Digital Security
for All.
We're a nonprofit on a mission to bring cybersecurity and scam awareness to everyday people — through free tools, free resources, and public-awareness campaigns that meet people where they are.
Our community — learning, connecting, and building a safer internet together.
Our Impact
5M+
People Reached
Across LinkNYC, Google, Meta & our tools
3K+
People Helped by Our Tools
Free scam-detection & safety resources
100%
Free & Nonprofit
Every tool, guide, and resource we publish
Practical protection, free for everyone.
We build and give away the tools we wish everyone had — scam detectors, safety guidance, and clear explainers. No paywalls, no logins, no catch.
ScamArchive
A free, searchable archive of real-world scams so anyone can recognize the patterns before they fall for them.
Use it free →InboxSpotter
Paste a suspicious email and get an instant, plain-language read on whether it's a scam.
Use it free →Internet Safety Center
Paste any link and we'll scan it — instantly flagging phishing pages, malware, and other unsafe sites.
Use it free →CyberScout
WhatsApp-based scam guidance — chat in, get clear answers about whether something is safe.
Use it free →Real scams, in the wild.
A rotating look at the latest scam variations submitted to ScamArchive — what they look like, how they work, and how to spot them.
USPS Reschedule Your Delivery Text with QR Code
Observed 2026-04-22
This variation arrives as a text message from an unknown phone number and includes a USPS-branded image instead of a normal link-only message. The image says delivery failed because of an invalid ZIP code and tells you to scan a QR code to update your delivery details. The QR code reportedly led to a webpage on sandalisneakers.com, which is unrelated to USPS and is a strong sign of fraud. This is meant to push you to a fake USPS website where scammers can steal your personal or payment information.
Reports & Investigations
Original research and threat analysis — published openly so anyone can learn from it.
OpenClaw Risk Report: High Risk
OpenClaw is an open-source agentic AI tool marketed as a personal AI assistant that runs inside messaging apps and has full access to the user's local machine. With 50,000+ vulnerable instances and nearly 10 million CVEs across monitored deployments, the security tradeoffs make it a high risk for individuals and businesses adopting it.
by Seva Karonis
Fake Meetup Messages Are Stealing Bank Details From Event Organizers
Meetup organizers are receiving messages through Meetup itself, sent from real Meetup accounts, claiming their event has been restricted. The link inside looks like meetup.com but leads to a page that steals bank and card details.
ALERT: SpiderFoot Scam Resurfaced on spiderrfoot.com
The misleading SpiderFoot distribution site we previously investigated on spiderfoot[.]org has now appeared on a second domain: spiderrfoot[.]com. Because SpiderFoot has no official website, any domain can be mistaken for the real thing.
Cyber Comics
Real scams illustrated — each comic breaks down a threat so you know exactly what to watch for.
Meet Cyber
The Fake Delivery Text
More on the way
New comics drop regularly. Check back soon — or follow us to catch the next one.
Scam-spotting guidance, where people already are.
We run public-awareness campaigns across LinkNYC kiosks, Google, and Meta — putting timely, no-jargon scam alerts in front of millions of people right when fraudsters target them.
5M+
Total People Reached
NYC+
Local & Online
We also bring people together in person.
Workshops, CTFs, and Scam Search Parties — free community events where anyone can learn hands-on.
Our newsletter is on the way. In the meantime, follow us on Instagram →
