Last verified: 2026-07-05

Is That Actually Dangerous? The Security Theater Audit

Viral warnings are graded by the question most warnings skip: not "can a demo be made?" but "how many people are getting hurt in the wild?" The U.S. counts below come from IC3, FTC, law-enforcement sources, platform docs, and original security research where available; threat mechanics generalize more widely than the U.S. victim counts.

1. Possible? Lab demos matter, but only as the first gate. A DEF CON talk proves feasibility, not prevalence.
2. In the wild? The main axis: public victim counts, enforcement cases, annual reports, and repeated field reports.
3. Cost to mitigate? Cheap fixes can be rational even for low odds; expensive fear-products need stronger evidence.
Now Showing

Fear vs. documented harm

THEATER
Juice jacking THEATER Warnings exist; public victim-scale evidence is not there. [----]
Phishing REAL IC3: 191,561 phishing/spoofing complaints in 2025. [####]
Card skimmers REAL FBI estimates more than $1B/year in skimming cost. [###-]
RFID wallet panic MISDIRECTED Contactless EMV is not the skimmer you should fear. [----]

The verdict board

Victim scale uses a 0-4 filled-seat shorthand: [----] means no public victim-count source found; [####] means mass-scale, routine harm.

Threat Verdict Victim scale One-line reality Mitigation and cost Last audited
Juice jackingTHEATER[----] agency warnings, no public campaign count foundPossible through USB data paths, but modern phones prompt or block data trust and public evidence is thin.Use an AC outlet, battery pack, or data blocker if convenient; do not spend worry-hours here.2026-07-05
Hotel key cards store credit cardsTHEATER[----] urban legendRoom keys typically encode room/access/time data, not payment-card details.Return, toss, or keep the card; protect the payment card in the hotel system instead.2026-07-05
House symbols and zip tiesTHEATER[----] viral folkloreRumors spread because they are vivid; opportunistic burglary is more boring.Lock doors, improve lighting, and know neighbors; skip symbol decoding.2026-07-05
RFID/NFC walk-by card skimmingMISDIRECTED[----] near-zero public evidence for walk-by EMV cloneContactless EMV creates a one-time security code; physical skimmers and e-skimming are the real card risks.Skip payment-card RFID panic; use tap/chip and watch statements.2026-07-05
Phone listening for adsMISDIRECTED[----] no mic leaks in the cited app studyThe creepy targeting usually comes from location, purchase, social, and broker data.Audit permissions; restrict ad IDs and data brokers.2026-07-05
Hotel room safesEDGE CASE[#---] real bypass mechanics, unclear victim scaleMaster codes and override keys are real; the safe is for opportunists, not hotel staff.Use it, but test obvious default codes and keep irreplaceables on you or at front desk.2026-07-05
Public Wi-Fi sniffingEDGE CASE[#---] remaining risk is targeted/fake-login, not bulk sniffingHTTPS killed most passive sniffing; evil twins and fake captive portals remain.Use HTTPS, app/site directly, and VPN for untrusted networks or privacy from network operators.2026-07-05
USB drops in parking lotsEDGE CASE[#---] real in organizations; consumer mass scale not shownOriginal research found 45-98% success when 297 drives were dropped on campus.Personal: do not plug it in. Employer: treat as real social engineering.2026-07-05
Bluetooth and AirDrop attacksEDGE CASE[#---] proximity and version dependentReal bugs appear, but mass exploitation usually needs old software or targeted proximity.Update OS; set AirDrop/Quick Share to contacts or off.2026-07-05
QR-code sticker scamsEDGE CASE[##--] documented and risingFake QR codes route to spoofed payment/login pages, especially parking meters and fake tickets.Inspect URL; use official apps/sites; avoid sticker QR codes on public payment signs.2026-07-05
Car key relayEDGE CASE[##--] real for keyless vehiclesRelay theft targets specific car models and parking setups, not every driver equally.Use manufacturer sleep-mode keys, garage/steering lock, or pouch if your model is targeted.2026-07-05
Webcam spyingREAL[##--] documented casesRATs and insecure cameras are real; the cover is cheap enough to end the debate.$0 tape or $2 slider; remember microphones are the uncovered gap.2026-07-05
SIM swapREAL[##--] IC3 2025: 971 complaints, $17.4M lossRare for the average person, severe for crypto, creator, and high-value finance accounts.Carrier port-out PIN; app/passkey MFA; remove SMS recovery where possible.2026-07-05
AirTag and tracker stalkingREAL[##--] documented cases and platform countermeasuresSmall population, serious stakes; cross-platform alerts now exist.Enable Bluetooth/location alerts; follow platform steps; involve law enforcement if safety is at risk.2026-07-05
ATM and pump card skimmersREAL[###-] FBI: more than $1B/year costPhysical skimmers capture magstripe/PIN data at pumps, ATMs, POS terminals.Tap > chip > swipe; inspect seals/readers; shield PIN; use bank ATMs.2026-07-05
Shoulder-surfed phone PIN theftREAL[###-] pattern documented; platform mitigations addedThief sees passcode, steals phone, changes account/payment settings.Use biometrics in public; turn on iPhone Stolen Device Protection and Android theft protections.2026-07-05
Phishing and smishingREAL[####] IC3 2025: 191,561 phishing/spoofing complaintsThe boring inbound-message attack dwarfs most viral scares.Never act from the message; open the app/site yourself; use passkeys or phishing-resistant MFA.2026-07-05
Data-broker exposureREAL[####] FTC: hundreds of millions of ad IDs in one caseYour location and identity graph explains many "my phone heard me" moments.Opt out where possible; restrict app permissions and ad tracking.2026-07-05

One fear at a time

Tonight: The Juice Jacker

The public USB port steals your data while your phone charges.

THEATER

Is juice jacking real?

Direct answer: Technically possible, but not a normal consumer threat. As of 2026-07-05, this audit found agency warnings and lab demonstrations, not a public victim-count source showing a widespread real-world public-charger campaign.

Possible? Yes. USB can carry power and data, and malicious cables/hosts can attempt a data session.
In the wild? Public evidence is thin. The FBI Denver warning and FCC page warn on possibility; they are not victim-count reports.
Gotcha The warning is not false physics. It is weak prevalence evidence. A targeted attacker with access to your cable is different from an airport epidemic.
What to do: Use an AC outlet, your own charger, a battery pack, or a data blocker if easy. Do not skip password-manager setup to shop for USB anxiety gear.

Last audited: 2026-07-05. Sources: FBI Denver public warning via contemporaneous reports; FCC juice-jacking warning; platform USB trust prompts.

Tonight: The Walk-By Card Clone

A stranger brushes past and clones your card through your pocket.

MISDIRECTED

Do I need an RFID-blocking wallet?

Direct answer: Usually no for modern payment cards. EMVCo says contactless transactions generate a one-time security code for each transaction; that is not a reusable magstripe clone.

Possible? Short-range reads are possible under lab or controlled conditions.
In the wild? This audit found no mass victim-count source for walk-by contactless EMV cloning. The real card-theft sources are physical skimmers, e-commerce breaches, and phishing.
When not to use this fear Do not let RFID-wallet shopping replace statement alerts, tap/chip preference, and terminal inspection.
What to do: If you like the wallet, fine. For security ROI, use tap-to-pay, avoid swipe, monitor accounts, and lock cards quickly after alerts.

Last audited: 2026-07-05. EMVCo contactless security

Tonight: The Listening Phone

You mentioned shoes at lunch; now every ad is shoes.

MISDIRECTED

Is my phone listening to my conversations for ads?

Direct answer: The best public app-study evidence points away from routine microphone eavesdropping and toward something more ordinary: screen capture risks, location trails, third-party app permissions, and data-broker/ad graphs.

Possible? Malware or permission-abusing apps can record audio if granted access or exploited.
In the wild? Northeastern researchers analyzed more than 17,000 Android apps and reported no audio leaks in the tested set; they did find screen recording/leakage behavior.
Real adjacent threat FTC actions against data brokers show precise location and advertising identifiers moving through markets at massive scale.
What to do: Review microphone/camera/location permissions, reset or restrict ad IDs, turn off unnecessary app tracking, and use the data broker opt-out guide.

Last audited: 2026-07-05. Northeastern app study FTC Mobilewalla

Tonight: The Credit Card Key

Your hotel room card supposedly contains your payment card.

THEATER

Do hotel key cards store your credit card?

Direct answer: Treat this as an urban legend. Hotel key systems typically need only access credentials such as room reference, validity dates, and permissions; there is no operational reason to encode the payment card on the room key.

Possible? Magnetic stripes can store arbitrary data, but "possible storage" is not "hotel practice."
In the wild? No credible public victim-count source appears for identity theft from returned room keys.
Real adjacent threat The hotel property-management/payment system is where payment data risk lives, not the disposable access key.
What to do: Do not worry about returning the key. Use a credit card rather than debit for travel, monitor charges, and dispute fraud promptly.

Last audited: 2026-07-05. Source: hotel key-card industry explanations and absence of public victim-count reports.

Tonight: The Magic Safe Code

The room safe opens with a master code or staff override.

EDGE CASE

Can hotel staff open the room safe?

Direct answer: Yes, often by design. The honest framing is that the in-room safe protects against opportunists and casual theft, not against authorized staff, bad defaults, or someone with the override key/code.

Possible? A safe manual checked during build documents master-code and mechanical-key opening; its factory master code is listed as 000000.
In the wild? The bypass mechanism is real; the public victim scale is unclear and likely far smaller than routine travel theft.
Gotcha "The safe can be opened" does not mean "never use it." It may still be the best in-room option.
What to do: Lock it, test obvious default codes before trusting it, hide valuables from casual view, use front-desk safe deposit for irreplaceables, and keep passport/phone-critical items on you when practical.

Last audited: 2026-07-05. Source: SFH-1182 safe manual extracted during build; it recommends changing the master code immediately and documents factory default 000000.

Tonight: The Coffee-Shop Sniffer

Everyone on airport Wi-Fi can read your bank password.

EDGE CASE

Is public Wi-Fi dangerous?

Direct answer: Less than old warnings imply. Passive sniffing of ordinary browsing is largely blunted by HTTPS, which Google says reached roughly 95-99% of Chrome navigations around 2020 and is now the default path for public sites.

Possible? Yes: fake hotspots, captive-portal phishing, device sharing services, DNS tricks, and old non-HTTPS apps still matter.
In the wild? Public Wi-Fi attacks exist, but the mass "anyone can read all your passwords" story is stale for mainstream HTTPS sites.
Who profits? VPN ads often sell 2010-era Wi-Fi fear. A VPN hides traffic from the local network operator; it does not make phishing sites safe or fix malware.
What to do: Use HTTPS, do not install certificates/profiles from captive portals, turn off file sharing, prefer your cellular hotspot for sensitive work, and use a reputable VPN when the network operator itself is the privacy concern.

Last audited: 2026-07-05. Google HTTPS by default

Tonight: The Watching Laptop

Someone is looking through your webcam.

REAL

Is webcam spying real?

Direct answer: Yes, though not usually in the "random stranger watches you all day" form. Insecure cameras, remote-access malware, and abusive institutional monitoring have documented cases; a cheap cover is rational because it ends the visual channel.

Possible? Yes. Malware and misconfigured camera systems can expose feeds or activate cameras.
In the wild? The FTC's TRENDnet case alleged hundreds of private camera feeds were made public after poor security.
Gotcha Webcam covers do nothing for microphones. For sensitive conversations, control the device or use a separate room.
What to do: Use a sliding cover or tape, keep OS/apps updated, remove unknown remote-access tools, and harden smart cameras with unique passwords and updates.

Last audited: 2026-07-05. FTC TRENDnet

Tonight: The Parking-Lot USB

A found flash drive compromises the machine it touches.

EDGE CASE

Are USB drops a real attack?

Direct answer: Real for organizations, mostly theater for ordinary consumers. The attack works because helpful people plug in found drives; the question is whether you are a valuable path into an employer or institution.

Possible? Yes. USB devices can carry files, emulate keyboards, exploit old autorun habits, or deliver malicious payloads.
In the wild? In a controlled study, researchers dropped 297 flash drives and estimated 45-98% attack success, with the first drive connected in under six minutes.
Profile split You personally: usually not worth panic. Your employer: real social-engineering vector.
What to do: Do not plug found drives into personal or work machines. Give them to facilities/security. Employers should disable USB where warranted and train without shaming helpfulness.

Last audited: 2026-07-05. Google/USENIX USB-drop study

Tonight: The Real Skimmer

An ATM or pump captures your card and PIN.

REAL

Are ATM and gas-pump card skimmers real?

Direct answer: Yes. This is the card threat that deserves your attention. The FBI estimates skimming costs financial institutions and consumers more than $1 billion each year.

Possible? Yes. Skimmers on or inside ATMs, POS terminals, and fuel pumps capture magstripe data and sometimes PINs.
In the wild? FBI and Secret Service enforcement operations keep finding devices; one 2025 Secret Service program removed 411 devices after inspecting nearly 60,000 terminals.
Gotcha The useful hierarchy is tap > chip > swipe. Swiping feeds the easiest copy path.
What to do: Wiggle the reader, check pump security seals, use bank/inside ATMs, shield PIN, prefer credit over debit at pumps, and enable transaction alerts.

Last audited: 2026-07-05. FBI skimming FTC pump skimmers Secret Service 2025 operations

Tonight: The Stolen Number

A carrier moves your phone number to the attacker.

REAL

Is SIM swap a real threat?

Direct answer: Yes, especially if SMS can reset valuable accounts. IC3 recorded 971 SIM-swap complaints and $17,366,758 in losses in 2025; 2021 had 1,611 complaints and more than $68 million in losses.

Possible? Yes. Attackers social-engineer or compromise carrier processes to port or reassign the number.
In the wild? IC3 tracks it as its own crime type; FCC rules require stronger carrier steps and customer notification for SIM changes/port-outs.
Profile split Average user: modest probability. Crypto holder, public figure, creator, finance admin: serious.
What to do: Add carrier port-out/SIM PINs, remove SMS from email/bank recovery where possible, use app/passkey/security-key MFA, and keep recovery codes offline.

Last audited: 2026-07-05. IC3 2025 report IC3 SIM swap PSA FCC SIM-swap rules

Tonight: The Package Text

Your package, toll, bank, tax refund, or account is "urgent."

REAL

Are phishing and smishing the real threat?

Direct answer: Yes. IC3's 2025 report lists phishing/spoofing as the top complaint-count crime type with 191,561 complaints and $215.8 million in reported losses.

Possible? Trivial. The attacker sends messages at scale and waits for credentials, payment, or malware install.
In the wild? Massive. FTC 2025 data also says people reported about $16 billion in all fraud losses and nearly one in three fraud reports involved imposter scams.
Gotcha Perfectly spelling-checked messages and caller ID are not proof. AI improves scripts; spoofing improves delivery.
What to do: Never act from inbound contact. Open the app/site yourself, call a known number, use passkeys or phishing-resistant MFA, and teach family recovery scripts from Scam Defense for Parents.

Last audited: 2026-07-05. IC3 2025 report FTC 2025 fraud release

Tonight: The Sticker Portal

A QR code on a meter or ticket sends you to a fake payment site.

EDGE CASE

Are QR-code sticker scams real?

Direct answer: Yes, but still modest compared with broad phishing. The FTC warns that QR codes can route to spoofed sites or malware, and NYC DOT issued a 2025 parking-meter sticker advisory.

Possible? Easy. A sticker can cover a legitimate payment code, or a fake ticket can route to a convincing domain.
In the wild? Documented by consumer agencies and municipalities, especially parking meters, tickets, restaurant signs, and package scams.
Gotcha The QR code is not magic; the danger is the link and the form behind it.
What to do: Inspect the URL before entering data, avoid unexpected QR codes in emails/texts, prefer official apps typed or downloaded from app stores, and report sticker codes to the venue/city.

Last audited: 2026-07-05. FTC QR scams NYC DOT advisory

Tonight: The Hidden Tracker

A Bluetooth tracker follows a person, not a suitcase.

REAL

Is AirTag or Bluetooth tracker stalking real?

Direct answer: Yes. It is not mass-fraud scale, but it is real, personal, and high-consequence for stalking and abuse victims. Apple and Google now support unwanted-tracker alerts across iOS and Android.

Possible? Yes. Small Bluetooth trackers can be hidden in cars, bags, clothing, or belongings.
In the wild? DOJ cases and civil lawsuits document misuse; Apple and Google created a cross-platform industry specification in 2024.
Gotcha Alerts reduce risk but are not instant physical safety. Treat a tracker alert as evidence to preserve, not just a nuisance to silence.
What to do: Keep phone OS updated, keep Bluetooth/location services needed for alerts enabled, follow Apple/Google steps to locate and identify the tracker, and contact law enforcement if safety is at risk.

Last audited: 2026-07-05. Google/Apple tracker alerts Apple tracker safety DOJ AirTag case

Tonight: The Secret Burglar Code

A chalk mark, zip tie, or mirror tag means traffickers or burglars picked you.

THEATER

Do thieves mark houses with symbols?

Direct answer: Treat viral symbol-code lists as security folklore unless your local police issue a specific current alert for your area. The general rumor class has a recurring pattern: vivid signs, weak sourcing, and no repeatable victim-count base.

Possible? A criminal could mark anything. That does not make a viral codebook real.
In the wild? This audit found no credible public victim-scale source showing broad symbol-code deployment.
Why it spreads It gives a visible object to fear. That feels actionable even when the real prevention is mundane.
What to do: Remove odd tags if you want, but spend the effort on locks, lighting, packages, visibility, and not advertising absence.

Last audited: 2026-07-05. Source: public-law-enforcement alert pattern review; no national victim-count source found.

Tonight: The Nearby Hacker

Bluetooth, AirDrop, or nearby sharing gets you hacked on the train.

EDGE CASE

Are Bluetooth and AirDrop attacks real?

Direct answer: Real bugs and harassment modes exist, but proximity attacks usually need a vulnerable version, permissive settings, or a targeted attacker. They are not the same scale as phishing.

Possible? Yes. Wireless stacks have had exploitable bugs, and open sharing settings invite unwanted files/contact attempts.
In the wild? Mostly episodic and version-dependent, with platform patches changing risk quickly.
Gotcha Turning Bluetooth off forever breaks tracker alerts, wearables, car systems, and usability. Settings matter more than blanket fear.
What to do: Keep OS current, set AirDrop/Quick Share to contacts-only or off in public, reject unexpected prompts, and use Lockdown Mode only for high-risk targeted profiles.

Last audited: 2026-07-05. Source: Apple Personal Safety guide and platform update model.

Tonight: The Relay Van

A relay device extends your keyless fob from inside the house.

EDGE CASE

Is car key relay theft real?

Direct answer: Yes for some keyless-entry vehicles and neighborhoods, but it is model- and location-dependent. Do not universalize a car-theft tactic into a household panic.

Possible? Yes. Relay tools can extend a key signal if the vehicle/fob design allows it.
In the wild? Documented by police and insurers in some regions; risk varies sharply by vehicle model, immobilizer behavior, and theft market.
Gotcha A Faraday pouch with holes, gaps, or bad habits gives false confidence.
What to do: Check if your fob has sleep/motion mode, keep keys away from exterior walls, test any pouch, and use a steering lock or garage for highly targeted models.

Last audited: 2026-07-05. Source: current general auto-theft guidance; model-specific checks required.

Tonight: The Stolen Passcode

The thief sees your PIN, steals the phone, then takes the account.

REAL

Is shoulder-surfed phone PIN theft real?

Direct answer: Yes, and it is underrated because it looks like a simple phone theft. The dangerous part is the account takeover after the thief knows the passcode.

Possible? Yes. A passcode can unlock password vaults, payment apps, email, and account settings if platform protections are weak or disabled.
In the wild? Platform vendors added protections aimed at exactly this scenario: Apple Stolen Device Protection and Android Theft Protection.
Gotcha Biometrics are not only convenience. In public, Face ID/Touch ID/fingerprint reduces visible passcode entry.
What to do: Use a longer alphanumeric passcode if tolerable, use biometrics in public, turn on iPhone Stolen Device Protection and choose "Always" delay for stronger protection, enable Android Theft Detection/Offline/Failed Authentication/Remote Lock where supported.

Last audited: 2026-07-05. Apple Stolen Device Protection Android theft protection

Tonight: The Invisible Audience Graph

The boring surveillance market behind uncanny targeting.

REAL

Is data-broker exposure a real security risk?

Direct answer: Yes. It is less cinematic than a microphone conspiracy and more useful to scammers, stalkers, advertisers, and social engineers.

Possible? Routine. Apps, ad auctions, public records, breached data, loyalty programs, and brokers assemble identity/location graphs.
In the wild? In one 2024 FTC matter, Mobilewalla allegedly collected more than 500 million unique advertising identifiers paired with precise location data.
Gotcha Opt-outs reduce exposure; they do not erase every copy or future broker.
What to do: Follow Privacy Data Broker Opt-Out, restrict location permissions, use email aliases, and reduce public answers to security-question prompts.

Last audited: 2026-07-05. FTC Mobilewalla

The boring REAL list - where attention should go

Security attention is zero-sum. The biggest wins are dull, repeatable, and rarely sponsor breathless news segments.

Boring real threatScale signalThe theatrical fear stealing attentionDo this instead
Password reuse + credential stuffingMass automated account takeover after breachesJuice jacking, Bluetooth proximity hacksPassword manager; unique passwords; passkeys where supported.
Phishing/smishingIC3 2025: 191,561 phishing/spoofing complaintsHotel key cards, secret house marksNever act on inbound contact; open the app/site yourself.
No MFA on emailEmail is the reset key for banks, cloud files, stores, and workRFID-blocking walletsUse passkeys/security keys/app MFA; protect recovery codes.
Unpatched routers and devicesBotnets and credential attacks target old firmwarePublic Wi-Fi panicAuto-update, replace EOL routers, unique admin password.
Data-broker exposureFTC cases show large-scale location/ad-ID marketsPhone-listening conspiracyOpt out, restrict permissions, reduce public personal data.
Physical card skimmersFBI: more than $1B/year costWalk-by RFID skimmingTap/chip, inspect terminals, shield PIN, alerts.
No backupsRansomware and accidental deletion turn into permanent lossWebcam panic without device hygiene3-2-1 backups; test restore; keep one offline/cloud-versioned copy.
Unlocked doors and exposed routinesOpportunity beats elaborate burglar folkloreChalk marks and zip-tie rumorsLock doors/windows, lighting, package handling, neighbor awareness.

For the personal digital baseline, use Personal Cybersecurity. For family scam scripts, use Scam Defense for Parents.

Grade the next viral scare yourself

1

Demo is not deployment

A conference demo proves possibility. It does not prove criminals can scale it, monetize it, and repeat it against strangers.

Example: a malicious charging cable demo is possible; IC3 phishing counts show what is actually industrialized.

2

Ask who profits

If the loudest warnings are paid for by the mitigation category, raise the evidence bar.

Example: VPNs can be useful, but "public Wi-Fi means instant password theft" is often marketing residue.

3

Look for scale mechanics

Remote, automated attacks become epidemics. Physical-proximity attacks usually stay rare unless the payoff is high and target selection is easy.

Example: package-text phishing scales globally; a walk-by RFID attack does not.

4

Cheap fixes can win

Probability debates are not worth much when mitigation costs almost nothing and has no downside.

Example: a webcam cover is rational; a drawer full of RFID sleeves is usually not.

5

Agency logo is not prevalence

Agencies warn about possible tactics. Their warnings are not always ranked by victim count or expected value.

Example: the FCC/FBI can advise against public USB ports while phishing remains the much larger day-to-day risk.

6

Match your profile

An EDGE CASE can become REAL for you if you fit the target profile.

Example: SIM swap is not everyone-same-risk; it matters more for crypto, creators, and high-value email accounts.

How people misallocate security attention

Buying products for THEATER while leaving email weak

RFID wallets, Faraday bags, and USB blockers are not substitutes for unique passwords and strong MFA on email, bank, carrier, and cloud accounts.

Treating all warnings as equal

An agency warning may mean "possible and avoidable," not "common." Rank by documented victim scale before ranking by dread.

Dismissing edge cases that match you

Crypto holders, stalking victims, executives, journalists, and system administrators should not use average-person verdicts as permission to ignore targeted risk.

Letting debunking turn into cynicism

"Juice jacking is mostly theater" does not mean "security warnings are fake." The phishing, skimming, SIM-swap, data-broker, and stolen-phone rows are real.

Confusing privacy, security, and anonymity

A VPN may hide traffic from a coffee-shop network, but it does not stop phishing, malware, account reuse, malicious browser extensions, or data brokers that already have your data.

Counting only money

Some low-count threats, especially stalking and intimate abuse, are worth action because the consequence is severe even if national complaint counts are modest.

Receipts checked during build

Fraud scale

IC3 2025 Annual Report; FTC 2025 imposter-scam release; FTC Consumer Sentinel 2024 Data Book.

IC3 2025 · FTC 2025 · Sentinel 2024

Payments and skimmers

EMVCo contactless chip security; FBI skimming overview; FTC pump-skimmer advice; Secret Service 2025 skimmer operations.

EMVCo · FBI · FTC

Phones and platforms

Apple Stolen Device Protection, Android Theft Protection, Apple/Google unwanted tracker alerts, Apple Personal Safety guide.

Apple theft · Android theft · Tracker alerts

Privacy and tracking

Northeastern Android app study; FTC Mobilewalla sensitive-location-data action.

Northeastern · FTC Mobilewalla

Public Wi-Fi and QR

Google HTTPS-by-default post; FTC QR-code scam advice; NYC DOT parking-meter scam advisory.

Google HTTPS · FTC QR · NYC DOT

Research and devices

Google/USENIX USB-drop study; FTC TRENDnet camera case; SFH-1182 safe manual extracted during build.

USB study · FTC camera case