Summary created by Smart Answers AI
In summary:
- PCWorld reports on how AI-powered deepfake livestreams are making online scams increasingly sophisticated, with even cybersecurity experts nearly falling victim to fake Nvidia crypto schemes.
- The article highlights multiple security vulnerabilities, including BitLocker exploits, Creative soundbar Bluetooth hacking risks, and over 20,000 Instagram accounts compromised through Meta’s AI chatbot.
- Enhanced vigilance and awareness of evolving scam tactics are essential as criminals leverage AI technology to create more convincing and personalized fraudulent content.
I cover security and privacy for PCWorld, but even I’m not immune to falling for a trick. Earlier this month, I tuned into a livestreamed presentation from Nvidia, the highest valued company in the world. I was a few minutes behind the start, so I’d quickly checked for the official stream to catch CEO Jensen Huang discuss the company’s latest developments.
Welcome to Safe Mode, your weekly report for pressing security and privacy news—and what steps to take next. Want this newsletter to come directly to your inbox? Sign up on our website!
When I popped into the stream, he was discussing cryptocurrency—not necessarily strange, given his well-known support for the underlying technology, but unexpected. Then he began to talk about a crypto giveaway. Send in some crypto, get back double the amount of crypto.
The warning bells went off in my head.
Both curiosity and confusion kept me listening several minutes longer, as I tried to understand what I’d stumbled into. I had looked for an official livestream, so surely I couldn’t be watching a fake presentation. But the repeat mantra of using a QR code to send crypto was a dead-on match for a common scam, one I’ve even written about. Everything was off. I even commented in a group work channel about what I was seeing.
Then the stream cut to an interlude of Lofi girl, and I knew I’d been had. Sort of.
If I didn’t do what I do for a living—if I hadn’t spent years keeping tabs on the new dirty tricks and attacks happening on the web—I could have actually fallen for the trap. Or someone I know could have. And I wouldn’t blame them in the slightest.
Staying safe online is hard now. I’m part of the generation that started with an open web, where you could shoot the breeze with complete strangers and not worry you just shared your name, age, and location with them. In the mid- and late-90s, shopping and banking still happened offline. If someone wanted to steal from you, they had to go after your cash. In person.
Now financial transactions take bare seconds, with some untraceable. (The whole point of cryptocurrency, for example.) Your personal details can be found all across the internet, either through voluntary disclosure through social media or continual data leaks. Bad actors can quickly pull together tailored, personalized scams to part you from your money. AI is only accelerating how fast those schemes can appear and then disappear—and how convincing they are.
Jon Martindale / Foundry
Which brings us back to my brush with that deepfake Nvidia livestream. Obviously, Jensen Huang didn’t actually give that presentation. But I missed the clues due to a classic reason: a break from my usual routine. Normally I watch streams on a desktop PC, where I can clearly see the YouTube channel name, the YouTube channel subscriber count, the other concurrent watchers, and the video’s title in full. Those details help me steer clear of sketchy videos. This time, I had been away from home, using my phone. I couldn’t see as much information, or as much of the screen. I also was listening to just the audio while the phone was in my pocket, so I missed any immediate visual warning signs.
Not long after I messaged in my work group chat about the strange stream I was listening to, a colleague sent me a link to the actual official livestream. The address was different. I came in during a long explanation of Nvidia’s latest AI hardware, which matched my original expectations. And sitting there, listening to the talk about Vera Rubin architecture, I felt unsettled. I should know better. I still had a brush with scam content anyway. The kicker? This particular scam had made the news months earlier, but I’d forgotten.
I like to think I could have spotted it more easily if I had a regular, summarized briefing each week. One that highlighted new threats, fresh data breaches, and changed defense strategies, kept simple and short. A kind of security and privacy weather report—a way to know what dangers to watch for and how to prepare.
Safe Mode hopefully will be just that for you. Thank you for reading the first of many weekly dispatches.
In the news
Foundry
AI is still the hot topic across all industries, but not always with great results. In addition to the usual tangle of scams, AI tools themselves appear ripe for exploitation—as proved by the Instagram hack, where thousands of accounts were stolen despite protections like two-factor authentication in place.
But despite the increasing difficulties for everyday users to protect themselves, the news isn’t all bad. Companies keep trying to respond to the changing landscape, with some showing they have good processes in place when things do fail.
The good
The bad
The interesting
Sus
Tip for the week
Alaina Yee / Foundry
Were you a LastPass subscriber? You may be entitled to compensation, courtesy of a class action lawsuit regarding the password manager’s 2022 data breach. But the deadline to register a claim is coming up fast: July 2, 2026 at 11:59pm Eastern Time (8:59pm Pacific). Head to www.LastPassSettlement.com to file.