As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape.
This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It also saw the introduction of AI tools that are easy and accessible to virtually anyone with a phone or laptop, which will continue to have significant implications, as will the fluctuating popularity of cryptocurrency and the emergence of “Web3.”
Advances such as these have set the stage for 2023, which will continue to reshape our interactions with technology—advances that bad actors will try to exploit, and in turn, us.
Yet as the threat landscape continues to evolve, so do the ways we can protect ourselves. With that, we share McAfee’s threat predictions for 2023, along with insights and advice that can help us enjoy the advances to come with confidence.
By Steve Grobman, Chief Technology Officer
Humans have been fascinated by artificial intelligence (AI) for almost as long as we’ve been using computers. And in some cases, even fearful of it. Depictions in pop culture range from HAL, the sentient computer from 2001: A Space Odyssey to Skynet, the self-aware neural network at the center of the Terminator franchise. The reality of current AI technologies is both more complicated and less autonomous than either of these. While AI is rapidly evolving, humans remain at the heart of it, and whether it’s put to beneficial or nefarious use.
Within the last few months, creating AI-generated images, videos, and even voices are no longer strictly left to professionals. Now anyone with a phone or computer can take advantage of the technology using publicly available applications like Open AI’s Dall-E or stability.ai’s Stable Diffusion. Google has even made creating AI-generated videos easier than ever.
What does this mean for the future? It means the next generation of content creation is becoming available to the masses and will only continue to evolve. People both at work and at home will have the ability to create the AI-generated content in minutes. Just as desktop publishing, photo editing, and inexpensive photorealistic home printers created major advances that empowered individuals to create content that previously required a professional designer, these technologies will enable sophisticated outputs with minimal expertise or effort.
Advances in desktop publishing and consumer printing also provided benefits to criminals, enabling better counterfeiting and more realistic manipulation of images. Similarly, these emerging next-generation content tools will also be used by a range of bad actors. From cybercriminals to those seeking to falsely influence public opinion, these tools will empower scammers and propagandists to take their tradecraft to the next level with more realistic results and significantly improved efficiency.
This is especially likely to ramp up in 2023 as the U.S. begins the 2024 presidential election cycle in earnest. Globally, the political environment is polarized. The confluence of the emergence of accessible next-generation generative AI tools and what is sure to be a highly contested 2024 election season is a perfect storm for creating and distributing disinformation for political and monetary gain.
We’ll all need to be more mindful of the content we consume and the sources that it originates from. Fact-checking images, videos, and news content, something that’s already on the rise, will continue to be a necessary and valuable part of media consumption.
By Oliver Devane, Security Researcher
Cryptocurrency scams
In 2022 we saw several online scams making use of existing content to make crypto scams more believable. One such example was the double your money cryptocurrency scam that used an old Elon Musk video as a lure. We expect such scams to evolve in 2023 and make use of deep fake videos, as well as audio, to trick victims into parting ways with their hard-earned money.
The financial outlook of 2023 remains uncertain for many people. During these times, people often look for ways to make some extra money and this can lead them vulnerable to social media messages and online ads that offer huge financial gains for little investment.
According to the IC3 2021 report, the losses for financial scams increased from $336,469,000 in 2020 to $1,455,943,193 in 2021, this shows that this type of scam is growing by an enormous amount, and we expect this to continue.
Unfortunately, scammers will often target the most vulnerable people. Fake loan scams are one such scam where the scammers know that the victims are desperate for the loan and therefore are less likely to react to warning signs such as asking for an upfront fee. McAfee predicts that there will be a large increase in these types of scams in 2023. When looking for a loan, always use a trusted provider and be careful of clicking on online ads.
Metaverses such as Facebook’s Horizon enable their users to explore an online world that was previously unimaginable. When these platforms are in the early stages, malicious actors will usually attempt to exploit the lack of understanding of how they work and use this to scam people. We have observed phishing campaigns targeting users of these platforms in 2022 and we expect this to increase dramatically in 2023 as more and more users sign up for the platforms.
By Craig Schmugar, McAfee Senior Principal Engineer
More than 25 years ago, Windows 95 became the platform of choice not just for millions of users around the globe, but for malware authors targeting those users. Over the years, Windows has evolved, as has the threat landscape. Today, Windows 10 and 11 make up the majority of the desktop PC market, but thanks to the rise of the mobile Internet, device diversity has greatly evolved since the advent of Windows 95.
Over five years ago, Android overtook Windows as the world’s most popular OS and with this shift bad actors have been pursing alternative methods of attack. The ultimate vectors are those which impact users across a spectrum of devices. Email and web-based scams (some of which are outlined in the blog above) are as prolific as ever as these technologies are ubiquitous across desktop and mobile devices.
Meanwhile, other technologies span across desktop and mobile experiences as well. For Google, such cross-platform capabilities are highlighted by increased adoption of ChromeOS and a few underlying technologies. This includes 270 million active Android users and a 270% increase in Progressive Web Application (PWA) installations [https://chromeos.dev]. ChromeOS’ ability to run Android applications, combined with its wide-spread adoption, provides the climate for increased attention by those with ill intentions.
Similarly, adoption of PWAs provide bad actors with additional incentive to deliver deceptive and imposter attacks through this multi-OS channel, including ChromeOS, iOS, MacOS, and Windows.
Finally, on the heels of COVID restrictions that impacted schools in various countries, Google reported 50 million students and educators worldwide [https://chromeos.dev] using ChromeOS. Many users will be unaware of malicious Chrome extensions lurking in the Chrome Web Store.
All of this means that the stage is set for a marked increase in threats impacting Chromebook in the year to come. In 2023, we can expect to see Chromebook users among millions of unsuspecting victims that download and run malicious content, whether from malicious Android Apps, Progressive Web Apps, or Chrome Web Store extensions, users should be leery of popups and push notifications urging them to install untrusted apps.
By Fernando Ruiz, Senior Security Researcher
Editor’s Note: Web3? FOMO? If you’re already lost, you’re not alone. Web3 is a term some use to encompass decentralized internet services, technologies like Bitcoin and Non-Fungible Tokens (digital art that collectors can purchase with cryptocurrency). Still confused? A lot of people are. This New York Times article is a good primer on what is currently considered Web3.
As for FOMO, that’s just an acronym meaning the “Fear of Missing Out.” That nagging feeling, most often felt by extroverts, that others are out there having more fun than them and that they’re missing the party.
Whether you invest in cryptocurrency or just see the headlines on Twitter, no doubt you’ve seen that the price of cryptocurrency has sharply declined during 2022. These fluctuations are becoming more normal as crypto becomes even more mainstream. It’s very likely that the value of crypto will rise again.
When the last upturn in valuation happened near the start of the pandemic, the hype about crypto also skyrocketed. Suddenly Bitcoin and other cryptocurrencies were everywhere. Out of that, rose the concept of Web3, with more companies investing in new applications over blockchain (the technology that is the backbone of cryptocurrency).
McAfee predicts that the popularity of cryptocurrency will rise again, and consumers will hear much more about Web3 concepts like decentralized finance (DeFi), decentralized autonomous organizations (DAOs), self-sovereign identity (SSI) and more.
Some amateur investors, remembering the rapid rise of the value of Bitcoin earlier this decade, won’t want to miss out on what they think will be a great opportunity to get rich quick. It’s this group that bad actors will seek to exploit, offering up links or applications that play on these users’ crypto/Web3 FOMO.
As crypto bounces back and initial awareness of decentralization grows in the general population, consumers will begin to explore these Web3 offerings without fully understanding what they mean or what dangers they should be aware of, leaving them open to scams as they invest time and money into crypto or creating their own NFT content. These scams could entice users to click on a link or download an app that appears to legitimately interact with some blockchains, but in actuality:
Additionally, when consumers DO hold crypto, NFT, digital land, or other blockchain financial assets they are going to be targeted for more sophisticated threats that can drain their funds: smart contracts, exchanges, digital wallets, and synchronization services can all be associated with hidden authorizations that allow a third party (potentially a bad actor) to take control of the assets. It’s important that users read the terms and conditions of any app they download, especially those that will be accessing ANY type of financial institution or currency, whether traditional or crypto.
Social engineering will also continue to be a top entry point for cybercriminals. The complexity of the attacks will evolve as the technology does, which will require more preparation and understanding of how Web3 applications and tools work in order to safely interact with them.
What has emerged from the world of Web3 thus far, while exciting, has also expanded attack surfaces and vectors, which we expect to see grow throughout 2023 as Web3 evolves.
The post McAfee 2023 Threat Predictions: Evolution and Exploitation appeared first on McAfee Blog.
Without doubt, the biggest criticism we all have of social media is that everyone always looks fabulous! And while we all know that everyone is only sharing the best version of themselves, let’s be honest – it can be a little wearing. Well, there’s a new social media platform that is determined to uproot our online curated lives by having users post very real pictures of themselves – with no time to stage or add filters!
Developed in France in 2020, BeReal is where Aussie teenagers are currently spending their time and energy online. And to be honest, I can totally see why. It’s all about sharing random, authentic pics without having to spend time and energy making them look beautiful. In fact, my 19-year-old tells me that the uglier and weirder the photo, the better! How refreshing!!!
Once you’ve signed up, the app will send all users a notification at a random time throughout the day that it’s ‘time to BeReal’. As soon as the user opens the app to share a pic, they have just 2 minutes to take a picture of whatever they’re doing at that particular moment whether they’re on the bus, at the gym or chilling at home in trackies. The app will take 2 pictures using the front and back cameras so that your followers can see what you look like and where you are.
Now, if you don’t manage to post in 2 minutes, you’re officially late and your friends will know. In fact, there’s a small amount of shame for being tardy – as if on some level you’re not committed to being authentic. But don’t let this worry you too much – we can’t wait around all day awaiting the notification to post!
When you have uploaded your daily snap, your friends can comment, respond to your pic with ‘RealMojis’ and even see where you are in the world with the map feature. Users can also choose to upload their pics to the public feed where other users can leave “RealMoji’ reactions but no comments. But in order to access either the public feed or your friends’ photos, users will need to take their own picture too.
Now for my favourite parts of this app – this app has NO filters, NO option to ‘like’ anything, NO follower counts and NO private messaging!! How liberating!!
Like all social media platforms, there are a few risks however with a bit of strategy and a few smarts, users should be able to have a safe and positive experience. And when compared to platforms where follower counts and likes are public, influencers dominate and comments are allowed, BeReal is definitely a great choice.
Here are my top tips to keep the experience safe and positive:
1. Disable Your Location To Avoid Being ‘Discoverable’
Before you share your pics, ensure you disable your location to avoid the app sharing your exact location on the map. You don’t want an ill-intentioned follower knowing your exact whereabouts!
2. Think (Quickly) Before You Post
The very brief 2-minute posting window may result in rushed decisions about what to post and potentially oversharing of personal information. So, ensure you (and your kids) know not to share anything that can identify their location, any identifiable numbers such as passports or licences or, their computer screens that may display confidential information.
3. Don’t Feel Pressures to Post If You Can’t
Accept that there will be times when you just can’t post within the 2-minute time frame. You may be driving, sleeping or doing something far more important. You can absolutely still post late.
4. Know How To Report Bad Behaviour
If you see a post that is inappropriate, then report it immediately. It’s an investment in keeping the BeReal community as safe as possible. Simply tap the three dots at the top right of the post. A report button should appear. You will then have the option to flag the post as undesirable or inappropriate.
5. Be Aware of the Comparison Trap!
Like all social media platforms, users may compare their posts with others. They may think their lives are boring and predictable, particularly if their friends are doing more exciting things. If a young person is prone to anxiety or low mood, this may not be helpful. As a parent, reminding your kids that perception is not reality, and that one photo does not define a person may be required. But if it all gets too much, a digital detox might be just the thing!
So, if your kids have embraced BeReal then your homework is pretty easy – join up too! It’s impossible to understand your kids’ online world if you don’t take some time to step inside it. And for what it’s worth – I think you’ll really like this one. The fact that there is no public like count, follower tally, filters or private messaging makes the Mama Bear in me very happy!!
The post BeReal – The Newest Kid On The Social Media Block appeared first on McAfee Blog.
testasofasfaslfasdahsdiohasodihasodnaosdinaisdnasdnaobvscivbxcv
!@#$%^&*()_+<>????~
The post Test Post 2 – 5 Dec Prod Release appeared first on McAfee Blog.
test post
test post
test postiowfwfsdfffffffffffffffffffffffffffoiwheoir weroihorih
dzfhsdfgusdkfsdkjfbasdlkfnsdlkfjsdjkf
!@#$%^&*()_+<>?~
The post Test Post – Prod Release 5 Dec appeared first on McAfee Blog.
This time of year, the air gets chillier and a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift-givers and do-gooders.
Here are five common Black Friday, Cyber Monday, and holiday season shopping scams to watch out for this year, plus a few tips to help you stay safe online.
The holiday season often brings outpourings of generosity, and scammers kick their morals to the curb and use people’s kindness to make a profit. Social engineering is a tactic where a bad actor plays on people’s emotions to trick them into sharing personal or financial information. This holiday season, keep an eye out for strangers’ funding pages or social media posts asking for donations.
Artificial intelligence (AI) content generation tools like ChatGPT and Bard are likely to make these scams more believable than those in years past. While AI doesn’t understand human emotion, when given the right prompt, it can mimic it well. In one “60 Minutes” segment, Bard wrote a touching short story that made the presenter misty-eyed. Additionally, AI usually uses correct grammar and edits out typos, which used to be the hallmark of phishing attempts.
There are undoubtedly authentic stories of real people and families in need around the holidays. Be wary of any social media post that makes you feel an extreme emotion, in this case, sadness. Phishers want people to act before they think through their decision.
Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant.
While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry and the tone of the message will seem “off.” Either it will sound very formal and impersonal or it will sound very informal and seem pushy.
During the holiday shopping season, your doorstep can be crowded with packages. Do you remember what’s in each one? Online criminals bank on the fact that you can’t quite keep track of what you’ve purchased.
Criminals try to lure people to download malware or divulge personal or account information with bogus order confirmation and delivery tracking number emails and texts. They’ll impersonate popular online retailers or postal services and claim to have information about your order if you click on their link; however, that link will redirect to a malicious site or download a malicious payload to your device.
This holiday shopping scam also dials in on people who’ve lost track of how many online orders they’ve made and the various shopping accounts in their name. Again, phishers will impersonate popular merchants and send “urgent” messages about suspending online accounts if payment isn’t received immediately. Similarly, phishers may also impersonate delivery services claiming that they’re (basically) holding your orders hostage until you pay up.
Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts, or social media direct messages to trick people into divulging gift card information.
Luckily, there are several ways to sniff out a bad actor trying to cash in on your holiday spirit. Here are a few simple ways you can modify your online holiday shopping habits to keep your devices free from malware and your PII out of the hands of bad actors.
Cybercriminals hustle all year round, so it’s an excellent idea to invest in a security solution that gives you peace and mind and boosts your confidence in your privacy, identity, and device safety. McAfee+ is an excellent partner! It includes a VPN, safe browsing tool, credit lock, identity monitoring and remediation, and much more.
Happy shopping, happy holidays, and happy new year!
The post ’Tis the Season for Holiday Scams: 5 Common Schemes to Look Out For appeared first on McAfee Blog.
Whether you’re standing around the water cooler at work, waiting for your kids at the school gate or sitting around the dinner table, data breaches are without doubt the hot topic of conversation. In late September, we were all shaken when news of the biggest Australian data breach to date broke – a record 10 million Optus customers had their details stolen. But unfortunately, the data breach stories have continued with Medibank, Energy Australia, and, most recently, Woolworths also reporting that private customer data had been stolen.
Inevitably, many of us are feeling vulnerable worrying that our private identifying information (and our family’s) such as our Medicare and Drivers Licence details have potentially been stolen. We’ve all read the stories about victims of identity theft and are, rightly concerned, that it could happen to us. So, if you’re unsure as to what to do next – don’t worry – I’ve got you! In fact – I’m going to give you two action plans. The first is for those who have been personally affected by a data breach (or consider it highly likely they were affected) and the second, is a long-term plan to help you protect yourself and your family’s data online.
If you or a family member has been contacted by a company and informed that your private details have been compromised, then you need to caffeine up and bring your entire focus to this situation. And if you’re still awaiting the call but you’re thinking it’s likely you’re affected, then my advice is to assume you are. It never hurts to be too cautious when you’re dealing with a potential identity theft situation. So, here’s your plan:
So, now it’s time to think long term. We all know prevention is key. So, what can we do to protect ourselves to minimise the risk of becoming a victim of identity theft (if and when) the next data breach occurs? Here’s your plan:
As we all know, it’s often the simplest things that can have the biggest impact. Ensuring you have a different but super complex password or passphrase for each of your online accounts is one of the best things you can do to protect yourself online. I appreciate that this may take a lot of work to implement but it’s so worth it. And here’s why – if you’re the victim of a data breach and your login details are stolen then you could be in a world of pain if you have just one password for all your accounts. Because within seconds of stealing your details, a hacker could potentially access your bank accounts, credit card accounts and online shopping sites where your credit card is saved – you get the picture! You see why it makes such sense! If it all feels a little overwhelming, why not use a password manager? Password managers can create and remember passwords that no human could even think of – genius!
In summary, Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) makes a hacker’s life a lot harder. In short, it requires the user to provide two or more verification factors to gain access to an account or app. This might be a text, email or even a code generated by an authentication app. So, even if a hacker has your password and username, if they can’t access the last piece of the puzzle, then you’re safe!!!
McAfee has just released a super-duper solution to help Aussies protect themselves online. McAfee+ is an all-in-one privacy, identity and device protection solution. Not only does it feature identity monitoring and a password manager but also an unlimited VPN, a file shredder, a protection score and parental controls. And the Rolls Royce version called McAfee+ Advanced, also offers subscribers additional identity protections including access to licensed restoration experts who can help you repair your identity and credit. It also gives subscribers access to lost wallet protection which help you cancel and replace your ID, credit cards if they are lost or stolen.
Limiting your exposure online will also reduce the chance of being affected by a data breach. So, take some time to delete accounts you no longer use. Perhaps you had a side hustle on eBay a few years back but hadn’t bothered to close your accounts – well, now is the time. Close down those old eBay (and PayPal) accounts and any other accounts or subscriptions that you no longer use.
And next time you purchase something from a new website, consider conducting your transaction as a guest only and not creating an account on their website. If there’s no benefit beyond saving a minute or two when you check out, why store your credit card number, address, and other identifying info on a website that may eventually be breached?
If there is ever a time to take the management of your online data seriously, it’s now. Assuming that you won’t be a victim of a data breach and that ‘things like that don’t happen to you’ just doesn’t cut it. So, be proactive: sort out your passwords, turn on 2-factor authentication and practice some good quality cyber hygiene! And do yourself a favour and invest in some top-notch privacy and identity protection program like McAfee+ so you can continue living your best life online!
The post How To Help Your Family Protect Their Online Data appeared first on McAfee Blog.
Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel, donate to charities, and simply try to enjoy their time with friends and family.
Unfortunate as it is, scammers see this time of year as a tremendous opportunity to profit. While people focus giving to others, they focus on taking, propping up all manner of scams that use the holidays as a disguise. So as people move quickly about their day, perhaps with a touch of holiday stress in the mix, they hope to catch people off their guard with scams that wrap themselves in holiday trappings.
Yet once you know what to look for, they’re relatively easy to spot. The same scams roll out every year, sometimes changing in appearance yet remaining the same in substance. With a sharp eye, you can steer clear of them.
With Black Friday and Cyber Monday in the books, we can look forward to what’s next—a wave of post-holiday sales events that will likewise draw in millions of online shoppers. And just like those other big shopping days, bad actors will roll out a host of scams aimed at unsuspecting shoppers. Shopping scams take on several forms, which makes this a topic unto itself, one that we cover thoroughly in our Black Friday & Cyber Monday shopping scams blog. It’s worth a read if you haven’t done so already, as digs into the details of these scams and shows how you can avoid them.
However, the high-level advice for avoiding shopping scams is this: keep your eyes open. Deals that look too good to be true likely are, and shopping with retailers you haven’t heard of before requires a little bit of research to determine if their track record is clean. In the U.S., you can turn to the Better Business Bureau (BBB) for help with a listing of retailers you can search simply by typing in their names. You can also use https://whois.domaintools.com to look up the web address of the shopping site you want to research. There you can see its history and see when it was registered. A site that was registered only recently may be far less reputable than one that’s been registered for some time.
Plenty of new tech makes its way into our homes during the holiday season. And some of that tech can be a little challenging to set up. Be careful when you search for help online. Many scammers will establish phony tech support sites that aim to steal funds and credit card information. Go directly to the product manufacturer for help. Often, manufacturers will offer free support as part of the product warranty, so if you see a site advertising support for a fee, that could be a sign of a scam.
Likewise, scammers will reach out to you themselves. Whether through links from unsolicited emails, pop-up ads from risky sites, or by spammy phone calls, these scammers will pose as tech support from reputable brands. From there, they’ll falsely inform you that there’s something urgently wrong with your device and that you need to get it fixed right now—for a fee. Ignore these messages and don’t click on any links or attachments. Again, if you have concerns about your device, contact the manufacturer directly.
With the holidays comes travel, along with all the online booking and ticketing involved. Scammers will do their part to cash in here as well. Travel scams may include bogus emails that pose as reputable travel sites telling you something’s wrong with your booking. Clicking a link takes you to a similarly bogus site that asks for your credit card information to update the booking—which then passes it along to the scammer so they can rack up charges in your name. Other travel scams involve ads for cut-rate lodging, tours, airfare, and the like, all of which are served up on a phony website that only exists to steal credit card numbers and other personal information.
Some of these scams can look quite genuine, even though they’re not. They’ll use cleverly disguised web addresses that look legitimate, but aren’t, so don’t click any links. If you receive notice about an issue with your holiday travel, contact the company directly to follow up. Also, be wary of ads with unusually deep discounts or that promise availability in an otherwise busy season or time. These could be scams, so stick with reputable booking sites or with the websites maintained by hotels and travel providers themselves.
Donations to an organization or cause that’s close to someone’s heart make for a great holiday gift, just as they offer you a way to give back during the holiday season. And you guessed it, scammers will take advantage of this too. They’ll set up phony charities and apply tactics that pressure you into giving. As with so many scams out there, any time an email, text, direct message, or site urges you into immediate action—take pause. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that there some charities pass along more money to their beneficiaries than others. As a general rule of thumb, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
The holidays also mean a flight of big-time sporting events, and with the advent of online betting in many regions scammers want to cash in. This scam works quite like shopping scams, where bad actors will set up online betting sites that look legitimate. They’ll take your bet, but if you win, they won’t pay out. Per the U.S. Better Business Bureau (BBB), the scam plays out like this:
“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.”
You can avoid these sites rather easily. Stick with the online betting sites that are approved by your regional gambling commission. Even so, be sure to read the fine print on any promo offers that these sites advertise because even legitimate betting sites can freeze accounts and the funds associated with them based on their terms and conditions.
A complete suite of online protection software, such as McAfee+ Ultimate can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, we offer $1M identity theft coverage and support from a recovery pro, just in case.
And because scammers use personal information such as email addresses and cell phone numbers to wage their attacks, other features like our Personal Data Cleanup service can scan high-risk data broker sites for your personal information and then help you remove it, which can help reduce spam, phishing attacks, and deny bad actors the information they need to commit identity theft.
That’s why they enjoy the holidays so much. With all our giving, travel, and charity in play, it’s prime time for their scams. Yet a little insight into their cons, along with some knowledge as to how they play out, you can avoid them.
Remember that they’re playing into the hustle and bustle of the season and that they’re counting on you to lower your guard more than you might during other times of the year. Keep an eye open for the signs, do a little research when it’s called for, and stick with reputable stores, charities, and online services. With a thoughtful pause and a second look, you can spare yourself the grief of a scam and fully enjoy your holidays.
The post Unwrapping Some of the Holiday Season’s Biggest Scams appeared first on McAfee Blog.
Authored by SangRyol Ryu and Yukihiro Okutomi
McAfee’s Mobile Research team recently analyzed new malware targeting mobile payment users in Japan. The malware which was distributed on the Google Play store pretends to be a legitimate mobile security app, but it is in fact a payment fraud malware stealing passwords and abusing reverse proxy targeting the mobile payment services. McAfee researchers notified Google of the malicious apps, スマホ安心セキュリティ, or ‘Smartphone Anshin Security’, package name ‘com.z.cloud.px.app’ and ‘com.z.px.appx’. The applications are no longer available on Google Play. Google Play Protect has also taken steps to protect users by disabling the apps and providing a warning. McAfee Mobile Security products detect this threat as Android/ProxySpy.
The malware actor continues to publish malicious apps on the Google Play Store with various developer accounts. According to the information posted on Twitter by Yusuke Osumi, Security Researcher at Yahoo! Japan, the attacker sends SMS messages from overseas with a Google Play link to lure users to install the malware. To attract more users, the message entices users to update security software.
A SMS message from France (from Twitter post by Yusuke)
Malware on Google Play
The Mobile Research team also found that the malware actor uses Google Drive to distribute the malware. In contrast to installing an application after downloading an APK file, Google Drive allows users to install APK files without leaving any footprint and makes the installation process simpler. Once the user clicks the link, there are only a few more touches required to run the application. Only three clicks are enough if users have previously allowed the installation of unknown apps on Google Drive.
Following notification from McAfee researchers, Google has removed known Google Drive files associated with the malware hashes listed in this blog post.
When a user installs and launches this malware, it asks for the Service password. Cleverly, the malware shows incorrect password messages to collect the more precise passwords. Of course, it does not matter whether the password is correct or not. It is a way of getting the Service password. The Service password is used for the payment service which provides easy online payments. The user can start this payment service by setting a Service password. The charge will be paid along with the mobile phone bill.
There is a native library named ‘libmyapp.so’ loaded during the app execution written in Golang. The library, when loaded, tries to connect to the C2 server using a Web Socket. Web Application Messaging Protocol (WAMP) is used to communicate and process Remote Procedure Calls (RPC). When the connection is made, the malware sends out network information along with the phone number. Then, it registers the client’s procedure commands described in the table below. The web socket connection is kept alive and takes the corresponding action when the command is received from the server like an Agent. And the socket is used to send the Service password out to the attacker when the user enters the Service password on the activity.
RPC Function name | Description |
connect_to | Create reverse proxy and connect to remote server |
disconnect | Disconnect the reverse proxy |
get_status | Send the reverse proxy status |
get_info | Send line number, connection type, operator, and so on |
toggle_wifi | Set the Wi-Fi ON/OFF |
show_battery_opt | Show dialog to exclude battery optimization for background work |
Registered RPC functions description
To make a fraudulent purchase by using leaked information, the attacker needs to use the user’s network. The RPC command ‘toggle_wifi’ can switch the connection state to Wi-Fi or cellular network, and ‘connect_to’ will provide a reverse proxy to the attacker. A reverse proxy can allow connecting the host behind a NAT (Network Address Translation) or a firewall. Via the proxy, the attacker can send purchase requests via the user’s network.
It is an interesting point that the malware uses a reverse proxy to steal the user’s network and implement an Agent service with WAMP. McAfee Mobile Research Team will continue to find this kind of threat and protect our customers from mobile threats. It is recommended to be more careful when entering a password or confidential information into untrusted applications.
193[.]239[.]154[.]23
91[.]204[.]227[.]132
ruboq[.]com
SHA256 | Package Name | Distribution |
5d29dd12faaafd40300752c584ee3c072d6fc9a7a98a357a145701aaa85950dd | com.z.cloud.px.app | Google Play |
e133be729128ed6764471ee7d7c36f2ccb70edf789286cc3a834e689432fc9b0 | com.z.cloud.px.app | Other |
e7948392903e4c8762771f12e2d6693bf3e2e091a0fc88e91b177a58614fef02 | com.z.px.appx | Google Play |
3971309ce4a3cfb3cdbf8abde19d46586f6e4d5fc9f54c562428b0e0428325ad | com.z.cloud.px.app2 | Other |
2ec2fb9e20b99f60a30aaa630b393d8277949c34043ebe994dd0ffc7176904a4 | com.jg.rc.papp | Google Drive |
af0d2e5e2994a3edd87f6d0b9b9a85fb1c41d33edfd552fcc64b43c713cdd956 | com.de.rc.seee | Google Drive |
The post Fake Security App Found Abuses Japanese Payment System appeared first on McAfee Blog.
Holding the door for someone might open the way to a cyberattack. For anyone who works in a secure building or workplace, they might want to rethink that courtesy. The hackers and thieves behind piggybacking and tailgating attacks count on it.
Piggyback and tailgating attacks occur when an unauthorized person gains access to a restricted workplace, one that requires some form of ID to enter. While quite similar, these attacks have an important difference:
In both cases, these unauthorized entries can put businesses and organizations at risk. They give potential bad actors all kinds of access to sensitive information and devices.
Trade secrets get stolen this way, as does customer information. In yet more malicious cases, bad actors might gain entry with the intent of sabotaging technology or hijacking a network. And of course, bad actors might do harm to people or property.
Businesses and organizations that find themselves at risk include those that:
Different businesses and organizations have different forms of security in place. You might be among the many who use a smart badge or some form of biometric security to enter a building or certain areas within a building.
However, determined bad actors will look for ways around these measures. With piggyback and tailgating attacks, it’s far easier for them to follow someone into a workplace than it is to break into a workplace.
Bad actors will simply walk in when someone holds the door for them. It’s as simple as that. Additionally, they’ll try several different tricks by:
In all, piggybacking and tailgating attacks rely on social engineering—playing off people’s innate courtesy, willingness to help, or even discomfort with conflict. Essentially, the attacker manipulates human nature.
A good portion of prevention falls on the owner of the building, whether that’s a business, organization, or a landlord. It falls on them to install security hardpoints like badge scanners, keypad locks, biometric scanners, and so on to keep the property secure. Moreover, employers owe it to themselves and their employees to train them on security measures.
Yet you can take further steps to prevent a piggybacking or tailgating attack on your workplace. Some steps include:
Also consider the security of your devices or any other sensitive information you work with. If a bad actor slips into your workplace, you can take other steps to prevent theft or damage.
Some aspects of piggybacking and tailgating prevention seem like they go against our better nature. We want to be kind, helpful, and sometimes we’d simply rather avoid confrontation. Again, piggybackers and tailgaters count on that. Yet a door is only as secure as the person who uses it—or who opens it for someone else.
The post How to Protect Yourself From Tailgating Attacks appeared first on McAfee Blog.
Do yourself a favor: Open a new browser tab and head to your search engine of choice. Type in your full name and home address. Then, see what pops up.
Are the results sparking an ember of unease in the back of your brain? Whether you’re a private person online or you’re comfortable sharing your daily life updates on social media, there are likely to be several personal details about you on sites that shouldn’t have that information. Some of these sites may be data brokerage websites.
Data brokerage sites are legal and are mostly used by annoying advertisers, though cybercriminals may also use them maliciously. The average person has their information for sale on 31 data brokerage sites, and 95% of people have their personal information on sale without their permission.
So how do you scrub the internet of your personal details to keep your identity secure? McAfee Personal Data Cleanup is a service that prevents your personal information from being collected and sold online. Here’s why you should consider taking a few easy steps now to give you peace of mind about the security of your personally identifiable information (PII).
Attack surface is a term usually applied to corporate security, but it’s a great visualization for everyday people going about their personal online errands and entertainment. An attack surface is the number of possible entry points a cybercriminal could weasel their way through to get at your valuable and private information. Entry points include your social media profiles, your online shopping accounts, and data brokerage sites. The fewer entry points you have, the harder it is for cybercriminals to find and exploit them.
While Social Security Numbers (SSNs) are generally revered as the piece of PII to guard most closely, a cybercriminal can still damage your identity with just your name and an address, email address, or phone number. For example, they can request new passwords or multifactor authentication one-time passcodes to break their way into online banking or shopping accounts. Security breaches are happening to huge companies all over the world. All it takes is for your SSN to be leaked in one of them, for a cybercriminal to piece together your digital clone and use it to harm your identity or credit.
Personal Data Cleanup minimizes your attack surface by removing as much PII as possible that’s floating around the internet, just waiting for someone to buy it.
When you’re aware of how many unauthorized vendors are selling your PII, it could be the wakeup call you need start adopting more cautious online habits. For instance, oversharing on social media leaks a lot of valuable details that a savvy criminal can then use to take educated guesses at your passwords or craft a social engineering plot catered just to you.
The present is as good a time as any to start protecting your identity for the future; however, getting started is often the most difficult step. It can seem overwhelming to reach out to every data brokerage site individually and request they remove your info. Personal Data Cleanup can be your partner not only in beginning the cleanup process but in monitoring your data security to keep your online presence as minimal as possible. The service scans the internet’s riskiest sites and then, before deleting your information from these sites, runs it by you to confirm. Then, it will continually monitor those same sites, as your information will likely reappear every two to four months.
Do not underestimate the tenacity of a cybercriminal. Even for people who have the attitude that their PII is bound to be somewhere online and that it’s no big deal, McAfee Personal Data Cleanup manages three key steps in the data removal process: scanning, removing, and monitoring. So, even if you’re not convinced that data brokerage sites are a threat, the process is too easy to put off any longer!
For those who are concerned about their online privacy, full-service Personal Data Cleanup is included in McAfee+ Ultimate, which is the complete package to let you live your online life in private. McAfee+ Ultimate also includes identity monitoring and identity theft resolution services, unlimited VPN, credit lock, and much more.
In 2021, more than 1.4 million identity theft complaints were filed to the Federal Trade Commission.1 Identity theft can occur to anyone, so take steps today, starting with data brokerage sites, to live a more secure and more private digital life.
1Federal Trade Commission, “New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021”
The post McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life appeared first on McAfee Blog.
Authored by Dennis Pang
What is antivirus? That’s a good question. What does it really protect? That’s an even better question.
Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections. Neither definition is entirely on the money.
With this blog, I hope to give everyone a clear definition of what antivirus does well, along with what it doesn’t do at all. The fact is that antivirus is just one form of online protection. There are other forms of protection as well, and understanding antivirus’ role in your overall mix of online protection is an important part of staying safer online.
Antivirus software protects your devices against malware and viruses through a combination of prevention, detection, and removal.
For years, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer—and any device that connects to the internet is a potential target for malware and viruses.
In short, if it’s connected, it must get protected.
One important distinction about antivirus is its name, a name that first came into use decades ago when viruses first appeared on the scene. (More on that in a bit.) However, antivirus protects you from more than viruses. It protects against malware too.
Malware is an umbrella term that covers all types of malicious software regardless of its design, intent, or how its delivered. Viruses are a subset of malicious software that infects devices and then replicates itself so that it can infect yet more devices.
So while we popularly refer to protection software as antivirus, it protects against far more than just viruses. It protects against malware overall.
Now here’s where some confusion may come in. Some antivirus apps are standalone. They offer malware protection and that’s it. Other antivirus apps are part of comprehensive online protection software, which can include several additional far-reaching features that can protect your privacy and your identity.
The reason why antivirus gets paired up with other apps for your privacy and identity is because antivirus alone doesn’t offer these kinds of protections. Yet when paired with things like a password manager, credit monitoring, identity theft coverage, and a VPN, to name a few, you can protect your devices—along with your privacy and identity. All the things you need to stay safer online.
In short, antivirus doesn’t cut it alone.
With that, let’s take a closer look at what malware and viruses really are—how they evolved, and what they look like today, along with how antivirus protects you against them.
Viruses have a long history. And depending on how you define what a virus is, the first one arguably took root in 1971—more than 50 years ago.
It was known as Creeper, and rather than being malicious in nature, it was designed to show how a self-replicating program could identify other connected devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a follow-on version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software.
From there, it wasn’t until the 1980’s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.
At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice.
Computer viruses became a thing.
Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There the malware would lie in wait until the user rebooted their computer for the 90th time. And on that 90th boot, the user was presented with a digital ransom note like the one here:
Along with that note, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee—making PC Cyborg the first widely recognized form of ransomware.
Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.
It was quickly followed in 2000 by what’s considered the among the most damaging malware to date—ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some information and stole other information, then spread to other computers. One estimate puts the global cost of ILOVEYOU at $10 billion and further speculated that it infected 10% of the world’s internet-connected computers at the time.
With the advent of the internet, malware quickly established itself as a sad fact of connected life. Today, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions of malicious programs already in existence.
Apart from the sheer volume of malware out there today, another thing that distinguishes today’s malware from early malware attacks—they’re created largely for profit.
We can think of it this way:
Today’s malware is far more than an annoyance or headache. It can lead to follow-on attacks that target your finances, your identity, your privacy, or a mix of all three.
So with a million or so new threats coming online each day, and millions more out there already, how does antivirus protect you from malware? It blocks, detects, and removes malware. And it does so in a couple of ways:
However, as mentioned earlier, antivirus provides only one aspect of online protection today. While it protects your devices and the data that’s on them, your privacy and identity can come under attack as well. So while antivirus alone can protect you from malware, it can’t prevent other forms of online crime like identity theft, phishing attacks designed to steal personal information, or attacks on your accounts, to name a few of the many other types of threats out there.
Yet comprehensive online protection can.
Comprehensive online protection software like ours offers antivirus, along with specific services and features that protect your privacy and identity online as well. It gives you dozens of other features like identity theft coverage & restoration, personal data cleanup, security freezes, and an online protection score that shows you just how safe you are, along with suggestions that can make you safer still.
So while protecting your devices with antivirus is a great start, it’s only one part of staying safer online. Including privacy and identity protection rounds out your protection overall.
The post What is Antivirus and What Does It Really Protect? appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
Something looks a little … sketchy. Is that website safe or unsafe?
Nowadays, it can take a bit work to tell.
And that’s by design. Increasingly, hackers and scammers go to great pains when they create their malicious websites. They take extra steps to make their sites look legit, when in fact they’re anything but. Certainly, plenty of other hackers and scammers slap together malicious sites that still look a bit roughshod, which makes them easier to spot.
So whether it’s a clever knockoff or a slapdash effort, unsafe websites of all kinds have several telltale signs you can spot. We’ll show you, and let’s start things off with what makes an unsafe website unsafe in the first place.
Unsafe websites typically harbor one of two primary forms of attack—yet sometimes both:
Malware: Hackers will use their sites to install malware on your device, often by tricking you into clicking or tapping on a download. They might tempt you with an offer, a prize, a show to stream—just about anything you might want to otherwise download. (Recently, we saw hackers installing malware on sites that offered to stream dubbed versions of the “Barbie” movie.)
Phishing: Another classic attack. Phishing involves scammers who try to hoodwink you into providing account or financial information. Common ruses include links in emails, texts, and DMs that appear to be urgent messages from streaming services, banks, social media, and other accounts. Of course, those messages are phony.
As a result, unsafe websites can lead to some not-so-good things.
On the malware side, attackers can install spyware and similar apps that siphon financial and personal information from your device while you’re using it. Other malware might steal files outright or maliciously delete them altogether. Ransomware remains a major concern today as well, where attackers hold devices and data hostage. And even if victims end up paying the ransom, they have no guarantee that the attacker will free their device or data.
Phishing attacks often lead to financial headaches, sometimes large ones at that. It depends on the information scammers get their hands on. In some cases, the damage might lead to identity fraud and a few illicit charges on a debit or credit card. If scammers gather enough information, they can take that a step further and commit identity theft. That can include opening new credit or loans in your name. It could also give a scammer the info they need to get driver’s licenses or employment in your name.
Above and beyond committing fraud or theft on their own, scammers might also sell stolen information to others on the dark web.
Again, all not-so-good. Yet quite preventable.
For some sites, it only takes one sign. For other sites, it takes a few signs—a series of red flags that warn you a site is unsafe. When you’re online, keep a sharp eye out for the following:
The “s” stands for “secure.” Specifically, it means that the website uses SSL (Secure Sockets Layer) that creates an encrypted link between a web server and a web browser. SSL helps prevent others from intercepting and reading your sensitive information as it’s transmitted, which is particularly important when you shop or bank online. Likewise, you can also look for a little lock symbol in the address bar of your web browser. That’s one more way you can spot a site that uses SSL.
From spelling errors and grammatical mistakes, to stretched out logos and cheap photography, some unsafe websites are designed poorly. Legitimate businesses pride themselves on error-free and professional-looking sites. If a website looks like it got cobbled together in a hurry or doesn’t seem to be well-designed, that’s usually a red flag. The site might be unsafe, created by attackers who don’t have a strong attention to detail—or the creative capabilities to create a good-looking website in the first place.
Plenty of unsafe sites are imposter sites. They’ll try to pass themselves off as a legitimate company, like the streaming services, banks, and so forth that we mentioned earlier—all to get a hold of your account information. With all these imposter sites in play, look at the site’s address. Scammers will gin up web addresses that are close to but different from legitimate sites, so close that you might miss it. If you’re uncertain about the address, leave the page. Also note that many companies have web pages that provide lists of the official addresses that they use. Amazon provides on example, and we do the same here at McAfee. Reviewing these lists can help you spot an imposter site.
A window or graphic pops up on your screen. The site you’re on says that it’s identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. “You can correct the issue with a click!” Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
A screen full of links insisting you to click ranks among the top signs of an unsafe site. So much so, it’s often the subject of sitcom bits. Needless to say, the attackers behind these sites want you to click for one of several reasons. It might be to get you to download malware. It might be to generate ad revenue with clicks. Or it might be to get you to click a link that redirects you to another malicious site. In all, if you encounter a site like this, close your browser. And then run a system scan with your online protection software.
These unsafe sites sprout up around the holidays and gift-giving seasons. When stores run low on particularly popular or hot items, scammers will quickly launch sites that claim these items are in stock and ready to ship. Similarly, they might promote popular items at a deep discount. Of course, shopping at these sites will likely lead to one thing—a credit card charge and no item on your doorstep. Be wary when you see ads for stores in your social media feed, in search, and elsewhere. Stick with known, trusted retailers. (And for more on shopping safely online, give this article a quick read.)
These sites bear similarities to malicious online shopping sites. When popular movies hit the big screen or major sporting events come around, so do scam sites that promise to stream them for free or at a low cost. Avoid them. Trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might serve up pirated content, which could carry malware threats along with it.
Not every site that promotes some kind of giveaway or deal is a scam. Yet the ones that ask for personal or financial information likely are. Scammers prey on people’s love for saving money or even winning a buck or two. Enter the prize, coupon, and quiz sites. Malicious prize and coupon sites will often ask for credit or debit card information, often under the guise of a payout or a discount. Malicious quiz sites will likewise ask for all kinds of personal information, typically questions about the name of your pet, the first car you owned, or where you went to school. The questions share much in common with the security questions used by banks and credit card companies. Handing this information over could lead to a breached account. Give these sites a pass.
Comprehensive online protection software like ours includes web protection that can spot malicious sites for you. It has further features that can prevent downloading malware by accident, not to mention strong antivirus protection if a hacker makes their way through to you. In all, it gives you extra confidence that wherever your travels take you online, you’re protected from sketchy and unsafe sites.
However, another part of your best defense against unsafe websites is you. Knowing what the red flags are and the kinds of information hackers want to steal can help you avoid their attacks from the start.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation and ticket deals.
Don’t let the threat of phishers and online scammers dampen your team spirit this World Cup tournament. Here are three common schemes cybercriminals will likely employ and a few tips to help you dribble around their clumsy offense and protect your identity, financial information, and digital privacy.
Phishers will be out in full force attempting to capitalize on World Cup fever. People wrapped up in the excitement may jump on offers that any other time of the year they would treat with skepticism. For example, in years past, fake contests and travel deals inundated email inboxes across the world. Some companies do indeed run legitimate giveaways, and cybercriminals slip in their phishing attempts among them.
If you receive an email or text saying that you’re the winner of a ticket giveaway, think back: Did you even enter a contest? If not, treat any “winner” notification with skepticism. It’s very rare for a company to automatically enter people into a drawing. Usually, companies want you to act – subscribe to a newsletter or engage with a social media post, for example – in exchange for your entry into their contest. Also, beware of emails that urge you to respond within a few hours to “claim your prize.” While it’s true that real contest winners must reply promptly, organized companies will likely give you at least a day if not longer to acknowledge receipt.
Traveling is rarely an inexpensive endeavor. Flights, hotels, rental cars, dining costs, and tourist attraction admission fees add up quickly. In the case of this year’s host country, Qatar, there’s an additional cost for American travelers: visas.
If you see package travel deals to the World Cup that seem too good to pass up … pass them up. Fake ads for ultra-cheap flights, hotels, and tickets may appear not only in your email inbox but also on your social media feed. Just because it’s an ad doesn’t mean it comes from a legitimate company. Legitimate travel companies will likely have professional-looking websites with clear graphics and clean website copy. Search for the name of the organization online and see what other people have to say about the company. If no search results appear or the website looks sloppy, proceed with caution or do not approach at all.
Regarding visas, be wary of anyone offering to help you apply for a visa. There are plenty of government-run websites that’ll walk you through the process, which isn’t difficult as long as you leave enough time for processing. Do not send your physical passport to anyone who is not a confirmed government official.
Even fans who’ve given up on watching World Cup matches in person aren’t out of the path of scams. Sites claiming to have crystal clear streams of every game could be malware spreaders in disguise. Malware and ransomware targeting home computers often lurk on sketchy sites. All it takes is a click on one bad link to let a cybercriminal or a virus into your device.
Your safest route to good-quality live game streams is through the official sites of your local broadcasting company or the official World Cup site. You may have to pay a fee, but in the grand scheme of things, that fee could be a lot less expensive than replacing or repairing an infected device.
Here’s an excellent rule to follow with any electronic correspondence: Never send anyone your passwords, routing and account number, passport information, or Social Security Number. A legitimate organization will never ask for your password, and it’s best to communicate any sensitive financial or identifiable information over the phone, not email or text as they can easily fall into the wrong hands. Also, do not wire large sums of money to someone you just met online.
Don’t let scams ruin your enjoyment of this year’s World Cup! With these tips, you should be able to avoid the most common schemes but to boost your confidence in your online presence, consider signing up for McAfee+. Think of McAfee+ as the ultimate goalkeeper who’ll block any cybercriminals looking to score on you. With identity monitoring, credit lock, unlimited VPN and antivirus, and more, you can surf safely and with peace of mind.
The post Watch Out for These 3 World Cup Scams appeared first on McAfee Blog.
Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone.
Here’s everything you need to know about MiTM schemes specifically, how to identify when your device is experiencing one, and how to protect your personally identifiable information (PII) and your device from cybercriminals.
A man-in-the-middle attack, or MiTM attack, is a scheme where a cybercriminal intercepts someone’s online activity and impersonates a trusted person or organization. From there, the criminal may ask personal questions or attempt to get financial information; however, since the device owner thinks they’re communicating with someone with good intentions, they give up these details freely.
MiTM is an umbrella term that includes several cybercrime tactics, such as:
Cybercriminals gain access to devices to carry out MiTM attacks through three main methods: Wi-Fi eavesdropping, malware, or phishing.
The most common giveaway of a MiTM attack is a spotty internet connection. If a cybercriminal has a hold on your device, they may disconnect you from the internet so they can take your place in sessions or steal your username and password combination.
If your device is overheating or the battery life is much shorter than normal, it could indicate that it is running malware in the background.
If you can identify the signs of a MiTM attack, that’s a great first step in protecting your device. Awareness of your digital surroundings is another way to keep your device and PII safe. Steer clear of websites that look sloppy, and do not stream or download content from unofficial sites. Malware is often hidden in links on dubious sites. Try your best to stick to sites that have URLs beginning with “https.” The “s” stands for “secure.” Though not all “https” sites are guaranteed secure, they are generally more trustworthy than plain “http” sites.
To safeguard your Wi-Fi connection, protect your home router with a strong password or passphrase. When connecting to public Wi-Fi, confirm with the hotel or café’s staff their official Wi-Fi network name. Then, make sure to connect to a virtual private network (VPN). A VPN encrypts your online activity, which makes it impossible for someone to digitally eavesdrop. Never access your personal information when on an unprotected public Wi-Fi network. Leave your online banking and shopping for when you’re back on a locked network or VPN you can trust.
Finally, a comprehensive antivirus software can clean up your device of malicious programs it might have contracted.
McAfee+ Ultimate includes unlimited VPN and antivirus, plus a whole lot more to keep all your devices safe. It also includes web protection that alerts you to suspicious websites, identity monitoring, and monthly credit reports to help you browse safely and keep on top of any threats to your identity or credit.
A cybercriminal’s prize for winning a digital scheme of monkey in the middle is your personal information. With preparation and excellent digital protection tools on your team, you can make sure you emerge victorious and safe.
The post Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack appeared first on McAfee Blog.
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
!@#$%^&*()_+{}[]-=;’:”,./<>?
The post Test article delete – 16-11-2022 appeared first on McAfee Blog.
Authored by Oliver Devane
It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX, McAfee has discovered several phishing sites targeting FTX users.
One of the sites discovered was registered on the 15th of November and asks users to submit their crypto wallet phrase to receive a refund. After entering this phrase, the creators of the site would gain access to the victim’s crypto wallet and they would likely transfer all the funds out of it.
Upon analyzing the website code used to create the phishing sites, we noticed that they were extremely similar to previous sites targeting WalletConnect customers, so it appears that they likely just modified a previous phishing kit to target FTX users.
The image below shows a code comparison between a website from June 2022, and it shows that the FTX phishing site shares most of its code with it.
McAfee urges anyone who was using FTX to be weary of any unsolicited emails or social media messages they receive and to double-check the authenticity before accessing them. If you are unsure of the signs to look for, please check out the McAfee Scam education portal (https://www.mcafee.com/consumer/en-us/landing-page/retention/scammer-education.html)
McAfee customers are protected against the sites mentioned in this blog
Type | Value | Product | Detected |
URL | ftx-users-refund[.]com | McAfee WebAdvisor | Blocked |
URL | ftx-refund[.]com | McAfee WebAdvisor | Blocked |
The post Threat Actors Taking Advantage of FTX Bankruptcy appeared first on McAfee Blog.
Following up on our previous blog, How to Stop the Popups, McAfee Labs saw a sharp decrease in the number of deceptive push notifications reported by McAfee consumers running Microsoft’s Edge browser on Windows.
Such browser-delivered push messages appear as toaster pop-ups in the tray above the system clock and are meant to trick users into taking various actions, such as installing software, purchasing a subscription, or providing personal information.
Upon further investigation, this major drop seems to be associated with a change in the behavior of the Edge browser with two notable improvements over older versions.
First, when users visit websites known to deliver deceptive push notifications, Edge blocks authorization prompts that could trick users into opting-in to receive popups:
Second, when unwanted popups do occur, it is now easier than ever to disable them, on a per-site basis. Users can simply click the three dots (…) on the right of the notification and choose to “Turn off all notifications for” the domain responsible for the popup.
This is a great improvement over the previous experience of having to manually navigate browser settings to achieve the desired result.
Earlier this year, 9TO5Google reported a Chrome code change may be indicative of a similar crack down by Google on nefarious popups.
One can hope Google will follow Microsoft’s example to improve browser security and usability.
The post Microsoft’s Edge over Popups (and Google Chrome) appeared first on McAfee Blog.
Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers.
The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of almost 26 million people, close to a third of the population could find themselves affected.
The hackers subsequently issued ransomware demands with the threat of releasing the records. With their demands unmet, the hackers then started posting the records in batches, the first on November 8th and the latest dropping on November 14th.
According to Medibank, the records and information could include diagnoses, a list of conditions, and further information such as:
“[P]ersonal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for AHM customers (not expiry dates), in some cases passport numbers for our international students (not expiry dates), and some health claims data.”
Medibank continues to keep its customers up to date on the latest developments on its website and further states they will contact customers, via email and post, to clarify what has been stolen and what has been published on the dark web.
Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. In the case of Medibank, the hackers posted the stolen information on the dark web, which unfortunately means that the likelihood of a potential scammer or thief obtaining this information is a near certainty.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Home Affairs Minister Clare O’Neil called for Australians to “Contact Services Australia if you believe there has been unauthorised activity in your Medicare account.” Further, Australians can take the following additional steps to protect themselves in the wake of identity theft.
With some personal information in hand, bad actors may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
If you are contacted by Medibank, make certain the communication is legitimate. Bad actors may pose as Medibank to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the Medibank website or contact them by phone directly.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly can reduce your risk in the event of a data breach. Namely, a breached password is no good to a hacker if you’ve changed it.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to credit cards, bank account numbers and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s identity monitoring service helps you keep an eye on your personal info and provides alerts if your data is found, averaging 10 months ahead of similar services.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in your name. This may include identity theft, where someone pretends to be you, generally to gain access to more information or services, and may escalate to identity fraud, where funds are stolen from your account.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent bad actors from opening new lines of credit or take out loans in your name by “freezing” your credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security. Identity thieves generally focus on easy targets to save time. Elevated security across the majority of your data can make you a far more difficult target. In addition to more private and secure time online with a VPN, identity monitoring, and password management, this includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, McAfee offers support from a licensed recovery pro who can help you restore your credit, just in case.
Per Medibank, some victims of the breach may have had their driver’s licence number exposed. Given that a licence number is such a unique piece of personally identifiable information, anyone notified by Medibank that theirs may have been affected should strongly consider changing them. The process for replacing a licence document will vary depending on your state or territory.
The recent Optus breach of September 2022 saw some states and territories propose making exceptions to the rules for attack victims, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Medibank breach.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, which makes protection a must.
The post The Medibank Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.
Authored by: Christy Crimmins and Oliver Devane
Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the men’s World Cup kicks off (pun intended) in Qatar. This event, a tournament played by 32 national teams every four years, determines the sport’s world champion. It will also be one of the most-watched sporting events of at least the last four years (since the previous World Cup).
An event with this level of popularity and interest also attracts fraudsters and cyber criminals looking to capitalize on fans’ excitement. Here’s how to spot these scams and stay penalty-free during this year’s tournament.
Phishing is a tool that cybercriminals have used for years now. Most of us are familiar with the telltale signs—misspelled words, poor grammar, and a sender email whose email address makes no sense or whose phone number is unknown. But excitement and anticipation can cloud our judgment. What football fan wouldn’t be tempted to win a free trip to see their home team participate in the ultimate tournament? Cybercriminals are betting that this excitement will cloud fans’ judgment, leading them to click on nefarious links that ultimately download malware or steal personal information.
It’s important to realize that these messages can come via a variety of channels, including email, text messages, (also known as smishing) and other messaging channels like WhatsApp and Telegram. No matter what the source is, it’s essential to remain vigilant and pause to think before clicking links or giving out personal or banking information.
For more information on phishing and how to spot a phisher, see McAfee’s “What is Phishing?” blog.
According to ActionFraud, the UK’s national reporting center for fraud and cybercrime, thousands of people were victims of ticket fraud in 2019—and that’s just in the UK. Ticket fraud is when someone advertises tickets for sale, usually through a website or message board, collects the payment and then disappears, without the buyer ever receiving the ticket.
The World Cup is a prime (and lucrative) target for this type of scam, with fans willing to pay thousands of dollars to see their teams compete. Chances are most people have their tickets firmly in hand (or digital wallet) by now, but if you’re planning to try a last-minute trip, beware of this scam and make sure that you’re using a legitimate, reputable ticket broker. To be perfectly safe, stick with well-known ticket brokers and those who offer consumer protection. Also beware of sites that don’t accept debit or credit cards and only accept payment in the form of bitcoin or wire transfers such as the one on the fake ticket site below:
The red box on the right image shows that the ticket site accepts payment via Bitcoin.
Other red flags to look out for are websites that ask you to contact them to make payment and the only contact information is via WhatsApp.
Let’s be realistic—most of us are going to have to settle for watching the World Cup from the comfort of our own home, or the pub down the street. If you’re watching the tournament online, be sure that you’re using a legitimate streaming service. A quick Google of “FIFA World Cup 2022 Official Streaming” along with your country should get you the information you need to safely watch the event through official channels. The FIFA site itself is also a good source of information.
Illegal streaming sites usually contain deceptive ads and malware which can cause harm to your device.
In countries or regions where sports betting is legal, the 2022 World Cup is expected to drive an increase in activity. There’s no shortage of things to bet on, from a simple win/loss to the exact minute a goal will be scored by a particular player. Everything is subject to wager.
As with our previous examples, this increase in legitimate gambling brings with it an increase in deceptive activity. Online betting scams often start when users are directed to or search for gambling site and end up on a fraudulent one. After placing their bets and winning, users realize that while they may have “won” money, they are unable to withdraw it and are even sometimes asked to deposit even more money to make winnings available, and even then, they still won’t be. By the end of this process, the bettor has lost all their initial money (and then some, potentially) as well as any personal information they shared on the site.
Like other scams, users should be wary of sites that look hastily put together or are riddled with errors. Your best bet (yes, again, pun intended) is to look for an established online service that is approved by your government or region’s gaming commission. Finally, reading the fine print on incentives or bonuses is always a good idea. If something sounds too good to be true, it’s best to double-check.
For more on how you can bet online safely, and for details on how legalized online betting works in the U.S., check out our blog on the topic.
Using a free public Wi-Fi connection is risky. User data on these networks is unprotected, which makes it vulnerable to cyber criminals. Whether you’re traveling to Qatar for a match or watching the them with friends at your favorite pub, if you’re connecting to a public Wi-Fi connection, make sure you use a trusted VPN connection.
For more information on scams, visit our scam education page. Hopefully, with these tips, you’ll be able to enjoy and participate in some of the World Cup festivities, after all, fun is the goal!
The post Don’t Get Caught Offsides with These World Cup Scams appeared first on McAfee Blog.
There’s no doubt that cyber bullying ranks towards the top of most parents ‘worry list’. As a mum of 4, I can tell you it always came in my top five, usually alongside driving, drugs, cigarettes and alcohol! But when McAfee research in May revealed that Aussie kids experience the 2nd highest rate of cyberbullying out of the 10 countries interviewed, my heart skipped a beat. Clearly cyberbullying is a big problem for Aussie kids. Bigger than I had previously thought. But many of us parents had so many more questions: what can it look like? where does it happen? and could my child be a perpetrator?
So, as an ally of connected families, McAfee set out to answer these questions so undertook more research through a detailed 10-country online questionnaire to 11,687 parents and their children in June. And the answers were quite revealing…
Before we get into the results, let’s clarify what cyberbullying means. There is often a lot of confusion because let’s be honest, different kids have different tolerances, standards and cultural lenses for what is and isn’t acceptable behaviour. The definition of cyberbullying used in McAfee’s report was based on the definition by StopBullying.Gov:
Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behaviour.
McAfee’s definition was then expanded to include specific acts of cyberbullying, such as:
Along with other acts, including:
What Is The Most Common Form of Cyberbullying for Aussie Kids?
Even though racially motivated cyberbullying is on the rise, name-calling is the most common form of cyberbullying with 40% of kids globally reporting that they have been on the receiving end of it. Interestingly, in Australia, our kids receive this style of bullying more frequently, with 49% of Aussie kids affected.
Exclusion from group chats and conversations is the 2nd most commonly reported form of cyberbullying with 36% of kids globally experiencing it. In Australia, this is higher at 42%.
The spreading of false rumours rounds out the top three forms and was reported by 28% of children globally. Curiously, Aussie kids don’t seem to use this form just as commonly with just 24% affected. Japan stands out as the leader in this reported form of cyberbullying at 44% followed by Germany at 35% and India at 39%.
1 in 8 Aussie kids reports receiving extreme cyberbullying threats eg stalking, harassment and physical threats online. This is in line with the global average however in India and the US, more young people are affected with 1 in 5 reporting this behaviour.
It’s no surprise that the bulk of cyberbullying is happening on social media with 32% of kids affected globally. Group chats come in as the 2nd most commonplace with 24% of kids involved followed by online gaming being an issue for 22% of kids surveyed. 21% of kids experienced cyberbullying on websites and forums and 19% identified that they experienced cyberbullying via text messages.
Globally, Facebook is the social media site where cyberbullying is most likely to occur. 53% of children report witnessing it and 50% report experiencing it. This is followed by Instagram (40% witnessing and 30% experiencing), YouTube, TikTok and then Twitter.
Overall, Aussie kids appear to experience less cyberbullying on social media with just 47% witnessing it on Facebook and 37% experiencing it. Our kids also report lower levels on Instagram as well with 34% witnessing and 30% experiencing.
It appears that Snapchat is unfortunately where a lot of undesirable behaviour happens for our Aussie kids with 34% reporting that they have been affected on this platform – a huge 10% above the international average and the highest of any country included in the survey.
I’m sure it’s not a surprise to many parents that most cyberbullying comes from someone known to the victim. In fact, 57% of kids worldwide confirmed this with just 45% nominating that the cyberbullying they received had been initiated by a stranger. And Aussie kids’ experiences reflect the global norm with 56% expressing that they also knew the perpetrator but only 36% experienced cyberbullying from a stranger. Interestingly, only India, reported more cyberbullying at the hands of strangers (70%) than by someone the child knows (66%).
Globally, 81% of all children surveyed stated that they had never cyberbullied anyone while just 19% admitted that they had. But when questioned further, it became apparent that there may be some disconnect. In fact, when asked about specific cyberbullying behaviours, more than half of children worldwide (53%) admitted to committing one or more types of cyberbullying —perhaps indicating that their definition of cyberbullying differs from the clinically accepted definition. The most common acts that they admitted to included making a joke at someone else’s expense (22%), name-calling (18%) and excluding someone from a chat or conversation (15%).
It appears that our kids are calmer about the state of cyberbullying that their peers worldwide. Only 46% of our kids reported they were more concerned about being cyberbullied now than last year, compared to a 59% average worldwide. Aussie children said they are among the least concerned children in the world, alongside Canada at 44%, the U.K. at 43%, and Germany at 38%.
And Aussie parents also appear calmer than parents from other countries with only 61% nominating they were more concerned about their child being cyberbullied today versus last year, compared to the 72% international average. Australian parents also showed the least level of worry that their child may be a cyberbully. Only 41% said that they worried this was more likely this year than last, compared to 56% of parents elsewhere.
Now, this could be because the online learning and tech-heavy phase of the pandemic is, thankfully, over and we are not as focussed on technology-related issues. Or perhaps it’s because we really are a nation of ‘laid-back’ types! The jury is still out…
We all know that it’s impossible to fix a problem if you don’t truly understand it. So, while these statistics might be a little overwhelming, please soak them in. Appreciating the complexities of this problem and digesting how cyberbullying can look and impact our kids is essential. Now, as first-generation digital parents, it may take us a little longer to wrap our heads around it and that’s ok. The most important thing is that we commit to understanding the problem so that we are in the best position possible to support and guide our kids.
In my next blog post, I will be sharing more detailed strategies that will help you minimise the risk of your child becoming a victim of cyberbullying. I will also include advice on what to do if your child is affected by cyberbullying plus what to do if your child is in fact a cyberbully.
‘Till next time.
Stay Safe Online
Alex
The post How Cyberbullying Looks In Australia in 2023 appeared first on McAfee Blog.
What you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, estimated income, purchasing habits, and any political affiliations you may have—all pretty personal information, right? Well, there’s a good chance that anyone can find it online. All it takes is your name and address.
Thankfully, there’s something you can do about it.
But first, go ahead and give it a try. Type your name and address in a search bar and see what comes up. If you’re like most people, your search results turned up dozens of sites with your information on them. Some sites offer bits of it for free. Other sites offer far more detailed information, for a price.
Who’s behind all this? Data brokers. All part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well.
The result? A chillingly accurate picture of you.
So accurate, that reporters and law enforcement will often use profiles from data broker sites to dig up a person’s background. And so could scammers and thieves.
Ever wonder how you end up with all those spam calls and texts? Look no further than the data brokers. They help scammers compile the calling and texting lists they use. Yet spammy calls and texts are just part of the problem with these sites. They can give thieves the tools they need to steal your identity.
How? Visualize your identity as a jigsaw puzzle. Every bit of personal information makes up a piece, and if you cobble enough pieces together, a scammer or thief could have enough information to steal your identity. And data brokers compile all those pieces in one place and offer up them up in droves.
If you’re wondering if this activity is legal or at least regulated in some way, it largely isn’t. For example, the U.S. has no federal laws that require data brokers to remove personal information from their sites if requested to do so. On the state level, Nevada, Vermont, and California have legislation in place aimed at protecting consumers from having their data disclosed on these sites. Other legislation is being considered, yet as of this writing there’s very little on the books right now.
With next to no oversight, data brokers continue to collect personal information, which may or may not be accurate. It may be out of date or flat out wrong. Likewise, as it is with any large data store, data brokers are subject to hacks and attacks, which may lead to breaches that release detailed personal information onto the dark web and into the hands of bad actors.
Put plainly, data brokers collect, buy, and sell high volumes of personal information, often in ways that leave no trace that it’s happening to you—or that the information is correct in any way.
All this can feel like it’s out of your control. And maybe the search you did on yourself made you a little uneasy. (Understandable!) Yet you have plenty of ways you can curb this activity and even remove your information from some of the riskiest data broker sites as well.
It starts by finding out which sites have information on you, followed by filing requests to have it removed. Yet with dozens and dozens of these sites proliferating online, this can be a time-consuming process. Not to mention a frustrating one. We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy. McAfee+ contains a comprehensive set of tools, such as Personal Data Cleanup which are designed to help protect your online privacy.
Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan.
And because getting your info removed once isn’t a guarantee that a data broker won’t collect and post it again, Personal Data Cleanup can continually monitor those sites. So should your info get posted again, you can request its removal again as well.
The other way you can thwart data brokers involves cleaning up your tracks when you go online, essentially leaving a smaller amount of data in your wake that they can collect and resell.
Searching for your name and address can turn up some surprises and introduce you to the world of data brokers, the dozens and dozens of companies that collect, buy, and sell your personal information. While data brokers sell this information to companies for advertising and marketing purposes, they will also sell that information to hackers, scammers, and thieves. Simply put, they don’t discriminate when selling your personal info. That puts more than just your privacy at risk, it can put your identity at risk as well. By selling your personal information, it can give bad actors the info they need to commit identity fraud and theft.
While cleaning up personal information from these sites is often a difficult and time-consuming task, tools like our Personal Data Cleanup can now dig out the sites where your personal info is posted and can help you remove it. Moreover, you now have several tricks and tactics you can use to reduce the amount of personal data these sites can collect. In all, you now have far more control over what data brokers can collect, buy, and sell than you had before. And now is most certainly a time to take that control given all the time we spend online and the many ways we rely on it to help us work, play, and simply get things done.
The post How much of your personal info is available online? A simple search could show you plenty. appeared first on McAfee Blog.
Contrary to popular belief, Lorem Ipsum is not simply random text. It has roots in a piece of classical Latin literature from 45 BC, making it over 2000 years old. Richard McClintock, a Latin professor at Hampden-Sydney College in Virginia, looked up one of the more obscure Latin words, consectetur, from a Lorem Ipsum passage, and going through the cites of the word in classical literature, discovered the undoubtable source. Lorem Ipsum comes from sections 1.10.32 and 1.10.33 of “de Finibus Bonorum et Malorum” (The Extremes of Good and Evil) by Cicero, written in 45 BC. This book is a treatise on the theory of ethics, very popular during the Renaissance. The first line of Lorem Ipsum, “Lorem ipsum dolor sit amet..”, comes from a line in section 1.10.32.
The standard chunk of Lorem Ipsum used since the 1500s is reproduced below for those interested. Sections 1.10.32 and 1.10.33 from “de Finibus Bonorum et Malorum” by Cicero are also reproduced in their exact original form, accompanied by English versions from the 1914 translation by H. Rackham.
There are many variations of passages of Lorem Ipsum available, but the majority have suffered alteration in some form, by injected humour, or randomised words which don’t look even slightly believable. If you are going to use a passage of Lorem Ipsum, you need to be sure there isn’t anything embarrassing hidden in the middle of text. All the Lorem Ipsum generators on the Internet tend to repeat predefined chunks as necessary, making this the first true generator on the Internet. It uses a dictionary of over 200 Latin words, combined with a handful of model sentence structures, to generate Lorem Ipsum which looks reasonable. The generated Lorem Ipsum is therefore always free from repetition, injected humour, or non-characteristic words etc.
The post Test Post 2 03-11 appeared first on McAfee Blog.
Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..
Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..
Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..
The post Test post delete 2 – 03-11 appeared first on McAfee Blog.
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of using Lorem Ipsum is that it has a more-or-less normal distribution of letters, as opposed to using ‘Content here, content here’, making it look like readable English. Many desktop publishing packages and web page editors now use Lorem Ipsum as their default model text, and a search for ‘lorem ipsum’ will uncover many web sites still in their infancy. Various versions have evolved over the years, sometimes by accident, sometimes on purpose (injected humour and the like).
The post Test Post 1 03-11 appeared first on McAfee Blog.
Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..
Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..
Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..Lorem ipsum..
The post Test post delete – 03-11 appeared first on McAfee Blog.
With the shopping bonanzas of Black Friday and Cyber Monday comes a flurry of deals and offers, some of which are too good to be true. Unfortunately, the latter instances often become scams run by fraudsters seeking to take advantage of the shopping frenzy. In this article, we will discuss some of the most notorious Black Friday and Cyber Monday scams that you should keep an eye out for.
Scammers are skilled manipulators who know how to twist human emotions to their advantage. They create a sense of urgency, fear, or stress, which are heightened during the holiday season rush. As people scramble to get the best deals and hard-to-get items, they often let their guard down, making them easy targets for these fraudsters. Knowing how to identify these scams is the first step to safeguarding yourself from becoming a victim.
Whether you’re a seasoned online shopper or just getting started, this guide will help you identify the top online shopping scams today and stay one step ahead to enjoy a safer, more secure shopping experience:
As everyone is hurrying to grab the best deals during the holiday season, keeping track of all the orders can be challenging. Scammers leverage this situation, sending fake order confirmations via email or text. These seemingly legit confirmations often contain malware or phishing links that the scammers use to steal your identity. The best strategy is to track your orders directly from the seller’s website or platform.
Similar to the fake order scam, fraudsters send fake package tracking notifications as an email attachment or link. Actual retailers will never send tracking numbers via an attachment. Scammers use these tactics to infect your device with malware or direct you to phishing sites. As always, visit the seller’s site to get accurate tracking information for your order.
Scammers are skilled at creating fake email addresses and URLs that resemble those of legitimate companies. These phishing emails often lead to scam sites that capture your login credentials and payment information. Avoid clicking on email links; it’s safer to type the URL manually and search for deals.
→ Dig Deeper: 7 Ways to Tell If It’s a Fake
Scarcity is a prime tool for scammers. They create fake websites offering popular items that are generally hard to find. These scams can result in you paying for a product you’ll never receive and the scammer possessing your payment details. The Better Business Bureau provides useful reviews to help verify the legitimacy of a product or seller.
During the holiday season, there’s a surge in charity donations, and scammers know this trend. They set up bogus charities and employ high-pressure tactics to get you to donate. Be wary of organizations that accept payment only through gift cards, wire transfers, or cryptocurrency. The U.S. Federal Trade Commission (FTC) offers resources to ensure your donations reach legitimate charities.
Amidst the whirlwind of savings and special offers, there’s a lurking concern that every savvy shopper should be aware of – scams. Protecting yourself from potential scams during these shopping bonanzas is paramount. Several strategies are available to help you stay one step ahead of potential scammers and ensure a safe and successful shopping experience during Black Friday and Cyber Monday. Here are strategies you can follow:
One of the simplest ways to avoid scammers is to shop from familiar and reputable online retailers. If you’re unsure about a retailer, the U.S. Better Business Bureau provides listings to help you research their reputation.
Secure websites start with “https,” with the extra “s” standing for “secure.” You’ll often see a padlock icon in the address bar of your browser. If you don’t see these security indicators, avoid purchasing on that website.
McAfee Pro Tip: When you’re visiting a website, it’s important to keep your radar up for a few essential clues that tell you whether it’s safe or not. Sure, we’ve talked about the ‘https’ thing in the web address, but there are other giveaways, too, like phony icons and symbols, how well the website’s put together, how fast it loads, and a bunch of other stuff. Want to know more about how to check out if a website’s the real deal or not? Check how to tell whether a website is safe.
In this scam, fraudsters lure victims with advertisements offering significant discounts on popular products. These advertisements usually contain a link redirecting you to a fraudulent website where your personal and financial information gets stolen. Always cross-check the offered prices with those on the manufacturer’s or well-known retailers’ websites. Also, check if the seller provides complete contact information. A lack of information or a recently registered website should raise a red flag.
During the holiday season, a gift exchange scam often resurfaces on social media. The concept is simple: you buy a gift worth a certain amount, typically $10, and supposedly receive several gifts in return. However, the only person who benefits is the scammer who initiated the scheme. This type of scam is not only deceptive but also illegal. If you encounter such a scheme on social media, report it immediately.
→ Dig Deeper: 6 Tips for Protecting Your Social Media Accounts
Scammers love gift cards! They use emails or text messages to trick you into thinking you’ve received a gift card from a friend or family member. These messages often contain links that, when clicked, install malware on your device or steal your personal information. Always verify the source before clicking on any links. And remember, if a deal sounds too good to be true, it probably is.
Beware of new e-commerce sites offering popular items at massive discounts. Scammers often create fake e-commerce sites that vanish after collecting money from their victims. Always research the seller’s reputation before making a purchase. If you can’t find any reviews or feedback about the seller, it’s better to avoid the risk.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Smishing is a scam where fraudsters send text messages posing as reputable companies to trick individuals into revealing personal information. During the holiday season, these messages often link to a supposed deal or gift. However, the link usually leads to a fraudulent website designed to steal your data. Treat unsolicited print messages with caution, and never click on suspicious links.
While the holiday season brings joy and excitement, it also increases online shopping scams. Scammers use a variety of tactics, including fake order confirmations, phony tracking numbers, bogus websites, and nonexistent e-tailers, to trick their victims. To protect yourself, always verify the source before clicking on any links, research sellers before purchasing, and avoid deals that seem too good to be true. By being vigilant and taking precautions, you can safely navigate through the holiday shopping frenzy and prevent yourself from falling victim to these Black Friday and Cyber Monday scams. And, of course, don’t forget to equip your devices with security solutions further to improve your security, privacy, and finances.
The post Black Friday and Cyber Monday Scams: Beware of the Pitfalls appeared first on McAfee Blog.
Vernon has been our Manager of Technical Accounting for more than two years, but that doesn’t mean he’s busy with spreadsheets and numbers all day.
It’s been an amazing ride so far. My team touches on several areas of responsibility, including financial period closing, financial reporting, and accounting for complex transactions.
The most rewarding part of my role is definitely the variety and complexity – they really go hand-in-hand and I enjoy asking questions and figuring out the solutions, even when there is not always a textbook answer. I enjoy the challenge of working collectively with a team to find solutions by applying research and experience to a set of facts.
It’s also rewarding to be able to collaborate with auditors and other stakeholders who would be interested in the results.
My favorite thing about working at McAfee is the team. We have an amazing team. It’s full of really smart people. I’ve seen some companies try and find the best talent they can, but McAfee has just taken that to a whole different level. Everyone in their respective areas is really tuned in to the broader effort and we work well together. At McAfee, we enjoy both a high level of talent and collaborative effort. You don’t often find both in the same place.
I really believe that each person brings certain strengths to the table, and they should be able to exercise those strengths to develop and expand their capabilities. Once those natural roles are established, it’s best to trust them to determine how best to perform in their roles and collaborate with the team in achieving results that add value to the broader group.
First, expect the unexpected – consider each new experience an opportunity for personal growth.
Secondly, get involved in projects. If you have the opportunity to do something different or work with a cross-functional team, do it. It builds your own skill base, which opens the door for greater future opportunities and you get to meet people outside of your own department and develop relationships that may prove valuable over time.
The post For some, accounting is more than just spreadsheets! Vernon’s McAfee Journey appeared first on McAfee Blog.
A new ransomware threat is currently sweeping its way across home computers. And what’s making it extra tricky is that it’s disguised as an operating system update.
Be on the lookout for this new ransomware scheme and protect yourself from ransomware with a few of these tips.
Magniber is a new type of ransomware that is disguised at almost every touchpoint until it seemingly pops out of nowhere demanding money. The attack begins when someone visits a fake Windows 10 update website owned by the Magniber cybercriminal group. Once someone clicks on a malicious link on that site, file-encrypting malware downloads onto the device.
Another stealth maneuver of Magniber is that the encryption malware downloads as a JavaScript file straight to the memory of the device, which can often slide under an antivirus’ radar. This malware allows the criminal to view, delete, and encrypt files and gain administrator access of the device. Usually, before the person even knows their device is in danger, Magniber reveals itself and demands a ransom payment in exchange for releasing the documents and giving back control of the computer. If the device owner refuses to pay, the criminal threatens to delete the files forever.1
For the last several years, large companies fell left and right to breaches. Hacker groups infiltrated complex cybersecurity defenses, got ahold of sensitive company or customer information, and threatened to release their findings on the dark web if not paid a hefty ransom. The reasons cybercriminals targeted corporate databases versus personal devices wasn’t just because they could demand multiple millions, but because companies were better equipped to make ransom transactions anonymously. Often, cryptocurrency transactions are untraceable, which allows criminals to remain at large.
Now that more everyday people are proficient in cryptocurrency, ransomware may shift to targeting personal devices. Though the ransom payments won’t be as lucrative, there also won’t be corporate cybersecurity experts hot on the cybercriminal’s tail.
To avoid ransomware schemes similar to Magniber, adopt these three habits to better protect your device and digital privacy:
If a cybercriminal gets in touch with you and demands a ransom, immediately contact your local FBI field office and file a report with the FBI’s Internet Criminal Complaint Center. From there, the authorities will advise you on how to proceed.
Something you can start with now to defend against ransomware is to invest in McAfee+ Ultimate. It provides the most thorough device, privacy, and identity protection, including $25,000 in ransomware coverage.
1ZDNET, “This unusual ransomware attack targets home PCs, so beware”
The post Ransomware Masquerading as Microsoft Update Targets Home Computers appeared first on McAfee Blog.
It’s Diwali, a time of light, a time of togetherness, and, of course, a time of celebration. Along with Diwali comes the traditional acts of dana and seva, as well as gift-giving to the friends and family members they honor and love. However, it’s also a time when thieves get busy—where they hop online and take advantage of all that goodwill with all manner of scams.
It’s unfortunate yet true. Thieves flock to where the money is, and plenty of money gets exchanged online during Diwali. As you shop online for that thoughtful gift or to donate online to a cause you care about, keep an eye out for the scams that these thieves set. Because they’re out there.
Yet you have several ways you can spot their scams, along with several ways you can protect yourself further from them. The thing is, online thieves tend to use the same old tricks, which means a sharp eye and a little prevention on your part can keep you far safer during Diwali.
For starters, let’s look at some of the most common scams out there.
A classic scammer move is to “typosquat” phony email addresses and URLs that look awfully close to legitimate addresses of legitimate companies and retailers. So close that you may overlook them. They often appear in phishing emails and instead of leading you to a great deal, these can in fact link you to scam sites that can then lift your login credentials, payment info, or even funds should you try to place an order through them.
You can avoid these sites by going to the retailer’s site directly. Be skeptical of any links you receive by email, text, or direct message—it’s best to go to the site yourself by manually typing in the legitimate address yourself and looking for the deal there.
In some cases, thieves will set up shopping websites that offer a popular or hard-to-find item at a great price. Yet if the pricing, availability, or delivery time all look too good to be true for the item in question, it may be a scam designed to harvest your personal info and accounts—because, surprise, they don’t have the item at all. The site will take your payment, yet you’ll never receive the item. What’s more, the scammers will have your payment info and address, which they can use to cause further harm.
Use caution here before you click. If you’re unsure about a product or retailer, read reviews from trusted websites to help see if it’s legitimate. You can also use a service like Who.Is and see how recently the site was created. If the site was only put up very recently, it could be a sign of a scam.
In the spirit of dana, donating to charities makes for a popular Diwali gesture. Scammers know this too and will set up phony charities to cash in. Some indications that a phony charity has reached you include an urgent pitch that asks you to “act now.” A proper charity will certainly make their case for a donation, yet they won’t pressure you into it. Moreover, phony charities will outright ask for payment in the form of gift cards, wire transfers, money orders, or even cryptocurrency—because once those funds are sent, they’re nearly impossible to reclaim when you find out you’ve been scammed.
There are plenty of ways to make donations to legitimate charities, and the NGO Darpan site offers resources that can help you make an informed choice.
Whether they come to you by email, direct message, or text message, scammers will blast out phoney prize and gift notifications during Diwali. And of course, there’s a catch. To claim your “prize” or “gift,” the scammers require you to fill out a questionnaire. Once again, there’s no gift or prize in play here. Just a thief on the other end attempting to steal your personal information to commit other fraud down the road.
Look out for these scams, as many have URLs that end in .cn (the Chinese domain). Both .xyz, and .top are popular URL domains for these scams. Several can look quite legitimate, yet if you haven’t entered in a legitimate contest, drawing, or lottery yourself, there’s a very good chance this is a scam.
Aside from knowing how to spot scams, you can take several other preventative measures that can keep you safe as you shop, donate, or simply spend time online.
This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. As mentioned in the bogus website scam and the prize scams above, thieves will often create web addresses that look nearly identical to legitimate addresses of well-known companies hoping that you won’t look closely at them, then click or tap that bad link.
If you get an offer sent to you via email, text, or any other message, don’t click the link. Visit the site directly and look for the offer there.
Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
Public Wi-Fi in coffee shops and other public locations can expose your private surfing to prying eyes because those networks are open to all. Using a virtual private network (VPN) encrypts your browsing, shopping, and other internet traffic, thus making it secure from attempts at intercepting your data on public Wi-Fi, such as your passwords and credit card numbers.
What’s more, a VPN masks your whereabouts and your IP address, plus uses encryption that helps keep your activities private. As a result, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from.
A complete suite of online protection software like McAfee can offer layers of extra security while you shop. In addition to the VPN, identity, credit monitoring, and other features mentioned above, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—along with a password manager that can create strong, unique passwords and store them securely as well. Taken together, McAfee offers all-in-one online protection for your identity, privacy, and security that can keep you far safer when you shop online—and as you spend your time online in general.
If celebrating Diwali takes you online in any way, keep an eye open for the scams that typically pop up this time of year. Sadly, they’re out there, because it’s such a prime time of year for online shopping, gift-giving, and donations.
As you can see, thieves use several types of common scams that simply dress themselves up in different ways. Taking a moment to pause and consider what you’re seeing before you click or buy can help you spot those scams.
Further, using online protection software can help you stay safer still with features that make your time online more private and secure while also preventing you from clicking on any of those malicious links or attachments that crop up during Diwali—and any time of year.
The post Protect yourself from scams this Diwali appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself appeared first on McAfee Blog.
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Whether you’re spending time on the web or working in the office, you want peace of mind knowing that you are in a safe environment. While most of us know to take precautions when online — protecting ourselves from things like phishing attacks and other cyber threats — we should also attend to our physical security.
One concern is tailgating — a social engineering attack where someone gets physical access to a business to take confidential information or do other harm.
Here are some ways to protect yourself from tailgating attacks, such as an unauthorized person following you into a restricted area while on the job.
Tailgating is a type of social engineering attack where an unauthorized person gains physical access to an off-limits location — perhaps a password-protected area — where they might steal sensitive information, damage property, compromise user credentials or even install malware on computers.
“Piggybacking” is closely related to tailgating, but it involves consent from the duped employee. So, while a worker might be unaware that someone has tailgated them into a restricted area with piggybacking, the hacker might convince a worker to provide access because they are posing as, say, a delivery driver.
Companies, particularly at risk of being targeted by tailgating scams, include those:
Generally speaking, companies with robust security systems in place — including using biometrics, badges, or other identity and information security measures — are better protected from tailgating and piggybacking attacks.
But that’s not to say that some smooth-talking fraudster can’t talk someone into letting them in or finding some way around those protections.
Common types of tailgating attacks that you should be aware of on the job include:
Protecting yourself from tailgating attacks is partly a matter of learning about the issue, raising your level of awareness on the job, and depending on your employer, putting in place more effective security systems.
Some solutions include:
Many companies know how to train employees to recognize, avoid, and cope with online security issues but may forget to provide the same diligence to physical security. How to spot and deal with threats should be part of this training, plus cultivating an awareness of surroundings and people who might be out of place.
Management should offer a clearly stated security policy taught to everyone, which might insist that no one be allowed into a secure area without the proper pass or identification. As the security policy is updated, all employees should be aware of changes and additions.
These security measures should be part of an overall protection program, like McAfee® Total Protection, which includes antivirus software, a firewall, identity monitoring, password management, web protection, and more.
If you have a large business spread over several floors, it can be hard for employees to know who works there and who doesn’t, leaving them susceptible to tailgating and piggybacking attacks. Requiring smart badges and cards to access restricted areas can help cut back on unauthorized intrusions and provide better access control.
Building fully staffed reception areas with dedicated security personnel could also be part of a larger security system.
Biometric scanners are an even more advanced way to provide proper authentication for a worker’s identity. They scan a unique physical or audible feature of a person and compare it to a database for approved personnel.
Examples of biometric security include:
One reason people are vulnerable to physical and cyberattacks is that they lack education on social engineering and the kinds of threats it poses.
Workers need to understand the full range of social engineering techniques and know-how to protect themselves, whether in their social media accounts or physical work environment.
For their part, companies can use simulated phishing emails and tailgating attacks to raise awareness and underline how to follow protocols in dealing with them.
If there are many ways to enter a business, it may make sense to put video surveillance on all entrances. Advanced video surveillance systems can use artificial intelligence (AI) and video analytics to scan the faces of people entering and compare them to a database of employee features.
Whether at work or at home, people want to be secure from attacks by cybercriminals who seek to take personal information.
To add a layer of security to all their connected devices — including computers, smartphones, and tablets — an increasing number of people are turning to the comprehensive coverage of McAfee® Total Protection.
Features range from advanced monitoring of possible threats to your identity, automatic implementation of virtual private networks (VPNs) to deal with unsafe networks, and personal data clean-up, removing your information from high-risk data broker sites.
McAfee protection allows you to work and play online with greater peace of mind.
The post What Are Tailgating Attacks and How to Protect Yourself From Them appeared first on McAfee Blog.
It’s important to know that not all websites are safe to visit. In fact, some sites may contain malicious software (malware) that can harm your computer or steal your personal contact information or credit card numbers.
Phishing is another common type of web-based attack where scammers try to trick you into giving them your personal information, and you can be susceptible to this if you visit a suspicious site.
Identity theft is a serious problem, so it’s important to protect yourself when browsing the web. Online security threats can be a big issue for internet users, especially when visiting new websites or following site links.
So how can you tell if you’re visiting a safe website or an unsafe website? You can use a few different methods. This page discusses key things to look for in a website so you can stay safe online.
When you’re visiting a website, a few key indicators can help determine whether the site is safe. This section explores how to check the URL for two specific signs of a secure website.
“Https” in a website URL indicates that the website is safe to visit. The “s” stands for “secure,” and it means that the website uses SSL (Secure Sockets Layer) encryption to protect your information. A verified SSL certificate tells your browser that the website is secure. This is especially important when shopping online or entering personal information into a website.
When you see “https” in a URL, the site is using a protocol that encrypts information before it’s sent from your computer to the website’s server. This helps prevent anyone from intercepting and reading your sensitive information as it’s transmitted.
The padlock icon near your browser’s URL field is another indicator that a webpage is safe to visit. This icon usually appears in the address bar and means the site uses SSL encryption. Security tools and icon and warning appearances depend on the web browser.
Let’s explore the cybersecurity tools on the three major web browsers:
Overall, the ”https” and the locked padlock icon are good signs that your personal data will be safe when you enter it on a website. But you can ensure a website’s security is up to par in other ways. This section will explore five in-depth methods for checking website safety.
McAfee WebAdvisor is a free toolbar that helps keep you safe online. It works with your existing antivirus software to provide an extra layer of protection against online threats. WebAdvisor also blocks unsafe websites and lets you know if a site is known for phishing or other malicious activity. In addition, it can help you avoid online scams and prevent you from accidentally downloading malware. Overall, McAfee WebAdvisor is a useful tool that can help you stay safe while browsing the web.
When you’re browsing the web, it’s important to be able to trust the websites you’re visiting. One way to determine if a website is trustworthy is to look for trust seals. Trust seals are logos or badges that indicate a website is safe and secure. They usually appear on the homepage or checkout page of a website.
There are many types of trust seals, but some of the most common include the Better Business Bureau (BBB) seal, VeriSign secure seal, and the McAfee secure seal. These seals indicate that a third-party organization has verified the website as safe and secure.
While trust seals can help determine whether a website is trustworthy, it’s important to remember that they are not foolproof. Website owners can create a fake trust seal, so it’s always important to do your own research to ensure a website is safe before entering personal information.
Another way to determine if a website is safe to visit is to check for a privacy policy. A privacy policy is a document that outlines how a website collects and uses personal information. It should also state how the site protects your data from being accessed or shared by scammers, hackers, or other unauthorized individuals.
If a website doesn’t have a privacy policy, that’s a red flag that you shouldn’t enter any personal information on the site. Even if a website does have a privacy policy, it’s important to read it carefully so you understand how the site uses your personal data.
It’s important to do some preliminary research before visiting a new website, especially if you’re shopping online or entering personal data like your address, credit card, or phone number. One way to determine if a website is safe and trustworthy is to check third-party reviews. Several websites provide reviews of other websites, so you should be able to find several reviews for any given site.
Trustpilot is one example of a website that provides reviews of other websites.Look for common themes when reading reviews. If most of the reviews mention that a website is safe and easy to use, it’s likely that the site is indeed safe to visit. However, if a lot of negative reviews mention problems with viruses or malware, you might want to avoid the site.
You can also analyze the website design when deciding whether a website is safe to visit. Look for spelling errors, grammatical mistakes, and anything that appears off. If a website looks like it was made in a hurry or doesn’t seem to be well-designed, that’s usually a red flag that the site might not be safe.
Be especially careful of websites that have a lot of pop-ups. These sites are often spammy or contain malware. Don’t download anything from a website unless you’re absolutely sure it’s safe. These malicious websites rarely show up on the top of search engine results, so consider using a search engine to find what you’re looking for rather than a link that redirects you to an unknown website.
If you’re unsure whether a website is safe to visit, download McAfee WebAdvisor for free. McAfee WebAdvisor is a program that helps protect you from online threats, such as malware and viruses. It also blocks pop-ups and other intrusive ads so you can browse the web without worry. Plus, it’s completely free to download and use.
Download McAfee WebAdvisor now and stay safe while browsing the web.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome’s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
Authored by SangRyol Ryu
Cybercriminals are always after illegal advertising revenue. As we have previously reported, we have seen many mobile malwares masquerading as a useful tool or utility, and automatically crawling ads in the background. Recently the McAfee Mobile Research Team has identified new Clicker malware that sneaked into Google Play. In total 16 applications that were previously on Google Play have been confirmed to have the malicious payload with an assumed 20 million installations.
McAfee security researchers notified Google and all of the identified apps are no longer available on Google Play. Users are also protected by Google Play Protect, which blocks these apps on Android. McAfee Mobile Security products detect this threat as Android/Clicker and protect you from malware. For more information, to get fully protected, visit McAfee Mobile Security.
The malicious code was found on useful utility applications like Flashlight (Torch), QR readers, Camara, Unit converters, and Task managers:
Once the application is opened, it downloads its remote configuration by executing an HTTP request. After the configuration is downloaded, it registers the FCM (Firebase Cloud Messaging) listener to receive push messages. At first glance, it seems like well-made android software. However, it is hiding ad fraud features behind, armed with remote configuration and FCM techniques.
Attribute name | Known meaning of the value |
FCMDelay | Initial start hours after first installation |
adButton | Visivility of a button of Advertisement |
adMob | AdMob unit ID |
adMobBanner | AdMob unit ID |
casOn | Whether CAS library works or not |
facebookAd | FaceBook Ad ID |
fbAdRatio | Ratio of FB AD |
googleAdRatio | Ratio of AdMob |
is | Decide BootService to run or not |
urlOpen | to open popup or not when starts PowerService |
popUrl | URL for PowerService |
popUpDelay | Delay time for PowerService |
liveUrl | URL for livecheck service |
pbeKey | Key for making unique string |
playButtonList | URL for other service |
reviewPopupDialog | ‘y’ it shows review dialog |
tickDelay | Delay time for TickService |
tickEnable | Value of TickService enabled |
tickRandomMax | Value of TickService random delay |
tickRandomMin | Value of TickService random delay |
tickType | Set the type of TickService |
updateNotiVersion | Value for showing update activity |
The FCM message has various types of information and that includes which function to call and its parameters. The picture below shows some of FCM message history:
When an FCM message receives and meets some condition, the latent function starts working. Mainly, it is visiting websites which are delivered by FCM message and browsing them successively in the background while mimicking user’s behavior. This may cause heavy network traffic and consume power without user awareness during the time it generates profit for the threat actor behind this malware. In the picture below there is an example of the network traffic generated to get the information required to generate fake clicks and the websites visited without user’s consent or interaction:
So far, we have identified two pieces of code related to this threat. One is “com.click.cas” library which focuses on the automated clicking functionality while “com.liveposting” library works as an agent and runs hidden adware services:
Depending on the version of the applications, some have both libraries working together while other applications only have “com.liveposting” library. The malware is using installation time, random delay and user presence to avoid the users from noticing these malicious acts. The malicious behavior won’t start if the installation time is within an hour and during the time the user is using the device, probably to stay under the radar and avoid being detected right away:
Clicker malware targets illicit advertising revenue and can disrupt the mobile advertising ecosystem. Malicious behavior is cleverly hidden from detection. Malicious actions such as retrieving crawl URL information via FCM messages start in the background after a certain period of time and are not visible to the user.
McAfee Mobile Security detects and removes malicious applications like this one that may run in the background without user’s knowledge. Also, we recommend having a security software installed and activated so you will be notified of any mobile threats present on your device in a timely manner. Once you remove this and other malicious applications, you can expect an extended battery time and you will notice reduced mobile data usage while ensuring that your sensitive and personal data is protected from this and other types of threats.
liveposting[.]net
sideup[.]co[.]kr
msideup[.]co[.]kr
post-blog[.]com
pangclick[.]com
modooalba[.]net
SHA256 | Package name | Name | Downloaded |
a84d51b9d7ae675c38e260b293498db071b1dfb08400b4f65ae51bcda94b253e | com.hantor.CozyCamera | High-Speed Camera | 10,000,000+ |
00c0164d787db2ad6ff4eeebbc0752fcd773e7bf016ea74886da3eeceaefcf76 | com.james.SmartTaskManager | Smart Task Manager | 5,000,000+ |
b675404c7e835febe7c6c703b238fb23d67e9bd0df1af0d6d2ff5ddf35923fb3 | kr.caramel.flash_plus | Flashlight+ | 1,000,000+ |
65794d45aa5c486029593a2d12580746582b47f0725f2f002f0f9c4fd1faf92c | com.smh.memocalendar | 달력메모장 | 1,000,000+ |
82723816760f762b18179f3c500c70f210bbad712b0a6dfbfba8d0d77753db8d | com.joysoft.wordBook | K-Dictionary | 1,000,000+ |
b252f742b8b7ba2fa7a7aa78206271747bcf046817a553e82bd999dc580beabb | com.kmshack.BusanBus | BusanBus | 1,000,000+ |
a2447364d1338b73a6272ba8028e2524a8f54897ad5495521e4fab9c0fd4df6d | com.candlencom.candleprotest | Flashlight+ | 500,000+ |
a3f484c7aad0c49e50f52d24d3456298e01cd51595c693e0545a7c6c42e460a6 | com.movinapp.quicknote | Quick Note | 500,000+ |
a8a744c6aa9443bd5e00f81a504efad3b76841bbb33c40933c2d72423d5da19c | com.smartwho.SmartCurrencyConverter | Currency Converter | 500,000+ |
809752e24aa08f74fce52368c05b082fe2198a291b4c765669b2266105a33c94 | com.joysoft.barcode | Joycode | 100,000+ |
262ad45c077902d603d88d3f6a44fced9905df501e529adc8f57a1358b454040 | com.joysoft.ezdica | EzDica | 100,000+ |
1caf0f6ca01dd36ba44c9e53879238cb46ebb525cb91f7e6c34275c4490b86d7 | com.schedulezero.instapp | Instagram Profile Downloader | 100,000+ |
78351c605cfd02e1e5066834755d5a57505ce69ca7d5a1995db5f7d5e47c9da1 | com.meek.tingboard | Ez Notes | 100,000+ |
4dd39479dd98124fd126d5abac9d0a751bd942b541b4df40cb70088c3f3d49f8 | com.candlencom.flashlite | 손전등 | 1,000+ |
309db11c2977988a1961f8a8dbfc892cf668d7a4c2b52d45d77862adbb1fd3eb | com.doubleline.calcul | 계산기 | 100+ |
bf1d8ce2deda2e598ee808ded71c3b804704ab6262ab8e2f2e20e6c89c1b3143 | com.dev.imagevault | Flashlight+ | 100+ |
The post New Malicious Clicker found in apps installed by 20M+ users appeared first on McAfee Blog.
Automobile manufacturer Toyota recently announced a data breach that may have exposed the emails of up to 300,000 customers for a period of nearly five years.
Toyota says the breach is the result of a subcontractor posting source code for Toyota’s “T-Connect” app on the software development platform GitHub in December 2017. This code included an access key to the data server that hosted the e-mail addresses and customer management numbers of T-Connect users. The publicly available source code was found on September 15th, 2022, at which time Toyota changed the access key.
Toyota customers affected by this data breach include T-Connect users who registered their email on the Toyota T-Connect site since July 2017.
According to Toyota’s announcement and apology no other personal information such as customer names, phone numbers, and credit cards were affected. (Note that this announcement was published in Japanese—you can use your browser to translate.)
The company further could not confirm whether this information was in fact accessed. However, the company could not deny the possibility that it was at some point during that five-year period.
Toyota said that it will individually send an apology and notification to the registered email address of any customer whose information may have been leaked.
Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. Different pieces of personal information can be more useful to them than others. Some are directly useful, such as a Social Security Number or credit card information because they uniquely identify you. Others are indirectly helpful, like device IDs, browsing history, geolocation information, and internet protocol addresses. On their own, such information will not uniquely identify you. Yet with enough indirect information, and in the right combination, a bad actor could use them to piece together your identity.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Given that email addresses may have been compromised, Toyota specifically warned its customers about the possibility of phishing attacks and other unsolicited emails that may contain malware or links to malicious sites. While it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information or that contain attachments you weren’t expecting, it’s particularly important after breaches. If you receive such emails, delete them, and don’t click on any links or attachments.
Also note that bad actors may launch phishing attacks where they pose as Toyota, all with the aim to steal personal information. Such emails can clearly look like a scam, such as when they include typos, grammatical errors, or sloppy graphics. Others can look far more sophisticated, almost like a legitimate email. Learning how to tell the two apart can take a little skill, and you can check out this quick read so you can spot and protect yourself from phishing scams.
A complete suite of online protection software can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, we offer $1M identity theft coverage and support from a recovery pro, just in case.
As far as passwords go, strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date.
Because so many accounts use an email address as the username, and because email addresses were exposed in the Toyota leak, updating your passwords across your accounts can provide an extra level of protection.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s monitors the dark web for your personal info and provides early alerts if your data is found on there, an average of 10 months ahead of similar services. We also provide guidance to help you act if your information is found.
As mentioned earlier, information stolen in a data breach may indirectly identify you. Yet when pieced together with other information, it can then directly identify you. Cad actors can complete this identity picture puzzle with information provided by data brokers that buy and sell personal information online. However, you can take some control over this. Our Personal Data Cleanup service scans high-risk data broker sites for your personal information and then helps you remove it—which denies bad actors the information they may need to commit identity theft.
If your personal information gets caught up in a data leak or breach, take the steps to protect yourself. Should that information get into the hands of bad actors, it could lead to follow-on attacks such as phishing attempts, account hacks, and, in extreme cases, identity crime.
Further, as in the case of Toyota, it can take months or even years for companies to discover leaks and breaches. From there, it can take yet longer before a company announces the leak or breach. Together, that leaves bad actors with plenty of opportunity to commit all kinds of identity crime in the meantime.
Because of this, taking preventative steps to secure and monitor your identity can help protect you from harm—even if your information wasn’t involved in an attack. With data leaks and breaches of all sizes now commonplace, a proactive stance offers far better protection than reactionary measures taken after the fact.
The post Toyota Data Breach Exposes Customer Data – What You Can Do to Protect Yourself appeared first on McAfee Blog.
“I’ll just Uber home.”
Who hails a taxi anymore? These days, city streets are full of double-parked sedans with their hazards on, looking for their charges. Uber is synonymous with ridesharing and has made it so far into our culture that it’s not just a company name but a verb.
Uber’s reputation has ebbed and flowed since its creation in 2009, and it’s taken another hit recently as more details are coming to light about a massive 2016 cybersecurity breach and the chief security officer’s attempts to cover it up.
In 2016, a ransomware group trawled the internet and gathered Uber’s credentials that opened the door into the company’s server database. The cybercriminals then stole the information of customers and drivers alike and held it for a $100,000 Bitcoin ransom. Joe Sullivan, Uber’s chief security officer at the time, paid the ransom and the criminal group agreed to delete the information they uncovered. While it’s not uncommon for large corporations to give in to cybercriminals and dole out huge ransom payments, Sullivan is facing potential jail time because he didn’t report the incident to the Federal Trade Commission. He was recently found guilty of wire fraud and concealing a felony from authorities.
Uber account holders had their personally identifiable information in nefarious hands without their knowledge. The cybercriminals allegedly downloaded the names, email addresses and phone numbers of 57 million Uber customers and drivers, plus the license plate numbers of 600,000 drivers.1
Organizations have a responsibility to their customers to report any cyberbreaches. With a full name, email address, and phone number, cybercriminals can inflict a lot of damage on an innocent person’s credit, steal money from online accounts, or invade someone’s digital privacy. Customers must act swiftly to put the proper safeguards in place, but they can’t do that if they don’t even know a breach has happened! The longer a cybercriminal has to poke and prod someone’s digital footprint, the more havoc they can wreak and profits they can gain.
Acting swiftly is key to keeping your personally identifiable information (PII) private after a breach, though there are a few measures you can take right now that could prevent your information from being compromised. Here’s what you can do before and after a breach.
One way to shrink your attack surface – or the number of possible entry points into your digital life – is to regularly vet your online accounts and apps. For example, when you’re cleaning your closet, it’s common to donate or trash any clothing you haven’t worn in a year. The same method works for your digital life. If you haven’t logged into a shopping site or mobile gaming app in over a year, it’s unlikely that you will use them anytime soon, so it’s time to say goodbye and delete it.
McAfee credit lock and security freeze are other preventive measures that can keep your credit safe in case your PII is ever compromised. These services make it easy to prevent one or all three major credit bureaus from accessing your credit. In turn, this prevents anyone other than you from opening a bank account, applying for a loan, or making a substantial purchase. If you’re not planning on needing a credit report, it’s a great practice to freeze your credit.
When you first hear of a company’s data leak with which you have an account, the first step you should take is to change your account password. Login and password combinations are often compromised in a data breach. Make sure your new password is strong and is not a duplicate of a password you use elsewhere.
Next, consider running a Personal Data Cleanup scan. Personal Data Cleanup checks risky data broker sites and alerts you if your information appears on any of them. From there, you can take steps to remove your information.
Finally, for the next few weeks, keep close tabs on your financial, online, and email accounts. Watch for suspicious activities like purchases you didn’t make, electronic receipts, notifications, or mailing lists that you didn’t sign up for. McAfee+ Ultimate can help you here with its identity monitoring and full-service Personal Data Cleanup. McAfee+ gives you a partner to alert you and help you recover if your digital privacy is compromised.
Protecting your identity and digital privacy is a two-way street. While identity and privacy protection tools go a long way, individuals also have a responsibility to remain vigilant and take quick action if they suspect their information is compromised. And the ultimate responsibility lies with companies to alert the authorities and their customers after a data leak and to take serious steps to shore up their security to make sure it never happens again.
1The Verge, “Former Uber security chief found guilty of covering up massive 2016 data breach”
The post 57 Million Users Compromised in Uber Leak: Protect Your Digital Privacy and Identity appeared first on McAfee Blog.
One of the oldest tricks in the cybercrime playbook is phishing. It first hit the digital scene in 1995, at a time when millions flocked to America Online (AOL) every day. And if we know one thing about cybercriminals, it’s that they tend to follow the masses. In earlier iterations, phishing attempts were easy to spot due to link misspellings, odd link redirects, and other giveaways. However, today’s phishing tricks have become personalized, advanced, and shrouded in new disguises. So, let’s take a look at some of the different types, real-world examples and how you can recognize a phishing lure.
Every day, users get sent thousands of emails. Some are important, but most are just plain junk. These emails often get filtered to a spam folder, where phishing emails are often trapped. But sometimes they slip through the digital cracks, into a main inbox. These messages typically have urgent requests that require the user to input sensitive information or fill out a form through an external link. These phishing emails can take on many personas, such as banking institutions, popular services, and universities. As such, always remember to stay vigilant and double-check the source before giving away any information.
A sort of sibling to email phishing, link manipulation is when a cybercriminal sends users a link to malicious website under the ruse of an urgent request or deadline. After clicking on the deceptive link, the user is brought to the cybercriminal’s fake website rather than a real or verified link and asked to input or verify personal details. This exact scenario happened last year when several universities and businesses fell for a campaign disguised as a package delivery issue from FedEx. This scheme is a reminder that anyone can fall for a cybercriminals trap, which is why users always have to careful when clicking, as well as ensure the validity of the claim and source of the link. To check the validity, it’s always a good idea to contact the source directly to see if the notice or request is legitimate.
Corporate executives have always been high-level targets for cybercriminals. That’s why C-suite members have a special name for when cybercriminals try to phish them – whaling. What sounds like a silly name is anything but. In this sophisticated, as well as personalized attack, a cybercriminal attempts to manipulate the target to obtain money, trade secrets, or employee information. In recent years, organizations have become smarter and in turn, whaling has slowed down. Before the slowdown, however, many companies were hit with data breaches due to cybercriminals impersonating C-suite members and asking lower-level employees for company information. To avoid this pesky phishing attempt, train C-suite members to be able to identify phishing, as well as encourage unique, strong passwords on all devices and accounts.
Just as email spam and link manipulation are phishing siblings, so too are whaling and spear-phishing. While whaling attacks target the C-suite of a specific organization, spear-phishing rather targets lower-level employees of a specific organization. Just as selective and sophisticated as whaling, spear-phishing targets members of a specific organization to gain access to critical information, like staff credentials, intellectual property, customer data, and more. Spear-phishing attacks tend to be more lucrative than a run-of-the-mill phishing attack, which is why cybercriminals will often spend more time crafting and obtaining personal information from these specific targets. To avoid falling for this phishing scheme, employees must have proper security training so they know how to spot a phishing lure when they see one.
With so many things to click on a website, it’s easy to see why cybercriminals would take advantage of that fact. Content spoofing is based on exactly that notion – a cybercriminal alters a section of content on a page of a reliable website to redirect an unsuspecting user to an illegitimate website where they are then asked to enter personal details. The best way to steer clear of this phishing scheme is to check that the URL matches the primary domain name.
When users search for something online, they expect reliable resources. But sometimes, phishing sites can sneak their way into legitimate results. This tactic is called search engine phishing and involves search engines being manipulated into showing malicious results. Users are attracted to these sites by discount offers for products or services. However, when the user goes to buy said product or service, their personal details are collected by the deceptive site. To stay secure, watch out for potentially sketchy ads in particular and when in doubt always navigate to the official site first.
With new technologies come new avenues for cybercriminals to try and obtain personal data. Vishing, or voice phishing, is one of those new avenues. In a vishing attempt, cybercriminals contact users by phone and ask the user to dial a number to receive identifiable bank account or personal information through the phone by using a fake caller ID. For example, just last year, a security researcher received a call from their financial institution saying that their card had been compromised. Instead of offering a replacement card, the bank suggested simply blocking any future geographic-specific transactions. Sensing something was up, the researcher hung up and dialed his bank – they had no record of the call or the fraudulent card transactions. This scenario, as sophisticated as it sounds, reminds users to always double-check directly with businesses before sharing any personal information.
As you can see, phishing comes in all shapes and sizes. This blog only scratches the surface of all the ways cybercriminals lure unsuspecting users into phishing traps. The best way to stay protected is to invest in comprehensive security and stay updated on new phishing scams.
The post The Seven Main Phishing Lures of Cybercriminals appeared first on McAfee Blog.
Your phone buzzes. You hope it’s a reply from last night’s date, but instead you get an entirely different swooping feeling: It’s an alarming SMS text alerting you about suspicious activity on your bank account and that immediate action is necessary.
Take a deep breath and make sure to read the message carefully. Luckily, your assets could be completely safe. It could just be a smisher.
Smishing, or phishing over SMS, is a tactic where cybercriminals impersonate reputable organizations or people and trick people into handing over their personally identifiable information (PII) or financial details. Sometimes they can seem very credible with the information they have, and you may have even been expecting a correspondence of a similar nature.
So how can you tell when an SMS text is real and requires your attention? And how should you deal with a smisher to keep your identity safe?
Like email phishing and social media phishing, SMS text phishing often tries to use a strong emotion – like fear, anger, guilt, or excitement – to get you to respond immediately and without thinking through the request completely. Vishing is another phishing tactic over the phone, though instead of a text, the scammer leaves voicemails.
In the case of one coordinated smishing attack, cybercriminals not only impersonated financial institutions but collected PII on their targets ahead of time. The criminals then used these personal details – like old addresses and Social Security Numbers – to convince people that they were legitimate bank employees.1 But since when does a bank try to prove itself to the customer? Usually, it’s the other way around, where they’ll ask you to confirm your identity. Be wary of anyone who texts or calls you and has your PII. If you’re ever suspicious of a caller or texter claiming they’re a financial official, contact your bank through verified channels (chat, email, or phone) you find on the bank’s website to make sure.
Scammers also keep up with current events and attempt to impersonate well-known companies that have a reason to reach out to their customers. This adds false legitimacy to their message. For example, in the summer of 2022, Rogers Communications, a Canadian telecommunications provider, experienced an extended loss of service and told customers they could expect a reimbursement. Smishers jumped on the opportunity and sent a barrage of fake texts requesting banking details in order to carry out the reimbursement.2 However, Rogers credited customers directly to their Rogers accounts.
If you receive a suspicious text, go through these three steps to determine if you should follow up with the organization in question or simply delete and report the text.
Do you have text alerts enabled for your bank and utility accounts? If not, disregard any text claiming to be from those organizations. Companies will only contact you through the channels you have approved. Also, in the case of the Rogers smishing scheme, be aware of how a company plans to follow up with customers regarding reimbursements. You can find information like this on their official website and verified social channels.
ChatGPT might make it more difficult than spot smishing attempts because AI content generation tools usually use correct grammar and spelling. However, the tone is a good indicator of a scammer. If the tone of the text urges you to act quickly or proposes a dire consequence of ignoring the message, be on alert. While suspicious activity on your credit card is serious, your bank will likely reimburse you for charges you didn’t make, so you have time to check your bank account and see recent activities. Official correspondence from financial institutions will always be professional and will try to put you at ease, not make you panic.
Whenever you get a text from someone you don’t know, it’s a good practice to do an internet search for the number to see with whom it’s associated. If it’s a legitimate number, it should appear on the first page of the search results and direct to an official bank webpage.
Once you’ve identified a fake SMS alert, do not engage with it. Never click on any links in the message, as they can redirect you to risky sites or download malware to your device. Also, don’t reply to the text. A reply lets the criminal on the other end know that they reached a valid phone number, which may cause them to redouble their efforts. Finally, block the number and report it as spam.
A great absolute rule to always follow is to never give out your Social Security Number, banking information, usernames, or passwords over text.
To give you peace of mind in cases where you think a malicious actor has access to your PII, you can count on McAfee+. McAfee+ offers a comprehensive suite of identity and privacy protection services to help you feel more confident in your digital life.
1PC Mag, “Scammers Are Using Fake SMS Bank Fraud Alerts to Phish Victims, FBI Says”
2Daily Hive, “Rogers scam alert: Texts offering credit after outage are fake”
The post What Is Smishing? Here’s How to Spot Fake Texts and Keep Your Info Safe appeared first on McAfee Blog.
Venmo, quick and convenient. A great way to pay back a friend or split the cost of a meal. Yet its ease of use and popularity has made it a hunting ground for scammers.
Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credential. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money from you.
All of it is preventable.
Just like any other payment app out there, using Venmo safely calls for a few precautions—and for knowing the tricks that scammers like to pull.
Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:
This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.
We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.
In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.
Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.
Pay only people you trust. Per Venmo, the app was originally designed for people who know and trust each other to send each other payments. Since then, it’s expanded to making payments for goods and services under certain circumstances. In Venmo’s words:
“The only way to accept payments for goods and services on Venmo is to be explicitly authorized to accept Venmo for purchases, either by applying for a business profile or tag a payment to a personal profile as a purchase.”
Venmo further clarifies their policy by stating (emphasis theirs):
“Unless directly given the option by Venmo, DO NOT USE VENMO TO TRANSACT WITH PEOPLE YOU DON’T PERSONALLY KNOW, ESPECIALLY IF THE TRANSACTION INVOLVES THE PURCHASE OR SALE OF A GOOD OR SERVICE (for example, concert tickets, electronic equipment, sneakers, a watch, or other merchandise).”
Purchases that don’t follow these policies open you up to risk. That includes the many scammers who peddle phony goods, ask their victims to pay with Venmo, and never deliver a thing. On the flip side, when you make an authorized purchase through Venmo, you gain the benefits of their protection plan. You can learn more about it on their protection plan site.
Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:
|
|
Venmo breaks down each of these scams in detail on their site. They further share things you can do to avoid them—or steps to take if you unfortunately fall victim to one of these scams.
Broadly speaking, though, you can take several steps to avoid Venmo scams:
Scammers will often pose as customer service reps to pump information out of their victims. They’ll ask for things like bank account information, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this information. Legitimate reps from legitimate companies won’t request it.
In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this information by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings then Identity Verification.
Venmo always sends communications through their official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.
Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.
Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.
For starters, it includes web browser protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam—such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.
Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, $1 ID theft coverage & restoration can help you recover quickly.
In all, there’s no question that Venmo makes payments quick and convenient. You can make them far more secure too. The right precautions and tools can see to it.
The post How to Identify and Protect Yourself From Venmo Scams and Other Cash App Scams appeared first on McAfee Blog.
The joy of purchasing a new device is liberating. Now you can work, learn, and play faster — along with enjoying ample storage space. So, the last thing you’d expect is your apparently safe device being exposed to vulnerabilities, or “bloat.”
Exposure to unwanted software can derail its performance and hog its storage within a few months of usage. In technical terms, such pieces of software are referred to as bloatware. Bloatware has the potential to attack PCs with Microsoft systems and Android devices. It can also attack Apple iPhones and Macs although their systems tend to be built with a bit more protection.
This article defines bloatware, offers common examples, explains how to identify it, and discusses its impact on your computer’s security.
Bloatware, also called Junkware or Potentially Unwanted Programs (PUP), are third-party programs that slow down the performance of your device and lay it bare to cybersecurity risks.
Manufacturers initially introduced bloatware to provide users with more utility, but the programs led to device issues. Software programs that identify as bloatware run in the background, and locating them is not child’s play.
Bloatware finds its way into your device in two ways: it comes pre-installed or through programs downloaded from the internet. Lenovo‘s Superfish bloatware scandal from 2015 explains how bloatware can harm your devices.
Common examples of bloatware apps include:
As a piece of good advice, it is best to uninstall such apps when of no use — whether on your Android smartphone, Windows computer, or an iOS device.
Performance degradation is a common symptom of a device carrying bloatware. Extended boot-up times, clogged storage, and startup delays are common occurrences. Let’s review some programs that may also be bloatware:
Here’s how to identify bloatware:
As mentioned, not all bloatware is a threat to your device. Some may be useful and can be removed easily. But a major chunk of bloatware is known to slow down your computer.
Bloatware eats up a good chunk of the disk space or hard drive as it runs in the background, and it drains the battery life. Bloatware that isn’t removed quickly may clog your device with annoying ads. These ads can pose a security threat or even corrupt your operating system.
Sadly, it can be a challenge to uninstall bloatware because it finds its way back into the device — sometimes even after it has been deleted. In some cases, it may even redirect you to fake bloatware removal websites and offer malicious removal tools. Such websites ask you to install a new program to remove the previous one, trapping your device further. Unfortunately, there are no secret hacks to stop it from finding a way into your system.
Pro tip: Anytime you download a program or software, be sure it’s from an official source (like a secured website, the Google Play Store, or the Apple App Store). Installing a program from a suspicious website can put your device at risk, as the program can download bundles of other programs on the back end without your knowledge.
Windows 10 comes with a special refresh tool to remove any bloatware disguised as user-installed programs. This tool can bring your PC back to a clean slate. It’s important to check your hard drive beforehand, as it can also remove licenses.
Bloatware can be both harmful and annoying. New devices need full-fledged protection so they can last longer. The answer to your bloatware woes is an antivirus program. It safeguards your computer from dangerous security threats and prevents accidental downloads, so malicious bloatware or malware can’t access your device.
Bloatware can compromise your online safety and security. McAfee+’s protection package is the ideal investment for your new device, so you can work without any hassles or doubts.
McAfee+ enables a top-tier level of online security with full protection from pesky software programs like bloatware. Additionally, you get access to antivirus software for unlimited devices, lost wallet protection, a secure VPN, personal data clean-ups, and more. Sign up for McAfee + and rest easy while your devices remain bloatware-free.
The post What Is Bloatware and How Can It Impact Security? appeared first on McAfee Blog.
With regular marketing emails from brands, businesses, and subscription services, our email accounts are more cluttered than ever. The number of daily emails exchanged globally reached an estimated 319 billion in 2021. Unfortunately, the chances that these emails were spam or junk are quite high. In fact, 45% of all email traffic came from spam emails as of December 2021.
With emails often being the preferred mode of communication for official purposes, it’s important to observe good digital hygiene with your inbox. While a cluttered inbox can be overwhelming, it can also double as a cybersecurity threat. Junk emails that contain malware or act as phishing tools are notorious for wreaking havoc in IT systems or aiding identity theft.
Are you tired of opening your inbox to a barrage of unwanted emails? Read this article to learn how to block or eliminate spam emails.
We know you didn’t sign up to be spammed by unwanted emails. So why is your inbox overflowing with spam messages? It could be one of many reasons, including:
Companies also often share information that you’ve entered during registration with other businesses. Applications for loyalty cards and discount coupons at checkout are also sources of customer information for companies. Although companies are mandated to ask permission before sharing your personal information with affiliates, users often ignore the fine print. So, how do you block these unwanted emails?
Fortunately, most email services let you block this contact or other specific email addresses by following a few simple steps. Usually, just notifying your email service that a certain sender is spamming you does the job. The process varies according to the email provider used. Read on to find out how to keep your inbox clean.
Gmail users can block spam mail using the Gmail app or web app. Follow the steps below to block emails while using the web app:
Open a message from the sender you wish to block. If you don’t have a recent email from them, search their address or name in the search box at the top of the page.
Doing this will cause all future emails from this sender to enter your spam folder. If you block someone you didn’t intend to, follow the same procedure to unblock and start receiving mail from their address.
Follow these steps to block an address using the Outlook (the new Hotmail) web app:
By marking the email as junk, Outlook filters and sends all further emails from the sender to your spam folder.
Like all other service providers, the process of blocking a sender from your Yahoo mail account is quite straightforward. Use your web app and follow these steps to get rid of junk mail from your inbox:
Alternatively, you can also block a sender from the Settings menu.
You can unblock any address by navigating to “Blocked addresses” using the same steps and unblock any ID.
To proactively block senders from your AOL Mail inbox, follow the steps below using your web browser:
Following these simple steps marks all future emails from the chosen sender as spam and sends them to the spam folder.
The Apple iOS email app on iPhone, iPad, and Mac only recently allowed unsubscribing from mailing lists. It still doesn’t let you block senders. Follow the steps detailed below to filter and unsubscribe from senders:
Flag any email as spam by forwarding the email to spam@icloud.com.
Widely used and accepted email services are a frequent target of cyberattacks. Attackers can use email to gain control or access your personal information and resources.
Securing email systems is crucial since your email might contain a lot of sensitive information, including financial documents, legal information, important personal documents, or even trade secrets.
As an email sender and receiver, you should be aware of the most common ways the service is used to infect a computer.
A general rule of thumb is to verify and review download links, forms, and email addresses of the sender before clicking on them, as they can pose significant threats to your cybersecurity. If you receive an email from someone you trust but it contains a link that you find suspicious, multiple websites can analyze URLs and files for malware.
Keeping an email system safe involves securing the servers of the client and the user. As an informal email system user, it can be hard to mitigate and manage risks posed by malicious emails on your own.
Fortunately, you can utilize McAfee+and Identity Theft Protection. McAfee ensures complete cyber protection with advanced monitoring, customized tips according to your usage, and data clean-ups. With multiple subscription plans at your disposal, you can protect yourself and your family from all kinds of cyberthreats.
The post How to Block Emails appeared first on McAfee Blog.
Deleting your browsing history has its benefits. For one, it can improve the performance of your device. Secondly, it can help make you more private online. To a point. In fact, clearing your history from time to time is just one of several steps you can take to improve your privacy.
First off, let’s check out what’s in that history of yours. It contains:
Keep in mind that this info is stored locally on your device, so deleting it there doesn’t mean it’s deleted from the internet. (More on that in a minute.)
If you want to keep your device more private and keep your browser running smoothly, quickly clearing your device’s browser history can help.
There’s no fixed or recommended time for deleting your browsing history, cache, and cookies. It’s all relative to your system’s storage space and personal preferences. Refer to this step-by-step guide whenever you feel like it’s time to clear junk from your browsers.
Google Chrome
To delete your browser history on Google Chrome:
Some of your settings might be deleted when clearing your browser history. For example, you might have to re-sign into your accounts.
If you want to delete cookies and cache for a specific site, you can learn how to change more cookie settings in Chrome.
Mozilla Firefox
To delete your browsing, search, and download history on Mozilla Firefox, follow these steps:
Now, you have quickly deleted your browser history on Mozilla Firefox.
Microsoft Edge
To clear your Microsoft Edge browsing data from only the device you’re currently using, turn off sync before clearing the data. The selected data will be deleted across all your synced devices if sync is turned on.
Follow these steps to turn off sync:
This is how to clear your browsing data on Microsoft Edge in a few simple steps.
Safari
Here are simple steps to clear browser cache and cookies on Safari 8.0 through 10.0. These steps apply to your Apple laptop running macOS, but an iPad or iPhone might have slightly different steps.
That’s all! You’ve now deleted your browser history on Safari.
Opera
To clear cache and browser history in Opera:
Clearing your cache is only the first step. Preventing others from gathering info about you while you browse is the next.
The websites you visit and many of the search engines you use collect info from you as well — info that they store themselves. What type of info they collect and for what purposes varies. Generally, they collect it to personalize your experience on their sites and for gaining insights into your online behaviors. Yet more collect this info for advertising purposes, as mentioned above.
Your internet service provider (ISP) tracks browsing info as well. That can include your location, the websites you visit, and what you do on them. The length of time that ISPs hold onto this info varies. Their data policies and local data retention laws can mean that they keep this info for months or years at a time. Some ISPs use this info as a revenue stream by sharing broad cross-sections of browsing habits with advertisers. Additionally, this info might be subject to subpoena by law enforcement — again depending on local data privacy laws.
So, keeping your browsing private from advertisers, websites, ISPs, and other third parties calls for extra measures:
Use a VPN.
When you use a VPN, you can hide several things from your ISP and other third parties, like the websites and apps you use, the time spent on them, your search history, and downloads. As for websites and apps, a VPN can hide your IP address and your location, all of which can thwart ad tracking on those sites and apps.
A strong VPN service like ours offers yet another benefit. It protects you from hackers and snoops. Our VPN uses bank-grade encryption to keep your data and info secure. With a VPN, a snoop would only see garbled content thanks to your VPN’s encryption functionality.
Clean up your info online.
One major privacy leak comes at the hands of online data brokers, companies that collect and resell volumes of exacting personal info about millions of people. In fact, they make up a multi-billion-dollar industry that spans worldwide. Additionally, there are so-called “White Pages” and “people finder” sites that post info like names, addresses, and other public records that anyone can access.
With all this info collected in a central location that’s easily searched and accessed, these sites can be an ideal resource for hackers, spammers, and thieves. McAfee Personal Data Cleanup can help you take control. It scans high-risk data broker sites and lets you know which ones are selling your data, and depending on your McAfee+ plan, it can remove it for you too.
Delete old accounts.
Consider all those dozens and dozens of old (and forgotten) online accounts you don’t use anymore. Several might have various pieces of personal info stored on them, even though it’s been ages since you used them. Deleting these accounts and the info linked with them can improve your privacy. What’s more, deleting them can help prevent identity theft if those sites get breached.
Our Online Account Cleanup can save you hours and hours of time by cleaning things up with just a few clicks. It shows you which accounts are tied to your email address and what info is usually shared with each account. It also shows you which are riskiest to keep, helping you determine which ones to delete.
Deleting your browser history can give you a performance boost and delete tracking cookies used by third parties. To prevent others from collecting your info while you browse and to clean up the places online where it shows up, grab yourself comprehensive online protection software like our own McAfee+.
It offers several features that can help you be safer and more private online:
With all this data collection happening online, there’s still plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal info more private and secure.
The post How to Delete Your Browser History appeared first on McAfee Blog.
Have you seen that small pop-up on your phone or laptop that says your password has been compromised?
Simple and weak passwords are prone to guesswork, and attackers can force their way in if the password length is too short. Attackers can easily guess simple passwords like your birthday, email account, or one of your former phone numbers.
A long password made up of a random string of characters, including letters, numbers, and symbols, is considered strong security against data breaches.
Creating a strong password for each of your accounts is the best way to protect your sensitive information. Coming up with a unique password for every account and learning each one by heart can be challenging. This is where a password generator can help you create a random password. Password generators are also beneficial when you want to change an old password.
The next challenge is storing your passwords safely so that you can keep track of each of your account’s login information. McAfee True Key is another tool to streamline your password security and management. Simply sign in once using a master password, and True Key will auto-save and autofill your passwords for you whenever you want to access one of your accounts.
A password generator is a software that creates random passwords for its users. A random password generator will construct passwords of any length using numbers, letters, and symbols. You can also add customizations to your randomly generated password, such as using only alphanumeric characters with no symbols. Using a password generator is considered a great way to secure your data. Without a strong password to secure your data, you risk financial fraud and identity theft.
In addition to stealing your money, a hacker who controls your account can apply for new credit cards and reduce your credit score.
With the rapid growth of security failure and cybercrime, a strong password from a password generator can protect your data against fraud and malware attacks. Traditional password attacks include brute force attacks, rainbow tables, and dictionary attacks.
A strong password consisting of a long string of ambiguous characters, including alphanumeric and symbols, can shield against this. Whenever you are asked to update a password on one of your account websites, you can immediately create a strong password using a password generator. It’s also a healthy practice to update passwords every three months. You can accomplish this easily using a password generator.
The password strength directly correlates to the computing power needed to crack it. Here are the key elements of a strong password:
A good password generator tool works by creating a random password using “cryptographically secure” random values. In other words, these passwords cannot be predicted by attackers even if they replicate the algorithm employed by the generator. This makes such password generators an incredibly safe and effective way to create unique passwords. In addition to their security, password generators let you tailor your new password to a preferred length and complexity.
You can generate a slew of unique passwords in an instant. Once you find one you like, your password generator can save it for you. Some secure password generators like McAfee True Key also combine password management in their functions. Bid goodbye to the hassle of individually signing into every account with a unique password. You can store all of your unique passwords and sign in to any of your accounts using a single master password.
You can get a range of features with your password generator to improve your data security. Here are some useful characteristics to look for in a good password generator:
McAfee True Key can help you generate strong passwords while also serving as a place to store all of your unique passwords. True Key protects your passwords by scrambling them using AES-256, one of the strongest encryption algorithms available. With factors of your choosing, only you can decrypt and access your sensitive information on True Key by signing in using a single master password.
Access all of your data on True Key by signing in using your secure master password. Every time you sign in to your True Key account, your identity will be verified using at least two factors of your choosing. You can customize your profile by adding more sign-in factors; the more you add, the more secure your information.
True Key is supported by iOS, Android, Mac, and PC devices, meaning you can sign in from any of these operating systems. You also get local data encryption and cross-device syncing across all of these devices. Supported browsers include Chrome, Firefox, Microsoft Edge, and Safari. McAfee respects your privacy, which means your passwords are not accessible to anyone but you. Your data will never be sold or shared with any third parties.
Your password determines your data security. Data breaches can involve cases of identity theft and financial fraud. Create strong passwords for every account to keep your online data free from financial fraud and malicious intent. You can accomplish this using a strong password generator. Ensure your password generator uses cryptographically secure random variables, so hackers can’t predict your passwords even if they have access to the algorithm used for the generator.
In addition to creating unique passwords, a password generator also serves as a secure place to store your passwords. Most people assume they are safe when storing passwords in a document on their PC. If a hacker gains access to your device, they can read the document containing all of your sensitive passwords. Prevent this by using a password manager, which requires a master password and two-factor authentication to log in.
Get these benefits and more completely free when you install McAfee True Key. And to protect yourself even more, consider McAfee+
The post Strong Password Generators appeared first on McAfee Blog.
It’s hard to imagine a world without cellphones. Whether it be a smartphone or a flip phone, these devices have truly shaped the late 20th century and will continue to do so for the foreseeable future. But while users have become accustomed to having almost everything they could ever want at fingertips length, cybercriminals were busy setting up shop. To trick unsuspecting users, cybercriminals have set up crafty mobile threats – some that users may not even be fully aware of. These sneaky cyberthreats include SMSishing, fake networks, malicious apps, and grayware, which have all grown in sophistication over time. This means users need to be equipped with the know-how to navigate the choppy waters that come with these smartphone-related cyberthreats. Let’s get started.
If you use email, then you are probably familiar with what phishing is. And while phishing is commonly executed through email and malicious links, there is a form of phishing that specifically targets mobile devices called SMSishing. This growing threat allows cybercriminals to utilize messaging apps to send unsuspecting users a SMSishing message. These messages serve one purpose – to obtain personal information, such as logins and financial information. With that information, cybercriminals could impersonate the user to access banking records or steal their identity.
While this threat was once a rarity, its the rise in popularity is two-fold. The first aspect is that users have been educated to distrust email messages and the second is the rise in mobile phone usage throughout the world. Although this threat shows no sign of slowing down, there are ways to avoid a cybercriminal’s SMSishing hooks. Get started with these tips:
Public and free Wi-Fi is practically everywhere nowadays, with some destinations even having city-wide Wi-Fi set up. But that Wi-Fi users are connecting their mobile device to may not be the most secure, given cybercriminals can exploit weaknesses in these networks to intercept messages, login credentials, or other personal information. Beyond exploiting weaknesses, some cybercriminals take it a step further and create fake networks with generic names that trick unsuspecting users into connecting their devices. These networks are called “evil-twin” networks. For help in spotting these imposters, there are few tricks the savvy user can deploy to prevent an evil twin network from wreaking havoc on their mobile device:
Fake apps have become a rampant problem for Android and iPhone users alike. This is mainly in part due to malicious apps hiding in plain sight on legitimate sources, such as the Google Play Store and Apple’s App Store. After users download a faulty app, cybercriminals deploy malware that operates in the background of mobile devices which makes it difficult for users to realize anything is wrong. And while users think they’ve just downloaded another run-of-the-mill app, the malware is hard at work obtaining personal data.
In order to keep sensitive information out of the hands of cybercriminals, here are a few things users can look for when they need to determine whether an app is fact or fiction:
With so many types of malware out in the world, it’s hard to keep track of them all. But there is one in particular that mobile device users need to be keenly aware of called grayware. As a coverall term for software or code that sits between normal and malicious, grayware comes in many forms, such as adware, spyware or madware. While adware and spyware can sometimes operate simultaneously on infected computers, madware — or adware on mobile devices — infiltrates smartphones by hiding within rogue apps. Once a mobile device is infected with madware from a malicious app, ads can infiltrate almost every aspect on a user’s phone. Madware isn’t just annoying; it also is a security and privacy risk, as some threats will try to obtain users’ data. To avoid the annoyance, as well as the cybersecurity risks of grayware, users can prepare their devices with these cautionary steps:
The post Cybercrime’s Most Wanted: Four Mobile Threats that Might Surprise You appeared first on McAfee Blog.
Happy Cybersecurity Awareness Month!
Every October, the National Cybersecurity Alliance selects a theme around which to publish extensive awareness resources and practical tips to help you improve your cybersecurity.1 This year’s theme is “It’s easy to stay safe online.” With the number of cyberthreats and breaches dominating the headlines, it can seem like a Herculean task to cover all your bases; however, with just four easy habits, you can actually protect yourself against a large percentage of these threats!
Don’t be scared of hackers, phishers, or cybercriminals this month. Leave that to the ghosts, ghouls, and your upcoming holiday social calendar.
Multifactor authentication (MFA) is an excellent way to frustrate cybercriminals attempting to break into your online accounts. MFA means that you need more than a username and password to log in, such as a one-time code sent to by email, text, or through an authentication app or a face or fingerprint scan. This adds an extra layer of security, because a thief would have to have access to your device, your email, or be able to trick a biometric reader to get into your online account.
Most online sites offer the option to turn on MFA. While it may add an extra few seconds to the login process, it’s well worth it. Username and password combinations can be up for sale on the dark web following a breach. With these in hand, a cybercriminal could then help themselves to your online bank account, online medical records, and possibly your identity. When an account is secured with MFA, a criminal may quickly move on to another target that’s easier to crack.
Most sites won’t even let you proceed with creating an account if you don’t have a strong enough password. A strong password is one with a mix of capital and lowercase letters, numbers, and special characters. What also makes for an excellent password is one that’s unique. Reusing passwords can be just as risky as using “password123” or your pet’s name plus your birthday as a password. A reused password can put all your online accounts at risk, due to a practice called credential stuffing. Credential stuffing is a tactic where a cybercriminal attempts to input a stolen username and password combination in dozens of random websites and to see which doors it opens.
Remembering a different password for each of your online accounts is almost an impossible task. Luckily, password managers make it so you only have to remember one password ever again! Password managers, like the one available in McAfee+. safeguard all your passwords in one secure desktop extension or cellphone app that you can use anywhere. McAfee+ is secured with one of the most secure encryption algorithms available, and multifactor authentication is always standard.
It’s best to create passwords or passphrases that have a secret meaning that only you know. Stay away from using significant dates, names, or places, because those are easier to guess. You can also leave it up to your password manager to randomly generate a password for you. The resulting unintelligible jumble of numbers, letters, and symbols is virtually impossible for anyone to guess.
Software update notifications always seem ping on the outskirts of your desktop and mobile device at the most inconvenient times. What’s more inconvenient though is having your device hacked. Another easy tip to improve your cybersecurity is to update your device software whenever upgrades are available. Most software updates include security patches that smart teams have created to foil cybercriminals. The more outdated your apps or operating system is, the more time criminals have had to work out ways to infiltrate them.
Consider enabling automatic updates on all your devices. Many major updates occur in the early hours of the morning, meaning that you’ll never know your devices were offline. You’ll just wake up to new, secure software!
You’ve likely already experienced a phishing attempt, whether you were aware of it or not. Phishing is a common tactic used to eke personal details from unsuspecting or trusting people. Phishers often initiate contact through texts, emails, or social media direct messages, and they aim to get enough information to hack into your online accounts or to impersonate you.
Luckily, it’s usually easy to identify a phisher. Here are a few tell-tale signs for be on the lookout for:
Never engage with a phishing attempt. Do not forward the message or respond to them and never click on any links included in their message. The links could direct to malicious sites that could infect your device with malware or spyware.
Before you delete the message, block the sender, mark the message as junk, and report the phisher. Reporting can go a long way toward hopefully preventing the phisher from targeting someone else.
The best complement to your newfound excellent cyberhabits is a toolbelt of excellent services to patch any holes in your defense. McAfee+ includes all the services you need to boost your peace of mind about your online identity and privacy. You can surf public Wi-Fis safely with its secure VPN, protect your device with antivirus software, scan risky sites for your personally identifiable information, and more!
This October, make a commitment to improving your cybersecurity with the guidance of the National Cybersecurity Alliance and McAfee.
1National Cybersecurity Alliance, “Cybersecurity Awareness Month”
The post 4 Easy Things You Can Do Today to Improve Your Cybersecurity appeared first on McAfee Blog.
Imagine someone putting your personal information out online for thousands of strangers to see—your home address, phone number, even details about your family members or workplace. This invasive practice, known as doxing, has become a significant concern in the digital age. It’s not just about privacy anymore; it’s about the potential for real-world harm. This article explains what doxing is and how to prevent it from happening to you.
Doxing (or “doxxing”) is the practice of revealing another individual’s personal information (home address, full name, phone number, place of work, and more) in an online public space without the person’s consent.
The term “doxing” comes from the hacker world and references the act of “dropping dox” (as in “docs”) with malicious intent to the victim. The severity of the personal data leak may also go beyond phone numbers and addresses to include releasing private photos, Social Security numbers (SSNs), financial details, personal texts, and other more invasive attacks.
One of the first incidents of doxing took place back in the late 1990s when users of the online forum Usenet circulated a list of suspected neo-Nazis. The list included the suspected individuals’ email accounts, phone numbers, and addresses.
One of the most infamous examples of doxing was during 2014’s Gamergate controversy, involving issues of sexism and misogyny in the video game industry. Female video game developers and journalists were subjected to relentless harassment and doxing, placing their personal safety in jeopardy.
Several high-profile cases of celebrity doxing have made headlines over the years, serving as stark reminders of the dangers of online harassment and privacy invasion. In 2017, a woman hacked Selena Gomez’s email and leaked her Los Angeles-area home address online. In 2021, rapper Kanye West famously doxed Drake when he tweeted the star’s home address.
While doxing can hurt people, it’s not necessarily a crime. In some cases, a doxer finds publicly available information and shares it broadly. Since the data is public record, it’s not illegal to share it. A doxer might invite others to visit the home or workplace of their target rather than taking a specific action.
That said, it is illegal to hack a device or computer without permission from the owner — even if the information collected is never used. The legality of doxing must be taken on a case-by-case basis, and law enforcement must build its case based on existing applicable laws. For example, if the doxer attempted to apply for a credit card using your private data, they could be prosecuted for fraud or identity theft.
You can follow a few critical practices to help protect yourself from doxing. Start by limiting what you share online, using strong passwords, and taking advantage of secure technologies like virtual private networks (VPNs).
Limiting the amount of personal information you share online is one of the best ways to protect yourself from doxing. Avoid oversharing personal details of your life (like your child’s name, pet’s name, or place of work), and maintain the highest possible privacy settings for any social media app or website.
You should also take caution when tagging friends, locations, and photos, as this may give doxers more access to your data. Check out our Ultimate Guide to Safely Sharing Online to learn more.
Data brokers are companies that mine the internet and public records for financial and credit reports, social media accounts, and more. They then sell that data to advertisers, companies, or even individuals who may use it to dox somebody.
You might be surprised to see the amount of sensitive information available to anyone who wants it with an online search. Data brokers often have contact information, including real names, current and former addresses, birth dates, phone numbers, social media profiles, political affiliations, and other information that most consider private.
While you can remove your private information from many data broker sites, they tend to make the process tedious and frustrating. McAfee Personal Data Cleanup makes the process much easier. All you have to do is enter your name, date of birth, and home address, and we’ll scan it across high-risk data broker sites. We’ll then help you remove it.
Having strong passwords can make you less vulnerable to hackers and doxers. Keep yourself more secure by following a few simple rules.
Make password management much easier by using a password manager and generator tool. True Key uses the strongest encryption available to decrypt your existing passwords and can help generate new strong passwords.
When browsing on public Wi-Fi networks like those at airports and coffee shops, your data is at greater risk of being compromised by cybercriminals who may lift sensitive information for personal gain.
A virtual private network (VPN) service (like the one found in McAfee+) gives you an additional layer of protection by hiding your IP address and browsing activities when you’re on an unsecured network.
Scammers, doxers, and hackers work hard to get personal information every day. With McAfee+, you can use the internet with confidence knowing you have the support of award-winning antivirus software to keep you and your family members safe online.
Get real-time threat protection through malware detection, quarantine, and removal, and schedule real-time or on-demand file and application scanning. You’ll also benefit from an advanced firewall for home network security.
We all increasingly rely on the internet to manage our lives. As a result, it’s important to address the risks that come with the rewards.
Comprehensive cybersecurity tools like those that come with McAfee+ can help you avoid scams, doxing attacks, identity theft, phishing, and malware. We can also help keep your sensitive information off the dark web with our Personal Data Cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post What is Doxing? appeared first on McAfee Blog.
Internet security is a broad term that refers to a wide range of tactics that aim to protect activities conducted over the internet. Implementing internet security measures helps protect users from different online threats like types of malware, phishing attacks, scams, and even unauthorized access by hackers.
In this article, we highlight the importance of internet security in safeguarding your computer network and outline what you can do to have a comprehensive computer security system in place.
As the internet expands and becomes an even bigger part of our lives, cyberthreats continue to grow both in scope and sophistication. According to Forbes, data breaches and cyberattacks saw an increase of 15.1% in 2021 compared to the previous year. These security threats come in different forms and vary in terms of complexity and detectability.
Some common online threats people face today include:
While these internet security threats may seem overwhelming at first glance, safeguarding your computer or mobile devices from them is relatively easy. Below is a detailed look at some security solutions available to you.
As we stated above, setting up an internet security system is a relatively straightforward process. Here are some basic network security measures you can implement right away.
The first step in making sure you have internet security is installing antivirus software. These programs are designed to prevent, search for, detect, and get rid of viruses and other types of malicious software.
Antivirus software can run automatic scans to make sure no network or data breach has occurred and scan specific files or directories for any malicious activity or patterns.
There are plenty of options to choose from when it comes to antivirus software, however, few programs offer the comprehensive level of protection the antivirus software included in McAfee® Total Protection provides to its users.
McAfee’s antivirus software comes with a wide selection of features, including malware detection, quarantine, and removal, different options for scanning files and applications, and an advanced firewall for home network security.
While this may sound obvious, it’s important to create strong and unique passwords for all your online accounts and devices. A significant percentage of data breaches occur as a result of simple password guessing.
Some tips to follow when creating a password include:
It can also be a good idea to use a password manager, as this will help reduce the risk of your passwords getting leaked or lost. McAfee’s password manager, is particularly convenient thanks to its advanced encryption and multi-factor authentication.
A firewall is a network security system built into your operating system. It monitors incoming and outgoing network traffic to prevent unauthorized access to your network. For it to be able to identify and block these threats, you’ll want to make sure your firewall is enabled on your device. If you’re unsure if your device comes with a firewall, you can benefit from one included in McAfee Total Protection.
Multi-factor authentication (MFA) is an authentication method that requires at least two pieces of evidence before granting access to an app or website. Using this method as much as possible can add another layer of security to your applications and reduce the likelihood of a data breach.
Your choice of browser is an important part of implementing internet security measures. In fact, web browsers vary widely in terms of the security features that they offer, with some offering just the basics and others providing a more complete range of features. Ideally, you should opt for a web browser that offers the following security features:
As children grow older, their internet use becomes more extensive. This can also increase their exposure to various security threats. To keep them safe online, educate them about the risks associated with web browsing and introduce them to some of the best practices for avoiding online threats like not sharing passwords.
Explain which information should be shared and which information should be kept private and instruct them to never click on links from unknown sources.
You should also take a more active approach to protect your children by setting parental controls on certain websites. For instance, you can use YouTube’s parental controls to filter any inappropriate content and keep a child-friendly interface.
The following tips can help you stay on the safe side in regard to internet security.
While malware attacks are common, their prevalence shouldn’t deter you from browsing the internet as usual. Adhering to the internet security best practices outlined in this article can help keep you safe from the majority of security threats that you might encounter online.
For added security, consider using an all-in-one antivirus solution like McAfee+. This is one of the most effective ways to safeguard your devices from online threats.
Let McAfee handle your security while you focus on enjoying the web.
The post What Is Internet Security? appeared first on McAfee Blog.
The internet has changed our lives in more ways than we can count. These days, anything we desire — whether it’s knowledge, career opportunities, or consumer products — is seemingly just a few clicks away from us.
And while it’s safe to say the impact of the internet has been an overall net positive, it’s also worth mentioning that its widespread adoption has introduced a number of new challenges we haven’t had to tackle before. Chiefly among them is the need to safeguard our personal data from the prying eyes of uninvited strangers.
These external threats on our data come in the form of malicious software, such as Trojan horses. Trojans are a type of malware that relies on social engineering to infect the device of an unsuspecting target. They get their name from the story of Odysseus when he hid his Greek soldiers inside a wooden horse to get inside the city of Troy.
Basically, Trojans infiltrate computer systems by masquerading as legitimate programs that are unwittingly downloaded and installed by the users. Hackers often use trojans to steal sensitive data such as medical, personal, or financial information. They are one of the most common types of malicious programs and can pose a threat to computer systems if left undetected.
In this article, we go over how to detect a Trojan infection and discuss some of the most effective ways to check for a Trojan on a Windows PC.
Like any computer virus infection, a system that’s infected with a Trojan horse can display a wide range of symptoms. Here are the main signs you should look out for.
Now that you’re familiar with some of the common symptoms of a Trojan infection, let’s delve into how you can check for it on your PC.
The first step you should consider is scanning your PC using an antivirus program. These anti-malware programs are an integral component of cybersecurity and should be the first thing you turn to when you’re trying to detect and remove Trojans.
There are plenty of malware scan options to choose from, with antivirus software included in McAfee® Total Protection being one of the most comprehensive and functional security software you can use.
It offers real-time protection from all types of malicious software threats, including viruses, rootkits, spyware, adware, ransomware, backdoors, and, last but not least, Trojans. McAfee virus protection comes with several valuable features, such as on-demand and scheduled scanning of files and apps, an advanced firewall for home network security, and compatibility with Windows, MacOS, Android, and iOS devices.
The next option you should explore is to search for Trojans in “safe mode.” This is an effective method of Trojan detection since safe mode only runs the basic programs needed for Microsoft Windows operation, making it easy to spot any unfamiliar or suspicious programs.
Here’s how you can search for Trojans in safe mode:
A simple yet effective way to detect unfamiliar applications or suspicious activity in your system is to check the processes in Windows Task Manager. This will allow you to see if there are any unauthorized malicious programs running in the background.
To check a list of all the active processes that are currently running on your PC, press Ctrl+Alt+Del and click on the “Processes” tab. Check the list of active applications and disable the process of apps without verified publishers or ones you don’t remember downloading and installing.
Another method you can try is to scan your PC using built-in Windows virus and threat protection tools. Microsoft Defender (called Windows Defender Security Center in older versions of Windows 10) can perform virus scans and detect various types of malware.
A dedicated antivirus software like McAfee virus protection can also detect and remove malware. Our program comes with a full range of features that are specifically designed to recognize and remove all forms of threats from your system.
Computer security shouldn’t be something you lose sleep over. As long as you’re using a complete virus protection tool like McAfee antivirus software, you can enjoy a stress-free browsing experience.
McAfee virus protection software is especially effective when it comes to scanning for Trojans and other types of malware and removing them before they can cause any damage to your computer system. With real-time, on-demand, and scheduled scanning of files and applications at your disposal, we’ll help you detect any emerging threat in a timely manner.
See how McAfee Total Protection can make your digital life that much more rewarding and check out our Personal Data Cleanup service, which regularly scans some of the riskiest data broker sites to help remove your personal information from the net and protect your identity from theft.
The post Best Ways to Check for a Trojan on Your PC appeared first on McAfee Blog.
A virtual private network (VPN) is a tool that enables users to protect their privacy while using an internet connection. VPNs create an encrypted tunnel — a private link between your device and the VPN server.
Essentially, this private link or tunnel keeps external influences out and allows your data to travel in an encrypted manner, enhancing security. The network’s privacy also makes sure your Internet Protocol (IP) address and browsing history is hidden online.
[Text Wrapping Break]VPNs use several VPN protocols like OpenVPN, IPSec/IKEv2, PPTP, SSTP, and WireGuard to protect you. In particular, McAfee® Safe Connect VPN supports the OpenVPN protocol, which is an open-source and highly secure protocol running on TCP or UDP internet protocol and used by many VPN providers globally. [Text Wrapping Break][Text Wrapping Break]Read on to know more about how VPNs work and learn to install one.
The best way to stay secure online is to minimize your digital footprint. A good VPN service allows you to do exactly this, acting as an additional layer of protection for your online activities.
The primary function of a VPN is encryption. Most websites and online browsers already have some form of encryption. For example, when you purchase something on Amazon, you have to enter your credit card details and address. Encryption creates a private tunnel for data transmission between your device and Amazon to make sure no one else can watch what you’re doing.
A VPN app does the same thing with an added level of security. The data that you pass to a VPN server is anonymized before it goes to the internet. In short, your device establishes an encrypted connection with the VPN server instead of connecting directly through the internet. So, the encryption protects your data and digital footprint from anyone outside the “private tunnel” between you and the secure VPN server.
Additionally, VPNs allow you to change or hide your IP address. An IP address is a number linked to a particular computer and network. Changing your IP address can trick the servers into thinking you’re connecting from a different geographical location. This can help improve security and provide additional benefits discussed below.
You can also use a VPN to hide your IP address. This may be helpful if you’re trying to access content from other countries (for example, Netflix may have different content in different countries) or trying to keep your internet search history away from the prying eyes of a third-party like your internet service provider or a government.
Using a VPN can help improve your online security. Nearly every internet activity — website and social media browsing, paying bills, online shopping, data sharing, and more — can be tracked by others. [Text Wrapping Break][Text Wrapping Break]Read on to learn about who typically uses a VPN and understand whether you should consider installing one.
Given the extra security that VPN connections provide, you can gain something from using a VPN client. So, if you’re an individual concerned about your online privacy or just want to browse online anonymously — consider using a VPN. A VPN enables you to use the internet without third parties seeing your identity or identifying you via your search history since they don’t know what you were searching about or using the internet for.
Big tech has had a long history of tracking private data for their gains. These companies regularly bundle data into coherent profiles and sell it to third parties. Additionally, they use private data to demonstrate targeted advertisements or manipulative content that makes you more likely to purchase their products. [Text Wrapping Break][Text Wrapping Break]So, it’s worthwhile to use a VPN if you regularly shop online or bank online. A VPN gives you that additional protection that can help prevent hackers or malicious third parties from accessing your information.[Text Wrapping Break][Text Wrapping Break]VPNs are excellent mechanisms for you to protect your privacy online. And you should consider your personal context and conduct thorough research to find the best VPN for your needs.
VPNs are particularly helpful if you travel a lot, either for business or for leisure. While traveling, it’s inevitable that you connect to random or unknown Wifi networks and it may be the case that these networks are spying on you. However, if you’re using a VPN to browse the web, these WiFi networks can’t track you or your search history. This ensures you maintain anonymity and are safe while using the internet.
Yes, an additional layer of protection to your online activities is always good practice. A VPN allows individuals using a personal computer to stay vigilant, protect their data, and maintain anonymity while allowing them to still enjoy their online experience.
VPNs provide more benefits than just serving as an additional layer for cybercriminals to pass through.
Depending on the VPN you’re using, it can be a straightforward process to connect a VPN to your Mac, Windows, iPhone, or Android mobile device. McAfee’s VPN works with multiple platforms and operating systems, including Microsoft Windows, macOS, Android, and iOS.
Use this guide to quickly set up a VPN with your device in a few simple steps.
With McAfee +, you can minimize your digital footprint through a secure connection channel without compromising your browsing experience. Connect to public networks, make financial transactions online, and keep your personal data safe with McAfee.
With our bank-grade AES-256 bit encryption technology and automatic protection, McAfee VPN protection can help safeguard all your online activities — allowing you to enjoy the internet the way it was meant to be enjoyed.
Explore our full suite of cybersecurity tools included in McAfee +, including our newest service, Personal Data Cleanup. We can help find and remove your personal data on some of the riskiest data broker sites.
The post What’s the Meaning of VPN? VPN Defined appeared first on McAfee Blog.
Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data.
However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone to malware infections compared to their Android counterparts. But it’s important to note that they’re not completely without vulnerabilities.
Several iPhone viruses could infect your smartphone and affect its functionality, especially if you jailbreak your iPhone (that is, opening your iOS to wider features, apps, and themes).
This article covers how you can detect malware infections and how to remove viruses from your device so you can get back to enjoying the digital world.
Malware can affect your iPhone in a variety of ways. Here are a few telltale signs that your iPhone might have an unwelcome visitor.
If you notice any of the signs above, it’s a good idea to check for malware. Here are some steps you can take.
If you’ve confirmed malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.
In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update iOS to close this potential vulnerability. Just follow these steps:
It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.
If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, follow these steps:
Keep in mind that the process is similar for Google Chrome and most other popular web browsers.
Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.
The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. Essentially, this allows you to restore your device to an iCloud backup made before the malware infection.
Here’s how:
If none of the steps above solves the problem, a factory reset might be the next order of business. Restoring your phone to factory settings will reset it to its out-of-factory configuration, deleting all of your apps, content, and settings in the process and replacing them with original software only.
To factory reset your iPhone, follow these steps:
The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:
If you have an iPhone and are like most other people, you probably use your device for almost everything you do online. And while it’s amazing to have the internet in the palm of your hands, it’s also important to be aware of online threats like malware, which can put your digital life at risk.
The good news is that McAfee has your back with our award-winning and full-scale mobile security app. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind.
Download the McAfee Security app today and get all-in-one protection.
The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.
A data broker is an organization that makes money by collecting your personal information, analyzing it, and licensing it out to be used by other companies for things like marketing purposes.
Data providers gather data from many different sources to create a profile of who you are. This profile includes things like your interests, hobbies, demographics, and even the products you use.
Generally, data broker companies only deal with customers to collect information. A few of the top data brokerage companies are Epsilon, Acxiom, and Experian, but there are many data brokerages worldwide that make a hefty profit from aggregating and distributing consumers’ personal data.
This article explains everything you need to know about data brokers, including what they do, how they get your information, and what you can do to limit the data they can access from you.
There are several ways information brokers can get your information — both online and offline.
Generally, it’s legal for data brokers to get your information through public sources. However, different locations have different protections in place for consumers and different rules for how data brokers must operate.
Many countries have laws to protect consumers from having their information shared without their consent. For example, the European Union has the General Data Protection Regulation (GDPR) to protect data privacy. The GDPR says data brokers need to get consent from consumers before sharing their information. The law also gives consumers the right to demand that companies delete any personal information that they have stored.
On the other hand, the United States doesn’t have federal privacy laws protecting consumer information from data brokers. It’s up to the states to make their own laws. Some states prioritize consumer privacy more than others. For example, California has the Consumer Privacy Act, which gives customers the right to see what data a broker company has and the ability to delete it.
Typically, companies ask for consent to share your information through the fine print of their agreements. You might not be aware of how much of your personal information you’ve allowed organizations to share.
Data brokering is a huge industry. In fact, data brokers around the world bring in hundreds of billions of dollars a year. Here are some of the largest data brokerage companies that may collect your information.
By using various sources, data brokers can aggregate a lot of information about you. This information can be used to create user categories that businesses can market to. For instance, if you visit websites that sell baby products, the broker might put you into a category like “new parents.”
Some of the information that brokers collect might be things you’d like to keep private. For example, a broker might collect sensitive data about health issues, past bankruptcies, or legal issues.
Sometimes, brokers may place you in the wrong category. Let’s say you’re buying a new cookware set as a birthday gift for your mother. You check out several cooking sites before purchasing your set. If the broker sees that you’ve visited cooking sites and purchased cooking products, they may place you in a category like “cooking enthusiasts” even though you brought the gift for your mother.
Here are some personal details that a broker can collect to create a consumer profile of you:
Businesses are always looking for useful consumer information. Purchasing consumer data from brokers helps them tailor marketing campaigns to the demographics that are most likely to buy their products.
Let’s say you’re a fan of virtual reality (VR) gaming. You’ve watched countless YouTube videos about the subject, and you’ve searched Amazon for VR headsets multiple times. You’d likely be an ideal consumer for a company that manufactures VR headsets or a company that creates VR games.
Other companies might use your data for risk mitigation. For example, a bank might use your personal financial history to determine whether you’re likely to default on a mortgage loan.
There are a variety of public records and sources that data brokers can use to gather information about you. The good news is that there are some things you can do to limit the amount of personal information they can access:
There are also a few organizations you can join to protect your information:
Data brokers are always looking for ways to get their hands on your personal information. Many reasons businesses want access to your personal data aren’t malicious. They simply want to provide you with a targeted advertising experience and introduce you to products you might like.
However, the more your personal information gets shared online, the more chances cybercriminals have to get their hands on it. There might also be some sensitive information you don’t want to share with businesses in general. If you’re careful about what you post and take steps to protect your cybersecurity, you’ll greatly reduce the amount of data that a broker can collect from you.
With McAfee+, you can get a secure online experience for your whole family. Our all-in-one protection suite comes with features like a secure VPN, premium antivirus software, identity monitoring, and up to $1 million in identity insurance and restoration.
McAfee can help you safeguard data like financial records and health care information so you can have less stress online. You’re meant to enjoy the internet — and we’re here to help make that a reality.
The post What Is a Data Broker? appeared first on McAfee Blog.
With “See Yourself in Cyber” as the theme for this year’s Cybersecurity Awareness Month, the focus is on you with a look at several quick ways you can quickly get safer online.
Now in its 21st year, Cybersecurity Awareness Month marks a long-standing collaboration between the U.S. government and private industry. It’s aim, empower people to protect themselves from digital forms of crime. And that stands as a good reminder. Phishing attacks, malware, and the other threats we regularly talk about in our blog are indeed forms of crime. And where there’s crime, there’s a person behind it.
It can be easy to lose sight of that, particularly as the crook on the other end of the attack is hiding behind a computer. Cybercrime can feel anonymous that way, yet it’s anything but. Whether a single bad actor or as part of a large crime organization, people power cybercrime.
Yet just as you secure your home to prevent yourself from becoming a victim of a criminal, you can also secure your digital life to prevent yourself from becoming a victim of cybercriminal.
You have plenty of places where you can start, and they’re all good ones. Even a handful of the simplest measures can significantly decrease your risk. Better yet, several take far less time to put into place than you might think, while yet more work automatically once you implement them—making them a sort of “set it and forget it” security measure.
With that, this five-step list can get you going:
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one, and McAfee also offers a free service with True Key.
Updates do all kinds of great things for gaming, streaming, and chatting apps, like add more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
For your computers and laptops:
For your smartphones:
For your smartphone apps:
Often overlooked is the humble browser. Yet if you think about it, the browser is one of the apps we use most often. Particularly on our desktops. It takes us shopping, to shows, the bank, and even work. Hackers realize that, which is why they love targeting browsers. Whether it’s through vulnerabilities in the code that runs the browser, injecting malicious code into a browser session, or any one of several other attack vectors, hackers will try to find a way to compromise computers via the browser.
One of the best ways to keep your browser safe is to keep it updated. By updating your browser, you’ll get the latest in features and functionality in addition to security fixes that can prevent attacks from hackers. It’s a straightforward process, and this article will show you can set your browser to automatically update.
Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account information by posing as a well-known company, organization, or even someone the victim knows. And depending on the information that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes. What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, comprehensive online protection software will include web protection that can spot bogus links and sites and warn you away from them, even if they look legit.
Some signs of a phishing attack include:
Email addresses that slightly alter the address of a trusted brand name so it looks close at first glance.
Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links.
Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken together with other reports, your information can aid an investigation and help bring charges on a cybercriminal or an organized ring.
Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s quite common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it.
This list can get you started, and you can take even more steps now that you’re rolling. Keep dropping by our blog for more ways you can make yourself safer, such as on social media, your smartphone, in app stores, and more. Visit us any time!
The post See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online appeared first on McAfee Blog.
How do hackers hack phones? Several ways. Just as there are several ways you can prevent it from happening to you.The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves. However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first taking a look at some of the more common attacks.
Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass along your personal information into the hands of hackers—all of which can lead to some of the symptoms listed above.
These are a classic form of attack. In fact, hackers have leveled them at our computers for years now too. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. And these attacks take many forms, like emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over that info or that install malware to wreak havoc on your device or likewise steal information. Learning how to spot a phishing attack is one way to keep yourself from falling victim to one.
Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are within range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they can possibly access your data and info, yet that data and info must be downloaded while the phone is within range. As you probably gathered, this is a more sophisticated attack given the effort and technology involved.
In August of 2019, the CEO of Twitter had his SIM card hacked by SIM card swapping scam. SIM card swapping occurs when a hacker contacts your phone provider, pretends to be you, and then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card will be deactivated, and your phone number will be effectively stolen. This means the hacker has taken control of your phone calls, messages, and so forth. This method of hacking requires the seemingly not-so-easy task of impersonating someone else, yet clearly, it happened to the CEO of a major tech company. Protecting your personal info and identity online can help prevent hackers from impersonating you to pull off this and other crimes.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.
McAfee’s Secure VPN now supports the WireGuard protocol, which gives you faster connection speeds plus enhanced stability and security.
WireGuard is the latest standard in Virtual Private Network (VPN) technology, and we’re rolling it out across McAfee Secure VPN for Windows which is included in our comprehensive online protection plans. And just as before, it offers smart protection that can be set to automatically turn on when you need it, so you can stay more private and more secure online.
If you’re new to using a VPN, let’s take a quick look at two of the big things a VPN can do for you.
The bank-grade encryption used by a strong VPN shields your data and information while it’s in transit, which makes it difficult for hackers to spy on your connection. (Think of your data and information traveling through a tunnel that no one else can use or see into.) In that way, a VPN makes all kinds of online activities more secure—like banking, shopping, and checking up on your finances, even using your apps.
By masking your whereabouts and your IP address, along with encryption that helps keep your activities private, a VPN reduces the personal information that others can collect and track. That includes internet service providers, social media companies, businesses, app developers, websites, and others who gather your data for marketing purposes or for resale to third parties.
A quick word about what WireGuard is in slightly more detail. It’s a VPN protocol, which is a series of technical rules that govern how your device can securely reach the VPN servers, validate your access to the requests you make online, and encrypt your browsing traffic so that only you can see what you are doing over the internet. WireGuard is one of several protocols that we support, such as the OpenVPN and IKEv2 protocols. While WireGuard improves upon OpenVPN and IKEv2 in many ways, both are still secure and safe ways in which a VPN can connect.
Now with the latest WireGuard standard in place, our VPN for Windows that comes with all our all-in-one plans offers faster speeds and improved stability compared to what previous standards offered. This gives you the security of a VPN with similar performance as if you were on a fully open connection—along with the added benefit of keeping your browsing and other activities private.
Taken together, the improved speed and stability give privacy-conscious people a further reason to use a VPN more often than before. Because a VPN can minimize the exposure of data as it transmits to and from your devices, companies and data brokers can potentially learn far less about you, your shopping, your travels, your habits, and any other information that they could possibly collect and otherwise profit from. The more often you use a VPN, the less they can potentially gather.
For more about VPNs and how ours can keep you more private and secure online, give us a visit here any time.
The post McAfee Secure VPN: Now with WireGuard for Faster Speeds and Enhanced Stability appeared first on McAfee Blog.
Are you hoping to buy a house or apply for a car, personal, or business loan at some point? A great credit score helps to achieve all those things. You never know the twists and turns life might take you, so even if these financial milestones aren’t on your radar now, it’s nice to know that a great credit score will open many doors for you when you’re ready. The better your credit score, the more likely you are to get the loan you want at the best interest rate. People spend years (even decades!) working to improve their credit scores to unlock numerous opportunities. In the blink of an eye though, a credit fraudster can erase all that hard work and inflict long-term credit damage. It can cost huge sums to repair and take years to correct.
Many people feel lost on how to prevent these problems or what to do if they suspect identity theft. Luckily, new McAfee services called credit lock and security freeze, which includes credit freeze, are great tools to add to your credit protection toolbelt. They’ll help protect your most personal information from thieves, and both services will help give you the peace of mind you need to confidently go about your day.
Keep reading to learn more about McAfee’s credit lock and security freeze and find out how you can use them to help you from the negative consequences of identity theft.
Credit fraud is a type of identity theft where a criminal uses your information to borrow money, open a new credit or debit card, or uses your card to make purchases that they never intend to pay off. Then, when the loan defaults and the bills stack up, the victim is often left with their credit score in shambles.
According to the FTC, credit fraud is the most common type of identity theft in 2020 and 2021, receiving nearly 18,000 reports from people saying that someone used their information to gain illegal access to their credit card accounts.1
To make sure we’re all on the same page, here are quick definitions of McAfee’s credit lock and security freeze services.
A credit lock and a credit freeze both stop companies from accessing your credit information without your consent when an application for a loan or credit card is submitted. The main difference lies in their speed and credit bureau coverage. By toggling a switch in the McAfee Protection Center, turning on a credit lock is almost instantaneous. A credit freeze can take up to a day to enable or remove; however, it may offer stronger financial loss protection in most U.S. states if an unauthorized line of credit goes through while all three credit bureaus are frozen. Also, McAfee’s credit lock stops one credit bureau from accessing your account, while a credit freeze enables you to halt all three.
Just make sure that you unlock and unfreeze your credit before you do the following:
These are all situations where a bank or creditor will need to access your credit files. Luckily, with significant purchases and financing opportunities like these, you usually plan ahead, so you should have plenty to time to enable access to your credit. To unlock your credit, just click the credit lock toggle. To unlock a freeze, use the same provided links, sign into your account, and follow the instructions from there.
To further help you decide which service may be best for your needs, here are the situations where credit lock and credit freeze would be most helpful.
McAfee credit lock lets you simply toggle on and off one credit bureau’s ability to access your credit report. Usually, filing a lock on your credit with a bureau requires filling out forms and remembering a PIN to apply or remove a lock. Not with McAfee’s credit lock! You can turn a lock on and off at will through the McAfee Protection Center.
Convenience and blazing speed are ideal in situations where you’re worried that a criminal has your personal information and may use it to open accounts in your name that could then damage your well-earned great credit. Some people may choose to always have the credit lock enabled and only unlock it when they’re applying for a credit card or loan. That way, they can feel better about the safety of their credit score.
Credit freeze provides protection and peace of mind just like credit lock; however it enables you to freeze your account at all three major credit bureaus. When creditors check your credit score, they could do so with any credit bureau. If you only freeze one bureau’s access to your information, that still leaves the other two to make inquiries, so it’s important to set up a freeze for each one to cover all your bases.
As mentioned, a credit freeze is just one type of security freeze offered by McAfee. If you’re worried about an identity thief opening not just credit cards, but also utility and/or bank accounts in your name, McAfee’s utility freeze and bank freeze may be additional services for you. Security freeze helps stop unauthorized fraud attempts by giving you quick links and phone numbers. Having all these contact details in one place really speeds up the process and takes the guesswork out of if you’re contacting the correct offices.
Dealing with identity theft or credit fraud is a scary and stressful situation. That’s why McAfee is here with tools that help you protect you. Credit lock and credit freeze may help you feel calmer in a situation of suspected or real identity theft and gives you peace of mind to help prevent credit fraud from happening in the first place. Speed is of the utmost importance when foiling a criminal, so both solutions are easy to use with intuitive design so you’re not wasting time trying to figure out how they work. Plus, neither will affect your credit score. They just stop creditors from looking at your credit files, while you continue to boost your credit with your smart habits.
With both credit lock or credit freeze in your back pocket, you can feel more secure knowing you’re better protected from credit fraud.
1Fortunly, “20 Worrying Identity Theft Statistics for 2022”
The post Credit Lock and Credit Freeze: Which Service Is Best for You? Both! appeared first on McAfee Blog.
In the fall of 2021, cryptocurrency value skyrocketed. Ethereum and Bitcoin had their highest values ever, causing a huge stir in interest in online currencies from experts, hobbyists and newbies alike … and in cybercriminals seeking huge paydays. Since then, cryptocurrency value has cooled, as has the public’s opinion about whether it’s worth the risk. Huge cryptohacking events dominate the headlines, leaving us to wonder: Is cryptocurrency losing its credibility?
In this article, you’ll learn about recent unfortunate crypto hacks and a few cryptocurrency security tips to help you avoid a similar misfortune.
A crypto wallet is the software or the physical device that stores the public and private keys to your cryptocurrency. A public key is the string of letters and numbers that people swap with each other in crypto transactions. It’s ok to share a public key with someone you trust. Your private key, however, must remain private — think of it like the password that secures your online bank account. Just like your actual wallet, if it falls into the wrong hands, you can lose a lot of money.
A malware called Mars Stealer infiltrated several crypto wallet browser extensions, including the popular MetaMask. The malware stole private keys and then erased its tracks to mask that it had ever gained entry to the wallet.1
One way to completely avoid a breach to your software crypto wallet is to opt for a hardware wallet. A hardware wallet is a physical device that can only be opened with a PIN. But there is some risk involved with a hardware wallet: if you drop it down the drain, all your crypto is gone. If you forget your wallet PIN, there is no customer service chatbot that can help you remember it. You are solely responsible for keeping track of it. For those who are confident in their hardware’s hiding spot and their personal organizational skills, they can benefit from its added security.
For anyone less sure of their ability to keep track of a hardware wallet, a software wallet is a fine alternative, though always been on alert of software wallet hacks. Keep an eye on crypto news and be ready to secure your software at a moment’s notice. Measures include un-downloading browser extensions, changing passwords, or transferring your crypto assets to another software wallet.
In the case of the Mars Stealer malware that affected MetaMask, being careful about visiting secure sites and only clicking on trustworthy links could’ve helped prevent it. Mars Stealer made its way onto people’s devices after they clicked on an infected link or visited a risky website. Stick to websites you know you can trust and consider springing for well-known streaming services and paying for software instead of torrenting from free sources.
Cryptocurrency enthusiasts often spread their crypto investments across various currency types and blockchain environments. Software known as a bridge can link numerous accounts and types, making it easier to send currency.
The cross-chain bridge Horizon experienced was on its Harmony blockchain, where a hacker stole about $100 million in Ethereum and tokens. The hacker stole two private keys, with which they could then validate this huge transaction into their own wallet. To hopefully prevent this from happening in the future, Horizon now requires more than just two validators.2
According to one report, in 2022, 69% of all cryptocurrency losses have occurred in bridge attacks.3 If you exchange cryptocurrencies with other users and have various accounts, it’s almost inevitable that you’ll use bridge software. To keep your assets safe, make sure to extensively research any bridge before trusting it. Take a look at their security protocols and how they’ve responded to past breaches, if applicable.
In the case of Horizon, the stolen private keys were encrypted with a passphrase and with a key management service, which follows best practices. Make sure that you always defend your private keys and all your cryptocurrency-related accounts with multi-factor authentication. Even though it may not 100% protect your assets, it’ll foil a less persistent cybercriminal.
Phishing attacks on bridge companies in conjunction with software hacks are also common. In this scenario, there’s unfortunately not much you can control. What you can control is how quickly and completely you respond to the cybercrime event. Remove the bridge software from your devices, transfer all your assets to a hardware wallet, and await further instructions from the bridge company on how to proceed.
Decentralized finance, or DeFi, is now one of the riskiest aspects of cryptocurrency. DeFi is a system without governing bodies. Some crypto traders like the anonymity and autonomy of being able to make transactions without a bank or institution tracking their assets. The drawback is that the code used in smart contracts isn’t bulletproof and has been at the center of several costly cybercrimes. Smart contracts are agreed upon by crypto buyers and sellers, and they contain code that programs crypto to perform certain financial transactions.
Three multi-million-dollar heists – Wormhole, Beanstalk Farms and Ronin bridge – occurred in quick succession, and smart contracts were at the center of each.4 In the case of Wormhole, a cybercriminal minted 120,000 in one currency and then traded them for Ethereum without putting up the necessary collateral. In the end, the hacker cashed out with $320 million. Beanstalk Farms lost $182 million when a hacker discovered a loophole in the stablecoin’s flash loan smart contract. Axie Infinity’s Ronin bridge was hit for $625 million when a hacker took control over and signed five of the nine validator nodes through a smart contract hole.4
To be safe, conduct all crypto transactions on well-known and trustworthy software, applications, bridges, and wallets that are backed by a governing body. What you lose in anonymity you gain in security by way of regulated protocols. Hackers are targeting smart contracts because they do not have to depend on large-scale phishing schemes to get the information they need. Instead, they can infiltrate the code themselves and steal assets from the smartest and most careful crypto users. Because there’s almost no way you can predict the next smart contract hack, the best path forward is to always remain on your toes and be ready to react should one occur.
Don’t let these costly hacks be what stops you from exploring crypto! Crypto is great as a side hustle if you’re committed to security and are strategic in your investments. Make sure you follow the best practices outlined and arm all your devices (mobile included!) with top-notch security, such as antivirus software, a VPN, and a password manager, all of which are included in McAfee +.
Privacy, excellent security habits, and an eagle eye can help you enjoy the most out of cryptocurrency and sidestep its costly pitfalls. Now, go forth confidently and prosper in the crypto realm!
1Cointelegraph, “Hodlers, beware! New malware targets MetaMask and 40 other crypto wallets”
2Halborn, “Explained: The Harmony Horizon Bridge Hack”
3Chainalysis, “Vulnerabilities in Cross-chain Bridge Protocols Emerge as Top Security Risk”
4Protocol, “Crypto is crumbling, and DeFi hacks are getting worse”
5Cointelegraph, “Beanstalk Farms loses $182M in DeFi governance exploit”
The post Cryptohacking: Is Cryptocurrency Losing Its Credibility? appeared first on McAfee Blog.
Optus, one of Australia’s largest telecommunications carriers, reported news of a data breach that may have compromised the information of current and former customers.
As of this writing, the company has not stated how many customers may have been affected, citing their ongoing investigation in conjunction with law enforcement and Australian government officials
According to Optus, the breach may have included the following:
“Information which may have been exposed includes customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s license or passport numbers. Payment detail and account passwords have not been compromised.”
Optus is currently notifying customers who may have been affected by this breach with SMS and email messages. However, the company makes an important distinction here:
“We are not sending links in SMS or emails. If customers receive an email or SMS with a link claiming to be from Optus, they are advised that this is not a communication from Optus. Please do not click on any links.”
Often in the wake of such breaches, cybercriminals will send out phony communications that use the name of the company affected. These can include phishing attacks over email and SMS that solicit personal and account information or other tactics that attempt to capitalize on the announced breach.
Optus continues to keep its customers up to date on the latest developments on its website, which includes a comprehensive FAQ that details what happened, what steps are being taken, and what customers can do in the wake of this announcement.
Any time a data breach occurs, your exposed personal information may be used by those trying to commit identity fraud or theft. Different pieces of personal information can be more useful to them than others.
Some information is directly useful, such as a driver’s license or credit card information because they identify you right away. Others are indirectly helpful, like device IDs, browsing history, geolocation information, and internet protocol addresses. While they don’t identify you on their own, a cybercriminal could piece together your identity if they have enough indirect information about you.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involve a combination of preventative steps and some monitoring on your part.
If you become the victim of fraud or theft after a data breach, a licensed recovery pro can help you restore your credit and identity. If you’ve ever dealt with fraud or theft before, or know someone who has, recovery can be a time-consuming and stressful process if you undertake it alone. With McAfee+ Advanced, you have around-the-clock support from a restoration expert with limited power of attorney who can take the steps that can help restore your credit and identity.
Working with an expert can lend you extra peace of mind, particularly in a time where there’s plenty of uncertainty. First, you’ll know that a professional is working on your case—a person who knows exactly where to start and what needs to happen for the best possible outcome. Second, you’ll get precious time back, time you’d otherwise have to spend if you took on the process yourself.
As mentioned above, with some personal information in hand, cybercriminals may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So, it’s always wise to keep a skeptical eye open for unsolicited messages or phone calls that ask you for information in some form or other, often in ways that urge or pressure you into acting.
An identity monitoring service can monitor your information from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other cyber criminals so they can launch their own attacks. McAfee monitors the dark web for your personal info and provides early alerts if your data is found, an average of 10 months ahead of similar services. We also provide guidance to help you act if your information is found.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Mentioned earlier, information stolen in a data breach may indirectly identify you. Yet when pieced together with other information, it can then directly identify you. One way cybercriminals complete this identity picture puzzle is with information provided by data brokers that buy and sell personal information online. However, you can take some control over this. Our Personal Data Cleanup service scans high-risk data broker sites for your personal information and then helps you remove it—which denies cybercriminals the information they may need to commit identity theft.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
Even though it’s believed that no payment information was involved in this breach, customers should still take steps to monitor their statements and their overall credit report so that they can spot and address any unusual activity. Optus has announced that it will offer affected customers 12 months of credit and identity monitoring through Equifax, one of the major global credit agencies, at no cost.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent cybercriminals from opening new lines of credit or taking out loans in a victim’s name by “freezing” their credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security for future protection. In addition to more private and secure time online with a VPN, identity monitoring, and password management, protection like McAfee+ Advanced includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone.
Per Optus, a subset of those affected may have had their driver’s license and/or passport ID number affected by the breach. Given that license and passport ID numbers are such unique pieces of personally identifiable information, anyone notified by Optus that theirs may have been affected should strongly consider changing them.
The process for replacing either document will vary depending on your state or territory. Given the scope of the attack, some states and territories have proposed making exceptions to the rules for attack victims. As of this writing, that picture continues to evolve, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Optus breach. As you can see, several of them are preventative, which is important because word of data breaches tend to reach customers days, weeks, or even months after they’ve been discovered—leaving cybercriminals plenty of opportunity to commit all kinds of identity crime in the meantime.
In this case, the breach certainly made the news due to its apparent size and scale. And as Optus works with law enforcement and government officials, more details into the attack and who has been affected will arise.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, making protecting ourselves a must.
The post The Optus Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
Our all-new ransomware coverage is now available, ready to help just in case—all backed by expert advice to help you find the quickest and best possible path to recovery.
Ransomware coverage from McAfee can reimburse you up to $25,000 for losses resulting from a ransomware threat, including financial losses and ransom fees. You’ll find this ransomware coverage included with our McAfee+ Ultimate plan.
As well as eligibility for ransomware reimbursement, our team of experts can help you:
However, it’s important to realize that ransomware is unlike any other attack. When ransomware locks someone out of their device or encrypts their data and files so they can’t use them, a demand is usually made for money. Sometimes, paying the ransom results in the device being made accessible again or the files being decrypted. Yet like any ransom case, this result is not always guaranteed. There are plenty of cases where people pay the ransom but never get their data or access to their devices back.
Again, our coverage includes guidance from our expert advisers to help walk you through your options should the worst happen to you. You won’t be in it alone—particularly as you look to recover from what can be a complicated attack.
As the name implies, ransomware is a type of malware that holds your device or information for ransom. It may lock your computer or smartphone entirely or it may you out of your files by encrypting them so that you can’t access them. Whether it’s a hacker or a cybercrime organization behind the attack, the bad actor involved holds the key to unlock those files—and promises to do so. For a price. And as mentioned above, sometimes that doesn’t happen, even if you pay.
Ransomware can infect your devices several different ways:
Ransomware has seen quite the evolution over the years. Its origins date back to the late 1980s, where malware-loaded floppy disks were sent to users who installed them under false pretenses. There the malware would lie in wait until the user rebooted their computer for the 90th time and presented with a digital ransom note.
From there, ransomware attacks on individuals became more sophisticated, and more lucrative, with the advent of the internet and the millions of everyday users who flocked to it. Using phishing emails, malware downloads from phony sites, and compromised software and networks, hackers rapidly expanded their ransomware reach.
However, yet more lucrative for hackers and organized cybercriminals were public and private organizations. Shifting their attacks to so-called “big game” targets, hackers and organized cybercriminals have used ransomware to extort money from hospitals, city governments, financial institutions, and key energy infrastructure companies, to name just a few. Seeing further opportunity, ransomware attackers then began targeting smaller and mid-sized businesses as well. While the ransom demands account for lower amounts, these organizations often lack dedicated cybersecurity teams and the protections that come along with them, making these organizations easier to victimize.
Meanwhile, the body of malicious code and attack packages used to launch ransomware attacks has only grown. As a result, small-time hackers and hacking groups can find the tools they need to conduct an attack for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, these bad actors can simply access a dark web marketplace and figuratively pull a ready-to-deploy attack off the shelf.
As a result, ransomware remains a concern for individuals, even as businesses and governmental bodies of all sizes deal with its threat.
What makes ransomware so damaging is just how much effort it can take to undo. Setting aside the sophisticated attacks on businesses and governments for a moment, even those “off-the-shelf” attacks that some hackers will launch against individuals go beyond the average user’s ability to undo. For example, there are some known attacks with known methods of decrypting the data, however, that requires knowing specifically which attack was used. Attempting to undo the encryption with the wrong solution can potentially encrypt that data even more.
So without question, the best defense against ransomware is prevention. Comprehensive online protection software gives you the tools you need to help avoid becoming a ransomware victim. A few include:
Moreover, you can protect yourself further by backing up your files and data. A cloud storage solution,121cwdv 1765ujb n4yh that’s secured with a strong and unique password, offers one path. Likewise, you can back up your files on an external disk or drive, making sure to keep it disconnected from your network and stored in a safe place.
Also as mentioned in the bullets above, keep your operating system and apps current with the latest updates. Beyond making improvements in your operating system and apps, updates often also address security issues that hackers often use to compromise devices and apps.
Lastly, stay alert. Keep an eye out for sketchy links, attachments, websites, and messages. Bad actors will pull all kinds of phishing tricks to lure you their way, places where they try to compromise you, your devices, and data.
Taken together, the combination of online protection software and a few preventative steps can greatly reduce the chance that you’ll fall victim to ransomware. From there, you also have the assurance of our ransomware coverage, ready to get on the path to recovery, just in case.
The post All-New Ransomware Coverage Opens Up the Path to Recovery appeared first on McAfee Blog.