Alert: Dell’s 49 Million Records Breached For Sale (May, 2024)

Dell logo

Dell notifies customers about data breach

Dell is warning its customers about a data breach after an alleged shadowy cyber criminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.

An alleged cyber criminal called Menelik posted the following message on the “Breach Forums” site:

“The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.

It is up to date information registered at Dell servers.

Feel free to contact me to discuss use cases and opportunities.

I am the only person who has the data.”

Data Breach forums post by Menelik
Screenshot taken from the Breach Forums

According to the poster Menelik the data includes:
  • The full name of the buyer or company name
  • Address including postal code and country
  • Unique seven digit service tag of the system
  • Shipping date of the system
  • Warranty plan
  • Serial number
  • Dell customer number
  • Dell order number

Most of the affected systems were sold in the US, China, India, Australia, and Canada.

Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:

“At this time, our investigation indicates limited types of customer information was accessed, including:

  • Name
  • Physical address
  • Dell hardware and order information, including service tag, item description, date of order and related warranty information.

The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.

So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”

This kind of information is exactly what scammers need in order to impersonate Dell support.

Protecting yourself from a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
  • Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

If you want to find out how much of your data has been exposed online, you can try the recommended Malware Bytes free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

Attention All Crypto Investors & Holders: Mandatory Form 1099-DA Is Coming In 2025!

What Is Form 1099-DA and What Does It Mean for Crypto Holders / Investors?

Form 1099-DA is the new IRS form required to be filed by brokers dealing with digital assets like cryptocurrency and NFTs (non-fungible tokens).

Brokers, digital trading platforms, payment processors, and hosted wallet providers have to issue this form for all digital asset sales or exchanges starting from January 1, 2025.
  • Real estate reporting entities also have to report digital assets used by purchasers as payment for property transactions beginning with the same date.
  • Current methods of reporting crypto transactions present challenges such as inconsistent reporting, incomplete information, and lack of third-party verification which can lead to tax reporting errors and tax evasion.
  • In theory, Form 1099-DA provides a more accurate, standardized, and streamlined process for reporting crypto transactions which may help improve tax accuracy and compliance.


Crypto - IRS Form 1099-DA for 2025
                                    Crypto – IRS Form 1099-DA for 2025
Starting in 2025, the IRS will introduce Form 1099-DA dedicated to reporting crypto and digital assets.

Valuable updates posted from a reputable attorney are found here:

What is Form 1099-DA and what does it mean for crypto investors?

If you’re a crypto investor, you’ll want to pay attention to Form 1099-Digital Assets (1099-DA).

Starting with the 2025 tax year, the IRS will require digital asset brokers to send this form to investors who have engaged in certain transactions involving digital assets, such as cryptocurrency and non-fungible tokens (NFTs).

Why is the IRS launching Form 1099-DA?

The IRS is launching Form 1099-DA to address the growing need for accurate reporting of crypto transactions. As the popularity of crypto and NFT trading continues to rise, the IRS aims to ensure that investors are properly reporting their crypto-related transactions.

Key highlights of the new requirements include:
  • Form 1099-DA: Brokers, including digital asset trading platforms, digital asset payment processors, and certain digital asset hosted wallet providers, will be required to issue Form 1099-DA to investors for sales or exchanges of digital assets that take place on or after January 1, 2025. This form will report gross proceeds and, in certain circumstances, gain, loss and cost-basis information.
  • Real Estate Reporting: Real estate reporting entities, such as title companies, closing attorneys, mortgage lenders, and real estate brokers, will have to report the fair market value of digital assets paid as consideration by real estate purchasers to acquire real estate in real estate transactions that close on or after January 1, 2025.
  • They will also be required to include the fair market value of digital assets paid to sellers of real estate on Form 1099-S.
  • Computation and Basis Rules: The proposed regulations set forth rules for gain (or loss) computation, cost-basis determination, and backup withholding applicable to digital asset transactions.
  • These proposed regulations are designed to provide taxpayers, tax professionals, and others with clear information, reporting certainty, and closing all lack of transparency issues in the current system regarding digital assets.
  • They aim to improve compliance and ensure that digital assets are not used to hide taxable income.
  • How is crypto currently reported? Currently, payment platforms, like Coinbase and PayPal, issue 1099-K forms to individuals who receive payments for goods or services in cryptocurrency. Form 1099-K reports the gross amount of crypto payments received during the tax year. Taxpayers then are expected to report the income from these payments on their Form 1040. In essence, this 1099-DA form and process replaces any and all expectation to an automatic reporting structure.

The existing methods of reporting cryptocurrency transactions to the IRS present several challenges:

  • Inconsistent Reporting: There is no standardized format for reporting cryptocurrency transactions, which can lead to inconsistencies in the way taxpayers report their income involving digital assets.
  • Incomplete Information: Taxpayers are responsible for calculating their cost basis and determining the fair market value of their cryptocurrency, which can be complex, time-consuming and error prone.
  • Lack of Third-Party Verification: The IRS relies on taxpayers to accurately report their crypto transactions, without any third-party verification. There is also a lack of accountability for companies in reporting crypto transactions. This can make it difficult for the IRS to detect and prevent tax evasion.
How will Form 1099-DA help?

The introduction of Form 1099-DA is set to address these challenges by providing a standardized and streamlined process for reporting cryptocurrency transactions with very few, if any, exceptions or exemptions.

By requiring digital asset brokers, and those treated as brokers for digital asset exchanges, to issue Form 1099-DA, the IRS can obtain more accurate and complete information about cryptocurrency transactions, which can help improve tax compliance and reduce the risk of tax evasion.
What’s included in Form 1099-DA?

The final version Form 1099-DA is being finalized in June, 2024. As it stands, it will be including very detailed and specific information about your crypto transactions, including:

  • Digital Asset Broker (DAB) identification and full name(s), address(es), and social security number(s) / TIN / EIN / etc. dependent upon the DAB.
  • Account number(s)
  • Transaction dates
  • Transaction type (e.g., buy, sell, trade/transfer, exchange)
  • Transaction amount
  • Fair market value of the digital assets for each transaction
Who is affected by the new tax form?

Form 1099-DA will affect any individual or entity in the US that engages in certain transactions involving virtual assets including:

  • Individuals who buy, sell, or trade cryptocurrency
  • Businesses that accept cryptocurrency as payment
  • Miners who receive cryptocurrency as a reward for their work
  • Stakers who receive cryptocurrency as a reward for locking-up their assets

Until Form 1099-DA is available for the 2025 tax year, investors should still report their taxable crypto income. For this, they need to document gains and losses from crypto activities and file Form 1040, Schedule D as well as Form 8949 with transaction details.

Who will issue Form 1099-DA and who will receive one?

Digital asset brokers, and those who are treated as brokers for digital asset exchanges, will be required to issue Form 1099-DA to investors who have engaged in certain transactions involving digital assets. This includes, among other things, transactions that result in a gain or loss, as well as transactions that involve the exchange of one digital asset for another.

Investors who receive Form 1099-DA will need to report the information on their tax return. This includes reporting any gains or losses from digital asset transactions, as well as any other income that is reported on the form.

IMPORTANT 1099-DA Updates Found Here:

OFFICIAL IRS Form In Progress Here:–dft.pdf

How do I file my cryptocurrency taxes now in 2024 BEFORE 2025 and this article’s updated 2024 Tax Filing Year for Crypto Holders?

Even though Form 1099-DA won’t be available until after January 1, 2025, you still need to file taxes on any taxable income from your crypto investments for the current tax year. To do this, you’ll need to gather documentation showing the details of your crypto transactions. Then, you should file the following forms:

  • Form 1040, Schedule D: This form is used to report capital gains or losses from the sale or exchange of assets including digital assets.
  • Taxpayers can calculate their gains or losses by subtracting the cost basis (purchase price plus expenses such as commissions) of the cryptocurrency from the proceeds of the sale.
  • Short-term capital gains (held for one year or less) are typically taxed at ordinary income tax rates, while long-term capital gains (held for more than one year) are typically taxed at preferential tax rates.
  • Form 8949: This form is used to report the details of each cryptocurrency transaction, including the date, description, proceeds, and cost basis.
  • Details and Instructions can be found here:
  • Taxpayers should include Form 8949 with their Form 1040 if they have any capital gains or losses from cryptocurrency transactions. If the cost basis of your asset sales on your 1099-B, or future 1099-DA, show basis was reported to the IRS and no correction or adjustment is needed, you may not need to file Form 8949 found here:
  • It is wise to use a reputable Crypto Tax Calculator to get an idea of how much tax you might owe from your capital gains or losses from crypto activities. Here is one that I recommend:

Frequently Asked Questions

Does 1099-DA simplify crypto tax filing?

Yes, that is the goal. Form 1099-DA is designed to simplify crypto tax filing by providing a centralized record of digital asset transactions. This can help investors avoid mistakes and omissions when reporting their crypto income.

What value of NFTs or crypto do I have to sell to get a 1099-DA form?

There is no specific threshold for the value of NFTs or crypto that triggers the issuance of a 1099-DA. Digital asset brokers are required to issue Form 1099-DA for any transactions that result in a gain or loss, regardless of the value of the assets involved.

How are crypto bankruptcies taxed?

Crypto bankruptcies are generally treated as taxable events. If you experience a loss due to a crypto bankruptcy, you may be able to claim a capital loss on your tax return. However, the specific tax implications of a crypto bankruptcy can vary depending on your individual circumstances.

How are crypto donations taxed?

If you donate cryptocurrency to a qualified charity, you may be eligible for a charitable deduction. The specific tax implications of crypto gifts and donations can vary depending on your individual circumstances.

Like This Article? Please Leave Us A Coffee Tip!

Service Call (Remote)

Service Call (Remote)


Why People Are Leaving Gmail for Protonmail More Than Ever Before

Why I ditched Gmail for Proton Mail

Chris Thomas

Google is the most popular email provider (Gmail) contributes  about 70% of the email traffic on earth and being one of the oldest mass adopted email service (passing 20 years old is a worth achievement for any application, especially a “free” one.

As a cyber security digital expert, I have raved about the free service, its novel cloud-based structure, and how and why is

While I’m tickled to have been an early adopter of now-successful technology, though, it’s important to know when enough is enough. For me, that time has come, and I’m moving my primary digital correspondence to privacy-focused Swiss provider Proton Mail. It’s been a long time coming.

Should I, or should I not be popular?

Google is a Mega Monopoly Email Provider: Legal, but is it Ethical?

We’ve seen a lot go down in the privacy and security realms over the last two decades. Google’s been far from the only culprit, but as the default search engine for most browsers and the curator of Android, the Play Store, Google Analytics, reCaptchas, and more, the Big G has more data on the average North American user than any other corporation.

I’m as far from paranoid as any internet user, and even I use a VPN (primarily for spoofing IP geolocation); while I don’t do anything nefarious, and nobody’s tracking me for anything other than advertising, I prefer knowing I’m a little safer from bad actors that can hijack the content I’m viewing and thus possibly my hardware.

But Google creeps me out, and I’m no longer comfortable using Gmail. The successors to the FAANG stocks, the MAMAA companies (Meta, Apple, Microsoft, Amazon, and Alphabet) own a considerable amount of not just forward-facing web resources but also the underlying infrastructure most of the world’s internet relies on. I can’t avoid my data passing through the Google Cloud or Amazon Web Services, but I can limit what sites and apps I actively engage with.

Gmail’s interface is fine, I guess, if somewhat cluttered and not very attractive

Google’s always innocent until it’s not

Until 2017, Google automatically scanned Gmail accounts for keywords that it then used to personalize ads within the platform and probably outside it, too. Here’s why that should terrify you:

  • It had likely been happening since Gmail’s launch
  • Scans included messages from non-Gmail accounts, presumably contributing to shadow accounts containing data on those users
  • Widespread publicity via a 2013 Microsoft ad campaign and lawsuit the same year failed to stop it
  • Google’s proposed settlement was rejected for being overly vague and failing to promise proper disclosure of data harvesting practices
  • What else is Google doing that we haven’t learned about?

I’m under no misconception that I can extricate myself entirely from Google’s clutches; It’s too ubiquitous, and tons of common apps and services rely on its wide range of services. But I’ll do what I can, which includes moving to Proton Mail, a privacy-centric email provider with encrypted, underground servers, practically the polar opposite of Alphabet Inc.

Google paid over $26 billion in 2021 to remain the default search engine in various browsers

The surprisingly easy switch to Proton Mail

Why Proton Mail is my new favorite email provider

My own Proton account has been used as a backup since 2018. Moat recently though, it has now become my primary email for both personal and business.

I tested a trial of ProtonVPN a few years afo (ProtonVPN was a bit slow back then, but I and other cyber security expert highly recommend it as one of today’s top VPNs) due to its increased infrastructure and massive much faster speed. They have quadrupled the number of Servers globally since 2021).

I made the jump many years ago (2018) and highly recommend it to all of you going forward – primarily due to Proton’s comprehensive set of features, as well as the policies it enacts to keep your data private.

Among Proton’s consumer-friendly practices:

  • It opposes data harvesting, ads, and trackers (even the subversive tracking that comes from opening third-party-hosted images)
  • It falls under Switzerland’s privacy jurisdiction and isn’t subject to US surveillance
  • Theoretically, no other human can view your emails. In fact, if you lose and need to reset your password, you’ll lose access to previous messages, an impressive layer of security against hacking
  • Support for end-to-end encryption between Proton users and password protection for external emails
  • complete, constantly improving feature set, including cross-platform apps, cloud storage, and a calendar
  • Open-source encryption (including optional PGP signing) and independent auditing to ensure strict adherence to standards

A few clicks, and I never have to access my Gmail page again

Compared to my first brief look years ago, Proton’s UI and general implementation have matured significantly. It was also a breeze to sit back and observe how easy it was to have over 100 (128 and counting!) forward over 100 (121 and counting!) of my Client’s perform the action of transferring each of their current Gmail messages to their now-primary Proton address, and the calendar appears to have integrated well, with alerts showing up consistently on both Android and iPhones without problems.

They are perfectly happy with the features provided by Proton’s most affordable tier, the Mail Plus plan. You can create 10 separate addresses and even a custom domain, as well as shorten the default existing domain to (because is, admittedly, a bit of a mouthful).

It includes 15GB of storage, unlimited folders and filters, and can do everything I ever wanted my Gmail account to do. Most importantly, it keeps their permanent correspondence out of Alphabet’s umbrella and especially any private or confidential emails, as well as people who send it to them that don’t even use Gmail!

Proton offers diverse Subscription Plans (including Free!)

You can actually use Proton Mail entirely for free, although it does have restrictions: You are limited to 150 emails per day and 1GB of storage, can’t create custom addresses or domains, and won’t have access to the calendar, or the encrypted password manager and unlimited VPN offered by the Proton Unlimited subscription. But even the free tier is visually and more private and securr, as well as overall being much better than Gmail.

Committing to 1 or 2 years of the $5/month low tier drops the price to $4 or $3.50, respectively.

The Unlimited tier will set you back $10 or $8 per month at those same subscription lengths and afford you 500GB of storage, 15 custom addresses, 3 custom domains, and unlimited VPN and Proton Pass (its password manager) access. There is also a six-user family plan starting at $30 and three tiers of slightly more business-focused options.

But I’m really not advertising for Proton here. I’m just choosing to actively take my digital footprint back into my own hands in a way many of us haven’t done since Gmail’s massive rise over a decade ago. It’s well overdue, and over the few weeks I’ve used Proton Mail full-time, I can’t say I regret it or will ever look back.

Proton Mail: Encrypted Email

Proton AG


Price: Free



The New YouTube Ruling: Protect Your Viewing Privacy with Nordman VPN

In an unprecedented move, a recent court order has now mandated YouTube to disclose the identities of individuals who have viewed certain videos. This decision, stemming from legal proceedings that scrutinized specific content on the platform, marks a significant shift in online privacy dynamics, raising concerns among digital rights advocates and everyday users alike.

What Does This Mean for You?

The ruling necessitates YouTube to reveal viewer details, potentially exposing individuals’ viewing habits and preferences. In an era where digital privacy is already under siege, this development adds another layer of vulnerability, highlighting the necessity for robust measures to safeguard online anonymity.

Safeguard Your YouTube Browsing with Nordman VPN

In response to these growing privacy concerns, turning to reliable security solutions like Nordman VPN becomes paramount. Nordman VPN stands out as a beacon of digital privacy, offering top-tier encryption and IP masking features that ensure your YouTube activities remain confidential and untraceable.

Why Choose Nordman?

  • Enhanced Privacy: Nordman VPN encrypts your internet connection, keeping your online activities private and secure from prying eyes.
  • IP Anonymity: It masks your real IP address, making your YouTube viewing habits invisible to outsiders, including ISPs and third parties.
  • Ease of Use: With user-friendly interfaces and seamless integration, Nordman ensures that your online privacy protection is hassle-free and efficient.

Embrace Your Digital Freedom

While the digital realm continues to evolve, often bringing complex challenges to the fore, tools like Nordman VPN empower you to take control of your online privacy. In light of the recent YouTube ruling, adopting Nordman VPN isn’t just a choice—it’s a necessity for those who value their digital freedom and wish to maintain a private, secure online presence.

Stay Informed, Stay Secure

As advocates for digital rights and privacy, we must stay informed and proactive in protecting our online spaces. By choosing robust security solutions like Nordman VPN, you can safeguard your digital footprint and continue to enjoy the vast world of YouTube without compromising your privacy.

Geobox: A $700 Anonymous Wi-Fi Device

Geobox: A Hacking Device That Is Basically Untraceable

In summary, a Geobox transforms the mini-computer Raspberry Pi into a Swiss-army knife type of hacking device!

Sold for a lifetime fee of $700 or a monthly rate of $80, the software is able to:

1. Spoof location

2. Mimic Wi-Fi access points

3. Manipulate DNS and network parameters while providing anonymity.

4. Copying and emulating the same commonly used Wi-Fi landing page that most restaurants and concerts use to log on to avoid suspicion. The operators can even charge 0.99 cents or more depending on the location/Clients of where they are located at (such as a fitness gym, where the upcharge is usually $2.99 for unlimited data use or free for limited data).

Imagination is not required: this Geotool allows any person to set up a virtually untraceable Wi-Fi box that most people take for granted and can own all of the data or even the device or laptop once one connects to it!

After researching a few operators using it at a popular tourist site (March, 2024), it was observed that “three malicious individuals utilized several Geobox devices, each connected to the internet. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process for any one attempting to investigate them using them, especially since, by default, Geobox devices do not store any logs nor any digital or paper trail for themselves or whomever logs on to the created Wi-Fi access point. They also have an amazing choice: to either create a Wi-Fi point similar to the official location name of where they are operating from, such as naming it “McDonald’s Free Wi-fi”


They simply use it for their own fully anonymous purposes, such as emulating an internal Wi-Fi access point; which is quite common at Malls, shopping areas and concert venues where the general public or even workers/vendors would have no ability to distinguish between a Geobox created Wi-Fi point and the authentic one. To make it even more authentic, an operator would mimic the secure password of the host site – such as a popular shopping Mall’s password for internal Employees/Vendors.

It only takes these bad actors 2 – 5 minutes on average by simply using the popular $300 Flipper device to get the password or passcode of any device or Wi-Fi router today as well in combination with the Geobox!

Raspberry Pi is a widespread, low-cost, and small single-board computer used for various projects and praised by enthusiasts.

However, with Geobox, it is transformed “into a potent weapon for digital deception.” Malicious software is specifically designed for the Raspberry Pi 4 Model B with at least 4GB of RAM.

The price is $700 for lifetime, which is very cheap and affordable considering the amount of data, private and personal information it can easily obtain within a few minutes of being set up once just one person unwittingly connects to it in this day and age of people expecting free or low-cost internet everywhere!

These device operators also have the ability to create a bogus free or one-time .99 cent-for-24 hour unlimited internet access via a simple landing page to mask and emulate, as an example, your favorite restaurants like McDonald’s or Starbucks!

With Geobox, malicious actors target a broad audience as the setup process is streamlined, clear, and concise, with easy-to-follow instructions also provided. The manual links to the official Raspberry website for OS installation.

Multiple tools are included with Geobox: multiple VPN connections, GPS and Wi-Fi emulation, DNS configuration, data substitution tools, network configurators, and others.

The Geobox Can Be Easily Used For Anonymous Geolocation or Multiple Internet Purposes

“The device’s functionality is diverse, allowing for various forms of digital manipulation and disguise. Key features include the ability to use WebRTC IP for discreet online communication and GPS spoofing to simulate different geographical locations, which is particularly valuable for activities that require geolocation manipulation. Furthermore, the Geobox can completely mask (hide) Wi-Fi MAC addresses, making the user’s network activity more difficult to trace.”

*Most High Schools and Colleges Use Wi-Fi MAC Addresses As Standard Internet and Wi-Fi Usage Tracking Controls*

The emergence of Geobox raises significant concerns and introduces new complexities for cybersecurity – as well as the general public! One simple dot or variation of a “Starbucks or McDonalds Wi-Fi” authentic connecting point at any location is all it takes for operators of a Geobox to own and obtain all of the data on your laptop/phone or any other connected device!

Armed with such an affordable and easy to obtain cyber device, operators can easily carry and coordinate various attacks; such as being a data dump for anyone logging on to the newly created “free Wi-Fi” identity theft and credit card fraud under the veil of anonymity, circumventing network restrictions and surveillance, malware distribution, credential stuffing, spreading misinformation, content piracy, etc.

It was observed one operator used Geobox in combination with two LTE-based wireless modems, “proxyfying connections via multiple chains of SOCKS and PROXY servers globally and automatic pseudo-randomly via AI”. In essence, these easy proxy steps further ensure they are anonymous and cannot be tracked unless known to be doing this activity in advance!

Leveraging several devices deployed in various locations using this model is easy if the operator has a few friends working as a small tight-knit team. Note that this device can be easily carried in a purse, bag or backpack; easily disguisable as simply being a popular Notebook or laptop.

“Once the malicious action has been conducted – they can simply wipe the device or physically destroy it if they have a hunch that they are being monitored or tracked – but this device is so cheap, simple and easy that the chances of them getting caught are slim to none and thus they simply move it to other locations depending on their intent and motives – such as an up coming concert venue or local restaurant that people go to fully expecting and using free Wi-Fi”.

New Password Reset attack targets Apple device users

Apple iPhone Users Targeted As Increased Password Reset Scams Skyrocket In 2024

New password reset attack targets Apple device users

Scammers are taking advantage of Apple’s password reset tool in a new ‘MFA bombing’ attack.

woman using phone in the dark
d3sign/Getty Images

Apple device owners are facing a new phishing hack that uses “multi-factor authentication (MFA) bombing” to steal their data.

Several Apple users in have reported a hacking attempt that appears to take advantage of Apple’s password reset feature, KrebsOnSecurity reported, citing people who have been targeted. The scammers have used Apple’s password reset tool to spam their targets with dozens, if not hundreds, of notifications, asking the user to reset their Apple ID password.

Pressing the “Allow” option gets the scammers one step closer to resetting the user’s credentials because that device could then be used to create a new Apple ID password.

Unfortunately, tapping “Don’t Allow” on all the notifications doesn’t solve the problem.

After those targeted by the scam chose to not allow their passwords to be reset, they received phone calls from the scammers claiming they were from Apple’s support team, according to the report. Their goal was to send a password reset code to the user’s device and have the user tell them the code. Armed with that information, the scammers could simply reset the Apple ID password and get full access to the user’s account.

Since Krebs’ sources didn’t press “Allow” on the notification, it’s unclear what the scammers would have done in that scenario. Presumably, the scammers would still likely need to call the target, again acting as Apple support, and fool them into resetting the password on their device and sharing it with the hacker.

Phishing attacks have been used for decades to target unsuspecting victims. But in recent years, scammers have increasingly turned to phishing as a desirable way to steal passwords, delete data, and ultimately steal money from their victims.

In 2022, mobile phishing attacks were up a whopping 61% year-over-year in just a six-month period, according to security provider SlashNext. The company said mobile users faced 255 million phishing attacks during that period.

It’s unclear how many Apple users have been impacted by this MFA bombing attack. However, Krebs’ sources reported that they received notifications on their iPhones, Apple Watches, and Macs, suggesting the attack isn’t just limited to one type of Apple device. What’s worse, there’s no simple way to stop it.

One of Krebs’ sources said they called Apple for help with the attack and the company said they should create a recovery key, a 28-character code that they would need to input to change their Apple ID password.

However, after creating a recovery code, Krebs reported that it was still possible to trigger the notifications the users saw when targeted by the spammers. It appears Apple’s password reset feature may be to blame and until the company changes how that works, hackers could conceivably continue to exploit the flaw and target users.

For now, if you’re an Apple user, your only option is to stay in the know and remain vigilant. If you receive a slew of password reset requests that you didn’t initiate, be sure to always choose the “Don’t Allow” option on the notifications.

Don’t be tempted to choose “Allow” simply because the notifications aren’t allowing you to use other apps or services on your device — a core component in the fraudsters’ plan. Even if you don’t choose “Allow,” be prepared for a call and be sure not to answer it.

Additionally, Apple has made it clear that the company does not call any of its users directly. So, if you receive a number from 1-800-275-2273 (Apple’s actual support line that the scammers are spoofing to make their calls seem legitimate), don’t pick up and definitely don’t provide any information to the caller.



How to Hide Your IP Address and Change Location on Coinbase

Are you concerned about your online privacy and looking for ways to mask your IP address on Coinbase?

If like many people, you have come to the right place. In this guide, we’ll walk you through the steps to change your location on Coinbase (or any other Crypto Exchange) and hide personal information like your IP address, country, and region.


Quick Guide: Hide Your IP Address and Change Your Location

  • Mask Your IP Address
  • Flush DNS and Renew Your IP Address
  • Change Your Coinbase Location Settings
  • Other Methods to Hide Your IP Address and Location on Coinbase

Why Hide Your IP Address?

There are several reasons why you might want to hide your IP address. One of the main reasons is to protect your privacy and prevent Coinbase from tracking your physical location. By masking your IP address, you can also avoid leaving a digital footprint and bypass content filters or bans.

How to Hide Your IP Address and Location from Coinbase

  1. Mask Your IP Address
    • Use a VPN (Virtual Private Network) or proxy server to mask your IP address and spoof your location.
    • We recommend using NordVPN for its ease of use and reliability.
    • Follow these steps to install and configure NordVPN:
      1. Visit NordVPN’s website and create an account.
      2. Download and install NordVPN on your devices.
      3. Connect to a VPN server from your preferred location.
  2. Flush DNS and Renew Your IP Address
    • Clear your DNS cache to ensure your computer obtains the latest IP address from Coinbase’s DNS server.
    • Renew your IP address through your device’s settings or command prompt.
    • Follow these steps for PC (Any Windows OS Computer) (please contact me directly at for one on one Consultation):

Step-by-Step Guide: Flush DNS and Renew Your IP Address

Step 1: Open Command Prompt

      • On Windows: Press the Windows key, type “cmd” in the search bar, then press Enter.
      • On Mac: Open Spotlight (Command + Space), type “Terminal,” then press Enter.

Step 2: Run Command Prompt as Administrator

      • Right-click on Command Prompt in the search results.
      • Select “Run as administrator” from the context menu.

Step 3: Enter Commands

      • In the Command Prompt window, type the following commands one by one, pressing Enter after each:
        • ipconfig /flushdns (This command clears the DNS resolver cache.)
        • ipconfig /release (This command releases your current IP address.)
        • ipconfig /renew (This command requests a new IP address from your DHCP server.)

Step 4: Confirm Success

      • Look for confirmation messages after each command.
      • You should see messages indicating successful flushing of the DNS resolver cache and renewal of your IP address.

Step 5: Close Command Prompt

      • Once you’ve completed the commands and confirmed success, you can close the Command Prompt window.


      • Flushing the DNS resolver cache and renewing your IP address can help resolve network connectivity issues and ensure that your computer has the latest IP address information.
      • These steps may vary slightly depending on your operating system. Always run Command Prompt with administrator privileges for these actions.

Mac/Apple Flushing DNS:


  1. Change Your Coinbase Location Settings
    • Before logging in to your Coinbase account, ensure NordVPN is running and connected to the preferred server location.
    • Log in to your account, go to “Privacy Settings,” and change your “Location/Region/Country” to match your VPN server.
    • Save the changes and you’re all set.

Can’t Change Your Coinbase Location Settings? Here’s What to Do

If you’re unable to change your region, location, or country on Coinbase’s account settings, you can contact Coinbase support for assistance. Follow these steps:

  • Connect to NordVPN and your preferred server.
  • Find the “Contact Us” or “Get in touch” page on Coinbase’s website here:
  • Send a message to Coinbase support requesting a manual update of your physical location.
  • Wait for 24-48 hours for their response.

Other Methods to Hide Your IP Address and Location on Coinbase

In addition to using a VPN or proxy server, you can also consider using a neighbor or trusted friend’s Wi-Fi networks or proxy servers. However, keep in mind the security and privacy implications of these methods. If you are unsure or don’t know whether or not your Internet/Device/Computer is truly SECURE, take 2 minutes of your valuable time and go here to run a VPN and Browser Leak Scan:


VPN vs. Proxy vs. Public Wi-Fi: A Comparison

Here’s a comparison table outlining the key differences between using a VPN, proxy server, and public Wi-Fi to hide your IP address and change your location on Coinbase:


Features/Attributes VPN Proxy Server Public Wi-Fi
IP Address Masking Yes Yes Yes
Encryption Yes (High-level) No No
Geolocation Spoofing Yes Yes Partial
Ease of Setup Easy Moderate Easy
Speed Fast (depends on service) Moderate Varies (often slow)
Security High Low Very Low
Privacy High Low to Moderate Very Low
Access to Restricted Content Yes Yes Maybe
Consistency High Moderate Low
Cost Subscription Subscription or one-time fee Free
Legality & Compliance Generally Legal, some restrictions apply Generally Legal, some restrictions apply Legal

In summary, using a VPN offers the highest level of security and privacy, while proxy servers and public Wi-Fi networks may be less reliable. Choose the method that best suits your needs and always prioritize your online privacy and security.

By following these steps and tips, you can effectively hide your IP address and change your location on Coinbase, ensuring your online activities remain private and secure.


The information provided in this blog post is for educational purposes only. While we strive to provide accurate and up-to-date information, we cannot guarantee the effectiveness or suitability of the methods described.

By following the steps outlined in this guide, you acknowledge that neither any individuals affiliated with GeeksByTheHour nor its affiliates are responsible for any actions, events, or consequences that may occur as a result.

It is recommended to consult with a qualified IT professional or technician before performing any network-related actions on your computer. Always proceed with caution and at your own risk.

How To Track Anyone In The World Simply Using Any File!

How to Track Anyone’s IP using Images? — Email, QR Code, PDF, EXE, MS Word, MS Excel, & any file can be a “digital mouse trap”..

Supported Tokens: HTTP, DNS, Web Image, Cloned Website, Adobe PDF, MS Word, MS Excel, MySQL Dump, Windows Directory, Custom EXE, QR Code, Sensitive Command, SVN, AWS API Keys, Fast Redirect, Slow Redirect, SQL Server, and many more…

Follow DigitalFoundation on Telegram for more..

Greetings, World!

Today I’ll teach you how to track anyone’s IP using Transparent Images! Yeah..

We will first understand the whole concept then redirect towards the step by step usage guide. You can even do this manually using custom developed payloads but it’s a more better way to do this easily. I’ll help you with that today, by providing easy steps you can follow. Let’s start learning..

Understanding Canarytokens

Canarytokens are like digital traps for your computer systems. They work by watching for certain actions, such as someone reading a file, making a database query, running a process, or spotting specific patterns in log files. It’s similar to those tracking images in emails, but instead of tracking opens, it tracks actions on your system.

The cool thing is, we can use Canarytokens to set up these traps in our regular computer systems, kind of like putting alarms in different parts of your house where anything someone does can set off an “alarm” – or at least a notification.

Now, why should you bother with these Canarytokens? Well, sometimes hackers get into computer networks, and it happens to big companies, governments, regular people — basically, everyone. That part is understandable. But what’s not okay is only finding out about it way later, like months or even years down the line which seems disappointing!!

Canarytokens are a free, easy, and fast way to help you know right away if someone is messing around in your systems. It’s like the hackers accidentally letting you know they’re there.

  1. Web bug / URL token — Alert when a URL is visited
  2. DNS token — Alert when a hostname is requested
  3. AWS keys — Alert when AWS key is used
  4. Azure Login Certificate — Azure Service Principal certificate that alerts when used to login with.
  5. Sensitive command token — Alert when a suspicious Windows command is run
  6. Microsoft Word document — Get alerted when a document is opened in Microsoft Word
  7. Microsoft Excel document — Get alerted when a document is opened in Microsoft Excel
  8. Kubeconfig token — Alert when a Kubeconfig is used
  9. WireGuard VPN — Alert when a WireGuard VPN client config is used
  10. Cloned website — Trigger an alert when your website is cloned
  11. QR code — Generate a QR code for physical tokens
  12. MySQL dump — Get alerted when a MySQL dump is loaded
  13. Windows folder — Be notified when a Windows Folder is browsed in Windows Explorer
  14. Log4Shell — Alert when a log4j log line is vulnerable to CVE-2021–44228
  15. Fast redirect — Alert when a URL is visited, User is redirected
  16. Slow redirect — Alert when a URL is visited, User is redirected (More info is grabbed!)
  17. Custom image web bug — Alert when an image you uploaded is viewed
  18. Acrobat Reader PDF document — Get alerted when a PDF document is opened in Acrobat Reader
  19. Custom exe / binary — Fire an alert when an EXE or DLL is executed
  20. Microsoft SQL Server — Get alerted when MS SQL Server databases are accessed
  21. SVN — Alert when someone checks out an SVN repository
  22. Unique email address — Alert when an email is sent to a unique address

Step-by-Step Usage

Go to & choose your Canarytoken. This is like setting up a digital trap. Provide an email where you want to be notified and a note to remind yourself where you placed it.

Generate a Canarytoken, which is a unique URL or Fast redirect or anything else – it is all your choice. It’s like creating a secret link that will trigger an alert if someone interacts with it. In this blog I’ll be using Fast redirect as an example.


Put the generated Canarytoken in a special location & send it to the target. It could be in an email, a document, or even as an embedded image. If a target arrives upon it, you’ll receive an email notification, alerting you that something is off – just like a mouse activating a mouse trap :–)

Clicked..Your Digital Mouse Trap Is Set!

Fast Redirect was really super fast.. Later I tried using URL shortener and surprisingly, our main URL was not even noticeable in real time..

If your target hits the URL/File, like shown in the example above, your token gets activated & alerted to email or webhook as below:

You can also rename the generated PDF/Excel/Word document without affecting its operation!

DMARC: What Is It & Why Is February 1, 2024 Important?


For 2024, Google and Yahoo are rolling out updated guidelines for bulk email senders, aimed at boosting deliverability and fighting the good fight against spam. This is good news: not only will it positively impact your deliverability, it’s easy to implement.

Why the update?

It’s simple: to create a cleaner, more secure environment for both senders and recipients. The new requirements fall into three key categories:

  • Authentication: Email authentication verifies you’re a legitimate sender, not a spammer. If you’re sending emails already, you’ve probably already taken the first step by setting up SPF (sender policy framework) and DKIM (domainkeys identified mail) records, even if you weren’t sure what they did. Now, the next crucial step is publishing a DMARC policy.

  • Simple unsubscribes: No more requiring users to authenticate or navigate labyrinthine unsubscribe processes. One-click unsubscribe provides a better user experience. Luckily, if you’ve already been offering this option, you’re already ahead of the curve!

  • Spam complaints: If you’re diligently collecting opt-ins with proper consent, spam complaints likely won’t be a concern. But it’s always good practice to maintain a healthy email list and engage your audience thoughtfully.

So what is DMARC?

  • The DMARC policy (Domain-based Message Authentication, Reporting & Conformance) acts as your email’s official security document, telling the world how to handle messages claiming to be from your domain.
  • Setting it up properly is essential today because many Email List Providers (such as small businesses) are already being surprised that their E-Mail Success % Rates Are Decreasing Just This Week (Google and Yahoo Domain Emails Began Enforcement On February 2nd, 2024).By February 1, 2024, publish your DMARC policy with your domain provider. Ensure this TXT record is added to your DNS settings with “” replaced with your actual company domain:

    Hostname:          Value: v=DMARC1; p=none;

    It is actually straight-forward for most technical savvy folks whether you manage DNS yourself or need to put in a ticket so that your IT team can handle the DNS settings. (You can learn even more about DMARC records, including other options like adding a “rua” value to designate an email address that will receive DMARC reports, in Google’s documentation here.

    These new email requirements might seem like extra hurdles, but they’re ultimately a positive step towards a more reliable and enjoyable email experience for everyone. By taking the small steps outlined above, you can ensure your business thrives under the new rules, reaching your target audience effectively and building lasting relationships.

  1. Domain-Based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy that protects against bad actors using fake email addresses disguised to look like legitimate emails from trusted sources.
  2. DMARC makes it easier for email senders and receivers to determine whether or not an email legitimately originated from the identified sender. Further, DMARC provides the user with instructions for handling the email if it is fraudulent.
    Phishing and Spearphishing are among the top attack vectors for any organization dealing with PII (Personal Identifying Information), which can lead to identity impact, financial fraud, or even protected health information (PHI) breaches and Health Insurance Portability and Accountability Act (HIPAA) fines --> why? Because many individuals in the "black market" underground will access, buy, and sell that PII for non-Citizens/those who do not have health insurance-->they will be using it for their own "services" with fake ID presented as the same name and person that your company revealed their PII.                  
    Summary: Your/Your Company liability can be far more reaching than you could ever imagine. It happens every day in the United States where "Joe" walks up to the urgent care or hospital needing emergency care with someone else's ID/SSN/healthcare insurance information all for the right price!
  4. Fraudulent emails are easy to design and cheap to send, which gives threat actors incentive to use repeated email attacks. DMARC provides an automated approach to reducing fraudulent email, before it ever reaches an employee’s inbox. In addition, DMARC helps prevent adversaries sending email to your organization or others purportedly from your staff.
    DMARC removes guesswork from the receiver’s handling of emails from non-authoritative email servers, reducing the user’s exposure to potentially fraudulent and harmful messages. A DMARC policy allows a sender to indicate that their emails are protected by Sender Policy Framework (SPF) and/or Domain Keys Identified Message (DKIM), both of which are industry-recognized email authentication techniques. DMARC also provides instructions on how the receiver should handle emails that fail to pass SPF or DKIM authentication. Options include sending the email to quarantine or rejecting it entirely.
  6. DMARC provides the receiver with an email address to provide feedback to the sender. 
    Potential feedback can include that the sender’s email was rejected/quarantined by the receiver or that a threat actor is attempting to imitate the sender’s domain.
  7. HOW CAN I ADOPT DMARC ON MY DOMAIN?                                                                                        
    Savvy organizations that adopt DMARC do so in strategic stages, with feedback loops between IT departments and their staff (depending on the size of the organization of course!). Because DMARC can block third parties delivering mail on the purported sender’s behalf, some intended messages may be flagged as illegitimate in some cases - which is a very small price to pay (risk vs. reward) in cybersecurity honestly.
Below Are A Few Steps Organizations Can Take To Ease Into DMARC Over Time:
1. Deploy DKIM & SPF in reporting-only mode first, listing known authorized email servers (such as vendors and trusted internal/external Partners).
2. Collect and review reports to identify unknown email servers.
3. Work with business units and IT staff to identify servers and determine their legitimacy.
4. Update DMARC policy flags to “quarantine” then to “reject” as confidence increases that most or all legitimate
servers have been accounted for.

5G Rollout Faces Major Setback: Health Concerns Force City to Say No

City Representatives Reverse Course After Hearing on 5G Dangers & Failure to Protect Public Health

In November of 2023, the Board of Representatives in Stamford, Connecticut voted against a plan to install 5G equipment in their city following presentations by experts on the dangers of radiofrequency (RF) radiation and government failures to protect the public.

  • Of the city’s representatives, 21 voted to reject a proposed agreement with AT&T and Verizon, while only 5 voted in favor of it and 8 abstained. The second-largest city in Connecticut is the only major city in the state, thus far, to refuse the agreement.
  • The city of Stamford representatives chose to shield their citizens from the dangers of RF radiation rather than cave to legal threats from telecom companies and the FCC, which may present a potential “test case” for opposition to the 5G rollout nationwide.
  • During their presentations to the board in October of 2023, experts provided irrefutable evidence on the public health and environmental effects of RF radiation, and raised questions of corruption within the regulatory agency, the FCC, tasked with protecting the general public from dangerous levels of wireless radiation.

Board members were informed of some of the most devastating impacts of wireless radiation on public health, including studies highlighted by one global expert, Dr. Kent Chamberlain, on the ways in which exposure to RF radiation can lead to “chronic inflammation and a host of adverse outcomes including: neurodegenerative disease, cancer, cardiovascular disease, diabetes, chromosome damage, neuronal DNA damage, neuropsychiatric effects, [and] sperm damage.”

Experts also provided evidence of the damage from harmful wireless radiation to trees, insects and other species that may impact the food chain and endanger the food supply.

As the hearing progressed, city representatives were educated on the FCC’s human exposure limits, which are based upon inadequate short-term studies conducted in the 1980s of only 8 rats and 5 monkeys, to determine the general public’s radiation threshold.

Dr. Devra Davis noted during the presentations that the Environmental Health Trust, which she founded, sued the FCC over their wireless radiation exposure limits and in August of 2021, the U.S. Court of Appeals for the D.C. Circuit ruled that the FCC’s decision not to update the exposure limits was “arbitrary and capricious.”

The court determined that, “the testing procedures, particularly as they relate to children and long-term exposures were a ‘complete failure,’” Davis remarked. “The court found that the FCC had failed to provide evidence of properly examining long-term exposure, children’s vulnerability, the testimony of people injured by radiation sickness, and impacts to the developing brain and reproductive system.”

Dr. Chamberlain wrapped up his presentation to the board by addressing the question of “How come the FCC isn’t protecting us?” as he pointed to issues of corruption within the agency, citing a Harvard Center for Ethics study entitled, “Captured Agency: How the Federal Communications Commission Is Dominated by the Industries It Presumably Regulates.”

“The title says it all,” Chamberlain explained, as he emphasized a quote from the study which stated, “Industry controls the FCC through a soup-to-nuts stranglehold that extends from its well-placed campaign spending in Congress through its control of the FCC’s Congressional oversight committees to its persistent agency lobbying.”

After reviewing the information presented, board members found the proposed contract for installations of 5G equipment in their city to be severely problematic considering the health risks and the absence of the public’s informed consent. “If there’s the smallest of chances — even the smallest — that this may cause harm, I don’t see any reason why we should be passing this forward,” replied Representative Stella.

Before This Case, Health Takes a Backseat to Money

Connecticut governor, Ned Lamont, whose second inaugural ball received a $10,000 donation from AT&T, brokered the deal with telecommunications giants, AT&T and Verizon, to put into effect a template contract for 5G installations on utility poles across major cities throughout the state including Bridgeport, Hartford, New Haven, Stamford and Waterbury.

After settling a years-long court battle with AT&T for delaying the telecom carrier’s requests for installations on city light poles, the city of Hartford finally approved the proposed 5G agreement.

As the founder of a telecommunications company, Governor Lamont, has made the expansion of 5G in his state a “key priority,” giving fifth generation wireless networks a center stage during his inaugural State of the State address in 2019.

The rollout of 5G is one aspect of Lamont’s larger strategic plan “to build an all-digital state government.” In 2021, Lamont signed legislation to facilitate the build-out of digital and telecom systems to support modernized state government operations, including “standards for digital identity verification.”

The “all-digital state government” plans of Governor Lamont, who serves on the National Advisory Board for Biden’s re-election campaign, fall in line with the Biden regime’s initiative to deploy 5G infrastructure across the nation while developments in digital identity, CBDCs, and artificial intelligence ramp up.

The Biden regime pledged over $40 billion in taxpayer money from the infrastructure bill to deploy high-speed internet access and 5G connectivity nationwide, of which Connecticut received $144.2 million.

Pondering the vast sums of money at stake, Stamford city representative, Sean Boeger remarked, “every time you throw money into the issue, all of a sudden, health takes a backseat.”

“Test Case” for Opposition to 5G Rollout

Critics argue the decision by the Stamford Board of Representatives defies a 2018 FCC ruling to block states and municipalities from impeding 5G deployment, which may lead to potential lawsuits by telecom companies. The 2018 FCC ruling has been challenged by several states but was upheld  by the Ninth Circuit.

However, proponents of the decision say telecommunications carriers have no grounds to sue yet, as the city simply voted against the terms of a model contract proposed by the governor, rather than issuing an ordinance or regulation to effectively ban 5G.

Representative Grunberger commented, “I don’t think we should back away from this because of the threat of a lawsuit … If, in fact, we have to be a test case on this, I think we should be a test case.” Grunberger also remarked during a November meeting that, “The federal government does not have guidelines for long-term exposure, so we need to protect our city ourselves, and not succumb to legal threats.”

Sandri recommends that cities insist carriers provide, “detailed studies for public review and scientific analysis to prove that they’re complying,” with existing human RF exposure standards prior to considering requests for new 5G installations. Sandri reiterated that, “existing law is quite clear that the FCC’s been remanded in federal court,” and their human exposure rules “are up for current review.”

However, the FCC has not complied with the court’s order to review their electromagnetic radiation exposure limits and explain how its standards adequately protect human health.

Scott McCollough, the chief litigator representing Children’s Health Defense, which won the consolidated case with Environmental Health Trust has argued, The FCC intends to keep stalling until it is too late to do anything because any reductions to the exposure limits would require a massive recall and overhaul of the entire wireless infrastructure they want to get deployed now.”

Blake Levitt, a science journalist with decades of experience in the study of RF radiation, told the board she believes that, “when the federal government refuses to regulate adequately, that duty then falls to the states,” arguing that there is a “strong case that the FCC, that has overriding jurisdiction on this particular subject, is in serious dereliction of duty.” Just because we are under the FCC umbrella at this point… if we don’t take a stand against that, that puts municipalities in the position of being in complicity with this status quo. At some point, someone is going to have to stand up and say, ‘This just will not happen. This cannot be allowed to happen.’ Maybe that will be Stamford. Maybe that will be you.”

Following the board’s rejection of the 5G proposal, Dr. Davis told the Defender that when, “confronted with overwhelming, independent scientific information about the real and present dangers of bringing electromagnetic fields closer to humans than ever before, Stamford voted to protect people and their environment.”

Environmental Health Trust remarked, “We know land-use decisions made in Stamford on the 5G build-out will reverberate statewide and far beyond.”

The decision by Stamford Board of Representatives to vote against the 5G plan may indeed renew efforts by cities across the nation to reject similar proposals that favor the telecom industry and its captured regulatory agency over the health and safety concerns of their citizens.

My question to all of you is where do you stand on this topic? Do you believe the health dangers of 5G that have stopped cities like Stamford to intervene and stop them overrule the faster speed?


Dr. Sky