Login
Welcome to CryptChat - where conversations remain truly private. Built on the robust Python ecosystem, our application ensures that every word you send is wrapped in layers of encryption. Whether you're discussing sensitive business details or sharing personal stories, CryptChat provides the sanctuary you need in the digital age. Dive in, and experience the next level of secure messaging!
Clone the repository:
FreshRSS 
git clone https://github.com/HalilDeniz/CryptoChat.gitNavigate to the project directory:
cd CryptoChatInstall the required dependencies:
pip install -r requirements.txt$ python3 server.py --help
usage: server.py [-h] [--host HOST] [--port PORT]
Start the chat server.
options:
-h, --help show this help message and exit
--host HOST The IP address to bind the server to.
--port PORT The port number to bind the server to.
--------------------------------------------------------------------------
$ python3 client.py --help
usage: client.py [-h] [--host HOST] [--port PORT]
Connect to the chat server.
options:
-h, --help show this help message and exit
--host HOST The server's IP address.
--port PORT The port number of the server.$ python3 serverE.py --help
usage: serverE.py [-h] [--host HOST] [--port PORT] [--key KEY]
Start the chat server.
options:
-h, --help show this help message and exit
--host HOST The IP address to bind the server to. (Default=0.0.0.0)
--port PORT The port number to bind the server to. (Default=12345)
--key KEY The secret key for encryption. (Default=mysecretpassword)
--------------------------------------------------------------------------
$ python3 clientE.py --help
usage: clientE.py [-h] [--host HOST] [--port PORT] [--key KEY]
Connect to the chat server.
options:
-h, --help show this help message and exit
--host HOST The IP address to bind the server to. (Default=127.0.0.1)
--port PORT The port number to bind the server to. (Default=12345)
--key KEY The secret key for encr yption. (Default=mysecretpassword)--help: show this help message and exit--host: The IP address to bind the server.--port: The port number to bind the server.--key : The secret key for encryptionContributions are welcome! If you find any issues or have suggestions for improvements, feel free to open an issue or submit a pull request.
If you have any questions, comments, or suggestions about CryptChat, please feel free to contact me:
Reels of another kind rack up the views online. Stories about Facebook Marketplace scams.
Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft.
@michel.c.janse oops dont fall for this scam like me
The story goes like this:
A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.”
As she found out, it was. The scammer ghosted the conversation and ran off with the verification code.
This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name.
It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account.
This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do.
As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms:
A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who:
An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.
A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who:
An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in.
A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing:
An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle.
Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe.
You can take three big steps to help set things straight.
Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft.
We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved.
Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down.
Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road.
The post How to Look Out For Scams on Facebook Marketplace appeared first on McAfee Blog.
Amidst the recent heartbreaking events in the Middle East, parents now face the challenge of protecting children from the overwhelming amount of violent and disturbing content so easily accessible to children online.
Reports of unimaginable acts, including graphic photos and videos, have emerged on popular social networks, leading child advocates to call for heightened monitoring and, in some cases, the removal of these apps from children’s devices. According to a recent investigation by The Institute for Strategic Dialogue, the team adopted the personas of 13-year-olds to establish accounts on Instagram, TikTok, and Snapchat. During a 48-hour period spanning from October 14 to 16, the researchers unearthed over 300 problematic posts. Surprisingly, a significant majority of these problematic posts, approximately 78%, were discovered on Instagram, with Snapchat hosting about 5% of them.
In today’s digital age, the consensus is clear: keeping older children informed about global events is important. However, given the abundance of real-time, violent content, the urgency to protect them from distressing material that could harm their mental well-being has become even more imperative.
In such times, there isn’t a one-size-fits-all strategy, but we can provide valuable tips to help you monitor and minimize your child’s exposure to violent content.
To wrap up, don’t lose sight of mental and physical well-being by implementing the strategies mentioned here. By setting a strong example of a balanced digital life and open communication about real-life crises, your children will naturally pick up on how to navigate the online world. Your actions speak volumes, and they will follow your lead.
The post Digital Strategies to Safeguard Your Child from Upsetting and Violent Content Online appeared first on McAfee Blog.
Unfortunately, cyberbullying has become a prevalent and emerging threat in our digital age. This type of bullying, carried out through computers and similar technologies, including cell phones, often involves harmful or intimidating comments and public posts created with malevolent intent to humiliate the victim. It’s a phenomenon that doesn’t only affect adults but is incredibly common among young people. As a result, it’s crucial to understand how to help your children navigate and mitigate this pervasive, especially now that they can leave digital footprints anywhere and encounter people with bad intentions.
One of the distinguishing factors of cyberbullying is that, unlike traditional in-person bullying, it doesn’t simply end when the bully is out of sight. Today, bullies can virtually pursue their victims everywhere through technology. This implies that bullying can transpire without the victim’s immediate consciousness, and due to the extensive reach of social media, the bullying can be witnessed by a significantly larger audience than the conventional school playground.
Bearing in mind the challenges in getting a cyberbully to cease their harmful behavior, the most effective strategy is to educate your children about safe online habits to prevent such situations from arising in the first place.
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
Evolved from the classic schoolyard bullies of old, these cyberbullies can take various forms depending on their attack vector and intent. In fact, there are said to be four types of cyberbullies: the Vengeful Angel, the Power Hungry Cyberbully, Revenge of the Nerds/Inadvertent Cyberbully, and Mean Girls. The Vengeful Angel bullies in order to protect the weak/other victims and often takes action to protect a loved one or friend. The Power Hungry archetype, however, is just a nasty, unkind person who wants to display dominance and control over others. Then there’s the Inadvertent Cyberbully, who are usually the ones getting bullied online or in real life and are typically trying to enact some form of justice or revenge anonymously from the web. Mean Girls are the opposite – and take their online actions in order to impress a group of friends or gain social status.
Not only is there a variety in the kinds of bullies across the web, but also many types of cyberbullying techniques these meanies use to bother their victims. First and foremost, there’s harassment, which involves repeated, offensive messages sent to a victim by a bully on some type of online medium. These messages can be rude, personal, and even threatening, with one recent example emerging between two wives of professional hockey players. Similar to harassment is Flaming – an online fight conducted via emails, social media messages, chat rooms, you name it.
Then there are very targeted attacks, named Exclusion and Outing. With Exclusion, cyberbullies select one individual to single out. Exclusion is a popular method, with examples everywhere, from high students in Iowa to well-known celebrities. With Outing, these harassers share private information, photos, and videos of a single person to humiliate them online. There’s also the anonymous angle, AKA Masquerading, where a cyberbully creates a fake online identity to belittle, harass, and degrade their victim – which a nurse in New Zealand was a victim of for a whopping five years.
Parents should inform their children that their online activities will be monitored using parental control software. Explaining how this software works and how it can protect them is essential. This policy should be well established before your child gets their phone or computer.
Furthermore, parents should discuss cyberbullying with their children and help them understand how it happens. This discussion should take place before your child gets their devices. Before a child gets their own digital devices, they must disclose their passwords to their parents. Parents can reassure them that these passwords will only be used during emergencies.
A condition set before children get their own digital devices is that they should consent to instructions on smart online habits. Importantly, they must understand that once something is posted online, it stays there forever.
Another essential guideline for owning a device is that children should be cautious about their personal information. They should be advised not to publicly share their cell phone number and email address and should never disclose their passwords, even to close friends.
→ Dig Deeper: 8 Signs It May Be Time for Parental Controls
Once your child obtains their digital devices, engaging in role-playing exercises with them is suggested. This allows parents to simulate scenarios where the child might encounter a cyberbully, teaching them appropriate responses. This exercise can also provide a safe space for your child to practice dealing with cyberbullying tactics and learn to act assertively without resorting to aggression or submission.
In this role-playing activity, parents should encourage their children to report any bullying incidents, even if it is simulated or perceived as insignificant. This activity not only cultivates resilience but also reassures children that they won’t be blamed or punished for being a victim of cyberbullying.
Parents must maintain vigilance regarding their child’s internet activities despite all preventive measures. Regular check-ins and encouraging open communication about their online experiences can create a strong bond of trust between parents and children. Assure them they can approach you without fear if they are bullied online. Encourage them to share any suspicious interactions and reassure them that they won’t be in trouble for reporting cyberbullying incidents.
If possible, try to familiarise yourself with the social media platforms that your children are using. Understanding these platforms can provide insight into their online experience and potential risks. Such knowledge can be valuable when initiating discussions about cyberbullying, providing tangible examples and relatable scenarios.
McAfee Pro Tip: Get McAfee’s parental control to safeguard your children against online threats and cyberbullying. With its features, you can actively supervise your kids’ online interactions, establish usage time restrictions, and prevent exposure to inappropriate content. This reassures you that your children can explore the online realm while enjoying a layer of protection.
Cyberbullying is a complex issue that evolves with the rapid advancements of technology and social media platforms. Therefore, parents must stay updated about the latest forms of cyberbullying and the newest safety settings available on various platforms. Parents should also regularly educate themselves about digital safety and responsible internet usage and share this information with their children to boost their awareness and readiness.
Parents and children can attend webinars, workshops, and seminars about cyberbullying and online safety. Learning together provides a good bonding exercise and ensures that both parties are on the same page. Schools and local community centers often offer resources and programs for cyberbullying awareness and prevention.
→ Dig Deeper: Cyberbullying’s Impact on Both Society and Security
Typically, cyberbullying is common among teens navigating the trials and tribulations of middle and high school. But that doesn’t mean it’s exclusive to teens, and that doesn’t mean there aren’t steps parents and kids alike can do to stop cyberbullying in its tracks.
If you’re the subject of cyberbullying, the first thing you need to do is block the bully. Then, make sure you collect evidence – take screenshots, print the proof, and do whatever you can to have material to back up your claim. It depends on the type of cyberbullying at work, but you can also use the internet to your advantage and look up relevant resources to aid with your issue.
If you’re a parent, the most important thing is communication. Make yourself available as a resource and remind your kids that they can tell you anything happening in their online world. Beyond that, continuously weave cybersecurity into your family discussions. Remind kids of the simple steps to be safe online, and ensure they know when to flag a cyberbully or online scheme.
There are also technical avenues you can take to protect your kid online. Look into solutions that will help you monitor your family’s online interactions, such as McAfee Safe Family. This solution, for instance, can help you set rules and time limits for apps and websites and see what your kids are up to at a glance. Of course, these solutions are not the be-all and end-all for stopping cyberbullying, but they can help.
Now, there’s still a lot more research that has to be done to understand the cyberbullying problem society is faced with fully. So, as this problem continues to evolve, so must the research, solutions, and regulations that will be created to combat the issue. With the right proactive action, people everywhere can stand up to cyberbullies.
→ Dig Deeper: Cyberbullying – How Parents Can Minimize Impact On Kids
In conclusion, cyberbullying is a pressing issue that requires continuous attention and education. By teaching your children what it is and how it happens, setting up rules for responsible device usage, conducting role-play exercises together, and staying informed about their online activities, you can better equip them to navigate the digital world safely. Remember, the ultimate goal is not to control your child’s online activities but to empower them with the tools and understanding necessary to protect themselves online.
The post A Detailed Guide on Cyberbullying appeared first on McAfee Blog.
Despite the extensive media coverage and awareness campaigns, it’s harrowing to admit that children, particularly vulnerable teenagers, are still targeted by online predators. This is not a matter exclusive to the “other” kids – it affects everyone, and young individuals’ innocent and accepting nature often leads them into the dangerous trap of these predators.
As parents, caregivers, and mentors, it’s our responsibility to educate and guide our children about the virtual perils that lurk within their screens. An essential part of this is continuous communication, ensuring they understand the gravity of the situation and can recognize the deceptive tactics employed by these predators.
A heartbreaking example of how these predators operate is the story of Nicole Lovell, a 13-year-old girl who made headlines not long ago. Nicole met David Eisenhauer, an engineering student from Virginia Tech, through the messaging app Kik. Their relations initially seemed harmless, characterized by playful flirtations and shared stories. However, their friendship took a horrific turn when they decided to meet in person, leading to Nicole’s tragic demise. Her body was found shortly after their encounter.
David exhibited no signs of having a ‘dark side,’ an aspect that made their meeting seem all the more innocent. This incident is a stark reminder that anyone can fall prey to such predators, regardless of their background or circumstances. This is why discussing and dissecting such incidents with our children is crucial to teaching them the harsh realities of the digital world.
Identifying an online predator’s markers is a critical aspect of child safety education. More often than not, these individuals are cunning and mentally unbalanced and spend a significant amount of their time seeking and ‘grooming’ their prospective victims online. The ultimate goal of these predators is to exploit children, either by convincing them to send inappropriate photos or by meeting them in person.
Initiating a continuous dialogue with your children about these predators is crucial. Make them aware of the tactics these individuals employ, such as appearing overly friendly or empathetic. Let them know that predators will go to any length to appear younger and more relatable.
→ Dig Deeper: Reports of Online Predators on the Rise. How to Keep Your Kids Safe
Addressing such a sensitive issue with your children can be challenging but necessary. Start by discussing cases like Nicole’s, focusing not only on the tragic outcome but also on the lead-up events and why she may have developed such a strong online connection. Discussing how innocent online friendships can spiral into dangerous situations can be an excellent eye-opener for your kids.
It’s crucial to teach your kids to look out for strangers who are “too friendly” or excessively understanding. Tell them that predators keep themselves updated with the latest movies, music, and trends to seem younger and easily start conversations with children. Remember, predators will say anything to appear more youthful than they actually are.
You don’t always know what your children are doing online. Their digital footprints could be anywhere. That’s why it is imperative to understand the red flags and warning signs that may signal a hazardous online interaction, especially when they already encounter a predator, and you’re still in the shadow.
Reinforcing the importance of online privacy is a crucial step in protecting your kids from virtual predators. Teach your children that personal information such as their full name, address, school, and phone number should never be shared online. They must also understand that specific images and details about their life can also reveal too much to an online predator. Remind them to limit geotagged photos as this can expose their location, and also to strictly control who is able to view their social media accounts.
→ Dig Deeper: Why You Should Think Before Geotagging that Selfie
Explain to your kids the dangers of accepting friend requests or communicating with strangers online. Make them aware that individuals posing as children or teenagers could be adults with malicious intent. Reinforce that anyone who asks them to keep a conversation secret or requests for personal information or inappropriate content is a potential danger, and they should inform you immediately if this occurs.
→ Dig Deeper: Making Online Safety a Priority for Our Tech-Savvy Children
As parents, we must stay informed about our children’s online activities, which goes far beyond just asking them about it. This can involve regularly reviewing their social media profiles and friends lists and ensuring they only interact with people they know personally. Familiarize yourself with the platforms and apps your children use to comprehend their functionalities and potential risks better.
Creating house rules regarding internet use can be an effective measure to ensure online safety. This could involve having specific periods when the internet can be used, limiting the time spent online, and setting out where internet-access devices can be used. For instance, allowing internet use only in common areas instead of bedrooms can be a good practice. It is essential to have ongoing dialogues about these rules and their reasons so your children can understand and appreciate their importance.
In an age where the online world is a significant part of our children’s lives, online safety education is essential. It’s crucial that, as parents, caregivers, and mentors, we take proactive steps to protect our children from the pervasive threat of online predators. This means having open and ongoing conversations about the real dangers that can lurk behind a screen, teaching kids to guard their online presence, and implementing online safety measures. Together, we can ensure the internet becomes safer for our children to learn, explore, and connect with others. Protect your whole family with McAfee+ Family plans.
The post Could Your Kids Spot an Online Predator? appeared first on McAfee Blog.
In today’s world, most communication happens through the internet, facilitated by numerous applications. The web is a lively center filled with various activities such as news, videos, education, blogs, gaming, activism, and entertainment. Notably, social media apps have morphed into the digital meeting points for netizens. Our society is undeniably superbly interconnected, and our digital persona is greatly treasured.
However, this isn’t always beneficial, especially for teenagers who may be overwhelmed by the deluge of information, leading to stress. Stress is a common part of our daily lives, emerging from our education, employment, relationships, and surroundings. A similar situation transpires online. In fact, we tend to cope with stress by expressing our frustrations, confronting problems directly, or evading the issue altogether. Yet, the ways to cope with stress in the virtual world differ. Online stress can arise from unique triggers, and its repercussions can rapidly escalate and proliferate at an alarming rate.
The rise of social media has brought a concerning phenomenon – social media stress in children. As these young individuals navigate the complex virtual world, they often encounter a range of stressors that can significantly impact their emotional and psychological well-being. Understanding these underlying causes is a crucial step in addressing and mitigating the adverse effects of social media on our younger generations. Let’s delve into the causes of social media stress in children and shed light on the various factors that contribute to this growing issue:
Besides the more obvious and well-documented sources of social media stress in children, there exist several other significant triggers that contribute to the overall stress levels experienced by young individuals in the digital age, and these may include:
→ Dig Deeper: The Ultimate Guide to Safe Sharing Online
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
→ Dig Deeper: 5 Screen Time Principles to Establish When Your Kids are Still Babies
Parenting plays a major role in helping children learn how to tackle social media stress. As parents, you know your children the best. Yes, even teens. Observe them, and if you note any change in their social media habits or general behavior, talk to them. The earlier you start having frank one-to-one conversations, the easier it will be for you later. But before that, you may need to modify your response to stress and learn to control your reactions. That way, you will teach them a very important lesson without using a single word.
Children can learn to manage social media stress by developing a healthy online etiquette and creating boundaries for their online activities. Encourage them to accept differences and realize that people have varied opinions. Remind them not to make judgments based on someone’s online bio and pictures and to understand that life isn’t a bed of roses for anyone. Another important step is to help them understand how important it is to respond tactfully when things get heated online. It’s essential that they understand the power of choosing not to engage in online altercations. Being silent doesn’t mean they’re weak but smart enough not to get provoked. If any online situation becomes too intense, they should be encouraged to report and block the perpetrator immediately.
McAfee Pro Tip: Since each child’s level of maturity and cognitive capacity to manage online challenges varies, a one-site-fits-all approach to balancing social media and mental health won’t work for everyone. Find tips on how to find the best method for your child.
One of the keys to managing stress caused by social media is ensuring that kids practice digital balance. Set screen time limits and encourage them to make and maintain friendships in the real world. In-person interactions promote emotional growth and provide a well-rounded social experience. Moreover, it’s crucial to instill the idea that maturity is about staying true to their values and wisdom lies in identifying the negatives and avoiding them. Just as they would in the physical world, they should be aware that the digital world comprises both good and bad elements. This awareness can help them navigate online spaces safely. Let them know the importance of applying their real-life values in the digital world and the mantra of STOP, THINK, CONNECT, should always be in their mind before posting anything online.
→ Dig Deeper: 6 Steps to Help Your Family Restore Digital Balance in Stressful Times
In conclusion, parents play a crucial role in helping their children tackle social media stress. By observing their kids’ behavioral changes, having open conversations, and setting appropriate boundaries for their online activities, parents can help their kids navigate the digital world safely. Encouraging children to accept differences, practice tact, maintain digital balance, and be aware of the good and bad online can help alleviate the stress caused by social media. Ultimately, the goal is to create a healthier and happier online space for children, free from unnecessary stress.
Improve your digital parenting with McAfee’s Parental Controls. This security tool allows parents to monitor device usage, set limits on screen time, and even keep tabs on kids’ whereabouts.
The post Handling Social Media Stress for Teens appeared first on McAfee Blog.
As we all look forward to the sunshine and freedom of summer, it’s important to remember that not all elements of the school year disappear with the ringing of the final bell. In our increasingly digital age, cyberbullying has become a pervasive issue that can affect kids even during their summer break. This guide will help parents understand the issue, recognize the signs, and provide practical strategies to protect their kids from cyberbullies.
Summer break should be a time of fun-filled days, exploration, relaxation, and a break from the rigors of the school year. However, with the increase in leisure time comes a corresponding increase in screen time, and, unfortunately, this often results in an uptick in instances of cyberbullying. As the McAfee survey in 2014 revealed, 87% of teenagers reported witnessing cyberbullying, a significant increase from the previous year. The reasons for being targeted varied, with appearance, race, religion, and sexual orientation all cited as factors. Given this reality, parents must remain vigilant during the summer months. Keeping an eye on your child’s online activities, encouraging open communication, and intervening when necessary can make the difference between a summer of fun and one of fear and isolation. → Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
When confronted with bullying, our instinctive reactions aren’t always the best. Here are three things you should avoid doing when addressing cyberbullying:
Prevention is the best cure, and there are several proactive steps you can take to minimize the risk of your child being cyberbullied:
→ Dig Deeper: Protecting Your Privacy on Social Media
→ Dig Deeper: Beware of Malicious Mobile Apps
Despite taking precautions, there may be instances where cyberbullying can’t be immediately prevented. In such situations, it is crucial to know what steps to take to mitigate the impact and bring the bullying to an end:
Addressing the issue of cyberbullying can be a complex task. The emotional wounds inflicted by this abuse can be deep and long-lasting. Therefore, it’s indispensable that your child feels supported and understood. Maintain an open line of communication with your child, creating a secure and trusting environment where they can comfortably express their feelings and fears. It might also be beneficial to seek professional help when dealing with cases of severe bullying. Therapy or counseling can provide your child with effective coping strategies, helping them regain their confidence and self-esteem. McAfee Pro Tip: While numerous aspects of the digital world remain beyond our control, one aspect where we wield significant influence is our commitment to protecting the well-being of our family members in both the digital and mental realms. Mental health always matters. Find ways to support your child online and offline.
Preventing cyberbullying starts at home. By teaching our children the values of empathy and respect, we can contribute to a more positive online culture. Incorporate digital citizenship lessons into your everyday conversations, emphasizing the importance of treating others kindly offline and online. Teach your children to think before they post and remind them that behind every screen, there’s a real person who can be hurt by their words. Building respect and empathy can discourage cyberbullying and inspire children to stand against it. → Dig Deeper: Cyberbullying’s Impact on Both Society and Security
Parenting in the digital age brings with it new challenges and responsibilities. Cyberbullying is a significant issue that requires our attention and vigilance, especially during the summer when screen time increases. Equip your child with the right tools to protect themselves online, foster open communication at all times, and support them in the face of adversity. Remember, the goal is for our children to enjoy their digital interactions and have a safe, enjoyable summer free from the threat of cyberbullying. Improve your family’s digital habits, privacy, and safety with McAfee’s Parental Controls. This security tool allows parents to oversee device usage, establish screen time restrictions, and even track the locations of their children.
The post Help Kids Steer Clear of Cyberbullies During Summer Break appeared first on McAfee Blog.
Associated-Threat-Analyzer detects malicious IPv4 addresses and domain names associated with your web application using local malicious domain and IPv4 lists.
git clone https://github.com/OsmanKandemir/associated-threat-analyzer.git
cd associated-threat-analyzer && pip3 install -r requirements.txt
python3 analyzer.py -d target-web.com
You can run this application on a container after build a Dockerfile.
docker build -t osmankandemir/threatanalyzer .
docker run osmankandemir/threatanalyzer -d target-web.com
docker pull osmankandemir/threatanalyzer
docker run osmankandemir/threatanalyzer -d target-web.com
-d DOMAIN , --domain DOMAIN Input Target. --domain target-web1.com
-t DOMAINSFILE, --DomainsFile Malicious Domains List to Compare. -t SampleMaliciousDomains.txt
-i IPSFILE, --IPsFile Malicious IPs List to Compare. -i SampleMaliciousIPs.txt
-o JSON, --json JSON JSON output. --json
https://github.com/OsmanKandemir/indicator-intelligence
https://github.com/stamparm/blackbook
https://github.com/stamparm/ipsum
We reported earlier this year, a fresh rash of online job scams continue to rope in plenty of victims. Now, those victims are taking to TikTok with a warning.
https://www.tiktok.com.mcas.ms/@thenamesamber/video/7188616142062275886
Source, thenamesamber on TikTok
Take the story thenamesamber told on TikTok. It starts out like many. Amber wanted a job that allowed remote work, and luckily enough, a recruiter reached out to her through an online recruiting site with an opportunity.
From there, the recruiter directed Amber to download a messaging app, which the company would use for the interview process. The interview went just fine, Amber got a job offer, and then the company asked Amber for a home address.
Here’s where the catch comes in.
Amber goes on to say that the company sent her a check by overnight mail, a check she should use to buy equipment. A check for nearly $5,000. For days, the check didn’t post. The company repeatedly asked for update. Had it posted yet? Had it posted yet?
At this point, Amber said she got suspicious. She contacted her bank. The check had a hold placed on it, and according to Amber, she was charged a fee and her account frozen for days. In speaking with her bank, Amber was told that the check was bad and that she was the victim of a scam. The bank has seen a lot of it lately, said Amber.
Yet based on what we’ve seen, Amber got lucky.
Victims and banks sometimes fail to spot the scam as it unfolds. In those cases, the check gets posted and the scammers tell the victim to forward the money to another person who’ll purchase equipment for them. Usually by way of an online payment app.
Days later, the check bounces for insufficient funds. Meanwhile, victims get burdened with the fraud reporting process — with their bank and with the payment app they used. Depending on the means and terms of payment, some or all of that money might be gone for good. And as a result, the scammers get a few thousand dollars richer.
If you spend some time on social media, you’ll stumble across plenty of videos that tell this exact story in one form or another. And with each story, you’ll find dozens of people sharing that the same thing happened, or almost happened, to them.
We’re glad people are taking to TikTok to share their stories, even as sharing those stories can get painful. You can avoid these scams. Part of it involves awareness. They’re still going strong. The next part counts on you and your sharp eye to spot sketchy behavior when you see it.
We’ll show you how, and that begins with a look at where these scams take place.
Employment figures continue to surge. It’s a hot job market out there, and when things get hot, you’ll find scammers looking to turn a buck. It’s much like tax season and gift-giving holidays. Scammers will take advantage of trends and seasonal events where people go online and there’s money involved. Job scams are no different.
Where do these scams crop up?
As we reported earlier this year and as TikTok videos have shared, many appear to originate from trusted online recruiting platforms like LinkedIn and Indeed. Scammers will either set up a bogus company or pose as a representative of a legitimate company. In other cases, job scams take root on social media. Here, scammers play the same game—set up a bogus company or impersonate a legitimate one.
From there, stories like Amber’s unfold.
Without question, recruiting and social media platforms know what’s going on and take steps to quash scam accounts.
For example, LinkedIn’s latest community report cited the removal of more than 21 million fake accounts in the first half of 2022:
Likewise, Facebook took action on 426 million fake accounts in Q1 of 2023 alone, with nearly 99% of them acted on before users reported them.
In its guidelines for a safe job search, Indeed mentions the global teams “dedicated to the safety and authenticity of the jobs posted on our platform.”
Still, some scammers make their way through to these platforms and others like them.
Our earlier advice on the topic still holds true. You can spot scams several ways, particularly when you know that scammers want your money and personal information as quickly as possible. The moment any so-called job offer asks for any of those, a red flag should immediately go up.
It’s possibly a scam if:
They ask for your Social Security or tax ID number.
In the hands of a scammer, your SSN or tax ID is the key to your identity. With it, they can open up bank cards, lines of credit, apply for insurance benefits, collect benefits and tax returns, or even commit crimes, all in your name. Needless to say, scammers will ask for it, perhaps under the guise of a background check or for payroll purposes. The only time you should provide your SSN or tax ID is when you know that you have accepted a legitimate job with a legitimate company. Only sent it through a secure document signing service, never via email, text, or over the phone.
They want your banking information.
Another trick scammers rely on is asking for bank account information so that they can wire a payment to you. As with the SSN above, closely guard this information and treat it in exactly the same way. Don’t give it out unless you have a legitimate job with a legitimate company.
They want you to pay before you get paid.
Some scammers will take a different route. They’ll promise employment, but first you’ll need to pay them for training, onboarding, or equipment before you can start work. Legitimate companies won’t make these kinds of requests. Amber’s check story provides a good example of this.
They tell you to download a specific messaging app to communicate with them.
Victims report that the scammers require a specific app to chat and, sometimes, to conduct the interview itself. Apps like Signal and Wire get mentioned, yet rest assured that these apps themselves are legitimate. The scammers are the problem, not the apps. Consider it a warning sign if someone asks you to largely communicate this way.
Aside from the types of information they ask for, the way they ask for your information offers other clues that you might find yourself mixed up in a scam. Look out for the following as well:
1) The offer is big on promises but short on details.
You can sniff out many online scams with the “too good to be true” test. Scammers often make big promises during the holidays with low-priced offers for hard-to-get holiday gifts and then don’t deliver. It’s the same with job scams. The high pay, the low hours, and even the offer of things like a laptop and other perks, these are signs that a job offer might be a scam. Moreover, when pressed for details about this seemingly fantastic job opportunity, scammers might balk. Or they might come back with incomplete or inconsistent replies because the job doesn’t exist at all.
2) They communicate only through email or chat.
Job scammers hide behind their screens. They use the anonymity of the internet to their advantage. Job scammers likewise create phony profiles on networking and social media websites, which means they won’t agree to a video chat or call, which are commonly used in legitimate recruiting today. If your job offer doesn’t involve some sort of face-to-face communication, that indicates it might be a scam.
3) And the communications seem a little …off.
Scammers now have an additional tool to reel in their victims — AI chatbots like Chat GPT, which can generate email correspondence, chats, LinkedIn profiles, and other content in seconds so they can bilk victims on a huge scale. However, AI has its limits. Right now, it tends to use shorter sentences in a way that seems like it’s spitting out information. There’s little story or substance to the content it creates. That might be a sign of a scam. Likewise, even without AI, you might spot a recruiter using technical or job-related terms in unusual ways, as if they’re unfamiliar with the work they’re hiring for. That’s another potential sign.
4) Things move too quickly.
Scammers love quick conversion. Yet job seekers today know that interview processes are typically long and involved, often relying on several rounds of interviews and loops. If a job offer comes along without the usual rigor and the recruiter is asking for personal information practically right away, that’s another near-certain sign of a scam.
5) You get job offers on Facebook or other social media sites not associated with job searches.
This is another red flag. Legitimate businesses stick to platforms associated with networking for business purposes, typically not networking for families, friends, and interests. Why do scammers use sites like Facebook anyway? They’re a gold mine of information. By trolling public profiles, they have access to years of posts and armloads of personal information on thousands of people, which they can use to target their attacks. This is another good reason to set your social media profiles on platforms like Facebook, Instagram, and other friend-oriented sites to private so that scammers of all kinds, not just job scammers, can’t use your information against you.
As a job hunter you know that getting the right job requires some research. You look up the company, dig into their history—the work they do, how long they’ve been at it, where their locations are, and maybe even read some reviews provided by current or former employees. When it comes to job offers that come out of the blue, it calls for taking that research a step further.
After all, is that business really a business, or is it really a scam?
In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.
Also in the U.S., you can visit the website of your state’s Secretary of State and search for the business in question, where you can find when it was founded, if it’s still active, or if it exists at all. For businesses based in a state other than your own, you can visit that state’s Secretary of State website for information. For a state-by-state list of Secretaries of State, you can visit the Secretary of State Corporate Search page here.
For a listing of businesses with international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background information, which might require signing up for an account.
Given the way we rely so heavily on the internet to get things done and enjoy our day, comprehensive online protection software that looks out for your identity, privacy, and devices is a must. Specific to job scams, it can help you in several ways, these being just a few:
Amber’s story, and stories like hers have racked up nearly a quarter-billion dollars in reported losses in the first half of this year here in the U.S. The median loss, somewhere around $2,000 per victim.
Job scams persist. In fact, they’ve increased by nearly 25% this year compared to this time last year. It’s no surprise that scam stories on TikTok keep racking up. Yet as you’ve seen, awareness and a sharp eye can help you avoid them.
Editor’s Note:
Job scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Online Job Scams – TikTokers Tell Their Stories, with a Warning appeared first on McAfee Blog.
What does a hacker want with your social media account? Plenty.
Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes.
Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA).
MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.
Examples of MFA include:
With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have.
This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information.
Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”
Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results.
For quick reference, you can find the appropriate help pages for some of the most popular platforms here:
Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.
In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way.
More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password.
On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack.
Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.
The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.
Farewell, summer. Hello, back-to-school season! While the chill may not be in the air yet, parents may be feeling the slight shiver of unease as their kids, tweens, teens, and young adults return to school and become re-entangled with the technology they use for their education and budding social lives.
Before they hop on the bus or zoom off to college, alert your children to the following 10 online cybersecurity best practices to ensure a safe school year online.
It sounds obvious but impart the importance to your kids of keeping their eyes on their devices at all times. Lost cellphones and laptops are not only expensive to replace but you lose control of the valuable personally identifiable information (PII) they contain. Protect all devices with unique, hard-to-guess passwords. Even better, enable biometric passwords, such as fingerprint or face ID. These are the hardest passwords to crack and can keep the information inside lost or stolen devices safe.
Streaming services host the most buzzworthy shows. All their friends may be raving about the latest episodes of a zombie thriller or sci-fi visual masterpiece, but alas: Your family doesn’t have a subscription to the streaming service. Cash-conscious college students especially may attempt to save money on streaming by sharing passwords to various platforms. Alert your children to the dangers of doing so. Sharing a password with a trusted best friend might not seem like a cyberthreat, but if they share it with a friend who then shares it with someone else who may not be so trustworthy, you just handed the keys to a criminal to walk right in and help themselves to your PII stored on the streaming service’s dashboard.
Once the cybercriminal has your streaming service password, they may then attempt to use it to break into other sensitive online accounts. Criminals bank on people reusing the same passwords across various accounts. So, make sure that your children always keep their passwords to themselves and have unique passwords for every account. If they’re having a difficult time remembering dozens of passwords, sign them up for a password manager that can store passwords securely.
Walk down any city or suburban street, and you’re likely to see at least one Gen Zer filming themselves doing the latest dance trend or taking carefully posed pictures with their friends to share on social media. According to one survey, 76% of Gen Zers use Instagram and 71% are on social media for three hours or more every day.1 And while they’re on social media, your children are likely posting details about their day. Some details – like what they ate for breakfast – are innocent. But when kids start posting pictures or details about where they go to school, where they practice sports, and geotagging their home addresses, this opens them up to identity fraud or stalking.
Encourage your children to keep some personal details to themselves, especially their full names, full birthdates, address, and where they go to school. For their social media handles, suggest they go by a nickname and omit their birthyear. Also, it’s best practice to keep social media accounts set to private. If they have aspirations to become the internet’s next biggest influencer or video star, they can create a public account that’s sparse on the personal details.
Cyberbullying is a major concern for school-age children and their parents. According to McAfee’s “Life Behind the Screens of Parents, Tweens, and Teens,” 57% of parents worry about cyberbullying and 47% of children are similarly uneasy about it. Globally, children as young as 10 years old have experienced cyberbullying.
Remind your children that they should report any online interaction that makes them uncomfortable to an adult, whether that’s a teacher, a guidance counsellor, or a family member. Breaks from social media platforms are healthy, so consider having the whole family join in on a family-wide social media vacation. Instead of everyone scrolling on their phones on a weeknight, replace that time with a game night instead.
ChatGPT is all the rage, and procrastinators are rejoicing. Now, instead of spending hours writing essays, students can ask artificial intelligence to compose it for them. ChatGPT is just the latest tool corner-cutters are adding to their toolbelt. Now that most kids, tweens, and teens have cellphones in their pockets, that means they also basically have cheating devices under their desks.
To deter cheating, parents should consider lessening the pressure upon their kids to receive a good grade at any cost. School is all about learning, and the more a student cheats, the less they learn. Lessons often build off previous units, so if a student cheats on one test, future learning is built upon a shaky foundation of previous knowledge. Also, students should be careful about using AI as a background research tool, as it isn’t always accurate.
Phishing happens to just about everyone with an email address, social media account, or mobile phone. Cybercriminals impersonate businesses, authority figures, or people in dire straits to gain financially from unsuspecting targets. While an adult who carefully reads their online correspondences can often pick out a phisher from a legitimate sender, tweens and teens who rush through messages and don’t notice the tell-tale signs could fall for a phisher and give up their valuable PII.
Pass these rules onto your students to help them avoid falling for phishing scams:
Social engineering is similar to phishing in that it is a scheme where a cybercriminal ekes valuable PII from people on social media and uses it to impersonate them elsewhere or gain financially. Social engineers peruse public profiles and create scams targeted specifically to their target’s interests and background. For instance, if they see a person loves their dog, the criminal may fabricate a dog rescue fundraiser to steal their credit card information.
It’s important to alert your children (and remind your college-age young adults) to be on the lookout for people online who do not have pure intentions. It’s safest to deal with any stranger online with a hefty dose of skepticism. If their heartstrings are truly tugged by a story they see online, they should consider researching and donating their money or time to a well-known organization that does similar work.
With an election on the horizon, there will probably be an uptick in false new reports. Fake news spreaders are likely to employ AI art, deepfake, and ChatGPT-written “news” articles to support their sensationalist claims. Alert your students – especially teens and young adults who may be interested in politics – to be on the lookout for fake news. Impart the importance of not sharing fake news with their online followings, even if they’re poking fun at how ridiculous the report is. All it takes is for one person to believe it, spread it to their network, and the fake news proponents slowly gather their own following. Fake news turns dangerous when it incites a mob mentality.
To identify fake news, first, read the report. Does it sound completely outlandish? Are the accompanying images hard to believe? Then, see if any other news outlet has reported a similar story. Genuine news is rarely isolated to one outlet.
Parents with students who have a budding interest in current events should share a few vetted online news sources that are well-established and revered for their trustworthiness.
In a quest for free shows, movies, video games, and knockoff software, students are likely to land on at least one risky website. Downloading free media onto a device from a risky site can turn costly very quickly, as malware often lurks on files. Once the malware infects a device, it can hijack the device’s computing power for the cybercriminal’s other endeavors or the malware could log keystrokes and steal passwords and other sensitive information.
With the threat of malware swirling, it’s key to share safe downloading best practices with your student. A safe browsing extension, like McAfee Web Advisor, alerts you when you’re entering a risky site where malware and other shifty online schemes may be hiding.
Dorms, university libraries, campus cafes, and class buildings all likely have their own Wi-Fi networks. While school networks may include some protection from outside cybercriminals, networks that you share with hundreds or thousands of people are susceptible to digital eavesdropping.
To protect connected devices and the important information they house, connect to a virtual private network (VPN) whenever you’re not 100% certain of a Wi-Fi’s safety. VPNs are quick and easy to connect to, and they don’t slow down your device.
Dealing with technology is an issue that parents have always faced. While it used to be as simple as limiting TV time, they now deal with monitoring many forms of technology. From eyes glued to smartphones all day to hours spent playing video games, kids are immersed in technology.
Safe technology use doesn’t come as second nature — it needs to be taught. As a parent, the issues of when to get your child a phone, too much screen time and online harassment are top of mind. To address these concerns, it’s important to set boundaries and teach safe technology use. One way to do this is by creating a family media agreement or contract.
Family device agreements help teach proper technology use and set expectations. They allow you to start an open conversation with your kids and encourage them to be part of the decision making. By creating a family device agreement, your kids will know their boundaries and have concrete consequences for breaking them.
In today’s parenting, you may want to consider creating a McAfee Family Device Agreement. The most important thing is to have an agreement that is suitable for your kids’ ages and maturity and one that works for your family’s schedule. There’s no point making your kids sign an agreement that limits their time on Instagram when they’re probably quite happy visiting only the online sites that you have ‘bookmarked’ for them.
While diligence and good cyber habits can lessen the impact of many of these 10 threats, a cybersecurity protection service gives parents and their students valuable peace of mind that their devices and online privacy are safe. McAfee+ Ultimate Family Plan is the all-in-one device, privacy, and identity protection service that allows the whole family to live confidently online.
1Morning Consult, “Gen Z Is Extremely Online”
The post 10 Back-to-School Tech Tips for Kids, Teens and College Students appeared first on McAfee Blog.
Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. Now new findings reveal that AVrecon is the malware engine behind a 12-year-old service called SocksEscort, which rents hacked residential and small business devices to cybercriminals looking to hide their true location online.
Image: Lumen’s Black Lotus Labs.
In a report released July 12, researchers at Lumen’s Black Lotus Labs called the AVrecon botnet “one of the largest botnets targeting small-office/home-office (SOHO) routers seen in recent history,” and a crime machine that has largely evaded public attention since first being spotted in mid-2021.
“The malware has been used to create residential proxy services to shroud malicious activity such as password spraying, web-traffic proxying and ad fraud,” the Lumen researchers wrote.
Malware-based anonymity networks are a major source of unwanted and malicious web traffic directed at online retailers, Internet service providers (ISPs), social networks, email providers and financial institutions. And a great many of these “proxy” networks are marketed primarily to cybercriminals seeking to anonymize their traffic by routing it through an infected PC, router or mobile device.
Proxy services can be used in a legitimate manner for several business purposes — such as price comparisons or sales intelligence — but they are massively abused for hiding cybercrime activity because they make it difficult to trace malicious traffic to its original source. Proxy services also let users appear to be getting online from nearly anywhere in the world, which is useful if you’re a cybercriminal who is trying to impersonate someone from a specific place.
Spur.us, a startup that tracks proxy services, told KrebsOnSecurity that the Internet addresses Lumen tagged as the AVrecon botnet’s “Command and Control” (C2) servers all tie back to a long-running proxy service called SocksEscort.
SocksEscort[.]com, is what’s known as a “SOCKS Proxy” service. The SOCKS (or SOCKS5) protocol allows Internet users to channel their Web traffic through a proxy server, which then passes the information on to the intended destination. From a website’s perspective, the traffic of the proxy network customer appears to originate from a rented/malware-infected PC tied to a residential ISP customer, not from the proxy service customer.
The SocksEscort home page says its services are perfect for people involved in automated online activity that often results in IP addresses getting blocked or banned, such as Craigslist and dating scams, search engine results manipulation, and online surveys.
Spur tracks SocksEscort as a malware-based proxy offering, which means the machines doing the proxying of traffic for SocksEscort customers have been infected with malicious software that turns them into a traffic relay. Usually, these users have no idea their systems are compromised.
Spur says the SocksEscort proxy service requires customers to install a Windows based application in order to access a pool of more than 10,000 hacked devices worldwide.
“We created a fingerprint to identify the call-back infrastructure for SocksEscort proxies,” Spur co-founder Riley Kilmer said. “Looking at network telemetry, we were able to confirm that we saw victims talking back to it on various ports.”
According to Kilmer, AVrecon is the malware that gives SocksEscort its proxies.
“When Lumen released their report and IOCs [indicators of compromise], we queried our system for which proxy service call-back infrastructure overlapped with their IOCs,” Kilmer continued. “The second stage C2s they identified were the same as the IPs we labeled for SocksEscort.”
Lumen’s research team said the purpose of AVrecon appears to be stealing bandwidth – without impacting end-users – in order to create a residential proxy service to help launder malicious activity and avoid attracting the same level of attention from Tor-hidden services or commercially available VPN services.
“This class of cybercrime activity threat may evade detection because it is less likely than a crypto-miner to be noticed by the owner, and it is unlikely to warrant the volume of abuse complaints that internet-wide brute-forcing and DDoS-based botnets typically draw,” Lumen’s Black Lotus researchers wrote.
Preserving bandwidth for both customers and victims was a primary concern for SocksEscort in July 2022, when 911S5 — at the time the world’s largest known malware proxy network — got hacked and imploded just days after being exposed in a story here. Kilmer said after 911’s demise, SocksEscort closed its registration for several months to prevent an influx of new users from swamping the service.
Danny Adamitis, principal information security researcher at Lumen and co-author of the report on AVrecon, confirmed Kilmer’s findings, saying the C2 data matched up with what Spur was seeing for SocksEscort dating back to September 2022.
Adamitis said that on July 13 — the day after Lumen published research on AVrecon and started blocking any traffic to the malware’s control servers — the people responsible for maintaining the botnet reacted quickly to transition infected systems over to a new command and control infrastructure.
“They were clearly reacting and trying to maintain control over components of the botnet,” Adamitis said. “Probably, they wanted to keep that revenue stream going.”
Frustratingly, Lumen was not able to determine how the SOHO devices were being infected with AVrecon. Some possible avenues of infection include exploiting weak or default administrative credentials on routers, and outdated, insecure firmware that has known, exploitable security vulnerabilities.
KrebsOnSecurity briefly visited SocksEscort last year and promised a follow-up on the history and possible identity of its proprietors. A review of the earliest posts about this service on Russian cybercrime forums suggests the 12-year-old malware proxy network is tied to a Moldovan company that also offers VPN software on the Apple Store and elsewhere.
SocksEscort began in 2009 as “super-socks[.]com,” a Russian-language service that sold access to thousands of compromised PCs that could be used to proxy traffic. Someone who picked the nicknames “SSC” and “super-socks” and email address “michvatt@gmail.com” registered on multiple cybercrime forums and began promoting the proxy service.
According to DomainTools.com, the apparently related email address “michdomain@gmail.com” was used to register SocksEscort[.]com, super-socks[.]com, and a few other proxy-related domains, including ip-score[.]com, segate[.]org seproxysoft[.]com, and vipssc[.]us. Cached versions of both super-socks[.]com and vipssc[.]us show these sites sold the same proxy service, and both displayed the letters “SSC” prominently at the top of their homepages.
Image: Archive.org. Page translation from Russian via Google Translate.
According to cyber intelligence firm Intel 471, the very first “SSC” identity registered on the cybercrime forums happened in 2009 at the Russian language hacker community Antichat, where SSC asked fellow forum members for help in testing the security of a website they claimed was theirs: myiptest[.]com, which promised to tell visitors whether their proxy address was included on any security or anti-spam block lists.
Myiptest[.]com is no longer responding, but a cached copy of it from Archive.org shows that for about four years it included in its HTML source a Google Analytics code of US-2665744, which was also present on more than a dozen other websites.
Most of the sites that once bore that Google tracking code are no longer online, but nearly all of them centered around services that were similar to myiptest[.]com, such as abuseipdb[.]com, bestiptest[.]com, checkdnslbl[.]com, dnsbltools[.]com and dnsblmonitor[.]com.
Each of these services were designed to help visitors quickly determine whether the Internet address they were visiting the site from was listed by any security firms as spammy, malicious or phishous. In other words, these services were designed so that proxy service users could easily tell if their rented Internet address was still safe to use for online fraud.
Another domain with the Google Analytics code US-2665744 was sscompany[.]net. An archived copy of the site says SSC stands for “Server Support Company,” which advertised outsourced solutions for technical support and server administration.
Leaked copies of the hacked Antichat forum indicate the SSC identity registered on the forum using the IP address 71.229.207.214. That same IP was used to register the nickname “Deem3n®,” a prolific poster on Antichat between 2005 and 2009 who served as a moderator on the forum.
There was a Deem3n® user on the webmaster forum Searchengines.guru whose signature in their posts says they run a popular community catering to programmers in Moldova called sysadmin[.]md, and that they were a systems administrator for sscompany[.]net.
That same Google Analytics code is also now present on the homepages of wiremo[.]co and a VPN provider called HideIPVPN[.]com.
Wiremo sells software and services to help website owners better manage their customer reviews. Wiremo’s Contact Us page lists a “Server Management LLC” in Wilmington, DE as the parent company. Server Management LLC is currently listed in Apple’s App Store as the owner of a “free” VPN app called HideIPVPN.
“The best way to secure the transmissions of your mobile device is VPN,” reads HideIPVPN’s description on the Apple Store. “Now, we provide you with an even easier way to connect to our VPN servers. We will hide your IP address, encrypt all your traffic, secure all your sensitive information (passwords, mail credit card details, etc.) form [sic] hackers on public networks.”
When asked about the company’s apparent connection to SocksEscort, Wiremo responded, “We do not control this domain and no one from our team is connected to this domain.” Wiremo did not respond when presented with the findings in this report.
Introducing SOC Multi-tool, a free and open-source browser extension that makes investigations faster and more efficient. Now available on the Chrome Web Store and compatible with all Chromium-based browsers such as Microsoft Edge, Chrome, Brave, and Opera.
Now available on Chrome Web Store!
SOC Multi-tool eliminates the need for constant copying and pasting during investigations. Simply highlight the text you want to investigate, right-click, and navigate to the type of data highlighted. The extension will then open new tabs with the results of your investigation.
The SOC Multi-tool is a modernized multi-tool built from the ground up, with a range of features and capabilities. Some of the key features include:
You can easily install the extension by downloading the release from the Chrome Web Store!
If you wish to make edits you can download from the releases page, extract the folder and make your changes.
To load your edited extension turn on developer mode in your browser's extensions settings, click "Load unpacked" and select the extracted folder!
SOC Multi-tool is a community-driven project and the developer encourages users to contribute and share better resources.
Happy World Social Media Day! Today’s a day about celebrating the life-long friendships you’ve made thanks to social media. Social media was invented to help users meet new people with shared interests, stay in touch, and learn more about world. Facebook, Twitter, Instagram, Reddit, TikTok, LinkedIn, and the trailblazing MySpace have all certainly succeeded in those aims.
This is the first World Social Media Day where artificial intelligence (AI) joins the party. AI has existed in many forms for decades, but it’s only recently that AI-powered apps and tools are available in the pockets and homes of just about everyone. ChatGPT, Voice.ai, DALL-E, and others are certainly fun to play with and can even speed up your workday.
While scrolling through hilarious videos and commenting on your friends’ life milestones are practically national pastimes, some people are making it their pastime to fill our favorite social media feeds with AI-generated content. Not all of it is malicious, but some AI-generated social media posts are scams.
Here are some examples of common AI-generated content that you’re likely to encounter on social media.
Have you scrolled through your video feed and come across voices that sound exactly like the current and former presidents? And are they playing video games together? Comic impersonators can be hilariously accurate with their copycatting, but the voice track to this video is spot on. This series of videos, created by TikToker Voretecks, uses AI voice generation to mimic presidential voices and pit them against each other to bring joy to their viewers.1 In this case, AI-generated voices are mostly harmless, since the videos are in jest. Context clues make it obvious that the presidents didn’t gather to hunt rogue machines together.
AI voice generation turns nefarious when it’s meant to trick people into thinking or acting a certain way. For example, an AI voiceover made it look like a candidate for Chicago mayor said something inflammatory that he never said.2 Fake news is likely to skyrocket with the fierce 2024 election on the horizon. Social media sites, especially Twitter, are an effective avenue for political saboteurs to spread their lies far and wide to discredit their opponent.
Finally, while it might not appear on your social media feed, scammers can use what you post on social media to impersonate your voice. According to McAfee’s Beware the Artificial Imposters Report, a scammer requires only three seconds of audio to clone your voice. From there, the scammer may reach out to your loved ones with extremely realistic phone calls to steal money or sensitive personal information. The report also found that of the people who lost money to an AI voice scam, 36% said they lost between $500 and $3,000.
To keep your voice out of the hands of scammers, perhaps be more mindful of the videos or audio clips you post publicly. Also, consider having a secret safe word with your friends and family that would stump any would-be scammer.
Deepfake, or the alteration of an existing photo or video of a real person that shows them doing something that never happened, is another tactic used by social media comedians and fake news spreaders alike. In the case of the former, one company founded their entire business upon deepfake. The company is most famous for its deepfakes of Tom Cruise, though it’s evolved into impersonating other celebrities, generative AI research, and translation.3
When you see videos or images on social media that seem odd, look for a disclaimer – either on the post itself or in the poster’s bio – about whether the poster used deepfake technology to create the content. A responsible social media user will alert their audiences when the content they post is AI generated.
Again, deepfake and other AI-altered images become malicious when they cause social media viewers to think or act a certain way. Fake news outlets may portray a political candidate doing something embarrassing to sway voters. Or an AI-altered image of animals in need may tug at the heartstrings of social media users and cause them to donate to a fake fundraiser. Deepfake challenges the saying “seeing is believing.”
ChatGPT is everyone’s favorite creativity booster and taskmaster for any writing chore. It is also the new best friend of social media bot accounts. Present on just about every social media platform, bot accounts spread spam, fake news, and bolster follower numbers. Bot accounts used to be easy to spot because their posts were unoriginal and poorly written. Now, with the AI-assisted creativity and excellent sentence-level composition of ChatGPT, bot accounts are sounding a lot more realistic. And the humans managing those hundreds of bot accounts can now create content more quickly than if they were writing each post themselves.
In general, be wary when anyone you don’t know comments on one of your posts or reaches out to you via direct message. If someone says you’ve won a prize but you don’t remember ever entering a contest, ignore it.
With the advent of mainstream AI, everyone should approach every social media post with skepticism. Be on the lookout for anything that seems amiss or too fantastical to be true. And before you share a news item with your following, conduct your own background research to assert that it’s true.
To protect or restore your identity should you fall for any social media scams, you can trust McAfee+. McAfee+ monitors your identity and credit to help you catch suspicious activity early. Also, you can feel secure in the $1 million in identity theft coverage and identity restoration services.
Social media is a fun way to pass the time, keep up with your friends, and learn something new. Don’t be afraid of AI on social media. Instead, laugh at the parodies, ignore and report the fake news, and enjoy social media confidently!
1Business Insider, “AI-generated audio of Joe Biden and Donald Trump trashtalking while gaming is taking over TikTok”
2The Hill, “The impending nightmare that AI poses for media, elections”
3Metaphysic, “Create generative AI video that looks real”
The post Be Mindful of These 3 AI Tricks on World Social Media Day appeared first on McAfee Blog.
Do you remember the days of printing out directions from your desktop? Or the times when passengers were navigation co-pilots armed with a 10-pound book of maps? You can thank location services on your smartphone for today’s hassle-free and paperless way of getting around town and exploring exciting new places.
However, location services can prove a hassle to your online privacy when you enable location sharing. Location sharing is a feature on many connected devices – smartphones, tablets, digital cameras, smart fitness watches – that pinpoints your exact location and then distributes your coordinates to online advertisers, your social media following, or strangers.
While there are certain scenarios where sharing your location is a safety measure, in most cases, it’s an online safety hazard. Here’s what you should know about location sharing and the effects it has on your privacy.
Location sharing is most beneficial when you’re unsure about new surroundings and want to let your loved ones know that you’re ok. For example, if you’re traveling by yourself, it may be a good idea to share the location of your smartphone with an emergency contact. That way, if circumstances cause you to deviate from your itinerary, your designated loved one can reach out and ensure your personal safety.
The key to sharing your location safely is to only allow your most trusted loved one to track the whereabouts of you and your connected device. Once you’re back on known territory, you may want to consider turning off all location services, since it presents a few security and privacy risks.
In just about every other case, you should definitely think twice about enabling location sharing on your smartphone. Here are three risks it poses to your online privacy and possibly your real-life personal safety:
Does it sometimes seem like your phone, tablet, or laptop is listening to your conversations? Are the ads you get in your social media feeds or during ad breaks in your gaming apps a little too accurate? When ad tracking is enabled on your phone, it allows online advertisers to collect your personal data that you add to your various online accounts to better predict what ads you might like. Personal details may include your full name, birthday, address, income, and, thanks to location tracking, your hometown and regular neighborhood haunts.
If advertisers kept these details to themselves, it may just seem like a creepy invasion of privacy; however, data brokerage sites may sell your personally identifiable information (PII) to anyone, including cybercriminals. The average person has their PII for sale on more than 30 sites and 98% of people never gave their permission to have their information sold online. Yet, data brokerage sites are legal.
One way to keep your data out of the hands of advertisers and cybercriminals is to limit the amount of data you share online and to regularly erase your data from brokerage sites. First, turn off location services and disable ad tracking on all your apps. Then, consider signing up for McAfee Personal Data Cleanup, which scans, removes, and monitors data brokerage sites for your personal details, thus better preserving your online privacy.
Location sharing may present a threat to your personal safety. Stalkers could be someone you know or a stranger. Fitness watches that connect to apps that share your outdoor exercising routes could be especially risky, since over time you’re likely to reveal patterns of the times and locations where one could expect to run into you.
Additionally, stalkers may find you through your geotagged social media posts. Geotagging is a social media feature that adds the location to your posts. Live updates, like live tweeting or real-time Instagram stories, can pinpoint your location accurately and thus alert someone on where to find you.
Social engineering is an online scheme where cybercriminals learn all there is about you from your social media accounts and then use that information to impersonate you or to tailor a scam to your interests. Geotagged photos and posts can tell a scammer a lot about you: your hometown, your school or workplace, your favorite café, etc.
With these details, a social engineer could fabricate a fundraiser for your town, for example. Social engineers are notorious for evoking strong emotions in their pleas for funds, so beware of any direct messages you receive that make you feel very angry or very sad. With the help of ChatGPT, social engineering schemes are likely going to sound more believable than ever before. Slow down and conduct your own research before divulging any personal or payment details to anyone you’ve never met in person.
Overall, it’s best to live online as anonymously as possible, which includes turning off your location services when you feel safe in your surroundings. McAfee+ offers several features to improve your online privacy, such as a VPN, Personal Data Cleanup, and Online Account Cleanup.
The post 3 Reasons to Think Twice About Enabling Location Sharing appeared first on McAfee Blog.
Social engineering. It’s a con game. And a con game by any other name stings just as badly.
Like any form of con, social engineering dupes their victims by playing on their emotions. Fear, excitement, and surprise. And they prey on human nature as well. The desire to help others, recognizing authority, and even the dream of hitting it big in the lottery. All of this comes into play in social engineering.
By design, the scammers who employ social engineering do so in an attempt to bilk people out of their personal information, their money, or both. More broadly, they’re designed to give scammers access—to a credit card, bank account, proprietary company information, and even physical access to a building or restricted space in the case of tailgating attacks. In this way, social engineering is an attack technique rather than a specific type of attack.
Several types of attacks employ social engineering:
The list goes on. Yet those are among the top attacks that use social engineering as a means of hoodwinking their victims. It’s a scammer’s secret weapon. Time and time again, we’ve seen just how effective it can be.
So while many bad actors turn to social engineering tricks to do their dirty work, they share several common characteristics. That makes them easy to spot. If you know what you’re looking for.
An overexcited or aggressive tone in an email, text, DM, or any kind of message you receive should put up a big red flag. Scammers use these scare tactics to get you to act without thinking things through first.
Common examples include imposter scams. The scammer will send a text or email that looks like it comes from someone you know. And they’ll say they’re in a jam of some sort, like their car has broken down in the middle of nowhere, or that they have a medical emergency and to go to urgent care. In many of these cases, scammers will quickly ask for money.
Another classic is the tax scam, where a scammer poses as a tax agent or representative. From there, they bully money out of their victims with threats of legal action or even arrest. Dealing with an actual tax issue might be uncomfortable, but a legitimate tax agent won’t threaten you like that.
You’ve won a sweepstakes! (That you never entered.) Get a great deal on this hard-to-find item! (That will never ship after you’ve paid for it.) Scammers will concoct all kinds of stories to separate you from your personal information.
The scammers behind bogus prizes and sweepstakes will ask you for banking information or sometimes even your tax ID number to pay out your winnings. Winnings you’ll never receive, of course. The scammer wants that information to raid your accounts and commit all kinds of identity theft.
Those great deals? The scammers might not ship them at all. They’ll drain your credit or debit card instead and leave you tapping your foot by your mailbox. Sometimes, the scammers might indeed ship you something after all—a knock-off item. One possibly made with child labor.
Scammers will often pose as people you know. That can include friends, family members, co-workers, bosses, vendors or clients at work, and so on. And when they do, something about the message you get will seem a bit strange.
For starters, the message might not sound like it came from them. What they say and how they say it seems off or out of character. It might include links or attachments you didn’t expect to get. Or the message might come to you via a DM sent from a “new” account they set up. In the workplace, you might get a message from your boss instructing you to pay someone a large sum from the company account.
These are all signs that something scammy might be afoot. You’ll want to follow up with these people in person or with a quick phone call just to confirm. Reach them in any way other than by replying to the message you received. Even if it looks like a legitimate account. There’s the chance their account was hacked.
How do scammers know how to reach you in the first place? And how do they seem to know just enough about you to cook up a convincing story? Clever scammers have resources, and they’ll do their homework. You can give them far less to work with by taking the following steps.
Online data brokers hoard all kinds of personal information about individuals. And they’ll sell it to anyone. That includes scammers. Data brokers gather it from multiple sources, such as public records and third parties that have further information like browsing histories and shopping histories (think your supermarket club card). With that information, a scammer can sound quite convincing—like they know you in some way or where your interests lie. You can get this information removed so scammers can’t get their hands on it. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and with select products, it can even manage the removal for you.
Needless to say, social media says a lot about you and what you’re into. You already know that because you put a part of yourself out there with each post—not to mention a record of the groups, pages, and things that you follow or like. All this provides yet more grist for a scammer’s mill when it comes time for them to concoct their stories. Setting your accounts to private takes your posts out of the public eye, and the eye of potential scammers too. This can help reduce your risk of getting conned.
Scammers throw all kinds of bogus links at people in the hope they’ll click and wind up on their scammy websites. They’ll also send attachments loaded with malware—a payload that contains ransomware, spyware, or viruses. If you get a message about one of your accounts, a shipment, or anything that involves your personal or financial info, confirm the sender. Did the message come from a legitimate address or account? Or was the address spoofed or the account a fake? For example, some scammers create social media accounts to pose as the U.S. Internal Revenue Service (IRS). The IRS doesn’t contact people through social media. If you have a concern about a message or account, visit the site in question by typing it in directly instead of clicking on the link in the message. Access your information from there or call their customer service line.
The combination of these two things makes it tough for scammers to crack your accounts. Even if they somehow get hold of your password, they can’t get into your account without the multifactor authentication number (usually sent to your phone in some form). A password manager as part of comprehensive online protection software can help you create and securely store those strong, unique passwords. Also, never give your authentication number to anyone after you receive it. Another common scammer trick is to masquerade as a customer service rep and ask you to send that number to them.
This is the one piece of advice scammers don’t want you to have, let alone follow. They count on you getting caught up in the moment—the emotion of it all. Once again, emotions, urgency, and human nature are all key components in any social engineering con. The moment you stop and think about the message, what it’s asking of you, and the way it’s asking you for it, will often quickly let you know that something is not quite right. Follow up. A quick phone call or face-to-face chat can help you from getting conned.
The post Social Engineering—The Scammer’s Secret Weapon appeared first on McAfee Blog.
