Stories, guides, and threat reports from the team building SafeBrowz. Phishing, crypto wallet drainers, scam emails, news-driven scam alerts, and the browser-side protections that actually work.
Try a different keyword like , , or .
Verification pillar covering 10 brands. The 30-second universal check, exact official sender domains for PayPal / Apple / Disney+ / Hulu / Netflix / HBO Max / Spotify / Paramount+ / Amazon / Microsoft / DocuSign, and the 5-step recovery if you already clicked. Built for the moment a suspicious email lands in your inbox.
Scammers message you inside the real Booking.com app, quoting your actual reservation, then send a fake "verify your card" link. The Norton-documented hotel-partner breach, the tells, and how to pay safely.
An FBI warning flags a login-code scam that needs no password and gets past MFA. You enter a code on the real Microsoft page and hand your account to an attacker. How it works and the one rule that stops it.
An unexpected $CJUP token lands in your Solana wallet impersonating Jupiter. The "claim" link drains it in minutes. Why a surprise airdrop is bait and the only real portal (jup.ag).
Amazon moved Prime Day to June 23-26, so the fake "Prime renewal failed" emails and lookalike deal pages are landing early. The NJCCIC warning, the tells, and how to shop the sale safely.
A DM sends a Calendly link to a fake Zoom or Teams call that downloads wallet-draining malware, often from a compromised account you trust. ZachXBT flagged it on X. The one tell, the red flags, and what to do.
A text says an item from your recent Amazon order was recalled and offers a refund with no return, then phishes your Amazon password for account takeover. The FTC warning, the one tell, the red flags, and what to do if you already signed in.
The FTC warned in May 2026 about fake Evite, Paperless Post, and Punchbowl invites that ask for your email password to steal Google and Microsoft logins. The one tell that exposes them, the red flags, and what to do if you already signed in.
A sponsored Google ad outranked the real uniswap.org link and pointed to a Cyrillic Punycode clone. One Permit2 signature drained roughly $400,000 in life savings. Hayden Adams called on Google to act. Anatomy of AngelFerno DaaS + how to revoke + 3-layer detection that catches the clone before the wallet popup.
FBI PSA260527 (May 27, 2026): Chinese-linked Ghost Stadium operates 300+ lookalike FIFA ticket sites harvesting card and PII data. Our 3-layer detection on typosquat domains + brand-pivot predictions (Olympics 2028, Champions League).
FBI PSA260521 (May 21, 2026): new Microsoft 365 phishing-as-a-service hijacks accounts via OAuth device-code abuse, bypassing MFA entirely. Our 3-layer detection analysis + what enterprises do right now.
New phishing campaign abuses ChatGPT's share-link feature to display fake "OpenAI outage" pages on the real chatgpt.com domain. The download leads to openew[.]app - a cross-platform infostealer. Why URL filters fail here, the 30-second user check, and the pattern coming for Claude / Gemini / Perplexity next.
India's MHA + I4C issued advisory TAU/ADV/013 on a Trust Wallet / BNB drainer. The fake "BNB Chain Verification" pivot from P2P platforms via WhatsApp to buepux.com. Why the third approval drains your wallet, plus the SafeBrowz Permit2 modal that warns before signing.
Indian UPI users lost billions to digital fraud in 2025-2026. Cross-country guide breaks down the 8 most common UPI scams - fake collect requests, QR swap attacks, autopay mandate fraud, KYC expiry calls - with red flags, 30-second checks, and 1930 / cybercrime.gov.in recovery paths.
FBI IC3 reports thousands of SIM swap cases yearly with massive crypto + bank losses. This guide breaks down the 5-step attack chain, the FCC 2024 rule, the 6-step lockdown every phone user should do, and recovery steps if funds are already gone.
Browser popup locks the tab, plays an alarm, gives a 1-800 number. Real Apple never does this. Full anatomy of the 2026 wave, the remote-access trap, the exact key combo to escape, and recovery steps if you already called.
Cross-country tax-refund SMS phishing. Real-sender format per country (HMRC, IRS, CRA, ATO). The universal rule: no tax agency texts about refunds. 6 instant red flags, 30-second verification check, bank chargeback paths if you already entered card details.
UK's #1 phishing topic - HMRC reports 200K+ complaints/year. Fake "£342.78 tax rebate" emails + Self Assessment lures + Marriage Allowance traps. Verify with Gov.uk Gateway only. Recovery via Action Fraud + Cifas.
"Your vehicle tax payment failed - £1,000 fine + clamp threat" SMS/email. DVLA never asks for payment by SMS. Lookalike domains (dvla-payment[.]uk). Verify via gov.uk/check-vehicle-tax. Recovery + Action Fraud.
Fake TV Licensing emails: "Licence expired", "Direct Debit failed", refund offer, over-75 free-licence trap. TV Licensing won't ask for personal/payment info by email. Verify via tvlicensing.co.uk/check-it-s-us.
RCMP 2024: $50M+ CRA impersonation losses. Fake "$428.50 refund" emails + aggressive "send Bitcoin to avoid arrest" voicemails. Verify only via CRA My Account. Recovery via CAFC + credit freeze.
Top scam targeting Canadian newcomers + seniors. Automated voicemail "SIN suspended" → fake officer → SIN/banking/identity extraction. Hang-up + look-up + call-back rule. Service Canada fraud + IDCare recovery.
ATO reports 30K+ phishing reports/year. Peak Jul-Sep (Australian tax year). Fake "$1,247 refund ready" + TFN suspension + BAS overdue templates. Verify only via myGov inbox + ATO ID 13 28 61.
One myGov password = access to Medicare, Centrelink, ATO, Immigration. Fake "account locked" emails route to phishing copies of my.gov.au. Verify only via my.gov.au. Recovery via Services Australia + IDCare.
Daniel ran a $580K wire on a Friday Zoom with his CFO and CEO on camera. Both were deepfakes. Arup Hong Kong lost $25M to the same attack in Feb 2024. Pindrop 2024: deepfake voice attacks up 350%. The callback rule that stops it.
Tyler accepted a $68K remote offer and sent $1,800 for "equipment insurance." No laptop arrived. FTC 2024: $501M lost to job scams (up 118% YoY). The deepfake video interviewer angle and how to spot it.
Jenna bought a $14 Stanley dupe from a viral TikTok creator. The lid leaked. The seller vanished. The $14 was the cover charge - your card data joined a marketplace database. CBP 2024 + FTC + DHS reports inside.
Eric Googled "Sora 2 Mac download." The top ad delivered RedLine Stealer. Three days later his MetaMask drained, his Coinbase logged in from another country. OpenAI has no installer. ESET/Bitdefender 2024 inside.
Megan was groomed for 4 months on Hinge and lost $48K. Vinh was trafficked into a Sihanoukville compound to run the scam. The two stories meet at UNODC's $63B 2024 estimate. Chainalysis traced $9.9B on-chain. The trafficking dimension.
The same wave hits every January through April. 7 active 2026 variants of TurboTax/H&R Block/IRS impersonation, the exact phrases, IRS Dirty Dozen 2024 alignment, and the Form 14039 + IP PIN recovery routine.
CISA flagged carrier-level SMS interception in Dec 2024. SMS 2FA is now the weakest link. The 12-minute upgrade: switch Google, Apple, Microsoft, Coinbase, X, Instagram, Discord, GitHub from SMS to TOTP. Hardware tier guide.
Linda gave her Medicare number to a friendly caller named "Karen." Three weeks later $3,400 of medical equipment was billed to her account from Texas. October to December is peak season. 5 active variants + 1-800-MEDICARE recovery.
Mia Zelled $1,160 for Beyoncé tickets via a Twitter DM. The seller blocked her in 2 hours. 5 active 2026 variants from PDF screenshots to fake StubHub lookalikes to Ticketmaster credential phishing. The 4-minute verification routine.
Rebecca paid a €4.50 USPS "customs fee" on December 22. By February she had $1,800 in fraud charges. Nov-Jan is peak delivery scam season. 5 active variants + the virtual-card defense from the safe payments guide.
Rachel paid her parents' phone bill on the top Google ad. Three weeks later $2,400 vanished to Amsterdam and Singapore. Google Ads Safety 2024: 5.5B ads blocked. Two-step defense: SafeBrowz + virtual card (RedotPay, Revolut, Wise, Crypto.com). Available in EN/AR/ES/ZH.
The night Mike sent $4,500 to a voice he had known for ten years. Forty seconds of TikTok voice + a tagged Lisbon trip = the call. FBI IC3 2024 $16.6B losses, ITRC 2025 voice clone reports up 250%. Per-platform privacy reset + family code word inside.
Every French worker has €500-€8000 of CPF training credit. Scammers call claiming it expires (it does not), then bill fake training providers against your balance. Real CPF only at moncompteformation.gouv.fr.
Banque de France #1 fraud by losses. Scammer pretends to be your bank's fraud team and tricks you into validating their own transactions. Real banks never ask you to validate transactions by phone.
"Votre colis est en attente, frais de douane €1.99" lures. 5 active variants from customs fee to fake redelivery. Real La Poste tracking lives only at laposte.fr or suivi.laposte.fr.
"Amende €35, doublée à €75 si non payée en 24h" emails feel routine to French drivers. Real ANTAI fines arrive by paper post first. The only real payment portal is amendes.gouv.fr.
€5K-€15K government renovation subsidies. Fake auditors and cold callers harvest France Connect credentials and redirect ANAH subsidies to scammer accounts. Apply only via maprimerenov.gouv.fr.
France Connect is the master key to 1,400+ public services. One stolen login = taxes + health + pension + CPF + driver license. Real France Connect never sends suspension threat emails.
Cybermalveillance.gouv.fr 2024: €100M+ losses. Fake "Remboursement Impôts 384€" emails + Crédit d'impôt PAJE + TVA refund templates. Verify only via impots.gouv.fr espace particulier. EN guide for expats.
French Assurance Maladie phishing top-5 in 2024. Fake Carte Vitale renewal + IBAN confirmation + refund-pending templates. Verify only via ameli.fr account. Recovery via 3646 + Cybermalveillance.gouv.fr.
France's top consumer scam 2024 per Cybermalveillance. Fake "Vinted Pro" / "Leboncoin Securité" payment links route to phishing pages that drain seller cards. Vinted never uses external payment links.
FBI's #1 P2P payment scam. Fake bank fraud-alert text + impersonator call walks victim through sending money "to themselves" via Zelle. Irreversible. $440M+ losses 2024. Recovery + protection steps.
Gen Z's #1 scam: fake celebrity-endorsed giveaways tag victims on TikTok/IG, then ask for "verification fee" or steal Cash App login. FTC 2024: $1.9B in social-media-contact fraud. 7 red flags + recovery.
Scammer sends Venmo from stolen card, asks for refund. Days later card transaction reversed = victim loses everything. FTC 2024 P2P fraud $1.1B. Why Venmo has no purchase protection on peer-to-peer.
Fake iCloud renewal + hijacked friend Apple Pay requests + "Apple Cash from Apple" wrong-direction scams. FBI IC3 2024: mobile payment fraud +87% YoY. Recovery steps + Apple Pay protection settings.
Largest US bank (80M+ customers, $2.4T deposits) = biggest phishing target. Fake "suspicious login from Chicago" alerts + lookalike domains (chase-secure[.]com). FBI IC3: $1.2B bank-impersonation losses.
132M+ Steam users, $40B+ skin economy = massive target. Fake friend DM → phishing Steam login → session token steal bypasses SteamGuard 2FA. Valve doesn't restore most stolen items. Recovery flow.
70M+ daily users, mostly kids 8-17. "Free Robux" sites, Discord DM trades, OAuth phishing. 1M+ accounts compromised 2024. Written for parents to share with kids. Recovery + 2-step verify setup.
Fake X Premium suspension emails + @SupportTeam DM impersonators steal logins and payment info. Lookalike domains: x-premium[.]help, twitter-secure[.]net. 600M+ MAU = massive attack surface.
Fake "[Company] invited you to Slack" emails route to phishing login pages capturing SSO + OAuth tokens. Initial access for ransomware crews. 65M+ daily users, 200K+ paid orgs targeted. Verify in 60s.
Attacker uploads phishing HTML to Dropbox, sends real "shared a file" link. Passes SPF/DKIM/DMARC because dropbox.com IS the sender. 700M+ users at risk. Detection + 2FA + sharing-settings guide.
Fake Hulu "subscription suspended due to payment problem" emails target 50M+ subscribers. AiTM proxy captures credentials + 2FA. Variants exploit Disney+/ESPN+ bundle confusion. 7 red flags + 5-step verification + recovery flow.
The Max (formerly HBO Max) account-locked email exploits the real Warner Bros Discovery rebrand confusion. Fake billing failure + AiTM proxy login. 7 red flags + recovery flow if you clicked.
NBC Universal Peacock subscribers targeted with fake "billing failure" emails. Olympics + live sports access bait. 3 tier confusion (Free/Premium/Premium+) exploited. Recovery flow if card details entered.
Sports fans targeted with fake ESPN+ "subscription failed before the big game" emails. UFC/F1/MLB PPV access bait drives panic. Disney bundle confusion exploited. 7 red flags + verification flow.
Star Trek + Yellowstone fans targeted with fake Paramount+ "subscription failed" emails. 2024 Showtime merger confusion exploited. Fake "annual plan switch" promo variants. Recovery flow.
Real-time phishing detection for AI agents via SafeBrowz API. Working code examples for 7 frameworks (Hermes Agent, LangChain, AutoGen, CrewAI, OpenAI Assistants, Anthropic Claude, raw HTTP). $0.001 USDC per call via x402 on Solana/Base.
Fake "Meta Verified team" DMs promise a blue check for $4.99 or via an "eligibility form". The real Meta Verified is only via Settings → Accounts Center - never via DM. 7 red flags, 5-step verification, full account recovery flow.
DM from a friend's hijacked account offering free Nitro / Steam keys. Lookalike domains, QR-login hijack, NFT-server raid variants that drop wallet drainer pages. Why gamers + crypto holders are the gold targets - and the 2FA defense that stops it.
"Your channel will be terminated in 24 hours" emails target monetized creators. Linus Tech Tips 2023 hijack case. Info-stealers (Redline, LummaC2) bypass 2FA via session cookies. Hardware-key MFA + Studio-only strike verification.
"Your Disney+ subscription has been suspended" emails ride the real household-sharing crackdown news. Variants for Hulu, ESPN+, HBO Max, Peacock, Paramount+. 7 red flags, in-app verification, recovery flow including reused-password rotation.
Targets 650M+ Spotify users with fake "payment failed" panic emails. Family-plan-member-removed variant, HiFi tier upgrade, refund offer. Real billing issues only show in-app banner. Same template used by Apple Music, YouTube Music, Tidal.
SocGholish / FakeUpdates framework injects fake Chrome update popups via compromised legitimate sites. Drops Redline + LummaC2 info-stealers that target MetaMask/Phantom wallet extensions. Real Chrome updates are ALWAYS silent + automatic. Never via website download.
#2 most-clicked theme in corporate environments per Mandiant 2024. "[Coworker] sent you a document" leads to fake M365 / Google Workspace login. Variants: BEC pivot, fake HR onboarding, fake vendor invoice. Hardware-key MFA defeats AiTM proxy.
"Your bank app needs updating" WhatsApp link drops banking trojan (Anatsa/Hook/BlackRock/Cerberus). Accessibility Service permission overlays fake login on real bank app, reads SMS OTPs, executes silent UPI/IMPS/Pix transfers. Huge in India, SEA, Brazil, Nigeria.
Different from Apple-locked variant - triggers "did someone steal my account?" panic. AiTM proxy captures 6-digit 2FA in real-time. Attackers reset recovery email then Mark as Lost your iPhone via Find My. iCloud Keychain = every saved password gone.
$440M+ Zelle fraud reports 2024 per FTC. Seller scam (buyer reverses Zelle after shipping). Buyer scam (deposit then disappears). Why Zelle is the riskiest p2p payment. Safe alternatives: PayPal Goods & Services, eBay Managed Payments. CFPB Reg E protections.
3 seconds of audio from social media is enough to clone a voice. FBI's fastest-growing phone scam. The grandparent scam, fake kidnapping, CEO fraud playbook - plus the "safe word" defense that stops it cold.
The old "bad grammar = scam" rule is dead. ChatGPT writes phishing emails with perfect English in any language. The 7 new red flags security researchers actually use in 2026 - sender domain, payment rail, link mouseover, thread history.
60,000+ complaints to FBI IC3 in months. The "$2.99 unpaid toll" text targets every state - E-ZPass, FasTrak, SunPass, PikePass, TxTag. State-by-state verification table, real toll-notice format, and recovery if you entered card info.
Fake $399 Norton invoice triggers a panic call. Then the "agent" requests remote access via AnyDesk to "process the refund". McAfee, Best Buy, Microsoft Defender variants use the same play. Recovery flow if you already called the number.
"Hey I sent a code to your number by mistake, can you share it?" The exact social-engineering playbook that hijacks WhatsApp accounts in under a minute. The two-step verification PIN defense + 30-second recovery flow.
You ask a question in a project group. Within minutes, "Admin" DMs you with a KYC link, airdrop form, or recovery prompt. The wallet-drain happens in one signature. How to verify the real admin in 60 seconds - every project's pinned "we never DM first" policy.
$1B+ stolen via vanity-address lookups in transaction history. The zero-value transaction trick that puts a malicious address into your wallet's history - so you accidentally copy it next time you send. Real Bitfinex/OKX cases, defense, and the brutal recovery reality.
$1B+ lost across Asia in 2024 (UN ODC + Singapore Police data). The fake Amazon/TikTok recruiter, the small payouts that build trust, the "premium tasks" deposit trap, and the sunk-cost lockup. Plus what the Cambodia/Myanmar/Laos scam compounds actually are.
FTC says $1.3B lost to romance scams in 2024. The exact 6-week emotional grooming timeline - Tinder/Bumble first contact, love bomb, crisis pivot, then crypto. Why high-income middle-aged singles are #1 targets. Recovery flow including the cut-off-contact reality.
Locked out of Coinbase? Safe recovery walkthrough using only official channels. Coinbase.com (custodial, recoverable) vs Coinbase Wallet (self-custody, mathematically unrecoverable without seed phrase). 5 recovery-scam traps - fake Twitter support, YouTube tutorials, wallet validators. What real Coinbase support never does.
"Your Coinbase account has been suspended - verify within 24 hours." The AiTM proxy login page, the seed-phrase variant, the 2FA hijack flow. Plus Binance, Kraken, KuCoin, and Gemini variants of the same play. Recovery if you already clicked.
Vercel's free static-site hosting is one of the top abused platforms for crypto drainer pages. The lookalike-app on a .vercel.app subdomain pattern, why standard phishing blocklists miss it, and the brand-detection signals SafeBrowz uses to catch them.
The largest crypto-adjacent scam category in the world. $75B estimated global losses. FBI Operation Level Up + 276 arrests in May 2026. Full 5-stage attack chain, 7 red flags, recovery flow via IC3, and how the approval-phishing endgame connects to Permit2 attacks.
TrendAI uncovered a Russian-speaking scammer who used jailbroken Google Gemini to automate crypto theft - impersonating a US veteran on a 17K Telegram channel, hacking 29 WordPress admins, and harvesting 40+ wallet addresses from a single victim. Template for the next generation of phishing.
Amazon is the world's most-impersonated brand in 2026. The "you ordered $1,200 of AirPods" panic email triggers a click before users think. 8 message variants, the URL patterns, and how to recover if you entered your password.
IRS named tax refund phishing in its 2026 Dirty Dozen list. Real IRS never initiates contact via text/email. 6 message variants, the QR-code-on-fake-letter angle, and what to do if you entered your SSN.
FedEx smishing is the second-most-reported delivery scam after USPS. International shipment + customs duty variants push bigger dollar amounts than USPS. 7 message variants and the 10-second check that catches them all.
India's most-reported phishing scam in 2026. TRAI issued public WhatsApp advisory. 6 message variants (festival-themed, operator-impersonation, government scheme), the OTP-harvesting flow, and recovery via cybercrime.gov.in + 1930 helpline.
The fake USPS delivery text is the most-reported phishing scam in the US in 2026. 7 message variants in active rotation, what the destination page actually steals, the 10-second check that catches every variant, and what to do if you already clicked.
ZachXBT flagged an active campaign draining hundreds of EVM wallets via a fake MetaMask upgrade email with a party-hat fox logo. Per-victim losses stay under $2K to delay detection. How the email works and how to spot it.
On May 20, 2026 the DOJ secured guilty pleas from Ringba CEO and CSO for enabling tech-support fraud pipelines that drained elderly victims of life savings. Here is exactly how the fake popup → call center scam works and how browser defense stops it at step one.
The hub explainer. Why technical defenses keep losing to phishing. Kahneman's dual-system brain model + Cialdini's influence research applied to every phishing technique. Links to all 27 SafeBrowz attack-specific posts.
Microsoft Threat Intelligence: AiTM phishing up 146% in H1 2025. Evilginx2 + Modlishka + Muraena tool families. The reverse-proxy attack that captures password AND 2FA. FIDO2/passkeys are the only protocol-level defense.
Disclosed by mr.d0x in 2022. A phishing page draws a perfect HTML/CSS replica of an OS-level SSO popup INSIDE the page. The HTML/CSS recipe + the 2-second drag test that defeats it + password managers as the strongest defense.
Uber September 2022 - Lapsus$ flooded a contractor with 100+ push notifications until one was approved. The number-matching defense Microsoft/Duo/Okta deployed in 2022-2023 fixes this. Push and SMS 2FA do NOT protect against AiTM.
Older Americans lost $3.4B to tech-support scams in 2024 (FBI IC3). The 6 popup variants in 2026 + the 3-key escape (Ctrl+W / Alt+F4) + browser settings that block 99% of these. DOJ Ringba conviction May 2026 ended a major call-center pipeline.
Attacker takes a real email you received and re-sends with one element changed (bank account number, link). DKIM/DMARC pass. The 4 most damaging clone phishing patterns + the second-channel verification rule that beats them.
Attackers buy paid Google Ads above the organic results for crypto and bank keywords. The 30-day attack cycle: register domain, get Ads approval, run until Google catches, repeat. Real cases: Lowe's/Amazon/KeePass/AnyDesk/Brave malvertising.
Calendar invites bypass every spam filter because the invitation email really is from Google's servers (passes DKIM/DMARC). The phishing link lives inside the event description. Lockdown settings for Gmail + Outlook in 3 steps.
Attackers monitor brand mentions on X. They DM you within minutes pretending to be official support. Phantom/Coinbase/MetaMask DM scams. Verified badges can be bought now (X Premium), so blue check is no longer proof. The 10-second sanity check.
Attacker broadcasts a Wi-Fi network with the same name as the real one. Captive portal phishing, SSL stripping, DNS hijack. iOS/Android auto-rejoin networks with matching SSID. The 4 defenses + personal hotspot rule for sensitive work.
Attackers compromise a website the target group visits regularly (industry forum, vendor portal), then serve malicious code from that trusted site. URL filtering allows it. Forbes 2014, Polish bank 2017, Holy Water 2019. The 5-signal check.
Spear phishing makes up 65% of targeted attacks per FBI IC3 2025. The 6-step LinkedIn profiling playbook attackers use to make emails irresistible, why DKIM/DMARC do not stop it, and the 5-second second-channel verification that beats it.
Named cases: Mattel $3M, Pathé $21M, FACC $47M, Ubiquiti $46.7M, Crelan Bank $75M. FBI IC3: $2.9B in BEC losses. The 7-day pattern, why the email passes DKIM/DMARC, and the FBI Financial Fraud Kill Chain 72-hour recovery window.
Vishing up 30% YoY per FBI IC3. AI voice clones (3 seconds of audio = convincing clone). Arup engineering lost $25M to a deepfake CFO video call in Feb 2024. The "hang up and call back" rule + family safeword defense for voice-clone scams.
Microsoft Defender: quishing up 587% YoY. Real cases: Austin / Houston / Atlanta parking meter QR sticker fraud. Why QR phishing bypasses every email URL scanner (the URL is encoded as an image). 6 places quishing attacks show up + how to scan safely.
Tab-nabbing exploits the Document Visibility API. When you switch away, the background tab silently rewrites itself as "Gmail" or your bank. Avast 2024: average user has 15-30 tabs open. The JavaScript that does it + why password managers are the strongest defense.
StableChain is a new USDT-native L1, and drainer operators are already running fake claim and revoke pages that look identical. The 4-step trap, the JS that does the actual drain, and the 5-second verification that beats it.
Why scam texts bypass the email filters that catch them in your inbox. The 4-second psychology that gets you to tap before thinking. The 10-second check that beats every variant. Data from FBI IC3 + Proofpoint + FTC.
Apple is the #1 most-impersonated brand globally. The "Apple ID locked" email triggers a click before users think. 8 variants, URL patterns, and recovery steps if you entered your password.
Fake Netflix payment-failed email is in the top 5 most-reported phishing scams of 2026. 7 message variants, the URL patterns, and what to do if you entered card details.
PayPal is in the top 3 most-impersonated brands every year since 2018. The "verify your account" and "unusual activity" emails. 7 templates including the fake-invoice variant that passes DMARC.
One of the fastest-growing tech-support scams of 2026. Fake $399-$899 Geek Squad renewal triggers a call to a fake support number → remote access → bank drain via gift cards. 6 variants and recovery steps.
Leading international smishing scam of 2026. The $2.99 "customs fee" is bait - the real harvest is your card. 7 templates, why it works in Europe / GCC / India / SE Asia, and what to do if you paid.
One of the biggest crypto wallet drainer kits closed at end of May 2026. Here is who picks up its customers (Inferno, Angel, MS, Atomic), why drainers keep working in 2026, and 5 things to do this week.
A Permit2 signature is not a transaction. It does not cost gas. It does not move funds immediately. That is exactly why it is the most successful crypto wallet drainer of 2026.
SafeBrowz caught hyperliquid-eligibility.xyz in user traffic. The fake "eligibility checker" drains wallets the moment users connect. Pattern + how to verify a real Hyperliquid airdrop.
SafeBrowz Detection API is live. Pay-per-request URL safety scans on x402, settled in USDC on Solana or Base. $0.001 per call, no signup.
11 red flags that give away phishing sites, plus the browser checks most people miss.
Why "click this box to verify you're human" is now the #1 attack chain in 2026.
Microsoft is the #1 impersonated brand. Here's what a real Microsoft email actually looks like.
What's actually recoverable, what isn't, and how to move fast in the first 60 minutes.
Why the thing you thought you copied isn't what you pasted. And why your terminal is especially at risk.
The Ledger email scam family has been running for 3+ years. Here's how it actually works.