A French fishing group just got hit with a reported data breach. A cybercriminal says they swiped sensitive member information and dumped it online.

The organization in trouble is the Departmental Fishing Federation of Bas-Rhin. People also call it Pêche67, and it runs fishing permits and memberships in northeastern France.

Someone Named “AplaGroup” Claims Responsibility for the Breach

A threat actor going by “AplaGroup” claims they broke into the federation’s online portal. They say they pulled out member data and posted it on dark websites.

Those hidden corners of the internet are where criminals love to share or sell hacked info. The federation hasn’t publicly said much about what happened yet.

But the claims have people worried. There’s a lot of personal info supposedly floating around out there. And some of those photos might belong to kids, which makes things worse.

What Data Got Exposed

According to the hacker’s claims, the database comprised approximately 1,646 member records. And that includes lots of sensitive information, full names, age, email addresses, as well as telephone numbers.

The database also appears to hold additional identifying information, such as postal address, membership number, and user account information.

There are approximately 352 profile pictures. A few of these may depict minors, but this has not yet been confirmed by any official agency.

Investigators will have to look through the data to find out whether these pictures belong to minors. As a small positive note, the data that has been leaked does not contain any information about financial transactions (such as bank account information or credit card numbers).

Why Should this Matter

Your banking information is not required to create real trouble. If a criminal gets their hands on people’s names, addresses, and phone numbers, they can use that info to craft convincing scams.

When an email appears to be from the Fishing Federation with your name and address, there’s an air of credibility around it. The result is that someone can successfully deceive you.

Cybercriminals are increasingly using AI to make phishing emails far more effective. Stolen logins and personal data are flooding criminal markets, helping scammers create even more convincing fraudulent messages.

Phone calls and text messages can also be used in the same way to defraud individuals. There may even be attempts at identity theft where an individual is attempting to create new accounts or impersonate you.

When you consider profile pictures, an added layer of risk arises; a bad actor could use your profile picture and create a bogus social media profile, thereby defrauding others through the use of your image.

The issue is compounded further when children potentially have their images exposed. When looking at the privacy laws in Europe, there are strict requirements regarding the protection of minors’ data.

If this leak affected children, then regulators might get involved and start probing to know what happened. They might even find the organization.

But for now, there’s no official confirmation of whether or not the breach actually affected children. Those confirmations remain to be determined.

What we’re Still Missing

A bunch of big questions don’t have answers right now. How did the hacker actually get in? We don’t know. When did the theft happen? Also unclear. Independent experts haven’t verified the leaked records either.

The federation hasn’t released any detailed investigation findings. Nobody has publicly confirmed exactly how many people got hit.

So for now, some details rely entirely on what the hacker claims. Breach monitors are reporting what they see, but official confirmation hasn’t arrived.

Who Runs this Federation

The Bas-Rhin fishing federation serves a whole lot of anglers. They work with local fishing clubs all over the region.

Also, they handle fishing permits, run conservation projects, and manage environmental efforts. They do educational programs for the community.

Even a smaller breach like this can affect tons of people. That’s just how it goes when you’re dealing with a large membership base.

If you have an account with the federation, stay alert. Security folks say change your passwords for any affected services.

And never ever use the same password for every account. Turn on two-factor authentication wherever it’s an option. And if you get a random email or call asking for your personal info, never be in a hurry to release answers.

Scammers are pushy, they want you to panic and spill the beans. Slow down and think. That “urgent” message? Nine times out of ten, it’s a scam.

Keep an eye on your accounts. If something smells weird or you see mystery charges, that’s your cue to jump in fast and lock things down.

Where things Stand

For now, experts are still looking into the leaked data to determine if it’s authentic or if the hacker is just bluffing to get attention. But if in the end the claim is true, it drives home the point that you don’t need to be a huge company for cyber crooks to go after you. Even a humble fishing club can make the headlines for all the wrong reasons.

The case also proves that personal information sticks around. Photos and contact details don’t just disappear after a breach.

Until officials release their findings, affected members should stay cautious. A little vigilance now can save a whole lot of headaches later.

The post Hackers Claims Data Breach at French Fishing Federation Affecting 1,600 Members appeared first on TechGeer.

The U.S. Department of Justice (DoJ) has announced the results of a large-scale international operation targeting cyber-enabled fraud and cryptocurrency investment scams that have cost Americans billions of dollars.

The initiative, known as “Disruption Week,” began on May 18, 2026. Government agencies worked alongside technology companies and international law enforcement partners to dismantle infrastructure used by transnational cybercrime groups operating from Southeast Asia.

The operation led to the removal of millions of online accounts and the freezing of more than $3.8 million in cryptocurrency allegedly connected to money laundering activities.

U.S. Attorney Jeanine Ferris Pirro for the District of Columbia said crypto-related investment fraud continues to inflict severe financial damage on Americans, draining life savings and disproportionately affecting vulnerable individuals.

Operation Targets Fraud Infrastructure Across Multiple Platforms

The crackdown forms part of the U.S. government’s broader Scam Center Strike Force initiative, which focuses on dismantling criminal organizations behind cyber-enabled fraud and so-called “pig butchering” schemes. These operations often rely on romance-based manipulation and fake investment opportunities to deceive victims into transferring funds.

Fraudsters typically spend weeks or months building trust with targets before directing them to fraudulent investment platforms that promise substantial returns. Once victims deposit money, the criminals move the funds into accounts under their control. Communication usually ends once victims discover the deception or exhaust their financial resources.

Several major companies participated in the OP, including Apple, Google, Coinbase, Microsoft, Silent Push, Meta, SpaceX’s Starlink, Zenlayer, and TRM Labs. Authorities from Australia, Canada, New Zealand, Thailand, and the United Kingdom also supported the effort.

The operation produced significant results across multiple fronts. Authorities disrupted criminal activity linked to over 1.4 million Facebook and Instagram accounts, pages, and groups. Investigators also disabled approximately 20,000 Microsoft accounts and thousands of Starlink kits allegedly used by scam networks.

Officials further interrupted malicious internet traffic, dismantled hosting infrastructure connected to fraud operations, identified suspected scammers and scam platforms, and referred several cases for additional investigation and potential prosecution. The Royal Thai Police also arrested seven suspects and opened new investigations through its Anti-Cyber Scam Center.

Crypto Fraud Losses Continue to Climb

According to the DoJ, cryptocurrency investment fraud has become one of the fastest-growing forms of financial crime affecting Americans. Reported losses increased from $3.96 billion in 2023 to $5.8 billion in 2024 before surpassing $7.2 billion in 2025, representing a year-over-year increase of roughly 24%.

Tech-support fraud is another major category of financial crime. Two former executives pleaded guilty to their roles in a global tech-support fraud scheme, highlighting the diverse types of fraud targeting Americans.

The department stated that many of these criminal operations function from large scam compounds located in Cambodia, Laos, and Myanmar near the Thai border. Criminal syndicates reportedly recruit workers with promises of lucrative technology-related jobs in Thailand before confiscating their identification documents and forcing them into scam operations.

The DoJ said trafficked workers inside these facilities frequently conduct fraud campaigns against victims in the United States and other countries while facing threats of violence if they refuse to participate.

The announcement follows another major enforcement action last month in which U.S. as well as Chinese authorities reportedly apprehended up to 276 suspects and took down 9 scam centers involved in virtual currency investment fraud campaigns targeting Americans.

International Cooperation Drives Results

Meta reported that law enforcement agencies have so far arrested 63 individuals believed to have connections to scam compounds and related criminal operations. Coinbase also disclosed that it froze more than $3 million in cryptocurrency assets linked to the networks targeted during the investigation.

Police Lieutenant General Jirabhop Bhuridej of the Royal Thai Police emphasized that no single country or agency can tackle transnational online fraud alone. He said authorities must continue sharing intelligence and coordinating investigations to effectively dismantle criminal networks and improve public protection.

The latest operation highlights the growing cooperation between governments, law enforcement agencies, and private-sector companies as they work to disrupt increasingly sophisticated cyber fraud networks operating across international borders.

The post Global Crackdown Targets Cyber Scam Networks, Millions of Accounts Dismantled appeared first on TechGeer.

Poland just drew a hard line on kids and screens. The government wants phones out of primary schools completely.

It also plans to lock down access to pornography with real age checks. Prime Minister Donald Tusk called it a fight against a “civilizational problem.”

Details of the Polish School Phone Ban

A new law requires pornographic websites to implement third, party age verification processes that protect users’ privacy instead of just a person checking an affirmative statement or collecting biometric data.  That includes lesson time and every single break between classes.

Schools will get a legal reason to create phone deposits. Think of them like coat checks for devices. Teachers and parents finally have a real tool, Tusk said.

“We are convinced that parents and teachers should have such a tool,” he told reporters in Warsaw on June 2. He admitted the ban is not a perfect fix. But he said addiction to phones and the internet has become too serious to ignore.

Education Minister Barbara Nowacka spoke at the same press conference. She actually suggested banning social media for kids under 15 back in February. That idea could set up a clash with big US tech firms.

Porn Sites Face New Age Rules

A separate bill comes from Poland’s minister for digital affairs. It forces porn websites to block children more effectively.

The government said age checks cannot rely on simple declarations. They also banned biometric data and tracking of a user’s online activity. Instead, the system must respect privacy and personal data rules.

Poland is not alone in this – the Netherlands, South Korea, and Italy have put similar laws restricting the use of smartphones in schools.  Others are banning social media or thinking about it.

Meta Tightens Teen Controls Globally

On the same day Poland announced its plan, Meta rolled out bigger protections. The company expanded its 13+ content settings for teen accounts on Instagram, Facebook, and Messenger.

These controls first launched in select countries back in October 2025. Now they apply worldwide. The settings filter out inappropriate content by default for teenage users.

Later this year, Meta will add a “limited content” setting on Facebook and Messenger. Instagram is currently testing a method to prevent teenagers from receiving similar types of content multiple times. The goal? To provide a more balanced feed for them. 

A Global Wave of Restrictions

Many countries are taking action to curb access to social media for children. Australia was the first to make this move, banning people under the age of 16 from accessing social media. Greece has made a proposal for a ban on social media for kids below 15. A few others –Spain, UK, France, Norway, Denmark, Malaysia– are either weighing the odds and working towards introducing similar rules. 

Greece’s Prime Minister, Kyriakos Mitsotakis, when he announced the social media ban for kids under 15, urged the whole of the European Union to follow suit. The Greek rule takes effect in January 2027.

Spain’s Prime Minister Pedro Sanchez called social media a “digital wild west” at the World Government Summit in Dubai. He said platforms are run by companies “wealthier and more powerful than many nations.”

Sanchez promised real age verification, not just check boxes. He also said CEOs will face criminal charges for failing to remove illegal or hate-filled content. Spain plans to criminalize algorithms that amplify illegal material too.

The EU is also pressuring Meta on privacy issues. The European Union has urged Meta to alleviate consumer concerns about its “Pay for Privacy” subscription models, adding to the regulatory challenges facing the company.

Elon Musk fired back on X, calling Sanchez a “tyrant and traitor to the people of Spain.” Musk previously called Australia’s government “fascists” over its social media ban.

While tech companies would point out that the focus of concern regarding the banning of devices for children should be the types of activities they perform on them, rather than merely prohibiting them, many governments throughout Europe and all over the world are moving quickly to take action on the issues regarding children and their use of cellular phones and social media.

The post Poland to Ban Mobile Phones in Schools for Children Under 15 and Prevent Porn appeared first on TechGeer.

Cybercriminals are increasingly disguising malware campaigns as cryptocurrency job opportunities, targeting job seekers with fake recruitment processes designed to steal cryptocurrency wallets, passwords, and sensitive personal information.

The warning emerged after Cointelegraph highlighted a growing trend in which scammers pose as recruiters and hiring managers, luring candidates into downloading malicious software under the guise of interview tools, technical assessments, or onboarding applications.

The tactic exploits strong demand for crypto jobs and applicants’ willingness to engage with unfamiliar companies during hiring.

Community Raises Alarm Over Recruitment-Based Attacks

Cryptocurrency community members have raised concerns after reports of a surge in fake recruitment campaigns targeting digital asset professionals.

The discussion grew on X after warnings about fraudulent hiring emails appearing to come from legitimate employers circulated. One example featured a recruitment message for a “Crypto Ecosystem Analyst” role at Blockchain Learning.

The email told recipients recruiters had reviewed their profile and asked for salary expectations, remote work availability, experience, and possible start dates before an introductory call.

At first glance, the message appeared legitimate. Cybersecurity observers warned attackers increasingly use such messages as the first step in malware and credential theft campaigns targeting crypto users.

Industry participants quickly shared their concerns, noting that cybercriminals continue to refine social engineering tactics to gain access to valuable accounts, wallets, and corporate systems.

Crypto Community Shares Concerns

Several X users reacted to the warning by highlighting the risks associated with modern recruitment scams.

TheLaddersResearch mocked the growing sophistication of these schemes, joking that scammers might eventually request a victim’s seed phrase as a way to “confirm experience.” The remark reflected wider concerns about attackers exploiting trust to gain access to digital assets. The National Cryptocurrency Association said these scams are increasing and stressed the need for public awareness.

Community member eightlends expressed frustration over ongoing fraud, saying evolving scams have made people skeptical of most online interactions. Crypto commentator Kozei urged job seekers to thoroughly verify employers before downloading software, opening files, or using recruitment tools.

Others pointed to an evolution in attacker behavior. According to igbaisaacA, recruitment scams are not a new phenomenon, but cybercriminals have changed the bait they use. He noted that attackers previously relied on invoices and email attachments, whereas many now disguise their operations as job interviews and hiring opportunities.

He added that professionals working in cryptocurrency have become particularly attractive targets because of their proximity to digital assets, exchanges, and financial platforms.

Attackers are also evolving their phishing techniques. AI is making phishing emails far more effective at stealing credentials, demonstrating the adaptability of cybercriminals.

Experts Urge Caution During Hiring Processes

Aditya Chotaliya issued a strong warning, saying fake recruiter operations are increasingly common in the crypto job market.

According to him, suspicious requests often follow a familiar pattern. Candidates are asked to download a special interview application or run a test repository on their local machine. He stressed that reputable companies generally do not require applicants to execute unknown code on their primary devices during the hiring process.

Reports suggest threat actors are exploiting the crypto industry’s growing workforce and remote hiring culture. Security observers warn that successful attacks can expose sensitive credentials, compromise digital wallets, and provide access to confidential business information.

Experts advise job seekers to verify recruiters, research employers, and avoid unverified software during interviews as cybercriminals adapt. For many in the crypto sector, a promising job opportunity may be the first step in a planned cyberattack.

The post Cybercriminals Use Fake Crypto Job Offers to Deliver Malware and Steal Credentials appeared first on TechGeer.

A threat actor on a Russian cybercrime forum called Rehub is selling complete source code for a backdoor that hides inside one of your system’s most trusted layers. The backdoor, named PamDOORa, targets x86_64 Linux systems.

It slips into your system quietly and once inside, they silently copy every key that passes through the door. They also leave a secret entrance for themselves that no one else can see.

What Makes PamDOORa Different

Pluggable Authentication Modules (PAM for short) is what takes care of login authentication on Linux. There’s a file tagged /etc/pam.d/sshd, which controls how SSH verified users before they login.

Any changes made to these files will mess up how the system decides who is permitted to log in.  Attackers normally tweak a line or two here. But PamDOORa takes a smarter approach.

The backdoor injects a malicious module called pam_linux.so into the authentication stack. It does not replace the standard pam_unix.so file. Instead, it loads as an additional module through configuration changes. This makes detection much harder.

The backdoor only activates for specific network traffic. A routine called procFindConnectionSocket scans file descriptors under /proc/[pid]/fd. It checks socket metadata like type, family, and protocol. Then it matches the connection to a particular TCP port and magic password combination. This network-aware trigger is stricter than most typical backdoors.

Credential Theft and Anti-Forensics

PamDOORa does more than grant secret access. It also captures every password from legitimate users. The tool collects credentials right inside the PAM stack. That means it intercepts passwords before any application-layer logging happens.

Then they’ll encrypt the stolen data with XOR using a key generated at runtime. Then the backdoor writes it to /tmp with filenames + timestamps made up on the fly. XOR’s not strong encryption, sure, but it’s decent enough for bypassing basic content scanners.

Now here’s where it gets troubling for incident response teams. PamDOORa messes with auth logs. Also is tamers with lastlog, utmp, btmp, and wtmp, all of them, wiping every trace that shows the attacker even got in. So when security teams SSHs in to find out what went wrong, two bad things happen. Either the tool captures their credentials too or it silently erases their access from logs.

The implant also uses these selective execution hooks. They tag it PAM_IGNORE, and it’s mostly dormant during normal ops. This blend of stealth tactics mirrors what you see in advanced Linux persistence tooling.

Assessing the Seller and Market

The threat actor offering this tool uses the alias “darkworm.” Analysts found five distinct personas using that same name across forums. But the PamDOORa seller? Notably more credible technically than the others. Code snippets look realistic. And aligns with known PAM abuse methods as well.

Initially, one copy of the source code sold for 1,600 USD. Then it later dropped to 900 USD. That’s like almost 50% off. This suggests either: not many buyers,  or the seller just wants a quicker sale. 

Rehub itself? It became popular after lots of top underground platforms were shut down last year. Its entry barrier’s low compared to other forums, making it more accessible. But that also means more scams and exaggerated claims. Trust plus technical consistency? Weaker than invite-only forums.

Criminal markets are also flooded with stolen credentials. AI-enhanced phishing campaigns are contributing to the supply of logins available for sale, highlighting the demand for tools like PamDOORa.

How PamDOORa Compares to Open-Source Tools

GitHub searches showed 22 repositories matching the term ‘PAM backdoor.’ Mostly crude PoC scripts. A lot just replace file or patch  pam_unix.so in basic ways. Code quality? Low to medium, generally. 45% of these projects are shell scripts. Whereas 35% comprise of C.

PamDOORa is unique because it uses more than one technique. Cohesive + modular implant, has anti-debugging features and even network-aware triggers. Also, it comes with a builder pipeline. That makes it almost on par with operator-grade tooling rather than commodity scripts.

Individual techniques like PAM hooks, credential capture, and log tampering are all well documented. But pulling them together into something configurable, and maintainable? That’s real evolution.

This analysis is based mainly on a dark web advertisement and screenshots the seller shared. No review of the full source code is available yet so the actual capabilities may be different from what the threat actor claim

The post Threat Actor Offers Linux PAM Backdoor ‘PamDOORa’ for Sale on Cybercrime Forum appeared first on TechGeer.

But the reality is far more complex. While parts of the dark web are used for illegal activities, it also serves as a critical tool for privacy advocates, journalists, whistleblowers, and people living under strict censorship.

In this guide, you’ll learn what the dark web actually is, how it works, how it differs from the deep web, and why people use it. We’ll also explore the risks associated with accessing the dark web, common scams and cyber threats, and the essential safety measures you should take before visiting it.

Key Facts About the Dark Web

• Search engines and google browsers cannot penetrate the dark web online.
• It provides both lawful content (for free speech and privacy) and countless illegal services and markets.
• Ordinarily, It is not a criminal activity to visit the dark web. However, most of the activities there are dangerous and unlawful.
• Your private data may already be on the dark web due to breaches, even if you’ve never visited it.
• With maximum safety tools, monitoring and cautious online habits that protect your privacy, you can minimize the risks.
• You should only access the dark web for valid reasons and always follow strict safety precautions.

What is the Dark Web?

The dark web is a unique sector of the deep web that the developers hid deliberately and because of that it needs particular tools to gain access.

Contrary to the surface web, the dark web can use encoded networks with special design like Tor browser to keep you anonymous.

Also, it allows both legitimate and illegitimate operations which may result in scams and prohibited contents.

Who Created the Dark Web?

The dark web originated from the evolution of internet technology and the growing demand for online anonymity. This idea of an encrypted, concealed portion of the internet started during the 1990s.

There are even various traces of the dark web creation of today to the Tor Browser and onion project. The precursor to the Tor project, the Onion Router, was created by the United States Naval Research Labs during the 90s. Its aim was to safeguard government communications. Tor network browser allows its users to gain access to websites that have the “onion” registry operator.

A computer scientist and mathematician named Roger Dingledine, together with two of his colleagues, created the Tor browser, which appeared as an open-source project during the early 2000s. Thanks to tools like the Tor browser and modern tech, users can now access the dark web if they choose to.

The Dark Web, Surface Web, and Deep Web Explained

The internet is huge and contains countless databases, web pages, and servers that operate 24/7. The surface web, accessible via search engines like Google and Yahoo, represents only a small part of the internet.

Within the non-visible spaces, you can find many terms which you should know how they differ. That is, if you want to visit the underbelly of the internet.

The Surface Web/ Open Web

This part of the internet is open to the general public for easy access. Conventional search engines such as Bing and Google also list it, and you can find many things easily on it.

For example:

• News websites
• E-commerce
• Public-facing social media outline
• Blogs and avenues

The surface web is the most used part of the internet but represents only a small portion of all online content.

According to statistics, the surface web overall sites and data comprises up to 5% of the entire internet. This includes websites easily accessible through browsers like Chrome, Firefox, and Microsoft Edge.

The surface websites normally have labels with domain names like “.org” and ” .com” to enable easy search on famous search engines.

It is easy to locate the surface web due to search engines that index the web through visible links by a procedure known as “crawling,” a result of the search engine whizzing through the internet like a spider.

Deep Web

The deep web is a space that its developers hid very well but it still provides legitimate contents. Those who use it can find it under the surface web, and it comprises materials which the search engines don’t index. The fact that the contents in the deep web are not available on the surface search engines may not make it dangerous or illegal.

Almost 90% of all websites make use of the deep web. You can say that it is the tip of an iceberg under the water and it is bigger than the surface web. To be precise, the deep web is so vast that you may not discover all of its pages or the number of websites that are operating at a given time.

Major search engines like Google show websites that are near the conventional surface. Then other things, ranging from private databases to academic journals and other illicit contents are beyond them. The dark web is also a part of the deep web.

Although many news channels interchangeably make use of “the dark web” and ” deep web”, the majority of its contents are perfectly safe and legal.

Is Using the Dark Web Illegal?

No, the dark web itself is not illegal in most countries, including the UK, Canada, the United States, and throughout the European Union. Simply accessing or browsing it using tools like Tor Browser is legal.

Their dark activities have proven to be a great challenge to law enforcement agencies globally, who are trying to create a balance between online privacy and fighting criminal activities. However, the dark web isn’t illegal on its own. For example, some of its uses are perfectly legitimate and improve the dark web value.

In fact, users on the dark web can enjoy these benefits:

1. User anonymity
2. Virtually untraceable sites and services

That said, you can say that the legality of the dark web depends on how you, as the user engages with it. On the other hand, making use of anonymized browsers and Tor isn’t strictly illegal. To be precise, these presumed “dark web” browsers aren’t exclusively chained to this section of the internet.

In fact, at present, numerous users now take advantage of Tor Browser for both public internet and the extensive sections of the web privately. Notably, Tor provides an important privacy feature that enables governing bodies and organizations to presently take part in unauthorized monitoring of internet activities.

As it stands now, some just don’t want the ISPs (Internet Service Providers) or government agencies to inspect their activities online. In fact, some countries that have user laws and strict access prohibit their users from accessing public websites until they make use of VPNs (Virtual Private Networks) and Tor clients.

But then, you can still conduct illicit acts within Tor, which can incriminate you not minding the legality of the browser. Moreover, there are those who use Tor to share illicit pornography, raid contents which have copyrights from the deep web, or partake in cyberbullying.

Due to the recent surveillance-heavy digital system, the privacy that Tor Browser can provide is vital. Besides, both governing bodies and business enterprises at present take part in unauthorized monitoring of online operations.

At the end of the day, just browsing these spaces isn’t illegal but it can be a problem for you based on your territory. Meanwhile, there are so many unpleasant activities living within the dark web. These elements can subject you to needless risks if you are not cautious.

Types of Content Found on the Deep Web

1. Databases

The databases are both private and public protected file collections. They don’t have any link to other parts of the web, you can get them from the database itself. such as private messages, research and academic databases.

2. Intranets

This is the network you can use within the organizations, educational and government facilities to control and communicate information internally. e.g streaming service, paid journals etc.

The deep web is an important portion of the present-day internet infrastructure with the purpose to provide safe access, security, and privacy. Unknowingly, you may be using the deep web daily. That is because it is hiding behind other security walls or passwords.

However, you should know that deep web sites are not harmful to your computer or privacy.  You can only view private pages like:

• Legal Files
• Private organization databases
• Online financial accounts like retirement and banking records
• Social messaging and email accounts
• HIPAA classified data such as; medical documentation

Meanwhile, you can still access the deep web through the usual internet browser.

3. Dark Web

This is an encrypted, anonymous section of the deep web. Those who developed it hid it on purpose and you need a special tool to access it. The Dark web sites aren’t indexed by normal search engines and require special browsers to access. It’s smaller than the surface web but part of the deep web.

Note this: It is very important to know the difference between these spaces. The difference at a glance:

How to Access Dark Web Safely

It may not matter why you need to browse the darknet. The important thing is to know how you can safely go through its secret space. That is why you have to follow these crucial guidelines. That is if you want to protect your privacy and safety.

Just take a look below to know what you need to do:

• Use a VPN with Tor: Connect to a trusted VPN before opening Tor to add an extra layer of privacy and hide Tor usage from your ISP. But is Tor itself safe? Our complete guide to Tor’s safety breaks down the browser’s strengths, weaknesses, and the risks you should know before using it.
• Install premium antivirus software: Reliable antivirus protection can help block malware, ransomware, and other threats commonly found on the dark web.
• Use TAILS for maximum anonymity: The Amnesic Incognito Live System (TAILS) runs from a USB drive and leaves no trace of your activity on your device.
• Strengthen your security: Close unnecessary apps, disable background services, and cover your webcam to reduce the risk of surveillance or security breaches.
• Visit trusted dark web sites only: Stick to verified darknet directories and avoid random links that may lead to scams, malware, or illegal content.
• Use cryptocurrency for payments: Crypto transactions offer more privacy and reduce the risk of leaving a trackable financial trail.
• Disconnect after browsing: Once finished, close all browser windows, clear activity traces, disconnect from the VPN, and restart your device.
• Avoid suspicious downloads: Download files only from trusted sources, as malicious files on the dark web can infect your device instantly.

Risks and Threats of Using the Dark Web

For those users who just want to use the dark web for regular privacy purposes, it is vital that you know that it also comes with certain threats. Check out these threats you are likely to face below:

Malicious Software

Another word for malicious content is malware and this software is very much alive all over the dark web. Most times, some portals provide these malicious software to threat actors as tools for their cyberattacks. Consequently, it remains throughout the dark web to contaminate ignorant users as it has done to the entire web.

Because the dark web lacks standard protections used across the internet, users are more exposed to malware risks:

• Keyloggers whose work is to record anything you type.
• Phishing malware with special design to steal people’s stuff and personal information.
• Botnet malware that can convert your device to part of an illegal network.
• Ransomware that can encrypt your files and force you to pay.

Just bear in mind that as you decide to delve into the murky waters of the dark web, you are putting yourself at the risk of becoming a target and being singled out for hacks and many more. However, if you install high-quality antivirus software on your device, your endpoint security program can catch the majority of the malware infections.

Although using Tor as well as the structure of the dark web offers high anonymity, that doesn’t mean that they can’t fail. If someone investigates you closely, your online activity can still leave traces of your identity.

Government Monitoring

Since the law enforcement agencies worldwide are cracking down on many different Tor-based websites, you may be surprised to find yourself a government target just because you visited the dark web.

Police authorities are now more experienced in their dark web surveillance techniques. Sometime in the past, police surveillance captured Silk Road, which is an illicit drug marketplace.

They were able to hijack the marketplace by making use of custom software to penetrate and analyze the operations. As a result, law officials were able to find out the user identities of both patrons and onlookers.

Even if you do not buy anything on the dark web, as long as you enter there, you may become a target of government monitoring that can incriminate you in the future. Any sneaky activity can make you a target for surveillance even for other activities as well. 

Dodging government restrictions to find out the latest political ideologies can put you in prison in certain countries, especially those under authoritarian regimes.

Scams

Supposedly, some services such as professional hitmen may be scams with the intention to profit from unsuspecting customers. According to reports, the dark web provides many different illegal services that range from sex trafficking to paid assassinations and weapons.

It is a well-known fact that some part of the dark web provides these services,  so scammers then leverage this fact to trick ignorant users out of huge amounts of money. In addition, some users within the dark web can also try their hands at phishing scams in order to steal your personal data or identity to scam you.

Bear in mind that on the dark web, there is no consumer protection. As a result, immediately you send your cryptocurrency as payment, you cannot get a refund even though you are scammed.

How to Check If Your Information is on the Dark Web

If you have ever experienced a data breach and your data leaked out, it is possible that your personal information will end up on the dark web. Your personal information will be there for malicious actors to profit from whether you have ever visited the dark web or not.

The scale of this problem is staggering. Latest darknet statistics show just how much stolen data, from login credentials to financial information, is actively traded on underground markets.

If you want to know when your information is on the dark web, you can use data breach alerts or dark web scan tools that come with premium plans like Kaspersky’s Plus.

These tools mentioned above do not directly browse on the dark web. Rather, what they do is to monitor sources that are known for leaks to see whether your data is revealed anywhere. They just scan the databases of endangered credentials to see if your information is included and alert you.

If you get the alert that your information is leaked, that doesn’t mean that anyone is already using it. What it means is that your data which leaked previously is available for any interested party. Depending on your information that leaked out, you need to take prompt action.

Take these steps immediately if you get the alert that your personal information is at risk:

• Immediately change the password you used on all the stolen accounts.
• Switch on the MFA (multi-factor authentication) to prevent the stolen password from working.
• Check your cloud services, banking accounts, and email for any unrecognized login attempts.
• Allow ongoing monitoring when you get the prompt for it by security software you use so that you can automatically get new alerts.

What Can You Find on the Dark Web?

The dark web provides both legitimate and illegitimate activities. Also it offers privacy to clients while allowing risks like illicit content and scams.

But finding anything on the dark web isn’t easy without the right tools. Our guide to the best dark web search engines can help you navigate these hidden spaces more effectively.

This is why many online users say that the dark web is more about illegal content, cybercrimes and trading stolen goods websites. Check out these revolting things hiding at the dark corners of the dark web.

1. Illegal Substances

On the dark web you can get hold of illicit prescription drugs such as heroin, marijuana, cocaine, and other prohibited drugs. In addition, the dark web sells certain toxic chemicals that are likely to cause serious damage to its targets.

These marketplaces can confuse you because of how they operate like legitimate markets. This is because they work like normal e-commerce websites with vendor ratings, customer services, and customer reviews and you may not know that all they peddle are illegal.

2. Fake IDs and Stolen Information

If there is any cyber attack in an organization and criminals steal clients personal details, the data is already on the dark web and immediately put up for sale within hours or days. Cyber thieves operate very fast to sell off their stolen information before the owners can catch up to them.

The data criminals steal can be either bank card numbers or social security numbers. The cyber thieves always sell these credit/bank card information they steal in large sizes at a discount rate.

You can buy things like login credentials for multiple services, including Netflix accounts etc which criminals stole on the dark web. The interesting part is that the dark web also put on sale stolen passports and documents from all over the world.

For instance, buying a stolen United Kingdom citizen passport from the dark web with a few thousand dollars although the quality of the items may vary, yet some of them are so high-end to pass through initial inspection.

3. Harmful and Disturbing Items and Services

At the right price, you can get any of those items or services that are dangerous on the dark web. What the marketplace focuses on is the demand and supply theory, just like any other legitimate commerce, only that the products they market are illegal.

As long as you price the correct amount, you can purchase anything including, fake goods, body parts, mercenaries for hire, and child pornography. Moreover, it is through the dark web that human traffickers operate and coordinate atrocities throughout the globe.

In fact, you can get hold of anything you want on the dark web including those you can’t imagine. Importantly, users carry out financial activities on the dark web through cryptocurrencies like Bitcoin. Thus; parties conducting the business can remain anonymous without the standard banking oversight.

4. Uranium Ore

The darknet marketplace is a world where you can buy anything as long as you offer the right price and that includes the Uranium ore. You can process this material into weapons. Although the authenticity and quality may be questionable, it is a great concern that they are available.

5. Weapons

So far, you should be aware that whatever criminals are looking for can be found on the darknet. So, it shouldn’t surprise you that the market for weapons there is diverse and very active.

To be precise, certain darknet sites provide military-standard weaponry and explosives. You can also get C4 plastic explosives, rocket launchers, as well as various weapons that litter the darknet effortlessly.

6. Hitman

Interested parties can get hitmen on the darknet who claim to be available to kill anyone for money. It is doubtful sometimes but no one is sure whether these assassins are for real or scammers who want to scam people of their cryptocurrencies.

They may take the payment but wouldn’t render the service. However, it is quite disturbing that people are willing to hire such services.

7. Dangerous Poison

It is quite frightening that such a dangerous substance ricin is available from the dark web. This substance, called ricin is a protein that comes from castor bean plant which can quickly kill off human cells.

In fact, even in little amounts, ricin is quite lethal and many other deadly substances like it are available on the dark web, coupled with their user’s guide. Back in 2015, Mohammed Ali, who was a computer programmer, bagged 8 years in prison because he tried to purchase ricin poison on the darknet.

Reportedly, the guy got his inspiration to make the purchase from the United States Television series called Breaking Bad and this portrays how the media can impact a real life criminal behavior.

This particular story should teach you that it is important to take high security measures while browsing through the dark web even though you are just there out of curiosity. That is before your harmless curiosity slams your head in prison.

8. Counterfeit University Credentials

For a long period of time now, many already know the dark web as the place to go if you need fake college and university certificates. These forgeries are not poor in quality but high-level replicas that will be hard for institutions and job employers to detect at least for the meantime.

9. Viruses and Malware

You can get any kind of malware and computer virus on the darknet. That is why, the dark web is the major place for the spread of these digital menances. The cybercriminals distribute, sell, and share everything from keyloggers, trojans to spyware.

10. Scams

You can get many reports of scams or illicit services on the darknet. For instance, you can get assassins for hire, illegal weapons, and sex trafficking. However, some of these illegal services you hear like “hitmen” for hire are likely to be scams. They may be especially aimed at defrauding unsuspecting victims who are already unlawful.

Although some of the dark web threats are genuine and well-known, some people there take advantage of its notoriety to trick users out of huge amounts of money.

In addition, some of the darknet users may even try phishing scams to steal private information which they use to force victims through identity theft or blackmail.

11. Government Surveillance

When visiting the dark web, you should bear in mind that there is a possibility of facing government monitoring. Most especially, as the majority of the Tor-based websites are now overrun by police authorities all over the world.

You may find yourself at the risk of becoming a target of the authorities just by visiting the dark web. You may not buy anything from illegal markets. However, the specially made software that law officials use can study the activities and pinpoint the user identity via many different sophisticated techniques.

If the authorities find you out, it can result in incrimination for your later activities in life. In fact, in certain countries, the law sees just surveying recent political ideologies as an imprisonable offense. Moreover, anyone found to visit sites with restrictions can become a subject under surveillance or a target for jail sentences.

An example of government surveillance is China, which makes use of the “Great Firewall” to regulate its citizens’ access to known websites.

12. Hoaxes and Unverified Content

There have been many reports regarding professional hitmen that kill for the money as well as crowdfunded assassins on the darknet. However, people believe most of these reports to be hoaxes which the bad actors meant to use and draw the attention of the media.

For example, Sad Satan which was an Indie game, was supposedly found through the dark web. But there are so many irregularities in the report that made the story doubtful.

The inventor of the Silk Road known as Ross Ulbricht, was apprehended under suspicion of paying a hitman from the dark web to kill 6 people. However, the charges were later dropped for lack of evidence.

There is also the case about “Red Rooms” urban legend, which shows live murder but was later deemed to be a hoax.

13. Social Network

It is quite surprising, but yet, there is something like the DWSN (Dark Web Social Network) which is a social media platform on the dark web. The DWSN is just like any other social networking website which allows its users to design customizable profiles, join in forum discussions regarding numerous topics, and even make friends.

No wonder the regular social media platforms like Facebook have designed special versions that can smoothly operate on the dark web to render services. But contrary to Facebook, the Dark Web Social Network requires its users to be anonymous and never to reveal private information in order to maintain their privacy from potential monitoring and other users.

14. Terrorism

Starting from the emergence of the dark web, it has always been the playground of terrorists because of the lack of regulation and anonymity it offers. The dark web provides terrorist groups with a chat platform to motivate terrorist attacks as well as ‘How-to’ guides that instruct people on how to become terrorists, and conceal their identities from the authorities.

They make use of Bitcoin which cannot be traced back to them, to make anonymous donations. This makes it easy for terrorists to finance their operations and buy weapons without regular oversight. Meanwhile, some fraudulent sites like the ISIL pose as a front for these terrorist organizations to defraud potential supporters.

Moreover, due to the recent technology upgrade, cyber terrorists are now able to take advantage of the weakness within the critical infrastructure to carry out their attacks, which is likely to have deadly real-world consequences.

15. Illegal Pornography

Although it is not easy to discover child pornography on the dark web, reports have shown that up to 80% of the darknet traffic consists of illegal pornography. Even though it is quite a challenge to seek it out, most of the prevalent content is illegal porn.

In addition, you can also find various porn-related content, like revenge pornography, as well as videos that show killings of animals and sexual torture.

Law enforcement always targets these sites that share child pornography by carrying out organized international operations. For instance, in May 2021, there was a crackdown on Boystown by law enforcement in Germany. It was a network for child pornography which boasts of up to 400,000 registered users.

During the operation, the police authorities pulled down many different pedophile chat websites while apprehending four suspects including a Paraguayan who is believed to be their ring leader.

In 2015, there was another big crackdown where the FBI dismantled Playpen which was the greatest child porn site on the dark web at that time boasting of more than 200,000 users. As of now, the founder of Playpen is imprisoned for 30 years following his conviction in 2017.

16. Frauds and Financing

Due to its anonymity, the dark web has become a hub for fraud, including counterfeiting and carding. Carding means stealing and the unlawful use of information from credit cards. This kind of illicit business can only thrive on the darknet.

Other fraudulent activities you can get on the dark web include: fake sale of identities, phishing scams, as well as fake product sale which may not be delivered. Those businesses that are known for counterfeiting make fake versions of popular products. They can create fake drugs and even designer handbags and sell them off at the dark web.

Because of its anonymity, criminals are hard to track on the dark web, contributing to its popularity. However, because of the international partnership between law enforcement bodies, there have been many successful crackdowns of key criminal operations.

17. Hacker services and bodies

The dark web has been overrun by cybercriminals who are ready to provide illegal services either as an individual or as an organized body. Examples of them are; Mazafaka, dark0de, xDedic, Hack Forum, and the Trojanforge.

Most of these cybercriminals can work as vigilantes inside the criminal system as well as trace and blackmail pedophiles. Hackers on the dark web often target banks and financial institutions with advanced attacks that can cause millions in losses.

Note that not every service offered on the dark web is genuine. Some onion sites scam users by offering downloads infected with trojans and backdoors. That is why, It’s important to stay highly alert while browsing the dark web due to risks in every click.

18. Bitcoin Services

If you want to visit the dark web marketplace, Bitcoin is a must-have. It is a cryptocurrency well-known for its flexibility and anonymity. With Bitcoin, users can conceal their identity as well as their intentions.

Bitcoin became popular among those involved in illegal activities who want to avoid financial tracking. To further conceal transactions, users may convert Bitcoin into other digital currencies and later exchange them back into fiat money.

Tumbler services, also known as mixers, are used on the dark web to hide transactions by mixing coins from users. But then, Bitcoin has also become a target for scammers because of its importance within the digital world. Even research has shown that Bitcoin mixers are now used more for money laundering. They also aid criminals to clean up their stolen gains and then convert them to legitimate finance.

Staying Protected from Dark Web Criminal Activity

As mentioned, anyone using the dark web should always take proper safety precautions. Whether or not you visit the dark web, you should ensure your personal data is not exposed to it. Identity thieves on the dark web may exploit your private data for illegal activities. After all, personal information is often traded on the dark web for profit.

For example, malicious actors can use leaked data to damage your credit, hack your accounts, or commit financial fraud in your name. They can even commit a social fraud that can destroy your reputation.

Antivirus and Antimalware security is also important if you want to stop the malicious actors from taking advantage of you. Also, when bad actors come for you, they can make use of keyloggers to get your data. For protection, use security software with strong identity monitoring and antivirus features.

FAQs

The post What is the Dark Web: Complete Guide 2026 appeared first on TechGeer.

Your messages aren’t as private as you think, and all it takes is a TV in your living room. That’s what former CIA agent John Kirikou recently revealed.

According to Kirikou, the agency can see almost everything you send. And they don’t even need to break your encryption to do it.

How Kirikou Came to Know About this

Kiriakou worked at the CIA for 15 years and ran operations in Pakistan following 9/11.

Then he became a whistleblower. He told ABC News about the CIA’s torture program back in 2007. That revelation landed him in federal prison for 23 months.

Now he’s talking again. This time about how the CIA watches ordinary Americans through their own gadgets.

When he was asked directly about whether the CIA can manipulate devices, Kiriakou confirmed they absolutely can. His proof comes from the Vault 7 documents, leaked secret files that exposed the CIA’s hacking tools and their capabilities.

A popular leak site called WikiLeaks published those documents in 2017. 

The person behind the leak? A CIA software engineer, Joshua Schulte, who apparently wasn’t happy with his job. They revealed operational CIA programs, not theoretical experiments.

The documents showed tools for hacking cars, smart TVs, and other consumer electronics.

Your TV as a Listening Device

One tool stood out from the rest. The CIA named it Weeping Angel.

British counterparts from MI5 helped create it during a joint workshop in 2014. The malware runs like a normal TV app.

But in the background, it captures audio. Not video, at least not yet. The leaked documents show video recording was a future goal.

Security researcher Matthew Hickey reviewed the CIA notes. He explained that Weeping Angel can also recover Wi-Fi keys. Then it uses those keys to hack your entire network.

The scariest part? A feature called “Fake Off.” The TV keeps recording even when you turn it off.

Hickey said the malware probably infects TVs through a USB key. But the CIA may have remote methods too.

The agency can’t stream audio in real time. Instead, they copy files off the TV later. A CIA agent with a Wi-Fi hotspot just needs to get close enough. The TV sees the hotspot and uploads everything.

Your Car Can Leak Your Secrets

The surveillance doesn’t stop at your living room. Your car is also fair game.

Vault 7 documents showed the CIA can remotely control vehicle computer systems. That connected car that calls for help after accidents? It’s a potential entry point.

Agencies spend billions annually on domestic surveillance. They purchase metadata without warrants. They track movement patterns through device connectivity.

Your phone’s location services can provide detailed information about your activity, it can show the agency the places you go to, when you go there, and who you meet.

Telecom infrastructure is a key tool in both surveillance and fraud. Two former executives’ guilty plea highlights how telecom services can be misused in global criminal schemes.

The Pattern Problem

Here’s the scary part. Agencies don’t always need to crack your encrypted messages.

Predictable patterns create surveillance opportunities. Your daily commute. Your weekend routines. Also your travel to sensitive locations.

Metadata tells the whole story without anyone reading a single text. The surveillance infrastructure isn’t something new, the makers have already embedded it within the devices you carry around everywhere.

That voice-activated assistant on your kitchen counter? The streaming stick that knows your viewing habits? All potential entry points.

What Privacy Means Now

Your smart home isn’t just convenient. It’s potentially compromised, and Kiriakou’s warning tells us exactly how. Intelligence agencies “can see all your messages” through exploits targeting everyday devices.

The Vault 7 documents proved this wasn’t speculation. These were operational programs designed to turn your life into an open book.

So what can you do? Security researchers say updating your TV’s firmware may kill the CIA tool. The leaked notes show firmware version 1118 eliminated the USB installation method.

But the same engineering notes include a feature to “prevent updates.” The CIA must have already blocked automatic updates. So if updates aren’t working, just do a factory reset. That code exists in the Wikileaks file too.

Samsung did not respond to requests for comment when Forbes first reported on Weeping Angel. The company also faced privacy concerns in 2015 about sharing TV conversations with third parties.

The bottom line? That device in your pocket isn’t just a phone. That screen on your wall isn’t just a TV. They’re tools. The question is who controls them.

The post Former CIA Officer Warns Smart TVs Could be Used as Listening Devices appeared first on TechGeer.

Malaysia is tightening its grip on online platforms. The country’s communications regulator just announced a set of rules taking effect on June 1, requiring online service providers to do far more to protect children from harmful digital content.

The Malaysian Communications and Multimedia Commission (MCMC) released the announcement on Friday. The rules target a well-documented problem, children accessing online platforms without adequate guardrails, and platforms doing very little to stop it.

Malaysia Moves to Lock Minors Out of Online Platforms

The new rules place clear obligations on online service providers. They must build safeguards that restrict account registration and ownership for users below the age of 16. Platforms must also enforce stronger content governance across their services to limit exposure to material the government considers harmful.

According to the MCMC, the measures aim to deliver age-appropriate protections and tighter restrictions on high-risk features that online platforms currently offer without meaningful controls.

The commission also requires platforms to maintain functional reporting and response systems, verify their advertisers, and label manipulated or synthetic content wherever relevant. These are not suggestions. Platforms operating in Malaysia will need to comply.

A grace period will give online providers time to implement the changes. The MCMC did not specify how long that window will last.

Why Malaysia is Cracking Down Now

Malaysia did not arrive at this decision overnight. In recent years, the country has intensified its scrutiny of social media companies after recording a sharp increase in harmful online content circulating across platforms.

Malaysian authorities classify several categories of content as harmful: online gambling, scams, child pornography and grooming, cyberbullying, and content targeting race, religion, and the country’s royalty. The breadth of that list reflects how serious the problem has become.

Children sit at the center of these concerns. Grooming, in particular, represents one of the most urgent threats. Predators use online platforms to build trust with minors, often long before parents or guardians notice anything is wrong. Weak age controls on platforms make this easier.

The government’s move follows a pattern playing out across the world. Countries including Australia, the United Kingdom, and several in the European Union have all moved to restrict minor access to social media in recent years. Malaysia is now joining that effort directly.

Age Verification Comes Next

The June 1 rules are only part of the picture. The Malaysian government also plans to introduce age verification for platform users later this year. This would require individuals to confirm their age before accessing certain services, adding another layer of protection on top of the new account registration limits.

Age verification has become a flashpoint in global tech policy. Supporters argue it is the only reliable way to keep minors off platforms built for adults. Critics raise concerns about privacy and the collection of sensitive identity data. Malaysia will need to navigate both sides of that debate as it rolls out the system.

For now, the immediate focus stays on June 1. Online platforms operating in Malaysia will need to move quickly. The registration restrictions and content governance requirements are not optional, and the MCMC has made its position clear.

The broader message from Malaysian authorities is straightforward: online platforms carry a direct responsibility for the safety of the people using them, especially children. The government is no longer willing to leave that responsibility entirely to the companies themselves.

As the global conversation around child safety online grows louder, Malaysia’s new framework positions the country as an active participant rather than a bystander. The real test now falls on the platforms to comply, and on regulators to enforce it.

Online safety extends beyond child protection. AI-driven phishing attacks are making credential theft more effective, reminding us that protecting users of all ages requires constant vigilance against evolving threats.

The post Malaysia to Require Online Platforms to Restrict Accounts for Users Under 16 appeared first on TechGeer.

Customers of Trump Mobile have reported that the conservative wireless service is exposing their personal information. Several users discovered they could access other customers’ account details through the company’s online portal.

The compromised records have included consumers’ names, telephone numbers, e-mail addresses, home addresses, and incomplete payment data. Customers also reported that after they logged into their system, they could access the order histories and account dashboard of unknown account holders.

The extent of the exposed data is uncertain, but the affected consumers have raised concerns regarding the company’s lack of proper data security and have been very critical about the incident.

Trump Mobile was established as a conservative homologous replacement to the current leading providers in wireless telecommunications. The company has positioned itself as a provider of a telecommunication network that focuses on promoting and supporting like-minded freedom-loving Americans.

However, given the data breach incident that took place, many raise questions regarding the company’s ability to protect customer data from unauthorized access. 

Customers Discovered They Could View Strangers’ Accounts

Many Trump Mobile customers took to social media to share their terrifying experiences of discovering they could see other customer accounts. One customer shared that after logging into the Trump Mobile dashboard, the screen displayed another customer account information. This included the stranger’s name, phone number, email address, and home address and there was no verification needed to see this information.

Another customer found that their Trump Mobile account showed them the order history and account details of other customers. The information available to them included partial credit card numbers which would put their information at a higher risk for fraud. Multiple customers reported they could see the issue on different browsers and devices.

Security researchers indicated that an issue with either session management or user authentication probably caused the data exposure. Also, it could be a failure of proper isolation between customer accounts from other customers’ accounts in the system. Such a type of data exposure was likely due to a vulnerability known as Insecure Direct Object Reference, which allows an attacker to manipulate identifiers to gain access to unapproved information.

The company has not provided the number of affected subscribers; however, many customers were unhappy that they found out about the issue on the internet before their provider, Trump Mobile, notified them.

Wireless Carrier Marketed to Conservative Customers Faces Backlash

Trump Mobile positions itself as the wireless carrier for supporters of former President Donald Trump. The service emphasizes American values and freedom from what it calls ‘woke’ corporate policies; however, this security breach contradicts the company’s promises of protecting its customers.

The incident has sparked criticism from privacy advocates and security experts, who argue that political marketing does not excuse poor data protection practices. Customers who joined the service expecting better security now find their personal information at risk.

Some affected users reported canceling their Trump Mobile subscriptions following the discovery. Others expressed disappointment that a company built on trust would fail to safeguard basic customer data. The backlash highlights how security lapses can undermine brand loyalty, especially for businesses that market themselves as trustworthy alternatives.

Security Experts Warn of Identity Theft and Phishing Risks

Experts in the cybersecurity landscape note that the risk is extremely high for all affected persons in leaked customer records from Trump Mobile. If criminals have the name, phone number, email address, and home address of a victim, then they can use this information to commit identity fraud.

Additionally, criminals could send phishing emails that appear legitimate, targeting customers of Trump Mobile because of the information they retrieved from the data breach.

Information on partial payment methods, such as a credit card number, helps to establish the financial profile of a potential target. Criminals often use multiple sources of stolen data to create an entire profile of a victim and, therefore, the Trump Mobile customer records can add to databases of previously stolen data already available via the dark web.

Affected customers should take several protective steps immediately. Users should monitor their bank accounts and credit reports for unauthorized activity. Placing a fraud alert or credit freeze with major credit bureaus adds another layer of defense.

Customers should also be especially cautious of unsolicited calls, texts, or emails claiming to come from Trump Mobile. Attackers often use recent data breaches to make their phishing attempts appear legitimate – so they should verify any account-related communications through official channels to prevent falling victim to follow-on scams.

Similarly, Microsoft users receiving unsolicited one-time passcodes should never enter those codes unless they personally triggered the request, a reminder that vigilance is key across all platforms.

Security researchers recommend that Trump Mobile conduct a thorough forensic investigation. Also, the company should notify all affected customers and offer credit monitoring services; failure to handle the incident properly could result in regulatory action and class-action lawsuits.

The post Trump Mobile Users Report Exposure of Customer Data via Online Account Portal appeared first on TechGeer.

Two senior executives of a business have admitted they operated a company that provided services to tech-support fraudsters. The scheme targeted victims across the United States and internationally, defrauding millions of dollars from vulnerable individuals.

Adam Young, a former CEO of this business in Miami, Florida, and Harrison Gevirtz, a former CSO for the same company in Las Vegas, Nevada, plead guilty to running a telecommunications business that provided telephone numbers to customers involved in tech support fraud schemes. They provided number sets, call routing, call tracking, and call forwarding services to their customers. 

As part of their guilty plea, Adam Young and Harrison Gevirtz also plead guilty to misprision of a federal felony, or failure to notify authorities of the existence of that felony.

On June 16, 2026, according to the US Sentencing Guidelines and other statutory factors, a federal district court judge will impose a sentence upon them. The investigation of this company began in 2020 and resulted in the conviction of five different individuals, based out of India, who were telemarketing fraudsters, as well as one former employee of this call routing company.

Executives Knew About Fraud and Failed to Report It

From approximately 2016 through 2022, Young, Gevirtz, and others knew that some of their customers were engaged in tech-support fraud schemes. The schemes utilized false pop-up messages to persuade computer users that their devices had become infected with viruses or malware.

Victims who saw these alerts received instructions to take certain immediate actions – including to call a phone number displayed in the pop-up message. Call centers operating from India answered these calls and persuaded victims to pay hundreds of dollars for technical-support services that are either unnecessary or completely fictitious.

Real technical issues can be just as confusing. Pixel phone users are experiencing eSIM problems that force frequent restarts, the kind of legitimate frustration scammers love to exploit with fake tech support offers.

In many cases, call center representatives remotely accessed users’ computer systems and retrieved financial and personal details.

From 2017 through April 2022, after learning about their customers’ fraudulent activities, Young and Gevirtz failed to report the schemes to law enforcement officials. Court documents show that the defendants received many inquiries and complaints from telephone service providers and law enforcement agencies about customers engaged in tech-support fraud.

Despite this knowledge, the executives advised some customers about techniques to avoid complaints from fraud victims and prevent account termination. They also assisted these customers in buying and selling fraudulent calls among themselves.

Investigation Revealed Call Center Operations in Tunisia

The investigation further revealed that India-based call centers used Young and Gevirtz’s business to route their tech fraud scheme calls. In some instances, the executives advised those fraudsters on methods intended to reduce complaints and prevent account terminations.

Young and Gevirtz themselves owned and operated a call center in Tunisia from 2016 through April 2022. Some employees at that call center engaged in tech-support fraud as well. The defendants also directed their own employees to promote the company’s services to customers involved in fraudulent activities.

The investigation led to the conviction of Indian citizens Chirag Sachdeva, Sahil Narang, Manish Kumar, and Abrar Anjum for charges related to telemarketing fraud schemes based in India. The schemes targeted and defrauded Americans of millions of dollars, with many victims being older or otherwise vulnerable to fraud schemes.

Also, the investigation contributed to the conviction of another person, Jagmeet Singh Virk, in the US District Court for the Northern District of California.

FBI Warns Tech-Support Fraud Costs Americans Billions

The FBI’s Boston Division investigated the case. Special Agent in Charge Ted E. Docks stated that the executives willfully profited from telemarketing and tech-support scammers who preyed on the older and vulnerable. The scammers create a huge damage to many, they drain victims of their life savings and peace of mind.

Behind each fraudulent call stood a real individual left humiliated, frightened, or financially shattered. Tech-support fraud and scams cost Americans $2.1 billion last year alone, and Rhode Islanders specifically reported losing a minimum of $5.7 million to these schemes.

The FBI warned that anyone who fuels and supports criminal networks preying on unsuspecting consumers will face relentless pursuit – law enforcement will hold such individuals accountable for the harm they helped inflict. The case continues to be prosecuted by Assistant US Attorneys Sandra Hebert, Milind Shah, Lee Vilker, and Julianne Klein.

The post Two Former Executives Plead Guilty over Telecom Services Used in Global Tech-support Fraud Scheme appeared first on TechGeer.