Cyber-enabled fraud is escalating worldwide and is the primary driver of international money laundering, a Paris-based anti-money laundering body claims in its latest report.
A total of 156 countries now categorize scams as a major financial crime risk. Cyber-enabled fraud is one of the most “widespread and damaging profit-motivated crimes today, generating large volumes of illicit proceeds through the exploitation of victims around the world,” the Financial Action Task Force (FATF) said.
The watchdog attributed the growing threat of cyber fraud to prevalent digitalization and technological advancements which have “expanded the scale, speed, and complexity” of modern fraud. These factors have enabled criminals to exploit digital platforms and instant payment systems, particularly leveraging their borderless nature to move money rapidly across countries and continents.
“As fraudsters continue to adapt and accelerate their scams, we need to keep pace to safeguard people’s money and protect victims from the effects of damaging losses,” said FATF President, Elisa de Anda Madrazo.
The impact is being felt acutely in major financial hubs. In the United Kingdom, fraud now accounts for over 40% of all reported crimes, while Singapore has seen scam cases surge by 61% in just two years. In the United States alone, the FATF estimates that public losses from these schemes have reached tens of billions of dollars.
OCCRP previously reported that in 2024 alone, the U.K. banking industry lost 1.17 billion pounds ($1.6 billion) to fraud last year, as criminals carried out more than 3.3 million scams, according to data from UK Finance.
The industry of cyber scams has evolved into a borderless threat, with the prevalence of global call center scams. In March 2025, OCCRP published Scam Empire, an investigation revealing how criminal call centers use fake investment schemes to target thousands of victims worldwide, exposing the inner workings of these industrial-scale operations.
Do you remember the last time you were carded at a bar or restaurant? It was probably such a quick and normal experience, that you barely remember it. But have you ever been carded to use the internet? Being required to present your ID to access content online is becoming a growing reality for many. We’re explaining the dangers of age verification laws, and the latest in the fight for privacy and free speech online, with our EFFector newsletter.
Prefer to listen in? In our audio companion, EFF Associate Director of State Affairs Rin Alajaji explains how online age verification hurts free expression for all users. Find the conversation onYouTubeor theInternet Archive.
Want to stay in the fight for privacy and free speech online? Sign up forEFF’s EFFector newsletterfor updates, ways to take action, and new merch drops. You can also fuel the fight against mandatory age verification laws when yousupport EFF today!
Phishing and data breaches are a constant on the internet. The single best defense against both is to use a password manager to generate and automatically fill a unique password for every site. While 1Password has recently raised their prices, and researchers have recently published potential flaws in some implementations, using a password manager is still a critical investment in keeping yourself safe on the internet. There are free options, and even ones built into your operating system or browser. We can help you choose.
Password managers protect you from phishing by memorizing the connection between a password and a website, and, if you use the browser integration, filling each password only on the website it belongs to. They protect you from data breaches by making it feasible to use a long, random, unique password on each site. When bad actors get their hands on a data breach that includes email addresses and password data, they will typically try to crack those passwords, and then attempt to login on dozens of different websites with the email address/password combinations from the breach. If you use the same password everywhere, this can turn one site’s data breach into a personal disaster, as many of your accounts get compromised at once.
In recent years, the built-in password managers in browsers and operating systems have come a long way but still stumble on cross-platform support. Within the Apple ecosystem, you can use iCloud Keychain, with support for generating passwords, autofill in Safari, and end-to-end encrypted synchronization, so long as you don’t need access to your passwords in Google Chrome or Android (Windows is supported, though). Within the Google ecosystem, you can use Google Password Manager, which also supports password generation, autofill, and sync. Crucially, though, Google Password manager does not end-to-end encrypt credentials unless you manually enable on-device encryption. Firefox and Microsoft also offer password managers. All of these platform-based options are free, and may already be on your devices. But they tend to lock you into a single-vendor world.
There are also a variety of third-party password managers, some paid, and some free, and some open source. Most of these have the advantage of letting you sync your passwords across a wide variety of devices, operating systems, and browsers. Here are four key things to look out for. First, when synchronizing between devices, your passwords should be encrypted end-to-end using a password that only you know (a “master” or “primary” password). Second, support for autofill can reduce the chance that you’ll get phished. Third, security audits performed by third parties can increase confidence that the software really does what it is designed to do. And finally, of course, random generation of unique passwords is a must.
Don’t let uncertainty or price increases dissuade you from using a password manager. There’s a good choice for everyone, and using one can make your online life a lot safer. Want more help choosing? Check out our Surveillance Self-Defense guide.
This story was originally produced by Floodlight, a nonprofit newsroom that investigates the powerful interests stalling climate action, in partnership with The Guardian. Sign up for Floodlight’s newsletter here.
Elon Musk’s artificial intelligence company is continuing to fuel its data centers with unpermitted gas turbines, according to a Floodlight visual investigation. Thermal drone footage shows xAI is still burning gas at a facility in Southaven, Mississippi, despite a recent Environmental Protection Agency ruling reiterating that doing so requires a state permit in advance.
State regulators in Mississippi maintain that since the turbines are parked on tractor trailers, they don’t require permits. However, the EPA has long required that such pollution sources be permitted under the Clean Air Act.
Any exemption for these machines “could leave these engines subject to no emission standards at all,” the agency wrote in a January final ruling.
However, thermal images captured by Floodlight — and analyzed by multiple experts — show more than a dozen unpermitted turbines still spewing pollutants at the plant nearly two weeks after the EPA’s recent ruling.
“That is a violation of the law,” said Bruce Buckheit, a former EPA air enforcement chief, after reviewing Floodlight’s images and EPA regulations.
“That is a violation of the law.”
xAI, which is seeking permits for dozens more turbines in Southaven, did not respond to multiple requests for comment. The EPA, which under President Donald Trump has initiated a record-low number of enforcement actions, declined to answer questions about the turbines at Musk’s AI facilities and deferred to local authorities on permits.
Hundreds of people showed up to protest at the first and only public hearing on the matter on February 17, the last day of public comment.
The Trump administration has made AI a priority, but as data centers proliferate across the country, regulators are struggling to keep pace with the industry’s increasing reliance on custom-built power sources and their public health impacts on surrounding communities. And Southaven, where state regulators are at odds with federal guidance, is a prime example.
The turbines there help power Grok, the company’s controversial chatbot, and emit harmful pollutants linked to health problems such as asthma, lung cancer and heart attacks.
xAI parked 27 unpermitted turbines on tractor trailers at its complex in Southaven, Miss., a suburb of Memphis, Tenn., to power the company’s nearby data center. (Floodlight/Evan Simon)
“The risk of living next to this type of power plant is well documented,” said Shaolei Ren, a University of California, Riverside associate professor who specializes in the health impacts of data centers. “From the health perspective, we know that this is not good.”
Southaven residents have voiced concerns for months over the noise and pollution emanating from the 114-acre site that is largely hidden from public view — a site xAI is looking to expand.
“For them to be releasing so much pollution in such a populated area, not to mention that there are at least 10 schools within a two-mile radius of the facility, is really concerning,” said longtime resident Shannon Samsa. “It’s horrifying to me that we’re allowing this in our community.”
From Memphis to Mississippi
The Southaven turbine cluster is part of xAi’s rapidly growing footprint along the Tennessee-Mississippi border. That expansion began in the spring of 2024 in South Memphis, next to historically Black neighborhoods, with the construction of Colossus 1, which the company touted as the world’s largest AI supercomputer.
The Southern Environmental Law Center released thermal images in April revealing that xAi had been operating more than 30 unpermitted gas-powered turbines at that site.
“We were hopeful that the Health Department would step in,” said Patrick Anderson, a senior attorney at the SELC. “That never happened.”
County officials in Tennessee maintained the turbines did not require a permit despite longstanding EPA policy that they do. In July, amid local pushback, the county permitted 15 turbines for use at Colossus 1.
On Jan. 15, the EPA reiterated its decades-old policy that such machines need a permit. By then, xAi had already built a second data center in the area, Colossus 2. To power it, the company parked 27 turbines just across the state line in Southaven, a diverse suburb of Memphis with higher than average levels of air pollution.
“When you’re talking about these turbines, think of the jet engine,” said Buckheit.
Thermal drone imagery captured by Floodlight in late January shows some of the 15 turbines operating with permits at xAI’s Colossus 1 facility, touted as the world’s largest AI supercomputer. (Floodlight/Evan Simon)
Despite the EPA’s recent directive, Floodlight’s thermal imagery — analyzed by multiple experts — shows 15 unpermitted turbines in operation at Southaven. Public records obtained by Floodlight show at least 18 of the 27 turbines there have been used since November.
“One might easily have expected, since this has been going on for some months, at least [authorities would issue a] stop work order,” said Buckheit, who served during the Republican Gerald Ford and George W. Bush administrations. He also said the EPA could refer the case to the Department of Justice for investigation.
“But apparently that didn’t happen.”
xAI’s gas plant in Southaven, Miss., has been operating unpermitted turbines to power the company’s nearby datacenter since at least November, according to documents obtained by Floodlight. (Floodlight/Evan Simon)
Playing by a different set of rules
An EPA spokesperson did not answer Floodlight’s questions relating to its enforcement options, instead saying, “EPA does not approve the operation of gas turbines at facilities, that would be the state or local air permitting authority.”
Air permits are traditionally handled by state agencies. However, according to its own website, the EPA is responsible for making sure these agencies comply with federal regulations and “generally will take enforcement action” if a state government fails to “take timely and appropriate action.”
xAI “violated the Clean Air Act the first time, and now they’re gonna copy and paste and do it again,” said Anderson. “I maybe had some naive hope that the regulators who are most in the day-to-day business of implementing the Clean Air Act in Mississippi would do the right thing.”
In response to Floodlight’s questions, a spokesperson from the Mississippi Department of Environmental Quality said the EPA’s recent rule leaves permitting decisions to state authorities.
“The turbines currently operating at the Southaven facility are classified as portable/mobile units under state law and therefore remain exempt from air permitting requirements during this temporary period,” they said. “Nothing in the EPA’s January 15 rule altered that determination under Mississippi regulations.”
Krystal Polk, who has asthma, said she was forced to empty the home that’s been in her family for generations and cancel her plans to retire there because of health concerns after xAI began operating gas-powered turbines directly across the street. (Floodight/Evan Simon)
Longtime resident Krystal Polk said she had no idea xAI was coming to Southaven until black fences were set up across the street from her house. The area, she said, was once quiet and serene, with an abundance of wildlife, but is now bombarded by ceaseless noise and pollution.
“I do feel like xAi is playing by a different set of rules,” she said.
Polk, who has asthma, said she was forced to empty out the home that’s been in her family for generations and cancel her plans to retire there out of concerns for her health.
“We are a casualty of the whole data center race,” she said. “I feel that my voice doesn’t matter.”
The spokesperson for the Mississippi Department of Environmental Quality said the agency takes public concern around emissions, noise and overall quality of life seriously, and though the turbines — in their view — do not require permits, all “applicable air quality standards still apply.”
Krystal Polk’s family home, foreground, sits directly across the street from xAI’s plant in Southaven, Miss. (Floodlight/Evan Simon)
AI’s increasing thirst for fossil fuels
Despite lofty sustainability goals put forward by industry leaders, data centers across the country are increasingly turning to fossil fuels to power the AI boom by using custom-built power plants like the ones in Southaven.
Roughly 75% of this power comes from natural gas, according to a recent report by Cleanview, which tracks clean energy and data center projects.
“Nearly every project we reviewed mentions renewables, hydrogen, or nuclear in its public announcements,” the report noted, but renewables aren’t scheduled until 2028 or later.
And “nuclear is a decade away,” the report said.
Now, xAI is seeking to expand in Southaven, applying in January for a permit to operate 41 turbines at the site.
The facility could emit more than 6 million tons of greenhouse gases and over 1,300 tons of health-harming air pollutants every year, according to xAI’s permit application. That would make it among the largest fossil fuel power plants in the state. The company also purchased property in Southaven for a third data center that, when completed, would make the Colossus cluster — spanning Memphis to Southaven — one of the largest data center complexes in the world.
Shannon Samsa, a physician’s assistant, had hoped to raise a family in Southaven, but the presence of xAi’s gas-powered turbines has made her and her husband reconsider. “I don’t want my children to be growing up around such massive amounts of air pollution,” she said. (Floodlight/Evan Simon)
“It would be devastating,” said Samsa, the Southaven resident. “No community in their right mind would want something like this in their backyards.”
Samsa, a physician’s assistant, had hoped to raise a family in Southaven, but the presence of xAi’s gas-powered turbines has made her and her husband reconsider. She has helped collect more than 1,000 signatures for a petition demanding Mississippi authorities shut down the plant.
“I don’t want my children to be growing up around such massive amounts of air pollution,” she said. “I don’t want them to have to live in a place where their health and their overall well-being is not considered over economics.”
Floodlight is a nonprofit newsroom that investigates the powers stalling climate action.
Authorities in 30 countries seized counterfeit medicines, doping substances and illegal supplements worth more than 33 million euros ($38.86 million) and shut down five clandestine laboratories in a coordinated crackdown on pharmaceutical crime, Europol said Wednesday.
The operation was carried out between April and November 2025 and targeted networks trafficking fake and misused medicines that pose serious public-health risks. Investigators prosecuted 3,354 suspects and identified 43 organized crime groups.
Europol said the operation highlighted emerging health threats, including counterfeit products sold as fat-burners and other fake medicines. Criminal networks are exploiting rising demand for weight-loss drugs, performance enhancers and recreational substances, often distributing falsified products through unregulated online platforms that bypass safety controls.
Glyphosate is the most used herbicide in the world, with farmer applying about 750 million kg per year. The US is the heaviest user, responsible for 19% of global use. The chemical is popular among industrial farmers because it is safe and effective, and yet it also remains highly controversial. It is also back in the news, and so an update on […]
Funding shortfalls are putting the lives of more than 1.9 million displaced people in South Sudan at risk amid rising humanitarian needs, the International Organization for Migration (IOM) said on Wednesday.
