Yes, there is a Cyber Grinch. In fact, you’ll find evidence of an entire host of grinches online — the cybercrooks who, with the help of AI, create millions of online scams that crop up just in time to spoil the holiday season. But you can still shop safely, with a sharp eye and the right tools at your side.
This time of year always sees a boost in scams. After all, where shoppers go, scammers follow. Research from our McAfee Labs team found that scam volume ramps up 30% above average this time of year, kicking off in November and carrying over into the first week of the new year.
To gain even more insight into the impact online scams have on consumers, we conducted our inaugural Global Holiday Shopping Scams Study. More than 7,000 adults in seven countries told us how scams have impacted their holidays. They also shared their feelings about the recent onset of AI-driven scams.
The findings offer several significant insights, including the financial impact of scams, and even when and where people shop online (spoiler: that includes purchases made at the dinner table and in the bathtub).
Let’s dig into the findings. From there, we’ll show you several ways you can stay safe while you shop online, so you can send those grinches packing.
For starters, 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more.
The top three online scams people reported include:
We looked at those figures more closely and found some trends that show some folks get tangled up in these scams more than others.
Comparing men and women, 65% of men said they place the same level of trust in shopping online as they do in person. Meanwhile, women appear to be a bit more discerning. Only 46% of women said they had the same level of trust. We then found that men were nearly twice as likely to fall for an online holiday scam (46%) than women (26%).
When looking across generations, we found that 64% of Gen Z and 77% of Millennials trust shopping online as much as in person. Likewise, they found themselves victimized by scams more often than older adults. Of the younger set, 49% of Gen Z and 65% of Millennials said they fell for a holiday scam. Compare that to only 12% of people over 50 saying the same thing.
We also got some insight into people’s headspace.
People are as deal conscious as ever, with 1 out of 3 (35%) saying they will likely jump on a bargain when they see it. They also plan to shop around; 85% of people said they will look for the best deal before buying their holiday gifts.
It’s no surprise that 63% planned to shop online during Black Friday and Cyber Monday weekend. However, we found some surprises — namely, where they are when they shop online:
Take all that together and it leaves the Cyber Grinch wringing his hands in delight. Bargain hunting, shopping around, and buying online when you’re somewhat distracted make it easier for scammers to pull off their tricks.
Scammers count on the stress and pressures of holiday shopping. When people are tired or in a hurry, they tend to make mistakes. And now they’re easier to make, no thanks to the scammers who’ve picked up AI tools.
The bad actors out there now have AI-driven tools that help them fire up scams at alarming rates. They make it easier to create compelling fake emails, malicious sites, and text messages. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams daily.
On top of that, AI has made it harder than ever to tell what’s real from what’s fake. Not only have we seen a deluge of scams, but it’s also a deluge of increasingly sophisticated scams. With AI tools, scammers can make their emails, messages, and texts look and sound more convincing than ever.
People shared their concerns about AI scams:
Despite what we discovered in many of the findings, we have good news to share: there are tools that can help you shop safely.
Think before you click. Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Remember that if it seems too good to be true, it probably is. Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Go unlisted. Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Use AI to beat AI. From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions.
One thing that hasn’t changed this year, scammers love the holidays. Just as you’re gearing up for shopping, they’re gearing up for scamming. The hustle and bustle of the holidays, AI-driven scam tools, and malicious messages and websites seemingly play in the favor of scammers. Yet AI-driven protection like ours puts the advantage back squarely in your corner. That, and keeping your guard up for trickery, will help you steer clear of all those grinches out there this year.
The survey, which focused on the topic of scam messages and holiday shopping, was conducted online between September 7 and September 21, 2023. 7,130 adults, age 18+, in 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How to Shop Safely This Holiday Season appeared first on McAfee Blog.
As the tax season draws near, the incidence of cybercrime, particularly phishing for W-2s, tends to increase dramatically. Cybercriminals are aware that this is the time of year when many unsuspecting individuals are completing their tax returns, and they design schemes to exploit this vulnerability. This blog raises awareness about this growing problem and offers practical advice for keeping your financial data safe during tax season.
W-2 phishing scams often involve emails that appear to be from the IRS or another official source, requesting personal information. These phishing emails can be highly sophisticated, often mimicking the look and feel of legitimate communications. The goal is to trick the recipient into revealing confidential data, such as social security numbers and financial information, which the perpetrator can then use for fraudulent purposes. The first step in protecting against such scams is understanding how they work and being able to recognize the red flags.
Phishing scams are fundamentally deception tactics—disguised as legitimate correspondence, they aim to trick the recipient into parting with sensitive information. In the case of W-2 phishing scams, the perpetrator often poses as an employer, government agency, or financial institution. The message may request that the recipient update their personal information, verify their identity, or provide their W-2 form. Typically, these emails have a sense of urgency, indicating that failure to comply will result in adverse consequences.
The contents of a phishing email are often compelling and appear to be authentic. They may contain official logos, legal disclaimers, and even legitimate contact details. However, closer examination often reveals telltale signs of phishing. For example, the email address of the sender may not match the organization they claim to represent, or the message may contain poor grammar and spelling. Additionally, phishing emails often require the recipient to click a link or open an attachment—actions that could potentially install malware on the victim’s device or redirect them to a fraudulent website.
McAfee Pro Tip: Nowadays, those sneaky social engineering tricks look a lot like legit messages from well-known folks. They’re super well-crafted, with proper grammar, and seamlessly fit into everyday situations. But don’t be fooled by their slick appearance – underneath it all, they’re still after your sensitive info. Keep your personal stuff safe and sound with McAfee+ to dodge the headaches that come with social engineering.
Recent years have seen a significant increase in the number of reported W-2 phishing scams. According to the FBI’s Internet Crime Complaint Center (IC3), thousands of these scams occur every tax season, leading to substantial financial losses and ID theft. Not only does this affect individuals, but businesses too. In fact, some companies have reported instances where their entire workforce was targeted, resulting in massive data breaches.
The impact of falling for a W-2 phishing scam can be devastating. Once cybercriminals have gained access to your financial data, they can use it in a variety of malicious ways. This may include filing fraudulent tax returns, opening new credit accounts, or even selling the information on the black market. The recovery process from such scams can be lengthy and stressful, as victims have to prove their identity to the IRS, their bank, and credit reporting agencies. Additionally, they need to monitor their financial activity closely for signs of any further unauthorized transactions or fraudulent activities.
→ Dig Deeper: Watch Out For IRS Scams and Avoid Identity Theft
Given the prevalence and potential impact of W-2 phishing scams, it’s crucial to take steps to protect yourself. One of the most effective strategies is to improve your digital literacy, namely your ability to identify and respond appropriately to phishing attempts. This includes being skeptical of unsolicited emails, especially those that ask for personal or financial information. Always verify the sender’s identity before responding or clicking any links. Remember, legitimate organizations rarely request sensitive information via email.
Another important safeguard is to ensure your computer and mobile devices are protected with up-to-date security software. This can help identify and block potential phishing emails and malicious links. Further, regularly backing up data can help mitigate the potential damage caused by a successful breach. Consider using a secure cloud service or an external storage device for this purpose.
Next is to file your tax returns as early as possible. By doing so, you can beat the scammers who might make an attempt to file a fraudulent tax return in your name. Additionally, if you receive an email that appears suspicious, do not click on the links or download the attachments included in that email. Instead, forward the suspicious email to phishing@irs.gov.
Finally, two-factor authentication (2FA) is another excellent way to safeguard your data. By enabling 2FA, you are adding an extra layer of security that makes it harder for cybercriminals to access your data even if they get your password. Additionally, always be cautious about sharing your personal and financial information online. Make sure that you only enter such information on secure websites – those with ‘https://’ in the URL. Regularly check your financial accounts for any suspicious activity and report immediately to your bank if you notice anything unusual.
If you believe you have fallen victim to a W-2 phishing scam, it is crucial to act quickly. If you have divulged your social security number, contact the IRS immediately. They can aid you in taking steps to prevent potential tax fraud. Additionally, it would be wise to file an identity theft affidavit (Form 14039) with the IRS. This form alerts the IRS to the theft of your identity and allows them to secure your tax account.
Additionally, you should report the phishing scam to the Federal Trade Commission (FTC) using the FTC Complaint Assistant at FTC.gov. If you have clicked on a link or downloaded a suspicious attachment, run a full antivirus scan to check for malware. You should also consider placing a fraud alert or a credit freeze on your credit reports, which makes it harder for someone to open a new account in your name. Finally, you should check your credit reports frequently for any signs of fraudulent activity.
→Dig Deeper: Credit Lock and Credit Freeze: Which Service Is Best for You? Both!
Protecting your financial data during tax season is crucial, and being aware of phishing scams can save you from a world of trouble. By understanding the nature of W-2 phishing scams and implementing the above-mentioned best practices, you can keep your sensitive information safe. Remember to always be skeptical of unsolicited emails and never share personal or financial information unless you can confirm the legitimacy of the request. By doing so, you will not only protect yourself but also contribute to the collective fight against cybercrime.
Protecting your W-2 information during tax season is not a one-time effort but a continuous process. Always stay vigilant, and remember that it’s better to be safe than sorry. If you ever suspect that you have become a victim of a W-2 phishing scam, take prompt action by reporting it to the relevant authorities and taking necessary measures to mitigate possible damages. The key to staying safe is staying informed, vigilant, and prepared.
The post How to Protect Your Financial Data During Tax Season appeared first on McAfee Blog.
November 20 is World Children’s Day, a day that celebrates “international togetherness, awareness among children worldwide, and improving children’s welfare.” Highlights from last year’s celebration show the remarkable effort so many put into broadcasting their commitment to protecting children. However, the volume of online homages to the world’s youth also underscores how daunting the task of keeping children safe can be. The internet can bring a community together as it has over this event; it is also where many criminals and predators operate.
Statistics from the Global Cybersecurity Forum (GCF) show the risk that digital life may pose for kids. Nearly three-quarters of children have experienced at least one type of cyberthreat. Inappropriate ads, images, content, and phishing attempts find children even when they’re not attempting to dodge parental controls. For parents, the thrust of International Children’s Day is an ongoing adventure, wherein they often struggle to provide the safe online learning environment their children need to thrive. To celebrate this year’s day of awareness, we’re sharing six tips for ensuring a more private and safe digital life for kids.
According to GCF data, 83% of children claimed they would alert their parents if they experienced an online threat. Yet only four in 10 parents surveyed said their child had ever expressed concerns to them about inappropriate content. If parents want to make their child’s internet time safer, they can focus on making conversations about online content comfortable. When parents know their children are experiencing threats online, they will be better equipped to do something about those threats.
Remember, sometimes children can be exposed to traumatic content even if they follow your guidelines and go online with parental controls. Here are some additional tips for talking to your child about some of the content they may see online.
On plenty of occasions, online threats children experience likely do not require the involvement of law enforcement or similar entity. When online threats involve malicious or solicitous content, it can warrant reporting the incident. Most parents (56%) tend to simply delete content rather than report said content to the police (41%) or inform schools, when appropriate (34%). If parents want transparency from their children, they may consider practicing a bit more transparency themselves, especially when it comes to encounters that may represent criminal acts.
More than 80% of children go online daily, and 36% spend 3-5 hours online in a normal day. In the digital age that has seen a large uptick in digital learning, it’s tough to keep kids away from screens. But the easiest way to ensure kids remain safe from online threats is to limit their screen time altogether. That’s an easier-said-than-done task to be sure. If parents can find ways to decrease the amount of daily time kids spend behind screens, it will reduce the amount of time they’re available to be targeted by bad actors or inappropriate content.
Social media, one of the most popular online activities, is a popular way for younger generations to interact with one another. Built-in messaging on social media apps gives kids a place to message each other that’s one layer removed from text messages that parents may see. Social media has also made inappropriate content more accessible and gives hackers and other bad actors anonymity. Given that 36% of kids report coming across inappropriate images or content, and nearly 20% encounter hacking or phishing attempts when online, it’s not surprising that parents are worried about the social media content their children consume.
Parents can educate their children about more secure social media behavior. Creating awareness of potential scams in their children starts with strong passwords, locked accounts, and reminding them not to click on links from or interact with accounts of people they don’t know.
This may seem like an obvious safeguard against disturbing online content, but not every app, browser or device’s parental controls settings are obvious. Some portals to the internet have more granular settings and others are a bit higher-level, so creating a hermetic seal around kids’ environment can be challenging depending on how they get online and what they access when they get there. Devices like iPhones and major internet companies like Google and YouTube have pretty robust parental control settings to block mature content or remotely limit screen time. Some social media apps also have controls parents can adjust to reduce the likelihood strangers find their child’s account.
Most browsers offer a library of plugins that allow parents to cast a web around potentially harmful content. Ad blockers can keep ads with mature content off of websites, and parental-control plugins can establish browsing controls so that kids can’t even navigate to places inappropriate content is more likely to be. Some plugins block website URLs or entire domains, rendering those destinations unnavigable.
There are also many affordable VPNs on the market for parents. Most VPNs can do things like encrypt internet connections or obscure IP addresses and locations, making overarching internet connections safer and more private.
The UN established World Children’s Day to commemorate both the Declaration of the Rights of the Child, as well as the Convention on the Rights of the Child as guidelines for how to provide for and protect international children. Parents don’t need to wait for the calendar to turn to November to create a safer digital world for their families. These steps for protecting kids from malicious or inappropriate online content are not exhaustive but do provide a strong framework for adults who aren’t sure how to contend with the vast volume of information the world wide web generates.
For those who want to introduce another obstacle between kids and inappropriate content, there’s always something like McAfee+ Family Plans. McAfee+ Family plans add protection against everything from unwanted content via parental controls to identity monitoring and social media privacy management. It’s an all-in-one way to make it that much more unlikely children encounter online content they shouldn’t.
The post How to Protect Kids From Harmful Online Content appeared first on McAfee Blog.
In the ever-growing digital age, our mobile devices contain an alarming amount of personal, sensitive data. From emails, social media accounts, banking applications to payment apps, our personal and financial lives are increasingly entwined with the convenience of online, mobile platforms. However, despite the increasing threat to cyber security, it appears many of us are complacent about protecting our mobile devices.
Survey revealed that many mobile users still use easy-to-remember and easy-to-guess passwords. With such an increasing dependence on mobile devices to handle our daily tasks, it seems unimaginable that many of us leave our important personal data unguarded. Theft or loss of an unsecured mobile device can, and often does, result in a catastrophic loss of privacy and financial security.
The unfortunate reality of our digital era is that devices are lost, misplaced, or stolen every day. A mobile device without password protection is a gold mine for anyone with malicious intent. According to a global survey by McAfee and One Poll, many consumers are largely unconcerned about the security of their personal data stored on mobile devices. To illustrate, only one in five respondents had backed up data on their tablet or smartphone. Even more concerning, 15% admitted they saved password information on their phone.
Such statistics are troubling for several reasons. The most obvious is the risk of personal information —including banking details and online login credentials— falling into the wrong hands. A lost or stolen device is not just a device lost— it’s potentially an identity, a bank account, or worse. The lack of urgency in securing data on mobile devices speaks to a broad consumer misunderstanding about the severity of the threats posed by cybercriminals and the ease with which they can exploit an unprotected device.
→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report
Perhaps one of the most surprising findings of the survey is the difference in mobile security behaviors between men and women. This difference illustrates not just a disparity in the type of personal information each group holds dear, but also the degree of risk each is willing to accept with their mobile devices.
Broadly speaking, men tend to place greater value on the content stored on their devices, such as photos, videos, and contact lists. Women, on the other hand, appear more concerned about the potential loss of access to social media accounts and personal communication tools like email. They are statistically more likely to experience online harassment and privacy breaches. This could explain why they are more concerned about the security of their social media accounts, as maintaining control over their online presence can be a way to protect against harassment and maintain a sense of safety.
The loss of a mobile device, which for many individuals has become an extension of their social identity, can disrupt daily life significantly. This distinction illustrates that the consequences of lost or stolen mobile devices are not just financial, but social and emotional as well.
Despite the differences in what we value on our mobile devices, the survey showed a worrying level of risky behavior from both genders. Over half (55%) of respondents admitted sharing their passwords or PIN with others, including their children. This behavior not only leaves devices and data at risk of unauthorized access but also contributes to a wider culture of complacency around mobile security.
Password protection offers a fundamental layer of security for devices, yet many people still choose convenience over safety. Setting a password or PIN isn’t a failsafe method for keeping your data safe. However, it is a simple and effective starting point in the broader effort to protect our digital lives.
→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices
While the survey results raise an alarm, the good news is that we can turn things around. It all begins with acknowledging the risks of leaving our mobile devices unprotected. There are simple steps that can be taken to ramp up the security of your devices and protect your personal information.
First and foremost, password-protect all your devices. This means going beyond your mobile phone to include tablets and any other portable, internet-capable devices you may use. And, while setting a password, avoid easy ones like “1234” or “1111”. These are the first combinations a hacker will try. The more complex your password is, the sturdier a barrier it forms against unauthorized access.
Another important step is to avoid using the “remember me” function on your apps or mobile web browser. Although it might seem convenient to stay logged into your accounts for quick access, this considerably amplifies the risk if your device gets stolen or lost. It’s crucial to ensure you log out of your accounts whenever not in use. This includes email, social media, banking, payment apps, and any other accounts linked to sensitive information.
McAfee Pro Tip: If your phone is lost or stolen, employing a combination of tracking your device, locking it remotely, and erasing its data can safeguard both your phone and the information it contains. Learn more tips on how to protect your mobile device from loss and theft.
Sharing your PIN or password is also a risky behavior that should be discouraged. Admittedly, this might be challenging to implement, especially with family members or close friends. But the potential harm it can prevent in the long run far outweighs the temporary convenience it might present.
Having highlighted the importance of individual action towards secure mobile practices, it’s worth noting that investing in reliable security software can also make a world of difference. A mobile security product like McAfee Mobile Security, which offers anti-malware, web protection, and app protection, can provide a crucial extra layer of defense.
With app protection, not only are you alerted if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, your personal information remains safe by locking some or all of your apps. This means that even if your device falls into the wrong hands, they still won’t be able to access your crucial information.
It’s also critical to stay educated on the latest ways to protect your mobile device. Cyber threats evolve constantly, and awareness is your first line of defense. McAfee has designed a comprehensive approach to make the process of learning about mobile security not just informative but also engaging. Our array of resources includes a rich repository of blogs, insightful reports, and informative guides. These materials are meticulously crafted to provide users with a wealth of knowledge on how to protect their mobile devices, ensuring that the learning experience is not only informative but also engaging and enjoyable.
While the current state of mobile device security may seem concerning, it’s far from hopeless. By incorporating simple security practices such as setting complex passwords and avoiding shared access, we can significantly reduce the risk of unauthorized data access. Additionally, investing in trusted mobile security products like McAfee Mobile Security can provide a robust defense against advancing cyber threats. Remember, our digital lives mirror our real lives – just as we lock and secure our homes, so too must we protect our mobile devices.
The post How to Protect Your Mobile Device From Loss and Theft appeared first on McAfee Blog.
If you’re facing issues with your PC’s performance or just want to upkeep it, regular cleaning should be on your to-do list. Cleaning up your PC has several advantages, including speeding up your system and safeguarding your personal information from potential threats. Besides, the process frees up storage space, enabling you to install more programs or store more multimedia files. A monthly clean-up is usually recommended for optimal results. Those who have never cleaned their PC might be in for a pleasant surprise with its much-enhanced speed and improved performance. In this guide, we will explain the ins and outs of PC cleaning to help you on the right path.
Over time, as you store multiple files on your PC, they begin to take up more and more space. Specifically, your C drive might be gradually filling up due to backup files, hidden files, and temporary files. Additionally, even a new PC can benefit from a cleaning since it often comes with pre-installed programs that you might not need. So, what is PC cleaning? Essentially, it involves deleting unneeded files from your system when you want to free up storage space and enhance the overall performance of your PC.
One of the first steps in PC cleaning involves removing unwanted programs. This can be done by accessing the ‘Programs and Features’ section of your control panel. As a necessary measure, go through the list and note down the programs that you don’t use. If you encounter programs you don’t recognize, perform a quick internet search to understand their function before deleting them. Depending on the program’s size, removing them may not take long. Alongside removing unneeded programs, you can also use the disk cleanup utility to remove temporary files, which is another crucial aspect of PC cleaning.
McAfee Pro Tip: You may find Potentially Unwanted Programs (PUP) while cleaning your computer. PUPs are not malware. The big thing to remember is that with PUPs, you’re saying “yes” to the download, even if you’re not fully aware of it because you didn’t read the fine print in the agreements or installation steps. However, Certain PUPs come bundled with spyware like keyloggers and dialers, as well as other software designed to collect your data, putting you at risk of identity theft. On the other hand, some may bombard your device with bothersome advertisements. Learn more about PUPs to avoid downloading them unknowingly.
Temporary files consist of internet cookies and partially downloaded programs that were never installed on your system. Internet cookies store information such as user login credentials and images from websites visited. They primarily identify users and possibly prepare customized web pages or save necessary information. One of the advantages of these cookies is that they save you from entering your login information each time you visit a website. Moreover, web pages and online media you visit are stored in your browser’s cache, speeding up the browsing experience during your next visit.
Your PC automatically stores files from the websites you visit on your hard drive. If not removed, these files accumulate over time and take up a significant amount of space on your PC. People often install programs on their PCs and forget to remove them after use, consuming much more space than they might think. Regular PC cleaning is an effective solution to prevent such issues.
→Dig Deeper: What Is Disk Cleanup And Does It Remove Viruses?
While many believe that deleting files from their hard drive can increase the speed of their PC, the effect might not be as substantial as expected. Your temporary internet files can quicken the speed at which websites load because these files contain images and other media from the websites you visit. Thus, your PC doesn’t have to download them whenever you visit the same websites. However, it’s still a good practice to delete your temporary files occasionally to free up disk space.
Some programs that you download start automatically when you turn your PC on. Although automatic startup processes are beneficial for some programs, having too many can slow down your PC. It’s advisable to manage which apps run automatically during startup to enhance PC performance.
While deleting temporary internet files doesn’t pose much risk, deleting the wrong programs or certain startup items can harm your PC. Start by removing temporary files and reducing startup items to see if there’s a performance improvement. Additionally, when deleting programs, it’s crucial to be fully aware of what you’re deleting to avoid problems later on.
When you delete files from the recycle bin, they remain on your system as the deletion only removes the pointer, not the file itself. Using a file shredder can help you erase such data by overwriting the space with a pattern of 1’s and 0’s. Although this doesn’t necessarily improve performance, it helps ensure compliance with the law and prevents identity theft.
When you own a computer, much like a car, regular maintenance and cleaning are essential. While it might not entirely increase your PC’s speed, it greatly improves efficiency and functionality, making all processes run smoother. This is because each time you visit a webpage, your computer stores all types of files to remember the website and load it faster next time. This cache gets flooded with files over time, slowing down your system. PC cleaning allows your PC to breathe, making it more responsive and liberating the storage space. Significantly, it helps in data management, eliminating all unnecessary data that might be misused or lead to identity theft.
→Dig Deeper: Manage your data this Data Privacy Day
Regular PC cleaning could also potentially save your device from significant damage. Unwanted programs and apps, especially those auto-starting ones, not only consume your system’s resources but also can contain malicious content impacting your PC. Regular cleaning will ensure any potential malware or problematic software is identified and removed promptly, thus adding a layer of protection.
Let’s break down the PC cleaning process to simplify and understand it better. The process commences with uninstalling any unused apps and software. The next step involves clearing out temporary files, such as cache and cookies that accumulate over time and eat up storage space. Some PC cleaning programs also offer registry cleaning, which involves cleaning up the database that holds all the configuration settings for your PC. However, this is not always recommended.
→Dig Deeper: To Disable or Enable Cookies
Startup programs are another key area to look into. Having too many programs that start up when your computer boots can substantially slow down your system. Through PC cleaning, you can manage these programs and ensure only the necessary ones are allowed to auto-start. This will provide a noticeable improvement in your PC’s boot time and overall performance. Lastly, most PC cleaners come equipped with a file shredder that securely deletes sensitive files and ensures they can’t be recovered later. This helps in safeguarding your personal data and optimizing your PC’s performance.
Having a cleaning schedule for your PC enhances its performance over a longer time. A weekly check to scan and remove any threats or malware, monthly cleanup of temporary files, and a deep clean every six months can keep your PC in optimal condition. However, while deleting temporary files and unused applications is generally safe, it’s important to be careful when choosing files or applications to delete since deleting system files or vital applications can cause serious, potentially irreversible, damage to your PC.
It’s advisable to stick to cleaning procedures and tools you understand. Research and be sure of your actions before you delete anything you’re unsure about. Admittedly, this can be a time-consuming and tedious process. Thankfully, dedicated PC cleaning tools can simplify the task, autotomize the process, and eliminate the risk of unwittingly causing damage.
PC cleaning software, like McAfee’s Total Protection, simplifies the process of cleaning your PC. These programs are designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry, often at the press of a button. It’s crucial, though, to choose a reliable and safe PC cleaning software as some can be excessive, doing more harm than good, or even carry malware. Reading reviews and understanding what each feature does is important before using PC cleaning software.
These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time and freeing you from the hassle of remembering to run the cleanup. A good PC cleaner should ideally also come with a file shredder to safely delete sensitive or personal files without leaving a trace.
Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity. It’s important to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee Total Protection can simplify the process and save time. Regular cleaning keeps your PC running smoothly, prevents potential threats, and ensures your personal and sensitive information is safe. So, if you haven’t started yet, it’s never too late to begin cleaning your PC and enjoy an optimized computing experience.
The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.
Reels of another kind rack up the views online. Stories about Facebook Marketplace scams.
Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft.
@michel.c.janse oops dont fall for this scam like me
The story goes like this:
A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.”
As she found out, it was. The scammer ghosted the conversation and ran off with the verification code.
This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name.
It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account.
This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do.
As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms:
A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who:
An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.
A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who:
An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in.
A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing:
An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle.
Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe.
You can take three big steps to help set things straight.
Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft.
We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved.
Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down.
Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road.
The post How to Look Out For Scams on Facebook Marketplace appeared first on McAfee Blog.
As AI deepfakes and malware understandably grab the headlines, one thing gets easily overlooked—AI also works on your side. It protects you from fraud and malware as well.
For some time now, we’ve kept our eye on AI here at McAfee. Particularly as scammers cook up fresh gluts of AI-driven hustles. And there are plenty of them.
We’ve uncovered how scammers need only a few seconds of a voice recording to clone it using AI—which has led to all manner of imposter scams. We also showed how scammers can use AI writing tools to power their chats in romance scams, to the extent of writing love poems with AI. Recently, we shared word of fake news sites packed with bogus articles generated almost entirely with AI. AI-generated videos even played a role in a scam for “Barbie” movie tickets.
Law enforcement, government agencies, and other regulatory bodies have taken note. In April, the U.S. Federal Trade Commission (FTC) warned consumers that AI now “turbocharges” fraud online. The commission cited a proliferation of AI tools can generate convincing text, images, audio, and videos.
While not typically malicious in and of themselves, scammers twist these technologies to bilk victims out of their money and personal information. Likewise, just as legitimate application developers use AI to create code, hackers use AI to create malware.
There’s no question that all these AI-driven scams mark a major change in the way we stay safe online. Yet you have a powerful ally on your side. It’s AI, as well. And it’s out there, spotting scams and malware. In fact, you’ll find it in our online protection software. We’ve put AI to work on your behalf for some time now.
With a closer look at how AI works on your side, along with several steps that can help you spot AI fakery, you can stay safer out there. Despite the best efforts of scammers, hackers, and their AI tools.
One way to think about online protection is this: it’s a battle to keep you safe. Hackers employ new forms of attack that try to work around existing protections. Meanwhile, security professionals create technological advances that counter these attacks and proactively prevent them—which hackers try to work around once again. And on it goes. As technology evolves, so does this battle. And the advent of AI marks a decidedly new era in the struggle.
As a result, security professionals also employ AI to protect people from AI-driven attacks.
Companies now check facial scans for skin texture and translucency to determine if someone is using a mask to trick facial recognition ID. Banks employ other tools to detect suspicious mouse movements and transaction details that might be suspicious. Additionally, developers scan their code with AI tools to detect vulnerabilities that might lurk deep in their apps—in places that would take human teams hundreds, if not thousands of staff hours to detect. If at all. Code can get quite complex.
For us, we’ve used AI in our online protection for years now. McAfee has used AI for evaluating events, files, and website characteristics. We have further used AI for detection, which has proven highly effective against entirely new forms of attack.
We’ve also used these technologies to catalog sites for identifying sites that host malicious files or phishing operations. Moreover, cataloging has helped us shape out parental control features such that we can block content based on customer preferences with high accuracy.
And we continue to evolve it so that it detects threats even faster and yet more accurately than before. Taken together, AI-driven protection like ours quashes threats in three ways:
What does AI-driven protection look like for you? It can identify malicious websites before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can keep spyware from stealing your personal information by spotting apps that would connect them to a bad actor’s command-and-control server.
As a result, you get faster and more comprehensive protection with AI that works in conjunction with online protection software—and our security professionals develop them both.
Yet, as it is with any kind of scam, it can take more than technology to spot an AI-driven scam. It calls for eyeballing the content you come across critically. You can spot an AI-driven scam with your eyes, along with your ears and even your gut.
Take AI voice clone attacks, for example. You can protect yourself from them by taking the following steps:
As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.
Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:
1) Consider the context
AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information — like date, time, and place of publication, along with the author’s name.
2) Evaluate the claim
Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.
3) Check for distortions
The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them — or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.
The battle between hackers and the people behind online protection continues. And while the introduction of AI has unleashed all manner of new attacks, the pattern prevails. Hackers and security professionals tap into the same technologies and continually up the game against each other.
Understandably, AI conjures questions, uncertainty, and, arguably, fear. Yet you can rest assured that, behind the headlines of AI threats, security professionals use AI technology for protection. For good.
Yet an online scam remains an online scam. Many times, it takes common sense and a sharp eye to spot a hustle when you see one. If anything, that remains one instance where humans still have a leg up on AI. Humans have gut instincts. They can sense when something looks, feels, or sounds …off. Rely on that instinct. And give yourself time to let it speak to you. In a time of AI-driven fakery, it still stands as an excellent first line of defense.
The post How to Win the Battle Against Deepfakes and Malware appeared first on McAfee Blog.
Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list of topics to cover off when you are a parent. But if you take a minute to picture someone stealing your child’s identity or using their personal information to take out a loan for a shiny new car then you’ll probably want to move it closer to the top of your parenting to-do list!
What Is Identity Theft?
Identity theft occurs when a person’s personal identifying information is used without their permission, usually to commit fraud by making unauthorised purchases or transactions. Identity theft can happen in many ways, but its victims are usually left with significant damage to their finances, credit score, and even their mental health.
Most people associate identity theft with data breaches – think Optus, Latitude Financial and Medibank – however, there are many more ways that scammers can get their hands on your personal identifying details. They can use ‘phishing’ emails to get information from you, do a deep dive on your social media accounts to find identifying information in posts or photos, hack public Wi-Fi to access any information you share or simply, steal your wallet or go through your trash!!
How Big An Issue Is It Really?
In short, it’s a big problem – for both individuals and organisations. And here are the statistics:
How Do You Know If You’re a Victim?
One of the biggest issues with identity theft is that you often don’t immediately know that you’re a victim. In some cases, it might take weeks before you realise that something is awry which unfortunately, gives the thief a lot of time to wreak havoc! Some of the signs that something might be wrong include:
What To Do If You Think You’re a Victim
The key here is to act as soon as you believe you are affected. Don’t stress that there has been a delay in taking action – just take action now! Here’s what you need to do:
1. Call Your Bank
Your first call should be to your bank so they can block the affected account. The aim here is to prevent the scammer from taking any more money. Also remember to block any cards that are linked to this account, either credit or debit.
2. Change Your Passwords
If your identity has been stolen then it’s highly likely that the scammer knows your passwords so change the passwords for the affected accounts straight away!! And if you have used this same password on any other accounts then change these also. If you can’t remember, you can always reset the passwords on key accounts just to be safe.
3. Report It
It may feel like a waste of time reporting your identity theft, but it is an important step, particularly as your report becomes a formal record – evidence you may need down the track. It may also prevent others from becoming victims by helping authorities identify patterns and hopefully, perpetrators. If you think your personal identifying information has been used, report it to the Australian authorities at ReportCyber.
4. Make a Plan
It’s likely you’re feeling pretty overwhelmed at what to do next to limit the damage from your identity theft – and understandably so! Why not make a contract with IDCARE? It’s a free service dedicated to assisting victims of identity theft – both individuals and organisations – in Australia and New Zealand.
How Do We Talk To Our Kids About It?
If there is one thing I have learned in my 20+ years of parenting, it is this. If you want to get your kids ‘onboard’ with an idea or a plan, you need to take the time to explain the ‘why’. There is absolutely no point in asking or telling them to do something without such an explanation. It is also imperative that you don’t lecture them. And the final ingredient? Some compelling statistics or research – ideally with a diagram – my boys always respond well to a visual!
So, if you haven’t yet had the identity theft chat with your kids then I recommend not delaying it any further. And here’s how I’d approach it.
Firstly, ensure you are familiar with the issue. If you understand everything I’ve detailed above then you’re in good shape.
Secondly, arm yourself with relevant statistics. Check out the ones I have included above. Why not supplement this with a few relevant news stories that may resonate with them? This is your ‘why’.
Thirdly, focus on prevention. This needs to be the key focus. But don’t badger or lecture them. Perhaps tell them what you will be doing to minimise the risk – see below for your key ‘hot tips’ – you’re welcome!
What You Can Do To Manage Identity Theft?
There are a few key things that you can today that will both minimise your risk of becoming a victim and the consequences if you happen to be caught up in a large data breach.
1. Passwords
Managing passwords for your online accounts is one of the best risk management strategies for identity theft. I know it’s tedious, but I recommend creating a unique and complex 10+ digit password for each of your online accounts. Tricky passwords make it harder for someone to get access to your account. And, if you use the same log-in details for each of your online accounts – and your details are either leaked in a data breach or stolen – then you could be in a world of pain. So, take the time to get your passwords sorted out.
2. Think Before You Post
Sharing private information about your life on social media makes it much easier for a scammer to steal your identity. Pet names, holiday destination and even special dates can provide clues for passwords. So, lock your social media profiles down and ensure your privacy settings are on.
3. Be Proactive – Monitor Your Identity Online
Imagine how good it would be if you could be alerted when your personal identifying information was found on the Dark Web? Well, this is now a reality! McAfee’s latest security offering entitled McAfee+ will not only protect you against threats but provide 24/7 monitoring of your personal details so it can alert you if your information is found on the Dark Web. And if your details are found, then advice and help may also be provided to remedy the situation. How good!!
4. Using Public Computers and Wi-Fi With Caution
Ensuring you always log out of a shared computer is an essential way of keeping prying eyes away from your personal identifying information. And always be super careful with public Wi-Fi. I only use it if I am desperate and I never conduct any financial transactions, ever! Cybercriminals can ‘snoop’ on public Wi-Fi to see what’s being shared, they can stage ‘Man in The Middle Attacks’ where they eavesdrop on your activity, or they can lure you to use their trustworthy sounding Wi-Fi network – designed purely to extract your private information!
5. Monitor Your Bank Accounts
Why not make a habit of regularly checking your bank accounts? And if you find anything that doesn’t look right contact your bank immediately to clarify. It’s always best to know if there is a problem so you can address it right away.
With so many Aussies affected by data breaches and identity theft, it’s essential that our kids are armed with good information so they can protect themselves as best as possible. Why not use your next family dinner to workshop this issue with them?
Till Next Time
Stay Safe Online
Alex
The post How to Talk To Your Kids About Identity Theft appeared first on McAfee Blog.
Chocolate chip, oatmeal raisin, snickerdoodle: Cybercriminals have a sweet tooth just like you. But their favorite type of cookie is of the browser variety.
Browser cookies – often just referred to as cookies – track your comings and goings on websites. And when a cyber thief gets their mitts on your browser cookies, it can open all kinds of doors into your online accounts.
The first step to protecting your devices and online privacy from criminals is to understand their schemes. Here are the key terms you need to know about cookie theft plus how to keep malicious software off your devices.
Cookie theft can happen to anyone. Knowing the basics of this cyberscheme may help you better protect your online life:
Cookies thieves are generally motivated by the financial gains of breaking into people’s online accounts. Banking, social media, and online shopping accounts are full of valuable personal and financial details that a cybercriminal can either sell on the dark web or use to impersonate you and steal your identity.
Malware is generally the vehicle cybercriminals use to steal cookies. Once the malicious software gets onto a device, the malware is trained to copy a new cookie’s data and send it to the cybercriminal. Then, from their own machine, the cybercriminal can input that data and start a new session with the target’s stolen data.
There was a stretch of a few years where cookie thieves targeted high-profile YouTube influencers with malware spread through fake collaboration deals and crypto scams. The criminals’ goal was to steal cookies to sneak into the backend of the YouTube accounts to change passwords, recovery emails and phone numbers, and bypass two-factor authentication to lock the influencers out of their accounts.1
But you don’t have to have a valuable social media account to draw the eye of a cybercriminal. “Operation Cookie Monster” dismantled an online forum that sold stolen login information for millions of online accounts gained through cookie theft.2
To keep your internet cookies out of the hands of criminals, it’s essential to practice safe browsing habits. These four tips will go a long way toward keeping your accounts out of the reach of cookie thieves and your devices free from malicious software.
McAfee+ is an excellent partner to help you secure your devices and digital life. McAfee+ includes a safe browsing tool to alert you to suspicious websites, a password manager, identity monitoring, and more.
The next time you enjoy a cookie, spare a moment to think of cookies of the digital flavor: clear your cache if you haven’t in awhile, doublecheck your devices and online accounts for suspicious activity, and savor the sweetness of your digital privacy!
1The Hacker News, “Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts”
2CNN, “‘Operation Cookie Monster:’ FBI seizes popular cybercrime forum used for large-scale identity theft”
The post How to Keep Cybercriminals Out of Your Accounts appeared first on McAfee Blog.
Whether or not you’re much into online banking, protecting yourself from bank fraud is a must.
Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them.
The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.6 billion people worldwide will bank online, driven in large part by online-only banks.
There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account.
So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps.
Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you.
In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.
If you want to set up your own passwords, check out this article on how you can make them strong and unique.
What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts.
Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up.
Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article.
Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before.
It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number.
For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust.
There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)
If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder!
Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help:
The post How to Protect Yourself from Bank Fraud appeared first on McAfee Blog.
If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.
First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.
It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.
As a result, one of two things is happening:
Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.
If any event underscores the need for strong, unique passwords, this is it.
Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.
Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.
Password Length(Using numbers, uppercase and lowercase letters, and symbols) |
Time to Crack the Password |
8 | One Second |
12 | Eight Months |
16 | 16 Million Years |
However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.
Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:
Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.
Now, you have a 17-character password that challenges hackers and that’s still something you can remember.
Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.
A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.
This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.
Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.
The post How to Protect Your LinkedIn Account appeared first on McAfee Blog.
Spotting fake news in your feed has always been tough. Now it just got tougher, thanks to AI.
Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:
All of it’s out there. And knowing how to separate truth from fact has never been of more importance, particularly as more and more people get their news via social media.
Pew Research found that about a third of Americans say they regularly get their news from Facebook and nearly 1 in 4 say they regularly get it from YouTube. Moreover, global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%). This marks the first time that social media has toppled direct access to news.
Yet, you can spot fake news. Plenty of it.
The process starts with a crisp definition of what fake news is, followed by the forms it takes, and then a sense of what the goals behind it are. With that, you can apply a critical eye and pick out the telltale signs.
We’ll cover it all here.
A textbook definition of fake news goes something like this:
A false news story, fabricated with no verifiable facts, and presented in a way to appear as legitimate news.
As for its intent, fake news often seeks to damage the reputation of an individual, institution, or organization. It might also spout propaganda or attempt to undermine established facts.
That provides a broad definition. Yet, like much fake news itself, the full definition is much more nuanced. Within fake news, you’ll find two categories: disinformation and misinformation:
From there, fake news gets more nuanced still. Misinformation and disinformation fall within a range. Some of it might appear comical, while other types might have the potential to do actual harm.
Dr. Claire Wardle, the co-director of the Information Futures Lab at Brown University, cites seven types of misinformation and disinformation on a scale as visualized below:
Source – FirstDraftNews.org and Brown University
Put in a real-life context, you can probably conjure up plenty of examples where you’ve seen. Like clickbait-y headlines that link to letdown articles with little substance. Maybe you’ve seen a quote pasted on the image of a public figure, a quote that person never made. Perhaps an infographic, loaded with bogus statistics and attributed to an organization that doesn’t even exist. It can take all forms.
The answers here vary as well. Greatly so. Fake news can begin with a single individual, or groups of like-minded individuals with an agenda, and it can even come from operatives for various nation-states. As for why, they might want to poke fun at someone, drive ad revenue through clickbait articles, or spout propaganda.
Once more, a visualization provides clarity in this sometimes-murky mix of fake news:
Source – FirstDraftNews.org and Brown University
In the wild, some examples of fake news and the reasons behind it might look like this:
Perhaps a few of these examples ring a bell. You might have come across somewhere you weren’t exactly sure if it was fake news or not.
The following tools can help you know for sure.
Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts?
This falls under a similar category as “consider the source.” Plenty of fake news will take an old story and repost it or alter it in some way to make it appear relevant to current events. In recent years, we’ve seen fake news creators slap a new headline on a new photo, all to make it seem like it’s something current. Once again, a quick search can help you tell if it’s fake or not. Try a reverse image search and see what comes up. Is the photo indeed current? Who took it? When? Where?
Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check might be in order. The content is clearly playing to your biases.
There’s a good reason for that. Bad actors who wish to foment unrest, unease, or spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information gets completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all.
Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact-check and confirm what you’ve read.
A single information source or story won’t provide a complete picture. It might only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of whom have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broad range of information sources is so important.
So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and can compare different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet.
Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point.
De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.
Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:
1) Consider the context
AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information—like date, time, and place of publication, along with the author’s name.
2) Evaluate the claim
Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.
3) Check for distortions
The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them—or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.
The fact is that fake news isn’t going anywhere. It’s a reality of going online. And AI makes it tougher to spot.
At least at first glance. The best tool for spotting fake news is a fact-check. You can do the work yourself, or you can rely on trusted resources that have already done the work.
This takes time, which people don’t always spend because social platforms make it so quick and easy to share. If we can point to one reason fake news spreads so quickly, that’s it. In fact, social media platforms reward such behavior.
With that, keep an eye on your own habits. We forward news in our social media feeds too—so make sure that what you share is truthful too.
Plenty of fake news can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your information or harm your data and devices.
The post How to Spot Fake News in Your Social Media Feed appeared first on McAfee Blog.
Some scams make a telltale sound—rinnng, rinnng! Yup, the dreaded robocall. But you can beat them at their game.
Maybe it’s a call about renewing an extended warranty on your car (one you don’t have). Or maybe the robocaller offers up a debt relief service with a shockingly low rate. Calls like these can get annoying real quick. And they can also be scams.
In the U.S., unwanted calls rank as the top consumer complaint reported to the Federal Communications Commission (FCC). Partly because scammers have made good use of spoofing technologies that serve up phony caller ID numbers. As a result, that innocent-looking phone number might not be innocent at all.
Whether the voice on the other end of the smartphone is recorded or an actual person, the intent behind the call is likely the same—to scam you out of your personal information, money, or both. Callers such as these might impersonate banks, government agencies, insurance companies, along with any number of other organizations. Anything that gives them an excuse to demand payment, financial information, or ID numbers.
And some of those callers can sound rather convincing. Others, well, they’ll just get downright aggressive or threatening. One of the most effective tools these scam calls use is a sense of urgency and fear, telling you that there’s a problem right now and they need your information immediately to resolve whatever bogus issue they’ve come up with. That right there is a sign you should take pause and determine what’s really happening before responding or taking any action.
Whatever form these unwanted calls take, there are things you can do to protect yourself and even keep you from getting them in the first place. These tips will get you started:
This straightforward piece of advice can actually get a little tricky. We mentioned spoofing, and certain forms of it can get rather exact. Sophisticated spoofing can make a call appear to come from someone you know. Yet more run-of-the-mill spoofing will often use a form of “neighbor spoofing.” The scammers will use a local area code or the same prefix of your phone number to make it seem more familiar. In short, you might answer one of these calls by mistake. If you do answer, never say “yes.” Similarly sophisticated scammers will record a victim’s voice for use in other scams. That can include trying to hack into credit card accounts by using the company’s phone tree. Recordings of slightly longer lengths can also lead to voice cloning using AI-driven tools. In fact, three seconds of audio is all it takes in some cases to clone a voice with up to 70% accuracy.
Apple and Android phones have features you can enable to silence calls from unknown numbers. Apple explains call silencing here, and Android users can silence spam calls as well. Note that these settings might silence calls you otherwise might want to take. Think about when your doctor’s office calls or the shop rings you with word that your car is ready. Cell phone carriers offer blocking and filtering services as well. Carriers often offer this as a basic service by default. Yet if you’re unsure if you’re covered, contact your carrier.
So, let’s say you let an unknown call go through to voicemail. The call sounds like it’s from a bank or business with news of an urgent matter. If you feel the need to confirm, get a legitimate customer service number from a statement, bill, or website of the bank or business in question so you can verify the situation for yourself. Calling back the number captured by your phone or left in a voicemail can play right into the hands of a scammer.
As you can see, scammers love to play the role of an imposter and will tell you there’s something wrong with your taxes, your account, or your bank statement. Some of them can be quite convincing, so if you find yourself in a conversation where you don’t feel comfortable with what’s being said or how it’s being said, hang up and follow up the bank or business as called out above. In all, look out for pressure or scare tactics and keep your info to yourself.
Several nations provide such a service, effectively a list that legitimate businesses and telemarketers will reference before making their calls. While this might not prevent scammers from ringing you up, it can cut down on unsolicited calls in general. For example, the U.S., Canada, and the UK each offer do not call registries.
Scammers and spammers got your number somehow. Good chance they got it from a data broker site. Data brokers collect and sell personal information of thousands and even millions of individuals. They gather them from public sources, public records, and from third parties as well—like data gathered from smartphone apps and shopping habits from supermarket club cards. And for certain, phone numbers are often in that mix. Our Personal Data Cleanup can help. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. From there, it guides you through the removal process and can even manage the removal for you in select plans.
Hop onto the app stores out there and you’ll find several call blocking apps, for free or at low cost. While these apps can indeed block spam calls, they might have privacy issues. Which is ironic when you’re basically trying to protect your privacy with these apps in the first place.
These apps might collect information, such as your contact list, usage data, and other information about your phone. As with any app, the key resides in the user agreement. It should tell you what information the app might collect and why. It should also tell you if this information is shared with or sold to third parties.
What’s at risk? Should the app developers get hit with a data breach, that information could end up in the wild. In cases where information is sold to analytics companies, the information might end up with online data brokers.
Pay particularly close attention to free apps. How are they making their money? There’s a fine chance that data collection and sale might generate their profits. At some expense to your privacy.
Given that your privacy is at stake, proceed with caution if you consider this route.
A quieter phone is a happy phone, at least when it comes to annoying robocalls.
While blocking 100% of them remains an elusive goal, you can reduce them greatly with the steps mentioned here. Thankfully, businesses, legislators, and regulatory agencies have taken steps to make it tougher for scammers to make their calls. A combination of technology and stiffer penalties has seen to that. Taken all together, these things work in your favor and can help you beat robocallers at their game.
The post How to Beat Robocallers at Their Game appeared first on McAfee Blog.
What does a hacker want with your social media account? Plenty.
Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes.
Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA).
MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.
Examples of MFA include:
With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have.
This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information.
Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”
Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results.
For quick reference, you can find the appropriate help pages for some of the most popular platforms here:
Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.
In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way.
More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password.
On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack.
Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.
The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.
When it comes to protecting your privacy, take a close look at your social media use—because sharing can quickly turn into oversharing.
The term “oversharing” carries several different definitions. Yet in our case here, oversharing means saying more than one should to more people than they should. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Who among them can you absolutely trust with the information you share?
And you might be sharing more than you think. Posts have a way of saying more than one thing, like:
“This is the pool at the rental home I’m staying at this week. Amazing!” Which also tells everyone, “My home is empty for the next few days.”
“I can’t start my workday without a visit to my favorite coffeeshop.” Which also says, “If you ever want to track me down in person, you can find me at this location practically any weekday morning.”
One can quickly point to other examples of oversharing. Unintentional oversharing at that.
A first-day-of-school picture can tell practical strangers which elementary school your children attend, say if the picture includes the school’s reader board in it. A snapshot of you joking around with a co-worker might reveal a glimpse of company information. Maybe because of what’s written on the whiteboard behind the two of you. And in one extreme example, there’s the case an assault on a pop star. Her attacker tracked her down through her selfie, determining her location through the reflection in her eyes.
The list goes on.
That’s not to say “don’t post.” More accurately, it’s “consider what you’re posting and who gets to see it.” You have control over what you post, and to some degree, who gets to see those posts. That combination is key to your privacy—and the privacy of others too.
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting—not to mention your relationships and likes. Taking a “friends only” approach to your social media profiles can help protect your privacy, because that gives a possible scammer or stalker much less material to work with. Yet further, some platforms allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.
Be critical of the invitations you receive. Out-and-out strangers might be more than just a stranger. They might be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q1 of 2023 alone, Facebook took action on 426 million fake accounts. Reject such requests.
Think about posting those vacation pictures after you get back so people don’t know you’re away when you’re away. Also consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.
While we’re on the topic, you can take a few other steps that can make you more private online. In addition to your social media usage, other steps can help keep more of your private and personal information with you—where it belongs:
Granted, “social” is arguably the opposite of “private.” Using social media involves sharing, by its very definition. Yet any oversharing can lead to privacy issues.
Maybe you want close friends to know what’s going on, but what about that so-so acquaintance deep in your friends list? How well do you really know them? And to what extent do you want them to know exacting details about where you are, where your kids go to school, and so on? Those are questions you ultimately must answer, and ultimately have some control over depending on what you share on social media.
Also important to consider is this: if you post anything on the internet, consider it front page news. Even with social media privacy settings in place, there’s no guarantee that someone won’t copy your posts or pics and pass them along to others.
The flipside to the topic of social media and privacy is the platform you’re using. It’s no secret that social media companies gather hosts of personal information about their users in exchange for free use of their platforms. Certainly, that’s a topic unto itself. We cover what social media companies know about you in this article here—along with a few steps that can help you limit what they know as well.
When it comes to your privacy and social media, it depends largely on how you use it. How you use various privacy and audience settings offers one way to manage it. The other is you and the information you put out there for others to see.
The post How to Help Protect Your Online Privacy appeared first on McAfee Blog.
While we’re enjoying all the good things in our digital lives—our eBooks, movies, email accounts, social media profiles, eBay stores, photos, online games, and more—there’ll come a time we should ask ourselves, What happens to all of this good stuff when I pass away?
Like anything else we own, those things can be passed along through our estates too. Some of it, anyway.
With the explosion of digital media, commerce, and even digital currency too, there’s a very good chance you have thousands of dollars of digital assets in your possession. For example, we can look at research we conducted in 2011 which found that people placed an average value of $37,438 on the digital assets they owned at the time. Now, with the growth of streaming services, digital currency, cloud storage, and more in the past decade, that figure feels conservative.
Enter the notion of a digital legacy, the way you can catalog your digital assets and prepare to pass them through your estate.
Like so many aspects of digital life nowadays, estate planning law has started to catch up to the new realities of life online. However, attorneys, executors, and heirs still face some challenges when dealing with an estate and its digital assets. In the U.S., new laws are rolling out that address how digital assets are treated when the owner passes away. For example, they give fiduciaries (like an estate executor, trustee, or an agent under a power of attorney) the right to manage a person’s digital assets if they already have the right to manage a person’s tangible assets. Such laws continue to evolve, and they can vary from state to state here in the U.S.
With that in mind, nothing offered in this article is legal advice, nor should it be construed as such. For legal advice, you can and should turn to your estate attorney for counsel on the best approach for you and the laws in your area. However, consider this article as a sort of checklist that can help you with your estate planning.
Whether your assets have real or sentimental value, you can prepare your estate for the ones you care about.
The best answer you can get to this question will come from your legal counsel. However, for purposes of discussion, a digital asset is any text or media in digital form that has value and offers the bearer with the right to use it.
To frame it up in everyday terms, let’s look at some real-world examples of digital assets that quickly come to mind. They include, but aren’t limited to:
However, digital assets can readily expand to further include:
And as far as your estate is concerned, you can also consider:
That’s quite the list, and it’s not entirely comprehensive, either.
The process of lining up your digital assets begins just like any other aspect of estate planning. List all the digital assets and accounts you own.
From there, you can see what you have and what you’d like to distribute—and what you can distribute. In fact, when it comes to digital, there are some things you can’t pass along. Let’s take a closer look.
Generally speaking, digital assets that you own can be passed along. “Own” is the operative word here. Many digital things we have are in fact licensed to us, which aren’t transferrable. More on that next, yet examples of things you can likely transfer include:
Check with your legal counsel to ensure you’re following the letter of the law in your region. Also look into any licensing agreements you might have for items like internet domain names and airline miles that you have. Sometimes you can transfer these. In other cases, you can’t. Your legal counsel can help determine if they are in fact transferrable.
Transfer is an important topic. As mentioned above, some accounts you hold are licensed to you and you alone. So, they will not transfer. Two of the biggest examples are social media and email accounts. This can have serious repercussions if you don’t leave specific instructions as to how those accounts should be handled after your passing.
For example, do you want your social media profiles to remain online as a memorial or do you want them simply shut down? Note that different social media platforms have different policies for handling the accounts of users who have passed away. For example, Facebook allows for creating memorialized accounts that allow friends and families to continue sharing memories. Policies vary, so check with your social media platforms of choice for specifics.
Likewise, will your executor need access to your email account to handle the estate’s affairs? And what about access to online accounts for paying bills and then ultimately closing those accounts? In all, these are points of discussion to have with an experienced estate attorney who knows the law in your region.
Other things to be aware of are that subscriptions to streaming accounts are likely non-transferrable as well. Often, eBooks and digital publications you own are only licensed to you as the sole owner and can’t be transferred. Check the agreements linked with items like these and have a talk with your attorney about them to determine what can and can’t be done with them.
Another aspect of your digital legacy is your voice. If you’re a blogger or a participant in an online community, you might wish for a fiduciary or family member to leave a farewell post. Additionally, in the case of a blog, you might want to set up some means for your work to stay online or get archived in some manner. Again, you can work with your attorney to leave specific instructions.
You can’t pass assets along if an executor can’t get access to them. A real-life example shows why digital executorship is so vital. Consider the story of the woman who lost family photos after her husband passed away. He kept them in an online storage account to which she had no access. And sadly, the company wouldn’t grant her access after his passing.
This is often the case with many online accounts and services. Legally speaking, the deceased might own the storage account and the media kept within it, yet the cloud storage company owns the servers on which that media is stored. Access by someone other than the deceased might constitute a breach of their privacy policy or user agreements.
One way you can avoid heartbreak like this is to discuss giving your executor access to your accounts. You can consider creating a list of accounts, usernames, and passwords in a sealed letter with instructions that outline your wishes. A sealed letter is important: a will is a public record after you pass away. A separate, sealed letter is not, which makes it a safe place to pass along account information. Again, you can discuss an option such as this with your attorney.
One thing you can do today that can protect your digital assets for the long haul is to use comprehensive security protection. Far more than just antivirus, comprehensive security can store precious and important files securely with encryption, arm all your online accounts with strong passwords, and protect your identity as well. Features like these will help you see to it that your digital legacy is secure.
When the idea of a digital estate plan comes up, a light might go on in your head. “Of course, that makes a lot of sense.” It’s easy to take our digital possessions somewhat for granted, perhaps in a way that we don’t with our physical possessions. Yet as you can see, there’s a good chance that you indeed have a digital legacy to pass along. By getting organized now, you can see to it that your wishes are followed. This checklist can help you get started.
The post How To Protect Your Digital Estate appeared first on McAfee Blog.
There are plenty of phish in the sea.
Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe.
And some of today’s phishing emails are indeed getting tougher to spot.
They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.
And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.
Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid.
Again, you can sidestep these attacks if you know how to spot them. There are signs.
Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for.
<h2>Phishing attack statistics—the millions of attempts made each year.
In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported.
Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.
Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information.
As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack.
So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly.
<h2>What does a phishing attack look like?
Nearly every phishing attack sends an urgent message. One designed to get you to act.
Some examples …
When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these.
And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice.
Case in point:
Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer.
We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see.
As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely.
Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious.
Here’s where the attackers really got bold.
They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus.
Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam.
Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.”
Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.
Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack.
Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.
For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use.
Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples.
There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing.
Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.”
Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …”
Taken all together, someone can readily spot that this is a scam with a closer look.
This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be.
What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same.
This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach.
The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course.
Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether.
Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot.
And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit?
One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind …
Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator.
If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well.
Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam.
Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately.
Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods.
Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam.
Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands.
Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt.
Online protection software can protect you from phishing attacks in several ways.
For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware.
Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.
Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands.
In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today.
The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.
Before you rush to buy new hardware, try these simple tricks to get your machine up to speed again – and keep it that way.
The post PC running slow? 10 ways you can speed it up appeared first on WeLiveSecurity
What is a VPN (virtual private network)? And how can it make your time online more secure—and a little more private too? Here we’ll take a look at what a VPN is, what it has to offer, and how that benefits you.
A VPN is an app that you install on your device to help keep your data safe as you browse the internet. When you turn on your VPN app, your device makes a secure connection to a VPN server that routes internet traffic. Securely. This keeps your online activity private on any network, shielding it from prying eyes. So, while you’re on a VPN, you can browse and bank with the confidence that your passwords, credentials, and financial info are secure. If any malicious actors try to intercept your web traffic, they’ll only see garbled content thanks to your VPN’s encryption functionality.
Every internet connection is assigned a unique set of numbers called an IP address, which is tied to info such as geographic location or an Internet Service Provider (ISP). A VPN replaces your actual IP address to make it look like you’ve connected to the internet from the physical location of the VPN server, rather than your real location. This is just one reason why so many people use VPNs.
To change your IP address, you simply open your VPN app, select the server location you’d like to connect to, and you’re done. You’re now browsing with a new IP address. If you’d like to make sure your IP has changed, open a browser and search for “What’s my IP address” and then select one of the results.
An ideal case for using a VPN is when you’re using public Wi-Fi at the airport, a café, hotel, or just about any place where “free Wi-Fi” is offered. The reason being is that these are open networks, and any somewhat enterprising cybercriminal can tap into these networks and harvest sensitive info as a result. One survey showed that 39% of internet users worldwide understand public Wi-Fi is unsafe, yet some users still bank, shop, and do other sensitive things on public Wi-Fi despite the understood risks.
Further, you have your privacy to consider. You can use a VPN to help stop advertisers from tracking you. Searches you perform and websites you visit won’t be traced back to you, which can prevent advertisers from gleaning info about you and your online habits in general. Moreover, some ISPs collect the browsing history of their users and share it with advertisers and other third parties. A VPN can prevent this type of collection as well.
A VPN protects your search history through the secure connection you share. When you search for a website or type a URL into your navigation bar, your device sends something called a DNS request, which translates the website into the IP address of the web server. This is how your browser can find the website and serve its content to you. By encrypting your DNS requests, a VPN can hide your search habits and history from those who might use that info as part of building a profile of you. This type of info might be used in a wide variety of ways, from legitimately serving targeted ads to nefarious social engineering.
Note that a VPN is quite different and far, far more comprehensive than using “Private Mode” or “Incognito Mode” on your browser. Those modes only hide your search history locally on your device — not from others on the internet, like ISPs and advertisers.
No, a VPN can’t make you anonymous. Not entirely, anyway. They help secure what you’re doing, but your ISP still knows when you’re using the internet. They just can’t see what you’re doing, what sites you visit, or how long you’ve been on a site.
Apple’s Private Relay is similar to a VPN in that it changes your IP address so websites you visit can’t tell exactly where you are. It works on iOS and Macs as part of an iCloud+ subscription. Yet there is one important distinction: it only protects your privacy while surfing with the Safari browser.
Per Apple, it works like this:
When Private Relay is enabled, your requests are sent through two separate, secure internet relays. Your IP address is visible to your network provider and to the first relay, which is operated by Apple. Your DNS records are encrypted, so neither party can see the address of the website you’re trying to visit. The second relay, which is operated by a third-party content provider, generates a temporary IP address, decrypts the name of the website you requested, and connects you to the site. All of this is done using the latest internet standards to maintain a high-performance browsing experience while protecting your privacy.
Note that as of this writing, Apple Private Relay is not available in all countries and regions. If you travel somewhere where Private Relay isn’t available, it will automatically turn off and will notify you when it’s unavailable and once more when it’s active again. You can learn more about it here and how you can enable it on your Apple devices.
As mentioned above, Private Relay only works with Safari on iOS and macOS as part of an iCloud+ subscription. Even if you are using an Apple device, a VPN is still a good idea because it will protect the info that your device sends outside Safari — such as any info passed along by your apps or any other browsers you might use.
An unlimited VPN with bank-grade encryption comes as part of your McAfee+ subscription and provides the security and privacy benefits above with bank-grade encryption. Additionally, it turns on automatically any time you connect to an unsecured Wi-Fi network, which takes the guesswork out of when you absolutely need to use it.
In all, our VPN makes it practically impossible for cybercriminals or advertisers to access so that what you do online remains private and secure, so you can enjoy your time online with confidence.
The post How a VPN Can Make Your Time Online More Private and Secure appeared first on McAfee Blog.
Here's how to choose the right password vault for you and what exactly to consider when weighing your options
The post 10 things to look out for when buying a password manager appeared first on WeLiveSecurity
Who else loves tax season besides accountants? Scammers.
It’s high time of year for online risks here in the U.S. with the onset of tax season, where scammers unleash all manner of scams aimed at taxpayers. The complexity, and even uncertainty, of filing a proper tax return can stir up anxieties like, Have I filed correctly, Did I claim the right deductions, Will I get audited, and Will I get stung with a tax penalty are just a few—and these are the very same anxieties that criminals use as the cornerstone of their attacks.
Yet like so many scams, tax scams give off telltale signs that they’re indeed not on the up-and-up. You have ways you can spot one before you get caught up in one.
In all, we’ve learned to watch our step with the Internal Revenue Service (IRS), so much so that receiving a notification from the IRS can feel like an unwanted surprise. Uh oh, did I do something wrong? However, in reality, less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if addressed promptly.
Still, that wariness of the IRS makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include email phishing attacks, phone calls from crooks posing as IRS agents, texts claiming there’s a problem with our tax software, and even robocalls that threaten jail time for unpaid back taxes. What’s more, fraudsters can take things a step further by committing identity theft and then filing tax claims in other people’s names.
With that, let’s dig into a list of the top scams winding up on our screens and phones during tax time.
Straight from the authority itself, the IRS publishes its Dirty Dozen, an annual list of the top tax season scams. Year-over-year, many of the same scams make the list, yet new ones continue to crop up as scammers try to take advantage of current events. A couple recent examples include email phishing scams centered around Employee Retention Credits, pandemic relief checks, and federal stimulus checks. Additionally, the IRS has warned filers about disinformation that circulates on social media, such as bogus advice that urges filers to alter their W-2 figures for a better refund. With new scams entering the mix every tax season, the Dirty Dozen offers plenty of good advice that can help you steer clear of scams.
We all know the annoyance of spammy phone calls, whether they’re for phony car warranties, tech support services, or debt collection agencies. During this time of year, you can add phony IRS agents and financial service providers to the list.
The stories that scammers will tell will vary, but they often share common themes:
Another thing they have in common: they each outright ask for money, personal information, and sometimes a combination of both. All of which is an indication of a scam.
For the record, per the IRS, it does not:
Also, per the IRS, they cannot revoke your driver’s license, business license, or immigration status. As noted above, scammers will often weave these threats into their stories. Those threats are entirely empty.
What will the IRS do? Generally, the IRS will first mail a notice to any taxpayer who owes taxes. In some instances, IRS collection employees may make an unannounced visit to your home and properly identify themselves with IRS-issued credentials and a federal ID card. In all cases, the revenue officer will only request required payments by cash, check, certified funds, or money order payable to “United States Treasury.”
As for scam calls that pose as financial services companies or tax preparers, ignore them. If you’re planning to work with a tax pro, do your research and work with a legitimate, accredited individual or organization. The IRS has a great resource that can get you started on your search with its “Directory of Federal Tax Return Preparers.” There you can get a list of qualified tax preparers that are verified by the IRS, which you can narrow down based on their accreditations and distance from your zip code.
Don’t fall for AI tax scams! With the rise of AI technology, it’s becoming harder to spot these fraudulent schemes. In the past, fake voices, accents, and grammar mistakes were obvious red flags. But now, scammers are using AI-generated voices that sound just like your neighbors. They’ll pose as the IRS, offering tax assistance or forgiveness. McAfee’s CTO, Steve Grobman warns that cyber-criminals are even cloning American accents to make their scams more convincing. Last month, McAfee detected over a million suspicious URLs related to tax scams. Protect yourself by using antivirus software and call-blocking apps. But be cautious of phishing attempts through texts, emails, and calls. Scammers may threaten you with back taxes or promise unrealistic zero-tax programs. Remember, the IRS never threatens or contacts you through phone, text, or email. They always send official letters by mail. And they never ask for payment in gift cards, Apple Pay, Crypto, Bitcoin, Venmo, or Zelle. Stay alert and keep your personal information and money safe! Watch the video below from Steve, discussing AI voice scams.
One way you can be sure that someone other than the IRS has reached you is if they contact you by text, messaging app, or social media. The IRS will not contact you in any of these ways. Ignore any such messages, and if your app or platform allows you to report messages or accounts as spam, do so. You can often do it with a simple click or tap.
Another increasingly popular scam on phones is the bogus account alert. The scammer may send a message that says Your account is on hold, or something like We’ve detected unusual activity. During most of the year, scammers will use these messages to pose as online payment platforms, banks, credit card companies, online stores, and streaming services.
Now during tax season, they’ll masquerade as IRS agents or popular tax software companies. Even though the names change, the game remains the same. The text or message will serve up a link so you can “correct the situation,” one that leads to a site that could steal your personal information or otherwise trick you into installing malware on your phone.
As always, don’t click these links. Report them if you can.
Phishing emails pull many of the same tricks that calls, texts, and direct messages do—you’ll simply find them in your inbox instead. The same rules for avoiding other IRS scams apply here. First, note that the IRS will never initiate contact with you via email. Nor will they send you emails about your tax refund or any other sensitive information.
In the past, the IRS has reported that phishing emails often send their victims to lookalike IRS sites that can appear quite convincing. There, victims either receive a prompt to enter their personal and financial information or to download a file that’s laden with malware. Other emails may include attachments, which may be loaded with malware as well.
Delete any such emails you receive. And if you have any concerns, contact your tax professional or the IRS directly. Also, the IRS asks people who receive scam emails to notify them at phishing@irs.gov. This helps the IRS track and prosecute scammers.
Imagine filing your return only to find out it’s already been filed.
A far more serious form of tax-related crime is identity theft, where a scammer uses the victim’s personal information and Social Security number to file a return in the victim’s name—and claim the refund. One particularly painful aspect of identity theft and taxes is that victims often find out only after it occurs or when it’s well underway. For example:
Other signs are related to employment, such as getting assigned an Employer Identification Number even though you didn’t request one, discovering that the IRS shows you received income from an employer you didn’t work for, or finding out that someone has claimed unemployment benefits in your name. Once again, both are signs of full-on identity theft where someone has assumed your identity.
The IRS states that you should always respond to any IRS notice, particularly if you believe it is in error. If you’ve already contacted the IRS about an identity theft issue, you can reach them at 800-908-4490 for further assistance.
Understand that if this form of identity theft occurs to you, it’s highly likely that the scammer has your Social Security number. Report that right away at https://www.ssa.gov/number-card/report-stolen-number if you think your number is being used by someone else.
Your Social Security number ranks at the very top of your most valuable personal information. It unlocks everything from driver’s licenses, photo identification, employment, insurance claims, and of course taxes. Act immediately if you think it’s been compromised.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. As mentioned, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Another way you can help prevent someone from filing a return in your name is to request a six-digit Identity Protection PIN (IP PIN). Once you receive am IP PIN, the IRS will use it to verify your identity when you file by paper or electronically. It’s good for one calendar year, and you can generate a new one each year for your account. You can request an IP PIN at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Also, be aware that scammers want your IP PIN as well. Phone calls, emails, or texts asking for it are scams. Outside of including it when filing your return, the IRS will never ask for it. If you are working with a tax professional, only provide it when it comes time to file.
Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
If you fall victim to identity theft, having identity theft protection in place can provide significant relief, both financially and in terms of recovery. Our identity theft coverage & restoration support includes $1 million in funds if it’s determined that you’re a victim, which covers lawyer’s fees, travel expenses, and stolen funds reimbursement—while licensed recovery experts can help you repair your credit and identity. Considering the potential costs in both time and money, identity theft protection can speed and ease recovery.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams.
You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. We also provide guidance on how you can remove your data from those sites and, with select plans, even manage the removal for you—while continuing to scan those sites in case your information reappears.
Comprehensive online protection software can help you on a number of counts. It warns you of suspicious links in emails and texts that could send you to malicious sites. It can further protect you from ransomware attacks, which IRS has also listed amongst its Dirty Dozen. And you can use it to monitor all your transactions across all your financial accounts in one place, which can spot any questionable activity. In all, tax time or otherwise, online protection software is always a strong security move.
A little stress and uncertainty can enter the picture during tax season, and scammers know it. In fact, they prey upon it. They concoct their scams around those feelings, hoping that you’ll take the bait and act quickly without taking the time to scrutinize what they’re saying and what they’re really asking you to do.
Keeping up to date on what the latest scams are, having a good sense of which ones get recycled every year, and putting protections in place can help you avoid getting stung by a scam during tax season.
For yet more information, visit the IRS Tax Scam and Consumer Alert site at: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
The post How to Protect Yourself Against Tax Scams appeared first on McAfee Blog.
Who else loves tax season besides accountants? Scammers.
It’s high time of year for online risks here in the U.S. with the onset of tax season, where scammers unleash all manner of scams aimed at taxpayers. The complexity, and even uncertainty, of filing a proper tax return can stir up anxieties like, Have I filed correctly, Did I claim the right deductions, Will I get audited, and Will I get stung with a tax penalty are just a few—and these are the very same anxieties that criminals use as the cornerstone of their attacks.
Yet like so many scams, tax scams give off telltale signs that they’re indeed not on the up-and-up. You have ways you can spot one before you get caught up in one.
In all, we’ve learned to watch our step with the Internal Revenue Service (IRS), so much so that receiving a notification from the IRS can feel like an unwanted surprise. Uh oh, did I do something wrong? However, in reality, less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if addressed promptly.
Still, that wariness of the IRS makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include email phishing attacks, phone calls from crooks posing as IRS agents, texts claiming there’s a problem with our tax software, and even robocalls that threaten jail time for unpaid back taxes. What’s more, fraudsters can take things a step further by committing identity theft and then filing tax claims in other people’s names.
With that, let’s dig into a list of the top scams wind up on our screens and phones during tax time.
Straight from the authority itself, the IRS publishes its Dirty Dozen, an annual list of the top tax season scams. Year-over-year, many of the same scams make the list, yet new ones continue to crop up as scammers try to take advantage of current events. A couple recent examples include email phishing scams centered around Employee Retention Credits, pandemic relief checks, and federal stimulus checks. Additionally, the IRS has warned filers about disinformation that circulates on social media, such as bogus advice that urges filers to alter their W-2 figures for a better refund. With new scams entering the mix every tax season, the Dirty Dozen offers plenty of good advice that can help you steer clear of scams.
We all know the annoyance of spammy phone calls, whether they’re for phony car warranties, tech support services, or debt collection agencies. During this time of year, you can add phony IRS agents and financial service providers to the list.
The stories that scammers will tell will vary, but they often share common themes:
Another thing they have in common: they each outright ask for money, personal information, and sometimes a combination of both. All of which is an indication of a scam.
For the record, per the IRS, it does not:
Also per the IRS, they cannot revoke your driver’s license, business licenses, or immigration status. As noted above, scammers will often weave these threats into their stories. Those threats are entirely empty.
What will the IRS do? Generally, the IRS will first mail a notice to any taxpayer who owes taxes. In some instances, IRS collection employees may make an unannounced visit to your home and properly identify themselves with IRS-issued credentials and an federal ID card. In all cases, the revenue officer will only request required payments by cash, check, certified funds, or money order payable to “United States Treasury.”
As for scam calls that pose as financial services companies or tax preparers, ignore them. If you’re planning to work with a tax pro, do your research and work with a legitimate, accredited individual or organization. The IRS has a great resource that can get you started on your search with its “Directory of Federal Tax Return Preparers.” There you can get a list of qualified tax preparers that are verified by the IRS, which you can narrow down based on their accreditations and distance from your zip code.
One way you can be sure that someone other than the IRS has reached you is if they contact you by text, messaging app, or social media. The IRS will not contact you in any of these ways. Ignore any such messages, and if your app or platform allows you to report messages or accounts as spam, do so. You can often do it with a simple click or tap.
Another increasingly popular scam on phones is the bogus account alert. The scammer may send a message that says Your account is on hold, or something like We’ve detected unusual activity. During most of the year, scammers will use these messages to pose as online payment platforms, banks, credit card companies, online stores, and streaming services.
Now during tax season, they’ll masquerade as IRS agents or popular tax software companies. Even though the names change, the game remains the same. The text or message will serve up a link so you can “correct the situation,” one that leads to a site that could steal your personal information or otherwise trick you into installing malware on your phone.
As always, don’t click these links. Report them if you can.
Phishing emails pull many of the same tricks that calls, texts, and direct messages do—you’ll simply find them in your inbox instead. The same rules for avoiding other IRS scams apply here. First, note that the IRS will never initiate contact with you via email. Nor will they send you emails about your tax refund or any other sensitive information.
In the past, the IRS has reported that phishing emails often send their victims to lookalike IRS sites that can appear quite convincing. There, victims either receive a prompt to enter their personal and financial information or to download a file that’s laden with malware. Other emails may include attachments, which may be loaded with malware as well.
Delete any such emails you receive. And if you have any concerns, contact your tax professional or the IRS directly. Also, the IRS asks people who receive scam emails to notify them at phishing@irs.gov. This helps the IRS track and prosecute scammers.
Imagine filing your return only to find out it’s already been filed.
A far more serious form of tax-related crime is identity theft, where a scammer uses the victim’s personal information and Social Security number to file a return in the victim’s name—and claim the refund. One particularly painful aspect of identity theft and taxes is that victims often find out only after it occurs or when it’s well underway. For example:
Other signs are related to employment, such as getting assigned an Employer Identification Number even though you didn’t request one, discovering that the IRS shows you received income from an employer you didn’t work for, or finding out that someone has claimed unemployment benefits in your name. Once again, both are signs of full-on identity theft where someone has assumed your identity.
The IRS states that you should always respond to any IRS notice, particularly if you believe it is in error. If you’ve already contacted the IRS about an identity theft issue, you can reach them at 800-908-4490 for further assistance.
Understand that if this form of identity theft occurs to you, it’s highly likely that the scammer has your Social Security number. Report that right away at https://www.ssa.gov/number-card/report-stolen-number if you think your number is being used by someone else.
Your Social Security number ranks at the very top of your most valuable personal information. It unlocks everything from driver’s licenses, photo identification, employment, insurance claims, and of course taxes. Act immediately if you think it’s been compromised.
One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. As mentioned, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early.
Another way you can help prevent someone from filing a return in your name is to request a six-digit Identity Protection PIN (IP PIN). Once you receive am IP PIN, the IRS will use it to verify your identity when you file by paper or electronically. It’s good for one calendar year, and you can generate a new one each year for your account. You can request an IP PIN at: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.
Also be aware that scammers want your IP PIN as well. Phone calls, emails, or texts asking for it are scams. Outside of including it when filing your return, the IRS will never ask for it. If you are working with a tax professional, only provide it when it comes time to file.
Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Our credit monitoring service can keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Our identity monitoring service checks the dark web for your personal info, including email, government IDs, credit card and bank account info, and more—then provides alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
If you fall victim to identity theft, having identity theft protection in place can provide significant relief, both financially and in terms of recovery. Our identity theft coverage & restoration support includes $1 million in funds if it’s determined that you’re a victim, which covers lawyer’s fees, travel expenses, and stolen funds reimbursement—while licensed recovery experts can help you repair your credit and identity. Considering the potential costs in both time and money, identity theft protection can speed and ease recovery.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that information for scams.
You can help reduce those scam texts and calls by removing your information from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. We also provide guidance on how you can remove your data from those sites and, with select plans, even manage the removal for you—while continuing to scan those sites in case your information reappears.
Comprehensive online protection software can help you on a number of counts. It warns you of suspicious links in emails and texts that could send you to malicious sites. It can further protect you from ransomware attacks, which IRS has also listed among its Dirty Dozen. And you can use it to monitor all your transactions across all your financial accounts in one place, which can spot any questionable activity. In all, tax time or otherwise, online protection software is always a strong security move.
A little stress and uncertainty can enter the picture during tax season, and scammers know it. In fact, they prey upon it. They concoct their scams around those feelings, hoping that you’ll take the bait and act quickly without taking the time to scrutinize what they’re saying and what they’re really asking you to do.
Keeping up to date on what the latest scams are, having a good sense of which ones get recycled every year, and putting protections in place can help you avoid getting stung by a scam at tax season.
For yet more information, visit the IRS Tax Scam and Consumer Alert site at: https://www.irs.gov/newsroom/tax-scams-consumer-alerts
The post How to Stay Safe When Paying Your Taxes to the IRS appeared first on McAfee Blog.
So, can Android phones get viruses and malware? The answer is yes, and likewise you can do several things to spot and remove them from your phone.
A couple things make Android phones attractive to cyber criminals and scammers. First, they make up about half of all smartphones in the U.S. and roughly 71% worldwide. Second, while its operating system gives users the flexibility to install apps from multiple apps markets, it also makes the operating system more vulnerable to tampering by bad actors. Also, Android has a more fragmented ecosystem with multiple device manufacturers and different versions of the operating system. As a result, each may have different security updates, and consistency will vary depending on the carrier or manufacturer, which can make Android phones more vulnerable to threats.
So, just like computers and laptops, Android phones are susceptible to attack. And when you consider how much of our lives we keep on our phones, the importance of protecting them can’t be overstated. Steps truly are called for. With a look at how viruses and malware end up on Androids, you’ll see that you have several ways of keeping you and your phone safe.
When it comes to viruses and malware on Android phones, malicious apps are often to blame. They’ll disguise themselves in many ways, such as utility apps, wallpaper apps, games, photo editors, and so on. Once installed, they’ll unleash their payload, which can take several forms:
Google Play does its part to keep its virtual shelves free of malware-laden apps with a thorough submission process as reported by Google and through its App Defense Alliance that shares intelligence across a network of partners, of which we’re a proud member. Further, users also have the option of running Play Protect to check apps for safety before they’re downloaded.
Yet, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they’ll embed the malicious code so that it only triggers once it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.
Beyond Google Play, Android allows users to download apps from third-party app stores, which may or may not have a thorough app submission process in place. Moreover, some third-party app stores are actually fronts for organized cybercrime gangs, built specifically to distribute malware.
You might spot the signs rather quickly. Sometimes, you might not. Some malware can make your phone run poorly, which may indicate a technical issue, yet it can also be a symptom of a hacked phone. Others work quietly in the background without you knowing it. Either way, both cases provide good reasons to run regular scans on your phone.
Let’s look at some possible signs:
Malware has a way of taking up resources and eating up battery life as it furiously does its work in the background. For example, adware or clicker malware can hijack your phone and tap the central processing unit to run the complex calculations needed to mine cryptocurrencies like bitcoin, thus putting high stress on your device. In a way, it’s like having a second person using your phone at the same time as you are. This can make your phone hot to the touch, like it’s been sitting in the sun, because the stress malware puts on your phone could cause it to overheat.
Adware is annoying as it sounds, and potentially even more malicious in nature. If popup ads suddenly pepper your phone, it may be malware that distributes ads without your consent, which can generate revenue for rogue developers (they can get paid per view and per click). Worse yet, adware can also collect personal information and browsing history from your phone, which bad actors can then sell—a major invasion of your privacy.
A potential telltale sign that your phone has been compromised is the appearance of new apps that you didn’t download, along with spikes in data usage that you can’t account for. Likewise, if you see calls in your phone’s history that you didn’t make, that’s a warning as well.
Like an overdraft statement or seeing a suspicious charge your bank statement, this is a possible sign of malware installed on your device and is using it to perform subscriptions scam or premium SMS messages to unsolicited services.
Broadly, you can take two big steps toward keeping you and your phone safer from attack. The first is to keep a critical eye open as you use your phone. Malware authors rely on us to trust what we see a little too quickly, such as when it comes time to download that new app or tap on a link in a phishing email that looks legitimate, yet most certainly isn’t upon closer inspection. Slow down and scrutinize what you see. If something seems fishy, don’t tap or interact with it.
The second big step is to use online protection software on your Android phone. In addition to providing strong antivirus protection and removal, it has further features that protect you against identity theft, online scams, and other mobile threats—including credit card and bank fraud, malicious texts, sketchy links, and bogus QR codes.
With that, here are a few more steps you can take:
Scammers have put Android phones in their crosshairs. And for some time now. While phishing emails and smishing texts with sketchy links persists as avenues of attack, a popular form of attack comes by way of malicious app downloads. One reason why is that malicious apps disguise themselves so well, as a utility or game you really want on your phone. You’re more apt to tap “Install” when you’re actively shopping for an app than to tap on a link in an unsolicited email or text.
Yet as with so many of today’s online attacks, a combination of good sense and strong online protection software can prevent viruses and malware from ending up on your phone. Slowing down and putting preventative measures in place goes a long way toward keeping what’s arguably your most important device far more secure.
The post How to Remove Viruses from Your Android Phone appeared first on McAfee Blog.
Artificial intelligence (AI) is making its way from high-tech labs and Hollywood plots into the hands of the general population. ChatGPT, the text generation tool, hardly needs an introduction and AI art generators (like Midjourney and DALL-E) are hot on its heels in popularity. Inputting nonsensical prompts and receiving ridiculous art clips in return is a fun way to spend an afternoon.
However, while you’re using AI art generators for a laugh, cybercriminals are using the technology to trick people into believing sensationalist fake news, catfish dating profiles, and damaging impersonations. Sophisticated AI-generated art can be difficult to spot, but here are a few signs that you may be viewing a dubious image or engaging with a criminal behind an AI-generated profile.
To better understand the cyberthreats posed by each, here are some quick definitions:
AI art and deepfake aren’t technologies found on the dark web. Anyone can download an AI art or deepfake app, such as FaceStealer and Fleeceware. Because the technology isn’t illegal and it has many innocent uses, it’s difficult to regulate.
How Do People Use AI Art Maliciously?
It’s perfectly innocent to use AI art to create a cover photo for your social media profile or to pair it with a blog post. However, it’s best to be transparent with your audience and include a disclaimer or caption saying that it’s not original artwork. AI art turns malicious when people use images to intentionally trick others and gain financially from the trickery.
Catfish may use deepfake profile pictures and videos to convince their targets that they’re genuinely looking for love. Revealing their real face and identity could put a criminal catfish at risk of discovery, so they either use someone else’s pictures or deepfake an entire library of pictures.
Fake news propagators may also enlist the help of AI art or a deepfake to add “credibility” to their conspiracy theories. When they pair their sensationalist headlines with a photo that, at quick glance, proves its legitimacy, people may be more likely to share and spread the story. Fake news is damaging to society because of the extreme negative emotions they can generate in huge crowds. The resulting hysteria or outrage can lead to violence in some cases.
Finally, some criminals may use deepfake to trick face ID and gain entry to sensitive online accounts. To prevent someone from deepfaking their way into your accounts, protect your accounts with multifactor authentication. That means that more than one method of identification is necessary to open the account. These methods can be one-time codes sent to your cellphone, passwords, answers to security questions, or fingerprint ID in addition to face ID.
Before you start an online relationship or share an apparent news story on social media, scrutinize images using these three tips to pick out malicious AI-generated art and deepfake.
Fake images usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Phishers are notorious for their poor writing skills. AI-generated text is more difficult to detect because its grammar and spelling are often correct; however, the sentences may seem choppy.
Does the image seem too bizarre to be real? Too good to be true? Extend this generation’s rule of thumb of “Don’t believe everything you read on the internet” to include “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, at least one other site will report on the event.
AI technology often generates a finger or two too many on hands, and a deepfake creates eyes that may have a soulless or dead look to them. Also, there may be shadows in places where they wouldn’t be natural, and the skin tone may look uneven. In deepfaked videos, the voice and facial expressions may not exactly line up, making the subject look robotic and stiff.
Fake images are tough to spot, and they’ll likely get more realistic the more the technology improves. Awareness of emerging AI threats better prepares you to take control of your online life. There are quizzes online that compare deepfake and AI art with genuine people and artworks created by humans. When you have a spare ten minutes, consider taking a quiz and recognizing your mistakes to identify malicious fake art in the future.
To give you more confidence in the security of your online life, partner with McAfee. McAfee+ Ultimate is the all-in-one privacy, identity, and device security service. Protect up to six members of your family with the family plan, and receive up to $2 million in identity theft coverage. Partner with McAfee to stop any threats that sneak under your watchful eye.
The post How to Spot Fake Art and Deepfakes appeared first on McAfee Blog.
It’s never been easier to write a convincing message that can trick you into handing over your money or personal data
The post Writing like a boss with ChatGPT and how to get better at spotting phishing scams appeared first on WeLiveSecurity
Scammers now have new tools to lure people who are looking for love online, by reeling in potential victims with artificial intelligence (AI). Thanks to the aid of popular AI tools like ChatGPT, scammers can potentially generate anything from seemingly innocent intro chats to full-blown love letters in seconds, all ready to dupe their victims on demand.
Tactics like these are typical of “catfishing” in dating and romance scams, where the scammer creates a phony online persona and uses it to lure their victim into a relationship for financial gain. Think of it as a bait-and-hook approach, where the promise of love is the bait, and theft is the hook.
And as explained above, baiting that hook just got far easier with AI.
Sound farfetched? After all, who would fall for such a thing? It turns out that a sophisticated AI chatbot can sound an awful lot like a real person seeking romance. In our latest “Modern Love” research report, we presented a little love letter to more than 5,000 people worldwide and asked them if it was written by a person or by AI:
My dearest,
The moment I laid eyes on you, I knew that my heart would forever be yours. Your beauty, both inside and out, is unmatched and your kind and loving spirit only adds to my admiration for you.
You are my heart, my soul, my everything. I cannot imagine a life without you, and I will do everything in my power to make you happy. I love you now and forever.
Forever yours …
One-third of the people (33%) thought that a person wrote this letter, 31% said an AI wrote it, and 36% said they couldn’t tell one way or another.
What did you think? If you said that a person wrote the letter, you got hoodwinked. An AI wrote it.
The implications are concerning. Put plainly, scammers can turn on the charm practically at will with AI, generating high volumes of romance-laden content for potentially high volumes of victims. And as our research indicates, plenty of people are ready to soak it up.
Worldwide, we found:
Chatting with a stranger is one thing. Yet how often did it lead to a request for money or other personal information? More than half the time.
Scammers love a good story, one that’s intriguing enough to be believable, such as holding a somewhat exotic job outside of the country. Common tales include drilling on an offshore oil rig, working as a doctor for an international relief organization, or typically some sort of job that prevents them from meeting up in person.
Luckily, this is where many people start to catch on. In our research, people said they found out they were being catfished when:
Of course, the true telltale sign of an online dating or romance scam is when the scammer asks for money. The scammer includes a little story with that request too, usually revolving around some sort of hardship. They may say they need to pay for travel or medical expenses, a visa or other travel documents, or even customs fees to retrieve an item that they say is stuck in the mail. There’s always some kind of twist or intriguing complication that seems just reasonable enough such that the victim falls for it.
Scammers will often favor payment via wire transfers, gift cards, and reloadable debit cards, because they’re like cash in many regards—once you fork over that money, it’s as good as gone. These forms of payment offer few protections in the event of scam, theft, or loss, unlike a credit card charge that you can contest or cancel with the credit card company. Unsurprisingly, scammers have also added cryptocurrency to that list because it’s notoriously difficult to trace and recover.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest, reimburse, or trace back to the recipient. Requests for money, particularly in these forms, should raise a major red flag.
What makes online dating and romance scams so malicious, and so difficult to sniff out, is that scammers prey on people’s emotions. This is love we’re talking about, after all. People may not always think or act clearly to the extent that they may wave away their doubts—or even defend the scammer when friends or family confront them on the relationship.
However, an honest look at yourself and the relationship you’re in provides some of the best guidance around when it comes to meeting new people online:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working on several victims at once, which is yet another opportunity for them to get confused and slip up.
In the cases where scammers may use AI tools to pad their conversations, you can look for several other signs. AI still isn’t always the smoothest operator when it comes to language. AI often uses short sentences and reuses the same words, and sometimes it generates a lot of content without saying much at all. What you’re reading may seem to lack a certain … substance.
Scammers are likely to use all kinds of openers. That text you got from an unknown number that says, “Hi, where are you? We’re still meeting for lunch, right?” or that out-of-the-blue friend request on social media are a couple examples. Yet before that, the scammer had to track down your number or profile some way or somehow. Chances are, all they needed to do was a little digging around online.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2022 alone, Facebook took action on 1.5 billion fake accounts. Reject requests from strangers.
How did that scammer get your phone number or contact information in the first place? It could have come from a data broker site. Data brokers are part of a global data economy estimated at $200 billion U.S. dollars a year fueled by thousands of data points on billions of people scraped from public records, social media, third-party sources, and sometimes other data broker sites as well. With info from data broker sites, scammers compile huge lists of potential victims for their spammy texts and calls.
Our Personal Data Cleanup can help remove your info from those sites for you. Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and can even manage the removal for you depending on your plan. It also monitors those sites, so if your info gets posted again, you can request its removal again.
Online protection software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, protecting your privacy by monitoring the dark web for your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must.
Worldwide, we found that 30% of men (and 26% of all adults) said they plan to use artificial intelligence tools to put their feelings into words. Yet, there’s a flipside. We also found that 49% of respondents said they’d be offended if they found out the note they received had been produced by a machine.
So why are people turning to AI? The most popular reason given for using AI as a ghostwriter was that it would make the sender feel more confident (27%), while others cited lack of time (21%) or lack of inspiration (also 21%), while 10% said it would just be quicker and easier and that they didn’t think they’d get found out.
It’s also worth noting that true romance seekers have called upon AI to kick off chats in dating apps, which might take the form of an ice-breaking joke or wistful comment. Likewise, AI-enabled apps have started cropping up in app stores, which can coach you through a conversation based on contextual cues like asking someone out or rescheduling a date. Some can even create AI-generated art on demand to share a feeling through an image.
It may be better than opening a conversation with an otherwise dull “hey,” yet as our research shows, there are risks involved if people lean on it too heavily—and prove to be quite a different person when they start talking on their own.
It’s important to remember that an AI chatbot like ChatGPT is a tool. It’s not inherently good or bad. It’s all in the hands of the user and how they choose to apply it. And in the case of scammers, AI chatbots have the potential to do a lot of harm.
However, you can protect yourself. In fact, you can still spot online dating and romance scams in much the same way as before. They still follow certain rules and share the same signs. If anything, the one thing that has changed is this: reading messages today calls for extra scrutiny. It will take a sharp eye to tell what’s real and what’s fake.
As our research showed, online dating and romance scams begin and end with you. Thinking back to what we learned as children about “stranger danger” goes a long way here. Be suspicious and, better yet, don’t engage. Go about your way. And if you do find yourself chatting with someone who requests money or personal information, end it. Painful as the decision may be, it’s the right decision. No true friend or partner, one you’ve never seen or met, would rightfully ask that of you.
Editor’s Note:
Online dating and romance scams are a crime. If you think that you or someone you know has fallen victim to one, report it to your authorities and appropriate government agencies. In the case of identity theft or loss of personal information, our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
The post Could ChatGPT Cause Heartbreak with Online Dating Scams? appeared first on McAfee Blog.
All your online activity creates a trail of data. And that data tells a story. The story of you.
The websites, apps, and services you use throughout the day all collect data. They may collect data about your behaviors, interests, and purchases—along with what you’re doing, for how long, and where, largely without your knowledge. They may also collect personal information, information you provide, such as health records, your Social Security Number, banking info, your driver’s license number, and more. This can include further health data, such as the kind that gets tracked from a smartwatch or wearable device.
“So what?”
I’ve heard plenty of people say exactly that about data collection. And plenty of others simply resign themselves to the reality of data collection. “What’s out there is already out there.” They feel like there’s not much they can do about it. If anything at all. And does it really matter?
It absolutely matters.
That is, it matters if you hate spam calls and texts. If you’re worried about identity theft. If you’re worried that practically anyone can purchase a detailed picture of your personal information from an online data broker and use it as they like.
Indeed, your data tells the story of you. And plenty of others are interested in your story. Businesses and advertisers for one, so they can market to the most targeted of your needs and interests. Yet also hackers, scammers, spammers, and thieves—and in extreme cases, stalkers as well.
While it’s true that you cannot control how each byte of data about you and your family is shared and processed, you’re not helpless! In many cases, you can control how you share your data by taking a few steps. Your data is precious, and you deserve to be selective about who you share it with.
That’s the reason you’ve seen McAfee roll out so many protections for your privacy and identity, with several more to come. While there are so many tools for data collection today, so are the tools for you to take control.
Looking at our own McAfee+ online protection plans, they offer you identity theft and fraud protections such as Personal Data Cleanup, identity monitoring, along with credit monitoring, a VPN that can help keep your online activity more private, $1M in identity theft coverage and support from an identity restoration specialist … the list goes on. These are tools everyone can benefit from in the face of the current threats out there.
The evolution of McAfee+ reflects the nature of online threats today. Increasingly, the target is you—your privacy, your identity, and all the things that they unlock.
Another simple yet powerful step is to protect your devices with comprehensive online protection software. This will help defend you against the latest virus, malware, spyware, and ransomware attacks plus further shield your privacy, and minimize web tracking (think advertisers) with a VPN. In addition to this, it will also create and store strong, unique passwords, and offer web protection that can help steer you clear of sketchy websites that may try to steal your data.
Start with the devices and apps you use most. Different devices and apps will have their own privacy settings, so give them a look and see what your options are. You may be surprised to find how you can limit which information advertisers can use to serve up ads to you. You may find that some apps have GPS tracking turned on, even though they don’t need it to function. All of this adds up to data that companies may collect, share, or resell—depending on their privacy policy. Again, start with the devices and apps you use most then expand from there. It’s also a good opportunity to delete apps you don’t use anymore—along with the data associated with them.
One major privacy leak comes at the hands of online data brokers, companies that collect and resell volumes of exacting personal information about millions of people. In fact, they make up a multi-billion-dollar industry that spans worldwide. Additionally, there are so-called “White Pages” and “people finder” sites that post information like names, addresses, and other public records that anyone can access. With all this information collected in a central location that’s easily searched and accessed, these sites can be an ideal resource for hackers, spammers, and thieves. McAfee’s Personal Data Cleanup can help you take control. It scans high-risk data broker sites and lets you know which ones are selling your data, and depending on your McAfee+ plan, it can remove it for you too.
Yet you can take even more control of your privacy. As part of our McAfee Safety Series, we have an entire guide dedicated to the topic of online privacy, the McAfee Digital Privacy Guide. It shows you ways that you can take control of your digital privacy, insight into what information you may be creating, and how you may be passing it along—whether you know it or not.
In all, your privacy is your own. We believe that what you share and don’t share, who you share it with and who you don’t, and for what reason … should be your decision.
It’s your story. Take control. And we’re here to help.
The post How to Protect Your Personal Data appeared first on McAfee Blog.
It’s been a particularly busy and colourful week, scam-wise in our household. Between 4 family members, we’ve received almost 20 texts or emails that we’ve identified as scams. And the range was vast: from poorly written emails offering ‘must have’ shopping deals to terse text messages reprimanding us for overdue tolls plus the classic ‘Dear mum, I’ve smashed my phone’ and everything in between.
There’s no doubt that scammers are dedicated opportunists who can pivot fast. They can pose as health authorities during a pandemic, charities after a flood or even your next big love on an online dating platform. And it’s this chameleon ability that means we need to always be on red alert!
According to the Australian Competition and Consumer Commission (ACCC), Aussies lost a record amount of more than $2 billion in scams in 2021. And that was with record levels of intervention from the government, law enforcement agencies and the private sector. The most lucrative scams were investment scams ($701 million) followed by payment redirection scams ($227 million) and then romance scams which netted a whopping $142 million.
But the psychological trauma that is often experienced by victims can be equally as devastating. Many individuals will require extensive counselling and support in order to move on from the emotional scarring from being a victim of hacking.
So, with scammers putting so much energy into trying to lure us into their web, how can we stay one step ahead of these online schemers and ensure we don’t become a victim?
While there are no guarantees in life, there are a few steps you can take so that you can quickly recognise an online scam.
If you’ve received a text message, email or call that you think is a scam, don’t respond. Take your time. Slow down and pause. If it’s a call, and you’re not sure – hang up! Or if it’s a text or email – delete it! But if you are concerned that it might be legitimate, call the company directly using the contact information from their official website or through their secure apps.
If you are being asked to share your personal information or pay money either via a text or phone call, take some time to think. Does it feel legitimate? Do you have a relationship with this organisation? Remember, scammers are very talented at pretending they are from organisations you know and trust. If in doubt, contact the company directly via their official communication channels. Or ask a trusted friend or family member for their input. But remember, NEVER click on any links in messages from people or organisations you don’t know – no exceptions!!
Do not hesitate to take action if something feels wrong. If there are any transactions on your credit card or bank statements that don’t look right, call your bank immediately. If you think you may have given personal information to scammers, then act fast. I recommend calling ID Care – Australia and New Zealand’s national identity and cyber support service. They are a not-for-profit charity that provides support to individuals affected by identity and cyber security issues.
ReportCyber is another way of notifying authorities of a scam. An initiative of the Australian Government and the Australian Cyber Security Centre, it helps authorities investigate and shut down scams. It’s also a good idea to report the scam to Scamwatch – the dedicated scam arm of the Australian Competition and Consumer Commission (ACCC).
We’ve all heard that ‘prevention is better than a cure’ so taking some time to protect yourself before a scammer comes your way is a no-brainer. Here are my top 5 things to do:
Please don’t think smart people don’t get caught up in scams because they do!! Scammers are very adept at looking legitimate and creating a sense of urgency. With many of us living busy lives and not taking the time to think critically, it’s inevitable that some of us will become victims. And remember if you’re offered a deal that just seems too good to be true, then it’s likely a scam! Hang up or press delete!!
The post How To Recognize An Online Scam appeared first on McAfee Blog.
Holding the door for someone might open the way to a cyberattack. For anyone who works in a secure building or workplace, they might want to rethink that courtesy. The hackers and thieves behind piggybacking and tailgating attacks count on it.
Piggyback and tailgating attacks occur when an unauthorized person gains access to a restricted workplace, one that requires some form of ID to enter. While quite similar, these attacks have an important difference:
In both cases, these unauthorized entries can put businesses and organizations at risk. They give potential bad actors all kinds of access to sensitive information and devices.
Trade secrets get stolen this way, as does customer information. In yet more malicious cases, bad actors might gain entry with the intent of sabotaging technology or hijacking a network. And of course, bad actors might do harm to people or property.
Businesses and organizations that find themselves at risk include those that:
Different businesses and organizations have different forms of security in place. You might be among the many who use a smart badge or some form of biometric security to enter a building or certain areas within a building.
However, determined bad actors will look for ways around these measures. With piggyback and tailgating attacks, it’s far easier for them to follow someone into a workplace than it is to break into a workplace.
Bad actors will simply walk in when someone holds the door for them. It’s as simple as that. Additionally, they’ll try several different tricks by:
In all, piggybacking and tailgating attacks rely on social engineering—playing off people’s innate courtesy, willingness to help, or even discomfort with conflict. Essentially, the attacker manipulates human nature.
A good portion of prevention falls on the owner of the building, whether that’s a business, organization, or a landlord. It falls on them to install security hardpoints like badge scanners, keypad locks, biometric scanners, and so on to keep the property secure. Moreover, employers owe it to themselves and their employees to train them on security measures.
Yet you can take further steps to prevent a piggybacking or tailgating attack on your workplace. Some steps include:
Also consider the security of your devices or any other sensitive information you work with. If a bad actor slips into your workplace, you can take other steps to prevent theft or damage.
Some aspects of piggybacking and tailgating prevention seem like they go against our better nature. We want to be kind, helpful, and sometimes we’d simply rather avoid confrontation. Again, piggybackers and tailgaters count on that. Yet a door is only as secure as the person who uses it—or who opens it for someone else.
The post How to Protect Yourself From Tailgating Attacks appeared first on McAfee Blog.
'Tis the season for shopping and if you too are scouting for bargains, make sure to keep your money safe when snapping up those deals
The post Know your payment options: How to shop and pay safely this holiday season appeared first on WeLiveSecurity
Something looks a little … sketchy. Is that website safe or unsafe?
Nowadays, it can take a bit work to tell.
And that’s by design. Increasingly, hackers and scammers go to great pains when they create their malicious websites. They take extra steps to make their sites look legit, when in fact they’re anything but. Certainly, plenty of other hackers and scammers slap together malicious sites that still look a bit roughshod, which makes them easier to spot.
So whether it’s a clever knockoff or a slapdash effort, unsafe websites of all kinds have several telltale signs you can spot. We’ll show you, and let’s start things off with what makes an unsafe website unsafe in the first place.
Unsafe websites typically harbor one of two primary forms of attack—yet sometimes both:
Malware: Hackers will use their sites to install malware on your device, often by tricking you into clicking or tapping on a download. They might tempt you with an offer, a prize, a show to stream—just about anything you might want to otherwise download. (Recently, we saw hackers installing malware on sites that offered to stream dubbed versions of the “Barbie” movie.)
Phishing: Another classic attack. Phishing involves scammers who try to hoodwink you into providing account or financial information. Common ruses include links in emails, texts, and DMs that appear to be urgent messages from streaming services, banks, social media, and other accounts. Of course, those messages are phony.
As a result, unsafe websites can lead to some not-so-good things.
On the malware side, attackers can install spyware and similar apps that siphon financial and personal information from your device while you’re using it. Other malware might steal files outright or maliciously delete them altogether. Ransomware remains a major concern today as well, where attackers hold devices and data hostage. And even if victims end up paying the ransom, they have no guarantee that the attacker will free their device or data.
Phishing attacks often lead to financial headaches, sometimes large ones at that. It depends on the information scammers get their hands on. In some cases, the damage might lead to identity fraud and a few illicit charges on a debit or credit card. If scammers gather enough information, they can take that a step further and commit identity theft. That can include opening new credit or loans in your name. It could also give a scammer the info they need to get driver’s licenses or employment in your name.
Above and beyond committing fraud or theft on their own, scammers might also sell stolen information to others on the dark web.
Again, all not-so-good. Yet quite preventable.
For some sites, it only takes one sign. For other sites, it takes a few signs—a series of red flags that warn you a site is unsafe. When you’re online, keep a sharp eye out for the following:
The “s” stands for “secure.” Specifically, it means that the website uses SSL (Secure Sockets Layer) that creates an encrypted link between a web server and a web browser. SSL helps prevent others from intercepting and reading your sensitive information as it’s transmitted, which is particularly important when you shop or bank online. Likewise, you can also look for a little lock symbol in the address bar of your web browser. That’s one more way you can spot a site that uses SSL.
From spelling errors and grammatical mistakes, to stretched out logos and cheap photography, some unsafe websites are designed poorly. Legitimate businesses pride themselves on error-free and professional-looking sites. If a website looks like it got cobbled together in a hurry or doesn’t seem to be well-designed, that’s usually a red flag. The site might be unsafe, created by attackers who don’t have a strong attention to detail—or the creative capabilities to create a good-looking website in the first place.
Plenty of unsafe sites are imposter sites. They’ll try to pass themselves off as a legitimate company, like the streaming services, banks, and so forth that we mentioned earlier—all to get a hold of your account information. With all these imposter sites in play, look at the site’s address. Scammers will gin up web addresses that are close to but different from legitimate sites, so close that you might miss it. If you’re uncertain about the address, leave the page. Also note that many companies have web pages that provide lists of the official addresses that they use. Amazon provides on example, and we do the same here at McAfee. Reviewing these lists can help you spot an imposter site.
A window or graphic pops up on your screen. The site you’re on says that it’s identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. “You can correct the issue with a click!” Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
A screen full of links insisting you to click ranks among the top signs of an unsafe site. So much so, it’s often the subject of sitcom bits. Needless to say, the attackers behind these sites want you to click for one of several reasons. It might be to get you to download malware. It might be to generate ad revenue with clicks. Or it might be to get you to click a link that redirects you to another malicious site. In all, if you encounter a site like this, close your browser. And then run a system scan with your online protection software.
These unsafe sites sprout up around the holidays and gift-giving seasons. When stores run low on particularly popular or hot items, scammers will quickly launch sites that claim these items are in stock and ready to ship. Similarly, they might promote popular items at a deep discount. Of course, shopping at these sites will likely lead to one thing—a credit card charge and no item on your doorstep. Be wary when you see ads for stores in your social media feed, in search, and elsewhere. Stick with known, trusted retailers. (And for more on shopping safely online, give this article a quick read.)
These sites bear similarities to malicious online shopping sites. When popular movies hit the big screen or major sporting events come around, so do scam sites that promise to stream them for free or at a low cost. Avoid them. Trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might serve up pirated content, which could carry malware threats along with it.
Not every site that promotes some kind of giveaway or deal is a scam. Yet the ones that ask for personal or financial information likely are. Scammers prey on people’s love for saving money or even winning a buck or two. Enter the prize, coupon, and quiz sites. Malicious prize and coupon sites will often ask for credit or debit card information, often under the guise of a payout or a discount. Malicious quiz sites will likewise ask for all kinds of personal information, typically questions about the name of your pet, the first car you owned, or where you went to school. The questions share much in common with the security questions used by banks and credit card companies. Handing this information over could lead to a breached account. Give these sites a pass.
Comprehensive online protection software like ours includes web protection that can spot malicious sites for you. It has further features that can prevent downloading malware by accident, not to mention strong antivirus protection if a hacker makes their way through to you. In all, it gives you extra confidence that wherever your travels take you online, you’re protected from sketchy and unsafe sites.
However, another part of your best defense against unsafe websites is you. Knowing what the red flags are and the kinds of information hackers want to steal can help you avoid their attacks from the start.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
Hackers have posted another batch of stolen health records on the dark web—following a breach that could potentially affect nearly 8 million Australian Medibank customers, along with nearly 2 million more international customers.
The records were stolen in October’s reported breach at Medibank, one of Australia’s largest private health insurance providers. Given Australia’s population of almost 26 million people, close to a third of the population could find themselves affected.
The hackers subsequently issued ransomware demands with the threat of releasing the records. With their demands unmet, the hackers then started posting the records in batches, the first on November 8th and the latest dropping on November 14th.
According to Medibank, the records and information could include diagnoses, a list of conditions, and further information such as:
“[P]ersonal data such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for AHM customers (not expiry dates), in some cases passport numbers for our international students (not expiry dates), and some health claims data.”
Medibank continues to keep its customers up to date on the latest developments on its website and further states they will contact customers, via email and post, to clarify what has been stolen and what has been published on the dark web.
Any time a data breach occurs, it means that your personal information could end up in the hands of a bad actor. In the case of Medibank, the hackers posted the stolen information on the dark web, which unfortunately means that the likelihood of a potential scammer or thief obtaining this information is a near certainty.
In light of this, there are a few steps you can take to protect yourself in the aftermath of a data breach, which involves a combination of preventative steps and some monitoring on your part.
Home Affairs Minister Clare O’Neil called for Australians to “Contact Services Australia if you believe there has been unauthorised activity in your Medicare account.” Further, Australians can take the following additional steps to protect themselves in the wake of identity theft.
With some personal information in hand, bad actors may seek out more. They may follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal information—either by tricking you into providing it or by stealing it without your knowledge. So as it’s always wise to keep a skeptical eye open for unsolicited messages that ask you for information in some form or other, often in ways that urge or pressure you into acting. Always look out for phishing attacks, particularly after breaches.
If you are contacted by Medibank, make certain the communication is legitimate. Bad actors may pose as Medibank to steal personal information. Do not click on links sent in emails, texts, or messages. Instead, go straight to the Medibank website or contact them by phone directly.
While it does not appear that login information was affected, a password update is still a strong security move. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager will help you keep on top of it all, while also storing your passwords securely. Moreover, changing your passwords regularly can reduce your risk in the event of a data breach. Namely, a breached password is no good to a hacker if you’ve changed it.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts will help your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. If your accounts support two-factor authentication, enable it.
An identity monitoring service can monitor everything from email addresses to credit cards, bank account numbers and phone numbers for signs of breaches so you can take action to secure your accounts before they’re used for identity theft. Personal information harvested from data breaches can end up on dark web marketplaces where it’s bought by other bad actors so they can launch their own attacks. McAfee’s identity monitoring service helps you keep an eye on your personal info and provides alerts if your data is found, averaging 10 months ahead of similar services.
When personal information gets released, there’s a chance that a hacker, scammer, or thief will put it to use. This may include committing fraud, where they draw funds from existing accounts, and theft, where they create new accounts in your name. This may include identity theft, where someone pretends to be you, generally to gain access to more information or services, and may escalate to identity fraud, where funds are stolen from your account.
Another step that customers can take is to place a credit freeze on their credit reports with the major credit agencies in Australia— Equifax, illion, and Experian. This will help prevent bad actors from opening new lines of credit or take out loans in your name by “freezing” your credit report so that potential creditors cannot pull it for reference. Terms of freezing a credit report will vary, so check with each agency for details.
A complete suite of online protection software can offer layers of extra security. Identity thieves generally focus on easy targets to save time. Elevated security across the majority of your data can make you a far more difficult target. In addition to more private and secure time online with a VPN, identity monitoring, and password management, this includes web browser protection that can block malicious and suspicious links that could lead you down the road to malware or a phishing scam—which antivirus protection can’t do alone. Additionally, McAfee offers support from a licensed recovery pro who can help you restore your credit, just in case.
Per Medibank, some victims of the breach may have had their driver’s licence number exposed. Given that a licence number is such a unique piece of personally identifiable information, anyone notified by Medibank that theirs may have been affected should strongly consider changing them. The process for replacing a licence document will vary depending on your state or territory.
The recent Optus breach of September 2022 saw some states and territories propose making exceptions to the rules for attack victims, so look to your local government for guidance.
Not all data breaches make the news. Businesses and organizations, large and small, have all fallen victim to them, and with regularity. The measures you can take here are measures you can take even if you don’t believe you were caught up in the Medibank breach.
However, you have every reason to act now rather than wait for additional news. Staying on top of our credit and identity has always been important, but given all the devices, apps, and accounts we keep these days leaves us more exposed than ever, which makes protection a must.
The post The Medibank Data Breach – Steps You Can Take to Protect Yourself appeared first on McAfee Blog.
What are the warning signs that someone has hijacked your Steam account? Here is what to look for and what you can do to get your account back.
The post Steam account hacked? Here’s how to get it back appeared first on WeLiveSecurity
Venmo, quick and convenient. A great way to pay back a friend or split the cost of a meal. Yet its ease of use and popularity has made it a hunting ground for scammers.
Venmo scams come in all shapes, and many of them look like variations of email phishing and text scams. The scammers behind them will pose as Venmo customer service reps who ask for your login credential. Other scammers offer bogus cash prizes and pyramid schemes that lure in victims with the promise of quick cash. Some scammers will use the app itself to impersonate friends and family to steal money from you.
All of it is preventable.
Just like any other payment app out there, using Venmo safely calls for a few precautions—and for knowing the tricks that scammers like to pull.
Keep your transactions private. Venmo has a social component that can display a transaction between two people and allow others to comment on it. Payment amounts are always secret. Yet you have control over who sees what by adjusting your privacy settings:
This brings up the question, what if the participants in the transaction have different privacy settings? Venmo uses the most restrictive one. So, if you’re paying someone who has their privacy set to “Public” and you have yours set to “Private,” the transaction will indeed be private.
We suggest going private with your account. The less financial information you share, the better. You can set your transactions to private by heading into the Settings of the Venmo app, tapping on Privacy, and then selecting Private.
In short, just because something is designed to be social doesn’t mean it should become a treasure trove of personal data about your spending habits.
Add extra layers of security. Take extra precautions that make it difficult for others to access your Venmo app.
Pay only people you trust. Per Venmo, the app was originally designed for people who know and trust each other to send each other payments. Since then, it’s expanded to making payments for goods and services under certain circumstances. In Venmo’s words:
“The only way to accept payments for goods and services on Venmo is to be explicitly authorized to accept Venmo for purchases, either by applying for a business profile or tag a payment to a personal profile as a purchase.”
Venmo further clarifies their policy by stating (emphasis theirs):
“Unless directly given the option by Venmo, DO NOT USE VENMO TO TRANSACT WITH PEOPLE YOU DON’T PERSONALLY KNOW, ESPECIALLY IF THE TRANSACTION INVOLVES THE PURCHASE OR SALE OF A GOOD OR SERVICE (for example, concert tickets, electronic equipment, sneakers, a watch, or other merchandise).”
Purchases that don’t follow these policies open you up to risk. That includes the many scammers who peddle phony goods, ask their victims to pay with Venmo, and never deliver a thing. On the flip side, when you make an authorized purchase through Venmo, you gain the benefits of their protection plan. You can learn more about it on their protection plan site.
Venmo has a dedicated web page on the topic of scams, and lists the following as the top Venmo scams out there:
|
|
Venmo breaks down each of these scams in detail on their site. They further share things you can do to avoid them—or steps to take if you unfortunately fall victim to one of these scams.
Broadly speaking, though, you can take several steps to avoid Venmo scams:
Scammers will often pose as customer service reps to pump information out of their victims. They’ll ask for things like bank account information, debit card or credit card numbers, or even passwords and authentication codes sent to your phone. Never share this information. Legitimate reps from legitimate companies won’t request it.
In the U.S., Venmo is regulated by the Treasury Department. As such, Venmo might require your SSN in certain circumstances. Venmo details the cases where they might need your SSN for reporting, here on their website. Note that this is an exception to what we say about sharing SSNs and tax ID numbers. As a payment app, Venmo might have legitimate reasons to request it. However, don’t send this information by email or text (any email or text that asks you to do that is a scam). Instead, always use the mobile app by going to Settings then Identity Verification.
Venmo always sends communications through their official “venmo.com” domain name. If you receive an email that claims to be from Venmo but that doesn’t use “venmo.com,” it’s a scam. Never click or tap on links in emails or texts supposedly sent by Venmo.
Another broad category of scams includes people who aren’t who they say they are. In the case of Venmo, scammers will create imposter accounts that look like they might be a friend or family member but aren’t. If you receive an unexpected and likely urgent-sounding request for payment, contact that person outside the app. See if it’s really them.
Online protection software like ours offers several additional layers of security when it comes to your safety and finances online.
For starters, it includes web browser protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam—such as a phony Venmo link designed to steal your login credentials. It also includes a password manager that creates and stores strong, unique passwords for each of your accounts.
Moreover, it further protects you by locking down your identity online. Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. And if identity theft unfortunately happens to you, $1 ID theft coverage & restoration can help you recover quickly.
In all, there’s no question that Venmo makes payments quick and convenient. You can make them far more secure too. The right precautions and tools can see to it.
The post How to Identify and Protect Yourself From Venmo Scams and Other Cash App Scams appeared first on McAfee Blog.
Deleting your browsing history has its benefits. For one, it can improve the performance of your device. Secondly, it can help make you more private online. To a point. In fact, clearing your history from time to time is just one of several steps you can take to improve your privacy.
First off, let’s check out what’s in that history of yours. It contains:
Keep in mind that this info is stored locally on your device, so deleting it there doesn’t mean it’s deleted from the internet. (More on that in a minute.)
If you want to keep your device more private and keep your browser running smoothly, quickly clearing your device’s browser history can help.
There’s no fixed or recommended time for deleting your browsing history, cache, and cookies. It’s all relative to your system’s storage space and personal preferences. Refer to this step-by-step guide whenever you feel like it’s time to clear junk from your browsers.
Google Chrome
To delete your browser history on Google Chrome:
Some of your settings might be deleted when clearing your browser history. For example, you might have to re-sign into your accounts.
If you want to delete cookies and cache for a specific site, you can learn how to change more cookie settings in Chrome.
Mozilla Firefox
To delete your browsing, search, and download history on Mozilla Firefox, follow these steps:
Now, you have quickly deleted your browser history on Mozilla Firefox.
Microsoft Edge
To clear your Microsoft Edge browsing data from only the device you’re currently using, turn off sync before clearing the data. The selected data will be deleted across all your synced devices if sync is turned on.
Follow these steps to turn off sync:
This is how to clear your browsing data on Microsoft Edge in a few simple steps.
Safari
Here are simple steps to clear browser cache and cookies on Safari 8.0 through 10.0. These steps apply to your Apple laptop running macOS, but an iPad or iPhone might have slightly different steps.
That’s all! You’ve now deleted your browser history on Safari.
Opera
To clear cache and browser history in Opera:
Clearing your cache is only the first step. Preventing others from gathering info about you while you browse is the next.
The websites you visit and many of the search engines you use collect info from you as well — info that they store themselves. What type of info they collect and for what purposes varies. Generally, they collect it to personalize your experience on their sites and for gaining insights into your online behaviors. Yet more collect this info for advertising purposes, as mentioned above.
Your internet service provider (ISP) tracks browsing info as well. That can include your location, the websites you visit, and what you do on them. The length of time that ISPs hold onto this info varies. Their data policies and local data retention laws can mean that they keep this info for months or years at a time. Some ISPs use this info as a revenue stream by sharing broad cross-sections of browsing habits with advertisers. Additionally, this info might be subject to subpoena by law enforcement — again depending on local data privacy laws.
So, keeping your browsing private from advertisers, websites, ISPs, and other third parties calls for extra measures:
Use a VPN.
When you use a VPN, you can hide several things from your ISP and other third parties, like the websites and apps you use, the time spent on them, your search history, and downloads. As for websites and apps, a VPN can hide your IP address and your location, all of which can thwart ad tracking on those sites and apps.
A strong VPN service like ours offers yet another benefit. It protects you from hackers and snoops. Our VPN uses bank-grade encryption to keep your data and info secure. With a VPN, a snoop would only see garbled content thanks to your VPN’s encryption functionality.
Clean up your info online.
One major privacy leak comes at the hands of online data brokers, companies that collect and resell volumes of exacting personal info about millions of people. In fact, they make up a multi-billion-dollar industry that spans worldwide. Additionally, there are so-called “White Pages” and “people finder” sites that post info like names, addresses, and other public records that anyone can access.
With all this info collected in a central location that’s easily searched and accessed, these sites can be an ideal resource for hackers, spammers, and thieves. McAfee Personal Data Cleanup can help you take control. It scans high-risk data broker sites and lets you know which ones are selling your data, and depending on your McAfee+ plan, it can remove it for you too.
Delete old accounts.
Consider all those dozens and dozens of old (and forgotten) online accounts you don’t use anymore. Several might have various pieces of personal info stored on them, even though it’s been ages since you used them. Deleting these accounts and the info linked with them can improve your privacy. What’s more, deleting them can help prevent identity theft if those sites get breached.
Our Online Account Cleanup can save you hours and hours of time by cleaning things up with just a few clicks. It shows you which accounts are tied to your email address and what info is usually shared with each account. It also shows you which are riskiest to keep, helping you determine which ones to delete.
Deleting your browser history can give you a performance boost and delete tracking cookies used by third parties. To prevent others from collecting your info while you browse and to clean up the places online where it shows up, grab yourself comprehensive online protection software like our own McAfee+.
It offers several features that can help you be safer and more private online:
With all this data collection happening online, there’s still plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal info more private and secure.
The post How to Delete Your Browser History appeared first on McAfee Blog.
Imagine someone putting your personal information out online for thousands of strangers to see—your home address, phone number, even details about your family members or workplace. This invasive practice, known as doxing, has become a significant concern in the digital age. It’s not just about privacy anymore; it’s about the potential for real-world harm. This article explains what doxing is and how to prevent it from happening to you.
Doxing (or “doxxing”) is the practice of revealing another individual’s personal information (home address, full name, phone number, place of work, and more) in an online public space without the person’s consent.
The term “doxing” comes from the hacker world and references the act of “dropping dox” (as in “docs”) with malicious intent to the victim. The severity of the personal data leak may also go beyond phone numbers and addresses to include releasing private photos, Social Security numbers (SSNs), financial details, personal texts, and other more invasive attacks.
One of the first incidents of doxing took place back in the late 1990s when users of the online forum Usenet circulated a list of suspected neo-Nazis. The list included the suspected individuals’ email accounts, phone numbers, and addresses.
One of the most infamous examples of doxing was during 2014’s Gamergate controversy, involving issues of sexism and misogyny in the video game industry. Female video game developers and journalists were subjected to relentless harassment and doxing, placing their personal safety in jeopardy.
Several high-profile cases of celebrity doxing have made headlines over the years, serving as stark reminders of the dangers of online harassment and privacy invasion. In 2017, a woman hacked Selena Gomez’s email and leaked her Los Angeles-area home address online. In 2021, rapper Kanye West famously doxed Drake when he tweeted the star’s home address.
While doxing can hurt people, it’s not necessarily a crime. In some cases, a doxer finds publicly available information and shares it broadly. Since the data is public record, it’s not illegal to share it. A doxer might invite others to visit the home or workplace of their target rather than taking a specific action.
That said, it is illegal to hack a device or computer without permission from the owner — even if the information collected is never used. The legality of doxing must be taken on a case-by-case basis, and law enforcement must build its case based on existing applicable laws. For example, if the doxer attempted to apply for a credit card using your private data, they could be prosecuted for fraud or identity theft.
You can follow a few critical practices to help protect yourself from doxing. Start by limiting what you share online, using strong passwords, and taking advantage of secure technologies like virtual private networks (VPNs).
Limiting the amount of personal information you share online is one of the best ways to protect yourself from doxing. Avoid oversharing personal details of your life (like your child’s name, pet’s name, or place of work), and maintain the highest possible privacy settings for any social media app or website.
You should also take caution when tagging friends, locations, and photos, as this may give doxers more access to your data. Check out our Ultimate Guide to Safely Sharing Online to learn more.
Data brokers are companies that mine the internet and public records for financial and credit reports, social media accounts, and more. They then sell that data to advertisers, companies, or even individuals who may use it to dox somebody.
You might be surprised to see the amount of sensitive information available to anyone who wants it with an online search. Data brokers often have contact information, including real names, current and former addresses, birth dates, phone numbers, social media profiles, political affiliations, and other information that most consider private.
While you can remove your private information from many data broker sites, they tend to make the process tedious and frustrating. McAfee Personal Data Cleanup makes the process much easier. All you have to do is enter your name, date of birth, and home address, and we’ll scan it across high-risk data broker sites. We’ll then help you remove it.
Having strong passwords can make you less vulnerable to hackers and doxers. Keep yourself more secure by following a few simple rules.
Make password management much easier by using a password manager and generator tool. True Key uses the strongest encryption available to decrypt your existing passwords and can help generate new strong passwords.
When browsing on public Wi-Fi networks like those at airports and coffee shops, your data is at greater risk of being compromised by cybercriminals who may lift sensitive information for personal gain.
A virtual private network (VPN) service (like the one found in McAfee+) gives you an additional layer of protection by hiding your IP address and browsing activities when you’re on an unsecured network.
Scammers, doxers, and hackers work hard to get personal information every day. With McAfee+, you can use the internet with confidence knowing you have the support of award-winning antivirus software to keep you and your family members safe online.
Get real-time threat protection through malware detection, quarantine, and removal, and schedule real-time or on-demand file and application scanning. You’ll also benefit from an advanced firewall for home network security.
We all increasingly rely on the internet to manage our lives. As a result, it’s important to address the risks that come with the rewards.
Comprehensive cybersecurity tools like those that come with McAfee+ can help you avoid scams, doxing attacks, identity theft, phishing, and malware. We can also help keep your sensitive information off the dark web with our Personal Data Cleanup.
With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.
The post What is Doxing? appeared first on McAfee Blog.
Malicious software, or “malware,” refers to any program designed to infect and disrupt computer systems and networks. The risks associated with a malware infection can range from poor device performance to stolen data.
However, thanks to their closed ecosystem, built-in security features, and strict policies on third-party apps, Apple devices tend to be less prone to malware infections compared to their Android counterparts. But it’s important to note that they’re not completely without vulnerabilities.
Several iPhone viruses could infect your smartphone and affect its functionality, especially if you jailbreak your iPhone (that is, opening your iOS to wider features, apps, and themes).
This article covers how you can detect malware infections and how to remove viruses from your device so you can get back to enjoying the digital world.
Malware can affect your iPhone in a variety of ways. Here are a few telltale signs that your iPhone might have an unwelcome visitor.
If you notice any of the signs above, it’s a good idea to check for malware. Here are some steps you can take.
If you’ve confirmed malware on your iPhone, don’t worry. There’s still time to protect yourself and your data. Below is an action plan you can follow to remove malware from your device.
In many cases, hackers exploit outdated versions of iOS to launch malware attacks. If you don’t have the latest version of your operating system, it’s a good idea to update iOS to close this potential vulnerability. Just follow these steps:
It might sound simple, but restarting your device can fix certain issues. The system will restart on its own when updating the iOS. If you already have the latest version, restart your iPhone now.
If updating the iOS and restarting your device didn’t fix the issue, try clearing your phone’s browsing history and data. If you’re using Safari, follow these steps:
Keep in mind that the process is similar for Google Chrome and most other popular web browsers.
Malicious software, such as spyware and ransomware, often end up on phones by masquerading as legitimate apps. To err on the side of caution, delete any apps that you don’t remember downloading or installing.
The option to restore to a previous backup is one of the most valuable features found on the iPhone and iPad. Essentially, this allows you to restore your device to an iCloud backup made before the malware infection.
Here’s how:
If none of the steps above solves the problem, a factory reset might be the next order of business. Restoring your phone to factory settings will reset it to its out-of-factory configuration, deleting all of your apps, content, and settings in the process and replacing them with original software only.
To factory reset your iPhone, follow these steps:
The best way to protect your iOS device is to avoid malware in the first place. Follow these security measures to safeguard your device:
If you have an iPhone and are like most other people, you probably use your device for almost everything you do online. And while it’s amazing to have the internet in the palm of your hands, it’s also important to be aware of online threats like malware, which can put your digital life at risk.
The good news is that McAfee has your back with our award-winning and full-scale mobile security app. McAfee Mobile Security provides full protection against various types of malware targeting the Apple ecosystem. With safe browsing features, a secure VPN, and antivirus software, McAfee Security for iOS delivers protection against emerging threats, so you can continue to use your iPhone with peace of mind.
Download the McAfee Security app today and get all-in-one protection.
The post A Guide to Remove Malware From Your iPhone appeared first on McAfee Blog.
A data broker is an organization that makes money by collecting your personal information, analyzing it, and licensing it out to be used by other companies for things like marketing purposes.
Data providers gather data from many different sources to create a profile of who you are. This profile includes things like your interests, hobbies, demographics, and even the products you use.
Generally, data broker companies only deal with customers to collect information. A few of the top data brokerage companies are Epsilon, Acxiom, and Experian, but there are many data brokerages worldwide that make a hefty profit from aggregating and distributing consumers’ personal data.
This article explains everything you need to know about data brokers, including what they do, how they get your information, and what you can do to limit the data they can access from you.
There are several ways information brokers can get your information — both online and offline.
Generally, it’s legal for data brokers to get your information through public sources. However, different locations have different protections in place for consumers and different rules for how data brokers must operate.
Many countries have laws to protect consumers from having their information shared without their consent. For example, the European Union has the General Data Protection Regulation (GDPR) to protect data privacy. The GDPR says data brokers need to get consent from consumers before sharing their information. The law also gives consumers the right to demand that companies delete any personal information that they have stored.
On the other hand, the United States doesn’t have federal privacy laws protecting consumer information from data brokers. It’s up to the states to make their own laws. Some states prioritize consumer privacy more than others. For example, California has the Consumer Privacy Act, which gives customers the right to see what data a broker company has and the ability to delete it.
Typically, companies ask for consent to share your information through the fine print of their agreements. You might not be aware of how much of your personal information you’ve allowed organizations to share.
Data brokering is a huge industry. In fact, data brokers around the world bring in hundreds of billions of dollars a year. Here are some of the largest data brokerage companies that may collect your information.
By using various sources, data brokers can aggregate a lot of information about you. This information can be used to create user categories that businesses can market to. For instance, if you visit websites that sell baby products, the broker might put you into a category like “new parents.”
Some of the information that brokers collect might be things you’d like to keep private. For example, a broker might collect sensitive data about health issues, past bankruptcies, or legal issues.
Sometimes, brokers may place you in the wrong category. Let’s say you’re buying a new cookware set as a birthday gift for your mother. You check out several cooking sites before purchasing your set. If the broker sees that you’ve visited cooking sites and purchased cooking products, they may place you in a category like “cooking enthusiasts” even though you brought the gift for your mother.
Here are some personal details that a broker can collect to create a consumer profile of you:
Businesses are always looking for useful consumer information. Purchasing consumer data from brokers helps them tailor marketing campaigns to the demographics that are most likely to buy their products.
Let’s say you’re a fan of virtual reality (VR) gaming. You’ve watched countless YouTube videos about the subject, and you’ve searched Amazon for VR headsets multiple times. You’d likely be an ideal consumer for a company that manufactures VR headsets or a company that creates VR games.
Other companies might use your data for risk mitigation. For example, a bank might use your personal financial history to determine whether you’re likely to default on a mortgage loan.
There are a variety of public records and sources that data brokers can use to gather information about you. The good news is that there are some things you can do to limit the amount of personal information they can access:
There are also a few organizations you can join to protect your information:
Data brokers are always looking for ways to get their hands on your personal information. Many reasons businesses want access to your personal data aren’t malicious. They simply want to provide you with a targeted advertising experience and introduce you to products you might like.
However, the more your personal information gets shared online, the more chances cybercriminals have to get their hands on it. There might also be some sensitive information you don’t want to share with businesses in general. If you’re careful about what you post and take steps to protect your cybersecurity, you’ll greatly reduce the amount of data that a broker can collect from you.
With McAfee+, you can get a secure online experience for your whole family. Our all-in-one protection suite comes with features like a secure VPN, premium antivirus software, identity monitoring, and up to $1 million in identity insurance and restoration.
McAfee can help you safeguard data like financial records and health care information so you can have less stress online. You’re meant to enjoy the internet — and we’re here to help make that a reality.
The post What Is a Data Broker? appeared first on McAfee Blog.