Login
Data Privacy Week is here, and there’s no better time to shine a spotlight on one of the biggest players in the personal information economy: data brokers. These entities collect, buy, and sell hundreds—sometimes thousands—of data points on individuals like you. But how do they manage to gather so much information, and for what purpose? From your browsing habits and purchase history to your location data and even more intimate details, these digital middlemen piece together surprisingly comprehensive profiles. The real question is: where are they getting it all, and why is your personal data so valuable to them? Let’s unravel the mystery behind the data broker industry.
Data brokers aggregate user info from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data then gets put up for sale to nearly anyone who’ll buy it. That can include marketers, private investigators, tech companies, and sometimes law enforcement as well. They’ll also sell to spammers and scammers. (Those bad actors need to get your contact info from somewhere — data brokers are one way to get that and more.)
And that list of potential buyers goes on, which includes but isn’t limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public records (think sales of real estate, marriages, divorces, voter registration, and so on).
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites. As mentioned above, practically anyone can access these websites and purchase extensive consumer data, for groups of people and individuals alike.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
As of March 2024, 15 states in the U.S. have data privacy laws in place. That includes California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire.[i] The laws vary by state, yet generally, they grant rights to individuals around the collection, use, and disclosure of their personal data by businesses.
However, these laws make exceptions for certain types of data and certain types of collectors. In short, these laws aren’t absolute.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Yet the list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt-out.
Rather than removing yourself one by one from the host of data broker sites out there, you have a solid option: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
[i] https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into clicking on malicious links in the first weeks of this holiday shopping season. As holiday excitement peaks and shoppers hunt for the perfect gifts and amazing deals, scammers are taking advantage of the buzz. The National Retail Federation projects holiday spending will reach between $979.5 and $989 billion this year, and cybercriminals are capitalizing by creating scams that mimic the trusted brands and categories consumers trust. From October 1 to November 12, 2024, McAfee safeguarded its customers from 624,346 malicious or suspicious URLs tied to popular consumer brand names – a clear indication that bad actors are exploiting trusted brand names to deceive holiday shoppers.
McAfee’s threat research also reveals a 33.82% spike in malicious URLs targeting consumers with these brands’ names in the run-up to Black Friday and Cyber Monday. This rise in fraudulent activity aligns with holiday shopping patterns during a time when consumers may be more susceptible to clicking on offers from well-known brands like Apple, Yeezy, and Louis Vuitton, especially when deals seem too good to be true – pointing to the need for consumers to stay vigilant, especially with offers that seem unusually generous or come from unverified sources.
McAfee threat researchers have identified a surge in counterfeit sites and phishing scams that use popular luxury brands and tech products to lure consumers into “deals” on fake e-commerce sites designed to appear as official brand pages. While footwear and handbags were identified as the top two product categories exploited by cybercrooks during this festive time, the list of most exploited brands extends beyond those borders:
By mimicking trusted brands like these, offering unbelievable deals, or posing as legitimate customer service channels, cybercrooks create convincing traps designed to steal personal information or money. Here are some of the most common tactics scammers are using this holiday season:
With holiday shopping in full swing, it’s essential for consumers to stay one step ahead of scammers. By understanding the tactics cybercriminals use and taking a few precautionary measures, shoppers can protect themselves from falling victim to fraud. Here are some practical tips for safe shopping this season:
McAfee’s threat research team analyzed malicious or suspicious URLs that McAfee’s web reputation technology identified as targeting customers, by using a list of key company and product brand names—based on insights from a Potter Clarkson report on frequently faked brands—to query the URLs. This methodology captures instances where users either clicked on or were directed to dangerous sites mimicking trusted brands. Additionally, the team queried anonymized user activity from October 1st through November 12th.
The image below is a screenshot of a fake / malicious / scam site: Yeezy is a popular product brand formerly from Adidas found in multiple Malicious/Suspicious URLs. Often, they present themselves as official Yeezy and/or Adidas shopping sites.
The image below is a screenshot of a fake / malicious / scam site: The Apple brand was a popular target for scammers. Many sites were either knock offs, scams, or in this case, a fake customer service page designed to lure users into a scam.
The image below is a screenshot of a fake / malicious / scam site: This particular (fake) Apple sales site used Apple within its URL and name to appear more official. Oddly, this site also sells Samsung Android phones.
The image below is a screenshot of a fake / malicious / scam site: This site, now taken down, is a scam site purporting to sell Nike shoes.
The image below is a screenshot of a fake / malicious / scam site: Louis Vuitton is a popular brand for counterfeit and scams. Particularly their handbags. Here is one site that was entirely focused on Louis Vuitton Handbags.
The image below is a screenshot of a fake / malicious / scam site: This site presents itself as the official Louis Vuitton site selling handbags and clothes.
The image below is a screenshot of a fake / malicious / scam site: This site uses too-good-to-be-true deals on branded items including this Louis Vuitton Bomber jacket.
The image below is a screenshot of a fake / malicious / scam site: Rolex is a popular watch brand for counterfeits and scams. This site acknowledges it sells counterfeits and makes no effort to indicate this on the product.
The post This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers appeared first on McAfee Blog.
Phishing attacks have all kinds of lures. And many are so tried and true that it makes them easy to spot.
The target of a phishing attack is you. More specifically, your personal info and your money. Whether a scammer reaches out by email, with a text, or through a direct message, that’s what they’re after. And with a link, they whisk you off to a sketchy site designed to take them from you.
Just how much phishing is going on? To date, we’ve identified more than half a billion malicious sites out there. A number that grows daily. Because these attacks often succeed. One big reason why — they play on people’s emotions.
Phishing attacks always involve a form of “social engineering,” which is an academic way of saying that scammers use manipulation in their attacks. Commonly, scammers pretend to be a legitimate person or business.
You can get a better idea of how this works by learning about some of the most popular scams circulating today:
The CEO Scam
This scam appears as an email from a leader in your organization, asking for highly sensitive info like company accounts, employee salaries, and Social Security numbers. The hackers “spoof”, or fake, the boss’ email address so it looks like a legitimate internal company email. That’s what makes this scam so convincing — the lure is that you want to do your job and please your boss. But keep this scam in mind if you receive an email asking for confidential or highly sensitive info. Ask the apparent sender directly whether the request is real before acting.
The Urgent Email Attachment
Phishing emails that try to trick you into downloading a dangerous attachment that can infect your computer and steal your private info have been around for a long time. This is because they work. You’ve probably received emails asking you to download attachments confirming a package delivery, trip itinerary, or prize. They might urge you to “respond immediately!” The lure here is offering you something you want and invoking a sense of urgency to get you to click.
The “Lucky” Text or Email
How fortunate! You’ve won a free gift, an exclusive service, or a great deal on a trip to Las Vegas. Just remember, whatever “limited time offer” you’re being sold, it’s probably a phishing scam designed to get you to give up your credit card number or identity info. The lure here is something free or exciting at what appears to be little or no cost to you.
The Romance Scam
This one can happen completely online, over the phone, or in person after contact is established. But the romance scam always starts with someone supposedly looking for love. The scammer often puts a phony ad online or poses as a friend-of-a-friend on social media and contacts you directly. But what starts as the promise of love or partnership, often leads to requests for money or pricey gifts. The scammer will sometimes spin a hardship story, saying they need to borrow money to come visit you or pay their phone bill so they can stay in touch. The lure here is simple — love and acceptance.
While you can’t outright stop phishing attacks from making their way to your computer or phone, you can do several things to keep yourself from falling for them. Further, you can do other things that might make it more difficult for scammers to reach you.
The content and the tone of the message can tell you quite a lot. Threatening messages or ones that play on fear are often phishing attacks, such as angry messages from a so-called tax agent looking to collect back taxes. Other messages will lean heavily on urgency, like a phony overdue payment notice. And during the holidays, watch out for loud, overexcited messages about deep discounts on hard-to-find items. Instead of linking you to a proper e-commerce site, they might link you to a scam shopping site that does nothing but steal your money and the account info you used to pay them. In all, phishing attacks indeed smell fishy. Slow down and review that message with a critical eye. It might tip you off to a scam.
Some phishing attacks can look rather convincing. So much so that you’ll want to follow up on them, like if your bank reports irregular activity on your account or a bill appears to be past due. In these cases, don’t click on the link in the message. Go straight to the website of the business or organization in question and access your account from there. Likewise, if you have questions, you can always reach out to their customer service number or web page.
When scammers contact you via social media, that can be a tell-tale sign of a scam. Consider, would an income tax collector contact you over social media? The answer there is no. For example, in the U.S. the Internal Revenue Service (IRS) makes it clear that they will never contact taxpayers via social media. (Let alone send angry, threatening messages.) In all, legitimate businesses and organizations don’t use social media as a channel for official communications. They’ve accepted ways they will, and will not, contact you. If you have any doubts about a communication you received, contact the business or organization in question directly. Follow up with one of their customer service representatives.
Some phishing attacks involve attachments packed with malware, like ransomware, viruses, and keyloggers. If you receive a message with such an attachment, delete it. Even if you receive an email with an attachment from someone you know, follow up with that person. Particularly if you weren’t expecting an attachment from them. Scammers often hijack or spoof email accounts of everyday people to spread malware.
On computers and laptops, you can hover your cursor over links without clicking on them to see the web address. Take a close look at the addresses the message is using. If it’s an email, look at the email address. Maybe the address doesn’t match the company or organization at all. Or maybe it looks like it almost does, yet it adds a few letters or words to the name. This marks yet another sign that you might have a phishing attack on your hands. Scammers also use the common tactic of a link shortener, which creates links that almost look like strings of indecipherable text. These shortened links mask the true address, which might indeed be a link to a scam site. Delete the message. If possible, report it. Many social media platforms and messaging apps have built-in controls for reporting suspicious accounts and messages.
On social media and messaging platforms, stick to following, friending, and messaging people who you really know. As for those people who contact you out of the blue, be suspicious. Sad to say, they’re often scammers canvassing these platforms for victims. Better yet, where you can, set your profile to private, which makes it more difficult for scammers to select and stalk you for an attack.
How’d that scammer get your phone number or email address anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, plus third parties like supermarket shopper’s cards and mobile apps that share and sell user data. Moreover, they’ll sell it to anyone who pays for it, including people who’ll use that info for scams. You can help reduce those scam texts and calls by removing your info from those sites. Our Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
Online protection software can protect you in several ways. First, it can offer web protection features that can identify malicious links and downloads, which can help prevent clicking them. Further, features like our web protection can steer you away from dangerous websites and block malware and phishing sites if you accidentally click on a malicious link. Additionally, our Scam Protection feature warns you of sketchy links in emails, texts, and messages. And overall, strong virus and malware protection can further block any attacks on your devices. Be sure to protect your smartphones in addition to your computers and laptops as well, particularly given all the sensitive things we do on them, like banking, shopping, and booking rides and travel.
The post How to Spot Phishing Lures appeared first on McAfee Blog.
If you want to protect your identity, finances, and privacy online, you have a pretty powerful tool at hand. It’s online protection software. Today’s protection is built to get that job done.
For starters, online protection has evolved tremendously over recent years, making it more comprehensive than ever. It goes far beyond antivirus. And it protects more than your devices. It protects you. Your identity. Your finances. Your privacy.
Given how much of daily life has shifted to our computers and phones, like our finances and shopping, there’s a strong case for getting comprehensive online protection in place.
Granted, we’re an online protection company. And of course, we hope you’ll give our protection like McAfee+ a close look. With that, a quick rundown of what it can do for you and your identity, finances, and privacy helps. In all, it shows just how comprehensive this protection gets.
You can keep tabs on your identity.
This form of protection starts with Identity Monitoring. It checks the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. If any of it shows up on the dark web, it sends you an alert with guidance that can help protect you from identity theft.
Should the unexpected happen, our Identity Theft Coverage & Restoration can get you on the path to recovery. It offers up to $2 million in coverage for legal fees, travel, and funds lost because of identity theft. Further, a licensed recovery pro can do the work for you, taking the necessary steps to repair your identity and credit.
Another way identity thieves get what they want is through scam texts, emails, and messages. You can keep clear of their shady links with our new AI-powered Scam Protection. It automatically detects links that can send you to scam sites and other destinations that steal personal info. If you accidentally click? Don’t worry, we can block risky sites if you click on a suspicious link in texts, emails, social media, and more.
You can monitor your financial big picture all in one place.
As you conduct so many of your finances online, it only makes sense that you can keep tabs on them just as easily. Features like our Credit Monitoring keep an eye on changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
And if you spot something out of the ordinary, our Security Freeze can quickly stop unauthorized access. It freezes credit card, bank, and utility accounts and prevents thieves from opening new ones in your name.
Rounding things out, you also have transaction monitoring features. They track transactions on credit cards and bank accounts — shooting you a notice if unusual activity occurs. They also track retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
You can lock down your privacy.
Several features get the job done. Our Social Privacy Manager helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks. This way, your personal info is only visible to the people you want to share it with.
Another big intrusion on your privacy comes at the hands of online data brokers. They drive a multi-billion-dollar industry by collecting, batching, and selling people’s personal info. To anyone. That includes hackers, spammers, and scammers who use it to their own ends. Yet you can get your info removed from some of the worst offenders out there. Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info and helps you remove it.
Another great tool for protecting your privacy comes in the form of a VPN. As a “virtual private network,” it encrypts your activity. Think of a VPN as a private tunnel for your internet traffic. It hides your search habits and history from those who might use that info to build a profile of you — whether to serve up targeted ads or to steal personal info for identity theft. In all, a VPN gives you one of the most secure ways you can go online.
The post How to Protect Your Identity, Finances, and Security Online appeared first on McAfee Blog.
For millions of people, it’s not a workday without it — video conferencing. And plenty of business gets done that way, which has made conferencing a target for hackers. That then begs the important question, how secure is video conferencing?
The answer is pretty secure if you’re using a reputable service. Yet you can take further steps to keep hackers and party crashers out of your meetings.
Hackers and party crashers are likely motivated by one of two things: financial gain or mischief.
Given that some meetings involve confidential or sensitive info, someone might have financial motivation to join in, spy on, or record the meeting. Recently, we saw the lengths at least one AI company went to when it spied on a competitor’s video conference call.[i]
And of course, some bad actors want to cause a disruption. As we saw in recent years, they’ll barge right into a meeting and create a ruckus with rude speech and other antics.
Falling somewhere in between, some hackers might try to intrude on a meeting and slip a malware-laden attachment into chat.[ii] For one, that can lead to a major disruption. And in a business context, financial disruption as well.
How do they pull it off? The typical avenues of attack apply. They might use stolen or hijacked accounts. The meeting was inadvertently set to “public,” allowing anyone with a link to join. Otherwise, they might compromise a victim’s device to piggyback their way in.
Use a service with end-to-end encryption.
Put simply, end-to-end encryption provides a solid defense against prying eyes. With it in place, this form of encryption makes it particularly difficult for hackers to tap into the call and the data shared within it. Secure video conferencing should use 256-bit AES GCM encryption for audio and video, and for sharing of screens, whiteboard apps, and the like. On a related note, read the service’s privacy policy and ensure that its privacy, security, and data measures fit your needs.
Make your meetings private and protect them with a password.
Keep the uninvited out. First, setting your meeting to private (invitees only) will help keep things secure. Some apps also provide a notification to the meeting organizer when an invite gets forwarded. Use that feature if it’s available. Also, a password provides another hurdle for a hacker or bad actor to clear. Use a fresh one for each meeting.
Use the waiting room.
Many services put attendees into a waiting room before they enter the meeting proper. Use this feature to control who comes in and out.
Block users from taking control of the screen.
Welcome or unwelcome, you can keep guests from taking over the screen. Select the option to block everyone except the host (you) from screen sharing.
Turn on automatic updates on your conferencing app.
By turning on automatic updates, you’ll get the latest security patches and enhancements for your video conferencing tool as soon as they become available.
Get wise to phishing scams.
Some interlopers make it into meetings by impersonating others. Just as bad actors use phishing emails and texts to steal personal financial info, they’ll use them to steal company credentials as well. Our Phishing Scam Protection Guide can show you how to steer clear of these attacks.
Use online protection software.
Comprehensive online protection software like ours can make for safer calls in several ways. For one, it protects you against malware attacks, such as if a bad actor tries to slip a sketchy download into your meeting. Further, it includes a password manager that creates and stores strong, unique passwords securely. This can help increase the security of your video conferencing account.
This is a new one. AI deepfake technology continues to evolve, we find ourselves at the point where scammers can create AI imposters in real time.
We’ve seen them use this technology in romance scams, where scammers take on entirely new looks and voices on video calls. And we’ve seen at least one group of scammers bilk a company out of $25 million with deepfaked executives on a call.[iii]
Strange as it might sound, this kind of deepfake technology is possible today. And realizing that fact is the first step toward prevention. Next, that calls for extra scrutiny.
Any time-sensitive info or sums of money are involved, get confirmation of the request. Place a phone call to the person after receiving the request to ensure it’s indeed legitimate. Better yet, meet the individual in person if possible. In all, contact them outside the email, message, or call that initially made the request to ensure you’re not dealing with an imposter.
With the right provider and right steps in place, video calls can be quite secure. Use a solution that offers end-to-end encryption, keep your app updated for the latest security measures, and lock down the app’s security settings. Also, recognize that AI has changed the way we look at just about everything online — including people on the other side of the screen. As we’ve seen, AI imposters on calls now fall into the realm of possibility. A costly one at that.
[i] https://www.nytimes.com/2023/08/07/technology/ai-start-ups-competition.html
[ii] https://www.pcmag.com/news/hackers-circulate-malware-by-breaking-into-microsoft-teams-meetings
[iii] https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
The post How Secure is Video Conferencing? appeared first on McAfee Blog.
We all love free stuff. (Costco samples, anyone?) However, when it comes to your family’s security, do free online protection tools offer the coverage you truly need?
Not always. In fact, they might invade the privacy you’re trying to protect.
Here’s why.
Free tools don’t offer the level of advanced protection that life on today’s internet needs. For starters, you’ll want malware and antivirus protection that’s as sophisticated as the threats they shut down. Ours includes AI technology and has for years now, which helps it shut down even the latest strains of malware as they hit the internet for the first time. We’re seeing plenty of that, as hackers have also turned to AI tools to code their malicious software.
Malware and antivirus protection protects your devices. Yet a comprehensive approach protects something else. You and your family.
Comprehensive online protection looks after your family’s privacy and identity. That keeps you safe from prying eyes and things like fraud and identity theft. Today’s comprehensive protection offers more features than ever, and far more than you’ll find in a free, and so incomplete, offering.
Consider this short list of what comprehensive online protection like ours offers you and your family:
Scam Protection
Is that email, text, or message packing a scam link? Our scam protection lets you know before you click that link. It uses AI to sniff out bad links. And if you click or tap on one, no worries. It blocks links to malicious sites.
Web Protection
Like scam protection, our web protection sniffs out sketchy links while you browse. So say you stumble across a great-looking offer in a bed of search results. If it’s a link to a scam site, you’ll spot it. Also like scam protection, it blocks the site if you accidentally hit the link.
Transaction Monitoring
This helps you nip fraud in the bud. Based on the settings you provide, transaction monitoring keeps an eye out for unusual activity on your credit and debit cards. That same monitoring can extend to retirement, investment, and loan accounts as well. It can further notify you if someone tries to change the contact info on your bank accounts or take out a short-term loan in your name.
Credit Monitoring
This is an important thing to do in today’s password- and digital-driven world. Credit monitoring uncovers any inconsistencies or outright instances of fraud in your credit reports. Then it helps put you on the path to setting them straight. It further keeps an eye on your reports overall by providing you with notifications if anything changes in your history or score.
Social Privacy Manager
Our social privacy manager puts you in control of who sees what on social media. With it, you can secure your profiles the way you want. It helps you adjust more than 100 privacy settings across your social media accounts in just a few clicks. It offers recommendations as you go and makes sure your personal info is only visible to the people you want. You can even limit some of the ways that social media sites are allowed to use your data for greater peace of mind.
Personal Data Cleanup
This provides you with another powerful tool for protecting your privacy. Personal Data Cleanup removes your personal info from some of the sketchiest data broker sites out there. And they’ll sell those lines and lines of info about you to anyone. Hackers and spammers included. Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. From there, it provides guidance for removing your data from those sites. Further, when part of our McAfee+ Advanced and Ultimate, it sends requests to remove your data automatically.
Password Manager
Scammers love weak or reused passwords. Even more so when they’re weak and reused. It offers them an easy avenue to force their way into people’s accounts. Our password manager creates and securely stores strong, unique passwords for you. That saves you the hassle of creating strong, unique passwords for your dozens and dozens of accounts. And helps protect you from fraud.
Identity Theft Coverage & Restoration
This provides you with extra assurance while you shop. Say the unfortunate happens to you and find yourself a victim of identity theft. Our coverage and restoration plan provides up to $2 million in lawyer fees and reimbursement for lawyer fees and stolen funds. Further, a licensed expert can help you repair your identity and credit. In all, this saves you money and your time if theft happens to you.
Say your online protection leaves gaps in your family’s safety, or that it uses less-effective methods and technologies. That exposes you to threats — threats can cost you time and money alike if one of those threats gets through.
One example, consider the online crimes reported to the U.S. Federal Trade Commission. In 2023, they fielded 5.4 million fraud reports. Of them, 2.6 million reported a loss for a total of $10 billion. The median loss was $500 across all reports. Of course, that’s only the median dollar amount. That number can climb much higher in individual cases.
Source: U.S. Federal Trade Commission
Without question, protection is prevention, which can spare you some significant financial losses. Not to mention the time and stress of restoring your credit and identity — and getting your money back.
A “free” solution has to make its money somehow.
Free security solutions sometimes carry in-app advertising. More importantly, they might try to gather your user data to target ads or share it with others to make a profit. Also by advertising for premium products, the vendor indirectly admits that a free solution doesn’t provide enough security.
Further, these tools also offer little to no customer support, leaving users to handle any technical difficulties on their own. What’s more, most free security solutions are meant for use on only one device, whereas the average person owns several connected devices. And that’s certainly the case for many families.
Lastly, free solutions often limit a person’s online activity too. Many impose limits on which browser or email program the user can leverage, which can be inconvenient as many already have a preferred browser or email platform.
Free security products might provide the basics, but a comprehensive solution can protect you from a host of other risks — ones that could get in the way of enjoying your time online.
With comprehensive online protection in place, your family’s devices get protection from the latest threats in the ever-evolving security landscape. It keeps your devices safe. And it keeps you safe. With that, we hope you’ll give us a close look when you decide to upgrade to comprehensive protection.
The post Why Should I Pay for Online Protection? appeared first on McAfee Blog.
“Antivirus software slows down my PC.” This is a comment that is often heard when talking about antivirus and malware protection.
That might be the case with many security products, but it’s not the case with McAfee. Independent tests since 2016 have proven that McAfee is not only good at catching malware and viruses, but also one of the lightest security products available today.
Antivirus forms a major cornerstone of online protection software. It protects your devices against malware and viruses through a combination of prevention, detection, and removal. Ours uses AI to detect the absolute latest threats — and has for several years now.
For decades, people have installed antivirus software on their computers. Today, it can also protect your smartphones and tablets as well. In fact, we recommend installing it on those devices as well because they’re connected, just like a computer. And any device that connects to the internet is a potential target for malware and viruses.
One important distinction about antivirus is its name, a name that first came into use years ago when viruses first appeared on the scene. However, antivirus protects you from more than viruses. It protects against the broad category of malware too — things like spyware, ransomware, and keyloggers.
To measure how much impact online protection software has on PC performance, some independent test labs include performance impact benchmarks in their security product tests. The most well-known of these test labs are AV-TEST, which is based in Germany, and Austria-based AV-Comparatives. These independent labs are among the most reputable and well-known anti-malware test labs in the world.
Over the years, we’ve tested strongly. Those results got stronger still with the release of our McAfee Next-gen Threat Protection.
McAfee’s AI-powered security just got faster and stronger. Our Next-gen Threat Protection takes up less disk space, reduces its background processes by 75%, and scans 3x faster than before. This makes your time online safer without slowing down your browsing, shopping, streaming, and gaming.
And the results show it.
Even with strong protection continuously monitoring all activity on your PC and laptop for threats, the best kind of antivirus keeps your devices running quickly.
Advances in our already high-performing protection have solidified our excellent standing in independent tests. The labs run them regularly, and we take pride in knowing that we’re not only protecting you, we’re keeping you moving along at a good clip.
The post Does Antivirus Software Slow You Down? appeared first on McAfee Blog.
It takes a bit of effort, but iPhones can wind up with viruses and malware. And that can indeed lead to all kinds of snooping.
Whether through malware or a bad app, hackers can skim personal info while you browse, bank, and shop. They can also infect your phone with ransomware that locks up your personal info or that locks up the phone itself.
Those are some worst-case scenarios. However, good for you and unfortunate hackers is the way iPhones run apps. It makes it tough for viruses and malware to get a toehold. Apple designed the iOS operating system to run apps in what’s called a “virtual environment.” This limits the access apps have to other apps, which helps prevent viruses and malware from spreading.
Still, malware can end up on an iPhone in a couple of ways:
The owner “jailbreaks” the iPhone
This practice gives people more control over their iPhones. By jailbreaking, they gain “root control” of the phone. With that, they can do things like remove pre-installed apps and download third-party apps from places other than the App Store. And that’s where the trouble can start.
Jailbreaking removes several of those barriers that keep viruses and malware from spreading. Further, downloading apps outside of the App Store exposes the phone to viruses and malware. Apple doesn’t review the apps in those stores. That way, a hacker with malicious intent can post a bad app with relative ease.
A malicious app sneaks into the App Store
Apple has a strict review policy before apps are approved for posting in the App Store. Per Apple, “Apple’s App Review team of over 500 experts evaluates every single app submission — from developers around the world — before any app ever reaches users. On average, the team reviews approximately 132,500 apps a week.”
However, bad actors find ways to sneak malware into the store. Sometimes they upload an app that’s initially innocent and then push malware to users as part of an update. Other times, they’ll embed malicious code such that it only triggers after it’s run in certain countries. They will also encrypt malicious code in the app that they submit, which can make it difficult for reviewers to sniff out.
So, barring a jailbroken phone, the chances of getting a virus or malware on your iPhone remain low. Still, it can happen.
Because we spend so much time on our phones, it’s fairly easy to tell when something isn’t working quite like it is supposed to. While you can chalk up some strange behavior to technical issues, sometimes those issues are symptoms of an infection. Malware can eat up system resources or conflict with other apps on your phone, causing it to act in odd ways.
Some possible signs that your device has been hacked include:
Performance issues
A slower device, webpages taking way too long to load, or a battery that never keeps a charge are all things that can be attributed to a device reaching its retirement. However, these things might also be signs that malware has compromised your phone.
Your phone feels like it’s running hot
Malware running in the background of a device might burn extra computing power, causing your phone to feel hot and overheated. If your device is quick to heat up, it might be due to malicious activity.
Mysterious calls, texts, or apps appear
If apps you haven’t downloaded suddenly appear on your screen, or if outgoing calls you don’t remember making pop up on your phone bill, that is a definite red flag and a potential sign that your device has been hacked.
Changes or pop-ups crowd your screen
Malware might also be the cause of odd or frequent pop-ups, as well as changes made to your home screen. If you are getting an influx of spammy ads or your app organization is suddenly out of order, there is a big possibility that your phone has been hacked.
To avoid the hassle of having a hacked phone in the first place, here are some tips that can help.
Promptly updating your phone and apps is a primary way to keep your device safer. Updates often fix bugs and vulnerabilities that hackers rely on to download malware for their attacks.
Apple’s App Store has those protections in place that we mentioned before. That’s unlike those third-party sites, which might not have those same protections. Further, some purposely host malicious apps. Avoiding these sites altogether can prevent these apps from allowing hackers into your device.
As we’ve seen, jailbreaking a phone introduces all kinds of security issues. Your best bet as an everyday internet user is to rely on iOS and the protections that come with it.
If you are worried that your device has been hacked, follow these steps:
Completely power down your phone. Powering down and then giving your phone a fresh start can put a halt to any malicious activity.
Remove any apps you didn’t download. From there, power down your phone and restart it as before.
If you still have issues, wiping and restoring your phone is an option. Provided you have your photos, contacts, and other vital info backed up in the cloud, it’s a relatively straightforward process. A quick search online can show how to wipe and restore your model of phone.
Check your accounts and credit for any unauthorized purchases. Several features in our McAfee+ plans can help. Identity Monitoring can alert you if your info winds up on the dark web. Our Credit Monitoring along with our transaction monitoring can also alert you of unusual activity across your accounts.
Lastly, if you spot an issue, get some help from a pro. Our Identity Theft Coverage & Restoration service offers $2 million that covers travel, losses, and legal fees associated with identity theft. It also offers the services of a licensed recovery pro who can repair your credit and your identity in the wake of an attack.
On a non-jailbroken phone, no. You don’t need antivirus. Yet your phone should certainly get extra protection. Phones face far more threats than viruses and malware alone.
Comprehensive online protection software like ours can keep you and your phone safer. It can:
Those are only a handful of the many features that protect more than your phone. You’ll find yet more that protect you — namely, your identity and your privacy.
So while iPhones don’t need antivirus, they certainly benefit from extra online protection.
The post How To Tell If Your Smartphone Has Been Hacked appeared first on McAfee Blog.
When it comes to protecting your privacy, take a close look at your social media use—because sharing can quickly turn into oversharing.
The term “oversharing” carries several different definitions. Yet in our case here, oversharing means saying more than one should to more people than they should. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Who among them can you absolutely trust with the information you share?
And you might be sharing more than you think. Posts have a way of saying more than one thing, like:
“This is the pool at the rental home I’m staying at this week. Amazing!” Which also tells everyone, “My home is empty for the next few days.”
“I can’t start my workday without a visit to my favorite coffee shop.” Which also says, “If you ever want to track me down in person, you can find me at this location practically any weekday morning.”
One can quickly point to other examples of oversharing. Unintentional oversharing at that.
A first-day-of-school picture can tell practical strangers which elementary school your children attend, say if the picture includes the school’s reader board in it. A snapshot of you joking around with a co-worker might reveal a glimpse of company information. Maybe because of what’s written on the whiteboard behind the two of you. And in one extreme example, there’s the case of an assault on a pop star. Her attacker tracked her down through her selfie, determining her location through the reflection in her eyes.
The list goes on.
That’s not to say “don’t post.” More accurately, it’s “consider what you’re posting and who gets to see it.” You have control over what you post, and to some degree, who gets to see those posts. That combination is key to your privacy—and the privacy of others too.
1) Be more selective with your settings: Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting—not to mention your relationships and likes. Taking a “friends only” approach to your social media profiles can help protect your privacy because that gives a possible scammer or stalker much less material to work with. Yet further, some platforms allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.
2) Say “no” to strangers bearing friend requests: Be critical of the invitations you receive. Out-and-out strangers might be more than just a stranger. They might be a fake account designed to gather information on users for purposes of fraud. There are plenty of fake accounts too. In fact, in Q1 of 2023 alone, Facebook took action on 426 million fake accounts. Reject such requests.
3) Consider what you post: Think about posting those vacation pictures after you get back so people don’t know you’re away when you’re away. Also, consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.
While we’re on the topic, you can take a few other steps that can make you more private online. In addition to your social media usage, other steps can help keep more of your private and personal information with you—where it belongs:
Granted, “social” is arguably the opposite of “private.” Using social media involves sharing, by its very definition. Yet any oversharing can lead to privacy issues.
Maybe you want close friends to know what’s going on, but what about that so-so acquaintance deep in your friends list? How well do you really know them? And to what extent do you want them to know exacting details about where you are, where your kids go to school, and so on? Those are questions you ultimately must answer, and ultimately have some control over depending on what you share on social media.
Also important to consider is this: if you post anything on the internet, consider it front-page news. Even with social media privacy settings in place, there’s no guarantee that someone won’t copy your posts or pics and pass them along to others.
The flipside to the topic of social media and privacy is the platform you’re using. It’s no secret that social media companies gather hosts of personal information about their users in exchange for free use of their platforms. Certainly, that’s a topic unto itself. We cover what social media companies know about you in this article here—along with a few steps that can help you limit what they know as well.
When it comes to your privacy and social media, it depends largely on how you use it. How you use various privacy and audience settings offers one way to manage it. The other is you and the information you put out there for others to see.
The post Sharing Isn’t Always Caring: Tips to Help Protect Your Online Privacy appeared first on McAfee Blog.
What is our real job as parents? Is it to ensure our kids get good grades? – Maybe. Or is it ensuring we can give them the latest and greatest clothing and devices? Mmmm, not really. When all is said and done, I believe our real job is to keep our kids safe, teach them to be independent, and set them up for success – both online and offline.
As first-generation digital parents, many of us are learning on the job. While we can still glean advice from our own parents on dealing with our teenager’s hormones and driving challenges, there’s no intergenerational wisdom for anything digital. So, it is inevitable that many of us parents feel unsure about how and why to be proactive about online safety.
With four grown boys, 12 nieces and nephews, and almost 13 years in this job talking to families about online safety, I’ve developed a pretty good understanding of how families want to live their lives online, their biggest concerns, and how they value safety and security. Here’s what I’ve learnt:
I’ve often dreamt about wrapping my boys in cotton wool and keeping them away from the real world. But unfortunately, that’s not how it works. The internet definitely has some hugely positive features for teens and tweens but there are some challenges too. Here is what parents are most concerned about:
1. Social Media
Without a doubt, tween and teen social media usage would currently be the biggest concern for most parents. In Australia, there is currently a move to delay children using social media to 16. The Prime Minister is a fan as are many state and territory leaders. There’s no doubt parents are concerned about the impact social media is having on their children’s mental health. Whether dealing with followers, friends, or FOMO (fear of missing out), harassment, or exposure to unhelpful, or even dangerous influencers, parents are worried and often feel helpless about how best to help their kids.
2. Bullying
Parents have every right to be concerned. Cyberbullying does happen. In fact, 1 child in 3 reports being the victim of cyberbullying according to a UNICEF study. And in a study conducted by McAfee in 2022 that does a deep dive into the various types of bullying, there’s no doubt that the problem is still very much a reality.
3. Inappropriate Content
There really isn’t anything you can’t find online. And therein lies the problem. With just a few clicks, a curious, unsupervised 10-year-old could access images and information that would be wildly inappropriate and potentially traumatic. And yes, I’m talking sex, drugs and rock and roll themes! There are things online that little, inexperienced eyes are just not ready for – I am not even sure I am either, to be honest!
4. Screen Time
While I think many parents still find the word screen time a little triggering, I think some parents now realise that not all screen time ‘was created equally’. It’s more about the quality and potential benefit of screen time as opposed to the actual time spent on the screen. For example, playing an interactive, good quality science game as opposed to scrolling on Instagram – clearly the game wins!
However, parents are still very concerned that screen time doesn’t dominate their kids’ lives and adversely affects their kids’ levels of physical activity, face-to-face time with family and friends, and their ability to sleep.
While there is no silver bullet here, being proactive about your family’s online security is THE best way of protecting your family members, minimising the risk of unpleasant interactions, and setting them up for a positive online experience. And it will also reduce your stress big time – so it’s a complete no-brainer!!
Here are 5 things you can kick off today that will have a profound impact on your family’s online security:
1. Talk, talk, talk!!
Yes, that’s right – simply talk! Engaging with your kids about their online lives – what they like to do, sites and apps they use and any concerns they have is one of the best ways to keep them safe. As is sharing your own stories. If your kids know that you understand the digital world, they will be far more likely to come to you if they experience any issues at all. And that’s exactly what we want!!
2. Parental Controls and Monitoring
Parental controls can work really well alongside a proactive educational approach to online safety. As well as teaching kids healthy digital habits, they can also help parents monitor usage, set limits, and even keep tabs on their kids’ whereabouts. Gold!! Check out more details here.
3. Social Media Safety
Undertake an audit of all family member’s privacy settings to ensure that are set to the highest level. This will ensure only trusted people can view and interact with your kids’ profiles. Also, remind your kids not to overshare as it could lead to their identities being stolen. And check out McAfee’s Social Privacy Manager which can help you manage more than 100 privacy settings on social media accounts in seconds.
4. Make a Plan In Case of Aggressive Behaviour
As a cup-half-full type, I’m not a fan of negativity but I am a fan of plans. So, I do recommend creating an action plan for your kids in case they encounter something tricky online, in particular bullying or aggressive behaviour. I recommend you tell them to take screenshots, disengage, tell someone they trust (ideally you), and report the behaviour to the relevant social media platform or app. In some cases, you could involve your child’s school however this obviously depends on the perpetrator.
5. Passwords please!
I know you have probably heard it before, but password management is such a powerful way of staying safe online. In an ideal world, every online account should have its own unique password. Why? Well, if your logins get stolen in a data breach then the cybercriminals will not be able to reuse them to log into any of your other accounts.
And while you’re at it, ensure all passwords are at least 8-10 characters long, and contain random symbols, numbers and both upper and lowercase letters. If all is too hard, simply engage a password manager that will both generate and remember all the passwords for you. What a relief!
And of course, it goes without saying that a big part of being safe online is having super-duper internet protection software that will give you (and your family members) the best chance of a safe and secure online experience. McAfee+’s family plans not only give you a secure VPN, 24/7 identity and financial monitoring and alerts but AI-powered text scam detection and advanced anti-virus that will protect each of your family members from fake texts, risky links, viruses, malware and more. Sounds like a plan to me!!
Till next time
Stay safe everyone!
Alex
The post What Security Means to Families appeared first on McAfee Blog.
The number of people who use VPNs (virtual private networks) continues to mushroom. Recent research shows that 46% of American adults now use a VPN — 23% of which use it for strictly personal purposes.[i] Within that mix, 43% said they use a free VPN service. Yet “free” VPNs often come with a price. Typically at the expense of your privacy.
A personal VPN establishes a secure tunnel over the internet, offering you both privacy and freedom from IP-based tracking. It protects your identity and financial info by encrypting, or scrambling, the data that flows through the tunnel. Moreover, it can mask your true location, making it appear as though you are connecting from somewhere else.
Sometimes a VPN is included in more robust security software, as it is in our McAfee+ plans. It’s also, but often it is a standalone tool, that is offered for a monthly subscription rate or for free. While it might be tempting to go for a free option, there are some serious considerations that you should take to heart.
Because free VPNs don’t charge a subscription, many make revenue indirectly through advertising. This means that users get bombarded with ads. And they get exposed to tracking by the provider. In fact, one study of 283 free VPN providers found that 72% included trackers.[ii] The irony is worth pointing out. Many people use VPNs to shroud their browsing from advertisers and other data collectors. Meanwhile, free VPNs often lead to that exact kind of exposure.
But beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive info at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware, such as keyloggers, and some even stole data from devices.
Also concerning is how these free providers handle your data. In one worrying case, security researchers uncovered seven VPN providers that gathered user logs despite pledges not to.[iii]
Clearly, many so-called “free” VPNs aren’t free at all.
VPNs are critical tools for enhancing our privacy and shouldn’t be an avenue opening the door to new risks. That’s why your best bet is to look for a paid VPN with the following features:
Unlimited bandwidth — You want your network connection to stay secure no matter how much time you spend online.
Speedy performance — We all know how frustrating a sluggish internet connection can be when you are trying to get things done. Whether connecting for productivity, education, or entertainment, we’re all dependent on bandwidth. That’s why it’s important to choose a high-speed VPN that enhances your privacy, without sacrificing the quality of your connection.
Multiple device protection — These days many of us toggle between mobile devices, laptops, and computers, so they should all be able to connect securely.
Less battery drain — Some free mobile VPNs zap your battery life, making users less likely to stay protected. You shouldn’t have to choose between your battery life and safeguarding your privacy.
Ease of use — For technology to really work, it has to be convenient. After all, these technologies should power your connected life, not serve as a hindrance.
Fortunately, we don’t have to sacrifice convenience, or pay high prices, for a VPN that can offer a high level of privacy and protection. A comprehensive security suite like McAfee+ includes our standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you and your family, and enjoy quality time together.
[i] https://www.security.org/resources/vpn-consumer-report-annual/
[ii] https://www.icir.org/vern/papers/vpn-apps-imc16.pdf
[iii] https://www.pcmag.com/news/7-vpn-services-found-recording-user-logs-despite-no-log-pledge
The post How Free VPNs Come With a Price appeared first on McAfee Blog.
As election season approaches, the importance of safeguarding our democratic processes has never been more critical. Ensuring election security is not just the responsibility of government bodies but also of every individual voter. This blog post aims to provide valuable insights and practical tips for consumers to protect their votes and understand the mechanisms in place to secure elections.
Election security encompasses a broad range of practices designed to ensure the integrity, confidentiality, and accessibility of the voting process. This includes safeguarding against cyber threats, ensuring the accuracy of voter registration databases, protecting the physical security of voting equipment, and maintaining transparency in the vote counting process. As voters, being aware of these elements helps us appreciate the complexity and importance of secure elections.
One of the first steps to secure your vote is to ensure that you are registered correctly. Check your voter registration status well in advance of the election day through your local election office or official state website. This helps to avoid any last-minute issues and ensures your eligibility to vote.
Misinformation can spread rapidly, especially during election periods. Rely on official sources for information about polling locations, voting procedures, and deadlines. Avoid sharing unverified information on social media and report any suspicious content to the relevant authorities.
Whether you are voting in person or by mail, make sure to follow the recommended procedures. If voting by mail, request your ballot from a verified source and return it through secure methods such as official drop boxes or by mail with sufficient time to ensure it is received before the deadline.
Scammers often target voters to steal personal information. Be cautious of unsolicited phone calls, emails, or texts asking for your personal details. Official election offices will not request sensitive information such as your Social Security number via these methods.
If you notice anything unusual at your polling place or have concerns about the voting process, report it immediately to election officials. This includes any signs of tampering with voting machines, suspicious behavior, or attempts to intimidate voters.
Familiarize yourself with the voting process in your area. This includes knowing your polling location, understanding what identification is required, and learning about the different ways you can cast your vote. Many states provide detailed guides and resources for first-time voters.
Plan your voting day in advance. Decide whether you will vote in person or by mail, and make sure you have all necessary documentation ready. If you are voting in person, consider going during off-peak hours to avoid long lines.
Before you head to the polls, research the candidates and issues on the ballot. This will help you make informed decisions and feel more confident in your choices.
Don’t hesitate to ask for help if you need it. Election officials and poll workers are there to assist you. Additionally, many organizations offer support for first-time voters, including transportation to polling places and information hotlines.
Understand the security measures your state has implemented to protect the election process. This might include the use of paper ballots, post-election audits, and cybersecurity protocols. Being aware of these measures can increase your confidence in the election’s integrity.
If your state offers early voting, take advantage of it. Early voting can reduce the stress of long lines and crowded polling places on election day, making the process smoother and more secure.
Encourage friends and family to vote and educate them about election security. A well-informed electorate is a key component of a secure and fair election.
Keep up with reputable news sources to stay informed about any potential security threats or changes in the voting process. This will help you stay prepared and responsive to any issues that might arise.
By following these tips and staying vigilant, every voter can contribute to a secure and fair election process. Remember, your vote is your voice, and protecting it is essential for the health of our democracy. Happy voting!
The post What You Need to Know About Election Security appeared first on McAfee Blog.
Fitness trackers worn on the wrist, glucose monitors that test blood sugar without a prick, and connected toothbrushes that let you know when you’ve missed a spot—welcome to internet-connected healthcare. It’s a new realm of care with breakthroughs big and small. Some you’ll find in your home, some you’ll find inside your doctor’s office, yet all of them are connected. Which means they all need to be protected. After all, they’re not tracking any old data. They’re tracking our health data, one of the most precious things we own.
Internet-connected healthcare, also known as connected medicine, is a broad topic. On the consumer side, it covers everything from smart watches that track health data to wireless blood pressure monitors that you can use at home. On the practitioner side, it accounts for technologies ranging from electronic patient records, network-enabled diagnostic devices, remote patient monitoring in the form of wearable devices, apps for therapy, and even small cameras that can be swallowed in the form of a pill to get a view of a patient’s digestive system.
Additionally, it also includes telemedicine visits, where you can get a medical issue diagnosed and treated remotely via your smartphone or computer by way of a video conference or a healthcare provider’s portal—which you can read about more in one of my blogs. In all, big digital changes are taking place in healthcare—a transformation that’s rapidly taking shape to the tune of a global market expected to top USD 534.3 billion by 2025.
Advances in digital healthcare have come more slowly compared to other aspects of our lives, such as consumer devices like phones and tablets. Security is a top reason why. Not only must a healthcare device go through a rigorous design and approval process to ensure it’s safe, sound, and effective, but it’s also held to similar rigorous degrees of regulation when it comes to medical data privacy. For example, in the U.S., we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets privacy and security standards for certain health information.
Taken together, this requires additional development time for any connected medical device or solution, in addition to the time it takes to develop one with the proper efficacy. Healthcare device manufacturers cannot simply move as quickly as, say, a smartphone manufacturer can. And rightfully so.
However, for this blog, we’ll focus on the home and personal side of the equation, with devices like fitness trackers, glucose monitors, smartwatches, and wearable devices in general—connected healthcare devices that more and more of us are purchasing on our own. To be clear, while these devices may not always be categorized as healthcare devices in the strictest (and regulatory) sense, they are gathering your health data, which you should absolutely protect. Here are some straightforward steps you can take:
1) First up, protect your phone
Many medical IoT devices use a smartphone as an interface, and as a means of gathering, storing, and sharing health data. So whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls. Additionally, installing it will protect you and your phone in general as well.
2) Set strong, unique passwords for your medical IoT devices
Some IoT devices have found themselves open to attack because they come with a default username and password—which are often published on the internet. When you purchase any IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them in a notebook or on sticky notes, consider using a password manager.
3) Use two-factor authentication
You’ve probably come across two-factor authentication while banking, shopping, or logging into any other number of accounts. Using a combination of your username, password, and a security code sent to another device you own (typically a mobile phone) makes it tougher for hackers to crack your device. If your IoT device supports two-factor authentication, use it for extra security.
4) Update your devices regularly
This is vital. Make sure you have the latest updates so that you get the latest functionality from your device. Equally important is that updates often contain security upgrades. If you can set your device to receive automatic updates, do so.
5) Secure your internet router
Your medical IoT device will invariably use your home Wi-Fi network to connect to the internet, just like your other devices. All the data that travels on there is personal and private, and that goes double for any health data that passes along it. Make sure you use a strong and unique password. Also, change the name of your router so it doesn’t give away your address or identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. You may also want to consider investing in an advanced internet router that has built-in protection, which can secure and monitor any device that connects to your network.
6) Use a VPN and a comprehensive security solution
Similar to the above, another way you can further protect the health data you send over the internet is to use a virtual private network, or VPN. A VPN uses an encrypted connection to send and receive data, which shields it from prying eyes. A hacker attempting to eavesdrop on your session will effectively see a mishmash of garbage data, which helps keep your health data secure.
7) When purchasing, do your research
Read up on reviews and comments about the devices you’re interested in, along with news articles about their manufacturers. See what their track record is on security, such as if they’ve exposed data or otherwise left their users open to attack.
Bottom line, when we speak of connected healthcare, we’re ultimately speaking about one of the most personal things you own: your health data. That’s what’s being collected. And that’s what’s being transmitted by your home network. Take these extra measures to protect your devices, data, and yourself as you enjoy the benefits of the connected care you bring into your life and home.
The post How to Protect Your Internet-Connected Healthcare Devices appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. Text Scam Detector can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
As taxpayers prepare their returns for April 15th, scammers prepare too. They see tax season as high time to run all kinds of scams and identity theft schemes.
Fake accountants, fake tax software, robocalls, and more all make the list. We’ll give you a look at what’s happening out there right now. And we’ll run down several ways you can keep safe.
A commonly used tactic involves hackers posing as collectors from the IRS, as tax preparers, or government bureaus. This tactic is pretty effective due to Americans’ concerns about misfiling their taxes or accidentally running into trouble with the IRS. Scammers take advantage of this fear, manipulating innocent users into providing sensitive information or money over the phone or by email. And in extreme cases, hackers may be able to infect computers with malware via malicious links or attachments sent through IRS email scams.
Another tactic used to take advantage of taxpayers is the canceled social security number scam. Hackers use robocalls claiming that law enforcement will suspend or cancel the victim’s Social Security number in response to taxes owed. Often, victims are scared into calling the fraudulent numbers back and persuaded into transferring assets to accounts that the scammer controls. Users need to remember that the IRS will only contact taxpayers through snail mail or in person, not over the phone.
Another scam criminals use involves emails impersonating the IRS. Victims receive a phishing email claiming to be from the IRS, reminding them to file their taxes or offering them information about their tax refund via malicious links. If a victim clicks on the link, they will be redirected to a spoofed site that collects the victim’s personal data, facilitating identity theft. What’s more, a victim’s computer can become infected with malware if they click on a link with malicious code, allowing fraudsters to steal more data.
Scammers also take advantage of the fact that many users seek out the help of a tax preparer or CPA during this time. These criminals will often pose as professionals, accepting money to complete a user’s taxes but won’t sign the return. This makes it look like the user completed the return themselves. However, these ghost tax preparers often lie on the return to make the user qualify for credits they haven’t earned or apply changes that will get them in trouble. Since the scammers don’t sign, the victim will then be responsible for any errors. This could lead to the user having to repay money owed, or potentially lead to an audit.
While these types of scams can occur at any time of the year, they are especially prevalent leading up to the April tax filing due date. Consumers need to be on their toes during tax season to protect their personal information and keep their finances secure. To avoid being spoofed by scammers and identity thieves, follow these tips:
File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Remember: the IRS will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial info. So someone contacts you that way, ignore the message.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. Text Scam Detector can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post Watch Out For IRS Scams and Avoid Identity Theft appeared first on McAfee Blog.
There are more online users now than ever before, thanks to the availability of network-capable devices and online services. The internet population in Canada is the highest it has been, topping the charts at 33 million. That number is only expected to increase through the upcoming years. However, this growing number and continued adoption of online services pose increasing cybersecurity risks as cybercriminals take advantage of more online users and exploit vulnerabilities in online infrastructure. This is why we need AI-backed software to provide advanced protection for online users.
The nature of these online threats is ever-changing, making it difficult for legacy threat detection systems to monitor threat behavior and detect new malicious code. Fortunately, threat detection systems such as McAfee+ adapt to incorporate the latest threat intelligence and artificial intelligence (AI) driven behavioral analysis. Here’s how AI impacts cybersecurity to go beyond traditional methods to protect online users.
Most of today’s antivirus and threat detection software leverages behavioral heuristic-based detection based on machine learning models to detect known malicious behavior. Traditional methods rely on data analytics to detect known threat signatures or footprints with incredible accuracy. However, these conventional methods do not account for new malicious code, otherwise known as zero-day malware, for which there is no known information available. AI is mission-critical to cybersecurity since it enables security software and providers to take a more intelligent approach to virus and malware detection. Unlike AI–backed software, traditional methods rely solely on signature-based software and data analytics.
Similar to human-like reasoning, machine learning models follow a three-stage process to gather input, process it, and generate an output in the form of threat leads. Threat detection software can gather information from threat intelligence to understand known malware using these models. It then processes this data, stores it, and uses it to draw inferences and make decisions and predictions. Behavioral heuristic-based detection leverages multiple facets of machine learning, one of which is deep learning.
Deep learning employs neural networks to emulate the function of neurons in the human brain. This architecture uses validation algorithms for crosschecking data and complex mathematical equations, which applies an “if this, then that” approach to reasoning. It looks at what occurred in the past and analyzes current and predictive data to reach a conclusion. As the numerous layers in this framework process more data, the more accurate the prediction becomes.
Many antivirus and detection systems also use ensemble learning. This process takes a layered approach by applying multiple learning models to create one that is more robust and comprehensive. Ensemble learning can boost detection performance with fewer errors for a more accurate conclusion.
Additionally, today’s detection software leverages supervised learning techniques by taking a “learn by example” approach. This process strives to develop an algorithm by understanding the relationship between a given input and the desired output.
Machine learning is only a piece of an effective antivirus and threat detection framework. A proper framework combines new data types with machine learning and cognitive reasoning to develop a highly advanced analytical framework. This framework will allow for advanced threat detection, prevention, and remediation.
Online threats are increasing at a staggering pace. McAfee Labs observed an average of 588 malware threats per minute. These risks exist and are often exacerbated for several reasons, one of which is the complexity and connectivity of today’s world. Threat detection analysts are unable to detect new malware manually due to their high volume. However, AI can identify and categorize new malware based on malicious behavior before they get a chance to affect online users. AI–enabled software can also detect mutated malware that attempts to avoid detection by legacy antivirus systems.
Today, there are more interconnected devices and online usage ingrained into people’s everyday lives. However, the growing number of digital devices creates a broader attack surface. In other words, hackers will have a higher chance of infiltrating a device and those connected to it.
Additionally, mobile usage is putting online users at significant risk. Over 85% of the Canadian population owns a smartphone. Hackers are noticing the rising number of mobile users and are rapidly taking advantage of the fact to target users with mobile-specific malware.
The increased online connectivity through various devices also means that more information is being stored and processed online. Nowadays, more people are placing their data and privacy in the hands of corporations that have a critical responsibility to safeguard their users’ data. The fact of the matter is that not all companies can guarantee the safeguards required to uphold this promise, ultimately resulting in data and privacy breaches.
In response to these risks and the rising sophistication of the online landscape, security companies combine AI, threat intelligence, and data science to analyze and resolve new and complex cyber threats. AI-backed threat protection identifies and learns about new malware using machine learning models. This enables AI-backed antivirus software to protect online users more efficiently and reliably than ever before.
AI addresses numerous challenges posed by increasing malware complexity and volume, making it critical for online security and privacy protection. Here are the top 3 ways AI enhances cybersecurity to better protect online users.
1. Effective threat detection
The most significant difference between traditional signature-based threat detection methods and advanced AI-backed methods is the capability to detect zero-day malware. Functioning exclusively from either of these two methods will not result in an adequate level of protection. However, combining them results in a greater probability of detecting more threats with higher precision. Each method will ultimately play on the other’s strengths for a maximum level of protection.
2. Enhanced vulnerability management
AI enables threat detection software to think like a hacker. It can help software identify vulnerabilities that cybercriminals would typically exploit and flag them to the user. It also enables threat detection software to better pinpoint weaknesses in user devices before a threat has even occurred, unlike conventional methods. AI-backed security advances past traditional methods to better predict what a hacker would consider a vulnerability.
2. Better security recommendations
AI can help users understand the risks they face daily. An advanced threat detection software backed by AI can provide a more prescriptive solution to identifying risks and how to handle them. A better explanation results in a better understanding of the issue. As a result, users are more aware of how to mitigate the incident or vulnerability in the future.
AI and machine learning are only a piece of an effective threat detection framework. A proper threat detection framework combines new data types with the latest machine learning capabilities to develop a highly advanced analytical framework. This framework will allow for better threat cyber threat detection, prevention, and remediation.
The post The What, Why, and How of AI and Threat Detection appeared first on McAfee Blog.
Did you just get word that your personal information may have been caught up in a data breach? If so, you can take steps to protect yourself from harm should your info get into the hands of a scammer or thief.
How does that information get collected in the first place? We share personal information with companies for multiple reasons simply by going about our day—to pay for takeout at our favorite restaurant, to check into a hotel, or to collect rewards at the local coffee shop. Of course, we use our credit and debit cards too, sometimes as part of an online account that tracks our purchase history.
In other words, we leave trails of data practically wherever we go these days, and that data is of high value to hackers. Thus, all those breaches we read about.
Whether it’s a major breach that exposes millions of records or one of many other smaller-scale breaches like the thousands that have struck healthcare providers, each one serves as a reminder that data breaches happen regularly and that we could find ourselves affected. Depending on the breach and the kind of information you’ve shared with the business or organization in question, information stolen in a breach could include:
What do crooks do with that data? Several things. Apart from using it themselves, they may sell that data to other criminals. Either way, this can lead to illicit use of credit and debit cards, draining of bank accounts, claiming tax refunds or medical expenses in the names of the victims, or, in extreme cases, assuming the identity of others altogether.
In all, data is a kind of currency in of itself because it has the potential to unlock several aspects of victim’s life, each with its own monetary value. It’s no wonder that big breaches like these have made the news over the years, with some of the notables including:
As mentioned, these are big breaches with big companies that we likely more than recognize. Yet smaller and mid-sized businesses are targets as well, with some 43% of data breaches involving companies of that size. Likewise, restaurants and retailers have seen their Point-of-Sale (POS) terminals compromised, right on down to neighborhood restaurants.
When a company experiences a data breach, customers need to realize that this could impact their online safety. If your favorite coffee shop’s customer database gets leaked, there’s a chance that your personal or financial information was exposed. However, this doesn’t mean that your online safety is doomed. If you think you were affected by a breach, you can take several steps to protect yourself from the potential side effects.
One of the most effective ways to determine whether someone is fraudulently using one or more of your accounts is to check your statements. If you see any charges that you did not make, report them to your bank or credit card company immediately. They have processes in place to handle fraud. While you’re with them, see if they offer alerts for strange purchases, transactions, or withdrawals.
Our credit monitoring service can help you keep an eye on this. It monitors changes to your credit score, report, and accounts with timely notifications and guidance so you can take action to tackle identity theft.
Breached and stolen information often ends up in dark web marketplaces where hackers, scammers, and thieves purchase it to commit yet more crime. Once it was difficult to know if your information was caught up in such marketplaces, yet now an identity monitoring service can do the detective work for you.
Our service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services. From there, you’ll get guidance that you can act on, which can help protect your info and accounts from theft.
If you suspect that your data might have been compromised, place a fraud alert on your credit. This not only ensures that any new or recent requests undergo scrutiny, but also allows you to have extra copies of your credit report so you can check for suspicious activity. You can place one fraud alert with any of the three major credit reporting agencies (Equifax, Experian, TransUnion) and they will notify the other two. A fraud alert typically lasts for a year, although there are options for extending it as well.
Freezing your credit will make it highly difficult for criminals to take out loans or open new accounts in your name, as a freeze halts all requests to pull your credit—even legitimate ones. In this way, it’s a far stronger measure than placing a fraud alert. Note that if you plan to take out a loan, open a new credit card, or other activity that will prompt a credit report, you’ll need to take extra steps to see that through while the freeze is in place. (The organization you’re working with can assist with the specifics.) Unlike the fraud alert, you’ll need to contact each major credit reporting agency to put one in place. Also, a freeze lasts as long as you have it in place. You’ll have to remove it yourself, again with each agency.
You can centrally manage this process with our security freeze service, which stops companies from looking at your credit profile, and thus halts the application process for loans, credit cards, utilities, new bank accounts, and more. A security freeze won’t affect your credit score.
Ensure that your passwords are strong and unique. Many people utilize the same password or variations of it across all their accounts. Therefore, be sure to diversify your passcodes to ensure hackers cannot obtain access to all your accounts at once, should one password be compromised. You can also employ a password manager to keep track of your credentials, such as the one you’ll find in comprehensive online protection software.
If the unfortunate happens to you, an identity theft coverage & restoration service can help you get back on your feet. Ours offers $1 million in coverage for lawyer fees, travel expenses, and stolen funds reimbursement. It further provides support from a licensed recovery expert who can take the needed steps to repair your identity and credit. In all, it helps you recover the costs of identity theft along with the time and money it takes to recover from it.
You can take this step any time, even if you haven’t been caught up in a data breach. The fact is that data broker companies collect and sell thousands of pieces of information on millions and millions of people worldwide, part of a global economy estimated at $200 billion U.S. dollars a year. And they’ll sell it to anyone—from advertisers for their campaigns, to scammers who will use it for spammy emails, texts, and calls, and to thieves who use that information for identity theft.
Yet you can clean it up. Our personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Comprehensive online protection software will offer you the tools and services listed above, along with further features that can protect you online. That includes a VPN to keep your time online more private from online data collection while protecting it from thieves who’re out to steal credit card and account information. It also includes web browsing protection that can warn you of sketchy websites and malicious downloads that look to steal your information. In all, it’s thorough protection for your devices, privacy, and identity. And in a time of data breaches, that kind of protection has become essential.
The post How to Protect Yourself From Identity Theft After a Data Breach appeared first on McAfee Blog.
This International Day of Women and Girls in Science, #TeamMcAfee is proud to join forces with the incredible McAfee Women in Security Community (WISE) to celebrate the achievements of women in Science, Technology, Engineering, and Mathematics (STEM)!
WISE is a passionate group of women (and men!) who are dedicated to creating a more inclusive and welcoming environment for all at McAfee, actively supporting and empowering the next generation of female STEM leaders.
“At WISE, we believe in nurturing a diverse and thriving community where every individual, regardless of gender, can unleash their potential. This International Day of Women and Girls in Science, we’re proud to celebrate the journeys of Arati, Sai, Defne, Richa, and Sowmya. Their stories are testaments to the transformative power of STEM, and their voices inspire young women to dream big and pursue their passion for science and technology.”Brenda, President of WISE
Arati, Sai, Defne, Richa, and Sowmya illustrate the transformative power of STEM, the impact of McAfee and the WISE community on their journeys, and their insightful advice for young women embarking on their own STEM journeys.
|
Arati, Sr. Director, Engineering
“During my school days, I was a curious student who did well in Science and Maths. My classmates often sought my help understanding challenging concepts, which fueled my confidence and solidified my love for these fields. I thrived in stimulating environments where I could push boundaries and explore my full potential, and STEM offered exactly that. It was the perfect path to avoid succumbing to the boredom of routine and truly discover what I could achieve.
|
|
Sai: Sr. Technology & Innovation Researcher
“Right from my early school days I liked the evidence based scientific reasoning method – using experiments and observations to draw conclusions on a phenomenon. Naturally, pursuing a career in STEM was a path I couldn’t wait to explore. Today, as a Sr. Technology & Innovation Researcher at McAfee, I continue to delve into the unknown, but with the added benefit of having a supportive community and team around me.
|
|
Defne: Director of Technology Services
“My path to STEM started with a simple spark: a love for solving problems. Growing up in a supportive environment, fueled by encouragement from parents and teachers, I was never afraid to ask questions and delve into the unknown. Fast forward to today, and I’m the Director of Technology Services at McAfee, leading a team that supports People Success and Legal systems.
|
|
Richa: Technical Program Manager
“Driven by a thirst for knowledge and a deep desire to contribute to the world, I embarked on my STEM journey fueled by my passion for science. Today, as a Technical Program Manager with over 10 years at McAfee, I’m proud to be part of a company that fosters innovation and empowers individuals to make a difference.
|
|
Sowmya: Data Governance Manager
“Growing up surrounded by academia, with a mother who rose to lead a women’s college, instilled in me a deep yearning for both career advancement and leadership. But it was the allure of logical problem-solving and the thrill of technology’s evolution, like witnessing the first Indian cell phone, that truly drew me to STEM. I embarked on a journey to unravel the intricacies of cellular and satellite communication systems with a bachelor’s in electronics and communications engineering, eager to play my part in shaping the future and being at the forefront of innovation and emerging technologies.
|
The post Celebrating International Day of Women and Girls in Science appeared first on McAfee Blog.
As with any major holiday or special occasion, Valentine’s Day is unfortunately not immune to scammers looking for an opportunity to exploit unsuspecting individuals. Their deceitful acts can break hearts and bank accounts. In this article, we spotlight some common Valentine’s Day scams, offer tips on how to protect yourself and navigate this romantic day with confidence and caution.
Valentine’s Day is a time when love is in the air. It’s a time to express your feelings for that special someone in your life, or perhaps even embark on a new romantic journey. But while you’re busy planning that perfect dinner or choosing the ideal gift, there’s an unromantic side to the day that you should be aware of – the potential for scams.
Scammers, always looking for new ways to trick people into parting with their money, use the heightened emotions of Valentine’s Day to their advantage. They prey on the unwary, the love-struck, and even the lonely – anyone who might let their guard down in the quest for love or the pursuit of the perfect gift. And in our increasingly digital world, these unscrupulous individuals have more ways than ever to reach potential victims.
→ Dig Deeper: AI Goes Dating: McAfee Study Shows 1 in 3 Men Plan to Use Artificial Intelligence to Write Love Letters this Valentine’s Day
Knowledge is power, as the saying goes, and that’s certainly true when it comes to protecting yourself from scams. By understanding the types of scams that are common around Valentine’s Day, you can be better prepared to spot them – and avoid falling victim.
One of the most common Valentine’s Day scams is the romance scam. Scammers, often posing as potential love interests on dating websites or social media, manipulate victims into believing they are in a romantic relationship. Once they have gained their victim’s trust, they ask for money – perhaps to pay for a flight so they can meet in person, or because of a sudden personal crisis. These scams can be emotionally devastating, and they can also result in significant financial loss.
→ Dig Deeper: Fraudulent Adult Dating Services Turn 10 Years Old, Still Evolving
Another popular scam around Valentine’s Day involves online shopping. With many people seeking the perfect gift for their loved ones, scammers set up fake websites that appear to sell everything from jewelry to concert tickets. After making a purchase, the unsuspecting victim either receives a counterfeit product or, in some cases, nothing at all. Additionally, these sites may be designed to steal credit card information or other personal data.
Phishing scams are also common. In these scams, victims receive emails that appear to be from a legitimate company – perhaps a florist or a candy company – asking them to confirm their account information or to click on a link. The goal is to steal sensitive information, such as credit card numbers or login credentials.
While the existence of these scams is unquestionably concerning, the good news is that there are steps you can take to protect yourself. Valentine’s Day should be a celebration of love, not a source of stress and worry.
One of the most important is to be aware that these scams exist and to be cautious when interacting with unfamiliar people or websites. If something seems too good to be true, it probably is.
When shopping online, make sure the website you are using is secure, and consider using a credit card, which offers greater protection against fraud compared to other forms of payment. Be wary of emails from unknown sources, especially those that ask for personal information or urge you to click on a link.
For shopping scams, it’s recommended to do research on any unfamiliar online retailer before making a purchase. Look for reviews or complaints about the retailer on independent consumer websites. If the website is offering items at a price that seems too good to be true, it likely is. Also, consider the website’s URL. A URL that begins with ‘https://’ indicates that the website encrypts user information, making it safer to input sensitive information than on websites with ‘http://’ URLs.
Forewarned is forearmed, and having advanced strategies to detect and avoid scams is also a strong line of defense. When it comes to online dating, be sure to thoroughly vet any potential romantic interests. This involves doing a reverse image search of profile photos, which can quickly reveal if a picture has been stolen from another online source. Additionally, be aware of red flags such as overly-flattering messages or requests to move the conversation to a private email or messaging app.
McAfee Pro Tip: If you’re considering using one of these for a bit of dating beyond a dating app or simply to stay connected with family and friends, the key advice is to do your homework. Look into their security measures and privacy policies, especially because some have faced security issues recently. For more information, take a look at this article on video conferencing to ensure you can keep hackers and uninvited guests away when you’re chatting.
If you come across a scam or fall victim to one, it’s crucial to report it to the appropriate authorities. This helps law enforcement track down scammers and alert others to the scam. In the U.S., you can report scams to the Federal Trade Commission through their website. If the scam involves a financial transaction, also report it to your bank or credit card company. They may be able to help recover your funds or prevent further losses.
Additionally, take steps to protect yourself after falling victim to a scam. This could involve changing passwords, monitoring your financial accounts for unusual activity, or even freezing your credit. It can also be beneficial to alert your friends and family to the scam, both to protect them and to gain their support and assistance in dealing with the aftermath of the scam.
→ Dig Deeper: How To Report An Online Scam
The unfortunate reality is that scammers are ever-present and always looking for new ways to exploit unsuspecting victims. However, by being informed, cautious, and proactive, you can significantly decrease your chances of falling victim to a Valentine’s Day scam. Whether you’re looking for love or shopping for the perfect gift, remember to always prioritize your safety and security.
And if you do encounter a scam, take comfort in knowing that you’re not alone and there are resources available to help. McAfee’s blogs and reports are just some of them. By reporting scams to the authorities, you’re doing your part to help stop scammers in their tracks and protect others from falling victim. Remember, Valentine’s Day is a day for celebrating love, not for worrying about scammers. Stay safe, stay informed, and don’t let a scammer ruin your Valentine’s Day.
Remember to always stay vigilant. Protect your heart and your bank account, and make sure your Valentine’s Day is filled with love and happiness, not regret and frustration. Don’t let scammers break your heart or your bank account – on Valentine’s Day or on any other day.
The post Valentine’s Alert: Don’t Let Scammers Break Your Heart or Your Bank Account appeared first on McAfee Blog.
In recent times, the humble password’s efficacy as a security measure has come under scrutiny. With tendencies to be easily guessed, stolen, or bypassed, passwords have been deemed inadequate for securing sensitive information. Thankfully, more secure alternatives have emerged, with terms such as “two-factor” and “multi-factor” authentication gaining traction.
However, these terms may seem abstract to those unfamiliar with them, potentially leading to confusion about their functions and differences. This article aims to break down these forms of authentication, explaining how they work and how they can enhance online information security.
Before diving into the intricacies of multi-factor and two-factor authentication, it is pertinent to understand their predecessor: single-factor authentication. The simplest form of authentication, single-factor authentication, requires only one factor to verify a user’s identity. Typically, this involves matching a password with a corresponding username, a method used universally for online account logins.
While convenient in its simplicity, single-factor authentication carries glaring security flaws. Easy-to-guess passwords or stolen credentials can lead to unauthorized access, compromising the security of user accounts and confidential information. Hence, it became necessary to introduce additional layers of security to the authentication process, giving rise to two-factor and multi-factor authentication.
→ Dig Deeper: The Optus Data Breach – Steps You Can Take to Protect Yourself
Two-factor authentication augments the simplicity of single-factor authentication with an extra layer of security. Besides providing a password, users are also required to verify their identity with an additional factor that only they possess. This additional factor often takes the form of a unique code sent to the user’s mobile phone.
The rationale behind this method is straightforward: even if a hacker manages to secure a user’s password, they would still require the unique code to gain access. However, it is important to note that this method is not completely foolproof. Crafty hackers able to intercept the unique code or create duplicate websites to steal credentials can still bypass this security measure. Despite these vulnerabilities, the complexities involved in these hacking methods make two-factor authentication considerably safer than its single-factor counterpart.
Also worth mentioning is “true” two-factor authentication, which involves giving users a unique device, such as a security token, that generates a unique code for the user. This code, which changes at set intervals, is matched with a profile in a database, making guessing impossible.
Building upon the concepts of two-factor authentication, multi-factor authentication introduces even more factors for user verification. These factors usually include something that the user possesses and something unique to their physical being, such as a retina or fingerprint scan. Location and time of day can also serve as additional authentication factors.
While the notion of multi-factor authentication may seem like a concept from a science fiction movie, it is already being used extensively, especially by financial institutions. Advancements in camera technology have enabled the implementation of facial recognition as a secure method of recognition, adding another factor to the multi-factor authentication process.
→ Dig Deeper: Banks are Using Biometric Measures to Protect Against Fraud
With the potential vulnerabilities associated with single-factor authentication, implementing two-factor or multi-factor authentication for sensitive online accounts becomes a necessity. These added layers of security help to safeguard your digital information from unscrupulous elements. Two-factor authentication utilizes a password and an extra verification layer, such as a unique code sent to your mobile device, to ensure that you’re indeed the account holder. With multi-factor authentication, additional verification elements are added, such as biometric data or your physical location.
So how do you implement these forms of authentication? Most online service providers now offer two-factor authentication as an option in their security settings. Once you’ve opted for this extra level of security, you’ll be required to input a unique code sent to your mobile device each time you attempt to log in. For multi-factor authentication, the process might require additional steps, such as providing biometric data like facial recognition or fingerprints. However, these extra steps are a small inconvenience compared to the potential risk of your sensitive information being compromised.
→ Dig Deeper: Make a Hacker’s Job Harder with Two-step Verification
Biometric authentication is a subset of multi-factor authentication that relies on unique physical or behavioral traits for verification. Biometric authentication methods include facial recognition, fingerprints, iris scans, voice recognition, and even your typing pattern. These methods are gradually becoming mainstream, with smartphone manufacturers leading the way in implementing fingerprint scanners and facial recognition technology into their devices. Biometric authentication’s edge over traditional passwords lies in its uniqueness; while passwords can be guessed or stolen, biometric traits are unique to each individual.
As with all forms of technology, biometric authentication also has its drawbacks. For instance, it may not always be accurate, as facial features or fingerprints may change over time due to aging or injury. Also, there are valid concerns about privacy and the potential misuse of biometric data if it falls into the wrong hands. However, with proper safeguards and data encryption in place, biometric authentication can be a secure and efficient way to protect online accounts from unauthorized access.
McAfee Pro Tip: Biometric authentication definitely has its strengths and weaknesses, so it’s important to choose the best combination of authentication and security software for your devices and accounts. Learn more about the opportunities and vulnerabilities of biometric authentication.
As our digital footprint grows, so does the need for secure authentication methods. Single-factor authentication, although simple and convenient, is no longer sufficient to protect sensitive online information. Two-factor and multi-factor authentication provide an additional layer of security, significantly reducing the risk of unauthorized access.
Additionally, advancements in biometric technology have introduced a new realm of secure verification methods unique to each individual. Remember, the goal is not to eliminate all risks but to reduce them to a level that’s acceptable and manageable. When setting up your online accounts, always opt for the highest level of security available, whether it’s two-factor, multi-factor, or biometric authentication. Take full advantage of these methods, and ensure you’re doing everything you can to safeguard your digital information.
The post Two-Factor vs. Multi-Factor Authentication: What’s the Difference? appeared first on McAfee Blog.
Recent Internet attacks have caused several popular sites to become unreachable. These include Twitter, Etsy, Spotify, Airbnb, Github, and The New York Times. These incidents have highlighted a new threat to online services: botnets powered by the Internet of Things (IoT). Distributed denial of service (DDoS) attacks have been around for over a decade and, for the most part, have been handled by network providers’ security services. However, the landscape is changing.
The primary strategy in these attacks is to control a number of devices which then simultaneously flood a destination with network requests. The target becomes overloaded and legitimate requests cannot be processed. Traditional network filters typically handle this by recognizing and blocking systems exhibiting this malicious behavior. However, when thousands of systems mount an attack, these traditional filters fail to differentiate between legitimate and malicious traffic, causing system availability to crumble.
Cybercriminals and hacktivists have found a new weapon in this war: the IoT. Billions of IoT devices exist, ranging in size from a piece of jewelry to a tractor. These devices all have one thing in common: they connect to the internet. While this connection offers tremendous benefits, such as allowing users to monitor their homes or check the contents of their refrigerators remotely, it also presents a significant risk. For hackers, each IoT device represents a potential recruit for their bot armies.
A recent attack against a major DNS provider shed light on this vulnerability. Botnets containing tens or hundreds of thousands of hijacked IoT devices have the potential to bring down significant sections of the internet. Over the coming months, we’ll likely discover just how formidable a threat these devices pose. For now, let’s dig into the key aspects of recent IoT DDoS attacks.
The proliferation of Internet of Things (IoT) devices has ushered in a new era of digital convenience, but it has also opened the floodgates to a range of cybersecurity concerns. To navigate the complexities of this digital landscape, it’s essential to grasp five key points:
Each device that can be hacked is a potential soldier for a botnet army, which could be used to disrupt essential parts of the internet. Such attacks can interfere with your favorite sites for streaming, socializing, shopping, healthcare, education, banking, and more. They have the potential to undermine the very foundations of our digital society. This underscores the need for proactive measures to protect our digital way of life and ensure the continued availability of essential services that have become integral to modern living.
→Dig Deeper: How Valuable Is Your Health Care Data?
Hackers will fight to retain control over them. Though the malware used in the Mirai botnets is simple, it will evolve as quickly as necessary to allow attackers to maintain control. IoT devices are significantly valuable to hackers as they can enact devastating DDoS attacks with minimal effort. As we embrace the convenience of IoT, we must also grapple with the responsibility of securing these devices to maintain the integrity and resilience of our increasingly digitized way of life.
Identifying and mitigating attacks from a handful of systems is manageable. However, when tens or hundreds of thousands of devices are involved, it becomes nearly impossible. The resources required to defend against such an attack are immense and expensive. For instance, a recent attack that aimed to incapacitate Brian Krebs’ security-reporting site led to Akamai’s Vice President of Web Security stating that if such attacks were sustained, they could easily cost millions in cybersecurity services to keep the site available. Attackers are unlikely to give up these always-connected devices that are ideal for forming powerful DDoS botnets.
There’s been speculation that nation-states are behind some of these attacks, but this is highly unlikely. The authors of Mirai, a prominent botnet, willingly released their code to the public, something a governmental organization would almost certainly not do. However, it’s plausible that after observing the power of IoT botnets, nation-states are developing similar strategies—ones with even more advanced capabilities. In the short term, however, cybercriminals and hacktivists will continue to be the primary drivers of these attacks.
→ Dig Deeper: Mirai Botnet Creates Army of IoT Orcs
In the coming months, it’s expected that criminals will discover ways to profit from these attacks, such as through extortion. The authors of Mirai voluntarily released their code to the public—an action unlikely from a government-backed team. However, the effectiveness of IoT botnets hasn’t gone unnoticed, and it’s a good bet that nation-states are already working on similar strategies but with significantly more advanced capabilities.
Over time, expect cybercriminals and hacktivists to remain the main culprits behind these attacks. In the immediate future, these groups will continue to exploit insecure IoT devices to enact devastating DDoS attacks, constantly evolving their methods to stay ahead of defenses.
→ Dig Deeper: Hacktivists Turn to Phishing to Fund Their Causes
Unfortunately, the majority of IoT devices lack robust security defenses. The devices currently being targeted are the most vulnerable, many of which have default passwords easily accessible online. Unless the owner changes the default password, hackers can quickly and easily gain control of these devices. With each device they compromise, they gain another soldier for their botnet.
To improve this situation, several factors must be addressed. Devices must be designed with security at the forefront; they must be configured correctly and continuously managed to keep their security up-to-date. This will require both technical advancements and behavioral changes to stay in line with the evolving tactics of hackers.
McAfee Pro Tip: Software updates not only enhance security but also bring new features, better compatibility, stability improvements, and feature removal. While frequent update reminders can be bothersome, they ultimately enhance the user experience, ensuring you make the most of your technology. Know more about the importance of software updates.
Securing IoT devices is now a critical issue for everyone. The sheer number of IoT devices, combined with their vulnerability, provides cybercriminals and hacktivists with a vast pool of resources to fuel potent DDoS campaigns. We are just beginning to observe the attacks and issues surrounding IoT security. Until the implementation of comprehensive controls and responsible behaviors becomes commonplace, we will continue to face these challenges. By understanding these issues, we take the first steps toward a more secure future.
Take more steps with McAfee to secure your digital future. Explore our security solutions or read our cybersecurity blogs and reports.
The post Top 5 Things to Know About Recent IoT Attacks appeared first on McAfee Blog.
Human beings are remarkable in their resilience. Beyond our ability to build and grow civilizations, we possess a somewhat less understood but equally important characteristic – the ability to deceive ourselves. The implications of this trait are vast and diverse, sometimes manifesting in seemingly irrational behavior, such as underestimating risks in the realm of cybersecurity.
Psychology explores the distinguishing factor of mankind from the rest of the species on our planet – reason. How we perceive the world around us and how we act, whether consciously or subconsciously, is governed by our minds. However, when it comes to risk assessment, our brain often falls prey to its limitations. It’s our innate tendencies to underestimate slowly rising threats, substitute one risk for another, or fall under the illusion of control that reveal our resilience in ignoring the hard truths. This applies to today’s digital environment and our approach to cybersecurity.
These psychological tendencies significantly impact the world of cybersecurity. Employees often justify risky behaviors like clicking on unknown links or emails or dismiss their gut feeling when something feels suspicious. Cybersecurity professionals might put an overinflated trust in their own abilities to handle the next threat, rather than seeking help from a third party with potentially more experience. The slow trickle of breaches that make the headlines create an illusion that we are somehow immune to the next one, and while we stay in denial, the risk continues to mount unnoticed.
Survey data provides some alarming insights. According to McAfee’s research among American consumers, 71% of those aged 18-34 believe their data is more secure today than it was a year ago. Similarly, 65% of those aged 35-54 agree. This is in stark contrast to the rapidly growing threats in our virtual world, exemplified by the fact that ten years ago, McAfee Labs observed 25 new threats per day, whereas today we face more than 400,000 new threats per day!
→ Dig Deeper: McAfee Labs Report Reveals Latest COVID-19 Threats and Malware Surges
Despite recognising the growing dangers of the cyberspace, consumers often overestimate their own capabilities to defend against such threats. This overconfidence coupled with self-deception presents an ideal opportunity for threat actors to exploit their vulnerabilities. The victims, both consumers and cybersecurity professionals alike, unknowingly advertise themselves as easy targets for the next cyber attack.
Fortunately, there is a solution to this problem. While it might be unrealistic to completely eliminate our inborn tendencies towards self-deceit, we can certainly address them through open dialogue and constructive discussions about our propensity to miscalculate risks. By doing so, we can disarm the enemies, significantly reducing their arsenal and mitigating the threats.
McAfee Pro Tip: Everything starts with self-awareness. We can only disarm these enemies–hackers, in this context–if we inform ourselves of the latest cybersecurity threats that might come our way. Find out more about the latest cybersecurity news on McAfee.
If you would like to learn more about the perceptions of cybersecurity risks, consider reading the book titled, “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War.” This book delves deeper into the complexities of cybersecurity, explaining in detail the intricacies of navigating the cyber threat environment and how to protect yourself effectively.
In addition, McAfee has developed a holistic strategy to transform the learning experience of cybersecurity into an informative journey. Our resources encompass a diverse collection of blogs, enlightening reports, and instructive guides. These materials have been carefully crafted to offer users a wealth of information on safeguarding your online life.
The human brain has been wired over thousands of years of evolution to protect us from threats and ensure our survival. Unfortunately, due to this “protection” mechanism, it often deceives us about the realities of risk. This deception is not intentional but a result of cognitive biases, which are ingrained predispositions that influence our judgement and decision-making.
Various cognitive biases come into play while evaluating risk. For instance, the ‘optimism bias’ leads us to believe that we are less prone to negative outcomes than others. The ‘confirmation bias’ induces us to interpret information in a way that validates our preexisting beliefs. In the cybersecurity landscape, these biases can push us towards underestimating the threats and overestimating our abilities to tackle them.
The optimism bias, for one, can make individuals and organizations overly optimistic about their cybersecurity posture. This bias may lead them to believe that they are less likely to experience a security breach than others, even when they have the same or similar vulnerabilities. This can result in underinvestment in security measures and a lack of preparedness for potential threats.
Confirmation bias, meanwhile, can lead cybersecurity professionals to selectively seek and interpret information that aligns with their preexisting beliefs about security. For example, if an organization believes that a specific security technology is the best solution, they may unconsciously filter out data that contradicts this view. This can result in the implementation of ineffective security measures and a false sense of security.
Recognizing and addressing these biases is crucial in the field of cybersecurity to ensure that risks are accurately assessed, and appropriate measures are taken to protect sensitive data and systems. Cybersecurity professionals should strive to maintain objectivity, seek diverse perspectives, and engage in ongoing risk assessment and mitigation efforts to counteract these biases.
Given how our inbuilt cognitive biases can negatively impact our risk judgments, it is critical to take efforts towards mitigating the resultant miscalculations. Firstly, we need to acknowledge that our minds are prone to deception and can mislead us in evaluating cyber threats. This involves being open to critique and willing to question our assumptions regarding cybersecurity.
Secondly, we need to foster a culture of learning and awareness around cybersecurity. Regular training programs and workshops can help individuals understand the potential threats and learn how to counteract them effectively. Cybersecurity awareness needn’t be a one-time event; it should be an ongoing process. Finally, embracing a proactive approach to cybersecurity that focuses on preventing threats rather than merely responding to them can further help in reducing the risk. This approach not only fortifies our defenses but also empowers us to adapt and thrive in an increasingly interconnected world, where the security of our information is of paramount importance.
→ Dig Deeper: See Yourself in Cyber – Five Quick Ways You Can Quickly Get Safer Online
The deception and resilience of the human mind are two sides of the same coin. While they contribute to our survival and success as a species, they can sometimes lead us astray in intricate domains like cybersecurity. Recognizing our cognitive biases and striving to overcome them can help us better assess and respond to cyber threats. With a proactive approach to cybersecurity and ongoing efforts towards raising awareness, we can make strides towards a safer virtual world.
We invite you to explore the subject further with the book, “The Second Economy: The Race for Trust, Treasure and Time in the Cybersecurity War”. It provides a comprehensive look at the complex world of cybersecurity and offers valuable insights into navigating the cyber threat environment effectively. Alternatively, you can also browse our cybersecurity resources at McAfee.
The post Cybersecurity: Miscalculating Cyber Threats appeared first on McAfee Blog.
As we gear up to feast with family and friends this Thanksgiving, we prepare our wallets for Black Friday and Cyber Monday. Black Friday and Cyber Monday have practically become holidays themselves, as each year, they immediately shift our attention from turkey and pumpkin pie to holiday shopping. Let’s look at these two holidays and how their popularity can impact users’ online security, and grab a great Black Friday holiday deal from McAfee.
You might be surprised that “Black Friday” was first associated with a financial crisis, not sales shopping. The U.S. gold market crashed on Friday, September 24, 1869, leaving Wall Street bankrupt. In the 1950s, Black Friday was associated with holiday shopping when large crowds of tourists and shoppers flocked to Philadelphia for a big football game. Because of all the chaos, traffic jams, and shoplifting opportunities that arose, police officers could not take the day off, coining it Black Friday. It wasn’t until over 50 years later that Cyber Monday came to fruition when Shop.org coined the term as a way for online retailers to participate in the Black Friday shopping frenzy.
In conclusion, the origins of “Black Friday” are indeed surprising and far removed from the image of holiday shopping extravaganzas that we associate with the term today. These historical roots offer a fascinating perspective on the evolution of consumer culture and the significance of these shopping events in modern times.
Since the origination of these two massive shopping holidays, both have seen incredible growth. Global interest in Black Friday has risen year-over-year, with 117% average growth across the last five years. According to Forbes, 2018’s Black Friday brought in $6.2 billion in online sales alone, while Cyber Monday brought in a record $7.9 billion.
While foot traffic seemed to decrease at brick-and-mortar stores during Cyber Week 2018, more shoppers turned their attention to the Internet to participate in holiday bargain hunting. Throughout this week, sales derived from desktop devices came in at 47%, while mobile purchases made up 45% of revenue and tablet purchases made up 8% of revenue.
So, what does this mean for Black Friday and Cyber Monday shopping this holiday season? In 2023, Adobe Analytics anticipates that Cyber Monday will maintain its status as the most significant shopping day of the season and the year, spurring a historic $12 billion in spending, reflecting a year-over-year increase of 6.1%. Online sales on Black Friday are expected to increase by 5.7% year over year, reaching $9.6 billion, while Thanksgiving is projected to grow by 5.5% year over year, amounting to $5.6 billion in spending.
If one thing’s for sure, this year’s Black Friday and Cyber Monday sales are shaping up to be the biggest ones for shoppers looking to snag some seasonal bargains. However, the uptick in online shopping activity provides cybercriminals the perfect opportunity to wreak havoc on users’ holiday fun, potentially disrupting users’ festive experiences and compromising their online security. In light of this, it is crucial to take proactive measures to safeguard your digital presence. One effective way to do so is by investing in top-tier online protection solutions. McAfee, a renowned leader in the field, offers award-winning cybersecurity solutions designed to shield you from the ever-evolving threats in the digital landscape. Explore the features of our McAfee+ Ultimate and Total Protection and be informed of the latest cyber threats with McAfee Labs.
→ Dig Deeper: McAfee 2023 Threat Predictions: Evolution and Exploitation
With the surge in online shopping during Black Friday and Cyber Monday, cybercriminals are also on high alert, crafting sophisticated scams to trick unsuspecting shoppers. One common form of scam you’ll come across during this time is fraudulent websites. These sites masquerade as reputable online retailers, luring customers with too-good-to-be-true deals. Once shoppers enter their personal and financial data, the criminals behind these sites gain access to the sensitive information, paving the way for identity theft.
Phishing emails are another popular mode of scam during these shopping holidays. Shoppers receive emails that appear to be from legitimate stores advertising incredible deals. The emails typically contain links that direct users to a fraudulent website where their information can be stolen. It’s essential to approach every email suspiciously, checking the sender’s information and avoiding clicking on unsolicited links.
→ Dig Deeper: How to Protect Yourself From Phishing Scams
Thankfully, there are steps you can take to protect yourself when shopping online during Black Friday and Cyber Monday. First, always ensure that the website you’re shopping from is legitimate. Check for the padlock icon in the address bar and “https” in the URL, as these are indicators of a secure site. Steer clear of websites that lack these security features or have misspelled domain names, as they could be fraudulent.
McAfee Pro Tip: When browsing a website, there are several essential cues to consider when assessing its safety. As mentioned, one such indicator is the presence of “https” in the website’s URL. But there are also other tell-tale signs, such as fake lock icons, web copy, web speed, and more. Know how to tell whether a website is safe.
Furthermore, never provide personal or financial information in response to an unsolicited email, even if it appears to be from a trusted source. If the offer seems tempting, visit the retailer’s official website and check if the same deal is available there. Finally, consider installing a reputable antivirus and security software, like McAfee, that can provide real-time protection and alert you when you stumble upon a malicious website or receive a phishing email.
Black Friday and Cyber Monday are prime opportunities for consumers to snag once-a-year deals and for cybercriminals to exploit their eagerness to save. However, being aware of the prevalent scams and knowing how to protect yourself can save you from falling prey to these ploys. Always strive to shop smart and stay safe, and remember that if an offer seems too good to be true, it probably is.
The post Secure Your Black Friday & Cyber Monday Purchases appeared first on McAfee Blog.
In today’s world, most communication happens through the internet, facilitated by numerous applications. The web is a lively center filled with various activities such as news, videos, education, blogs, gaming, activism, and entertainment. Notably, social media apps have morphed into the digital meeting points for netizens. Our society is undeniably superbly interconnected, and our digital persona is greatly treasured.
However, this isn’t always beneficial, especially for teenagers who may be overwhelmed by the deluge of information, leading to stress. Stress is a common part of our daily lives, emerging from our education, employment, relationships, and surroundings. A similar situation transpires online. In fact, we tend to cope with stress by expressing our frustrations, confronting problems directly, or evading the issue altogether. Yet, the ways to cope with stress in the virtual world differ. Online stress can arise from unique triggers, and its repercussions can rapidly escalate and proliferate at an alarming rate.
The rise of social media has brought a concerning phenomenon – social media stress in children. As these young individuals navigate the complex virtual world, they often encounter a range of stressors that can significantly impact their emotional and psychological well-being. Understanding these underlying causes is a crucial step in addressing and mitigating the adverse effects of social media on our younger generations. Let’s delve into the causes of social media stress in children and shed light on the various factors that contribute to this growing issue:
Besides the more obvious and well-documented sources of social media stress in children, there exist several other significant triggers that contribute to the overall stress levels experienced by young individuals in the digital age, and these may include:
→ Dig Deeper: The Ultimate Guide to Safe Sharing Online
→ Dig Deeper: More Dangers of Cyberbullying Emerge—Our Latest Connected Family Report
→ Dig Deeper: 5 Screen Time Principles to Establish When Your Kids are Still Babies
Parenting plays a major role in helping children learn how to tackle social media stress. As parents, you know your children the best. Yes, even teens. Observe them, and if you note any change in their social media habits or general behavior, talk to them. The earlier you start having frank one-to-one conversations, the easier it will be for you later. But before that, you may need to modify your response to stress and learn to control your reactions. That way, you will teach them a very important lesson without using a single word.
Children can learn to manage social media stress by developing a healthy online etiquette and creating boundaries for their online activities. Encourage them to accept differences and realize that people have varied opinions. Remind them not to make judgments based on someone’s online bio and pictures and to understand that life isn’t a bed of roses for anyone. Another important step is to help them understand how important it is to respond tactfully when things get heated online. It’s essential that they understand the power of choosing not to engage in online altercations. Being silent doesn’t mean they’re weak but smart enough not to get provoked. If any online situation becomes too intense, they should be encouraged to report and block the perpetrator immediately.
McAfee Pro Tip: Since each child’s level of maturity and cognitive capacity to manage online challenges varies, a one-site-fits-all approach to balancing social media and mental health won’t work for everyone. Find tips on how to find the best method for your child.
One of the keys to managing stress caused by social media is ensuring that kids practice digital balance. Set screen time limits and encourage them to make and maintain friendships in the real world. In-person interactions promote emotional growth and provide a well-rounded social experience. Moreover, it’s crucial to instill the idea that maturity is about staying true to their values and wisdom lies in identifying the negatives and avoiding them. Just as they would in the physical world, they should be aware that the digital world comprises both good and bad elements. This awareness can help them navigate online spaces safely. Let them know the importance of applying their real-life values in the digital world and the mantra of STOP, THINK, CONNECT, should always be in their mind before posting anything online.
→ Dig Deeper: 6 Steps to Help Your Family Restore Digital Balance in Stressful Times
In conclusion, parents play a crucial role in helping their children tackle social media stress. By observing their kids’ behavioral changes, having open conversations, and setting appropriate boundaries for their online activities, parents can help their kids navigate the digital world safely. Encouraging children to accept differences, practice tact, maintain digital balance, and be aware of the good and bad online can help alleviate the stress caused by social media. Ultimately, the goal is to create a healthier and happier online space for children, free from unnecessary stress.
Improve your digital parenting with McAfee’s Parental Controls. This security tool allows parents to monitor device usage, set limits on screen time, and even keep tabs on kids’ whereabouts.
The post Handling Social Media Stress for Teens appeared first on McAfee Blog.
Maybe you do armloads of shopping on it. Maybe you skip going to the bank because you can tackle the bulk of your finances online. And perhaps you even pay your doctor a visit with it, instead of taking a trip to their office.
The way we use the internet has changed. We rely on it for a wealth of important things. Now more than ever, which makes Cybersecurity Awareness Month more important than ever.
Every October, we proudly take part in Cybersecurity Awareness Month. In partnership with the U.S. Cybersecurity and Infrastructure Agency (CISA) and a host of organizations in the private sector, we shed light on an essential topic—a safer internet.
The time of the internet as a novelty has long passed. The internet isn’t just nice. It’s essential. To the point that it’s a utility, like power or water. With that, a safe internet is a must.
Granted, amid news of data breaches and major hacks, it might seem like the notion of a safer internet is out of your hands. After all, what can you do to make the internet a safer place?
Plenty.
Extra awareness and a few straightforward actions can make your time online far safer than before. And that’s a common theme here on our blog. Even as new threats appear daily, you live in a time where you have some of the most comprehensive and easy-to-use tools to combat them—and keep yourself safe.
With that, Cybersecurity Awareness Month comes with a quick five-step checklist you can run through. Set aside some time this month to knock out each item. You’ll find yourself much more secure from hacks, attacks, and identity theft in the wake of data breaches.
Let’s dive in.
Strong, unique passwords offer another primary line of defense. Yet with all the accounts we have floating around, juggling dozens of strong and unique passwords can feel like a task. Thus the temptation to use (and re-use) simpler passwords. Hackers love this because one password can be the key to several accounts. Instead, try a password manager that can create those passwords for you and safely store them as well. Comprehensive security software like ours will include a password manager.
Updates do all kinds of great things for gaming, streaming, and chatting apps—like adding more features and functionality over time. Updates do something else. They make those apps more secure. Hackers will hammer away at apps to find or create vulnerabilities, which can steal personal info or compromise the device itself. Updates will often include security improvements, in addition to performance improvements.
For your computers and laptops:
For your smartphones:
For your smartphone apps:
Whether they come by way of an email, text, direct message, or as bogus ads on social media and in search, phishing attacks remain popular with cybercriminals. Across their various forms, the intent remains the same—to steal personal or account info by posing as a well-known company, organization, or even someone the victim knows. And depending on the info that gets stolen, it can result in a drained bank account, a hijacked social media profile, or any number of different identity crimes.
What makes some phishing attacks so effective is how some hackers can make the phishing emails and sites they use look like the real thing, so learning how to spot phishing attacks has become a valuable skill nowadays. Additionally, using the power of AI, McAfee Scam Protection can alert you when scam texts pop up on your device or phone. No more guessing if a text is real or not. Further, it can block risky sites if you accidentally follow a scam link in a text, email, social media, and more.
Some signs of a phishing attack include:
Again, this can take a sharp eye to spot. When you get emails like these, take a moment to scrutinize them and certainly don’t click on any links.
Another way you can fight back against crooks who phish is to report them. Check out ReportFraud.ftc.gov, which shares reports of phishing and other fraud with law enforcement. Taken with other reports, your info can aid an investigation and help bring charges on a cybercriminal or an organized ring.
Chances are you’re using multi-factor authentication (MFA) on a few of your accounts already, like with your bank or financial institutions. MFA provides an additional layer of protection that makes it much more difficult for a hacker or bad actor to compromise your accounts even if they know your password and username. It’s common nowadays, where an online account will ask you to use an email or a text to your smartphone to as part of your logon process. If you have MFA as an option when logging into your accounts, strongly consider using it.
How did that scammer get your email address or phone number in the first place? Good chance they bought it off a data broker.
Data brokerages make up a multi-billion-dollar business worldwide. They gather and sort data linked with millions of people globally—and then sell it. To anyone. That could be advertisers, private investigators, and potential employers. That list includes hackers and scammers as well. With your data, they can skim for your contact info so they can hit you with spammy emails, calls, and texts. Worse yet, they can use that info to help them commit identity theft.
Good thing you can get your info removed from those sites. And a service like our Personal Data Cleanup can do the heavy lifting for you. It scans some of the riskiest data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. With select products, we can even manage the removal for you.
How much time do you spend on the internet each day? Between work, home, and the phone you carry around, it’s around 6.5 hours a day on average. You spend plenty of time on the internet. And important time too as you shop, bank, and tend to your health online.
Taking a few moments this month to shore up your security will make that time safer. Despite what you might have thought, you’re more in control of that than you think.
The post How much do you count on the internet every day? appeared first on McAfee Blog.
As healthcare integrates increasingly digital processes into its operations, the need for robust security measures increases. For many of us, visiting our healthcare provider involves filling out forms that are then transferred into an Electronic Health Record (EHR) system. We put our trust in these healthcare institutions, expecting them to take the necessary steps to store our sensitive data securely. However, with a significant rise in medical data breaches, a whopping 70% increase over the past seven years, it has become more important to understand how these breaches occur and how we can protect ourselves.
Recently, LabCorp, a medical testing company, announced a breach affecting approximately 7.7 million customers, exposing their names, addresses, birth dates, balance, and credit card or bank account information. This breach occurred due to an issue with a third-party billing collections vendor, the American Medical Collection Agency (AMCA). Not long before this, Quest Diagnostics, another company collaborating with AMCA, experienced a similar breach, affecting 11.9 million users.
Medical data is, by nature, nonperishable, making it a highly valuable asset for cybercriminals. This means that while a credit card number or bank account detail can be changed if compromised, medical information remains constant, maintaining its value over time. This also suggests that once procured, this information can be used for various malicious activities, from identity theft to extortion.
Realizing that the healthcare industry is riddled with various security vulnerabilities is crucial. Unencrypted traffic between servers, the ability to create admin accounts remotely, and the disclosure of private information are all shortcomings that these cybercriminals can exploit. With such access, they can permanently alter medical images, use medical research data for extortion, and much more. According to the McAfee Labs Threats Report, the healthcare sector witnessed a 210% increase in publicly disclosed security incidents from 2016 to 2017, resulting from failure to comply with security best practices or address vulnerabilities in medical software.
→ Dig Deeper: How to Safeguard Your Family Against A Medical Data Breach
While the onus lies on healthcare institutions to ensure the security of patients’ data, there are several steps that individuals can take on their own to safeguard their privacy. These steps become particularly pivotal if you think your personal or financial information might have been compromised due to recent breaches. In such instances, following certain best practices can significantly enhance your personal data security.
One such measure is placing a fraud alert on your credit. This effectively means that any new or recent requests will be scrutinized, making it challenging for fraudulent activities to occur. Additionally, the fraud alert enables you to access extra copies of your credit report, which you can peruse for any suspicious activities.
Another effective step you can consider is freezing your credit. Doing so makes it impossible for criminals to take out loans or open new accounts in your name. However, to execute this effectively, remember that credit needs to be frozen at each of the three major credit-reporting agencies – Equifax, TransUnion, and Experian.
Moreover, vigilance plays a critical role in protecting your personal data. Regularly checking your bank account and credit activity can help you spot any anomalies swiftly, allowing you to take immediate action.
McAfee Pro Tip: To lock or to freeze? That is the question. Credit lock only offers limitations in accessing an account. A credit freeze generally has more security features and financial protections guaranteed by law and the three major credit bureaus, so you’ll have more rights and protection if identity theft, fraud, scams, and other cybercrimes occur with a credit freeze compared to a credit lock. Learn more about the difference between credit freeze and credit lock here.
Identity theft protection services offer an additional layer of security to protect your personal as well as financial information. They actively monitor your accounts, provide prompt alerts for any suspicious activities, and help you recover losses if things go awry. An identity theft protection service like McAfee Identity Theft Protection can be beneficial. Remember, however, that even with such a service, you should continue practicing other security measures, as they form part of a comprehensive approach to data security.
These services work in the background to ensure constant protection. However, choosing a reputable and reliable identity theft protection service is essential. Do thorough research before committing and compare features such as monitoring services, recovery assistance, and insurance offerings. This step can help protect you not only during medical data breaches but also on other digital platforms where your personal information is stored.
If you suspect your personal data has been compromised, you should check your bank account and credit activity frequently. Regular monitoring of your accounts empowers you to stop fraudulent activity. Many banks and credit card companies provide free alerts—through an email or text message—whenever a new purchase is made, an unusual charge is noticed, or your account balance drops to a particular level.
Besides, you should also consider utilizing apps or online services provided by banks and credit companies to keep an eye on your accounts. Such tools can help you track your financial activity conveniently and take instant action if any suspicious activity is spotted. Regularly updating your contact information with banks and credit companies is also important, as it ensures you receive all alerts and updates on time.
→ Dig Deeper: Online Banking—Simple Steps to Protect Yourself from Bank Fraud
Increased digitization in the healthcare sector has brought convenience and improved patient services. However, it also presents attractive targets for cybercriminals eager to exploit vulnerabilities for personal gain. Medical data breaches are concerning due to their potential long-term impacts, so it’s critical to protect your personal information proactively.
While healthcare institutions must shoulder the primary responsibility to safeguard patient information, users are far from helpless. By placing a fraud alert, freezing your credit, using identity theft protection services like McAfee Identity Theft Protection, and maintaining vigilance over your financial activity, you can form a comprehensive defense strategy to protect yourself against potential breaches.
The post 4 Tips to Protect Your Information During Medical Data Breaches appeared first on McAfee Blog.
As of the writing of this article, the height of the pandemic seems like a distant but still vivid dream. Sanitizing packages, sparse grocery shelves, and video conferencing happy hours are things of the past for the majority of the population. Thank goodness.
A “new normal” society is adapting to today’s working culture. The work landscape changed significantly since 2020, and it might never return to what it once was. In 2022, workers spent an average 3.5 days in the office per week, which is 30% below the prepandemic in-office average.1
The work-from-home movement is likely here to stay, to the joy of employees seeking a better work-life balance and flexibility; however, some responsibility does fall upon people like you to secure home offices to protect sensitive company information.
To make sure you’re not the weak cyber link in your company’s security, make sure to follow these three tips for a secure home office.
When you’re not physically in front of your work computer, best practices dictate that you lock the screen or put your device to sleep. No matter how much you trust your family, roommates, or the trustworthy-looking person seated next to you at a café, your company device houses all kinds of corporate secrets. A stray glance from the wrong person could put that information’s secrecy in jeopardy. Plus, imagine your cat walking across your keyboard or a toddler mashing your mouse, deleting hours’ worth of work. Disastrous.
Then, when you’re done with work for the day, stow your device in a secure location, preferably a drawer with a lock. Even if your work computer is 10 times faster and sleeker than your personal laptop, keep each device in its designated sphere in your life: work devices only for work, personal devices only for personal activities.
Wi-Fi networks that are not password protected invite anyone off the street to surf on your network and eavesdrop on your online activities. A stranger sneaking on to your home Wi-Fi could be dangerous to your workplace. There would be very little stopping a stranger from spying on your connected work devices and spreading confidential information onto the dark web or leaking company secrets to the media.
There are a few steps you can take to secure your home office’s internet connection. First, make sure to change the default name and password of your router. Follow password best practices to create a strong first defense. For your router name, choose an obscure inside joke or a random pairing of nouns and adjectives. It’s best to omit your address and your real name as the name of your router, because that could alert a cybercriminal that that network belongs to you. Better yet, you can hide your router completely from strangers and only make it searchable to people who know the exact name of your network.
For an additional layer of protection, connect to a virtual private network (VPN). Your company may offer a corporate VPN. If not, signing up for your own VPN is easy. A VPN encrypts the traffic coming in and going out of your devices making it nearly impossible for a cybercriminal to burst into your online session and see what’s on your screen.
The scenarios outlined in your company’s security training may seem far-fetched, but the concepts of those boring corporate videos actually happen! For example, the huge Colonial Pipeline breach in 2021 originated from one employee who didn’t secure the company’s VPN with multifactor authentication (MFA).2 Cutting small corners like disabling MFA – which is such a basic and easy-to-use security measure – can have dire consequences.
Pay attention to your security training and make sure to follow all company cybersecurity rules and use security tools as your IT team intends. For example, if your company requires that everyone use a password manager, a corporate VPN, and multi-factor authentication, do so! And use them correctly every workday!
These tips are essential to a secure home office, but they’re also applicable to when you’re off the clock. Password- or passcode-protecting your personal laptop, smartphone, and tablet keeps prying eyes out of your devices, which actually hold more personally identifiable information (PII) than you may think. Password managers, a secure router, VPNs, and safe browsing habits will go a long way toward maintaining your online privacy.
To fill in the cracks to better protect your home devices and your PII, partner with McAfee+. McAfee+ includes a VPN, safe browsing tool, identity monitoring and remediation services, a password manager, and more for a more secure digital life.
In one global survey, 68% of people prefer hybrid work models, and nearly three-quarters of companies allow employees to work from home some of the time.3,4 The flexibility afforded by hybrid work and 100% work-from-home policies is amazing. Cutting out the time and cost of commuting five days a week is another bonus. Let’s make at-home work a lasting and secure way of professional life!
1McKinsey Global Institute, “How hybrid work has changed the way people work, live, and shop”
2The Hacker News, “Hackers Breached Colonial Pipeline Using Compromised VPN Password”
3World Economic Forum, “Hybrid working: Why there’s a widening gap between leaders and employees”
4International Foundation of Employee Benefit Plans, “Employee Benefits Survey: 2022 Results”
The post The Future of Work: How Technology & the WFH Landscape Are Making an Impact appeared first on McAfee Blog.
Have you ever lost your suitcase on vacation? You arrive at baggage claim, keeping your eyes peeled for your belongings. The carousel goes around and around dozens of times, but there’s no mistaking it: Your bag is gone. It could be anywhere!
Now, you have to shop for new outfits and restock your toiletries. A logistical headache for sure.
But have you ever lost your smartphone or your personally identifiable information (PII) on vacation? The stress and ramifications of either scenario puts the minor inconvenience of buying toothpaste into perspective. Not only is it an expensive piece of technology to replace, but the real cost comes from sensitive personal information stored on your phone that could land in a stranger’s hands.
To travel-proof your PII and mobile devices, here are some key steps you should take before, during, and after your big international trip.
The surefire way to ensure your device isn’t stolen or lost while traveling internationally is to leave it at home. If that’s a viable option, do it! When traveling outside your home country, your phone plan might not even work abroad. Before you depart, think about how you might use your smartphone on vacation. To stay in contact with your traveling partners, consider outfitting your party with prepaid phones. These basic phones are usually inexpensive, and you can buy them at most airports and convenience stores when you arrive at your destination.
If you do decide to bring your phone, here are a few quick device security measures you can put into place to protect your device and the sensitive information you have on it.
Also before you depart, do some research on the local dress, polite customs, and a few useful phrases in the local language. It’s best to try to blend in as much as possible while traveling. Revise your packing list to carry as little as possible. Wrangling a pile of luggage could distract you from paying attention to your surroundings.
Seeing world-famous landmarks with your own eyes is one of the best parts of traveling, though tourist hot spots are infamous for various pickpocketing schemes. Even when you’re dazzled by the sights, remain aware of your surroundings.
Another way to protect the information on your device is to be careful when logging into public wi-fi networks and scanning QR codes while you’re traveling. Cybercriminals can lurk on the free networks provided by hotels, cafes, airports, public libraries, etc. They wait for someone to log on and make a purchase or check their bank balance and swoop in to digitally eavesdrop on their sessions.
Luckily, there’s an easy way to surf public wi-fi networks safely: virtual private networks (VPN). When you enable a VPN on your device, it encrypts all the information running into and out of your device, making it nearly impossible for someone to track your online comings and goings. McAfee+ includes a VPN among its many other services.
QR codes are a convenient way for museums, restaurants, and other establishments to direct customers to a website for more information instead of dealing with paper pamphlets and menus. When you scan a QR code, double check that it’s official and ok to scan. Cybercriminals may post legitimate-looking QR codes that direct to suspicious sites or download malware to your device.
Once you’re home from your adventure, it’s best practice to do some digital housekeeping. For example, delete your vacation-specific apps, like the train services you used to check schedules or book tickets. The fewer apps you have, the fewer chances a cybercriminal has of stealing your personal or payment information.
Then, for the next few weeks, keep an eye on your credit card statements and any suspicious activity regarding your credit or identity. While you’re monitoring your accounts, might as well change your passwords while you’re in there. McAfee+ offers identity monitoring, credit reports, and identity theft coverage to give you extra peace of mind.
Don’t let the unease of pickpockets or hidden malware stop you from enjoying your trip! Really, it only takes a few moderations to your daily routine to help you keep your devices and identity safer.
The post A Traveler’s Guide to International Cybersecurity appeared first on McAfee Blog.
With the number of cyber threats and breaches dominating the headlines, it can seem like a Herculean task to cover all your cybersecurity bases. We’re aware that there are ten sections on this cybersecurity awareness checklist, but it won’t take hours and hours to tick every box. In fact, some of these areas only require you to check a box on your device or invest in the cybersecurity tools that will handle the rest for you. Also, you may already be doing some of these things!
It’s easy to be cyber smart. Here are the cybersecurity awareness basics to instantly boost your safety and confidence in your online presence.
Software update notifications always seem to ping on the outskirts of your desktop and mobile device at the most inconvenient times. What’s more inconvenient though is having your device hacked. One easy tip to improve your cybersecurity is to update your device software whenever upgrades are available. Most software updates include security patches that smart teams have created to foil cybercriminals. The more outdated your apps or operating system is, the more time criminals have had to work out ways to infiltrate them.
Enabling automatic updates on all your devices only takes a few clicks or taps. Many major updates occur in the early hours of the morning, meaning that you’ll never know your devices were offline. You’ll just wake up to new, secure software!
Just because social media personalities document their entire days literally from the moment they wake up, doesn’t mean you should do the same. It’s best to leave some details about your life a mystery from the internet for various reasons.
The best way to avoid all of the above is to set your online profiles to private and edit your list of followers to only people you have met in real life and trust. Also, you may want to consider revising what you post about and how often.
If you genuinely love sharing moments from your daily life, consider sending a newsletter to a curated group of close friends and family. Aspiring influencers who still wants to capture and publish every aspect of their daily lives should be extremely careful about keeping sensitive details about themselves private, such as blurring their house number, not revealing their hometown, turning off location services, and going by a nickname instead of their full legal name.
Most sites won’t even let you proceed with creating an account if you don’t have a strong enough password. A strong password is one with a mix of capital and lowercase letters, numbers, and special characters. What also makes for an excellent password is one that’s unique. Reusing passwords can be just as risky as using “password123” or your pet’s name plus your birthday as a password. A reused password can put all your online accounts at risk, due to a practice called credential stuffing. Credential stuffing is a tactic where a cybercriminal attempts to input a stolen username and password combination in dozens of random websites to see which doors it opens.
Remembering a different password for each of your online accounts is almost an impossible task. Luckily, password managers make it so you only have to remember one password ever again! Password managers safeguard all your passwords in one secure desktop extension or smartphone app that you can use anywhere.
It’s best to create passwords or passphrases that have a secret meaning that only you know. Stay away from using significant dates, names, or places, because those are easier to guess. You can also leave it up to your password manager to randomly generate a password for you. The resulting unintelligible jumble of numbers, letters, and symbols is virtually impossible for anyone to guess.
Not all corners of the internet are safe to visit. Some dark crevices hide malware that can then sneak onto your device without you knowing. There are various types of malware, but the motive behind all of them is the same: To steal your personally identifiable information (PII) or your device’s power for a cybercriminal’s own financial gain.
Sites that claim to have free downloads of TV shows, movies, and games are notorious for harboring malware. Practice safe downloading habits, such as ensuring the site is secure, checking to see that it looks professional, and inspecting the URLs for suspicious file extensions.
Additionally, not all internet connections are free from prying eyes. Public Wi-Fi networks – like those in cafes, libraries, hotels, and transportation hubs – are especially prone. Because anyone can connect to a public network without needing a password, cybercriminals can digitally eavesdrop on other people on the same network. It’s unsafe to do your online banking, shopping, and other activities that deal with your financial or sensitive personal information while on public Wi-Fi.
However, there is one way to do so safely, and that’s with a virtual private network (VPN). A VPN is a type of software you can use on your smartphone, tablet, laptop, or desktop. It encrypts all your outgoing data, making it nearly impossible for a cybercriminal to snoop on your internet session.
You’ve likely already experienced a phishing attempt, whether you were aware of it or not. Phishing is a common tactic used to eke personal details from unsuspecting or trusting people. Phishers often initiate contact through texts, emails, or social media direct messages, and they aim to get enough information to break into your online accounts or to impersonate you.
AI text generator tools are making it more difficult to pinpoint a phisher, as messages can seem very humanlike. Typos and nonsensical sentences used to be the main indicator of a phishing attempt, but text generators generally use correct spelling and grammar. Here are a few tell-tale signs of a phishing attempt:
Never engage with a phishing attempt. Do not forward the message or respond to them and never click on any links included in their message. The links could direct to malicious sites that could infect your device with malware or spyware.
Before you delete the message, block the sender, mark the message as junk, and report the phisher. Reporting can go a long way toward hopefully preventing the phisher from targeting someone else.
When a security breach occurs, you can be sure that the news will report it. Plus, it’s the law for companies to notify the Federal Trade Commission of a breach. Keep a keen eye on the news and your inbox for notifications about recent breaches. Quick action is necessary to protect your personal and financial information, which is why you should be aware of current events.
The moment you hear about a breach on the news or see an email from a company to its customers about an incident, change your account’s password and double check your account’s recent activity to ensure nothing is amiss. Then await further action communicated through official company correspondences and official channels.
Cybercriminals aren’t above adding insult to injury and further scamming customers affected in breaches. Phishers may spam inboxes impersonating the company and sending malware-laden links they claim will reset your password. Continue to scrutinize your messages and keep an eye on the company’s official company website and verified social media accounts to ensure you’re getting company-approved advice.
One great mantra to guide your cybersecurity habits is: If you connect it, protect it. This means that any device that links to the internet should have security measures in place to shield it from cybercriminals. Yes, this includes your smart TV, smart refrigerator, smart thermostat, and smart lightbulbs!
Compose a list of the smart home devices you own. (You probably have more than you thought!) Then, make sure that every device is using a password you created, instead of the default password the device came with. Default passwords can be reused across an entire line of appliances. So, if a cybercriminal cracks the code on someone else’s smart washing machine, that could mean they could weasel their way into yours with the same password.
Another way to secure your connected home devices is by enabling two-factor authentication (2FA). This usually means enrolling your phone number or email address with the device and inputting one-time codes periodically to log into the connected device. 2FA is an excellent way to frustrate a cybercriminal, as it’s extremely difficult for them to bypass this security measure. It may add an extra 15 seconds to your login process, but the peace of mind is worth the minor inconvenience.
Finally, encase your entire home network with a secure router, or the device that connects your home Wi-Fi network to the internet. Again, change the password from the factory setting. And if you decide to rename the network, have fun with it but leave your name and address out of the new name.
When flip phones arrived on the scene in the 1990s and early 2000s, the worst that happened when they went missing was that you lost a cache of your stored text messages and call history. Now, when you misplace or have your smartphone stolen, it can seem like your whole online life vanished. Mobile devices store a lot of our sensitive information, so that’s why it’s key to not only safeguard your accounts but the devices that house them.
The best way to lock your device against anyone but yourself is to set up face or fingerprint ID. This makes it virtually impossible for a criminal to open your device. Also, passcode- or password-protect all your devices. It may seem like an inconvenience now, but your fingers will soon be able to glide across the keyboard or number pad fluently in just a few days, adding maybe an extra second to opening your device.
Another way to safeguard your device and the important information within it is to disable your favorite internet browser from auto-filling your passwords and credit card information. In the hands of a criminal, these details could lead to significant losses. A password manager here comes in handy for quick and secure password and username inputting.
Credit experts recommend checking your credit at least once yearly, but there’s no harm in checking your credit score more often. It’s only hard inquiries (or credit checks initiated by lenders) that may lower your credit score. Consider making it a habit to check your credit once every quarter. The first signs of identity theft often appear in a drastically lower credit score, which means that someone may be opening lines of credit in your name.
Also, if you’re not planning to apply for a new credit card or a loan anytime soon, why not lock your credit so no one can access it? A credit freeze makes it so that no one (yourself included) can touch it, thus keeping it out of the hands of thieves.
Picking up the pieces after a thief steals your identity is expensive, tedious, and time-consuming. Identity remediation includes reaching out to all three credit bureaus, filing reports, and spending hours tracking down your PII that’s now strewn across the internet.
Identity protection services can guard your identity so you hopefully avoid this entire scenario altogether. McAfee identity monitoring tracks the dark web for you and alerts you, on average, ten months sooner that something is amiss when compared to similar services. And if something does happen to your identity, McAfee identity restoration services offers $1 million in identity restoration and lends its support to help you get your identity and credit back in order.
The best complement to your newfound excellent cyber habits is a toolbelt of excellent services to patch any holes in your defense. McAfee+ includes all the services you need to boost your peace of mind about your online identity and privacy. You can surf public Wi-Fi safely with its secure VPN, protect your device with antivirus software, freeze your credit with security freeze, keep tabs on your identity, and more!
The post 10 Easy Things You Can Do Today to Improve Your Cybersecurity appeared first on McAfee Blog.
Malware—the term seems to be at the center of the news every day, with each headline telling of a new way the cyber threat has inserted itself into our lives. From an entire attack campaign on banks worldwide, to a strain residing within medical devices, to a variant that has learned to self-heal, the list of malware-based attacks goes on. And as they do, it’s becoming more and more clear that today’s malware has not only become adaptive, but has learned how to spread its wings further than before, to devices beyond laptops and phones, and in a way that creates a longevity behind each cyberattack it spearheads.
However, though it is important to understand the many forms that malware, or malicious software, takes, it’s crucial to first and foremost grasp what it is.
The abbreviated term for malicious software, “malware,” is a generic term used to describe any type of software or code specifically designed to exploit a computer/mobile device or the data it contains, without consent. Most malware is designed to have some financial gain for the cybercriminal, as crooks typically use it to extract data that they can leverage over victims. That information can range anywhere from financial data, to healthcare records, to personal emails and passwords—the possibilities of what sort of information can be compromised have become endless.
So how exactly can these cybercriminals get their hands on so much data? Since its birth over 30 years ago, malware has found a variety of vessels to help it enact attacks. This includes email attachments, malicious advertisements on popular sites (malvertising), fake software installations, USB drives, infected apps, phishing emails, and even text messages.
Now, these are just a few of the ways malicious software can be delivered–but there are also different kinds of malware itself. To name a few:
Now that you know what malware is, how it can be delivered, and the many forms it takes, it’s time to learn how you can protect yourself against it:
The post Malware: 5 Tips for Fighting the Malicious Software appeared first on McAfee Blog.
Something looks a little…sketchy. Is that website safe or unsafe?
Nowadays, it can take a bit of work to tell.
And that’s by design. Increasingly, hackers and scammers go to great pains when they create their malicious websites. They take extra steps to make their sites look legit, when in fact they’re anything but. Certainly, plenty of other hackers and scammers slap together malicious sites that still look a bit roughshod, which makes them easier to spot.
So whether it’s a clever knockoff or a slapdash effort, unsafe websites of all kinds have several telltale signs you can spot. We’ll show you, and let’s start things off with what makes an unsafe website unsafe in the first place.
Unsafe websites typically harbor one of two primary forms of attack—yet sometimes both:
Malware: Hackers will use their sites to install malware on your device, often by tricking you into clicking or tapping on a download. They might tempt you with an offer, a prize, a show to stream—just about anything you might want to otherwise download. (Recently, we saw hackers installing malware on sites that offered to stream dubbed versions of the “Barbie” movie.)
Phishing: Another classic attack. Phishing involves scammers who try to hoodwink you into providing account or financial information. Common ruses include links in emails, texts, and DMs that appear to be urgent messages from streaming services, banks, social media, and other accounts. Of course, those messages are phony.
As a result, unsafe websites can lead to some not-so-good things.
On the malware side, attackers can install spyware and similar apps that siphon financial and personal information from your device while you’re using it. Other malware might steal files outright or maliciously delete them altogether. Ransomware remains a major concern today as well, where attackers hold devices and data hostage. And even if victims end up paying the ransom, they have no guarantee that the attacker will free their device or data.
Phishing attacks often lead to financial headaches, sometimes large ones at that. It depends on the information scammers get their hands on. In some cases, the damage might lead to identity fraud and a few illicit charges on a debit or credit card. If scammers gather enough information, they can take that a step further and commit identity theft. That can include opening new credit or loans in your name. It could also give a scammer the info they need to get driver’s licenses or employment in your name.
Above and beyond committing fraud or theft on their own, scammers might also sell stolen information to others on the dark web.
Again, all not-so-good. Yet quite preventable.
For some sites, it only takes one sign. For other sites, it takes a few signs—a series of red flags that warn you a site is unsafe. When you’re online, keep a sharp eye out for the following:
The site uses HTTP rather than HTTPS
The “s” stands for “secure.” Specifically, it means that the website uses SSL (Secure Sockets Layer) that creates an encrypted link between a web server and a web browser. SSL helps prevent others from intercepting and reading your sensitive information as it’s transmitted, which is particularly important when you shop or bank online. Likewise, you can also look for a little lock symbol in the address bar of your web browser. That’s one more way you can spot a site that uses SSL.
The site has a combination of typos and poor design
From spelling errors and grammatical mistakes, to stretched-out logos and cheap photography, some unsafe websites are designed poorly. Legitimate businesses pride themselves on error-free and professional-looking sites. If a website looks like it got cobbled together in a hurry or doesn’t seem to be well-designed, that’s usually a red flag. The site might be unsafe, created by attackers who don’t have strong attention to detail—or the creative capabilities to create a good-looking website in the first place.
The web address looks altered or off
Plenty of unsafe sites are imposter sites. They’ll try to pass themselves off as a legitimate company, like the streaming services, banks, and so forth that we mentioned earlier—all to get a hold of your account information. With all these imposter sites in play, look at the site’s address. Scammers will gin up web addresses that are close to but different from legitimate sites, so close that you might miss it. If you’re uncertain about the address, leave the page. Also, note that many companies have web pages that provide lists of the official addresses that they use. Amazon provides an example, and we do the same here at McAfee. Reviewing these lists can help you spot an imposter site.
The site says you have a security issue
A window or graphic pops up on your screen. The site you’re on says that it’s identified a security issue with your device. Or maybe it says that your system isn’t current. Either way, there’s a file the site wants you to download. “You can correct the issue with a click!” Don’t. It’s a classic trick. Instead of fixing your non-existent problem, the download will create one. Scammers use the security alert trick to install malware on the devices of unsuspecting victims.
The site floods you with pop-ups or links to click
A screen full of links insisting you click ranks among the top signs of an unsafe site. So much so, it’s often the subject of sitcom bits. Needless to say, the attackers behind these sites want you to click for one of several reasons. It might be to get you to download malware. It might be to generate ad revenue with clicks. Or it might be to get you to click a link that redirects you to another malicious site. In all, if you encounter a site like this, close your browser. And then run a system scan with your online protection software.
The site offers hard-to-get items at an outrageous discount
These unsafe sites sprout up around the holidays and gift-giving seasons. When stores run low on particularly popular or hot items, scammers will quickly launch sites that claim these items are in stock and ready to ship. Similarly, they might promote popular items at a deep discount. Of course, shopping at these sites will likely lead to one thing—a credit card charge and no item on your doorstep. Be wary when you see ads for stores in your social media feed, in search, and elsewhere. Stick with known, trusted retailers. (And for more on shopping safely online, give this article a quick read.)
The site promises access to hot shows, movies, and sporting events
These sites bear similarities to malicious online shopping sites. When popular movies hit the big screen or major sporting events come around, so do scam sites that promise to stream them for free or at a low cost. Avoid them. Trusted streamers will only carry shows and events that they have the rights to. If you find an offer to stream something that’s heavily discounted, free, or not available on known media outlets, it’s likely a scam. At the very least, it might serve up pirated content, which could carry malware threats along with it.
The site promotes prizes, coupons, or a quiz
Not every site that promotes some kind of giveaway or deal is a scam. Yet the ones that ask for personal or financial information likely are. Scammers prey on people’s love for saving money or even winning a buck or two. Enter the prize, coupon, and quiz sites. Malicious prize and coupon sites will often ask for credit or debit card information, often under the guise of a payout or a discount. Malicious quiz sites will likewise ask for all kinds of personal information, typically questions about the name of your pet, the first car you owned, or where you went to school. The questions share much in common with the security questions used by banks and credit card companies. Handing this information over could lead to a breached account. Give these sites a pass.
Comprehensive online protection software like ours includes web protection that can spot malicious sites for you. It has further features that can prevent downloading malware by accident, not to mention strong antivirus protection if a hacker makes their way through to you. In all, it gives you extra confidence that wherever your travels take you online, you’re protected from sketchy and unsafe sites.
However, another part of your best defense against unsafe websites is you. Knowing what the red flags are and the kinds of information hackers want to steal can help you avoid their attacks from the start.
The post How to Tell Whether a Website Is Safe or Unsafe appeared first on McAfee Blog.
FreshRSS 