Human In[Security] – Week of 2026-06-01

Today’s Menu (30-second skim)

• Carnival says hackers stole personal data from nearly 6 million people: A hacked employee account may have exposed names, birthdays, passport numbers, and other personal details from millions of travelers.
• Fake party and graduation invites are being used to steal passwords: Scammers are sending cheerful-looking invites that trick people into typing their email password on a fake sign-in page.
• Fake World Cup ticket sites may be stealing money and FIFA logins: Hundreds of fake ticket websites are pretending to be FIFA so they can steal money, payment details, and account logins.

1) Carnival says hackers stole personal data from nearly 6 million people

What happened (plain English): Carnival said hackers got into part of its system by taking over an employee account. The company says the stolen information may include names, home addresses, birthdays, phone numbers, email addresses, passport numbers, and driver’s license numbers. A report says nearly 6 million people may have been affected. News coverage linked the attack to the ShinyHunters group, which is known for stealing data and pressuring companies for money. In simple terms, this was not just a website glitch – it was a large leak of personal details that criminals may try to use later.

Why it matters to you: When thieves have personal details like your birthday, address, passport number, or license number, they can make scams sound much more believable. Someone might call pretending to be a travel company, airport worker, or fraud department and mention real facts about you to earn your trust. Another risk is identity theft, where criminals try to open accounts or file fake paperwork using your information. Even if you never clicked a bad link, a company breach can still put your private details into the wrong hands.

How to protect yourself (do this):

• Watch your email, text messages, and mailbox for notices about the breach and follow the official instructions only from the company’s real website.
• Be extra suspicious of callers or messages that mention your cruise, loyalty account, refund, or travel documents and ask you to verify personal information.
• If you have an account with a travel company, change the password, use a unique one, and turn on two-factor authentication if it is offered.

Published: 2026-05-28

Source: The Record

2) Fake party and graduation invites are being used to steal passwords

What happened (plain English): The FTC warned that scammers are sending fake invites for parties, graduations, and other events. The trick is simple: the message tells you to click a link and sign in with your email and password to see the invite. If you type your login, the scammers capture it and can try to get into your email account right away. Because the message sounds happy, ordinary, and social, many people do not expect danger. That is what makes this scam effective – it hides behind something that feels friendly and routine.

Why it matters to you: Your email account is the front door to many other accounts. If a scammer gets into it, they may reset passwords for shopping, banking, or social media services. They can also send messages from your account that look real to your family, coworkers, or friends. A grandparent could get a note that appears to come from you asking for money, or a fake password reset could land in your inbox before you realize anything is wrong.

How to protect yourself (do this):

• Do not type your email password after clicking an invite link, even if the page looks familiar.
• If an invite seems real, contact the sender another way or open the event service by typing its website yourself.
• Turn on two-factor authentication for your email account, because email is the key to many other accounts.

Published: 2026-05-26

Source: FTC Consumer Advice

3) Fake World Cup ticket sites may be stealing money and FIFA logins

What happened (plain English): Researchers found a large scam network using more than 300 fake websites that copy FIFA’s real ticket pages. These sites are designed to steal account logins, payment card details, and money from people hoping to buy 2026 World Cup tickets. Some of the fake pages push expensive premium seats, while others tempt buyers with cheap prices and urgent countdowns. The report says some scam sites even send visitors back to the real FIFA site afterward, which can make the fraud harder to notice. In short, the websites may look official, but the goal is to grab your money or your account before you realize what happened.

Why it matters to you: Big events are perfect bait because people get excited and do not want to miss out. A fan could pay for tickets that do not exist and lose hundreds or even thousands of dollars. Another person might hand over a FIFA login and payment info, then later find the real account changed or locked. When scammers mix fake deals with fake urgency, they count on you moving fast instead of checking carefully.

How to protect yourself (do this):

• Buy tickets only by typing the official website address yourself instead of using ads, social posts, or links in messages.
• Be wary of limited-time deals, countdown clocks, and ticket prices that are far below what others are paying.
• Use a credit card for big online purchases when possible, and check the web address carefully before signing in or paying.

Published: 2026-05-28

Source: The Record

Grandma’s Firewall

This week’s simple rule:

When a message promises something exciting or urgent and then asks you to log in, pay fast, or share personal details, stop and go to the real company website yourself.

Two scripts you can steal:

• “I’m not using that link. I’ll open the official website myself and check there.”
• “Before I sign in or pay, I want to verify this another way. If it’s real, it can wait a minute.”