How to Shop Safely This Holiday Season

Yes, there is a Cyber Grinch. In fact, you’ll find evidence of an entire host of grinches online — the cybercrooks who, with the help of AI, create millions of online scams that crop up just in time to spoil the holiday season. But you can still shop safely, with a sharp eye and the right tools at your side. 

This time of year always sees a boost in scams. After all, where shoppers go, scammers follow. Research from our McAfee Labs team found that scam volume ramps up 30% above average this time of year, kicking off in November and carrying over into the first week of the new year. 

To gain even more insight into the impact online scams have on consumers, we conducted our inaugural Global Holiday Shopping Scams Study. More than 7,000 adults in seven countries told us how scams have impacted their holidays. They also shared their feelings about the recent onset of AI-driven scams.  

The findings offer several significant insights, including the financial impact of scams, and even when and where people shop online (spoiler: that includes purchases made at the dinner table and in the bathtub).  

Let’s dig into the findings. From there, we’ll show you several ways you can stay safe while you shop online, so you can send those grinches packing. 

Holiday scam findings for 2023 

For starters, 36% of Americans said they were a victim of an online shopping scam during the holiday season. That’s more than one in three people, making it likely that you know someone who’s been taken in. Of those who fell for holiday scams online, nearly half said it cost them $100 or more. Strikingly, one in four victims said it cost them $1,000 or more. 

The top three online scams people reported include: 

1. Text messages about purchases they didn’t make (57%).
2. Fake missed delivery or fake problem with delivery notifications (56%). 
3. Bogus Amazon security alerts and notification messages about their account (43%). 

We looked at those figures more closely and found some trends that show some folks get tangled up in these scams more than others.  

Comparing men and women, 65% of men said they place the same level of trust in shopping online as they do in person. Meanwhile, women appear to be a bit more discerning. Only 46% of women said they had the same level of trust. We then found that men were nearly twice as likely to fall for an online holiday scam (46%) than women (26%).  

When looking across generations, we found that 64% of Gen Z and 77% of Millennials trust shopping online as much as in person. Likewise, they found themselves victimized by scams more often than older adults. Of the younger set, 49% of Gen Z and 65% of Millennials said they fell for a holiday scam. Compare that to only 12% of people over 50 saying the same thing. 

What’s on the mind of holiday shoppers … 

We also got some insight into people’s headspace.  

People are as deal conscious as ever, with 1 out of 3 (35%) saying they will likely jump on a bargain when they see it. They also plan to shop around; 85% of people said they will look for the best deal before buying their holiday gifts.  

It’s no surprise that 63% planned to shop online during Black Friday and Cyber Monday weekend. However, we found some surprises — namely, where they are when they shop online: 

• 41% of people said they made an online purchase during the holiday period in bed late at night when they really should be asleep.  
• 27% said they made an online purchase while at work.  
• 20% said they made an online purchase at the kitchen table during dinner. 
• 11% said they made a gift purchase while in the bath.  

 

Take all that together and it leaves the Cyber Grinch wringing his hands in delight. Bargain hunting, shopping around, and buying online when you’re somewhat distracted make it easier for scammers to pull off their tricks.  

Scammers count on the stress and pressures of holiday shopping. When people are tired or in a hurry, they tend to make mistakes. And now they’re easier to make, no thanks to the scammers who’ve picked up AI tools. 

People say AI scams will put a chill on their shopping

The bad actors out there now have AI-driven tools that help them fire up scams at alarming rates. They make it easier to create compelling fake emails, malicious sites, and text messages. In fact, a new phishing site is created every 11 seconds, and Americans receive an average of 12 fake messages or scams daily.  

On top of that, AI has made it harder than ever to tell what’s real from what’s fake. Not only have we seen a deluge of scams, but it’s also a deluge of increasingly sophisticated scams. With AI tools, scammers can make their emails, messages, and texts look and sound more convincing than ever. 

People shared their concerns about AI scams:  

• 88% of people said they think that AI tools used by cybercriminals will impact the amount and types of online scams during the holiday season.  
• 57% think that AI will make scam emails and messages more believable than ever.  
• 31% think that it will be harder to tell what’s a real message versus a fake one, such as from a retailer or delivery service.  
• 1 in 5 consumers (19%) said they don’t plan to shop online as much this year because of the increased use of AI by cybercrooks. 

Despite what we discovered in many of the findings, we have good news to share: there are tools that can help you shop safely. 

How to protect yourself from scam messages 

Think before you click. Cybercriminals use phishing emails or fake sites to lure people into clicking links that might lead to malware. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.  

Remember that if it seems too good to be true, it probably is. Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead. 

Go unlisted. Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results. 

Use AI to beat AI. From blocking dangerous links that appear in text messages, social media, or web browsers, you have AI on your side. McAfee Scam Protection automatically identifies and alerts you if it detects a dangerous URL in your text. No more wondering if a delivery message or bank notification text is real or not. McAfee’s patented AI technology instantaneously detects malicious links to stop you before you click by sending an alert message. It’ll even block risky sites if you accidentally click on a scam link in a text, email, social media, and more. You’ll find it in our online protection plans like our award-winning McAfee+ subscriptions. 

 No grinches, only grins this holiday season 

One thing that hasn’t changed this year, scammers love the holidays. Just as you’re gearing up for shopping, they’re gearing up for scamming. The hustle and bustle of the holidays, AI-driven scam tools, and malicious messages and websites seemingly play in the favor of scammers. Yet AI-driven protection like ours puts the advantage back squarely in your corner. That, and keeping your guard up for trickery, will help you steer clear of all those grinches out there this year. 

Survey methodology 

The survey, which focused on the topic of scam messages and holiday shopping, was conducted online between September 7 and September 21, 2023. 7,130 adults, age 18+, in 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study. 

The post How to Shop Safely This Holiday Season appeared first on McAfee Blog.

How to Protect Your Financial Data During Tax Season

Tax season is a prime time for cybercriminals, especially those running phishing scams to steal W-2s. With many people filing their tax returns, scammers take advantage of the rush to trick unsuspecting individuals into handing over sensitive financial data. This blog highlights the rise in tax-related cybercrime and offers practical tips to keep your information safe.

W-2 phishing scams often involve emails that appear to be from the IRS or another official source, requesting personal information. These phishing emails can be highly sophisticated, often mimicking the look and feel of legitimate communications. The goal is to trick the recipient into revealing confidential data, such as social security numbers and financial information, which the perpetrator can then use for fraudulent purposes. The first step in protecting against such scams is understanding how they work and being able to recognize the red flags.

The Anatomy of a W-2 Phishing Scam

Phishing scams are fundamentally deception tactics—disguised as legitimate correspondence, they aim to trick the recipient into parting with sensitive information. In the case of W-2 phishing scams, the perpetrator often poses as an employer, government agency, or financial institution. The message may request that the recipient update their personal information, verify their identity, or provide their W-2 form. Typically, these emails have a sense of urgency, indicating that failure to comply will result in adverse consequences.

The contents of a phishing email are often compelling and appear to be authentic. They may contain official logos, legal disclaimers, and even legitimate contact details. However, closer examination often reveals telltale signs of phishing. For example, the email address of the sender may not match the organization they claim to represent, or the message may contain poor grammar and spelling. Additionally, phishing emails often require the recipient to click a link or open an attachment—actions that could potentially install malware on the victim’s device or redirect them to a fraudulent website.

McAfee Pro Tip: Nowadays, those sneaky social engineering tricks look a lot like legit messages from well-known folks. They’re super well-crafted, with proper grammar, and seamlessly fit into everyday situations. But don’t be fooled by their slick appearance – underneath it all, they’re still after your sensitive info. Keep your personal stuff safe and sound with McAfee+ to dodge the headaches that come with social engineering.

Prevalence and Impact of W-2 Phishing Scams

Recent years have seen a significant increase in the number of reported W-2 phishing scams. According to the FBI’s Internet Crime Complaint Center (IC3), thousands of these scams occur every tax season, leading to substantial financial losses and ID theft. Not only does this affect individuals, but businesses too. In fact, some companies have reported instances where their entire workforce was targeted, resulting in massive data breaches.

The impact of falling for a W-2 phishing scam can be devastating. Once cybercriminals have gained access to your financial data, they can use it in a variety of malicious ways. This may include filing fraudulent tax returns, opening new credit accounts, or even selling the information on the black market. The recovery process from such scams can be lengthy and stressful, as victims have to prove their identity to the IRS, their bank, and credit reporting agencies. Additionally, they need to monitor their financial activity closely for signs of any further unauthorized transactions or fraudulent activities.

→ Dig Deeper: Watch Out For IRS Scams and Avoid Identity Theft

Best Practices to Avoid W-2 Phishing Scams

Given the prevalence and potential impact of W-2 phishing scams, it’s crucial to take steps to protect yourself. One of the most effective strategies is to improve your digital literacy, namely your ability to identify and respond appropriately to phishing attempts. This includes being skeptical of unsolicited emails, especially those that ask for personal or financial information. Always verify the sender’s identity before responding or clicking any links. Remember, legitimate organizations rarely request sensitive information via email.

Another important safeguard is to ensure your computer and mobile devices are protected with up-to-date security software. This can help identify and block potential phishing emails and malicious links. Further, regularly backing up data can help mitigate the potential damage caused by a successful breach. Consider using a secure cloud service or an external storage device for this purpose.

Next is to file your tax returns as early as possible. By doing so, you can beat the scammers who might make an attempt to file a fraudulent tax return in your name. Additionally, if you receive an email that appears suspicious, do not click on the links or download the attachments included in that email. Instead, forward the suspicious email to phishing@irs.gov.

Finally, two-factor authentication (2FA) is another excellent way to safeguard your data. By enabling 2FA, you are adding an extra layer of security that makes it harder for cybercriminals to access your data even if they get your password. Additionally, always be cautious about sharing your personal and financial information online. Make sure that you only enter such information on secure websites – those with ‘https://’ in the URL. Regularly check your financial accounts for any suspicious activity and report immediately to your bank if you notice anything unusual.

What to Do If You Fall Victim to a W-2 Scam

If you believe you have fallen victim to a W-2 phishing scam, it is crucial to act quickly. If you have divulged your social security number, contact the IRS immediately. They can aid you in taking steps to prevent potential tax fraud. Additionally, it would be wise to file an identity theft affidavit (Form 14039) with the IRS. This form alerts the IRS to the theft of your identity and allows them to secure your tax account.

Additionally, you should report the phishing scam to the Federal Trade Commission (FTC) using the FTC Complaint Assistant at FTC.gov. If you have clicked on a link or downloaded a suspicious attachment, run a full antivirus scan to check for malware. You should also consider placing a fraud alert or a credit freeze on your credit reports, which makes it harder for someone to open a new account in your name. Finally, you should check your credit reports frequently for any signs of fraudulent activity.

→Dig Deeper: Credit Lock and Credit Freeze: Which Service Is Best for You? Both!

Final Thoughts

Protecting your financial data during tax season is crucial, and being aware of phishing scams can save you from a world of trouble. By understanding the nature of W-2 phishing scams and implementing the above-mentioned best practices, you can keep your sensitive information safe. Remember to always be skeptical of unsolicited emails and never share personal or financial information unless you can confirm the legitimacy of the request. By doing so, you will not only protect yourself but also contribute to the collective fight against cybercrime.

Protecting your W-2 information during tax season is not a one-time effort but a continuous process. Always stay vigilant, and remember that it’s better to be safe than sorry. If you ever suspect that you have become a victim of a W-2 phishing scam, take prompt action by reporting it to the relevant authorities and taking necessary measures to mitigate possible damages. The key to staying safe is staying informed, vigilant, and prepared.

The post How to Protect Your Financial Data During Tax Season appeared first on McAfee Blog.

You Don’t Need to Turn Off Apple’s NameDrop Feature in iOS 17

Yes, your iPhone automatically turns on NameDrop with the latest software update. But you shouldn’t really be worried about it—regardless of what the police are saying.

How to Protect Kids From Harmful Online Content

November 20 is World Children’s Day, a day that celebrates “international togetherness, awareness among children worldwide, and improving children’s welfare.” Highlights from last year’s celebration show the remarkable effort so many put into broadcasting their commitment to protecting children. However, the volume of online homages to the world’s youth also underscores how daunting the task of keeping children safe can be. The internet can bring a community together as it has over this event; it is also where many criminals and predators operate.   

Statistics from the Global Cybersecurity Forum (GCF) show the risk that digital life may pose for kids. Nearly three-quarters of children have experienced at least one type of cyberthreat. Inappropriate ads, images, content, and phishing attempts find children even when they’re not attempting to dodge parental controls. For parents, the thrust of International Children’s Day is an ongoing adventure, wherein they often struggle to provide the safe online learning environment their children need to thrive. To celebrate this year’s day of awareness, we’re sharing six tips for ensuring a more private and safe digital life for kids.   

1. Encourage children to talk about their encounters with you 

According to GCF data, 83% of children claimed they would alert their parents if they experienced an online threat. Yet only four in 10 parents surveyed said their child had ever expressed concerns to them about inappropriate content. If parents want to make their child’s internet time safer, they can focus on making conversations about online content comfortable. When parents know their children are experiencing threats online, they will be better equipped to do something about those threats.   

Remember, sometimes children can be exposed to traumatic content even if they follow your guidelines and go online with parental controls. Here are some additional tips for talking to your child about some of the content they may see online.  

2. If you see something, say something 

On plenty of occasions, online threats children experience likely do not require the involvement of law enforcement or similar entity. When online threats involve malicious or solicitous content, it can warrant reporting the incident. Most parents (56%) tend to simply delete content rather than report said content to the police (41%) or inform schools, when appropriate (34%). If parents want transparency from their children, they may consider practicing a bit more transparency themselves, especially when it comes to encounters that may represent criminal acts.  

3. Limit screen time altogether 

More than 80% of children go online daily, and 36% spend 3-5 hours online in a normal day. In the digital age that has seen a large uptick in digital learning, it’s tough to keep kids away from screens. But the easiest way to ensure kids remain safe from online threats is to limit their screen time altogether. That’s an easier-said-than-done task to be sure. If parents can find ways to decrease the amount of daily time kids spend behind screens, it will reduce the amount of time they’re available to be targeted by bad actors or inappropriate content.  

4. Demonstrate social media security 

Social media, one of the most popular online activities, is a popular way for younger generations to interact with one another. Built-in messaging on social media apps gives kids a place to message each other that’s one layer removed from text messages that parents may see. Social media has also made inappropriate content more accessible and gives hackers and other bad actors anonymity. Given that 36% of kids report coming across inappropriate images or content, and nearly 20% encounter hacking or phishing attempts when online, it’s not surprising that parents are worried about the social media content their children consume.  

Parents can educate their children about more secure social media behavior. Creating awareness of potential scams in their children starts with strong passwords, locked accounts, and reminding them not to click on links from or interact with accounts of people they don’t know.  

5. Enable parental controls 

This may seem like an obvious safeguard against disturbing online content, but not every app, browser or device’s parental controls settings are obvious. Some portals to the internet have more granular settings and others are a bit higher-level, so creating a hermetic seal around kids’ environment can be challenging depending on how they get online and what they access when they get there. Devices like iPhones and major internet companies like Google and YouTube have pretty robust parental control settings to block mature content or remotely limit screen time. Some social media apps also have controls parents can adjust to reduce the likelihood strangers find their child’s account.  

 6. Install software like browser plugins and/or VPNs 

Most browsers offer a library of plugins that allow parents to cast a web around potentially harmful content. Ad blockers can keep ads with mature content off of websites, and parental-control plugins can establish browsing controls so that kids can’t even navigate to places inappropriate content is more likely to be. Some plugins block website URLs or entire domains, rendering those destinations unnavigable.  

There are also many affordable VPNs on the market for parents. Most VPNs can do things like encrypt internet connections or obscure IP addresses and locations, making overarching internet connections safer and more private.   

Protecting children from online threats is an ongoing endeavor 

The UN established World Children’s Day to commemorate both the Declaration of the Rights of the Child, as well as the Convention on the Rights of the Child as guidelines for how to provide for and protect international children. Parents don’t need to wait for the calendar to turn to November to create a safer digital world for their families. These steps for protecting kids from malicious or inappropriate online content are not exhaustive but do provide a strong framework for adults who aren’t sure how to contend with the vast volume of information the world wide web generates.    

For those who want to introduce another obstacle between kids and inappropriate content, there’s always something like McAfee+ Family Plans. McAfee+ Family plans add protection against everything from unwanted content via parental controls to identity monitoring and social media privacy management. It’s an all-in-one way to make it that much more unlikely children encounter online content they shouldn’t.  

The post How to Protect Kids From Harmful Online Content appeared first on McAfee Blog.

How to Get Facebook Without Ads—if It’s Available for You

Meta now offers users an ad-free option, but it’s only available in Europe for those who can afford the €10-a-month subscription.

How to Protect Your Mobile Device From Loss and Theft

In the ever-growing digital age, our mobile devices contain an alarming amount of personal, sensitive data. From emails, social media accounts, banking applications to payment apps, our personal and financial lives are increasingly entwined with the convenience of online, mobile platforms. However, despite the increasing threat to cyber security, it appears many of us are complacent about protecting our mobile devices.

Survey revealed that many mobile users still use easy-to-remember and easy-to-guess passwords. With such an increasing dependence on mobile devices to handle our daily tasks, it seems unimaginable that many of us leave our important personal data unguarded. Theft or loss of an unsecured mobile device can, and often does, result in a catastrophic loss of privacy and financial security.

Mobile Device Security

The unfortunate reality of our digital era is that devices are lost, misplaced, or stolen every day. A mobile device without password protection is a gold mine for anyone with malicious intent. According to a global survey by McAfee and One Poll, many consumers are largely unconcerned about the security of their personal data stored on mobile devices. To illustrate, only one in five respondents had backed up data on their tablet or smartphone. Even more concerning, 15% admitted they saved password information on their phone.

Such statistics are troubling for several reasons. The most obvious is the risk of personal information —including banking details and online login credentials— falling into the wrong hands. A lost or stolen device is not just a device lost— it’s potentially an identity, a bank account, or worse. The lack of urgency in securing data on mobile devices speaks to a broad consumer misunderstanding about the severity of the threats posed by cybercriminals and the ease with which they can exploit an unprotected device.

→ Dig Deeper: McAfee 2023 Consumer Mobile Threat Report

The Gender Disparity in Mobile Device Security

Perhaps one of the most surprising findings of the survey is the difference in mobile security behaviors between men and women. This difference illustrates not just a disparity in the type of personal information each group holds dear, but also the degree of risk each is willing to accept with their mobile devices.

Broadly speaking, men tend to place greater value on the content stored on their devices, such as photos, videos, and contact lists. Women, on the other hand, appear more concerned about the potential loss of access to social media accounts and personal communication tools like email. They are statistically more likely to experience online harassment and privacy breaches. This could explain why they are more concerned about the security of their social media accounts, as maintaining control over their online presence can be a way to protect against harassment and maintain a sense of safety.

The loss of a mobile device, which for many individuals has become an extension of their social identity, can disrupt daily life significantly. This distinction illustrates that the consequences of lost or stolen mobile devices are not just financial, but social and emotional as well.

Risky Behaviors Persist

Despite the differences in what we value on our mobile devices, the survey showed a worrying level of risky behavior from both genders. Over half (55%) of respondents admitted sharing their passwords or PIN with others, including their children. This behavior not only leaves devices and data at risk of unauthorized access but also contributes to a wider culture of complacency around mobile security.

Password protection offers a fundamental layer of security for devices, yet many people still choose convenience over safety. Setting a password or PIN isn’t a failsafe method for keeping your data safe. However, it is a simple and effective starting point in the broader effort to protect our digital lives.

→ Dig Deeper: Put a PIN on It: Securing Your Mobile Devices

Steps to Mobile Device Security

While the survey results raise an alarm, the good news is that we can turn things around. It all begins with acknowledging the risks of leaving our mobile devices unprotected. There are simple steps that can be taken to ramp up the security of your devices and protect your personal information.

First and foremost, password-protect all your devices. This means going beyond your mobile phone to include tablets and any other portable, internet-capable devices you may use. And, while setting a password, avoid easy ones like “1234” or “1111”. These are the first combinations a hacker will try. The more complex your password is, the sturdier a barrier it forms against unauthorized access.

Another important step is to avoid using the “remember me” function on your apps or mobile web browser. Although it might seem convenient to stay logged into your accounts for quick access, this considerably amplifies the risk if your device gets stolen or lost. It’s crucial to ensure you log out of your accounts whenever not in use. This includes email, social media, banking, payment apps, and any other accounts linked to sensitive information.

McAfee Pro Tip: If your phone is lost or stolen, employing a combination of tracking your device, locking it remotely, and erasing its data can safeguard both your phone and the information it contains. Learn more tips on how to protect your mobile device from loss and theft.

Sharing your PIN or password is also a risky behavior that should be discouraged. Admittedly, this might be challenging to implement, especially with family members or close friends. But the potential harm it can prevent in the long run far outweighs the temporary convenience it might present.

Investing in Mobile Security Products

Having highlighted the importance of individual action towards secure mobile practices, it’s worth noting that investing in reliable security software can also make a world of difference. A mobile security product like McAfee Mobile Security, which offers anti-malware, web protection, and app protection, can provide a crucial extra layer of defense.

With app protection, not only are you alerted if your apps are accessing information on your mobile that they shouldn’t, but in the event that someone does unlock your device, your personal information remains safe by locking some or all of your apps. This means that even if your device falls into the wrong hands, they still won’t be able to access your crucial information.

It’s also critical to stay educated on the latest ways to protect your mobile device. Cyber threats evolve constantly, and awareness is your first line of defense. McAfee has designed a comprehensive approach to make the process of learning about mobile security not just informative but also engaging. Our array of resources includes a rich repository of blogs, insightful reports, and informative guides. These materials are meticulously crafted to provide users with a wealth of knowledge on how to protect their mobile devices, ensuring that the learning experience is not only informative but also engaging and enjoyable.

Final Thoughts

While the current state of mobile device security may seem concerning, it’s far from hopeless. By incorporating simple security practices such as setting complex passwords and avoiding shared access, we can significantly reduce the risk of unauthorized data access. Additionally, investing in trusted mobile security products like McAfee Mobile Security can provide a robust defense against advancing cyber threats. Remember, our digital lives mirror our real lives – just as we lock and secure our homes, so too must we protect our mobile devices.

The post How to Protect Your Mobile Device From Loss and Theft appeared first on McAfee Blog.

Does PC Cleaning Improve Performance?

Yes, giving your PC a good, old-fashioned cleaning can improve its performance. And it only takes minutes.

For the most part, PCs don’t slow down on their own over time. It’s the way we amass apps, files, and services that slows things down as your PC ages.

A few examples come to mind:

• We create files, which take up increasing amounts of disk space.
• Windows creates temporary files, hidden files, and others that can be deleted.
• We accumulate apps, plenty of which we don’t need or use anymore.
• Windows further accumulates background services and other processes that reduce performance.

So, if your PC is feeling a bit sluggish — or if you’ve never cleaned your PC before — you have a few options to speed things up.

How to speed up your computer

Start by backing up your files and photos

Any time you do some upkeep on your PC, back up your stuff. Given that so many of us store our files and photos in the cloud, this step is easy. You already have backups. Give those files a quick review and make sure what you need is backed up in the cloud.

You can also create a physical backup. An external drive can store those files as well, giving you extra redundancy. With your backup in hand, you can store it securely elsewhere in the event you need it.

Delete old apps

Drop over to your Windows search bar and type in “Storage.” That’ll take you to a screen that gives some solid insight into what your drive space looks like.

The great thing about this screen is that you can jump right in and get to work. For example, by clicking the “Apps & features” option, you get a list of all your apps stored on that drive. And with a click, you can delete the old ones you don’t want.

This does you well in a couple of ways. One is the obvious disk space you regain. The second is a bit more subtle. Older apps might go without an update, which can lead to security loopholes that hackers can exploit. Remove the old app, and you remove the loophole.

Remove temporary files

From the same menu, you can click and see how much space temporary files are taking up. You’ll likely see several categories of temporary files that you can delete. Take close note, though. While temporary, some of them still offer benefits. For example, you might want to keep “Windows update log files,” in the event you ever need to troubleshoot Windows.

Clear your browser cache and cookies

This one is a bit of a double-edged sword. Your cache and cookies make many web pages load faster. By storing images, preferences, and other info, cookies speed up load times. However, as months go by, cookie data can get bloated. If the disk space they use looks a little high to you, clean them out. You can do this in Windows by typing “Cookies” in your search bar. Additionally, you can clear it from your browser’s menu.

Important: This can remove any saved passwords stored in your browser. However, if you’re using a password manager, this isn’t a worry. The manager does the remembering for you.

Shut off startup apps that slow you down

Windows runs several apps on startup, some of which you certainly need, like antivirus apps or online protection software. Others might find themselves in that mix too, with apps that you don’t need running right away. These can slow down startup and eat up resources.

Head to your Windows search bar and type “Startup.” When the result pops up, select “Startup Apps.” From there, you’ll see a list of all your startup apps. You’ll also see a quick readout on each app that shows its impact on performance. Scroll through and click off the apps you don’t want to load at startup. Consider them carefully, though. If you’re uncertain of what a startup app does, do a web search on it before making any changes. Or just leave it alone.

Completely erase sensitive files

You’d think that deleting files in the recycle bin erases them entirely. Not so. It removes the “pointer” to those files. The data remains on the drive. It only gets removed when something new overwrites it. Which can take time.

To completely erase files with sensitive info, use a product like our own File Shredder. It permanently deletes files, and you find it in our McAfee+ plans. Although this doesn’t necessarily improve performance, it helps prevent identity theft.

Consider a deeper clean with a PC Optimizer

PC cleaning software, like McAfee PC Optimizer, simplifies the process of cleaning your PC. These programs are designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry, often at the press of a button. It’s crucial, though, to choose reliable and safe PC cleaning software. Some can be excessive, doing more harm than good, or even carry malware. Reading reviews and understanding what each feature does is important before using PC cleaning software.

These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time, and freeing you from the hassle of remembering to run the cleanup.

A clean slate for you and your PC

Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity.

It’s important to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee+ can simplify the process and save time.

Regular cleaning keeps your PC running smoothly, prevents potential threats, and ensures your personal and sensitive info is safe. So, if you haven’t started yet, it’s never too late to begin cleaning your PC and enjoy an optimized computing experience.

The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.

How to Look Out For Scams on Facebook Marketplace

Reels of another kind rack up the views online. Stories about Facebook Marketplace scams. 

Recently, TikTok’er Michel Janse (@michel.c.janse) got well over a million views with a most unusual story about selling furniture on Facebook Marketplace—and how it led to identity theft. 

@michel.c.janse

oops dont fall for this scam like me

♬ original sound – Michel Janse

The story goes like this: 

A buyer reached out about the furniture Michel was selling, expressed interest, and then hesitated. Why the cold feet? The buyer wanted to speak to Michel on the phone to confirm that Michel was a real person. “Are you OK if I voice call you from Google?” Michel agreed, sent her number, and soon received a text with a Google Voice code. The buyer asked for the code, and as soon as Michel sent it, she got that sinking feeling. “I should have Googled before I did, because something feels really off.” 

As she found out, it was. The scammer ghosted the conversation and ran off with the verification code. 

This is a variation of the “Verification Code Scam,” where scammers ask you to send them that six-digit code you receive as part of an account login process. Here, scammers send a text message with a Google Voice verification code and ask you to send them that code. With it, they can create a Google Voice number linked to your phone number—and go on to commit other forms of identity theft in your name. 

It happens so often that the U.S. Federal Trade Commission (FTC) has a page dedicated to the topic. Luckily, Michel got wise quickly enough. She quickly asked for another code and took back charge of that newly created Google Voice account. 

This is just one of the many scams lurking about on Facebook Marketplace. Largely, Facebook is a great place packed with lots of great deals, yet you can get stung. But if you know what to look out for, you can spot those scams and steer clear of them when you do. 

The top scams on Facebook Marketplace to look out for. 

As the saying goes, buyer beware. And seller too. Scammers weasel their way into both ends of a transaction. Per Facebook, in addition to phishing attacks, scams on Facebook Marketplace take three primary forms: 

A buyer scam is: When someone tries to buy or trade items from someone else without paying, resulting in a loss of money for the seller and a gain for the buyer. This might look like a buyer who: 

• Reports their transaction as fraud after they receive the item(s) from you. 

• Claims they never received the item(s) from you when they did. 
• Doesn’t pay for an item that they received. 

An example, a scammer sends a seller a pre-paid shipping label to mail the item. Then they change the address via their tracking number and claim they never received the goods.  

A seller scam is: When someone tries to sell or trade items to someone else without delivering the items as promised, resulting in a gain of money for the seller and a loss for the buyer. This might look like a seller who: 

• Purposely sends you something significantly different than what you paid for. Example: someone sells you a used item that they listed as “new” on Facebook Marketplace. 

• Claims they shipped the item(s) to you when they didn’t. 
• Asks you to send them money as a deposit for a high-value item without letting you confirm it’s real first. 

An example, a scammer offers up a game console—one that doesn’t work when you take it home and plug it in. 

A listing scam is: When a listing appears to be dishonest, fake, or lures buyers to complete transactions outside Facebook Marketplace. This might look like a listing: 

• Of a product with a suspiciously low price on Facebook Marketplace. This can be a sign that it’s a fake item or listing. 

• With a description encouraging buyers to reach out to the seller outside Marketplace. 

An example, you see a great price on a commuter bike, yet the seller wants to complete the transaction over text. And using a payment form not covered by Facebook’s purchase protection policies, such as Venmo or Zelle. 

Shopping safely and scam-free on Facebook Marketplace. 

Like any transaction you make through social media, a few extra steps and a dose of buyer or seller beware can help you make a great purchase or sale. One that’s safe. 

• Check out the person’s profile: Michel mentioned getting a “vibe check” from her buyer by looking at their profile. Take it a step further and investigate closely. While not foolproof, it can help you spot an obvious fake account. Look for an account that’s only recently been created or that has next to no other activity. Those might be red flags. Also, try a reverse-image search of the person’s profile picture. Some scammers pull stock photos and other pictures off the internet to round out their bogus Facebook profiles. 

• Consider doing your deals locally: Many of the scams listed above rely on items that are shipped. By shopping locally, you can inspect the item you’d like to purchase and get a sense if it’s a deal or not. For example, you could ask the seller to show that the game console you want to buy actually works. Likewise, you can avoid all manner of shipping-based scams on Facebook by conducting your transaction in person. 

• Deal in public or with a pal: When selling or making a purchase, do it somewhere safe—one that’s well-lit and has some people around, if at all possible. Also, bring a friend and let others know where you’re going and what you’re doing. 

• Stick with Facebook Marketplace: If you choose to purchase an item that’s shipped, conduct your transaction on Facebook. By using its approved payment methods, you can gain the purchase protections mentioned above. Don’t use online payment methods like Zelle or Venmo, which aren’t protected by Facebook currently. 

• Document the transaction: Save any communications with your buyer or the seller in the event there is an issue. Keeping communications on Facebook provides an excellent record of your interactions in the event you end up getting scammed. 

Ugh! I got scammed on Facebook! Now what? 

You can take three big steps to help set things straight. 

1. The first step involves filing a police report. That in itself might not resolve the issue, yet it’ll get you a case number that you can reference in your claims moving forward. It provides law enforcement with knowledge that a crime has taken place, along with important data and info that they can use moving forward. 
2. Also report the scam to the Federal Trade Commission (FTC) at https://reportfraud.ftc.gov. Likewise, this provides the FTC with vital info that helps them track trends and that it can share with its law enforcement partners. For example, scammers often run in rings. Data can help identify and shut them down. 
3. Next, report your scam to Facebook. Make your claim, provide your records, and see about getting a refund. Also notify Facebook of the scammer’s account so that they can take action against it as needed. Whether it’s a seller, buyer, or listing you want to report, Facebook has full instructions for reporting scams on its site. 

Stay safer still from scammers online. 

Whether shopping on Facebook Marketplace or off, a combination of online protection software and smart habits can help you avoid getting scammed. Further, online protection can provide you with yet more ways of preventing and recovering from identity theft. 

• Use two-form authentication—and never share your number with anyone. Two-factor authentication makes it tougher to hack into an online account by using a six-digit code as part of the login process. Hackers know this and will try and hoodwink you into providing it. Just as Michel found out. Keep that number to yourself. Always. 

• Use a credit card rather than a debit card for purchases. When fraud occurs with a debit card, you fight to get your money back—it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit. Additionally, in the U.S., the Fair Credit Billing Act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.  
• Monitor your credit, transactions, and personal info online. That was once quite the task. Now, comprehensive online protection software like ours can do all that for you. And then some. It can prevent identity theft by cleaning up your personal info and old accounts online. It can notify you when unusual activity occurs in bank, credit, retirement, and other online accounts. If your info winds up on the dark web, it can alert you of that too, and offer next steps for action. And if you do end up as a victim of identity theft, a licensed restoration pro can help you recover—plus provide covers that can help recover your losses.  

Scams are crimes. And you can prevent them. 

We’d like to thank Michel and all the others who have shared their stories. Getting scammed stings. That’s why people often fail to report it, let alone share that it happened to them. Yet scams are crimes. Without question, act and report on a scam for the crime that it is. Get the proper platforms and authorities involved. 

Keep in mind the larger picture as well. Scams aren’t always one-offs. Organized crime gets in on scams as well, sometimes on a large scale. By acting and reporting on scams, you provide those platforms and authorities mentioned above with vital info that can help them shut it down. 

Your best defenses are your nose and your online protection software. As Michel said, something felt off in her interaction. So, if something doesn’t pass the sniff test, pay attention to that instinct. Shut down that purchase or sale on Facebook Marketplace—and report it if you think it’s a scam. You might save someone else some heartache down the road. 

The post How to Look Out For Scams on Facebook Marketplace appeared first on McAfee Blog.

How to Win the Battle Against Deepfakes and Malware

As AI deepfakes and malware understandably grab the headlines, one thing gets easily overlooked—AI also works on your side. It protects you from fraud and malware as well.  

For some time now, we’ve kept our eye on AI here at McAfee. Particularly as scammers cook up fresh gluts of AI-driven hustles. And there are plenty of them.  

We’ve uncovered how scammers need only a few seconds of a voice recording to clone it using AI—which has led to all manner of imposter scams. We also showed how scammers can use AI writing tools to power their chats in romance scams, to the extent of writing love poems with AI. Recently, we shared word of fake news sites packed with bogus articles generated almost entirely with AI. AI-generated videos even played a role in a scam for “Barbie” movie tickets. 

Law enforcement, government agencies, and other regulatory bodies have taken note. In April, the U.S. Federal Trade Commission (FTC) warned consumers that AI now “turbocharges” fraud online. The commission cited a proliferation of AI tools can generate convincing text, images, audio, and videos.  

While not typically malicious in and of themselves, scammers twist these technologies to bilk victims out of their money and personal information. Likewise, just as legitimate application developers use AI to create code, hackers use AI to create malware. 

There’s no question that all these AI-driven scams mark a major change in the way we stay safe online. Yet you have a powerful ally on your side. It’s AI, as well. And it’s out there, spotting scams and malware. In fact, you’ll find it in our online protection software. We’ve put AI to work on your behalf for some time now. 

With a closer look at how AI works on your side, along with several steps that can help you spot AI fakery, you can stay safer out there. Despite the best efforts of scammers, hackers, and their AI tools. 

AI in the battle against AI-driven fraud and malware. 

One way to think about online protection is this: it’s a battle to keep you safe. Hackers employ new forms of attack that try to work around existing protections. Meanwhile, security professionals create technological advances that counter these attacks and proactively prevent them—which hackers try to work around once again. And on it goes. As technology evolves, so does this battle. And the advent of AI marks a decidedly new era in the struggle. 

As a result, security professionals also employ AI to protect people from AI-driven attacks.  

Companies now check facial scans for skin texture and translucency to determine if someone is using a mask to trick facial recognition ID. Banks employ other tools to detect suspicious mouse movements and transaction details that might be suspicious. Additionally, developers scan their code with AI tools to detect vulnerabilities that might lurk deep in their apps—in places that would take human teams hundreds, if not thousands of staff hours to detect. If at all. Code can get quite complex. 

For us, we’ve used AI in our online protection for years now. McAfee has used AI for evaluating events, files, and website characteristics. We have further used AI for detection, which has proven highly effective against entirely new forms of attack.  

We’ve also used these technologies to catalog sites for identifying sites that host malicious files or phishing operations. Moreover, cataloging has helped us shape out parental control features such that we can block content based on customer preferences with high accuracy.  

And we continue to evolve it so that it detects threats even faster and yet more accurately than before. Taken together, AI-driven protection like ours quashes threats in three ways:  

1.  It detects suspicious events and behaviors. AI provides a particularly powerful tool against entirely new threats (also known as zero-day threats). By analyzing the behavior of files for patterns that are consistent with malware behavior, it can prevent a previously unknown file or process from doing harm.  
   
2.  It further detects threats by referencing known malware signatures and behaviors. This combats zero-day and pre-existing threats alike. AI can spot zero-day threats by comparing them to malware fingerprints and behaviors it has learned. Similarly, its previous learnings help AI quickly spot pre-existing threats in this manner as well.   
3.  It automatically classifies threats and adds them to the body of threat intelligence. AI-driven threat protection gets stronger over time. The more threats it encounters, the more rapidly and readily it can determine if files are malicious or benign. Furthermore, AI automatically classifies threats at a speed and scale unmatched by traditional processes. The body of threat intelligence improves immensely as a result.  

What does AI-driven protection look like for you? It can identify malicious websites before you can connect to them. It can prevent new forms of ransomware from encrypting your photos and files. And it can keep spyware from stealing your personal information by spotting apps that would connect them to a bad actor’s command-and-control server.  

As a result, you get faster and more comprehensive protection with AI that works in conjunction with online protection software—and our security professionals develop them both.   

Protect yourself from AI voice clone attacks. 

Yet, as it is with any kind of scam, it can take more than technology to spot an AI-driven scam. It calls for eyeballing the content you come across critically. You can spot an AI-driven scam with your eyes, along with your ears and even your gut. 

Take AI voice clone attacks, for example. You can protect yourself from them by taking the following steps: 

1. Set a verbal codeword with kids, family members, or trusted close friends. Make sure it’s one only you and those closest to you know. (Banks and alarm companies often set up accounts with a codeword in the same way to ensure that you’re really you when you speak with them.) Ensure everyone knows and uses it in messages when they ask for help. 
2. Always question the source. In addition to voice cloning tools, scammers have other tools that can spoof phone numbers so that they look legitimate. Even if it’s a voicemail or text from a number you recognize, stop, pause, and think. Does that really sound like the person you think it is? Hang up and call the person directly or try to verify the information before responding.  
3. Think before you click and share. Who is in your social media network? How well do you really know and trust them? The wider your connections, the more risk you might be opening yourself up to when sharing content about yourself. Be thoughtful about the friends and connections you have online and set your profiles to “friends and families” only so that they aren’t available to the greater public. 
4. Protect your identity. Identity monitoring services can notify you if your personal information makes its way to the dark web and provide guidance for protective measures. This can help shut down other ways that a scammer can attempt to pose as you. 
5. Clear your name from data broker sites. How’d that scammer get your phone number anyway? Chances are, they pulled that information off a data broker site. Data brokers buy, collect, and sell detailed personal information, which they compile from several public and private sources, such as local, state, and federal records, in addition to third parties. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info. 

Three ways to spot AI-generated fakes.   

As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images a clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.   

Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following:  

1) Consider the context   

AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information — like date, time, and place of publication, along with the author’s name.   

2) Evaluate the claim  

Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking.  

3) Check for distortions  

The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them — or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.   

AI is on your side in this new era of online protection. 

The battle between hackers and the people behind online protection continues. And while the introduction of AI has unleashed all manner of new attacks, the pattern prevails. Hackers and security professionals tap into the same technologies and continually up the game against each other. 

Understandably, AI conjures questions, uncertainty, and, arguably, fear. Yet you can rest assured that, behind the headlines of AI threats, security professionals use AI technology for protection. For good. 

Yet an online scam remains an online scam. Many times, it takes common sense and a sharp eye to spot a hustle when you see one. If anything, that remains one instance where humans still have a leg up on AI. Humans have gut instincts. They can sense when something looks, feels, or sounds …off. Rely on that instinct. And give yourself time to let it speak to you. In a time of AI-driven fakery, it still stands as an excellent first line of defense. 

The post How to Win the Battle Against Deepfakes and Malware appeared first on McAfee Blog.

How to Stop Google Bard From Storing Your Data and Location

Checking out this AI chatbot's new features? Make sure to keep these privacy tips in mind during your interactions.

How to Talk To Your Kids About Identity Theft

Let’s be honest, talking to your kids about identity theft isn’t probably top of your list. There’s a long list of topics to cover off when you are a parent. But if you take a minute to picture someone stealing your child’s identity or using their personal information to take out a loan for a shiny new car then you’ll probably want to move it closer to the top of your parenting to-do list!

What Is Identity Theft?

Identity theft occurs when a person’s personal identifying information is used without their permission, usually to commit fraud by making unauthorised purchases or transactions. Identity theft can happen in many ways, but its victims are usually left with significant damage to their finances, credit score, and even their mental health.

Most people associate identity theft with data breaches – think Optus, Latitude Financial, and Medibank – however, there are many more ways that scammers can get their hands on your personal identifying details. They can use ‘phishing’ emails to get information from you, do a deep dive on your social media accounts to find identifying information in posts or photos, hack public Wi-Fi to access any information you share, or simply, steal your wallet or go through your trash!!

How Big An Issue Is It Really?

In short, it’s a big problem – for both individuals and organisations. And here are the statistics:

• 94,000 cybercrime reports were made in the 2022/23 financial year, an increase of nearly 13% from the previous year, according to The Annual Cyber Threat Report by The Australian Cyber Security Centre (ACSC).
• A recent study by The Australian Cybercrime Survey showed that 31% of respondents had experienced identity crime in their lifetime and 20% within the previous 12 months. Just under half of the victims reported that they had noticed suspicious transactions on their bank statements. Although 25% of respondents couldn’t identify how their information was stolen, 16% attributed it to the hacking of a computer or device.
• 10 million Australians had their personal details stolen in the Optus data breach in September 2022.
• 7 million Australians also had personal data stolen in the Medibank data breach in October 2022.
• 14 million Australians had their personal information stolen in the Latitude Financial data breach in March 2023.

How Do You Know If You’re a Victim?

One of the biggest issues with identity theft is that you often don’t immediately know that you’re a victim. In some cases, it might take weeks before you realise that something is awry which unfortunately, gives the thief a lot of time to wreak havoc! Some of the signs that something might be wrong include:

• Unfamiliar charges to your bank account
• Calls and texts about products or services that you’ve never used
• You’re denied credit
• Strange emails in your inbox
• Not receiving expected mail
• Unexpected calls or letters from debt collectors

What To Do If You Think You’re a Victim

The key here is to act as soon as you believe you are affected. Don’t stress that there has been a delay in taking action – just take action now! Here’s what you need to do:

1. Call Your Bank

Your first call should be to your bank so they can block the affected account. The aim here is to prevent the scammer from taking any more money. Also remember to block any cards that are linked to this account, either credit or debit.

2. Change Your Passwords

If your identity has been stolen then it’s highly likely that the scammer knows your passwords so change the passwords for the affected accounts straight away!! And if you have used this same password on any other accounts then change these also. If you can’t remember, you can always reset the passwords on key accounts just to be safe.

3. Report It

It may feel like a waste of time reporting your identity theft, but it is an important step, particularly as your report becomes a formal record – evidence you may need down the track. It may also prevent others from becoming victims by helping authorities identify patterns and hopefully, perpetrators.  If you think your personal identifying information has been used, report it to the Australian authorities at ReportCyber.

4. Make a Plan

It’s likely you’re feeling pretty overwhelmed at what to do next to limit the damage from your identity theft – and understandably so! Why not make a contract with IDCARE? It’s a free service dedicated to assisting victims of identity theft – both individuals and organisations – in Australia and New Zealand.

How Do We Talk To Our Kids About It?

If there is one thing I have learned in my 20+ years of parenting, it is this. If you want to get your kids ‘onboard’ with an idea or a plan, you need to take the time to explain the ‘why’. There is absolutely no point in asking or telling them to do something without such an explanation. It is also imperative that you don’t lecture them. And the final ingredient? Some compelling statistics or research – ideally with a diagram – my boys always respond well to a visual!

So, if you haven’t yet had the identity theft chat with your kids then I recommend not delaying it any further. And here’s how I’d approach it.

Firstly, ensure you are familiar with the issue. If you understand everything I’ve detailed above then you’re in good shape.

Secondly, arm yourself with relevant statistics. Check out the ones I have included above. Why not supplement this with a few relevant news stories that may resonate with them? This is your ‘why’.

Thirdly, focus on prevention. This needs to be the key focus. But don’t badger or lecture them. Perhaps tell them what you will be doing to minimise the risk – see below for your key ‘hot tips’ – you’re welcome!

What You Can Do To Manage Identity Theft?

There are a few key things that you can do today that will both minimise your risk of becoming a victim and the consequences if you happen to be caught up in a large data breach.

1. Passwords

Managing passwords for your online accounts is one of the best risk management strategies for identity theft. I know it’s tedious, but I recommend creating a unique and complex 10+ digit password for each of your online accounts. Tricky passwords make it harder for someone to get access to your account. And, if you use the same login details for each of your online accounts – and your details are either leaked in a data breach or stolen – then you could be in a world of pain. So, take the time to get your passwords sorted out.

2. Think Before You Post

Sharing private information about your life on social media makes it much easier for a scammer to steal your identity. Pet names, holiday destinations, and even special dates can provide clues for passwords. So, lock your social media profiles down and ensure your privacy settings are on.

3. Be Proactive – Monitor Your Identity Online

Imagine how good it would be if you could be alerted when your personal identifying information was found on the Dark Web. Well, this is now a reality! McAfee’s latest security offering McAfee+ will not only protect you against threats but provide 24/7 monitoring of your personal details so it can alert you if your information is found on the Dark Web. And if your details are found, then advice and help may also be provided to remedy the situation. How good!!

4. Using Public Computers and Wi-Fi With Caution

Ensuring you always log out of a shared computer is an essential way of keeping prying eyes away from your personal identifying information. And always be super careful with public Wi-Fi. I only use it if I am desperate and I never conduct any financial transactions, ever! Cybercriminals can ‘snoop’ on public Wi-Fi to see what’s being shared, they can stage ‘Man in The Middle Attacks’ where they eavesdrop on your activity, or they can lure you to use their trustworthy sounding Wi-Fi network – designed purely to extract your private information!

5. Monitor Your Bank Accounts

Why not make a habit of regularly checking your bank accounts? And if you find anything that doesn’t look right contact your bank immediately to clarify. It’s always best to know if there is a problem so you can address it right away.

With so many Aussies affected by data breaches and identity theft, it’s essential that our kids are armed with good information so they can protect themselves as best as possible. Why not use your next family dinner to workshop this issue with them?

Till Next Time

Stay Safe Online

Alex

The post How to Talk To Your Kids About Identity Theft appeared first on McAfee Blog.

Verizon 2023 DBIR: What’s new this year and top takeaways for SMBs

Here are some of the key insights on the evolving data breach landscape as revealed by Verizon’s analysis of more than 16,000 incidents

How to Keep Cybercriminals Out of Your Accounts

Chocolate chip, oatmeal raisin, snickerdoodle: Cybercriminals have a sweet tooth just like you. But their favorite type of cookie is of the browser variety.

Browser cookies – often just referred to as cookies – track your comings and goings on websites. And when a cyber thief gets their mitts on your browser cookies, it can open all kinds of doors into your online accounts.

The first step to protecting your devices and online privacy from criminals is to understand their schemes. Here are the key terms you need to know about cookie theft plus how to keep malicious software off your devices.

Key Cookie Theft Terms You Should Know

Cookie theft can happen to anyone. Knowing the basics of this cyberscheme may help you better protect your online life:

• Browser cookie. A small collection of data your internet browser stores every time you visit a website. When your browser stores this data, it makes it quicker for you to log back into a website or for a website to customize its suggestions for you the next time you visit.
• Cache. Like a mouse scurrying away a pile of sweet treats, your device hoards – or caches – all the cookies you gather from websites you visit. Your cache of cookies will grow continually until you clear it out. If your cache grows too large, it could slow down your device, affect performance, or tax your battery power.
• Multifactor authentication. MFA is a way to log in to an online account that requires additional forms of identification beyond a username and password. It could require biometric identification (like a face or fingerprint scan), a security question, or a one-time code.

How and Why Do Criminals Steal Browser Cookies?

Cookies thieves are generally motivated by the financial gains of breaking into people’s online accounts. Banking, social media, and online shopping accounts are full of valuable personal and financial details that a cybercriminal can either sell on the dark web or use to impersonate you and steal your identity.

Malware is generally the vehicle cybercriminals use to steal cookies. Once the malicious software gets onto a device, the malware is trained to copy a new cookie’s data and send it to the cybercriminal. Then, from their own machine, the cybercriminal can input that data and start a new session with the target’s stolen data.

There was a stretch of a few years where cookie thieves targeted high-profile YouTube influencers with malware spread through fake collaboration deals and crypto scams. The criminals’ goal was to steal cookies to sneak into the backend of the YouTube accounts to change passwords, recovery emails and phone numbers, and bypass two-factor authentication to lock the influencers out of their accounts.¹

But you don’t have to have a valuable social media account to draw the eye of a cybercriminal. “Operation Cookie Monster” dismantled an online forum that sold stolen login information for millions of online accounts gained through cookie theft.²

Best Practices for Secure Browsing

To keep your internet cookies out of the hands of criminals, it’s essential to practice safe browsing habits. These four tips will go a long way toward keeping your accounts out of the reach of cookie thieves and your devices free from malicious software.

1. Set up MFA. MFA may seem like it’ll slow down your login process, but really, the extra seconds it takes are well worth it. Most people have their phone within arm’s reach throughout the day, so a texted, emailed, or authentication app-generated code is easy enough to access. Just remember that a reputable company will never ask you for one-time codes, so these codes are for your eyes only. MFA makes it extremely difficult for a criminal to log into your accounts, even when they have your password and username. Without the unique code, a bad actor is locked out.
2. Watch out for phishing attempts and risky websites. Cookie-stealing malware often hops onto innocent devices through either phishing lures or through visiting untrustworthy sites. Make sure to carefully read every text, email, and social media direct message. With the help of AI content generation tools like ChatGPT, phishers’ messages are more believable than they were years ago. Be especially diligent about clicking on links that may take you to risky sites or download malicious files onto your device.
3. Clear your cache regularly. Make it a habit to clear your cache and browsing history often. This is a great practice to optimize the performance of your device. Plus, in the case that a cybercriminal does install cookie-stealing malware on your device, if you store hardly any cookies on your device, the thief will have little valuable information to pilfer.
4. Use a password manager. While a password manager won’t protect your device from cookie-stealing malware, it will lessen your dependence upon storing valuable cookies. It’s convenient to already have your usernames and passwords auto-populate; however, if your device falls into the wrong hands these shortcuts could spell trouble for your privacy. A password manager is a vault for all your login information for your dozens of online accounts. All you need to do is input one master password, and from there, the password manager will autofill your logins. It’s just as quick and convenient, but infinitely more secure.

Lock Up Your Cookie Jar

McAfee+ is an excellent partner to help you secure your devices and digital life. McAfee+ includes a safe browsing tool to alert you to suspicious websites, a password manager, identity monitoring, and more.

The next time you enjoy a cookie, spare a moment to think of cookies of the digital flavor: clear your cache if you haven’t in awhile, doublecheck your devices and online accounts for suspicious activity, and savor the sweetness of your digital privacy!

¹The Hacker News, “Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts”

²CNN, “‘Operation Cookie Monster:’ FBI seizes popular cybercrime forum used for large-scale identity theft”

The post How to Keep Cybercriminals Out of Your Accounts appeared first on McAfee Blog.

Facebook Trains Its AI on Your Data. Opting Out May Be Futile

Here's how to request that your personal information not be used to train Meta's AI model. "Request" is the operative word here.

How to Protect Yourself from Bank Fraud

Whether or not you’re much into online banking, protecting yourself from bank fraud is a must. 

Online banking is well on its way to becoming a cornerstone of the banking experience overall. More and more transactions occur over the internet rather than at a teller’s window, and nearly every account has a username, password, and PIN linked with it. And whether you use your online banking credentials often or not, hackers and scammers still want to get their hands on them. 

The fact is, online banking is growing and is here to stay. No longer a novelty, online banking is an expectation. Today, 78% of adults in the U.S. prefer to bank online. Meanwhile, only 29% prefer to bank in person. Further projections estimate that more than 3.6 billion people worldwide will bank online, driven in large part by online-only banks. 

There’s no doubt about it. We live in a world where banking, shopping, and payments revolve around a username and password. That’s quite a bit to take in, particularly if your first experiences with banking involved walking into a branch, getting a paper passbook, and maybe even a free toaster for opening an account. 

So, how do you protect yourself? Whether you use online banking regularly or sparingly, you can protect yourself from being the victim of fraud by following a few straightforward steps. 

Here’s how you can protect yourself from online banking fraud 

Use a strong password—and a password manager to keep them straight 

Start here. Passwords are your first line of defense. However, one thing that can be a headache is the number of passwords we have to juggle—a number that seems like it’s growing every day. Look around online and you’ll see multiple studies and articles stating that the average person has upwards of 80 to manage. Even if you have only a small percentage of those, strongly consider using a password manager. A good choice will generate strong, unique passwords for each of your accounts and store them securely for you. 

In general, avoid simple passwords that people can guess or easily glean from other sources (like your birthday, your child’s birthday, the name of your pet, and so on). Additionally, make them unique from account to account. That can save you major headaches if one account gets compromised and a hacker tries to use the same password on another account.  

If you want to set up your own passwords, check out this article on how you can make them strong and unique. 

Use two-factor authentication to protect your accounts 

What exactly is two-factor authentication? It’s an extra layer of defense for your accounts. In practice, it means that in addition to providing a password, you also receive a special one-time-use code to access your account. That code might be sent to you via email or to your phone by text. In some cases, you can also receive that code by a call to your phone. Basically, two-factor authentication combines two things: something you know, like your password; and something you have, like your smartphone. Together, that makes it tougher for scammers to hack into your accounts. 

Two-factor authentication is practically a standard, so much so that you already might be using it right now when you bank or use certain accounts. If not, you can see if your bank offers it as an option in your settings the next time you log in. Or, you can contact your bank for help to get it set up. 

Avoid phishing attacks: Look at your email inbox with a skeptical eye 

Phishing is a popular way for crooks to steal personal information by way of email, where a crook will look to phish (“fish”) personal and financial information out of you. No two phishing emails look alike. They can range from a request from a stranger posing as a lawyer who wants you to help with a bank transfer—to an announcement about (phony) lottery winnings. “Just send us your bank information and we’ll send your prize to you!” Those are a couple of classics. However, phishing emails have become much more sophisticated in recent years. Now, slicker hackers will pose as banks, online stores, and credit card companies, often using well-designed emails that look almost the same as the genuine article. 

Of course, those emails are fakes. The links they embed in those emails lead you to them, so they can steal your personal info or redirect a payment their way. One telltale sign of a phishing email is if the sender used an address that slightly alters the brand name or adds to it by tacking extra language at the end of it. If you get one of these emails, don’t click any of the links. Contact the institute in question using a phone number or address posted on their official website. This is a good guideline in general. The best avenue of communication is the one you’ve used and trusted before. 

Be skeptical about calls as well. Fraudsters use the phone too. 

It might seem a little traditional, yet criminals still like to use the phone. In fact, they rely on the fact that many still see the phone as a trusted line of communication. This is known as “vishing,” which is short for “voice phishing.” The aim is the same as it is with phishing. The fraudster is looking to lure you into a bogus financial transaction or attempting to steal information, whether that’s financial, personal, or both. They might call you directly, posing as your bank or even as tech support from a well-known company, or they might send you a text or email that directs you to call their number. 

For example, a crook might call and introduce themselves as being part of your bank or credit card company with a line like “there are questions about your account” or something similar. In these cases, politely hang up. Next, call your bank or credit card company to follow up on your own. If the initial call was legitimate, you’ll quickly find out and can handle the issue properly. If you get a call from a scammer, they can be very persuasive. Remember, though. You’re in charge. You can absolutely hang up and then follow up using a phone number you trust. 

Steer clear of financial transactions on public Wi-Fi in cafes, hotels, and libraries 

There’s a good reason not to use public Wi-Fi: it’s not private. They’re public networks, and that means they’re unsecure and shared by everyone who’s using it, which allows hackers to read any data passing along it like an open book. That includes your accounts and passwords if you’re doing any banking or shopping on it. The best advice here is to wait and handle those things at home if possible. (Or connect to public Wi-Fi with a VPN service, which we’ll cover below in a moment.)  

If not, you can always use your smartphone’s data connection to create a personal hotspot for your laptop, which will be far more secure. Another option is to use your smartphone alone. With a combination of your phone’s data connection and an app from your bank, you can take care of business that way instead of using public Wi-Fi. That said, be aware of your physical surroundings too. Make sure no one is looking over your shoulder! 

Protecting your banking and finances even further 

Some basic digital hygiene will go a long way toward protecting you even more—not only your banking and finances, but all the things you do online as well. The following quick list can help: 

• Update your software – That includes the operating system of your computers, smartphones, and tablets, along with the apps that are on them. Many updates include security upgrades and fixes that make it tougher for hackers to launch an attack.
• Lock up – Your computers, smartphones, and tablets will have a way of locking them with a PIN, a password, your fingerprint, or your face. Take advantage of that protection, which is particularly important if your device is lost or stolen.
  
•  Use security software – Protecting your devices with comprehensive online protection software will fend off the latest malware, spyware, and ransomware attacks, plus further protect your privacy and identity.
• Consider connecting with a VPN – also known as a “virtual private network,” a VPN helps you stay safer with bank-grade encryption and private browsing. It’s a particularly excellent option if you find yourself needing to use public Wi-Fi because a VPN effectively makes a public network private.
• Check your credit report and monitor your transactions – This is an important thing to do in today’s password- and digital-driven world. Doing so will uncover any inconsistencies or outright instances of fraud and put you on the path to setting them straight. Online protection software can help with this as well. It can keep an eye on your credit and your transactions all in one place, providing you with notifications if anything changes. That same monitoring can extend to retirement, investment, and loan accounts as well. Check out our plans and see which options work best for you.

The post How to Protect Yourself from Bank Fraud appeared first on McAfee Blog.

How to Talk to Your Kids About Social Media and Mental Health

Here’s what the science really says about teens and screens—and how to start the conversation with young people of any age.

How to Protect Your LinkedIn Account

If you’re a LinkedIn user, log in now and strengthen your security. Reports indicate that LinkedIn accounts are under attack.

First brought to light by Cyberint, LinkedIn users have taken to social media with word that their accounts have been frozen or outright hacked. In some cases, users received ransom notes for the return of their hacked accounts.

It appears that LinkedIn is weathering a wave of brute-force attacks. This type of attack works much like it sounds—hackers try to force their way into accounts by guessing passwords. With powerful hacking apps, they can guess millions of passwords in seconds.

As a result, one of two things is happening:

• LinkedIn users receive an official, legitimate email from LinkedIn alerting them that their account has been locked due to unusual activity. This measure likely kicked in because of a brute force attack or because the attack occurred on an account using two-factor authentication. In this case, the account wasn’t compromised. However, these users then must reactivate their accounts per instructions provided by LinkedIn.
• Users try to log in and find that their password has been changed. Effectively, their account has been hacked. Reports show that some of these accounts get deleted. In other cases, the hacker changes the account’s email to an address using the “rambler.ru” domain, which makes the account unrecoverable by the user.

Given the scope, scale, and consistent use of the rambler.ru domain, this has all the signs of an organized attack. As of this writing, no group has claimed credit.

How quickly can someone hack my password with a brute force attack?

If any event underscores the need for strong, unique passwords, this is it.

Given today’s computing power, the password generators hackers use for brute force attacks can create millions of passwords in seconds. Weak passwords have no chance against them. It’s a simple matter of statistics.

Consider a password that uses eight numbers, uppercase and lowercase letters, and symbols. Sounds pretty strong, right? Unfortunately, a brute force attack might crack that password in as fast as one second.

Password Length (Using numbers, uppercase and lowercase letters, and symbols)	Time to Crack the Password
8	One Second
12	Eight Months
16	16 Million Years

 

However, increase that password length to twelve numbers, uppercase and lowercase letters, and symbols—it’d that eight months to crack that password. Bump it up to 16, and it would take 16 million years. The longer it is, the more complex it is. And thus tougher to crack. It’s the difference between one second and 16 million years. And if a hacker’s brute force attack on one password takes too long, it’ll simply move onto the next one.

How to protect yourself from the LinkedIn attacks.

Log into your LinkedIn account now and verify that it’s indeed secure. Then, take the following steps:

• Enable two-factor authentication. You’ll find this in your security settings. Using two-factor authentication makes hacking your account far, far more difficult than hacking it with password protection alone.
• Set a new password. Make it strong and unique, using numbers, uppercase letters, lowercase letters, and symbols. As illustrated above, the longer the better—14 or even up to 16 characters.
• Confirm your contact email. LinkedIn will alert users of unusual activity. Ensure that the contact information in your account profile uses an email address that you regularly check.

How to create your own strong, unique password. One that you can still remember.

Fourteen characters? Even up to 16 characters? How do you create that without just mashing on your keyboard? (Not recommended.) A layered password can do the work. It’s a way of creating a phrase and turning it into a strong, unique password that you can still remember.

1. Pick a phrase that is memorable for you: Don’t use easily discovered information, like your birthdate or pet’s name. Try something linked with an interest or hobby. If you’re an avid runner, you might choose a phrase like, “Running 26.2 Rocks!”
2. Replace letters with numbers and symbols: Remove the spaces. Then, you can put symbols and numbers in the place of some of the letters. Runn1ng26.2R0ck$!
3. Include a mix of letter cases: Finally, you want lower and uppercase letters that aren’t in a clear pattern. Algorithms know how to look for common patterns like camelCase or PascalCase. Runn1NG26.2R0cK$!

Now, you have a 17-character password that challenges hackers and that’s still something you can remember.

Or, have a password manager handle the strong, unique passwords for you.

Granted, creating strong, unique passwords for dozens and dozens of accounts can take a bit of time. (To put it mildly.) It can take yet more time if you manage them, such as if change them regularly (which can help protect you from data breaches and brute force attacks like this one at LinkedIn). Here, a password manager can help.

A password manager can create, memorize, and store strong, unique passwords. It’ll use the random numbers, letters, and characters we mentioned earlier. The passwords won’t be memorable, but the manager does the memorizing for you. You can also use it to update passwords regularly. In a time of data breaches, this offers you extra protection. Taken together, every account you have gets powerful password protection when you hand the job over to a password manager.

Log in now and secure your LinkedIn account.

This wave of attacks reminds us just how powerful, or weak, our passwords can be. A strong, unique password in conjunction with two-factor authentication stands as your best defense as LinkedIn weathers these attacks. Strengthen your security.

Strengthen your other accounts as well. Hackers target websites and platforms of all sizes, and not every attack makes the headlines. Strong security measures for each of your accounts will protect you best if you end up as a hacker’s target.

The post How to Protect Your LinkedIn Account appeared first on McAfee Blog.

The Most Popular Digital Abortion Clinics, Ranked by Data Privacy

Telehealth companies that provide abortion pills are surging in popularity. Which are as safe as they claim to be?

Google's New Feature Ensures Your Pixel Phone Hasn't Been Hacked. Here’s How It Works

Pixel Binary Transparency is the latest security benefit for Pixel owners.

How to Spot Fake News in Your Social Media Feed

Spotting fake news in your feed has always been tough. Now it just got tougher, thanks to AI. 

Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:  

• Deepfake videos that mimic the looks and parrot the words of well-known public figures.  
• AI-generated voice clones that sound spooky close to the voices they mimic.  
• Also, entire news websites generated by AI, rife with bogus stories and imagery.  

All of it’s out there. And knowing how to separate truth from fact has never been of more importance, particularly as more and more people get their news via social media.  

Pew Research found that about a third of Americans say they regularly get their news from Facebook and nearly 1 in 4 say they regularly get it from YouTube. Moreover, global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%). This marks the first time that social media has toppled direct access to news. 

Yet, you can spot fake news. Plenty of it.  

The process starts with a crisp definition of what fake news is, followed by the forms it takes, and then a sense of what the goals behind it are. With that, you can apply a critical eye and pick out the telltale signs.  

We’ll cover it all here. 

What is fake news? 

A textbook definition of fake news goes something like this:  

A false news story, fabricated with no verifiable facts, and presented in a way to appear as legitimate news.  

As for its intent, fake news often seeks to damage the reputation of an individual, institution, or organization. It might also spout propaganda or attempt to undermine established facts. 

That provides a broad definition. Yet, like much fake news itself, the full definition is much more nuanced. Within fake news, you’ll find two categories: disinformation and misinformation: 

• Disinformation: This is intentionally misleading information that’s been manipulated to create a flat-out lie—typically with an ulterior motive in mind. Here, the creator knows that the information is false. 

• Example: As a bad joke, a person concocts a phony news story that a much-anticipated video game release just got canceled. However, the game will certainly see its release. In the meantime, word spreads and online fans whip up into a frenzy. 

• Misinformation: This simply involves getting the facts wrong. Unknowingly so, which separates itself from disinformation. We’re only human, and sometimes that means we forget details or recall things incorrectly. Likewise, when a person shares disinformation, that’s a form of misinformation as well, if the person shares it without fact-checking.  

• Example: A person sees a post that a celebrity has died and shares that post with their friends and followers—when in fact, that celebrity is still very much alive. 

From there, fake news gets more nuanced still. Misinformation and disinformation fall within a range. Some of it might appear comical, while other types might have the potential to do actual harm.  

Dr. Claire Wardle, the co-director of the Information Futures Lab at Brown University, cites seven types of misinformation and disinformation on a scale as visualized below: 

 Source – FirstDraftNews.org and Brown University 

Put in a real-life context, you can probably conjure up plenty of examples where you’ve seen. Like clickbait-y headlines that link to letdown articles with little substance. Maybe you’ve seen a quote pasted on the image of a public figure, a quote that person never made. Perhaps an infographic, loaded with bogus statistics and attributed to an organization that doesn’t even exist. It can take all forms.  

Who’s behind fake news? And why? 

The answers here vary as well. Greatly so. Fake news can begin with a single individual, or groups of like-minded individuals with an agenda, and it can even come from operatives for various nation-states. As for why, they might want to poke fun at someone, drive ad revenue through clickbait articles, or spout propaganda.  

Once more, a visualization provides clarity in this sometimes-murky mix of fake news:   

 Source – FirstDraftNews.org and Brown University 

In the wild, some examples of fake news and the reasons behind it might look like this: 

• Imposter sites that pose as legitimate news outlets yet post entirely unfounded pieces of propaganda. 
• Parody sites that can look legitimate, so much so that people might mistake their content for actual news. 
• AI deepfakes, images, recordings, and videos of public figures in embarrassing situations, yet that get presented as “real news” to damage their reputation. 

Perhaps a few of these examples ring a bell. You might have come across somewhere you weren’t exactly sure if it was fake news or not.  

The following tools can help you know for sure. 

Spotting what’s real and fake in your social media feed. 

Consider the source 

Some of the oldest advice is the best advice, and that holds true here: consider the source. Take time to examine the information you come across. Look at its source. Does that source have a track record of honesty and dealing plainly with the facts?  

• For an infographic, you can search for the name of its author or the institution that’s attributed to it. Are they even real in the first place? 
• For news websites, check out their “About Us” pages. Many bogus sites skimp on information here, whereas legitimate sites will go to lengths about their editorial history and staff.  
• For any content that has any citation listed to legitimize it as fact, search on it. Plenty of fake news uses sources and citations that are just as fake too. 

Check the date 

This falls under a similar category as “consider the source.” Plenty of fake news will take an old story and repost it or alter it in some way to make it appear relevant to current events. In recent years, we’ve seen fake news creators slap a new headline on a new photo, all to make it seem like it’s something current. Once again, a quick search can help you tell if it’s fake or not. Try a reverse image search and see what comes up. Is the photo indeed current? Who took it? When? Where? 

Check your emotions too 

Has a news story you’ve read or watched ever made you shake your fist at the screen or want to clap and cheer? How about something that made you fearful or simply laugh? Bits of content that evoke strong emotional responses tend to spread quickly, whether they’re articles, a post, or even a tweet. That’s a ready sign that a quick fact check might be in order. The content is clearly playing to your biases. 

There’s a good reason for that. Bad actors who wish to foment unrest, unease, or spread disinformation use emotionally driven content to plant a seed. Whether or not their original story gets picked up and viewed firsthand doesn’t matter to these bad actors. Their aim is to get some manner of disinformation out into the ecosystem. They rely on others who will re-post, re-tweet, or otherwise pass it along on their behalf—to the point where the original source of the information gets completely lost. This is one instance where people readily begin to accept certain information as fact, even if it’s not factual at all. 

Certainly, some legitimate articles will generate a response as well, yet it’s a good habit to do a quick fact-check and confirm what you’ve read.  

Expand your media diet 

A single information source or story won’t provide a complete picture. It might only cover a topic from a certain angle or narrow focus. Likewise, information sources are helmed by editors and stories are written by people—all of whom have their biases, whether overt or subtle. It’s for this reason that expanding your media diet to include a broad range of information sources is so important. 

So, see what other information sources have to say on the same topic. Consuming news across a spectrum will expose you to thoughts and coverage you might not otherwise get if you keep your consumption to a handful of sources. The result is that you’re more broadly informed and can compare different sources and points of view. Using the tips above, you can find other reputable sources to round out your media diet. 

Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts” published by Forbes and authored by an associate professor at The King’s College in New York City. It certainly isn’t the end all, be all of lists, yet it should provide you with a good starting point. 

Let an expert do the fact-checking for you 

De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include: 

• Politifact.com 
• Snopes.com 
• FactCheck.org 
• Reuters Fact Check 

Three ways to spot AI-generated fakes  

As AI continues its evolution, it gets trickier and trickier to spot it in images, video, and audio. Advances in AI give images clarity and crispness that they didn’t have before, deepfake videos play more smoothly, and voice cloning gets uncannily accurate.  

Yet even with the best AI, scammers often leave their fingerprints all over the fake news content they create. Look for the following: 

1) Consider the context  

AI fakes usually don’t appear by themselves. There’s often text or a larger article around them. Inspect the text for typos, poor grammar, and overall poor composition. Look to see if the text even makes sense. And like legitimate news articles, does it include identifying information—like date, time, and place of publication, along with the author’s name.  

2) Evaluate the claim 

Does the image seem too bizarre to be real? Too good to be true? Today, “Don’t believe everything you read on the internet,” now includes “Don’t believe everything you see on the internet.” If a fake news story is claiming to be real, search for the headline elsewhere. If it’s truly noteworthy, other known and reputable sites will report on the event—and have done their own fact-checking. 

3) Check for distortions 

The bulk of AI technology still renders fingers and hands poorly. It often creates eyes that might have a soulless or dead look to them—or that show irregularities between them. Also, shadows might appear in places where they look unnatural. Further, the skin tone might look uneven. In deepfaked videos, the voice and facial expressions might not exactly line up, making the subject look robotic and stiff.  

Be safe out there 

The fact is that fake news isn’t going anywhere. It’s a reality of going online. And AI makes it tougher to spot. 

At least at first glance. The best tool for spotting fake news is a fact-check. You can do the work yourself, or you can rely on trusted resources that have already done the work.  

This takes time, which people don’t always spend because social platforms make it so quick and easy to share. If we can point to one reason fake news spreads so quickly, that’s it. In fact, social media platforms reward such behavior. 

With that, keep an eye on your own habits. We forward news in our social media feeds too—so make sure that what you share is truthful too. 

Plenty of fake news can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your information or harm your data and devices.  

The post How to Spot Fake News in Your Social Media Feed appeared first on McAfee Blog.

How to Remove Your Personal Info From Google by Using Its ‘Results About You’ Tool

You can now set up alerts for whenever your home address, phone number, and email address appears in Search.

How to Beat Robocallers at Their Game

Some scams make a telltale sound—rinnng, rinnng! Yup, the dreaded robocall. But you can beat them at their game.   

Maybe it’s a call about renewing an extended warranty on your car (one you don’t have). Or maybe the robocaller offers up a debt relief service with a shockingly low rate. Calls like these can get annoying real quick. And they can also be scams. 

In the U.S., unwanted calls rank as the top consumer complaint reported to the Federal Communications Commission (FCC). Partly because scammers have made good use of spoofing technologies that serve up phony caller ID numbers. As a result, that innocent-looking phone number might not be innocent at all.  

Whether the voice on the other end of the smartphone is recorded or an actual person, the intent behind the call is likely the same—to scam you out of your personal information, money, or both. Callers such as these might impersonate banks, government agencies, insurance companies, along with any number of other organizations. Anything that gives them an excuse to demand payment, financial information, or ID numbers.  

And some of those callers can sound rather convincing. Others, well, they’ll just get downright aggressive or threatening. One of the most effective tools these scam calls use is a sense of urgency and fear, telling you that there’s a problem right now and they need your information immediately to resolve whatever bogus issue they’ve come up with. That right there is a sign you should take pause and determine what’s really happening before responding or taking any action.  

Avoid and stop robocalls with these tips  

Whatever form these unwanted calls take, there are things you can do to protect yourself and even keep you from getting them in the first place. These tips will get you started:  

1) Don’t pick up—and if you do, don’t say “yes”  

This straightforward piece of advice can actually get a little tricky. We mentioned spoofing, and certain forms of it can get rather exact. Sophisticated spoofing can make a call appear to come from someone you know. Yet more run-of-the-mill spoofing will often use a form of “neighbor spoofing.” The scammers will use a local area code or the same prefix of your phone number to make it seem more familiar. In short, you might answer one of these calls by mistake. If you do answer, never say “yes.” Similarly sophisticated scammers will record a victim’s voice for use in other scams. That can include trying to hack into credit card accounts by using the company’s phone tree. Recordings of slightly longer lengths can also lead to voice cloning using AI-driven tools. In fact, three seconds of audio is all it takes in some cases to clone a voice with up to 70% accuracy. 

2) Use your phone’s and carrier’s call blocking features  

Apple and Android phones have features you can enable to silence calls from unknown numbers. Apple explains call silencing here, and Android users can silence spam calls as well. Note that these settings might silence calls you otherwise might want to take. Think about when your doctor’s office calls or the shop rings you with word that your car is ready. Cell phone carriers offer blocking and filtering services as well. Carriers often offer this as a basic service by default. Yet if you’re unsure if you’re covered, contact your carrier.  

3) Don’t return calls from unknown numbers  

So, let’s say you let an unknown call go through to voicemail. The call sounds like it’s from a bank or business with news of an urgent matter. If you feel the need to confirm, get a legitimate customer service number from a statement, bill, or website of the bank or business in question so you can verify the situation for yourself. Calling back the number captured by your phone or left in a voicemail can play right into the hands of a scammer.  

4) Don’t give in to pressure  

As you can see, scammers love to play the role of an imposter and will tell you there’s something wrong with your taxes, your account, or your bank statement. Some of them can be quite convincing, so if you find yourself in a conversation where you don’t feel comfortable with what’s being said or how it’s being said, hang up and follow up the bank or business as called out above. In all, look out for pressure or scare tactics and keep your info to yourself.    

5) Sign up for your national do not call registry  

Several nations provide such a service, effectively a list that legitimate businesses and telemarketers will reference before making their calls. While this might not prevent scammers from ringing you up, it can cut down on unsolicited calls in general. For example, the U.S., Canada, and the UK each offer do not call registries.  

6) Clean up your personal data online 

Scammers and spammers got your number somehow. Good chance they got it from a data broker site. Data brokers collect and sell personal information of thousands and even millions of individuals. They gather them from public sources, public records, and from third parties as well—like data gathered from smartphone apps and shopping habits from supermarket club cards. And for certain, phone numbers are often in that mix. Our Personal Data Cleanup can help. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. From there, it guides you through the removal process and can even manage the removal for you in select plans.  ​ 

What about call blocker apps? 

Hop onto the app stores out there and you’ll find several call blocking apps, for free or at low cost. While these apps can indeed block spam calls, they might have privacy issues. Which is ironic when you’re basically trying to protect your privacy with these apps in the first place. 

These apps might collect information, such as your contact list, usage data, and other information about your phone. As with any app, the key resides in the user agreement. It should tell you what information the app might collect and why. It should also tell you if this information is shared with or sold to third parties.  

What’s at risk? Should the app developers get hit with a data breach, that information could end up in the wild. In cases where information is sold to analytics companies, the information might end up with online data brokers. 

Pay particularly close attention to free apps. How are they making their money? There’s a fine chance that data collection and sale might generate their profits. At some expense to your privacy. 

Given that your privacy is at stake, proceed with caution if you consider this route. 

Blocking scammers and their calls 

A quieter phone is a happy phone, at least when it comes to annoying robocalls. 

While blocking 100% of them remains an elusive goal, you can reduce them greatly with the steps mentioned here. Thankfully, businesses, legislators, and regulatory agencies have taken steps to make it tougher for scammers to make their calls. A combination of technology and stiffer penalties has seen to that. Taken all together, these things work in your favor and can help you beat robocallers at their game.  

The post How to Beat Robocallers at Their Game appeared first on McAfee Blog.

How to Automatically Delete Passcode Texts on Android and iOS

Here’s one simple way to reduce your security risk while logging in.

How to Protect Your Social Media Passwords from Hacks and Attacks

What does a hacker want with your social media account? Plenty. 

Hackers hijack social media accounts for several reasons. They’ll dupe the victim’s friends and followers with scams. They’ll flood feeds with misinformation. And they’ll steal all kinds of personal information—not to mention photos and chats in DMs. In all, a stolen social media account could lead to fraud, blackmail, and other crimes. 

Yet you have a strong line of defense that can prevent it from happening to you: multi-factor authentication (MFA). 

What is multi-factor authentication (MFA)? 

MFA goes by other names, such as two-factor authentication and two-step verification. Yet they all boost your account security in much the same way. They add an extra step or steps to the login process. Extra evidence to prove that you are, in fact, you. It’s in addition to the usual username/password combination, thus the “multi-factor” in multi-factor authentication.  

Examples of MFA include: 

• Sending a one-time code via a text or phone call, often seen when logging into bank and credit card accounts. 
• Sending a one-time code to an authentication app, such as when logging into a gaming service. 
• Asking for the answer to a security question, like the name of your elementary school or the model of your first car. 
• Biometric information, like a fingerprint or facial scan. 

With MFA, a hacker needs more than just your username and password to weasel their way into your account. They need that extra piece of evidence required by the login process, which is something only you should have. 

This stands as a good reminder that you should never give out the information you use in your security questions—and to never share your one-time security codes with anyone. In fact, scammers cobble up all kinds of phishing scams to steal that information. 

How to set up MFA on your social media accounts. 

Major social media platforms offer MFA, although they might call it by other names. As you’ll see, several platforms call it “two-factor authentication.”  

Given the way that interfaces and menus can vary and get updated over time, your best bet for setting up MFA on your social media accounts is to go right to the source. Social media platforms provide the latest step-by-step instructions in their help pages. A simple search for “multi-factor authentication” and the name of your social media platform should readily turn up results. 

For quick reference, you can find the appropriate help pages for some of the most popular platforms here: 

• Facebook two-factor authentication help page 
• Instagram two-factor authentication help page 
• Twitter two-factor authentication help page 
• TikTok two-factor authentication help page 
• Snapchat two-factor authentication help page 

Another important reminder is to check the URL of the site you’re on to ensure it’s legitimate. Scammers set up all kinds of phony login and account pages to steal your info. Phishing scams like those are a topic all on their own. A great way you can learn to spot them is by giving our Phishing Scam Protection Guide a quick read. It’s part of our McAfee Safety Series, which covers a broad range of topics, from romance scams and digital privacy to online credit protection and ransomware.  

MFA – a good call for your social media accounts, and other accounts too. 

In many ways, your social media account is an extension of yourself. It reflects your friendships, interests, likes, and conversations. Only you should have access to that. Putting MFA in place can help keep it that way. 

More broadly, enabling MFA across every account that offers it is a smart security move as well. It places a major barrier in the way of would-be hackers who, somehow, in some way, have ended up with your username and password. 

On the topic, ensure your social media accounts have strong, unique passwords in place. The one-two punch of strong, unique passwords and MFA will make hacking your account tougher still. Wondering what a strong, unique password looks like? Here’s a hint: a password with eight characters is less secure than you might think. With a quick read, you can create strong, unique passwords that are tough to crack. 

Lastly, consider using comprehensive online protection software if you aren’t already. In addition to securing your devices from hacks and attacks, it can help protect your privacy and identity across your travels online—both on social media and off.   

The post How to Protect Your Social Media Passwords from Hacks and Attacks appeared first on McAfee Blog.

How to Spot Phishing Emails and Scams

There are plenty of phish in the sea. 

Millions of bogus phishing emails land in millions of inboxes each day with one purpose in mind—to rip off the recipient. Whether they’re out to crack your bank account, steal personal information, or both, you can learn how to spot phishing emails and keep yourself safe. 

And some of today’s phishing emails are indeed getting tougher to spot.  

They seem like they come from companies you know and trust, like your bank, your credit card company, or services like Netflix, PayPal, and Amazon. And some of them look convincing. The writing and the layout are crisp, and the overall presentation looks professional. Yet still, there’s still something off about them.  

And there’s certainly something wrong with that email. It was written by a scammer. Phishing emails employ a bait-and-hook tactic, where an urgent or enticing message is the bait and malware or a link to a phony login page is the hook.  

Once the hook gets set, several things might happen. That phony login page may steal account and personal information. Or that malware might install keylogging software that steals information, viruses that open a back door through which data can get hijacked, or ransomware that holds a device and its data hostage until a fee is paid. 

Again, you can sidestep these attacks if you know how to spot them. There are signs. 

Let’s look at how prolific these attacks are, pick apart a few examples, and then break down the things you should look for. 

Phishing attack statistics—the millions of attempts made each year. 

In the U.S. alone, more than 300,000 victims reported a phishing attack to the FBI in 2022. Phishing attacks topped the list of reported complaints, roughly six times greater than the second top offender, personal data breaches. The actual figure is undoubtedly higher, given that not all attacks get reported. 

Looking at phishing attacks worldwide, one study suggests that more than 255 million phishing attempts were made in the second half of 2022 alone. That marks a 61% increase over the previous year. Another study concluded that 1 in every 99 mails sent contained a phishing attack.  

Yet scammers won’t always cast such a wide net. Statistics point to a rise in targeted spear phishing, where the attacker goes after a specific person. They will often target people at businesses who have the authority to transfer funds or make payments. Other targets include people who have access to sensitive information like passwords, proprietary data, and account information. 

As such, the price of these attacks can get costly. In 2022, the FBI received 21,832 complaints from businesses that said they fell victim to a spear phishing attack. The adjusted losses were over $2.7 billion—an average cost of $123,671 per attack. 

So while exacting phishing attack statistics remain somewhat elusive, there’s no question that phishing attacks are prolific. And costly. 

What does a phishing attack look like? 

Nearly every phishing attack sends an urgent message. One designed to get you to act. 

Some examples … 

• “You’ve won our cash prize drawing! Send us your banking information so we can deposit your winnings!” 

• “You owe back taxes. Send payment immediately using this link or we will refer your case to law enforcement.” 
• “We spotted what might be unusual activity on your credit card. Follow this link to confirm your account information.” 
• “There was an unauthorized attempt to access your streaming account. Click here to verify your identity.” 
• “Your package was undeliverable. Click the attached document to provide delivery instructions.” 

When set within a nice design and paired some official-looking logos, it’s easy to see why plenty of people click the link or attachment that comes with messages like these. 

And that’s the tricky thing with phishing attacks. Scammers have leveled up their game in recent years. Their phishing emails can look convincing. Not long ago, you could point to misspellings, lousy grammar, poor design, and logos that looked stretched or that used the wrong colors. Poorly executed phishing attacks like that still make their way into the world. However, it’s increasingly common to see far more sophisticated attacks today. Attacks that appear like a genuine message or notice. 

Case in point: 

Say you got an email that said your PayPal account had an issue. Would you type your account information here if you found yourself on this page? If so, you would have handed over your information to a scammer. 

We took the screenshot above as part of following a phishing attack to its end—without entering any legitimate info, of course. In fact, we entered a garbage email address and password, and it still let us in. That’s because the scammers were after other information, as you’ll soon see. 

As we dug into the site more deeply, it looked pretty spot on. The design mirrored PayPal’s style, and the footer links appeared official enough. Yet then we looked more closely. 

Note the subtle errors, like “card informations” and “Configuration of my activity.” While companies make grammatical errors on occasion, spotting them in an interface should hoist a big red flag. Plus, the site asks for credit card information very early in the process. All suspicious. 

Here’s where the attackers really got bold.  

They ask for bank “informations,” which not only includes routing and account numbers, but they ask for the account password too. As said, bold. And entirely bogus. 

Taken all together, the subtle errors and the bald-faced grab for exacting account information clearly mark this as a scam. 

Let’s take a few steps back, though. Who sent the phishing email that directed us to this malicious site? None other than “paypal at inc dot-com.” 

Clearly, that’s a phony email. And typical of a phishing attack where an attacker shoehorns a familiar name into an unassociated email address, in this case “inc dot-com.” Attackers may also gin up phony addresses that mimic official addresses, like “paypalcustsv dot-com.” Anything to trick you.  

Likewise, the malicious site that the phishing email sent us to used a spoofed address as well. It had no official association with PayPal at all—which is proof positive of a phishing attack. 

Note that companies only send emails from their official domain names, just as their sites only use their official domain names. Several companies and organizations will list those official domains on their websites to help curb phishing attacks.  

For example, PayPal has a page that clearly states how it will and will not contact you. At McAfee, we have an entire page dedicated to preventing phishing attacks, which also lists the official email addresses we use. 

Other examples of phishing attacks 

Not every scammer is so sophisticated, at least in the way that they design their phishing emails. We can point to a few phishing emails that posed as legitimate communication from McAfee as examples. 

There’s a lot going on in this first email example. The scammers try to mimic the McAfee brand, yet don’t pull it off. Still, they do several things to try to act convincing. 

Note the use of photography and the box shot of our software, paired with a prominent “act now” headline. It’s not the style of photography we use. Not that people would generally know this. However, some might have a passing thought like, “Huh. That doesn’t really look like what McAfee usually sends me.” 

Beyond that, there are a few capitalization errors, some misplaced punctuation, and the “order now” and “60% off” icons look rather slapped on. Also note the little dash of fear it throws in with a mention of “There are (42) viruses on your computer …” 

Taken all together, someone can readily spot that this is a scam with a closer look. 

This next ad falls into the less sophisticated category. It’s practically all text and goes heavy on the red ink. Once again, it hosts plenty of capitalization errors, with a few gaffes in grammar as well. In all, it doesn’t read smoothly. Nor is it easy on the eye, as a proper email about your account should be. 

What sets this example apart is the “advertisement” disclaimer below, which tries to lend the attack some legitimacy. Also note the phony “unsubscribe” link, plus the (scratched out) mailing address and phone, which all try to do the same. 

This last example doesn’t get our font right, and the trademark symbol is awkwardly placed. The usual grammar and capitalization errors crop up again, yet this piece of phishing takes a slightly different approach. 

The scammers placed a little timer at the bottom of the email. That adds a degree of scarcity. They want you to think that you have about half an hour before you are unable to register for protection. That’s bogus, of course. 

Seeing any recurring themes? There are a few for sure. With these examples in mind, get into the details—how you can spot phishing attacks and how you can avoid them altogether. 

How to spot and prevent phishing attacks. 

Just as we saw, some phishing attacks indeed appear fishy from the start. Yet sometimes it takes a bit of time and a particularly critical eye to spot. 

And that’s what scammers count on. They hope that you’re moving quickly or otherwise a little preoccupied when you’re going through your email or messages. Distracted enough so that you might not pause to think, is this message really legit? 

One of the best ways to beat scammers is to take a moment to scrutinize that message while keeping the following in mind … 

They play on your emotions. 

Fear. That’s a big one. Maybe it’s an angry-sounding email from a government agency saying that you owe back taxes. Or maybe it’s another from a family member asking for money because there’s an emergency. Either way, scammers will lean heavily on fear as a motivator. 

If you receive such a message, think twice. Consider if it’s genuine. For instance, consider that tax email example. In the U.S., the Internal Revenue Service (IRS) has specific guidelines as to how and when they will contact you. As a rule, they will likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply pressure tactics—only scammers do that.) Likewise, other nations will have similar standards as well. 

They ask you to act—NOW. 

Scammers also love urgency. Phishing attacks begin by stirring up your emotions and getting you to act quickly. Scammers might use threats or overly excitable language to create that sense of urgency, both of which are clear signs of a potential scam. 

Granted, legitimate businesses and organizations might reach out to notify you of a late payment or possible illicit activity on one of your accounts. Yet they’ll take a far more professional and even-handed tone than a scammer would. For example, it’s highly unlikely that your local electric utility will angrily shut off your service if you don’t pay your past due bill immediately. 

They want you to pay a certain way. 

Gift cards, cryptocurrency, money orders—these forms of payment are another sign that you might be looking at a phishing attack. Scammers prefer these methods of payment because they’re difficult to trace. Additionally, consumers have little or no way to recover lost funds from these payment methods. 

Legitimate businesses and organizations won’t ask for payments in those forms. If you get a message asking for payment in one of those forms, you can bet it’s a scam. 

They use mismatched addresses. 

Here’s another way you can spot a phishing attack. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it does somewhat, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. 

Likewise, if the message contains a web link, closely examine that as well. If the name looks at all unfamiliar or altered from the way you’ve seen it before, that might also mean you’re looking at a phishing attempt. 

Protect yourself from phishing attacks 

1. Go directly to the source. Some phishing attacks can look convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.  
2. Follow up with the sender. Keep an eye out for emails that might be a spear phishing attack. If an email that looks like it came from a family member, friend, or business associate, follow up with them to see if they sent it. Particularly if asks for money, contains a questionable attachment or link, or simply doesn’t sound quite like them. Text, phone, or check in with them in person. Don’t follow up by replying to the email, as it may have been compromised.   
3. Don’t download attachments. Some phishing attacks send attachments packed with malware like the ransomware, viruses, and keyloggers we mentioned earlier. Scammers may pass them off as an invoice, a report, or even an offer for coupons. If you receive a message with such an attachment, delete it. And most certainly don’t open it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers will often hijack or spoof email accounts of everyday people to spread malware.  
4. Hover over links to verify the URL. On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. If the URL looks suspicious in any of the ways we mentioned just above, delete the message, and don’t ever click. 

Protect yourself from email attacks even further 

Online protection software can protect you from phishing attacks in several ways. 

For starters, it offers web protection that warns you when links lead to malicious websites, such as the ones used in phishing attacks. In the same way, online protection software can warn you about malicious downloads and email attachments so that you don’t end up with malware on your device. And, if the unfortunate does happen, antivirus can block and remove malware. 

Online protection software like ours can also address the root of the problem. Scammers must get your email address from somewhere. Often, they get it from online data brokers, sites that gather and sell personal information to any buyer—scammers included.  

Data brokers source this information from public records and third parties alike that they sell in bulk, providing scammers with massive mailing lists that can target thousands of potential victims. You can remove your personal info from some of the riskiest data broker sites with our Personal Data Cleanup, which can lower your exposure to scammers by keeping your email address out of their hands. 

In all, phishing emails have telltale signs, some more difficult to see than others. Yet you can spot them when you know what to look for and take the time to look for them. With these attacks so prevalent and on the rise, looking at your email with a critical eye is a must today. 

 

 

The post How to Spot Phishing Emails and Scams appeared first on McAfee Blog.

What Is a Data Broker?

A data broker is an organization that makes money by collecting your personal information, analyzing it, and licensing it out to be used by other companies for things like marketing purposes. 

Data providers gather data from many different sources to create a profile of who you are. This profile includes things like your interests, hobbies, demographics, and even the products you use.  

Generally, data broker companies only deal with customers to collect information. A few of the top data brokerage companies are Epsilon, Acxiom, and Experian, but there are many data brokerages worldwide that make a hefty profit from aggregating and distributing consumers’ personal data.  

This article explains everything you need to know about data brokers, including what they do, how they get your information, and what you can do to limit the data they can access from you. 

Where do data brokers get your information?

There are several ways information brokers can get your information — both online and offline. 

• Sources available to the public: Some of your personal records are easily available to the public. Data brokers can collect public records like your voter registration records, birth certificate, criminal record, and even bankruptcy records.  
• Search history: Data brokers can track and analyze your browsing history to see things like what content you’re interested in and what demographics you fall into. You leave a trail that brokers can follow whenever you do anything online (like sign into a social media app, visit a website, or do a Google search). Using web scraping tools (software that pulls information from the web), it’s easy for data brokers to see what you’ve been up to online. 
• Online agreements: You’ll usually have to sign an agreement when signing up for a new service online. Many of these agreements have disclosures in the fine print that give the company the right to collect and distribute your personal information. 
• Purchase history: Data brokers want to know what products or services you’ve purchased, how you paid for them (credit card, debit card, coupon, or loyalty card, for instance), and when you purchased them. This information can be very valuable to marketing companies. 

Are data brokers illegal?

Generally, it’s legal for data brokers to get your information through public sources. However, different locations have different protections in place for consumers and different rules for how data brokers must operate. 

Many countries have laws to protect consumers from having their information shared without their consent. For example, the European Union has the General Data Protection Regulation (GDPR) to protect data privacy. The GDPR says data brokers need to get consent from consumers before sharing their information. The law also gives consumers the right to demand that companies delete any personal information that they have stored.  

On the other hand, the United States doesn’t have federal privacy laws protecting consumer information from data brokers. It’s up to the states to make their own laws. Some states prioritize consumer privacy more than others. For example, California has the Consumer Privacy Act, which gives customers the right to see what data a broker company has and the ability to delete it. 

Typically, companies ask for consent to share your information through the fine print of their agreements. You might not be aware of how much of your personal information you’ve allowed organizations to share.  

Who are the largest data brokers?

Data brokering is a huge industry. In fact, data brokers around the world bring in hundreds of billions of dollars a year. Here are some of the largest data brokerage companies that may collect your information.  

• Epsilon Data Management, LLC: Businesses around the world rely on Epsilon for consumer data. The data management company has a massive database with details about millions of homes. You can request that your data not be collected by Epsilon on its website. 
• Oracle America, Inc. (Oracle Cloud Data): Oracle is a technology conglomerate that designs and produces data network systems for businesses. Not only does Oracle team up with a large number of third-party data brokers, but the company also has its own database of consumer information. You can opt out of Oracle’s data collection program on their website. 
• Acxiom, LLC: Acxiom is one of the largest data brokers. Acxiom collects a huge number of personal details about hundreds of millions of consumers from all over the world. For example, the broker might aggregate data like your political beliefs, health issues, and even your religious beliefs. Acxiom then sells information to businesses in sectors like finance or telecommunications. The company gives consumers the ability to opt out of its data collection program.  

• Equifax Information Services, LLC: In addition to being a data broker, Equifax is one of the top three credit reporting agencies in the United States. The company collects consumer financial information that businesses can use to create targeted marketing campaigns. Investors can also use the information to gauge whether they should back an organization. To start the process of opting out of Equifax’s data collection program, you have to opt out of their marketing emails and their prescreened credit card offers. 
• Experian, LLC: Experian is also one of the big three credit reporting bureaus in the United States. Like Equifax, Experian provides useful financial and personal information to both businesses and investors. Follow instructions on their website to opt out of Experian’s advertising program. You’ll need to opt out of their credit card offers separately.  

What personal information do data brokers collect?

By using various sources, data brokers can aggregate a lot of information about you. This information can be used to create user categories that businesses can market to. For instance, if you visit websites that sell baby products, the broker might put you into a category like “new parents.”  

Some of the information that brokers collect might be things you’d like to keep private. For example, a broker might collect sensitive data about health issues, past bankruptcies, or legal issues.  

Sometimes, brokers may place you in the wrong category. Let’s say you’re buying a new cookware set as a birthday gift for your mother. You check out several cooking sites before purchasing your set. If the broker sees that you’ve visited cooking sites and purchased cooking products, they may place you in a category like “cooking enthusiasts” even though you brought the gift for your mother. 

Here are some personal details that a broker can collect to create a consumer profile of you: 

• Full name 
• Gender 
• Birthdate 
• Contact information (like your phone number and email) 
• Home address and where you’ve lived in the past 
• Marital status and family situation, including children 
• Social Security number (SSN) 
• Level of education 
• Assets 
• Job 
• Purchase habits 
• Interests and hobbies 
• Criminal record 
• Political preferences 
• Health history 

How data brokers use your information

Businesses are always looking for useful consumer information. Purchasing consumer data from brokers helps them tailor marketing campaigns to the demographics that are most likely to buy their products. 

Let’s say you’re a fan of virtual reality (VR) gaming. You’ve watched countless YouTube videos about the subject, and you’ve searched Amazon for VR headsets multiple times. You’d likely be an ideal consumer for a company that manufactures VR headsets or a company that creates VR games.  

Other companies might use your data for risk mitigation. For example, a bank might use your personal financial history to determine whether you’re likely to default on a mortgage loan.  

How to protect your data from data brokers

There are a variety of public records and sources that data brokers can use to gather information about you. The good news is that there are some things you can do to limit the amount of personal information they can access: 

• Be selective about what you share online. Don’t overshare personal information on social media. Avoid things like online quizzes and sweepstakes.  
• Use a virtual private network (VPN) whenever possible. A VPN hides your IP address and encrypts your data while you surf the web. McAfee’s Secure VPN protects your personal data and credit card information so you can browse, bank, and shop online without worrying about prying eyes (like data brokers). 
• Use a Tor browser like the Tor Project or The Invisible Internet Project (I2P) to hide your actions online. Tor browser users remain anonymous online but may sacrifice some connection speed.  

There are also a few organizations you can join to protect your information: 

• Visit OptOutPrescreen.com. The Consumer Credit Reporting Industry site helps consumers opt out of prescreened credit card and insurance offers.  
• Sign up for DMAchoice to get your name removed from telemarketing lists and direct marketing campaigns.  
• Join the National Do Not Call Registry to avoid telemarketers.  

Discover how McAfee’s leading identity protection software can help

Data brokers are always looking for ways to get their hands on your personal information. Many reasons businesses want access to your personal data aren’t malicious. They simply want to provide you with a targeted advertising experience and introduce you to products you might like.  

 However, the more your personal information gets shared online, the more chances cybercriminals have to get their hands on it. There might also be some sensitive information you don’t want to share with businesses in general. If you’re careful about what you post and take steps to protect your cybersecurity, you’ll greatly reduce the amount of data that a broker can collect from you. 

With McAfee+, you can get a secure online experience for your whole family. Our all-in-one protection suite comes with features like a secure VPN, premium antivirus software, identity monitoring, and up to $1 million in identity insurance and restoration.  

McAfee can help you safeguard data like financial records and health care information so you can have less stress online. You’re meant to enjoy the internet — and we’re here to help make that a reality. 

 

The post What Is a Data Broker? appeared first on McAfee Blog.

How to exploit Format String Vulnerabilities

Introduction In the previous articles, we discussed printing functions, format strings and format string vulnerabilities. This article provides an overview of how Format String vulnerabilities can be exploited. In this article, we will begin by solving a simple challenge to leak a secret from memory. In the next article, we will discuss another example, where […]

The post How to exploit Format String Vulnerabilities appeared first on Infosec Resources.

---

How to exploit Format String Vulnerabilities was first posted on September 30, 2020 at 8:28 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Cleaner One Pro Speeds Up Your Mac: Part 2

In Part 1 of this blog, we introduced Trend Micro Cleaner One Pro, a one-stop shop to help you speed up your Mac, highlighting the Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we resume the discussion of how to make your Mac run faster with the remaining Cleaner One Pro features: System and Application Management, Privacy Protection, and Other Options.

System and Application Management

Startup Manager

Your Mac may get sluggish after a year or two of usage and you may find that booting up takes a lot longer. Doing a Startup Manager scan can help you reduce slowdown due to unwanted startup programs and services, to help your Mac boot faster.

Upon completing the scan, Startup Manager will identify apps under two categories: Login Items and Launch Agents.

Login Items are apps that run automatically upon login. You can manage these apps by enabling them to run automatically or disabling them to make your Mac more efficient. If you don’t need autorun, you can remove the apps from the list.

Launch Agents are background services that run automatically on System startup for the extension features of apps. You can manage these services by letting them run automatically or by disabling them to make your Mac boot faster. Similarly, you can remove these agents if you don’t need them or they’re broken.

 

App Manager

When a user installs an app that doesn’t meet their expectations, they’ll never use it again. In many cases, they remove the app by simply dragging it into the trash, assuming the action completely removes the app, but this is not always true. When you uninstall an app, there are often associated files left on your Mac, even after you have emptied the Trash. They’re known as leftovers.

Leftovers are an app’s associated files and folders that can include different languages, log files, agents, or processes that might try to start an application. App Manager aims to resolve this and helps you clean up your Mac by completely removing app leftovers. App Manager detects all app leftovers automatically so you can remove them with just one click.

 

Privacy Protection

File Shredder

Data security and privacy are especially important and managing these applies to anyone collecting and keeping data. Data that has reached its retention limit needs to be permanently removed from your file system and to be sure it can’t be recovered you need to overwrite the file with random series of binary data multiple times. This process is often referred to as shredding. With File Shredder, you can remove sensitive files from your hard disk without worrying that they can be recovered.

 

Other Options

Preferences

Preferences allows you to manage how the Cleaner One Pro app performs. In Preferences, you’ll see General, Notifications, Memory, Duplicates, Whitelists and Auto Select.

On the General tab, you can choose Auto start at login and other options according to how you would like Cleaner One Pro to behave during startup.

 

On the Notifications tab, you can disable the notification about smart memory optimization.

 

Cleaner One Pro is also equipped with a Smart Memory Optimization feature on the Memory tab. This feature uses artificial intelligence. You can set auto clean when your available memory is low or when an app is closed.

 

The Duplicates, Whitelists and Auto Select tabs work when you use the Duplicate Files feature on the main console. When there are too many duplicate files on your Mac, you can set the rules on the minimum file size, as well as which files to exempt or prioritize during deletion.

 

Air Support One

If you need technical assistance about Cleaner One Pro, click the robot icon either in the Apple Menu window or on the Main Console.

A chat support person will attend to your concerns or suggestions when using Cleaner One Pro. In case there is no available support engineer, you can send an email by clicking Send Email. Make sure to provide the correct email address.

More Tools

Aside from Cleaner One Pro for Mac, we offer Antivirus One for Mac—as well as Cleaner One for iPhone, which you can download by scanning the QR Code. You can also submit your ideas for Other Tools by clicking the panel.

 

An Optimized Mac

As you use your Mac over time, you need to maintain it to keep it running smoothly. Trend Micro Cleaner One Pro can clean up your disk space, help boost performance, and solve other Mac issues you might encounter during your daily work. As you consider it for your Mac, you may have remaining questions:

What’s the difference between the Free version and the Paid version? The Free version of Cleaner One Pro includes the Memory Optimizer, basic CPU and Network Monitoring, a Junk Files Cleaner, a Big Files Scanner, a Disk Map, and the Startup Manager. The Paid upgrade of Cleaner One Pro unlocks more features, including more Advanced CPU/Network Monitoring, a Duplicate Finder, a Similar Photos Scanner, an App Manager, and a File Shredder.

Is it safe to use Cleaner One Pro? Cleaner One Pro is notarized by Apple, which assures its users both security and privacy.

How can I download Cleaner One Pro? Cleaner One Pro is distributed via the official Trend Micro website and other authorized channels. Note that Cleaner One Pro is also available for Windows. To make it easy for the readers of this blog series, we’ve provided the download links here: Download Mac Version – Download Windows Version

Go to Cleaner One Windows or to Cleaner One Mac for more information or to purchase the apps.

The post Cleaner One Pro Speeds Up Your Mac: Part 2 appeared first on .

Cleaner One Pro Speeds Up Your Mac: Part 1

The Mac has always been pretty easy to use, but even the most ardent Mac supporters know there comes a time when their Mac is no longer new and they notice slowdowns in its performance, particularly after intensive use. They’d like a handy one-stop tool to help them optimize memory and CPU performance, free up disk space, and generally speed up their Mac, since they don’t want to dig around in the MacOS for buried utilities they don’t know how to use. Fortunately, Trend Micro has a solution for that.

Trend Micro Cleaner One Pro is an easy-to-use, all-in-one disk cleaning and optimization utility that can help you boost your Mac’s performance. Cleaner One Pro includes a number of Mac housecleaning tools such as a Memory Optimizer, a Junk Files cleaner, a Big Files scanner, a Duplicate Files finder, an App Manager, a File Shredder, and a Disk Map. These functions are all rolled into an easy-to-use interface that helps you visualize your Mac’s usage, while freeing up memory and storage on your Mac.

In this two-part blog, we will show you how you can use Cleaner One Pro to make your Mac run faster, walking you through its features. In Part 1, we focus on Quick Optimizer, the Main Console, and the Cleaning Tools. In Part 2, we’ll focus on System and Application Management, Privacy Protection, and some Other Options.

Quick Optimizer

Once you’ve installed Cleaner One Pro, its Quick Optimizer appears in the Apple Menu, with handy tools to speed up your Mac. Click the icon and it displays a Console that monitors your Memory, Junk Files, CPU, and Network Usage, while letting you Optimize your Memory Usage and Clean your Junk Files with just one click. System Optimizer opens a Window onto the contents of your Mac for more detailed management.

Memory Optimizer

There are applications running in the background of your Mac that take up physical memory and affect its performance. The Memory Optimizer gives you control over how your computer consumes its memory resources—and you can free up your Mac’s memory in seconds with just one click on the Optimize button. If you want to see which apps are taking up significant memory, you can click the three-dot icon next to Memory Usage. It will show your Mac’s memory usage by app, in descending order. Click the Information (i) icon in the Memory Usage window for a breakdown of the types of memory being used.

Junk Files Cleaner

Junk files, temporary files, system files and other non-essential items will accumulate on your Mac over time. These files take up a lot of space on your hard drive and may degrade the performance of your Mac as you reach higher disk usage. Click the Clean button and the Junk Files cleaner quickly removes application cache, system log files, update files, temporary files and hidden leftover files. You can also see the details of the identified Junk Files by clicking the three-dot icon next to Junk Files.

CPU Usage Monitor

When your computer starts to run slowly it’s helpful to have a snapshot of its CPU usage. With this feature, you can see which apps are using significant CPU resources and how much percentage they’re using. It also let you know how long your computer has been up and running, since system reliability can degrade if it’s been awhile since you restarted your Mac.

Network Usage Monitor

If you want to keep an eye on your bandwidth consumption and avoid exceeding data caps, it’s useful to know the real-time download and upload speeds on your Mac. The Network Usage Monitor also provides a view of other network related information such as your Wi-Fi signal quality.

The Main Console

The Main Console is the core workplace in Trend Micro Cleaner One Pro and provides the following features, which are presented here grouped by purpose:

	Cleaning Tools (Junk Files, Big Files, Duplicate Files, Similar Photos and Disk Map) Application Management (Startup Manager and App Manager) Privacy Protection (File Shredder)

To access the Main Console, click System Optimizer in the Cleaner One Pro Apple Menu. The first time you do, you’ll need to authorize full access to your disk, so Cleaner One Pro can access more junk files. Simply click Grant Access in the System Optimizer window and watch the video or follow the written instructions. Complete the steps by closing Cleaner One Pro, then reload it. You’re now ready to begin optimizing.

Cleaning Tools

Junk Files

The hard drive on your Mac holds the entire Mac operating system and important files including your data. As you use your Mac, over time its hard drive will accumulate junk files. These junk files are generated by the system and other programs. Cleaner One Pro is equipped with advanced and efficient algorithms that scan and remove junk files within seconds. Click Scan to scan for Junk Files and when the scan is done, either check a whole category or individual items in the category, then click Remove.

Big Files

You may have a lot of clutter on your Mac in the form of big or old files that you probably no longer need and may have just forgotten about. Removing big unused files can recover a lot of disk space, but it could be time-consuming to delete them if done manually. Also, it is hard to select files for deletion if you don’t know the proper context— where the files are stored or how important they may be.

Big Files scanner provides a big file collector where you can easily spot and remove these files if you don’t need them anymore. Additionally, if you hover your mouse on a file, you’ll see a magnifier and a lock icon. Once you click the magnifier icon, you’ll locate the actual file. If you click the lock icon, the file will be added to the Ignore List, which will be locked.

Disk Map

Disk Map is a significant tool that helps you analyze the usage of your storage in a visual and interactive map. It quickly scans your drive and builds a visualization of files on the target folder of your Mac, allowing you to easily navigate the system. With Disk Map, you can find out the date when the file/folder was created, modified, and last opened. Furthermore, hovering your mouse on a folder then clicking the magnifier icon will direct you to the file’s location.

Duplicate Files

Another practice that you are probably comfortable doing is backing-up important files, photos, program installation files and apps on your hard drive. While this is a good practice, it creates duplicate files on your Mac that eventually add clutter and consume disk space. It’s also hard to find files in name searches when you have too many of them.

The Duplicate Files function lets you select a source folder where it will inspect and identify duplicate files on your Mac. In the scan results, an option called “Auto Select” helps you automatically select duplicate files. The information provided by “Auto Select” is listed below:

	Folder where duplicate files are located Dates modified Similar file names Other qualifications

You can choose Remove to Trash or Delete Permanently on the confirmation page.

Similar Photos

Often, you organize pictures of travels and life events, and also keep a copy to ensure you don’t lose those captured moments. But as digital photos pile up, often similar to others on your drive, they take up a lot of space. To assist you cleaning these up, use Similar Photos, and then choose your photo library to scan the photos on your Mac.

The result will display similar photos and you can choose the ones you don’t need, and the files will be added in the selected list. Click the Remove button to completely delete them from your hard drive.

That’s it for now! The second part of this blog will take up the remaining toolsets of Trend Micro Cleaner One Pro.

 Go to Cleaner One Mac for more information or to purchase the app.

 

 

The post Cleaner One Pro Speeds Up Your Mac: Part 1 appeared first on .