, Android Authority revealed details of the new feature following a Play Services APK teardown. Shielded Emails “will be part of Google’s Autofill system. Just think of all the apps or screens where Google pops up with its suggested autofill details based on your saved passwords and usernames; all of these should be the new home for Shielded Email.” When the team “tried to sign up for Amazon,” they saw that “Gboard’s smart autofill bar not only suggested the usual email address it knows we usually use but also a new Use Shielded Email option.” It’s not yet live and so didn’t work. It will require email server-side integration if some kind. But it’s clearly in late-stage development. With headlines still circulating after vpnMentor’s Jeremy Fowler discovered a data breach exposing “184 million logins and passwords,” the need for Shielded Email that’s actually used — and HideMyEmail that’s actually used — has never been greater. “I saw thousands of files that included emails, usernames, passwords, and the URL links to the login or authorization for the accounts.” This included “bank and financial accounts, health platforms, and government portals from numerous countries.” Masking email addresses makes it more difficult for attackers to cross-reference your data and passwords and to socially engineer attacks in your name. It lets you turn off compromised email addresses. In tandem with strong, unique passwords and two-factor authentication (2FA), or ideally passkeys, it shuts doors into your life now wide open. To learn more visit OUR FORUM.  No one saw this coming. Microsoft’s campaign to push Windows 10 users to upgrade to Windows 11 had been heading in just one direction. Until now. The Windows-maker has suddenly and quietly changed a critical deadline, which will surprise the 700 million PC owners yet to move to Windows 11. In January, I reported on yet another Microsoft deadline to push Windows 10 users to take the free Windows 11 upgrade. While some 240 million users don’t have a new enough PC to run the latest OS, hundreds of millions can upgrade but are currently choosing not to — albeit that number is reducing month-by-month. This deadline hit apps rather than the OS itself. “Microsoft 365 Apps will no longer be supported after October 14, 2025, on Windows 10 devices,” the company said. “To use Microsoft 365 Applications on your device, you will need to upgrade to Windows 11.” In a support document, the company confirmed “Microsoft 365 apps will no longer be supported on Windows 10 after it reaches end of support,” just as “Microsoft 365 apps are no longer supported on Windows 7, Windows 8 or Windows 8.1 now that these operating systems have reached their end of support dates.” That particular support document had not been changed at the time of writing. But as spotted by Neowin, “it looks like Microsoft has had a big change of heart. On a Tech Community blog post about Windows 10 extended security updates (ESU) it recently updated, the company has confirmed that Microsoft 365 apps will be supported for another three years till 2028. Neowin noticed this new addition while browsing.” That browsing hit on a different, newly updated support document, in which Microsoft says “to help maintain security while you transition to Windows 11, Microsoft will continue providing security updates for Microsoft 365 Apps on Windows 10 for three years after Windows 10 reaches end of support. These updates will be delivered through the standard update channels, ending on October 10, 2028.” Microsoft warns that “using an unsupported OS can cause performance and reliability issues when running Microsoft 365 Apps. More interestingly, although “if the issue occurs only with Microsoft 365 Apps on Windows 10, with or without Windows 10 Extended Security Updates, and doesn’t occur on Windows 11, support will ask the customer to move to Windows 11,” Microsoft also says “if the customer is unable to move to Windows 11, support will provide troubleshooting assistance only; technical workarounds might be limited or unavailable.” That comers across as a direct shout-out to the 240 million Windows 10 users who don’t have a TPM 2.0 PC and so can’t accept the free Windows 11 upgrade today. The primary issue for those users is security, and this has now been resolved for Microsoft 365 apps. Unlike the current plan for a Windows 10 ESU, this update extension offer is free. “To help maintain security while you transition to Windows 11,” Microsoft now says it “will continue providing security updates for Microsoft 365 Apps on Windows 10 for three years after Windows 10 reaches end of support. These updates will be delivered through the standard update channels, ending on October 10, 2028.” This will come across as a soft three-year extension for those users to extend a move and to hold off buying a new PC. More critically, it also signals that Microsoft is bedding down for a prolonged period of Windows 10 users running PCs with no support. Learn more visit OUR FORUM. |
Latest Articles
|