Phishers are once again using the Docusign API to send out fake documents, this time looking as if they come from PayPal.

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails.

We’ve received several reports of this recently, so we dug into how the scam works.

The Docusign Application Programming Interface (API) allows “customers” to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies.

To pull this off, the phishers set up a Docusign account and then use the templates provided by Docusign to send out legitimate looking invoices from PayPal.

Because the emails come from Docusign they can bypass many security filters.

This is an example of how these emails reach the targets.

> We’ve identified an unauthorized transaction made from your PayPal account to Coinbase:
> 
> Amount: $755.38  
> Transaction ID: PP-5284440
> 
> To safeguard your account and process an immediate refund, you must contact our Fraud Prevention Team at:  
> +1 (866) 379-5160
> 
> Our representatives are available 24/7 to assist you in resolving this issue and preventing any additional unauthorized activity.
> 
> Your account’s security is our top priority, and we’re fully committed to helping you address this matter swiftly. We appreciate your immediate attention to this alert.

If you know this is a scam, you’ll likely see some red flags. The “From” address is a Gmail address which seems unlikely to be something that the genuine PayPal Customer Care department would use. Also, it seems weird that Docusign has been used to send a document that doesn’t require a signature.

Looking deeper, there are some more red flags. The “To” address does not belong to the receiver. It doesn’t even exist.

We tried to contact the scammer through WhatsApp, the Gmail address, and by phone, but didn’t get any replies.

I’ve you’ve received an email like this and want to verify if it’s genuine, go directly to Docusign.com, click ‘Access Documents’ (upper right-hand corner), and enter the security code displayed in the email. If you get an error message, that means the document was removed or never even existed. That’s a huge red flag.

**What can I do?**

If you see an unauthorized PayPal payment linked to a Docusign activity, and you suspect it’s fraudulent, you should immediately report it to both PayPal and Docusign. Contact their customer service departments and using their respective reporting features, as these platforms can be used by scammers to make unauthorized charges under the guise of a legitimate document signing process.

If you think you are the victim of this type of phishing:

*   Check your PayPal account: Log in to your PayPal account and review your recent transactions to search for and identify the suspicious payment.
*   Report the incident to PayPal: To confirm an unauthorized payment, go to the PayPal Resolution Center and report the transaction as fraudulent.
*   If you believe your PayPal account has been compromised, contact any bank for which an account is linked to your PayPal account to check for and report potential fraudulent activity.
*   Check your Docusign account: Review if there has been any recent activity to see if there are any suspicious documents or signatures you don’t recognize.
*   Report to Docusign: You can report suspicious activity through its “Report Abuse” feature or by contacting its security team directly.

Docusign says its team investigates and closes suspicious accounts within 24 hours of the activity being detected or reported. When suspicious accounts are reported, the vast majority of those accounts have already been detected by Docusign’s systems and are either under investigation or have already been closed. Once an account is closed, all envelopes sent from the account are no longer accessible by the recipient or sender.

Key points to remember:

*   Never click on suspicious links in unsolicited emails.
*   Verify the sender: Always check if the sender’s email address matches what you would expect it to be. It’s not always conclusive but it can help you spot some attempts.
*   Go directly to the DocuSign site (not following links in the email or sponsored search results) to check if the document actually exists.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 PayPal scam abuses Docusign API to spread phishy emails 

Firefox’s new Terms of Use spark user backlash over data rights. Learn how Mozilla responded to concerns about…

Firefox’s new Terms of Use spark user backlash over data rights. Learn how Mozilla responded to concerns about broad language and possible data misuse.

In the Internet era, where our online activities leave behind a trail of data, trust between users and the software they use is more important than ever. That trust is often buried in long legal agreements and complex terms and conditions, but it can quickly disappear if people feel their privacy is being violated. Mozilla, a company historically lauded for its commitment to user privacy, recently found itself at the center of such a trust dispute.

What happened is that the Firefox browser introduced new Terms of Use, which instead of promoting clarity, sparked a major controversy. The update meant to “formalize” user agreements, triggered a wave of user backlash, driven by language perceived as overly broad and potentially granting the company extensive rights over user data. Despite the company’s insistence that the terms were intended to clarify existing data practices and formalize user agreements, the unclear wording caused a lot of confusion and pushback.

The issue centered on a specific clause that granted Mozilla a “nonexclusive, royalty-free, worldwide license” to use information inputted or uploaded through Firefox. Critics, including figures from rival browser companies, interpreted this as an attempt to claim ownership of user data and potentially monetize it for purposes like AI development or targeted advertising. Mozilla, however, refuted these interpretations, stating that the new terms did not signify a change in how user data is handled.

> W T Fhttps://t.co/ifx7R9rBMV
> 
> "When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of… https://t.co/Zvbif4TWzz
> 
> — BrendanEich (@BrendanEich) February 27, 2025

In response to the intense criticism, Mozilla clarified its intentions and provided further explanations for the controversial wording as well as revised the clause with clearer wording. Here’s the difference between the original and revised clause:

**Previous:** “When you upload or input information through Firefox, you hereby grant us a nonexclusive, royalty-free, worldwide license to use that information to help you navigate, experience, and interact with online content as you indicate with your use of Firefox.”

**Revised:** “You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It also includes a nonexclusive, royalty-free, worldwide license for the purpose of doing as you request with the content you input in Firefox. This does not give Mozilla any ownership in that content.”

Talking to TechCrunch, the company’s VP of Communications, Brandon Borrman, emphasized that the license was necessary to enable basic browser functionalities, such as processing user input. They stressed that the terms did not grant them ownership of user data or the right to use it beyond the scope outlined in their existing Privacy Notice.

According to Mozilla’s explanation of the reasoning behind the specific terms used, “Nonexclusive” was intended to indicate that users retain the right to use their data independently, “Royalty-free” reflected the browser’s free nature, and “worldwide” acknowledged its global availability. The company also confirmed that user data is not sent to third-party AI companies and that any data shared with advertisers is de-identified or aggregated.

The situation has raised fundamental questions about data ownership and the boundaries of digital consent. The initial confusion and backlash emphasize the potential consequences of poorly worded terms, even when intentions are benign. Still, Mozilla’s swift response and subsequent revisions demonstrate the company’s attempt to address user concerns and maintain trust.

1.  Mozilla Rushes to Fix Critical Flaw in Firefox and Thunderbird
2.  Mozilla permanently shuts down Notes & Send over malicious use
3.  Mozilla Faces GDPR Complaint Over New Firefox Tracking Feature
4.  Google & Mozilla ban Avast security extensions over data snooping
5.  Mozilla’s ‘Track This’ lets you choose fake identity to deceive advertisers

Mozilla Tweaks Firefox Terms After Uproar Over Data Use Language

Plus: The FBI pins that ByBit theft on North Korea, a malicious app download breaches Disney, spyware targets a priest close to the pope, and more.

As scam compounds in Southeast Asia continue to drive massive campaigns targeting victims around the world, WIRED took a deeper look at how Elon Musk’s satellite internet service provider Starlink is keeping many of those compounds in Myanmar online. Meanwhile, FTC complaints obtained by WIRED allege that an “OpenAI” job scam used Telegram to recruit workers in Bangladesh for months before the fraudsters suddenly disappeared.

WIRED published the inside story of Russian tech executive Vladislav Klyushin, who—at Vladimir Putin’s behest—was part of a notable US-Russia prisoner swap last summer after he was convicted and incarcerated in the US for insider trading that netted him $93 million. Earlier this week, TVs at the headquarters of the Department of Housing and Urban Development in Washington, DC, showed an apparently AI-generated video on loop of Donald Trump kissing Elon Musk’s feet. The words “LONG LIVE THE REAL KING” were superimposed over the video.

WIRED conducted an investigation into Telegram groups devoted to doxing and harassing women who joined “Are We Dating the Same Guy?” groups on Facebook. And, as female entrepreneurs in tech face ever steeper odds of gaining support for a business, a team of female founders got seed funding and completed a series A round in a matter of months for the cloud container security firm Edera.

But wait, there's more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

**Trump Administration Backs Off on Countering Russian Cyber Foes**

After years of Russian cyber aggression against the United States and its longtime allies—including repeated election meddling, hack and leak operations, disinformation campaigns, elaborate espionage, and brazen, disruptive cyberattacks—multiple recent actions from the Trump administration have recast the US stance on the cybersecurity threats posed by the Kremlin, downplaying the risks of Russian hackers as US adversaries. The about-face comes as Donald Trump and Russian president Vladimir Putin have increasingly strengthened their ties. Consistent US intelligence community assessments of Russia's activity in cyberspace and the threat it poses to the US would indicate, though, that such a change in approach could put the US at risk.

That deprioritization of the Russia threat has come in several different forms. US State Department deputy assistant secretary for international cybersecurity Liesyl Franz said during a speech in a United Nations working group last week that the US is concerned about digital attacks from China and Iran, but did not mention Russia. A recent memo distributed at the Cybersecurity and Infrastructure Security Agency laid out priorities for the agency, focusing on China and defense of US systems but omitted any reference to Russia. And on Friday, the cybersecurity news outlet The Record reported that, last week, Defense Secretary Pete Hegseth ordered US Cyber Command to stop all cyber operational planning against Russia, including offensive digital campaigns.

**Crypto Bounty Hunters Are Racing to Find and Freeze $1.4 Billion Stolen From ByBit**

Eight days have passed since the cryptocurrency exchange ByBit revealed that hackers stole $1.4 billion worth of Ethereum-based assets from the company, a heist that is by some measures the biggest theft of crypto in history. Now the race is on to track the stolen funds across blockchains, prevent its liquidation, or even recover it—and that race is being propelled by $140 million in bounties offered by ByBit itself. ByBit earlier this week launched a website where it’s inviting crypto sleuths to submit tips about the destination of its stolen Ethereum funds and offering as a reward 5 percent of the value of any funds that those tracers can identify and help to freeze or seize. ByBit has offered another 5 percent of the value as a separate reward for any crypto exchange or other platform that obtains the funds.

As of Friday, the website counted a dozen bounty hunters currently registered as part of that crypto-tracing effort and put the tally of paid-out rewards at around $4.3 million. The site also includes a leaderboard of tracers who have successfully identified tranches of the funds by following them across blockchains or frozen funds—as well as a list of crypto exchanges who have, by contrast, liquidated the stolen funds on behalf of the thieves. So far only one exchange, known as eXch, has been flagged as liquidating $94 million of the stolen assets. ByBit notes that eXch has refused to respond to its messages, and the exchange didn’t respond to a BBC request for comment.

**FBI Urges Crypto Industry Not to Launder ByBit Funds for North Korea**

Earlier this week, the FBI took the unusual step of publicly identifying the hackers behind that massive ByBit hack: TraderTraitor, a group of state-sponsored cybercriminals working on behalf of the North Korean government. The FBI asked the crypto industry not to launder the funds of those hackers, a part of the larger umbrella group widely known as Lazarus that has long plagued the cryptocurrency world and has stolen billions in both crypto and non-crypto assets. In its alert, the bureau also released a list of Ethereum addresses associated with the stolen funds in an effort to help the crypto industry identify and seize any part of the $1.4 billion before it can be cashed out. Crypto tracing firm TRM Labs wrote in a post Thursday that around $400 million of the funds have already been moved and may have been successfully liquidated.

**A Disney Staffer Opened the Door for a Slack Hack by Accidentally Downloading Malware**

In July, an entity calling itself “NullBulge” published a 1.1-TB trove of data stolen from Disney's internal Slack archive, tipping off a frenzied cleanup effort as Disney rushed to get a handle on leaked revenue numbers, employee information like passport numbers, and sensitive customer information. The breach occurred after a Disney employee, Matthew Van Andel, inadvertently downloaded malware onto his personal computer that collected his login credentials for a number of services, including, crucially, the password to his 1Password credential vault. “It’s impossible to convey the sense of violation,” he told The Wall Street Journal. Van Andel also had his credit card numbers and other personal data stolen, and then lost his job as well when a Disney audit of his work computer alleged that he had accessed porn from the device. Van Andel denies the accusation. The episode is just one in a series of breaches where malware that infects a worker’s personal computer can have major ramifications for the institution that employs them.

**An Italian Priest Close to the Pope Had His Phone Hacked**

Mattia Ferrari, an Italian priest who works with a migrant-rescue group and has a close relationship with the Pope, revealed this week that he received a warning from Meta that his phone had been hacked with sophisticated spyware from Israeli-based Paragon. The news follows revelations that Luca Casarini, the founder of the NGO Mediterranea Saving Humans, where Ferrari served as a chaplain, also had his phone compromised by spyware, as did Italian investigative reporter Francesco Cancellato. The string of spyware infections targeting Italian activists and a journalist raises the question of who might be carrying out the hacking operations, with opposition leaders calling on the administration of Italian prime minister Giorgia Meloni to address the issue. Meloni’s government has denied being behind the hacking incidents. Pope Francis, who is currently in critical condition with pneumonia, has mentioned speaking to Ferrari on the phone during a TV interview in January, raising the question of whether the spies who hacked Ferrari’s phone eavesdropped on a conversation with the pope himself.

The Trump Administration Is Deprioritizing Russia as a Cyber Threat

Strong eCommerce customer service builds trust, boosts loyalty, and drives sales. Learn key strategies, best practices, and tools to enhance online support.

Great online customer support starts with the fundamentals that make shoppers feel valued and understood when they can’t see your face or walk into your store. The basics include responding quickly across multiple channels, writing in a friendly human tone (not corporate-speak), and making it super easy for customers to find help when they need it.

Mastering these foundational elements builds trust with online shoppers and sets the stage for turning one-time buyers into loyal repeat customers. According to WOW24-7, an e-commerce customer service outsourcing provider, recent studies highlight the impact of customer service quality on online shopping behaviour. In April 2024, reports indicated that 79% of consumers may choose not to buy from a brand again after a poor post-purchase experience.

****What is eCommerce Customer Service?****

Generally speaking, e-commerce customer service is a special department that helps and supports online businesses as you are shopping online. Think of it as the digital version of that helpful store employee, but instead of being face-to-face, they’re helping you through chat, email, or phone when you have questions about products, shipping issues, returns, or just need advice before buying something.

****Advantages of a Good eCommerce Customer Service****

Good online customer service is a total game-changer! It builds trust (super important when you can’t see products in person), turns angry customers into happy ones (like when your headphones arrived broken and they shipped new ones overnight), and makes people spend more money.

Plus, happy customers tell their friends – “one of our customer’s customers switched to a new skincare brand just because her friend raved about how they helped her find the right products for her skin type.”

****How To Provide a Stellar Customer Service: Tips For Online Support********1\. Prioritize Multiple Communication Channels****

To provide excellent customer service, be available wherever your customers want to reach you. That means providing various channels of support, including social media support. 

Some people hate phone calls but love texting, while others want to shoot a quick email or DM you on Instagram. The best online stores let me choose – like that clothing shop that lets me track my order through text, ask sizing questions on chat, or call them about complicated returns. It shows they respect how you prefer to communicate instead of forcing you to use their one preferred channel.

So, good customer service plays a key role in customer satisfaction, and it should be multichannel customer support. And what about you, how many channels does your brand offer to contact your team?

****2\. Empower Your Team with Knowledge****

Make sure your support team knows your products inside and out – they can’t help customers if they’re clueless themselves. Indeed, the product knowledge is essential. Create a searchable knowledge base where your team can quickly find answers instead of saying “Let me check on that” for every question.

Our customer, a tea company, has weekly “sip and learn” sessions where staff try new products and discuss common questions, which has cut their average response time in half. The ability to deliver almost instant answers to the customers’ questions. That’s what we call a start for the exceptional customer service. 

****3\. Implement a Full Self-Service System****

Give customers ways to help themselves with detailed FAQs, video tutorials, and searchable help centers available 24/7. That is super important for customer retention.

One of our customers, an electronics ecommerce business has this amazing interactive troubleshooting tool that walks you through fixing common issues before the customers even need to contact them. Just make sure to keep these resources updated – nothing’s more frustrating than outdated information that wastes customers’ time.  

****4\. Track Key Metrics and Analyze Performance****

You can’t improve what you don’t measure, so keep tabs on response times, customer satisfaction scores, and first-contact resolution rates. Look for patterns in customer complaints to fix underlying issues – like when that clothing store noticed a spike in size questions and added better measurement guides. Set goals for your customer service team based on these metrics, but don’t obsess over speed at the expense of actually solving problems properly.

Moreover, track and analyze your customer reviews and work with both positive customer reviews and negative ones. Here’s a tip for you: the leading ecommerce platforms also work with the so-called ‘middle customers’ (the ones that are neither positive nor negative. They are the easiest ones to become your true brand enthusiasts. 

****5\. Personalize the Customer Experience****

Use customer purchase history and preferences to make interactions feel special and relevant. One ecommerce brand, a book subscription service, remembers what genres you love and what you have already read, making their recommendations useful.

Simple touches made by your customer service representative like addressing customers by name and referencing their previous orders make people feel valued instead of just another ticket number in the queue. That is crucial if you want to be the brand that comes with the best customer service for ecommerce. 

****6\. Proactively Address Customer Issues****

A great customer service company does not wait for complaints, it reaches out when its support agents know there might be a problem. For instance, a clothing store emails you before you even notice that your package was delayed due to weather, offering options and a small discount or a free trial. 

Therefore, your customer service agent must watch social media mentions of your brand to catch issues before they escalate into full-blown problems. This customer service strategy builds trust and loyalty. 

****7\. Embrace Technology and Automation****

If you want to offer good customer service experiences, use chatbots to handle simple questions and AI to route complex issues to the right specialist. Add the frequently asked questions section to let your customers find all the answers to their questions without waiting for your reply and the personalization to help them if they contact you. 

A simple example: there’s a tech shop that uses automation to send perfectly timed setup guides after purchase, preventing tons of support calls. Just make sure there’s always an easy escape hatch to reach your ecommerce customer service team when the bot can’t help. That’s crucial if you want to deliver an excellent customer service. 

****8\. Offer Easy Returns and Exchanges****

Make returns painless with prepaid labels, clear instructions, and quick processing. Yes, in the world of e-commerce, you have to provide the customer with the possibility to return in a fast, easy and free manner.

Here’s an example. There’s a shoe company that includes a return label right in the box and lets you start the return process with a single text message. And here comes an interesting fact: Good return policies increase sales because people feel safer trying new products. 

****9\. Solicit and Respond to Feedback****

Actively ask customers how they’re doing through quick surveys after purchases or support interactions. Every ecommerce business will benefit from customer service tools or special support software that collects data about the quality of service and customer communications. 

Just a simple case from our experience. There’s a coffee subscription that sends a three-question survey after each delivery, and when somebody mentioned their packaging was excessive in the comments, they changed it within a month. Show customers that the feedback matters by implementing changes and letting them know. There’s a necessity to adapt to the changing world of customer satisfaction. 

****10\. Invest in Ongoing Training and Development****

Keep your ecommerce customer support team sharp with regular product training and customer service skill development. My cousin works at an online beauty store where they spend Friday afternoons practising tough customer scenarios and learning about new product ingredients. Well-trained agents solve problems faster and make customers happier.

****11\. Foster a Culture of Customer-Centricity****

Make customer happiness everyone’s job, not just the support team’s. One of our customers, a small electronics brand, believes that excellent service is critical and so it invites its engineers to join support calls monthly to hear customer struggles firsthand. Then their support system analyses the available customer needs and the online shopping experience and thinks of ways to improve service to customers.

Celebrate team members who go above and beyond for customers, and use customer stories in company meetings to keep their needs front and center.

****An Effective eCommerce Customer Service: Key Takeaways****

Great online customer service is crucial as it talks to your customers directly. It’s all about being focused on customer wants, needs, and expectations. Plus, since great service is important for brand success, multi-channel customer support has become the new normal for companies who want to boost the customer’s lifetime value. Response speed matters hugely, but the quality and personal touch of those responses turn one-time buyers into loyal fans who spread the word.

The best online stores use the right software like Intercom and technology to handle routine stuff while freeing up humans to solve complex problems with empathy and creativity to improve their customer experience. Track what’s working (and what isn’t) through customer feedback and solid metrics, then actually use that info to keep improving. Remember that in the digital world where competitors are just a click away, exceptional service isn’t just nice to have – it’s often your biggest competitive advantage. 

Therefore, these are the eCommerce Customer Service Best Practices that help you improve customer service and provide an amazing customer service experience. Just remember that true customer service means the real care of your customers, not just words.

****Customer Service Channels FAQ********Why is customer service important for e-Commerce businesses?****

It’s your digital storefront’s personality! Without face-to-face interaction, it’s hard to make your customers happy. When one of our customers launched her handmade jewellery store, her amazing response time and personalized packaging notes turned first-time buyers into repeat customers who shared her store all over social media. Plus, in a world where switching to a competitor takes one click, great service is often the only thing keeping customers loyal.

****What are the key challenges of providing online customer support?****

The biggest headache is managing customer expectations for instant 24/7 help when you’re a small team (or solo entrepreneur). Then there’s the challenge of explaining products people can’t touch or try on, handling shipping issues you don’t directly control, and building trust without in-person connections. For instance, a hot sauce company can struggle with international customers who fail to understand the cause of shipping delays until they create a visual tracking system that shows exactly where packages are stuck.

****How can I improve response times for customer inquiries?****

*   Create templates for common questions so you’re not typing the same shipping policy explanation fifty times a day.
*   Set up auto-responses that acknowledge messages immediately even if you’ll answer fully later.
*   Use a smartphone app connected to your help desk so you can quickly answer simple questions while on the go.
*   You can dramatically cut response times by creating a shared Google Doc where all staff will document weird questions and answers for everyone to reference.

****What are the best tools for managing eCommerce customer service?****

For small shops, Zendesk or Freshdesk are solid starting points that won’t break the bank. Gorgias is amazing if you’re on Shopify since it shows order history right alongside customer conversations. Help Scout has a super clean interface that’s easy for non-tech folks. The gaming stores often Intercom so they can chat with the customers right on their website while they are browsing, which saves from abandoning the cart multiple times.

****How can I handle difficult customers effectively?****

First, take a deep breath and remember it’s rarely personal. Listen fully before responding – sometimes people just want to be heard. Offer concrete solutions instead of excuses. Know when to give a little (like a small discount) to solve a bigger problem.

One more tip to keep in mind: if you have a super angry customer about shipping damage, remember that customer service is important and it’s imperative to react instantly. So, immediately send a replacement with a small bonus. That can help you turn your angry customer into the biggest Instagram advocate.

****What role does automation play in e-Commerce customer support?****

Automation handles the repetitive stuff so humans can focus on complex problems. Think automatic order confirmations, shipping updates, and chatbots that answer basic questions like “What’s your return policy?” The smart plant shop I order from automatically emails care instructions based on what I purchased and sends reminders when it’s time to report – this prevents tons of support questions while making me feel taken care of.

****How can live chat improve customer satisfaction?****

Live chat catches customers right when they’re considering a purchase but have questions – like when I was about to abandon a pricey camera purchase until their chat agent explained why it was worth the investment. It feels more immediate than email but less intrusive than phone calls. 

****What are the best practices for handling returns and refunds?****

Make your policy crystal clear and easy to find. Don’t make customers jump through hoops – include return labels in the original package if possible. Process refunds quickly once items are received. Be flexible when it makes sense – that clothing store that gave me store credit past their return window earned way more of my money long-term. The best companies view returns as opportunities to learn product issues and improve, not as losses to minimize.

****How can I measure the success of my ecommerce customer service?****

Track obvious stuff like response time and resolution time, but also watch customer satisfaction scores (quick post-interaction surveys) and Net Promoter Score (would they recommend you?). Look at repeat purchase rates after service interactions – my favourite coffee subscription saw that customers who had a resolved issue spent 20% more in the following six months than those who never had problems. Also, track how many support tickets you get per 100 orders – this should decrease as you improve product descriptions and FAQs.

****What are some common mistakes to avoid in online customer support?****

The biggest fails include: making customers repeat their problem to multiple agents, hiding contact information so people can’t easily reach you, using robotic templated responses without personalizing them, promising unrealistic shipping/delivery times, and not following up after resolving issues. My worst experience was with that electronics store that transferred me three times, made me re-explain my issue each time, then promised to call back and disappeared forever – I’ll never shop there again!

Featured Image via Pixabay

1.  The Basics of Ecommerce Cybersecurity
2.  Enhance customer experiences with Generative AI
3.  How Payment Orchestration Enhances Business Efficiency
4.  Software Support: 7 Essential Reasons You Can’t Overlook
5.  Future of eCommerce: Emerging Tech Shaping Online Retail in 2024

eCommerce Customer Service Tips For Online Support: The Basics

While countries and companies are fighting over access to encrypted files and chats, our data privacy may get crushed.

Data privacy issues are a hot topic in a world where we apparently don’t know who to trust anymore.

A few weeks ago, we reported how the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. This week, Apple decided to pull the plug on Advanced Data Protection (ADP) for UK users.

ADP is an opt-in data security tool designed to provide Apple users a more secure way to protect data stored in their iCloud accounts. Enabling ADP would ensure that even Apple could not access the data, which would mean that Apple was unable to hand over any information to law enforcement.

Something similar happened when Sweden’s law enforcement and security agencies started to push legislation which would force Signal and WhatsApp to create technical backdoors, allowing them to access communications sent over the encrypted messaging apps. The proposed bill prescribes that companies like Signal and WhatsApp need to store all messages sent using the apps.

President of the Signal Foundation, Meredith Whittaker, told Swedish SVT News that the company will leave Sweden if the bill becomes a reality.

So basically, by seeking to obtain encryption backdoors, which are not likely to remain exclusive, these governments are undermining the data privacy options of their citizens. A backdoor can and will eventually be found by those that we absolutely didn’t want to snoop around in our backups and chat logs.

It doesn’t just affect the countries at the heart of the request. The US director of national intelligence is reportedly going to investigate whether the UK broke a bilateral agreement by issuing the order that would allow the British to access backups of data in the company’s encrypted cloud storage systems,

The bilateral agreement in question is the Clarifying Lawful Overseas Use of Data Act (CLOUD Act) Agreement, which—among other things—bars the UK from issuing demands for the data of US citizens and vice versa. The CLOUD Act primarily allows federal law enforcement to compel US-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data is stored in the US or on foreign soil. Provisions in the act state that the United Kingdom may not issue demands for data of US citizens, nationals, or lawful permanent residents, nor is it authorized to demand the data of persons located inside the US.

Globally, governments and law enforcement agencies continue to seek more control over data through new legislations and rules. States regulate data to protect national security and provide domestic firms access to user (and anonymous) data to boost competitiveness, ease law enforcement’s qualms when accessing data, and ward off foreign surveillance.

But at the end of the day, the criminals that law enforcement agencies are after, will end up using expensive private phone networks, and the general population will be left with tools that have been broken on purpose. Backdoors that have been created will be waiting for cybercriminals to find the cracks and access our “encrypted” data.

Meanwhile, privacy is recognized as a universal human right while data protection is not. And it should be. Even if we think we “have nothing to hide” cybercriminals will find a way to use that data against us, if only to make their phishing attempts more credible. Let alone, trade and economic secrets that could fall into the hands of competitors or “unfriendly” nations.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Countries and companies are fighting at the expense of our data privacy 

Sweden’s proposal to mandate encryption backdoors faces backlash from Signal, cybersecurity experts, and even its military over privacy and security risks.

Swedish law enforcement and security agencies are advocating for legislation that would compel encrypted messaging services, such as Signal and WhatsApp, to implement backdoors.

This measure aims to grant authorities access to users’ communications for criminal investigations. However, this proposal has met with strong resistance from both the service providers and Sweden’s own military.

Meredith Whittaker, President of the Signal Foundation, has unequivocally stated that Signal would withdraw from the Swedish market rather than compromise its encryption standards. In an interview with SVT Nyheter, Whittaker emphasized that introducing a backdoor would undermine the app’s entire security architecture, stating, “If you create a vulnerability based on Swedish wishes, it would create a way to undermine our entire network.”

She further stated that Signal’s commitment to user privacy and data protection is paramount, and the organization would not acquiesce to demands that jeopardize this principle.

> Signal has announced that it will “leave Sweden” if the Swedish government mandates encryption backdoors. Many are celebrating this as a bold act of resistance. But what does it actually mean?
> 
> Signal has no offices or legal presence in Sweden. Will they block Swedish IP… https://t.co/ffkD1pyz9n
> 
> — Nadim Kobeissi (@kaepora) February 25, 2025

Interestingly, the Swedish Armed Forces, which have recently adopted Signal for secure, non-classified communications, have also expressed concerns regarding the proposed legislation. In a letter to the government, military officials cautioned that mandating backdoors could introduce vulnerabilities exploitable by malicious actors, thereby compromising national security. This stance highlights a discord between Sweden’s defence priorities and the objectives of its law enforcement agencies.

Justice Minister Gunnar Strömmer has defended the proposal, arguing that it is essential for law enforcement to effectively access electronic communications in the fight against serious crimes. The bill, which could be presented to the Riksdag (Swedish Parliament) as early as March next year, seeks to balance the needs of national security with individual privacy rights, a balance that is proving contentious.

William Wright, CEO of Closed Door Security, criticized the move, stating:

_“Building backdoors into software is akin to deliberately creating vulnerabilities. Once embedded, threat actors will focus on finding and exploiting them, putting millions at risk. History has shown that even government-backed backdoors, like those exploited in the Salt Typhoon attack, can be turned against the very institutions that created them. The long-term risks far outweigh any short-term benefits for law enforcement.”_

This development in Sweden is similar to debates in other countries. Notably, the United Kingdom recently demanded that Apple provide access to encrypted iCloud accounts. In response, Apple chose to remove the option for British users to protect their accounts with end-to-end encryption rather than compromise its security protocols.

These situations highlight the constant struggle between governments wanting access to private data for security reasons and the need to protect people’s privacy. As Sweden debates this proposal, the final decision could have a major impact, not just on encrypted messaging within the country but also on global conversations about privacy and digital security.

Signal Threatens to Exit Sweden Over Government’s Backdoor Proposal

An alleged job scam, led by “Aiden” from “OpenAI,” recruited workers in Bangladesh for months before disappearing overnight, according to FTC complaints obtained by WIRED.

A Bangladeshi worker was eager to get started at their new OpenAI job—completing basic online tasks in exchange for consistent income, while getting into cryptocurrency investing at the same time. After connecting with the startup on Telegram and creating an account through a ChatGPT\-branded app, they invested crypto into the platform and began a months-long job working for “Aiden” from “OpenAI.”

The work was performed through the website “OpenAi-etc,” and internal conversations were held on Telegram. It was simple: Invest some crypto, complete a few tasks, and earn daily profits based on what was invested.

Over the course of this worker’s time with the company, mentors continuously encouraged them to invest more money into the fund and recruit more Bangladeshi people to the team. When the worker convinced over 150 to join and the mentors split the growing team of “brokers” into a hierarchy based on seniority, it all felt very real. The total crypto-investment fund for their team was around $50,000. After a devastating cyclone hit Bangladesh in May, company leaders supposedly helped those in need, further earning the trust of employees.

All seemed well until the morning of August 29, 2024, when everyone woke up to find that the website, all of their money, Aiden, and the other fake OpenAI employees had vanished overnight. The job, of course, was never with OpenAI at all, former workers say.

“I’ve seen similar scams where, at the beginning, you think you are making profit, and then basically you invest more and more,” says Shirin Nilizadeh, an associate professor at the University of Texas at Arlington who focuses on security and privacy. “Then, suddenly, you lose everything.”.

The story of the scammed “OpenAI” worker is from just one of 11 complaints about OpenAi-etc submitted to the US Federal Trade Commission by workers from Bangladesh last year, seven of which mention “Aiden.” Analysis of the complaints, obtained by WIRED through a public records request, reveal a potentially widespread job scam that used OpenAI’s name recognition to allegedly trick low-wage workers out of their savings. While some people describe getting started with OpenAi-etc in June or July, others believed they were working for the company for around six months.

The first FTC complaint obtained by WIRED, lodged over two months before the August 29 rug pull, says the complainant was invited by OpenAi-etc to invest around $170 in crypto. The person mentions an American registration number for the business, confirming it was in good standing with Colorado regulators and listing a physical office in Denver. The complaint also highlights a legitimate-looking money service business registered with the US Treasury’s Financial Crimes Enforcement Network, which lists the company’s location as an office inside the Empire State Building in New York City.

A WIRED review of domain name system records for the now-defunct OpenAi-etc website shows that it appears to have been hosted by a China-based web hosting company.

Jay Mayfield, a senior public affairs specialist at the FTC, declined WIRED’s request to confirm whether the group is looking into OpenAi-etc, saying that investigations are nonpublic. Mayfield did not answer additional questions about what steps the FTC is taking to prevent similar scams or provide better assistance for international victims.

“Regrettably, I found no available source online to know more about this organization except for those registrations,” wrote the complainant. “They are collecting huge amounts of investment from third world countries in Asia.”

One of the FTC complaints alleges that over 6,000 people in Bangladesh were potentially impacted by the OpenAi-etc job scam. The ages listed in the FTC complaints range from teenagers to people in their fifties, with locations spread across multiple Bangladesh cities, from Dhaka to Khulna.

“My next trading date was 29 August, 2024,” wrote another complainant. “I made the trade with my whole amount in the evening. But, suddenly, the OpenAI company vanished. I didn’t withdraw any money but lost both capital and profit. Now, I am in a great economic crisis, as I am a normal school teacher.”

Niko Felix, a spokesperson for OpenAI, declined to answer questions about whether the startup was previously aware of the “OpenAi-etc” scam, or if they planned to take action against the fraudsters. But he did share that OpenAI is investigating the matter. The alleged scam website is no longer available online, and WIRED was not able to contact the people behind "OpenAi-etc" prior to publication.

A Telegram spokesperson using the name Remi Vaughn tells WIRED that the company monitors its platform for scams, such as those allegedly carried out by OpenAi-etc, which used the messaging app to communicate with people who believed they were working for the company.

"Telegram actively moderates harmful content on its platform, including scams," Vaughn says in a statement sent to WIRED through the messaging platform. "Moderators empowered with custom Al and machine learning tools proactively monitor public parts of the platform and accept reports from users and organizations in order to remove millions of pieces of harmful content each day."

The usual pattern of a crypto job scam is to trick people into depositing some kind of digital currency into a fake account the victim believes they have control over, until the perpetrator drains it one day without warning. While this specific rug pull used OpenAI’s branding to allegedly dupe its victims, a crypto job scam can happen with the name of any company that has enough widespread recognition for criminals to capitalize on.

“These social engineering scams are designed to lower our natural suspicion and to make us complicit in our own deception,” says Arun Vishwanath, a cybersecurity expert and author of _The Weakest Link_. “For job scams, they try to turn our ambitions and inherent trust in brands into a vulnerability.” Similar to so-called pig butchering investment scams, a key component often includes direct messages over a long period of time to cultivate a sense of trust with the targets.

Although comparable job scams happen all over the world, Vishwanath believes that Asian cultural norms of so-called high power distance, where there’s more acceptance of interpersonal hierarchies, are a contributing factor. "Authorities are expected to ask you things and make you do things," he says. "And you just comply." Scammers are taking advantage of this by imitating authority figures and leaning into the sense of urgency inherent to searching for a job.

Bangladeshi citizens on the difficult hunt for reliable work have increasingly been targeted by job scammers in recent years. Lies about international job opportunities have left throngs of would-be workers stranded in Malaysia, and at least three cases of kidney organ theft were reported by people lured to India with false promises of work.

‘OpenAI’ Job Scam Targeted International Workers Through Telegram

In the epic US-Russian prisoner swap last summer, Vladimir Putin brought home an assassin, spies, and another prized ally: the man behind one of the biggest insider trading cases of all time.

This Russian Tech Bro Helped Steal $93 Million and Landed in US Prison. Then Putin Called

A WIRED investigation goes inside the Telegram groups targeting women who joined “Are We Dating the Same Guy?” groups on Facebook with doxing, harassment, and sharing of nonconsensual intimate images.

In late January, a warning spread through the London-based Facebook group Are We Dating the Same Guy?—but this post wasn’t about a bad date or a cheating ex. A connected network of male-dominated Telegram groups had surfaced, sharing and circulating nonconsensual intimate images of women. Their justification? Retaliation.

On January 23, users in the AWDTSG Facebook group began warning about hidden Telegram groups. Screenshots and TikTok videos surfaced, revealing public Telegram channels where users were sharing nonconsensual intimate images. Further investigation by WIRED identified additional channels linked to the network. By scraping thousands of messages from these groups, it became possible to analyze their content and the patterns of abuse.

AWDTSG, a sprawling web of over 150 regional forums across Facebook alone, with roughly 3 million members worldwide, was designed by Paolo Sanchez in 2022 in New York as a space for women to share warnings about predatory men. But its rapid growth made it a target. Critics argue that the format allows unverified accusations to spiral. Some men have responded with at least three defamation lawsuits filed in recent years against members, administrators, and even Meta, Facebook’s parent company. Others took a different route: organized digital harassment.

Primarily using Telegram group data made available through Telemetr.io, a Telegram analytics tool, WIRED analyzed more than 3,500 messages from a Telegram group linked to a larger misogynistic revenge network. Over 24 hours, WIRED observed users systematically tracking, doxing, and degrading women from AWDTSG, circulating nonconsensual images, phone numbers, usernames, and location data.

From January 26 to 27, the chats became a breeding ground for misogynistic, racist, sexual digital abuse of women, with women of color bearing the brunt of the targeted harassment and abuse. Thousands of users encouraged each other to share nonconsensual intimate images, often referred to as “revenge porn,” and requested and circulated women’s phone numbers, usernames, locations, and other personal identifiers.

As women from AWDTSG began infiltrating the Telegram group, at least one user grew suspicious: “These lot just tryna get back at us for exposing them.”

When women on Facebook tried to alert others of the risk of doxing and leaks of their intimate content, AWDTSG moderators removed their posts. (The group’s moderators did not respond to multiple requests for comment.) Meanwhile, men who had previously coordinated through their own Facebook groups like “Are We Dating the Same Girl” shifted their operations in late January to Telegram's more permissive environment. Their message was clear: If they can do it, so can we.

"In the eyes of some of these men, this is a necessary act of defense against a kind of hostile feminism that they believe is out to ruin their lives," says Carl Miller, cofounder of the Center for the Analysis of Social Media and host of the podcast _Kill List_.

The dozen Telegram groups that WIRED has identified are part of a broader digital ecosystem often referred to as the manosphere, an online network of forums, influencers, and communities that perpetuate misogynistic ideologies.

“Highly isolated online spaces start reinforcing their own worldviews, pulling further and further from the mainstream, and in doing so, legitimizing things that would be unthinkable offline,” Miller says. “Eventually, what was once unthinkable becomes the norm.”

This cycle of reinforcement plays out across multiple platforms. Facebook forums act as the first point of contact, TikTok amplifies the rhetoric in publicly available videos, and Telegram is used to enable illicit activity. The result? A self-sustaining network of harassment that thrives on digital anonymity.

TikTok amplified discussions around the Telegram groups. WIRED reviewed 12 videos in which creators, of all genders, discussed, joked about, or berated the Telegram groups. In the comments section of these videos, users shared invitation links to public and private groups and some public channels on Telegram, making them accessible to a wider audience. While TikTok was not the primary platform for harassment, discussions about the Telegram groups spread there, and in some cases users explicitly acknowledged their illegality.

TikTok tells WIRED that its Community Guidelines prohibit image-based sexual abuse, sexual harassment, and nonconsensual sexual acts, and that violations result in removals and possible account bans. They also stated that TikTok removes links directing people to content that violates its policies and that it continues to invest in Trust and Safety operations.

Intentionally or not, the algorithms powering social media platforms like Facebook can amplify misogynistic content. Hate-driven engagement fuels growth, pulling new users into these communities through viral trends, suggested content, and comment-section recruitment.

As people caught notice on Facebook and TikTok and started reporting the Telegram groups, they didn’t disappear—they simply rebranded. Reactionary groups quickly emerged, signaling that members knew they were being watched but had no intention of stopping. Inside, messages revealed a clear awareness of the risks: Users knew they were breaking the law. They just didn’t care, according to chat logs reviewed by WIRED. To absolve themselves, one user wrote, “I do not condone im \[simply\] here to regulate rules,” while another shared a link to a statement that said: “I am here for only entertainment purposes only and I don’t support any illegal activities.”

Meta did not respond to a request for comment.

Messages from the Telegram group WIRED analyzed show that some chats became hyper-localized, dividing London into four regions to make harassment even more targeted. Members casually sought access to other city-based groups: “Who’s got brum link?” and “Manny link tho?”—British slang referring to Birmingham and Manchester. They weren’t just looking for gossip. “Any info from west?” one user asked, while another requested, “What’s her @?”— hunting for a woman’s social media handle, a first step to tracking her online activity.

The chat logs further reveal how women were discussed as commodities. “She a freak, I’ll give her that,” one user wrote. Another added, “Beautiful. Hide her from me.” Others encouraged sharing explicit material: “Sharing is caring, don’t be greedy.”

Members also bragged about sexual exploits, using coded language to reference encounters in specific locations, and spread degrading, racial abuse, predominantly targeting Black women.

Once a woman was mentioned, her privacy was permanently compromised. Users frequently shared social media handles, which led other members to contact her—soliciting intimate images or sending disparaging texts.

Anonymity can be a protective tool for women navigating online harassment. But it can also be embraced by bad actors who use the same structures to evade accountability.

"It’s ironic," Miller says. "The very privacy structures that women use to protect themselves are being turned against them."

The rise of unmoderated spaces like the abusive Telegram groups makes it nearly impossible to trace perpetrators, exposing a systemic failure in law enforcement and regulation. Without clear jurisdiction or oversight, platforms are able to sidestep accountability.

Sophie Mortimer, manager of the UK-based Revenge Porn Helpline, warned that Telegram has become one of the biggest threats to online safety. She says that the UK charity’s reports to Telegram of nonconsensual intimate image abuse are ignored. “We would consider them to be noncompliant to our requests,” she says. Telegram, however, says it received only “about 10 piece of content” from the Revenge Porn Helpline, “all of which were removed.” Mortimer did not yet respond to WIRED’s questions about the veracity of Telegram’s claims.

Despite recent updates to the UK’s Online Safety Act, legal enforcement of online abuse remains weak. An October 2024 report from the UK-based charity The Cyber Helpline shows that cybercrime victims face significant barriers in reporting abuse, and justice for online crimes is seven times less likely than for offline crimes.

"There’s still this long-standing idea that cybercrime doesn’t have real consequences," says Charlotte Hooper, head of operations of The Cyber Helpline, which helps support victims of cybercrime. "But if you look at victim studies, cybercrime is just as—if not more—psychologically damaging than physical crime."

A Telegram spokesperson tells WIRED that its moderators use “custom AI and machine learning tools” to remove content that violates the platform's rules, “including nonconsensual pornography and doxing.”

“As a result of Telegram's proactive moderation and response to reports, moderators remove millions of pieces of harmful content each day,” the spokesperson says.

Hooper says that survivors of digital harassment often change jobs, move cities, or even retreat from public life due to the trauma of being targeted online. The systemic failure to recognize these cases as serious crimes allows perpetrators to continue operating with impunity.

Yet, as these networks grow more interwoven, social media companies have failed to adequately address gaps in moderation.

Telegram, despite its estimated 950 million monthly active users worldwide, claims it’s too small to qualify as a “Very Large Online Platform” under the European Union’s Digital Service Act, allowing it to sidestep certain regulatory scrutiny. “Telegram takes its responsibilities under the DSA seriously and is in constant communication with the European Commission,” a company spokesperson said.

In the UK, several civil society groups have expressed concern about the use of large private Telegram groups, which allow up to 200,000 members. These groups exploit a loophole by operating under the guise of “private” communication to circumvent legal requirements for removing illegal content, including nonconsensual intimate images.

Without stronger regulation, online abuse will continue to evolve, adapting to new platforms and evading scrutiny.

The digital spaces meant to safeguard privacy are now incubating its most invasive violations. These networks aren’t just growing—they’re adapting, spreading across platforms, and learning how to evade accountability.

Inside the Telegram Groups Doxing Women for Their Facebook Posts

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data.
The development was first reported by Bloomberg.
ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its

Tag

#sap