Interactive Brokers is warning customers to be on high alert due to a wave of scams involving fraudsters posing as company representatives.
Interactive Brokers (IBKR) is a global brokerage firm that lets investors trade stocks, options, futures, and other assets on international markets. In a message sent to clients on June 2, the company said it is seeing more cases of criminals impersonating its employees, branding, and email addresses in order to trick people into sending money or giving up sensitive information. These scams are sometimes called “clone firm” scams. They involve fraudsters copying the look, feel, and even the web addresses of real financial firms to appear legitimate. According to the company, scammers may use its name or logo, spoof real employee identities, or send messages from fake domains that look almost identical to the real ones.
How the scams work – According to the notice, the scam can begin with a phone call, email, or message on social media. Criminals may claim to be from IBKR and tell you there’s a problem with your account or offer you an investment opportunity. They might even send you official-looking documents or ask you to act quickly before you “lose money.”.
…
Tagged:

• cybercrime
• how-to
• scams
• tips

---

Subject: Privacy Alarm: Meta Caught De-Anonymizing Android Web Activity
Source: Android Headlines
https://www.androidheadlines.com/2025/06/meta-caught-de-anonymizing-web-activity-on-android-devices.html

In the earlier days of the internet, the invention of cookies was a pretty cool feature. It allowed websites to remember your last visit, making it easier to pick up where you left off. However, these days, cookies have gotten a bad rep as they have been abused to track your web activity to serve up ads. For the most part, your browsing sessions are pseudo-anonymous, but a recent report has revealed that Yandex and Meta are de-anonymizing Android users’ web identifiers.De-anonymizing Android web identifiers.
According to the report, both Meta and Yandex have figured out a way to bypass built-in privacy controls, ultimately de-anonymizing Android users’ web activities. Google has built privacy features into Android, like the Android sandbox feature. This is an isolated environment that limits apps’ access to certain system resources and certain types of data.
However, the report claims that the Yandex Metrica and Meta Pixel trackers have bypassed that ingeniously. They do that by passing cookies and other identifiers from browsers such as Firefox and Chrome to native Android apps. This includes apps such as Facebook or Instagram. Then, the data is tied to the account that’s logged into those apps.

The easy access that scammers have to sophisticated AI tools means everything from emails to video calls can’t be trusted.Imagine you meet someone new. Be it on a dating app or social media, you chance across each other online and get to talking. They’re genuine and relatable, so you quickly take it out of the DMs to a platform like Telegram or WhatsApp. You exchange photos and even video call each over. You start to get comfortable. Then, suddenly, they bring up money.

They need you to cover the cost of their Wi-Fi access, maybe. Or they’re trying out this new cryptocurrency. You should really get in on it early! And then, only after it’s too late, you realize that the person you were talking to was in fact not real at all.

They were a real-time AI-generated deepfake hiding the face of someone running a scam.

David Maimon, the head of fraud insights at identity verification firm SentiLink and a professor of criminology at Georgia State University, has been tracking the evolution of AI romance scams and other kinds of AI fraud for the past six years. “We’re seeing a dramatic increase in the volume of deepfakes, especially in comparison to 2023 and 2024,” Maimon says.

Part of the reason for this increase is that the barriers for creating deepfakes are getting lower. There are a lot of easily accessible AI tools that can generate realistic faces and a lot of tools that can animate those faces or create full-length videos out of them. Scammers often use images and videos of real people, deepfaked to slightly change their faces or alter what they’re saying, to target their loved ones or hijack their public influence.

So, if deepfakes are everywhere, how do you spot one? The answer is not technology. A number of technology companies, including OpenAI, have launched deepfake detection tools. Researchers have also proposed mechanisms to detect deepfakes based on things like light reflected in a person’s eyes or inconsistent facial movements, and have started investigating how to implement them in real time.

But those models often cannot reliably detect different kinds of AI fakes. OpenAI’s model, for example, is specifically designed only to report content generated with the company’s own Dall-E 3 tool but not other image generation models.
There’s also the risk that scammers can abuse AI detectors by repeatedly tweaking their content until it fools the software.

Apple fights to keep the U.S. government out of its phones. Cellebrite is the leader in helping break in. An inside look at the secretive Israeli company.

Earlier this year, at the height of a very public battle between the FBI and Apple over whether the computer maker would help decrypt a mass murderer’s locked iPhone, it appeared that a little-known, 17-year-old Israeli firm named Cellebrite Mobile Synchronization might finally get its moment in the spotlight.After weeks of insisting that only Apple could help the feds unlock the phone of San Bernardino killer Syed Rizwan Farook, the Justice Department suddenly revealed that a third party had provided a way to get into the device. Speculation swirled around the identity of that party until an Israeli newspaper reported it was Cellebrite. It turns out the company was not the third party that helped the FBI. A Cellebrite representative said as much during a panel discussion at a high-tech crimes conference in Minnesota this past April, according to a conference attendee who spoke with The Intercept. And sources who spoke with the Washington Post earlier this year also ruled out Cellebrite’s involvement, though Yossi Carmil, one of Cellebrite’s CEOs, declined to comment on the matter when asked by The Intercept.

When you are your own bank, you risk being broken into like one. Late last month, a shoeless and injured cryptocurrency investor fled from a posh Manhattan townhouse and approached the NYPD with a mortifying story: He’d just escaped 17 straight days of torture, having been held in SoHo and peed upon, forced to smoke crack, pistol-whipped, shocked with a Taser, cut with a saw, and dangled over a ledge. All because two fellow crypto enthusiasts, whom he personally knew, desired access to his multimillion-dollar Bitcoin fortune—and were willing to do anything to make him give up the password to his virtual wallet.

The NYC torture scheme was just the latest example of a “wrench attack,” where a thief employs brutal physical violence in order to gain access to a target’s virtual cryptocurrency stashes. The phrase hails from a 2009 strip from the popular webcomic xkcd, making the point that any common thief could break into a user’s encrypted software simply by battering the owner with a $5 wrench “until he tells us the password.”

Bitcoin Conference attendees likely found Lopp’s presentation valuable, not least because many crypto investors are reportedly growing more fearful. The Wall Street Journal recently spoke with anonymous “members of the crypto community” who “say they are turning their Instagram profiles private and are trying to remove their physical addresses, and those of their families, from public records.” Other crypto enthusiasts are also training in hand-to-hand combat—perhaps not incidental to the fact that, as Lopp stated, many wrench-attack survivors lacked adequate home-security or self-defense tools.

[…]

Tagged:

• Crime
• Cryptocurrency
• New York City