Login
With the reality of the digital age, the internet has become a vital part of our daily lives. While it offers immense benefits, the online world also has its potential risks. One such alarming issue involves extremist groups targeting impressionable teenagers online. An example of this is the Orlando nightclub massacre, where the gunman was believed to have been radicalized online. This guide aims to shed light on how these extremist groups operate and provide helpful measures for parents to protect their children.
According to experts, extremist groups approach their targets subtly, often presenting their ideologies as non-threatening at first. These manipulations are not limited to only social media platforms, such as Facebook or Twitter, but can be encountered in various forms like pop-up ads, hashtags, blog posts, and even videos. Extremist content is widespread online, and it has become increasingly crucial to educate your family about these threats.
Influence from these groups does not happen overnight. It often starts with behavioral changes. Common signs that a teen may be exposed to extremist ideologies include physical changes, sudden interest in fundamental values, increasingly critical towards the U.S., or constantly praising extremist violence in the news. These changes may seem minor at first, but they can lead to sinister results if left unchecked.
ISIS, among other extremist groups, has used the internet extensively for propaganda and recruitment. Their online presence is state-of-the-art and their recruitment methods are sophisticated. They primarily target impressionable teens and young adults who are often at the peak of their emotional turmoil and rebellion. They capitalize on the young person’s desire for acceptance, camaraderie and the urge to act out.
Extremist ideology is presented in a way that validates and glorifies this rebellion, treating it as an act of bravery. These groups lure in both males and females with promises of material rewards, eternal favor, adventure, and even heroism. All these appeal to the human desire for acceptance and significance, making it more appealing for impressionable youths.
The Family Institute for Online Safety (FOSI) released a report entitled “Violent Extremism: The New Online Safety Discussion”. It highlighted the ongoing threat of online extremism and the potential exposure of children to extremist content. The report recommends proactive measures such as awareness, education, and collaboration among government, community leaders, and social media companies to keep families safe from these threats.
Parents play a critical role in curbing this menace. They need to discuss current world events and the reliability of online content their children might encounter online. They should help their children develop critical thinking skills about the content they consume online, understand the motivations behind posted content and the potential manipulation involved.
As a parent, it is important to observe your child’s online behavior. This does not imply invading their privacy but rather maintaining open communication about their online activities. As recommended by the FOSI report, parents should be aware of the sites their children visit and the content they consume. Encourage your child to discuss questionable content or unusual interactions they encounter online. This open communication helps build trust and promotes a safer online environment.
Teaching your children about digital footprint is also essential. Explain how their online behavior can have real-life consequences. This can range from damaging their reputation to attracting unwanted attention from malicious figures, such as those from extremist groups. Encourage them to think twice before posting or responding to content online, and remind them that nothing they do online is truly hidden or erased.
→ Dig Deeper: 6 Tips to Help Protect and Improve Your Child’s Online Reputation
There are numerous online resources available to assist parents in mitigating the influence of online extremism on their children. These include guides on dealing with tragedy and resources to help identify and address childhood depression. Utilizing these resources can equip parents with the knowledge to address difficult situations appropriately and limit the impact on their child’s mental health. Here are some sources you might want to check out:
→ Dig Deeper: Does Your Child Have an Unhealthy Relationship with Social Media?
The digital age brings with it immense benefits and potential risks. Online extremism is a real threat, but proactive and involved parenting can help minimize its influence on our children. By staying informed about extremist tactics, maintaining open dialogue with our children about their online activities, and utilizing available resources, we can help ensure their online safety. After all, armed with knowledge and understanding, we are well-equipped to face, address, and overcome these challenges.
Improve yours and your children’s understanding of the online world with the help of McAfee. Whether it’s through educational content, parental control solutions, or security features, McAfee empowers both parents and children to make informed decisions, practice responsible online behavior, and stay safe in an ever-evolving digital landscape.
The post How Extremist Groups Target Teens Online appeared first on McAfee Blog.
Recent Internet attacks have caused several popular sites to become unreachable. These include Twitter, Etsy, Spotify, Airbnb, Github, and The New York Times. These incidents have highlighted a new threat to online services: botnets powered by the Internet of Things (IoT). Distributed denial of service (DDoS) attacks have been around for over a decade and, for the most part, have been handled by network providers’ security services. However, the landscape is changing.
The primary strategy in these attacks is to control a number of devices which then simultaneously flood a destination with network requests. The target becomes overloaded and legitimate requests cannot be processed. Traditional network filters typically handle this by recognizing and blocking systems exhibiting this malicious behavior. However, when thousands of systems mount an attack, these traditional filters fail to differentiate between legitimate and malicious traffic, causing system availability to crumble.
Cybercriminals and hacktivists have found a new weapon in this war: the IoT. Billions of IoT devices exist, ranging in size from a piece of jewelry to a tractor. These devices all have one thing in common: they connect to the internet. While this connection offers tremendous benefits, such as allowing users to monitor their homes or check the contents of their refrigerators remotely, it also presents a significant risk. For hackers, each IoT device represents a potential recruit for their bot armies.
A recent attack against a major DNS provider shed light on this vulnerability. Botnets containing tens or hundreds of thousands of hijacked IoT devices have the potential to bring down significant sections of the internet. Over the coming months, we’ll likely discover just how formidable a threat these devices pose. For now, let’s dig into the key aspects of recent IoT DDoS attacks.
The proliferation of Internet of Things (IoT) devices has ushered in a new era of digital convenience, but it has also opened the floodgates to a range of cybersecurity concerns. To navigate the complexities of this digital landscape, it’s essential to grasp five key points:
Each device that can be hacked is a potential soldier for a botnet army, which could be used to disrupt essential parts of the internet. Such attacks can interfere with your favorite sites for streaming, socializing, shopping, healthcare, education, banking, and more. They have the potential to undermine the very foundations of our digital society. This underscores the need for proactive measures to protect our digital way of life and ensure the continued availability of essential services that have become integral to modern living.
→Dig Deeper: How Valuable Is Your Health Care Data?
Hackers will fight to retain control over them. Though the malware used in the Mirai botnets is simple, it will evolve as quickly as necessary to allow attackers to maintain control. IoT devices are significantly valuable to hackers as they can enact devastating DDoS attacks with minimal effort. As we embrace the convenience of IoT, we must also grapple with the responsibility of securing these devices to maintain the integrity and resilience of our increasingly digitized way of life.
Identifying and mitigating attacks from a handful of systems is manageable. However, when tens or hundreds of thousands of devices are involved, it becomes nearly impossible. The resources required to defend against such an attack are immense and expensive. For instance, a recent attack that aimed to incapacitate Brian Krebs’ security-reporting site led to Akamai’s Vice President of Web Security stating that if such attacks were sustained, they could easily cost millions in cybersecurity services to keep the site available. Attackers are unlikely to give up these always-connected devices that are ideal for forming powerful DDoS botnets.
There’s been speculation that nation-states are behind some of these attacks, but this is highly unlikely. The authors of Mirai, a prominent botnet, willingly released their code to the public, something a governmental organization would almost certainly not do. However, it’s plausible that after observing the power of IoT botnets, nation-states are developing similar strategies—ones with even more advanced capabilities. In the short term, however, cybercriminals and hacktivists will continue to be the primary drivers of these attacks.
→ Dig Deeper: Mirai Botnet Creates Army of IoT Orcs
In the coming months, it’s expected that criminals will discover ways to profit from these attacks, such as through extortion. The authors of Mirai voluntarily released their code to the public—an action unlikely from a government-backed team. However, the effectiveness of IoT botnets hasn’t gone unnoticed, and it’s a good bet that nation-states are already working on similar strategies but with significantly more advanced capabilities.
Over time, expect cybercriminals and hacktivists to remain the main culprits behind these attacks. In the immediate future, these groups will continue to exploit insecure IoT devices to enact devastating DDoS attacks, constantly evolving their methods to stay ahead of defenses.
→ Dig Deeper: Hacktivists Turn to Phishing to Fund Their Causes
Unfortunately, the majority of IoT devices lack robust security defenses. The devices currently being targeted are the most vulnerable, many of which have default passwords easily accessible online. Unless the owner changes the default password, hackers can quickly and easily gain control of these devices. With each device they compromise, they gain another soldier for their botnet.
To improve this situation, several factors must be addressed. Devices must be designed with security at the forefront; they must be configured correctly and continuously managed to keep their security up-to-date. This will require both technical advancements and behavioral changes to stay in line with the evolving tactics of hackers.
McAfee Pro Tip: Software updates not only enhance security but also bring new features, better compatibility, stability improvements, and feature removal. While frequent update reminders can be bothersome, they ultimately enhance the user experience, ensuring you make the most of your technology. Know more about the importance of software updates.
Securing IoT devices is now a critical issue for everyone. The sheer number of IoT devices, combined with their vulnerability, provides cybercriminals and hacktivists with a vast pool of resources to fuel potent DDoS campaigns. We are just beginning to observe the attacks and issues surrounding IoT security. Until the implementation of comprehensive controls and responsible behaviors becomes commonplace, we will continue to face these challenges. By understanding these issues, we take the first steps toward a more secure future.
Take more steps with McAfee to secure your digital future. Explore our security solutions or read our cybersecurity blogs and reports.
The post Top 5 Things to Know About Recent IoT Attacks appeared first on McAfee Blog.
In today’s digital age, most of our personal information and sensitive data are stored online. From banking transactions to vital records, everything lies behind the protective screen of our passwords. The importance of having strong, unique passwords cannot be overstated. However, most individuals tend to use weak passwords or reuse the same password over and over, exposing their digital assets to potential hackers.
Based on a study conducted by McAfee, consumers tend to estimate the value of their digital assets, distributed over multiple devices, to be around $35,000. These digital assets not only include music, videos, photos, and apps but also important information like emails, texts, health and financial records, resumes, and even portfolios. The very thought of losing all this data to cybercriminals is horrifying but is a potential risk if you rely on weak passwords.
Many individuals prefer to reuse their passwords as it’s easier to remember one password rather than a multitude. However, by doing so, you’re inviting a potential breach. If hackers decipher the password for one account, they gain access to all your accounts. Moreover, the challenge is further escalated by the inconsistent password policies across different websites, with some allowing usage of special characters while others don’t.
→ Dig Deeper: Digital Estate Planning – What to Do With Your Digital Assets
A weak password is one that lacks the necessary characteristics to withstand modern hacking techniques. These vulnerabilities often include brevity, where a password is too short to provide sufficient security. Short passwords, especially those with fewer than eight characters, are much easier for attackers to guess using brute force or dictionary attacks. Additionally, weak passwords often lack complexity, relying solely on letters or numbers without incorporating a mix of uppercase letters, lowercase letters, numbers, and special characters. This makes them susceptible to straightforward hacking attempts.
Furthermore, weak passwords may be derived from easily accessible personal information, such as the user’s name, birthdate, or other readily available details. Attackers can often exploit this information through social engineering or data breaches. Additionally, common words, phrases, or dictionary terms in passwords, like “password” or “qwerty,” are particularly weak, as they are frequently targeted in automated password-cracking attacks. To ensure the strength of a password, it is essential to create long, complex, and unique combinations that are challenging for attackers to decipher.
What are the potential consequences of a weak password? A determined hacker can track a person’s online activity, identify and hack weak passwords then use those weak passwords to access banking information, credit card numbers, and personal data used to steal a person’s identity. Remember: Just as you go to work each morning to put food on the table for your family, a hacker has similar goals. So, work with equal diligence to protect what’s yours.Here’s a look at some intriguing numbers that underline the scale of the problem:
The need for a better password management strategy is evident. Start by ensuring you use different passwords for each of your accounts. Even though it’s tempting, avoid using the ‘remember me’ function on your browsers or mobile apps. This function offers convenience but at the risk of revealing your passwords if your device gets stolen or lost.
Avoid entering passwords on computers that you don’t control, like those in an Internet café or library. Further, avoid accessing your accounts via unsecured Wi-Fi connections, such as those at an airport or coffee shop, as hackers can easily intercept your data. Use a VPN. Also, remember, your password is private. Do not share it with anyone. You never know when a trusted friend might turn into a threat.
→ Dig Deeper: Why You Need to Watch Out When Using Public Wi-Fi
Creating a strong password is not as complicated as it seems, and there are several strategies you can apply to create one. A strong password should be long (at least 12 characters), include a mix of letters (both upper and lower case), numbers, and special characters. Avoid using dictionary words, personal information like your name, date of birth, etc., and avoid obvious keyboard paths like “qwerty” or “123456”.
One effective method to create a strong password is to use a phrase or sentence that is meaningful to you, and use the first letter of each word, include numbers or special characters to replace some letters. For example, “My cat Whiskers was born on July 7.” could be transformed into “McWwboJ7.”. This password is strong, unique, and easier to remember than a random string of letters, numbers, and special characters.
Keeping track of different passwords for each account can be challenging. This is why using password managers can be useful. Password managers like LastPass, Dashlane, or McAfee’s password manager can securely store your passwords and help you log in to your accounts with just a click. They also generate strong, unique passwords for you and store them in an encrypted vault, only accessible with a master password.
The master password is the only one you need to remember, so make it a strong one. Also, most password managers offer multi-factor authentication, adding an extra layer of protection. Remember, just like your passwords, your master password should be kept private and not shared with anyone.
Use unique passwords and MFA. If taken seriously, these two extra steps could save you a million headaches. Use unique passwords for each of your accounts. By using different passwords, you avoid having all of your accounts become vulnerable if you are hacked (think domino effect). Then activate MFA, a Multi-Factor Authentication (also called two-step verification or authentication ). MFA confirms a user’s identity only after presenting two or more pieces of evidence. Though not 100% secure, this practice adds a layer of security to an account.
McAfee Pro Tip: Whenever possible, opt for true two-factor and multi-factor authentication. These are robust and dependable verification methods, so make the most of their security benefits. Take advantage of biometric authentication like fingerprint reading and facial recognition. Learn more about 2FA and MFA.
Our digital assets are extremely valuable, and in our increasingly digital world, protecting them becomes even more critical. The key to strong password management involves creating unique, complex passwords, not reusing them across platforms, and changing them regularly. Using tools like password managers can simplify this process and provide additional security. And of course, adding antivirus, like McAfee antivirus, and other security solutions on top of password management is also encouraged. Ultimately, taking these steps can help you secure your digital life and avoid a potential cyber nightmare.
The post Weak Passwords Can Cost You Everything appeared first on McAfee Blog.
Human beings are remarkable in their resilience. Beyond our ability to build and grow civilizations, we possess a somewhat less understood but equally important characteristic – the ability to deceive ourselves. The implications of this trait are vast and diverse, sometimes manifesting in seemingly irrational behavior, such as underestimating risks in the realm of cybersecurity.
Psychology explores the distinguishing factor of mankind from the rest of the species on our planet – reason. How we perceive the world around us and how we act, whether consciously or subconsciously, is governed by our minds. However, when it comes to risk assessment, our brain often falls prey to its limitations. It’s our innate tendencies to underestimate slowly rising threats, substitute one risk for another, or fall under the illusion of control that reveal our resilience in ignoring the hard truths. This applies to today’s digital environment and our approach to cybersecurity.
These psychological tendencies significantly impact the world of cybersecurity. Employees often justify risky behaviors like clicking on unknown links or emails or dismiss their gut feeling when something feels suspicious. Cybersecurity professionals might put an overinflated trust in their own abilities to handle the next threat, rather than seeking help from a third party with potentially more experience. The slow trickle of breaches that make the headlines create an illusion that we are somehow immune to the next one, and while we stay in denial, the risk continues to mount unnoticed.
Survey data provides some alarming insights. According to McAfee’s research among American consumers, 71% of those aged 18-34 believe their data is more secure today than it was a year ago. Similarly, 65% of those aged 35-54 agree. This is in stark contrast to the rapidly growing threats in our virtual world, exemplified by the fact that ten years ago, McAfee Labs observed 25 new threats per day, whereas today we face more than 400,000 new threats per day!
→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
Despite recognising the growing dangers of the cyberspace, consumers often overestimate their own capabilities to defend against such threats. This overconfidence coupled with self-deception presents an ideal opportunity for threat actors to exploit their vulnerabilities. The victims, both consumers and cybersecurity professionals alike, unknowingly advertise themselves as easy targets for the next cyber attack.
Fortunately, there is a solution to this problem. While it might be unrealistic to completely eliminate our inborn tendencies towards self-deceit, we can certainly address them through open dialogue and constructive discussions about our propensity to miscalculate risks. By doing so, we can disarm the enemies, significantly reducing their arsenal and mitigating the threats.
McAfee Pro Tip: Everything starts with self-awareness. We can only disarm these enemies–hackers, in this context–if we inform ourselves of the latest cybersecurity threats that might come our way. Find out more about the latest cybersecurity news on McAfee.
If you would like to learn more about the perceptions of cybersecurity risks, consider reading the book titled, “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War.” This book delves deeper into the complexities of cybersecurity, explaining in detail the intricacies of navigating the cyber threat environment and how to protect yourself effectively.
In addition, McAfee has developed a holistic strategy to transform the learning experience of cybersecurity into an informative journey. Our resources encompass a diverse collection of blogs, enlightening reports, and instructive guides. These materials have been carefully crafted to offer users a wealth of information on safeguarding your online life.
The human brain has been wired over thousands of years of evolution to protect us from threats and ensure our survival. Unfortunately, due to this “protection” mechanism, it often deceives us about the realities of risk. This deception is not intentional but a result of cognitive biases, which are ingrained predispositions that influence our judgement and decision-making.
Various cognitive biases come into play while evaluating risk. For instance, the ‘optimism bias’ leads us to believe that we are less prone to negative outcomes than others. The ‘confirmation bias’ induces us to interpret information in a way that validates our preexisting beliefs. In the cybersecurity landscape, these biases can push us towards underestimating the threats and overestimating our abilities to tackle them.
The optimism bias, for one, can make individuals and organizations overly optimistic about their cybersecurity posture. This bias may lead them to believe that they are less likely to experience a security breach than others, even when they have the same or similar vulnerabilities. This can result in underinvestment in security measures and a lack of preparedness for potential threats.
Confirmation bias, meanwhile, can lead cybersecurity professionals to selectively seek and interpret information that aligns with their preexisting beliefs about security. For example, if an organization believes that a specific security technology is the best solution, they may unconsciously filter out data that contradicts this view. This can result in the implementation of ineffective security measures and a false sense of security.
Recognizing and addressing these biases is crucial in the field of cybersecurity to ensure that risks are accurately assessed, and appropriate measures are taken to protect sensitive data and systems. Cybersecurity professionals should strive to maintain objectivity, seek diverse perspectives, and engage in ongoing risk assessment and mitigation efforts to counteract these biases.
Given how our inbuilt cognitive biases can negatively impact our risk judgments, it is critical to take efforts towards mitigating the resultant miscalculations. Firstly, we need to acknowledge that our minds are prone to deception and can mislead us in evaluating cyber threats. This involves being open to critique and willing to question our assumptions regarding cybersecurity.
Secondly, we need to foster a culture of learning and awareness around cybersecurity. Regular training programs and workshops can help individuals understand the potential threats and learn how to counteract them effectively. Cybersecurity awareness needn’t be a one-time event; it should be an ongoing process. Finally, embracing a proactive approach to cybersecurity that focuses on preventing threats rather than merely responding to them can further help in reducing the risk. This approach not only fortifies our defenses but also empowers us to adapt and thrive in an increasingly interconnected world, where the security of our information is of paramount importance.
→ Dig Deeper: See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online
The deception and resilience of the human mind are two sides of the same coin. While they contribute to our survival and success as a species, they can sometimes lead us astray in intricate domains like cybersecurity. Recognizing our cognitive biases and striving to overcome them can help us better assess and respond to cyber threats. With a proactive approach to cybersecurity and ongoing efforts towards raising awareness, we can make strides towards a safer virtual world.
We invite you to explore the subject further with the book, “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War”. It provides a comprehensive look at the complex world of cybersecurity and offers valuable insights into navigating the cyber threat environment effectively. Alternatively, you can also browse our cybersecurity resources at McAfee.
The post Cybersecurity: Miscalculating Cyber Threats appeared first on McAfee Blog.
Imagine this. You’re 15, feeling unsure about yourself in the world, possibly even a little lonely. One day, a pretty girl starts messaging you on Instagram. She’s kind and funny. She has pets and several happy snaps of her friends and family on her profile – so she looks ‘normal’. Messages are running pretty hot for a few days and you’re loving it. You’re getting on well and are so pumped that someone likes you for you. But then she asks for a nude pic of you, including your face. You’re unsure what to do but don’t want to lose the vibe with this great girl. So, you send it. But there’s a big problem. The ‘normal’ looking girl is in fact a scammer.
In 2022, the Australian Centre to Counter Child Exploitation (ACCCE) averaged more than 100 reports of sextortion every month in 2022. But Australian law enforcement authorities believe the real statistics may in fact be much higher with many estimating than less than 25% of cases are reported. Australian Federal Police Commander Hilda Sirec said that data showed more than 90% of victims were male and aged predominantly between 15 and 17 years of age. Police have seen victims as young as 10 years old.
Sextortion or sexual extortion is a form of blackmail where someone threatens to share a nude or sexual image of yourself unless you meet their demands. Often the victim is tricked or coerced into sending the images. Offenders may demand money, more images or in-person sexual favours. Sexual images may also be captured while a young person is on live stream or video. This is known as ‘capping’.
At the risk of stating the obvious, this can be an incredibly stressful process for the victim. Many offenders have mastered the art of manipulation and can make the victim feel like there is no way out of the situation. The constant threat of sharing content with family and friends coupled with the relentless demands can understandably, send many young people into a mental health tailspin. The shame and embarrassment are all consuming. Many victims feel like they have done something wrong and will be punished by parents and/or prosecuted by police if anyone finds out.
The sextortion trend is not isolated to Australia. There is currently a global trend of sextortion targeting teenage boys to send sexual images and threatening to share them unless they pay up. Organised crime syndicates are believed to be behind the trend, having diversified from just targeting adults.
In December 2022, the Australian Federal Police revealed that more than 500 Australian bank accounts, financial services and digital currency accounts linked to sextortion syndicates targeting Aussie teens had been shut down.
If your child is a victim, praise them for being brave and coming to you for help. And be grateful that you have an opportunity to help them! Here is what else I suggest:
The most important thing to do is commit to supporting your teen. Reassure them that you will help them, that they are not in trouble, and that you’ll protect them.
Help your teen collect as much proof as possible. Take screenshots of all interactions. These will be essential to help identify the perpetrator.
Contact your local police station or the Australian Centre to Counter Child Exploitation (ACCCE) and report the incident. Please reassure your teen that they will not be prosecuted despite the fact they shared intimate content. Reporting the crime could prevent other teens becoming victims.
All contact with the person blackmailing your teen needs to stop ASAP.
Under no circumstance should you pay the blackmailer, give them more money or more intimate content – despite their demands.
The ACCCE has developed an online blackmail and sexual exploitation response kit. You can access a copy here.
In my opinion, the best way to get ahead of this disturbing trend is to focus on prevention. So, why not take the time to ensure your teens have the privacy settings on all their social media accounts set to ‘friends only’ or ‘private’? That way, they can’t be contacted by anyone they don’t know. Also, remind your kids that friends they meet online can’t be trusted like real ‘in-person’ friends so no sharing of personal information.
And keep the communication open and regular. If your kids know you are genuinely interested in all aspects of their life – both online and offline – and that you have their back, then they are far more likely to come to you if and when there is a problem. And isn’t that what we are here for? To help them navigate the tricky stuff.
Happy digital parenting
Alex
The post Sextortion – What Every Parent Needs To Know appeared first on McAfee Blog.
November 20 is World Children’s Day, a day that celebrates “international togetherness, awareness among children worldwide, and improving children’s welfare.” Highlights from last year’s celebration show the remarkable effort so many put into broadcasting their commitment to protecting children. However, the volume of online homages to the world’s youth also underscores how daunting the task of keeping children safe can be. The internet can bring a community together as it has over this event; it is also where many criminals and predators operate.
Statistics from the Global Cybersecurity Forum (GCF) show the risk that digital life may pose for kids. Nearly three-quarters of children have experienced at least one type of cyberthreat. Inappropriate ads, images, content, and phishing attempts find children even when they’re not attempting to dodge parental controls. For parents, the thrust of International Children’s Day is an ongoing adventure, wherein they often struggle to provide the safe online learning environment their children need to thrive. To celebrate this year’s day of awareness, we’re sharing six tips for ensuring a more private and safe digital life for kids.
According to GCF data, 83% of children claimed they would alert their parents if they experienced an online threat. Yet only four in 10 parents surveyed said their child had ever expressed concerns to them about inappropriate content. If parents want to make their child’s internet time safer, they can focus on making conversations about online content comfortable. When parents know their children are experiencing threats online, they will be better equipped to do something about those threats.
Remember, sometimes children can be exposed to traumatic content even if they follow your guidelines and go online with parental controls. Here are some additional tips for talking to your child about some of the content they may see online.
On plenty of occasions, online threats children experience likely do not require the involvement of law enforcement or similar entity. When online threats involve malicious or solicitous content, it can warrant reporting the incident. Most parents (56%) tend to simply delete content rather than report said content to the police (41%) or inform schools, when appropriate (34%). If parents want transparency from their children, they may consider practicing a bit more transparency themselves, especially when it comes to encounters that may represent criminal acts.
More than 80% of children go online daily, and 36% spend 3-5 hours online in a normal day. In the digital age that has seen a large uptick in digital learning, it’s tough to keep kids away from screens. But the easiest way to ensure kids remain safe from online threats is to limit their screen time altogether. That’s an easier-said-than-done task to be sure. If parents can find ways to decrease the amount of daily time kids spend behind screens, it will reduce the amount of time they’re available to be targeted by bad actors or inappropriate content.
Social media, one of the most popular online activities, is a popular way for younger generations to interact with one another. Built-in messaging on social media apps gives kids a place to message each other that’s one layer removed from text messages that parents may see. Social media has also made inappropriate content more accessible and gives hackers and other bad actors anonymity. Given that 36% of kids report coming across inappropriate images or content, and nearly 20% encounter hacking or phishing attempts when online, it’s not surprising that parents are worried about the social media content their children consume.
Parents can educate their children about more secure social media behavior. Creating awareness of potential scams in their children starts with strong passwords, locked accounts, and reminding them not to click on links from or interact with accounts of people they don’t know.
This may seem like an obvious safeguard against disturbing online content, but not every app, browser or device’s parental controls settings are obvious. Some portals to the internet have more granular settings and others are a bit higher-level, so creating a hermetic seal around kids’ environment can be challenging depending on how they get online and what they access when they get there. Devices like iPhones and major internet companies like Google and YouTube have pretty robust parental control settings to block mature content or remotely limit screen time. Some social media apps also have controls parents can adjust to reduce the likelihood strangers find their child’s account.
Most browsers offer a library of plugins that allow parents to cast a web around potentially harmful content. Ad blockers can keep ads with mature content off of websites, and parental-control plugins can establish browsing controls so that kids can’t even navigate to places inappropriate content is more likely to be. Some plugins block website URLs or entire domains, rendering those destinations unnavigable.
There are also many affordable VPNs on the market for parents. Most VPNs can do things like encrypt internet connections or obscure IP addresses and locations, making overarching internet connections safer and more private.
The UN established World Children’s Day to commemorate both the Declaration of the Rights of the Child, as well as the Convention on the Rights of the Child as guidelines for how to provide for and protect international children. Parents don’t need to wait for the calendar to turn to November to create a safer digital world for their families. These steps for protecting kids from malicious or inappropriate online content are not exhaustive but do provide a strong framework for adults who aren’t sure how to contend with the vast volume of information the world wide web generates.
For those who want to introduce another obstacle between kids and inappropriate content, there’s always something like McAfee+ Family Plans. McAfee+ Family plans add protection against everything from unwanted content via parental controls to identity monitoring and social media privacy management. It’s an all-in-one way to make it that much more unlikely children encounter online content they shouldn’t.
The post How to Protect Kids From Harmful Online Content appeared first on McAfee Blog.
This is the final in a series of three articles covering digital wellness programs in the workplace. Here we explore what organizations have to say about online protection and the role that digital wellness plays in their workplace today.
The top three benefits in the workplace today? Healthcare and retirement benefits are easy picks. Yet weighing in a strong third — digital wellness benefits.
HR pros list digital wellness as a top-three benefit in the workplace, ranking only behind healthcare and retirement benefits.
That’s one of the many findings we revealed in our joint research with HR.com, conducted in the first quarter of 2023. We reached out to nearly 250 HR pros who are knowledgeable about benefits, data privacy, and cybersecurity in organizations of 1,000 employees or more. Across the board, they said digital wellness plays an important role in their organization for several reasons. Collectively, they said it’s effective or highly effective at enhancing security (94%), retaining employees (87%), and improving employee safety and wellbeing (86%).
Moreover, 96% of them say that digital wellness in the workplace is more important than ever.
With that, we also gained a sense as to deeply rooted remote and hybrid work have become. We found that 71% of organizations have at least a quarter of their workforce working remotely at least some of the time. Given that 1 in 2 employees worldwide use at least one personal device for work, it makes sense that HR pros have prioritized digital wellness in their organizations.
Yet what does a digital wellness benefit entail?
As shared in our earlier article, we found little consistency between digital wellness offerings. The most common initiative HR pros employ is offering antivirus software, yet even that was reported by only 60% of organizations. The list breaks down as follows from there:
One item on this list particularly stands out. Note how educating employees about phishing scams ranks so low, at 48%. Compare that to the 61% of HR pros who said that human error, such as falling victim to a phishing attack, led to a cybersecurity breach. From there, more than half said that breach led to a financial loss.
So, which of the above provides the underpinnings of a strong digital wellness benefit? The answer to that is “yes to all.” And more.
When it comes to digital wellness, it’s easy to think of things like antivirus, a VPN, and other technology-driven solutions. Certainly, it’s that. Yet it’s much more. A strong digital wellness offering protects more than devices and things. It protects people. Because people are human, and human error can lead to security issues.
Organizations have IT teams tasked with securing networks, data, and devices. They put protections and policies in place to protect technology. To some extent, they factor in the human element as well. Yet to fully factor in the human element, that calls for HR to partner with IT. Together they can build out a digital wellness benefit that complements the protections IT puts in place.
Organizations can often roll out digital wellness initiatives at relatively low cost, yet they require support to get them started. That begins by making the case for digital wellness benefits with leadership.
Throughout this series of articles, we uncovered how the post-pandemic world has transformed the way employees use the internet, the importance they place on digital wellness, and the reasons they welcome it as a benefit. We also pointed out that digital wellness finds itself as a top-three benefit in the wake of this new internet usage. Together, these articles can help you make the overarching case to leadership — illustrating that digital wellness is vital not only for organizational security, but for attracting and retaining talent as well.
From there, working alongside IT can help you make the specific case for your organization, as part of a three-step approach:
1. Partner with IT.
IT leadership and teams in IT will have insight into the ways employees can improve their security habits. Moreover, they’ll have a sense of which employee security issues are the most pressing. By forming these insights into a list, HR can prioritize initiatives. Then it can use its expertise in incentives, training, and communication to create a culture that minimizes security lapses.
IT can assist HR in other ways, such as with auditing. HR teams can gain insight into the number of personal devices used in the organization. With that, we can advocate for initiatives that can protect them while they use those devices, such as offering online protection software.
2. Offer comprehensive online protection software.
Antivirus, personal data cleanup, and a VPN — HR pros mentioned those initiatives and several others on the list we shared above. Comprehensive online protection like ours covers all those initiatives and then some. All in one proverbial box. With deeper features like identity monitoring, transaction monitoring, and cleaning up old online accounts, it can form the cornerstone of a digital wellness benefit. And at relatively low cost per person.
Moreover, comprehensive online protection can help address human error. McAfee Scam Protection uses artificial intelligence (AI) to combat those phishing attacks. It automatically detects scam texts and can block risky links in emails, social media, and more—which often lead to sites that steal sensitive and financial info.
In all, today’s online protection offers far, far more than antivirus. It protects the employee by protecting their devices, privacy, and personal info.
3. Consider making digital wellness part of your core or voluntary benefits.
Organizations that offer digital wellness as part of their benefits tend to be more confident in the security of personal devices. Among the HR pros who said they offer digital wellness as a core benefit, 78% felt that personal devices are very secure, compared to 64% of those with voluntary benefits, and 59% of those with no digital wellness benefits.
At the root of that feeling is knowledge. Knowledge that employees are empirically safer from hacks, attacks, and identity theft because they have comprehensive online protection like ours. And should they become a victim of identity theft, they have a licensed identity restoration expert who can help them resolve it — and reimburse funds stolen per their protection plan. That puts employees in a better place. Which helps put the organization in a better place as well.
Digital wellness can reduce the stress that comes from loss or the unknown, which enables richer, safer, and happier lives. That puts digital wellness in close company with already established mental and financial wellness benefits, making it part of an attractive benefits package overall. Particularly as people spend nearly seven hours online each day on average — conducting sensitive personal and professional matters there at historic highs.
Digital wellness is crucial for organizations as well. As our research uncovered, many breaches occur because of human error, which often leads to disruptions and financial losses.
The case for digital wellness has only become stronger in recent years, and many organizations have taken their first steps to develop it as a benefit. As our research indicates, the organizations that do benefit as well.
The Benefits of Protection – The Case for Digital Wellness in the Workplace
The Benefits of Protection – Why Employees Place a High Value on Digital Wellness
Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com.
The post The Benefits of Protection – How Organizations Gain from Digital Wellness appeared first on McAfee Blog.
Authored by Dexter Shin
Most people have smartphones these days which can be used to easily search for various topics of interest on the Internet. These topics could be about enhancing their privacy, staying fit with activities like Pilates or yoga, or even finding new people to talk to. So, companies create mobile applications to make it more convenient for users and advertise these apps on their websites. But is it safe to download these advertised applications through website searches?
McAfee Mobile Research Team recently observed a malicious Android and iOS information stealer application delivered via phishing sites. This malware became active in early October and has been observed installed on more than 200 devices, according to McAfee’s telemetry. All of these devices are located in South Korea. Considering that all the distribution phishing sites are active at the time of writing this blog post, it is expected that the number of affected devices will continue to increase.
The malware author selects a service that people might find interesting and attracts victims by disguising their service. They also create phishing sites that use the resources of legitimate sites, making them appear identical and tricking users into thinking that they are the official website of the application they want to install. The phishing site also provides Android and iOS versions of the malicious application. When users eventually download and run the app through this phishing site, their contact information and SMS messages are sent to the malware author. McAfee Mobile Security detects this threat as Android/SpyAgent. For more information, visit McAfee Mobile Security.
How to distribute
We recently introduced SpyNote through a phishing campaign targeting Japan. After we found this malware and confirmed that it was targeting South Korea, we suspected it was also distributed through a phishing campaign. So we researched several communities in Korea. One of them, called Arca Live, we were able to confirm their exact distribution method.
They initially approach victims via SMS message. At this stage, the scammers pretend to be women and send seductive messages with photos. After a bit of conversation, they try to move the stage to LINE messenger. After moving to LINE Messenger, the scammer becomes more aggressive. They send victims a link to make a video call and said that it should only be done using an app that prevents capture. That link is a phishing site where malicious apps will be downloaded.
Figure 1. Distribute phishing sites from LINE messenger after moving from SMS (Red text: Scammer, Blue text: Victim)
What do phishing sites do
One of the phishing sites disguises as Camtalk, a legitimate social networking app available on the Google Play Store and Apple App Store, to trick users into downloading malicious Android and iOS applications from remote servers. It uses the same text, layout, and buttons as the legitimate Camtalk website, but instead of redirecting users to the official app store, it forces them to download the malicious application directly:
Figure 2. Comparison of legitimate site (Left) and phishing site (Right)
In addition to pretending to be a social networking app, malware authors behind this campaign also use other different themes in their phishing sites. For example, the app in first picture below offers cloud-based storage for photos and expanded functions than a default album app such as the ability to protect desired albums by setting a password. And the apps in the second and third pictures are yoga and fitness, enticing users with topics that can be easily searched nearby. The important point is normally these types of apps do not require permission to access SMS and contacts.
Figure 3.Many phishing sites in various fields
All phishing sites we found are hosted on the same IP address and they encourage users to download the app by clicking on the Google Play icon or the App Store icon.
Figure 4. Flow for downloading malicious app files
When users click the store button for their devices, their devices begin downloading the type of file (Android APK or iOS IPA) appropriate for each device from a remote server rather than the official app store. And then devices ask users to install it.
Figure 5. The process of app installation on Android
Figure 6. The process of app installation on iOS
How to sign iOS malware
iOS has more restrictive policies regarding sideloading compared to Android. On iOS devices, if an app is not signed with a legitimate developer’s signature or certificate, it must be manually allowed. This applies when attempting to install apps on iOS devices from sources other than the official app store. So, additional steps are required for an app to be installed.
Figure 7. Need to verify developer certificate on iOS
However, this iOS malware attempts to bypass this process using unique methods. Some iPhone users want to download apps through 3rd party stores rather than Apple App Store. There are many types of stores and tools on the Internet, but one of them is called Scarlet. The store shares enterprise certificates, making it easy for developers or crackers who want to use the store to share their apps with users. In other words, since users have already set the certificate to ‘Trust’ when installing the app called Scarlet, other apps using the same certificate installed afterward will be automatically verified.
Figure 8. App automatically verified after installation of 3rd party store
Their enterprise certificates can be easily downloaded by general users as well.
Figure 9. Enterprise certificate shared via messenger
The iOS malware is using these certificates. So, for devices that already have the certificate trusted using Scarlet, no additional steps are required to execute this malware. Once installed, the app can be run at any time.
Figure 10. Automatic verification and executable app
What do they want
These apps all have the same code, just the application name and icon are different. In case of Android, they require permissions to read your contacts and SMS.
Figure 11. Malicious app required sensitive permissions (Android)
In getDeviceInfo() function, android_id and the victim device’s phone number are sent to the C2 server for the purpose of identifying each device. Subsequently, in the following function, all user’s contact information and SMS messages are sent to the C2 server.
Figure 12. Sensitive data stolen by malware (Android)
And in case of iOS, they only require permission to read your contacts. And it requires the user to input their phone number to enter the chat room. Of course, this is done to identify the victim on the C2 server.
Figure 13. Malicious app required sensitive permissions (iOS)
Similarly to Android, there is code within iOS that collects contact information and the data is sent to the C2 server.
Figure 14. Sensitive data stolen by malware (iOS)
Conclusion
The focus of this ongoing campaign is targeting South Korea and there are 10 phishing sites discovered so far. This campaign can potentially be used for other malicious purposes since it steals the victim’s phone number, associated contacts, and SMS messages. So, users should consider all potential threats related to this, as the data targeted by the malware author is clear, and changes can be made to the known aspects so far.
Users should remain cautious, even if they believe they are on an official website. If the app installation does not occur through Google Play Store or Apple App Store, suspicion is warranted. Furthermore, users should always verify when the app requests permissions that seem unrelated to its intended purpose. Because it is difficult for users to actively deal with all these threats, we strongly recommend that users should install security software on their devices and always keep up to date. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience.
Indicators of Compromise (IOCs)
| Indicators | Indicator Type | Description |
| hxxps://jinyoga[.]shop/ | URL | Phishing site |
| hxxps://mysecret-album[.]com/ | URL | Phishing site |
| hxxps://pilatesyoaa[.]com/ | URL | Phishing site |
| hxxps://sweetchat19[.]com/ | URL | Phishing site |
| hxxps://sweetchat23[.]com/ | URL | Phishing site |
| hxxps://telegraming[.]pro/ | URL | Phishing site |
| hxxps://dl.yoga-jin[.]com/ | URL | Phishing site |
| hxxps://aromyoga[.]com/ | URL | Phishing site |
| hxxps://swim-talk[.]com/ | URL | Phishing site |
| hxxps://spykorea[.]shop/ | URL | Phishing site |
| hxxps://api.sweetchat23[.]com/ | URL | C2 server |
| hxxps://somaonvip[.]com/ | URL | C2 server |
| ed0166fad985d252ae9c92377d6a85025e9b49cafdc06d652107e55dd137f3b2 | SHA256 | Android APK |
| 2b62d3c5f552d32265aa4fb87392292474a1c3cd7f7c10fa24fb5d486f9f7665 | SHA256 | Android APK |
| 4bc1b594f4e6702088cbfd035c4331a52ff22b48295a1dd130b0c0a6d41636c9 | SHA256 | Android APK |
| bb614273d75b1709e62ce764d026c287aad1fdb1b5c35d18b45324c32e666e19 | SHA256 | Android APK |
| 97856de8b869999bf7a2d08910721b3508294521bc5766a9dd28d91f479eeb2e | SHA256 | iOS IPA |
| fcad6f5c29913c6ab84b0bc48c98a0b91a199ba29cbfc5becced105bb9acefd6 | SHA256 | iOS IPA |
| 04721303e090160c92625c7f2504115559a124c6deb358f30ae1f43499b6ba3b | SHA256 | iOS Mach-O Binary |
| 5ccd397ee38db0f7013c52f68a4f7d6a279e95bb611c71e3e2bd9b769c5a700c | SHA256 | iOS Mach-O Binary |
The post Fake Android and iOS apps steal SMS and contacts in South Korea appeared first on McAfee Blog.
Sick and tired of scam messages? So are the 54% of Americans who said they’d rather get a root canal than fall for one of those scams.
That’s one of the striking findings we uncovered in our Global Scam Message Study. We surveyed more than 7,000 adults worldwide — including more than 1,000 in the U.S. for their thoughts on scam messages and texts. And just how painful they are.
If it seems like you’re getting more scam messages than before, you’re not alone. We found that Americans receive an average of 11.6 fake messages or scams each day. And it’s getting tougher to tell what’s real and what’s fake. More than 80% of Americans said that it’s harder than ever to spot if a text, email, or social media message is a scam.
What’s driving this fresh flood of increasingly believable scam messages? AI – and if you’ve tuned into our blogs this past year, that likely comes as little surprise.
As we’ve reported, the bad actors out there have supercharged their scams with AI tools. Effectively, AI makes it far easier to spin up their scams in two significant ways:
With that comes the inevitable fallout. Two-thirds (65%) of Americans have clicked or fallen for a scam. Of them, 45% lost money as a result, and 15% of them lost more than $1,000.
Now, about that root canal stat. People who fall victim to online messaging scams really do find it painful. Particularly as the time and money lost to those scams take their toll. Some people found them so painful, they said they’d rather deal with the following instead:
Ouch. You probably have your own answer to this “would you rather” question, but clearly people feel pretty fed up with this deluge of scam messaging.
You can get a little more insight into those feelings by looking at all the time they waste. Our study found that the average American spends more than an hour-and-a-half each week reviewing, verifying, or deciding whether the messages they get are real or fake.
Realistically, that’s the equivalent of watching a short feature film or streaming three shows — or 94 minutes spent doing just about anything else. Add that up, and it amounts to more than two full work weeks each year spent on scam-spotting.
Specifically, we found:
With the increased volume and more advanced appearance of scam messages, only 35% of Americans have avoided clicking on or falling for fake messages in the last year.
This sophisticated trickery takes five common forms. Below, you can see the types of messages people in the U.S. said they received in the past year:
In line with these findings, 65% of survey respondents have believed that one or more scam messages they got were real. The messages they believed the most were:
With scams evolving into increasingly clever forms, 40% of U.S. survey respondents said their trust in digital communications has decreased. Put another way, 55% of people believe they have a better shot at solving the Rubik’s Cube than identifying a scam message. We further found:
In all, AI has made the murky world of online scams that much murkier. And sadly, that’s partly ruined people’s time online. They spend a part of each day trying to decide if what they’re reading is real or fake. However, you can take a few straightforward steps that can spare you the pain — and without having a root canal instead.
Think before you click.
Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Particularly if it’s a great-sounding deal or promises useful info. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is.
Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender.
Go “unlisted.”
Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI.
From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
Root canals and Rubik’s Cubes aside, you can protect yourself against AI messaging scams. Even as these scams look more and more like the real thing, the same protections apply. In fact, you have new AI-driven tools that can keep you safer too. If there’s one thing we’ve talked about in our blogs plenty as of late, it’s how AI works both ways. While scammers have their AI tools for hoodwinking you, you have AI tools that can keep you safer too.
It’s easy to feel a little helpless with all these AI scams floating about. Yet you really can take far more control than you might think. In fact, online protection software like ours is the most sophisticated it’s ever been. It’s truly an all-in-one fix for protecting your devices, privacy, and identity — and for keeping scam messages at bay.
The post Scam Texts Are More Painful Than Getting a Root Canal appeared first on McAfee Blog.
In workplaces around the world, employees agree — they feel strongly about online protection.
Our joint research with Statista puts a figure to that feeling. Worldwide, 80% or more of employees said that online protection was important or very important to them. Based on what we saw in our previous article in the series, that comes as little surprise.
There, we covered how much time they spend online. Nearly seven hours a day on average. What’s more, they’re spending more time doing more important things. They’re managing their finances, doing their shopping, tracking their health, and even visiting their doctors online. And at historically high rates that only continue to climb.
Yet with that increased activity has come increased risk. Our research found that 27% of employees worldwide said they were a victim of cybercrime. A mix of data theft, malware, phishing, and targeted spearphishing attacks led the way. Strikingly, more than half of employees in the U.S. reported the theft of sensitive info (54%).
Of note for organizations, our research found that 1 in 2 employees use one or more personal devices for work as well. Most often that was an Android (60%) or Windows (55%) device. iOS devices featured prominently as well at 33%.
This makes a strong case for offering comprehensive online protection as part of a digital wellness program. Employers gain the confidence that their employees are protected regardless of which device they use. Employees gain the protection they want, and need, to stay safe online in the workplace and across their daily lives. Both benefit.
Just as organizations have protection measures in place to protect employees on business devices, comprehensive online protection does the same for their personal devices. In this way, organizations gain the assurance that their employees are protected across practically every device they use, wherever they use them.
So, what does comprehensive protection look like? Comprehensive online protection like ours goes beyond antivirus. It protects the whole employee, by protecting their devices, their privacy, and their personal info. Within that, it covers the top online protection measures that employees want most. As found in our research with Statista, the top five measures they want include:
It further includes more features that they might not be aware of yet that can benefit them greatly. A few examples:
Comprehensive online protection offers an added layer of protection for employees, whether they work remotely, in a hybrid role, or in the office. Employees see that as a big benefit.
Employers know quite well that attractive benefits packages help attract and retain great employees. Likewise, employees said much the same in our research. Globally, 4 out of 5 employees said that benefits are key to joining and staying with an employer.
Specific to online protection and digital wellness, 55% of employees cited online protection as an important benefit. That puts it in close association with other core benefits. In India, Brazil, and Australia, online protection is closely linked with healthcare and paid leave. In the U.S. and European countries, 2 in 5 employees consider online digital protection tied to core employee benefits such as paid leave and bonuses.
Employees broadly acknowledged that this kind of protection benefits their employers as well. More than half said that they were interested in online protection because it can protect data and networks from unauthorized access (67%). More than half (52%) said that it could help them avoid unknowingly risky behaviors that might endanger their work.
Comprehensive online protection as part of a digital wellness program can benefit employees and employers alike. Employees see the value in it as they increasingly handle sensitive and personal matters online, ranging from their finances to their health and wellness.
With that increased reliance on the internet comes increased risk of hacks, attacks, and scams. Online protection can reduce those risks significantly. It helps prevent cyberattacks that can rob employees of their time and money as they attempt to recover from an attack. And it provides a clear path forward with restorative measures in the event of a data breach or identity theft.
Aside from offering a benefit that employees highly value, organizations can realize benefits of their own when they offer comprehensive online protection. They’ll have employees who’re unburdened and undistracted from disruptive attacks. Moreover, they’ll extend protections to personal devices that their employees use. Devices that half of them use for work and personal purposes.
In our next article, we’ll help you make the business case for online protection and digital wellness programs from an organizational standpoint. Based on interviews with organizations of varying verticals and sizes, we’ll see what they had to say about the role that digital wellness plays in their workplace today.
Editor’s note: Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com.
The post The Benefits of Protection – Why Employees Place a High Value on Digital Wellness appeared first on McAfee Blog.
A simple click of a link can’t cause any trouble, right? Wrong.
It doesn’t matter if you quickly close out of a window. It doesn’t matter if you only take a quick peek and don’t touch anything else while you’re on a risky webpage. Often, just clicking on a single link can compromise your device, online privacy, and even your identity.
Here’s everything you need to know to steer clear of malicious links and the viruses, malware and other problems that they may contain.
What Is a Risky Link?
A risky link is any hyperlink that redirects you to an unexpected webpage. Often, these webpages trick visitors into divulging personal information or the webpages download malicious payloads (viruses, malware, spyware, etc.) onto devices. While they often appear in phishing emails and texts, risky links can pop up anywhere: on social media, in comment sections, or on risky websites.
What Happens If You Click on a Risky Link?
A few nasty tricks, viruses, and malware could be lurking behind risky links. All it takes to fall for a cyber scheme is to click on a link. For example, a malicious link could bring you to a fake login page. This is a way for a phisher to steal your username, password, or answers to your security questions. Instead of logging into your bank account or an online shopping account, you’re actually handing your login credentials right to a scammer. From there, they could walk into your accounts, make purchases in your name, or steal your sensitive personally identifiable information (PII) attached to your account.
If a risky link downloads a virus or malware to your device, the effects could vary. Some viruses bring your device to a crawl and seriously limit your computing power. Mobile malware is a vast category of malicious software and it often makes its way onto devices through infected links. Malware can spy on you, watch your keystrokes, attach your device to a botnet, and overall compromise your device and the information it stores.
How Do You Steer Clear of Risky Links?
Avoiding risky links requires that you slow down and think before you click on anything. Scammers and phishers disguise their malicious links to look legitimate making them difficult to spot. Artificial intelligence tools like ChatGPT and Bard are making phishing correspondences more believable than attempts from a few years ago. If you move too fast, you could fall for scams that you’d normally sniff out if you were taking your time.
Here are a few tips that’ll go a long way toward keeping your device and PII out of the hands of cybercriminals.
What Tool Can Give You Peace of Mind?
McAfee Scam Protection fights malicious links with artificial intelligence-powered proactive alerts and automatic protection. The more you use it, the smarter McAfee Scam Protection becomes. When it detects a scam link in your texts, emails, or on social media, McAfee Scam Protection automatically alerts you to it. Additionally, if you accidentally click on a scam link, the app will block the malicious webpage from loading, protecting your device and online privacy from invaders.
Confidence in your ability to avoid or block risky links will go a long way toward lessening any unease you have about navigating the conveniences and entertainment the internet offers.
The post What Are the Risks of Clicking on Malicious Links? appeared first on McAfee Blog.
Authored by Lakshya Mathur & Vignesh Dhatchanamoorthy
AsyncRAT, short for “Asynchronous Remote Access Trojan,” is a sophisticated piece of malware designed to compromise the security of computer systems and steal sensitive information. What sets AsyncRAT apart from other malware strains is its stealthy nature, making it a formidable adversary in the world of cybersecurity.
McAfee Labs has observed a recent AsyncRAT campaign being distributed through a malicious HTML file. This entire infection strategy employs a range of file types, including PowerShell, Windows Script File (WSF), VBScript (VBS), and more, in order to bypass antivirus detection measures.
Figure 1 – AsyncRAT prevalence for the last one month
A recipient receives a spam email containing a nefarious web link. When accessed, this link triggers the download of an HTML file. Within this HTML file, an ISO file is embedded, and this ISO image file harbors a WSF (Windows Script File). The WSF file subsequently establishes connections with various URLs and proceeds to execute multiple files in formats such as PowerShell, VBS (VBScript), and BAT. These executed files are employed to carry out a process injection into RegSvcs.exe, a legitimate Microsoft .NET utility. This manipulation of RegSvcs.exe allows the attacker to covertly hide their activities within a trusted system application.
Infection Chain
Figure 2 – Infection Chain
Stage 1: Analysis of HTML & WSF file
The sequence begins with a malicious URL found within the email, which initiates the download of an HTML file. Inside this HTML file, an ISO file is embedded. Further JavaScript is utilized to extract the ISO image file.
Figure 3 – Contents of HTML file
Figure 4 – Extracted ISO file when HTML is run
Within the ISO file is a WSF script labeled as “FXM_20231606_9854298542_098.wsf.” This file incorporates junk strings of data, interspersed with specific “<job>” and “<VBScript>” tags (as indicated in Figure 5 and highlighted in red). These tags are responsible for establishing a connection to the URL “hxxp://45.12.253.107:222/f[.]txt” to fetch a PowerShell file.
Figure 5 – Contents of WSF file
Stage 2: Analysis of PowerShell files
The URL “hxxp://45.12.253.107:222/f[.]txt” retrieves a text file that contains PowerShell code.
Figure 6 – Contents of the First PowerShell file
The initial PowerShell code subsequently establishes a connection to another URL, “hxxp://45.12.253.107:222/j[.]jpg,” and retrieves the second PowerShell file.
Figure 7 – Contents of Second PowerShell file
The PowerShell script drops four files into the ProgramData folder, including two PowerShell files, one VBS file, and one BAT file. The contents of these four files are embedded within this PowerShell script. It then proceeds to create a folder named “xral” in the ProgramData directory, where it writes and extracts these files, as depicted in Figure 8.
Figure 8 – Second PowerShell creating 4 files and writing content in them using [IO.File]::WriteAllText command
Figure 9 – Files extracted in the “ProgramData/xral” folder
Stage 3: Analysis of Files dropped in the ProgramData folder
Following this, the PowerShell script executes “xral.ps1,” which is responsible for establishing a scheduled task to achieve persistence. Additionally, it initiates the execution of the ” xral.vbs ” file.
Figure 10 – Content of VBS file
The VBS script proceeds to execute the “1.bat” file, which, in turn, is responsible for executing the final PowerShell script, “hrlm.ps1.”
In a nutshell, after the second powershell, the execution goes like:
xral.ps1 -> xral.vbs -> 1.bat -> hrlm.ps1
These various executions of different file types are strategically employed to circumvent both static and behavior-based antivirus detections.
Stage 4: Analysis of the final PowerShell file
Figure 11 – Content of final PowerShell file
As depicted in the preceding figure, this PowerShell file contains a PE (Portable Executable) file in hexadecimal format. This file is intended for injection into a legitimate process. In the second red-highlighted box, it’s evident that the attackers have obfuscated the process name, which will be revealed after performing a replacement operation. It is now evident that this PE file is intended for injection into “C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe.” The process injection is accomplished through the Reflection Assembly load functionality of the PowerShell file, which allows access and invocation of .NET data from within PowerShell.
After the process injection, the RegSvcs utility is initiated and executed without any additional parameters.
Stage 5: Analysis of infected RegSvcs.exe
Once PowerShell successfully injects malicious code into RegSvcs, the compromised RegSvcs.exe runs, and the AsyncRAT server establishes a connection to it. The artifacts of this infected RegSvcs.exe running are illustrated in Figure 12.
Figure 12 – AsyncRAT server strings in RegSvcs
Further analysis uncovered that this sample possesses keylogging capabilities. It recorded all activities performed on the system after replication, storing this information in a “log.tmp” file within the TEMP folder for record-keeping purposes.
Figure 13 – Log file created in %temp% folder logging all keystrokes
Furthermore, this sample was actively engaged in the theft of credentials and browser-related data. Additionally, it attempted to search for cryptocurrency-related information, including data related to Bitcoin, Ethereum, and similar assets. The illicitly acquired data was being transmitted over TCP to the IP address 45[.]12.253.107 on port 8808.
Figure 14 – TCP information of RegSvcs.exe
The infection chain begins with a malicious URL embedded in a spam email, leading to the download of an HTML file containing an ISO. Within the ISO file, a WSF script connects to external URLs and downloads a PowerShell script, which, in turn, initiates a series of non-PE file executions and ultimately injects a hexadecimal-encoded PE file into the legitimate “RegSvcs.exe.” This compromised process connects to an AsyncRAT server. The malware exhibits keylogging capabilities, records user activities, and steals credentials, browser data, and crypto-related information. Data is exfiltrated over TCP to an IP address and port. This intricate chain leverages diverse file types and obfuscation methods to avoid detection, ultimately resulting in the attackers gaining remote control and successfully stealing data.
| File | SHA256/URL |
| HTML | 83c96c9853245a32042e45995ffa41393eeb9891e80ebcfb09de8fae8b5055a3 |
| ISO | 97f91122e541b38492ca2a7c781bb9f6b0a2e98e5b048ec291d98c273a6c3d62 |
| WSF | ac6c6e196c9245cefbed223a3b02d16dd806523bba4e74ab1bcf55813cc5702a |
| PS1 | 0159bd243221ef7c5f392bb43643a5f73660c03dc2f74e8ba50e4aaed6c6f531 |
| PS1 | f123c1df7d17d51115950734309644e05f3a74a5565c822f17c1ca22d62c3d99 |
| PS1 | 19402c43b620b96c53b03b5bcfeaa0e645f0eff0bc6e9d1c78747fafbbaf1807 |
| VBS | 34cb840b44befdd236610f103ec1d0f914528f1f256d9ab375ad43ee2887d8ce |
| BAT | 1c3d5dea254506c5f7c714c0b05f6e2241a25373225a6a77929e4607eb934d08 |
| PS1 | 83b29151a192f868362c0ecffe5c5fabe280c8baac335c79e8950fdd439e69ac |
| URL | hxxp://45.12.253[.]107:222/f[.]txt |
| hxxp://45.12.253[.]107:222/j[.]jpg |
The post Unmasking AsyncRAT New Infection Chain appeared first on McAfee Blog.
This is the first in a series of three articles covering digital wellness programs in the workplace. Here we take a broad look at today’s online trends — and reveal why digital wellness is now just as vital as physical, mental, and financial wellness programs.
What once got done in person, now gets done online. And at historic levels. There’s no question that the pandemic transformed face-to-face interactions into face-to-screen interactions. Not to mention that it ushered in the advent of remote work on a massive scale. Yet even with the pandemic behind us and people largely returning to their places of work, that transformation remains squarely in place.
Today, we conduct more of our lives online than ever before. That makes protecting life online more important than ever before.
Yet in a time of data breaches, identity theft, and online scams of all stripes, online protection can seem complicated. That’s why employees welcome digital wellness as a benefit. It can help them fix weak spots in their security, protect their privacy, and put them in control of their personal data.
Simply put, employees welcome the help.
Our research with Statista found that 54% of employees worldwide said that online protection is an important or very important benefit. That should come as no surprise, particularly as we take care of increasingly important things online.
What does that look like?
First, we can look at how we bank and shop online. Projections estimate that more than 3.5 billion people worldwide will bank online by 2024, driven in large part by online-only banks. Global e-commerce sales continue to climb with revenues topping more than $5.7 trillion in U.S. dollars. That growth continues at an estimated compound annual growth rate (CAGR) of 11.34%.
And that’s just for starters.
Increasingly, we track our health and wellness with connected devices too — like workouts on our phones and biometrics on wearable devices. Worldwide, people own more than a billion wearable connected devices. Taking that a step further, we visit the doctor online now as well. The old-fashioned house call has become the modern-day Zoom call. Our recent research found that 75% of people surveyed in early 2023 said they’ve used telehealth services in the past year.
In all, we trust the internet with some of our most important tasks. We even trust our homes to it. More than 300 million households run their day with the assistance of smart devices, like smart speakers, smart appliances, and smart deadbolt locks.
Finally, we can point to the complicated factor of remote and hybrid work. Our joint research with HR.com found that 98% of organizations surveyed have at least one or more employees who work remotely. Additional research cited by Forbes indicates that nearly 13% of full-time employees work remotely, while more than 28% work in a hybrid model. As a result, work devices inevitably get used for some personal purposes — just as personal devices get used for some professional purposes.
That adds up to an average of nearly seven hours a day spent online.
It’s little wonder that so many companies continue to show growing interest in digital wellness programs. People find themselves exposed to plenty of risk as they conduct personal business and professional business across the devices they use throughout the day.
However, what makes up digital wellness and what it offers remains loosely defined.
Where do digital wellness programs stand in the workplace today? They share much with the state of financial wellness programs about ten years ago.
At the time, financial wellness was largely unknown. Further, companies were unsure if or how it played a part underneath the umbrella of “wellbeing.” Then changes came along. People saw how financial activities and planning can have a major impact on a person’s quality of life. Today, financial wellness is just as concrete as physical and mental wellness as benefits in the workplace.
Digital wellness now finds itself in the same evolution cycle that financial wellness entered a decade ago. It’s a concrete pillar underneath “wellbeing” much for the same reasons financial wellness is. Digital wellness reduces stress from loss or the unknown and enables richer, safer, and happier lives.
With that, today’s threats have evolved as well. While viruses and malware remain a problem, today’s bad actors are out for bigger games. Like stealing personal and financial info for identity theft. Or grifting detailed info from data brokers who compile and sell data linked to millions of people — with up to thousands of entries for each person.
We’ve also seen the onset of artificial intelligence (AI) in attacks. Fraudsters have used AI as the capstone of convincing voice, image, and video scams. Hackers now generate malware code using AI tools as well. Combine that with the multitude of ways people spend their time online, it’s clear why today’s online crooks tamper with people’s data, privacy, and identity at unprecedented rates.
HR professionals at organizations are aware of this. Given this climate, 55% of HR professionals said they provide it as part of their organization’s core benefits offerings. Another 36% say it’s part of their organization’s voluntary benefits offerings. Yet their offerings vary greatly.
Our research respondents said that they have five different digital wellness initiatives on average. Yet we found little consistency between them. Only 60% of respondents provided the same initiatives. The top responses: antivirus software, personal data cleanup, protection for work devices, and instruction on digital best practices. This illustrates that digital wellness programs are indeed in those early stages of development.
Digital wellness protects the person. This definition provides the basis for any comprehensive digital wellness offering.
More than offering antivirus or a VPN as a benefit, digital wellness protects the lives that employees live online. It helps prevent the things that can absolutely upend a person’s life online, like hacks, malware attacks, and online scams. And if someone falls victim to a data breach or identity theft, it provides a clear path forward with restorative measures.
People simply want to enjoy their time online without worrying about the risks. Yet if not looked after, gaps in their digital wellness can drive huge financial and mental stresses. For example, consider how identity theft steals more than money. It steals time, robbing a victim of their focus on other parts of their home and work lives as they struggle to recover.
As such, a digital wellness program that provides preventative and restorative measures. Often with comprehensive online protection like ours as a cornerstone offering.
Yet we can extend the definition further. It can also entail a healthy relationship with the internet. Balancing time spent there with other aspects of life, which can help relieve stress and burnout as well. Respondents in our HR.com research found this aspect of digital wellness appealing. Nearly half said that establishing a healthy relationship with technology is a key aspect of digital wellness — recognizing that this requires ongoing education.
Certainly, a comprehensive and successful digital wellness program protects the whole person, not just their devices.
For organizations that want to create this kind of digital wellness program, we offer up this series of articles. Our aim is to load you up with insights that can make the business case for putting one in place. You’ll see how employers and employees agree there’s a real need for it — and that everyone stands to benefit.
Look for our next article in the series.
Want to learn more? Visit us at https://www.mcafee.com/en-us/resources/digital-wellness.html or reach out to EmployeeBenefits@mcafee.com.
The post The Benefits of Protection – The Case for Digital Wellness in the Workplace appeared first on McAfee Blog.
AI is on your side. In fact, it’s kept you safer online for some time now.
Now that scammers and hackers have gotten their hands on AI tools, they understandably get their share of headlines. Rightfully so. AI tools have helped them scale up their attacks while also making them look and feel increasingly sophisticated.
Meanwhile, at McAfee, we’ve used AI as a core component of our protection for years now. As such, it’s done plenty for you over the years. AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
Now we’ve made improvements to our AI-driven protection—and unveiled an all-new feature that takes full advantage of AI, McAfee Scam Protection.
AI is indeed on your side. A quick tour will show you how.
AI-driven protection quashes threats in three ways:
So, what does AI-driven protection look like in the real world?
AI can identify malicious websites and links before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can let you know when the link you got in that text is a total fake.
In combination with our security engineers and teams, AI really on your side.
As part of our product launch a few weeks ago, we created advances in one or our AI-driven protections and released an entirely new AI-driven protection as well.
McAfee Next-gen Threat Protection: McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
As for strength, it offers 100% protection against zero-day threats and 100% against threats released in the past month (AV-TEST results, June 2023). You’ll find it across all our products that have antivirus included.
McAfee Scam Protection: McAfee’s patented and powerful AI technology helps you stay safer amidst the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake.
And if you accidentally click on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans.
In addition to AI-driven improvements, we also released several new features. Together they help you protect your privacy, lock down your identity, and set up your McAfee software for the best security.
Hackers might be making headlines as they cook up new attacks with AI, yet maybe it’s time to flip the script this once. AI works for you and can keep you safer online.
Whether hackers try to hit you with ransomware or scammers pepper you with phony messages, AI can help keep you from harm. In conjunction with other advanced features that protect your privacy and identity, AI makes for powerful protection.
The post Advances in Our Use of AI Keep You Even Safer Online appeared first on McAfee Blog.
In the ever-growing digital age, our mobile devices contain an alarming amount of personal, sensitive data. From emails, social media accounts, banking applications to payment apps, our personal and financial lives are increasingly entwined with the convenience of online, mobile platforms. However, despite the increasing threat to cyber security, it appears many of us are complacent about protecting our mobile devices.
Survey revealed that many mobile users still use easy-to-remember and easy-to-guess passwords. With such an increasing dependence on mobile devices to handle our daily tasks, it seems unimaginable that many of us leave our important personal data unguarded. Theft or loss of an unsecured mobile device can, and often does, result in a catastrophic loss of privacy and financial security.
The unfortunate reality of our digital era is that devices are lost, misplaced, or stolen every day. A mobile device without password protection is a gold mine for anyone with malicious intent. According to a global survey by McAfee and One Poll, many consumers are largely unconcerned about the security of their personal data stored on mobile devices. To illustrate, only one in five respondents had backed up data on their tablet or smartphone. Even more concerning, 15% admitted they saved password information on their phone.
Such statistics are troubling for several reasons. The most obvious is the risk of personal information —including banking details and online login credentials— falling into the wrong hands. A lost or stolen device is not just a device lost— it’s potentially an identity, a bank account, or worse. The lack of urgency in securing data on mobile devices speaks to a broad consumer misunderstanding about the severity of the threats posed by cybercriminals and the ease with which they can exploit an unprotected device.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Perhaps one of the most surprising findings of the survey is the difference in mobile security behaviors between men and women. This difference illustrates not just a disparity in the type of personal information each group holds dear, but also the degree of risk each is willing to accept with their mobile devices.
Broadly speaking, men tend to place greater value on the content stored on their devices, such as photos, videos, and contact lists. Women, on the other hand, appear more concerned about the potential loss of access to social media accounts and personal communication tools like email. They are statistically more likely to experience online harassment and privacy breaches. This could explain why they are more concerned about the security of their social media accounts, as maintaining control over their online presence can be a way to protect against harassment and maintain a sense of safety.
The loss of a mobile device, which for many individuals has become an extension of their social identity, can disrupt daily life significantly. This distinction illustrates that the consequences of lost or stolen mobile devices are not just financial, but social and emotional as well.
Despite the differences in what we value on our mobile devices, the survey showed a worrying level of risky behavior from both genders. Over half (55%) of respondents admitted sharing their passwords or PIN with others, including their children. This behavior not only leaves devices and data at risk of unauthorized access but also contributes to a wider culture of complacency around mobile security.
Password protection offers a fundamental layer of security for devices, yet many people still choose convenience over safety. Setting a password or PIN isn’t a failsafe method for keeping your data safe. However, it is a simple and effective starting point in the broader effort to protect our digital lives.
→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices
While the survey results raise an alarm, the good news is that we can turn things around. It all begins with acknowledging the risks of leaving our mobile devices unprotected. There are simple steps that can be taken to ramp up the security of your devices and protect your personal information.
First and foremost, password-protect all your devices. This means going beyond your mobile phone to include tablets and any other portable, internet-capable devices you may use. And, while setting a password, avoid easy ones like “1234” or “1111”. These are the first combinations a hacker will try. The more complex your password is, the sturdier a barrier it forms against unauthorized access.
Another important step is to avoid using the “remember me” function on your apps or mobile web browser. Although it might seem convenient to stay logged into your accounts for quick access, this considerably amplifies the risk if your device gets stolen or lost. It’s crucial to ensure you log out of your accounts whenever not in use. This includes email, social media, banking, payment apps, and any other accounts linked to sensitive information.
McAfee Pro Tip: If your phone is lost or stolen, employing a combination of tracking your device, locking it remotely, and erasing its data can safeguard both your phone and the information it contains. Learn more tips on how to protect your mobile device from loss and theft.
Sharing your PIN or password is also a risky behavior that should be discouraged. Admittedly, this might be challenging to implement, especially with family members or close friends. But the potential harm it can prevent in the long run far outweighs the temporary convenience it might present.
Having highlighted the importance of individual action towards secure mobile practices, it’s worth noting that investing in reliable security software can also make a world of difference. A mobile security product like McAfee Mobile Security, which offers anti-malware, web protection, and app protection, can provide a crucial extra layer of defense.
With app protection, not only are you alerted if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, your personal information remains safe by locking some or all of your apps. This means that even if your device falls into the wrong hands, they still won’t be able to access your crucial information.
It’s also critical to stay educated on the latest ways to protect your mobile device. Cyber threats evolve constantly, and awareness is your first line of defense. McAfee has designed a comprehensive approach to make the process of learning about mobile security not just informative but also engaging. Our array of resources includes a rich repository of blogs, insightful reports, and informative guides. These materials are meticulously crafted to provide users with a wealth of knowledge on how to protect their mobile devices, ensuring that the learning experience is not only informative but also engaging and enjoyable.
While the current state of mobile device security may seem concerning, it’s far from hopeless. By incorporating simple security practices such as setting complex passwords and avoiding shared access, we can significantly reduce the risk of unauthorized data access. Additionally, investing in trusted mobile security products like McAfee Mobile Security can provide a robust defense against advancing cyber threats. Remember, our digital lives mirror our real lives – just as we lock and secure our homes, so too must we protect our mobile devices.
The post How to Protect Your Mobile Device From Loss and Theft appeared first on McAfee Blog.
Every day, life for many consumers has become more “digital” than before—this has made day-to-day tasks easier for many of us, but it also creates new challenges. From online banking to medical records, protecting our private, personal information is imperative.
Too often, the same password is used for multiple online accounts—for instance, you might log in to your online banking site with the same password you use for your personal email account. In a McAfee survey, 34% of people reported that they use the same password for multiple online accounts. Using identical passwords is convenient for us as users, but it’s also convenient for any hacker trying to steal personal information—once a hacker has access to one of your accounts, he can use a recycled password to snoop around at will.
Certainly, using more than one password and passphrases that include a mix of upper and lower case letters, numbers, and symbols and is at least ten characters in length goes a long way towards keeping malicious people at bay, but unfortunately, merely adding variety to your login information doesn’t guarantee security. In The Easiest Ways to Not Get Hacked, author Rebecca Greenfield included this chart showing just how much difference one character in length makes:
One of the most important accounts to keep secure is your primary email account—and here’s why: sooner or later, we all have to use the “I forgot my password” option, which typically sends a password reset email.
A hacker only needs to crack the password for your primary email account, and he’ll be able to access any of your other secure accounts simply by clicking the “forgot password” button when he sees it. This is known as a single point of failure, meaning it’s the one piece in any system that can bring down your whole system.
McAfee Pro Tip: If you’re having trouble remembering all your complex passwords on multiple accounts, a password manager can help you save time and effort while securing your accounts and devices. Learn more about McAfee’s password manager.
Establishing a separate email account for registration is one idea—in other words, your “I forgot my password” emails would all be sent to an account other than your primary email account. But even in that situation, there’s still only one password between a hacker and most of the data you want to keep from a hacker’s hands—from financial accounts and bank access to your weekly grocery delivery service. So the real question, even if you’re savvy enough to have a separate email address for password rescue, is: how do you make any email account more secure?
Two-step verification (often referred to as two-factor authentication) is a system designed to give you an extra layer of security that’s easy to use and indispensable for commercial or highly sensitive accounts. Two-step verification protects your email with not only a password but also by associating your account with a specific device or devices. A recent example of how this works comes from Google. In the case of Google’s two-step verification for Gmail accounts, a user simply re-authorizes the account every 30 days, by providing a numeric code that confirms the account.
→ Dig Deeper: Two-Factor vs. Multi-Factor Authentication: What’s the Difference?
The extra step and learning a new system of security sounds like an enormous hassle, but Google has taken the pain out of the process by allowing you to obtain the code in one of three ways:
This means that a hacker who wants to access your email account can only do so if he has access to your text messages or your landline phone. It might not stop every cybercriminal, but it does make the average hacker’s job a lot harder.
McAfee Pro Tip: Some hackers may go as far as calling your personal numbers, if they have access to them, and ask for your two-factor verification code to access your financial accounts, citing that they need it for their ongoing promotions or measures to improve your account security. This is a social engineering tactic that you should familiarize yourself with. Learn more about social engineering.
This two-factor authentication, while not new, is making major inroads among websites, apps, and services that process critical information. Many corporations have used hardware-based secondary authentication codes for years, but Google and others (including Twitter) are working hard to make this enhanced authentication flow a more practical and accessible part of our working lives.
New biometric verification options, such as a retina or fingerprint scan, are also catching on among security-conscious consumers, and will likely be a feature on more devices in the future. As times change, and more sensitive information flows through these sites, we can be sure to see more of these processes put into place.
→ Dig Deeper: How Virtual Reality and Facebook Photos Helped Researchers Hack Biometric Security
Two-step verification offers multiple benefits in the world of digital security. The key merit is that it presents an extra hurdle for hackers to overcome. If a hacker has breached your password, they still have to pass the second level of verification. As such, two-step verification makes your information harder to access, giving you added peace of mind.
Apart from enhancing security, two-step verification simplifies the recovery process if you ever forget your password. Since you have set up a secondary recovery method, you can use it to reset your password. This reduces the risk of losing access to your account due to forgotten passwords.
→ Dig Deeper: Let’s Make Security Easy
Setting up two-step verification on your accounts is relatively straightforward process. The first step is to go to the account settings of the platform where you want to enable this feature. Once you are there, locate the two-step verification or two-factor authentication option. Click on it, and follow the prompts. Typically, the system will ask for your phone number or an alternative email address to send the verification code to complete the process. Once that is done, you are all set.
From then on, every time you log in, you will need to input not only your password but also a unique code sent to your phone number or alternative email. Remember to choose a method that is convenient for you. For instance, if you are always on your phone, it may be easier to opt for the text message verification code option. This ensures that you can always promptly complete the second step of verification whenever you log in.
→ Dig Deeper: Protect Your Social Passwords with Two-Step Verification
While two-step verification offers an added layer of security, it is not foolproof. One potential challenge is that a hacker could intercept the verification code. Despite its rarity, this type of security breach is possible and has occurred. Furthermore, you might face issues if you lose the device used for verification. For example, if you lose your phone and have set it up for receiving verification codes, you might struggle to access your accounts.
Moreover, two-step verification can be inconvenient for some people. It adds an extra step every time you log in, and if you do not have immediate access to your verification device, you might be locked out of your accounts. Despite these challenges, the benefits of two-step verification far outweigh the potential drawbacks, and it remains a robust and recommended security measure in the digital era.
In conclusion, two-step verification offers a critical layer of security in protecting your digital assets. As life becomes increasingly digitized, and we continue to store more personal and sensitive information online, it is crucial to employ strong security measures like two-step verification. While it might seem like a bit of a hassle at times, the added security it provides, the peace of mind and the protection of your personal information make it a worthwhile endeavor. As the old saying goes, “It’s better to be safe than sorry.”
Therefore, embrace two-step verification and make it harder for hackers to gain access to your information. After all, security in the digital sphere is not a luxury, but a necessity.
To further protect your digital assets, consider McAfee+, our most comprehensive online protection software. Protect your mobile, laptops, computers, and IoT devices with reputable security software.
The post Make a Hacker’s Job Harder with Two-step Verification appeared first on McAfee Blog.
In the last decade, Bitcoin has emerged as a revolutionary form of digital asset, disrupting traditional financial markets along the way. Unlike traditional currencies issued by national governments (fiat money), Bitcoin is a decentralized form of money operated via a peer-to-peer network. This means it is not regulated or controlled by any central authority or government. This, along with many other characteristics, offers a range of benefits but also poses certain risks. In this article, we will examine these advantages and challenges to help you evaluate whether the benefits of Bitcoin outweigh the risks.
Bitcoin was created in 2009 by an anonymous person or group of people using the pseudonym Satoshi Nakamoto. As the first cryptocurrency, Bitcoin introduced a new kind of money that is issued and managed without the need for a central authority. Not only is Bitcoin a single unit of currency (simply referred to as a “bitcoin”), but it is also the decentralized, peer-to-peer network that enables the movement of that currency.
Bitcoin transactions are verified by network nodes through cryptography and recorded on a public ledger called blockchain. A user can access his or her bitcoins from anywhere in the world, as long as they have the private key to their unique Bitcoin address. Now, let’s delve into the inherent benefits and risks associated with Bitcoin.
This digital cryptocurrency has gained immense popularity and continues to capture the imagination of investors, tech enthusiasts, and financial experts alike. As we dive into the world of Bitcoin, let’s also uncover the myriad benefits it brings to the table, from decentralization and security to financial inclusion and innovation.
As a decentralized form of currency, Bitcoin is not subject to control by any government, bank, or financial institution. This ensures that the value of Bitcoin is not affected by monetary policies or economic conditions of any specific country. It also means there is no need for intermediaries, such as banks, to process transactions. As a result, Bitcoin transactions can be faster and cheaper than traditional money transfers, particularly for international transactions.
Furthermore, this decentralization offers potential benefits in regions where the local currency is unstable or access to banking is limited. For those without bank accounts, Bitcoin provides an alternative way to store and transact money. It also provides a safeguard against the risks of government-controlled fiat currency, such as inflation or deflation. This property of Bitcoin has been particularly attractive in countries experiencing hyperinflation, such as Venezuela.
Bitcoin transactions are recorded on a public ledger, the blockchain, which is accessible to anyone. This ensures a high level of transparency, as the flow of Bitcoins and the transactions can be tracked by anyone. Nonetheless, while transactions are public, the identities of the parties involved are pseudonymous. This offers a level of privacy and anonymity to users, as their real-world identities are not directly connected to their Bitcoin addresses, offering more privacy than traditional banking systems.
Moreover, because of its immutable and transparent nature, Bitcoin has potential uses beyond being a currency. The underlying blockchain technology has numerous potential applications, including secure sharing of medical records, supply chain management, and secure transfer of assets like land deeds and other legal documents.
→Dig Deeper: Demystifying Blockchain: Sifting Through Benefits, Examples and Choices
Bitcoin stands as both an enigma and a harbinger of change. Its meteoric rise to prominence has captivated the world, yet it has also garnered its fair share of scrutiny and caution. Now, let’s examine the flip side of the digital coin – the risks that come with it.
Price Volatility
One of the most well-known risks of Bitcoin is its price volatility. The value of a bitcoin can increase or decrease dramatically over a very short period. This volatility can result in significant financial loss. While some traders may enjoy this volatility because it provides exciting opportunities for high-return investments, it can be a risky venture for those seeking stability, particularly for those who intend to use Bitcoin as a regular currency.
The volatility also makes Bitcoin less feasible as a store of value. With traditional currencies, individuals can expect the purchasing power of their money to remain relatively stable over short periods of time. With Bitcoin, however, the purchasing power can fluctuate wildly from day to day.
While the Bitcoin network itself has remained secure since its inception, the ecosystem around it is not entirely secure. Bitcoin wallets and exchanges, which are necessary for users to store and trade Bitcoins, have been the targets of hacking in the past. In some instances, users have lost their entire Bitcoin holdings.
Bitcoin transactions are irreversible. Once a transaction is initiated, it cannot be reversed. If the transaction is fraudulent or a mistake has been made, it cannot be corrected. This risk factor demands a high level of care and caution by Bitcoin users. The anonymity of Bitcoin can also facilitate criminal activities such as money laundering and the buying and selling illegal goods, which can impact users indirectly.
→Dig Deeper: Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
Bitcoin operates in a relatively gray area of law and regulation. While it is not illegal, its status varies widely around the world. Some countries have embraced Bitcoin as a legitimate payment method, while others have banned or restricted it. The variability of regulation creates uncertainty and poses a risk for Bitcoin users. There’s also a risk that future regulation could adversely affect Bitcoin. For instance, if a major government declared Bitcoin use illegal, or one of the world’s largest exchanges was hacked, the value of Bitcoin could plummet.
Due to Bitcoin’s decentralized nature, lawmakers and regulatory bodies may find it difficult to draft and implement effective regulations that do not stifle innovation. The digital nature of Bitcoin also poses challenges with legal protections that are generally applied to traditional instruments, such as the ability to challenge fraudulent transactions.
→Dig Deeper: Cryptohacking: Is Cryptocurrency Losing Its Credibility?
When comparing the benefits and risks of Bitcoin, it becomes clear that this cryptocurrency presents both unique opportunities and challenges. On the positive side, its decentralized and peer-to-peer nature offers a level of independence and flexibility not found in traditional financial systems. Additionally, its underlying blockchain technology offers potential for numerous applications beyond cryptocurrency itself.
However, these benefits must be weighed against the risks they pose, including its high price volatility and security issues, and the potential consequences of an uncertain regulatory environment. These risks underline the need for caution and due diligence before investing in or transacting with Bitcoin.
As the first cryptocurrency, Bitcoin is still in its early stages and will likely continue to evolve. As its regulatory environment becomes clearer and its technology becomes more established, the risks associated with Bitcoin may decrease. However, until then, a balanced perspective on the benefits and risks of Bitcoin is essential for anyone considering participating in its network.
McAfee Pro Tip: Bitcoin’s security issues are one of the main risks you need to consider and watch out for if you wish to invest in Bitcoin. Traditional or cryptocurrency, learn how to protect your finances online.
In a remarkably short time, Bitcoin has evolved from a fringe concept to a global financial phenomenon, challenging conventional notions of currency and decentralization. While its disruptive potential, innovation, and the allure of financial autonomy are undeniable, Bitcoin’s journey is punctuated with volatility, regulatory ambiguities, and security concerns that demand cautious consideration. As it continues to capture the world’s imagination, Bitcoin stands as both a symbol of the digital age’s possibilities and a stark reminder of the complexities and challenges associated with redefining the future of finance. Its ultimate role in the global economy remains uncertain, but its impact on the way we perceive and utilize money is undeniable, solidifying its place in history as a transformative force in the world of finance.
As individuals, it is essential to safeguard your digital assets, traditional financial resources, and online financial dealings to ensure a secure and unrestricted existence in the modern world. That’s why we encourage you to improve your digital security. Check out our McAfee+ and Total Protection to boost your protection.
The post Do the Benefits of Bitcoin Outweigh the Risks? appeared first on McAfee Blog.
Yes, giving your PC a good, old-fashioned cleaning can improve its performance. And it only takes minutes.
For the most part, PCs don’t slow down on their own over time. It’s the way we amass apps, files, and services that slows things down as your PC ages.
A few examples come to mind:
So, if your PC is feeling a bit sluggish — or if you’ve never cleaned your PC before — you have a few options to speed things up.
Start by backing up your files and photos
Any time you do some upkeep on your PC, back up your stuff. Given that so many of us store our files and photos in the cloud, this step is easy. You already have backups. Give those files a quick review and make sure what you need is backed up in the cloud.
You can also create a physical backup. An external drive can store those files as well, giving you extra redundancy. With your backup in hand, you can store it securely elsewhere in the event you need it.
Delete old apps
Drop over to your Windows search bar and type in “Storage.” That’ll take you to a screen that gives some solid insight into what your drive space looks like.
The great thing about this screen is that you can jump right in and get to work. For example, by clicking the “Apps & features” option, you get a list of all your apps stored on that drive. And with a click, you can delete the old ones you don’t want.
This does you well in a couple of ways. One is the obvious disk space you regain. The second is a bit more subtle. Older apps might go without an update, which can lead to security loopholes that hackers can exploit. Remove the old app, and you remove the loophole.
Remove temporary files
From the same menu, you can click and see how much space temporary files are taking up. You’ll likely see several categories of temporary files that you can delete. Take close note, though. While temporary, some of them still offer benefits. For example, you might want to keep “Windows update log files,” in the event you ever need to troubleshoot Windows.
Clear your browser cache and cookies
This one is a bit of a double-edged sword. Your cache and cookies make many web pages load faster. By storing images, preferences, and other info, cookies speed up load times. However, as months go by, cookie data can get bloated. If the disk space they use looks a little high to you, clean them out. You can do this in Windows by typing “Cookies” in your search bar. Additionally, you can clear it from your browser’s menu.
Important: This can remove any saved passwords stored in your browser. However, if you’re using a password manager, this isn’t a worry. The manager does the remembering for you.
Shut off startup apps that slow you down
Windows runs several apps on startup, some of which you certainly need, like antivirus apps or online protection software. Others might find themselves in that mix too, with apps that you don’t need running right away. These can slow down startup and eat up resources.
Head to your Windows search bar and type “Startup.” When the result pops up, select “Startup Apps.” From there, you’ll see a list of all your startup apps. You’ll also see a quick readout on each app that shows its impact on performance. Scroll through and click off the apps you don’t want to load at startup. Consider them carefully, though. If you’re uncertain of what a startup app does, do a web search on it before making any changes. Or just leave it alone.
Completely erase sensitive files
You’d think that deleting files in the recycle bin erases them entirely. Not so. It removes the “pointer” to those files. The data remains on the drive. It only gets removed when something new overwrites it. Which can take time.
To completely erase files with sensitive info, use a product like our own File Shredder. It permanently deletes files, and you find it in our McAfee+ plans. Although this doesn’t necessarily improve performance, it helps prevent identity theft.
Consider a deeper clean with a PC Optimizer
PC cleaning software, like McAfee PC Optimizer, simplifies the process of cleaning your PC. These programs are designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry, often at the press of a button. It’s crucial, though, to choose reliable and safe PC cleaning software. Some can be excessive, doing more harm than good, or even carry malware. Reading reviews and understanding what each feature does is important before using PC cleaning software.
These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time, and freeing you from the hassle of remembering to run the cleanup.
A clean slate for you and your PC
Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity.
It’s important to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee+ can simplify the process and save time.
Regular cleaning keeps your PC running smoothly, prevents potential threats, and ensures your personal and sensitive info is safe. So, if you haven’t started yet, it’s never too late to begin cleaning your PC and enjoy an optimized computing experience.
The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.
With the digital lifestyle becoming more prevalent, Wi-Fi connections have become a necessity in our day-to-day lives. We frequently connect our devices to available Wi-Fi at various locations such as hotels, restaurants, cafes, and airports. The ability to be connected anywhere, anytime is extraordinary, but it also presents a significant security concern. Unsecured Wi-Fi networks can expose our personal and sensitive data to potential hackers.
These hackers can gain access to our personal data stored on our devices or observe our online activities, thereby infringing our digital privacy. Sometimes, they purposely set up deceitful free Wi-Fi connections or hotspots to entice unsuspecting users and exploit their data. Therefore, it’s important to understand the risks associated with unsecured Wi-Fi connections and adopt certain preventive measures to ensure the safety of our personal data.
Using free Wi-Fi or hotspots can indeed be convenient for users when they’re away from their secure home networks. However, such networks usually lack proper security measures, rendering them highly susceptible to various cyber attacks. Hackers often target these networks as it is easier to infiltrate and access users’ data.
The most common risk is the interception of data, where hackers can view and steal sensitive information such as usernames, passwords, and credit card details. They can also inject malware into your device through the insecure network, further compromising your data and device’s security. Additionally, the Wi-Fi you’re connecting to might be a rogue hotspot set up by hackers, designed specifically to steal user information. Therefore, the use of such networks should be approached cautiously.
→ Dig Deeper: KRACK Hack Threatens Wi-Fi Security – What it Means for You
McAfee Pro Tip: The most secure Wi-Fi network is the one that remains inactive. Deactivating the Wi-Fi signal on your device ensures that your device remains invisible, preventing your mobile from automatically connecting to any available Wi-Fi network. Pick up more tips on this blog.
Despite these risks, there are several steps that you can take to ensure your cybersecurity while using Wi-Fi connections. Firstly, it’s a good practice to turn off your Wi-Fi when you’re not using it. This prevents your device from automatically connecting to available networks, reducing the risk of connecting to an insecure network. Equally important is avoiding the use of sensitive applications or websites, like online banking services, when connected to a public network.
→ Dig Deeper: Elevate Your Financial Security: How to Safely Bank Online
Another preventive measure is to use only websites that support HTTPS protocol. The usage of HTTPS, as against HTTP, ensures secure communication over the network as the data is encrypted. This reduces the chances of your data being intercepted by hackers. Hence, always look for “HTTPS://” in the address bar of your internet browser before sharing any sensitive information.
For an extra layer of security when using public Wi-Fi or hotspots, you might want to consider investing in a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept and view your data. While you’re connected to a VPN, all your network traffic passes through this protected tunnel, and no one—not even your ISP—can see your traffic until it exits the tunnel from the VPN server and enters the public internet.
→ Dig Deeper: On Public Wi-Fi, a VPN is Your Friend
It is also advisable to keep all your devices, browsers, and apps updated with the latest security patches. Hackers frequently exploit known vulnerabilities in outdated software, so ensuring you have the latest updates can help prevent unauthorized access to your data. Enabling automatic updates ensures that your software is always up-to-date, further protecting against potential threats.
→ Dig Deeper: Why Software Updates Are So Important
Protecting your home Wi-Fi is equally important. Always password-protect your home network with a strong, unique password, and consider changing the default user name and password that come with your router. Default logins can be easily found by attackers, making it easier for them to gain unauthorized access. Additionally, changing your router’s default Service Set ID (SSID) can make it more difficult for hackers to identify and target your network.
Another step you can take is to set up a guest network for visitors to your home. This limits their access to your main network, where your sensitive information and devices are connected. Be sure to change the password for your guest network regularly, especially after hosting guests. Lastly, turning off your network when you’re not using it, especially when you’re away from home for extended periods, can reduce the risk of unauthorized access.
→ Dig Deeper: How to Secure Your Home Wi-Fi
Smartphones have become indispensable tools for communication, work, and leisure. However, with the convenience of accessing Wi-Fi networks on these devices comes the responsibility of ensuring their security.
First and foremost, prioritize trusted networks, such as your home or office, over open or public networks. Ensure that your connections are encrypted, preferably using WPA2 or WPA3, for data protection. Create robust, unique passwords for both your Wi-Fi network and your device connections.
Furthermore, employ two-factor authentication (2FA) for added security, especially for accounts linked to Wi-Fi access. Again, a VPN can further bolster your defenses by encrypting your internet traffic, making it indispensable when using public Wi-Fi networks. But it’s also important to keep your mobile device’s software up-to-date to ensure you benefit from the latest security patches.
Finally, be wary of connecting to mobile hotspots created by other devices, as these can pose security risks if not adequately secured, and regularly audit app permissions on your mobile device and restrict access to sensitive data whenever possible.
By following these measures and best practices, you can significantly enhance the security of your mobile devices when connecting to Wi-Fi networks, safeguarding your digital privacy and peace of mind.
With the growing reliance on Wi-Fi connections to access the internet on our devices, it’s crucial to understand the security risks associated with public Wi-Fi or hotspots. Unauthorized access, data interception, and malware infections are some of the key risks when using these connections. However, by adopting appropriate measures such as using secure websites, turning off Wi-Fi when not in use, using VPN, and bolstering home network security, we can significantly mitigate these risks and ensure our personal data’s safety. So the next time you connect to a Wi-Fi network, remember to exercise caution and take steps to protect your personal information.
We encourage you to improve the layers of your digital and device security for optimal protection. Browse McAfee’s software solutions to find the best software that suits your needs.
The post Why Should You be Careful When Using Hotspots or Free Wi-Fi? appeared first on McAfee Blog.
In today’s digital world, the importance of creating and maintaining secure and complex passwords cannot be overstated. A common misconception is that a password only needs to be memorable. Whilst this is a helpful trait, it does a disservice to the importance of having a secure series of characters. This guide will walk you through why “123456” is not an acceptable password, dispel some common password misconceptions, and provide some tips on how to create a secure password.
Security is a necessary concern in the digital age. Every time we create an account, fill out a form, or simply browse the internet, we leave a digital footprint that can be traced back to us. Criminals, hackers, and other malicious parties are constantly hunting for sensitive information they can exploit. This is what makes the creation of secure passwords so vital.
Think of your password as the first line of defense against potential attackers. When your passwords are weak or predictable, like ‘123456’, you effectively leave your front door open to criminals. While it may feel like an inconvenience to memorize complex passwords, consider the potential damage that could be done should your personal or financial information fall into the wrong hands.
→ Dig Deeper: Protect Your Digital Life: Why Strong Passwords Matter
Some may argue that ‘123456’ is a good password because it’s easy to remember. This is a dangerous misconception. ‘123456’ is an extremely common password, and it’s also one of the first combinations that hackers attempt when trying to break into an account. In fact, according to reports, ‘123456’ and ‘password’ are consistently ranked as the most commonly used passwords year after year.
Another reason why ‘123456’ is not a good password is due to its lack of complexity. Many websites and online services require passwords to include a mix of upper and lower-case letters, numbers, and symbols. This requirement is not arbitrary; it’s a method proven to increase the difficulty for hackers attempting to crack your password. Using ‘123456’ as your password doesn’t meet these requirements, making it an easy target for a hacking attempt.
→ Dig Deeper: Six Easy Steps to Help Keep Hackers at Bay
Ensuring that your password adheres to certain safety standards is crucial. Here are some key checks to consider when creating a password:
→ Dig Deeper: Make Your Smart Home a Secure Home Too: Securing Your IoT Smart Home Devices
Your proactive approach to password security is the bedrock of your defense against evolving cyber threats, ensuring your digital life remains safe and sound. Make sure to follow these reminders every time you create and change passwords.
Password managers are specialized tools that generate, store, and autofill complex and unique passwords for various online accounts. They eliminate the need for users to remember and manually enter their passwords, and this not only simplifies the login process but significantly bolsters security. These tools employ strong encryption to safeguard your login credentials, ensuring your passwords remain inaccessible to hackers. Many password managers also offer the convenience of cross-device synchronization, allowing you to access your passwords securely on multiple platforms.
Cybersecurity threats are more sophisticated than ever, and easily guessable passwords are the first vulnerabilities that malicious actors exploit. So, as you aim to make your 123456 passwords more complicated, consider using a password manager to store all your passwords and help you remember them properly.
Changing passwords frequently is a habit we all need to cultivate. Doing so regularly makes it very difficult for cybercriminals to gain access to your personal information. It’s not just about protecting your accounts, but every device that holds your precious data. This habit, though may seem cumbersome initially, will eventually act as a robust shield against potential cyber attacks. Interest in cyber security is rising, and for a good reason. With more of our lives moving online, it’s crucial to stay updated on the latest trends in mobile and digital security. Many resources are available online to help individuals stay safe in the digital world. Maintaining strong, unique passwords and changing them frequently is one of the simplest and most effective ways to safeguard against cyber threats.
The frequency of changing passwords should be tailored to the security sensitivity of the account and the strength of the existing password. For high-security accounts, such as email or online banking, changing passwords every 60 to 90 days is advisable, while moderate-security accounts can be changed every 90 to 180 days. Low-security accounts may require less frequent changes, and immediate password updates are essential if you suspect a compromise. Strong, unique passwords reduce the necessity for frequent changes, and the use of two-factor authentication further enhances account security.
McAfee Pro Tip: In certain circumstances, it might become imperative to change your password without delay, particularly when a malicious actor gains unauthorized access to your account. Learn more about how often you should change your passwords.
‘123456’ is not an acceptable password due to its predictability and lack of complexity. Choosing secure passwords that are complex, unique, and difficult to guess is crucial in safeguarding your online presence. Coupled with regular password changes, using a password management solution, and avoiding default device passwords, you can ensure your personal and financial information remains secure. In the digital age, a secure password is not just a need, but a necessity. A reliable password manager, meanwhile, is a good, functional option to improve password security.
The post 123456 Is Not an Acceptable Password appeared first on McAfee Blog.
It is common knowledge that connecting your devices to public Wi-Fi can expose them to potential malware and other security risks. But have you ever considered the dangers that might be lurking within public USB chargers? In a surprising revelation, researchers at Georgia Tech discovered that public iPhone chargers can be a conduit for malicious apps, posing a significant risk to your data security and privacy.
Interestingly, the malicious apps resulting from public iPhone chargers do not require any downloads or visits to the app store. These apps are installed on your iPhone via the compromised USB chargers. Once installed, they function like conventional malware, controlling your device and potentially accessing sensitive information such as banking login details. They can even intercept your phone calls and remotely control your device. The distinctive aspect of these threats is their delivery method—through seemingly innocuous iPhone chargers.
Despite these alarming characteristics, the threat posed by these malicious apps is not widely recognized or understood. Many people continue to casually plug their iPhones into public USB ports casually, little knowing the potential danger they expose their devices to. In contrast to the common belief that devices locked with a PIN or passcode are safe, these malicious apps can still infiltrate your iPhone if it is unlocked even for a moment.
→ Dig Deeper: How Safe Is Your Android PIN Code?
How exactly do these malicious apps find their way into our iPhones? The scheme was demonstrated by researchers from Georgia Tech, who managed to fool Apple’s security team with a dummy Facebook app containing a hidden malware code. Their experiment showed that when an iPhone connected to a compromised charger is unlocked, the faux Facebook app activates, allowing hackers to take control of the device remotely.
These threats, often called “AutoRun” threats, can make calls, view passwords, alter settings, and perform other operations on your device without your knowledge. The alarming thing about them is that they start executing when a corrupted drive is plugged into a device. Clearly, this poses a unique and powerful threat to smartphones, tablets, PCs, and Macs alike. As our dependence on these devices grows, so does the urgency to understand and prevent such attacks.
→ Dig Deeper: Can Apple Macs Get Viruses?
Though the AutoRun threat may sound like a plot straight out of a sci-fi movie, it is disturbingly real. This McAfee Threats Report revealed that the prevalence of these attacks doubled in one year and continues to rise. Such an escalation underscores the need for increased awareness and caution concerning our device usage.
While the threat experiment conducted by Georgia Tech researchers was staged, the potential for its execution by cybercriminals is very real. Cybercriminals are always looking for weak spots in security systems, and public USB chargers are proving to be one such vulnerability. This is made worse because not many people are aware of this weakness, making them easy targets for cybercriminals.
McAfee Pro Tip: Stay informed about less conventional threats, such as malware that may lurk in unexpected places like chargers, by exploring the wealth of cyber resources available in McAfee’s extensive collection of resources. Dive into our informative blogs and in-depth reports to expand your awareness and understanding of these unconventional risks.
Apple responded promptly to the Georgia Tech experiment and released an update to raise a warning when connecting to unfamiliar USB chargers. However, this warning is often ignored and opens the device to potential threats. So, the safest preventive measure is to avoid using public charging stations.
Moreover, it is advisable not to unlock your devices while charging. Unlocking an iPhone, even momentarily, was key to disseminating the malicious app in the Georgia Tech experiment. If you’ve connected to a public USB charger and want to verify that your device hasn’t been compromised, navigate to Settings > General > Profiles. If you see any unfamiliar names, remove them immediately.
→ Dig Deeper: Protecting the Universal Remote Control of Your Life—Your Smartphone
Public charging stations might seem like a convenient solution, but they come with their own set of risks–malware is one, as mentioned. One of the most practical and secure alternatives to public charging stations is carrying a portable charger, commonly known as a power bank. These devices come in various sizes and capacities, making it easy to find one that suits your needs. Another simple yet effective alternative to public charging stations is to carry your own charging cable. Most people use USB cables that can be connected to power sources like laptops, portable chargers, or even wall outlets.
Along with avoiding public charging stations, it is crucial only to download apps from trusted sources. While the malicious app in the experiment was installed via a compromised charger, caution is still paramount when downloading apps, even over Wi-Fi. Stick to official app stores to lessen the risk of downloading malware-laden apps.
Perhaps the most significant measure to protect against cyber threats is installing comprehensive security on all your devices. A complete solution like McAfee LiveSafe not only protects your devices from the latest forms of malware, spyware, and other viruses and safeguards your identity and valuable data. The ever-evolving tactics of cybercriminals require vigilant and robust security measures.
As our reliance on smartphones and other devices grows, so does the sophistication and prevalence of cyber threats. In this high-risk digital era, awareness and caution are the first steps toward protection. The experimental threat posed by public iPhone chargers underscores the hidden dangers we may unknowingly expose ourselves to. By understanding these threats and implementing protective measures, such as using trusted sources for app downloads and comprehensive security software, we can minimize our vulnerability to such attacks. As we continue to live in an increasingly digital world, it is more important than ever to understand potential threats and take steps to protect ourselves and our valuable data.
Safeguarding your devices, especially those that are an integral part of your daily life and constantly require recharging, is paramount in our increasingly interconnected world. McAfee’s cutting-edge software solutions offer a fortified defense against many online perils.
The post US-B Careful: Public iPhone Chargers Lie in Wait appeared first on McAfee Blog.
The eagerly awaited holiday sales such as Black Friday and Cyber Monday are just around the corner. As consumers, we look forward to getting the best deals online, but we’re not the only ones. Hackers are also keenly anticipating these holidays but for different reasons. They use this period to come up with all sorts of shopping scams that can potentially put a dampener on the holiday spirit for unsuspecting shoppers.
This article provides you with ten tips to keep you and your family safe from online shopping scams this season. These tips will not only help you spot a good deal but also help you avoid falling prey to online scams, thereby ensuring that you keep your finances safe during this shopping season.
A common tactic employed by hackers involves the use of malware hidden in email attachments. During the holiday sales season, they often camouflage their malware in emails that claim to contain offers or shipping notifications. It is important to remember that legitimate retailers and shipping companies will not send offers, promo codes, or tracking numbers as email attachments. Instead, they will mention these details in the body of the email.
Therefore, be wary of any email attachments you receive from retailers or shippers. If something seems off, it probably is. Do not download or open suspicious attachments, as this could potentially lead to a malware attack.
→ Dig Deeper: McAfee Protects Against Suspicious Email Attachments
Scammers often employ a tactic known as “typosquatting,” where they create phony email addresses and URLs that look incredibly similar to the legitimate addresses of well-known companies and retailers. These are often sent via phishing emails, and instead of leading you to great deals, these links can direct you to scam websites that extract your login credentials, payment information, or even directly extract funds from your account when you attempt to place an order through them.
Therefore, it is imperative to double-check all email addresses and URLs before clicking on them. Look out for subtle discrepancies in the spelling or arrangement of characters, as these are often indicators of a scam. If a link or email address seems suspicious, do not click on it.
→ Dig Deeper: How Typosquatting Scams Work
In continuation with the previous point, scammers also set up websites that resemble those run by trusted retailers or brands. These websites often advertise special offers or attractive deals on popular holiday items. However, these are nothing more than a ruse to trick unsuspecting shoppers into divulging their personal and financial information.
These scam websites are often spread through social media, email, and other messaging platforms. It’s crucial to exercise skepticism when encountering such links. Instead of clicking on them, it’s always safer to visit the brand’s official website directly and look for the deal there.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Using a robust and comprehensive security software suite while shopping can provide you with additional layers of protection against scams. For instance, web browser protection features can block malicious and suspicious links, reducing the risk of falling prey to malware or a financial scam.
Ensure your antivirus software is up to date and your firewall is enabled. At the same time, enable secure browsing options available in your web browser. These simple steps can go a long way in securing your online shopping experience.
Using the same passwords across multiple platforms is akin to giving hackers a free pass. If they manage to hack into one account, they can potentially gain access to others that share the same password. To avoid this, consider using a password manager. These tools can generate complex and unique passwords for each of your accounts and store them securely, saving you the hassle of remembering them all.
By diversifying your passwords and securing them effectively, you can significantly reduce the risk of becoming a victim of a hack or a scam. The importance of this proactive approach cannot be overstated in today’s interconnected world, where our personal and financial information is often just a few clicks away from prying eyes and malicious intent.
→ Dig Deeper: Strong Password Ideas to Keep Your Information Safe
Two-factor authentication (2FA) is an invaluable tool that adds an extra layer of protection to your accounts. When 2FA is enabled, gaining access to your accounts isn’t as simple as just entering your username and password. Instead, you also need to input a unique, one-time-use code that is typically sent to your phone or email. This code acts as a second password, making your account significantly more secure.
If any of your accounts offer 2FA, it’s crucial to take advantage of this feature. While it might initially seem cumbersome, the added security is well worth the slight inconvenience.
Public Wi-Fi networks, such as those found in coffee shops and other public locations, can be dangerous due to their lack of security. If you shop online through a public Wi-Fi network, you’re essentially broadcasting your private information to anyone who cares to look. To prevent this, consider using a virtual private network (VPN).
VPNs encrypt your internet traffic, securing it against any prying eyes. This encryption protects your passwords, credit card numbers, and other sensitive information from being intercepted and misused. If you frequently shop online in public places, using a VPN is a must.
In the U.S., the Fair Credit Billing Act protects against fraudulent charges on credit cards. Under this act, you can dispute any charges over $50 for goods and services that you never received or were billed incorrectly for. Moreover, many credit card companies offer policies that add to the protections provided by the Fair Credit Billing Act.
However, these protections don’t extend to debit cards. When you use a debit card, the money is immediately drawn from your bank account, making it more difficult to recover in case of fraud. So, for online shopping, it’s safer to use a credit card instead of a debit card.
A virtual credit card can provide an extra layer of security for your online purchases. When you use one of these cards, it generates a temporary card number for each transaction, keeping your real card number safe. However, there are potential downsides to be aware of, such as difficulties with returns and refunds.
Before deciding to use a virtual credit card, understand its pros and cons. Research the policies of the issuing company so you can make an informed decision about whether or not it’s the right choice for you.
Given the number of accounts most of us manage and the rampant incidents of data breaches, it’s crucial to monitor your credit reports for any signs of fraud. An unexpected change in your credit score could indicate that someone has taken out a loan or credit card in your name. If you notice any discrepancies, report them immediately to the credit bureau and to the lender who reported the fraudulent information.
In the U.S., you’re entitled to a free credit report from each of the three major credit bureaus every year. Utilize this service and check your reports regularly. Remember, quickly identifying and reporting fraudulent activity is the key to mitigating its impact.
McAfee Pro Tip: Have you encountered a suspicious charge on your credit card and felt uncertain about the next steps? Get a credit monitoring service to monitor any unusual credit-related transactions that may be a potential sign of identity theft.
As we approach Cyber Monday, it’s important to stay vigilant to protect yourself and your family from online scams. By taking simple precautions like verifying email addresses, resorting to 2FA, using a VPN while shopping on public Wi-Fi, and monitoring your credit reports, you can significantly reduce your chances of falling for an online shopping scam. Additionally, consider employing cybersecurity solutions like McAfee+, which offer robust protection against various online threats. Remember, if a deal seems too good to be true, it probably is. Happy and safe shopping!
The post Cyber Monday: Protect Yourself and Your Family from Online Shopping Scams appeared first on McAfee Blog.
As we gear up to feast with family and friends this Thanksgiving, we prepare our wallets for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year, they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s look at these two holidays and how their popularity can impact users’ online security, and grab a great Black Friday holiday deal from McAfee.
You might be surprised that “Black Friday” was first associated with a financial crisis, not sales shopping. The U.S. gold market crashed on Friday, September 24, 1869, leaving Wall Street bankrupt. In the 1950s, Black Friday was associated with holiday shopping when large crowds of tourists and shoppers flocked to Philadelphia for a big football game. Because of all the chaos, traffic jams, and shoplifting opportunities that arose, police officers could not take the day off, coining it Black Friday. It wasn’t until over 50 years later that Cyber Monday came to fruition when Shop.org coined the term as a way for online retailers to participate in the Black Friday shopping frenzy.
In conclusion, the origins of “Black Friday” are indeed surprising and far removed from the image of holiday shopping extravaganzas that we associate with the term today. These historical roots offer a fascinating perspective on the evolution of consumer culture and the significance of these shopping events in modern times.
Since the origination of these two massive shopping holidays, both have seen incredible growth. Global interest in Black Friday has risen year-over-year, with 117% average growth across the last five years. According to Forbes, 2018’s Black Friday brought in $6.2 billion in online sales alone, while Cyber Monday brought in a record $7.9 billion.
While foot traffic seemed to decrease at brick-and-mortar stores during Cyber Week 2018, more shoppers turned their attention to the Internet to participate in holiday bargain hunting. Throughout this week, sales derived from desktop devices came in at 47%, while mobile purchases made up 45% of revenue and tablet purchases made up 8% of revenue.
So, what does this mean for Black Friday and Cyber Monday shopping this holiday season? In 2023, Adobe Analytics anticipates that Cyber Monday will maintain its status as the most significant shopping day of the season and the year, spurring a historic $12 billion in spending, reflecting a year-over-year increase of 6.1%. Online sales on Black Friday are expected to increase by 5.7% year over year, reaching $9.6 billion, while Thanksgiving is projected to grow by 5.5% year over year, amounting to $5.6 billion in spending.
If one thing’s for sure, this year’s Black Friday and Cyber Monday sales are shaping up to be the biggest ones for shoppers looking to snag some seasonal bargains. However, the uptick in online shopping activity provides cybercriminals the perfect opportunity to wreak havoc on users’ holiday fun, potentially disrupting users’ festive experiences and compromising their online security. In light of this, it is crucial to take proactive measures to safeguard your digital presence. One effective way to do so is by investing in top-tier online protection solutions. McAfee, a renowned leader in the field, offers award-winning cybersecurity solutions designed to shield you from the ever-evolving threats in the digital landscape. Explore the features of our McAfee+ Ultimate and Total Protection and be informed of the latest cyber threats with McAfee Labs.
→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation
With the surge in online shopping during Black Friday and Cyber Monday, cybercriminals are also on high alert, crafting sophisticated scams to trick unsuspecting shoppers. One common form of scam you’ll come across during this time is fraudulent websites. These sites masquerade as reputable online retailers, luring customers with too-good-to-be-true deals. Once shoppers enter their personal and financial data, the criminals behind these sites gain access to the sensitive information, paving the way for identity theft.
Phishing emails are another popular mode of scam during these shopping holidays. Shoppers receive emails that appear to be from legitimate stores advertising incredible deals. The emails typically contain links that direct users to a fraudulent website where their information can be stolen. It’s essential to approach every email suspiciously, checking the sender’s information and avoiding clicking on unsolicited links.
→ Dig Deeper: How to Protect Yourself From Phishing Scams
Thankfully, there are steps you can take to protect yourself when shopping online during Black Friday and Cyber Monday. First, always ensure that the website you’re shopping from is legitimate. Check for the padlock icon in the address bar and “https” in the URL, as these are indicators of a secure site. Steer clear of websites that lack these security features or have misspelled domain names, as they could be fraudulent.
McAfee Pro Tip: When browsing a website, there are several essential cues to consider when assessing its safety. As mentioned, one such indicator is the presence of “https” in the website’s URL. But there are also other tell-tale signs, such as fake lock icons, web copy, web speed, and more. Know how to tell whether a website is safe.
Furthermore, never provide personal or financial information in response to an unsolicited email, even if it appears to be from a trusted source. If the offer seems tempting, visit the retailer’s official website and check if the same deal is available there. Finally, consider installing a reputable antivirus and security software, like McAfee, that can provide real-time protection and alert you when you stumble upon a malicious website or receive a phishing email.
Black Friday and Cyber Monday are prime opportunities for consumers to snag once-a-year deals and for cybercriminals to exploit their eagerness to save. However, being aware of the prevalent scams and knowing how to protect yourself can save you from falling prey to these ploys. Always strive to shop smart and stay safe, and remember that if an offer seems too good to be true, it probably is.
The post Secure Your Black Friday & Cyber Monday Purchases appeared first on McAfee Blog.
Hackers love Ryan Gosling. In fact, hackers use his name as bait more than any other celebrity.
With that, the celebrated star of “Barbie” and umpteen other hit films tops our Hacker Celebrity Hot List for 2023. It’s our annual study that reveals which big-name celebrity searches most often link to malware and risky sites. And this year, we’ve evolved the list. It now includes celebs spotted in deepfake and other AI-driven content.
With Gosling’s high profile this year, it comes as little surprise that he ranked so highly. As we reported earlier this year, “Barbie” was a huge hit for cybercriminals as well. They baited consumers with a rash of ticket scams, download scams, and other attacks that capitalized on the summer hit’s hype.
Months later, searches for Gosling remain high. His portrayal of Ken has scored him a first-ever Billboard Hot 100 song with “I’m Just Ken.” Meanwhile, Ken and Barbie outfits rank among the most popular Halloween costumes for 2023.
And if you’re wondering, Margot Robbie, who starred as Barbie to Gosling’s Ken, ranked number eight on our list. The full top ten breaks down as follows:
The hackers behind these celebrity-driven attacks are after two primary things.
Accordingly, they’ll pair celebrity names with terms like audio book, lyrics, deepfake, free ringtone, free movie, free download, MP4, among others—which generate results that lead to sketchy sites.
In all, they target people who want to download something or get a hold of celebrity-related content in some form. Again, think of the “Barbie” movie scams earlier this year that promoted free downloads of the movie — but of course they were malware and identity theft scams.
Searching for a celebrity name alone didn’t necessarily lead to a list of sketchy results. Our own Chief Technology Officer, Steve Grobman, described the risks well. “We know people are seeking out free content, such as movie downloads, which puts them at risk. If it sounds too good to be true, it generally is and deserves a closer look.” Yet hackers know how hungry people are for celebrity content, and unfortunately some people will go ahead and click those links that promise celebrity-filled content, despite the risks.
Further rounding out the list, we found several big names from sports and popular culture.
Argentine soccer player Lionel Messi comes in at number 18 on the list, who recently made the move to Miami’s Major League Soccer team. Recent retiree and all-time American football great Tom Brady clocked in at number 19, and Travis Kelce, American football tight end for the Kansas City Chiefs, came in at number 22. NBA star Steph Curry at number 23, while Aaron Rogers, another American football legend, came in at number 31. And Serena Williams, a dominant force on the court and in culture, ranked at number 32.
Reality and pop culture favorites also made the top 50, with Andy Cohen of “Real Housewives” fame taking the number 11 slot, followed by Kim Kardashian at number 24, and Tom Sandoval at number 40 on the list.
And for the Swifties out there, Taylor Swift ranked 25 on our list this year.
Thanks to readily available AI tools, cybercriminals have increased both the sophistication and volume of their attacks. It’s no different for these celebrity-based attacks.
According to McAfee researchers, one such AI-driven trend is on the rise: deepfakes. For example, Elon Musk. He hit number six on our list, and our researchers found a significant volume of malicious deepfake content tied to his name — often linked with cryptocurrency scams.
Taking a sample set of the top 50 list, McAfee researchers discovered between 25 to 135 deepfake URLs per celebrity search. While there are instances of malicious deepfakes, many celebrity deepfakes fall into recreational or false advertising use cases right now. However, there is growing evidence that future deepfakes could turn deceptive — deliberately passing along disinformation in a public figure’s name.
You have every reason, and every right, to search for and enjoy your celebrity content safely. A mix of a sharp eye and online protection can keep you safe out there.
Hackers and scammers love riding the coattails of celebrities. By hijacking big names like Ryan, J-Lo, and Bad Bunny, they dupe plenty of well-meaning fans into downloading malware or handing over their personal info.
Of course, that’s no reason to stop searching for those celebs. Not at all. Go ahead and enjoy your shows, music, and movies—and all the news, gossip, and tea surrounding them. That’s all part of the fun. Just do it with a sharp eye and the proper protection that has your back.
The post McAfee 2023 Hacker Celebrity Hot List – Why Hackers Love Ryan Gosling so Much appeared first on McAfee Blog.
Reels of another kind rack up the views online. Stories about Facebook Marketplace scams.
Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft.
@michel.c.janse oops dont fall for this scam like me
The story goes like this:
A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.”
As she found out, it was. The scammer ghosted the conversation and ran off with the verification code.
This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name.
It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account.
This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do.
As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms:
A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who:
An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.
A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who:
An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in.
A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing:
An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle.
Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe.
You can take three big steps to help set things straight.
Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft.
We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved.
Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down.
Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road.
The post How to Look Out For Scams on Facebook Marketplace appeared first on McAfee Blog.
Amidst the recent heartbreaking events in the Middle East, parents now face the challenge of protecting children from the overwhelming amount of violent and disturbing content so easily accessible to children online.
Reports of unimaginable acts, including graphic photos and videos, have emerged on popular social networks, leading child advocates to call for heightened monitoring and, in some cases, the removal of these apps from children’s devices. According to a recent investigation by The Institute for Strategic Dialogue, the team adopted the personas of 13-year-olds to establish accounts on Instagram, TikTok, and Snapchat. During a 48-hour period spanning from October 14 to 16, the researchers unearthed over 300 problematic posts. Surprisingly, a significant majority of these problematic posts, approximately 78%, were discovered on Instagram, with Snapchat hosting about 5% of them.
In today’s digital age, the consensus is clear: keeping older children informed about global events is important. However, given the abundance of real-time, violent content, the urgency to protect them from distressing material that could harm their mental well-being has become even more imperative.
In such times, there isn’t a one-size-fits-all strategy, but we can provide valuable tips to help you monitor and minimize your child’s exposure to violent content.
To wrap up, don’t lose sight of mental and physical well-being by implementing the strategies mentioned here. By setting a strong example of a balanced digital life and open communication about real-life crises, your children will naturally pick up on how to navigate the online world. Your actions speak volumes, and they will follow your lead.
The post Digital Strategies to Safeguard Your Child from Upsetting and Violent Content Online appeared first on McAfee Blog.
Recently, news broke that over 300,000 Android users downloaded supposed banking apps from the Google Play Store loaded with trojans. These malicious apps managed to outwit the store’s security checkpoints to install malware on the unsuspecting users’ devices. It is more important than ever to stay vigilant about mobile security.
The crafty hackers behind this threat disguised their trojans as commonly searched-for apps, such as QR code scanners, fitness apps, and other popular utilities. The malicious code within these apps is specifically designed to steal banking information, record keystrokes as users enter their account details, and capture screenshots of activities carried out on the phone.
The unique feature of this malware is that it only initiates its harmful activities after being installed. Whether or not the user is aware of the malware’s presence can vary. For the malware to trigger, it needs an additional step, often an in-app update that’s not through the Play Store. This update then downloads the malware payload onto the device. In numerous instances, the counterfeit apps force users into accepting this update once the app is downloaded.
While the apps originally found on the Play Store may not have contained malware in their code, they serve as a delivery system for the payload from other servers after being installed on a user’s device. This discrete method of operation is one of the reasons these harmful apps have managed to escape detection.
The evolving threat highlights the necessity of scrutinizing app permissions and being cautious of in-app prompts, especially if they deviate from the standard update processes provided by reputable app stores. As the malware landscape evolves with increasingly sophisticated tactics, understanding these threats and adopting proactive security measures is crucial for safeguarding the integrity of our digital devices and personal data.
→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation
Smartphones are enticing targets for hackers. They contain personal information and photos, banking and other payment app credentials, and other valuable data that hackers can exploit. The smartphone’s other features—like cameras, microphones, and GPS—can offer hackers even more invasive capabilities.
Once a smartphone is compromised, a hacker can hijack social media, shopping, and financial accounts; drain wallets by racking up app store purchases or interfering in payment apps; and even read text messages or steal photos. Understanding the nature of these threats, it is essential for users to take protective measures.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Mobile applications have become an integral part of our lives, so the responsibility of app developers to ensure security is paramount. Users entrust these apps with their personal information, from contact details to financial data, making it imperative for developers to prioritize security throughout the entire app development process.
One of the primary responsibilities of app developers is to implement secure coding practices. This entails writing code that guards against vulnerabilities and potential exploits. Developers can significantly reduce the risk of security breaches by incorporating measures like robust authentication systems, data encryption, and secure data transmission protocols. Additionally, regular security audits and testing are essential to identify and rectify vulnerabilities promptly.
App developers must also be vigilant when it comes to user data protection. This involves not only securely storing sensitive information but also safeguarding it during transmission. Properly managing app permissions is another key aspect of ensuring user data privacy. Developers should request only the permissions necessary for an app’s core functionality and explain clearly to users why certain permissions are required.
To complete the discussion, app developers play a pivotal role in safeguarding user data and overall digital security. By adhering to secure coding practices, conducting regular security assessments, respecting user privacy, and responding swiftly to vulnerabilities, developers contribute to a safer and more trustworthy mobile app ecosystem. Ultimately, their commitment to security not only protects users but also upholds the integrity of the apps they create.
McAfee Pro Tip: App developers can only protect you if you download their applications from reputable app stores like Google Play and App Store. Downloading third-party applications can increase your risk of getting malware. Know more about third-party apps.
How do these harmful apps work? By presenting themselves as legitimate applications, they can sneak onto your phone and gain wide-ranging permissions to access files, photos, and functionalities. Alternatively, they may slip in code that enables hackers to gather personal data. This can result in various issues, from annoying popup ads to the loss of valuable identity information.
Some recent instances of such malicious apps include ad-blocking programs that serve up ads instead, VPN apps that charge subscriptions but provide no protection, and utility apps that misuse system privileges and permissions, further endangering users.
To avoid falling victim to such malicious apps, there are preventive steps you can take.
While major app marketplaces like Google Play and Apple’s App Store aim to eradicate malware from their platforms, hackers, being the persistent intruders they are, can find ways around these measures. Hence, extra vigilance on your part is essential. Below are some steps to help fortify your digital security:
Be wary of apps asking for unnecessary permissions, like simple games wanting access to your camera or microphone. Read the permissions list before downloading any app. If you find an app asking for more than it should need, it may be a scam. Delete it, and find a legitimate counterpart that doesn’t request for these invasive permissions.
Apps prompting you for immediate in-app updates can be a red flag. Typically, the app version you download from the store should be the most recent and not require an immediate update. Always update your apps through the app store, not the app itself, to avoid malware attacks.
Don’t download without researching the app first. Check the developer’s track record – have they published other apps with many downloads and good reviews? Malicious apps often have few reviews and grammatical errors in their descriptions. Stay alert for these signs.
Recommendations from trusted sources or reputable publications are often reliable as these sources have done the vetting for you. This method saves you time and ensures the app’s credibility.
Stick to Google Play and Apple’s App Store, which vet apps for safety and security. Third-party sites might not have a robust review process, and some intentionally host malicious apps. Google and Apple are quick to remove malicious apps once discovered, ensuring an added layer of safety.
Given the amount of data and information we store on our phones, having security software is just as crucial as having one on our computers and laptops. Whether you opt for comprehensive security software that safeguards all your devices or a specific app from Google Play or Apple’s iOS App Store, you’ll benefit from enhanced malware, web, and device security.
Updating your phone’s operating system is as important as installing security software. Updates often contain patches to fix vulnerabilities that hackers exploit to execute malware attacks. Therefore, regular updates are a necessary measure to keep your phone secure.
→ Dig Deeper: How Do I Clear a Virus From My Phone?
Staying vigilant and proactive against mobile malware is integral to maintaining your digital security. You can significantly ward off potential threats by scrutinizing app permissions, being wary of in-app updates, critically reviewing apps, trusting strong recommendations, avoiding third-party app stores, installing security software like McAfee Mobile Security, and updating your phone’s OS. Remember, a few moments spent on these precautions are minimal compared to the potential costs and consequences of a hacked phone.
The post Before You Download: Steer Clear of Malicious Android Apps appeared first on McAfee Blog.
The rise in popularity of Internet-connected smart devices has brought about a new era of convenience and functionality for consumers. From Smart TVs and refrigerators to wireless speakers, these devices have transformed the way we live and communicate. However, this advancement in technology is not without its downsides. One of the most notable is the increasing vulnerability to cyber-attacks. In this article, we’ll explore what happened when hundreds of thousands of these devices were roped into an extensive Internet-of-Things (IoT) cyber attack, how it happened, and how you can protect your smart devices to stay safe.
In what has been termed as the first widespread IoT cyber attack, security researchers discovered that over 100,000 smart home devices were manipulated to form a malicious network. This network, dubbed ‘ThingBot,’ was used to launch a massive phishing campaign, sending out approximately 750,000 spam emails over a two-week period.
The key players in this attack were the smart home appliances that many of us use every day. They range from Smart TVs and refrigerators to wireless speakers, all of which were connected to the internet. The attack signified two key developments: the rise of the IoT phenomenon and the substantial security threats posed by these increasingly connected devices.
→ Dig Deeper: LG Smart TVs Leak Data Without Permission
IoT refers to the growing trend of everyday devices becoming more connected to the web. This connection aims to bring added convenience and ease to our daily activities. It ranges from wearable devices like FitBit and Google Glass to smart TVs, thermostats, and computerized cars. While this trend is new and rapidly growing, its implications for security are significant.
The discovery of the IoT botnet in this attack demonstrates just how easily hackers can commandeer these connected smart devices. One would think that security software installed on PCs would provide adequate protection. Unfortunately, that’s not the case. The new generation of connected appliances and wearables does not come with robust security measures. This deficiency is the reason why hackers were able to infect more than 100,000 home devices in a global attack, manipulating these devices to send out their malicious messages.
→ Dig Deeper: The Wearable Future Is Hackable. Here’s What You Need To Know
Cybercriminals will continue to exploit the inherent insecurities in the IoT landscape. With the number of connected or “smart” devices projected to increase exponentially in the coming years (reaching an estimated 200 billion IoT devices by 2020). Here’s a list of those implications users can expect:
Prevention and precaution are the best defense against IoT cyber attacks. The first step is to secure your devices with a password. While it may seem simple and obvious, many consumers disregard this step, leaving their devices vulnerable to attacks. Using unique, complex passwords and frequently updating them can help to safeguard against hacking attempts. Furthermore, consider employing two-step verification for devices that offer this feature for additional security.
One must not forget the importance of software updates. Internet-connected devices such as smart TVs and gaming consoles often come with software that needs regular updating. Manufacturers typically release these updates to patch known security vulnerabilities. Hence, whenever there’s an update, it’s wise to install it promptly. It’s also crucial to exercise caution while browsing the internet on these devices. Avoid clicking links from unknown senders and do not fall for deals that appear too good to be true, as these are common phishing tactics.
→ Dig Deeper: Why Software Updates Are So Important
Before purchasing any IoT device, perform thorough research on the product and the manufacturer. Investigate the company’s security policies and understand the ease with which the product can be updated. In case of any doubts about the security of the device, don’t hesitate to reach out to the manufacturer for clarification. Remember, your security is paramount and deserves this level of attention.
Lastly, it’s vital to protect your mobile devices. Most IoT devices are controlled via smartphones and tablets, making them potential targets for hackers. Ensuring that these devices are secured helps to protect your IoT devices from being compromised. Services like McAfee LiveSafe™ offer comprehensive mobile security that provides real-time protection against mobile viruses, spam, and more, which significantly reduces the chances of a security breach.
McAfee Pro Tip: McAfee LiveSafe doesn’t just protect against mobile viruses. You can safeguard an unlimited number of your personal devices throughout the entire duration of your subscription. So, be sure to connect all your devices for optimal security.
As technology advances and the Internet-of-Things continues to expand, the security challenges associated with it will persist. The first global IoT cyber attack served as a wakeup call for both consumers and manufacturers about the potential security threats that come with the convenience of smart devices. It is essential for individual users to take proactive steps to secure their devices and for manufacturers to continually improve the security features of their products. By working together, we can enjoy the benefits of IoT without compromising our security. And by investing in reliable cybersecurity solutions like McAfee+, Total Protection, and Live Safe, you can enhance your defense against potential attacks and enjoy the benefits of IoT with greater peace of mind.
The post Smart TVs and Refrigerators Used in Internet-of-Things Cyberattack appeared first on McAfee Blog.
Digital technology has dramatically impacted our lives, making it easier and more convenient in many ways. With the use of smartphones, we perform a myriad of activities daily, from making phone calls and sending messages to shopping online and managing bank accounts. While these activities bring convenience, they also expose users to various security threats. Your Android PIN code is a critical aspect that protects your phone data from unauthorized access. But how safe is this four-digit code? This article aims to demystify this question and offers a comprehensive guide on the safety of Android PIN codes.
A Personal Identification Number (PIN) is a security code used to protect your mobile device from unauthorized access. It is usually a 4-digit number, though some devices allow longer PINs. When you set up a PIN, the device encrypts data and can only be accessed by entering the correct PIN. The idea behind the PIN is that it is easy for you to remember but difficult for others to guess. But is this method of protecting your data foolproof?
The first line of defense for your smartphone is a simple PIN code. Many users choose easy-to-remember combinations such as “1234” or “1111.” However, these are easily guessable and thus not very secure. Furthermore, a determined thief could try all 10,000 possible four-digit combinations until they hit the right one. This process could be done manually, but it has been demonstrated that it could also be automated with a device like the R2B2 robot, which can try all combinations in less than 24 hours.
The R2B2, or Robotic Reconfigurable Button Basher, is a small robot designed with a single, solitary function: to crack any Android four-digit locking code. Justin Engler, a security engineer at iSEC , created itPartners. The R2B2 uses a ‘brute force’ method of entering all 10,000 possible combinations of four-digit passcodes until it finds the right one. It doesn’t use specialized software or malware; it simply inputs combinations until it gets the right one.
Although the chances of your phone falling into the clutches of an R2B2 are slim, such technology raises concerns about the security of a four-digit PIN. If a simple robot can crack the code in less than a day, it questions the efficacy of a four-digit passcode in protecting your mobile data. This emphasizes the need for more robust, more secure forms of password protection.
→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices
Even though a four-digit PIN remains one of the most common forms of mobile security, it may not necessarily be the most secure. For times when a PIN code does not offer sufficient protection, alternative security measures can step in. Advanced Android users can access a wide range of security features beyond the conventional four-digit PIN, including patterns, passwords, and biometrics.
→ Dig Deeper: 5 Tips For Creating Bulletproof Passwords
→ Dig Deeper: MasterCard Wants to Verify by Selfies and Fingerprints! The Ripple Effects of Biometric Data?
Beyond passcodes and biometrics, there are a range of additional security measures that can be implemented to protect your phone:
McAfee Pro Tip: Refrain from sharing your PIN codes and passwords with anyone. Use a reputable password manager to efficiently and securely manage your collection of passwords and passcodes.
While the advent of technology like R2B2 does raise concerns about the sufficiency of a four-digit PIN, this is only part of the story. The landscape of mobile security is variable and complex, and it’s essential to stay vigilant. By using a mix of solid passcodes (or alternative forms of security like biometrics), implementing additional security measures, and regularly updating and reviewing your security settings, you can significantly enhance the security of your Android device. After all, one’s mobile device often holds a wealth of personal information, making its protection a high priority in our increasingly digital world.
The post How Safe Is Your Android PIN Code? appeared first on McAfee Blog.
Unfortunately, cyberbullying has become a prevalent and emerging threat in our digital age. This type of bullying, carried out through computers and similar technologies, including cell phones, often involves harmful or intimidating comments and public posts created with malevolent intent to humiliate the victim. It’s a phenomenon that doesn’t only affect adults but is incredibly common among young people. As a result, it’s crucial to understand how to help your children navigate and mitigate this pervasive, especially now that they can leave digital footprints anywhere and encounter people with bad intentions.
One of the distinguishing factors of cyberbullying is that, unlike traditional in-person bullying, it doesn’t simply end when the bully is out of sight. Today, bullies can virtually pursue their victims everywhere through technology. This implies that bullying can transpire without the victim’s immediate consciousness, and due to the extensive reach of social media, the bullying can be witnessed by a significantly larger audience than the conventional school playground.
Bearing in mind the challenges in getting a cyberbully to cease their harmful behavior, the most effective strategy is to educate your children about safe online habits to prevent such situations from arising in the first place.
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
Evolved from the classic schoolyard bullies of old, these cyberbullies can take various forms depending on their attack vector and intent. In fact, there are said to be four types of cyberbullies: the Vengeful Angel, the Power Hungry Cyberbully, Revenge of the Nerds/Inadvertent Cyberbully, and Mean Girls. The Vengeful Angel bullies in order to protect the weak/other victims and often takes action to protect a loved one or friend. The Power Hungry archetype, however, is just a nasty, unkind person who wants to display dominance and control over others. Then there’s the Inadvertent Cyberbully, who are usually the ones getting bullied online or in real life and are typically trying to enact some form of justice or revenge anonymously from the web. Mean Girls are the opposite – and take their online actions in order to impress a group of friends or gain social status.
Not only is there a variety in the kinds of bullies across the web, but also many types of cyberbullying techniques these meanies use to bother their victims. First and foremost, there’s harassment, which involves repeated, offensive messages sent to a victim by a bully on some type of online medium. These messages can be rude, personal, and even threatening, with one recent example emerging between two wives of professional hockey players. Similar to harassment is Flaming – an online fight conducted via emails, social media messages, chat rooms, you name it.
Then there are very targeted attacks, named Exclusion and Outing. With Exclusion, cyberbullies select one individual to single out. Exclusion is a popular method, with examples everywhere, from high students in Iowa to well-known celebrities. With Outing, these harassers share private information, photos, and videos of a single person to humiliate them online. There’s also the anonymous angle, AKA Masquerading, where a cyberbully creates a fake online identity to belittle, harass, and degrade their victim – which a nurse in New Zealand was a victim of for a whopping five years.
Parents should inform their children that their online activities will be monitored using parental control software. Explaining how this software works and how it can protect them is essential. This policy should be well established before your child gets their phone or computer.
Furthermore, parents should discuss cyberbullying with their children and help them understand how it happens. This discussion should take place before your child gets their devices. Before a child gets their own digital devices, they must disclose their passwords to their parents. Parents can reassure them that these passwords will only be used during emergencies.
A condition set before children get their own digital devices is that they should consent to instructions on smart online habits. Importantly, they must understand that once something is posted online, it stays there forever.
Another essential guideline for owning a device is that children should be cautious about their personal information. They should be advised not to publicly share their cell phone number and email address and should never disclose their passwords, even to close friends.
→ Dig Deeper: 8 Signs It May Be Time for Parental Controls
Once your child obtains their digital devices, engaging in role-playing exercises with them is suggested. This allows parents to simulate scenarios where the child might encounter a cyberbully, teaching them appropriate responses. This exercise can also provide a safe space for your child to practice dealing with cyberbullying tactics and learn to act assertively without resorting to aggression or submission.
In this role-playing activity, parents should encourage their children to report any bullying incidents, even if it is simulated or perceived as insignificant. This activity not only cultivates resilience but also reassures children that they won’t be blamed or punished for being a victim of cyberbullying.
Parents must maintain vigilance regarding their child’s internet activities despite all preventive measures. Regular check-ins and encouraging open communication about their online experiences can create a strong bond of trust between parents and children. Assure them they can approach you without fear if they are bullied online. Encourage them to share any suspicious interactions and reassure them that they won’t be in trouble for reporting cyberbullying incidents.
If possible, try to familiarise yourself with the social media platforms that your children are using. Understanding these platforms can provide insight into their online experience and potential risks. Such knowledge can be valuable when initiating discussions about cyberbullying, providing tangible examples and relatable scenarios.
McAfee Pro Tip: Get McAfee’s parental control to safeguard your children against online threats and cyberbullying. With its features, you can actively supervise your kids’ online interactions, establish usage time restrictions, and prevent exposure to inappropriate content. This reassures you that your children can explore the online realm while enjoying a layer of protection.
Cyberbullying is a complex issue that evolves with the rapid advancements of technology and social media platforms. Therefore, parents must stay updated about the latest forms of cyberbullying and the newest safety settings available on various platforms. Parents should also regularly educate themselves about digital safety and responsible internet usage and share this information with their children to boost their awareness and readiness.
Parents and children can attend webinars, workshops, and seminars about cyberbullying and online safety. Learning together provides a good bonding exercise and ensures that both parties are on the same page. Schools and local community centers often offer resources and programs for cyberbullying awareness and prevention.
→ Dig Deeper: Cyberbullying’s Impact on Both Society and Security
Typically, cyberbullying is common among teens navigating the trials and tribulations of middle and high school. But that doesn’t mean it’s exclusive to teens, and that doesn’t mean there aren’t steps parents and kids alike can do to stop cyberbullying in its tracks.
If you’re the subject of cyberbullying, the first thing you need to do is block the bully. Then, make sure you collect evidence – take screenshots, print the proof, and do whatever you can to have material to back up your claim. It depends on the type of cyberbullying at work, but you can also use the internet to your advantage and look up relevant resources to aid with your issue.
If you’re a parent, the most important thing is communication. Make yourself available as a resource and remind your kids that they can tell you anything happening in their online world. Beyond that, continuously weave cybersecurity into your family discussions. Remind kids of the simple steps to be safe online, and ensure they know when to flag a cyberbully or online scheme.
There are also technical avenues you can take to protect your kid online. Look into solutions that will help you monitor your family’s online interactions, such as McAfee Safe Family. This solution, for instance, can help you set rules and time limits for apps and websites and see what your kids are up to at a glance. Of course, these solutions are not the be-all and end-all for stopping cyberbullying, but they can help.
Now, there’s still a lot more research that has to be done to understand the cyberbullying problem society is faced with fully. So, as this problem continues to evolve, so must the research, solutions, and regulations that will be created to combat the issue. With the right proactive action, people everywhere can stand up to cyberbullies.
→ Dig Deeper: Cyberbullying – How Parents Can Minimize Impact On Kids
In conclusion, cyberbullying is a pressing issue that requires continuous attention and education. By teaching your children what it is and how it happens, setting up rules for responsible device usage, conducting role-play exercises together, and staying informed about their online activities, you can better equip them to navigate the digital world safely. Remember, the ultimate goal is not to control your child’s online activities but to empower them with the tools and understanding necessary to protect themselves online.
The post A Detailed Guide on Cyberbullying appeared first on McAfee Blog.
Despite the extensive media coverage and awareness campaigns, it’s harrowing to admit that children, particularly vulnerable teenagers, are still targeted by online predators. This is not a matter exclusive to the “other” kids – it affects everyone, and young individuals’ innocent and accepting nature often leads them into the dangerous trap of these predators.
As parents, caregivers, and mentors, it’s our responsibility to educate and guide our children about the virtual perils that lurk within their screens. An essential part of this is continuous communication, ensuring they understand the gravity of the situation and can recognize the deceptive tactics employed by these predators.
A heartbreaking example of how these predators operate is the story of Nicole Lovell, a 13-year-old girl who made headlines not long ago. Nicole met David Eisenhauer, an engineering student from Virginia Tech, through the messaging app Kik. Their relations initially seemed harmless, characterized by playful flirtations and shared stories. However, their friendship took a horrific turn when they decided to meet in person, leading to Nicole’s tragic demise. Her body was found shortly after their encounter.
David exhibited no signs of having a ‘dark side,’ an aspect that made their meeting seem all the more innocent. This incident is a stark reminder that anyone can fall prey to such predators, regardless of their background or circumstances. This is why discussing and dissecting such incidents with our children is crucial to teaching them the harsh realities of the digital world.
Identifying an online predator’s markers is a critical aspect of child safety education. More often than not, these individuals are cunning and mentally unbalanced and spend a significant amount of their time seeking and ‘grooming’ their prospective victims online. The ultimate goal of these predators is to exploit children, either by convincing them to send inappropriate photos or by meeting them in person.
Initiating a continuous dialogue with your children about these predators is crucial. Make them aware of the tactics these individuals employ, such as appearing overly friendly or empathetic. Let them know that predators will go to any length to appear younger and more relatable.
→ Dig Deeper: Reports of Online Predators on the Rise. How to Keep Your Kids Safe
Addressing such a sensitive issue with your children can be challenging but necessary. Start by discussing cases like Nicole’s, focusing not only on the tragic outcome but also on the lead-up events and why she may have developed such a strong online connection. Discussing how innocent online friendships can spiral into dangerous situations can be an excellent eye-opener for your kids.
It’s crucial to teach your kids to look out for strangers who are “too friendly” or excessively understanding. Tell them that predators keep themselves updated with the latest movies, music, and trends to seem younger and easily start conversations with children. Remember, predators will say anything to appear more youthful than they actually are.
You don’t always know what your children are doing online. Their digital footprints could be anywhere. That’s why it is imperative to understand the red flags and warning signs that may signal a hazardous online interaction, especially when they already encounter a predator, and you’re still in the shadow.
Reinforcing the importance of online privacy is a crucial step in protecting your kids from virtual predators. Teach your children that personal information such as their full name, address, school, and phone number should never be shared online. They must also understand that specific images and details about their life can also reveal too much to an online predator. Remind them to limit geotagged photos as this can expose their location, and also to strictly control who is able to view their social media accounts.
→ Dig Deeper: Why You Should Think Before Geotagging that Selfie
Explain to your kids the dangers of accepting friend requests or communicating with strangers online. Make them aware that individuals posing as children or teenagers could be adults with malicious intent. Reinforce that anyone who asks them to keep a conversation secret or requests for personal information or inappropriate content is a potential danger, and they should inform you immediately if this occurs.
→ Dig Deeper: Making Online Safety a Priority for Our Tech-Savvy Children
As parents, we must stay informed about our children’s online activities, which goes far beyond just asking them about it. This can involve regularly reviewing their social media profiles and friends lists and ensuring they only interact with people they know personally. Familiarize yourself with the platforms and apps your children use to comprehend their functionalities and potential risks better.
Creating house rules regarding internet use can be an effective measure to ensure online safety. This could involve having specific periods when the internet can be used, limiting the time spent online, and setting out where internet-access devices can be used. For instance, allowing internet use only in common areas instead of bedrooms can be a good practice. It is essential to have ongoing dialogues about these rules and their reasons so your children can understand and appreciate their importance.
In an age where the online world is a significant part of our children’s lives, online safety education is essential. It’s crucial that, as parents, caregivers, and mentors, we take proactive steps to protect our children from the pervasive threat of online predators. This means having open and ongoing conversations about the real dangers that can lurk behind a screen, teaching kids to guard their online presence, and implementing online safety measures. Together, we can ensure the internet becomes safer for our children to learn, explore, and connect with others. Protect your whole family with McAfee+ Family plans.
The post Could Your Kids Spot an Online Predator? appeared first on McAfee Blog.
In the age of digital data and Internet access, the potential for scams is more significant than ever. These scams often involve leveraging popular search queries to trap unsuspecting netizens into their malicious schemes. Among the top searches in the online world, celebrities hold a prime spot. Through this guide, we aim to shed light on how scammers take advantage of the global fascination with celebrities to target their potential victims.
As digital users, most of us are likely well-acquainted with the phrase “Just Google it.” The search engine has become a go-to source for any information ranging from essential daily needs to entertainment gossip. But it’s crucial to remember that while you’re in pursuit of data, scammers are in search of their next victim.
Scammers have significantly evolved with the advancement of technology. They’ve mastered the art of creating fake or infected websites that can harm your computer systems, extract your financial information, or even steal your identity. Their strategies often include luring victims through popular searches, such as the latest Twitter trends, breaking news stories, major world events, downloads, or even celebrity images and gossip. The higher the popularity of the search, the greater the risk of encountering harmful results.
McAfee has conducted research for six consecutive years on popular celebrities to reveal which ones are riskiest to search for online. For instance, Emma Watson outplaced Heidi Klum as the most dangerous celebrity to look up online. Interestingly, it was the first year that the top 10 list comprised solely of women. Cybercriminals commonly exploit the names of such popular celebrities to lead users to websites loaded with malicious software, consequently turning an innocent search for videos or pictures into a malware-infected nightmare.
→ Dig Deeper: Emma Watson Video Scam: Hackers Use Celeb’s Popularity to Unleash Viruses
Scammers are well aware of the allure the word “free” holds for most Internet users. They cleverly exploit this to get your attention and draw you into their traps. For instance, when you search for “Beyonce” or “Taylor Swift” followed by prompts like “free downloads”, “Beyonce concert photos”, or “Taylor Swift leaked songs”, you expose yourself to potential online threats aiming to steal your personal information. It’s always prudent to maintain a healthy level of skepticism when encountering offers that seem too good to be true, especially those labeled as “free.”
While the internet can be a dangerous playground, it doesn’t mean that you cannot protect yourself effectively. Using common sense, double-checking URLs, utilizing safe search plugins, and having comprehensive security software are some strategies to help ensure your online safety. This guide aims to provide you with insights and tools to navigate the online world without falling prey to its many hidden dangers.
Truth be told, the responsibility for online safety lies primarily with the user. Just as you would not walk into any shady-looking place in real life, it requires a similar instinct to avoid shady sites while browsing online. One important piece of advice – if something appears too good to be true, in all probability, it is. So, take note of these practical tips to help you guard against celebrity scams and other online threats:
→ Dig Deeper: How to Tell Whether a Website Is Safe or Unsafe
→ Dig Deeper: The Big Reason Why You Should Update Your Browser (and How to Do It)
Having comprehensive security software installed on your devices is another crucial step towards preventing scams. Good antivirus software can protect against the latest threats, alert you about unsafe websites, and even detect phishing attempts. Furthermore, always keep your security software and all other software updated. Cybercriminals are known to exploit vulnerabilities in outdated software to infiltrate your devices and steal your data.
Apart from ensuring you have security software, be cautious about what you download on your devices. Trojans, viruses, and malware are often hidden in downloadable files, especially in sites that offer ‘free’ content. Cybercriminals tempting users to download infected files often use popular celebrity names. Therefore, download wisely and from reputed sources.
McAfee Pro Tip: Before committing to a comprehensive security plan, it’s crucial to evaluate your security protection and analyze your requirements. This proactive stance forms the bedrock for crafting strong cybersecurity measures that cater precisely to your unique needs and potential vulnerabilities. For more information about our acclaimed security solutions, explore our range of products.
In the digital world, where information and entertainment are available at our fingertips, it’s crucial to remain vigilant against scams, especially those involving celebrities. By exercising prudent online practices like scrutinizing URLs, using safe search plugins, and installing comprehensive security software, we can significantly reduce our risk of falling prey to these scams.
It’s imperative to understand that the popularity of a search term or trend is directly proportional to the risk it carries. So next time, before you search for your favorite celebrity, remember, the more famous the celebrity, the greater the risk. Together with McAfee, let’s promote safer browsing practices and contribute to a safer online community for all.
The post Celebrities Are Lures For Scammers appeared first on McAfee Blog.
Most of us believe hacking to be an event that happens to ‘the other person,’ often refusing to accept that it could very much be a reality for us as well. While hacking and social engineering might seem like concepts only prevalent in big-screen thrillers, the truth is they occur more frequently than we’d like to admit. Your email address, innocuous as it may seem, is often one of the gateways into your digital persona. This article aims to shed light on the potential dangers and impacts of giving away your email address to the wrong people.
To offer a real-life perspective, we’ll follow a conversation with an ethical hacker called ‘Oz.’ Ethical hackers, or ‘white hat’ hackers, are those who use their hacking skills to uncover security vulnerabilities and help implement protective measures against other malevolent hackers, known as ‘black hat’ hackers. Despite Oz’s assurance that he belongs to the white hat category, the following discourse will reveal how much information a hacker can come across based solely on your email address.
→ Dig Deeper: Are All Hackers Bad?
Initiating communication with Oz took a toll on my nerves, considering the potential threat to my data privacy. For communication, Oz suggested using an email address, prompting me to create a separate email account solely for our conversations. Once the lines of communication were established, I posed my first question: “Suppose we met at a coffee shop, exchanged pleasantries, and all I left you with was my email address. What kind of information could you gather about me?”
An hour later, Oz responded with my work and home phone numbers, home address, birth date, and year. But the real shocker was a casual remark about my meeting with Lt. Governor Gavin Newsom, followed by a link to a picture I had no memory of sharing publicly. On clicking the link, I received another email from Oz, stating that he had discovered my preferred internet browser, my operating system, and my IP address, essentially knowing my geographical coordinates. At this point, it became crystal clear just how much information a hacker can unearth based on an email address alone.
The experience with Oz was a stark reminder of the importance of online safety. We often let our guards down, readily providing information and clicking on links without giving it a second thought. However, this is exactly the kind of behavior that hackers rely on for their activities. It is crucial to remember that the internet is a public space, and every piece of information we share can potentially be accessed and misused by malicious parties.
In the next sections of this guide, we’ll delve deeper into the mechanisms hackers use to derive information from an email and the measures you can take to secure your digital identity. The aim is to provide you with practical steps to ensure your online safety and maintain your privacy in the digital world.
When you give out your email address to a hacker, they have a significant amount of information at their fingertips. Understanding the mechanisms that hackers employ to exploit your online presence is essential to appreciate the gravity of the online safety challenge. When a hacker gains access to your email address, they effectively open the door to a wealth of information about you. Let’s find out how this works:
→ Dig Deeper: Mobile Spyware: How Hackers Can Turn Your Phone Into a Stalking Machine
Knowing these tactics highlights the importance of practicing caution and diligence when it comes to email and online interactions. Safeguarding your digital identity requires a combination of awareness, security measures, and privacy-conscious practices. It also underscores the need for robust cybersecurity measures on both individual and organizational levels to protect against these types of intrusive and potentially harmful activities.
Protecting Your Digital Identity
Knowing all this, it is imperative to find ways to protect yourself from such intrusions. In addition to knowing what makes hackers tick, there are several insights and practices you should consider to enhance your online security and privacy:
→ Dig Deeper: How to Spot Phishing Lures
McAfee Pro Tip: For your peace of mind, get McAfee+, which comes with a $2M identity theft coverage and setup assistance, to make a sound incident response plan if your email got hacked and sensitive information got compromised.
Remember that while it’s essential to take these precautions, no system is completely invulnerable. Cyber threats are continually evolving, so staying vigilant and proactive is crucial to maintaining your online security and privacy.
An email address might seem like a tiny part of your life, but in the wrong hands, it can lead to a significant breach of your privacy. It’s important to remember that the safety measures you take or fail to take can have real-world effects. Therefore, it’s crucial to keep a vigilant eye on your digital persona, how you navigate the World Wide Web, and who has access to your information. The key to internet safety lies within our control – cautious, knowledgeable, and proactive steps to protect your digital identity. At McAfee, we’re always here to remind you that the internet is only as secure as you make it.
The post If You Give A Hacker Your Email Address… appeared first on McAfee Blog.
In the shadow of the COVID-19 pandemic, workplaces worldwide have undergone a seismic shift towards remote working. This adjustment involves much more than just allowing employees to access work resources from various locations. It necessitates the update of remote working policies and heightened cybersecurity security awareness.
Cybercriminals and potential nation-states are reportedly exploiting the global health crisis for their own gain. Hackers have targeted an array of sectors, including healthcare, employing COVID-19-related baits to manipulate user behavior. This article aims to provide a comprehensive guide on how you, as an employee, can augment your cybersecurity measures and stay safe when working remotely.
It has been reported that criminals are using COVID-19 as bait in phishing emails, domains, malware, and more. While the exploitation of this global crisis is disheartening, it is unsurprising as criminals habitually leverage large events to their advantage. That said, it’s crucial to identify potential targets, particularly in certain geographic regions.
The data so far reveals a broad geographic dispersion of ‘targets,’ with many countries that are typical phishing targets being hit. However, there are anomalies such as Panama, Taiwan, and Japan, suggesting possible campaigns targeting specific countries. The landscape is continuously evolving as more threats are identified, necessitating vigilant monitoring on your part to stay safe.
→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
The abrupt shift to remote work has left many employees unprepared, with some needing to operate from personal devices. These personal devices, if lacking appropriate security measures, can expose both you and your company or employer to various potential attacks.
Over the last few years, there has been a surge in targeted ransomware attacks, particularly through “commodity malware.” This malware type is often directed at consumers. Consequently, accessing work networks from potentially infected personal devices without appropriate security measures significantly increases the risk. Both employees and employers are left vulnerable to breaches and ransomware lockdowns.
Office closures and working-from-home mandates due to COVID-19 permanently changed the way we look at workplace connectivity. A recent Fenwick poll among HR, privacy, and security professionals across industries noted that approximately 90% of employees now handle intellectual property, confidential, and personal information on their in-home Wi-Fi as opposed to in-office networks. Additionally, many are accessing this information on personal and mobile devices that often do not have the same protections as company-owned devices. The elevated number of unprotected devices connected to unsecured networks creates weak areas in a company’s infrastructure, making it harder to protect against hackers.
One technology your organization should be especially diligent about is video conferencing software. Hackers can infiltrate video conferencing software to eavesdrop on private discussions and steal vital information. Many disrupt video calls via brute force, where they scan a list of possible meeting IDs to try and connect to a meeting. Others seek more complex infiltration methods through vulnerabilities in the actual software. Up until recently, Agora’s video conferencing software exhibited these same vulnerabilities.
Hackers will usually try to gain access to these network vulnerabilities by targeting unsuspecting employees through phishing scams which can lead to even greater consequences if they manage to insert malware or hold your data for ransom. Without proper training on how to avoid these threats, many employees wouldn’t know how to handle the impact should they become the target.
If you’re an employee working remotely, it is essential to comprehend and adhere to best security practices. Here are some guidelines you could follow:
Considering the rise of remote working, it is more crucial than ever for employees, especially those working remotely, to invest in secure solutions and tools. However, as end-users, it’s also wisest to take extra steps like installing comprehensive security software to ward off cyber threats. These software have features that collectively provide a holistic approach to security, detecting vulnerabilities, and minimizing the chance of an attack.
We recommend McAfee+ and McAfee Total Protection if you want an all-inclusive security solution. With a powerful combination of real-time threat detection, antivirus, and malware protection, secure browsing, identity theft prevention, and privacy safeguards, McAfee+ and McAfee Total Protection ensure that your devices and personal information remain secure and your online experience is worry-free.
McAfee Pro Tip: Gauge your security protection and assess your security needs before you get a comprehensive security plan. This proactive approach is the foundation for establishing robust cybersecurity measures tailored to your specific requirements and potential vulnerabilities. Learn more about our award-winning security products award-winning security products.
In the current digital age, employees must be aware of their crucial role in maintaining organizational security. As such, you should consider engaging in tailored security education and training programs that help employees identify and avoid potential threats such as phishing and malicious downloads. Regular training and updates can be beneficial as employees are often the first line of defense and can significantly help mitigate potential security breaches.
To ensure effective acquisition of knowledge, engage in security training that is designed in an engaging, easy-to-understand manner and utilizes practical examples that you can relate to. Successful training programs often incorporate interactive modules, quizzes, and even games to instill important security concepts.
Effective communication and collaboration are paramount in a remote working environment. Employees need to share information and collaborate on projects effectively while ensuring that sensitive information remains secure. Use and participate in platforms that enable secure communication and collaboration. Tools such as secure messaging apps, encrypted email services, secure file sharing, and collaboration platforms will ensure information protection while allowing seamless collaboration.
Make sure that you’re provided with detailed guidelines and training on the proper use of these tools and their security features. This will help prevent data leaks and other security issues that can arise from misuse or misunderstanding.
→ Dig Deeper: Five Tips from McAfee’s Remote Workers
The transition to a remote working environment brings with it various cybersecurity challenges. Prioritizing secure communication and collaboration tools, coupled with ongoing education and adherence to best practices, can help you navigate these challenges with confidence, ultimately reaping the benefits of a flexible and efficient remote work environment while safeguarding critical data and information. McAfee can help you with that and more, so choose the best combination of features that fits your remote work setup.
The post Staying Safe While Working Remotely appeared first on McAfee Blog.
In October, a hacker claimed to have hijacked profile information of “millions” of users from the popular genetic testing site 23andMe.com. Now the company has put a figure to that – some 6.9 million people. Roughly half of 23andMe’s user base.
What’s at risk? Some of the most personal info possible. Per the company’s statement to Techcrunch, this included “the person’s name, birth year, relationship labels, the percentage of DNA shared with relatives, ancestry reports and self-reported location” for roughly 5.5 million people who opted into the “DNA Relatives” feature, which automatically shares some information with other users automatically.
→ Worried about potential ID theft? Get identity protection with McAfee+ today
Another 1.4 million users had their “Family Tree information accessed.” This further includes display names, relationship labels, birth year, self-reported location and whether the user decided to share their information.
Just as we reported initially in October, the source of the breach appears to revolve around compromised passwords in an attack method known as “credential stuffing.” In plain terms, hackers “stuff” the credentials from one account into another to gain access. It’s a prime example of the perils that can follow when people reuse passwords. A stolen password from one account can get “stuffed” into another and give the hacker access.
Complicating the attack, and widening its scope immensely, is the DNA Relatives feature mentioned above. Because of the way it shares information between users, one compromised account can divulge the personal and genetic information of many more users – even if their account and password were not compromised in the attack. In this way, a relative handful of compromised accounts affected some 6.9 users.
Per the company’s statement on its blog, “If we learn that a customer’s data has been accessed without their authorization, we will notify them directly with more information.” Moreover, the company said,
“Our investigation continues and we have engaged the assistance of third-party forensic experts. We are also working with federal law enforcement officials.
We are reaching out to our customers to provide an update on the investigation and to encourage them to take additional actions to keep their account and password secure. Out of caution, we are requiring that all customers reset their passwords and are encouraging the use of multi-factor authentication (MFA).”
Further, in November the company required its users to use MFA to further secure their accounts, which had only been optional until that point.
As unsettling as this news may come, 23andMe customers can take the following steps.
In light of the attack on 23andMe and the sensitive data it exposed, several class action lawsuits have been filed against the company. In a filing with the U.S. Securities and Exchange Commission (SEC), 23andMe stated, “multiple class action claims have been filed against the Company in federal and state court in California and state court in Illinois, as well as in British Columbia and Ontario, Canada, which the Company is defending.”
As reported by Engadget, 23andMe sent users an email in early December notifying them of a change in the company’s terms of service – specific to its Dispute Resolution and Arbitration terms. By default, users now waive their rights to bringing forward class and collective action against the company to the fullest extent allowed by applicable law:
However, concerned users of 23andMe can opt out of these terms, thus allowing them to pursue class and collective action if they see fit. Users need to send written notice of their decision to opt-out by emailing 23andMe at arbitrationoptout@23andme.com. As of this writing the terms as posted are as follows:
Once again, users can refer to Section 5 of 23andMe’s terms of service for full details and to monitor any changes the company makes to those terms.
Far and beyond 23andMe users, everyone who goes online should take note of this attack. Which is pretty much all of us. It makes one of the strongest cases for strong, unique passwords—and for limiting the info you share online. In this case, even a secure password was no help in protecting the personal info of millions of people.
If you’re a 23andMe user, you can opt out of DNA Relatives by selecting the Manage Preferences option within DNA Relatives or from your Account Settings page. Granted, this will remove your ability to gain deeper genetic insights from other users, yet it will offer additional protection if a similar attack occurs.
For all of us, sharing and storing personal info is a fact of life online. The more you share and store online, the more risk you take on. And you have some control over that.
Consider what you’re sharing, who you’re sharing it with, what they do with that info, who they share it with, and in what form and circumstances. Yes, that’s a lot to consider. Complicating that yet more, many of the sites, services, and apps we use don’t make it easy to answer those questions. Terms of service and data policies rarely make for light and understandable reading.
Luckily, you can turn to trustworthy resources to get answers. The Common Sense Privacy Program evaluates privacy policies with K-12 students in mind. The Mozilla Foundation’s Privacy Not Included website scores apps and connected devices for privacy, including apps, smart home devices, and cars.
In an otherwise murky landscape, the privacy question is this: is the reward worth the risk? If you share that info, are you okay with someone unwanted accessing it? Particularly if the privacy risks are tough to spot.
Put simply, less sharing means more privacy. Put careful thought into when and where you share. And with whom.
On that note, it might be time for a cleanup.
We’ve logged into all kinds of things over the years. Many of which we don’t log into anymore. And others we’ve completely forgotten about. Across these forums, sites, and stores, you’ll find your personal info to some degree or other. If one of those sites gets compromised, your personal info stored there might get compromised too. That gives you a solid reason to delete those old accounts.
A tool like our Online Account Cleanup can help remove your info from online accounts. You’ll find it in our online protection software, along with our Personal Data Cleanup—which helps remove your personal info from risky data broker sites. It shows you where your personal info was found, and what data the sites have. Depending on your plan, it can help clean it up.
With 6.9 million people affected by the 23andMe attack, it reinforces a big lesson: strong, unique passwords are an absolute must. And the stakes for online privacy have never been higher.
Today we entrust the internet with so much, which increasingly includes our heath and wellness info, not to mention genetic info with services like 23andMe. Taking the steps outlined here can help protect yourself from invasions of privacy and the loss of personal info. And as we’ve seen, protect others too. Consider them whether you’re a 23andMe customer or not.
The post User Data from 23andMe Leaked Online – What Users Should Do, and the Rest of Us Too appeared first on McAfee Blog.
Spyware, a name that cunningly blends “spying” and “software,” is a dangerous class of invasive programs that stealthily operate on your computer. They monitor and record your activities, thus posing a significant threat to your digital privacy, security, and identity. Spyware can lead to identity theft if your personal or financial data falls into the wrong hands. This guide provides in-depth information about spyware, how it works, and how to prevent it from infecting your computer system.
Spyware is a type of malicious software that collects information about users without their knowledge. It can track every action, from keystrokes to browsing habits, thus presenting a grave threat to user privacy and security.
Designed to be stealthy and elusive, spyware can record every keystroke, capture screenshots, and even record audio and video, making it a potent tool for cybercriminals. It is often transmitted through free downloads, file-sharing programs, or deceptive links and websites.
In certain situations, spyware is perfectly legal. For example, when the owner of the computer installs and uses the software, it’s considered legal. Parents might install spyware to monitor their children’s online activities or employers to oversee their employees’ productivity.
However, when someone installs spyware on a computer without the owner’s consent, it becomes illegal. Cybercriminals often disguise spyware as legitimate programs or embed them in websites, tricking users into downloading or clicking, resulting in the stealthy installation of spyware.
→ Dig Deeper: Malware Hides in Installer to Avoid Detection
Spyware can take several shapes and forms, and its diversity makes it even more dangerous. A common form of spyware is a keylogger or a keycatcher. This hardware can be attached to a computer to capture and record keystrokes. This device can monitor user activity without being detected by typical anti-spyware software.
Spyware can also come in the form of a computer virus. When users click on a malicious link or download a corrupted program, they unknowingly install spyware on their system. Once installed, the spyware works silently in the background, capturing and transmitting user data to the attacker.
Spyware’s pervasive threat extends beyond computers and laptops; it can also manifest as mobile spyware. Mobile spyware operates similarly to its desktop counterparts but is tailored to exploit the unique characteristics of mobile platforms. Cybercriminals often employ various tactics to deliver mobile spyware–through application stores like Google Play and App Store, phishing attacks, or physical access.
→ Dig Deeper: Mobile Spyware: How Hackers Can Turn Your Phone Into a Stalking Machine
The adaptability and constantly evolving nature of spyware make it a persistent menace in the digital landscape. Its ability to take on various forms and exploit vulnerabilities underscores the importance of proactive cybersecurity measures.
The impact of spyware on identity theft cannot be understated. By stealthily recording sensitive personal and financial information, like usernames, passwords, and credit card numbers, it presents a significant risk to a user’s identity.
Stolen data can be used for various malicious activities, including unauthorized purchases, opening credit accounts, and even creating a complete identity theft. The consequences of these activities can be financially devastating and may take a significant amount of time and effort to recover from.
McAfee Pro Tip: Identity theft remains a significant problem in the United States, and there is no sign of it diminishing soon. Reports of fraud consistently indicate a continuous increase in the occurrences of identity theft in the U.S. Read the latest Identity Theft statistics.
Preventing spyware from infecting your system starts with practicing good online habits. Avoid downloading files from untrusted sources, especially torrents and software cracks notorious for being riddled with spyware. Also, be wary of pop-ups. Never click “Agree,” “OK,” “No,” or “Yes” in a pop-up, as these actions can trigger an automatic spyware download. Instead, close the pop-up by hitting the red X or shutting down your browser altogether.
Regularly updating your operating system’s security patches is another good practice. These patches often contain fixes to known vulnerabilities that spyware and other malicious programs exploit. Also, ensure to download and use your web browser’s latest, most secure version. Running reputable anti-malware programs, like McAfee Total Protection, which includes spyware removal, can help to detect and remove spyware from your system.
→ Dig Deeper: How to Live a Digital Life Free of Spyware
If you suspect your system is infected with spyware, you must act swiftly. Use a trusted antivirus program to run a system scan. If spyware is detected, the program should be able to quarantine and remove it. However, some forms of spyware are advanced and may be able to avoid detection. In such instances, it may be necessary to engage a professional to clean your system.
Part of dealing with a spyware infection is mitigating its potential effects. If your sensitive data has been compromised, consider implementing measures to protect your identity. McAfee Identity Protection provides proactive identity surveillance, which monitors your credit and personal information for fraudulent activities. If any such activity is detected, it offers access to live fraud resolution agents, who can help you resolve identity theft issues.
→ Dig Deeper: How to Wipe Out a Computer Virus
Spyware significantly threatens your digital identity, privacy, and security. It stealthily operates in the background, recording and transmitting your activities and personal information. While it can be a valuable tool for legal monitoring, its misuse by cybercriminals cannot be underestimated. Preventing and dealing with spyware requires vigilance, good online habits, and the use of trusted antivirus programs like McAfee Antivirus. Protecting your digital identity is not a one-time task but an ongoing process. Stay informed, stay updated, and stay safe.
The post Spyware: A Major Identity Theft Threat appeared first on McAfee Blog.
In today’s world, most communication happens through the internet, facilitated by numerous applications. The web is a lively center filled with various activities such as news, videos, education, blogs, gaming, activism, and entertainment. Notably, social media apps have morphed into the digital meeting points for netizens. Our society is undeniably superbly interconnected, and our digital persona is greatly treasured.
However, this isn’t always beneficial, especially for teenagers who may be overwhelmed by the deluge of information, leading to stress. Stress is a common part of our daily lives, emerging from our education, employment, relationships, and surroundings. A similar situation transpires online. In fact, we tend to cope with stress by expressing our frustrations, confronting problems directly, or evading the issue altogether. Yet, the ways to cope with stress in the virtual world differ. Online stress can arise from unique triggers, and its repercussions can rapidly escalate and proliferate at an alarming rate.
The rise of social media has brought a concerning phenomenon – social media stress in children. As these young individuals navigate the complex virtual world, they often encounter a range of stressors that can significantly impact their emotional and psychological well-being. Understanding these underlying causes is a crucial step in addressing and mitigating the adverse effects of social media on our younger generations. Let’s delve into the causes of social media stress in children and shed light on the various factors that contribute to this growing issue:
Besides the more obvious and well-documented sources of social media stress in children, there exist several other significant triggers that contribute to the overall stress levels experienced by young individuals in the digital age, and these may include:
→ Dig Deeper: The Ultimate Guide to Safe Sharing Online
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
→ Dig Deeper: 5 Screen Time Principles to Establish When Your Kids are Still Babies
Parenting plays a major role in helping children learn how to tackle social media stress. As parents, you know your children the best. Yes, even teens. Observe them, and if you note any change in their social media habits or general behavior, talk to them. The earlier you start having frank one-to-one conversations, the easier it will be for you later. But before that, you may need to modify your response to stress and learn to control your reactions. That way, you will teach them a very important lesson without using a single word.
Children can learn to manage social media stress by developing a healthy online etiquette and creating boundaries for their online activities. Encourage them to accept differences and realize that people have varied opinions. Remind them not to make judgments based on someone’s online bio and pictures and to understand that life isn’t a bed of roses for anyone. Another important step is to help them understand how important it is to respond tactfully when things get heated online. It’s essential that they understand the power of choosing not to engage in online altercations. Being silent doesn’t mean they’re weak but smart enough not to get provoked. If any online situation becomes too intense, they should be encouraged to report and block the perpetrator immediately.
McAfee Pro Tip: Since each child’s level of maturity and cognitive capacity to manage online challenges varies, a one-site-fits-all approach to balancing social media and mental health won’t work for everyone. Find tips on how to find the best method for your child.
One of the keys to managing stress caused by social media is ensuring that kids practice digital balance. Set screen time limits and encourage them to make and maintain friendships in the real world. In-person interactions promote emotional growth and provide a well-rounded social experience. Moreover, it’s crucial to instill the idea that maturity is about staying true to their values and wisdom lies in identifying the negatives and avoiding them. Just as they would in the physical world, they should be aware that the digital world comprises both good and bad elements. This awareness can help them navigate online spaces safely. Let them know the importance of applying their real-life values in the digital world and the mantra of STOP, THINK, CONNECT, should always be in their mind before posting anything online.
→ Dig Deeper: 6 Steps to Help Your Family Restore Digital Balance in Stressful Times
In conclusion, parents play a crucial role in helping their children tackle social media stress. By observing their kids’ behavioral changes, having open conversations, and setting appropriate boundaries for their online activities, parents can help their kids navigate the digital world safely. Encouraging children to accept differences, practice tact, maintain digital balance, and be aware of the good and bad online can help alleviate the stress caused by social media. Ultimately, the goal is to create a healthier and happier online space for children, free from unnecessary stress.
Improve your digital parenting with McAfee’s Parental Controls. This security tool allows parents to monitor device usage, set limits on screen time, and even keep tabs on kids’ whereabouts.
The post Handling Social Media Stress for Teens appeared first on McAfee Blog.
As we all look forward to the sunshine and freedom of summer, it’s important to remember that not all elements of the school year disappear with the ringing of the final bell. In our increasingly digital age, cyberbullying has become a pervasive issue that can affect kids even during their summer break. This guide will help parents understand the issue, recognize the signs, and provide practical strategies to protect their kids from cyberbullies.
Summer break should be a time of fun-filled days, exploration, relaxation, and a break from the rigors of the school year. However, with the increase in leisure time comes a corresponding increase in screen time, and, unfortunately, this often results in an uptick in instances of cyberbullying. As the McAfee survey in 2014 revealed, 87% of teenagers reported witnessing cyberbullying, a significant increase from the previous year. The reasons for being targeted varied, with appearance, race, religion, and sexual orientation all cited as factors. Given this reality, parents must remain vigilant during the summer months. Keeping an eye on your child’s online activities, encouraging open communication, and intervening when necessary can make the difference between a summer of fun and one of fear and isolation. → Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
When confronted with bullying, our instinctive reactions aren’t always the best. Here are three things you should avoid doing when addressing cyberbullying:
Prevention is the best cure, and there are several proactive steps you can take to minimize the risk of your child being cyberbullied:
→ Dig Deeper: Protecting Your Privacy on Social Media
→ Dig Deeper: Beware of Malicious Mobile Apps
Despite taking precautions, there may be instances where cyberbullying can’t be immediately prevented. In such situations, it is crucial to know what steps to take to mitigate the impact and bring the bullying to an end:
Addressing the issue of cyberbullying can be a complex task. The emotional wounds inflicted by this abuse can be deep and long-lasting. Therefore, it’s indispensable that your child feels supported and understood. Maintain an open line of communication with your child, creating a secure and trusting environment where they can comfortably express their feelings and fears. It might also be beneficial to seek professional help when dealing with cases of severe bullying. Therapy or counseling can provide your child with effective coping strategies, helping them regain their confidence and self-esteem. McAfee Pro Tip: While numerous aspects of the digital world remain beyond our control, one aspect where we wield significant influence is our commitment to protecting the well-being of our family members in both the digital and mental realms. Mental health always matters. Find ways to support your child online and offline.
Preventing cyberbullying starts at home. By teaching our children the values of empathy and respect, we can contribute to a more positive online culture. Incorporate digital citizenship lessons into your everyday conversations, emphasizing the importance of treating others kindly offline and online. Teach your children to think before they post and remind them that behind every screen, there’s a real person who can be hurt by their words. Building respect and empathy can discourage cyberbullying and inspire children to stand against it. → Dig Deeper: Cyberbullying’s Impact on Both Society and Security
Parenting in the digital age brings with it new challenges and responsibilities. Cyberbullying is a significant issue that requires our attention and vigilance, especially during the summer when screen time increases. Equip your child with the right tools to protect themselves online, foster open communication at all times, and support them in the face of adversity. Remember, the goal is for our children to enjoy their digital interactions and have a safe, enjoyable summer free from the threat of cyberbullying. Improve your family’s digital habits, privacy, and safety with McAfee’s Parental Controls. This security tool allows parents to oversee device usage, establish screen time restrictions, and even track the locations of their children.
The post Help Kids Steer Clear of Cyberbullies During Summer Break appeared first on McAfee Blog.
Your pain is their gain. That’s how things go in a cryptojacking attack.
Cryptomining is the utilization of computers to run processor-intensive computations to acquire cryptocurrency. Cryptojacking involves hijacking a device and using it to mine cryptocurrency for profit. It’s a form of malware that saps your device’s resources, making it run sluggish and potentially overheating it as well.
Meanwhile, the hackers behind those attacks generate cryptocurrency by hijacking your device and thousands of others like it. Together they create virtual illicit networks that turn them a profit.
However, you can absolutely prevent it from happening to you. That starts with a closer look at who’s behind it and how they pull it off.
What lures hackers to cryptojacking? It’s big business. Gone are the early days when practically anyone with a standard computer could participate in the cryptomining process. Today, the proverbial field is flooded with miners competing against each other to solve the cryptographic puzzles that earn a cryptocurrency reward. Profitable miners run farms of dedicated mining rigs that cost thousands of dollars each.
Visualize row after row of racks after racks stacked with mining rigs in hyper-cooled warehouses. That’s what industrialized cryptomining looks like nowadays.
To put it all into perspective, one study estimated that “(t)he top 10% of [Bitcoin] miners control 90% and just 0.1% (about 50 miners) control close to 50% of mining capacity.” That makes cryptomining a difficult field to break into. And that’s why some people cheat.
Enter the cryptojackers. These hackers forgo the massive up-front and ongoing costs of a cryptomining farm. Instead, they build their cryptomining operations off the backs of other people by hijacking or “cryptojacking” their devices. In doing so, they leach the computing resources of others to mine their cryptocurrency.
Cryptojackers will target just about anyone—individuals, companies, and governmental agencies. They’ll infiltrate phones, laptops, and desktops. In larger instances, they’ll go after large server farms or an organization’s cloud infrastructure. This way, they get the computing power they need. Illegally.
As to how cryptojackers pull that off, they have a couple of primary options:
What can that look like in the real world? We’ve seen Android phones harnessed for cryptomining after downloading malicious apps from Google Play. Cryptojackers have created counterfeit versions of popular computer performance software and infected it with cryptojacking code. We’ve also seen cryptojackers tap into the computing power of internet of things (IoT) and smart home devices as well.
Interestingly enough, the rate of cryptojacking attacks is closely tied to the vagaries of the marketplace. As the value of cryptocurrencies rise and fall, so does cryptojacking. The crooks behind these hacks go where they get the biggest bang for their buck. So as cryptocurrencies drop in value, these crooks drop their cryptojacking attacks. They opt for other attacks that offer a higher return on the resources they invest.
Despite its cyclic nature, cryptojacking remains a stubborn problem. Yet you can do plenty to prevent it from happening to you.
Unlike Google Play and Apple’s App Store, which have measures in place to review and vet apps to help ensure that they are safe and secure, third-party sites might very well not. Further, some third-party sites might intentionally host malicious apps as part of a broader scam.
Granted, hackers have found ways to work around Google and Apple’s review process, yet the chances of downloading a safe app from them are far greater than anywhere else. Further, Google and Apple are quick to remove malicious apps when discovered, making their stores that much safer.
Comprehensive online protection software like ours can protect you in several ways. First, our AI-powered antivirus detects, blocks, and removes malware—new and old. This can protect you against the latest cryptojacking attacks. Further, it includes web protection that blocks malicious sites, such as the ones that host web-based cryptojacking attacks. In all, comprehensive online protection software offers a strong line of defense.
Whether cryptojackers try to reach you by email (phishing) or text (smishing), our new McAfee Scam Protection can stop those attacks dead in their tracks. Using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
While hackers love pilfering the computing resources of large organizations, their cryptojacking attacks still target everyday folks. Just as is the case with ransomware, hackers will seek to make their money in volume. Targeting under-protected households can still reap plenty of cryptocurrency when hackers do so in numbers.
Protecting yourself is relatively easy. Several of the same general steps you take to protect yourself online offer protection from cryptojacking attacks as well. Stick to legitimate app stores, use the tools that can quash spammy emails and texts, and go online confidently with online protection software. Nobody should make a fast buck off you. Particularly a cryptojacker.
The post Cryptojacking – Stop Hackers from Making Money Off You appeared first on McAfee Blog.
As AI deepfakes and malware understandably grab the headlines, one thing gets easily overlooked—AI also works on your side. It protects you from fraud and malware as well.
For some time now, we’ve kept our eye on AI here at McAfee. Particularly as scammers cook up fresh gluts of AI-driven hustles. And there are plenty of them.
We’ve uncovered how scammers need only a few seconds of a voice recording to clone it using AI—which has led to all manner of imposter scams. We also showed how scammers can use AI writing tools to power their chats in romance scams, to the extent of writing love poems with AI. Recently, we shared word of fake news sites packed with bogus articles generated almost entirely with AI. AI-generated videos even played a role in a scam for “Barbie” movie tickets.
Law enforcement, government agencies, and other regulatory bodies have taken note. In April, the U.S. Federal Trade Commission (FTC) warned consumers that AI now “turbocharges” fraud online. The commission cited a proliferation of AI tools can generate convincing text, images, audio, and videos.
While not typically malicious in and of themselves, scammers twist these technologies to bilk victims out of their money and personal information. Likewise, just as legitimate application developers use AI to create code, hackers use AI to create malware.
There’s no question that all these AI-driven scams mark a major change in the way we stay safe online. Yet you have a powerful ally on your side. It’s AI, as well. And it’s out there, spotting scams and malware. In fact, you’ll find it in our online protection software. We’ve put AI to work on your behalf for some time now.
With a closer look at how AI works on your side, along with several steps that can help you spot AI fakery, you can stay safer out there. Despite the best efforts of scammers, hackers, and their AI tools.
One way to think about online protection is this: it’s a battle to keep you safe. Hackers employ new forms of attack that try to work around existing protections. Meanwhile, security professionals create technological advances that counter these attacks and proactively prevent them—which hackers try to work around once again. And on it goes. As technology evolves, so does this battle. And the advent of AI marks a decidedly new era in the struggle.
As a result, security professionals also employ AI to protect people from AI-driven attacks.
Companies now check facial scans for skin texture and translucency to determine if someone is using a mask to trick facial recognition ID. Banks employ other tools to detect suspicious mouse movements and transaction details that might be suspicious. Additionally, developers scan their code with AI tools to detect vulnerabilities that might lurk deep in their apps—in places that would take human teams hundreds, if not thousands of staff hours to detect. If at all. Code can get quite complex.
For us, we’ve used AI in our online protection for years now. McAfee has used AI for evaluating events, files, and website characteristics. We have further used AI for detection, which has proven highly effective against entirely new forms of attack.
We’ve also used these technologies to catalog sites for identifying sites that host malicious files or phishing operations. Moreover, cataloging has helped us shape out parental control features such that we can block content based on customer preferences with high accuracy.
And we continue to evolve it so that it detects threats even faster and yet more accurately than before. Taken together, AI-driven protection like ours quashes threats in three ways:
What does AI-driven protection look like for you? It can identify malicious websites before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can keep spyware from stealing your personal information by spotting apps that would connect them to a bad actor’s command-and-control server.
As a result, you get faster and more comprehensive protection with AI that works in conjunction with online protection software—and our security professionals develop them both.
Yet, as it is with any kind of scam, it can take more than technology to spot an AI-driven scam. It calls for eyeballing the content you come across critically. You can spot an AI-driven scam with your eyes, along with your ears and even your gut.
Take AI voice clone attacks, for example. You can protect yourself from them by taking the following steps:
As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.
Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:
1) Consider the context
AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information — like date, time, and place of publication, along with the author’s name.
2) Evaluate the claim
Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.
3) Check for distortions
The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them — or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.
The battle between hackers and the people behind online protection continues. And while the introduction of AI has unleashed all manner of new attacks, the pattern prevails. Hackers and security professionals tap into the same technologies and continually up the game against each other.
Understandably, AI conjures questions, uncertainty, and, arguably, fear. Yet you can rest assured that, behind the headlines of AI threats, security professionals use AI technology for protection. For good.
Yet an online scam remains an online scam. Many times, it takes common sense and a sharp eye to spot a hustle when you see one. If anything, that remains one instance where humans still have a leg up on AI. Humans have gut instincts. They can sense when something looks, feels, or sounds …off. Rely on that instinct. And give yourself time to let it speak to you. In a time of AI-driven fakery, it still stands as an excellent first line of defense.
The post How to Win the Battle Against Deepfakes and Malware appeared first on McAfee Blog.
Maybe you do armloads of shopping on it. Maybe you skip going to the bank because you can tackle the bulk of your finances online. And perhaps you even pay your doctor a visit with it, instead of taking a trip to their office.
The way we use the internet has changed. We rely on it for a wealth of important things. Now more than ever, which makes Cybersecurity Awareness Month more important than ever.
Every October, we proudly take part in Cybersecurity Awareness Month. In partnership with the U.S. Cybersecurity and Infrastructure Agency (CISA) and a host of organizations in the private sector, we shed light on an essential topic—a safer internet.
The time of the internet as a novelty has long passed. The internet isn’t just nice. It’s essential. To the point that it’s a utility, like power or water. With that, a safe internet is a must.
Granted, amid news of data breaches and major hacks, it might seem like the notion of a safer internet is out of your hands. After all, what can you do to make the internet a safer place?
Plenty.
Extra awareness and a few straightforward actions can make your time online far safer than before. And that’s a common theme here on our blog. Even as new threats appear daily, you live in a time where you have some of the most comprehensive and easy-to-use tools to combat them—and keep yourself safe.
With that, Cybersecurity Awareness Month comes with a quick five-step checklist you can run through. Set aside some time this month to knock out each item. You’ll find yourself much more secure from hacks, attacks, and identity theft in the wake of data breaches.
Let’s dive in.
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task. Thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software like ours will include a password manager.
Updates do all kinds of great things for gaming, streaming, and chatting apps—like adding more features and functionality over time. Updates do something else. They make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
For your computers and laptops:
For your smartphones:
For your smartphone apps:
Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account info by posing as a well-known company, organization, or even someone the victim knows. And depending on the info that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes.
What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
Some signs of a phishing attack include:
Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links.
Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken with other reports, your info can aid an investigation and help bring charges on a cybercriminal or an organized ring.
Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it.
How did that scammer get your email address or phone number in the first place? Good chance they bought it off a data broker.
Data brokerages make up a multi-billion-dollar business worldwide. They gather and sort data linked with millions of people globally—and then sell it. To anyone. That could be advertisers, private investigators, and potential employers. That list includes hackers and scammers as well. With your data, they can skim for your contact info so they can hit you with spammy emails, calls, and texts. Worse yet, they can use that info to help them commit identity theft.
Good thing you can get your info removed from those sites. And a service like our Personal Data Cleanup can do the heavy lifting for you. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. With select products, we can even manage the removal for you.
How much time do you spend on the internet each day? Between work, home, and the phone you carry around, it’s around 6.5 hours a day on average. You spend plenty of time on the internet. And important time too as you shop, bank, and tend to your health online.
Taking a few moments this month to shore up your security will make that time safer. Despite what you might have thought, you’re more in control of that than you think.
The post How much do you count on the internet every day? appeared first on McAfee Blog.
You’ve been fortunate over the years — no lost phone, no credit card fraud, no computer viruses. Still, deep down, you fear your sloppy digital habits will eventually catch up with you. So, instead of dread and denial, how about a little peace of mind? The perfect time to take a few easy steps and make your digital life your most unhackable is now. Here are seven easy ways to tighten up your digital habits:
This small action sounds like a big deal, but it’s easy and important. Two-factor authentication simply puts two layers of security on any personal information channels you frequent. Be it your phone, Facebook, email, or bank account, taking the extra time to implement a two-step password entry, will mean potential crooks will get frustrated and move on to someone else’s information.
McAfee Pro Tip: Go into the account settings of any important account and manually opt for a two-factor authentication account entry. Once set up, the next time you log in to your account, you’ll be prompted to provide the secondary authentication, such as entering a code from your authentication app or confirming a text message code
It’s convenient and fun to work from the local coffee shop. However, it only takes one nosey, unethical person at that location to access your computer through that shared public network. Snoopers can easily access your passwords, emails, and anything else on your computer. Do your sensitive work at home or in the office on a secure, password-protected network and save your non-wifi workload, such as report reading or writing (sans wifi) for the coffee shop. Avoid doing any banking or private work on public wifi, especially.
McAfee Pro Tip: Check the URL in your browser’s address bar. If it starts with “https” (rather than just “http”), it’s secure and encrypted, ensuring your data is protected during transmission. If it’s only “http,” the site isn’t secure, so avoid proceeding. If using public Wi-Fi, activate your firewall in your security settings to block incoming traffic and enhance protection against potential threats.
According to McAfee’s Digital Asset Study, the most common mistake consumers make is using the same password for all or most online accounts. If this is you, break this poor habit once and for all.
Take this step: Take an hour of your day and change and document your passwords. Once you’ve beefed up your passwords, you can simplify the password process by using True Key multi-factor authentication service for free. A strong password has all of the following characteristics:
→ Dig Deeper: 5 Tips For Creating Bulletproof Passwords
Simplify, simplify, simplify your gadget use, and your safety will improve immediately. With so many digital assets flying at us daily — email, images, files, documents, attachments — it’s easy to get overwhelmed. And, when we are overwhelmed, it’s easy to get sloppy in the places that matter most — like privacy. Focus on your safety and declutter your devices when needed.
To organize:
While you sleep, work, or play, hackers tirelessly attempt to infiltrate your computer with malicious software, spyware, and viruses. The lack of anti-virus software on your device is an open invitation to these cyber criminals. Therefore, consider investing in robust antivirus software this year. In addition to this, consider installing filtering software to enhance your social media safety, making it a safer platform for your entire family.
Want to take your privacy a notch higher? Consider cutting back on your social sharing. Hackers often create fake social media accounts and use them to monitor your personal data. A determined identity thief on Facebook can gather enough information about you to bypass the security questions on your accounts, potentially gaining access to your financial data. It’s time to rethink your approach to social media. Consider pruning your social circle on platforms like Facebook, Twitter, Instagram, and Snapchat to include only those you know and trust. The lure of high follower numbers is not worth the risk of a potential security breach. Remind your family never to post personal details like your full name, Social Security number, address, phone number, and account numbers on public websites.
To minimize potential damage from oversharing, exercise caution when accepting friend requests or follows from people you don’t know. Also, remember to check your privacy settings. Many platforms allow you to control who sees your posts, profile information, and tagged photos. These features will give you greater control over your online presence.
→ Dig Deeper: Protecting Your Privacy on Social Media
Updating software can seem like a chore, especially during a busy workday. However, it’s vital to ensure your digital life remains secure. Cybercriminals always look for outdated software and browsers, preying on the security gaps they exploit. If you frequently use software such as Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader, Java, or browsers like Chrome and Internet Explorer, ensure you’re always running the latest version. By consciously keeping your software updated, you’re erecting yet another line of defense against potential cyber threats.
Furthermore, remember to back up your files regularly. In case of a cyber-attack, a recent backup can save you a lot of trouble and ensure you don’t lose any crucial data.
→ Dig Deeper: Why Software Updates Are So Important
As cybercrimes become increasingly rampant, consider it an ideal opportunity to tighten your digital habits. Investing a little time and effort into securing your digital life can ensure a safer, more protected online experience. Following these simple steps; implementing two-factor authentication, avoiding public wifi, strengthening passwords, decluttering devices, targeting software, reconsidering sharing habits, and staying updated can profoundly impact your digital security. Here’s to a secure and serene digital life with McAfee!
The post 7 Ways to Clean Up Those Sloppy Digital Habits appeared first on McAfee Blog.
As healthcare integrates increasingly digital processes into its operations, the need for robust security measures increases. For many of us, visiting our healthcare provider involves filling out forms that are then transferred into an Electronic Health Record (EHR) system. We put our trust in these healthcare institutions, expecting them to take the necessary steps to store our sensitive data securely. However, with a significant rise in medical data breaches, a whopping 70% increase over the past seven years, it has become more important to understand how these breaches occur and how we can protect ourselves.
Recently, LabCorp, a medical testing company, announced a breach affecting approximately 7.7 million customers, exposing their names, addresses, birth dates, balance, and credit card or bank account information. This breach occurred due to an issue with a third-party billing collections vendor, the American Medical Collection Agency (AMCA). Not long before this, Quest Diagnostics, another company collaborating with AMCA, experienced a similar breach, affecting 11.9 million users.
Medical data is, by nature, nonperishable, making it a highly valuable asset for cybercriminals. This means that while a credit card number or bank account detail can be changed if compromised, medical information remains constant, maintaining its value over time. This also suggests that once procured, this information can be used for various malicious activities, from identity theft to extortion.
Realizing that the healthcare industry is riddled with various security vulnerabilities is crucial. Unencrypted traffic between servers, the ability to create admin accounts remotely, and the disclosure of private information are all shortcomings that these cybercriminals can exploit. With such access, they can permanently alter medical images, use medical research data for extortion, and much more. According to the McAfee Labs Threats Report, the healthcare sector witnessed a 210% increase in publicly disclosed security incidents from 2016 to 2017, resulting from failure to comply with security best practices or address vulnerabilities in medical software.
→ Dig Deeper: How to Safeguard Your Family Against A Medical Data Breach
While the onus lies on healthcare institutions to ensure the security of patients’ data, there are several steps that individuals can take on their own to safeguard their privacy. These steps become particularly pivotal if you think your personal or financial information might have been compromised due to recent breaches. In such instances, following certain best practices can significantly enhance your personal data security.
One such measure is placing a fraud alert on your credit. This effectively means that any new or recent requests will be scrutinized, making it challenging for fraudulent activities to occur. Additionally, the fraud alert enables you to access extra copies of your credit report, which you can peruse for any suspicious activities.
Another effective step you can consider is freezing your credit. Doing so makes it impossible for criminals to take out loans or open new accounts in your name. However, to execute this effectively, remember that credit needs to be frozen at each of the three major credit-reporting agencies – Equifax, TransUnion, and Experian.
Moreover, vigilance plays a critical role in protecting your personal data. Regularly checking your bank account and credit activity can help you spot any anomalies swiftly, allowing you to take immediate action.
McAfee Pro Tip: To lock or to freeze? That is the question. Credit lock only offers limitations in accessing an account. A credit freeze generally has more security features and financial protections guaranteed by law and the three major credit bureaus, so you’ll have more rights and protection if identity theft, fraud, scams, and other cybercrimes occur with a credit freeze compared to a credit lock. Learn more about the difference between credit freeze and credit lock here.
Identity theft protection services offer an additional layer of security to protect your personal as well as financial information. They actively monitor your accounts, provide prompt alerts for any suspicious activities, and help you recover losses if things go awry. An identity theft protection service like McAfee Identity Theft Protection can be beneficial. Remember, however, that even with such a service, you should continue practicing other security measures, as they form part of a comprehensive approach to data security.
These services work in the background to ensure constant protection. However, choosing a reputable and reliable identity theft protection service is essential. Do thorough research before committing and compare features such as monitoring services, recovery assistance, and insurance offerings. This step can help protect you not only during medical data breaches but also on other digital platforms where your personal information is stored.
If you suspect your personal data has been compromised, you should check your bank account and credit activity frequently. Regular monitoring of your accounts empowers you to stop fraudulent activity. Many banks and credit card companies provide free alerts—through an email or text message—whenever a new purchase is made, an unusual charge is noticed, or your account balance drops to a particular level.
Besides, you should also consider utilizing apps or online services provided by banks and credit companies to keep an eye on your accounts. Such tools can help you track your financial activity conveniently and take instant action if any suspicious activity is spotted. Regularly updating your contact information with banks and credit companies is also important, as it ensures you receive all alerts and updates on time.
→ Dig Deeper: Online Banking—Simple Steps to Protect Yourself from Bank Fraud
Increased digitization in the healthcare sector has brought convenience and improved patient services. However, it also presents attractive targets for cybercriminals eager to exploit vulnerabilities for personal gain. Medical data breaches are concerning due to their potential long-term impacts, so it’s critical to protect your personal information proactively.
While healthcare institutions must shoulder the primary responsibility to safeguard patient information, users are far from helpless. By placing a fraud alert, freezing your credit, using identity theft protection services like McAfee Identity Theft Protection, and maintaining vigilance over your financial activity, you can form a comprehensive defense strategy to protect yourself against potential breaches.
The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blog.
Beyonce sang “if you like it you better put a ring on it” but the same can be said for our personal information on our mobiles. But rather than a ring, the lyric would be “If you like it, you better put a PIN on it.” A PIN, or Personal Identification Number, is your first defense against thieves or hackers who might want to access your private data from your smartphone or tablet.
As we increasingly depend on our digital devices to store and transfer personal data and use the internet for transactions, we are also becoming increasingly vulnerable to digital attacks on our privacy. Having a PIN on your devices is a simple but effective way to add an extra layer of security. Yet, it is reported that half of iPhone users, for instance, don’t use a lock on their devices. In another study, a nationwide survey by Consumer Reports in 2014 found that 30% of people don’t have a PIN or passcode on their smartphones or tablets. This is concerning because by not securing their devices, they are exposing themselves to potential threats of financial fraud, identity theft, and privacy loss.
Your device and its private data are invaluable resources for any potential hacker or data thief. Yet, we often do not protect our smartphones or tablets, the sensitive information they contain, or our wallets or home computers. Every day should be Data Privacy Day, a time to stress the importance of taking privacy seriously and review your privacy settings and practices.
→ Dig Deeper: What is Data Privacy and How Can I Safeguard It?
By not protecting your mobile devices, you are potentially opening yourself up to financial fraud, identity theft, and overall invasion of your privacy. The data available on your phone, from personal photos and conversations to banking information and private documents, can be a goldmine for any potential attacker. This is why companies like McAfee are announcing new pushes for personal security, such as the “Crack the Pin” initiative. This encourages people to take simple steps toward preserving their privacy by locking, tracking, and encrypting their devices.
From fortifying your online accounts with robust passwords to understanding the intricacies of encryption, and from practicing discretion in sharing personal information to recognizing the red flags of phishing attempts, let’s explore a comprehensive set of strategies and practices to help you navigate the digital world with confidence and protect what matters most—your privacy.
One way to ensure the privacy of your mobile devices is through the use of mobile security products. McAfee, for example, has products such as McAfee Mobile Security and McAfee LiveSafe that are designed specifically to protect your devices and the personal data stored on them. These products provide a wide range of security features, from data encryption to anti-theft measures and privacy protection. They can scan apps for potential threats, prevent phishing attacks, and allow you to locate, lock, and wipe your devices in case they get lost or stolen.
→ Dig Deeper: Does My Phone Have a Virus?
Beyond using security products, staying educated on the latest data privacy trends and security measures is also important. This includes keeping your operating system and apps updated, as software updates often contain vital security improvements. Regularly backing up your data is also crucial so that your personal data is not completely lost in the event of a device loss or failure.
Another important aspect of securing your mobile devices is encryption. Encryption is a process that converts your data into an unreadable format that cannot be understood without the correct decryption key. Essentially, even if a hacker or thief manages to access your device, they cannot read your data if it is encrypted. Many smartphones and tablets have encryption options built into the settings, but it’s up to the user to ensure they turn it on and use it correctly.
When it comes to encryption, it’s also crucial to understand the difference between device encryption and app encryption. Device encryption ensures that all data stored on your device is secure, while app encryption secures data within specific apps. While both are important, device encryption is generally considered more comprehensive. However, you should still check the privacy settings in individual apps to ensure your data is protected.
McAfee Pro Tip: When engaging in activities like online banking, shopping, or signing up on a website that requests your personal details, be sure to check for a website address that commences with “https:” rather than just “http:”. This signifies that the site employs encryption for added security. Learn more about encryption here.
In conclusion, securing your mobile devices and their precious personal data should be a top priority. The first step is to put a PIN on your devices and ensure it’s not easily guessable. Other important steps include refraining from sharing your PIN, using security products, staying updated on the latest privacy trends, and employing encryption for comprehensive security. Remember, data privacy is not a one-time event, but a continuous process that requires regular attention and action. So let’s take a page from Beyonce’s book and “put a PIN on it” to keep our private data safe and secure.
The post Put a PIN on It: Securing Your Mobile Devices appeared first on McAfee Blog.
For weeks and even months now, millions of us have relied on the internet in ways we haven’t before. We’ve worked remotely on it, our children have schooled from home on it, and we’ve pushed the limits of our household bandwidth as families have streamed, gamed, and conferenced all at the same time. Something else is new—more and more of us have visited our doctors and healthcare professionals online. Needless to say, this is an entirely new experience for many. And with that, I got to thinking about seniors. What’s been their experience with telemedicine? What concerns have they had? And how can we help?
For starters, an online doctor’s visit is known as telemedicine—a way of diagnosing and treating a medical issue remotely. With telemedicine, care comes from your smartphone or computer via a video conference or a healthcare provider’s portal.
Telemedicine is not new at all. It’s been in use for some time now, such as in rural communities that have little access to local healthcare professionals, in cases of ongoing treatment like heart health monitoring and diabetes care, and in situations where a visit to the doctor’s office simply isn’t practical. What is new is this: telemedicine has made a significant leap in recent months.
A recent global consumer survey by Dynata took a closer look at this trend. The research spanned age groups and nations across North America and Europe, which found that 39% of its respondents consulted a physician or healthcare professional online in the past few months. Of them, two-thirds said they used telemedicine as part of their care. Yet more telling, 84% of those who recently had a telemedicine appointment said this was the first time they used telemedicine.
Dynata’s study also looked at their attitudes and experiences with telemedicine based on age and reported that members of the Baby Boomer generation found the experience satisfactory—just over 55%. Interestingly, this was also quite consistent across other age groups, with all hovering just above or below that same level of satisfaction.
Another study gives us insight into how seniors’ opinions about telemedicine may have changed in the past year. We can contrast the findings above with a University of Michigan study that polled American adults aged 50 to 80 in the middle of 2019. On the topic of telemedicine, the research found that:
The University of Michigan study also asked how older Americans felt about telemedicine visits. At that time in 2019, only 14% said that their provider offered telemedicine visits, while 55% didn’t know if they had the option available to them at all. Just a small number, 4%, said they’d had a telemedicine visit within the year. Needless to say, it’ll be interesting to see what 2020’s results would have to say should the university run this poll again.
In terms of their experience with telemedicine, of those who had at least one telemedicine visit, 58% felt that in-person office visits provided an overall better level of care, and about 55% felt that in-person visits were better for communicating with their healthcare professional and feeling better cared-for overall.
→ Dig Deeper: 6 Tips for a Safer and Easier Telemedicine Visit
While it may seem daunting for seniors to navigate the world of telemedicine, there are several advantages to this healthcare approach. One of the main benefits of telemedicine is the elimination of travel time. This can be particularly beneficial for seniors with mobility issues or living in rural areas lacking transportation. As all consultations are conducted virtually, seniors can access healthcare from the comfort of their homes.
Another benefit is the ease of monitoring chronic conditions. Telemedicine allows healthcare providers to closely monitor patients’ symptoms and adjust treatment plans without requiring frequent office visits. This not only saves time but can also lead to better health outcomes. With health trackers and mobile applications, healthcare providers can remotely monitor vitals like blood sugar levels or heart rate, enabling immediate intervention if required.
→ Dig Deeper: How to Make Telehealth Safer for a More Convenient Life Online
The main barrier to telemedicine for seniors is often technology. A lack of familiarity with the required devices and applications can prove daunting for some. However, with a little help and guidance, this can be overcome. Caregivers, family members, or telemedicine providers can teach seniors how to use the necessary technology. Various user-friendly applications are designed with seniors in mind, simplifying the process.
Providers also often have customer support available to assist with any technological difficulties. It’s essential to remember that the benefits of telemedicine can considerably outweigh the initial learning curve of navigating these new tools. Practice and patience can go a long way in making telemedicine a comfortable and convenient option for seniors.
McAfee Pro Tip: One essential item seniors should have during their visit is a dependable device they are familiar with. This could include a desktop computer, laptop, smartphone, or tablet. Remember that certain telemedicine solutions used by healthcare providers might have specific requirements, so it’s important to check those and ensure their devices are compatible.
Telemedicine can benefit seniors, offering more accessible healthcare services and better chronic condition management. While technological may seem challenging, it can be successfully navigated with the right guidance and support. Ultimately, telemedicine is a tool to improve healthcare accessibility and outcomes for seniors, and taking the first steps towards embracing it can lead to better health and comfort.
Improve your telemedicine use with McAfee+, which comes with identity monitoring, unlimited VPN, antivirus, scam protection, data cleanup, and more.
The post Medical Care From Home: Telemedicine and Seniors appeared first on McAfee Blog.
One of the essential aspects of digital security resides in the strength of our passwords. While they are the most convenient and effective way to restrict access to our personal and financial information, the illusion of a fully secure password does not exist. The reality is that we speak in terms of less or more secure passwords. From a practical perspective, we must understand the behind-the-scenes actions that could potentially compromise our passwords and consequently, our digital lives.
Unfortunately, most users frequently overlook this crucial part of their digital existence. They remain largely ignorant of numerous common techniques that hackers employ to crack passwords, leading to the potential loss of personal details, financial information, or even identity theft. Therefore, this blog aims to enlighten readers on how they might be unknowingly making their passwords vulnerable.
Passwords serve as the first line of defense against unauthorized access to our online accounts, be it email, social media, banking, or other sensitive platforms. However, the unfortunate reality is that not all passwords are created equal, and many individuals and organizations fall victim to password breaches due to weak or compromised credentials. Let’s explore the common techniques for cracking passwords, and learn how to stay one step ahead in the ongoing battle for online security.
In the world of cyber-attacks, dictionary attacks are common. This approach relies on using software that plugs common words into the password fields in an attempt to break in. It’s an unfortunate fact that free online tools exist to make this task almost effortless for cybercriminals. This method spells doom for passwords that are based on dictionary words, common misspellings, slang terms, or even words spelled backward. Likewise, using consecutive keyboard combinations such as qwerty or asdfg is equally risky. An excellent practice to deflect this attack is to use unique character combinations that make dictionary attacks futile.
Besides text-based passwords, these attacks also target numeric passcodes. When over 32 million passwords were exposed in a breach, nearly 1% of the victims used ‘123456’ as their password. Close on its heels, ‘12345’ was the next most popular choice, followed by similar simple combinations. The best prevention against such attacks is avoiding predictable and simple passwords.
→ Dig Deeper: Cracking Passwords is as Easy as “123”
While security questions help in password recovery, they also present a potential vulnerability. When you forget your password and click on the ‘Forgot Password’ link, the website generally poses a series of questions to verify your identity. The issue here is that many people use easily traceable personal information such as names of partners, children, other family members, or pets as their answers, some of which can be found on social media profiles with little effort. To sidestep this vulnerability, it’s best not to use easily accessible personal information as the answer to security questions.
McAfee Pro Tip: Exercise caution when sharing content on social media platforms. Avoid making all your personal information publicly accessible to thwart hackers from gathering sensitive details about you. Learn more about the dangers of oversharing on social media here.
A common mistake that many internet users make is reusing the same password for multiple accounts. This practice is dangerous as if one data breach compromises your password, the hackers can potentially gain access to other websites using the same login credentials. According to a report published by LastPass in 2022, a recent breach revealed a shocking password reuse rate of 31% among its victims. Hence, using unique passwords for each of your accounts significantly reduces the risk associated with password reuse.
Moreover, it’s also advisable to keep changing your passwords regularly. While this might seem like a hassle, it is a small price to pay for ensuring your digital security. Using a password manager can help you remember and manage different passwords for different websites.
Social Engineering is a non-technical strategy that cybercriminals use, which relies heavily on human interaction and psychological manipulation to trick people into breaking standard security procedures. They lure their unsuspecting victims into revealing confidential data, especially passwords. Therefore, vigilance and skepticism are invaluable weapons to have in your arsenal to ward off such attacks.
The first step here would be not to divulge your password to anyone, no matter how trustworthy they seem. You should also be wary of unsolicited calls or emails asking for your sensitive information. Remember, legitimate companies will never ask for your password through an email or a phone call.
Despite the vulnerabilities attached to passwords, much can be done to enhance their security. For starters, creating a strong password is the first line of defense. To achieve this, you need to use a combination of uppercase and lowercase letters, numbers, and symbols. Making the password long, at least 12 to 15 characters, significantly improves its strength. It’s also advisable to avoid using common phrases or strings of common words as passwords- they can be cracked through advanced versions of dictionary attacks.
In addition to creating a strong password, adopting multi-factor authentication can greatly enhance your account security. This technology requires more than one form of evidence to verify your identity. It combines something you know (your password), something you have (like a device), and something you are (like your fingerprint). This makes it more difficult for an attacker to gain access even if they have your password.
→ Dig Deeper: 15 Tips To Better Password Security
The future of passwords looks promising. Scientists and tech giants are working relentlessly to develop stronger and more efficient access control tools. Biometrics, dynamic-based biometrics, image-based access, and hardware security tokens are some of the emerging technologies promising to future-proof digital security. With biometrics, users will no longer need to remember complex passwords as access will be based on unique personal features such as fingerprints or facial recognition.
Another promising direction is the use of hardware security tokens, which contain digital certificates to authenticate the user. These tokens can be used in combination with a password to provide two-factor authentication. This makes it more difficult for an attacker to gain access as they would need both your token and your password. While these technologies are still developing, they suggest a future where access control is more secure and user-friendly.
In conclusion, while there’s no such thing as a perfectly secure password, much can be done to enhance their security. Understanding the common techniques for cracking passwords, such as dictionary attacks and security questions’ exploitation, is the first step towards creating more secure passwords. Using unique complex passwords, combined with multi-factor authentication and software tools like McAfee’s True Key, can greatly improve the security of your accounts.
The future of passwords looks promising with the development of biometrics and hardware security tokens. Until then, it’s crucial to adopt the best password practices available to protect your digital life. Remember, your online security is highly dependent on the strength and uniqueness of your passwords, so keep them complex, unique, and secure.
The post What Makes My Passwords Vulnerable? appeared first on McAfee Blog.
Getting a text message is a lot like someone calling out your name. It’s tough to ignore.
Delivery notifications, messages from your bank, job offers, and security alerts—those texts have a way of getting your attention. And scammers know it. In the U.S. alone, their text-based scams accounted for a reported $330 million in losses in 2022—nearly a 5x increase compared to 2019.
When it comes time for scammers to reach their victims, text messages are the top choice. Far more so than email or phone calls. Estimates show that up to 98% of people will read a text message. Half of them will answer it. Compare that to email, which has an open rate that hovers around 20% and a reply rate of 6%.
In all, text scams make for cheap, easy, and effective attacks. Even more so with the help of highly convincing messages scripted by AI.
Scammers simply have it easier and easier these days. Or so it can seem. Now you have an AI-powered tool that can finally put an end to those scam texts on your phone— McAfee Scam Protection.
Let’s check out the top scams out there today, and then how McAfee Scam Protection and a few other steps can make your time on your phone a lot less annoying and a lot safer as well.
According to the Federal Trade Commission (FTC), five specific text scams account for 42% of scams randomly sampled by the commission. Here’s how they stack up:
Sound familiar, like something that you’ve seen pop up on your phone? Chances are it does. In all, the scammers behind these texts want the same thing—your personal info, money, or a combination of both. They just take different routes to get there.
Beyond the top five, the other 58% of scams put their spin on their texts. However, different as they are, these scam texts have several common signs you can spot.
First off, they usually include a link. The link might include unusual strings of characters and a web address that doesn’t match who the message says it’s coming from. Like a bogus notice from the post office that doesn’t use the official post office URL. Or, the link might look almost like a legitimate address, but changes the name in a way that indicates it’s bogus.
Instead of a link, the text might contain a phone number to call. Sophisticated scam operations run call centers that work much like legitimate call centers—although scammers design them to steal your money and personal info.
The message might employ a scare tactic or threat. Scammers love this approach because it successfully plays on people’s emotions and gets them to act quickly without much thinking.
Sometimes, the text might be a seemingly innocent message. Like, “Is this Steven’s number?” Or, “I’ll always love you.” Sometimes it’s only a simple, “Hi.” This is by design. The scammer wants to pique your curiosity, or your desire to be helpful, and then respond. From there, the scammer will try to strike up a conversation, which can lead to a romance scam or a similar con game like an online job scam.
Fortunately, scammers tend to follow a basic script. You’ll see variations, of course. Yet these texts share common elements, just as text scams in general do. That makes them easy to spot.
Be on the lookout for:
Bank scams like, “BANK FRAUD ALERT: Did you make a $4,237.95 purchase at Jacuzzi World? Please confirm!” You’ll know if it’s a scam if the text:
Gift scams like, “ATT FREE MESSAGE. Thanks for paying your bill. Click here for a reward.” First, you can note that the scammer spelled the phone carrier AT&T incorrectly. Other signs of a scam include:
Delivery scams like, “We were unable to deliver your shipment. Please update your info so that we can get your package to you.” This is a common one, and you can spot it several ways:
Job scams like, “BE A SECRET SHOPPER. Make $500 per store! Click the link to get started!” A company that hires employees by sending thousands of spammy texts isn’t a company at all. It’s a scam. Other signs are:
Amazon scams like, “TRANSACTION ALERT: Your purchase of a 65” QLED TV for $1,599.99 is confirmed. Not you? Contact us to cancel the order.” This is a spin on the bank fraud alert, with the scammers posing as Amazon’s fraud team. Aside from using the Amazon name, other signs include:
With what you need to spot scam texts, now you can avoid the damage they can do. And you can take additional steps to keep them from reaching you altogether.
1. Don’t tap on links in text messages: If you follow one piece of advice, it’s this.
2. Follow up directly: If you have concerns, get in touch with the company you think might have sent it. Manually type in their website and enquire there. Again, don’t tap any links.
3. Clean up your personal data: Scammers must have gotten your number from somewhere, right? Often, that’s an online data broker—a company that keeps thousands of personal records for millions of people. And they’ll sell those records to anyone. Including scammers. A product like our Personal Data Cleanup can help you remove your info from some of the riskiest sites out there.
4. Get scam protection: Using the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your phone. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
Also, consider playing a part in the solution.
Businesses, agencies, and law enforcement work together to shut down scams. Many of them have websites and points of contact for reporting fraud. Netflix offers a good example, and so does the Internal Revenue Service (IRS) in the U.S. McAfee has a page dedicated to fraud as well.
Further, in the U.S., you can also report it to the FTC at https://www.ReportFraud.ftc.gov. Similarly, they use and share reports with law enforcement partners to help with investigations.
If you spot a clear imposter or scam, give some thought to grabbing a screenshot and reporting it.
Even as scammers’ attacks get more sophisticated, the tools that can beat them are more sophisticated as well. In part thanks to AI. With a sharp eye, tools like McAfee’s Scam Protection can help you steer clear of text scams.
With both in place, you can improve the chances that your next incoming text is from a friend that brings a smile to your face—instead of a scam text that leaves you shaking your head.
The post Hold onto Your Phone, and Your Wallet – The Top Five Text Scams appeared first on McAfee Blog.
I have a confession to make – I so wish ChatGPT was around when my kids were younger. I realise that it’s not perfect but in my opinion, it’s like having a personal digital assistant to help you wade through those super heavy parenting years. Imagine how helpful it would be to have your ‘assistant’ develop a personalised bedtime story for your 6-year-old or, work out what you can cook with just the ingredients in your fridge!! I am so sure I would have been a more relaxed mother if I had ChatGPT working for me!!
How Does ChatGPT Work?
ChatGPT is an amazing website that allows you to have human-like conversations with a chatbot that is driven by Artificial Intelligence (AI) technology. The chatbot can answer your questions, compose emails and essays, translate text, develop code and more. At the time of writing, there is a free version of ChatGPT available which gives the user unlimited access however the paid premium version of $US20 per month gives priority access during peak times, faster response speeds and exclusive access to GPT-4 – a smarter and more capable chatbot!
If you’d like to know more about it, check out my Parents’ ChatGPT Guide which will help fill in the blanks.
How ChatGPT Can Make You A Better Parent
There are so many ways ChatGPT can reduce the stress of parenting and give you some much-needed head space. Here are my top 5:
1. What’s For Dinner?
If I look back at the super intense parenting years when I was working full-time with 4 kids, one of the greatest causes of my stress was dinner. I often wouldn’t have the physical energy to read a recipe book or stop at the shops after an afternoon of school and extra-curricular pickups so I would be scrambling to feed a bunch of ravenous boys. Imagine how good it would be to have your digital assistant, aka ChatGPT, devise a recipe based on what you have in your fridge and pantry? Nothing short of life-changing, in my opinion. And it can even factor in dietary restrictions! So clever!!
2. Can You Tell Me A Bedtime Story
My boys loved bedtime stories – preferably personalised! I know, very demanding!! Now, with 4 separate stories to deliver every night, you can only imagine how much mental energy this required. But if I had ChatGPT working for me, this would take just seconds to solve. Simply enter the name and age of the child (no surnames), the setting, the names of other characters that should be included, and then a theme e.g. hero’s journey, determination, friendship, and wham bam – you’ve got something ready to go!
3. Your Next Holiday – Sorted!
When things are so hectic, it is often the thought of a vacation that can keep you going. However, let’s be honest, successful holidays take quite a bit of planning to get right. Well – that’s where your digital assistant can help. If you ask, ChatGPT can develop itineraries with activity suggestions. It can also recommend hotels – simply ask it for suggestions within a specific location e.g. close to the Eiffel Tower. And it can also tailor its recommendations based on your budget. After planning and managing family holidays for my clan of 6 for well over 20 years, this is a life-changing feature!
4. The Best Birthday Party Checklist Ever
Far out, birthday parties can be stressful experiences. Invitations, themes, venue, entertainment, kids’ food, lolly bags, parents’ food, parents’ drinks, the list goes on and on. But if you haven’t already put ChatGPT to work as a party planner – then you’re missing out. Simply type in the age of the child and it can give you an entire plan. It will also give you 20-25 top tips that I guarantee will ensure you have everything covered!
5. Homework Help
If you’ve got a tribe of kids who are all at various levels and need homework help, then staying up to date with maths and science can be quite exhausting – particularly after a long day at work! Simply entering ‘explain’ or ‘explain so a 10-year-old can understand’ into ChatGPT will provide you with enough smarts to get that homework done. Of course, fact-checking ChatGPT is essential but what it will provide is some momentum in the right direction.
But A Word of Caution
ChatGPT can absolutely make your life easier as a parent but there are a few things to remember before you start typing into that chat box.
1. It Doesn’t Always Get Everything Right
It’s important to double-check everything. Ensure your kids also appreciate that everything online needs to be double-checked.
2. Be Mindful of Your Privacy When Using It
For a full explanation of its impact on privacy and how you can protect yourself, check out my recent blog post about . But to summarise: be careful what you share in the chat box, stay anonymous, and consider deleting your chat history.
3. Consider How You Use It With Your Kids
One of the biggest negatives of ChatGPT is its potential impact on creativity and thinking skills. Some schools and universities have banned its use while others have specialised programs that supposedly can detect whether a student has used it. While it does sadden me that our kids won’t need to struggle over complex maths questions or English essays like we did, I am a realist and believe that whether we like it or not – it is here to stay. My prediction is that the school and university systems will adapt because generative AI will be a part of our kids’ world. Our role as parents and educators is to teach them how to use it safely and with a critical-thinking mindset.
So, if you’ve dreamed about hiring a personal assistant (I do regularly!) then you so need to check out ChatGPT. It will help you get through your ‘to-do’ list, save you so much time and energy which means you’ve got more time to spend with your kids – or by yourself under a tree. You choose!!
Till Next Time
Stay Safe Online
Alex
The post Could ChatGPT Be The Best Thing That’s Ever Happened To Your Family? appeared first on McAfee Blog.
Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list of topics to cover off when you are a parent. But if you take a minute to picture someone stealing your child’s identity or using their personal information to take out a loan for a shiny new car then you’ll probably want to move it closer to the top of your parenting to-do list!
What Is Identity Theft?
Identity theft occurs when a person’s personal identifying information is used without their permission, usually to commit fraud by making unauthorised purchases or transactions. Identity theft can happen in many ways, but its victims are usually left with significant damage to their finances, credit score, and even their mental health.
Most people associate identity theft with data breaches – think Optus, Latitude Financial and Medibank – however, there are many more ways that scammers can get their hands on your personal identifying details. They can use ‘phishing’ emails to get information from you, do a deep dive on your social media accounts to find identifying information in posts or photos, hack public Wi-Fi to access any information you share or simply, steal your wallet or go through your trash!!
How Big An Issue Is It Really?
In short, it’s a big problem – for both individuals and organisations. And here are the statistics:
How Do You Know If You’re a Victim?
One of the biggest issues with identity theft is that you often don’t immediately know that you’re a victim. In some cases, it might take weeks before you realise that something is awry which unfortunately, gives the thief a lot of time to wreak havoc! Some of the signs that something might be wrong include:
What To Do If You Think You’re a Victim
The key here is to act as soon as you believe you are affected. Don’t stress that there has been a delay in taking action – just take action now! Here’s what you need to do:
1. Call Your Bank
Your first call should be to your bank so they can block the affected account. The aim here is to prevent the scammer from taking any more money. Also remember to block any cards that are linked to this account, either credit or debit.
2. Change Your Passwords
If your identity has been stolen then it’s highly likely that the scammer knows your passwords so change the passwords for the affected accounts straight away!! And if you have used this same password on any other accounts then change these also. If you can’t remember, you can always reset the passwords on key accounts just to be safe.
3. Report It
It may feel like a waste of time reporting your identity theft, but it is an important step, particularly as your report becomes a formal record – evidence you may need down the track. It may also prevent others from becoming victims by helping authorities identify patterns and hopefully, perpetrators. If you think your personal identifying information has been used, report it to the Australian authorities at ReportCyber.
4. Make a Plan
It’s likely you’re feeling pretty overwhelmed at what to do next to limit the damage from your identity theft – and understandably so! Why not make a contract with IDCARE? It’s a free service dedicated to assisting victims of identity theft – both individuals and organisations – in Australia and New Zealand.
How Do We Talk To Our Kids About It?
If there is one thing I have learned in my 20+ years of parenting, it is this. If you want to get your kids ‘onboard’ with an idea or a plan, you need to take the time to explain the ‘why’. There is absolutely no point in asking or telling them to do something without such an explanation. It is also imperative that you don’t lecture them. And the final ingredient? Some compelling statistics or research – ideally with a diagram – my boys always respond well to a visual!
So, if you haven’t yet had the identity theft chat with your kids then I recommend not delaying it any further. And here’s how I’d approach it.
Firstly, ensure you are familiar with the issue. If you understand everything I’ve detailed above then you’re in good shape.
Secondly, arm yourself with relevant statistics. Check out the ones I have included above. Why not supplement this with a few relevant news stories that may resonate with them? This is your ‘why’.
Thirdly, focus on prevention. This needs to be the key focus. But don’t badger or lecture them. Perhaps tell them what you will be doing to minimise the risk – see below for your key ‘hot tips’ – you’re welcome!
What You Can Do To Manage Identity Theft?
There are a few key things that you can today that will both minimise your risk of becoming a victim and the consequences if you happen to be caught up in a large data breach.
1. Passwords
Managing passwords for your online accounts is one of the best risk management strategies for identity theft. I know it’s tedious, but I recommend creating a unique and complex 10+ digit password for each of your online accounts. Tricky passwords make it harder for someone to get access to your account. And, if you use the same log-in details for each of your online accounts – and your details are either leaked in a data breach or stolen – then you could be in a world of pain. So, take the time to get your passwords sorted out.
2. Think Before You Post
Sharing private information about your life on social media makes it much easier for a scammer to steal your identity. Pet names, holiday destination and even special dates can provide clues for passwords. So, lock your social media profiles down and ensure your privacy settings are on.
3. Be Proactive – Monitor Your Identity Online
Imagine how good it would be if you could be alerted when your personal identifying information was found on the Dark Web? Well, this is now a reality! McAfee’s latest security offering entitled McAfee+ will not only protect you against threats but provide 24/7 monitoring of your personal details so it can alert you if your information is found on the Dark Web. And if your details are found, then advice and help may also be provided to remedy the situation. How good!!
4. Using Public Computers and Wi-Fi With Caution
Ensuring you always log out of a shared computer is an essential way of keeping prying eyes away from your personal identifying information. And always be super careful with public Wi-Fi. I only use it if I am desperate and I never conduct any financial transactions, ever! Cybercriminals can ‘snoop’ on public Wi-Fi to see what’s being shared, they can stage ‘Man in The Middle Attacks’ where they eavesdrop on your activity, or they can lure you to use their trustworthy sounding Wi-Fi network – designed purely to extract your private information!
5. Monitor Your Bank Accounts
Why not make a habit of regularly checking your bank accounts? And if you find anything that doesn’t look right contact your bank immediately to clarify. It’s always best to know if there is a problem so you can address it right away.
With so many Aussies affected by data breaches and identity theft, it’s essential that our kids are armed with good information so they can protect themselves as best as possible. Why not use your next family dinner to workshop this issue with them?
Till Next Time
Stay Safe Online
Alex
The post How to Talk To Your Kids About Identity Theft appeared first on McAfee Blog.
The tables have turned. Now you can use AI to spot and block scam texts before they do you harm.
You might have heard how scammers have tapped into the power of AI. It provides them with powerful tools to create convincing-looking scams on a massive scale, which can flood your phone with annoying and malicious texts.
The good news is that we use AI too. And we have for some time to keep you safe. Now, we’ve put AI to use in another powerful way—to put an end to scam texts on your phone.
Our new Text Scam Detector automatically identifies and alerts you if it detects a dangerous URL in your texts. No more wondering if a package delivery message or bank notification is real or not. Our patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
The time couldn’t be more right for this kind of protection. Last year, Americans lost $330 million to text scams alone, more than double the previous year, with an average reported loss of $1,000, according to the Federal Trade Commission. The deluge of these new sophisticated AI-generated scams is making it harder than ever to tell what’s real from what’s fake.
Which is where our use of AI comes in. With it, you can turn the table on scammers and their AI tools.
Here’s a closer look at how Text Scam Detector works:
Text Scam Detector is free for most existing customers, and free to try for new customers.
Most McAfee customers now have Text Scam Detector available. Simply update your app. There’s no need to purchase or download anything separately. Set up Text Scam Detector in your mobile app, then enable Safe Browsing for extra protection or download our web protection extension for your PC or Mac from the McAfee Protection Center. Some exclusions apply¹.
For new customers, Text Scam Detector is available as part of a free seven-day trial of McAfee Mobile Security. After the trial period, McAfee Mobile Security is $2.99 a month or $29.99 annually for a one-year subscription.
As part of our new Text Scam Detector, you can benefit from McAfee’s risky link identification on any platform you use. It can block dangerous links should you accidentally click on one, whether that’s through texts, emails, social media, or a browser. It’s powered by AI as well, and you’ll get it by setting up Safe Browsing on your iOS² or Android device—and by using the WebAdvisor extension on PCs, Macs and iOS.
Scan the QR code to download Text Scam Detector from the Google App store
AI works in your favor. Just as it has for some time now if you’ve used McAfee for your online protection. Text Scam Detector takes it to a new level. As scammers use AI to create increasingly sophisticated attacks, Text Scam Detector can help you tell what’s real and what’s fake.
The post Get Yourself AI-powered Scam Text Protection That Spots and Block Scams in Real Time appeared first on McAfee Blog.
Authored by Neil Tyagi
On 23 August 2023, NIST disclosed a critical RCE vulnerability CVE-2023-38831. It is related to an RCE vulnerability in WinRAR before version 6.23. The issue occurs because a ZIP archive may include a benign file (such as an ordinary .JPG file) and also a folder that has the same name as the harmless file, and the contents of the folder (which may include executable content) are processed during an attempt to access only the benign file.
Our intelligence shows that this vulnerability is being exploited as early as April 2023. Let’s look at a sample exploiting this vulnerability (Hash: bc15b0264244339c002f83e639c328367efb1d7de1b3b7c483a2e2558b115eaa)
Global Heatmap where this vulnerability is being seen in the wild(based on McAfee telemetry data)
Infection chain
How does the vulnerability work?
Normal.zip
Weaponized.zip
Normal Zip
Weaponized Zip
Normal zip
Weaponized zip
IOC’s
| Sha256 | Detection |
| bc15b0264244339c002f83e639c328367efb1d7de1b3b7c483a2e2558b115eaa | Trojan:Archive/2023_38831.NEAA
|
%APPDATA%\Nvidia\Core.ocx
Recommendations
The post Exploring Winrar Vulnerability (CVE-2023-38831) appeared first on McAfee Blog.
I’m such a fan of RUOK? Day. Started in 2009, it’s an Australian non-profit suicide prevention that is all about having conversations with others to address social isolation and promote a sense of community. What I love the most, is that RUOK? Day has become quite an event on the Australian calendar. You’d be hard-pressed to find a workplace that doesn’t host a morning tea or a retailer that’s not selling a ribbon or badge in support of the day. In my opinion, it has given many of us the confidence to talk about mental health and that, my friends, is a very good thing!
You wouldn’t be human if you hadn’t ever felt a little down or anxious. It’s the natural ebb and flow of daily life. However, if these symptoms are hanging around and are affecting your ability to ‘do’ life then, it’s time to take some action.
Remember, it is incredibly common for someone to experience a dip in their mental health. Recent research shows that over 2 in 5 Aussies aged 16 to 85 will experience a mental disorder at some time in their life, with 1 in 5, experiencing a mental disorder in the previous 12 months.
If you’re not feeling OK, the most important thing to remember is that you do not need to deal with this all by yourself. Sometimes when you’re feeling really low, the thought of leaving the house and facing the world can feel too much. I totally get it! And that’s where the online world can play a huge role. There is an abundance of resources available online for anyone who needs mental health support which makes it so much easier to get the help you need when facing the world just feel a bit much.
Here is a list of organisations that offer online mental health services here in Australia. This list is not exhaustive however these are the most commonly used, and hence best funded, support services. If you are based in the US, please find details at the end of the post for organisations that can provide mental health support.
So, if you are not just yourself at the moment and are feeling really low – or you know someone that is – please know that there is help available online 24/7. So, make yourself a cuppa and get started because you are not alone.
Alex xx
P.S. For my US friends:
The 988 Suicide & Crisis Helpline provides 24/7 free and confidential support and crisis resources for people in distress, and their families. Simply text or call 988 to access help.
The Crisis Text Line is a free and confidential 24/7 support service for anyone who resides in the US. Support can be accessed by text message (text HOME to 741-741) and online chat.
The post RUOK Day – How to Get Help Online When You’re Not Feeling OK appeared first on McAfee Blog.
Chocolate chip, oatmeal raisin, snickerdoodle: Cybercriminals have a sweet tooth just like you. But their favorite type of cookie is of the browser variety.
Browser cookies – often just referred to as cookies – track your comings and goings on websites. And when a cyber thief gets their mitts on your browser cookies, it can open all kinds of doors into your online accounts.
The first step to protecting your devices and online privacy from criminals is to understand their schemes. Here are the key terms you need to know about cookie theft plus how to keep malicious software off your devices.
Cookie theft can happen to anyone. Knowing the basics of this cyberscheme may help you better protect your online life:
Cookies thieves are generally motivated by the financial gains of breaking into people’s online accounts. Banking, social media, and online shopping accounts are full of valuable personal and financial details that a cybercriminal can either sell on the dark web or use to impersonate you and steal your identity.
Malware is generally the vehicle cybercriminals use to steal cookies. Once the malicious software gets onto a device, the malware is trained to copy a new cookie’s data and send it to the cybercriminal. Then, from their own machine, the cybercriminal can input that data and start a new session with the target’s stolen data.
There was a stretch of a few years where cookie thieves targeted high-profile YouTube influencers with malware spread through fake collaboration deals and crypto scams. The criminals’ goal was to steal cookies to sneak into the backend of the YouTube accounts to change passwords, recovery emails and phone numbers, and bypass two-factor authentication to lock the influencers out of their accounts.1
But you don’t have to have a valuable social media account to draw the eye of a cybercriminal. “Operation Cookie Monster” dismantled an online forum that sold stolen login information for millions of online accounts gained through cookie theft.2
To keep your internet cookies out of the hands of criminals, it’s essential to practice safe browsing habits. These four tips will go a long way toward keeping your accounts out of the reach of cookie thieves and your devices free from malicious software.
McAfee+ is an excellent partner to help you secure your devices and digital life. McAfee+ includes a safe browsing tool to alert you to suspicious websites, a password manager, identity monitoring, and more.
The next time you enjoy a cookie, spare a moment to think of cookies of the digital flavor: clear your cache if you haven’t in awhile, doublecheck your devices and online accounts for suspicious activity, and savor the sweetness of your digital privacy!
1The Hacker News, “Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts”
2CNN, “‘Operation Cookie Monster:’ FBI seizes popular cybercrime forum used for large-scale identity theft”
The post How to Keep Cybercriminals Out of Your Accounts appeared first on McAfee Blog.
In the modern era, technology has become an integral part of our daily lives. Our cars are no longer just pieces of mechanical engineering but have evolved into highly advanced machines equipped with state-of-the-art computer systems. From engine performance to preventive maintenance and from passenger comfort to safety assistance, the computer software in our cars control a vast array of operations.
However, just like any other technological device, car computer systems aren’t immune to cyber threats. Cybersecurity attacks on cars can pose serious safety threats and privacy issues, with hackers potentially taking control of vehicle functions or stealing personal data. This brings us to an essential question – how secure is your car’s computer software?
There are several possible instances where a cyber attack could take place. For example, software vulnerabilities could allow hackers to access the car’s system and manipulate its operations. Additionally, insecure network interfaces can be exploited to introduce malicious code or extract sensitive information. Thus, understanding where these vulnerabilities lie is the first step towards enhancing your car’s computer software security.
With the rise of the Internet of Things (IoT), our cars are becoming more connected than ever before. Modern vehicles have built-in Wi-Fi and Bluetooth, GPS navigation systems, and even mobile applications allowing us to interact remotely with our cars. While these features enhance convenience and improve driving experiences, they also introduce new vulnerabilities that cybercriminals can exploit.
Just as your smartphone or computer can be attacked by malware or hackers, so can your car’s computer system. Sophisticated cybercriminals can potentially breach the car’s software to manipulate vehicle functions, steal personal data, or even take complete control of the vehicle. The threat is even greater with autonomous or semi-autonomous vehicles that rely heavily on software systems.
Car hacking may seem like a concept straight out of a science fiction movie, but it’s a harsh reality in today’s technologically advanced world. Various demonstrations by security researchers have proven the vulnerability of car computer systems. In some cases, hackers could remotely kill a car’s engine, disable brakes, or take control of steering — all of these while the car was in motion.
The risk doesn’t stop at vehicle control. Many car owners sync their smartphones with their car systems, allowing access to personal data such as contacts, messages, or even GPS history. A successful breach could give hackers access to this sensitive information, resulting in privacy issues or identity theft.
Car manufacturers play a crucial role in ensuring the cybersecurity of their vehicles. They are responsible for designing and implementing security measures right from the initial stages of vehicle design. This includes adopting secure coding practices, conducting regular vulnerability assessments and penetration testing, and providing regular software updates to address any identified security flaws.
At McAfee, we are actively collaborating with various car manufacturers to help identify potential weak points in their vehicle computer systems. By proactively addressing these vulnerabilities before they can be exploited, we aim to better safeguard our customers’ vehicles against potential cyber threats.
Just like your smartphone or computer, the software in your car needs regular updates. These updates not only provide new features and enhancements but also patch security vulnerabilities that hackers could exploit. Ignoring these updates can leave your car’s computer system open to potential cyber-attacks.
Ensuring your vehicle’s software is up-to-date is always a good practice. Most modern cars will notify you when a software update is available, or you can check with your car manufacturer or dealership. While it may seem like a hassle, updating your car’s software can go a long way in keeping it secure.
While car manufacturers are responsible for creating secure systems, users also share the responsibility for maintaining the security of their vehicle’s computer software. Keeping up-to-date with the fast-paced progress in cybersecurity can help in preventing possible threats.
Just as defensive driving helps you anticipate potential hazards on the road, adopting a defensive mindset towards your car’s computer software can help protect it against potential cyber threats. Familiarize yourself with your car’s digital features and understand what each does. Engage with these systems conscientiously and avoid reckless behavior, such as downloading suspicious apps or clicking on suspicious links that may appear on your car’s infotainment system.
You should also consider using a strong, unique password for any connected apps or services you use with your car. Many hacking attempts are made possible because users re-use passwords across multiple services, making it easier for cybercriminals to gain unauthorized access.
While it may seem odd to think of installing antivirus software or a firewall in your car, these traditional computer protection methods could soon become standard practice in vehicle cybersecurity. Just like how these tools protect your computer or smartphone, they can also safeguard your car’s computer system by detecting and blocking potential threats.
Some car manufacturers and cybersecurity companies are already exploring the development of such protective tools specifically for cars. Until these become widely available, you can reduce risk by being cautious about what devices you connect to your car and what data you share through its systems.
The future of car software security is evolving with the advancement in technology. Car manufacturers and cybersecurity companies continually work together to create robust security systems and innovate techniques to prevent potential threats.
Autonomous vehicles, or self-driving cars, represent the next frontier in vehicle technology. They rely heavily on software systems to function, making them prime targets for potential cyberattacks. However, they also present a unique opportunity to develop more advanced security measures.
Several autonomous vehicle manufacturers are at the forefront of cybersecurity innovation, integrating robust security measures into their cars’ software right from the design phase. These include advanced encryption methods, intrusion detection systems, and even artificial intelligence that can learn and adapt to new threats. While these solutions aren’t foolproof, they represent important steps towards a more secure future for autonomous vehicles.
As cars become more connected, regulatory authorities worldwide are beginning to note the associated security risks. New laws and regulations are being developed to ensure car manufacturers take cybersecurity seriously and have measures in place to safeguard their customers’ data and safety.
For example, the National Highway Traffic Safety Administration (NHTSA) has released cybersecurity best practices for modern vehicles in the United States. Such guidelines aim to standardize security measures across the auto industry and ensure all manufacturers are committed to protecting their customers’ security.
Advancements in car computer software have transformed our driving experiences, offering increased convenience and performance. However, with these benefits come new cybersecurity challenges. As cars become more connected and autonomous, the threat landscape expands, highlighting the urgent need for robust vehicle cybersecurity measures.
Securing your car’s computer software requires awareness, proactive behavior, and the adoption of new security technology. Car manufacturers, security experts, and regulatory authorities all have a role to play in this evolving field. However, as an individual, staying informed about potential risks and remaining vigilant in your usage of digital car features is a crucial first step towards protecting your car and your data from cyber threats.
Remember, security is a continuous journey, not a destination. As such, we at McAfee are committed to staying ahead of the curve and providing you with the information, tools, and assistance you need to navigate the world of car computer software security safely and confidently.
The post How Secure is Your Car’s Computer? appeared first on McAfee Blog.
In our digital world, scamming techniques have become more sophisticated, leading to a growing threat not only to individuals but also to businesses and organizations. One such scam is typosquatting. This deceitful practice takes advantage of internet users who inadvertently type incorrect website addresses into their web browsers. The outcome of this seemingly innocent mistake can range from irritating spam to substantial financial loss, and, in some cases, serious security breaches.
Typosquatting, Cybersquatting, URL Hijacking, or Domain Mimicking, whatever you may call it, is not a new threat. It has been around since the mid-’90s, but it has evolved over the years. In this article, we will dive deep into how these scams work, their implications, and ways to stay protected. But before moving into the specifics, it’s crucial to have a clear understanding of what Typosquatting is.
At its core, Typosquatting is a cyber scam that leverages the probability of errors made by internet users while typing a website address into their browser. The scam involves the creation of fake website domains that closely resemble legitimate ones but usually include common typing errors, misspellings, or the use of different top-level domains (like .com instead of .org).
When users accidentally land on these deceitfully created websites, they may be subjected to a range of fraudulent activities, including phishing attacks, forced downloads of malicious software, and advertisements that generate pay-per-click revenue for the scammer. The fake websites can also impersonate the real ones, tricking users into providing sensitive information such as login credentials or credit card information.
It is critical to understand that Typosquatting is a game of chance for scammers. They capitalize on the likelihood that a certain percentage of online traffic will mistype URLs when browsing. By registering domains that are just a single character off from popular URLs, or by using commonly mistyped versions of web addresses, scammers can set up fake websites to ensnare unsuspecting internet users.
For instance, if a user meant to visit ‘example.com’ but instead typed ‘exmaple.com’, they could potentially land on a typosquatting site. The scammer’s goal is to benefit from this mistake in some way. This could involve displaying advertisements to earn click-through revenue, selling products or services, or attempting to collect personal information through phishing techniques.
→ Dig Deeper: 8 Ways to Know If Online Stores Are Safe and Legit
Typosquatting scams can take on various forms, each with its unique approach but with the same malicious intent – to deceive and exploit internet users. Let’s look at some of the common variations.
Understanding the implications of typosquatting scams can highlight why it’s crucial to stay vigilant when entering website URLs. The impact of these scams can be significant, particularly if the user unknowingly shares sensitive data. The scams can also cause harm to the reputation of legitimate businesses, leading to customer mistrust and potential loss of business.
→ Dig Deeper: Invisible Adware: Unveiling Ad Fraud Targeting Android Users
Staying safe from typosquatting scams requires a combination of awareness and the use of protective measures. Here are some steps you can take:
The world of cybercrime is full of evolving threats, and typosquatting scams are among the most deceitful. These scams capitalize on simple human errors to cause significant harm, including personal data theft and installation of malicious software. Nonetheless, by maintaining a high level of alertness, double-checking URLs, using security software, and staying informed about such threats, internet users can protect themselves from falling victim to these scams. Remember, a moment’s delay to double-check can save a load of potential trouble down the line.
The post How Typosquatting Scams Work appeared first on McAfee Blog.
Authored by Yashvi Shah
Agent Tesla functions as a Remote Access Trojan (RAT) and an information stealer built on the .NET framework. It is capable of recording keystrokes, extracting clipboard content, and searching the disk for valuable data. The acquired information can be transmitted to its command-and-control server via various channels, including HTTP(S), SMTP, FTP, or even through a Telegram channel.
Generally, Agent Tesla uses deceptive emails to infect victims, disguising as business inquiries or shipment updates. Opening attachments triggers malware installation, concealed through obfuscation. The malware then communicates with a command server to extract compromised data.
The following heat map shows the current prevalence of Agent Tesla on field:
Figure 1: Agent Tesla heat map
McAfee Labs has detected a variation where Agent Tesla was delivered through VBScript (VBS) files, showcasing a departure from its usual methods of distribution. VBS files are script files used in Windows for automating tasks, configuring systems, and performing various actions. They can also be misused by cybercriminals to deliver malicious code and execute harmful actions on computers.
The examined VBS file executed numerous PowerShell commands and then leveraged steganography to perform process injection into RegAsm.exe as shown in Figure 2. Regasm.exe is a Windows command-line utility used to register .NET assemblies as COM components, allowing interoperability between different software. It can also be exploited by malicious actors for purposes like process injection, potentially enabling covert or unauthorized operations.
Figure 2: Infection Chain
VBS needs scripting hosts like wscript.exe to interpret and execute its code, manage interactions with the user, handle output and errors, and provide a runtime environment. When the VBS is executed, wscript invokes the initial PowerShell command.
Figure 3: Process Tree
The first PowerShell command is encoded as illustrated here:
Figure 4: Encoded First PowerShell
Obfuscating PowerShell commands serves as a defense mechanism employed by malware authors to make their malicious intentions harder to detect. This technique involves intentionally obfuscating the code by using various tricks, such as encoding, replacing characters, or using convoluted syntax. This runtime decoding is done to hide the true nature of the command from static analysis tools that examine the code without execution. Upon decoding, achieved by substituting occurrences of ‘#@$#’ with ‘A’ and subsequently applying base64-decoding, we successfully retrieved the decrypted PowerShell content as follows:
Figure 5: Decoded content
The deciphered content serves as the parameter passed to the second instance of PowerShell..
Figure 6: Second PowerShell command
Deconstructing this command line for clearer comprehension:
Figure 7: Disassembled command
As observed, the PowerShell command instructs the download of an image, from the URL that is stored in variable “imageURL.” The downloaded image is 3.50 MB in size and is displayed below:
Figure 8: Downloaded image
This image serves as the canvas for steganography, where attackers have concealed their data. This hidden data is extracted and utilized as the PowerShell commands are executed sequentially. The commands explicitly indicate the presence of two markers, ‘<<BASE64_START>>’ and ‘<<BASE64_END>>’. The length of the data is stored in variable ‘base64Length’. The data enclosed between these markers is stored in ‘base64Command’. The subsequent images illustrate these markers and the content encapsulated between them.
Figure 9: Steganography
After obtaining this data, the malware proceeds with decoding procedures. Upon examination, it becomes apparent that the decrypted data is a .NET DLL file. In the subsequent step, a command is executed to load this DLL file into an assembly.
Figure 10: DLL obtained from steganography
This DLL serves two purposes:
Figure 11: DLL loaded
In Figure 11, at marker 1, a parameter named ‘QBXtX’ is utilized to accept an argument for the given instruction. As we proceed with the final stage of the PowerShell command shown in Figure 7, the sequence unfolds as follows:
$arguments = ,(‘txt.46ezabwenrtsac/42.021.871.591//:ptth’)
The instruction mandates reversing the content of this parameter and subsequently storing the outcome in the variable named ‘address.’ Upon reversing the argument, it transforms into:
http://195.178.120.24 /castrnewbaze64.txt
Figure 12: Request for payload
Therefore, it is evident that this DLL is designed to fetch the mentioned text file from the C2 server via the provided URL and save its contents within the variable named “text.” This file is 316 KB in size. The data within the file remains in an unreadable or unintelligible format.
Figure 13: Downloaded text file
In Figure 11, at marker 2, the contents of the “text” variable are reversed and overwritten in the same variable. Subsequently, at marker 3, the data stored in the “text” variable and is subjected to base64 decoding. Following this, we determined that the file is a .NET compiled executable.
Figure 14: Final payload
In Figure 11, another activity is evident at marker 3, where the process path for the upcoming process injection is specified. The designated process path for the process injection is:
“C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe”.
Since RegAsm.exe is a legitimate Windows tool, it’s less likely to raise suspicion from security solutions. Injecting .NET samples into it allows attackers to effectively execute their malicious payload within a trusted context, making detection and analysis more challenging.
Process injection involves using Windows API calls to insert code or a payload into the memory space of a running process. This allows the injected code to execute within the context of the target process. Common steps include allocating memory, writing code, creating a remote thread, and executing the injected code. In this context, the DLL performs a sequence of API calls to achieve process injection:
Figure 15: Process Injection
By obscuring the sequence of API calls and their intended actions through obfuscation techniques, attackers aim to evade detection and make it harder for security researchers to unravel the true behavior of the malicious code. The function ‘hU0H4qUiSpCA13feW0’ is used for replacing content. For example,
“kern!”.Replace(“!”, “el32”) à kernel32
Class1.hU0H4qUiSpCA13feW0(“qllocEx”, “q”, “VirtualA”) à VirtualAllocEx
As a result, these functions translate into the subsequent API calls:
Upon successful injection of the malware into RegAsm.exe, it initiates its intended operations, primarily focused on data theft from the targeted system.
The ultimate executable is heavily obfuscated. It employs an extensive array of switch cases and superfluous code, strategically intended to mislead researchers and complicate analysis. Many of the functions utilize either switch cases or their equivalent constructs, to defend detection. The following snippet of code depicts this:
Figure 16: Obfuscation
Fingerprinting:
Agent Tesla collects data from compromised devices to achieve two key objectives: firstly, to mark new infections, and secondly, to establish a unique ‘fingerprint’ of the victim’s system. The collected data encompasses:
Agent Tesla initiates the process of gathering data from various web browsers. It utilizes switch cases to handle different browsers, determined by the parameters passed to it. All of these functions are heavily obscured through obfuscation techniques. The following figures depict the browser data that it attempted to retrieve.
Figure 17: Opera browser
Figure 18: Yandex browser
Figure 19: Iridium browser
Figure 20: Chromium browser
Similarly, it retrieves data from nearly all possible browsers. The captured log below lists all the browsers from which it attempted to retrieve data:
Figure 21: User data retrieval from all browsers -1
Figure 22: User data retrieval from all browsers – 2
Agent Tesla is capable of stealing various sensitive data from email clients. This includes email credentials, message content, contact lists, mail server settings, attachments, cookies, auto-complete data, and message drafts. It can target a range of email services to access and exfiltrate this information. Agent Tesla targets the following email clients to gather data:
Figure 23: Mail clients
Agent Tesla employs significant obfuscation techniques to evade initial static analysis attempts. This strategy conceals its malicious code and actual objectives. Upon successful decoding, we were able to scrutinize its internal operations and functionalities, including the use of SMTP for data exfiltration.
The observed sample utilizes SMTP as its chosen method of exfiltration. This protocol is frequently favored due to its minimal overhead demands on the attacker. SMTP reduces overhead for attackers because it is efficient, widely allowed in networks, uses existing infrastructure, causes minimal anomalies, leverages compromised accounts, and appears less suspicious compared to other protocols. A single compromised email account can be used for exfiltration, streamlining the process, and minimizing the need for complex setups. They can achieve their malicious goals with just a single email account, simplifying their operations.
Figure 24: Function calls made for exfiltration.
This is the procedure by which functions are invoked to facilitate data extraction via SMTP:
Figure 25: Port number
Figure 26: Domain retrieval
Figure 27: Email address used
Figure 28: Password
The SMTP process as outlined involves a series of systematic steps. It begins with the processing of a specific parameter value, which subsequently determines the port number for SMTP communication. Following this, the malware retrieves the associated domain of the intended email address, revealing the address itself and ultimately providing the corresponding password. This orchestrated sequence highlights how the malware establishes a connection through SMTP, facilitating its intended operations.
Following these steps, the malware efficiently establishes a login using acquired credentials. Once authenticated, it commences the process of transmitting the harvested data to a designated email address associated with the malware itself.
The infection process of Agent Tesla involves multiple stages. It begins with the initial vector, often using email attachments or other social engineering tactics. Once executed, the malware employs obfuscation to avoid detection during static analysis. The malware then undergoes decoding, revealing its true functionality. It orchestrates a sequence of PowerShell commands to download and process a hidden image containing encoded instructions. These instructions lead to the extraction of a .NET DLL file, which subsequently injects the final payload into the legitimate process ‘RegAsm.exe’ using a series of API calls for process injection. This payload carries out its purpose of data theft, including targeting browsers and email clients for sensitive information. The stolen data is exfiltrated via SMTP communication, providing stealth and leveraging email accounts. Overall, Agent Tesla’s infection process employs a complex chain of techniques to achieve its data-stealing objectives.
| File | MD5 | SHA256 |
| VBS file | e2a4a40fe8c8823ed5a73cdc9a8fa9b9 | e7a157ba1819d7af9a5f66aa9e161cce68d20792d117a90332ff797cbbd8aaa5 |
| JPEG file | ec8dfde2126a937a65454323418e28da | 21c5d3ef06d8cff43816a10a37ba1804a764b7b31fe1eb3b82c144515297875f |
| DLL file | b257f83495996b9a79d174d60dc02caa | b2d667caa6f3deec506e27a5f40971cb344b6edcfe6182002f1e91ce9167327f |
| Final payload | dd94daef4081f63cf4751c3689045213 | abe5c5bb02865ac405e08438642fcd0d38abd949a18341fc79d2e8715f0f6e42 |
Table 1:Indicators of Compromise
The post Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion appeared first on McAfee Blog.
Love it or hate it, generative artificial intelligence (AI) and ChatGPT in particular have become one of the most talked about tech developments of 2023. Many of us have embraced it with open arms and have put it to work by tasking it to ‘assist’ with assignments, write copy for an ad, or even pen a love letter – yes, it’s a thing. Personally, I have a love/hate relationship with it. As someone who writes for a living, it does ‘grind my gears’ but I am a big fan of its ability to create recipes with whatever I can find in my fridge. But like any new toy, if you don’t use it correctly then there could be issues – which may include your privacy.
ChatGPT is an online software program developed by OpenAI that uses a new form of artificial intelligence – generative AI – to provide conversational, human-style responses to a broad array of requests. Think of it as Google on steroids. It can solve maths questions, translate copy, write jokes, develop a resume, write code, or even help you prepare for a job interview. If you want to know more, check out my Parent’s Guide to ChatGPT.
But for ChatGPT to answer tricky questions and be so impressive, it needs a source for its ‘high IQ’. So, it relies on knowledge databases, open data sources and feedback from users. It also uses social media to gather information and a practice known as ‘web scraping’ to gather data from a multitude of sources online. And it is this super powerful combination that allows ChatGPT to ‘almost always’ deliver on tasks.
Your privacy can be affected in several ways. While I discuss some specifics on ChatGPT, similar concerns apply to other generative AI programs. Some of these ways may not concern you, but I’m quite sure some will. Here’s what you need to know:
When ChatGPT (along with many similar tools) absorbed the enormous amount of data it needed to function from sources like books, articles, and web pages, they did so without seeking case-by-case permission. As certain data can be used to identify us, our friends and family or even our location, this can present privacy concerns. Some authors have already filed complaints for usage of their content without compensation, despite ChatGPT offering users a premium package for US$20/month. Recently, many online news outlets have blocked OpenAI’s crawler which will limit ChatGPT’s ability to access their news content.
Every time you share a piece of information with ChatGPT, you are adding to its data bank, risking that the information ends up somewhere in the public domain. The Australian Medical Association (AMA) recently issued a mandate for Western Australian doctors not to use ChatGPT after doctors at a Perth hospital used it to write patient notes. These confidential patient notes could be used to not only further train ChatGPT but could theoretically also be included in responses to other users.
In addition to collecting the information users share, it also collects detailed information about its users. In the company’s privacy policy, it outlines that it collects users’ IP addresses and browser types. It also collects information on the behaviour of its users e.g. the type of content that users engage with as well as the features they use. It also says that it may share users’ personal information with unspecified parties, without informing them, to meet their business operation needs.
One of the biggest risks to using ChatGPT and similar generative AI is the risk that your details will be leaked in a data breach. Between 100,000 ChatGPT accounts credentials were compromised and sold on the Dark Web in a large data beach which happened between June 2022 to May 2023, according to Search Engine Journal.
But here’s another potential problem – as ChatGPT users can store conversations, if a hacker gains access to an account, it may mean they also gain access into propriety information, sensitive business information or even confidential personal information.
Now please don’t misunderstand me, ChatGPT is taking action to protect users but it may not be enough to truly protect your privacy.
ChatGPT does make it very clear that all conversations between a user and ChatGPT are protected by end-to-end encryption. It also outlines that strict access controls are in place so only authorised personnel can access sensitive user data. It also runs a Bug Bounty program which rewards ethical hackers for finding security vulnerabilities. However, in order to remain protected while using the app, I believe the onus is on the user to take additional steps to protect their own privacy.
As we all know, nothing is guaranteed in life however there are steps you can take to minimise the risk of your privacy being compromised. Here are my top tips:
Never share personal or sensitive information in any of your prompts. By doing so, you increase the risk of sharing confidential data with cybercriminals. If you need a sensitive piece of writing edited, ask a friend!!
One of the most useful ways of safeguarding your privacy is to avoid saving your chat history. By default, ChatGPT stores all conversations between users and the chatbot with the aim of training OpenAI’s systems. If you do choose not to save your chat history, OpenAI will store your conversations for 30 days. Despite this, it is still one of the best steps you can take to protect yourself.
As mentioned above, ChatGPT can collect and process highly sensitive data and associate it with your email address and phone number. So, why not set up a dedicated email just for ChatGPT? And keep your shared personal details to a minimum. That way, the questions you ask or content you share can’t be associated with your identity. And always use a pseudonym to mask your true identity.
Whether it’s ChatGPT or Google’s Bard, it’s imperative that you stay up to date with the company’s privacy and data retention policies, so you understand how your data is managed. Find out how long your conversations will be stored for before they are anonymised or deleted and who your details could potentially be shared with.
So, if you’re looking for a recipe for dinner, ideas for an upcoming birthday party or help with a love letter, by all means get ChatGPT working for you. However, use a dedicated email address, don’t store your conversations and NEVER share sensitive information in the chat box. But if you need help with a confidential or sensitive issue, then maybe find another alternative. Why not phone a friend – on an encrypted app, of course!!
The post ChatGPT’s Impact on Privacy and How to Protect Yourself appeared first on McAfee Blog.
As of the writing of this article, the height of the pandemic seems like a distant but still vivid dream. Sanitizing packages, sparse grocery shelves, and video conferencing happy hours are things of the past for the majority of the population. Thank goodness.
A “new normal” society is adapting to today’s working culture. The work landscape changed significantly since 2020, and it might never return to what it once was. In 2022, workers spent an average 3.5 days in the office per week, which is 30% below the prepandemic in-office average.1
The work-from-home movement is likely here to stay, to the joy of employees seeking a better work-life balance and flexibility; however, some responsibility does fall upon people like you to secure home offices to protect sensitive company information.
To make sure you’re not the weak cyber link in your company’s security, make sure to follow these three tips for a secure home office.
When you’re not physically in front of your work computer, best practices dictate that you lock the screen or put your device to sleep. No matter how much you trust your family, roommates, or the trustworthy-looking person seated next to you at a café, your company device houses all kinds of corporate secrets. A stray glance from the wrong person could put that information’s secrecy in jeopardy. Plus, imagine your cat walking across your keyboard or a toddler mashing your mouse, deleting hours’ worth of work. Disastrous.
Then, when you’re done with work for the day, stow your device in a secure location, preferably a drawer with a lock. Even if your work computer is 10 times faster and sleeker than your personal laptop, keep each device in its designated sphere in your life: work devices only for work, personal devices only for personal activities.
Wi-Fi networks that are not password protected invite anyone off the street to surf on your network and eavesdrop on your online activities. A stranger sneaking on to your home Wi-Fi could be dangerous to your workplace. There would be very little stopping a stranger from spying on your connected work devices and spreading confidential information onto the dark web or leaking company secrets to the media.
There are a few steps you can take to secure your home office’s internet connection. First, make sure to change the default name and password of your router. Follow password best practices to create a strong first defense. For your router name, choose an obscure inside joke or a random pairing of nouns and adjectives. It’s best to omit your address and your real name as the name of your router, because that could alert a cybercriminal that that network belongs to you. Better yet, you can hide your router completely from strangers and only make it searchable to people who know the exact name of your network.
For an additional layer of protection, connect to a virtual private network (VPN). Your company may offer a corporate VPN. If not, signing up for your own VPN is easy. A VPN encrypts the traffic coming in and going out of your devices making it nearly impossible for a cybercriminal to burst into your online session and see what’s on your screen.
The scenarios outlined in your company’s security training may seem far-fetched, but the concepts of those boring corporate videos actually happen! For example, the huge Colonial Pipeline breach in 2021 originated from one employee who didn’t secure the company’s VPN with multifactor authentication (MFA).2 Cutting small corners like disabling MFA – which is such a basic and easy-to-use security measure – can have dire consequences.
Pay attention to your security training and make sure to follow all company cybersecurity rules and use security tools as your IT team intends. For example, if your company requires that everyone use a password manager, a corporate VPN, and multi-factor authentication, do so! And use them correctly every workday!
These tips are essential to a secure home office, but they’re also applicable to when you’re off the clock. Password- or passcode-protecting your personal laptop, smartphone, and tablet keeps prying eyes out of your devices, which actually hold more personally identifiable information (PII) than you may think. Password managers, a secure router, VPNs, and safe browsing habits will go a long way toward maintaining your online privacy.
To fill in the cracks to better protect your home devices and your PII, partner with McAfee+. McAfee+ includes a VPN, safe browsing tool, identity monitoring and remediation services, a password manager, and more for a more secure digital life.
In one global survey, 68% of people prefer hybrid work models, and nearly three-quarters of companies allow employees to work from home some of the time.3,4 The flexibility afforded by hybrid work and 100% work-from-home policies is amazing. Cutting out the time and cost of commuting five days a week is another bonus. Let’s make at-home work a lasting and secure way of professional life!
1McKinsey Global Institute, “How hybrid work has changed the way people work, live, and shop”
2The Hacker News, “Hackers Breached Colonial Pipeline Using Compromised VPN Password”
3World Economic Forum, “Hybrid working: Why there’s a widening gap between leaders and employees”
4International Foundation of Employee Benefit Plans, “Employee Benefits Survey: 2022 Results”
The post The Future of Work: How Technology & the WFH Landscape Are Making an Impact appeared first on McAfee Blog.
Your privacy means everything. And your identity too. The launch of McAfee Privacy & Identity Guard will protect them both.
We’re proud to announce the launch of McAfee Privacy & Identity Guard in partnership with Staples. Through this partnership, McAfee’s Privacy & Identity Guard will be available at select Staples locations across the U.S. and help customers protect their identity and privacy online.
McAfee’s Privacy & Identity Guard will be sold in the travel section of Staples along with other travel benefits such as passport services, TSA PreCheck sign up, and fingerprinting services. McAfee’s Privacy & Identity Guard offers a natural fit for Staples customers who are on the go, particularly as they rely on their laptops and smartphones to get things done while traveling.
And people certainly have concerns about their privacy and identity when they hit the road. McAfee’s recent Safer Summer Report revealed 1 in 3 people have been scammed when booking or taking trips, with a third (34%) of those losing $1,000 or more. This same study found 61% of all adults worry more about digital safety than physical safety when on vacation.
“As Staples exclusive tech services security partner for the last seven years, we’re excited to partner with Staples on the initial launch of McAfee Privacy & Identity Guard in the U.S.,” said Gagan Singh, McAfee’s Executive Vice President, Chief Operating Officer. “This online protection product was designed to address consumers’ key concerns about safeguarding personal information online, something that becomes even more at risk when traveling.”
Identity Monitoring – Monitor personal information with timely alerts.
Identity Restoration – Exclusive to Staples customers, these features offer further peace of mind in the event of identity theft or loss.
Privacy Features – Find personal data tied to old, unused online accounts & requests removal of any personal information found on data broker sites.
Is your email on the dark web?
One sign that your privacy and identity is at risk if your email appears on the dark web. Hackers and scammers post email addresses and other personal and financial information on dark web sites—sometimes offered freely, sometimes offered to other hackers and scammers for sale. You can find out if your email is posted on the dark web by visiting https://www.mcafee.com/idscan-staples.
The post McAfee’s New Privacy & Identity Guard Launches at Staples Stores appeared first on McAfee Blog.
The humble USB drive—the workhorse of students, professionals, and everyday computer users. No wonder hackers put USB drives in their crosshairs.
Why such a target? All the things that make USB drives attractive to us make them attractive to hackers. They’re inexpensive, portable, and often swap between users. Taken together, that creates the perfect medium for hosting and distributing malware.
Likewise, USB drives can get lost or stolen quite easily. An absentminded or careless moment could put sensitive information at risk.
However, that’s not to say you should avoid using USB drives. Not at all. In fact, you can use them securely by taking a few straightforward steps.
Encryption gives you huge peace of mind in the event you lose your USB drive. It prevents others from accessing the data and files on it by scrambling them. Only a person with the password can access them. Windows users can check out this “how to” article on encryption—Apple users can learn about encryption on their support site as well.
If you’d rather skip those steps, you can purchase a USB drive that uses hardware-based encryption built in. These drives cost a little more, yet they more than make up for that in the protection that they offer.
Physical security is important too. You can prevent loss and theft by toting around your drive in your pocket, bag, or purse. Locking it away in a secure location while you’re not using it stands as a solid option as well.
You never know what malware might be lurking on someone else’s device. Sharing a USB drive with someone else can help malware make the jump from their device to yours. Think twice before sharing.
Don’t put it past hackers to load a USB drive with malware in the hopes that someone will pick it up. In fact, several large malware campaigns got their start by mailing “free” USB drives to thousands and thousands of households, businesses, and government agencies.
On Windows computers, you can prevent USB drives from automatically running any files. Some malware will run when the drive gets inserted into the device. Head to Settings > Devices > AutoPlay to disable that feature.
Deleting a file doesn’t erase data from a drive. It makes space available on a drive, so that old data might still be there—and recoverable. Comprehensive online protection like ours includes a file shredder that will completely erase old data and files.
Malware can easily make its way onto a USB drive. Comprehensive online protection can spot, block, and remove malware before it can do any harm.
The post USB Drives – Protecting Your Humble Workhorse from Malware and Loss appeared first on McAfee Blog.
FreshRSS 