Google shared a new update on Nov. 5, confirming that Gemini Deep Research can now use context from your Gmail, Drive and Chat. This allows the AI to pull information from your messages, attachments and stored files to support your research.

Some people view this as a convenience. They like the idea of faster answers and easier searches. If you feel that way, too, that is completely fine.

However, many people do not want AI scanning private messages or personal documents. If that sounds like you, there is good news. You can turn these features off with a few quick taps in Gmail.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

GOOGLE ISSUES WARNING ON FAKE VPN APPS

Google’s new update allows Gemini to scan Gmail. These steps help you take control of your privacy. (Kurt “CyberGuy” Knutsson)

Why this update matters

This feature gives Google permission to scan every email in your Gmail account. That includes personal notes, financial documents, tax files and any sensitive information in your inbox. AI looks for patterns to improve responses, but Google says Gmail content is not used to train the Gemini model and that no user settings were changed automatically.  

Google also says that Gmail, Docs and Sheets are not used for AI training unless you directly give Gemini that content yourself.

While Google says the feature improves your experience, some users prefer more control. You may want privacy first and convenience second. If so, you can opt out today.

GOOGLE CHROME AUTOFILL NOW HANDLES IDS

How to stop AI from scanning your Gmail

You can turn this off directly in Gmail settings. Follow these steps:

Open Gmail to start the process of turning off AI features. (Kurt “CyberGuy” Knutsson)

• Tap the gear icon in the top right

Tap the gear icon to access your main Gmail settings. (Kurt “CyberGuy” Knutsson)

Select See all settings to reach the full menu. (Kurt “CyberGuy” Knutsson)

• Scroll until you find Smart Features
• Turn off Smart features by clicking it off.

Scroll until you find Smart features and personalization.  (Kurt “CyberGuy” Knutsson)

• It will ask you to click “Turn off and reload.” 

Turn off Smart features to reduce scanning across your inbox. (Kurt “CyberGuy” Knutsson)

• Now, scroll to Google Workspace smart features and click “Manage Workspace smart feature settings.”

Go to Google Workspace smart features for the next control. (Kurt “CyberGuy” Knutsson)

• Turn off both checkboxes and then click Save. 

Turn off both checkboxes to stop extra data scanning. (Kurt “CyberGuy” Knutsson)

• A pop-up will appear in the bottom left-hand corner of the screen that says “Your preferences have been saved.” 

Watch for the confirmation pop up that tells you the changes are active. (Kurt “CyberGuy” Knutsson)

Once you switch these off, Gmail stops scanning your messages for smart features or AI enhancements. This returns control to you.

What happens when you turn it off

After you disable these settings, features like smart email suggestions may stop working. That includes predictive text, automatic bill reminders and quick booking prompts. You can always turn them back on if you change your mind.

Turning these off does not break Gmail. Your inbox works the same. You simply gain more privacy while you use it.

Want a more private inbox?

If you’d rather keep your email fully separate from AI features, you may want to consider a privacy-focused email service. They don’t scan your messages or use your inbox to train any systems. Everything stays private and encrypted.

For people who want more control over their digital privacy, these private and secure email providers offer a straightforward way to keep email activity protected. They give you peace of mind knowing your messages aren’t being analyzed in the background.

For recommendations on private and secure email providers, visit Cyberguy.com.

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com.

Kurt’s key takeaways

Google’s newest update blends convenience with automation. It can simplify research by tapping into your Gmail, Drive and Chat. Still, many people want a clear boundary between AI tools and personal messages. With a few quick steps, you can keep your inbox private without losing access to core Gmail features. Just keep in mind: Google says Gmail content isn’t used to train Gemini unless you explicitly give that content to the AI.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Do you think AI tools should have access to your messages by default or should companies ask before scanning anything? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com. All rights reserved. 

DoorDash confirmed a data breach that exposed personal details for a mix of customers, delivery workers and merchants. The stolen information included names, email addresses, phone numbers and physical addresses. The company said it has no evidence of fraud tied to the breach so far, but the event still raises concerns for anyone who uses the service.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

DoorDash says an employee fell for a social engineering scam that let an unauthorized party access basic contact information. (DoorDash)

How the DoorDash breach happened

The company traced the incident back to a social engineering attack. An employee fell for a lure that gave hackers access to DoorDash systems. Once the company spotted the breach, it shut down access, launched an investigation and notified law enforcement. DoorDash also directly notified users where required.

The company confirmed the incident exposed names, email addresses, phone numbers and physical addresses for some people in its system. (DoorDash)

Who was affected by the DoorDash breach

DoorDash said the breach impacted a mix of users across its platform. That includes customers, delivery workers and merchants. CyberGuy reached out to DoorDash and a representative provided the following statement to us:

“DoorDash recently identified and shut down a cybersecurity incident in which an unauthorized third party gained access to and took basic contact information for some users whose data is maintained by DoorDash. No sensitive information, such as Social Security numbers or other government-issued identification numbers, driver’s license information, or bank or payment card information, was accessed. The information accessed varied by individual and was limited to names, phone numbers, email addresses, and physical addresses. We have deployed enhanced security measures, implemented additional employee training, and engaged an external cybersecurity firm to support our ongoing investigation. For more information, please visit our Help Center.”

LOOKING FOR A CHEAP CHEESEBURGER? 10 AMERICAN CITIES THAT DELIVER THE BEST MEAL DEALS

If you received an alert from the company, take steps to protect your information. If you use the app but did not get a notice, you should still follow the safety tips below because exposed contact information can lead to scams long after a breach.

DoorDash says no sensitive information was accessed and investigators found no signs of fraud or identity theft tied to the breach. (DoorDash)

How to protect yourself after the DoorDash breach

Even though payment data stayed protected, exposed contact details can still open the door to scams. You can lower your risk with a few smart steps that keep your information safer online.

1) Watch for phishing attempts

Scammers move fast after a breach. They often send fake alerts that look like real DoorDash messages. These emails or texts may claim you need to verify your account or update your payment details. Delete any message that asks for personal information or urges you to click a link. When in doubt, go straight to the official app instead of trusting a message.

2) Use a data removal service

Data brokers collect and resell personal details that scammers often exploit. A data removal service works to pull your information off those sites. This limits your exposure and makes it harder for criminals to target you. It is one of the easiest long-term steps you can take to protect your privacy.

IS YOUR PHONE HACKED? HOW TO TELL AND WHAT TO DO

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.

3) Use strong passwords and a password manager

Stronger passwords give you better protection. Create unique passwords for every account so one breach cannot unlock your digital life. A password manager makes this easier by generating secure passwords and storing them safely. It also autofills them, so you spend less time typing.

Next, see if your email has been exposed in past breaches. Our #1 password manager (see Cyberguy.com) pick includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials. 

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com.

4) Turn on multi-factor authentication

Multi-factor authentication (MFA) adds a simple barrier that blocks most break-in attempts. When you turn it on, you confirm each login with a code or app prompt. This keeps your account safe even if someone learns your password. Most major apps let you enable this setting in the Security section.

5) Use strong antivirus protection

Strong antivirus software shields you from malicious links and downloads. It scans files in real time and warns you when something looks dangerous. This gives you an extra layer of defense against phishing attempts that try to install malware.

The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

6) Review your account activity

It helps to check your DoorDash account for anything unusual. Look at your order history, saved addresses and payment methods. If something looks off, update your password and contact DoorDash support right away. Quick action can stop a small issue from turning into a bigger problem. 

Kurt’s key takeaways

A breach like this reminds us how quickly cybercriminals can exploit a single mistake. DoorDash moved fast to cut off access and confirm the damage, but exposed contact information can still create risks. Staying alert and using basic security habits can help you avoid trouble.

CLICK HERE TO GET THE FOX NEWS APP

What concerns you most about companies holding your personal information, and how would you like them to handle incidents like this? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.

Copyright 2025 CyberGuy.com.  All rights reserved.

Apple now lets you add your passport to your phone’s Wallet, giving you a new way to move through TSA lines with less stress this holiday season. Instead of digging through your bag for your ID, you can use a secure Digital ID on your iPhone at more than 250 airports across the United States. With more digital ID options appearing across the country, here is what you need to know before you start using it.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter  

How Apple Digital ID works

Digital ID stores your passport information securely on your device. Your data stays encrypted at all times. Apple cannot see where or when you use your Digital ID.

Apple’s new Digital ID lets you store a passport on your iPhone for faster TSA checks. (Sean Gallup/Getty Images)

When you present your Digital ID, you choose what information the TSA can see. You review the request on your screen and confirm it with Face ID or Touch ID. This helps prevent situations where someone else could access your ID without your approval.

APPLE PASSKEY TECHNOLOGY TRANSFORMS MAC SECURITY WITH BIOMETRIC AUTHENTICATION, ENCRYPTED STORAGE

Where Digital ID works

Digital ID works for identity checks at select TSA lanes during domestic travel. It does not work for international flights or border crossings. Apple says support will expand to certain hotels, stores and online services where age or ID checks are needed.

Eligibility requirements for Apple Digital ID

Before you add a Digital ID to Apple Wallet, you need to meet a few basic requirements. To start, you must have a valid, unexpired U.S. passport. You also need an iPhone 11 or later with iOS 26.1 or later. 

If your iPhone is not up-to-date, you can install iOS 26.1 by opening Settings, tapping General, choosing Software Update and following the on-screen steps. Make sure your phone is charged and connected to Wi-Fi before you start the update.

Digital ID in Wallet works only at select TSA checkpoints for domestic travel. It cannot replace a physical passport. Because of that, you should still bring your physical passport or license in case TSA needs to review it. You must also carry your physical passport for any international travel or border crossing.

With Digital ID, you control what information is shared at security and confirm each request with Face ID. (Ronaldo Schemidt/AFP via Getty Images)

How to add your passport to Apple Wallet 

• Setting up Digital ID only takes a few minutes. You need an iPhone and a valid U.S. passport.
• Open the Wallet app on your iPhone
• Tap the Add button
• Select Driver’s License or ID Cards
• Choose Digital ID
• Click Add to iPhone and Apple Watch or Add to iPhone Only
• Scan the photo page of your passport
• Hold your iPhone to read the passport chip
• When it says “Verification Required”, click Continue
• Take a selfie
• Complete the short head movement prompts
• Wait for verification
• Your Digital ID appears in Apple Wallet when approved. You will receive a notification that says, Digital ID is ready to use. 

CLOUD STORAGE FULL SCAM STEALS YOUR PHOTOS AND MONEY

How to use your Digital ID at TSA

How to add a passport to Google Wallet

Google users can also store a digital version of their U.S. passport in Google Wallet. This option works at TSA checkpoints that support digital IDs for domestic travel, just like Apple’s version. You still need to keep your physical passport or license with you in case TSA requests it. Setting it up is simple and only takes a few minutes.

How to add your passport to Google Wallet

Settings may vary depending on your Android phone’s manufacturer 

• Open the Google Wallet app on your Android phone
• Tap Add to Wallet
• Select ID Card
• Choose U.S. Passport
• Scan the photo page of your passport
• Hold your phone near the passport chip to read it
• Take a selfie video so Google can verify your identity
• Follow the on-screen head movement prompts
• Wait for verification
• Your passport will appear in Google Wallet once approved

Digital ID works at more than 250 airports for domestic travel, with more locations coming soon. (iStock)

How to use your digital passport at TSA with Google Wallet

Settings may vary depending on your Android phone’s manufacturer 

• Open Google Wallet on your phone
• Tap your passport
• Hold your device near the TSA identity reader
• Review the information TSA requests
• Confirm with your device unlock method, such as fingerprint or PIN

FAKE FLIGHT CANCELLATION TEXTS TARGET TRAVELERS

Take my quiz: How safe is your online security?

Think your devices and data are truly protected? Take this quick quiz to see where your digital habits stand. From passwords to Wi-Fi settings, you’ll get a personalized breakdown of what you’re doing right and what needs improvement. Take my Quiz here: Cyberguy.com

Kurt’s key takeaways 

Digital ID gives you a fresh way to move through crowded TSA lines with less hassle. It uses the security features built into iPhone and Apple Watch and keeps your passport information stored on your device. Use it for domestic travel and keep your physical ID handy as a reliable backup.

Would you feel confident using a digital passport during your next TSA screening? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com.  All rights reserved. 

Google is sounding the alarm for Android users after uncovering a wave of fake VPN apps that sneak malware onto phones and tablets. These dangerous apps pose as privacy tools but hide info stealers, banking trojans and remote access malware designed to loot personal data.

More people are relying on VPNs to protect their privacy, secure home networks and shield personal information while using public Wi-Fi. Attackers know this demand is growing. They use it to lure users into downloading convincing VPN lookalikes that contain hidden malware.

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Fake VPN apps are spreading across Android devices by posing as trusted privacy tools. (iStock)

How fake VPN apps lure users

Cybercriminals create malicious VPN apps that impersonate trusted brands. They use sexually suggestive ads, geopolitical headlines or fake privacy claims to push people into quick downloads. Google says many of these campaigns run across app stores and shady websites.

DELETE THE FAKE VPN APP STEALING ANDROID USERS’ MONEY

Once installed, these apps inject malware that steals passwords, messages and financial details. Attackers can hijack accounts, drain bank balances or lock devices with ransomware. Some campaigns even use professional ad creatives and influencer-style promotions to appear legitimate.

Scammers now use AI tools to design ads, phishing pages and fake brands with alarming speed. This gives them the power to reach large groups of victims with very little effort.

Why malicious VPN apps are spreading

Fake VPN apps remain one of the most effective tools for attackers. These apps request sensitive permissions and often run silently in the background. Once active, they can collect browsing data, cryptocurrency wallet details or private messages.

According to Google, the most dangerous apps pretend to be known enterprise VPNs or premium privacy tools. Many promote themselves through adult ads, push notifications and cloned social media accounts.

How to recognize a genuine VPN app

Google recommends installing VPN services only from trusted sources. In Google Play, legitimate VPNs include a verified VPN badge to show that the app passed an authenticity check.

A real VPN will never ask for access to your contacts, photos or private messages. It will not ask you to sideload updates or follow outside links for installation.

Be careful with free VPN claims. Many free privacy tools rely on excessive data collection or hide malware inside downloadable files.

Ways to stay safe from fake VPN apps

Staying ahead of these fake VPN scams starts with a few smart habits that make your device much harder for attackers to target.

1) Download only from official app stores

Stick to the Google Play Store. Avoid links from ads, pop-ups or messages that try to rush you. Many fake VPN campaigns depend on off-platform downloads because they cannot pass the Play Store security checks.

2) Look for the VPN badge in Google Play

Google now includes a special VPN badge that verifies an app has passed an authenticity review. This badge confirms that the developer followed strict guidelines and that the app went through additional screening.

If you want a reliable VPN that has already been vetted for security and performance, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices at Cyberguy.com.

3) Use a data removal service

Malicious VPN apps often target information already floating around the web, including your email, phone number and personal details exposed through data brokers. A trusted data removal service can help pull your information from people-search sites and broker databases, which reduces the amount of data scammers can use against you. This limits the damage if a fake VPN app steals your info or if attackers try to match stolen data with public records to build convincing scams.

CAN YOU BE TRACKED WHEN USING A VPN?

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Once installed, these lookalike VPN apps steal passwords, messages and financial details. (iStock)

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com

4) Turn on Google Play Protect and use a strong antivirus software

Google Play Protect, which is built-in malware protection for Android devices, automatically removes known malware. However, it is important to note that Google Play Protect may not be enough. Historically, it isn’t 100% foolproof at removing all emerging malware from Android devices. 

Settings may vary depending on your Android phone’s manufacturer 

How to turn it on: Open Google Play Store → Tap your profile icon → Select Play Protect → Tap Settings → Turn on Scan apps with Play Protect → Turn on Improve harmful app detection.

While Google Play Protect offers a helpful first layer of defense, it is not a full antivirus. A strong antivirus software adds another layer of protection. It can block malicious downloads, detect hidden malware and warn you when an app acts in unusual ways. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

5) Review app permissions carefully

A genuine VPN only needs network-related permissions. If a VPN asks for access to photos, contacts or messages, treat it as a major warning sign. Restrict permissions when possible.

6) Avoid sideloading apps from unknown sources

Sideloaded apps bypass Google’s security filters. Attackers often hide malware inside APK files or update prompts that promise extra features. If you’re unfamiliar with the term, sideloading means installing apps outside the Google Play Store, usually by downloading a file from a website, email or message. These apps never go through Google’s safety checks, which makes them far riskier to install.

7) Watch for aggressive ads and scare tactics

Fake VPN ads often claim your device is already infected or that your connection is not secure. Real privacy apps do not use panic-based marketing.

8) Research the developer before downloading

Look up the developer’s website and reviews. A legitimate VPN provider will have a clear privacy policy, customer support and a consistent history of app updates.

9) Be skeptical of anything labeled free

Free VPNs often rely on risky data practices or hide malware. If a service promises premium features at no cost, question how it pays its bills.

DO YOU NEED A VPN AT HOME? HERE ARE 10 REASONS YOU DO

10) Avoid recovery scams after an attack

If someone contacts you claiming they can recover stolen money, cut contact. Real agencies never demand upfront fees and never request remote access to your device.

11) Keep your device updated

Install security patches as soon as they appear. Updates protect your phone from malware strains that rely on old software vulnerabilities.

Scammers now use AI-generated ads and fake brands to trick you into quick downloads. (Kurt “CyberGuy” Knutsson)

Kurt’s key takeaways

Fake VPN apps are becoming a major threat to Android users as scammers exploit the rising demand for privacy tools and home network security. Attackers hide behind familiar logos, aggressive ads and AI-powered campaigns to push apps that steal data the moment you install them. Staying safe requires careful downloading habits, attention to permissions and a healthy amount of skepticism toward anything that claims instant privacy or premium features for free.

Do you think Google should do more to block fake VPN apps in the Play Store? Let us know by writing to us at Cyberguy.com

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter

Copyright 2025 CyberGuy.com.  All rights reserved.