Security & Safety Resource Center

Imagine getting a call or email from what appears to be a tech support company offering you a refund for services you previously paid for. Sounds like a nice surprise, right? Don’t fall for it. The “fake refund” scam is one of the most devious tricks in a cybercriminal’s playbook—and it’s costing victims billions.

How does the fake refund tech support scam work?

The scam follows a carefully rehearsed script designed to build trust and then exploit it:

1. The scammer initiates contact. You receive an unsolicited phone call, email, or pop-up message from someone claiming to represent a well-known tech company—Microsoft, Apple, Norton, or your internet provider. They tell you they owe you a refund for a past service, subscription, or overpayment.
2. They request remote access. To “process the refund,” the scammer asks you to download a remote desktop tool like AnyDesk, TeamViewer, or UltraViewer. This gives them full control of your screen.
3. They ask you to log into your bank. Once they have remote access, they instruct you to sign into your online banking so they can “deposit” the refund directly. This is the trap.
4. They manipulate what you see. While connected, the scammer edits the webpage or transfers money between your own accounts to make it look like they accidentally refunded too much. Then they pressure you to “return” the difference—usually via gift cards, wire transfer, or cryptocurrency.

The result? The criminal now has access to your device, your banking credentials, and potentially your entire financial life.

Tech support scams are a billion-dollar problem

This isn’t a small-time hustle. According to the FBI’s 2025 Internet Crime Report, tech and customer support scams accounted for more than $2.1 billion in reported losses in 2025, making it one of the costliest cybercrime categories tracked by the bureau. And those numbers only reflect what was actually reported—the true toll is likely much higher.

Red flags that signal a fake refund scam

Watch for these warning signs every time:

• Unsolicited contact. Legitimate tech support, security, and customer service companies do not call, email, or message you out of the blue offering refunds.
• Requests for remote access. No real company will ask to remotely connect to your computer to process a payment or refund.
• Pressure to log into your bank. A legitimate refund would never require you to open your online banking while someone else controls your screen.
• Urgency and panic tactics. Scammers create artificial time pressure—”this offer expires today” or “we need to fix this immediately”—to stop you from thinking clearly.
• Requests for gift cards or wire transfers. No legitimate business processes refunds through gift cards, cryptocurrency, or wire transfers. Ever.

What to do if you’re targeted

If you receive a suspicious refund call or email, take these steps:

• Hang up or delete the message immediately. Do not engage.
• Never grant remote access to anyone who contacts you unsolicited.
• Contact the company directly. If you think the refund might be real, look up the company’s official phone number yourself and call them.
• Report the scam. File a complaint with the FBI’s IC3 at https://www.ic3.gov and the FTC at https://ReportFraud.ftc.gov.
• If you already gave access, disconnect your device from the internet immediately, run a full antivirus scan, change your banking passwords from a different device, and contact your bank.

The golden rule is simple: legitimate companies will never initiate unsolicited contact to offer you a refund. If someone reaches out claiming to owe you money and asks for remote access to your device or wants you to log into your bank, it’s a scam—every single time. Hang up, delete the message, and protect your accounts.

Your Social Security number is the master key to your identity. It unlocks access to your credit, bank accounts, tax filings, medical records, and more. So why do so many organizations ask for it so casually—and why do so many of us hand it over without a second thought? Here’s the truth: most of the time, you have every right to push back.

Who actually needs your Social Security number?

Very few organizations legally require your SSN. The short list includes:

• Your employer — for tax reporting and payroll purposes
• The IRS — for filing taxes and managing your tax account
• Your bank or financial institution — for opening accounts and reporting interest income
• Government agencies — for benefits like Social Security, Medicare, or unemployment

Beyond that? Most requests for your SSN are a matter of convenience for the organization, not a legal requirement for you.

The four questions the FTC says you should ask

The FTC recommends asking these four questions any time an unfamiliar organization asks for your Social Security number:

• “Why do you need my Social Security number?” — Make them explain the specific reason. If they can’t give you a clear answer, that’s a red flag.
• “How will you keep this information safe?” — Ask about their data security practices. You deserve to know how your most sensitive identifier will be stored and protected.
• “Can you use a different identifier instead?” — Many organizations can use an account number, customer ID, or other reference number in place of your SSN.
• “Can I provide just the last four digits?” — In many cases, the last four digits are sufficient for verification purposes without exposing your full number.

You have every right to ask these questions—and any legitimate organization should be willing to answer them.

Why protecting your SSN matters more than ever

Identity theft is surging at an alarming pace. According to the Identity Theft Resource Center’s 2025 Annual Data Breach Report, there were 3,322 data compromises recorded in 2025—a 79% increase over the past five years—with a notable shift toward the theft of static identifiers like Social Security numbers. Once your SSN is exposed in a breach, criminals can use it for years to open fraudulent accounts, file fake tax returns, or steal your benefits.

What to do if you’ve already shared your SSN

If you’ve given your SSN to an organization, you’re now unsure about, take these steps right away:

• Freeze your credit at all three bureaus—Equifax, Experian, and TransUnion. It’s free and prevents anyone from opening new accounts in your name.
• File an IRS Identity Protection PIN to block fraudulent tax filings using your Social Security number.
• Monitor your credit reports regularly through https://www.annualcreditreport.com for any accounts or inquiries you don’t recognize.
• Set up fraud alerts with any of the three credit bureaus—one alert automatically applies to all three.

Just because someone asks for your Social Security number doesn’t mean you have to give it. Pause, ask the FTC’s four recommended questions, and only share your SSN when there’s a clear, legitimate reason. In a world where data breaches are hitting record highs, a little skepticism goes a long way toward keeping your identity safe.

Here’s something most people don’t realize: every time your Windows laptop or tablet scans for a Wi-Fi network, it broadcasts a unique identifier called a MAC (Media Access Control) address. Think of it as a digital fingerprint for your device. And just like a fingerprint, it can be used to track your movements as you move between Wi-Fi networks—at airports, shopping malls, coffee shops, and other public spaces. The good news? Windows gives you a built-in tool to stop it.

What is a MAC address and why does it matter?

A MAC address is a unique hardware identifier assigned to your device’s network adapter at the factory. It’s a 12-digit code (something like 00:1A:2B:3C:4D:5E) that your device shares every time it connects to—or even searches for—a Wi-Fi network.

The problem is that this address never changes by default. That means anyone monitoring Wi-Fi traffic in a public space can log your MAC address and use it to:

• Track your physical movements across multiple locations over time
• Build a profile of your habits—which stores you visit, how long you stay, and how often you return
• Correlate your device with other data points to identify you personally

This isn’t hypothetical. According to WiGLE (Wireless Geographic Logging Engine), the world’s largest crowd-sourced wireless network database, over 1.9 billion Wi-Fi networks have been mapped globally, with more than 25 billion Wi-Fi observations logged—demonstrating just how extensively wireless signals are being cataloged and tracked across public spaces. How random hardware addresses protect you

Windows 10 and 11 include a feature called Random Hardware Addresses that generates a unique, randomized MAC address each time your device scans for or connects to a Wi-Fi network. Instead of broadcasting your real hardware fingerprint, your device presents a different identity every time—making it significantly harder for anyone to track you.

How to enable random hardware addresses on Windows 11

It takes less than a minute:

1. Open Settings (press Win + I)
2. Click Network & Internet
3. Click Wi-Fi
4. Toggle Random hardware addresses to On to enable it for all networks

To enable it for a specific network instead:

1. In the same Wi-Fi settings, click Manage known networks
2. Select the Wi-Fi network you want to protect
3. Under Random hardware addresses, choose On or Change daily

How to enable random hardware addresses on Windows 10

1. Open Settings
2. Click Network & Internet
3. Click Wi-Fi
4. Toggle Use random hardware addresses to On
5. For individual networks, click Manage known networks, select a network, and enable the setting there

A few things to keep in mind

Random hardware addresses work great for public Wi-Fi, but there are some situations where you may want to leave the feature off:

• Home and office networks that reserve IP addresses based on your MAC address
• Captive portals (like hotel or airport login pages) that authenticate devices by MAC address
• Corporate networks where IT administrators manage device access through MAC filtering
• Software licenses tied to your device’s physical MAC address

For everyday use on public networks, though, turning this feature on is a no-brainer.

Your Windows device doesn’t have to leave a trail of digital breadcrumbs everywhere you go. Enabling random hardware addresses takes just a few clicks and gives you a powerful layer of privacy against Wi-Fi-based surveillance. Turn it on for public networks, keep your real MAC address private, and take back control of your digital footprint.

TikTok makes it incredibly easy for people to find you on the platform—maybe a little too easy. If you’re over 16, TikTok automatically turns on a feature called “Suggest your account to others,” which means your profile can be recommended to people based on your phone contacts, Facebook friends, and shared link activity. If you’d rather control who discovers you, here’s how to turn it off.

What does “Suggest your account to others” actually do?

When this setting is enabled, TikTok actively recommends your profile to other users. The platform uses several signals to make these suggestions, including:

• Your synced phone contacts. If someone in your contacts joins TikTok (or already uses it), your account may pop up as a suggestion for them.
• Facebook friends. If you’ve linked your Facebook account, TikTok cross-references your friends list and suggests your profile to mutual connections.
• Shared links. People who have opened or sent TikTok links to you—or received links from you—may see your account as a suggestion.
• Mutual connections. TikTok also factors in accounts you both follow or interact with to surface recommendations.

For users under 16, TikTok disables this feature by default. But if you’re 16 or older, it’s switched on automatically—and many people have no idea it’s there.

Why you should consider turning it off

With nearly 2 billion users reachable on TikTok’s platform as of early 2026, discoverability cuts both ways. Sure, it’s great if you’re a creator building an audience. But for everyday users, having your account suggested to coworkers, distant relatives, ex-partners, or complete strangers can feel like an invasion of privacy.

Turning off this setting gives you more control over who finds your profile and helps you maintain boundaries between your personal life and your online activity.

How to turn off “Suggest your account to others” on TikTok

The process takes less than a minute:

1. Open the TikTok app and tap your Profile icon in the bottom right corner.
2. Tap the three-line menu (☰) in the top right corner.
3. Select Settings and Privacy.
4. Tap Privacy.
5. Tap Suggest your account to others.
6. Turn off the toggles for Contacts, Facebook friends, and People who open or send links to you.

That’s it—TikTok will stop recommending your profile to others based on those connections.

Take it a step further: disable contact and Facebook syncing

Even after turning off the suggestion setting, TikTok may still hold previously synced data. To fully clean the slate:

• Go to Settings and Privacy > Privacy > Sync contacts and Facebook friends.
• Turn off Sync contacts and Sync Facebook friends.
• Tap Remove previously synced contacts to delete any stored contact data from TikTok’s servers.

This ensures TikTok can’t use your address book or social connections to make future suggestions—even if you re-enable the feature later.

Other TikTok privacy settings worth checking

While you’re in your privacy settings, take a few extra minutes to tighten things up:

• Set your account to Private if you only want approved followers to see your content.
• Turn off Activity Status so others can’t see when you’re online.
• Disable Profile Views and Post Views to browse anonymously without alerting other users.
• Enable two-factor authentication under Security & Permissions for an extra layer of account protection.
• Review third-party app access and revoke permissions for any apps you no longer use.

TikTok’s “Suggest your account to others” feature is designed to help people connect—but not everyone wants to be found. If you value your privacy, take 60 seconds to turn off this setting and disable contact syncing. It’s a small change that gives you much bigger control over who discovers your profile and how.

If you’re looking for an easy way to improve your everyday security, your Apple Watch can do more than track steps—it can help protect your Mac.

Let’s break down how this feature works, why it matters, and how to use it as part of a smarter cybersecurity routine.

What does unlocking your Mac with Apple Watch do?

Apple’s Auto Unlock feature lets you log into your Mac automatically when your Apple Watch is:

• On your wrist
• Unlocked and authenticated
• Close to your Mac

Instead of typing a password, your watch securely verifies your identity in the background.

This not only saves time—it also reduces risky habits like reusing weak passwords or disabling login security altogether.

Why this feature is more than just convenience

Many users think Macs are inherently safe, but that’s no longer true at scale. In fact, 66% of Mac users reported encountering a cyber threat in the past year, according to a 2025 macOS threat report.

That means basic protections—like strong authentication—matter more than ever.

Using your Apple Watch to unlock your Mac adds a layer of protection because:

• It relies on proximity-based authentication
• It reduces password exposure (no typing in public)
• It requires secure Apple ID settings behind the scenes

How does Auto Unlock improve your overall security?

It enforces two-factor authentication (2FA)

To enable Apple Watch unlock, Apple requires:

• Two-factor authentication on your Apple ID
• A passcode on your watch
• Secure device pairing

This is a big deal. Accounts protected by 2FA are up to 99% less likely to be compromised, based on industry analysis from WorldMetrics.

It minimizes human error

Most cyber incidents come down to user behavior:

• Weak passwords
• Password reuse
• Shoulder surfing in public spaces

Auto Unlock removes these risks from your daily workflow.

It strengthens your device ecosystem

Apple’s security model works best when devices cooperate. Using Apple Watch unlock means:

• Your identity is verified across trusted devices
• Your login process is harder to intercept
• You reduce reliance on a single password

How to enable unlock with Apple Watch

Follow these steps on your Mac:

1. Open System Settings (or System Preferences)
2. Go to Touch ID & Password (or Security & Privacy)
3. Turn on “Use Apple Watch to unlock apps and your Mac”
4. Enter your Mac password to confirm

Make sure:

• Bluetooth and Wi-Fi are enabled
• Your watch is signed into the same Apple ID
• Your devices are up to date

When should you use this feature?

This feature is especially useful if you:

• Work in shared or public environments
• Unlock your Mac frequently throughout the day
• Want stronger security without extra friction

It’s a perfect example of “low effort, high impact” cybersecurity.

Smart habits to pair with this feature

To maximize protection, combine Apple Watch unlock with:

• ✅ A strong, unique Mac password
• ✅ Automatic macOS updates
• ✅ FileVault disk encryption
• ✅ A password manager
• ✅ Awareness of phishing attacks

Cybersecurity doesn’t always require complex tools. Sometimes, it’s about using the features you already have—correctly.

Unlocking your Mac with your Apple Watch gives you:

• Faster access
• Less password exposure
• Built-in two-factor authentication

That’s a win for both convenience and security.