Login
In the ever-growing digital age, our mobile devices contain an alarming amount of personal, sensitive data. From emails, social media accounts, banking applications to payment apps, our personal and financial lives are increasingly entwined with the convenience of online, mobile platforms. However, despite the increasing threat to cyber security, it appears many of us are complacent about protecting our mobile devices.
Survey revealed that many mobile users still use easy-to-remember and easy-to-guess passwords. With such an increasing dependence on mobile devices to handle our daily tasks, it seems unimaginable that many of us leave our important personal data unguarded. Theft or loss of an unsecured mobile device can, and often does, result in a catastrophic loss of privacy and financial security.
The unfortunate reality of our digital era is that devices are lost, misplaced, or stolen every day. A mobile device without password protection is a gold mine for anyone with malicious intent. According to a global survey by McAfee and One Poll, many consumers are largely unconcerned about the security of their personal data stored on mobile devices. To illustrate, only one in five respondents had backed up data on their tablet or smartphone. Even more concerning, 15% admitted they saved password information on their phone.
Such statistics are troubling for several reasons. The most obvious is the risk of personal information —including banking details and online login credentials— falling into the wrong hands. A lost or stolen device is not just a device lost— it’s potentially an identity, a bank account, or worse. The lack of urgency in securing data on mobile devices speaks to a broad consumer misunderstanding about the severity of the threats posed by cybercriminals and the ease with which they can exploit an unprotected device.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Perhaps one of the most surprising findings of the survey is the difference in mobile security behaviors between men and women. This difference illustrates not just a disparity in the type of personal information each group holds dear, but also the degree of risk each is willing to accept with their mobile devices.
Broadly speaking, men tend to place greater value on the content stored on their devices, such as photos, videos, and contact lists. Women, on the other hand, appear more concerned about the potential loss of access to social media accounts and personal communication tools like email. They are statistically more likely to experience online harassment and privacy breaches. This could explain why they are more concerned about the security of their social media accounts, as maintaining control over their online presence can be a way to protect against harassment and maintain a sense of safety.
The loss of a mobile device, which for many individuals has become an extension of their social identity, can disrupt daily life significantly. This distinction illustrates that the consequences of lost or stolen mobile devices are not just financial, but social and emotional as well.
Despite the differences in what we value on our mobile devices, the survey showed a worrying level of risky behavior from both genders. Over half (55%) of respondents admitted sharing their passwords or PIN with others, including their children. This behavior not only leaves devices and data at risk of unauthorized access but also contributes to a wider culture of complacency around mobile security.
Password protection offers a fundamental layer of security for devices, yet many people still choose convenience over safety. Setting a password or PIN isn’t a failsafe method for keeping your data safe. However, it is a simple and effective starting point in the broader effort to protect our digital lives.
→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices
While the survey results raise an alarm, the good news is that we can turn things around. It all begins with acknowledging the risks of leaving our mobile devices unprotected. There are simple steps that can be taken to ramp up the security of your devices and protect your personal information.
First and foremost, password-protect all your devices. This means going beyond your mobile phone to include tablets and any other portable, internet-capable devices you may use. And, while setting a password, avoid easy ones like “1234” or “1111”. These are the first combinations a hacker will try. The more complex your password is, the sturdier a barrier it forms against unauthorized access.
Another important step is to avoid using the “remember me” function on your apps or mobile web browser. Although it might seem convenient to stay logged into your accounts for quick access, this considerably amplifies the risk if your device gets stolen or lost. It’s crucial to ensure you log out of your accounts whenever not in use. This includes email, social media, banking, payment apps, and any other accounts linked to sensitive information.
McAfee Pro Tip: If your phone is lost or stolen, employing a combination of tracking your device, locking it remotely, and erasing its data can safeguard both your phone and the information it contains. Learn more tips on how to protect your mobile device from loss and theft.
Sharing your PIN or password is also a risky behavior that should be discouraged. Admittedly, this might be challenging to implement, especially with family members or close friends. But the potential harm it can prevent in the long run far outweighs the temporary convenience it might present.
Having highlighted the importance of individual action towards secure mobile practices, it’s worth noting that investing in reliable security software can also make a world of difference. A mobile security product like McAfee Mobile Security, which offers anti-malware, web protection, and app protection, can provide a crucial extra layer of defense.
With app protection, not only are you alerted if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, your personal information remains safe by locking some or all of your apps. This means that even if your device falls into the wrong hands, they still won’t be able to access your crucial information.
It’s also critical to stay educated on the latest ways to protect your mobile device. Cyber threats evolve constantly, and awareness is your first line of defense. McAfee has designed a comprehensive approach to make the process of learning about mobile security not just informative but also engaging. Our array of resources includes a rich repository of blogs, insightful reports, and informative guides. These materials are meticulously crafted to provide users with a wealth of knowledge on how to protect their mobile devices, ensuring that the learning experience is not only informative but also engaging and enjoyable.
While the current state of mobile device security may seem concerning, it’s far from hopeless. By incorporating simple security practices such as setting complex passwords and avoiding shared access, we can significantly reduce the risk of unauthorized data access. Additionally, investing in trusted mobile security products like McAfee Mobile Security can provide a robust defense against advancing cyber threats. Remember, our digital lives mirror our real lives – just as we lock and secure our homes, so too must we protect our mobile devices.
The post How to Protect Your Mobile Device From Loss and Theft appeared first on McAfee Blog.
Every day, life for many consumers has become more “digital” than before—this has made day-to-day tasks easier for many of us, but it also creates new challenges. From online banking to medical records, protecting our private, personal information is imperative.
Too often, the same password is used for multiple online accounts—for instance, you might log in to your online banking site with the same password you use for your personal email account. In a McAfee survey, 34% of people reported that they use the same password for multiple online accounts. Using identical passwords is convenient for us as users, but it’s also convenient for any hacker trying to steal personal information—once a hacker has access to one of your accounts, he can use a recycled password to snoop around at will.
Certainly, using more than one password and passphrases that include a mix of upper and lower case letters, numbers, and symbols and is at least ten characters in length goes a long way towards keeping malicious people at bay, but unfortunately, merely adding variety to your login information doesn’t guarantee security. In The Easiest Ways to Not Get Hacked, author Rebecca Greenfield included this chart showing just how much difference one character in length makes:
One of the most important accounts to keep secure is your primary email account—and here’s why: sooner or later, we all have to use the “I forgot my password” option, which typically sends a password reset email.
A hacker only needs to crack the password for your primary email account, and he’ll be able to access any of your other secure accounts simply by clicking the “forgot password” button when he sees it. This is known as a single point of failure, meaning it’s the one piece in any system that can bring down your whole system.
McAfee Pro Tip: If you’re having trouble remembering all your complex passwords on multiple accounts, a password manager can help you save time and effort while securing your accounts and devices. Learn more about McAfee’s password manager.
Establishing a separate email account for registration is one idea—in other words, your “I forgot my password” emails would all be sent to an account other than your primary email account. But even in that situation, there’s still only one password between a hacker and most of the data you want to keep from a hacker’s hands—from financial accounts and bank access to your weekly grocery delivery service. So the real question, even if you’re savvy enough to have a separate email address for password rescue, is: how do you make any email account more secure?
Two-step verification (often referred to as two-factor authentication) is a system designed to give you an extra layer of security that’s easy to use and indispensable for commercial or highly sensitive accounts. Two-step verification protects your email with not only a password but also by associating your account with a specific device or devices. A recent example of how this works comes from Google. In the case of Google’s two-step verification for Gmail accounts, a user simply re-authorizes the account every 30 days, by providing a numeric code that confirms the account.
→ Dig Deeper: Two-Factor vs. Multi-Factor Authentication: What’s the Difference?
The extra step and learning a new system of security sounds like an enormous hassle, but Google has taken the pain out of the process by allowing you to obtain the code in one of three ways:
This means that a hacker who wants to access your email account can only do so if he has access to your text messages or your landline phone. It might not stop every cybercriminal, but it does make the average hacker’s job a lot harder.
McAfee Pro Tip: Some hackers may go as far as calling your personal numbers, if they have access to them, and ask for your two-factor verification code to access your financial accounts, citing that they need it for their ongoing promotions or measures to improve your account security. This is a social engineering tactic that you should familiarize yourself with. Learn more about social engineering.
This two-factor authentication, while not new, is making major inroads among websites, apps, and services that process critical information. Many corporations have used hardware-based secondary authentication codes for years, but Google and others (including Twitter) are working hard to make this enhanced authentication flow a more practical and accessible part of our working lives.
New biometric verification options, such as a retina or fingerprint scan, are also catching on among security-conscious consumers, and will likely be a feature on more devices in the future. As times change, and more sensitive information flows through these sites, we can be sure to see more of these processes put into place.
→ Dig Deeper: How Virtual Reality and Facebook Photos Helped Researchers Hack Biometric Security
Two-step verification offers multiple benefits in the world of digital security. The key merit is that it presents an extra hurdle for hackers to overcome. If a hacker has breached your password, they still have to pass the second level of verification. As such, two-step verification makes your information harder to access, giving you added peace of mind.
Apart from enhancing security, two-step verification simplifies the recovery process if you ever forget your password. Since you have set up a secondary recovery method, you can use it to reset your password. This reduces the risk of losing access to your account due to forgotten passwords.
→ Dig Deeper: Let’s Make Security Easy
Setting up two-step verification on your accounts is relatively straightforward process. The first step is to go to the account settings of the platform where you want to enable this feature. Once you are there, locate the two-step verification or two-factor authentication option. Click on it, and follow the prompts. Typically, the system will ask for your phone number or an alternative email address to send the verification code to complete the process. Once that is done, you are all set.
From then on, every time you log in, you will need to input not only your password but also a unique code sent to your phone number or alternative email. Remember to choose a method that is convenient for you. For instance, if you are always on your phone, it may be easier to opt for the text message verification code option. This ensures that you can always promptly complete the second step of verification whenever you log in.
→ Dig Deeper: Protect Your Social Passwords with Two-Step Verification
While two-step verification offers an added layer of security, it is not foolproof. One potential challenge is that a hacker could intercept the verification code. Despite its rarity, this type of security breach is possible and has occurred. Furthermore, you might face issues if you lose the device used for verification. For example, if you lose your phone and have set it up for receiving verification codes, you might struggle to access your accounts.
Moreover, two-step verification can be inconvenient for some people. It adds an extra step every time you log in, and if you do not have immediate access to your verification device, you might be locked out of your accounts. Despite these challenges, the benefits of two-step verification far outweigh the potential drawbacks, and it remains a robust and recommended security measure in the digital era.
In conclusion, two-step verification offers a critical layer of security in protecting your digital assets. As life becomes increasingly digitized, and we continue to store more personal and sensitive information online, it is crucial to employ strong security measures like two-step verification. While it might seem like a bit of a hassle at times, the added security it provides, the peace of mind and the protection of your personal information make it a worthwhile endeavor. As the old saying goes, “It’s better to be safe than sorry.”
Therefore, embrace two-step verification and make it harder for hackers to gain access to your information. After all, security in the digital sphere is not a luxury, but a necessity.
To further protect your digital assets, consider McAfee+, our most comprehensive online protection software. Protect your mobile, laptops, computers, and IoT devices with reputable security software.
The post Make a Hacker’s Job Harder with Two-step Verification appeared first on McAfee Blog.
In the last decade, Bitcoin has emerged as a revolutionary form of digital asset, disrupting traditional financial markets along the way. Unlike traditional currencies issued by national governments (fiat money), Bitcoin is a decentralized form of money operated via a peer-to-peer network. This means it is not regulated or controlled by any central authority or government. This, along with many other characteristics, offers a range of benefits but also poses certain risks. In this article, we will examine these advantages and challenges to help you evaluate whether the benefits of Bitcoin outweigh the risks.
Bitcoin was created in 2009 by an anonymous person or group of people using the pseudonym Satoshi Nakamoto. As the first cryptocurrency, Bitcoin introduced a new kind of money that is issued and managed without the need for a central authority. Not only is Bitcoin a single unit of currency (simply referred to as a “bitcoin”), but it is also the decentralized, peer-to-peer network that enables the movement of that currency.
Bitcoin transactions are verified by network nodes through cryptography and recorded on a public ledger called blockchain. A user can access his or her bitcoins from anywhere in the world, as long as they have the private key to their unique Bitcoin address. Now, let’s delve into the inherent benefits and risks associated with Bitcoin.
This digital cryptocurrency has gained immense popularity and continues to capture the imagination of investors, tech enthusiasts, and financial experts alike. As we dive into the world of Bitcoin, let’s also uncover the myriad benefits it brings to the table, from decentralization and security to financial inclusion and innovation.
As a decentralized form of currency, Bitcoin is not subject to control by any government, bank, or financial institution. This ensures that the value of Bitcoin is not affected by monetary policies or economic conditions of any specific country. It also means there is no need for intermediaries, such as banks, to process transactions. As a result, Bitcoin transactions can be faster and cheaper than traditional money transfers, particularly for international transactions.
Furthermore, this decentralization offers potential benefits in regions where the local currency is unstable or access to banking is limited. For those without bank accounts, Bitcoin provides an alternative way to store and transact money. It also provides a safeguard against the risks of government-controlled fiat currency, such as inflation or deflation. This property of Bitcoin has been particularly attractive in countries experiencing hyperinflation, such as Venezuela.
Bitcoin transactions are recorded on a public ledger, the blockchain, which is accessible to anyone. This ensures a high level of transparency, as the flow of Bitcoins and the transactions can be tracked by anyone. Nonetheless, while transactions are public, the identities of the parties involved are pseudonymous. This offers a level of privacy and anonymity to users, as their real-world identities are not directly connected to their Bitcoin addresses, offering more privacy than traditional banking systems.
Moreover, because of its immutable and transparent nature, Bitcoin has potential uses beyond being a currency. The underlying blockchain technology has numerous potential applications, including secure sharing of medical records, supply chain management, and secure transfer of assets like land deeds and other legal documents.
→Dig Deeper: Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
Bitcoin stands as both an enigma and a harbinger of change. Its meteoric rise to prominence has captivated the world, yet it has also garnered its fair share of scrutiny and caution. Now, let’s examine the flip side of the digital coin – the risks that come with it.
Price Volatility
One of the most well-known risks of Bitcoin is its price volatility. The value of a bitcoin can increase or decrease dramatically over a very short period. This volatility can result in significant financial loss. While some traders may enjoy this volatility because it provides exciting opportunities for high-return investments, it can be a risky venture for those seeking stability, particularly for those who intend to use Bitcoin as a regular currency.
The volatility also makes Bitcoin less feasible as a store of value. With traditional currencies, individuals can expect the purchasing power of their money to remain relatively stable over short periods of time. With Bitcoin, however, the purchasing power can fluctuate wildly from day to day.
While the Bitcoin network itself has remained secure since its inception, the ecosystem around it is not entirely secure. Bitcoin wallets and exchanges, which are necessary for users to store and trade Bitcoins, have been the targets of hacking in the past. In some instances, users have lost their entire Bitcoin holdings.
Bitcoin transactions are irreversible. Once a transaction is initiated, it cannot be reversed. If the transaction is fraudulent or a mistake has been made, it cannot be corrected. This risk factor demands a high level of care and caution by Bitcoin users. The anonymity of Bitcoin can also facilitate criminal activities such as money laundering and the buying and selling illegal goods, which can impact users indirectly.
→Dig Deeper: Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
Bitcoin operates in a relatively gray area of law and regulation. While it is not illegal, its status varies widely around the world. Some countries have embraced Bitcoin as a legitimate payment method, while others have banned or restricted it. The variability of regulation creates uncertainty and poses a risk for Bitcoin users. There’s also a risk that future regulation could adversely affect Bitcoin. For instance, if a major government declared Bitcoin use illegal, or one of the world’s largest exchanges was hacked, the value of Bitcoin could plummet.
Due to Bitcoin’s decentralized nature, lawmakers and regulatory bodies may find it difficult to draft and implement effective regulations that do not stifle innovation. The digital nature of Bitcoin also poses challenges with legal protections that are generally applied to traditional instruments, such as the ability to challenge fraudulent transactions.
→Dig Deeper: Cryptohacking: Is Cryptocurrency Losing Its Credibility?
When comparing the benefits and risks of Bitcoin, it becomes clear that this cryptocurrency presents both unique opportunities and challenges. On the positive side, its decentralized and peer-to-peer nature offers a level of independence and flexibility not found in traditional financial systems. Additionally, its underlying blockchain technology offers potential for numerous applications beyond cryptocurrency itself.
However, these benefits must be weighed against the risks they pose, including its high price volatility and security issues, and the potential consequences of an uncertain regulatory environment. These risks underline the need for caution and due diligence before investing in or transacting with Bitcoin.
As the first cryptocurrency, Bitcoin is still in its early stages and will likely continue to evolve. As its regulatory environment becomes clearer and its technology becomes more established, the risks associated with Bitcoin may decrease. However, until then, a balanced perspective on the benefits and risks of Bitcoin is essential for anyone considering participating in its network.
McAfee Pro Tip: Bitcoin’s security issues are one of the main risks you need to consider and watch out for if you wish to invest in Bitcoin. Traditional or cryptocurrency, learn how to protect your finances online.
In a remarkably short time, Bitcoin has evolved from a fringe concept to a global financial phenomenon, challenging conventional notions of currency and decentralization. While its disruptive potential, innovation, and the allure of financial autonomy are undeniable, Bitcoin’s journey is punctuated with volatility, regulatory ambiguities, and security concerns that demand cautious consideration. As it continues to capture the world’s imagination, Bitcoin stands as both a symbol of the digital age’s possibilities and a stark reminder of the complexities and challenges associated with redefining the future of finance. Its ultimate role in the global economy remains uncertain, but its impact on the way we perceive and utilize money is undeniable, solidifying its place in history as a transformative force in the world of finance.
As individuals, it is essential to safeguard your digital assets, traditional financial resources, and online financial dealings to ensure a secure and unrestricted existence in the modern world. That’s why we encourage you to improve your digital security. Check out our McAfee+ and Total Protection to boost your protection.
The post Do the Benefits of Bitcoin Outweigh the Risks? appeared first on McAfee Blog.
The rise in popularity of Internet-connected smart devices has brought about a new era of convenience and functionality for consumers. From Smart TVs and refrigerators to wireless speakers, these devices have transformed the way we live and communicate. However, this advancement in technology is not without its downsides. One of the most notable is the increasing vulnerability to cyber-attacks. In this article, we’ll explore what happened when hundreds of thousands of these devices were roped into an extensive Internet-of-Things (IoT) cyber attack, how it happened, and how you can protect your smart devices to stay safe.
In what has been termed as the first widespread IoT cyber attack, security researchers discovered that over 100,000 smart home devices were manipulated to form a malicious network. This network, dubbed ‘ThingBot,’ was used to launch a massive phishing campaign, sending out approximately 750,000 spam emails over a two-week period.
The key players in this attack were the smart home appliances that many of us use every day. They range from Smart TVs and refrigerators to wireless speakers, all of which were connected to the internet. The attack signified two key developments: the rise of the IoT phenomenon and the substantial security threats posed by these increasingly connected devices.
→ Dig Deeper: LG Smart TVs Leak Data Without Permission
IoT refers to the growing trend of everyday devices becoming more connected to the web. This connection aims to bring added convenience and ease to our daily activities. It ranges from wearable devices like FitBit and Google Glass to smart TVs, thermostats, and computerized cars. While this trend is new and rapidly growing, its implications for security are significant.
The discovery of the IoT botnet in this attack demonstrates just how easily hackers can commandeer these connected smart devices. One would think that security software installed on PCs would provide adequate protection. Unfortunately, that’s not the case. The new generation of connected appliances and wearables does not come with robust security measures. This deficiency is the reason why hackers were able to infect more than 100,000 home devices in a global attack, manipulating these devices to send out their malicious messages.
→ Dig Deeper: The Wearable Future Is Hackable. Here’s What You Need To Know
Cybercriminals will continue to exploit the inherent insecurities in the IoT landscape. With the number of connected or “smart” devices projected to increase exponentially in the coming years (reaching an estimated 200 billion IoT devices by 2020). Here’s a list of those implications users can expect:
Prevention and precaution are the best defense against IoT cyber attacks. The first step is to secure your devices with a password. While it may seem simple and obvious, many consumers disregard this step, leaving their devices vulnerable to attacks. Using unique, complex passwords and frequently updating them can help to safeguard against hacking attempts. Furthermore, consider employing two-step verification for devices that offer this feature for additional security.
One must not forget the importance of software updates. Internet-connected devices such as smart TVs and gaming consoles often come with software that needs regular updating. Manufacturers typically release these updates to patch known security vulnerabilities. Hence, whenever there’s an update, it’s wise to install it promptly. It’s also crucial to exercise caution while browsing the internet on these devices. Avoid clicking links from unknown senders and do not fall for deals that appear too good to be true, as these are common phishing tactics.
→ Dig Deeper: Why Software Updates Are So Important
Before purchasing any IoT device, perform thorough research on the product and the manufacturer. Investigate the company’s security policies and understand the ease with which the product can be updated. In case of any doubts about the security of the device, don’t hesitate to reach out to the manufacturer for clarification. Remember, your security is paramount and deserves this level of attention.
Lastly, it’s vital to protect your mobile devices. Most IoT devices are controlled via smartphones and tablets, making them potential targets for hackers. Ensuring that these devices are secured helps to protect your IoT devices from being compromised. Services like McAfee LiveSafe™ offer comprehensive mobile security that provides real-time protection against mobile viruses, spam, and more, which significantly reduces the chances of a security breach.
McAfee Pro Tip: McAfee LiveSafe doesn’t just protect against mobile viruses. You can safeguard an unlimited number of your personal devices throughout the entire duration of your subscription. So, be sure to connect all your devices for optimal security.
As technology advances and the Internet-of-Things continues to expand, the security challenges associated with it will persist. The first global IoT cyber attack served as a wakeup call for both consumers and manufacturers about the potential security threats that come with the convenience of smart devices. It is essential for individual users to take proactive steps to secure their devices and for manufacturers to continually improve the security features of their products. By working together, we can enjoy the benefits of IoT without compromising our security. And by investing in reliable cybersecurity solutions like McAfee+, Total Protection, and Live Safe, you can enhance your defense against potential attacks and enjoy the benefits of IoT with greater peace of mind.
The post Smart TVs and Refrigerators Used in Internet-of-Things Cyberattack appeared first on McAfee Blog.
In the age of digital data and Internet access, the potential for scams is more significant than ever. These scams often involve leveraging popular search queries to trap unsuspecting netizens into their malicious schemes. Among the top searches in the online world, celebrities hold a prime spot. Through this guide, we aim to shed light on how scammers take advantage of the global fascination with celebrities to target their potential victims.
As digital users, most of us are likely well-acquainted with the phrase “Just Google it.” The search engine has become a go-to source for any information ranging from essential daily needs to entertainment gossip. But it’s crucial to remember that while you’re in pursuit of data, scammers are in search of their next victim.
Scammers have significantly evolved with the advancement of technology. They’ve mastered the art of creating fake or infected websites that can harm your computer systems, extract your financial information, or even steal your identity. Their strategies often include luring victims through popular searches, such as the latest Twitter trends, breaking news stories, major world events, downloads, or even celebrity images and gossip. The higher the popularity of the search, the greater the risk of encountering harmful results.
McAfee has conducted research for six consecutive years on popular celebrities to reveal which ones are riskiest to search for online. For instance, Emma Watson outplaced Heidi Klum as the most dangerous celebrity to look up online. Interestingly, it was the first year that the top 10 list comprised solely of women. Cybercriminals commonly exploit the names of such popular celebrities to lead users to websites loaded with malicious software, consequently turning an innocent search for videos or pictures into a malware-infected nightmare.
→ Dig Deeper: Emma Watson Video Scam: Hackers Use Celeb’s Popularity to Unleash Viruses
Scammers are well aware of the allure the word “free” holds for most Internet users. They cleverly exploit this to get your attention and draw you into their traps. For instance, when you search for “Beyonce” or “Taylor Swift” followed by prompts like “free downloads”, “Beyonce concert photos”, or “Taylor Swift leaked songs”, you expose yourself to potential online threats aiming to steal your personal information. It’s always prudent to maintain a healthy level of skepticism when encountering offers that seem too good to be true, especially those labeled as “free.”
While the internet can be a dangerous playground, it doesn’t mean that you cannot protect yourself effectively. Using common sense, double-checking URLs, utilizing safe search plugins, and having comprehensive security software are some strategies to help ensure your online safety. This guide aims to provide you with insights and tools to navigate the online world without falling prey to its many hidden dangers.
Truth be told, the responsibility for online safety lies primarily with the user. Just as you would not walk into any shady-looking place in real life, it requires a similar instinct to avoid shady sites while browsing online. One important piece of advice – if something appears too good to be true, in all probability, it is. So, take note of these practical tips to help you guard against celebrity scams and other online threats:
→ Dig Deeper: How to Tell Whether a Website Is Safe or Unsafe
→ Dig Deeper: The Big Reason Why You Should Update Your Browser (and How to Do It)
Having comprehensive security software installed on your devices is another crucial step towards preventing scams. Good antivirus software can protect against the latest threats, alert you about unsafe websites, and even detect phishing attempts. Furthermore, always keep your security software and all other software updated. Cybercriminals are known to exploit vulnerabilities in outdated software to infiltrate your devices and steal your data.
Apart from ensuring you have security software, be cautious about what you download on your devices. Trojans, viruses, and malware are often hidden in downloadable files, especially in sites that offer ‘free’ content. Cybercriminals tempting users to download infected files often use popular celebrity names. Therefore, download wisely and from reputed sources.
McAfee Pro Tip: Before committing to a comprehensive security plan, it’s crucial to evaluate your security protection and analyze your requirements. This proactive stance forms the bedrock for crafting strong cybersecurity measures that cater precisely to your unique needs and potential vulnerabilities. For more information about our acclaimed security solutions, explore our range of products.
In the digital world, where information and entertainment are available at our fingertips, it’s crucial to remain vigilant against scams, especially those involving celebrities. By exercising prudent online practices like scrutinizing URLs, using safe search plugins, and installing comprehensive security software, we can significantly reduce our risk of falling prey to these scams.
It’s imperative to understand that the popularity of a search term or trend is directly proportional to the risk it carries. So next time, before you search for your favorite celebrity, remember, the more famous the celebrity, the greater the risk. Together with McAfee, let’s promote safer browsing practices and contribute to a safer online community for all.
The post Celebrities Are Lures For Scammers appeared first on McAfee Blog.
One of the essential aspects of digital security resides in the strength of our passwords. While they are the most convenient and effective way to restrict access to our personal and financial information, the illusion of a fully secure password does not exist. The reality is that we speak in terms of less or more secure passwords. From a practical perspective, we must understand the behind-the-scenes actions that could potentially compromise our passwords and consequently, our digital lives.
Unfortunately, most users frequently overlook this crucial part of their digital existence. They remain largely ignorant of numerous common techniques that hackers employ to crack passwords, leading to the potential loss of personal details, financial information, or even identity theft. Therefore, this blog aims to enlighten readers on how they might be unknowingly making their passwords vulnerable.
Passwords serve as the first line of defense against unauthorized access to our online accounts, be it email, social media, banking, or other sensitive platforms. However, the unfortunate reality is that not all passwords are created equal, and many individuals and organizations fall victim to password breaches due to weak or compromised credentials. Let’s explore the common techniques for cracking passwords, and learn how to stay one step ahead in the ongoing battle for online security.
In the world of cyber-attacks, dictionary attacks are common. This approach relies on using software that plugs common words into the password fields in an attempt to break in. It’s an unfortunate fact that free online tools exist to make this task almost effortless for cybercriminals. This method spells doom for passwords that are based on dictionary words, common misspellings, slang terms, or even words spelled backward. Likewise, using consecutive keyboard combinations such as qwerty or asdfg is equally risky. An excellent practice to deflect this attack is to use unique character combinations that make dictionary attacks futile.
Besides text-based passwords, these attacks also target numeric passcodes. When over 32 million passwords were exposed in a breach, nearly 1% of the victims used ‘123456’ as their password. Close on its heels, ‘12345’ was the next most popular choice, followed by similar simple combinations. The best prevention against such attacks is avoiding predictable and simple passwords.
→ Dig Deeper: Cracking Passwords is as Easy as “123”
While security questions help in password recovery, they also present a potential vulnerability. When you forget your password and click on the ‘Forgot Password’ link, the website generally poses a series of questions to verify your identity. The issue here is that many people use easily traceable personal information such as names of partners, children, other family members, or pets as their answers, some of which can be found on social media profiles with little effort. To sidestep this vulnerability, it’s best not to use easily accessible personal information as the answer to security questions.
McAfee Pro Tip: Exercise caution when sharing content on social media platforms. Avoid making all your personal information publicly accessible to thwart hackers from gathering sensitive details about you. Learn more about the dangers of oversharing on social media here.
A common mistake that many internet users make is reusing the same password for multiple accounts. This practice is dangerous as if one data breach compromises your password, the hackers can potentially gain access to other websites using the same login credentials. According to a report published by LastPass in 2022, a recent breach revealed a shocking password reuse rate of 31% among its victims. Hence, using unique passwords for each of your accounts significantly reduces the risk associated with password reuse.
Moreover, it’s also advisable to keep changing your passwords regularly. While this might seem like a hassle, it is a small price to pay for ensuring your digital security. Using a password manager can help you remember and manage different passwords for different websites.
Social Engineering is a non-technical strategy that cybercriminals use, which relies heavily on human interaction and psychological manipulation to trick people into breaking standard security procedures. They lure their unsuspecting victims into revealing confidential data, especially passwords. Therefore, vigilance and skepticism are invaluable weapons to have in your arsenal to ward off such attacks.
The first step here would be not to divulge your password to anyone, no matter how trustworthy they seem. You should also be wary of unsolicited calls or emails asking for your sensitive information. Remember, legitimate companies will never ask for your password through an email or a phone call.
Despite the vulnerabilities attached to passwords, much can be done to enhance their security. For starters, creating a strong password is the first line of defense. To achieve this, you need to use a combination of uppercase and lowercase letters, numbers, and symbols. Making the password long, at least 12 to 15 characters, significantly improves its strength. It’s also advisable to avoid using common phrases or strings of common words as passwords- they can be cracked through advanced versions of dictionary attacks.
In addition to creating a strong password, adopting multi-factor authentication can greatly enhance your account security. This technology requires more than one form of evidence to verify your identity. It combines something you know (your password), something you have (like a device), and something you are (like your fingerprint). This makes it more difficult for an attacker to gain access even if they have your password.
→ Dig Deeper: 15 Tips To Better Password Security
The future of passwords looks promising. Scientists and tech giants are working relentlessly to develop stronger and more efficient access control tools. Biometrics, dynamic-based biometrics, image-based access, and hardware security tokens are some of the emerging technologies promising to future-proof digital security. With biometrics, users will no longer need to remember complex passwords as access will be based on unique personal features such as fingerprints or facial recognition.
Another promising direction is the use of hardware security tokens, which contain digital certificates to authenticate the user. These tokens can be used in combination with a password to provide two-factor authentication. This makes it more difficult for an attacker to gain access as they would need both your token and your password. While these technologies are still developing, they suggest a future where access control is more secure and user-friendly.
In conclusion, while there’s no such thing as a perfectly secure password, much can be done to enhance their security. Understanding the common techniques for cracking passwords, such as dictionary attacks and security questions’ exploitation, is the first step towards creating more secure passwords. Using unique complex passwords, combined with multi-factor authentication and software tools like McAfee’s True Key, can greatly improve the security of your accounts.
The future of passwords looks promising with the development of biometrics and hardware security tokens. Until then, it’s crucial to adopt the best password practices available to protect your digital life. Remember, your online security is highly dependent on the strength and uniqueness of your passwords, so keep them complex, unique, and secure.
The post What Makes My Passwords Vulnerable? appeared first on McAfee Blog.
It’s that time of year again: election season! You already know what to expect when you flip on the TV. Get ready for a barrage of commercials, each candidate saying enough to get you to like them but nothing specific enough to which they must stay beholden should they win.
What you might not expect is for sensationalist election “news” to barge in uninvited on your screens. Fake news – or exaggerated or completely falsified articles claiming to be unbiased and factual journalism, often spread via social media – can pop up anytime and anywhere. This election season’s fake news machine will be different than previous years because of the emergence of mainstream artificial intelligence tools.
Here are a few ways desperate zealots may use various AI tools to stir unease and spread misinformation around the upcoming election.
We’ve had time to learn and operate by the adage of “Don’t believe everything you read on the internet.” But now, thanks to deepfake, that lesson must extend to “Don’t believe everything you SEE on the internet.” Deepfake is the digital manipulation of a video or photo. The result often depicts a scene that never happened. At a quick glance, deepfakes can look very real! Some still look real after studying them for a few minutes.
People may use deepfake to paint a candidate in a bad light or to spread sensationalized false news reports. For example, a deepfake could make it look like a candidate flashed a rude hand gesture or show a candidate partying with controversial public figures.
According to McAfee’s Beware the Artificial Imposter report, it only takes three seconds of authentic audio and minimal effort to create a mimicked voice with 85% accuracy. When someone puts their mind to it and takes the time to hone the voice clone, they can achieve a 95% voice match to the real deal.
Well-known politicians have thousands of seconds’ worth of audio clips available to anyone on the internet, giving voice cloners plenty of samples to choose from. Fake news spreaders could employ AI voice generators to add an authentic-sounding talk track to a deepfake video or to fabricate a snappy and sleazy “hot mike” clip to share far and wide online.
Programs like ChatGPT and Bard can make anyone sound intelligent and eloquent. In the hands of rabble-rousers, AI text generation tools can create articles that sound almost professional enough to be real. Plus, AI allows people to churn out content quickly, meaning that people could spread dozens of fake news reports daily. The number of fake articles is only limited by the slight imagination necessary to write a short prompt.
Before you get tricked by a fake news report, here are some ways to spot a malicious use of AI intended to mislead your political leanings:
Is what you’re reading or seeing or hearing too bizarre to be true? That means it probably isn’t. If you’re interested in learning more about a political topic you came across on social media, do a quick search to corroborate a story. Have a list of respected news establishments bookmarked to make it quick and easy to ensure the authenticity of a report.
If you encounter fake news, the best way you can interact with it is to ignore it. Or, in cases where the content is offensive or incendiary, you should report it. Even if the fake news is laughably off-base, it’s still best not to share it with your network, because that’s exactly what the original poster wants: For as many people as possible to see their fabricated stories. All it takes is for someone within your network to look at it too quickly, believe it, and then perpetuate the lies.
It’s great if you’re passionate about politics and the various issues on the ballot. Passion is a powerful driver of change. But this election season, try to focus on what unites us, not what divides us.
The post This Election Season, Be on the Lookout for AI-generated Fake News appeared first on McAfee Blog.
Are we in the Wild West? Scrolling through your social media feed and breaking news sites, all the mentions of artificial intelligence and its uses makes the online world feel like a lawless free-for-all.
While your school or workplace may have rules against using AI for projects, as of yet there are very few laws regulating the usage of mainstream AI content generation tools. As the technology advances are laws likely to follow? Let’s explore.
As of August 2023, there are no specific laws in the United States governing the general public’s usage of AI. For example, there are no explicit laws banning someone from making a deepfake of a celebrity and posting it online. However, if a judge could construe the deepfake as defamation or if it was used as part of a scam, it could land the creator in hot water.
The White House issued a draft of an artificial intelligence bill of rights that outlines best practices for AI technologists. This document isn’t a law, though. It’s more of a list of suggestions to urge developers to make AI unbiased, as accurate as possible, and to not completely rely on AI when a human could perform the same job equally well.1 The European Union is in the process of drafting the EU AI Act. Similar to the American AI Bill of Rights, the EU’s act is mostly directed toward the developers responsible for calibrating and advancing AI technology.2
China is one country that has formal regulations on the use of AI, specifically deepfake. A new law states that a person must give express consent to allow their faces to be used in a deepfake. Additionally, the law bans citizens from using deepfake to create fake news reports or content that could negatively affect the economy, national security, or China’s reputation. Finally, all deepfakes must include a disclaimer announcing that the content was synthesized.3
As scammers, edgy content creators, and money-conscious executives push the envelope with deepfake, AI art, and text-generation tools, laws governing AI use may be key to stopping the spread of fake news and protect people’s livelihoods and reputations.
Deepfake challenges the notion that “seeing is believing.” Fake news reports can be dangerous to society when they encourage unrest or spark widespread outrage. Without treading upon the freedom of speech, is there a way for the U.S. and other countries to regulate deepfake creators with intentions of spreading dissent? China’s mandate that deepfake content must include a disclaimer could be a good starting point.
The Writers Guild of America (WGA) and Screen Actors Guild – American Federation of Television and Radio Artists (SAG-AFTRA) strikes are a prime example of how unbridled AI use could turn invasive and impact people’s jobs. In their new contract negotiations, each union included an AI clause. For the writers, they’re asking that AI-generated text not be allowed to write “literary material.” Actors are arguing against the widespread use of AI-replication of actors’ voices and faces. While deepfake could save (already rich) studios millions, these types of recreations could put actors out of work and would allow the studio to use the actors’ likeness in perpetuity without the actors’ consent.4 Future laws around the use of AI will likely include clauses about consent and assuming the risk text generators introduce to any project.
In the meantime, while the world awaits more guidelines and firm regulations governing mainstream AI tools, the best way you can interact with AI in daily life is to do so responsibly and in moderation. This includes using your best judgement and always being transparent when AI was involved in a project.
Overall, whether in your professional and personal life, it’s best to view AI as a partner, not as a replacement.
1The White House, “Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People”
2European Parliament, “EU AI Act: first regulation on artificial intelligence”
3CNBC, “China is about to get tougher on deepfakes in an unprecedented way. Here’s what the rules mean”
4NBC News, “Actors vs. AI: Strike brings focus to emerging use of advanced tech”
The post The Wild West of AI: Do Any AI Laws Exist? appeared first on McAfee Blog.
It’s not all funny limericks, bizarre portraits, and hilarious viral skits. ChatGPT, Bard, DALL-E, Craiyon, Voice.ai, and a whole host of other mainstream artificial intelligence tools are great for whiling away an afternoon or helping you with your latest school or work assignment; however, cybercriminals are bending AI tools like these to aid in their schemes, adding a whole new dimension to phishing, vishing, malware, and social engineering.
Here are some recent reports of AI’s use in scams plus a few pointers that might tip you off should any of these happen to you.
Vishing – or phishing over the phone – is not a new scheme; however, AI voice mimickers are making these scamming phone calls more believable than ever. In Arizona, a fake kidnapping phone call caused several minutes of panic for one family, as a mother received a demand for ransom to release her alleged kidnapped daughter. On the phone, the mother heard a voice that sounded exactly like her child’s, but it turned out to be an AI-generated facsimile.
In reality, the daughter was not kidnapped. She was safe and sound. The family didn’t lose any money because they did the right thing: They contacted law enforcement and kept the scammer on the phone while they located the daughter.1
Imposter scams accounted for a loss of $2.6 billion in the U.S. in 2022. Emerging AI scams could increase that staggering total. Globally, about 25% of people have either experienced an AI voice scam or know someone who has, according to McAfee’s Beware the Artificial Imposter report. Additionally, the study discovered that 77% of voice scam targets lost money as a result.
No doubt about it, it’s frightening to hear a loved one in distress, but try to stay as calm as possible if you receive a phone call claiming to be someone in trouble. Do your best to really listen to the “voice” of your loved one. AI voice technology is incredible, but there are still some kinks in the technology. For example, does the voice have unnatural hitches? Do words cut off just a little too early? Does the tone of certain words not quite match your loved one’s accent? To pick up on these small details, a level head is necessary.
What you can do as a family today to avoid falling for an AI vishing scam is to agree on a family password. This can be an obscure word or phrase that is meaningful to you. Keep this password to yourselves and never post about it on social media. This way, if a scammer ever calls you claiming to have or be a family member, this password could determine a fake emergency from a real one.
Deepfake, or the digital manipulation of an authentic image, video, or audio clip, is an AI capability that unsettles a lot of people. It challenges the long-held axiom that “seeing is believing.” If you can’t quite believe what you see, then what’s real? What’s not?
The FBI is warning the public against a new scheme where cybercriminals are editing explicit footage and then blackmailing innocent people into sending money or gift cards in exchange for not posting the compromising content.2
Deepfake technology was also at the center of an incident involving a fake ad. A scammer created a fake ad depicting Martin Lewis, a trusted finance expert, advocating for an investment venture. The Facebook ad attempted to add legitimacy to its nefarious endeavor by including the deepfaked Lewis.3
No response is the best response to a ransom demand. You’re dealing with a criminal. Who’s to say they won’t release their fake documents even if you give in to the ransom? Involve law enforcement as soon as a scammer approaches you, and they can help you resolve the issue.
Just because a reputable social media platform hosts an advertisement doesn’t mean that the advertiser is a legitimate business. Before buying anything or investing your money with a business you found through an advertisement, conduct your own background research on the company. All it takes is five minutes to look up its Better Business Bureau rating and other online reviews to determine if the company is reputable.
To identify a deepfake video or image, check for inconsistent shadows and lighting, face distortions, and people’s hands. That’s where you’ll most likely spot small details that aren’t quite right. Like AI voices, deepfake technology is often accurate, but it’s not perfect.
Content generation tools have some safeguards in place to prevent them from creating text that could be used illegally; however, some cybercriminals have found ways around those rules and are using ChatGPT and Bard to assist in their malware and phishing operations. For example, if a criminal asked ChatGPT to write a key-logging malware, it would refuse. But if they rephrased and asked it to compose code that captures keystrokes, it may comply with that request. One researcher demonstrated that even someone with little knowledge of coding could use ChatGPT, thus making malware creation simpler and more available than ever.4 Similarly, AI text generation tools can create convincing phishing emails and create them quickly. In theory, this could speed up a phisher’s operation and widen their reach.
You can avoid AI-generated malware and phishing correspondences the same way you deal with the human-written variety: Be careful and distrust anything that seems suspicious. To steer clear of malware, stick to websites you know you can trust. A safe browsing tool like McAfee web protection – which is included in McAfee+ – can doublecheck that you stay off of sketchy websites.
As for phishing, when you see emails or texts that demand a quick response or seem out of the ordinary, be on alert. Traditional phishing correspondences are usually riddled with typos, misspellings, and poor grammar. AI-written lures are often written well and rarely contain errors. This means that you must be diligent in vetting every message in your inbox.
While the debate about regulating AI heats up, the best thing you can do is to use AI responsibly. Be transparent when you use it. And if you suspect you’re encountering a malicious use of AI, slow down and try your best to evaluate the situation with a clear mind. AI can create some convincing content, but trust your instincts and follow the above best practices to keep your money and personal information out of the hands of cybercriminals.
1CNN, “‘Mom, these bad men have me’: She believes scammers cloned her daughter’s voice in a fake kidnapping”
2NBC News, “FBI warns about deepfake porn scams”
3BBC, “Martin Lewis felt ‘sick’ seeing deepfake scam ad on Facebook”
4Dark Reading, “Researcher Tricks ChatGPT Into Building Undetectable Steganoraphy Malware”
The post AI in the Wild: Malicious Applications of Mainstream AI Tools appeared first on McAfee Blog.
Are you skeptical about mainstream artificial intelligence? Or are you all in on AI and use it all day, every day?
The emergence of AI in daily life is streamlining workdays, homework assignments, and for some, personal correspondences. To live in a time where we can access this amazing technology from the smartphones in our pockets is a privilege; however, overusing AI or using it irresponsibly could cause a chain reaction that not only affects you but your close circle and society beyond.
Here are four tips to help you navigate and use AI responsibly.
Artificial intelligence certainly earns the “intelligence” part of its name, but that doesn’t mean it never makes mistakes. Make sure to proofread or review everything AI creates, be it written, visual, or audio content.
For instance, if you’re seeking a realistic image or video, AI often adds extra fingers and distorts faces. Some of its creations can be downright nightmarish! Also, there’s a phenomenon known as an AI hallucination. This occurs when the AI doesn’t admit that it doesn’t know the answer to your question. Instead, it makes up information that is untrue and even fabricates fake sources to back up its claims.
One AI hallucination landed a lawyer in big trouble in New York. The lawyer used ChatGPT to write a brief, but he didn’t double check the AI’s work. It turns out the majority of the brief was incorrect.1
Whether you’re a blogger with thousands of readers or you ask AI to write a little blurb to share amongst your friends or coworkers, it is imperative to edit everything that an AI tool generates. Not doing so could start a rumor based on a completely false claim.
If you use AI to do more than gather a few rough ideas, you should cite the tool you used as a source. Passing off an AI’s work as your own could be considered cheating in the eyes of teachers, bosses, or critics.
There’s a lot of debate about whether AI has a place in the art world. One artist entered an image to a photography contest that he secretly created with AI. When his submission won the contest, the photographer revealed AI’s role in the image and gave up his prize. The photographer intentionally kept AI out of the conversation to prove a point, but imagine if he kept the image’s origin to himself.2 Would that be fair? When other photographers had to wait for the perfect angle of sunlight or catch a fleeting moment in time, should an AI-generated image with manufactured lighting and static subjects be judged the same way?
Even if you don’t personally use AI, you’re still likely to encounter it daily, whether you realize it or not. AI-generated content is popular on social media, like the deepfake video game battles between politicians.3 (A deepfake is a manipulation of a photo, video, or audio clip that depicts something that never happened.) The absurdity of this video series is likely to tip off the viewer to its playful intent, though it’s best practice to add a disclaimer to any deepfake.
Some deepfake have a malicious intent on top of looking and sounding very realistic. Especially around election time, fake news reports are likely to swirl and discredit the candidates. A great rule of thumb is: If it seems too fantastical to be true, it likely isn’t. Sometimes all it takes is five minutes to guarantee the authenticity of a social media post, photo, video, or news report. Think critically about the authenticity of the report before sharing. Fake news reports spread quickly, and many are incendiary in nature.
According to “McAfee’s Modern Love Research Report,” 26% of respondents said they would use AI to write a love note; however, 49% of people said that they’d feel hurt if their partner tasked a machine with writing a love note instead of writing one with their own human heart and soul.
Today’s AI is not sentient. That means that even if the final output moved you to tears or to laugh out loud, the AI itself doesn’t truly understand the emotions behind what it creates. It’s simply using patterns to craft a reply to your prompt. Hiding or funneling your true feelings into a computer program could result in a shaky and secretive relationship.
Plus, if everyone relied upon AI content generation tools like ChatGPT, Bard, and Copy.ai, then how can we trust any genuine display of emotion? What would the future of novels, poetry, and even Hollywood look like?
Responsible AI is a term that governs the responsibilities programmers have to society to ensure they populate AI systems with bias-free and accurate data. OpenAI (the organization behind ChatGPT and DALL-E) vows to act in “the best interests of humanity.”4 From there, the everyday people who interact with AI must similarly act in the best interests of themselves and those around them to avoid unleashing the dangers of AI upon society.
The capabilities of AI are vast, and the technology is getting more sophisticated by the day. To ensure that the human voice and creative spirit doesn’t permanently take on a robotic feel, it’s best to use AI in moderation and be open with others about how you use it.
To give you additional peace of mind, McAfee+ can restore your online privacy and identity should you fall into an AI-assisted scam. With identity restoration experts and up to $2 million in identity theft coverage, you can feel better about navigating this new dimension in the online world.
1The New York Times, “Here’s What Happens When Your Lawyer Uses ChatGPT”
2ARTnews, “Artist Wins Photography Contest After Submitting AI-Generated Image, Then Forfeits Prize”
3Business Insider, “AI-generated audio of Joe Biden and Donald Trump trashtalking while gaming is taking over TikTok”
4OpenAI, “OpenAI Charter”
The post Four Ways To Use AI Responsibly appeared first on McAfee Blog.
There are plenty of phish in the sea.
Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe.
And some of today’s phishing emails are indeed getting tougher to spot.
They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.
And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.
Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid.
Again, you can sidestep these attacks if you know how to spot them. There are signs.
Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for.
In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported.
Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.
Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information.
As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack.
So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly.
Nearly every phishing attack sends an urgent message. One designed to get you to act.
Some examples …
When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these.
And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice.
Case in point:
Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer.
We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see.
As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely.
Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious.
Here’s where the attackers really got bold.
They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus.
Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam.
Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.”
Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.
Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack.
Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.
For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use.
Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples.
There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …”
Taken all together, someone can readily spot that this is a scam with a closer look.
This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be.
What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same.
This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach.
The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course.
Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether.
Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot.
And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit?
One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind …
Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator.
If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well.
Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam.
Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately.
Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods.
Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam.
Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt.
Online protection software can protect you from phishing attacks in several ways.
For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware.
Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.
Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands.
In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today.
The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.
FreshRSS 