Discover the latest online threats and cyber security trends impacting businesses and consumers worldwide, brought to you by F-Secure's threat intelligence specialists.
April's F‑Alert explores how scams are evolving across policy and practice—from government crackdowns and public 'name and shame' tactics to AI tools that can uncover the real identities behind anonymous accounts and enable account hijacking. Throughout, we provide expert commentary and practical guidance to help navigate these risks.
New research shows that AI can now link anonymous online accounts to real-world identities with surprising accuracy. In this article, Dr Laura James explores what this means for online anonymity and why even small pieces of personal data can add up to a much larger risk.
Dutch police are taking a more public approach to tackling fraud, publishing the faces of suspected scammers across national media. In this article, Joel Latto examines how the 'Game Over?!' campaign works, what it hopes to achieve, and the results so far.
A new phishing scam is targeting Signal users by posing as official support bots to hijack accounts. In this article, we explain how the scam works, why trusted messaging apps are being targeted, and what users can do to avoid falling victim.
A popular calorie-tracking app has exposed millions of user records, including sensitive health and personal data. In this article, we examine what was leaked, how the breach occurred, and what users can do to protect their personal information.
A powerful iOS exploit kit once linked to government use is now being deployed by cyber criminals at scale. In this article, Timo Salmi breaks down how simply visiting a malicious website could lead to account takeover and what this means for consumers.
As scam losses continue to rise, the U.S. government has moved to make scam centers a national security priority. In this article, Dr Megan Squire outlines what the executive order aims to achieve and how it targets transnational criminal networks.
AI Just Made Online Anonymity Much Harder to Maintain
Most people have long operated online under a simple assumption: posting under a username, rather than a real name, offers a degree of anonymity and makes it difficult to connect the two. However, new research shows that AI can now link anonymous accounts to real identities—cheaply, accurately, and at scale.
Key facts:
A team from ETH Zurich, MATS, and Anthropic has shown that LLMs can deanonymize accounts at a scale and speed that wasn't previously possible. Their system analyzes anonymous posts for signals—career details, location clues, interests, and writing patterns—then searches for matches across known identities and evaluates likely connections.
When tested on Hacker News accounts matched against LinkedIn profiles, it correctly identified two-thirds of users at 90% precision. On Reddit, it linked users across communities and time periods, outperforming traditional methods.
The system doesn't rely on obvious mistakes like sharing a real name or profile link. Instead, it uses "micro-data"—small details such as lifestyle details, locations, or niche interests. Combined, these signals form a unique fingerprint.
The implications are wide-ranging. Governments could link pseudonymous accounts to real identities for surveillance. Stalkers could automate their searches. Corporations could connect anonymous posts to customer profiles. Attackers could build profiles for targeted social engineering. For anyone posting under a pseudonym, assume your accounts can be linked to your real identity, with the risk increasing as more information is shared.
Dr Laura James, Vice President of Research at F‑Secure
Dutch Police Publicly Expose Scammers
Dutch police are taking a bold new approach to catching scammers: publishing their faces everywhere. Billboards, television, online ads—you name it. The large-scale 'Game Over?!' campaign aims to use it all to identify and bring in prolific criminals.
Key facts:
In early March, the police announced that 100 suspects—primarily targeting elderly victims by posing as police officers or bank employees—would have two weeks to surrender, or their faces would be made public. The announcement included a montage of 100 blurred images.
The campaign has a dual aim: to identify suspects and deter others from becoming involved in scam activity. And it appears to be working—21 suspects either came forward or were identified through tips.
On March 23, the police followed through by publishing the faces of the remaining 79 suspects, using images captured via CCTV and doorbell cameras. The individuals are believed to be linked to around 13,000 scam cases, with total losses estimated at €68 million.
The current scam landscape has removed many of the technical barriers traditionally associated with cyber crime. This makes scamming particularly appealing to young people looking for easy money, who may not fully grasp the seriousness of the crime. I do commend this public shaming tactic as it may also discourage others from starting a criminal path in scamming.
Joel Latto, Threat Advisor at F‑Secure
Trending Scam: Signal 'Support Bot' Scam Used to Hijack Accounts
What's happening:
Dutch intelligence agencies warn that Russian state-backed hackers are using a phishing scam posing as a Signal 'support bot' to hijack accounts, tricking users into sharing verification codes or linking new devices.
The attacks don’t exploit the apps themselves but rely on user trust in secure messaging apps. Once access is granted, attackers can silently read private messages and group chats without alerting the victim.
Officials, journalists, and others discussing sensitive topics are primary targets, as trusted messaging apps have become key channels for high-value communications.
What to do:
Never share verification codes or follow instructions from unsolicited support messages—legitimate services will not ask for this information.
Check linked devices, look out for duplicate accounts in group member lists, and treat unexpected account-related messages as potential phishing attempts.
Breach That Matters: Misconfigured Cal AI App Exposes 3M User Records
What's happening:
Calorie-tracking app 'Cal AI' has reportedly exposed data from around three million users after a major security misconfiguration left its database accessible without authentication.
The breach includes sensitive personal data such as email addresses, names, dates of birth, and detailed health information including weight history, eating habits, and exercise goals.
Subscription and transaction data were also exposed, increasing the risk of targeted scams, phishing, and account abuse using personalized information.
What to do:
Be cautious of unsolicited emails, messages, or offers related to health apps, subscriptions, or fitness services—especially those that reference personal details.
Review accounts linked to health or fitness apps, enable two-factor authentication where possible, and avoid reusing passwords across services.
Government-Grade iPhone Exploit Is in Criminal Hands
A government-grade iOS exploit kit known as "Coruna" has fallen into the hands of cyber criminals and is now being deployed at scale. The tool allows attackers to silently compromise iPhones simply by luring users to malicious websites—creating a new opportunity for scam operations to combine social engineering with device-level access.
Key facts:
The exploit kit contains 23 exploits and multiple attack chains, enabling attackers to fully compromise iPhones running iOS versions from 2019 through late 2023 just by getting users to visit a malicious or fake website.
Scam sites—particularly fake cryptocurrency and financial platforms—have already been found embedding the exploit, turning routine social engineering lures into full device takeovers without visible signs to the victim.
Once deployed, the malware can steal sensitive data, access photos and emails, and drain crypto wallets. Around 42,000 devices are estimated to have been impacted by financially motivated attacks.
When advanced exploit tools designed for government use enter the criminal ecosystem, they lower the barrier for large-scale attacks. For consumers, visiting a malicious website is no longer just a phishing risk—it can lead to full device compromise. Keeping devices updated and avoiding untrusted sites is now critical to staying protected.
Timo Salmi, Senior Product Marketing Manager at F‑Secure
U.S. Makes Scam Centers a National Security Priority
In March, U.S. President Trump signed an executive order to make cyber crime and scam centers a national security priority. The order aims to coordinate a whole-of-government response to protect Americans from scams such as cryptocurrency investment fraud, phishing, and sextortion.
Key facts:
Cabinet-level departments have been given 60 days to review existing frameworks and 120 days to deliver an action plan identifying the transnational criminal organizations behind scam centers and proposing ways to dismantle them.
The order also formalizes a Victims Restoration Program, giving the Attorney General 90 days to recommend how funds can be returned to victims.
It calls for international consequences against nations that tolerate transnational criminal organizations, including sanctions, visa restrictions, trade penalties, and the expulsion of complicit foreign diplomats.
In today's polarized political climate, cracking down on scams and fraud is something that everyone can agree is a good idea. Any disagreements with this executive order will likely hinge on execution, not the rationale behind it.
Dr Megan Squire, Threat Intelligence Researcher at F‑Secure
