Login
We created McAfee+ so people can be safe and feel safe online, particularly in a time where there’s so much concern about identity theft and invasions of online privacy—and reviewers have given it top marks as a result.
With data breaches, spam texts and calls, companies collecting and selling personal info, and suspicious charges cropping up on billing statements becoming so commonplace nowadays, it can seem like there’s little you can do to prevent it. Yet that’s far from the case. McAfee+ offers protection that puts you in control of your identity and privacy, all while protecting your devices from viruses and threats.
Journalists who have reviewed McAfee+ recognize the need for this kind of protection today, and here’s what three leading consumer PC publications had to say about McAfee+ and how strongly its protection stacks up.
Tech Advisor’s review opened with the big picture, stating ‘McAfee+ is Total Protection on steroids’ and McAfee+ is ‘a complete cybersecurity package that goes beyond simply blocking nasties to offer holistic protection for everything you do online.’ Tech Advisor said, “This feels like the beginning of a new era of cybersecurity where the customer is no longer helpless to unwanted intrusion, and McAfee+ makes sure they have the tools to use that new-found power.”
Top features they called out include Lost Wallet support, which will help you cancel your cards and order replacements from a single screen. Moreover, they applauded our Identity Theft and Restoration Coverage which is “the sort of identity protection that you’d normally see from an insurance company.”
Our industry-first Protection Score also racked up points with Tech Advisor, which really latched onto the idea of improving their score. “We actually found chasing points quite compulsive – and most importantly, it means that you don’t need to worry about how any of the features we’re about to look at work, what they do, or even what they’re called – McAfee+ does all that for you, making it great, not just for tech-heads, but seniors, kids, and the less-tech-savvy alike.”
In their summary of McAfee+, Tech Advisor expressed our approach to online protection well by saying, “the future of safety online is holistic, and McAfee has come up with a package that reflects the realities of modern-day living.”
The PC Mag review gave McAfee+ a thorough walkthrough with a particular focus on its privacy and identity features, saying, “McAfee+ is now the most complete product in the McAfee line, and its combination of unlimited device protection with identity theft remediation is quite appealing.”
It highlighted our Personal Data Cleanup feature that scans some of the riskiest data broker sites and shows you which ones are selling your personal info and provides guidance for removing it—and further touched on our Identity Theft and Restoration Coverage that, “offers full identity monitoring and identity theft remediation rivaling that of many competing products, and you can now extend protection to your family.”
The review also put McAfee’s Credit Monitoring, Credit Lock, and Security Freeze features through the paces as well, which help you keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
PC Mag also called out the unlimited device coverage that protects all devices in your household, McAfee’s excellent third-party test scores for antivirus protection, and unlimited VPN—all adding up to a four-star review and an “Excellent” rating.
Like Tech Advisor, Trusted Reviews focused on the broader nature of online protection today and that it calls for much more than antivirus. Identity and privacy protection are equally important, and “McAfee+ Advanced is very much a do-it-all service.”
Notably, along the same lines, the review mentioned that the “new McAfee Plus tiers are among very few mainstream internet security suites to offer data broker removal services in the UK and Europe.” As mentioned above, our Personal Data Cleanup can help you spot and remove personal information from data broker sites, which bad actors of all stripes use to commit scams and identity theft. A couple of examples—scammers use data brokers to create lists of people that they can send spammy texts and calls, and thieves can also use data broker sites to harvest info that can help them commit identity theft.
Trusted Reviews also called out the unlimited number of devices and how it’s helpful for households with a lot of hardware to protect. The core antivirus was highlighted as well, in that “the performance for McAfee Plus Advanced in recent lab tests has been excellent. It detected all malware with no false positives in AV-TEST’s latest Windows consumer antivirus test.”
The journalist concludes their review by stating that “the company’s push into identity protection and recovery in the UK is almost beyond the score of my anti-malware focus on these reviews, but it’s a useful toolkit to have on hand, and its data broker listing removal service is very welcome indeed.”
Drop by our product page for more about McAfee+, including our new Family plans that include personalized protection for each member of the family. With several tiers and degrees of protection available across all our plans, you can get the level of privacy, identity, and device protection that’s right for you and everyone in your household.
The post The Reviews are In—McAfee+ Earns Top Marks from Review Sites appeared first on McAfee Blog.
Smartphones put the proverbial world in the palm of your hand—you pay with it, play with it, keep in touch with it, and even run parts of your home with it. No wonder hackers and scammers have made smartphones a target. A prime one.
Each year, our Consumer Mobile Threat Report uncovers trends in mobile threats, which detail tricks that hackers and scammers have turned to, along with ways you can protect yourself from them. For 2023, the big trend is apps. Malicious apps, more specifically.
Malicious apps often masquerade as games, office utilities, and communication tools. Yet now with the advent of a ChatGPT AI chatbot and the DALL-E 2 AI image generator, yet more AI-related malicious apps have cropped up to cash in on the buzz.
And money is what it’s all about. Hackers and scammers generally want your money, or they want your data and personal info that they can turn into money. Creating fraudulent ads, stealing user credentials, or skimming personal information are some of the most common swindles that these apps try. Much of this can happen in the background, often without victims knowing it.
How do these apps end up on people’s phones? Sometimes they’re downloaded from third-party app stores, which may not have a rigorous review process in place to spot malicious apps—or the third-party store may be a front for distributing malware-laden apps.
They also find their way into legitimate app stores, like Apple’s App Store and Google Play. While these stores indeed have review processes in place to weed out malicious apps, hackers and scammers have found workarounds. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they embed the malicious code so that it only triggers once it’s run in certain countries. They will also encrypt bad code in the app that they submit, which can make it difficult for stores to sniff out.
In all, our report cites several primary ways how hackers and scammers are turning to apps today:
For starters, stick with legitimate apps stores like Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure. And for the malicious apps that sneak past these processes, Google and Apple are quick to remove malicious apps once discovered, making their stores that much safer.
As with so many attacks, hackers rely on people clicking links or tapping “download” without a second thought. Before you download, take time to do some quick research. That may uncover some signs that the app is malicious. Check out the developer—have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos—and they’ll use sketchy apps to do it. So, check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it may be a scam. Delete the app and find a legitimate one that doesn’t ask for invasive permissions like that. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here.
With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive online protection software that secures all your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.
Together with installing security software, keeping your phone’s operating system up to date can help to keep you protected from most malware. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks—it’s another tried and true method of keeping yourself safe and your phone running great too.
Who can you trust? As for scammers who use legitimate communications apps to lure in their victims, McAfee’s Mobile Research team recommends the following:
The complete report uncovers yet more mobile trends, such as the top mobile malware groups McAfee identified in 2022, predictions for the year ahead, ways you can keep your children safer on their phones, and ways you can keep yourself safer when you use your phone for yourself and for work.
The full report is free, and you can download it here.
The post McAfee 2023 Consumer Mobile Threat Report appeared first on McAfee Blog.
ChatGPT is, without doubt, the biggest tech story of the year. It’s created debate in schools and universities, made history by being the fastest ever growing app in history and even caused Google to issue a Code Red! But if you haven’t heard anything about it or still can’t get your head around it then I’ve got you! Keep reading because I’ve put together a ‘cheat sheet’ to help get you up to speed plus some pointers on how to manage this intriguing technology and your kids.
ChatGPT is an online software program that uses a new form of artificial intelligence – generative artificial intelligence – to provide human style responses to a broad array of requests. And let me assure you, its responses are much less robotic and far more intelligent sounding that earlier iterations of artificial intelligence. Whether you need a recipe formulated, poetry written, tips for your next party or text translated, ChatGPT can assist. Think of it as Google but on steroids. But instead of overwhelming you with 1000’s of search results, it summarises them in a conversational form.
It was developed by San Francisco startup OpenAI, which was co-founded by Elon Musk and Sam Altman in 2015. Like all new startups, it also has a host of investors in tow but Microsoft is without a doubt, the biggest.
When I asked ChatGPT to describe itself, it replied:
ChatGPT is a conversational AI model developed by OpenAI. It’s based on the GPT-3 (Generative Pre-trained Transformer 3) architecture, which is one of the largest and most advanced language models in existence. The model has been trained on a massive corpus of text data from the internet, allowing it to generate human-like responses to a wide range of topics and questions. It can be used to power various applications such as chatbots, language translation, content generation, and more.
Let me simplify – ChatGPT uses generative artificial intelligence to provide ‘human style’ content, language translation, summarisation ability and search engine results within seconds. It can solve maths questions, write jokes, develop a resume and cover letter, write code and even help you prepare for a job interview.
ChatGPT is powered by a large language model, or LLM, meaning it’s programmed to understand human language and create responses based on large quantities of data. It has the ability to remember or ‘log’ context from a user’s previous message and use it to create responses later in the conversation, giving it a human-like feel.
Just five days after its release, ChapGPT had signed up 1 million users, according to a tweet by OpenAI co-founder Sam Altman. In just two months, it had amassed a whopping 100 million monthly active users making it the fastest growing application in history. And just to give you some context, it took TikTok nine months to reach 100 million users and two and half years for Instagram.
Without doubt, the main reasons for its popularity is the ease of access and its seemingly endless scope of ability. It’s super easy to use – once you’ve set up an account, it’s as simple as typing in your request or question into the text box. And there is no minimum age required for users – unlike many other social media platforms. And because it can assist with any issue from writing a legal brief to answering questions to providing companionship in almost 100 languages, a lot of us could easily find a way to use it in our day-to-day lives.
Some experts believe that the timing of ChatGPT is another reason for its success. It’s widely known that the Renaissance period followed The Black Death in the 14th Century so ChatGPT could have arrived at a time in history when creativity is surging after 2-3 very long and hard years of living with Covid.
ChatGPT is still a free service however recently it has introduced a premium version called ChatGPT Plus. For $US20 per month, users will get access to the chatbot even when demand is high with a faster response speed. Priority access to new features will also be made available to new users. While I have never had an issue gaining access to ChatGPT, even in peak times, friends of mine in the US have had to invest in the paid membership otherwise they have to wait till late in the evening to have their questions answered!
Microsoft recently announced that it will be incorporating some of the ChatGPT functionality into its Bing and Edge search engines but that it will use a next generation OpenAI model that is more powerful than ChatGPT. If you’re a Microsoft customer, keep a watch on your inbox for an invite!
Google has just unveiled its offering. Called Bard, it’s similar to ChatGPT but the biggest difference is that it will use current information from the web whereas ChatGPT’s data sources are only current as of September 2021 – I did confirm that with my ChatGPT source!! Bard is projected to be ready for use by the end of February 2023. Interestingly, Google was in fact the first to embrace conversational AI through the launch of Lamda (Language Model for Dialogue Applications) in 2021 but it didn’t launch a consumer version which left a wide opening for ChatGPT to be the first offering in the consumer race.
There’s no doubt that ChatGPT will help fuel a curious mind and be a captivating way to spend time online for inquisitive kids however there are a few things us parents need to be aware of to ensure our kids stay as safe as possible.
Without a doubt, using ChatGPT to write your essay, solve a maths problem or translate your French homework, has been the biggest concern for schools, universities, and parents. Some schools have already banned the use of ChatGPT while others are rewriting curriculums to avoid tasks that could be undertaken by ChatGPT.
However, it appears that these concerns may be managed with the release of new software that can detect work that has been produced by ChatGPT. Stanford University has just released DetectGPT which will help teachers detect work that was created using the ChatGPT chatbot or other similar large language models (LLMs). ChatGPT has also released its own ChatGPT software detection tool however it does refer to it as ‘imperfect’.
What To Do – Some experts believe we need to work with ChatGPT and that it in fact could be a powerful teaching tool if it’s embraced and used wisely. Regardless of your thoughts on this, I suggest you work closely with your child’s school to understand what their policy is on its use and encourage your kids to follow it accordingly.
Even though ChatGPT states that its intention is to ‘generate appropriate and informative responses’, there’s no guarantee that this will always happen. I have spent a considerable time trying to catch it out and I am pleased to report that I couldn’t. It appears that there are certain topics it steers away from and that it does seem to have a good set of boundaries about what questions not to answer or topics to not content on, however don’t rely on these!
What To Do – If you have concerns, ensure your child has supervision when using ChatGPT.
While ChatGPT’s IQ and scope seems limitless, it isn’t perfect. Not only have there been reports of it being factually incorrect when creating content, its data sources are only current as at September 2021.
What To Do – Double check the content it creates for accuracy but steer your child towards a reliable and safe source for research projects.
And my final piece of advice – if you haven’t yet used ChatGPT, make yourself a cuppa and give it a whirl. Like everything in the online world, you need to understand how it works if you want to be able to help your kids stay safe. And if you aren’t sure what to ask it – why not a recipe for dinner? Simply enter what you can find in your fridge in the text box and within seconds, you’ll have a recipe!
Bon Appetit!
Alex
The post A Parent’s Guide to ChatGPT appeared first on McAfee Blog.
Deciding when to give your child a phone is not an easy task. Should you wait until they start high school or until they catch public transport home alone from school? Or, should 10 be the magic age when they become official phone owners? Or do hold off as long as you can until you can no longer bear their moaning that everyone else has one except for them!!
When my boys were younger (and I knew a little less), we had a family ‘understanding’ that when the boys started Year 5, they would receive a (very cheap and likely second hand) phone. Up until Year 5, my boys would go to after-school care. Somehow, turning 10 and entering Middle School meant after-school care wasn’t really that ‘cool’ anymore, so instead they required a phone so they could safely catch the train home by themselves. The fact that they could also use these devices to play games and talk to their friends was of course, only a secondary consideration for them!
That was how we managed the phone situation but let me assure you, almost every other family we knew had a different approach. Some gifted their offspring the latest iPhones as soon as they were requested, others provided a phone but with no ‘credit’ so the devices could only be used to receive calls. Others chose to wait till Year 7 and beyond and made their kids pay for the phone plan out of their pocket money.
Now, I’m a big fan of parents choosing what works best – no one knows a child quite like a parent does, right? But the problem is, deciding what’s right can be really overwhelming. So, I’ve put together a list of things to consider when making this all important decision. Once you’ve worked through these points, I am sure you’ll feel more confident to make a decision that works for both you and your child.
Having parented 4 very different boys, I am the first to confirm that every child grasps personal responsibility at different stages. Some kids just have a knack for losing things while others have the same lunchbox their entire school career! Some kids just get the consequence of spending money while others spend up big whilst gaming online, blissfully unaware of their bill.
You child’s digital reputation should also be worth considering when making your decision. Some kids understand that their online behaviour forms a key part of their reputation while others will charge forth in a heated online exchange without thinking.
I really believe there is a direct link between social smarts and a positive online experience. When a child can read a situation and instinctively know when to shut it down or withdraw, their online experience will be far more rewarding. If your child is slow to catch on to social cues, they may struggle with posting and communicating online.
When I was deliberating about giving my eldest son a phone, he really went hard with the safety argument – knowing it would appeal to my parental anxiety. So, I relented but he had to promise to answer when I called. And he did – usually!! But it’s worth pointing out that a device itself doesn’t guarantee safety. If your kids are travelling home from school, they still need to know how to cross the road, not to talk to strangers and to always lock the front door once home. A phone doesn’t teach this. But I personally did find it handy (and anxiety reducing) to be able to give them a quick call to give them a few reminders and ensure all was well.
When my younger boys received their phones, tracking apps like Life 360 were available. I know, they are controversial but, personally I found these super helpful. Being able to see where they were after school and to ensure they were heading in the right direction on the train, brought me great comfort to me when I was beating away on my keyboard at work.
If, after reading this, you’re thinking that your child really isn’t ready but still love the idea of being able to contact them, why not consider parental controls or a phone with limited features?
Putting age-appropriate boundaries around what your child does on their device is what parental controls will do. If you decide that you don’t want them to download TikTok, play particular games or view certain categories of websites, then this maybe your answer. You can also choose to set limits on their daily screen time and block out times when their phone can’t be used. Check out McAfee’s SafeFamily parental controls for peace of mind.
Or, instead, why not make a ‘dumb’ phone their only option? A basic dumb phone lacks the advanced functionality of most smartphones – think phones before the internet. This means you’ll be able to call and text them but will probably be more relaxed knowing they’re not researching the latest fads on TikTok!
Some companies have designed dumb phones for kids that even have built in parental controls. Open Mobile has a SmartKids Phone with a built-in GPS tracker and SOS button and comes without a camera. It does have internet connectivity but parents can see which apps have been downloaded, restrict specific apps and nominate what days and times apps can be used. A perfect option for a tween or young teenager!
Now, before making your final decision, I think it’s essential to think about your child’s sense of connectedness. As adults, we all know that being part of a community and ‘belonging’ is critical to mental health and self-worth. And I would not be doing my job if I didn’t remind you of just how fabulous a phone can be for staying in touch with your people. Just take a moment to remember how essential devices were for survival during Covid lockdowns.
So, over to you mums and dads. This is definitely one of the trickiest decisions you’ll make in your parenting journey but don’t forget that you know your child best. You’ve got this!
The post When Does My Child Really Need A Phone? appeared first on McAfee Blog.
It all feels so harmless. Who isn’t even alittle curious which celebrity is their look-a-like or what ’80s song best matches their personality? While some of these fun little quizzes and facial recognition-type games that pop up on social media are advertiser-generated and harmless, others have been carefully designed to steal your data.
According to the Better Business Bureau (BBB) consumers need to beware with the IQ tests, quizzes that require you to trade information. Depending on the goal of the scam, one click could result in a new slew of email or text spam, malicious data mining, or even a monthly charge on your phone bill.
Besides the spammy quizzes, scammers also use click bait, that are headlines designed to get your click and your data. Such headlines often promise juicy info on celebrities and may even legitimate human interest stories that claim, “and you won’t believe what happened next.” While some of those headlines are authored by reputable companies simply trying to sell products and compete for clicks, others are data traps that chip away at your privacy.
The best defense against click bait is knowledge. Similar to the plague of fake news circulating online, click bait is getting more sophisticated and deceptive in appearance, which means that users must be even more sophisticated in understanding how to sidestep these digital traps.
Our digital landscape is peppered with fake news and click bait, which makes it difficult to build trust with individuals and brands who have legitimate messages and products to share. As you become savvy to the kinds of data scams, your discernment and ability to hold onto your clicks will become second nature. Continue to have fun, learn, connect, but guard your heart with every click. Be sure to keep yor devices protected while you do!
The post Are You Getting Caught by Click Bait? appeared first on McAfee Blog.
Scammers now have new tools to lure people who are looking for love online, by reeling in potential victims with artificial intelligence (AI). Thanks to the aid of popular AI tools like ChatGPT, scammers can potentially generate anything from seemingly innocent intro chats to full-blown love letters in seconds, all ready to dupe their victims on demand.
Tactics like these are typical of “catfishing” in dating and romance scams, where the scammer creates a phony online persona and uses it to lure their victim into a relationship for financial gain. Think of it as a bait-and-hook approach, where the promise of love is the bait, and theft is the hook.
And as explained above, baiting that hook just got far easier with AI.
Sound farfetched? After all, who would fall for such a thing? It turns out that a sophisticated AI chatbot can sound an awful lot like a real person seeking romance. In our latest “Modern Love” research report, we presented a little love letter to more than 5,000 people worldwide and asked them if it was written by a person or by AI:
My dearest,
The moment I laid eyes on you, I knew that my heart would forever be yours. Your beauty, both inside and out, is unmatched and your kind and loving spirit only adds to my admiration for you.
You are my heart, my soul, my everything. I cannot imagine a life without you, and I will do everything in my power to make you happy. I love you now and forever.
Forever yours …
One-third of the people (33%) thought that a person wrote this letter, 31% said an AI wrote it, and 36% said they couldn’t tell one way or another.
What did you think? If you said that a person wrote the letter, you got hoodwinked. An AI wrote it.
The implications are concerning. Put plainly, scammers can turn on the charm practically at will with AI, generating high volumes of romance-laden content for potentially high volumes of victims. And as our research indicates, plenty of people are ready to soak it up.
Worldwide, we found:
Chatting with a stranger is one thing. Yet how often did it lead to a request for money or other personal information? More than half the time.
Scammers love a good story, one that’s intriguing enough to be believable, such as holding a somewhat exotic job outside of the country. Common tales include drilling on an offshore oil rig, working as a doctor for an international relief organization, or typically some sort of job that prevents them from meeting up in person.
Luckily, this is where many people start to catch on. In our research, people said they found out they were being catfished when:
Of course, the true telltale sign of an online dating or romance scam is when the scammer asks for money. The scammer includes a little story with that request too, usually revolving around some sort of hardship. They may say they need to pay for travel or medical expenses, a visa or other travel documents, or even customs fees to retrieve an item that they say is stuck in the mail. There’s always some kind of twist or intriguing complication that seems just reasonable enough such that the victim falls for it.
Scammers will often favor payment via wire transfers, gift cards, and reloadable debit cards, because they’re like cash in many regards—once you fork over that money, it’s as good as gone. These forms of payment offer few protections in the event of scam, theft, or loss, unlike a credit card charge that you can contest or cancel with the credit card company. Unsurprisingly, scammers have also added cryptocurrency to that list because it’s notoriously difficult to trace and recover.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest, reimburse, or trace back to the recipient. Requests for money, particularly in these forms, should raise a major red flag.
What makes online dating and romance scams so malicious, and so difficult to sniff out, is that scammers prey on people’s emotions. This is love we’re talking about, after all. People may not always think or act clearly to the extent that they may wave away their doubts—or even defend the scammer when friends or family confront them on the relationship.
However, an honest look at yourself and the relationship you’re in provides some of the best guidance around when it comes to meeting new people online:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working on several victims at once, which is yet another opportunity for them to get confused and slip up.
In the cases where scammers may use AI tools to pad their conversations, you can look for several other signs. AI still isn’t always the smoothest operator when it comes to language. AI often uses short sentences and reuses the same words, and sometimes it generates a lot of content without saying much at all. What you’re reading may seem to lack a certain … substance.
Scammers are likely to use all kinds of openers. That text you got from an unknown number that says, “Hi, where are you? We’re still meeting for lunch, right?” or that out-of-the-blue friend request on social media are a couple examples. Yet before that, the scammer had to track down your number or profile some way or somehow. Chances are, all they needed to do was a little digging around online.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2022 alone, Facebook took action on 1.5 billion fake accounts. Reject requests from strangers.
How did that scammer get your phone number or contact information in the first place? It could have come from a data broker site. Data brokers are part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well. With info from data broker sites, scammers compile huge lists of potential victims for their spammy texts and calls.
Our Personal Data Cleanup can help remove your info from those sites for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. It also monitors those sites, so if your info gets posted again, you can request its removal again.
Online protection software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, protecting your privacy by monitoring the dark web for your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
Worldwide, we found that 30% of men (and 26% of all adults) said they plan to use artificial intelligence tools to put their feelings into words. Yet, there’s a flipside. We also found that 49% of respondents said they’d be offended if they found out the note they received had been produced by a machine.
So why are people turning to AI? The most popular reason given for using AI as a ghostwriter was that it would make the sender feel more confident (27%), while others cited lack of time (21%) or lack of inspiration (also 21%), while 10% said it would just be quicker and easier and that they didn’t think they’d get found out.
It’s also worth noting that true romance seekers have called upon AI to kick off chats in dating apps, which might take the form of an ice-breaking joke or wistful comment. Likewise, AI-enabled apps have started cropping up in app stores, which can coach you through a conversation based on contextual cues like asking someone out or rescheduling a date. Some can even create AI-generated art on demand to share a feeling through an image.
It may be better than opening a conversation with an otherwise dull “hey,” yet as our research shows, there are risks involved if people lean on it too heavily—and prove to be quite a different person when they start talking on their own.
It’s important to remember that an AI chatbot like ChatGPT is a tool. It’s not inherently good or bad. It’s all in the hands of the user and how they choose to apply it. And in the case of scammers, AI chatbots have the potential to do a lot of harm.
However, you can protect yourself. In fact, you can still spot online dating and romance scams in much the same way as before. They still follow certain rules and share the same signs. If anything, the one thing that has changed is this: reading messages today calls for extra scrutiny. It will take a sharp eye to tell what’s real and what’s fake.
As our research showed, online dating and romance scams begin and end with you. Thinking back to what we learned as children about “stranger danger” goes a long way here. Be suspicious and, better yet, don’t engage. Go about your way. And if you do find yourself chatting with someone who requests money or personal information, end it. Painful as the decision may be, it’s the right decision. No true friend or partner, one you’ve never seen or met, would rightfully ask that of you.
Editor’s Note:
Online dating and romance scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Could ChatGPT Cause Heartbreak with Online Dating Scams? appeared first on McAfee Blog.
Swiping right is like a box of Valentine’s Day chocolates: You never know what you’re going to get. You could land with a ghost, a gem, or a fraudster who’s not interested in stealing your heart but your cryptocurrency.
Romance scams have been breaking hearts and emptying bank accounts since the advent of online dating in the 1990s. In 2021 alone, the FTC received 56,000 reports of romance scams and losses totaling $547 million. Compared to just four years earlier, total losses increased by 500%.1
Cryptocurrency romance scams are a relatively new evolution of the scheme. Here’s what you should know and signs that may indicate you’re communicating with a manipulative crypto thief.
A cryptocurrency romance scam is an online scheme where a cybercriminal forges romantic relationships through online platforms to trick people into handing over crypto assets. Conversations may begin on social media platforms or dating apps. After a few days, weeks, or – if the criminal is patient – months of communicating, the scammer uses their manufactured romantic bond to guilt their target into sending cryptocurrency. The criminal will often tug on heartstrings with made-up sad stories to explain what they’ll use the money for. They may ask for a few hundred to thousands of dollars’ worth of crypto. Once they’ve received payment, they may continue the charade of a relationship to attempt to weasel more money, or they may “end the relationship” and disappear to try their luck with someone else.
Artificial intelligence text generators like ChatGPT make juggling multiple love scams at once easier and quicker for scammers. Instead of using their brain to think up “heartfelt” proclamations of love, they can ask an AI program to do the work for them. And AI-written love letters are convincing! In McAfee’s Modern Love Report, 69% of global respondents were unable to tell if a love note was written by a human or a machine.
In crypto romance plots specifically, the criminal will ask for payment in cryptocurrency, such as Bitcoin or Ethereum. In general, you should be skeptical of any person or organization that asks for payment in crypto. Cryptocurrency is famously untraceable, meaning that once it hits someone else’s crypto wallet, there’s no way to get it back or ascertain the real identity of the account holder. Unlike a bank account that a real person with a valid Social Security Number must open, crypto does not have such requirements. The anonymity is what makes crypto the preferred payment type of nefarious characters.
In a 14-month span, cryptocurrency romance scams accounted for $185 million in crypto losses.2 And that figure only accounts for filed reports. It’s possible that some people are still in the swirls of a scam or are too embarrassed to report the crime.
There are three tell-tale signs of an online crypto dating scam. If you encounter any of these scenarios, begin to ask more probing questions. If you’re unsatisfied with the answers or the person you’re communicating with becomes defensive, you may want to consider blocking this person on your device and removing them from your life.
The getting-to-know-you phase of any new relationship is exciting and interesting. Even in this day and age of accelerated courtship and constant communication via texting, social media direct messages, and dating apps, this important phase takes time. If someone you’ve never met in person tells you they love you after just a few conversations, be wary of their compliments. Love-at-first-direct-message isn’t real.
Refusing or constantly postponing in-person meetings is a major red flag. In 39% of catfishing incidents, turning down in-person meetups was the ultimate sign that alerted people to the catfish, according to the Modern Love Report. Catfish – or someone using fake photos and/or backstories to deceive others online – often make all kinds of excuses to avoid showing their face or even talk on the phone. Excuses range from illness, family or work obligations, to the burdensome cost of travel. When two people have a deep connection based on genuine love, they’ll make the necessary compromises to show their real face.
Romance scammers may constantly lament their financial woes and say how they wished money wasn’t a problem. To gain sympathy, they may claim to have a sick family member or pet who needs expensive medical treatment. At this point, the scammer will hope that the target offers to send money, or the scammer may sheepishly request money outright. To keep targets from growing suspicious or resentful, the scammer is often overly thankful and promises to never ask for money again; however, they always do. Never share your crypto wallet private key with anyone, and immediately be on alert if someone you met online and have never met in person asks for payment in crypto.
Everyone who’s ever endured a breakup hates this saying for its maddening simplicity, but its message is true: There are other fish in the sea. Literally billions. Everyone deserves a partner who respects their time and needs. If the person on the other side of the screen is taking more than they’re giving, it’s time to say goodbye.
A partner who will never let you down is McAfee+ Ultimate. This all-in-one device, privacy, and identity protection service lets you live your best online life confidently. In case you ever fall victim to identity theft or you suspect your credit is compromised, you’re protected with credit lock, security freeze, and up to $1 million in identity theft coverage.
So, this Valentine’s Day, slow down and evaluate each new match for the robustness of their messages, not their “photo,” “job,” or “grand future plans.” Be careful in that harsh dating world and never settle for mediocre. The perfect person is out there somewhere!
1Federal Trade Commission, “Reports of romance scams hit record highs in 2021”
2Federal Trade Commission, “Reports show scammers cashing in on crypto craze”
The post 3 Signs You May Be Caught in a Cryptocurrency Romance Scam appeared first on McAfee Blog.
If you’re like most people, you like to stay connected whether you are traveling or just on the go. That’s why it can be tempting to connect to free, public Wi-Fi networks, but you should know that these networks could open you up to some serious risks.
Public Wi-Fi networks often lack a security measure called encryption, which scrambles the information sent from your computer or device to the router so strangers cannot read it. Without this security measure in place, the information you send over these networks can potentially be intercepted by cybercrooks.
This information could include your banking and social media passwords, as well as your identity information. A nosy cybercriminal could also potentially snoop on you by watching which websites you visit, and what you type into web forms.
In fact, it is so easy to steal your information over unsecured networks cybercrooks sometimes set up malicious Wi-Fi hotspots in high-traffic areas, like airports, with the intention of grabbing users’ information.
That’s why if you have to connect when you’re away, you should only use secure and well-advertised Wi-Fi networks. You can usually tell if they use encryption because they require a password to join.
If you have to do something sensitive online, like check your bank account balance or make a purchase, try to stick to webpages that start with “HTTPS” rather than just “HTTP”. The “S” stands for secure and indicates that the site uses encryption to protect your data. You can also look for a green lock icon at the beginning of the browser address, which indicates that the website connection is secure.
If you are on your mobile phone, you can skip the Wi-Fi network altogether and connect using the cellular network. It is somewhat more secure since it’s harder for cybercrooks to sniff out your individual data from others on the network.
If you travel a lot, consider investing in a Virtual Private Network (VPN), which is a piece of software that allows you to create a secure connection to another network over the Internet. Anyone potentially trying to snoop on you will only see that you are connected to the VPN, and not what you are doing.
Of course, the most important thing is to remember that using public Wi-Fi is always risky, and requires some extra steps to protect your data.
The post Why You Need to Watch Out When Using Public Wi-Fi appeared first on McAfee Blog.
“Together for a better internet.” That’s the rallying cry of this year’s Safer Internet Day, and it’s one we’re happy to hear. Particularly from a parent’s perspective.
Safer Internet Day celebrates its 20th year on February 7th and focuses on ways we can all protect, empower, and respect all children when they go online—and gives us an opportunity to reflect on what that really means.
Consider that for some time now, children have found themselves born into an online world. As soon as they can pick up a toy, they can pick up a phone or tablet too. And they often do, given that they’re growing up in homes where one is practically always in reach. With that, their online life begins.
Learning how to live life online is simply another part of growing up nowadays. And that’s where we as parents play a significant role. Just as in every other aspect of life, they look to us for guidance, encouragement, and new things to see and do online. Safely, too.
Children have said as much. In our recent global report entitled “Life Behind the Screens of Parents, Tweens, and Teens,” we asked who is best suited to teach them about being safe online. Children said their parents are the clear winners. Nearly three-quarters of children pointed to parents, almost twice more than teachers at school (39%) and more than twice over for online resources (34%).
However, while parents agreed with this, it appears they didn’t always follow through. For starters, parents reported using basic protection on their own computers at a relatively low rate. Even the simplest of security steps scored relatively low despite how relatively easy they are to take. That included using antivirus software (68%), protecting the computer with a password (58%), or sticking to reputable online stores when shopping (50%). These figures dropped yet lower when asked if they took the same precautions for their children on their computers.
For example, only 57% of parents said they installed antivirus on their child’s computer and only 44% have their child password or passcode protect their computer, as illustrated by the drops in the chart below.
This trend extends to smartphones as well. While 56% of parents said that they protect their smartphone with a password or passcode, only 42% said they do the same for their child’s smartphone—a 14% difference. Again, considering how easy it is to create a password or passcode for a phone, and how much of our online lives course through those devices, that figure would ideally come in at 100%.
In all, many parents protect their children even less than they protect themselves.
Everyone loves their smartphone. Children particularly so. While parents placed their smartphone as their top device at 59%, followed by their computer or laptop at 42%, tweens and teens put their smartphone at the top of the at a decisive 74%. Second was their gaming console at 68%.
Unsurprisingly, that love for the smartphone pushes children’s internet usage quickly to an adult level at an early age, marking a sort of early mobile maturity where they are exposed to the broader internet full of apps, chats, entertainment, and social media—along with their benefits and risks nearly right away.
Taken with the low level of security measures parents place on their children’s phones, we can see how children are going online with a device that’s largely unprotected—in part because their parents leave their smartphones largely unprotected as well.
Beyond devices, parents have other concerns about their children as they increasingly spend more time online, particularly as they get older. Some of the top ones include:
Increasingly, staying safe online involve more than protecting devices—it revolves around protecting the people who use them. Topics like the ones above are prime examples. They’re about people, not devices. Further, we have the broader issues of staying more private online and protecting your identity from hackers, scammers, and thieves—where once again, bad actors target people, not their devices.
It’s a lot to keep on top of.
And that can feel a bit overwhelming to a parent. Luckily, as with other aspects of parenting, you don’t have to think about all these topics all at once. They’ll crop up naturally over time, just as the umpteen other teaching moments do over the course of parenting.
It starts with asking a few questions. What might be on the horizon for our children as they go online over the next few weeks and months? How can you support them? And how can you prepare yourself for that support? Granted, those are some pretty broad questions. Yet we can help:
As for tools you can use to help keep your children safer online, we just released our McAfee+ Family Plans, online protection that’s personalized for the ones closest to you. Whether you want to protect your partner, children, parents, or a loved one practically anywhere, they offer tailored device, identity, and privacy protection for up to six people.
For your children, that means you can protect them from viruses, sketchy websites, and inappropriate content—plus establish ground rules for screen time, all in a way that’s right for them. Each child also gets their own Protection Score, a reflection of just how safe they are online, which you can quickly review and then get guide you through steps that can make them safer still. In all, it’s a powerful tool for parents who care about their children’s safety online.
You have yet another powerful tool at your disposal: conversations. You’ll find that some of the best protection you provide stems from chats with your children.
Sit down with them while they play an online game, ask what apps they like to use, or ask to look when a TikTok reel makes them laugh. These are all natural moments to get a glimpse into their digital life and simply talk about it—without lectures or preaching. The more you can make talking about life online feel like a normal thing, the more opportunities you’ll get to support them when they need it.
As parents, we can look at our children now and wonder what the internet will bring to them in the next five, ten, or even twenty years from now. It’s exciting, perhaps a bit dizzying, yet it’s more reason to offer your guidance and encouragement, to learn about life online together. That will give them a foundation they can build on, so they can enjoy a fulfilling and safer life online.
The post Safer Internet Day: Through a Parent’s Eyes appeared first on McAfee Blog.
Cybercriminals will always try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal info—but you have several ways you can beat them at their game.
Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too.
Specific to this big game, you can count on several types of scams to rear their heads this time of year—ticket scams, merchandise scams, betting scams, and phony sweepstakes as well. They’re all in the mix, and they’re all avoidable. Here, we’ll break them down.
As of two weeks out, tickets for the big game on the official ticketing website were going for $6,000 or so, and that was for the so-called “cheap seats.” Premium seats in the lower bowl 50-yard line, sold by verified resellers, were listed at $20,000 a pop or higher.
While the game tickets are now 100% mobile, that hasn’t prevented scammers from trying to pass off phony tickets as the real deal. They’ll hawk those counterfeits in plenty of places online, sometimes in sites like your friendly neighborhood Craigslist.
So if you’re in the market for tickets, there are certainly a few things to look out for:
If you plan on enjoying the game closer to home, you may be in the market for some merch—a hat, a jersey, a tee, or maybe some new mugs for entertaining when you host the game at your place. With all the hype around the game, out will come scammers who set up bogus online stores. They’ll advertise items for sale but won’t deliver—leaving you a few dollars lighter and the scammers with your payment information, which they can use on their own for identity fraud.
You can shop safely with a few straightforward steps:
This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
If you feel like doing extra sleuthing, look up the address of the website and see when it was launched. A visit to the Internet Corporation for Assigned Names and Numbers (ICANN) at ICANN.org gives you the option to search a web address and see when it was launched, along with other information about who registered it. While a recently launched site is not an indicator of a scam site alone, sites with limited track records may give you pause if you want to shop there—particularly if there’s a chance it was just propped up by a scammer.
<h3>Look for the lock icon in your browser when you shop.
Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.
Comprehensive online protection software will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to the scams floating around this time of year, online protection can help prevent you from clicking links to known or suspected malicious sites.
It’s hard to watch sports these days without odds and stat lines popping up onto the screen, along with a fair share of ads that promote online betting. If you’re thinking about making things interesting with some betting, keep a few things in mind:
As it is every year, you’ll see kinds of sweepstakes and giveaways leading up to the game, plenty of them legitimate. Yet as they do, scammers will try and blend in by rolling out their own bogus promotions. Their aim: to part you from your cash or even your personal information.
A quick way to sniff out these scams is to take a close look at the promotion. For example, if it asks you to provide your bank information to send you your prize money, count on it being a scam. Likewise, if the promotion asks you to pay to claim a prize in some form or other, it’s also likely someone’s trying to scam you.
In all, steer clear of promotions that ask something for something in return, particularly if it’s your money or personal information.
As it is of late, all kinds of scams will try to glom onto the big game this year. And some of the best advice for avoiding them is not to give in to the hype. Scammers prey on scarcity, a sense of urgency, and keyed-up emotions in general. Their hope is that these things may make you less critical and more likely to overlook things that would otherwise seem sketchy or too good to be true. Staying focused as you shop, place a wager, or otherwise look to round out your enjoyment of the big game is some of your absolute best defense against scammers right now, and any time.
The post Super Scams – Beat the Online Scammers Who Want to Sack Your Big Game appeared first on McAfee Blog.
Knowing the whole family is protected online is a great feeling—that they’re safe from online scams, inappropriate content, and people stealing or collecting their personal data. But online protection looks a little different for everyone, because everyone goes online a little differently.
With that, we’re introducing our McAfee+ Family plans, online protection that protects each family member with their own login, all based on their online risks and activities.
Like so many things in family life, a one-size-fits-all approach doesn’t always do the trick. For example, a movie night with an award-winning film that’s “R” rating may be fine for mom and dad but not for the kids. And music? CoComelon works great for playdates, but not for dinner dates. Yet everyone in the family wants the same thing. To enjoy themselves. It just looks different from person to person.
The same goes for online protection.
We all need protection when we go online. Yet different family members may need different kinds of protection depending on their age, interests, and what they do online. So, staying safer calls for a personalized approach, one that’s tailored to the things they do online.
McAfee+ Family plans offer identity, privacy, and device protection for up to six people so that you know that they’re protected from viruses, fraud, identity theft, and inappropriate content in a way that’s right for them.
The larger idea that inspired our family plans is this—you should have absolute confidence that everyone you care about has the protection they need.
That can get a little tricky when you think it through. With the family spending so much time online, it’s tough to know what everyone’s really doing, or if they’re safe while they’re doing it. Add to that all the ways companies track our activities online and the clever phishing tricks hackers use to steal our identity, there’s plenty to be concerned about. Simply put, it’s tough to know if everyone has the right protection in place and ways to take control of their privacy and identity.
Our family plans make sure they have it, and it can cover any loved one anywhere. That includes family still living at home, but it could also include your aunt two time zones away, the kids away at school, or an elderly mom in the next town. If it’s someone you care about, you can protect them with this plan. Up to six people in total.
That’s the idea. Everyone gets the right protection they need when they go online. Imagine ordering a pizza where each of the slices has someone’s favorite topping. That’s how our new family plan works. Your children get one set of protections made for them, your parents another, and you yet another. The result is the same, though. You’ll know everyone is safer. Because you set it up.
I’m happy to share that our McAfee+ Family plans are available now, ready to protect the people who matter most—your people, the way they go online, wherever they are.
The post McAfee+ Family Plans: The Right Protection for the Right People—Your People appeared first on McAfee Blog.
Written by James Schmidt
Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds if not thousands of dollars. This account puts a face on one of those scams—along with the personal, financial, and emotional pain that they can leave in their wake. This is the story of “Meredith,” whose aunt “Leslie” fell victim to an emerging form on online elder fraud. Our thanks to James for bringing it forward and to “Meredith’s” family for sharing it, all so others can prevent such scams from happening to them.
“Embarrassing. Simply embarrassing.” She shook her head. “It’s too raw. I can’t talk about it right now. I need time.”
Her aunt had been scammed. To the tune of $100,000 dollars. My colleague—we both work in the security industry—felt a peculiar sense of loss.
“I work in this industry. I thought I’d done everything right. I’ve passed on enough warnings to my family and friends to ensure they’d avoid the fate of the scammed. Simply because I’m in this industry does not imply my circle is always aware of all the threats to them, even if I do my best to teach them.”
“My mental state, recently, borders on shame; this feeling, you know? How could someone working in my industry have something like this happen to a family member?”
I told her many people working in other industries cannot control what happens to people in their families even if people in that industry had knowledge that could have helped them or otherwise avoided a problem altogether.
“I know, but this simply should never have happened! My aunt is one of the smartest, most conscientious people I know, and she fell for this. It’s crazy and I can’t wrap my head around it.”
My colleague, let’s call her Meredith (not her real name as she’s a bit ashamed to know this happened to a family member), told me the beginnings.
Let’s call her aunt Leslie.
Her story unfolds, the overall picture a pastiche of millions of people in the United States today. Her aunt is retired, bored, lonely, and isolated. She feels adrift without something to occupy her time; she was looking for companionship, connections, someone (anyone) to talk to. Her feelings intensified during the pandemic. She morphed into perfect prey for scammers of what is now known as the “Pig Butchering Scam.”
The term “Pig Butchering” has a visceral and raw feel to it, which falls right in line with how brutal this scam can be. It’s a long con game, where the scammer befriends the victim and encourages them to make small investments through the scammer, which get bigger and bigger over time. The scammer builds trust early with what appear to be small investment wins. None of it is legit. The money goes right into the scammer’s pocket, even as the scammer shows the victim phony financial statements and dashboards to show off the bogus returns. Confidence grows. The scammer wrings even larger sums out of the victim. And then disappears.
It was a targeted attack that started innocuously enough with a “fake wrong number”. An SMS arrives. A text conversation starts. The scammer then apologizes but tells Leslie someone gave them the number to initiate the text.
The scammer then uses emotional and psychological techniques to keep Leslie hooked. “How are you, are you having a nice day?” Leslie, being bored and interested, engages willingly.
The scammer asks to talk directly, not via text: and a phone conversation ensues. The scammer proceeds to describe—in very soothing detail—what they are doing, helping people, like Leslie, invest their “hard-earned money” into something that will make them more money, to help them out in retirement.
Of course, it is too good to be true.
“The craziest part of all of this is my aunt refuses—to this day—to believe she’s been scammed!”
She still thinks this scammer is a “friend” even though the entire family is up in arms over this, all of whom beg her aunt to “open her eyes.”
“My aunt still thinks she’d going to see that money again, or even make some money, which is crazy. The scammers are so good at emotional intelligence; really leveraging heartstrings and psychological makeup of the forlorn in society. My aunt finally agreed to stop sending more money to the scammers, but only after the entire family threatened to cut her off from the rest of the family. It took a lot to get her to stop trusting the scammers.”
Meredith feels this is doubly sad as the aunt in question is not someone they’d ever imagine would in this predicament. She was always the upright one, always the diligent and hardworking and the best with money. She is smart and savvy and we could never imagine her to be taken by these people and taken so easily. It boggles the mind.”
She did start to change in the last few years. And the pandemic created a weird situation. Retirement, loneliness from loss of a partner, and the added burden of the pandemic created a perfect storm for her to open herself up to someone willingly, simply for the sake of connection.
“No one deserves this. It has rocked my family to the core. It is not only about the money, but we’ve found family bonds stretched. She believes these random people, these scammers, more than she believes her own family. Have we been neglectful of our aunt? Does she no longer put her faith in people she knows, rather gives money to complete strangers?”
Being a security professional does not provide magical protection. We are more aware of scams and scammers, and how they work, and what to look for, and we try to do all we can to keep our family aware of scams out there in the big wide world, but we are human. We fall short.
Diligence is action. Awareness is action. Education is action.
We need to be better, all of us, at socializing risky things. We need to consistently educate our family and friends to protect themselves, not only via security software (which everyone should have as default) but by providing tips and tricks and warnings for things we all need to be on the lookout. This is not a one-time thing. The cliché holds true: “If you see something say something.” Repetition helps.
In today’s world, the need for protecting people’s security, identity, and privacy is critical to keeping them safe. Scammers long stopped focusing on attacking only your computer. Now focus more than ever on YOU: your identity, your privacy, your trust. If they get you there, they soon get your money.
As for contributing factors to scammers success with their victims, such as loneliness, isolation, and boredom, they all have remedies. Make connections with your loved ones, especially those easily tagged as vulnerable, those you feel might be at risk. Reach out. It may be hard sometimes due to distance and other factors but make it a point to connect. There is a reason these scammers are succeeding. They are stepping into roles of companions to people who are desperate for connection.
Most people are greatly saddened at seeing other people being “taken.” Let’s work together to help stop the scammers.
Look out for each other, and get your people protected!
Editor’s Closing Note:
If you or someone you know suspects elder fraud, the following resources can help:
For further reading on scams and scam prevention, check out the guides in our McAfee Safety Series, which provide in-depth advice on protecting your identity and privacy—and your family from scams. They’re ready to download and share.
The post A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam appeared first on McAfee Blog.
All your online activity creates a trail of data. And that data tells a story. The story of you.
The websites, apps, and services you use throughout the day all collect data. They may collect data about your behaviors, interests, and purchases—along with what you’re doing, for how long, and where, largely without your knowledge. They may also collect personal information, information you provide, such as health records, your Social Security Number, banking info, your driver’s license number, and more. This can include further health data, such as the kind that gets tracked from a smartwatch or wearable device.
“So what?”
I’ve heard plenty of people say exactly that about data collection. And plenty of others simply resign themselves to the reality of data collection. “What’s out there is already out there.” They feel like there’s not much they can do about it. If anything at all. And does it really matter?
It absolutely matters.
That is, it matters if you hate spam calls and texts. If you’re worried about identity theft. If you’re worried that practically anyone can purchase a detailed picture of your personal information from an online data broker and use it as they like.
Indeed, your data tells the story of you. And plenty of others are interested in your story. Businesses and advertisers for one, so they can market to the most targeted of your needs and interests. Yet also hackers, scammers, spammers, and thieves—and in extreme cases, stalkers as well.
While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you’re not helpless! In many cases, you can control how you share your data by taking a few steps. Your data is precious, and you deserve to be selective about who you share it with.
That’s the reason you’ve seen McAfee roll out so many protections for your privacy and identity, with several more to come. While there are so many tools for data collection today, so are the tools for you to take control.
Looking at our own McAfee+ online protection plans, they offer you identity theft and fraud protections such as Personal Data Cleanup, identity monitoring, along with credit monitoring, a VPN that can help keep your online activity more private, $1M in identity theft coverage and support from an identity restoration specialist … the list goes on. These are tools everyone can benefit from in the face of the current threats out there.
The evolution of McAfee+ reflects the nature of online threats today. Increasingly, the target is you—your privacy, your identity, and all the things that they unlock.
Another simple yet powerful step is to protect your devices with comprehensive online protection software. This will help defend you against the latest virus, malware, spyware, and ransomware attacks plus further shield your privacy, and minimize web tracking (think advertisers) with a VPN. In addition to this, it will also create and store strong, unique passwords, and offer web protection that can help steer you clear of sketchy websites that may try to steal your data.
Start with the devices and apps you use most. Different devices and apps will have their own privacy settings, so give them a look and see what your options are. You may be surprised to find how you can limit which information advertisers can use to serve up ads to you. You may find that some apps have GPS tracking turned on, even though they don’t need it to function. All of this adds up to data that companies may collect, share, or resell—depending on their privacy policy. Again, start with the devices and apps you use most then expand from there. It’s also a good opportunity to delete apps you don’t use anymore—along with the data associated with them.
One major privacy leak comes at the hands of online data brokers, companies that collect and resell volumes of exacting personal information about millions of people. In fact, they make up a multi-billion-dollar industry that spans worldwide. Additionally, there are so-called “White Pages” and “people finder” sites that post information like names, addresses, and other public records that anyone can access. With all this information collected in a central location that’s easily searched and accessed, these sites can be an ideal resource for hackers, spammers, and thieves. McAfee’s Personal Data Cleanup can help you take control. It scans high-risk data broker sites and lets you know which ones are selling your data, and depending on your McAfee+ plan, it can remove it for you too.
Yet you can take even more control of your privacy. As part of our McAfee Safety Series, we have an entire guide dedicated to the topic of online privacy, the McAfee Digital Privacy Guide. It shows you ways that you can take control of your digital privacy, insight into what information you may be creating, and how you may be passing it along—whether you know it or not.
In all, your privacy is your own. We believe that what you share and don’t share, who you share it with and who you don’t, and for what reason … should be your decision.
It’s your story. Take control. And we’re here to help.
The post How to Protect Your Personal Data appeared first on McAfee Blog.
ChatGPT: Everyone’s favorite chatbot/writer’s-block buster/ridiculous short story creator is skyrocketing in fame. 1 In fact, the AI-generated content “masterpieces” (by AI standards) are impressing technologists the world over. While the tech still has a few kinks that need ironing, ChatGPT is almost capable of rivaling human, professional writers.
However, as with most good things, bad actors are using technology for their own gains. Cybercriminals are exploring the various uses of the AI chatbot to trick people into giving up their privacy and money. Here are a few of the latest unsavory uses of AI text generators and how you can protect yourself—and your devices—from harm.
Besides students and time-strapped employees using ChatGPT to finish writing assignments for them, scammers and cybercriminals are using the program for their own dishonest assignments. Here are a few of the nefarious AI text generator uses:
The best way to avoid being fooled by AI-generated text is by being on high alert and scrutinizing any texts, emails, or direct messages you receive from strangers. There are a few tell-tale signs of an AI-written message. For example, AI often uses short sentences and reuses the same words. Additionally, AI may create content that says a lot without saying much at all. Because AI can’t form opinions, their messages may sound substance-less. In the case of romance scams, if the person you’re communicating with refuses to meet in person or chat over video, consider cutting ties.
To improve your peace of mind, McAfee+ Ultimate allows you to live your best and most confident life online. In case you ever do fall victim to an identity theft scam or your device downloads malware, McAfee will help you resolve and recover from the incident. In addition, McAfee’s proactive protection services – such as three-bureau credit monitoring, unlimited antivirus, and web protection – can help you avoid the headache altogether!
1Poc Network, “I asked AI (ChatGPT) to write me a rather off short story and the result was amazing”
2CyberArk, “Chatting Our Way Into Creating a Polymorphic Malware”
The post ChatGPT: A Scammer’s Newest Tool appeared first on McAfee Blog.
Authored by Fernando Ruiz
The popularity of AI-based mobile applications that can create artistic images based on pictures, such as the “Magic Avatars” from Lensa, and the OpenAI service DALL-E 2 that generates them from text, have increased the mainstream interest of these tools. Users should be aware of those seeking to take advantage to distribute Potential Unwanted Programs (PUPs) or malware, such as through deceptive applications that promise the same or similar advanced features but are just basic image editors or otherwise repackaged apps that can drain your data plan and battery life with Clicker and HiddenAds behaviors, subscribe you to expensive services that provide little or no value over alternatives (Fleeceware), or even steal your social media account credentials (FaceStealer).
Dozens of apps surface daily claiming to offer AI image creation. Some of them might be legitimate or based on open-source projects such as Stable Diffusion, but in the search for a free application that produces quality results, users might try new apps that could compromise their privacy, user experience, wallet and/or security.
The McAfee Mobile Research Team recently discovered a series of repackaged image editors on the Google Play app store which presented concerning behaviors. McAfee Mobile Security products help protect against such apps, including those classified as Android/FakeApp, Android/FaceStealer, Android/PUP.Repacked and Android/PUP.GenericAdware.
McAfee, a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem, reported the discovered apps to Google, which took prompt action and the apps are no longer available on Google Play.
We now discuss various types of privacy and/or security risks associated with the types of apps recently removed from the app store.
“Pista – Cartoon Photo Effect” and “NewProfilePicture” are examples of apps that offered compelling visual results, however, each was based on the same image editor with basic filters and trojanized with Android/FaceStealer, which is a well-known malware capable of compromising a victim’s Facebook or Instagram account. The apps could capture user credentials during a Facebook login by embedding a javascript function loaded from a remote server (to evade detection) into a flutter webview activity that displays the Facebook login screen.
“NewProfilePicture” and “Pista – Cartoon Photo Effect” are examples of FaceStealer malware that posed as a cartoon avatar creator.
The same image editor which was repackaged into the above two apps has also been repackaged alternatively with adware modules and distributed by other developers under other app names, such as “Cartoon Effect | Cartoon Photo”:
Fleeceware refers to mobile apps that use various tactics to enroll users into subscriptions with high fees, typically after a free trial period, and often with little or no value to the subscriber beyond cheaper or free alternatives. If the user does not take care to cancel their subscription, they continue to be charged even after deleting the app.
“Toonify Me”, which is no longer available on the Play Store, cost $49.99 per week after 3 days – almost $2,600 per year – for what featured AI-generated illustrations in the app description, but was another repackaged version of the same image editor functionality found within “NewProfilePicture” and “Pista – Cartoon Photo Effect”.
In this case, the “Toonify Me” app did not allow feature access without enrolling in the subscription, and the “CONTINUE” button which initiated the subscription was the only option to tap in the app once it was launched.
Promoted by ads that described it as capable of transforming pictures into artistic drawings, the “Fun Coloring – Paint by Number” app is an example of a repackaged version of a different, legitimate pixel painting app. It lacked the advertised AI effects and was plagued with adware-like behavior.
Advertisement of “Fun Coloring – Paint by Number” on social media which included app store link
Consistent with many reviews complaining about unexpected ads out of the context of the app, once installed, the app started a service that communicated in the background with Facebook Graph API every 5 seconds and might pull ads based on received commands after some time of execution. The app contained multiple injected SDK modules from AppsFlyer, Fyber, InMobi, IAB, Mintegral, PubNative and Smaato (none of which are in the original app, which was repackaged to include these), which would help monetize installations without regard for user experience.
When new types of apps become popular and new ones appear on the market to offer similar features, users should act with caution to avoid becoming victim to those wanting to exploit public interest.
When installing an app that causes you doubt, make sure you:
Even if an app is legitimate, we also encourage users to look closely before installation at any available privacy policy to understand how personal data will be treated. Your face is a biometric identifier that’s not easy to change, and multiple pictures might be needed (and stored) to create your model.
Artificial intelligence tools will continue to amaze us with their capabilities and probably will become more accessible and safer to use over time. For now, keep in mind that AI technology is still limited and experimental, and can be expensive to use – always consider any hidden costs. AI also will bring more challenges as we discussed on the 2023 McAfee Threat Prediction blog.
The following table lists the application package name, hash sum SHA256, the minimum number of installations on Google Play, and the type of detected threat. These apps were removed from Google Play, but some may remain available elsewhere.
| Package Name | SHA256 | Installs | Type |
| com.ayogamez.sketchcartoon | 9cb1d996643fbec26bb9878939735221dfbf639075ceea3abdb94e0982c494c1 | 5M | Adware |
| com.rocketboosterapps.toonifyme | 3f45a38b103e1812146df8ce179182f54c4a0191e19560fcbd77240cbc39886b | 10K | Fleeceware |
| com.nhatanhstudio.cartoon.photoeffect | 2c7f4fc403d1449b70218624d8a409497bf4694493c7f4c06cd8ccecff21799a | 5K | Repackaged Adware |
| com.cambe.PhotoCartoon | 5327f415d0e9b21523f64403ec231e1fd0279c48b41f023160cd1d70dd733dbf | 10K | Repackaged Adware |
| com.chiroh.cartoon.prismaeffect | 18fef9f92639e31dd6566854feb30e1e4333b971b05ae9aba93ac0aa395c955b | 1K | Repackaged Adware |
| cartoon.photo.effect.editor.cartoon.maker.online. caricature.appanime.convert.photo.intocartoon |
3b941b7005572760b95239d73b8a8bbfdb81d26d405941171328daa8f3c01183 | 50 | Repackaged Adware |
| com.waxwell.saunders.pistaphotoeditor | 489d4aaec3bc694ddd124ab8b4f0b7621a51aad13598fd39cd5c3d2067b950e5 | 50 | FaceStealer |
| com.ashtoon.tooncool.skordoi | 980c090c01bef890ef74bd93e181d67a5c6cd1b091573eaaf2e1988756aacd50 | 100K | FaceStealer |
| com.faceart.savetoon.cartoonedit | 55ffc2e392280e8967de0857b02946094268588209963c6146dad01ae537daca | 100 | FaceStealer |
| com.okenyo.creatkartoon.studio | e696d7304e5f56d7125dd54c853ff35a394a4175fcaf7785d332404e161d6deb | 500K | FaceStealer |
| com.onlansuyanto.editor.bading | 59f9630c2ebe4896f585ec7722c43bb54c926e3e915dcfa4ff807bea444dc07b | 10K | FaceStealer |
| com.madtoon.aicartoon.kiroah | c29adfade300dde5e9c31b23d35a6792ed4a7ad8394d37b69b5cecc931a7ad9f | 100K | FaceStealer |
| com.acetoon.studio.facephoto | 24cf7fcaefe98bc9db34f551d11906d3f1349a5b60adf5fa37f15a872b61ee95 | 100K | FaceStealer |
| com.funcolornext.beautyfungoodcolor | b2cfa8b2eccecdcb06293512df0db463850704383f920e5782ee6c5347edc6f5 | 100K | Repackaged Adware |
The post The Rise and Risks of AI Art Apps appeared first on McAfee Blog.
It’s been like this from the start—wherever people shop, do business, or simply gather together, you’ll find thieves in the mix, ready to take advantage. And that’s truer today when it comes to life online as cybercriminals use the internet to steal financial or personal data for their personal gain—otherwise known as identity theft.
This is a criminal act and can affect your credit score in a negative way and cost money to fix. It can also affect employment opportunities since some employers conduct a credit check on top of drug testing and a criminal history check. Identity theft victims may even experience an impact to their mental health as they work to resolve their case.
This could include private details like your birth date, bank account information, Social Security number, home address, and more. With data like this, an individual can adopt your identity (or even create a fake identity using pieces of your personal profile) and apply for loans, credit cards, debit cards, and more.
You don’t have to be kept in the dark, though. The good news is that being able to recognize the signs of identity theft means you can act quickly to intervene and minimize any effects in case it happens to you. You can also protect yourself by using preventive measures and engaging in smart online behavior.
Steps to take if you think your identity has been stolen
There are several signs that your identity has been stolen, from a change in your credit score to receiving unfamiliar bills and debt collectors calling about unfamiliar new accounts. It may be an unusual charge on one of your cards, however small. Or you may use a credit monitoring service like ours and receive an alert of suspicious activity. However it comes to your attention, you can act fast to minimize what happens.
File a police report
Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you may need to get your bank or other financial institution to reverse fraudulent charges. An official report assures the bank that you have been affected by identity fraud and it’s not a scam.
Before going to the police, gather all the relevant information about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that could be related. For example, was your debit card recently lost or your email hacked? The police will want to know.
Notify the company where the fraud occurred
You should also notify any businesses linked to your identity theft case. Depending on the type of identity theft, this could include banks, credit card companies, medical offices, health insurers, e-commerce stores, and more. Similarly, a fraudster may assume your identity to gain access to health care services, such as medical checkups, prescription drugs, or pricey medical devices. For instance, if someone uses your health insurance to get prescription drugs from a pharmacy, make sure to alert the pharmacy and your insurer.
File a report with the Federal Trade Commission
The Federal Trade Commission (FTC) is a government body that protects consumer interests. You can report identity theft via their portal, IdentityTheft.gov. They’ll then use the details you provide to create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.
Outside of the U.S., our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
Ask credit reporting agencies to issue a fraud alert
A common consequence of identity theft is a dip in the victim’s credit score. For example, a cybercriminal may take out new lines of credit in the victim’s name, accrue credit card debt, and then not pay the balance. For this reason, contacting the credit monitoring bureaus is one of the most important steps to take in identity theft cases.
There are three main agencies in the U.S.: TransUnion, Equifax, and Experian. You can get a free credit report from each agency every 12 months via AnnualCreditReport.com. Check the report and note all fraudulent activity or false information and flag it with the relevant bureau’s fraud department. You should also initiate a fraud alert with each agency.
A fraud alert requires any creditors to verify your identity before opening a new line of credit. This adds an extra layer of security. An initial fraud alert lasts for 90 days. Once this expires, you can prolong your protection via an extended fraud alert, which will remain valid for seven years. You can notify one of the big three bureaus to set it up. They are then required to notify the other two bureaus.
A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others may want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer may check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze. And depending on your plan, you can issue a credit freeze or an even more comprehensive security freeze right from the McAfee app.
Change passwords for your accounts
Identity theft is often linked with leaked or hacked passwords. Even if you aren’t sure whether your passwords have been compromised, it’s best to play it safe. Change passwords to any affected accounts. Make sure to use strong, unique passwords for each of your accounts with a mix of numbers, letters, and symbols. A password manager included with comprehensive online protection software can do the work for you by creating and securely storing them for you. Further, if there’s a chance to activate two-factor authentication on your accounts go ahead and use it as it makes accessing accounts with a stolen password more difficult.
Is it possible to prevent identity theft?
Putting thorough protections in place can greatly reduce your risk of identity theft. As mentioned above, our McAfee+ plans offer a broad set of features that can help protect your identity. You monitor your credit, monitor your identity, and even help you restore your credit with identity theft & restoration services that cover up to $1 million in losses due to identity theft and connect you with recovery pros who can help you clean up your credit.
Additionally, you can grab a copy of our free Identity Protection Guide that covers the topic in detail—it’s part of our McAfee Safety Series, dedicated to ways you can protect yourself for a safer, more enjoyable life online.
If identity theft happens to you …
Realizing that you’ve become a victim carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, or even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Right away.
Think like a detective who is building—and closing—a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer for any questions you’ll face in the process of restoring your identity will help you see things through.
The post What Should You Do if Your Identity Has Been Stolen? appeared first on McAfee Blog.
PayPal recently notified thousands of its customers that their accounts were breached by hackers, leaving their Social Security Numbers and other key pieces of personal information exposed as a result.
Sources report, that the attack involved “credential stuffing,” where hackers gather lists of usernames and passwords sourced from the dark web or from data breaches—and then “stuff” those credentials into login systems, giving them access to those accounts.
This form of attack is particularly dangerous for people who re-use passwords across their accounts, as hackers can steal a password from one account and use it to access others.
It is reported that PayPal notified users affected by this attack on January 18th with an email since made available online. The email states that,
“Based on PayPal’s investigation to date, we believe that this unauthorized activity occurred between December 6, 2022, and December 8, 2022, when we eliminated access for unauthorized third parties. During this time, the unauthorized third parties were able to view, and potentially acquire, some personal information for certain PayPal users.”
PayPal further detailed the information exposed (emphasis ours):
The personal information that was exposed could have included your name, address, Social Security number, individual tax identification number, and/or date of birth.
The email went on to say that PayPal reset the passwords of the affected accounts and will require affected users to establish a new password the next time they log in to their accounts.
It takes time for companies to discover breaches and other illegal activities on their networks. The activity may have occurred days, weeks, or even months before it was discovered. Thereafter, it takes yet more time for companies to investigate the attack, determine the method of entry, what was affected, and to what extent—not to mention update their security measures as needed.
In the case of PayPal, the company stated that the attacks occurred between December 6th and 8th of 2022, and the notification sent to affected customers was dated January 18th.
This is typical of such attacks. Time passes before victims get notified. And yet more victims may be identified as investigations continue, leaving hackers with a relatively large window of opportunity to do harm.
Given the nature of the PayPal attack, there are a few steps you can take to protect yourself in its aftermath, which involves a combination of preventative steps and some monitoring on your part.
Given that passwords were involved, changing your PayPal password is a must. (As stated, PayPal will require you to do so.) And if you re-use passwords or similar passwords across accounts, changing them is a must as well.
Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly may make a stolen password worthless because it’s out of date by the time a hacker attempts to use it.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.
PayPal offers two-factor authentication as an option, and you can enable it by logging into your account settings and then clicking on the “Security” tab.
Per PayPal’s customer email, contact their customer service for assistance if you spot any unusual activity on your account.
If you spot unusual or unfamiliar transactions on your bank or credit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed.
Given number the accounts you might have, a credit monitoring service can help. McAfee’s credit monitoring service can help you keep an eye on changes to your credit score, report, and accounts with timely notifications and provide guidance so you can take action to tackle identity theft.
With some personal information in hand, bad actors may seek out more. They may follow up a high-profile attack with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting.
If you are contacted by PayPal, make certain the communication is legitimate. Bad actors may pose as PayPal to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the PayPal website or contact them by phone directly.
An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s monitors the dark web for your personal info and provides early alerts if your data is found on there, an average of 10 months ahead of similar services. We also provide guidance to help you act if your information is found.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies. This will help prevent bad actors from opening new lines of credit or take out loans in a victim’s name by “freezing” their credit report so that potential creditors cannot pull it for reference.
McAfee+ plans give you guidance on how to place a full security freeze, stopping lenders and other companies from seeing your credit file. This halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
A complete suite of online protection software can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone.
Additionally, we offer $1 million in identity theft coverage and restoration support from a licensed recovery pro who can help you repair your identity and credit if you find yourself a victim.
Your Social Security or tax ID number is one of the most precious pieces of personal information you have. With them, an identity thief can open new accounts or lines of credit in your name, not to mention gain employment, claim insurance benefits, or even commit crimes in your name.
PayPal stated that victims may have had Social Security or tax ID number exposed. If you believe this occurred to you, file a report with the Federal Trade Commission (FTC), which handles such cases. From there, they will provide you with a set of next steps.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the PayPal breach.
Data breaches typically make the news when it affects a large company and generally only after they discover and release word of it. This means you might not hear about a breach until weeks or even months after your stolen info has been in circulation on the dark web. The measures you can take here can mitigate the damage of such attacks, even if you don’t think you were caught up in a specific breach.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, making protecting ourselves a must.
The post The PayPal Breach – Who Was Affected and How You Can Protect Yourself appeared first on McAfee Blog.
Aside from using it for calls and texting, we use our smartphones for plenty of things. We’re sending money with payment apps. We’re doing our banking. And we’re using them to set the alarm, turn our lights on and off, see who’s at the front door, and for some of us, even start our cars. The smartphone is evolving, and in many ways, it’s become the “universal remote control” of our lives. And that means it needs protection.
Truly, think about all that you do from the palm of your hand. Your phone connects you to so many essential things, it’s tough to think what the day would be like without it—or worse yet, if your phone got stolen or lost. Maybe you know the feeling. That rising panic when you misplace your phone and then the relief you feel when you find it.
Yet you have plenty of ways you can protect yourself and your phone, not only from loss and theft but from hacks and attacks too.
Comprehensive online protection software can protect your phone in the same ways that it protects your laptops and computers. Installing it can protect your privacy, keep you safe from attacks on public Wi-Fi, and automatically block unsafe websites and links, just to name a few things it can do.
Updates do all kinds of great things for gaming, streaming, and chatting apps, like add more features and functionality over time. Updates do something else—they make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
iPhones update apps automatically by default, yet you can learn how to turn them back on here if they’ve been set to manual updates. For Android phones, this article can help you set apps to auto-update if they aren’t set that way already.
Much the same goes for the operating system on smartphones too. Updates can bring more features and more security. iOS users can learn how to update their phones automatically in this article. Likewise, Android users can refer to this article about automatic updates for their phones.
Fewer people use a lock screen than you might think. A finding from our recent global research showed that only 56% of adults said that they protect their smartphone with a password or passcode. The problem with going unlocked is that if the phone gets lost or stolen, you’ve basically handed over a large portion of your digital life to a thief. Setting up a lock screen is easy. It’s a simple feature found in both iOS and Android devices.
So what happens if your phone actually ends up getting lost or stolen? A combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it. Different device manufacturers have different ways of going about it, but the result is the same—you can you’re your phone, prevent others from using it, and even erase it if you’re truly worried that it’s in the wrong hands or simply gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.
One way hackers work their way into smartphones is through malicious apps that pose as photo editors, VPNs, and games—yet are loaded with malware that spy on your activity or steal account information. Google Play and Apple’s App Store have measures in place to review apps to help ensure that they are safe and secure. Granted, cybercriminals have found ways to work around Google and Apple’s review process, yet they’re quick to remove malicious apps once discovered. Yet third-party app stores and websites likely have no such protections in place. In fact, some third-party sites may intentionally host malicious apps as part of a scam. Stick with the official app stores for a far safer phone.
Truly, we hold so much in the palm of our hand. Our smartphones connect us to our friends and family, work and livelihoods, banking and finances, and even our homes and the smart devices in them. It’s no exaggeration to say that a good portion of daily life courses through our smartphones. And when we look at them that way, it puts the importance of protecting them in a whole new light.
The post Protecting the Universal Remote Control of Your Life—Your Smartphone appeared first on McAfee Blog.
Written by James Schmidt
Editor’s Note: We often speak of online scams in our blogs, ones that cost victims hundreds if not thousands of dollars. This account puts a face on one of those scams—along with the personal, financial, and emotional pain that they can leave in their wake. This is the story of “Meredith,” whose aunt “Leslie” fell victim to an emerging form on online elder fraud. Our thanks to James for bringing it forward and to “Meredith’s” family for sharing it, all so others can prevent such scams from happening to them.
“Embarrassing. Simply embarrassing.” She shook her head. “It’s too raw. I can’t talk about it right now. I need time.”
Her aunt had been scammed. To the tune of $100,000 dollars. My colleague—we both work in the security industry—felt a peculiar sense of loss.
“I work in this industry. I thought I’d done everything right. I’ve passed on enough warnings to my family and friends to ensure they’d avoid the fate of the scammed. Simply because I’m in this industry does not imply my circle is always aware of all the threats to them, even if I do my best to teach them.”
“My mental state, recently, borders on shame; this feeling, you know? How could someone working in my industry have something like this happen to a family member?”
I told her many people working in other industries cannot control what happens to people in their families even if people in that industry had knowledge that could have helped them or otherwise avoided a problem altogether.
“I know, but this simply should never have happened! My aunt is one of the smartest, most conscientious people I know, and she fell for this. It’s crazy and I can’t wrap my head around it.”
My colleague, let’s call her Meredith (not her real name as she’s a bit ashamed to know this happened to a family member), told me the beginnings.
Let’s call her aunt Leslie.
Her story unfolds, the overall picture a pastiche of millions of people in the United States today. Her aunt is retired, bored, lonely, and isolated. She feels adrift without something to occupy her time; she was looking for companionship, connections, someone (anyone) to talk to. Her feelings intensified during the pandemic. She morphed into perfect prey for scammers of what is now known as the “Pig Butchering Scam.”
The term “Pig Butchering” has a visceral and raw feel to it, which falls right in line with how brutal this scam can be. It’s a long con game, where the scammer befriends the victim and encourages them to make small investments through the scammer, which get bigger and bigger over time. The scammer builds trust early with what appear to be small investment wins. None of it is legit. The money goes right into the scammer’s pocket, even as the scammer shows the victim phony financial statements and dashboards to show off the bogus returns. Confidence grows. The scammer wrings even larger sums out of the victim. And then disappears.
It was a targeted attack that started innocuously enough with a “fake wrong number”. An SMS arrives. A text conversation starts. The scammer then apologizes but tells Leslie someone gave them the number to initiate the text.
The scammer then uses emotional and psychological techniques to keep Leslie hooked. “How are you, are you having a nice day?” Leslie, being bored and interested, engages willingly.
The scammer asks to talk directly, not via text: and a phone conversation ensues. The scammer proceeds to describe—in very soothing detail—what they are doing, helping people, like Leslie, invest their “hard-earned money” into something that will make them more money, to help them out in retirement.
Of course, it is too good to be true.
“The craziest part of all of this is my aunt refuses—to this day—to believe she’s been scammed!”
She still thinks this scammer is a “friend” even though the entire family is up in arms over this, all of whom beg her aunt to “open her eyes.”
“My aunt still thinks she’d going to see that money again, or even make some money, which is crazy. The scammers are so good at emotional intelligence; really leveraging heartstrings and psychological makeup of the forlorn in society. My aunt finally agreed to stop sending more money to the scammers, but only after the entire family threatened to cut her off from the rest of the family. It took a lot to get her to stop trusting the scammers.”
Meredith feels this is doubly sad as the aunt in question is not someone they’d ever imagine would in this predicament. She was always the upright one, always the diligent and hardworking and the best with money. She is smart and savvy and we could never imagine her to be taken by these people and taken so easily. It boggles the mind.”
She did start to change in the last few years. And the pandemic created a weird situation. Retirement, loneliness from loss of a partner, and the added burden of the pandemic created a perfect storm for her to open herself up to someone willingly, simply for the sake of connection.
“No one deserves this. It has rocked my family to the core. It is not only about the money, but we’ve found family bonds stretched. She believes these random people, these scammers, more than she believes her own family. Have we been neglectful of our aunt? Does she no longer put her faith in people she knows, rather gives money to complete strangers?”
Being a security professional does not provide magical protection. We are more aware of scams and scammers, and how they work, and what to look for, and we try to do all we can to keep our family aware of scams out there in the big wide world, but we are human. We fall short.
Diligence is action. Awareness is action. Education is action.
We need to be better, all of us, at socializing risky things. We need to consistently educate our family and friends to protect themselves, not only via security software (which everyone should have as default) but by providing tips and tricks and warnings for things we all need to be on the lookout. This is not a one-time thing. The cliché holds true: “If you see something say something.” Repetition helps.
In today’s world, the need for protecting people’s security, identity, and privacy is critical to keeping them safe. Scammers long stopped focusing on attacking only your computer. Now focus more than ever on YOU: your identity, your privacy, your trust. If they get you there, they soon get your money.
As for contributing factors to scammers success with their victims, such as loneliness, isolation, and boredom, they all have remedies. Make connections with your loved ones, especially those easily tagged as vulnerable, those you feel might be at risk. Reach out. It may be hard sometimes due to distance and other factors but make it a point to connect. There is a reason these scammers are succeeding. They are stepping into roles of companions to people who are desperate for connection.
Most people are greatly saddened at seeing other people being “taken.” Let’s work together to help stop the scammers.
Look out for each other, and get your people protected!
Editor’s Closing Note:
If you or someone you know suspects elder fraud, the following resources can help:
For further reading on scams and scam prevention, check out the guides in our McAfee Safety Series, which provide in-depth advice on protecting your identity and privacy—and your family from scams. They’re ready to download and share.
The post A Scam in the Family—How a Close Relative Lost $100,000 to an Elder Scam appeared first on McAfee Blog.
It’s common practice to pull down the window shades at night. Homeowners invest in high fences. You may even cover the PIN pad when you type in your secret four-digit code at ATMs. Privacy is key to going about your daily life comfortably in your surroundings. Why shouldn’t privacy also extend to your digital surroundings?
This Data Privacy Day, round out your privacy protection toolbox with McAfee’s help so you can live your best online life safely.
An easy way to instantly boost the privacy of your every online move is to always connect to a virtual private network (VPN). A VPN scrambles your connected device’s internet session, meaning that it’s impossible for a cybercriminal to eavesdrop on your online comings and goings. VPNs are especially crucial for when you connect to public Wi-Fi networks or networks for which you cannot vouch for their security. Cybercriminals often lurk on public Wi-Fi networks at hotels, coffee shops, and libraries and pounce on users who connect their devices without the protection of a VPN.
Digital privacy not only implies remaining hidden from nefarious eyes, but also from the prying eyes of pesky advertisers. A VPN can assist with that too! When you have a VPN enabled, it confuses advertisers and targeted ads. The less information they have, the more privately you can surf online.
To improve your online privacy, it’s important to first know how safe you currently are. When you can identify your weakest digital privacy habits, you can make targeted improvements to them. Luckily, McAfee Protection Score can help you do just that! Protection Score is a helpful privacy tool that rates your current digital safety. Then, based on your score, the tool offers suggestions on how to boost your score.
For instance, Protection Score searches for your personally identifiable information (PII) on the dark web. If it finds a copy of your government ID or your financial records on a dubious site, your score will tank. While it may be alarming to have a low Protection Score, you can feel good that you’re making positive waves, hopefully before a cybercriminal takes advantage of your PII and uses it to steal your identity.
There are several easy ways to boost your score that require very little effort but have a huge payoff. Connecting to a VPN and running an antivirus scan on your device are just two things you can do and each only takes a few seconds. Changing your habits and turning your online safety around doesn’t have to be overwhelming! In some cases, there are services that’ll even do the work for you, like the service we’ll talk about next.
To round out your privacy protection toolbox, consider signing up for McAfee Personal Data Cleanup. This service is a great companion to Protection Score. While Protection Score identifies all the areas where you can improve your security, Personal Data Cleanup is a service that will remove your information from the web’s riskiest sites.
Did you know that, on average, a person has their PII for sale on 31 sites? Plus, 95% of people haven’t even given their permission and have their personal information for sale on data brokerage sites. Data brokerage sites are legal and anyone can buy your information. Online advertisers are the usual clients, but a cybercriminal can jump in and buy valuable PII, as well.
You should care about data privacy every day not just when the calendar reminds you on Data Privacy Day. Take the steps and invest in the right solutions to shore up your online defenses. McAfee+ Ultimate is an all-in-one service that includes unlimited VPN, Protection Score, a full-service Personal Data Cleanup, and 13 other high-quality identity, privacy, and device security tools.
Live your online life more confidently with McAfee, knowing that cybercriminals are less likely to slip by and damage your credit, identity, or online reputation.
The post 3 Tools to Round Out Your Privacy Protection Toolbox appeared first on McAfee Blog.
Authored by Dennis Pang
Online protection software. Antivirus. The two words get used interchangeably often enough. But sure enough, they’re different. And yet directly related when you take a closer look.
The term “antivirus” has been with us for decades now, dating back to the first software that was designed to prevent computers from getting malware—malicious code, like viruses, that would lock up computers, scramble data, or otherwise damage computers and the data on them. Prime examples of these early types of malware include 1999’s “Melissa” virus spreads by infected email attachments and the even more devastating “ILOVEYOU” virus that incurred billions in damages worldwide.
There’s a good reason why people default to the word “antivirus” so easily. Viruses have been on our collective minds for some time. And computer purchases have often been accompanied by the question, “Do you have antivirus for your computer?” By and large, the notion of antivirus has become pretty much engrained.
Yet look ahead to today and you can see how dramatically things have changed since those early days. We still need antivirus, that’s for sure. But it takes far more than that to live life safely online right now. And that’s where online protection software comes in.
Online protection software protects you. It includes antivirus, yet it further protects your identity and privacy in addition to your devices.
The way we use our computers, tablets, and phones nowadays shows the reason why we need such broad protection. We conduct so much of our lives online. We bank, we shop, we plan our finance online. We also run portions of our homes with smart devices and smart speakers. Increasingly, we track our health and wellness with connected devices too—like workouts on our phone and biometrics with consumer-grade and even medical-grade devices.
All of this creates data. Data about who we are, what we’re doing, when we’re doing it, how often, and where. That’s precious information. Private information. Personal information. And understandably, that needs to be protected.
Put simply, today’s threats have evolved. While viruses and malware remain a problem, today’s bad actors are out for the bigger games. Like stealing personal and financial info for identity theft. Moreover, organizations large and small collect data from your devices and the things you do on them, personal data that many share and sell for profit. Some of this data collection gets quite exacting, compiled from a broad range of public sources that can include records like bankruptcies, real estate sales, and birth records—plus private sources that can further include your shopping habits, the people you chat with, and what your daily travels look like based on location information captured from your smartphone.
If you find yourself surprised by this, you’re not alone. Tremendous volumes of data collection activity occur without people’s knowledge or consent.
Now as to why anyone would want any of that kind of data about you, consider the multi-billion-dollar industry of online data brokers. They compile thousands of data points from millions of people and put these vats of data up for sale to anyone who’ll buy them. That could be advertisers, potential employers, private investigators, and background checkers. And it could be bad actors as well who could use your own data to spam, harass, impersonate, or otherwise harm you.
Once, so many of these intrusions on our privacy and identity were difficult to spot, let alone prevent. For example, your personal info gets caught up in a data breach and winds up posted for sale on the dark web. How are you to know that before it’s too late and thief racks up umpteen charges on your debit card? Also, with dozens and dozens of data brokers out there, how do you track down which ones have information posted about you and then request to have it taken down? And what if online identity theft happens to you and you’re faced with the time and dollar costs it involves to set things right?
So just as online threats have evolved, so has online protection software. We go about so much of our day online, and online protection like our own McAfee+ helps you do it more privately and more safely. It’s quite comprehensive, and the various plans for McAfee+ include:
For certain, protections like these remain a primary focus of ours, because they protect you. And that’s who thieves and bad actors are really after—you, your information, your accounts, and even your identity. Expect us to continue to roll out more protections that look after you in this way and more.
So, while antivirus and online protection software are different, they work together. Antivirus provides strong device security, which complements the additional privacy and identity features included with online protection. That reflects how times have changed. Once it was enough to protect our devices from viruses and malware. Now we have to protect ourselves as well. Antivirus alone won’t do it, but antivirus as part of online protection will.
The post The Big Difference Between Online Protection Software and Antivirus appeared first on McAfee Blog.
Are you an online oversharer? Do you give your full birthday to all your online shopping accounts? Have a few companies you have accounts with been breached but you didn’t take any action at the time? If you have bad digital habits, now is an excellent time to reset your digital presence.
In isolation, these small digital transgressions don’t seem like a problem; however, cybercriminals can gather the bits and pieces of information you release into the world and Frankenstein them together to create believable impersonations or entirely new identities.
To protect your identity, here are a few ways to limit the amount of personally identifiable information (PII) you share online, plus a few tools that can help you identify and close your current security holes.
Most digital bad habits seem insignificant; however, the more bad habits you have that pile-up, the more at risk your PII and your identity can be. Check out this list of three common habits that you should consider breaking today and why.
When you sign up for new online shopping accounts, some companies ask for your birthday, your age, your middle name, and primary and secondary phone numbers and email addresses. While it might be nice to receive a special coupon on your birthday, you may want to reconsider volunteering unnecessary private details. To compromise you can sign up with a nickname and leave your birth year blank. That way, if a cybergang ever breaches the company, the criminals won’t get far with your personal details. To steal an identity and ruin someone’s credit, sometimes all it takes it a full name, birthday, and phone number.
Do you post your every thought and movement on social media? While curating the perfect online profile can be fun, it can also be dangerous to your online safety. For instance, posting “get to know you” quizzes are a gold mine for social engineers and cyber criminals, as the results often reveal potential password inspiration, security question answers, and your likes and dislikes. From here, criminals can take educated guesses at your passwords or tailor a social engineering scheme that’s most likely to fool you. Consider setting your social media profiles to private and blocking followers you don’t know personally. Or, just keep parts of your life a mystery to the wider world.
We can all agree that increasingly strict password requirements are leading to longer and more complex passwords that are confusing to cyber criminals and to the rightful account holders, too! It’s tempting to reuse passwords to reduce the burden on your memory, but this puts your valuable PII in danger. Password and username combinations are often information that’s leaked in company breaches. In what’s called a brute force attack, a cybercriminal can plug that same pairing into hundreds of websites and wait for a hit. Since unique passwords for all your dozens of accounts is imperative, entrust their safekeeping to a password manager.
If you’re feeling uneasy about your online habits and the effect they may have had on your online safety, McAfee Protection Score gives you the information you need to take charge and make changes. Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The service monitors data breaches and indicates when your email was part of a leak. Protection Score also dives into the dark web so you don’t have to. If your government ID or financial information appears, your score will take a large hit.
Protection Score not only tells you how safe (or unsafe) you are, but the tool also offers suggestions on how you can raise your score, and thus be safer online. The sooner you know your weak points, the quicker and more completely you can fortify your defenses and clean up after months (or years) of bad habits. Knowledge is power in the right against cyber criminals, so Protection Score is an excellent partner to help adopt smarter habits on the path to better online security.
With McAfee+ Ultimate, you not only get a Protection Score but a host of other top-rate tools to protect your identity, retain your online privacy, and help you recover from an identity theft. Running an antivirus, connecting to a VPN and installing web protection on your browser are all ways to increase your Protection Score, and these features are available with McAfee’s most thorough privacy, identity, and device protection service.
Make 2023 the year of living online confidently and safely!
The post New Year, New You: Start Fresh With McAfee Protection Score appeared first on McAfee Blog.
As technology weaves itself into our lives in new and unexpected ways, some of it will get quite personal and close to home. That made itself clear at CES this year, which makes a strong case for your security.
The more things we connect, the more data we create. Data about ourselves that companies and others collect, share, and sell—where we are and what we’re doing, along with what we buy, watch, and search for. And today, we’re creating more of it and in more exacting detail.
We connect our homes with smart devices that create data about our comings and goings, and we connect ourselves with smart glasses and watches, rings, and things that track our health, our sleep, and wellness overall. Meanwhile, we have virtual reality and augmented reality hardware companies that want a place on your face with headsets and experiences that will take you into the metaverse.
Walking the floor of this year’s CES, you’ll see all these things, and plenty more. Yet central to it all is one thing—you. Specifically, your privacy and identity.
As technology evolves so rapidly and brings new ways of experiencing our world, it’s an exciting time. It’s also a somewhat uncertain time. What data will these devices create? Who’ll collect it? What will they do with it? And importantly, what can you do to protect yourself? Questions about your security are very much on our minds, and they’re on yours too. You’ve told us as much.
And unsurprisingly, protection is very much on your mind as well.
And that’s where we come in. Just as the floor of CES showcases the evolution of life online, we’re evolving online protection as well. McAfee+ represents that next step—a product line that gives you a full slate of online protection that covers your privacy, identity, and devices so you can enjoy life online with confidence.
At the center of that online life is you, and our definition of online protection has become quite expansive as a result. We see how it can help you monitor your credit, your identity, and where your personal information crops up online. We see how it can prevent the wrong people from getting their hands on data and info too. And we see how our industry-first Protection Score can show you how safe you are—and offer guidance that can make you safer still. In all, we see it as an online companion, one that removes uncertainty and gives you a feeling of security. Because you truly are secure.
In all, protection today demands this comprehensive approach because we go about so much of our day online. McAfee+ reflects that reality. And with that, the various plans for McAfee+ include:
And that list will only continue to grow. As the year takes shape, we’ll roll out yet more protections that will give you even more control of your privacy and identity. Particularly as you and your household rely on life online more and more.
As is true any year at CES, we see all manner of potential. New ways to make the day easier, more enjoyable, and more productive thanks to life online. Yet amidst it all, we see you. We see how you’ll use these new technologies, what the privacy, identity, and security implications are, and how we can protect you so you can benefit from these advances in technology, safely.
Like you, we’re excited for what’s next, and we’ll see to it that you can enjoy it—with protection that looks after you, your household, and your family.
The post The Case for Your Security at CES 2023 appeared first on McAfee Blog.
Ransomware. Even the name sounds scary.
When you get down to it, ransomware is one of the nastiest attacks a hacker can wage. They target some of our most important and precious things—our files, our photos, and the information stored on our devices. Think about suddenly losing access to all of them and being forced to pay a ransom to get access back. Worse yet, paying the ransom is no guarantee the hacker will return them.
That’s what a ransomware attack does. Broadly speaking, it’s a type of malware that infects a network or a device and then typically encrypts the files, data, and apps stored on it, digitally scrambling them so the proper owners can’t access them. Only a digital key can unlock them—one that the hacker holds.
Nasty for sure, yet you can take several steps that can greatly reduce the risk of it happening to you. Our recently published Ransomware Security Guide breaks them down for you, and in this blog we’ll look at a few reasons why ransomware protection is so vital.
The short answer is pretty bad—to the tune of billions of dollars stolen from victims each year. Ransomware targets people and their families just as explained above. Yet it also targets large organizations, governments, and even companies that run critical stretches of energy infrastructure and the food supply chain. Accordingly, the ransom amounts for these victims climb into millions of dollars.
A few recent cases of large-scale ransomware attacks include:
Who’s behind such attacks? Given the scope and scale of them, it’s often organized hacking groups. Put simply, these are big heists. It demands expertise to pull them off, not to mention further expertise to transfer large sums of cryptocurrency in ways that cover the hackers’ tracks.
As for ransomware attacks on people and their families, the individual dollar amounts of an attack are far lower, typically in the hundreds of dollars. Again, the culprits behind them may be large hacking groups that cast a wider net for individual victims, where hundreds of successful attacks at hundreds of dollars each quickly add up. One example: a hacker group that posed as a government agency and as a major retailer, which mailed out thousands of USB drives infected with malware.
Other ransomware hackers who target people and families are far less sophisticated. Small-time hackers and hacking groups can find the tools they need to conduct such attacks by shopping on the dark web, where ransomware is available for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, near-amateur hackers can grab a ready-to-deploy attack right off the shelf.
Taken together, hackers will level a ransomware attack at practically anyone or any organization—making it everyone’s concern.
Hackers have several ways of getting ransomware onto one of your devices. Like any other type of malware, it can infect your device via a phishing link or a bogus attachment. It can also end up there by downloading apps from questionable app stores, with a stolen or hacked password, or through an outdated device or network router with poor security measures in place. And as mentioned above, infected storage devices provide another avenue.
Social engineering attacks enter the mix as well, where the hacker poses as someone the victim knows and gets the victim to either download malware or provide the hacker access to an otherwise password-protected device, app, or network.
And yes, ransomware can end up on smartphones as well.
While not a prevalent as other types of malware attacks, smartphone ransomware can encrypt files, photos, and the like on a smartphone, just as it can on computers and networks. Yet other forms of mobile ransomware don’t have to encrypt data to make the phone unusable. The “Lockerpin” ransomware that has struck some Android devices in the past would change the PIN number that locked the phone. Other forms of mobile ransomware paste a window over the phone’s apps, making them unusable without decrypting the ransomware.
Part of avoiding ransomware involves reducing human error—keeping a watchful eye open for those spammy links, malicious downloads, bogus emails, and basically keeping your apps and devices up to date so that they have the latest security measures in place. The remainder relies on a good dose of prevention.
Our Ransomware Security Guide provides a checklist for both.
It gets into the details of what ransomware looks like and how it works, followed by the straightforward things you can do to prevent it, along with the steps to take if the unfortunate ends up happening to you or someone you know.
Ransomware is one of the nastiest attacks going because it targets our files, photos, and information, things we don’t know where we’d be without. Yet it’s good to know you can indeed lower your risk with a few relatively simple steps. Once you have them in place, chances are a good feeling will come over you, the one that comes with knowing you’ve protected what’s precious and important to you.
The post Your Guide to Ransomware—and Preventing It Too appeared first on McAfee Blog.
Authored by Vonny Gamot
The official 40th birthday of the internet serves as a timely reminder that while it is a fantastic place, we must practice good digital hygiene to safeguard our privacy and identity so we can protect ourselves from the latest threats.
Since its widely recognized creation on January 1st 1983, the internet has since transformed economies and the everyday lives of people. From social media, memes, and viral videos to smart homes, online shopping and even cloud computing, the internet entertains, educates, and connects us. Above all, it will continue to play a crucial role in human civilization for many generations to come.
Yet with the good comes the not-so-good. Wherever people gather, cyberthieves gather too. The internet is no exception. As the evolution of the internet continues, cybercriminals are evolving in tandem, looking for new and inventive ways, such as using Artificial Intelligence to exploit its features. With over five billion people accessing and using the Internet in 2022, that’s over 60% of the world’s population potentially at risk.
So, while we celebrate the internet’s 40th birthday, it’s also a good reminder to take stock of the latest online threats and ensure our digital hygiene is up to scratch for the year ahead. When we do this, we can take full advantage of the incredible opportunities the internet affords us.
The new year is a great moment to reflect, reset, and consider your personal online safety and protection. Stay vigilant against the latest threats and scams and use dedicated and robust online protection software such as our newly released McAfee+ plans—which comes with important features like identity monitoring that can spot your personal info on the dark web and personal data cleanup that can help remove your personal info from data broker sites that will sell it to companies and crooks alike.
It’s also a time to keep a fresh eye out for scams and phishing attacks. If that email, text, or message you received looks too good to be true, or you feel that the sender is trying to pressure you into doing sharing info or sending money, it’s always best to double check that the source is legitimate. These are often indicators that a scam is afoot.
Beyond using online protection software and keeping your guard up, you can take several other steps that can make you immediately safer than you were before. Here are four strong suggestions that will get you started:
MFA is an excellent way to frustrate cybercriminals attempting to break into online accounts. MFA means that users need more than a username and password to log in, for example, a one-time code sent to private email, text, or through an authentication app utilizing face or fingerprint scans. This adds an extra layer of security as the cybercriminal has to access the device, email, or biometric reader to get into someone’s online account.
Strong, unique passwords for each of your online accounts are a must. It’s always important for people to understand that reusing passwords is just as risky as using “password123” and puts online accounts at risk. A tactic known as “credential stuffing” is where a cybercriminal attempts to input stolen usernames and password combinations in dozens of random websites to see which door it opens. It is also important to consider using password managers which can create and safeguard all passwords in one secure desktop extension or mobile phone app.
Updating software is vital to the security of a device. These updates include security patches that cyber experts have created to foil cybercriminals. The more outdated the software is, the more time criminals have had to work out ways to infiltrate and steal information within them. Moreover, updates often include new and improved features, which makes a strong case for keeping things current.
Phishing is when a scammer sends texts or emails that appear to be from trusted sources like your favourite online clothing store, employer or, as we’re seeing during the cost-of-living crisis, energy firms, or banks. They do this to encourage people to share personal information.
Once a phishing attempt has been recognised it is vital that they are not engaged with, links are left unopened, and the potential scam email is not forwarded along to another person. Before the message is deleted, it is vital that the sender is blocked and that the message is marked as junk and reported.
If you think that you have entered your credit card details onto a phishing website, contact your bank or credit card issuing company immediately. Report your personal information as stolen, and you may want to request that your existing card be canceled depending on the circumstances.
Online protection is part mindset, part prevention, and part action. While the steps above mark a start, they’re just that. There’s plenty more you can do, and when taken in batches, the steps you take can really add up to an exceptional level of protection. The question is, where to start?
Our McAfee Safety Series can get you moving in the right direction. It’s a set of guides that cover a range of important security topics and that show you several straightforward things you can do that will make you safer. They range from phishing and privacy to online shopping and safer online media. In all, they can help you spot scams, hacks, and attacks—and potentially prevent them in the first place.
I encourage you to grab the first one that looks interesting to you. What you learn can put you several steps ahead of the hackers, scammers, and thieves out there.
The post 40 Years of the Internet – Tips for Staying Safe Online in 2023 appeared first on McAfee Blog.
It has a way of sneaking up on you. Credit theft and fraud.
Maybe it’s happened to you. Maybe it’s happened to a friend or family member. There’s a call from the bank, a notification in your financial app, or a charge on the statement that’s beyond explanation. Someone else has tapped into your funds. Or worse yet, someone stole your identity and took out a loan in your name. You find out only after it’s happened.
That’s the trick with credit theft and fraud. People typically discover it after the damage is done. Then they’re left picking up the pieces, which can cost both time and money. Not to mention a potential knock to their credit score.
However, you can help keep it from happening to you. Our recently published Credit Protection Security Guide breaks down several ways. Here we’ll get into a quick introduction on the topic and show how you can prevent against credit theft and fraud better than ever before.
It’s an unfortunate reality in the world we live in today. Credit theft and fraud are something we all need to look out for, particularly as we increasingly shop and conduct our finances online, potentially exposing that information to thieves. Some figures estimate that for nearly every $100 in purchases made with debit and credit cards worldwide, somewhere around 7 cents can be stolen or fraudulent. As you can imagine, that figure adds up quickly, to the tune of more than $28 billion globally each year.
The flipside is this: today we have plenty of tools that make protecting our credit far easier than they ever were before. Up until now, that called for a time-consuming and sometimes rather manual process. You had to check credit separately with the different bureaus, place locks and freezes the same way, scan each credit report closely for suspicious activity, and so forth.
Now, online protection software can take much of that work off your hands. Comprehensive protection like McAfee+ has plans that offer credit monitoring, identity monitoring, and even identity theft protection & restoration—all quickly spotting any changes, notifying you if your personal information pops up on the dark web, and providing $1 of coverage toward restoring your credit along with the help of a licensed recovery pro if the unexpected happens to you.
Another thing online protection can do for you removes your personal information from those “people finder” and data broker sites. Identity thieves lean on those sites because they contain valuable information that they can piece together to commit theft and fraud in someone else’s name. If you think about your identity as a big jigsaw puzzle, these sites contain valuable pieces that can help complete the picture—or just enough to take a crack at your credit.
In fact, personal information fuels a global data trading economy estimated at $200 billion U.S. dollars a year. Run by data brokers that keep hundreds and even thousands of data points on billions of people, these sites gather, analyze, buy, and sell this information to other companies as well as to advertisers. Likewise, these data brokers may sell this information to bad actors, such as hackers, spammers, and identity thieves who would twist this information for their own purposes. In short, data brokers don’t discriminate. They’ll sell personal information to anyone.
Getting your info removed from these sites can seem like a daunting task. (Where do I start, and just how many of these sites are out there?) Our Personal Data Cleanup can help by regularly scanning these high-risk data broker sites for you and info associated with you like your home address, date of birth, and names of relatives—along with other detailed information about you that could include marriage licenses, voter registration and motor vehicle records, even real estate records too. It identifies which sites are selling your data, and depending on your plan, automatically requests removal.
How things have changed. Even as thieves have gotten savvier in the digital age, so have we. Collectively, we have a growing arsenal of ways that we can keep on top of our credit and protect ourselves from credit theft and fraud.
Our Credit Protection Security Guide breaks it all down in detail. In it, you’ll learn more about how thieves work, ways you can secure your credit online and off, how to monitor and lock it down, plus protect your mobile wallets too. It’s thorough. Yet you’ll find how straightforward the solution is. A few changes in habits and a few extra protections at your side will go a long way toward prevention—helping you avoid that call, text, or notification that your credit has been compromised.
In all, you can take control of your credit and make sure you’re the only one putting it to good use.
The post Your Guide to Protecting Your Credit appeared first on McAfee Blog.
It’s been a particularly busy and colourful week, scam-wise in our household. Between 4 family members, we’ve received almost 20 texts or emails that we’ve identified as scams. And the range was vast: from poorly written emails offering ‘must have’ shopping deals to terse text messages reprimanding us for overdue tolls plus the classic ‘Dear mum, I’ve smashed my phone’ and everything in between.
There’s no doubt that scammers are dedicated opportunists who can pivot fast. They can pose as health authorities during a pandemic, charities after a flood or even your next big love on an online dating platform. And it’s this chameleon ability that means we need to always be on red alert!
According to the Australian Competition and Consumer Commission (ACCC), Aussies lost a record amount of more than $2 billion in scams in 2021. And that was with record levels of intervention from the government, law enforcement agencies and the private sector. The most lucrative scams were investment scams ($701 million) followed by payment redirection scams ($227 million) and then romance scams which netted a whopping $142 million.
But the psychological trauma that is often experienced by victims can be equally as devastating. Many individuals will require extensive counselling and support in order to move on from the emotional scarring from being a victim of hacking.
So, with scammers putting so much energy into trying to lure us into their web, how can we stay one step ahead of these online schemers and ensure we don’t become a victim?
While there are no guarantees in life, there are a few steps you can take so that you can quickly recognise an online scam.
If you’ve received a text message, email or call that you think is a scam, don’t respond. Take your time. Slow down and pause. If it’s a call, and you’re not sure – hang up! Or if it’s a text or email – delete it! But if you are concerned that it might be legitimate, call the company directly using the contact information from their official website or through their secure apps.
If you are being asked to share your personal information or pay money either via a text or phone call, take some time to think. Does it feel legitimate? Do you have a relationship with this organisation? Remember, scammers are very talented at pretending they are from organisations you know and trust. If in doubt, contact the company directly via their official communication channels. Or ask a trusted friend or family member for their input. But remember, NEVER click on any links in messages from people or organisations you don’t know – no exceptions!!
Do not hesitate to take action if something feels wrong. If there are any transactions on your credit card or bank statements that don’t look right, call your bank immediately. If you think you may have given personal information to scammers, then act fast. I recommend calling ID Care – Australia and New Zealand’s national identity and cyber support service. They are a not-for-profit charity that provides support to individuals affected by identity and cyber security issues.
ReportCyber is another way of notifying authorities of a scam. An initiative of the Australian Government and the Australian Cyber Security Centre, it helps authorities investigate and shut down scams. It’s also a good idea to report the scam to Scamwatch – the dedicated scam arm of the Australian Competition and Consumer Commission (ACCC).
We’ve all heard that ‘prevention is better than a cure’ so taking some time to protect yourself before a scammer comes your way is a no-brainer. Here are my top 5 things to do:
Please don’t think smart people don’t get caught up in scams because they do!! Scammers are very adept at looking legitimate and creating a sense of urgency. With many of us living busy lives and not taking the time to think critically, it’s inevitable that some of us will become victims. And remember if you’re offered a deal that just seems too good to be true, then it’s likely a scam! Hang up or press delete!!
The post How To Recognize An Online Scam appeared first on McAfee Blog.
Pledging to follow healthier habits is consistently the most popular new year’s resolution. That January 1st promise looks different to everyone: snacking less often, going to the gym more often, drinking more water, drinking less soda, etc. This year, instead of a juice cleanse subscription, opt for a healthier habit that’s not an unappetizing shade of green: follow this digital detox, instead! In three easy steps, you can make great strides in improving your digital wellness.
There are various aspects of your digital habits that you should consider updating for a more private and safer online life. For starters, update your passwords. Do you reuse the same password for multiple online accounts? Doing so puts your personally identifiable information (PII) at great risk. For example, if a business with which you have an online shopping account is breached by a cybercriminal, your login and password combination could make it on the dark web, through no fault of your own. Then, through a brute force attack, a criminal could use that same password and username combo to walk into your banking or tax filing accounts.
Remembering unique, complicated passwords and passphrases for your dozens of online accounts would be impossible. Luckily, there’s software that remembers them for you! It’s called a password manager, which acts as a vault for all your login information. Just remember one master password, and you can be confident in the security of your accounts and never have to deal with the hassle of forgetting passwords.
Another aspect of updating you should adopt in 2023 is making an effort to always upgrade to the latest software updates on all your devices. The easiest way to do this is to turn on automatic updates. From there, you don’t need to take any further action! Apps and operating systems (like Apple, Android, and Windows) often release updates to patch security vulnerabilities. When you run outdated software, there’s a chance a cybercriminal could take advantage of that security gap.
Finally, make sure that you keep updated on the latest security headlines. Consider setting up news alerts to notify you when a breach occurs at a company that you frequent or have an account with. Speed is often key in making sure that your information remains safe, so it’s best practice to have your finger on the pulse on the security news of the day.
A new year digital detox can be a whole family affair. Connect with your family, anyone connected to your home network, and your elderly relatives to get everyone on the same page with security best practices. Here are some common online security snags people of all ages encounter:
Everyone has an oversharer on their newsfeed. Alert your family members of the dangers of posting too much about their personal life. When someone takes those “get to know you” quizzes and posts their answers, cybercriminals can use that post to take educated guesses at your passwords. Additionally, social engineers can tailor social media scams to specific people in order to increase the chances of tricking someone into sending money or sharing valuable personal or banking details.
While spam filters catch a lot of phishing emails, phishers are getting smarter by the day and are making their attempts more and more believable. Connect with your loved ones and make sure they know how to recognize phishing emails, texts, and social media direct messages. Telltale signs of a phishing message include:
If you’re ever unsure if a message is a phishing attempt, the best course of action is to just delete it. If the “sender” is a well-known institution, follow up with a phone call using the official customer service number listed on their website. The phisher may also claim to be someone you know personally. In that case, give the loved one in question a phone call. It’s a good excuse to reconnect and have a nice conversation!
In the quest for free streams of the latest new show or movie, people often encounter unsafe sites that hide malware, spyware or other types malicious links and programs. Some types of malware can jump from one device to others connected to the same home Wi-Fi network. That’s why it’s important to make sure everyone under your roof practices excellent digital security habits. One wrong click could sink an entire household. Consider signing up your family for a safe browsing extension that can notify you when you stray onto a risky site. So, instead of putting your device at risk during movie night, connect with your friends or loved ones over one copy of a safely and officially purchased version.
As with any new health regimen, immediately zooming from zero to a hundred will likely be overwhelming and result in failure. The same goes for adopting new digital safety habits. If you try to do too much at once, all the security measures you put in place will likely get in the way of your daily online activities. The more inconvenient it is, the more likely you may be to cut corners; thus, negating all the progress you’ve made.
Being cybersafe doesn’t mean you can’t still enjoy your connected devices to the fullest. It just means that you may need to act with more intention and slow down before volunteering personal details online or clicking on links.
To supplement your digital detox, consider signing up for McAfee+ Ultimate to make 2023 the year for a safer online you. McAfee+ Ultimate includes all the tools you need to live your best online life safely and privately, including a password manager, web protection, unlimited VPN and antivirus, and $1 million in identity theft coverage and restoration for peace of mind.
Cheers to a digitally smart 2023!
The post Start the New Year Right With This 3-Step Digital Detox appeared first on McAfee Blog.
Happy Download Day! (Yes, there’s a day for that.) Today is an excellent day to share downloading best practices to keep all your devices safe from malicious content. It’s tempting to download “free” shows, movies, and video games, but the consequences of doing so can be quite expensive. All it takes is for one malicious download to compromise your identity or leak your banking information to cybercriminals.
Luckily, there are a few ways to keep your devices and personally identifiable information (PII) safe. Here’s how!
How many streaming services do you subscribe to? Two? Ten? No matter how many premium entertainment subscriptions you have, the hottest new show always seems to be on the channel you can’t access. This is a common scenario that often drives people to download episodes from websites that claim crystal-clear, safe downloads. In actuality, these sites could harbor malware, spyware, or other types of malware that lurk in the shadows until an unsuspecting person downloads them to their desktop, tablet, or cellphone.
Malware, which stands for malicious software, often hides behind legitimate-looking links or downloadable content. It’s only until it’s on your device that you realize there’s a criminal hiding behind it. For example, earlier in 2022, a ransomware program (a type of malware) disguised itself as a Microsoft system update. The criminal behind the scheme then threatened leaking or permanently deleting sensitive files if the person didn’t pay the ransom.
Once malware infects one device, some malware programs can infect an entire home network and spread to other connected devices.1 From there, the cybercriminal can steal the online shopping, banking, or personal details of a whole household and either sell their findings on the dark web or keep it for themselves.
Before you download anything to any of your devices, go through this checklist to help you determine the safety of most content:
Overall, while downloading entertainment for free is appealing to people on a budget, it’s better to avoid doing so altogether. The risk isn’t worth it. Consider scheduling a watch party with a friend or family member who has the subscription service you’re seeking.
In case you slip up and accidentally download malware, spyware, or ransomware, McAfee+ Ultimate can defend your devices, remove the software, and monitor the dark web to make sure your PII wasn’t compromised. McAfee antivirus is compatible with macOS, iOS, and Android devices and Chromebooks, so you can regularly scan all your devices for programs that shouldn’t be there. If the worst does happen and a cybercriminal gets a grip on your personal information, McAfee can back you up with $1 million in identity theft coverage and restoration and continuous identity monitoring.
Browse confidently and enjoy your devices to the fullest! Just remember these safe downloading tips and partner with McAfee for peace of mind.
1Federal Trade Commission, “Malware from illegal video streaming apps: What to know”
The post Celebrate National Download Day With This Safe Downloading Checklist appeared first on McAfee Blog.
There are no ifs, ands, or buts about it: A stolen identity creates a mess. Once they have a few key pieces of personally identifiable information (PII), an identity thief can open new credit lines, create convincing new identities, and ruin an innocent person’s good credit.
If you suspect you’ve been affected by identity theft, acting quickly is key to stopping the thief and repairing the damage. Here are the definitive five steps of identity remediation, or the process of restoring and protecting the privacy of your identity.
With a stolen identity in hand, thieves can open new lines of credit or apply for large loans using someone else’s excellent credit score for leverage. If undetected, fraudsters can run up huge bills, never pay them, and in turn, ruin the credit score that you spent years perfecting. When you suspect or confirm that your identity has been compromised and you’re in the United States, alert the three major credit bureaus: Equifax, TransUnion, and Experian.
Freezing your credit means that no one (not even you) can open a new credit card or bank account. This prevents criminals from misusing your identity. Initiating a credit freeze is free and it doesn’t affect your credit score.
Once you suspect a criminal has stolen your identity, file a report with the Federal Trade Commission. Its official identity theft website includes a form for you to detail the circumstances. From there, the FTC will investigate.
It’s important to file a report because law enforcement can get involved and hopefully stop the criminal from striking again. Also, an official document from law enforcement or the FTC may help your bank and the credit bureaus resolve the damage.
Whenever a company with which you have an account is breached, the first step you should take is to quickly change your password. The same goes for when your identity is compromised with the added step of getting in touch with your banks and asking their fraud department to issue you new credit and debit cards and put them on alert for possible suspicious charges.
Having unique passwords for all your accounts is crucial to keeping them secure. For instance, if one of your accounts is breached and a cybercriminal lifts that username and password combination, they may then attempt to use it on other sites. To ensure you have strong passwords and passphrases for every site, consider using password manager software. Password managers are incredibly secure and make it so you only have to remember one password ever again.
In addition to freezing your credit, you may have to sync up with each bureau to remedy any damage the identity thief may have done to your credit. Each bureau’s fraud department is very familiar with these scenarios, so their customer service department is experienced and more than willing to help you work through it.
Once you’ve cleaned up the immediate mess made by an identity thief, it’s important to continuously monitor your identity in case the thief is biding their time or pieces of your PII are still circulating on the dark web. Plus, the headache of one compromised identity incident is enough for someone to never want it to happen again. Identity monitoring is a very thorough process that will give you peace of mind that you’ll be protected and can enjoy your online life safely.
These five steps, while important, can be tedious. It may require a lot of patience to sit on hold and sift through all the relevant forms. Luckily, McAfee is an excellent partner who can help you with all your identity remediation needs with just one service: McAfee+ Ultimate. For example, security freeze is an easy way to put a halt on your credit. McAfee’s identity monitoring service monitors up to 60 unique types of personal details. If your PII appears on the dark web, Personal Data Cleanup can remove it.
Recover and move forward confidently after an identity theft with McAfee by your side.
The post Everything You Need to Know About Identity Remediation appeared first on McAfee Blog.
‘It’s the most wonderful time of year’ – we’ve all heard the jingles and read the slogans. But the holiday season can also be a little overwhelming when you’re the one ‘in charge’. Whether it’s prepping for the inevitable influx of new devices, buying the gifts or booking the holiday – there are a lot of online safety considerations to workshop in addition to how you’re going to stuff the turkey and decorate the tree!
So, with the Christmas spirit running through my keyboard, I hereby share with you my top tips to help you keep you and your family safe online this holiday period.
We all know that Santa loves technology so it’s inevitable that your family members may find a new device or two under the tree this year. So, as soon as they have unboxed their shiny new item, I recommend on insisting on a few steps to both protect the device and its new owner:
Getting to the bottom of the Christmas gift list takes time particularly if you are ‘lucky’ enough to get COVID before Christmas, like myself! While there are still some retailers guaranteeing delivery before Christmas – including Amazon until Christmas Eve (phew!) – you might need to focus on gift cards if you don’t want to face the hordes at the shops. Regardless of what you buy, please follow the following online shopping tips to avoid being cyberscrooged this year:
I don’t think there would be anything more disappointing than anticipating a holiday only to have it not happen. Or, to be scammed while preparing for it. With holiday makers having to jump through more hoops thank to COVID requirements, many experts are predicting scammers will be turning their attention to creating fake COVID verification sites, designed purely to extract personal details from unsuspecting holiday makers. So, if you’re booking a holiday, or doing your admin for it, please do the following:
With so many of us busting with excitement to be travelling this holiday season for the first time in a few years, it’s inevitable that we want to share online. But, please think before you post. Checking in to airports or hotels online is really a way of alerting the online world to the fact that your house is likely unattended! And please make sure your kids understand this too. I appreciate there’s a lot of kudos for sharing holidays snaps in the moment but encourage your offspring to wait until you get home before sharing. Here are my top tips:
And if you’re feeling a little overwhelmed, why not make yourself a cuppa and harness the power of technology. Make yourself a to-do list on Todoist or Google Docs, send out ecards if you absolutely can’t disappoint key family and friends – loving the options from Greetings Island, buy some gift cards from Prezee or The Gift Cards Store then design your Christmas Day menu with the help of Taste or RecipeTinEats. And voila you’re done!
PS Just remember to create unique passwords if you choose to set up accounts with any new sites!
Happy Holidays Everyone!!!
Alex xx
The post My Top Tips To Help Your Family Stay Safe Online This Holiday Period appeared first on McAfee Blog.
For many Aussies, identity theft was always something that happened to other people. People on TV, usually. But the recent spate of data breaches at Optus, Medibank and Energy Australia has made many of us pay far more attention than ever to one of the fastest growing crimes in our country.
According to the Department of Home Affairs, 1 in 4 Aussies will be the victim of identity theft over the course of their lives with an annual economic impact of more than $2 billion. And with the financial fallout from the recent data breaches only just starting to be counted, these statistics will no doubt increase dramatically next year.
Identity theft is when a cybercriminal gains access to your personal information to steal money or gain other benefits. Armed with your personal info, they can apply for real identity documents in your name but with another person’s photograph. This enables them to then apply for loans or benefits in your name, sign up for memberships or even apply for credit cards.
And it goes without saying that the financial and emotional fallout from identity theft can be huge. Since the Optus and Medibank hacking stories broke just a few months ago, there has been multiple stories of Aussie families who have had their identities stolen and who are in a world of pain. This Melbourne family who have had over $40,000 stolen from ATM withdrawals alone is just one example.
Your personal information is any piece of information or data that can confirm who you are or how to find you. It may be a single piece of information, or several pieces used together. It’s often referred to as personally identifiable information (PII). So, it includes your name, parents’ name, address, date of birth, phone numbers, email address, usernames/passwords or passphrases, bank account details, school or university attended, location check-ins even RSVPS for events.
Every time you register with a new shopping site or social media platform, you will be asked to share some personally identifiable information. However, what you share may be stolen or even misused – just think about the recent list of Australian companies who had their customers’ private information stolen by hackers. So that’s why you need to ensure you are only sharing your information with trusted online sites and take every possible step to protect your personal information online.
While there are no guarantees in life, there are steps you can take to ensure your online identity is as safe as possible. Here are my top 5 tips:
Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) is a no-brainer because it makes a hacker’s life a lot harder. In short, it requires the user to provide two or more verification factors to gain access to an account or app. This might be a text, email or even a code generated by an authentication app. So, even if a hacker has your password and username, they still need that final piece of information before they can get their hands on your account!
Now this may take a bit of work to set up but using a unique and complex password on every account is one of the best things you can do to protect your online identity. And here’s the rationale – if you use the same password on all your accounts and your login details are stolen then hackers have access to all the accounts that are accessed with that password. Yikes!!! So, a unique password for each account is a great measure. I love using a password manager to make this process a little easier. Not only do they generate complex passwords, but they remember them too! All you need to do is remember your Master Password which needs to be extremely complex!!!
Updates are most commonly about addressing security weaknesses. And yes, I know they can be a pain but if you ignore them, you are essentially making it easier for hackers to find their way into your life via weak spots. And don’t forget to ensure your security software remains updated too!
I always recommend keeping a backup of all your important info in case something goes wrong. This should include all your photos, key documents and all your personally identifiable information. A hard drive works well but saving to the cloud is also a good option. I once dropped a hard drive and lost treasured family photos, so the cloud is my personal preference.
We all know knowledge is power so investing in top notch security and identity monitoring software will help keep you ahead of threats. McAfee+, McAfee’s new all in one privacy, identity and device protection solution is a fantastic way for Aussies to protect themselves online. It features identity monitoring and a password manager but also an unlimited VPN, a file shredder, protection score and parental controls. And the Rolls Royce version called McAfee+ Advanced, also offers subscribers additional identity protections including access to licensed restoration experts who can help you repair your identity and credit, in case you’re affected by a data breach. It also gives subscribers access to lost wallet protection which help you cancel and replace your ID, credit cards if they are lost or stolen.
Public, unsecured Wi-Fi can make life so much easier when you’re out and about but it’s also a tried and tested way for scammers to access your personal information. Unsecured Wi-Fi is free Wi-Fi that is available in public places such as libraries, cafes, or shopping centres. So, instead of using Wi-Fi, just use the data in your phone plan. Or alternatively invest in a Virtual Private Network (VPN) that cleverly encrypts everything you share on your device.
About 2 months ago, I embarked on a project to clean up my online life. I’m working through the list of sites I have accounts with and am closing those I no longer use, I’m also doing a huge password audit to ensure they are all unique to each site and are super complex, thanks to my password manager. Now, I’m not quite done yet, but things are in better shape than they were. Why not consider doing the same? With the holiday season fast approaching, why not dedicate a little of your poolside time to practicing a little cyber hygiene.
Till next time, keep those identities safe!
Alex
The post The Best Way To Protect Your Online Identity appeared first on McAfee Blog.
The expansion of smart home devices in our households is remarkable, with nearly everything from our lights to our laundry machines now connected to the internet. These devices, while convenient, introduce new security challenges. Understanding these challenges and how to mitigate them is crucial to maintaining a safe and secure home environment.
This Smart Home Security Guide is an essential resource to help you navigate these challenges and keep your smart home secure. As we’ll discuss, the task of maintaining a secure smart home largely falls on you, the homeowner. But don’t worry, we’ve got you covered with some straightforward steps and recommendations.
If a device is connected to the internet, it must be protected. This familiar adage speaks volumes about the critical importance of securing smart home devices. Any device connected to the internet provides potential access to your home network for hackers. Even seemingly harmless devices like smart outlets have proven to be vulnerable.
For example, an unsecured smart plug, using weak factory-set passwords and failing to encrypt communications with the router, can be exploited by hackers to gain access to your home network, posing a significant security risk. As the saying goes, “Your home network is only as secure as your weakest device.”
→ Dig Deeper: Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices
In a household filled with a dozen smart devices, the security standards can vary significantly. Some devices may have robust security features built-in, with manufacturers regularly updating their software for optimal protection. However, other devices may not provide robust security, presenting vulnerabilities that can compromise the overall safety of your entire network. Here are some risks you need to watch out for if you have a highly connected smart home:
→ Dig Deeper: So, Your Phone Got Stolen. Here’s What to Do.
To mitigate these risks, it’s essential to stay informed about security best practices, regularly update firmware and software, use strong and unique passwords, and implement network security measures like firewalls and network segmentation. Remember, a single poorly secured device could potentially risk the security of all your connected devices and the data contained within them. This makes it paramount that every smart device in your home has sufficient security measures in place.
While security is a crucial aspect of smart home management, so is privacy. Data privacy policies differ substantially from one device to another, and these policies determine how your personal data is collected, stored, and shared. Some companies may sell your data or share it with third parties, while others may use it for their own advertising purposes.
→ Dig Deeper: What Personal Data Do Companies Track?
Given the significant variation in privacy policies, it’s crucial for homeowners to understand how their data is being handled. Privacy policies can often be complex and lengthy, but understanding them is integral to maintaining your privacy in a smart home environment.
It’s essential to remember that you possess more control over your smart home’s security and privacy than you might think. Numerous measures can help make your smart devices more private and more secure than they were right out of the box. Our Smart Home Security Guide presents these straightforward steps to enhance the security of your smart home.
The guide is a part of our McAfee Security Guide Series and offers an in-depth analysis of measures that you can take to protect your smart wall outlets, coffee makers, door locks, refrigerators, and more. It covers the basics of safeguarding your devices and guides on shopping for more private and secure smart devices. The guide also contains a dedicated section about smart speakers and how to protect your privacy while using them.
The truth is that security isn’t always included with smart home devices. Just like with your computers, smartphones, and other devices, the best security is reliant on you. Smart devices often come with default settings that assume a certain level of knowledge and responsibility from their owners for their correct and secure use. Unfortunately, many consumers are not aware of these responsibilities or how they can protect their smart home devices.
This gap in knowledge is what our Smart Home Security Guide aims to fill. It provides comprehensive, easy-to-understand steps to secure your smart home devices without requiring any specialized technical knowledge. By following these steps, you can enjoy the convenience of a smart home with the peace of mind that your devices, data, and privacy are secure.
McAfee Pro Tip: Smart devices can be hacked, and security is not always included in every smart home device. Know what to expect when your smart home devices get hacked.
To sum up, the security and privacy of your smart home are in your hands. While smart home devices bring convenience and new functionalities, they also introduce potential vulnerabilities that need to be addressed. Being aware of these vulnerabilities and taking proactive steps to mitigate them can go a long way in ensuring a secure smart home environment.
Our Smart Home Security Guide has been designed with this very purpose in mind: to empower homeowners like you with the knowledge and tools to protect your smart home. Remember, the best security measure for your smart home is you. Read more of our reports and guides on our resource page.
The post The Smart Home Security Guide appeared first on McAfee Blog.
Your phone is likely a daily companion, giving you access to work emails, chats with friends, weather reports, and more — all in the palm of your hand. You can also use your phone for browsing online, looking up everything from your favorite recipes to your most-read media webpages.
While being able to browse whenever and wherever you want is convenient, you might prefer that your phone doesn’t save all your online searches. For example, if you frequently let other people use your phone, you may not want them to have access to a history of your Google searches. In this case, you can use private browsing or “incognito mode.”
This allows you to browse online without leaving any trace of your browsing activity on your mobile phone. Configuring your phone to use incognito mode can give you greater confidence while surfing online, as you’ll enjoy the peace of mind that comes with knowing your browser history isn’t recorded on your device.
This article explains what incognito mode is and how you can set it up on your mobile phone.
Incognito mode allows you to browse online without leaving certain data on the device you’re using. Also referred to as private browsing mode, it makes sure there’s no record of your search engine history, websites you visited, and even login details (and related passcodes) on that device.
As soon as you close the incognito web browser window, any cookies are erased and all these details disappear instead of being saved.
That said, if you leave an incognito browser window open on your phone — and then hand your phone to someone else — they’ll be able to see the activity. So, if you want to make the most of incognito mode, make sure to close the browser window after every surfing session.
Further, if you actively bookmark a page, it will be saved — even if you’re in incognito mode. Read on for some more caveats surrounding incognito mode and the extent of privacy it gives you.
It’s important to note that incognito mode or private browsing mode is a device-specific privacy measure. It makes sure that your search and web browsing history isn’t visible on the device itself.
However, your traffic and activity are both still visible to third parties beyond your device, such as your network admin, internet service provider (ISP), and the websites and search engines that you visit.
Viewing in private or incognito mode also won’t disguise your unique IP address from these parties. Incognito mode further doesn’t secure your device against cyberthreats like hackers.
That said, there are plenty of other tools you can use to safeguard your device against cybercriminals. For example, McAfee+ helps to secure your Wi-Fi connection, shield you from malicious websites or links, and detect malware.
You may already be familiar with incognito mode through your computer. For example, many people set up incognito mode through browsers like Mozilla Firefox, Google Chrome, Safari, Microsoft Edge, or Internet Explorer.
However, incognito mode isn’t just for computers — you can also use it on your phone’s web browsing apps.
The steps to setting up incognito mode are fairly straightforward. That said, it depends largely on which type of device you have.
Setting up private browsing or incognito mode for an Android isn’t the same as setting it up for iOS. Read on to learn how to go incognito whether you’ve got an Apple iPhone or an Android phone like Samsung.
The process for setting up incognito mode also varies based on the browser you’re using. Here’s how to set it up in the Google Chrome browser for your Android (note that the Google Chrome app is the default browser for most Android phones):
Remember, for Google Chrome’s incognito mode to do the trick, you need to close your browsing session after each use. If you leave the tab open and someone else uses your phone, they can see your activity.
For iPhones, the default browser is Safari. Here’s how to set up private browsing in Safari for your iPhone:
Again, remember to close your browser’s private tabs when you’re done surfing. This makes sure that cookies are deleted and the private session is safely hidden from your device’s history.
The above steps can help you set up incognito mode on your Apple or Android phone’s browser. However, you probably use your phone for much more than browsing.
You might have apps for watching videos, getting driving directions, listening to music, and more. And the tips above will only protect your privacy when using the phone’s browser — not apps.
That said, some apps offer their very own in-app incognito mode. Examples include YouTube, Google Maps, Spotify, and Instagram. Other apps simply offer the option of private sessions, requiring you to log in with a dedicated username and password if you’re going to use the app. These include Whatsapp, Dropbox, Amazon, PayPal, and Evernote.
Some of these apps can even be configured so they’re only unlockable with touch ID or face ID.
Browsing in incognito or private mode on your phone allows you to surf online without leaving any trace of your search history on that specific device. However, it doesn’t block third parties like your internet service provider or network administrator from seeing what websites you’ve visited. Only your phone is affected.
Incognito mode also doesn’t protect you against potential cyberthreats, like malware. To stay safe and browse with confidence, consider McAfee Mobile Security. It includes Wi-Fi privacy protection, browsing safeguards, shields against unauthorized third-party activities, and more — and it works for Android and iOS devices. Find out more.
The post How to Browse Privately on Your Phone appeared first on McAfee Blog.
Our How I Got Here series spotlights the stories of McAfee team members who have successfully grown their careers. Read more about Brenda’s McAfee’s journey, what a day in the McAfee sales team is like, and what her superpower is.
When I started my professional career, I was in technology but one of the few women there at the time. A colleague encouraged me to join the Canadian Information Processing Society as a volunteer. I was just exploring, but it turned out to be a career-builder.
After some time, I joined the Society’s board – my first board appointment ever. Suddenly I was in a leadership position and people were looking to me to make decisions, especially the CIOs and other executives who were on the board with me. I embraced the opportunity, and the expectations they had of me shaped the professional I am today.
I knew about McAfee from some people who had already worked there and was intrigued by the premise of protecting families online. This was a chance to do what I loved at a bigger scale. And after my interviews, I knew it was the right move!
I am part of the North American Sales team that acquires customers through partnerships with big box retailers throughout North America. Together with our partners, we help customers see the value of McAfee.
In sales, you are constantly interacting with people. Each day is different: one moment I’m planning with partners on how to jointly protect their customers and families online. The next, I’m working will McAfee colleagues on sales strategies and business planning. My days are a steady mix of conference and video calls to collaborate, plan, and connect.
Every day, I get to work with so many great people. On top of that, we’re using our powers for good! Everyone, partners and colleagues alike, are all inspired by our ultimate mission: to protect people and their families. I keep going back to the people – but what a fabulous community of colleagues and partners we work with globally! I also love the birds-eye view I get across all McAfee’s business units. In order to make good on the promises we make to our partners, I collaborate every day with so many key stakeholders across our entire business.
And now that my children are adults, I’m finding more time for exercise, like Peloton or F45 cross fit. I’m also taking piano classes, and I just wrapped a one-night-a-week downhill skiing program with one of my daughters!
McAfee lets you be flexible in getting your job done and taking on other projects. I am so grateful that I can help others through activities such as WISE (the McAfee Women In Security community). It’s important to do something outside of your day job because it makes your world bigger.
I work with some really great women on the WISE board. We are so supportive of each other. Board work is outside of our normal day jobs and sometimes we want to do things we haven’t done before. We put our heads together to figure it out quickly, divide up the work, and get it done!
I’ve also been very fortunate to be able to meet with many customers, partners, and colleagues face-to-face. This has allowed me to learn and grow, not only in my career but also in the Diversity and Inclusion space. The more you know about someone, the better partner and ally you can be.
Over my career, I’ve built up my superpower: building relationships. I choose to be positive and empathetic, which helps me develop strong working relationships. I also keep in touch with people I’ve worked with over the years, whether they are peers, customers, or younger professionals I’ve mentored.
The post Know Your Superpower: Brenda’s McAfee Journey appeared first on McAfee Blog.
Payment applications make splitting restaurant bills, taxi fares, and household expenses so much easier. Without having to tally totals at the table or fumble with crumpled bills, you and your companions can spend less stress and more time on the fun at hand.
There are various payment apps available, and the company that may first come to mind is PayPal. PayPal is regarded as a safe platform where security and strong encryption are a priority; however, a recent and advanced phishing scam is putting PayPal users at risk of giving up large sums of money and their personally identifiable information (PII).1
Let’s look at this “triple-pronged” PayPal phishing scam and review some tips to help you identify and proceed should you encounter it.
The typical part of this three-sided scam is the phishing email component. According to one source, the phishing email comes from a legitimate-looking PayPal service email address. Luckily, the typos, odd punctuation, extra spaces, and grammar errors in the body of the email give away that it is a phishing attempt. Remember, phishing emails are often worded poorly or have errors. Large companies, especially ones like PayPal, have teams of content experts vetting all automated messages for such mistakes, so several mistakes in an email should set off your alarm bells. Proceed with caution and do not click on any links in the message.
The email also included wording that encouraged the user to act quickly or be charged a lot of money. That’s another trademark of phishing emails: urgency. Take a deep breath and make sure to reread carefully all emails that “require” a quick response. Don’t be scared by dire consequences. Phishers rely on people to rush and not give themselves time to listen to their better judgement.
The PayPal phishing email included a support phone number that claimed it was toll free. In actuality, it was an international phone number. So, if the recipient of the phishing email didn’t quite believe the message but wanted to follow up, the scam could catch them with what’s called a one-ring phone scam.2 This occurs when someone unknowingly calls an international phone number and then gets charged by their phone company for the long-distance call.
The best way to avoid one-ring phone scams is to never call a number you don’t recognize. Always go to an organization’s official website to find their contact information.
The third dimension of this PayPal scam was the international phone number in the phishing email connected the caller directly with the scammer who posed as the PayPal fraud department. The “customer service representative” then asked prying personal and financial questions to glean enough PII to break into a PayPal account or compromise the caller’s identity. This is the most damaging part of the scam. An excellent customer support team may be able to reimburse you your lost money; however, once your personal details are in nefarious hands, you can’t take them back.
In addition to never calling numbers you haven’t verified, never give out passwords and never give out more personal information than you need to. Even in legitimate customer service calls, it’s not rude to ask why the representative requires the information they’re asking for. In a fake call, questions like that may fluster the scammer, so keep an ear tuned to their tone.
Overall, our best advice for handling suspicious emails is to delete them. If it’s truly important, the sender will contact you again. And if a thief somehow stole money from one of your payment apps, the customer service team should be able to walk you through the steps to recover it.
The transfer and handling of large sums of money would make anyone nervous. To give you peace of mind, consider partnering with a service that can help you recover should you ever fall for a scheme and compromise your PII. McAfee+ Ultimate helps you live your best life in private, and the service includes credit monitoring with all three credit bureaus, security freeze, and expert online support to help you navigate any scams you encounter.
Having McAfee+ can protect you from email phishing scams like this. Here are some of the top agencies to report this scam to, if it happens to you: Paypal Fraud Department, Federal Trade Commision , Cybersecurity & Infrastructure Security Agency USA.gov IC3
“Report it. Forward phishing emails to reportphishing@apwg.org (an address used by the Anti-Phishing Working Group, which includes ISPs, security vendors, financial institutions, and law enforcement agencies). Let the company or person that was impersonated know about the phishing scheme.” – FTC.gov
1ZDNET, “Watch out for this triple-pronged PayPal phishing and fraud scam.”
2Federal Communications Commission, “‘One Ring’ Phone Scam.”
The post A PayPal Email Scam Is Making the Rounds: Here’s How to Identify and Avoid It appeared first on McAfee Blog.
Happy National App Day! No, we don’t mean apps of the mozzarella stick and potato skin variety, but your mobile apps that let you order dinner, hail a taxi, stay connected to your friends, and entertain you for hours with silly videos. While they’re undoubtedly useful, mobile apps are also a weak spot in some people’s digital safety. Cybercriminals take every chance they get to trick people through all kinds of technology, and mobile apps are no exception.
To celebrate National App Day, here are a few tips to keep your mobile and your personally identifiable information (PII) safe.
Did you know that there are hundreds of apps on the Android and Apple app stores whose only aim is to steal your passwords? In 2022, Meta identified more than 400 fake apps disguised as various utilities that targeted users to weasel Facebook login and password combinations.1 Malicious apps also regularly masquerade as photo editors and wallpapers but their real purpose is to run malware in the background of the mobile device, such as this Squid Game app from 2021.
Little-known apps aren’t the only ones you have to be wary of either. The biggest companies are also falling to cybercrime. For instance, more details recently came to light about a breach at Uber that leaked the PII of 57 million users. Plus, the popular mobile payment service, Cash App had the personal details of 8.3 million current and former users leaked.2
To keep your cellphone free of malicious software and your PII and password secure, take these five mobile security tips with you into the new year.
The new year is as good a time as any to unload any unnecessary baggage, emotional, literal, or in this case, digital. Go through your phone and delete the apps you haven’t used in the last six months. Make sure to completely delete your account with that app and not just hide it from your homepage. The smaller your digital footprint, the less at risk your PII is of being compromised in a breach.
Before you download any new app, it’s a good idea to conduct some background research on it. How many detailed reviews does it have? Who is the app developer? A phony app usually reveals itself through its lack of reviews. Consider apps with less than 50 reviews fishy. Skim the reviews for specific details and typos. If it’s lacking in detail but brimming with typos and grammatical mistakes, it could signal a fake. This research should take about five minutes, so don’t worry; it shouldn’t be too much of an inconvenience, and that time will be well spent.
Just like it’s a good idea to keep on top of global news, set up news alerts for cybersecurity breaches. If a company falls to a cybercriminal, the alert will give you the valuable time you need to act quickly to either delete your account or change your password.
For every online account, it is essential to create a unique password or passphrase. That way, if you do get hacked through an app or get tricked by a fake one, you don’t have to worry about cybercriminals using that password to walk into your other accounts. Password managers are an excellent way to keep all your passwords secure and free up your brain space for things other than dozens of passwords.
When you sign up for a new app, you can expect to give it a username, a password, and maybe your first name; however, if it has optional fields for your full birthday or your address, consider leaving those blank. The less information the company has about you, the less that can end up in cybercriminals’ hands if the app is breached.
The first step to better cyber habits is arming yourself with the knowledge of the threats that are out there. The best advice here is to slow down, observe and think about your next move every time you download a new app. The signs of a fake are usually not difficult to spot. Then, once you’re confident in its legitimacy, limit the amount of PII you share with it. In this digital world we live in, consider everyone susceptible to a breach.
To give you peace of mind, supplement your great habits with a tool, like McAfee+ Ultimate, that will cover all your bases and be your partner to live your best private life online.
1Tech.co, “Data Breaches That Have Happened in 2022 So Far.”
2Termly, “98 Biggest Data Breaches, Hacks, and Exposures.”
The post 2023’s Top 5 App Security Tips appeared first on McAfee Blog.
As 2022 draws to a close, the Threat Research Team at McAfee Labs takes a look forward—offering their predictions for 2023 and how its threat landscape may take shape.
This year saw the continued evolution of scams, which is unlikely to slow down, as well as greater adoption of Chrome as an operating system. It also saw the introduction of AI tools that are easy and accessible to virtually anyone with a phone or laptop, which will continue to have significant implications, as will the fluctuating popularity of cryptocurrency and the emergence of “Web3.”
Advances such as these have set the stage for 2023, which will continue to reshape our interactions with technology—advances that bad actors will try to exploit, and in turn, us.
Yet as the threat landscape continues to evolve, so do the ways we can protect ourselves. With that, we share McAfee’s threat predictions for 2023, along with insights and advice that can help us enjoy the advances to come with confidence.
By Steve Grobman, Chief Technology Officer
Humans have been fascinated by artificial intelligence (AI) for almost as long as we’ve been using computers. And in some cases, even fearful of it. Depictions in pop culture range from HAL, the sentient computer from 2001: A Space Odyssey to Skynet, the self-aware neural network at the center of the Terminator franchise. The reality of current AI technologies is both more complicated and less autonomous than either of these. While AI is rapidly evolving, humans remain at the heart of it, and whether it’s put to beneficial or nefarious use.
Within the last few months, creating AI-generated images, videos, and even voices are no longer strictly left to professionals. Now anyone with a phone or computer can take advantage of the technology using publicly available applications like Open AI’s Dall-E or stability.ai’s Stable Diffusion. Google has even made creating AI-generated videos easier than ever.
What does this mean for the future? It means the next generation of content creation is becoming available to the masses and will only continue to evolve. People both at work and at home will have the ability to create the AI-generated content in minutes. Just as desktop publishing, photo editing, and inexpensive photorealistic home printers created major advances that empowered individuals to create content that previously required a professional designer, these technologies will enable sophisticated outputs with minimal expertise or effort.
Advances in desktop publishing and consumer printing also provided benefits to criminals, enabling better counterfeiting and more realistic manipulation of images. Similarly, these emerging next-generation content tools will also be used by a range of bad actors. From cybercriminals to those seeking to falsely influence public opinion, these tools will empower scammers and propagandists to take their tradecraft to the next level with more realistic results and significantly improved efficiency.
This is especially likely to ramp up in 2023 as the U.S. begins the 2024 presidential election cycle in earnest. Globally, the political environment is polarized. The confluence of the emergence of accessible next-generation generative AI tools and what is sure to be a highly contested 2024 election season is a perfect storm for creating and distributing disinformation for political and monetary gain.
We’ll all need to be more mindful of the content we consume and the sources that it originates from. Fact-checking images, videos, and news content, something that’s already on the rise, will continue to be a necessary and valuable part of media consumption.
By Oliver Devane, Security Researcher
Cryptocurrency scams
In 2022 we saw several online scams making use of existing content to make crypto scams more believable. One such example was the double your money cryptocurrency scam that used an old Elon Musk video as a lure. We expect such scams to evolve in 2023 and make use of deep fake videos, as well as audio, to trick victims into parting ways with their hard-earned money.
The financial outlook of 2023 remains uncertain for many people. During these times, people often look for ways to make some extra money and this can lead them vulnerable to social media messages and online ads that offer huge financial gains for little investment.
According to the IC3 2021 report, the losses for financial scams increased from $336,469,000 in 2020 to $1,455,943,193 in 2021, this shows that this type of scam is growing by an enormous amount, and we expect this to continue.
Unfortunately, scammers will often target the most vulnerable people. Fake loan scams are one such scam where the scammers know that the victims are desperate for the loan and therefore are less likely to react to warning signs such as asking for an upfront fee. McAfee predicts that there will be a large increase in these types of scams in 2023. When looking for a loan, always use a trusted provider and be careful of clicking on online ads.
Metaverses such as Facebook’s Horizon enable their users to explore an online world that was previously unimaginable. When these platforms are in the early stages, malicious actors will usually attempt to exploit the lack of understanding of how they work and use this to scam people. We have observed phishing campaigns targeting users of these platforms in 2022 and we expect this to increase dramatically in 2023 as more and more users sign up for the platforms.
By Craig Schmugar, McAfee Senior Principal Engineer
More than 25 years ago, Windows 95 became the platform of choice not just for millions of users around the globe, but for malware authors targeting those users. Over the years, Windows has evolved, as has the threat landscape. Today, Windows 10 and 11 make up the majority of the desktop PC market, but thanks to the rise of the mobile Internet, device diversity has greatly evolved since the advent of Windows 95.
Over five years ago, Android overtook Windows as the world’s most popular OS and with this shift bad actors have been pursing alternative methods of attack. The ultimate vectors are those which impact users across a spectrum of devices. Email and web-based scams (some of which are outlined in the blog above) are as prolific as ever as these technologies are ubiquitous across desktop and mobile devices.
Meanwhile, other technologies span across desktop and mobile experiences as well. For Google, such cross-platform capabilities are highlighted by increased adoption of ChromeOS and a few underlying technologies. This includes 270 million active Android users and a 270% increase in Progressive Web Application (PWA) installations [https://chromeos.dev]. ChromeOS’ ability to run Android applications, combined with its wide-spread adoption, provides the climate for increased attention by those with ill intentions.
Similarly, adoption of PWAs provide bad actors with additional incentive to deliver deceptive and imposter attacks through this multi-OS channel, including ChromeOS, iOS, MacOS, and Windows.
Finally, on the heels of COVID restrictions that impacted schools in various countries, Google reported 50 million students and educators worldwide [https://chromeos.dev] using ChromeOS. Many users will be unaware of malicious Chrome extensions lurking in the Chrome Web Store.
All of this means that the stage is set for a marked increase in threats impacting Chromebook in the year to come. In 2023, we can expect to see Chromebook users among millions of unsuspecting victims that download and run malicious content, whether from malicious Android Apps, Progressive Web Apps, or Chrome Web Store extensions, users should be leery of popups and push notifications urging them to install untrusted apps.
By Fernando Ruiz, Senior Security Researcher
Editor’s Note: Web3? FOMO? If you’re already lost, you’re not alone. Web3 is a term some use to encompass decentralized internet services, technologies like Bitcoin and Non-Fungible Tokens (digital art that collectors can purchase with cryptocurrency). Still confused? A lot of people are. This New York Times article is a good primer on what is currently considered Web3.
As for FOMO, that’s just an acronym meaning the “Fear of Missing Out.” That nagging feeling, most often felt by extroverts, that others are out there having more fun than them and that they’re missing the party.
Whether you invest in cryptocurrency or just see the headlines on Twitter, no doubt you’ve seen that the price of cryptocurrency has sharply declined during 2022. These fluctuations are becoming more normal as crypto becomes even more mainstream. It’s very likely that the value of crypto will rise again.
When the last upturn in valuation happened near the start of the pandemic, the hype about crypto also skyrocketed. Suddenly Bitcoin and other cryptocurrencies were everywhere. Out of that, rose the concept of Web3, with more companies investing in new applications over blockchain (the technology that is the backbone of cryptocurrency).
McAfee predicts that the popularity of cryptocurrency will rise again, and consumers will hear much more about Web3 concepts like decentralized finance (DeFi), decentralized autonomous organizations (DAOs), self-sovereign identity (SSI) and more.
Some amateur investors, remembering the rapid rise of the value of Bitcoin earlier this decade, won’t want to miss out on what they think will be a great opportunity to get rich quick. It’s this group that bad actors will seek to exploit, offering up links or applications that play on these users’ crypto/Web3 FOMO.
As crypto bounces back and initial awareness of decentralization grows in the general population, consumers will begin to explore these Web3 offerings without fully understanding what they mean or what dangers they should be aware of, leaving them open to scams as they invest time and money into crypto or creating their own NFT content. These scams could entice users to click on a link or download an app that appears to legitimately interact with some blockchains, but in actuality:
Additionally, when consumers DO hold crypto, NFT, digital land, or other blockchain financial assets they are going to be targeted for more sophisticated threats that can drain their funds: smart contracts, exchanges, digital wallets, and synchronization services can all be associated with hidden authorizations that allow a third party (potentially a bad actor) to take control of the assets. It’s important that users read the terms and conditions of any app they download, especially those that will be accessing ANY type of financial institution or currency, whether traditional or crypto.
Social engineering will also continue to be a top entry point for cybercriminals. The complexity of the attacks will evolve as the technology does, which will require more preparation and understanding of how Web3 applications and tools work in order to safely interact with them.
What has emerged from the world of Web3 thus far, while exciting, has also expanded attack surfaces and vectors, which we expect to see grow throughout 2023 as Web3 evolves.
The post McAfee 2023 Threat Predictions: Evolution and Exploitation appeared first on McAfee Blog.
Without doubt, the biggest criticism we all have of social media is that everyone always looks fabulous! And while we all know that everyone is only sharing the best version of themselves, let’s be honest – it can be a little wearing. Well, there’s a new social media platform that is determined to uproot our online curated lives by having users post very real pictures of themselves – with no time to stage or add filters!
Developed in France in 2020, BeReal is where Aussie teenagers are currently spending their time and energy online. And to be honest, I can totally see why. It’s all about sharing random, authentic pics without having to spend time and energy making them look beautiful. In fact, my 19-year-old tells me that the uglier and weirder the photo, the better! How refreshing!!!
Once you’ve signed up, the app will send all users a notification at a random time throughout the day that it’s ‘time to BeReal’. As soon as the user opens the app to share a pic, they have just 2 minutes to take a picture of whatever they’re doing at that particular moment whether they’re on the bus, at the gym or chilling at home in trackies. The app will take 2 pictures using the front and back cameras so that your followers can see what you look like and where you are.
Now, if you don’t manage to post in 2 minutes, you’re officially late and your friends will know. In fact, there’s a small amount of shame for being tardy – as if on some level you’re not committed to being authentic. But don’t let this worry you too much – we can’t wait around all day awaiting the notification to post!
When you have uploaded your daily snap, your friends can comment, respond to your pic with ‘RealMojis’ and even see where you are in the world with the map feature. Users can also choose to upload their pics to the public feed where other users can leave “RealMoji’ reactions but no comments. But in order to access either the public feed or your friends’ photos, users will need to take their own picture too.
Now for my favourite parts of this app – this app has NO filters, NO option to ‘like’ anything, NO follower counts and NO private messaging!! How liberating!!
Like all social media platforms, there are a few risks however with a bit of strategy and a few smarts, users should be able to have a safe and positive experience. And when compared to platforms where follower counts and likes are public, influencers dominate and comments are allowed, BeReal is definitely a great choice.
Here are my top tips to keep the experience safe and positive:
1. Disable Your Location To Avoid Being ‘Discoverable’
Before you share your pics, ensure you disable your location to avoid the app sharing your exact location on the map. You don’t want an ill-intentioned follower knowing your exact whereabouts!
2. Think (Quickly) Before You Post
The very brief 2-minute posting window may result in rushed decisions about what to post and potentially oversharing of personal information. So, ensure you (and your kids) know not to share anything that can identify their location, any identifiable numbers such as passports or licences or, their computer screens that may display confidential information.
3. Don’t Feel Pressures to Post If You Can’t
Accept that there will be times when you just can’t post within the 2-minute time frame. You may be driving, sleeping or doing something far more important. You can absolutely still post late.
4. Know How To Report Bad Behaviour
If you see a post that is inappropriate, then report it immediately. It’s an investment in keeping the BeReal community as safe as possible. Simply tap the three dots at the top right of the post. A report button should appear. You will then have the option to flag the post as undesirable or inappropriate.
5. Be Aware of the Comparison Trap!
Like all social media platforms, users may compare their posts with others. They may think their lives are boring and predictable, particularly if their friends are doing more exciting things. If a young person is prone to anxiety or low mood, this may not be helpful. As a parent, reminding your kids that perception is not reality, and that one photo does not define a person may be required. But if it all gets too much, a digital detox might be just the thing!
So, if your kids have embraced BeReal then your homework is pretty easy – join up too! It’s impossible to understand your kids’ online world if you don’t take some time to step inside it. And for what it’s worth – I think you’ll really like this one. The fact that there is no public like count, follower tally, filters or private messaging makes the Mama Bear in me very happy!!
The post BeReal – The Newest Kid On The Social Media Block appeared first on McAfee Blog.
testasofasfaslfasdahsdiohasodihasodnaosdinaisdnasdnaobvscivbxcv
!@#$%^&*()_+<>????~
The post Test Post 2 – 5 Dec Prod Release appeared first on McAfee Blog.
test post
test post
test postiowfwfsdfffffffffffffffffffffffffffoiwheoir weroihorih
dzfhsdfgusdkfsdkjfbasdlkfnsdlkfjsdjkf
!@#$%^&*()_+<>?~
The post Test Post – Prod Release 5 Dec appeared first on McAfee Blog.
This time of year, the air gets chillier and a bit cheerier for everyone … including online scammers. Holiday scams are a quick way to make a buck, and cybercriminals employ several holiday-themed schemes to weasel money and personally identifiable information (PII) from gift-givers and do-gooders.
Here are five common Black Friday, Cyber Monday, and holiday season shopping scams to watch out for this year, plus a few tips to help you stay safe online.
The holiday season often brings outpourings of generosity, and scammers kick their morals to the curb and use people’s kindness to make a profit. Social engineering is a tactic where a bad actor plays on people’s emotions to trick them into sharing personal or financial information. This holiday season, keep an eye out for strangers’ funding pages or social media posts asking for donations.
Artificial intelligence (AI) content generation tools like ChatGPT and Bard are likely to make these scams more believable than those in years past. While AI doesn’t understand human emotion, when given the right prompt, it can mimic it well. In one “60 Minutes” segment, Bard wrote a touching short story that made the presenter misty-eyed. Additionally, AI usually uses correct grammar and edits out typos, which used to be the hallmark of phishing attempts.
There are undoubtedly authentic stories of real people and families in need around the holidays. Be wary of any social media post that makes you feel an extreme emotion, in this case, sadness. Phishers want people to act before they think through their decision.
Are you a procrastinator? Watch out for last-minute shopping scams that are targeted at people who leave their gift buying until deep in December. As with anything else, if it’s too good to be true, it probably is. Shopping scams often take the form of phishing emails where criminals impersonate a well-known merchant.
While sales often have a quick timeline, don’t let that short timeline pressure you into making an impulsive decision. Phishing emails, when you take the time to inspect them, are usually easy to spot. The logos are often blurry and the tone of the message will seem “off.” Either it will sound very formal and impersonal or it will sound very informal and seem pushy.
During the holiday shopping season, your doorstep can be crowded with packages. Do you remember what’s in each one? Online criminals bank on the fact that you can’t quite keep track of what you’ve purchased.
Criminals try to lure people to download malware or divulge personal or account information with bogus order confirmation and delivery tracking number emails and texts. They’ll impersonate popular online retailers or postal services and claim to have information about your order if you click on their link; however, that link will redirect to a malicious site or download a malicious payload to your device.
This holiday shopping scam also dials in on people who’ve lost track of how many online orders they’ve made and the various shopping accounts in their name. Again, phishers will impersonate popular merchants and send “urgent” messages about suspending online accounts if payment isn’t received immediately. Similarly, phishers may also impersonate delivery services claiming that they’re (basically) holding your orders hostage until you pay up.
Gift cards are a standby present for the people on your list who are difficult to buy for or for people you don’t know too well but want to get them a small something. Whether the gift card is worth $5 or $500, an online scammer can steal the entire value through two techniques: a brute force attack or phishing. Known as gift card cracking, cybercriminals can take wild guesses at gift card codes and cash in the value for themselves by methodically guessing strings of numbers and letters and crossing their fingers for a match. Cybercriminals will also employ phishing emails, texts, or social media direct messages to trick people into divulging gift card information.
Luckily, there are several ways to sniff out a bad actor trying to cash in on your holiday spirit. Here are a few simple ways you can modify your online holiday shopping habits to keep your devices free from malware and your PII out of the hands of bad actors.
Cybercriminals hustle all year round, so it’s an excellent idea to invest in a security solution that gives you peace and mind and boosts your confidence in your privacy, identity, and device safety. McAfee+ is an excellent partner! It includes a VPN, safe browsing tool, credit lock, identity monitoring and remediation, and much more.
Happy shopping, happy holidays, and happy new year!
The post ’Tis the Season for Holiday Scams: 5 Common Schemes to Look Out For appeared first on McAfee Blog.
Whether you’re standing around the water cooler at work, waiting for your kids at the school gate or sitting around the dinner table, data breaches are without doubt the hot topic of conversation. In late September, we were all shaken when news of the biggest Australian data breach to date broke – a record 10 million Optus customers had their details stolen. But unfortunately, the data breach stories have continued with Medibank, Energy Australia, and, most recently, Woolworths also reporting that private customer data had been stolen.
Inevitably, many of us are feeling vulnerable worrying that our private identifying information (and our family’s) such as our Medicare and Drivers Licence details have potentially been stolen. We’ve all read the stories about victims of identity theft and are, rightly concerned, that it could happen to us. So, if you’re unsure as to what to do next – don’t worry – I’ve got you! In fact – I’m going to give you two action plans. The first is for those who have been personally affected by a data breach (or consider it highly likely they were affected) and the second, is a long-term plan to help you protect yourself and your family’s data online.
If you or a family member has been contacted by a company and informed that your private details have been compromised, then you need to caffeine up and bring your entire focus to this situation. And if you’re still awaiting the call but you’re thinking it’s likely you’re affected, then my advice is to assume you are. It never hurts to be too cautious when you’re dealing with a potential identity theft situation. So, here’s your plan:
So, now it’s time to think long term. We all know prevention is key. So, what can we do to protect ourselves to minimise the risk of becoming a victim of identity theft (if and when) the next data breach occurs? Here’s your plan:
As we all know, it’s often the simplest things that can have the biggest impact. Ensuring you have a different but super complex password or passphrase for each of your online accounts is one of the best things you can do to protect yourself online. I appreciate that this may take a lot of work to implement but it’s so worth it. And here’s why – if you’re the victim of a data breach and your login details are stolen then you could be in a world of pain if you have just one password for all your accounts. Because within seconds of stealing your details, a hacker could potentially access your bank accounts, credit card accounts and online shopping sites where your credit card is saved – you get the picture! You see why it makes such sense! If it all feels a little overwhelming, why not use a password manager? Password managers can create and remember passwords that no human could even think of – genius!
In summary, Multi-Factor Authentication (MFA) or 2 Factor Authentication (2FA) makes a hacker’s life a lot harder. In short, it requires the user to provide two or more verification factors to gain access to an account or app. This might be a text, email or even a code generated by an authentication app. So, even if a hacker has your password and username, if they can’t access the last piece of the puzzle, then you’re safe!!!
McAfee has just released a super-duper solution to help Aussies protect themselves online. McAfee+ is an all-in-one privacy, identity and device protection solution. Not only does it feature identity monitoring and a password manager but also an unlimited VPN, a file shredder, a protection score and parental controls. And the Rolls Royce version called McAfee+ Advanced, also offers subscribers additional identity protections including access to licensed restoration experts who can help you repair your identity and credit. It also gives subscribers access to lost wallet protection which help you cancel and replace your ID, credit cards if they are lost or stolen.
Limiting your exposure online will also reduce the chance of being affected by a data breach. So, take some time to delete accounts you no longer use. Perhaps you had a side hustle on eBay a few years back but hadn’t bothered to close your accounts – well, now is the time. Close down those old eBay (and PayPal) accounts and any other accounts or subscriptions that you no longer use.
And next time you purchase something from a new website, consider conducting your transaction as a guest only and not creating an account on their website. If there’s no benefit beyond saving a minute or two when you check out, why store your credit card number, address, and other identifying info on a website that may eventually be breached?
If there is ever a time to take the management of your online data seriously, it’s now. Assuming that you won’t be a victim of a data breach and that ‘things like that don’t happen to you’ just doesn’t cut it. So, be proactive: sort out your passwords, turn on 2-factor authentication and practice some good quality cyber hygiene! And do yourself a favour and invest in some top-notch privacy and identity protection program like McAfee+ so you can continue living your best life online!
The post How To Help Your Family Protect Their Online Data appeared first on McAfee Blog.
Even with the holidays in full swing, scammers won’t let up. In fact, it’s high time for some of their nastiest cons as people travel, donate to charities, and simply try to enjoy their time with friends and family.
Unfortunate as it is, scammers see this time of year as a tremendous opportunity to profit. While people focus giving to others, they focus on taking, propping up all manner of scams that use the holidays as a disguise. So as people move quickly about their day, perhaps with a touch of holiday stress in the mix, they hope to catch people off their guard with scams that wrap themselves in holiday trappings.
Yet once you know what to look for, they’re relatively easy to spot. The same scams roll out every year, sometimes changing in appearance yet remaining the same in substance. With a sharp eye, you can steer clear of them.
With Black Friday and Cyber Monday in the books, we can look forward to what’s next—a wave of post-holiday sales events that will likewise draw in millions of online shoppers. And just like those other big shopping days, bad actors will roll out a host of scams aimed at unsuspecting shoppers. Shopping scams take on several forms, which makes this a topic unto itself, one that we cover thoroughly in our Black Friday & Cyber Monday shopping scams blog. It’s worth a read if you haven’t done so already, as digs into the details of these scams and shows how you can avoid them.
However, the high-level advice for avoiding shopping scams is this: keep your eyes open. Deals that look too good to be true likely are, and shopping with retailers you haven’t heard of before requires a little bit of research to determine if their track record is clean. In the U.S., you can turn to the Better Business Bureau (BBB) for help with a listing of retailers you can search simply by typing in their names. You can also use https://whois.domaintools.com to look up the web address of the shopping site you want to research. There you can see its history and see when it was registered. A site that was registered only recently may be far less reputable than one that’s been registered for some time.
Plenty of new tech makes its way into our homes during the holiday season. And some of that tech can be a little challenging to set up. Be careful when you search for help online. Many scammers will establish phony tech support sites that aim to steal funds and credit card information. Go directly to the product manufacturer for help. Often, manufacturers will offer free support as part of the product warranty, so if you see a site advertising support for a fee, that could be a sign of a scam.
Likewise, scammers will reach out to you themselves. Whether through links from unsolicited emails, pop-up ads from risky sites, or by spammy phone calls, these scammers will pose as tech support from reputable brands. From there, they’ll falsely inform you that there’s something urgently wrong with your device and that you need to get it fixed right now—for a fee. Ignore these messages and don’t click on any links or attachments. Again, if you have concerns about your device, contact the manufacturer directly.
With the holidays comes travel, along with all the online booking and ticketing involved. Scammers will do their part to cash in here as well. Travel scams may include bogus emails that pose as reputable travel sites telling you something’s wrong with your booking. Clicking a link takes you to a similarly bogus site that asks for your credit card information to update the booking—which then passes it along to the scammer so they can rack up charges in your name. Other travel scams involve ads for cut-rate lodging, tours, airfare, and the like, all of which are served up on a phony website that only exists to steal credit card numbers and other personal information.
Some of these scams can look quite genuine, even though they’re not. They’ll use cleverly disguised web addresses that look legitimate, but aren’t, so don’t click any links. If you receive notice about an issue with your holiday travel, contact the company directly to follow up. Also, be wary of ads with unusually deep discounts or that promise availability in an otherwise busy season or time. These could be scams, so stick with reputable booking sites or with the websites maintained by hotels and travel providers themselves.
Donations to an organization or cause that’s close to someone’s heart make for a great holiday gift, just as they offer you a way to give back during the holiday season. And you guessed it, scammers will take advantage of this too. They’ll set up phony charities and apply tactics that pressure you into giving. As with so many scams out there, any time an email, text, direct message, or site urges you into immediate action—take pause. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that there some charities pass along more money to their beneficiaries than others. As a general rule of thumb, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
The holidays also mean a flight of big-time sporting events, and with the advent of online betting in many regions scammers want to cash in. This scam works quite like shopping scams, where bad actors will set up online betting sites that look legitimate. They’ll take your bet, but if you win, they won’t pay out. Per the U.S. Better Business Bureau (BBB), the scam plays out like this:
“You place a bet, and, at first, everything seems normal. But as soon as you try to cash out your winnings, you find you can’t withdraw a cent. Scammers will make up various excuses. For example, they may claim technical issues or insist on additional identity verification. In other cases, they may require you to deposit even more money before you can withdraw your winnings. Whatever you do, you’ll never be able to get your money off the site. And any personal information you shared is now in the hands of scam artists.”
You can avoid these sites rather easily. Stick with the online betting sites that are approved by your regional gambling commission. Even so, be sure to read the fine print on any promo offers that these sites advertise because even legitimate betting sites can freeze accounts and the funds associated with them based on their terms and conditions.
A complete suite of online protection software, such as McAfee+ Ultimate can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, we offer $1M identity theft coverage and support from a recovery pro, just in case.
And because scammers use personal information such as email addresses and cell phone numbers to wage their attacks, other features like our Personal Data Cleanup service can scan high-risk data broker sites for your personal information and then help you remove it, which can help reduce spam, phishing attacks, and deny bad actors the information they need to commit identity theft.
That’s why they enjoy the holidays so much. With all our giving, travel, and charity in play, it’s prime time for their scams. Yet a little insight into their cons, along with some knowledge as to how they play out, you can avoid them.
Remember that they’re playing into the hustle and bustle of the season and that they’re counting on you to lower your guard more than you might during other times of the year. Keep an eye open for the signs, do a little research when it’s called for, and stick with reputable stores, charities, and online services. With a thoughtful pause and a second look, you can spare yourself the grief of a scam and fully enjoy your holidays.
The post Unwrapping Some of the Holiday Season’s Biggest Scams appeared first on McAfee Blog.
Authored by SangRyol Ryu and Yukihiro Okutomi
McAfee’s Mobile Research team recently analyzed new malware targeting mobile payment users in Japan. The malware which was distributed on the Google Play store pretends to be a legitimate mobile security app, but it is in fact a payment fraud malware stealing passwords and abusing reverse proxy targeting the mobile payment services. McAfee researchers notified Google of the malicious apps, スマホ安心セキュリティ, or ‘Smartphone Anshin Security’, package name ‘com.z.cloud.px.app’ and ‘com.z.px.appx’. The applications are no longer available on Google Play. Google Play Protect has also taken steps to protect users by disabling the apps and providing a warning. McAfee Mobile Security products detect this threat as Android/ProxySpy.
The malware actor continues to publish malicious apps on the Google Play Store with various developer accounts. According to the information posted on Twitter by Yusuke Osumi, Security Researcher at Yahoo! Japan, the attacker sends SMS messages from overseas with a Google Play link to lure users to install the malware. To attract more users, the message entices users to update security software.
A SMS message from France (from Twitter post by Yusuke)
Malware on Google Play
The Mobile Research team also found that the malware actor uses Google Drive to distribute the malware. In contrast to installing an application after downloading an APK file, Google Drive allows users to install APK files without leaving any footprint and makes the installation process simpler. Once the user clicks the link, there are only a few more touches required to run the application. Only three clicks are enough if users have previously allowed the installation of unknown apps on Google Drive.
Following notification from McAfee researchers, Google has removed known Google Drive files associated with the malware hashes listed in this blog post.
When a user installs and launches this malware, it asks for the Service password. Cleverly, the malware shows incorrect password messages to collect the more precise passwords. Of course, it does not matter whether the password is correct or not. It is a way of getting the Service password. The Service password is used for the payment service which provides easy online payments. The user can start this payment service by setting a Service password. The charge will be paid along with the mobile phone bill.
There is a native library named ‘libmyapp.so’ loaded during the app execution written in Golang. The library, when loaded, tries to connect to the C2 server using a Web Socket. Web Application Messaging Protocol (WAMP) is used to communicate and process Remote Procedure Calls (RPC). When the connection is made, the malware sends out network information along with the phone number. Then, it registers the client’s procedure commands described in the table below. The web socket connection is kept alive and takes the corresponding action when the command is received from the server like an Agent. And the socket is used to send the Service password out to the attacker when the user enters the Service password on the activity.
| RPC Function name | Description |
| connect_to | Create reverse proxy and connect to remote server |
| disconnect | Disconnect the reverse proxy |
| get_status | Send the reverse proxy status |
| get_info | Send line number, connection type, operator, and so on |
| toggle_wifi | Set the Wi-Fi ON/OFF |
| show_battery_opt | Show dialog to exclude battery optimization for background work |
Registered RPC functions description
To make a fraudulent purchase by using leaked information, the attacker needs to use the user’s network. The RPC command ‘toggle_wifi’ can switch the connection state to Wi-Fi or cellular network, and ‘connect_to’ will provide a reverse proxy to the attacker. A reverse proxy can allow connecting the host behind a NAT (Network Address Translation) or a firewall. Via the proxy, the attacker can send purchase requests via the user’s network.
It is an interesting point that the malware uses a reverse proxy to steal the user’s network and implement an Agent service with WAMP. McAfee Mobile Research Team will continue to find this kind of threat and protect our customers from mobile threats. It is recommended to be more careful when entering a password or confidential information into untrusted applications.
193[.]239[.]154[.]23
91[.]204[.]227[.]132
ruboq[.]com
| SHA256 | Package Name | Distribution |
| 5d29dd12faaafd40300752c584ee3c072d6fc9a7a98a357a145701aaa85950dd | com.z.cloud.px.app | Google Play |
| e133be729128ed6764471ee7d7c36f2ccb70edf789286cc3a834e689432fc9b0 | com.z.cloud.px.app | Other |
| e7948392903e4c8762771f12e2d6693bf3e2e091a0fc88e91b177a58614fef02 | com.z.px.appx | Google Play |
| 3971309ce4a3cfb3cdbf8abde19d46586f6e4d5fc9f54c562428b0e0428325ad | com.z.cloud.px.app2 | Other |
| 2ec2fb9e20b99f60a30aaa630b393d8277949c34043ebe994dd0ffc7176904a4 | com.jg.rc.papp | Google Drive |
| af0d2e5e2994a3edd87f6d0b9b9a85fb1c41d33edfd552fcc64b43c713cdd956 | com.de.rc.seee | Google Drive |
The post Fake Security App Found Abuses Japanese Payment System appeared first on McAfee Blog.
Holding the door for someone might open the way to a cyberattack. For anyone who works in a secure building or workplace, they might want to rethink that courtesy. The hackers and thieves behind piggybacking and tailgating attacks count on it.
Piggyback and tailgating attacks occur when an unauthorized person gains access to a restricted workplace, one that requires some form of ID to enter. While quite similar, these attacks have an important difference:
In both cases, these unauthorized entries can put businesses and organizations at risk. They give potential bad actors all kinds of access to sensitive information and devices.
Trade secrets get stolen this way, as does customer information. In yet more malicious cases, bad actors might gain entry with the intent of sabotaging technology or hijacking a network. And of course, bad actors might do harm to people or property.
Businesses and organizations that find themselves at risk include those that:
Different businesses and organizations have different forms of security in place. You might be among the many who use a smart badge or some form of biometric security to enter a building or certain areas within a building.
However, determined bad actors will look for ways around these measures. With piggyback and tailgating attacks, it’s far easier for them to follow someone into a workplace than it is to break into a workplace.
Bad actors will simply walk in when someone holds the door for them. It’s as simple as that. Additionally, they’ll try several different tricks by:
In all, piggybacking and tailgating attacks rely on social engineering—playing off people’s innate courtesy, willingness to help, or even discomfort with conflict. Essentially, the attacker manipulates human nature.
A good portion of prevention falls on the owner of the building, whether that’s a business, organization, or a landlord. It falls on them to install security hardpoints like badge scanners, keypad locks, biometric scanners, and so on to keep the property secure. Moreover, employers owe it to themselves and their employees to train them on security measures.
Yet you can take further steps to prevent a piggybacking or tailgating attack on your workplace. Some steps include:
Also consider the security of your devices or any other sensitive information you work with. If a bad actor slips into your workplace, you can take other steps to prevent theft or damage.
Some aspects of piggybacking and tailgating prevention seem like they go against our better nature. We want to be kind, helpful, and sometimes we’d simply rather avoid confrontation. Again, piggybackers and tailgaters count on that. Yet a door is only as secure as the person who uses it—or who opens it for someone else.
The post How to Protect Yourself From Tailgating Attacks appeared first on McAfee Blog.
Do yourself a favor: Open a new browser tab and head to your search engine of choice. Type in your full name and home address. Then, see what pops up.
Are the results sparking an ember of unease in the back of your brain? Whether you’re a private person online or you’re comfortable sharing your daily life updates on social media, there are likely to be several personal details about you on sites that shouldn’t have that information. Some of these sites may be data brokerage websites.
Data brokerage sites are legal and are mostly used by annoying advertisers, though cybercriminals may also use them maliciously. The average person has their information for sale on 31 data brokerage sites, and 95% of people have their personal information on sale without their permission.
So how do you scrub the internet of your personal details to keep your identity secure? McAfee Personal Data Cleanup is a service that prevents your personal information from being collected and sold online. Here’s why you should consider taking a few easy steps now to give you peace of mind about the security of your personally identifiable information (PII).
Attack surface is a term usually applied to corporate security, but it’s a great visualization for everyday people going about their personal online errands and entertainment. An attack surface is the number of possible entry points a cybercriminal could weasel their way through to get at your valuable and private information. Entry points include your social media profiles, your online shopping accounts, and data brokerage sites. The fewer entry points you have, the harder it is for cybercriminals to find and exploit them.
While Social Security Numbers (SSNs) are generally revered as the piece of PII to guard most closely, a cybercriminal can still damage your identity with just your name and an address, email address, or phone number. For example, they can request new passwords or multifactor authentication one-time passcodes to break their way into online banking or shopping accounts. Security breaches are happening to huge companies all over the world. All it takes is for your SSN to be leaked in one of them, for a cybercriminal to piece together your digital clone and use it to harm your identity or credit.
Personal Data Cleanup minimizes your attack surface by removing as much PII as possible that’s floating around the internet, just waiting for someone to buy it.
When you’re aware of how many unauthorized vendors are selling your PII, it could be the wakeup call you need start adopting more cautious online habits. For instance, oversharing on social media leaks a lot of valuable details that a savvy criminal can then use to take educated guesses at your passwords or craft a social engineering plot catered just to you.
The present is as good a time as any to start protecting your identity for the future; however, getting started is often the most difficult step. It can seem overwhelming to reach out to every data brokerage site individually and request they remove your info. Personal Data Cleanup can be your partner not only in beginning the cleanup process but in monitoring your data security to keep your online presence as minimal as possible. The service scans the internet’s riskiest sites and then, before deleting your information from these sites, runs it by you to confirm. Then, it will continually monitor those same sites, as your information will likely reappear every two to four months.
Do not underestimate the tenacity of a cybercriminal. Even for people who have the attitude that their PII is bound to be somewhere online and that it’s no big deal, McAfee Personal Data Cleanup manages three key steps in the data removal process: scanning, removing, and monitoring. So, even if you’re not convinced that data brokerage sites are a threat, the process is too easy to put off any longer!
For those who are concerned about their online privacy, full-service Personal Data Cleanup is included in McAfee+ Ultimate, which is the complete package to let you live your online life in private. McAfee+ Ultimate also includes identity monitoring and identity theft resolution services, unlimited VPN, credit lock, and much more.
In 2021, more than 1.4 million identity theft complaints were filed to the Federal Trade Commission.1 Identity theft can occur to anyone, so take steps today, starting with data brokerage sites, to live a more secure and more private digital life.
1Federal Trade Commission, “New Data Shows FTC Received 2.8 Million Fraud Reports from Consumers in 2021”
The post McAfee Personal Data Cleanup: Your Partner in Living a More Private Online Life appeared first on McAfee Blog.
Authored by Dennis Pang
What is antivirus? That’s a good question. What does it really protect? That’s an even better question.
Over the years, I’ve come to recognize that different people define antivirus differently. Some see it as way to keep hackers from crashing their computers. Others see it as a comprehensive set of protections. Neither definition is entirely on the money.
With this blog, I hope to give everyone a clear definition of what antivirus does well, along with what it doesn’t do at all. The fact is that antivirus is just one form of online protection. There are other forms of protection as well, and understanding antivirus’ role in your overall mix of online protection is an important part of staying safer online.
Antivirus software protects your devices against malware and viruses through a combination of prevention, detection, and removal.
For years, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer—and any device that connects to the internet is a potential target for malware and viruses.
In short, if it’s connected, it must get protected.
One important distinction about antivirus is its name, a name that first came into use decades ago when viruses first appeared on the scene. (More on that in a bit.) However, antivirus protects you from more than viruses. It protects against malware too.
Malware is an umbrella term that covers all types of malicious software regardless of its design, intent, or how its delivered. Viruses are a subset of malicious software that infects devices and then replicates itself so that it can infect yet more devices.
So while we popularly refer to protection software as antivirus, it protects against far more than just viruses. It protects against malware overall.
Now here’s where some confusion may come in. Some antivirus apps are standalone. They offer malware protection and that’s it. Other antivirus apps are part of comprehensive online protection software, which can include several additional far-reaching features that can protect your privacy and your identity.
The reason why antivirus gets paired up with other apps for your privacy and identity is because antivirus alone doesn’t offer these kinds of protections. Yet when paired with things like a password manager, credit monitoring, identity theft coverage, and a VPN, to name a few, you can protect your devices—along with your privacy and identity. All the things you need to stay safer online.
In short, antivirus doesn’t cut it alone.
With that, let’s take a closer look at what malware and viruses really are—how they evolved, and what they look like today, along with how antivirus protects you against them.
Viruses have a long history. And depending on how you define what a virus is, the first one arguably took root in 1971—more than 50 years ago.
It was known as Creeper, and rather than being malicious in nature, it was designed to show how a self-replicating program could identify other connected devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a follow-on version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software.
From there, it wasn’t until the 1980’s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.
At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice.
Computer viruses became a thing.
Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There the malware would lie in wait until the user rebooted their computer for the 90th time. And on that 90th boot, the user was presented with a digital ransom note like the one here:
Along with that note, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee—making PC Cyborg the first widely recognized form of ransomware.
Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.
It was quickly followed in 2000 by what’s considered the among the most damaging malware to date—ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some information and stole other information, then spread to other computers. One estimate puts the global cost of ILOVEYOU at $10 billion and further speculated that it infected 10% of the world’s internet-connected computers at the time.
With the advent of the internet, malware quickly established itself as a sad fact of connected life. Today, McAfee registers an average of 1.1 million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions of malicious programs already in existence.
Apart from the sheer volume of malware out there today, another thing that distinguishes today’s malware from early malware attacks—they’re created largely for profit.
We can think of it this way:
Today’s malware is far more than an annoyance or headache. It can lead to follow-on attacks that target your finances, your identity, your privacy, or a mix of all three.
So with a million or so new threats coming online each day, and millions more out there already, how does antivirus protect you from malware? It blocks, detects, and removes malware. And it does so in a couple of ways:
However, as mentioned earlier, antivirus provides only one aspect of online protection today. While it protects your devices and the data that’s on them, your privacy and identity can come under attack as well. So while antivirus alone can protect you from malware, it can’t prevent other forms of online crime like identity theft, phishing attacks designed to steal personal information, or attacks on your accounts, to name a few of the many other types of threats out there.
Yet comprehensive online protection can.
Comprehensive online protection software like ours offers antivirus, along with specific services and features that protect your privacy and identity online as well. It gives you dozens of other features like identity theft coverage & restoration, personal data cleanup, security freezes, and an online protection score that shows you just how safe you are, along with suggestions that can make you safer still.
So while protecting your devices with antivirus is a great start, it’s only one part of staying safer online. Including privacy and identity protection rounds out your protection overall.
The post What is Antivirus and What Does It Really Protect? appeared first on McAfee Blog.
Have you ever been browsing online and clicked a link or search result that took you to a site that triggers a “your connection is not private” or “your connection is not secure” error code? If you’re not too interested in that particular result, you may simply move on to another result option. But if you’re tempted to visit the site anyway, you should be sure you understand what the warning means, what the risks are, and how to bypass the error if you need to.
A “your connection is not private” error means that your browser cannot determine with certainty that a website has safe encryption protocols in place to protect your device and data. You can bump into this error on any device connected to the internet — computer, smartphone, or tablet.
So, what exactly is going on when you see the “this connection is not private” error?
For starters, it’s important to know that seeing the error is just a warning, and it does not mean any of your private information is compromised. A “your connection is not private” error means the website you were trying to visit does not have an up-to-date SSL (secure sockets layer) security certificate.
Website owners must maintain the licensing regularly to ensure the site encryption capabilities are up to date. If the website’s SSL certificate is outdated, it means the site owners have not kept their encryption licensing current, but it doesn’t necessarily mean they are up to no good. Even major websites like LinkedIn have had momentary lapses that would throw the error. LinkedIn mistakenly let their subdomain SSL certificates lapse.
In late 2021, a significant provider of SSL certificates, Let’s Encrypt, went out of business. When their root domain officially lapsed, it created issues for many domain names and SSL certificates owned by legitimate companies. The privacy error created problems for unwitting businesses, as many of their website visitors were rightfully concerned about site security.
While it does not always mean a website is unsafe to browse, it should not be ignored. A secure internet connection is critical to protecting yourself online. Many nefarious websites are dangerous to visit, and this SSL certificate error will protect you from walking into them unaware.
SSL certification standards have helped make the web a safer place to transact. It helps ensure online activities like paying bills online, ordering products, connecting to online banking, or keeping your private email accounts safe and secure. Online security continues to improve with a new Transport Layer Security (TLS) standard, which promises to be the successor protocol to SSL.
So be careful whenever visiting sites that trigger the “connection is not private” error, as those sites can potentially make your personal data less secure and make your devices vulnerable to viruses and malware.
Note: The “your connection is not private” error is Google Chrome‘s phrasing. Microsoft Edge or Mozilla Firefox users will instead see a “your connection is not secure” error as the warning message.
If you feel confident that a website or page is safe, despite the warning from your web browser, there are a few things you can do to troubleshoot the error.
Remember, you are taking your chances anytime you ignore an error. As we mentioned, you could leave yourself vulnerable to hackers after your passwords, personal information, and other risks.
Your data and private information are valuable to hackers, so they will continue to find new ways to try and procure it. Here are some ways to protect yourself and your data when browsing online.
As we continue to do more critical business online, we must also do our best to address the risks of the internet’s many conveniences.
A comprehensive cybersecurity tool like McAfee+ Ultimate can help protect you from online scams, identity theft, and phishing attempts, and ensure you always have a secure connection. McAfee helps keep your sensitive information out of the hands of hackers and can help you keep your digital data footprints lighter with personal data cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post “This Connection Is Not Private” – What it Means and How to Protect Your Privacy appeared first on McAfee Blog.
Article tags
Something looks a little … sketchy. Is that website safe or unsafe?
Nowadays, it can take a bit work to tell.
And that’s by design. Increasingly, hackers and scammers go to great pains when they create their malicious websites. They take extra steps to make their sites look legit, when in fact they’re anything but. Certainly, plenty of other hackers and scammers slap together malicious sites that still look a bit roughshod, which makes them easier to spot.
So whether it’s a clever knockoff or a slapdash effort, unsafe websites of all kinds have several telltale signs you can spot. We’ll show you, and let’s start things off with what makes an unsafe website unsafe in the first place.
Unsafe websites typically harbor one of two primary forms of attack—yet sometimes both:
Malware: Hackers will use their sites to install malware on your device, often by tricking you into clicking or tapping on a download. They might tempt you with an offer, a prize, a show to stream—just about anything you might want to otherwise download. (Recently, we saw hackers installing malware on sites that offered to stream dubbed versions of the “Barbie” movie.)
Phishing: Another classic attack. Phishing involves scammers who try to hoodwink you into providing account or financial information. Common ruses include links in emails, texts, and DMs that appear to be urgent messages from streaming services, banks, social media, and other accounts. Of course, those messages are phony.
As a result, unsafe websites can lead to some not-so-good things.
On the malware side, attackers can install spyware and similar apps that siphon financial and personal information from your device while you’re using it. Other malware might steal files outright or maliciously delete them altogether. Ransomware remains a major concern today as well, where attackers hold devices and data hostage. And even if victims end up paying the ransom, they have no guarantee that the attacker will free their device or data.
Phishing attacks often lead to financial headaches, sometimes large ones at that. It depends on the information scammers get their hands on. In some cases, the damage might lead to identity fraud and a few illicit charges on a debit or credit card. If scammers gather enough information, they can take that a step further and commit identity theft. That can include opening new credit or loans in your name. It could also give a scammer the info they need to get driver’s licenses or employment in your name.
Above and beyond committing fraud or theft on their own, scammers might also sell stolen information to others on the dark web.
Again, all not-so-good. Yet quite preventable.
For some sites, it only takes one sign. For other sites, it takes a few signs—a series of red flags that warn you a site is unsafe. When you’re online, keep a sharp eye out for the following:
The “s” stands for “secure.” Specifically, it means that the website uses SSL (Secure Sockets Layer) that creates an encrypted link between a web server and a web browser. SSL helps prevent others from intercepting and reading your sensitive information as it’s transmitted, which is particularly important when you shop or bank online. Likewise, you can also look for a little lock symbol in the address bar of your web browser. That’s one more way you can spot a site that uses SSL.
From spelling errors and grammatical mistakes, to stretched out logos and cheap photography, some unsafe websites are designed poorly. Legitimate businesses pride themselves on error-free and professional-looking sites. If a website looks like it got cobbled together in a hurry or doesn’t seem to be well-designed, that’s usually a red flag. The site might be unsafe, created by attackers who don’t have a strong attention to detail—or the creative capabilities to create a good-looking website in the first place.
Plenty of unsafe sites are imposter sites. They’ll try to pass themselves off as a legitimate company, like the streaming services, banks, and so forth that we mentioned earlier—all to get a hold of your account information. With all these imposter sites in play, look at the site’s address. Scammers will gin up web addresses that are close to but different from legitimate sites, so close that you might miss it. If you’re uncertain about the address, leave the page. Also note that many companies have web pages that provide lists of the official addresses that they use. Amazon provides on example, and we do the same here at McAfee. Reviewing these lists can help you spot an imposter site.
A window or graphic pops up on your screen. The site you’re on says that it’s identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. “You can correct the issue with a click!” Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
A screen full of links insisting you to click ranks among the top signs of an unsafe site. So much so, it’s often the subject of sitcom bits. Needless to say, the attackers behind these sites want you to click for one of several reasons. It might be to get you to download malware. It might be to generate ad revenue with clicks. Or it might be to get you to click a link that redirects you to another malicious site. In all, if you encounter a site like this, close your browser. And then run a system scan with your online protection software.
These unsafe sites sprout up around the holidays and gift-giving seasons. When stores run low on particularly popular or hot items, scammers will quickly launch sites that claim these items are in stock and ready to ship. Similarly, they might promote popular items at a deep discount. Of course, shopping at these sites will likely lead to one thing—a credit card charge and no item on your doorstep. Be wary when you see ads for stores in your social media feed, in search, and elsewhere. Stick with known, trusted retailers. (And for more on shopping safely online, give this article a quick read.)
These sites bear similarities to malicious online shopping sites. When popular movies hit the big screen or major sporting events come around, so do scam sites that promise to stream them for free or at a low cost. Avoid them. Trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might serve up pirated content, which could carry malware threats along with it.
Not every site that promotes some kind of giveaway or deal is a scam. Yet the ones that ask for personal or financial information likely are. Scammers prey on people’s love for saving money or even winning a buck or two. Enter the prize, coupon, and quiz sites. Malicious prize and coupon sites will often ask for credit or debit card information, often under the guise of a payout or a discount. Malicious quiz sites will likewise ask for all kinds of personal information, typically questions about the name of your pet, the first car you owned, or where you went to school. The questions share much in common with the security questions used by banks and credit card companies. Handing this information over could lead to a breached account. Give these sites a pass.
Comprehensive online protection software like ours includes web protection that can spot malicious sites for you. It has further features that can prevent downloading malware by accident, not to mention strong antivirus protection if a hacker makes their way through to you. In all, it gives you extra confidence that wherever your travels take you online, you’re protected from sketchy and unsafe sites.
However, another part of your best defense against unsafe websites is you. Knowing what the red flags are and the kinds of information hackers want to steal can help you avoid their attacks from the start.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
What color jersey will you be sporting this November and December? The World Cup is on its way to television screens around the world, and scores of fans are dreaming of cheering on their team at stadiums throughout Qatar. Meanwhile, cybercriminals are dreaming of stealing the personally identifiable information (PII) of fans seeking last-minute vacation and ticket deals.
Don’t let the threat of phishers and online scammers dampen your team spirit this World Cup tournament. Here are three common schemes cybercriminals will likely employ and a few tips to help you dribble around their clumsy offense and protect your identity, financial information, and digital privacy.
Phishers will be out in full force attempting to capitalize on World Cup fever. People wrapped up in the excitement may jump on offers that any other time of the year they would treat with skepticism. For example, in years past, fake contests and travel deals inundated email inboxes across the world. Some companies do indeed run legitimate giveaways, and cybercriminals slip in their phishing attempts among them.
If you receive an email or text saying that you’re the winner of a ticket giveaway, think back: Did you even enter a contest? If not, treat any “winner” notification with skepticism. It’s very rare for a company to automatically enter people into a drawing. Usually, companies want you to act – subscribe to a newsletter or engage with a social media post, for example – in exchange for your entry into their contest. Also, beware of emails that urge you to respond within a few hours to “claim your prize.” While it’s true that real contest winners must reply promptly, organized companies will likely give you at least a day if not longer to acknowledge receipt.
Traveling is rarely an inexpensive endeavor. Flights, hotels, rental cars, dining costs, and tourist attraction admission fees add up quickly. In the case of this year’s host country, Qatar, there’s an additional cost for American travelers: visas.
If you see package travel deals to the World Cup that seem too good to pass up … pass them up. Fake ads for ultra-cheap flights, hotels, and tickets may appear not only in your email inbox but also on your social media feed. Just because it’s an ad doesn’t mean it comes from a legitimate company. Legitimate travel companies will likely have professional-looking websites with clear graphics and clean website copy. Search for the name of the organization online and see what other people have to say about the company. If no search results appear or the website looks sloppy, proceed with caution or do not approach at all.
Regarding visas, be wary of anyone offering to help you apply for a visa. There are plenty of government-run websites that’ll walk you through the process, which isn’t difficult as long as you leave enough time for processing. Do not send your physical passport to anyone who is not a confirmed government official.
Even fans who’ve given up on watching World Cup matches in person aren’t out of the path of scams. Sites claiming to have crystal clear streams of every game could be malware spreaders in disguise. Malware and ransomware targeting home computers often lurk on sketchy sites. All it takes is a click on one bad link to let a cybercriminal or a virus into your device.
Your safest route to good-quality live game streams is through the official sites of your local broadcasting company or the official World Cup site. You may have to pay a fee, but in the grand scheme of things, that fee could be a lot less expensive than replacing or repairing an infected device.
Here’s an excellent rule to follow with any electronic correspondence: Never send anyone your passwords, routing and account number, passport information, or Social Security Number. A legitimate organization will never ask for your password, and it’s best to communicate any sensitive financial or identifiable information over the phone, not email or text as they can easily fall into the wrong hands. Also, do not wire large sums of money to someone you just met online.
Don’t let scams ruin your enjoyment of this year’s World Cup! With these tips, you should be able to avoid the most common schemes but to boost your confidence in your online presence, consider signing up for McAfee+. Think of McAfee+ as the ultimate goalkeeper who’ll block any cybercriminals looking to score on you. With identity monitoring, credit lock, unlimited VPN and antivirus, and more, you can surf safely and with peace of mind.
The post Watch Out for These 3 World Cup Scams appeared first on McAfee Blog.
Monkey in the middle, the beloved playground staple, extends beyond schoolyards into corporate networks, home desktops, and personal mobile devices in a not-so-fun way. Known as a monkey-in-the-middle or man-in-the-middle attack (MiTM), it’s a type of cybercrime that can happen to anyone.
Here’s everything you need to know about MiTM schemes specifically, how to identify when your device is experiencing one, and how to protect your personally identifiable information (PII) and your device from cybercriminals.
A man-in-the-middle attack, or MiTM attack, is a scheme where a cybercriminal intercepts someone’s online activity and impersonates a trusted person or organization. From there, the criminal may ask personal questions or attempt to get financial information; however, since the device owner thinks they’re communicating with someone with good intentions, they give up these details freely.
MiTM is an umbrella term that includes several cybercrime tactics, such as:
Cybercriminals gain access to devices to carry out MiTM attacks through three main methods: Wi-Fi eavesdropping, malware, or phishing.
The most common giveaway of a MiTM attack is a spotty internet connection. If a cybercriminal has a hold on your device, they may disconnect you from the internet so they can take your place in sessions or steal your username and password combination.
If your device is overheating or the battery life is much shorter than normal, it could indicate that it is running malware in the background.
If you can identify the signs of a MiTM attack, that’s a great first step in protecting your device. Awareness of your digital surroundings is another way to keep your device and PII safe. Steer clear of websites that look sloppy, and do not stream or download content from unofficial sites. Malware is often hidden in links on dubious sites. Try your best to stick to sites that have URLs beginning with “https.” The “s” stands for “secure.” Though not all “https” sites are guaranteed secure, they are generally more trustworthy than plain “http” sites.
To safeguard your Wi-Fi connection, protect your home router with a strong password or passphrase. When connecting to public Wi-Fi, confirm with the hotel or café’s staff their official Wi-Fi network name. Then, make sure to connect to a virtual private network (VPN). A VPN encrypts your online activity, which makes it impossible for someone to digitally eavesdrop. Never access your personal information when on an unprotected public Wi-Fi network. Leave your online banking and shopping for when you’re back on a locked network or VPN you can trust.
Finally, a comprehensive antivirus software can clean up your device of malicious programs it might have contracted.
McAfee+ Ultimate includes unlimited VPN and antivirus, plus a whole lot more to keep all your devices safe. It also includes web protection that alerts you to suspicious websites, identity monitoring, and monthly credit reports to help you browse safely and keep on top of any threats to your identity or credit.
A cybercriminal’s prize for winning a digital scheme of monkey in the middle is your personal information. With preparation and excellent digital protection tools on your team, you can make sure you emerge victorious and safe.
The post Everything You Need to Know to Avoid a Man-in-the-Middle Mobile Attack appeared first on McAfee Blog.
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
Lorem ipsum dolor sit amet…
!@#$%^&*()_+{}[]-=;’:”,./<>?
The post Test article delete – 16-11-2022 appeared first on McAfee Blog.
Authored by Oliver Devane
It hasn’t taken malicious actors long to take advantage of the recent bankruptcy filing of FTX, McAfee has discovered several phishing sites targeting FTX users.
One of the sites discovered was registered on the 15th of November and asks users to submit their crypto wallet phrase to receive a refund. After entering this phrase, the creators of the site would gain access to the victim’s crypto wallet and they would likely transfer all the funds out of it.
Upon analyzing the website code used to create the phishing sites, we noticed that they were extremely similar to previous sites targeting WalletConnect customers, so it appears that they likely just modified a previous phishing kit to target FTX users.
The image below shows a code comparison between a website from June 2022, and it shows that the FTX phishing site shares most of its code with it.
McAfee urges anyone who was using FTX to be weary of any unsolicited emails or social media messages they receive and to double-check the authenticity before accessing them. If you are unsure of the signs to look for, please check out the McAfee Scam education portal (https://www.mcafee.com/consumer/en-us/landing-page/retention/scammer-education.html)
McAfee customers are protected against the sites mentioned in this blog
| Type | Value | Product | Detected |
| URL | ftx-users-refund[.]com | McAfee WebAdvisor | Blocked |
| URL | ftx-refund[.]com | McAfee WebAdvisor | Blocked |
The post Threat Actors Taking Advantage of FTX Bankruptcy appeared first on McAfee Blog.
Following up on our previous blog, How to Stop the Popups, McAfee Labs saw a sharp decrease in the number of deceptive push notifications reported by McAfee consumers running Microsoft’s Edge browser on Windows.
Such browser-delivered push messages appear as toaster pop-ups in the tray above the system clock and are meant to trick users into taking various actions, such as installing software, purchasing a subscription, or providing personal information.
Upon further investigation, this major drop seems to be associated with a change in the behavior of the Edge browser with two notable improvements over older versions.
First, when users visit websites known to deliver deceptive push notifications, Edge blocks authorization prompts that could trick users into opting-in to receive popups:
Second, when unwanted popups do occur, it is now easier than ever to disable them, on a per-site basis. Users can simply click the three dots (…) on the right of the notification and choose to “Turn off all notifications for” the domain responsible for the popup.
This is a great improvement over the previous experience of having to manually navigate browser settings to achieve the desired result.
Earlier this year, 9TO5Google reported a Chrome code change may be indicative of a similar crack down by Google on nefarious popups.
One can hope Google will follow Microsoft’s example to improve browser security and usability.
The post Microsoft’s Edge over Popups (and Google Chrome) appeared first on McAfee Blog.
Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers.
The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of almost 26 million people, close to a third of the population could find themselves affected.
The hackers subsequently issued ransomware demands with the threat of releasing the records. With their demands unmet, the hackers then started posting the records in batches, the first on November 8th and the latest dropping on November 14th.
According to Medibank, the records and information could include diagnoses, a list of conditions, and further information such as:
“[P]ersonal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for AHM customers (not expiry dates), in some cases passport numbers for our international students (not expiry dates), and some health claims data.”
Medibank continues to keep its customers up to date on the latest developments on its website and further states they will contact customers, via email and post, to clarify what has been stolen and what has been published on the dark web.
Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. In the case of Medibank, the hackers posted the stolen information on the dark web, which unfortunately means that the likelihood of a potential scammer or thief obtaining this information is a near certainty.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Home Affairs Minister Clare O’Neil called for Australians to “Contact Services Australia if you believe there has been unauthorised activity in your Medicare account.” Further, Australians can take the following additional steps to protect themselves in the wake of identity theft.
With some personal information in hand, bad actors may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
If you are contacted by Medibank, make certain the communication is legitimate. Bad actors may pose as Medibank to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the Medibank website or contact them by phone directly.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly can reduce your risk in the event of a data breach. Namely, a breached password is no good to a hacker if you’ve changed it.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to credit cards, bank account numbers and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s identity monitoring service helps you keep an eye on your personal info and provides alerts if your data is found, averaging 10 months ahead of similar services.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in your name. This may include identity theft, where someone pretends to be you, generally to gain access to more information or services, and may escalate to identity fraud, where funds are stolen from your account.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent bad actors from opening new lines of credit or take out loans in your name by “freezing” your credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security. Identity thieves generally focus on easy targets to save time. Elevated security across the majority of your data can make you a far more difficult target. In addition to more private and secure time online with a VPN, identity monitoring, and password management, this includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, McAfee offers support from a licensed recovery pro who can help you restore your credit, just in case.
Per Medibank, some victims of the breach may have had their driver’s licence number exposed. Given that a licence number is such a unique piece of personally identifiable information, anyone notified by Medibank that theirs may have been affected should strongly consider changing them. The process for replacing a licence document will vary depending on your state or territory.
The recent Optus breach of September 2022 saw some states and territories propose making exceptions to the rules for attack victims, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Medibank breach.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, which makes protection a must.
The post The Medibank Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
Smishing and vishing are scams where criminals attempt to get users to click a fraudulent link through a phone text message, email, or voicemail. These scams are becoming increasingly popular as cybercriminals try to take advantage of people who are more likely to fall for them, such as those who aren’t as familiar with technology or who may be experiencing a crisis.
Be aware that cybercrime and hacking can happen to anyone. Criminals are always looking for new ways to exploit people, and they know that others may not be cautious or recognize the warning signs of phishing scams when using the internet. That’s why it’s important to be aware of the different types of cybercrime and how to protect yourself.
This article discusses how to protect yourself from smishing attempts and scams where criminals try to get you to click on a fraudulent link or respond to their voicemail message to steal your personal data.
Most people are familiar with phishing scams, where scammers try to trick you into giving them your personal or financial information by pretending to be a legitimate company or organization. But have you ever heard of smishing or vishing?
Smishing is a type of phishing scam where attackers send SMS messages (or text messages) to trick victims into sharing personal information or installing malware on their devices. Vishing is almost identical to smishing, except cybercriminals use VoIP (Voice over IP) to place phone calls to trick victims instead of SMS (short message service) messages.
Smishing messages often appear to be from a legitimate source, such as a well-known company or government agency. It may even include urgent language or threats in an effort to get victims to act quickly. In some cases, the message may also include a link that directs victims to a fake website where they are prompted to enter personal information or download malware.
Here are some examples of smishing text messages hackers use to steal your personal details:
If you fall for a smishing scam, you could end up giving away your personal information or money. Cybercriminals use smishing messages to get personal and financial information, like your credit card number or access to your financial services.
For example, one type of smishing scam is when you get a text message that looks like it’s from your bank. The message might say there’s been suspicious activity on your account and that you need to click on a link to verify your identity. If you do click on the link, you’ll be taken to a fake website where you’ll be asked to enter your banking information. Once the scammers have your login information, they have access to clean out your account.
Smishing scams can be very difficult to spot, but there are some telltale signs to look for and steps to take to protect yourself.
One of the easiest ways to protect yourself from smishing scams is to be able to recognize the signs of a smishing text message. Here are some tips:
While you can’t avoid smishing attacks altogether, you can block spam text messages you receive on your mobile phone. iPhone and Android have cybersecurity tools like spam filters and phone number blocking to help protect you from phishing attacks and malicious links.
To set up spam filters on your iPhone:
To set up spam filters on your Android mobile device:
McAfee Mobile Security is a mobile security app that helps protect your phone from malware, phishing attacks, and other online threats. McAfee Mobile Security is available for Android and iOS cell phones.
One of the benefits of using McAfee Mobile Security is that it can help detect and block smishing attacks. With identity monitoring, McAfee Mobile Security monitors your sensitive information like email accounts, credit card numbers, phone numbers, Social Security numbers, and more to protect against identity theft. They notify you if they find any security breaches.
Other benefits include:
These days, our lives are more intertwined with our mobile devices than ever. We use them to stay connected with our loved ones on social media, conduct our business, and even access our most personal, sensitive data. It’s no surprise that mobile cybersecurity is becoming increasingly important.
McAfee Mobile Security is a comprehensive security solution that helps protect your device from viruses, malware, and other online threats. It also offers a variety of other features, like a secure VPN to protect your credit card numbers and other personal data.
Whether you’re browsing your favorite website, keeping up with friends on social media, or shopping online at Amazon, McAfee Mobile Security provides the peace of mind that comes from knowing your mobile device is safe and secure.
So why wait? Don‘t let the smishers win. Get started today with McAfee Mobile Security and rest easy knowing your mobile device and sensitive information are protected.
The post What Is Smishing and Vishing, and How Do You Protect Yourself? appeared first on McAfee Blog.
Authored by: Christy Crimmins and Oliver Devane
Football (or Soccer as we call it in the U.S.) is the most popular sport in the world, with over 3.5 billion fans across the globe. On November 20th, the men’s World Cup kicks off (pun intended) in Qatar. This event, a tournament played by 32 national teams every four years, determines the sport’s world champion. It will also be one of the most-watched sporting events of at least the last four years (since the previous World Cup).
An event with this level of popularity and interest also attracts fraudsters and cyber criminals looking to capitalize on fans’ excitement. Here’s how to spot these scams and stay penalty-free during this year’s tournament.
Phishing is a tool that cybercriminals have used for years now. Most of us are familiar with the telltale signs—misspelled words, poor grammar, and a sender email whose email address makes no sense or whose phone number is unknown. But excitement and anticipation can cloud our judgment. What football fan wouldn’t be tempted to win a free trip to see their home team participate in the ultimate tournament? Cybercriminals are betting that this excitement will cloud fans’ judgment, leading them to click on nefarious links that ultimately download malware or steal personal information.
It’s important to realize that these messages can come via a variety of channels, including email, text messages, (also known as smishing) and other messaging channels like WhatsApp and Telegram. No matter what the source is, it’s essential to remain vigilant and pause to think before clicking links or giving out personal or banking information.
For more information on phishing and how to spot a phisher, see McAfee’s “What is Phishing?” blog.
According to ActionFraud, the UK’s national reporting center for fraud and cybercrime, thousands of people were victims of ticket fraud in 2019—and that’s just in the UK. Ticket fraud is when someone advertises tickets for sale, usually through a website or message board, collects the payment and then disappears, without the buyer ever receiving the ticket.
The World Cup is a prime (and lucrative) target for this type of scam, with fans willing to pay thousands of dollars to see their teams compete. Chances are most people have their tickets firmly in hand (or digital wallet) by now, but if you’re planning to try a last-minute trip, beware of this scam and make sure that you’re using a legitimate, reputable ticket broker. To be perfectly safe, stick with well-known ticket brokers and those who offer consumer protection. Also beware of sites that don’t accept debit or credit cards and only accept payment in the form of bitcoin or wire transfers such as the one on the fake ticket site below:
The red box on the right image shows that the ticket site accepts payment via Bitcoin.
Other red flags to look out for are websites that ask you to contact them to make payment and the only contact information is via WhatsApp.
Let’s be realistic—most of us are going to have to settle for watching the World Cup from the comfort of our own home, or the pub down the street. If you’re watching the tournament online, be sure that you’re using a legitimate streaming service. A quick Google of “FIFA World Cup 2022 Official Streaming” along with your country should get you the information you need to safely watch the event through official channels. The FIFA site itself is also a good source of information.
Illegal streaming sites usually contain deceptive ads and malware which can cause harm to your device.
In countries or regions where sports betting is legal, the 2022 World Cup is expected to drive an increase in activity. There’s no shortage of things to bet on, from a simple win/loss to the exact minute a goal will be scored by a particular player. Everything is subject to wager.
As with our previous examples, this increase in legitimate gambling brings with it an increase in deceptive activity. Online betting scams often start when users are directed to or search for gambling site and end up on a fraudulent one. After placing their bets and winning, users realize that while they may have “won” money, they are unable to withdraw it and are even sometimes asked to deposit even more money to make winnings available, and even then, they still won’t be. By the end of this process, the bettor has lost all their initial money (and then some, potentially) as well as any personal information they shared on the site.
Like other scams, users should be wary of sites that look hastily put together or are riddled with errors. Your best bet (yes, again, pun intended) is to look for an established online service that is approved by your government or region’s gaming commission. Finally, reading the fine print on incentives or bonuses is always a good idea. If something sounds too good to be true, it’s best to double-check.
For more on how you can bet online safely, and for details on how legalized online betting works in the U.S., check out our blog on the topic.
Using a free public Wi-Fi connection is risky. User data on these networks is unprotected, which makes it vulnerable to cyber criminals. Whether you’re traveling to Qatar for a match or watching the them with friends at your favorite pub, if you’re connecting to a public Wi-Fi connection, make sure you use a trusted VPN connection.
For more information on scams, visit our scam education page. Hopefully, with these tips, you’ll be able to enjoy and participate in some of the World Cup festivities, after all, fun is the goal!
The post Don’t Get Caught Offsides with These World Cup Scams appeared first on McAfee Blog.
There’s no doubt that cyber bullying ranks towards the top of most parents ‘worry list’. As a mum of 4, I can tell you it always came in my top five, usually alongside driving, drugs, cigarettes and alcohol! But when McAfee research in May revealed that Aussie kids experience the 2nd highest rate of cyberbullying out of the 10 countries interviewed, my heart skipped a beat. Clearly cyberbullying is a big problem for Aussie kids. Bigger than I had previously thought. But many of us parents had so many more questions: what can it look like? where does it happen? and could my child be a perpetrator?
So, as an ally of connected families, McAfee set out to answer these questions so undertook more research through a detailed 10-country online questionnaire to 11,687 parents and their children in June. And the answers were quite revealing…
Before we get into the results, let’s clarify what cyberbullying means. There is often a lot of confusion because let’s be honest, different kids have different tolerances, standards and cultural lenses for what is and isn’t acceptable behaviour. The definition of cyberbullying used in McAfee’s report was based on the definition by StopBullying.Gov:
Cyberbullying is bullying that takes place over digital devices like cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behaviour.
McAfee’s definition was then expanded to include specific acts of cyberbullying, such as:
Along with other acts, including:
What Is The Most Common Form of Cyberbullying for Aussie Kids?
Even though racially motivated cyberbullying is on the rise, name-calling is the most common form of cyberbullying with 40% of kids globally reporting that they have been on the receiving end of it. Interestingly, in Australia, our kids receive this style of bullying more frequently, with 49% of Aussie kids affected.
Exclusion from group chats and conversations is the 2nd most commonly reported form of cyberbullying with 36% of kids globally experiencing it. In Australia, this is higher at 42%.
The spreading of false rumours rounds out the top three forms and was reported by 28% of children globally. Curiously, Aussie kids don’t seem to use this form just as commonly with just 24% affected. Japan stands out as the leader in this reported form of cyberbullying at 44% followed by Germany at 35% and India at 39%.
1 in 8 Aussie kids reports receiving extreme cyberbullying threats eg stalking, harassment and physical threats online. This is in line with the global average however in India and the US, more young people are affected with 1 in 5 reporting this behaviour.
It’s no surprise that the bulk of cyberbullying is happening on social media with 32% of kids affected globally. Group chats come in as the 2nd most commonplace with 24% of kids involved followed by online gaming being an issue for 22% of kids surveyed. 21% of kids experienced cyberbullying on websites and forums and 19% identified that they experienced cyberbullying via text messages.
Globally, Facebook is the social media site where cyberbullying is most likely to occur. 53% of children report witnessing it and 50% report experiencing it. This is followed by Instagram (40% witnessing and 30% experiencing), YouTube, TikTok and then Twitter.
Overall, Aussie kids appear to experience less cyberbullying on social media with just 47% witnessing it on Facebook and 37% experiencing it. Our kids also report lower levels on Instagram as well with 34% witnessing and 30% experiencing.
It appears that Snapchat is unfortunately where a lot of undesirable behaviour happens for our Aussie kids with 34% reporting that they have been affected on this platform – a huge 10% above the international average and the highest of any country included in the survey.
I’m sure it’s not a surprise to many parents that most cyberbullying comes from someone known to the victim. In fact, 57% of kids worldwide confirmed this with just 45% nominating that the cyberbullying they received had been initiated by a stranger. And Aussie kids’ experiences reflect the global norm with 56% expressing that they also knew the perpetrator but only 36% experienced cyberbullying from a stranger. Interestingly, only India, reported more cyberbullying at the hands of strangers (70%) than by someone the child knows (66%).
Globally, 81% of all children surveyed stated that they had never cyberbullied anyone while just 19% admitted that they had. But when questioned further, it became apparent that there may be some disconnect. In fact, when asked about specific cyberbullying behaviours, more than half of children worldwide (53%) admitted to committing one or more types of cyberbullying —perhaps indicating that their definition of cyberbullying differs from the clinically accepted definition. The most common acts that they admitted to included making a joke at someone else’s expense (22%), name-calling (18%) and excluding someone from a chat or conversation (15%).
It appears that our kids are calmer about the state of cyberbullying that their peers worldwide. Only 46% of our kids reported they were more concerned about being cyberbullied now than last year, compared to a 59% average worldwide. Aussie children said they are among the least concerned children in the world, alongside Canada at 44%, the U.K. at 43%, and Germany at 38%.
And Aussie parents also appear calmer than parents from other countries with only 61% nominating they were more concerned about their child being cyberbullied today versus last year, compared to the 72% international average. Australian parents also showed the least level of worry that their child may be a cyberbully. Only 41% said that they worried this was more likely this year than last, compared to 56% of parents elsewhere.
Now, this could be because the online learning and tech-heavy phase of the pandemic is, thankfully, over and we are not as focussed on technology-related issues. Or perhaps it’s because we really are a nation of ‘laid-back’ types! The jury is still out…
We all know that it’s impossible to fix a problem if you don’t truly understand it. So, while these statistics might be a little overwhelming, please soak them in. Appreciating the complexities of this problem and digesting how cyberbullying can look and impact our kids is essential. Now, as first-generation digital parents, it may take us a little longer to wrap our heads around it and that’s ok. The most important thing is that we commit to understanding the problem so that we are in the best position possible to support and guide our kids.
In my next blog post, I will be sharing more detailed strategies that will help you minimise the risk of your child becoming a victim of cyberbullying. I will also include advice on what to do if your child is affected by cyberbullying plus what to do if your child is in fact a cyberbully.
‘Till next time.
Stay Safe Online
Alex
The post How Cyberbullying Looks In Australia in 2023 appeared first on McAfee Blog.
What you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, estimated income, purchasing habits, and any political affiliations you may have—all pretty personal information, right? Well, there’s a good chance that anyone can find it online. All it takes is your name and address.
Thankfully, there’s something you can do about it.
But first, go ahead and give it a try. Type your name and address in a search bar and see what comes up. If you’re like most people, your search results turned up dozens of sites with your information on them. Some sites offer bits of it for free. Other sites offer far more detailed information, for a price.
Who’s behind all this? Data brokers. All part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well.
The result? A chillingly accurate picture of you.
So accurate, that reporters and law enforcement will often use profiles from data broker sites to dig up a person’s background. And so could scammers and thieves.
Ever wonder how you end up with all those spam calls and texts? Look no further than the data brokers. They help scammers compile the calling and texting lists they use. Yet spammy calls and texts are just part of the problem with these sites. They can give thieves the tools they need to steal your identity.
How? Visualize your identity as a jigsaw puzzle. Every bit of personal information makes up a piece, and if you cobble enough pieces together, a scammer or thief could have enough information to steal your identity. And data brokers compile all those pieces in one place and offer up them up in droves.
If you’re wondering if this activity is legal or at least regulated in some way, it largely isn’t. For example, the U.S. has no federal laws that require data brokers to remove personal information from their sites if requested to do so. On the state level, Nevada, Vermont, and California have legislation in place aimed at protecting consumers from having their data disclosed on these sites. Other legislation is being considered, yet as of this writing there’s very little on the books right now.
With next to no oversight, data brokers continue to collect personal information, which may or may not be accurate. It may be out of date or flat out wrong. Likewise, as it is with any large data store, data brokers are subject to hacks and attacks, which may lead to breaches that release detailed personal information onto the dark web and into the hands of bad actors.
Put plainly, data brokers collect, buy, and sell high volumes of personal information, often in ways that leave no trace that it’s happening to you—or that the information is correct in any way.
All this can feel like it’s out of your control. And maybe the search you did on yourself made you a little uneasy. (Understandable!) Yet you have plenty of ways you can curb this activity and even remove your information from some of the riskiest data broker sites as well.
It starts by finding out which sites have information on you, followed by filing requests to have it removed. Yet with dozens and dozens of these sites proliferating online, this can be a time-consuming process. Not to mention a frustrating one. We created McAfee+ so people can not only be safe but feel safe online, particularly in a time when there’s so much concern about identity theft and invasion of our online privacy. McAfee+ contains a comprehensive set of tools, such as Personal Data Cleanup which are designed to help protect your online privacy.
Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan.
And because getting your info removed once isn’t a guarantee that a data broker won’t collect and post it again, Personal Data Cleanup can continually monitor those sites. So should your info get posted again, you can request its removal again as well.
The other way you can thwart data brokers involves cleaning up your tracks when you go online, essentially leaving a smaller amount of data in your wake that they can collect and resell.
Searching for your name and address can turn up some surprises and introduce you to the world of data brokers, the dozens and dozens of companies that collect, buy, and sell your personal information. While data brokers sell this information to companies for advertising and marketing purposes, they will also sell that information to hackers, scammers, and thieves. Simply put, they don’t discriminate when selling your personal info. That puts more than just your privacy at risk, it can put your identity at risk as well. By selling your personal information, it can give bad actors the info they need to commit identity fraud and theft.
While cleaning up personal information from these sites is often a difficult and time-consuming task, tools like our Personal Data Cleanup can now dig out the sites where your personal info is posted and can help you remove it. Moreover, you now have several tricks and tactics you can use to reduce the amount of personal data these sites can collect. In all, you now have far more control over what data brokers can collect, buy, and sell than you had before. And now is most certainly a time to take that control given all the time we spend online and the many ways we rely on it to help us work, play, and simply get things done.
The post How much of your personal info is available online? A simple search could show you plenty. appeared first on McAfee Blog.
FreshRSS