Login
This comprehensive security report investigates unpatchable vulnerabilities in Windows 10 and11, focusing on systemic flaws that resist traditional patching due to their deep integration intothe operating system’s architecture, hardware dependencies, and legacy compatibility requirements. These vulnerabilities, rooted in fundamental design choices and ecosystem constraints,pose significant challenges to securing millions of Windows devices worldwide. The report examines three critical vulnerabilities: legacy BIOS/UEFI firmware weaknesses, kernel memorymanagement flaws, and backward compatibility with legacy protocols. It provides a detailedtechnical analysis, exploitation vectors, detection challenges, and comprehensive mitigationstrategies. With Windows 10 approaching its end-of-support deadline in October 2025, theseflaws pose heightened risks, necessitating proactive defenses. This report adheres to responsible disclosure principles and aims to support Microsoft’s efforts to strengthen Windows securityin 2025.
In the high-stakes arena of cybersecurity, Microsoft Defender stands as a cornerstone ofWindows security, integrating a sophisticated array of defenses: the Antimalware Scan Interface (AMSI) for runtime script scanning, Endpoint Detection and Response (EDR) forreal-time telemetry, cloud-based reputation services for file analysis, sandboxing for isolated execution, and machine learning-driven heuristics for behavioral detection. Despiteits robust architecture, attackers increasingly bypass these defenses—not by exploitingcode-level vulnerabilities within the Microsoft Security Response Center’s (MSRC) service boundaries, but by targeting logical vulnerabilities in Defender’s decision-makingand analysis pipelines. These logical attacks manipulate the system’s own rules, turningits complexity into a weapon against it.This article series, Strengthening Microsoft Defender: Analyzing and Countering Logical Evasion Techniques, is designed to empower Blue Teams, security researchers, threathunters, and system administrators with the knowledge to understand, detect, and neutralize these threats. By framing logical evasion techniques as threat models and providingactionable Indicators of Compromise (IoCs) and defensive strategies, we aim to bridgethe gap between attacker ingenuity and defender resilience. Our approach is grounded inethical research, responsible disclosure, and practical application, ensuring that defenderscan anticipate and counter sophisticated attacks without crossing legal or ethical lines.
AI-powered hacking is surging in 2025—deepfakes, autonomous tools, and an AI arms race.
This comprehensive security report investigates unpatchable vulnerabilities in Windows 10 and11, focusing on systemic flaws that resist traditional patching due to their deep integration intothe operating system’s architecture, hardware dependencies, and legacy compatibility requirements. These vulnerabilities, rooted in fundamental design choices and ecosystem constraints,pose significant challenges to securing millions of Windows devices worldwide. The report examines three critical vulnerabilities: legacy BIOS/UEFI firmware weaknesses, kernel memorymanagement flaws, and backward compatibility with legacy protocols. It provides a detailedtechnical analysis, exploitation vectors, detection challenges, and comprehensive mitigationstrategies. With Windows 10 approaching its end-of-support deadline in October 2025, theseflaws pose heightened risks, necessitating proactive defenses. This report adheres to responsible disclosure principles and aims to support Microsoft’s efforts to strengthen Windows securityin 2025
If someone called you claiming to be a government official, would you know if their voice was real? This question became frighteningly relevant this week when a cybercriminal used social engineering and AI to impersonate Secretary of State Marco Rubio, fooling high-level officials with fake voice messages that sounded exactly like him. It raises a critical concern: would other world leaders be able to tell the difference, or would they fall for it too?
In June 2025, an unknown attacker created a fake Signal account using the display name “Marco.Rubio@state.gov” and began contacting government officials with AI-generated voice messages that perfectly mimicked the Secretary of State’s voice and writing style. The imposter successfully reached at least five high-profile targets, including three foreign ministers, a U.S. governor, and a member of Congress.
The attack wasn’t just about pranks or publicity. U.S. authorities believe the culprit was “attempting to manipulate powerful government officials with the goal of gaining access to information or accounts.” This represents a sophisticated social engineering attack that could have serious national and international security implications.
The Rubio incident isn’t isolated. In May, someone breached the phone of White House Chief of Staff Susie Wiles and began placing calls and messages to senators, governors and business executives while pretending to be Wiles. These attacks are becoming more common because:
While the Rubio case involved government officials, these same techniques are being used against everyday Americans. A recent McAfee study found that 59% of Americans say they or someone they know has fallen for an online scam in the last 12 months, with scam victims losing an average of $1,471. In 2024, our research revealed that 1 in 3 people believe they have experienced some kind of AI voice scam
Some of the most devastating are “grandparent scams” where criminals clone a grandchild’s voice to trick elderly relatives into sending money for fake emergencies. Deepfake scam victims have reported losses ranging from $250 to over half a million dollars.
Common AI voice scam scenarios:
One big reason deepfake scams are exploding? The tools are cheap, powerful, and incredibly easy to use. McAfee Labs tested 17 deepfake generators and found many are available online for free or with low-cost trials. Some are marketed as “entertainment” — made for prank calls or spoofing celebrity voices on apps like WhatsApp. But others are clearly built with scams in mind, offering realistic impersonations with just a few clicks.
Not long ago, creating a convincing deepfake took experts days or even weeks. Now? It can cost less than a latte and take less time to make than it takes to drink one. Simple drag-and-drop interfaces mean anyone — even with zero technical skills – can clone voices or faces.
Even more concerning: open-source libraries provide free tutorials and pre-trained models, helping scammers skip the hard parts entirely. While some of the more advanced tools require a powerful computer and graphics card, a decent setup costs under $1,000, a tiny price tag when you consider the payoff.
Globally, 87% of scam victims lose money, and 1 in 5 lose over $1,000. Just a handful of successful scams can easily pay for a scammer’s gear and then some. In one McAfee test, for just $5 and 10 minutes of setup time, we created a real-time avatar that made us look and sound like Tom Cruise. Yes, it’s that easy — and that dangerous.
Figure 1. Demonstrating the creation of a highly convincing deepfake
Recognizing the urgent need for protection, McAfee developed Deepfake Detector to fight AI-powered scams. McAfee’s Deepfake Detector represents one of the most advanced consumer tools available today.
While McAfee’s Deepfake Detector is built to identify manipulated audio within videos, it points to the kind of technology that’s becoming essential in situations like this. If the impersonation attempt had taken the form of a video message posted or shared online, Deepfake Detector could have:
Our technology uses advanced AI detection techniques — including transformer-based deep neural networks — to help consumers discern what’s real from what’s fake in today’s era of AI-driven deception.
While the consumer-facing version of our technology doesn’t currently scan audio-only content like phone calls or voice messages, the Rubio case shows why AI detection tools like ours are more critical than ever — especially as threats evolve across video, audio, and beyond – and why it’s crucial for the cybersecurity industry to continue evolving at the speed of AI.
While technology like McAfee’s Deepfake Detector provides powerful protection, you should also:
The Rubio incident shows that no one is immune to AI voice scams. It also demonstrates why proactive detection technology is becoming essential. Knowledge is power, and this has never been truer than in today’s AI-driven world.
The race between AI-powered scams and AI-powered protection is intensifying. By staying informed, using advanced detection tools, and maintaining healthy skepticism, we can stay one step ahead of cybercriminals who are trying to literally steal our voices, and our trust.
The post When AI Voices Target World Leaders: The Growing Threat of AI Voice Scams appeared first on McAfee Blog.
I recently tested a language-learning site that used live frontend filtering to block HTML input (e.g., <img> <svg> tags were removed as you typed).
But by injecting the payload directly via browser console (without typing it), the input was submitted and stored.
Surprisingly, the XSS executed later on my own profile page — indicating stored execution from a DOM-based bypass.
I wrote a short write-up here:
enjoy
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned Microsoft’s most-dire “critical” rating, meaning they could be exploited to seize control over vulnerable Windows PCs with little or no help from users.
While not listed as critical, CVE-2025-49719 is a publicly disclosed information disclosure vulnerability, with all versions as far back as SQL Server 2016 receiving patches. Microsoft rates CVE-2025-49719 as less likely to be exploited, but the availability of proof-of-concept code for this flaw means its patch should probably be a priority for affected enterprises.
Mike Walters, co-founder of Action1, said CVE-2025-49719 can be exploited without authentication, and that many third-party applications depend on SQL server and the affected drivers — potentially introducing a supply-chain risk that extends beyond direct SQL Server users.
“The potential exposure of sensitive information makes this a high-priority concern for organizations handling valuable or regulated data,” Walters said. “The comprehensive nature of the affected versions, spanning multiple SQL Server releases from 2016 through 2022, indicates a fundamental issue in how SQL Server handles memory management and input validation.”
Adam Barnett at Rapid7 notes that today is the end of the road for SQL Server 2012, meaning there will be no future security patches even for critical vulnerabilities, even if you’re willing to pay Microsoft for the privilege.
Barnett also called attention to CVE-2025-47981, a vulnerability with a CVSS score of 9.8 (10 being the worst), a remote code execution bug in the way Windows servers and clients negotiate to discover mutually supported authentication mechanisms. This pre-authentication vulnerability affects any Windows client machine running Windows 10 1607 or above, and all current versions of Windows Server. Microsoft considers it more likely that attackers will exploit this flaw.
Microsoft also patched at least four critical, remote code execution flaws in Office (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702). The first two are both rated by Microsoft as having a higher likelihood of exploitation, do not require user interaction, and can be triggered through the Preview Pane.
Two more high severity bugs include CVE-2025-49740 (CVSS 8.8) and CVE-2025-47178 (CVSS 8.0); the former is a weakness that could allow malicious files to bypass screening by Microsoft Defender SmartScreen, a built-in feature of Windows that tries to block untrusted downloads and malicious sites.
CVE-2025-47178 involves a remote code execution flaw in Microsoft Configuration Manager, an enterprise tool for managing, deploying, and securing computers, servers, and devices across a network. Ben Hopkins at Immersive said this bug requires very low privileges to exploit, and that it is possible for a user or attacker with a read-only access role to exploit it.
“Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries as the privileged SMS service account in Microsoft Configuration Manager,” Hopkins said. “This access can be used to manipulate deployments, push malicious software or scripts to all managed devices, alter configurations, steal sensitive data, and potentially escalate to full operating system code execution across the enterprise, giving the attacker broad control over the entire IT environment.”
Separately, Adobe has released security updates for a broad range of software, including After Effects, Adobe Audition, Illustrator, FrameMaker, and ColdFusion.
The SANS Internet Storm Center has a breakdown of each individual patch, indexed by severity. If you’re responsible for administering a number of Windows systems, it may be worth keeping an eye on AskWoody for the lowdown on any potentially wonky updates (considering the large number of vulnerabilities and Windows components addressed this month).
If you’re a Windows home user, please consider backing up your data and/or drive before installing any patches, and drop a note in the comments if you encounter any problems with these updates.
Article tags
Summer festival season is upon us, and music lovers are eagerly anticipating everything from The Weeknd tickets to intimate local music festivals. But while you’re dreaming of unforgettable performances, scammers are plotting to turn your concert and festival excitement into their profitable payday. The sobering reality? UK gig-goers lost over £1.6 million to ticket fraud in 2024 more than double the previous year’s losses. With approximately 3,700 gig ticket fraud reports made to Action Fraud in 2024, and almost half originating from social media platforms, the threat to festival-goers has never been greater. A Lloyds Bank analysis of scam reports from its customers has revealed that Oasis Live ’25 tickets are a top target for fraudsters. In the first month following the reunion tour announcement, these fake ticket scams made up roughly 70% of all reported concert ticket fraud cases since August 27, 2024. According to Lloyds, the average victim lost £436 ($590), with some reporting losses as high as £1,000 ($1,303).
Concert tickets have become the ultimate playground for cybercriminals, and it’s easy to see why. The perfect storm of high demand, limited supply, and emotional urgency creates ideal conditions for fraud. When your favorite artist announces a tour, tickets often sell out in minutes, leaving desperate fans scrambling on secondary markets where scammers thrive. Unlike typical retail purchases, concert tickets are intangible digital products that are difficult to verify until you’re standing at the venue gate, often too late to get your money back. Scammers exploit this by creating fake ticketing websites with legitimate-sounding names, posting counterfeit tickets on social media marketplaces, and even setting up fraudulent “last-minute deals” outside venues.
The emotional investment fans have in seeing their favorite performers makes them more likely to ignore red flags like unusual payment methods, prices that seem too good to be true, or sellers who refuse to use secure payment platforms. Add in the time pressure of limited availability, and scammers have found the perfect recipe for separating music lovers from their money. With the average concert scam victim losing over $400 according to the Better Business Bureau, what should be an exciting musical experience often becomes a costly lesson in digital fraud.
How It Works: Scammers create convincing counterfeit tickets using stolen designs, logos, and QR codes from legitimate events. They may purchase one real ticket and then sell multiple copies to different buyers, knowing only the first person through the gate will succeed.
The Digital Danger: With the rise of digital tickets and QR codes, scammers can easily screenshot, photograph, or forward ticket confirmations to multiple victims. Since many festival-goers don’t realize that QR codes can only be scanned once, multiple people may believe they own the same valid ticket.
How It Works: Fraudsters create entirely fictional festivals, remember the Fyre Festival? A complete fake lineups featuring popular artists, professional websites, and aggressive marketing campaigns. They invest heavily in making these events appear legitimate, sometimes even securing fake venues and promotional partnerships.
The Impersonator: Some scammers specifically target popular festivals by creating fake events with slight name variations or claiming to offer exclusive “VIP experiences” that don’t exist.
How It Works: Scammers create fake profiles or hack legitimate accounts to advertise sold-out festival tickets. They often target popular festival hashtags and engage with desperate fans seeking last-minute tickets on TikTok, Instagram, and Facebook Marketplace.
The FOMO Factor: These scammers exploit the fear of missing out by creating false urgency: “Only 2 tickets left!” or “Someone just backed out, quick sale needed!”
How It Works: Legitimate-seeming sellers request payment through untraceable methods like bank transfers, gift cards, or cryptocurrency. Once payment is sent, the “seller” disappears, leaving victims with no recourse for recovery.
How It Works: Fraudsters create fake QR codes that lead to malicious websites designed to steal your personal information or payment details. These might be disguised as “ticket verification” sites or fake festival apps.
The Modern Twist: Some scammers send QR codes claiming they contain your tickets, but scanning them actually downloads malware or leads to phishing sites designed to harvest your personal information.
McAfee’s Scam Detector is your shield against concert and ticket scams this summer. This advanced scam detection technology is built to spot and stop scams across text messages, emails, and videos. Here’s how Scam Detector protects concert-goers:
Scam Detector catches suspicious messages across apps like iMessage, WhatsApp, and Facebook Messenger—exactly where ticket scammers often strike.
Flags phishing emails that appear to be from venues, ticketing companies, or resale platforms across Gmail, Outlook, and Yahoo. The system alerts you and explains why an email was flagged, helping you learn to spot concert scams as you go.
Detects AI-generated or manipulated audio in videos on platforms like YouTube, TikTok, and Facebook—perfect for catching fake artist endorsements or fraudulent venue announcements that scammers use to promote fake ticket sales.
Found a great ticket deal but feeling uncertain? Upload a screenshot, message, or link for instant analysis. Scam Detector offers context so you understand exactly why a ticket offer might be fraudulent.
Choose the level of protection that works for your concert-going habits:
If you do click a suspicious ticket link, McAfee’s Scam Detector can help block dangerous sites before they load, protecting you from fake ticketing websites.
McAfee’s Scam Detector delivers reliable protection against the most common ticket scam tactics without false alarms that might block legitimate communications from venues or artists. Scam Detector uses on-device AI wherever possible, meaning your concert ticket searches and purchase communications aren’t sent to the cloud for analysis. Your excitement about seeing your favorite band stays between you and your devices.
Make This Summer About Music, Not Scams. Don’t let fraudsters steal your summer concert experience. With McAfee’s Scam Detector, you can focus on what really matters: getting legitimate tickets to see amazing live music. The technology works in the background, identifying scams and educating you along the way, so you can make confident decisions about your concert purchases.Summer festivals, arena shows, and outdoor concerts are waiting—make sure you’re protected while you’re getting ready to rock.
Learn more about McAfee’s Scam Detector at: https://www.mcafee.com/en-us/scam-detector.
The post How to Protect Yourself from Concert and Festival Ticket Scams appeared first on McAfee Blog.
The Blog post about "Revisiting Cross Session Activation attacks" is now also public. Lateral Movement with code execution in the context of an active session?Here you go.
A critical double-free vulnerability has been discovered in the pipapo set module of the Linux kernel’s NFT subsystem. An unprivileged attacker can exploit this vulnerability by sending a specially crafted netlink message, triggering a double-free error with high stability. This can then be leveraged to achieve local privilege escalationץ
Hello! I recently created this forum for anyone who needs to find teammates for CTF or anyone who wants to talk about general cyber. It is completely free and ran from my pocket. I want to facilitate a place for cyber interestees of all levels to get together and compete. The goal is to build a more just, dignified cyber community through collaboration. If this interests you, feel free to check out ctflfg.com.
I’m the creator of the SSCV Framework (System Security Context Vector), an open-source project aimed at improving vulnerability risk scoring for real-world security teams.
Unlike traditional scoring models, SSCV incorporates exploitation context, business impact, and patch status to help prioritize patching more effectively. The goal is to help organizations focus on what actually matters—especially for teams overwhelmed by endless patch tickets and generic CVSS scores.
It’s fully open source and community-driven. Documentation, the scoring model, and implementation details are all available at the link below.
I welcome feedback, questions, and suggestion
Just found zorrochain.foundation, and it’s building a governance infrastructure that’s fully airgap-compatible.
No token, no speculation — just a system using entropy harvesting, offline ID, QR/USB syncing, and vault-based consensus.
No idea if it’s being audited, but conceptually it’s interesting for people thinking about zero-trust systems in collapse conditions.
Microsoft's security team has announced a new process mitigation policy to protect against file system redirection attacks. "Redirection Guard, when enabled, helps Windows apps prevent malicious junction traversal redirections, which could potentially lead to privilege escalation by redirecting FS operations from less privileged locations to more privileged ones.
I covered a fascinating post by Alexander Moch at ERNW about a boot-level Linux vulnerability that lets attackers inject code from the initramfs debug shell. Even with Secure Boot and encryption, a few key presses can drop you to a shell and allow persistent malware to be added.
Luckily, the fix is simple and involves kernel parameters. I break it down here:
https://nerds.xyz/2025/07/linux-initramfs-security-flaw-secure-boot-bypass/
Curious what others are doing to harden this layer.
How can a single .zip file show completely different content to different tools? Read my write up on HackArcana’s “Yet Another ZIP Trick” (75 pts) challenge about crafting a schizophrenic ZIP file.
This medium-difficulty Linux CTF involved:
• Directory bruteforcing to uncover hidden paths
• Remote File Inclusion (RFI) to access sensitive data
• Steganography and password cracking to extract credentials
• Python jail escape leading to privilege escalation
• Full root access gained via SSH
The write-up demonstrates the full exploitation flow — from initial web entry point to root access.
We’re part of the Object Management Group (OMG), which has issued a Request for Proposal (RFP) to develop a standardized approach to DevSecOps integration across the enterprise. If you or your organization are interested in contributing, you can view the full RFP here:
https://www.omg.org/cgi-bin/doc.cgi?c4i/2025-3-4
We’re currently working on a formal response at DIDO Solutions and are seeking constructive feedback and collaboration from the broader DevSecOps, cybersecurity, and infrastructure communities. Our goal is to shape a standard that reflects both technical realities and organizational constraints.
Attached: Requirements Overview (image)
This diagram outlines the role-based breakdown we're using as a foundation covering leadership, engineering, operations, QA, and compliance.
If you have suggestions, critiques, or want to contribute perspectives from the field, we’d love to hear from you. Please feel free to reply directly in the thread or leave comments on the google sheet. We will be converting it into a model by the end:
As Amazon Prime Day approaches (July 8-11, 2025), millions of shoppers are gearing up for what promises to be one of the biggest online shopping events of the year. But while you’re hunting for deals, cybercriminals may be hunting for you. A recent devastating case from Montana serves as a stark reminder that not all “Amazon” calls are what they seem.
In April 2025, an elderly Missoula woman received what seemed like a routine customer service call. The caller claimed to be from Amazon’s fraud department and asked if she had recently purchased computer equipment. When she said no, the caller’s tone shifted to concern; they claimed her identity had been stolen, and immediate action was needed.
What followed was a masterfully orchestrated scam that would ultimately cost the woman nearly $1 million. The fake Amazon representative transferred her to what appeared to be the “Social Security Department,” where another scammer told her that her personal information had been linked to a money laundering investigation. To “protect” her funds, she was then connected to someone claiming to be a U.S. Marshal.
The supposed federal agent convinced her that the money in her bank accounts needed to be “legalized” to keep it safe from the criminals who had stolen her identity. Over multiple visits to her home, the woman handed over cash and gold to people she believed were federal agents protecting her life savings. Instead, she was systematically robbed.
The scam only unraveled when law enforcement, working with the victim, set up a sting operation. When 29-year-old Zabi Ullah Mohammed arrived for what he thought would be another pickup, police were waiting. They found nearly $70,000 in cash in his vehicle, along with airline tickets and rental car documents – evidence of a sophisticated, multi-state operation.
This Montana case isn’t an isolated incident, it’s part of a growing trend that peaks during major shopping events like Prime Day. What makes this year particularly concerning is the economic backdrop driving consumer behavior.
With recently implemented tariffs now in effect, including 25% on certain goods from Canada and Mexico and additional levies on Chinese products, American households are feeling unprecedented financial pressure. Recent polling shows 73% of Americans expect significant price increases in the coming months, while economists project tariffs could cost the average household nearly $1,200 annually.
This economic anxiety is creating a perfect storm for scammers, as our research shows that 46% of shoppers plan to shop more during Prime Day specifically hoping to save money in light of tariff-related price hikes. Older consumers are particularly motivated by these concerns, with 68% of shoppers aged 65+ citing tariff worries as a key driver for increased online shopping – making them prime targets for sophisticated scams promising exclusive deals and savings.
“As inflation and tariffs push more people to hunt for deals, scammers are using generative AI to craft scams that are more polished, personal, and persuasive,” said Abhishek Karnik, Head of Threat Research at McAfee. “From retailer impersonations to hyper-realistic delivery scams, these threats are getting harder to spot. The good news is that the tools to fight back are getting smarter too. The best way to stay safe is to pause before you click, trust your instincts, and use AI-powered protection like McAfee’s Scam Detector to stay one step ahead.”
Figure 1. Examples of Amazon tariff and job scams
Figure 2. An example of a fake Amazon sign-in page.
Figure 3. Examples of Amazon phishing scams
Older adults are particularly at risk, with 68% of shoppers aged 65+ saying tariff-related concerns motivate them to shop more online, potentially making them targets for scams promising “deals.” Heavy shoppers face the highest risk, with 23% reporting being scammed during major sale events – more than double the rate of light shoppers. More than one-third (35%) of scam victims don’t tell anyone about being defrauded. The main reasons for staying silent include embarrassment (27%), not wanting to appear gullible (24%), and shame (9%).
Younger shoppers are far more likely to take risks on unfamiliar brands — especially on social media. Nearly a quarter of 18–34-year-olds say they’re willing to buy from unknown retailers if the deal looks good, with 22% of 18–24s and 21% of 25–34-year-olds ready to click “buy now” on offers from unknown brands. In stark contrast, older adults (65+) show extreme caution, with only 1% willing to engage with unfamiliar advertisements.
That openness comes with a serious trade-off. Platforms like TikTok Shop and Instagram Shopping are fast becoming hotspots for scam exposure. Nearly 1 in 3 young shoppers say they’ve encountered deepfake videos of influencers promoting deals or products that turned out to be scams during past sale events, and of those, a staggering 71% say either they or someone they know lost money. With 29% of shoppers browsing TikTok Shop and 10% using Instagram Shopping, these social platforms have become both a go-to destination for deals and a growing cybersecurity risk. The seamless integration of shopping and social content makes it easier than ever for scammers to blend fraudulent offers with legitimate content, creating a perfect storm of vulnerability.
The good news? These scams are preventable if you know what to watch for and take the right precautions. Here’s your defense playbook:
While 89% of people plan to take specific safety steps during Prime Day, the sophistication of modern scams means we all need to stay vigilant. The Montana woman’s story shows how even intelligent, cautious people can fall victim to well-orchestrated psychological manipulation.
This Prime Day, remember that the best deal is the one that doesn’t cost you your life savings. Legitimate retailers will never pressure you to act immediately or ask you to pay with untraceable methods. When in doubt, hang up, take a breath, and verify independently. Your skepticism might just save your bank account, and your peace of mind.
Key Takeaway: Amazon, and most other retailers, will not ask you to provide sensitive information over the phone or request payment via gift cards, wire transfers, or cash. When shopping this Prime Day, if something seems suspicious, it probably is. Trust your instincts and verify independently.
The post How to Shop Safely During Amazon Prime Day appeared first on McAfee Blog.
FreshRSS