| Juice jacking | THEATER | [----] agency warnings, no public campaign count found | Possible through USB data paths, but modern phones prompt or block data trust and public evidence is thin. | Use an AC outlet, battery pack, or data blocker if convenient; do not spend worry-hours here. | 2026-07-05 |
| Hotel key cards store credit cards | THEATER | [----] urban legend | Room keys typically encode room/access/time data, not payment-card details. | Return, toss, or keep the card; protect the payment card in the hotel system instead. | 2026-07-05 |
| House symbols and zip ties | THEATER | [----] viral folklore | Rumors spread because they are vivid; opportunistic burglary is more boring. | Lock doors, improve lighting, and know neighbors; skip symbol decoding. | 2026-07-05 |
| RFID/NFC walk-by card skimming | MISDIRECTED | [----] near-zero public evidence for walk-by EMV clone | Contactless EMV creates a one-time security code; physical skimmers and e-skimming are the real card risks. | Skip payment-card RFID panic; use tap/chip and watch statements. | 2026-07-05 |
| Phone listening for ads | MISDIRECTED | [----] no mic leaks in the cited app study | The creepy targeting usually comes from location, purchase, social, and broker data. | Audit permissions; restrict ad IDs and data brokers. | 2026-07-05 |
| Hotel room safes | EDGE CASE | [#---] real bypass mechanics, unclear victim scale | Master codes and override keys are real; the safe is for opportunists, not hotel staff. | Use it, but test obvious default codes and keep irreplaceables on you or at front desk. | 2026-07-05 |
| Public Wi-Fi sniffing | EDGE CASE | [#---] remaining risk is targeted/fake-login, not bulk sniffing | HTTPS killed most passive sniffing; evil twins and fake captive portals remain. | Use HTTPS, app/site directly, and VPN for untrusted networks or privacy from network operators. | 2026-07-05 |
| USB drops in parking lots | EDGE CASE | [#---] real in organizations; consumer mass scale not shown | Original research found 45-98% success when 297 drives were dropped on campus. | Personal: do not plug it in. Employer: treat as real social engineering. | 2026-07-05 |
| Bluetooth and AirDrop attacks | EDGE CASE | [#---] proximity and version dependent | Real bugs appear, but mass exploitation usually needs old software or targeted proximity. | Update OS; set AirDrop/Quick Share to contacts or off. | 2026-07-05 |
| QR-code sticker scams | EDGE CASE | [##--] documented and rising | Fake QR codes route to spoofed payment/login pages, especially parking meters and fake tickets. | Inspect URL; use official apps/sites; avoid sticker QR codes on public payment signs. | 2026-07-05 |
| Car key relay | EDGE CASE | [##--] real for keyless vehicles | Relay theft targets specific car models and parking setups, not every driver equally. | Use manufacturer sleep-mode keys, garage/steering lock, or pouch if your model is targeted. | 2026-07-05 |
| Webcam spying | REAL | [##--] documented cases | RATs and insecure cameras are real; the cover is cheap enough to end the debate. | $0 tape or $2 slider; remember microphones are the uncovered gap. | 2026-07-05 |
| SIM swap | REAL | [##--] IC3 2025: 971 complaints, $17.4M loss | Rare for the average person, severe for crypto, creator, and high-value finance accounts. | Carrier port-out PIN; app/passkey MFA; remove SMS recovery where possible. | 2026-07-05 |
| AirTag and tracker stalking | REAL | [##--] documented cases and platform countermeasures | Small population, serious stakes; cross-platform alerts now exist. | Enable Bluetooth/location alerts; follow platform steps; involve law enforcement if safety is at risk. | 2026-07-05 |
| ATM and pump card skimmers | REAL | [###-] FBI: more than $1B/year cost | Physical skimmers capture magstripe/PIN data at pumps, ATMs, POS terminals. | Tap > chip > swipe; inspect seals/readers; shield PIN; use bank ATMs. | 2026-07-05 |
| Shoulder-surfed phone PIN theft | REAL | [###-] pattern documented; platform mitigations added | Thief sees passcode, steals phone, changes account/payment settings. | Use biometrics in public; turn on iPhone Stolen Device Protection and Android theft protections. | 2026-07-05 |
| Phishing and smishing | REAL | [####] IC3 2025: 191,561 phishing/spoofing complaints | The boring inbound-message attack dwarfs most viral scares. | Never act from the message; open the app/site yourself; use passkeys or phishing-resistant MFA. | 2026-07-05 |
| Data-broker exposure | REAL | [####] FTC: hundreds of millions of ad IDs in one case | Your location and identity graph explains many "my phone heard me" moments. | Opt out where possible; restrict app permissions and ad tracking. | 2026-07-05 |