Login
Typos. Exciting surprises. Urgent Threats.
These are just a few of the tactics scammers use to prey on your emotions and slyly deceive you into clicking links that install malware or steal your personal information.
According to McAfee’s State of the Scamiverse report, a whopping 59% surveyed said they or someone they know has fallen victim to a scam. Here’s how to make sure you don’t join that statistic:
Simple Steps to Check a Link Before Clicking
How to Protect Yourself from Phishing Attacks
Preventative Measures
What to Do if You Clicked a Suspicious Link
Phishing attacks are becoming more deceptive, but staying informed and cautious can protect you. Always verify links and emails before clicking, and use trusted cybersecurity tools like McAfee+ to keep your accounts and data safe.
Stay vigilant—don’t let scammers catch you off guard!
The post Avoid Being Scammed: How to Identify Fake Emails and Suspicious Links appeared first on McAfee Blog.
Cryptocurrency offers exciting opportunities—but it’s also a favorite playground for scammers.
With the rapid rise of deepfake technology and deceptive AI-driven schemes, even seasoned investors can fall victim to fraud. According to McAfee’s State of the Scamiverse report, deepfake scams are on the rise, with the average American now encountering 2.6 deepfake videos daily. And younger adults (18-24) see even more – about 3.5 per day.
From fake investment opportunities to phishing attempts, bad actors are more sophisticated than ever.
The recent wave of Trump-themed meme coins—more than 700 copycats attempting to mimic the real thing—highlights just how rampant crypto scams have become. If even the president’s cryptocurrency isn’t safe from impersonators, how can everyday investors protect themselves?
By knowing the red flags, you can safeguard your money and personal data from crypto scammers.
Scammers often lure victims with guaranteed returns or impossibly high profits. If an investment promises “risk-free” earnings or sounds like a financial miracle, run the other way—legitimate investments always carry some level of risk.
Example: A Ponzi scheme disguised as a crypto investment fund may claim to offer “10% daily profits” or “instant payouts.” In reality, they use new investors’ money to pay early participants—until the scam collapses.
Fraudsters frequently impersonate public figures—from Elon Musk to Donald Trump—to promote fake coins or crypto investments. The explosion of Trump-themed meme coins shows how easily scammers exploit famous names. Even if a project appears linked to a well-known figure, verify through official channels.
Example: A deepfake video featuring a celebrity “endorsing” a new crypto token. McAfee’s research found that nearly 3 deepfake videos per day are encountered by the average American, many of them tied to scams.
Scammers often set up fraudulent crypto exchanges or wallet apps that look legitimate but are designed to steal your money. They might advertise low fees, special bonuses, or exclusive access to new coins.
How to Protect Yourself:
Always use well-established exchanges with a proven track record.
Look for HTTPS encryption and verify the URL carefully.
Research if the platform is licensed and regulated.
Scammers thrive on urgency. They’ll push you to act immediately before you have time to think critically. Whether it’s a limited-time pre-sale or a “secret investment opportunity,” don’t let fear of missing out (FOMO) cloud your judgment.
Example: “Only 10 spots left! Invest now before prices skyrocket!”—Classic scam tactics designed to trigger impulsive decisions.
No legitimate crypto project will ever ask for:
Example: A fake customer support email pretending to be from Coinbase, asking you to confirm your wallet password—this is a phishing attempt!
Do Your Research: Always Google the project’s name + “scam” before investing.
Check Regulatory Status: See if the platform is licensed (DFPI, SEC, or other regulators).
Verify Official Websites & Socials: Scammers create lookalike websites with small typos—double-check URLs!
Use Cold Storage: Store your assets in a hardware wallet to protect against hacks.
Use tools like McAfee+: To monitor for potential scams and get warnings for potential deepfakes and other scam red flags.
Crypto offers incredible potential—but with great opportunity comes risk. Scammers are always evolving, using deepfake videos, phishing, and fraudulent investment schemes to trick even the savviest investors. By staying informed and following basic security practices, you can avoid getting caught in the next big crypto scam.
The post How to Spot a Crypto Scam: The Top Red Flags to Watch For appeared first on McAfee Blog.
It started with a DM.
For five months, 25-year-old computer programmer Maggie K. exchanged daily messages with the man she met on Instagram, convinced she had found something real.
When it was finally time to meet in person, he never showed. Instead, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the cash.
Then, silence. His accounts vanished. He hadn’t just ghosted her—he had never existed at all.
“I ignored my gut feeling… I sent him $1,200. Then he disappeared,” Maggie told McAfee, hoping that her story would educate others. “When I reported the scam, the police told me his images were AI-generated. He wasn’t even a real person. That was the scariest part – I had trusted someone who never even existed.”
These scams work because they prey on trust and emotions. And they aren’t just targeting the naïve; anyone, even tech professionals as Maggie’s case shows, can be fooled.
McAfee’s latest research reveals more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.
And romance scams aren’t just happening in dating apps anymore. Social media, messaging platforms and AI chatbots are fuelling an explosion of online romance fraud.
McAfee’s findings highlight a staggering rise in:
With 62% of people saying they’ve used dating apps, social media, or messaging platforms to connect with potential partners, scammers have a bigger pool of victims than ever before.
Younger users are the most active online daters, with 31% of 18-24-year-olds currently using online dating platforms. Tinder is the most popular dating app overall (46%), with its highest engagement among 18-24-year-olds (73%). Just over 40% of respondents said they use Instagram, 29% use Snapchat and 25% use TikTok to meet potential partners. But these platforms also present new risks, as fake apps designed to steal personal information lurk in app stores.
McAfee researchers found nearly 11,000 attempts to download fraudulent dating apps in recent months. The most impersonated?
Downloading a fake app could expose your login credentials, financial information or even install malware onto your device.
And once money is lost, its rarely recovered, as scammers use cryptocurrency, untraceable gift cards and offshore accounts to move stolen funds.
McAfee researchers urge anyone looking for love online to stay vigilant by following these critical safety measures:
1) Watch for “love bombing.” Scammers overwhelm victims with affection early on to gain trust.
2) Verify their identity. Use reverse image searches and insist on live video calls which AI-generated scammers avoid.
3) Never send money. No real partner will pressure you for financial help—especially when you’ve never met.
4) Be wary of celebrity DMs. If a famous figure suddenly messages you, it’s likely a scam.
5) Avoid suspicious links. McAfee blocked over 321,000 fraudulent dating sites—avoid clicking on unknown links or apps.
6) Use online protection tools. Tools like McAfee+ can detect and block suspicious messages, phishing attempts, and AI-generated fraud in real time. McAfee+ offers maximum identity, privacy, and device protection to detect and prevent fraudulent activity before it causes harm.
The post AI chatbots are becoming romance scammers—and 1 in 3 people admit they could fall for one appeared first on McAfee Blog.
Cybercriminals will always try to cash in on a good thing, and football is no exception. Online scammers are ramping up for the big game with all types of schemes designed to rip you off and steal your personal info—but you have several ways you can beat them at their game.
Like shopping holidays, tax season, and even back-to-school time, scammers take advantage of annual events that get people searching for deals and information online. You can include big games and tournaments in that list too.
Specific to this big game, you can count on several types of scams to rear their heads this time of year—ticket scams, merchandise scams, betting scams, and phony sweepstakes as well. They’re all in the mix, and they’re all avoidable. Here, we’ll break them down.
As of two weeks out, tickets for the big game on the official ticketing website were going for $6,000 or so, and that was for the so-called “cheap seats.” Premium seats in the lower bowl 50-yard line, sold by verified resellers, were listed at $20,000 a pop or higher.
While the game tickets are now 100% mobile, that hasn’t prevented scammers from trying to pass off phony tickets as the real deal. They’ll hawk those counterfeits in plenty of places online, sometimes in sites like your friendly neighborhood Craigslist.
So if you’re in the market for tickets, there are certainly a few things to look out for:
If you plan on enjoying the game closer to home, you may be in the market for some merch—a hat, a jersey, a tee, or maybe some new mugs for entertaining when you host the game at your place. With all the hype around the game, out will come scammers who set up bogus online stores. They’ll advertise items for sale but won’t deliver—leaving you a few dollars lighter and the scammers with your payment information, which they can use on their own for identity fraud.
You can shop safely with a few straightforward steps:
This is a great one to start with. Directly typing in the correct address for reputable online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
If you feel like doing extra sleuthing, look up the address of the website and see when it was launched. A visit to the Internet Corporation for Assigned Names and Numbers (ICANN) at ICANN.org gives you the option to search a web address and see when it was launched, along with other information about who registered it. While a recently launched site is not an indicator of a scam site alone, sites with limited track records may give you pause if you want to shop there—particularly if there’s a chance it was just propped up by a scammer.
Look for the lock icon in your browser when you shop.
Secure websites begin their address with “https,” not just “http.” That extra “s” in stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
Credit cards are a good way to go. One reason why is the Fair Credit Billing Act, which offers protection against fraudulent charges on credit cards by giving you the right to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Your credit card companies may have their own policies that improve upon the Fair Credit Billing Act as well. Debit cards don’t get the same protection under the Act.
Comprehensive online protection software will defend against the latest virus, malware, spyware, and ransomware attacks plus further protect your privacy and identity. In addition to this, it can also provide strong password protection by generating and automatically storing complex passwords to keep your credentials safer from hackers and crooks who may try to force their way into your accounts. And, specific to the scams floating around this time of year, online protection can help prevent you from clicking links to known or suspected malicious sites.
It’s hard to watch sports these days without odds and stat lines popping up onto the screen, along with a fair share of ads that promote online betting. If you’re thinking about making things interesting with some betting, keep a few things in mind:
As it is every year, you’ll see kinds of sweepstakes and giveaways leading up to the game, plenty of them legitimate. Yet as they do, scammers will try and blend in by rolling out their own bogus promotions. Their aim: to part you from your cash or even your personal information.
A quick way to sniff out these scams is to take a close look at the promotion. For example, if it asks you to provide your bank information to send you your prize money, count on it being a scam. Likewise, if the promotion asks you to pay to claim a prize in some form or other, it’s also likely someone’s trying to scam you.
In all, steer clear of promotions that ask something for something in return, particularly if it’s your money or personal information.
As it is of late, all kinds of scams will try to glom onto the big game this year. And some of the best advice for avoiding them is not to give in to the hype. Scammers prey on scarcity, a sense of urgency, and keyed-up emotions in general. Their hope is that these things may make you less critical and more likely to overlook things that would otherwise seem sketchy or too good to be true. Staying focused as you shop, place a wager, or otherwise look to round out your enjoyment of the big game is some of your absolute best defense against scammers right now, and any time.
The post Super Scams – Beat the Online Scammers Who Want to Sack Your Big Game appeared first on McAfee Blog.
Beyoncé has officially announced her Cowboy Carter world tour, and the excitement is through the roof! With her last tour selling out in record time, fans know they need to act fast to secure their tickets. Unfortunately, that urgency is exactly what scammers prey on.
In 2022 alone, Americans lost nearly $8.8 billion to fraud, and ticket scams are one of the most common ways scammers cash in on eager fans. But don’t worry—we’ve got you covered. Before you rush to buy tickets to Beyoncé’s latest tour, here’s how to spot and avoid ticket scams so you don’t get left outside the stadium with nothing but regret.
Ticket scams come in different forms, but the most common ones include:
Scammers know how to create a sense of urgency, often advertising tickets to sold-out events at too-good-to-be-true prices. If you’re desperate to see Beyoncé, it’s easy to get caught up in the rush—but staying cautious can save you from getting scammed.
The best way to avoid being scammed is to buy only from reputable sources like official ticketing platforms (Ticketmaster, Live Nation, AXS) or directly from the event’s website. However, if you’re looking elsewhere, be on the lookout for these red flags:
When an event sells out, scammers flood social media with offers. Platforms like Facebook Marketplace, Instagram, and Craigslist are filled with fake ticket sellers. If you didn’t get tickets during the official sale, be cautious about where you’re looking.
Pro Tip: Follow Beyoncé’s official social media pages and event organizers for updates. Sometimes, extra dates or official resale opportunities become available.
Scammers often advertise tickets below face value to lure in victims. While real fans sometimes sell their tickets at a discount, it’s a huge red flag if the price is way lower than expected.
Pro Tip: If you’re buying from an individual, check their profile carefully. Look for signs of a fake account, such as recently created pages or multiple listings in different cities.
Some scammers go the extra mile, creating entire websites that mimic real ticket platforms. These fake sites not only sell counterfeit tickets but may also steal your credit card information.
Pro Tip: Always type in the official ticketing site’s URL manually or search for it on Google. Avoid clicking links from unknown sources, and double-check that the site uses “HTTPS” and has no misspellings in the URL.
Even if you get a real ticket, that doesn’t mean it’s yours alone. Some scammers sell the same ticket to multiple people, leading to chaos when multiple buyers show up at the event.
Pro Tip: Only buy from platforms that offer verified resale tickets with guarantees, like StubHub, SeatGeek, or VividSeats.
Some scammers sell general admission tickets as if they were premium seats. You may think you’re getting front-row access, only to find out you overpaid for a standing-room ticket.
Pro Tip: Always confirm the seat location with the seller. Many venues have seating charts available online, so check before purchasing.
Scammers hack into Ticketmaster accounts and transfer tickets to themselves, effectively locking the rightful owner out of their seats. Victims often receive a flood of emails, including notifications of ticket transfers they never authorized. By the time they realize what’s happened, their tickets are gone, likely resold by the scammer.
Pro Tip: To prevent this, ensure your Ticketmaster account is secure by using a strong password, enabling two-factor authentication, and being wary of suspicious login attempts or phishing emails.
To make sure you don’t fall victim to a ticket scam, follow these golden rules:
Buy from official sources – Beyoncé’s official website, Ticketmaster, and AXS are your safest bets.
Use a credit card – If something goes wrong, you can dispute the charge.
Be wary of social media sellers – If you’re buying from a stranger, research their profile and history first.
Check the URL – Make sure you’re on the real ticketing website before purchasing.
Avoid high-pressure sales tactics – Scammers want you to act fast—don’t fall for it!
Beyond ticket scams, cybercriminals also use major events like Beyoncé’s tour to spread malware and phishing attacks. McAfee’s comprehensive online protection can help keep your devices and personal information safe by blocking malicious websites, preventing identity theft, and alerting you to potential fraud.
Beyoncé’s Cowboy Carter tour is one of the most anticipated events of the year, and everyone wants to be part of the experience. But scammers know this too, and they’re out in full force. By staying smart, sticking to verified ticket sources, and being wary of deals that seem too good to be true, you can avoid scams and secure your spot at one of the biggest concerts of 2025.
Stay safe, Beyhive—and get ready to enjoy the show!
The post Buying Tickets for Beyoncé’s Cowboy Carter Tour? Don’t Let Scammers Ruin Your Experience appeared first on McAfee Blog.
The rise of AI-driven cyber threats has introduced a new level of sophistication to phishing scams, particularly those targeting Gmail users.
Criminals are using artificial intelligence to create eerily realistic impersonations of Google support representatives, Forbes recently reported. These scams don’t just rely on misleading emails; they also include convincing phone calls that appear to come from legitimate sources.
If you receive a call claiming to be from Google support, just hang up—this could be an AI-driven scam designed to trick you into handing over your Gmail credentials.
Here’s everything you need to know about the scam and how to protect yourself:
Hackers have devised a multi-step approach to trick users into handing over their Gmail credentials. Here’s how the scam unfolds:
The attack often begins with a phone call from what appears to be an official Google support number. The caller, using AI-generated voice technology, convincingly mimics a real Google representative. Their tone is professional, and the caller ID may even display “Google Support,” making it difficult to immediately recognize the scam.
Once engaged, the scammer informs the victim that suspicious activity has been detected on their Gmail account. They may claim that an unauthorized login attempt has occurred, or that their account is at risk of being locked. The goal is to create a sense of urgency, pressuring the victim to act quickly without thinking critically.
To appear credible, the scammer sends an email that looks almost identical to a real Google security notification. The email may include official-looking branding and a request to verify the user’s identity by entering a code. The email is designed to look so authentic that even tech-savvy individuals can be fooled.
If the victim enters the verification code, they inadvertently grant the attacker full access to their Gmail account. Since the scammer now controls the two-factor authentication process, they can lock the real user out, change passwords, and exploit the account for further attacks, including identity theft, financial fraud, or spreading phishing emails to others.
This scam is particularly dangerous because it combines multiple layers of deception, making it difficult to spot. Unlike standard phishing emails that may contain poor grammar or suspicious links, AI-enhanced scams:
To protect yourself from AI-powered scams, follow these essential security measures:
1. Be Skeptical of Unsolicited Calls from “Google”
Google does not randomly call users about security issues. If you receive such a call, hang up immediately and report the incident through Google’s official support channels.
2. Verify Security Alerts Directly in Your Account
If you receive a message stating that your account has been compromised, do not click any links or follow instructions from the email. Instead, go directly to your Google account’s security settings and review recent activity.
3. Never Share Verification Codes
Google will never ask you to provide a security code over the phone. If someone requests this information, it is a scam.
4. Enable Strong Authentication Methods
5. Regularly Monitor Your Account Activity
Check the “Security” section of your Google account to review login activity. If you see any unrecognized sign-ins, take immediate action by changing your password and logging out of all devices.
6. Use a Password Manager
A password manager helps create and store strong, unique passwords for each of your accounts. This ensures that even if one password is compromised, other accounts remain secure.
If you believe your account has been compromised, take these steps immediately:
As AI technology advances, cybercriminals will continue to find new ways to exploit users. By staying informed and implementing strong security practices, you can reduce the risk of falling victim to these sophisticated scams.
At McAfee, we are dedicated to helping you protect your digital identity. Stay proactive, stay secure, and always verify before you trust.
For more cybersecurity insights and protection tools, check out McAfee+.
The post How to Make Sure Your Gmail Account is Protected in Light of Recent AI Scams appeared first on McAfee Blog.
Video games are a favorite pastime for millions of kids and teenagers worldwide, offering exciting challenges, epic battles, and opportunities to connect with friends online. But what happens when the search for an edge in these games—like cheats or special hacks—leads to something far more dangerous?
McAfee Labs has uncovered a growing threat aimed at gamers, especially kids, who unknowingly download malware disguised as game hacks, software cracks, and cryptocurrency tools.
Here’s what you need to know about this sneaky scam and how to stay safe:
Popular games like Minecraft, Roblox, Fortnite, Apex Legends, and Call of Duty are among those targeted by these scams. Gamers searching for cheats to gain an advantage—like seeing through walls, speeding up characters, or unlocking premium items—are being lured to malicious links. These links often appear on GitHub, a platform where developers share and collaborate on code, or in YouTube videos claiming to offer step-by-step instructions.
GitHub is typically trusted by programmers and tech enthusiasts, but cybercriminals exploit this trust by uploading malware that masquerades as game hacks. By naming their repositories after popular games or tools, scammers trick users into downloading malware instead of the promised cheat software.
The process starts when someone searches online for free cheats or cracked software—like tools to unlock premium features of Spotify or Adobe—and stumbles upon a GitHub repository or a YouTube video. These repositories often look convincing, with professional descriptions, screenshots, and even licenses designed to appear legitimate.
Figure 1: Attack Vector
Once users follow the instructions, they’re often asked to disable their antivirus software or Windows Defender. The reasoning provided is that antivirus programs will mistakenly identify the hack or crack as dangerous. In reality, this step clears the way for malware to infect their device.
What Happens After the Malware is Downloaded?
Instead of receiving a functional cheat, victims unknowingly install a dangerous program known as Lumma Stealer or similar malware variants. This software quietly:
Each week, new repositories and malware variants appear as older ones are detected and removed. This cycle makes it difficult for platforms like GitHub to completely eliminate the threat.
Kids and teens are prime targets because they often lack experience in identifying online scams. The promise of features like “Aimbots” (to improve shooting accuracy) or “Anti-Ban” systems (to avoid getting caught by game administrators) makes these fake downloads even more tempting. Scammers exploit this curiosity and eagerness, making it easier to trick young gamers into infecting their devices.
Figure 2: YouTube Video containing malicious URL in description.
McAfee Labs offers these tips to avoid falling victim to these scams:
The takeaway? Scammers will go to great lengths to exploit the interests and habits of gamers. And unfortunately, this isn’t the first time we’ve seen such malware attacks targeting gamers. By educating yourself and your family about these threats, you can play smarter and stay safer online. Always remember: no cheat or crack is worth compromising your security.
Read the full report from McAfee Labs outlining our research and findings on this malware risk. Learn more about how you can protect yourself with McAfee+.
The post Scam Alert: Fake Minecraft, Roblox Hacks on YouTube Hide Malware, Target Kids appeared first on McAfee Blog.
The artificial intelligence arms race has a new disruptor—DeepSeek, a Chinese AI startup that has quickly gained traction for its advanced language models.
Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.
But as the buzz around its capabilities grows, so do concerns about data privacy, cybersecurity, and the implications of feeding personal information into AI tools with uncertain oversight.
DeepSeek’s AI models, including its latest version, DeepSeek-V3, claim to rival the most sophisticated AI systems developed in the U.S.—but at a fraction of the cost.
According to reports, training its latest model required just $6 million in computing power, compared to the billions spent by its American counterparts. This affordability has allowed DeepSeek to climb the ranks, with its AI assistant even surpassing ChatGPT as the top free app on Apple’s U.S. App Store.
What makes DeepSeek’s rise even more surprising is how abruptly it entered the AI race. The company originally launched as a hedge fund before pivoting to artificial intelligence—an unusual shift that has fueled speculation about how it managed to develop such advanced models so quickly. Unlike other AI startups that spent years in research and development, DeepSeek seemed to emerge overnight with capabilities on par with OpenAI and Meta.
However, DeepSeek’s meteoric rise has sparked skepticism. Some analysts and AI experts question whether its success is truly due to breakthrough efficiency or if it has leveraged external resources—potentially including restricted U.S. AI technology. OpenAI has even accused DeepSeek of improperly using its proprietary tech, a claim that, if proven, could have major legal and ethical ramifications.
One of the biggest concerns surrounding DeepSeek isn’t just how it handles user data—it’s that it reportedly failed to secure it altogether.
According to The Register, security researchers at Wiz discovered that DeepSeek left a database completely exposed, with no password protection, allowing public access to millions of chat logs, API keys, backend data, and operational details.
This means that conversations with DeepSeek’s chatbot, including potentially sensitive information, were openly available to anyone on the internet. Worse still, the exposure reportedly could have allowed attackers to escalate privileges and gain deeper access into DeepSeek’s infrastructure. While the issue has since been fixed, the incident highlights a glaring oversight: even the most advanced AI models are only as trustworthy as the security behind them.
Here’s why caution is warranted:
DeepSeek specifically states in its terms of service that it collects, stores, and has permission to share just about all the data you provide while using the service.
Figure 1. Screenshot of DeepSeek Privacy Policy shared on LinkedIn
It specifically notes collecting your profile information, credit card details, and any files or data shared in chats. What’s more, that data isn’t stored in the United States, which has strict data privacy regulations. DeepSeek is a Chinese company with limited required protections for U.S. consumers and their personal data.
If you’re using AI tools—whether it’s ChatGPT, DeepSeek, or any other chatbot—it’s crucial to take steps to protect your information:
As AI chatbots like DeepSeek gain popularity, safeguarding your personal data is more critical than ever. With McAfee’s advanced security solutions, including identity protection and AI-powered threat detection, you can browse, chat, and interact online with greater confidence—because in the age of AI, privacy is power.
The post Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security appeared first on McAfee Blog.
Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your Social Security number, bank account information, or home address.
Unfortunately, identity theft claims have surged in recent years, jumping from approximately 650,000 in 2019 to over a million in 2023, according to the Federal Trade Commission (FTC). This trend underscores the urgent need for stronger personal data protection habits.
So, how do scammers pull it off, and how can you protect yourself from becoming a victim?
How Do Scammers Steal Your Identity?
Scammers are resourceful, and there are multiple ways they can access your personal information. The theft can happen both in the physical and digital realms.
When scammers steal your identity, they often leave behind a trail of unusual activity that you can detect. Here are some common signs that could indicate identity theft:
If you suspect that your identity has been stolen, time is of the essence. Here’s what you need to do:
While you can’t completely eliminate the risk of identity theft, there are several steps you can take to protect yourself:
Identity theft can be a stressful and overwhelming experience, but by acting quickly and taking proactive steps to protect your personal information, you can minimize the damage and reclaim your identity.
The post How Scammers Steal Your Identity and What You Can Do About It appeared first on McAfee Blog.
We’re excited to announce the release of McAfee’s Personal Data Cleanup, a new feature that finds and removes your personal info from data brokers and people search sites. Now, you can feel more confident by removing personal info from data broker sites and keeping it from being collected, sold, and used to: advertise products to you, fill your email box with spam, and can even give criminals the info they need to steal your identity. Let’s look at why we’re offering McAfee Personal Data Cleanup, how it protects your privacy, and why it’s a great addition to the online protection we already offer.
There’s so much to enjoy when you live a connected life – free email, online stores that remember what you like, social media that connects you to friends and influencers. It’s a world of convenience, opportunity, and incredible content. It’s also a world where your data is constantly collected.
That’s right, companies are collecting your personal data. They’re called data brokers and they make money by selling information that specifically identifies you, like an email address. They sell this information to marketers looking to target you with ads. Criminals can also use it to build profiles in service of stealing your identity and accessing your accounts. This activity takes place behind the scenes and often without consumers’ knowledge. There are also data brokers known as people search sites that compile and sell info like home addresses, emails, phones, court records, employment info, and more. These websites give identity thieves, hackers, stalkers, and other malicious actors easy access to your info. Regardless of how your data is being used, it’s clear that these days a more connected life often comes at the cost of your privacy.
In a recent survey of McAfee customers, we found that 59% have become more protective of their personal data over the past six months. And it’s no wonder. Over the past two years, trends like telehealth, remote working, and increased usage of online shopping and financial services have meant that more of your time is being spent online. Unsurprisingly, more personal data is being made available in the process. This leads us to the most alarming finding of our survey – 95% of consumers whose personal information ends up on data broker sites had it collected without their consent.
We created Personal Data Cleanup to make it easy for you to take back your privacy online. McAfee’s Personal Data Cleanup regularly scans the riskiest data broker sites for info like your home address, date of birth, and names of relatives. After showing where we found your data, you can either remove it yourself or we will work on your behalf to remove it. Here’s how it works:
Ready to take back your personal info online? Personal Data Cleanup is available immediately with most of our online protection plans. If you have an eligible subscription, you can start using this new feature through McAfee Protection Center, or you can get McAfee online protection here.
The post Introducing Personal Data Cleanup appeared first on McAfee Blog.
Authored by Anuradha, Sakshi Jaiswal
In 2024, scams in India have continued to evolve, leveraging sophisticated methods and technology to exploit unsuspecting individuals. These fraudulent activities target people across demographics, causing financial losses and emotional distress. This blog highlights some of the most prevalent scams this year, how they operate, some real-world scenarios, tips to stay vigilant and what steps to be taken if you become a victim.
This blog covers the following scams:
Scam Tactics:
Fraudsters on WhatsApp employ deceptive tactics to steal personal information, financial data, or gain unauthorized access to accounts. Common tactics include:
Case 1: In the figure below, a user is being deceived by a message originating from the +244 country code, assigned to Angola. The message offers an unrealistic investment opportunity promising a high return in just four days, which is a common scam tactic. It uses pressure and informal language, along with a link for immediate action.
Case 2: In the figure below, a user is being deceived by a message originating from the +261 country code, assigned to Madagascar. The message claims that you have been hired and asks you to click a link to view the offer or contact the sender which is a scam.
Case 3: In the figure below, a user is being deceived by a message originating from the +91 country code, assigned to India. Scammers may contact you, posing as representatives of a legitimate company, offering a job opportunity. The recruiter offers an unrealistic daily income (INR 2000–8000) for vague tasks like searching keywords, which is suspicious. Despite requests, they fail to provide official company details or an email ID, raising credibility concerns. They also ask for personal information prematurely, a common red flag.
Case 4: In the figure below, a user is being deceived by a message originating from the +84 country code, assigned to Vietnam. The offer to earn money by watching a video for just a few seconds and providing a screenshot is a common tactic used by scammers to exploit individuals. They may use the link to gather personal information, or your action could lead to phishing attempts.
Case 5: In the figure below, a user is being misled by a message originating from the country codes +91, +963, and +27, corresponding to India, Syria, and South Africa, respectively. The message claims to offer a part-time job with a high salary for minimal work, which is a common tactic used by scammers to lure individuals. The use of popular names like “Amazon” and promises of easy money are red flags. The link provided might lead to phishing attempts or data theft. It’s important not to click on any links, share personal details, or respond to such unsolicited offers.
Case 6: The messages encourage you to post fake 5-star reviews for businesses in exchange for a small payment, which is unethical and often illegal. Scammers use such tactics to manipulate online ratings, and the provided links could lead to phishing sites or malware. Avoid engaging with these messages, clicking on the links, or participating in such activities.
How to Identify WhatsApp Scams:
Impact:
Prevention:
Scam Tactics:
How to Identify Instant Loan Scam:
Impact:
Prevention:
Voice-cloning scams use advanced AI technology to replicate the voices of familiar people, such as friends, family members, or colleagues, to manipulate victims into transferring money or providing sensitive information.
Scam Tactics:
How to Identify AI Voice-Cloning Scams:
Impact:
Prevention
Scam Tactics
Scammers use various methods to deceive victims into revealing credit card information or making unauthorized payments:
How to identify Credit card scam:
Impact:
Prevention:
Scam Tactics:
In fake delivery scams, fraudsters pose as delivery services to trick you into providing personal information, card details, or payment. Common tactics include:
How to Identify Fake Delivery Scams:
Impact:
Prevention:
Scam Tactics:
Scammers pose as police officers or government officials, accusing victims of being involved in illegal activities like money laundering or cybercrime. They intimidate victims by threatening arrest or legal action unless immediate payment is made to “resolve the matter.”
How to Identify Digital Arrest Scam:
Impact: Daily losses from such scams run into lakhs, as victims panic and transfer money or provide sensitive information under pressure.
Prevention:
What to Do if You Fall Victim
If you’ve fallen victim to any of the mentioned scams—Digital Arrest Scam, Instant Loan Scam, Voice Cloning Scam, WhatsApp Scam, Fake Delivery Scam or Credit Card Scam—it’s important to take immediate action to minimize damage and protect your finances and personal information. Here are common tips and steps to follow for all these scams:
Conclusion:
As scams in India continue to grow in number and sophistication, it is crucial to raise awareness to protect individuals and businesses from falling victim to these fraudulent schemes. Scams such as phishing, fake job offers, credit card scams, loan scams, investment frauds and online shopping frauds are increasingly targeting unsuspecting victims, causing significant financial loss and emotional harm.
By raising awareness of scam warning signs and encouraging vigilance, we can equip individuals to make safer, more informed decisions online. Simple precautions, such as verifying sources, being cautious of unsolicited offers, and safeguarding personal and financial information, can go a long way in preventing scams.
It is essential for both individuals and organizations to stay informed and updated on emerging scam tactics. Through continuous awareness and proactive security measures, we can reduce the impact of scams, ensuring a safer and more secure digital environment for everyone in India.
The post Rising Scams in India: Building Awareness and Prevention appeared first on McAfee Blog.
Data Privacy Week is here, and there’s no better time to shine a spotlight on one of the biggest players in the personal information economy: data brokers. These entities collect, buy, and sell hundreds—sometimes thousands—of data points on individuals like you. But how do they manage to gather so much information, and for what purpose? From your browsing habits and purchase history to your location data and even more intimate details, these digital middlemen piece together surprisingly comprehensive profiles. The real question is: where are they getting it all, and why is your personal data so valuable to them? Let’s unravel the mystery behind the data broker industry.
Data brokers aggregate user info from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data then gets put up for sale to nearly anyone who’ll buy it. That can include marketers, private investigators, tech companies, and sometimes law enforcement as well. They’ll also sell to spammers and scammers. (Those bad actors need to get your contact info from somewhere — data brokers are one way to get that and more.)
And that list of potential buyers goes on, which includes but isn’t limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public records (think sales of real estate, marriages, divorces, voter registration, and so on).
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites. As mentioned above, practically anyone can access these websites and purchase extensive consumer data, for groups of people and individuals alike.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
As of March 2024, 15 states in the U.S. have data privacy laws in place. That includes California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire.[i] The laws vary by state, yet generally, they grant rights to individuals around the collection, use, and disclosure of their personal data by businesses.
However, these laws make exceptions for certain types of data and certain types of collectors. In short, these laws aren’t absolute.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Yet the list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt-out.
Rather than removing yourself one by one from the host of data broker sites out there, you have a solid option: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
[i] https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
Romance scams have surged in sophistication, preying on emotions and exploiting the trust of victims in the digital age.
The latest case involving a French woman who believed she was romantically involved with actor Brad Pitt is a stark reminder of the vulnerabilities we face online. But this incident, unfortunately, does not stand alone. Scammers continue to exploit celebrity fame to defraud unsuspecting victims, using deepfakes and other manipulative tactics. Recent examples include:
The most recent Brad Pitt impersonation scam follows a straightforward but insidious pattern of manipulation. Here’s how the scam unfolded step by step:
The Initial Contact: Anne, a French interior decorator, downloaded Instagram during a family ski trip. Shortly after, she was approached by a scammer pretending to be Brad Pitt’s mother, who claimed her son needed someone like Anne in his life.
Building Trust: The scammer, posing as Pitt, used AI-generated photos and emotionally charged messages to gain Anne’s trust. The fake Brad Pitt “knew how to talk to women,” according to Anne, creating a sense of intimacy and connection.
Figure 1. These fake images were used in a fake Brad Pitt romance scam.
The Financial Request: The scammer fabricated a crisis, claiming Pitt needed $1 million for a kidney treatment but couldn’t access his funds due to his ongoing divorce from Angelina Jolie. Playing on Anne’s empathy, the fraudster requested financial help.
The Emotional Manipulation: At the time, Anne was going through her own divorce and had recently received a settlement. Believing she was aiding someone in need, she transferred $850,000 to the scammer.
The Scam Unravels: The hoax came to light after Pitt publicly debuted his relationship with Ines de Ramon at the Venice Film Festival. This contradiction exposed the deception and ended the scam.
Brad Pitt recently spoke out, according to Variety, condemning the scammers for taking “advantage of the strong bond between fans and celebrities.”
Romance scammers often exploit online dating platforms, social media, and fan communities to identify potential victims. Being aware of the warning signs can help you identify and avoid romance scams:
Unrealistic Claims: If someone’s story seems too good to be true, it likely is. For example, a Hollywood star personally reaching out on a fan site is improbable. Celebrities rarely engage in direct, personal communication with fans, especially through unofficial platforms like fan sites, due to time constraints, security concerns, and the sheer volume of fan interactions.
Urgent Requests for Money: Scammers often fabricate crises requiring immediate financial assistance.
Reluctance to Meet in Person: Excuses to avoid face-to-face meetings or video calls can signal deception.
Inconsistencies in Their Story: Contradictory details or vague answers are common red flags.
Pressure to Keep the Relationship Secret: Scammers may isolate victims by discouraging them from discussing the relationship with friends or family.
While the tactics of romance scammers can be sophisticated, there are steps you can take to safeguard your heart and your finances:
Verify Identities: Use reverse image searches to check if profile pictures are stolen. Research their claims and background.
Be Cautious with Personal Information: Avoid sharing sensitive details, such as financial information or passwords.
Avoid Sending Money: Never transfer funds to someone you haven’t met in person, regardless of their story.
Keep Conversations Public: Use the messaging platform of the dating site or social media app rather than moving to private communication.
Watch Out For in AI: Artificial intelligence (AI) has made it much easier for scammers to create deepfake audio and video to create even more realistic romance scams. McAfee’s Ultimate Guide to AI Deepfakes can help you learn how to spot and protect yourself from deepfakes.
Trust Your Instincts: If something feels off, listen to your intuition, which can pick up on subtle inconsistencies or red flags that your conscious mind may overlook, acting as an early warning system.
Figure 2. An AI-generated image that circulated widely showed the Pope wearing a designer coat.
If you believe you are being targeted by a romance scam, take the following steps:
Cease Communication: Stop interacting with the individual immediately.
Report the Incident: Notify the dating platform or social media site, and report the scam to your local authorities or organizations like the FTC.
Protect Your Accounts: Change passwords and monitor your financial accounts for suspicious activity.
Seek Support: Talk to trusted friends or family members about the situation.
Raising awareness about romance scams is essential in preventing others from falling victim. Share information about common tactics and red flags with your loved ones, particularly those who may be more vulnerable, such as elderly family members or friends navigating online dating for the first time.
While the promise of romance can be enticing, it’s crucial to approach online relationships with caution and awareness.
By recognizing red flags, protecting your personal information, and reporting suspicious activity, you can safeguard yourself and others from the emotional and financial devastation of romance scams.
The post Breaking Down the Brad Pitt Scam: How it Happened and What We Can Learn appeared first on McAfee Blog.
Authored by Aayush Tyagi
Video game hacks, cracked software, and free crypto tools remain popular bait for malware authors. Recently, McAfee Labs uncovered several GitHub repositories offering these tempting “rewards,” but a closer look reveals something more sinister. As the saying goes, if it seems too good to be true, it probably is.
GitHub is often exploited for malware distribution due to its accessibility, trustworthiness, and developer-friendly features. Attackers can easily create free accounts and host repositories that appear legitimate, leveraging GitHub’s reputation to deceive users.
McAfee Labs encountered multiple repositories, offering game hacks for top-selling video games such as Apex Legends, Minecraft, Counter Strike 2.0, Roblox, Valorant,
Fortnite, Call of Duty, GTA V and or offering cracked versions of popular software and services, such as Spotify Premium, FL Studio, Adobe Express, SketchUp Pro, Xbox Game Pass, and Discord to name a few.
These attack chains begin when users would search for Game Hacks, cracked software or tools related to Cryptocurrency on the internet, where they would eventually come across GitHub repositories or YouTube Videos leading to such GitHub repositories, offering such software.
We noticed a network of such repositories where the description of software keeps on changing, but the payload remains the same: a Lumma Stealer variant. Every week, a new set of repositories with a new malware variant is released, as the older repositories are detected and removed by GitHub. These repositories also include distribution licenses and software screenshots to enhance their appearance of legitimacy.
Figure 1: Attack Vector
These repositories also contain instructions on how to download and run the malware and ask the user to disable Windows Defender or any AV software, before downloading the malware. They provide the reasoning that, since the software is related to game hacks or by-passing software authentication or crypto-currency mining, AV products will detect and delete these applications.
This social engineering technique, combined with the trustworthiness of GitHub works well in the favor of malware authors, enabling them to infect more users.
Children are frequently targeted by such scams, as malware authors exploit their interest in game hacks by highlighting potential features and benefits, making it easier to infect more systems.
As discussed above, the users would come across malicious repositories through searching the internet (highlighted in red).
Figure 2: Internet Search showing GitHub results.
Or through YouTube videos, that contain a link to the repository in the description (highlighted in red).
Figure 3: YouTube Video containing malicious URL in description.
Once the user accesses the GitHub repository, it contains a Distribution license and other supporting files, to trick the user into thinking that the repository is genuine and credible.
Figure 4: GitHub repository containing Distribution license.
Repositories also contain a detailed description of the software and installation process further manipulating the user.
Figure 5: Download instructions present in the repository.
Sometimes, the repositories contain instructions to disable AV products, misleading users to infect themselves with the malware.
Figure 6: Instructions to disable Windows Defender.
To target more children, repositories contain a detailed description of the software; by highlighting all the features included within the package, such as Aimbots and Speed Hacks, and how easily they will be able to gain an advantage over their opponents.
They even mention that the package comes with advance Anti-Ban system, so their account won’t be suspended, and that the software has a popular community, to create a perception that, since multiple users are already using this software, it must be safe to use and that, by not using the software, they are missing out.
Figure 7: Features mentioned in the GitHub repository.
The downloaded files, in most cases, were Lumma Stealer variants, but observing the latest repositories, we noticed new malware variants were also being distributed through the same infection vector.
Once the user downloads the file, they get the following set of files.
Figure 8: Files downloaded from GitHub repository.
On running the ‘Loader.exe’ file, as instructed, it iterates through the system and the registry keys to collect sensitive information.
Figure 9: Loader.exe checking for Login credentials for Chrome.
It searches for crypto wallets and password related files. It searches for a list of browsers installed and iterates through user data, to gather anything useful.
Figure 10: Loader.exe checking for Browsers installed on the system.
Then the malware connects to C2 servers to transfer data.
Figure 11: Loader.exe connecting to C2 servers to transfer data.
This behavior is similar to the Lumma Stealer variants we have seen earlier.
McAfee blocks this infection chain at multiple stages:
Figure 12: McAfee blocking URLs
Figure 13: McAfee blocking the malicious file
In conclusion, the GitHub repository infection chain demonstrates how cybercriminals exploit accessibility and trustworthiness of popular websites such as GitHub, to distribute malware like Lumma Stealer. By leveraging the user’s desire to use game hacks, to be better at a certain video game or obtain licensed software for free, they trick users into infecting themselves.
At McAfee Labs, we are committed to helping organizations protect themselves against sophisticated cyber threats, such as the GitHub repository technique. Here are our recommended mitigations and remediations:
As of publishing this blog, these are the GitHub repositories that are currently active.
| File Type | SHA256/URLs |
| URLs | github[.]com/632763276327ermwhatthesigma/hack-apex-1egend |
| github[.]com/VynnProjects/h4ck-f0rtnite | |
| github[.]com/TechWezTheMan/Discord-AllinOne-Tool | |
| github[.]com/UNDERBOSSDS/ESET-KeyGen-2024 | |
| github[.]com/Rinkocuh/Dayz-Cheat-H4ck-A1mb0t | |
| github[.]com/Magercat/Al-Photoshop-2024 | |
| github[.]com/nate24321/minecraft-cheat2024 | |
| github[.]com/classroom-x-games/counter-str1ke-2-h4ck | |
| github[.]com/LittleHa1r/ESET-KeyGen-2024 | |
| github[.]com/ferhatdermaster/Adobe-Express-2024 | |
| github[.]com/CrazFrogb/23fasd21/releases/download/loader/Loader[.]Github[.]zip | |
| github[.]com/flashkiller2018/Black-Ops-6-Cheats-including-Unlocker-Tool-and-RICOCHET-Bypass | |
| github[.]com/Notalight/h4ck-f0rtnite | |
| github[.]com/Ayush9876643/r0blox-synapse-x-free | |
| github[.]com/FlqmzeCraft/cheat-escape-from-tarkov | |
| github[.]com/Ayush9876643/cheat-escape-from-tarkov | |
| github[.]com/Ayush9876643/rust-hack-fr33 | |
| github[.]com/ppetriix/rust-hack-fr33 | |
| github[.]com/Ayush9876643/Roblox-Blox-Fruits-Script-2024 | |
| github[.]com/LandonPasana21/Roblox-Blox-Fruits-Script-2024 | |
| github[.]com/Ayush9876643/Rainbow-S1x-Siege-Cheat | |
| github[.]com/Ayush9876643/SonyVegas-2024 | |
| github[.]com/123456789433/SonyVegas-2024 | |
| github[.]com/Ayush9876643/Nexus-Roblox | |
| github[.]com/cIeopatra/Nexus-Roblox | |
| github[.]com/Ayush9876643/m0dmenu-gta5-free | |
| github[.]com/GerardoR17/m0dmenu-gta5-free | |
| github[.]com/Ayush9876643/minecraft-cheat2024 | |
| github[.]com/RakoBman/cheat-apex-legends-download | |
| github[.]com/Ayush9876643/cheat-apex-legends-download | |
| github[.]com/cIiqued/FL-Studio | |
| github[.]com/Ayush9876643/FL-Studio | |
| github[.]com/Axsle-gif/h4ck-f0rtnite | |
| github[.]com/Ayush9876643/h4ck-f0rtnite | |
| github[.]com/SUPAAAMAN/m0dmenu-gta5-free | |
| github[.]com/atomicthefemboy/cheat-apex-legends-download | |
| github[.]com/FlqmzeCraft/cheat-escape-from-tarkov | |
| github[.]com/Notalight/h4ck-f0rtnite | |
| github[.]com/Notalight/FL-Studio | |
| github[.]com/Notalight/r0blox-synapse-x-free | |
| github[.]com/Notalight/cheat-apex-legends-download | |
| github[.]com/Notalight/cheat-escape-from-tarkov | |
| github[.]com/Notalight/rust-hack-fr33 | |
| github[.]com/Notalight/Roblox-Blox-Fruits-Script-2024 | |
| github[.]com/Notalight/Rainbow-S1x-Siege-Cheat | |
| github[.]com/Notalight/SonyVegas-2024 | |
| github[.]com/Notalight/Nexus-Roblox | |
| github[.]com/Notalight/minecraft-cheat2024 | |
| github[.]com/Notalight/m0dmenu-gta5-free | |
| github[.]com/ZinkosBR/r0blox-synapse-x-free | |
| github[.]com/ZinkosBR/cheat-escape-from-tarkov | |
| github[.]com/ZinkosBR/rust-hack-fr33 | |
| github[.]com/ZinkosBR/Roblox-Blox-Fruits-Script-2024 | |
| github[.]com/ZinkosBR/Rainbow-S1x-Siege-Cheat | |
| github[.]com/ZinkosBR/Nexus-Roblox | |
| github[.]com/ZinkosBR/m0dmenu-gta5-free | |
| github[.]com/ZinkosBR/minecraft-cheat2024 | |
| github[.]com/ZinkosBR/h4ck-f0rtnite | |
| github[.]com/ZinkosBR/FL-Studio | |
| github[.]com/ZinkosBR/cheat-apex-legends-download | |
| github[.]com/EliminatorGithub/counter-str1ke-2-h4ck | |
| Github[.]com/ashishkumarku10/call-0f-duty-warz0ne-h4ck | |
| EXEs | CB6DDBF14DBEC8AF55986778811571E6 |
| C610FD2A7B958E79F91C5F058C7E3147 | |
| 3BBD94250371A5B8F88B969767418D70 | |
| CF19765D8A9A2C2FD11A7A8C4BA3DEDA | |
| 69E530BC331988E4E6FE904D2D23242A | |
| 35A2BDC924235B5FA131095985F796EF | |
| EB604E2A70243ACB885FE5A944A647C3 | |
| 690DBCEA5902A1613CEE46995BE65909 | |
| 2DF535AFF67A94E1CDAD169FFCC4562A | |
| 84100E7D46DF60FE33A85F16298EE41C | |
| 00BA06448D5E03DFBFA60A4BC2219193 | |
| C2 Domains | 104.21.48.1 |
| 104.21.112.1 | |
| 104.21.16.1 |
The post GitHub’s Dark Side: Unveiling Malware Disguised as Cracks, Hacks, and Crypto Tools appeared first on McAfee Blog.
Inauguration Day has come and gone, and the peaceful transfer of power couldn’t have happened without the intricate systems that ensure the integrity of the electoral process—specifically, cybersecurity.
Behind the scenes, a vast network of digital defenses worked to protect elections from disinformation, cyberattacks, and manipulation, all of which pose increasing threats in today’s digital age. From securing ballots to combating deepfakes, these measures play a critical role in upholding trust in democracy and making days like Inauguration Day possible.
In the digital age, elections face unprecedented threats designed to undermine public trust and disrupt democratic processes. Among the most common challenges are:
These threats highlight the urgent need for robust cybersecurity measures to protect the democratic process.
To counter these threats, governments and organizations have implemented advanced strategies and technologies:
These measures are critical in securing the journey from Election Day to Inauguration Day, building public confidence in the democratic process.
As you consume news about the inauguration and the new administration, it’s more important than ever to be vigilant about fake news. Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:
It’s critical to be wary of disinformation, intentionally misleading information manipulated to create a flat-out lie, as well as misinformation, which may include social posts that unknowingly get facts wrong.
To combat misinformation and AI deepfakes, it’s key to:
Deepfakes don’t just spread false information—they often lead users to phishing sites or malware. With tools like McAfee+, you can navigate the digital landscape with confidence.
The post From Election Day to Inauguration: How Cybersecurity Safeguards Democracy appeared first on McAfee Blog.
McAfee Total Protection users can feel even more secure online knowing that AV-Comparatives has named it the best in 2024 for both real-world protection and overall speed.
The two awards – the 2024 Real-World Protection Gold Award and the Best Overall Speed Gold Award – underscore McAfee’s commitment to providing powerful security without compromising PC performance, a critical combination at a time when 59% of people globally report falling victim to an online scam or knowing someone who has, with 87% of these individuals losing money—an astounding average loss of $1,366 USD.
“We are honored to receive both the Best Real-World Protection and the Best PC Performance awards,” said McAfee Chief Technology Officer Steve Grobman. “AV-Comparatives is a renowned institute with a reputation for analysis and quality assurance that stands tall, and this recognition further reinforces our leadership in online protection. With our AI-powered threat protection, we remain committed to staying one step ahead of cybercriminals while having the lowest impact on PC performance, so that people can enjoy their online lives with confidence.”
Each year, AV-Comparatives rigorously tests leading consumer security products to evaluate their effectiveness in real-world scenarios as well as their impact on system performance. McAfee’s standout results reflect the strength of its:
Protect yourself and your family today with McAfee Total Protection, which includes the award-winning anti-malware technology, scam protection, identity monitoring, Secure VPN, password management, and safe browsing capabilities for all-in-one security.
Get started with a free trial of McAfee Total Protection here. McAfee’s award-winning technology is also available in McAfee+ Premium, McAfee+ Advanced, and McAfee+ Ultimate.
Read the full report on AV-Comparatives’ awards here.
The post AV-Comparatives Crowns McAfee as 2024’s Leader in Online Protection and Speed appeared first on McAfee Blog.
Private tech companies gather tremendous amounts of user data. These companies can afford to let you use social media platforms free of charge because it’s paid for by your data, attention, and time.
Big tech derives most of its profits by selling your attention to advertisers — a well-known business model. Various documentaries (like Netflix’s “The Social Dilemma”) have tried to get to the bottom of the complex algorithms that big tech companies employ to mine and analyze user data for the benefit of third-party advertisers.
Tech companies benefit from personal info by being able to provide personalized ads. When you click “yes” at the end of a terms and conditions agreement found on some web pages, you might be allowing the companies to collect the following data:
For someone unfamiliar with privacy issues, it is important to understand the extent of big tech’s tracking and data collection. After these companies collect data, all this info can be supplied to third-party businesses or used to improve user experience.
The problem with this is that big tech has blurred the line between collecting customer data and violating user privacy in some cases. While tracking what content you interact with can be justified under the garb of personalizing the content you see, big tech platforms have been known to go too far. Prominent social networks like Facebook and LinkedIn have faced legal trouble for accessing personal user data like private messages and saved photos.
The info you provide helps build an accurate character profile and turns it into knowledge that gives actionable insights to businesses. Private data usage can be classified into three cases: selling it to data brokers, using it to improve marketing, or enhancing customer experience.
To sell your info to data brokers
Along with big data, another industry has seen rapid growth: data brokers. Data brokers buy, analyze, and package your data. Companies that collect large amounts of data on their users stand to profit from this service. Selling data to brokers is an important revenue stream for big tech companies.
Advertisers and businesses benefit from increased info on their consumers, creating a high demand for your info. The problem here is that companies like Facebook and Alphabet (Google’s parent company) have been known to mine massive amounts of user data for the sake of their advertisers.
To personalize marketing efforts
Marketing can be highly personalized thanks to the availability of large amounts of consumer data. Tracking your response to marketing campaigns can help businesses alter or improve certain aspects of their campaign to drive better results.
The problem is that most AI-based algorithms are incapable of assessing when they should stop collecting or using your info. After a point, users run the risk of being constantly subjected to intrusive ads and other unconsented marketing campaigns that pop up frequently.
To cater to the customer experience
Analyzing consumer behavior through reviews, feedback, and recommendations can help improve customer experience. Businesses have access to various facets of data that can be analyzed to show them how to meet consumer demands. This might help improve any part of a consumer’s interaction with the company, from designing special offers and discounts to improving customer relationships.
For most social media platforms, the goal is to curate a personalized feed that appeals to users and allows them to spend more time on the app. When left unmonitored, the powerful algorithms behind these social media platforms can repeatedly subject you to the same kind of content from different creators.
Here are the big tech companies that collect and mine the most user data.
Users need a comprehensive data privacy solution to tackle the rampant, large-scale data mining carried out by big tech platforms. While targeted advertisements and easily found items are beneficial, many of these companies collect and mine user data through several channels simultaneously, exploiting them in several ways.
It’s important to ensure your personal info is protected. Protection solutions like McAfee’s Personal Data Cleanup feature can help. It scours the web for traces of your personal info and helps remove it for your online privacy.
McAfee+ provides antivirus software for all your digital devices and a secure VPN connection to avoid exposure to malicious third parties while browsing the internet. Our Identity Monitoring and personal data removal solutions further remove gaps in your devices’ security systems.
With our data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.
The post What Personal Data Do Companies Track? appeared first on McAfee Blog.
The devastating wildfires sweeping through Southern California have left countless neighborhoods in ruins, forcing thousands to evacuate and destroying homes in their path. While many people across the nation are moved to support those affected, this goodwill often becomes a target for opportunistic cybercriminals. McAfee researchers have discovered that social media networks have been flooded with deceptive images, showing how cryptocurrencies can be used to make donations for fire relief efforts. We believe these to be scams trying to dupe consumers. McAfee CTO, Steve Grobman says, “It’s really unfortunate because it’s such a tragic event, and we’re seeing cybercriminals and scammers take advantage of the situation in a whole host of ways, from fake GoFundMe sites to fraudulent campaign donation pages.”
Figure 1. Cryptocurrency Donation Requests
Steve continues, “The use of generative AI has fueled the creation of fake content, like viral images of the Hollywood sign engulfed in flames, which our deepfake detection technology confirmed were AI-generated. These tools are helping scammers misrepresent reality and exploit public emotions. We’ve seen fake accounts impersonating celebrities like Emma Watson and Kim Kardashian, promoting nonexistent charities to deceive people into donating money.”
The average American encounters a staggering 14.4 scam messages and deepfakes daily through social media, text messages, and emails, according to McAfee’s latest “State of the Scamiverse” report.
Now, think about this: even in your everyday life, that’s a lot of noise to sift through. But when you’re in the chaos of recovering from a disaster like a wildfire—juggling insurance claims, emergency communications, and rebuilding your life—the sheer volume of scams adds another layer of overwhelm. It’s a perfect storm for distraction, making it even easier for cybercriminals to exploit your vulnerability. Here’s what you need to know to protect yourself from scams while providing genuine help to wildfire victims.
Natural disasters and major news events provide fertile ground for cybercriminals. Cliff Steinhauer, Director of Information Security at the National Cybersecurity Alliance, explains that people eager to help during a crisis can act emotionally, skipping necessary steps to verify the legitimacy of donation platforms or relief efforts.
Scammers watch disaster news closely to craft scams tailored to the event. The emotional urgency surrounding a catastrophe like the California wildfires increases the likelihood of falling victim to these attacks.
A recent McAfee survey found that 59% of Americans say they or someone they know has been the victim of an online scam. 84% of these people lost money to the scam, with an average loss of $1,471 – and nearly 1 in 10 scam victims lost over $5,000
Many scams during crises fall under the umbrella of social engineering, a tactic where attackers manipulate people into divulging sensitive information or funds. Here are some of the most common schemes to watch out for:
Scammers often create counterfeit websites or social media posts masquerading as legitimate charities. These pages may look convincing but divert donations into the hands of criminals.
Emails, texts, and phone calls pretending to be from government agencies or well-known charities may attempt to steal personal data or payment details.
Victims of disasters are especially vulnerable. Scammers might pose as organizations offering aid, only to harvest sensitive information like bank account details or steal identities.
Modern scammers use AI to craft phishing attempts that are harder to spot. Unlike older scams with obvious grammar mistakes, AI-generated messages can appear professional and persuasive.
Figure 2. Fake Celebrity Donation Requests
Whether you’re donating to wildfire relief efforts or seeking aid, these steps can help protect you:
Use trusted resources like Give.org or Charity Navigator to confirm the legitimacy of charities.
Platforms like GoFundMe now provide verified lists of fundraisers for disaster relief.
Be wary of websites with misspelled URLs or unusual domain extensions. Look for “https” and padlock symbols to confirm the site is secure.
Phishing attempts often come via unsolicited emails, texts, or social media ads. Instead of clicking, go directly to a charity’s official website by typing its address into your browser.
Not all paid advertisements on platforms like Facebook or Instagram are legitimate. Avoid providing personal or payment information through these channels without verification.
Be cautious of campaigns that fail to explain how your donation will be used. Reputable organizations are transparent about how funds are allocated.
Steve Grobman states, “If consumers want to help with relief efforts, they should always go to validated organizations and use payment methods with protections, like credit cards. Wiring money or using cryptocurrency can make it nearly impossible to recover funds if it turns out to be fraudulent. While many GoFundMe sites are legitimate, scammers exploit the platform’s low barrier to entry. Consumers should verify campaigns with the individuals or families they claim to support or stick to reputable charities.”
In the aftermath of California wildfires, staying vigilant is essential. While most people are dedicated to recovery and support, a few may attempt to exploit the situation. By learning to spot common scams and taking proactive steps, you can safeguard yourself and your community from additional harm. Use a robust and trustworthy scam detection tool. McAfee can block risky sites even if you accidentally click a link in a scam text. When it comes to text messages, our smart AI puts a stop to scams before you click—detecting any suspicious links and sending you an alert.
In an age where deepfake technology is becoming increasingly sophisticated, protecting yourself from manipulated videos, audio, and images is critical. McAfee Deepfake Detector is designed to safeguard individuals and organizations by identifying and alerting you to potential deepfakes, ensuring that you can trust what you see and hear online.
The post Scammers Exploit California Wildfires: How to Stay Safe appeared first on McAfee Blog.
Amid the devastation of the Los Angeles County wildfires – scorching an area twice the size of Manhattan – McAfee threat researchers have identified and verified a rise in AI-generated deepfakes and misinformation, including startling but false images of the Hollywood sign engulfed in flames.
Social media and local broadcast news have been flooded with deceptive images claiming the Hollywood sign is engulfed in flames, with many people alleging that the iconic landmark is “surrounded by fire.”
Figure 1. AI-generated image shared on Facebook on January 9th, 2025.
Fact check: The Hollywood sign is still standing and is intact. A live feed of the Hollywood sign clearly shows the sign is not currently in harm’s way or engulfed in flames.
Figure 2: Live view of the Hollywood sign taken at 3.29 PT on Friday, January 10th 2025.
McAfee researchers have examined dozens of images shared across X, Facebook, Tik Tok and Instagram, and have verified these are indeed AI-generated images and videos. In addition to analysis from our own threat researchers, McAfee’s image deepfake detection technology has flagged images shown here (and many more) of the Hollywood Hills as AI-generated, with the fire serving as a key factor in its analysis.
McAfee’s investigation traced many of the images back to Gemini, an AI-based image generation platform. This finding underscores the increasing sophistication of fake image synthesis, where fake images and videos can be created in mere seconds, but can be spread to more than a million views in just 24 hours, such as is the case with the social post shared on Facebook below.
Figure 3: Screenshot of deepfake video of Hollywood sign on fire. This video was discovered on Facebook and had already achieved 1.3 million views in 24 hours.
McAfee CTO, Steve Grobman states, “AI tools have supercharged the spread of disinformation and misinformation, enabling false content—like recent fake images of the Hollywood sign engulfed in flames—to circulate at unprecedented speed. This makes it critical for social media users to keep their guard up, approach viral posts with skepticism, and verify sources to distinguish fact from fiction.”
Figure 4. McAfee’s advanced AI models identifies images that have been modified or created using AI. The heatmap depicts areas that have been used to identify and confirm AI-usage.
AI-generated still images are incredibly easy to produce. In less than a minute, we were able to produce a convincing image of the Hollywood Hills sign on fire for free with AI image generating Android app (we have not published these images, only those found on social media). Many of these apps exist to choose from. Some do filter for violent and other objectionable content. However, images like the Hollywood Hills sign on fire, fall outside of normal guardrails. Additionally, the business model of many of these apps include free credits as a trial, making it quick and easy to create and share. AI image generation is a widely available and easily accessible tool used in many misinformation campaigns.
See below for more examples:
Figure 5. Examples on Instagram.
Upon closer inspection, some images had watermark images clearly labeled from Generative AI tools such as Grok. And while this might be an obvious telltale sign for some people, there are many others who are not familiar with or recognize such watermarks.
Figure 6. The Grok watermark is clearly visible in the image above.
There are several straightforward steps that you can take to spot a fake. We recommend a combination of healthy skepticism and awareness combined with the right technology, such as McAfee Deepfake Detector.
While not all AI is malicious or ‘bad’, this technology is commonly used by bad actors for malicious intent when it comes to deepfake scams, misinformation and disinformation. While the deepfakes outlined here appear to be without malicious intent – other than to misinform social media users – we could expect these to evolve where scammers create similar deepfakes as part of fake donation scams, and so we advise everyone to stay vigilant and learn more on how to spot deepfakes online:
Plenty of deepfakes can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ and McAfee Deepfake Detector to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too.
The post The Hollywood Sign is Not on Fire: Deepfakes Spread During L.A. Wildfires appeared first on McAfee Blog.
In a world where deepfake scams and misinformation are increasingly pervasive, McAfee is taking a bold step forward with major enhancements to its AI-powered deepfake detection technology. By partnering with AMD and harnessing the Neural Processing Unit (NPU) within the latest AMD Ryzen AI 300 Series processors announced at CES, McAfee Deepfake Detector is designed to empower users to discern truth from fiction like never before.
As deepfake technology becomes more sophisticated, so too does the challenge of identifying manipulated content. Nearly two-thirds of people globally report rising concerns over deepfakes, emphasizing the need for tools that can accurately detect falsified content.
To address this growing issue, McAfee introduced its cutting-edge AI technology, now supercharged through its collaboration with AMD, McAfee Deepfake Detector can deliver detection in seconds to help consumers navigate videos increasingly riddled with misinformation.
Cybercriminals are leveraging AI to manipulate audio and video, creating hyper-realistic deepfakes that are difficult to identify with the naked eye. McAfee’s Deepfake Detector uses advanced Convolution Neural Network models—AI tools specifically trained to identify manipulated or AI-generated audio within videos.
This groundbreaking technology is aimed at not only enhancing online safety but also setting a new standard for AI-powered tools.
McAfee’s partnership with AMD takes deepfake detection to the next level. By leveraging the 50 TOPS of performance in the latest AMD Ryzen AI 300 Series processors, McAfee Deepfake Detector achieves lightning–fast detection of deepfakes. This collaboration announced at CES marks a significant leap forward in balancing AI performance with user privacy, giving consumers the best of both worlds: robust protection and peace of mind.
This newest generation of AMD mobile processors represents huge leaps forward not just in compute and graphics performance but also in AI capabilities and experiences, all powered by the world’s most advanced family of processors1. McAfee Deepfake Detector leverages AMD XDNA 2 architecture providing up to a 5X increase in NPU power vs. the previous generation2, confirming continued AMD leadership in innovation and performance in this new category of AI PC computing.
McAfee’s Deepfake Detector integrates effortlessly into the user’s workflow, ensuring that everyone—from professionals to casual users—can access next-level protection without technical hurdles.
As deepfake technology evolves, McAfee Deepfake Detector is a game-changer in the fight against misinformation and scams. By combining AI-powered detection with the cutting-edge AMD Ryzen AI 300 Series processors and NPU technology, McAfee delivers:
Stay one step ahead of deepfake threats. Whether you’re a professional, a consumer, or simply navigating the digital world, McAfee empowers you to discern truth from fiction—designed for a safer, more secure online experience.
1 Based on node size. As of January 2024, AMD Ryzen AI 300 Series processors are amongst the most advanced series of processors based on 4nm node size, whereas available competitive (non-AMD) x86 laptop processors are based on 7nm TSMC process.
2 Based on engineering specifications as of May 2024 comparing total TOPS capacity for Ryzen AI 300 Series processor’s NPU to Ryzen 7040 Series processor’s NPU.
The post McAfee Deepfake Detector: Fighting Misinformation with AMD AI-Powered Precision appeared first on McAfee Blog.
As CES kicks off in Las Vegas, McAfee proudly stands at the forefront of innovation, showcasing our leadership in AI and our commitment to driving transformative breakthroughs in tech. Here are the key highlights of McAfee’s participation at CES 2025:
At CES, we are announcing McAfee Scam Detector – the most comprehensive protection against text, email, and video scams. Today’s scams are smarter, sneakier, and more convincing than ever. We’re helping consumers take back control with AI-powered scam detection to stop scammers in their tracks.
Tuesday Spotlight:
Dan Huynh, McAfee’s VP of Business Development, joins a panel of business leaders to explore the capabilities of AI-powered PCs. From enhanced video and photo editing to faster computing speeds and improved security, this session delves into how AI PCs are reshaping work, play, and creativity.
McAfee has announced an exciting partnership with AMD to combat deepfake scams and misinformation. The McAfee Deepfake Detector now leverages the Neural Processing Unit (NPU) in AMD Ryzen AI 300 Series processors, enabling faster and more accurate detection of manipulated content.
Qualcomm is also showcasing McAfee’s Deepfake Detector technology at CES, with demos running on their high-performance, low-powered AI silicon. These demonstrations highlight McAfee’s commitment to tackling the growing threat of malicious AI deepfakes.
Thursday Spotlight:
German Lancioni, McAfee’s Chief AI Scientist, takes the stage to discuss using AI as a tool against AI-generated disinformation. This session will tackle the question: How can people trust what they see in a world of malicious AI deepfakes?
As CES 2025 unfolds, McAfee is proud to lead the charge in addressing the challenges and opportunities that AI brings to our increasingly digital world. Through groundbreaking innovations, strategic partnerships, and thought leadership, we’re not just imagining the future of tech—we’re actively shaping it.
We invite you to join us and our partners at CES to experience our cutting-edge technologies firsthand, engage with experts, and learn how McAfee is redefining security in the age of AI. Together, we’re building a safer, smarter, and more trusted digital landscape for everyone. Stay tuned for more updates as we continue to push the boundaries of what’s possible.
The post McAfee Shines at CES 2025: Redefining AI Protection for All appeared first on McAfee Blog.
For less than the cost of a latte and in under 10 minutes, scammers today can create shockingly convincing deepfake videos of anyone: your mom, your boss, or even your child.
Imagine receiving a video call from your mom asking to borrow money for an emergency, or getting a voicemail from your boss requesting urgent access to company accounts. These scenarios might seem straightforward, but in 2025, they represent a growing threat: deepfake scams that can be created for just $5 in under 10 minutes. According to McAfee’s latest “State of the Scamiverse” report, deepfake scams have become an everyday reality. The average American now encounters 2.6 deepfake videos daily, with younger adults (18-24) seeing even more – about 3.5 per day. These aren’t just celebrity face-swaps or entertaining memes; they’re sophisticated scams designed to separate people from their money.
Welcome to the Scamiverse: an ever-expanding realm of online scams and fraud that’s targeting people everywhere. Despite increasing awareness, scams are on the rise globally, costing victims money, time, and emotional well-being. Understanding this evolving landscape is key to staying protected.
According to McAfee’s December 2024 survey of 5,000 adults:
Beyond financial losses, there’s a significant emotional toll. More than a third of victims reported moderate to significant distress after falling for an online scam, with many spending over a month trying to resolve the resulting issues. Deepfake scams surged tenfold in 2024, with North America experiencing a jaw-dropping 1,740% increase. Over 500,000 deepfakes circulated on social media in 2023 alone. Unsurprisingly, two-thirds of people report being more worried about scams than ever before.
Deepfakes are no longer futuristic tech—they’re an everyday reality. McAfee’s survey showed:
Deepfake videos are most commonly encountered on:
| Platform | % Reporting Deepfakes |
| 68% | |
| 30% | |
| TikTok | 28% |
| X (formerly Twitter) | 17% |
Interestingly, different age groups tend to encounter deepfakes on different platforms. While older Americans are more likely to see them on Facebook (over 80% of those 65+ report this), younger users more frequently encounter them on Instagram and TikTok. Younger Americans encounter more deepfakes (3.5 daily for ages 18-24) than older groups (1.2 for ages 65+), while seniors report higher exposure to deepfakes on Facebook.
Deepfakes leverage generative AI to create convincing fake videos and audio. Initially popularized through memes featuring celebrities like Tom Cruise and Mark Zuckerberg, deepfakes are now weaponized by scammers. These tools can:
McAfee Labs tested 17 deepfake creation tools, finding that scammers can:
These tools enable scammers to achieve professional-grade results with minimal effort, making deepfake scams increasingly accessible.
The McAfee survey highlighted a wide range of scams. Some frequently involve deepfakes, such as:
| Scam Type | % Reporting |
| Fake shipping notifications | 36% |
| Fake news videos | 21% |
| Celebrity endorsement scams | 18% |
With deepfake technology becoming more accessible and sophisticated, here are McAfee’s top tips to protect yourself:
As we move further into 2025, the threat of deepfake scams is likely to grow. While about half of Americans feel confident they can spot these scams, the technology is evolving rapidly. The best defense is staying informed, maintaining healthy skepticism, and using modern security tools designed to combat these AI-powered threats. Scams have evolved with AI, but so have defenses. Staying vigilant, leveraging advanced cybersecurity tools, and educating yourself can help you navigate the Scamiverse safely. As scammers grow smarter, so must we. Remember, if something seems off about a video call or message from a loved one or colleague, take a moment to verify through another channel. In the age of $5 deepfakes, that extra step could save you thousands of dollars and countless hours of stress.
The post State of the Scamiverse – How AI is Revolutionizing Online Fraud appeared first on McAfee Blog.
Brushing scams are a type of online fraud where sellers send unsolicited packages to individuals, even though they never made an order. These deceptive tactics are often used on popular e-commerce platforms such as Amazon and AliExpress. The goal of scammers is to artificially inflate product rankings and create fake reviews, ultimately boosting their sales and visibility. Read on to understand how brushing scams work and what steps you can take to stay safe.
A brushing scam is a fraudulent practice in which sellers send packages to people without their knowledge or consent. These items are typically cheap and low-quality, such as inexpensive jewelry or random gadgets, and are sent to fake addresses or addresses obtained illegally. Once the item is delivered, the fraudster writes a fake review praising the product, which helps the seller’s rating rise.
The term “brushing” originates from Chinese e-commerce, where the act of “brushing up” sales numbers involves creating fake orders and sending goods to random individuals. This practice boosts a product’s perceived popularity, tricking other buyers into thinking the product is highly rated, thus increasing its sales.
Here’s how a brushing scam typically unfolds:
These scammers often send products like costume jewelry, seeds, or inexpensive gadgets to inflate their reviews and rankings. If you find an unsolicited package at your door, there’s a high chance it’s part of a brushing scam.
Personal Data Exposure:
Receiving unsolicited parcels may indicate that your personal information has been compromised. Scammers typically access names and addresses through data breaches or purchase this information from illegal sources. In some cases, they may possess additional sensitive details, opening the door to identity theft.
Account Suspension:
If a fraudster uses your name to write fake reviews, your e-commerce account could be flagged or suspended by the platform while the issue is investigated.
Misleading Consumers:
Fake reviews can mislead you into purchasing low-quality products, especially when inflated ratings and positive comments are posted en masse.
Safety Hazards:
Some items involved in brushing scams, such as cosmetics, could be harmful. Other items, like flower seeds, may pose biosecurity risks or introduce invasive species to your local ecosystem.
If you’ve received an unexpected package and suspect it’s part of a brushing scam, report it to the online marketplace involved. Platforms typically provide a form for users to submit reports on fraudulent packages. Here’s how to handle it:
You can also report the incident to your local consumer protection agency or, in the case of U.S. residents, to the Federal Trade Commission (FTC).
If the scam occurs on Amazon, follow these steps:
It’s important not to consume or use the product, especially if its quality is questionable or if it’s an item like cosmetics or food. Update your passwords for Amazon and any linked accounts and monitor your financial statements for suspicious activity.
Here are some steps to prevent falling victim to brushing scams:
If you receive unexpected items from China or other overseas locations, it could be a sign of a brushing scam, especially if the items appear low-quality or irrelevant.
If you receive a package you didn’t order via USPS:
Brushing scams are a growing concern, but by staying vigilant and taking appropriate steps, you can protect your personal information and avoid falling prey to these deceptive tactics. Always report suspicious packages and reviews, and be cautious when interacting with unfamiliar sellers.
The post How to Protect Yourself from a Brushing Scam appeared first on McAfee Blog.
Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.
Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting.
Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.
The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.
By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location.
Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft.
Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.
Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information.
Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels.
The post How to Protect Your Data While On-the-Go appeared first on McAfee Blog.
Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go
Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.
Public Wi-Fi networks are notorious for their lack of security. Unlike your home network, which is likely password-protected and encrypted, many public networks are open and vulnerable to cyberattacks. Hackers can intercept your data, monitor your online activity, and even steal sensitive information like passwords, credit card numbers, and personal identification.
Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting.
Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.
1. Use a Virtual Private Network (VPN): Your Best Defense
The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.
By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location.
2. Avoid Sensitive Transactions on Public Wi-Fi
Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft.
Safer Alternatives:
3. Spot Suspicious Wi-Fi Networks
Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.
Red Flags to Watch For:
4. Keep Your Devices Secure
Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information.
Device Security Tips:
Stay Safe and Enjoy Your Winter Travels
Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels.
The post Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go appeared first on McAfee Blog.
McAfee threat researchers have identified several consumer brands and product categories most frequently used by cybercriminals to trick consumers into clicking on malicious links in the first weeks of this holiday shopping season. As holiday excitement peaks and shoppers hunt for the perfect gifts and amazing deals, scammers are taking advantage of the buzz. The National Retail Federation projects holiday spending will reach between $979.5 and $989 billion this year, and cybercriminals are capitalizing by creating scams that mimic the trusted brands and categories consumers trust. From October 1 to November 12, 2024, McAfee safeguarded its customers from 624,346 malicious or suspicious URLs tied to popular consumer brand names – a clear indication that bad actors are exploiting trusted brand names to deceive holiday shoppers.
McAfee’s threat research also reveals a 33.82% spike in malicious URLs targeting consumers with these brands’ names in the run-up to Black Friday and Cyber Monday. This rise in fraudulent activity aligns with holiday shopping patterns during a time when consumers may be more susceptible to clicking on offers from well-known brands like Apple, Yeezy, and Louis Vuitton, especially when deals seem too good to be true – pointing to the need for consumers to stay vigilant, especially with offers that seem unusually generous or come from unverified sources.
McAfee threat researchers have identified a surge in counterfeit sites and phishing scams that use popular luxury brands and tech products to lure consumers into “deals” on fake e-commerce sites designed to appear as official brand pages. While footwear and handbags were identified as the top two product categories exploited by cybercrooks during this festive time, the list of most exploited brands extends beyond those borders:
By mimicking trusted brands like these, offering unbelievable deals, or posing as legitimate customer service channels, cybercrooks create convincing traps designed to steal personal information or money. Here are some of the most common tactics scammers are using this holiday season:
With holiday shopping in full swing, it’s essential for consumers to stay one step ahead of scammers. By understanding the tactics cybercriminals use and taking a few precautionary measures, shoppers can protect themselves from falling victim to fraud. Here are some practical tips for safe shopping this season:
McAfee’s threat research team analyzed malicious or suspicious URLs that McAfee’s web reputation technology identified as targeting customers, by using a list of key company and product brand names—based on insights from a Potter Clarkson report on frequently faked brands—to query the URLs. This methodology captures instances where users either clicked on or were directed to dangerous sites mimicking trusted brands. Additionally, the team queried anonymized user activity from October 1st through November 12th.
The image below is a screenshot of a fake / malicious / scam site: Yeezy is a popular product brand formerly from Adidas found in multiple Malicious/Suspicious URLs. Often, they present themselves as official Yeezy and/or Adidas shopping sites.
The image below is a screenshot of a fake / malicious / scam site: The Apple brand was a popular target for scammers. Many sites were either knock offs, scams, or in this case, a fake customer service page designed to lure users into a scam.
The image below is a screenshot of a fake / malicious / scam site: This particular (fake) Apple sales site used Apple within its URL and name to appear more official. Oddly, this site also sells Samsung Android phones.
The image below is a screenshot of a fake / malicious / scam site: This site, now taken down, is a scam site purporting to sell Nike shoes.
The image below is a screenshot of a fake / malicious / scam site: Louis Vuitton is a popular brand for counterfeit and scams. Particularly their handbags. Here is one site that was entirely focused on Louis Vuitton Handbags.
The image below is a screenshot of a fake / malicious / scam site: This site presents itself as the official Louis Vuitton site selling handbags and clothes.
The image below is a screenshot of a fake / malicious / scam site: This site uses too-good-to-be-true deals on branded items including this Louis Vuitton Bomber jacket.
The image below is a screenshot of a fake / malicious / scam site: Rolex is a popular watch brand for counterfeits and scams. This site acknowledges it sells counterfeits and makes no effort to indicate this on the product.
The post This Holiday Season, Watch Out for These Cyber-Grinch Tricks Used to Scam Holiday Shoppers appeared first on McAfee Blog.
Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.
There’s a good chance you’re already using multi-factor verification with your other accounts — for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.
It’s increasingly common to see nowadays, where all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. That’s where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.
Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:
Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the “editor’s picks” at your app store or in trusted tech publications.
Whichever form of authentication you use, always keep that secure code to yourself. It’s yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.
Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. You’ll want a strong, unique password. Here’s how that breaks down:
Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
And here’s a link to the company’s full walkthrough: https://www.facebook.com/help/148233965247823
When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.
And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145
And here’s a link to the company’s full walkthrough: https://faq.whatsapp.com/1920866721452534
And here’s a link to the company’s full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop
1. TapProfileat the bottom of the screen.
2. Tap the Menu button at the top.
3. Tap Settings and Privacy, then Security.
4. Tap 2-step verification and choose at least two verification methods: SMS (text), email, and authenticator app.
5. Tap Turn on to confirm.
And here’s a link to the company’s full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok
The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.
It’s been a big year for big data breaches. Billions of records on millions of people have been exposed at an estimated cost of nearly $10 trillion dollars to people and businesses alike worldwide.[i]
While we still have a few weeks in the year left to go, here’s a roundup of five of the most noteworthy breaches this year. And while you can’t prevent big data breaches from happening, you can still take several preventive steps to protect yourself from the fallout. We’ll cover them here too.
News of a major data breach that involved nearly three billion records came to light over the summer from a somewhat unusual source — a class-action complaint filed in Florida.
The complaint concerned National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”
The complaint alleged that NPD was hit by a data breach in or around April 2024. [ii] The complaint filed in the U.S. District Court further alleges:
Typically, companies self-report these breaches, thanks to regulations and legislation that require them to do so in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.
In this case, it appeared that no notices were immediately sent to potential victims.
As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)
Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web.[iii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.
Just how big was the Ticketmaster data breach? It appears that over a half-billion people might have had their personal info compromised.
Ticketmaster’s parent company, Live Nation Entertainment, first announced the breach in late May. The company said that it had identified “unauthorized activity” from April 2 to May 18, 2024.
Soon after, the noted hacking group ShinyHunters claimed responsibility for the breach.[iv] According to the hackers, their 1.3 terabyte haul of data includes 560 million people — along with a mix of their names, addresses, email addresses, phone numbers, order information, and partial payment card details. They allegedly posted that info for sale on the dark web in late May.[v]
Live Nation then began notifying potential victims by physical mail, stating:
“The personal information that may have been obtained by the third party may have included your name, basic contact information, and <extra>.”
Per a support document posted by Ticketmaster, the <extra> part varied by individual. Depending on what was compromised, that might have included “email, phone number, encrypted credit card information as well as some other personal information provided to [Ticketmaster].”[vi]
Also affecting millions of people in 2024, a breach at Infosys McCamish Systems (IMS), a company that provides solutions and services to insurance companies and financial institutions. Per an announcement from IMS[vii], the company,
“[D]etermined that unauthorized activity occurred between October 29, 2023, and November 2, 2023. Through the investigation, it was also determined that data was subject to unauthorized access and acquisition.”
There’s a good chance you haven’t heard of IMS before reading this article. Yet to put the attack in perspective, it affected people who hold accounts with companies like Bank of America, Oceanview Life and Annuity Company, Fidelity Investments Life Insurance, Newport Group, and Union Labor Life Insurance.
Also per IMS, the full run of personal info swept up in the attack included:
| · Social Security Numbers
· Dates of birth · Medical records · Biometric data · Email address and passwords · Usernames and passwords |
· Driver’s license and state ID numbers
· Financial account info · Payment card info · Passport numbers · Tribal ID numbers · US military ID numbers |
Notifications went out to potential victims in several ways and at several times. Bank of America sent notices to 50,000 people in February, alerting them that their info was compromised by an unidentified third party.[viii] Fidelity Investments Life Insurance notified 28,000 potential victims in March.[ix] In late June, IMS began contacting the six million potential victims overall — eight months after the date of the initial attack.[x]
The second breach involves (FBCS), a bonded collection agency based on the U.S. east coast. On February 26, 2024, the company noted unauthorized access to their systems, which covered a twelve-day period starting on February 14.[xi] In an April notice of a “data event,” FBCS stated that people might have had the following info compromised:
“[C]onsumer name, address, date of birth, Social Security number, driver’s license number, other state identification number, medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.”
FBCS went on to say that the compromised info varied from person to person.
Initially, the scope of the breach appeared to approach two million victims.[xii] Several updated filings continued to increase that number. At last reporting, the figure had ballooned to more than four million people affected.[xiii]
In April, mobile carrier AT&T learned that hackers had stolen the call and text logs of nearly all its customers, estimated at nearly 100 million people. That further included customers who used Cricket, Boost Mobile, and Consumer Cellular, which are mobile virtual network operators (MVNOs) that use AT&T’s network.
The compromised data covered a period between May 1, 2022, and October 31, 2022, with a small number of records from January 2, 2023, also affected. According to AT&T, hackers gained access through a third-party cloud platform account.[xiv]
The stolen data revealed the phone numbers customers communicated with, along with the frequency and total duration of calls and texts for specific periods. In this way, the breach affected more than just customers of AT&T — it affected anyone who may have called or texted with an AT&T customer.
However, AT&T assured customers that the content of calls or texts, timestamps, Social Security numbers, dates of birth, or other personal details were not compromised.
Of concern, a determined hacker with access to the data could infer a lot from these logs, such as businesses and people customers regularly speak with. In turn, this could fuel phishing scams by giving them extra credibility if the scammer poses as the businesses and people involved.
These breaches show the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Sometimes, we’re in the dark about a data breach until we get hit with a case of identity theft ourselves.
Indeed, plenty of breaches go unreported or under-reported. Even so, word of an attack that affects you might take some time to reach you. With that, preventative measures offer the strongest protection from data breaches.
To fully cover yourself, we suggest the following:
Check your credit, consider a security freeze, and get ID theft protection.
With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Monitor your identity and transactions.
Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.
Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
For even more security, you can use our Text Scam Detector. It scans links in texts and lets you know if it’s risky. And if you accidentally click or tap a bad link, it blocks the sketchy sites they can take you to.
Update your passwords and use two-factor authentication.
Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.
[i] https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
[ii]https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS
[iii] https://www.theregister.com/2024/06/03/usdod_data_dump/
[iv] https://www.pcmag.com/news/ticketmaster-confirms-user-email-addresses-phone-numbers-stolen-in-hack
[v] https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
[vi] https://help.ticketmaster.com/hc/en-us/articles/26110487861137-Ticketmaster-Data-Security-Incident
[vii] https://www.infosysbpm.com/mccamish/about/notice-of-cybersecurity-incident.html
[viii] https://www.bankinfosecurity.com/bank-america-responds-to-breach-a-4487
[ix] https://www.securityweek.com/fidelity-investments-notifying-28000-people-of-data-breach/
[x] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/b152fd39-9f84-4ca5-a149-d20b94ed8ef6.html
[xi] https://www.fbcs-inc.com/cyber-incident/
[xii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/5fe1ede5-aafd-4da2-b1a4-0057a6cdadc6.shtml
[xiii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7e6ff931-a035-480f-a977-e11a8af7f768.html
[xiv] https://about.att.com/story/2024/addressing-illegal-download.html
The post 2024 Data Breaches Wrapped appeared first on McAfee Blog.
The holiday season often brings a rush of new gadgets—smartphones, tablets, laptops, and smart home devices—into households. One survey revealed that nearly 199 million U.S. adults planned to purchase tech products and services as gifts for the holiday season. For the tech-savvy among us, it also means becoming the go-to person for setting up, troubleshooting, and securing those shiny new devices. But while it’s great to help your loved ones get the most out of their tech, it’s just as important to ensure they’re protected from digital threats like malware, phishing, and privacy breaches.
This year, step up as the digital IT hero of the holidays by taking proactive measures to safeguard your family’s online life. Here’s a guide to help you create a safer digital environment for your loved ones by setting up their devices with robust cybersecurity protections.
One of the first steps in protecting new devices is ensuring that internet connections are secure. A Virtual Private Network (VPN) is essential for safeguarding your family’s data, especially when using public Wi-Fi networks at coffee shops, airports, or hotels. Without a VPN, any data you send or receive—such as login details, personal information, or banking credentials—can be intercepted by cybercriminals using simple hacking tools. A VPN encrypts your internet connection, making it much harder for anyone to spy on or steal your information, even on public networks. This layer of security is crucial to protect your privacy and keep your data safe from potential threats.
How to help:
Antivirus software plays a crucial role in protecting devices from malware, ransomware, and other cyber threats by continuously scanning for malicious activity and preventing harmful files from executing. It acts as a first line of defense, detecting and removing viruses before they can compromise your system or steal sensitive data.
How to help:
Passwords are the first and often most critical line of defense for online accounts, but unfortunately, many people still rely on weak or predictable combinations like “password123” or simple sequences of numbers. These easy-to-guess passwords leave accounts vulnerable to cybercriminals who use automated tools to crack them within minutes.
However, the threat doesn’t stop at weak passwords—data breaches pose an even greater risk. When large-scale breaches occur, they often expose millions of usernames and passwords to the public. Even strong, unique passwords can be compromised if they’ve been leaked in a breach, allowing attackers to use those credentials in credential-stuffing attacks, where they attempt to log in to multiple accounts using the same exposed password.
To counteract this, it’s critical to not only set strong, unique passwords for every account but also to enable multi-factor authentication (MFA) so that even if your password falls into the wrong hands, attackers can’t access your account without a second form of verification.
How to help:
Data loss can be catastrophic, whether it’s due to a hardware failure, theft, or ransomware attack. Setting up automatic backups ensures that your family’s important data—such as photos, videos, and documents—is safe, no matter what happens.
How to help:
New devices often come pre-loaded with a myriad of apps, many of which your family members may never use. Some of these could be bloatware or even pose security risks by running in the background and collecting data.
How to help:
By helping your family with these key cybersecurity steps, you’re not just setting up their devices—you’re providing them with the tools and knowledge to stay safe online. As the digital IT hero of the holidays, you’ll empower your loved ones to enjoy their new tech with confidence, knowing their data and privacy are protected.
The post How to Be Your Family’s Digital IT Hero for the Holidays appeared first on McAfee Blog.
As 89% of Americans plan to shop online during this holiday shopping season, many say they’re more concerned about being scammed online than they were last year. One big reason why—AI deepfakes.
Our 2024 Global Holiday Shopping Scams Study uncovered that 70% of American shoppers say AI-driven scams are changing the way they shop online.
In all, they think scam emails and messages will be more believable than ever and that it’ll be harder to tell what’s a real message from a retailer or delivery service. With that in mind, 58% of people say they’ll be more alert than ever to when it comes to fake messages. Another 11% said they’ll do less online shopping because of how AI is helping cybercriminals.
Overall, people say their confidence in spotting online scams is low, particularly when it comes to scams featuring AI-created content. Only 59% of Americans feel confident they can identify deepfakes or AI-generated content.
The effectiveness of deepfake shopping scams has been shown already, 1 in 5 Americans (21%) said they unknowingly paid for fake products endorsed by deepfake celebrities. For Gen Z and Millennials, that number leaps yet higher, with 1 in 3 people aged 18-34 falling victim to a deepfake scam. Meanwhile, older Americans have avoided these scams, with only 5% of shoppers aged 55 and up saying that they’ve fallen victim to one.
Additionally, 1 in 5 Americans (20%) say they or someone they know has fallen victim to a deepfake shopping scam, celebrity-based or otherwise. 70% of those people lost money to the deepfake holiday scam. Of those who lost money:
Across our research, three big findings stood out. The volume of scam messages is only increasing, chasing deals could lead to scams, and shopping on social media has risks of its own.
64% of Americans say they receive most of their scam messages via email, 20% encounter them primarily via text, and 16% find them on social media. These messages fall into several categories:
As the holiday season warms up, 84% of Americans say they’re on the hunt for the best holiday deals. But the rush for discounts could put them at risk. Scammers notoriously underprice hot items to lure in victims.
More than 100 million Americans shop on social media.i While social shopping offers convenience, it also exposes people to new risks, especially as scammers use these platforms to reach victims. We found that shoppers are increasingly turning to social channels, often in significant ways.
This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. Citizens can dispute charges of over $50 for goods and services that were never delivered or otherwise billed incorrectly. (Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.) However, debit cards don’t get the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Phishing emails, texts, and sites lure people into clicking links that might lead to malware or handing over their personal info. And they look more believable than ever. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Yet better, you can use the combo of our Scam Protection and Web Protection found in our McAfee+ plans. Powered by our AI technology, they detect sketchy links and keep you from clicking on them by mistake.
Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Survey methodology
The survey, which focused on the topic of deepfakes, scam messages, and holiday shopping, was conducted online in November 2024. 7,128 adults, age 18+, In 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How AI Deepfakes and Scams Are Changing the Way We Shop Online appeared first on McAfee Blog.
What is a botnet? And what does it have to do with a toaster?
We’ll get to that. First, a definition:
A botnet is a group of internet-connected devices that bad actors hijack with malware. Using remote controls, bad actors can harness the power of the network to perform several types of attacks. These include distributed denial-of-service (DDoS) attacks that shut down internet services, breaking into other networks to steal data, and sending massive volumes of spam.
In a way, the metaphor of an “army of devices” leveling a cyberattack works well. With thousands or even millions of compromised devices working in concert, bad actors can do plenty of harm. As we’ll see in a moment, they’ve done their share already.
Which brings us back to that toaster.
The pop-up toaster as we know it first hit the shelves in 1926, under the brand name “Toastmaster.”[i] With a familiar springy *pop*, it has ejected toast just the way we like it for nearly a century. Given that its design was so simple and effective, it’s remained largely unchanged. Until now. Thanks to the internet and so-called “smart home” devices.
Toasters, among other things, are all getting connected. And have been for a few years now, to the point where the number of connected Internet of Things (IoT) devices reaches well into the billions worldwide — which includes smart home devices.[ii]
Businesses use IoT devices to track shipments and various aspects of their supply chain. Cities use them to manage traffic flow and monitor energy use. (Does your home have a smart electric meter?) And for people like us, we use them to play music on smart speakers, see who’s at the front door with smart doorbells, and order groceries from an LCD screen on our smart refrigerators — just to name a few ways we’ve welcomed smart home devices into our households.
In the U.S. alone, smart home devices make up a $30-plus billion marketplace per year.[iii] However, it’s still a relatively young marketplace. And with that comes several security issues.
First and foremost, many of these devices still lack sophisticated security measures, which makes them easy pickings for cybercriminals. Why would a cybercriminal target that smart lightbulb in your living room reading lamp? Networks are only as secure as their least secure device. Thus, if a cybercriminal can compromise that smart lightbulb, it can potentially give them access to the entire home network it is on — along with all the other devices and data on it.
More commonly, though, hackers target smart home devices for another reason. They conscript them into botnets. It’s a highly automated affair. Hackers use bots to add devices to their networks. They scan the internet in search of vulnerable devices and use brute-force password attacks to take control of them.
At issue: many of these devices ship with factory usernames and passwords. Fed with that info, a hacker’s bot can have a relatively good success rate because people often leave the factory password unchanged. It’s an easy in.
Results from one real-life test show just how active these hacker bots are:
We created a fake smart home and set up a range of real consumer devices, from televisions to thermostats to smart security systems and even a smart kettle – and hooked it up to the internet.
What happened next was a deluge of attempts by cybercriminals and other unknown actors to break into our devices, at one stage, reaching 14 hacking attempts every single hour.
Put another way, that hourly rate added up to more than 12,000 unique scans and attack attempts a week.[iv] Imagine all that activity pinging your smart home devices.
Now, with a botnet in place, hackers can wage the kinds of attacks we mentioned above, particularly DDoS attacks. DDoS attacks can shut down websites, disrupt service and even choke traffic across broad swathes of the internet.
Remember the “Mirai” botnet attack of 2016, where hackers targeted a major provider of internet infrastructure?[v] It ended up crippling traffic in concentrated areas across the U.S., including the northeast, Great Lakes, south-central, and western regions. Millions of internet users were affected, people, businesses, and government workers alike.
Another more recent set of headline-makers are the December 2023 and July 2024 attacks on Amazon Web Services (AWS).[vi],[vii] AWS provides cloud computing services to millions of businesses and organizations, large and small. Those customers saw slowdowns and disruptions for three days, which in turn slowed down and disrupted the people and services that wanted to connect with them.
Also in July 2024, Microsoft likewise fell victim to a DDoS attack. It affected everything from Outlook email to Azure web services, and Microsoft Office to online games of Minecraft. They all got swept up in it.[viii]
These attacks stand out as high-profile DDoS attacks, yet smaller botnet attacks abound, ones that don’t make headlines. They can disrupt the operations of websites, public infrastructure, and businesses, not to mention the well-being of people who rely on the internet.
Earlier we mentioned the problem of unchanged factory usernames and passwords. These include everything from “admin123” to the product’s name. Easy to remember, and highly insecure. The practice is so common that they get posted in bulk on hacking websites, making it easy for cybercriminals to simply look up the type of device they want to attack.
Complicating security yet further is the fact that some IoT and smart home device manufacturers introduce flaws in their design, protocols, and code that make them susceptible to attacks.[ix] The thought gets yet more unsettling when you consider that some of the flaws were found in things like smart door locks.
The ease with which IoT devices can be compromised is a big problem. The solution, however, starts with manufacturers that develop IoT devices with security in mind. Everything in these devices will need to be deployed with the ability to accept security updates and embed strong security solutions from the get-go.
Until industry standards get established to ensure such basic security, a portion of securing your IoT and smart home devices falls on us, as people and consumers.
As for security, you can take steps that can help keep you safer. Broadly speaking, they involve two things: protecting your devices and protecting the network they’re on. These security measures will look familiar, as they follow many of the same measures you can take to protect your computers, tablets, and phones.
Grab online protection for your smartphone.
Many smart home devices use a smartphone as a sort of remote control, not to mention as a place for gathering, storing, and sharing data. So whether you’re an Android owner or iOS owner, use online protection software on your phone to help keep it safe from compromise and attack.
Don’t use the default — Set a strong, unique password.
One issue with many IoT devices is that they often come with a default username and password. This could mean that your device and thousands of others just like it all share the same credentials, which makes it painfully easy for a hacker to gain access to them because those default usernames and passwords are often published online. When you purchase any IoT device, set a fresh password using a strong method of password creation, such as ours. Likewise, create an entirely new username for additional protection as well.
Use multi-factor authentication.
Online banks, shops, and other services commonly offer multi-factor authentication to help protect your accounts — with the typical combination of your username, password, and a security code sent to another device you own (often a mobile phone). If your IoT device supports multi-factor authentication, consider using it there too. It throws a big barrier in the way of hackers who simply try and force their way into your device with a password/username combination.
Secure your internet router too.
Another device that needs good password protection is your internet router. Make sure you use a strong and unique password as well to help prevent hackers from breaking into your home network. Also, consider changing the name of your home network so that it doesn’t personally identify you. Fun alternatives to using your name or address include everything from movie lines like “May the Wi-Fi be with you” to old sitcom references like “Central Perk.” Also check that your router is using an encryption method, like WPA2 or the newer WPA3, which keeps your signal secure.
Upgrade to a newer internet router.
Older routers might have outdated security measures, which might make them more prone to attacks. If you’re renting yours from your internet provider, contact them for an upgrade. If you’re using your own, visit a reputable news or review site such as Consumer Reports for a list of the best routers that combine speed, capacity, and security.
Update your apps and devices regularly.
In addition to fixing the odd bug or adding the occasional new feature, updates often fix security gaps. Out-of-date apps and devices might have flaws that hackers can exploit, so regular updating is a must from a security standpoint. If you can set your smart home apps and devices to receive automatic updates, that’s even better.
Set up a guest network specifically for your IoT devices.
Just as you can offer your guests secure access that’s separate from your own devices, creating an additional network on your router allows you to keep your computers and smartphones separate from IoT devices. This way, if an IoT device is compromised, a hacker will still have difficulty accessing your other devices on your primary network, the one where you connect your computers and smartphones.
Shop smart.
Read trusted reviews and look up the manufacturer’s track record online. Have their devices been compromised in the past? Do they provide regular updates for their devices to ensure ongoing security? What kind of security features do they offer? And privacy features too? Resources like Consumer Reports can provide extensive and unbiased information that can help you make a sound purchasing decision.
As more and more connected devices make their way into our homes, the need to ensure that they’re secure only increases. More devices mean more potential avenues of attack, and your home network is only as secure as the least secure device that’s on it.
While standards put forward by industry groups such as UL and Matter have started to take root, a good portion of keeping IoT and smart home devices secure falls on us as consumers. Taking the steps above can help prevent your connected toaster from playing its part in a botnet army attack — and it can also protect your network and your home from getting hacked.
It’s no surprise that IoT and smart home devices have raked in billions of dollars over the years. They introduce conveniences and little touches into our homes that make life more comfortable and enjoyable. However, they’re still connected devices. And like anything that’s connected, they must be protected.
[i] https://www.hagley.org/librarynews/history-making-toast
[ii] https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/
[iii] https://www.statista.com/outlook/dmo/smart-home/united-states
[iv] https://www.which.co.uk/news/article/how-the-smart-home-could-be-at-risk-from-hackers-akeR18s9eBHU
[v] https://en.wikipedia.org/wiki/Mirai_(malware)
[vi] https://www.darkreading.com/cloud-security/eight-hour-ddos-attack-struck-aws-customers
[vii] https://www.forbes.com/sites/emilsayegh/2024/07/31/microsoft-and-aws-outages-a-wake-up-call-for-cloud-dependency/
[viii] https://www.bbc.com/news/articles/c903e793w74o
[ix] https://news.fit.edu/academics-research/apps-for-popular-smart-home-devices-contain-security-flaws-new-research-finds/
The post What Is a Botnet? appeared first on McAfee Blog.
As we honor Veterans Day, it’s crucial to recognize not only the sacrifices made by those who served but also the unique cybersecurity challenges they face in today’s digital age. Veterans, with their deep ties to sensitive military information and benefits, are increasingly being targeted by cybercriminals seeking to exploit their personal data. Seven in 10 military vets and active-duty service members have been a victim of at least one digital crime.
From phishing scams impersonating official VA communications to the risk of military identity theft, veterans encounter specific threats that require tailored cybersecurity awareness and precautions. By taking proactive steps, veterans can implement strong security practices to better protect their identities and enjoy a safer online experience.
Veterans possess a wealth of sensitive information tied to their military service. This includes not only Social Security numbers, medical records, and details about deployments and benefits, but also personal histories that can include addresses, family information, and even details about combat experiences. Such comprehensive information is highly valuable to cybercriminals for various malicious activities, including identity theft and financial fraud.
Cybercriminals can exploit this data to impersonate veterans, gain unauthorized access to financial accounts, file false claims for VA benefits, or sell the information on the dark web. The repercussions of such breaches extend beyond financial loss, impacting veterans’ reputations, access to essential services, and overall peace of mind. Safeguarding this sensitive data is critical to ensuring veterans’ security and well-being in the digital age.
One of the primary threats that veterans encounter is phishing scams. These scams often impersonate official communications from the Department of Veterans Affairs (VA) or other military organizations. Cybercriminals use deceptive emails, text messages, or phone calls to trick veterans into revealing personal information or clicking malicious links that can compromise their devices.
Another prevalent danger is military identity theft, where criminals use stolen or fabricated military credentials to access benefits, obtain loans, or commit fraud in the veteran’s name. This type of identity theft can be particularly devastating, affecting not only financial stability but also the veteran’s reputation and access to crucial services.
In 2023, military consumers filed more than 93,000 fraud complaints, with imposter scams alone accounting for 42,766 cases, resulting in reported losses exceeding $178 million. To combat these threats, veterans must be equipped with robust cybersecurity awareness and practices:
If you think you have been the victim of identity theft, immediately take steps to protect yourself and your family:
As veterans continue to navigate the complexities of modern life, safeguarding their personal information online is paramount. By staying informed about cybersecurity best practices and leveraging available resources, veterans can significantly reduce their risk of falling victim to cyber threats.
The post Safeguarding Those Who Served: Cybersecurity Challenges for Veterans appeared first on McAfee Blog.
So, what does your phone know about you? Taken all together it knows plenty — sometimes in ways that feel like your phone is watching you.
It all comes down to the data that courses through your phone and your apps, along with a phone’s built-in tracking capabilities. Indeed, your phone certainly knows plenty about you. And companies keep tabs on that. Here’s how…
The apps on our phones entertain us, inform us, and help us shop. Many of them also track our activities and location — and then sell or share that info with third parties. From there, that info can end up with data brokers who sell that info to anyone who’ll pay. That includes advertisers, spammers, insurance companies, hackers, law enforcement, private investigators, and so on. It’s all legal, and it’s all part of a multi-billion-dollar industry worldwide.
Still, you can take charge of your privacy amidst all this data and info gathering. Several steps can reduce what your phone collects and shares with others.
For starters, though, let’s look at several of the things your phone knows about you.
Unless you’ve turned it off completely, your phone can track you in several ways with several degrees of accuracy:
GPS: The Global Positioning System, or GPS as many of us know it, is a system of satellites run by the U.S. government for navigation purposes. First designed for national defense, the system became available for public use in the 1980s. It’s highly accurate, to anywhere between nine to 30 feet depending on conditions and technology used, making it one of the strongest tools for determining a phone’s location. This is what powers location services on cell phones, and thus can help an app recommend a great burger joint nearby.
Cell towers: Cell phone providers can track a phone’s location by the distance it is to various cell phone towers and by the strength of its signal. The location info this method provides is a bit coarser than GPS, providing results that can place a phone within 150 feet. It’s most accurate in urban areas with high densities of cell phone towers, although it does not always work well indoors as some buildings can weaken or block cell phone signals.
One of the most significant public benefits of this method is that it automatically routes emergency service calls (like 911 in the U.S.) to the proper local authorities without any guesswork from the caller.
Public Wi-Fi: Larger tech companies and internet providers will sometimes provide free public Wi-Fi hotspots that people can tap into at airports, restaurants, coffeehouses, and such. It’s a nice convenience, but connecting to their Wi-Fi might share a phone’s MAC address, a unique identifier for connected devices, along with other identifiers on the smartphone.
Taken together, this can allow the Wi-Fi hosting company to gather location and behavioral data while you use your phone on their Wi-Fi network.
Bluetooth: Like with public Wi-Fi, companies can use strategically placed Bluetooth devices to gather location info as well. If Bluetooth is enabled on a phone, it will periodically seek out Bluetooth-enabled devices to connect to while the phone is awake. This way, a Bluetooth receiver can then capture that phone’s unique MAC address. This provides highly exact location info to within just a few feet because of Bluetooth’s short broadcast range.
In the past, we’ve seen retailers use this method to track customers in their physical stores to better understand their shopping habits. However, newer phones often create dummy MAC addresses when they seek out Bluetooth connections, which helps thwart this practice.
Certain apps pair location info with other info they collect while you use that app. In some cases, an app shares that precise combination of info with third parties. (It all depends on the terms in the user agreement you accepted once you installed it.)
What does that look like in the real world? Third parties might know:
Those are just a few examples of many.
Just to emphasize what we said above, not every app sells shares or sells your info to third parties. However, that gets into the complicated nature of user agreements. The language that covers what’s collected, for what reasons, what’s done with it, and who it’s shared can be tough to tease out because it’s often written in some form of legalese.
Broadly though, apps need to request permission to access location tracking services. In the past, we’ve seen some sketchy apps request location permissions even though they have no reason to. Examples include coupon apps, wallpaper apps, productivity apps, and plenty of games too. When apps like those ask for permission to access location tracking services, raises a red flag that your privacy is in jeopardy.
Depending on what apps and services you use, your phone might know a lot about your health. That can include range of info, as apps can track things like step counts, vital signs, and menstrual cycles. Other apps manage health conditions or work as symptom checkers. In all, this data can get very private. Unfortunately, sometimes that data winds up in the hands of third parties.
With that, we’ve seen cases where people’s medical info was shared without their knowledge by medical apps and services.
In April 2024, The U.S. Federal Trade Commission (FTC) ruled against an online mental health service that “disclosed consumers’ sensitive personal health information and other sensitive data to third parties for advertising purposes…”[i] Also according to the complaint, the company gave third parties personal data about its users including names, medical and prescription histories, pharmacy and health insurance info, and other health info.
Also in April 2024, U.S. healthcare provider Kaiser Permanente disclosed that more than 13 million people had some of their personal data shared by third parties via tracking technologies on its websites and apps. Companies such as Microsoft (Bing), Google, and X (Twitter) were all named.[ii] That info possibly included how people interacted with and navigated through their website or mobile app, along with search terms used in Kaiser’s health encyclopedia.
So, is someone on the other end of your smartphone listening to your recordings when you use Siri or Google Assistant? Possibly, yes. Companies make constant improvements to their devices and services, which may include the review of commands from users to make sure they are interpreted correctly. There are typically two types of review — machine and human. As the names suggest, a machine review is a digital analysis. Human reviews entail someone listening to and evaluating a recorded command or reading and evaluating a transcript of a written command.
However, several manufacturers let you opt out of those reviews. In fact, you’ll find that they post a fair share of articles about this collection and review process, along with your choices for opting in or out as you wish:
Turn off your phone or switch to Airplane Mode. Disconnect. Without a Wi-Fi or data connection, you can’t get tracked. While this makes you unreachable, it also makes you untraceable, which you might want to consider if you’d rather keep your whereabouts and travels to yourself for periods of time.
Turn off location services altogether. As noted above, your smartphone can get tracked by other means, yet disabling location services in your phone settings shuts down a primary avenue of location data collection. Note that your maps apps won’t offer directions, and your restaurant app won’t point you toward that tasty burger when location services are off, but you’ll be more private than with them turned on.
Provide permissions on an app-by-app basis. Another option is to go into your phone settings and enable location services for specific apps in specific cases. For example, you can set your map app to enable location services only while in use. For other apps, you can disable location services entirely. Yet another option is to have the app ask for permissions each time. Note that this is a great way to discover if apps have defaulted to using location services without your knowledge when you installed them.
On an iPhone, you can find this in Settings -> Privacy & Security -> Location Services. On an Android, go to Settings -> Locations -> App Locations Permissions.
Turn off app tracking. As you’ve seen, some apps will ask to track your activity and potentially share it with data brokers and other third parties. You can halt this by turning off app tracking. On an iPhone, go to Settings -> Privacy & Security -> Tracking and disable “Allow Apps to Request to Track.” On an Android phone, go to Settings -> Privacy and Security, then turn on “Do Not Track.”
And just as you can with location services, you can set apps to make tracking requests on an app-by-app basis. You’ll see it on the same screen that has the global “Do Not Track” option.
Opt yourself out of cell phone carrier ad programs. Different cell phone carriers have different user agreements, yet some might allow the carrier to share insights about you with third parties based on browsing and usage history. Opting out of these programs might not stop your cell phone carrier from collecting data about you, but it might prevent it from sharing insights about you with others.
To see if you take part in one of these programs, log into your account portal or app. Look for settings around “relevant advertising,” “custom experience,” or even “advertising,” and then figure out if these programs are worth it.
Delete old apps. And be choosy about new ones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data associated with them. Our Online Account Cleanup Online Account Cleanup can make quick work of it. It scans for accounts you no longer use, shows how risky they are, and helps you delete them, along with your personal info. In all, breaches and leaks are a numbers game. The fewer you keep, the better, when it comes to protecting your personal info.
Remove your info from data broker sites. As we’ve seen, the personal info on your smartphone can wind up on data broker sites. And they’ll sell it to practically anyone. Our Personal Data Cleanup can help you remove your personal info from several of the sketchiest brokers out there. Running it periodically can help keep your info off those sites if it crops up again.
[i] https://www.ftc.gov/news-events/news/press-releases/2024/04/proposed-ftc-order-will-prohibit-telehealth-firm-cerebral-using-or-disclosing-sensitive-data?utm_source=govdelivery
[ii] https://www.hipaajournal.com/kaiser-permanente-website-tracker-breach-affects-13-4-million-individuals/
The post Every Step You Take, Every Call You Make: Is Your Phone Tracking You? appeared first on McAfee Blog.
As Black Friday approaches, eager bargain hunters are gearing up to snag the best deals online. But with the excitement of holiday shopping also comes the risk of cyber threats, as cybercriminals see this busy time as an opportunity to exploit unsuspecting shoppers. Here’s what you need to know to protect yourself from potential risks while scoring your favorite holiday deals.
Authorities are already sounding the alarm about the risks associated with online shopping during the festive season. Cybersecurity agencies, including the UK’s National Cyber Security Centre (NCSC) and the Canadian Royal Canadian Mounted Police (RCMP), have warned that cybercriminals are using increasingly sophisticated tactics, including leveraging AI to create more convincing scams, malicious ads, and spoofed websites. In the United States, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued advisories to stay vigilant against ransomware attacks during holiday periods when many businesses operate with minimal staff. Cybercriminals take advantage of widely celebrated holidays like Black Friday to launch impactful attacks.
Modern AI tools have made it easier for scammers to create:
During the bustling shopping period that spans Thanksgiving, Black Friday, Small Business Saturday, and Cyber Monday, online sales hit record highs, and cybercriminals follow the money trail. Here are some of the most common scams to watch out for and ways to protect yourself.
Phishing attacks often involve fake emails or social media messages that mimic legitimate promotional offers or shipping notifications. These messages are designed to trick you into revealing sensitive information, such as credit card details, or to download malware onto your device. Common tactics include sending fake order confirmations or gift card scams, which pressure recipients to act quickly by purchasing gift cards to resolve a fabricated issue.
Fake websites that imitate popular online retailers pop up frequently during the Black Friday shopping season. These sites may look identical to the real thing, but their sole purpose is to steal your payment information.
Malicious advertisements can infiltrate legitimate websites, leading you to infected sites that install malware on your device. E-skimming occurs when hackers insert malicious code into payment pages on legitimate eCommerce sites, stealing your credit card information during checkout.
During the busy holiday season, identity theft and credit card fraud rise sharply. Cybercriminals use stolen personal information to make fraudulent purchases or open accounts in your name.
Here are some extra tips to keep your online shopping secure during the holiday season:
While Black Friday is a fantastic time to grab deals, it’s also a time to be extra cautious. By understanding common threats and following these safety tips, you can enjoy your holiday shopping while minimizing the risks. Remember, If a deal seems too good to be true, it probably is. Legitimate retailers won’t pressure you into quick decisions or require unusual payment methods. Take your time, verify offers, and trust your instincts.
The best defense against AI scams is a careful, methodical approach to holiday shopping. Create a budget, make a list of what you want to buy, and stick to trusted retailers. A missed deal is better than falling victim to a scam.
The post How To Protect Yourself from Black Friday and Cyber Monday AI Scams appeared first on McAfee Blog.
In today’s fast-paced educational environment, productivity is a key determinant of academic success. Enter AI PCs—computers enhanced with artificial intelligence (AI) capabilities—that are reshaping how students interact with productivity tools. AI PCs are designed with built-in AI capabilities that optimize performance and user experience by leveraging machine learning algorithms to enhance software applications. This makes routine tasks more efficient and allows for a more personalized user experience.
For students, this means AI tools are becoming not just supplementary resources but integral parts of their academic toolkit. A new report, “The Dawn of the AI Era: Teens, Parents, and the Adoption of Generative AI at Home and School,” found that seven in 10 teenagers say they have used at least one type of generative AI tool, with 40% report using generative AI for school assignments.
From advanced writing assistants to research enhancers, these AI-driven machines have the power to elevate the academic experience. This blog post will explore how AI PCs integrate with AI tools to boost productivity and offer actionable tips to maximize these features for academic success.
ChatGPT, an AI language model developed by OpenAI, serves as a powerful research assistant, capable of summarizing articles, generating topic ideas, and answering questions on a wide range of subjects. When integrated into an AI PC, ChatGPT can be accessed directly from the desktop or through dedicated applications, providing students with on-demand research support. Several other AI tools can also greatly benefit students in research and writing, such as Google Bard, Jasper, and Copy.ai.
McAfee Tip: Use an AI tool like ChatGPT to brainstorm ideas and outline essays or research papers. For instance, if you’re writing a paper on climate change, ChatGPT can help you outline key points, suggest relevant sources, and even provide a summary of complex scientific articles.
Beyond research, AI tools can assist with writing tasks by generating content, offering suggestions, and even helping with creative projects. Its ability to understand context and generate coherent text means that students can use it for drafting essays, creating reports, or even composing emails.
McAfee Tip: Check with your school policies to ensure you remain compliant with their rules around AI usage. For example, use the tool to generate insights and ideas, but cross-check and cite any specific sources or information included in your work to maintain academic integrity.
Grammarly, an AI-powered writing assistant, is renowned for its grammar and style-checking capabilities. On an AI PC, Grammarly is not just a browser extension but a deeply integrated tool that offers real-time feedback on spelling, punctuation, and stylistic errors. This seamless integration ensures that students can produce polished and professional documents with ease.
McAfee Tip: Use Grammarly’s advanced features, such as clarity and engagement suggestions, to help enhance the readability of your work. Before submitting any paper, run it through Grammarly’s plagiarism checker to ensure that all sources are properly cited and that your work is original.
AI PCs can streamline study sessions by using tools to create comprehensive study guides, generate practice questions, and summarize textbook chapters. For example, AI PCs can integrate with note-taking apps, like Evernote and Microsoft OneNote, to organize lecture notes, create study guides, and sync information across devices. AI features can then assist in summarizing notes and organizing content for easier review.
McAfee Tip: Zotero and Mendeley can help students organize research papers, manage citations, and create bibliographies. Integration with Khan Academy and Coursera on AI PCs allows students to access and interact with educational content, complete with AI-driven recommendations for supplemental learning and practice.
For group projects, AI tools can enhance collaboration by providing a platform for drafting and reviewing content together. AI PCs with integrated ChatGPT can help in brainstorming sessions, while Grammarly ensures that all written contributions are cohesive and professionally presented. Integration with tools like Natural Reader and Otter.ai to convert text to speech and vice versa can help with reviewing study materials and transcribing spoken content into written form.
McAfee Tip: Utilize shared documents with built-in Grammarly and ChatGPT features to collaborate on essays or research papers. This allows for real-time feedback and adjustments, leading to a more polished final product.
In the realm of online research and media consumption, discerning authentic content from manipulated material is increasingly important. This is where McAfee Deepfake Detector comes into play. Integrated into AI PCs, this tool provides real-time alerts when it detects AI-generated audio within videos. By utilizing advanced AI technology, Deepfake Detector helps students quickly identify whether a video’s audio has been manipulated, right from their browser without extra steps.
McAfee Tip: When engaging with online videos for research or study, use Deepfake Detector to ensure the content is authentic. This tool helps you avoid falling for misleading or false information, which is crucial for maintaining the integrity of your academic work.
Ultimately, AI PCs are revolutionizing students’ daily academic routines by integrating advanced AI tools into everyday life. AI-driven tools are offering unprecedented support in writing, research, and creative projects, making them invaluable assets in achieving academic and professional success. By leveraging these capabilities, students can enhance their productivity, produce high-quality work, and prepare for future challenges with confidence.
The post How AI PCs Are Optimizing Productivity Tools for Students appeared first on McAfee Blog.
As malicious deepfakes continue to flood our screens with disinformation during this election year, we’ve released our 2024 Election AI Toolkit to help voters protect themselves and their vote.
Our own research reveals just how deep the problem runs. More than six in ten (63%) of Americans said they’ve seen a deepfake in the past 60 days. As for the impact of those deepfakes, nearly half (48%) who’ve seen one said it’s influenced who they’ll vote for in the upcoming election.
In all, we found that 91% of Americans said they’re concerned that AI-generated disinformation could interfere with public perception of candidates, their platforms, or even election results.
Disinformation has played a long and shady role in politics. For some time now. George Washington fell victim to it in 1777 when forged letters painted him as a British sympathizer — disinformation that followed him to the first presidency. [i]
And it’s appeared on the internet for some time too. For years, creating disinformation on the internet called for plenty of manual labor. Writers, designers, and developers all put hours into writing, creating images, and creating sites for spreading disinformation. Now, it takes just one person mere minutes. The advent of cheap and free AI tools has put disinformation into overdrive.
We’ve seen an explosive rise in malicious deepfakes in the run-up to Election Day.
With polling in some states already underway, we can expect the glut of malicious deepfakes to continue. They might:
With that, it’s little surprise that nearly 60% of Americans say that they’re extremely or very concerned about AI’s influence on the election.[vi] Deepfakes have simply become pervasive.
AI has given new life to the old problem of disinformation and fake news. In many ways, it’s supercharged it.
It’s done so in two primary ways:
In all, it’s easier, cheaper, and quicker than ever to create malicious deepfakes with AI tools. On top of that, the image and sound quality of deepfakes continues to improve. In all, it’s only getting tougher when it’s time to tell the difference between what’s real and what’s fake.
Taken together, this has put voters in a lurch. Who and what can they trust online?
Even as the creators of malicious AI-generated content have gotten cagier in their ways, their work still gives off signs of a fake. However, spotting this malicious content calls for extra effort on everyone’s part when getting their news or scrolling their feeds online. That means scrutinizing what we consume and relying on trusted fact-checking resources to get at the truth. It also means using AI as any ally, with AI tools that detect AI deepfakes in real time.
Our Election Year Toolkit will help you do just that. It covers the basics of fake news and malicious AI deepfakes, how to spot them, and more. As you’ll see, it’s a topic both broad and deep, and we explore it in a step-by-step way that helps make sense of it all for voters.
Sharing info about AI with voters is one of several steps we’ve taken to fight against malicious deepfakes.
In a first-of-its-kind collaboration, we’ve teamed up with Yahoo News to bolster the credibility of images on the Yahoo News platform. This collaboration integrates McAfee’s sophisticated deepfake image detection technology into Yahoo News’s content quality system, offering readers an added layer of trust.
And we’re rolling out our McAfee Deepfake detector through our partners too. It checks audio being played through your browser to figure out if the content you’re watching or listening to contains AI-generated audio. When AI audio is detected, users are notified in seconds.
AI makes disinformation look and sound far more credible than ever. And bad actors can produce it on a tremendous scale, thanks to the ease and speed of AI tools. In an election year that calls for more scrutiny on our collective part — and our 2024 Election AI Toolkit can help. It covers how to spot a deepfake, how they spread, and several fact-checking resources that you can rely on when that bit of news you stumble across seems a little sketchy.
Download the full McAfee AI Election Toolkit here
[i] https://www.politifact.com/article/2022/feb/21/when-george-washington-fought-misinformation/
[v] https://techcrunch.com/2024/03/06/political-deepfakes-are-spreading-like-wildfire-thanks-to-genai/
The post How To Survive the Deepfake Election with McAfee’s 2024 Election AI Toolkit appeared first on McAfee Blog.
Think you can spot a fake on social media? It’s getting tougher. Particularly as deepfake technology gets far better and far easier to use.
Here’s why that matters.
You might find yourself among the 50% of Americans who say they get their news on social media at least “sometimes.”[i] Plenty of deepfakes deliberately pose as legitimate news. You might also stumble across promos or deals on social media. Scammers create yet more deepfakes for phony giveaways and bogus investment opportunities.
In short, what you’re seeing might be a fake. And your odds of stumbling across a deepfake on social media are on the climb.
That means using social media today requires more scrutiny and skepticism, which are two of your best tools for spotting deepfakes.
Whether you’re staring down AI-generated text, photography, audio, or video, some straightforward steps can help you spot a fake. Even as AI tools create increasingly convincing deepfakes, a consistent truth applies — they’re lies. And you have ways of calling out a liar.
Malicious deepfakes share something in common. They play on emotions. And they play to biases as well. By stirring up excitement about a “guaranteed” investment or outrage at the apparent words of a politician or public figure, deepfakes cloud judgment. That’s by design. It makes deepfakes more difficult to spot because people want to believe them on some level.
With that, slow down. Especially if you see something that riles you up. This offers one of the best ways to spot a fake. From there, the next step is to validate what you’ve seen or heard.
Because what you’re seeing got posted on social media, you can see who posted the piece of content in question. If it’s a friend, did they repost it? Who was the original poster? Could it be a bot or a bogus account? How long has the account been active? What kind of other posts have popped up on it? If an organization posted it, look it up online. Does it seem reputable? This bit of detective work might not provide a definitive answer, but it can let you know if something seems fishy.
Whether they aim to spread disinformation, commit fraud, or rile up emotions, malicious deepfakes try to pass themselves off as legitimate. Consider a video clip that looks like it got recorded at a press conference. The figure behind the podium says some outrageous things. Did that really happen? Consult other established and respected sources. If they’re not reporting on it, you’re likely dealing with a deepfake.
Moreover, they might report that what you’re looking at is a deepfake that’s making the rounds on the internet. Consider the Taylor Swift “Le Creuset scam” of early 2024. News outlets quickly revealed that the singer was not giving away free, high-end cookware.
A technique called SIFT can help root out a fake. It stands for: Stop, Investigate the source, Find better coverage, and Trace the media to the original context. With the SIFT method, you can indeed slow down and determine what’s real.
De-bunking fake news takes time and effort. Often a bit of digging and research too. Professional fact-checkers at news and media organizations do this work daily. Posted for all to see, they provide a quick way to get your answers. Some fact-checking groups include:
This gets to the tricky bit. The AI tools for creating deepfakes continually improve. It’s getting tougher and yet tougher still to spot the signs of a deepfake. The advice we give here now might not broadly apply later. Still, bad actors still use older and less sophisticated tools. As such, they can leave signs.
Look for typos. If you spot some, a human likely did the writing. AI generally writes clean text when it comes to spelling and grammar.
Look for repetition. AI chatbots get trained on volumes and volumes of text. As such, they often latch onto pet terms and phrases that they learned as they were trained. Stylistically, AI chatbots often overlook that repetition.
Look for style (or lack thereof). Today’s chatbots are no Ernest Hemingway, Mark Twain, or Vladimir Nabokov. They lack style. The text they generate often feels canned and flat. Moreover, they tend to spit out statements, yet with little consideration for how they flow together.
Zoom in. A close look at deepfake photos often reveals inconsistencies and flat-out oddities. Consider this viral picture of the “Puffer Pope” that circulated recently. Several things point toward a bogus image.
Keep an eye on the speaker. A close look at who’s doing the talking in a deepfake video can reveal if it’s a fake. Subtle things reveal themselves. Is the speaker blinking too much? Too little? At all? How about their speech. Does it sync up with their mouth perfectly? These might be signs of a deepfake.
Watch how the speaker moves. In the example of the Ukrainian presidential deepfake, it appears that only President Zelensky’s head moves. Just slightly. This is a sign of lower-grade video deepfake technology. It has difficulty tracking movement. Another possible sign is if the speaker never moves their hand across their face. Once again, that might indicate the work of lesser AI tools. In that case, they render the facial image on the hand.
How does the speaker sound? In the case of audio-only deepfakes, today’s AI tools work best when they’re fed smaller chunks of text to create speech. They don’t work as well with big blocks. This requires creators to stitch those chunks together. As a result, the cadence and flow might sound on the copy side. Also, you might not hear the speaker taking breaths, as normal speakers do.
With AI tools improving so quickly, we can no longer take things at face value. Malicious deepfakes look to deceive, defraud, and disinform. And the people who create them hope you’ll consume their content in one, unthinking gulp. Scrutiny is key today. Fact-checking is a must, particularly as deepfakes look sharper and sharper as the technology evolves.
Plenty of deepfakes can lure you into sketchy corners of the internet. Places where malware and phishing sites take root. Consider using comprehensive online protection software with McAfee+ to keep safe. In addition to several features that protect your devices, privacy, and identity, they can warn you of unsafe sites too. While it might not sniff out AI content (yet), it offers strong protection against bad actors who might use fake news to steal your info or harm your data and devices.
[i] https://www.pewresearch.org/journalism/fact-sheet/social-media-and-news-fact-sheet
The post How to Spot a Deepfake on Social Media appeared first on McAfee Blog.
Thinking about deleting your Instagram account? We can show you how.
Before we get to that, you might be interested to find what kind of data Instagram collects about you — and how long Instagram keeps your account data, even after you delete it.
For that answer, we turn to Instagram’s privacy policy page.[i] As you might imagine, the list of what they collect is long — long enough that you’ll want to read it for yourself. Yet, broadly, Instagram provides the following summary as part of its June 2024 Privacy Policy.
Per Instagram they collect:
The last bullet is an important one. Instagram very likely knows about things you do even when you’re not using Instagram. How do they get a hold of that info? Per Instagram, third parties use a mix of “Business Tools,” integrations, and Meta Audience Network technologies to share info.
So, what are these “Business Tools?” Per Instagram, they’re technologies used by website owners and publishers, app developers, and business partners, including advertisers and others. These technologies integrate and share data with Meta (Instagram’s parent company) to understand and measure their products and services. They also help them better reach and serve people who use or might be interested in their products and services.
Also per Instagram, here are examples of info they might receive this way:
Everyone has their own appetite for privacy, and we’ve all known for some time that with using a “free” social media platform comes a price — privacy to some extent or other. The more you know how much a platform knows about you, the better decision you can make about participating on it.
As for how long they keep all that data and info they collect, the answer varies. Per Instagram, “We keep information as long as we need it to provide our Products, comply with legal obligations or protect our or other’s interests. We decide how long we need information on a case-by-case basis.”
Also per Instagram, here’s what they consider when they keep data info:
In short, deleting your Instagram account is no guarantee that your data will immediately get deleted along with it. Per the list above, Instagram’s Privacy Policy allows the platform to keep your data for an indeterminate amount of time.
Per Instagram’s policy, your access to your account and info will be permanently removed 30 days after your request. However, according to Instagram, it may take up to 90 days to complete the deletion process after it begins. Copies of your content may remain after the 90 days in backup storage that Instagram uses to recover in case of a disaster, software error, or other data loss event.
Now, onto the steps for deleting your Instagram account.
From your computer:
More in the bottom left, then click Settings .From your Android device:
or your profile picture in the bottom right to go to your profile. in the top right.From your iOS device:
or your profile picture in the bottom right to go to your profile. in the top right.We suggest one more step in addition to the ones above.
Remove your info from the data broker sites that sell it.
Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
[i] https://privacycenter.instagram.com/policy/
The post How to Delete Your Instagram Account appeared first on McAfee Blog.
Thinking about deleting your Facebook account? We can show you how.
Before we get to that, you might be interested to find what kind of data Facebook collects about you — and how long Facebook keeps your account data, even after you delete it.
For that answer, we turn to Facebook’s privacy policy page.[i] As you might imagine, the list of what they collect is long—long enough that you’ll want to read it for yourself. Yet, broadly, Facebook provides the following summary as part of its June 2024 Privacy Policy.
Per Facebook, they collect:
The last bullet is an important one. Facebook very likely knows about things you do even when you’re not using Facebook.
How do they know about that? Increasingly, that comes through a technology called “server-side tracking.” It’s a form of ad and behavior tracking where a company’s servers communicate directly with each other. In this case, that’s a company’s servers and Facebook’s servers. It can track custom events like page visits, purchases, and the like. This way, companies can track the performance of their Facebook campaigns. It’s like using tracking cookies, with one important difference — it bypasses the user’s device. (Cookies rely on data stored on your device.) The process is invisible to the user.
How extensive is its use? A recent study by Consumer Reports of more than 700 Facebook users found that the average user was tracked by more than 2,200 companies partly using this technology.[ii] Consumer Reports was quick to state that their findings don’t reflect a representative sample because participants were volunteers, and the results weren’t adjusted for demographics. Yet it is telling that across these 700-plus Facebook users, roughly 7,000 different companies shared their data with Facebook.
Everyone has their own appetite for privacy, and we’ve all known for some time that with using a “free” social media platform comes a price — privacy to some extent or other. The more you know how much a platform knows about you, the better decision you can make about participating in it.
As for how long they keep all that data and info they collect, the answer varies. Per Facebook,
In short, deleting your Facebook account is no guarantee that your data will immediately get deleted along with it. Per the list above, Facebook’s Privacy Policy allows the platform to keep your data for an indeterminate amount of time.
Now, onto the steps for deleting your Facebook account.
Before you permanently delete your account, keep a few things in mind. Per Facebook:
Note that Facebook provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.
As for the steps, that varies. If you’re deleting Facebook from a computer:
If you’re deleting Facebook from an iOS device:
in the bottom right of Facebook.And from an Android device:
in the top right of Facebook.We suggest one more step in addition to the ones above.
Remove your info from the data broker sites that sell it.
Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
[i] https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
[ii] https://www.consumerreports.org/electronics/privacy/each-facebook-user-is-monitored-by-thousands-of-companies-a5824207467/
The post How to Delete Your Facebook Account appeared first on McAfee Blog.
Thinking about deleting your TikTok account? We can show you how.
Before we get to that, you might be interested to find what kind of data TikTok collects about you — and how long TikTok keeps your account data, even after you delete it.
For that, we turn to TikTok’s privacy policy page.[i] TikTok collects data just like practically any other social media platform, and the list of what they collect runs long. You can see a full list in their privacy policy, yet here are a few things you might want to know about. Per TikTok:
So, TikTok knows the content you create, the content you appear in, and the messages you send (and the specific contents of those messages) — and potentially payment info and the people in your phone contacts. Additionally, it collects info on you from other sources and on any purchases you might have made through the platform.
The list continues. Once again, you can visit their privacy policy page for more details, yet here’s a partial rundown of other data they collect about you automatically. Per TikTok:
As for how long they keep all that data and info they collect, the answer is unclear. Per TikTok,
“We retain information for as long as necessary to provide the Platform and for the other purposes set out in this Privacy Policy. We also retain information when necessary to comply with contractual and legal obligations, when we have a legitimate business interest to do so (such as improving and developing the Platform and enhancing its safety, security, and stability), and for the exercise or defense of legal claims.” [ii]
The key phrases here are “as long as necessary” and “when necessary.” TikTok doesn’t set a specific period in its policy. In fact, TikTok goes on to say that the periods vary based on “different criteria, such as the type of information and the purposes for which we use the information.”
Now, onto the steps for deleting your TikTok account.
Note that TikTok provides a 30-day grace period once you delete your account. If you want to hop back onto the platform, you can simply reactivate your account during that period. All your info, data, and posts will be there. After those 30 days, you’ll no longer have access to them.
We suggest one more step in addition to the ones above.
Here’s why you might want to do that … Given the way social media companies share info with third parties, there’s a chance your personal info might have made it onto one or several data broker sites. These sites buy and sell extensive lists of personal to anyone, which ranges anywhere from advertisers to spammers and scammers.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
[i] https://www.tiktok.com/legal/page/row/privacy-policy/en
[ii] https://www.tiktok.com/legal/page/row/privacy-policy/en
The post How to Delete Your TikTok Account appeared first on McAfee Blog.
What is oversharing on social media? And how do you avoid it?
Oversharing on social media takes on a couple different aspects. There’s one that’s personal, like what you share and how often you share it. Another revolves around your privacy and your security. Namely, how does what you share and how often you share it affect your privacy — and what further effect does that have on your security? Does it open you up to scams, identity theft, and other forms of cybercrime?
A grasp on that can help you avoid oversharing and post on social media in a way that’s “just right.”
Granted, it might seem a little odd to talk about privacy and the like on social media, which is, by definition, social in nature. The idea, though, is striking a balance — getting all the benefits of connection and keeping up with people and groups that matter to you in a way that’s enjoyable and safe. And healthy too.
Let’s start with a look at what oversharing looks like and its possible effects. From there, we can check out some specific ways you can avoid oversharing on social media.
For starters, oversharing usually conjures up the notion of T.M.I., or “too much information.” That might involve posting too often, yet it can also involve sharing too many personal details. Along those lines, a long-standing definition of oversharing goes like this:
“The excessive generosity with information about one’s private life or the private lives of others.”[i]
Of course, “excessive” is a relative term. Different people have different boundaries when it comes to what’s personal. Likewise, the people reading a post have different ideas of what counts as sharing “too much” and what doesn’t.
Further complicating the matter is how many people choose to have multiple accounts on the same platform.
In particular, teens and younger adults often have a broader public account with many followers along with a more private account that they share with select friends. A post that might be fine, and expected, on a private account might come across as an overshare on a public account.
However, there are cases where oversharing can point to deeper issues, like anxiety, depression, and unhealthy attention-seeking behavior. So-called “sadfishing” offers one example, where people create negative posts in a bid to get sympathy. Other examples include sharing details about oneself online that a person would normally never share on a phone call or in a face-to-face conversation.
If you have concerns about yourself or someone you know, confide in someone you trust for advice. See if they have the same concerns as you do. Also, in the U.S., you can speak to speak to a licensed counselor through the “988” service, which you can learn more about at https://988lifeline.org. It’s free and confidential.
When it comes to privacy and security, oversharing takes on a different meaning. Elsewhere in our blogs, we’ve talked about that issue like this:
“Saying more than you should to more people than you should.”
Now, here’s where your privacy and security come in. Consider the audience you have across your social media profiles. Perhaps you have dozens, if not hundreds of friends and followers. All with various degrees of closeness and familiarity. Post something personal on social media to that broad audience, and you indeed might end up sharing something that puts your personal privacy and security at risk. After all, if you have hundreds of followers, how many of them are people you truly know and absolutely trust?
Here are a few scenarios:
In other words, social media posts have a way of saying much more than we might think. And when shared publicly or to a large audience of friends and followers you don’t know well, that can expose you in ways you might not want.
As with so many things online, staying safer and more private calls for a mix of technology and internet street smarts. Things like settings, privacy tools, and what you post can help you enjoy social media safely.
Be more selective with your settings.
Social media platforms like Facebook, Instagram, and others give you the choice of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting — not to mention your relationships and likes. (Think of your social media profile showing up in a Google search.) Taking a “friends only” approach to your social media profiles can help protect your privacy because that gives a possible scammer or stalker much less material to work with.
Some platforms further allow you to create sub-groups of friends and followers. With a quick review of your network, you can create a sub-group of your most trusted friends and restrict your posts to them as needed.
Stay on top of your privacy with our Social Privacy Manager.
Here’s the thing with those social media settings — they can be challenging to locate and confusing to adjust. In all, it can take time to make sure that your info and posts are only shown to people you want to see them. Our Social Privacy Manager can do that work for you.
Based on your preferences, it adjusts more than 100 privacy settings across your social media accounts in just a few clicks. This way, your personal info is only visible to the people you want to share it with.
Say “no” to bots and bogus accounts.
There are plenty of fake accounts out there on social media. On Facebook, the platform acted on 1.2 billion fake accounts between April and June 2024 alone.[iii] On X, formerly Twitter, the platform announced a “bot purge” in 2024. However, in May 2023, the platform suspended access to a publicly available data set that helped find and track bots on the platform. Still, researchers continue to find false accounts, particularly ones powered by AI tools.[iv]
The bottom line is this: don’t accept invites from people you don’t know. Bad actors might use them to launch scams, gather personal info on potential identity theft victims, and spread disinformation. Also, be aware that some followers might not be who they appear to be. In the immediate wake of the “bot purge” on X, many accounts saw themselves losing thousands of followers.[v]
Consider what you post.
Think about posting those vacation pictures after you get back home, so people don’t know you’re away when you’re away. Also, consider if your post pinpoints where you are or where you go regularly. Do you want people in your broader network to know that? Closely review the pics you take and see if there’s any revealing information in the background. If so, you can crop it out (think notes on a whiteboard, reflections in a window, or revealing location info). Further, ask anyone you want to include in their post for their permission. In all, consider their privacy too.
Consider what you post about others, too.
Indeed, oversharing can include what you post and say about others online as well. A good rule of thumb when posting group pictures online is to ask if the other people in them are okay with it going onto social media. Also ask yourself, “Is this my news to share?” For example, a friend leaves one job to take on a new role elsewhere. Before posting, “Congrats on the new job!” let them make that first announcement themselves.
For parents, this calls for extra consideration too. Anything you post about your child becomes a part of their permanent online record. What might seem funny or cute today might become embarrassing or even fodder for cyberbullies tomorrow.
Yes, you give up some privacy by using social media. That’s the very nature of it. The trick is in sharing just enough and with just the right people.
Being careful of who you accept as a friend, keeping an eye on accounts that follow you, and paying mind to what you post and how often are all ways you can prevent oversharing. Likewise, using tools to fine-tune who sees your posts, keeping things to close friends in sub-groups or secondary accounts, and keeping your social media accounts out of the public eye are yet more steps you can take to protect yourself, your privacy, and your security on social media.
[i] https://portal.research.lu.se/en/publications/front-and-backstage-in-social-media
[ii] https://www.theguardian.com/world/2019/oct/11/japanese-assault-suspect-tracked-down-pop-star-via-eye-reflection-in-selfie
[iii] https://transparency.meta.com/reports/community-standards-enforcement/fake-accounts/facebook
[iv] https://arxiv.org/pdf/2307.16336
[v] https://www.socialmediatoday.com/news/x-formerly-twitter-bot-purge-sees-big-accounts-lose-followers/712495/
The post How to Avoid Oversharing on Social Media appeared first on McAfee Blog.
With its built-in location services, your smartphone can point you to plenty of places. To the location of your vacation rental. To the quickest route around a traffic jam. And to a tasty burger. It’s a tremendous convenience. Yet, there’s a flip side. Your smartphone also tracks your location. Getting to know how your phone tracks you and how you can limit that tracking can make you far more private online.
The basic privacy issue with location services is this: many companies use your activities and apps as a way of gathering info on you. They might collect that info for their own purposes, and they might sell that info to third parties.
As to why some companies do that, the answer typically boils down to a handful of things. They will:
So, it’s a bit of a tradeoff. You might use an app to show you the closest Indian restaurant to your hotel — but depending on the user agreement for that app, the company behind it might collect your info for their own financial gain.
We can boil that down yet further. Sometimes what you gain in convenience you lose in privacy.
Let’s look at how smartphones track your movements and follow that up with ways you can limit that tracking.
Unless you’ve turned it off completely, your phone can track you in several ways with several degrees of accuracy:
GPS: The Global Positioning System, or GPS as many of us know it, is a system of satellites operated by the U.S. government for navigation purposes. First designed for national defense, the system became available for public use in the 1980s. It’s highly accurate, to anywhere between nine to 30 feet depending on conditions and technology used, making it one of the strongest tools for determining a phone’s location. This is what powers location services on cell phones, and thus can help an app recommend a great burger joint nearby.
Cell towers: Cell phone providers can track a phone’s location by the distance it is to various cell phone towers and by the strength of its signal. The location info this method provides is a bit coarser than GPS, providing results that can place a phone within 150 feet. It’s most accurate in urban areas with high densities of cell phone towers, although it does not always work well indoors as some buildings can weaken or block cell phone signals.
One of the most significant public benefits of this method is that it automatically routes emergency services calls (like 911 in the U.S.) to the proper local authorities without any guesswork from the caller.
Public Wi-Fi: Larger tech companies and internet providers will sometimes provide free public Wi-Fi hotspots that people can tap into at airports, restaurants, coffeehouses, and such. It’s a nice convenience, but connecting to their Wi-Fi might share a phone’s MAC address, a unique identifier for connected devices, along with other identifiers on the smartphone.
Taken together, this can allow the Wi-Fi hosting company to gather location and behavioral data while you use your phone on their Wi-Fi network.
Bluetooth: Like with public Wi-Fi, companies can use strategically placed Bluetooth devices to gather location info as well. If Bluetooth is enabled on a phone, it will periodically seek out Bluetooth-enabled devices to connect to while the phone is awake. This way, a Bluetooth receiver can then capture that phone’s unique MAC address. This provides highly accurate location info to within just a few feet because of Bluetooth’s short broadcast range.
In the past, we’ve seen retailers use this method to track customers in their physical stores to better understand their shopping habits. However, newer phones often create dummy MAC addresses when they seek out Bluetooth connections, which helps thwart this practice.
So, just to emphasize what we said above, not every app sells shares or sells your info to third parties. However, that gets into the complicated nature of user agreements. The language that covers what’s collected, for what reasons, what’s done with it, and who it’s shared with often finds itself buried in a wall of legalese.
Ultimately, it’s up to you to determine what your comfort level is in any kind of convenience in exchange for a loss of privacy. Everyone has their own comfort levels.
With that, you can take several steps to limit tracking on your smartphone to various degrees — and boost your privacy to various degrees as a result:
Turn off your phone or switch to Airplane Mode. Disconnect. Without a Wi-Fi or data connection, you can’t get tracked. While this makes you unreachable, it also makes you untraceable, which you might want to consider if you’d rather keep your whereabouts and travels to yourself for periods of time.
Turn off location services altogether. As noted above, your smartphone can get tracked by other means, yet disabling location services in your phone settings shuts down a primary avenue of location data collection. Note that your maps apps won’t offer directions and your restaurant app won’t point you toward that tasty burger when location services are off, but you’ll be more private than with them turned on.
Provide permissions on an app-by-app basis. Another option is to go into your phone settings and enable location services for specific apps in specific cases. For example, you can set your map app to enable location services only while in use. For other apps, you can disable location services entirely. Yet another option is to have the app ask for permissions each time. Note that this is a great way to discover if apps have defaulted to using location services without your knowledge when you installed them.
On an iPhone, you can find this in Settings -> Privacy & Security -> Location Services. On an Android, go to Settings -> Locations -> App Locations Permissions.
Delete old apps. And be choosy about new ones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data associated with them.
Use a VPN. A VPN can make your time online more private and more secure by obscuring things like your IP address and by preventing snoops from monitoring your activity.
Turn off app tracking. As you’ve seen, some apps will ask to track your activity and potentially share it with data brokers and other third parties. You can halt this by turning off app tracking. On an iPhone, go to Settings -> Privacy & Security -> Tracking and disable “Allow Apps to Request to Track.” On an Android phone, go to Settings -> Privacy and Security, then turn on “Do Not Track.”
And just as you can with location services, you can set apps to make tracking requests on an app-by-app basis. You’ll see it on the same screen that has the global “Do Not Track” option.
Opt yourself out of cell phone carrier ad programs. Different cell phone carriers have different user agreements, yet some might allow the carrier to share insights about you with third parties based on browsing and usage history. Opting out of these programs might not stop your cell phone carrier from collecting data about you, but it might prevent it from sharing insights about you with others.
To see if you participate in one of these programs, log into your account portal or app. Look for settings around “relevant advertising,” “custom experience,” or even “advertising,” and then determine if these programs are of worth to you.
The post Location, Location, Location: Three Reasons It Matters for Your Smartphone appeared first on McAfee Blog.
What is malware? A dictionary-like definition is “malicious software that attacks computers, smartphones, and other connected devices.”
In fact, “malware” is a mash-up of “malicious software.” It describes any type of software or code specifically designed to exploit a connected device or network without consent. And, unsurprisingly, hackers design most of it for financial gain.
Think of malware as an umbrella term that covers an entire host of “bad stuff,” such as:
Spyware that tracks activity, like what you type and where you type it. (Think snooping on your bank account logins.
Ransomware that holds devices or the data on them hostage, that hackers only release for a price. (And even so, payment is no guarantee you’ll get back your access.)
Adware that serves up spammy ads on your device. (The hacker gets paid for the number of “impressions” the ads have. The more they show up on people’s devices, the more they get paid.)
Botnet software, that hijacks a device into a remote-controlled network of other devices. (These networks are used to shut down websites or even shut down large portions of the internet, just to mention two of the things they can do.)
Rootkit that attacks that give hackers remote-control access to a device. (And with that control, they can wage all manner of attacks — on the device and on other devices too.)
Viruses that modify the way a device and its apps function. Also, they can effectively bring a device or network to a grinding halt. (Yes, viruses are a subset of malware. They can copy, delete, and steal data, among other things.)
You might know malware by its more commonly used name — viruses.
There’s a pretty good reason why people commonly refer to malware as a “virus.” Viruses have been on our collective minds for some time.
Viruses have a long history. You could call it “the original malware.” And depending on how you define what a virus is, the first one took root in 1971 — more than 50 years ago. It was known as Creeper, and rather than being malicious in nature, the creator designed it to show how a self-replicating program could spot other devices on a network, transfer itself to them, and find yet more devices to repeat the process. Later, the same programmer who created a refined version of Creeper developed Reaper, a program that could remove the Creeper program. In a way, Reaper could be considered the first piece of antivirus software.[i]
From there, it wasn’t until the 1980s that malware started affecting the broader population, a time when computers became more commonplace in businesses and people’s homes.
At first, malware typically spread by infected floppy disks, much like the “Brain” virus in 1986. While recognized today as the first large-scale computer virus, its authors say they never intended it to work that way. Rather, they say they created Brain as an anti-piracy measure to protect their proprietary software from theft. However, Brain got loose. It went beyond their software and affected computers worldwide. Although not malicious or destructive in nature, Brain most certainly put the industry, businesses, and consumers on notice. Computer viruses were a thing.[ii]
Another piece of malware that got passed along via floppy disks was the “PC Cyborg” attack that targeted the medical research community in and around 1989. There, the malware would lie in wait until the user rebooted their computer for the 90th time and was presented with a digital ransom note.[iii]
An early example of ransomware – Source, Wikipedia
Upon that 90th boot, PC Cyborg encrypted the computer’s files, which would only get unencrypted if the victim paid a fee, making it the first documented form of ransomware.
Shortly thereafter, the internet started connecting computers, which opened millions of doors for hackers as people went online. Among the most noteworthy was 1999’s “Melissa” virus, which spread by way of infected email attachments and overloaded hundreds of corporate and governmental email servers worldwide.
It was quickly followed in 2000 by what’s considered among the most damaging malware to date — ILOVEYOU, which also spread by way of an attachment, this one posing as a love letter. Specifically, it was a self-replicating worm that installed itself on the victim’s computer where it destroyed some info and stole other info, then spread to other computers. One estimate put the global cost of ILOVEYOU at $10 billion. It further speculated that it infected 10% of the world’s internet-connected computers at the time.[iv]
With that history, it’s no surprise that anti-malware software is commonly called “antivirus.”
Antivirus forms a major cornerstone of online protection software. It protects your devices against malware through a combination of prevention, detection, and removal. Our antivirus uses AI to detect the absolute latest threats — and has for several years now.
Today, McAfee registers more than a million new malicious programs and potentially unwanted apps (PUA) each day, which contributes to the millions and millions already in existence. Now with the arrival of AI-powered coding tools, hackers can create new strains at rates unseen before.
That’s another reason why we use AI in our antivirus software. We use AI to protect against AI-created malware. It does so in three ways:
Once again, it’s important to remind ourselves that today’s malware is created largely for profit. Hackers use it to gain personal and financial info, either for their own purposes or to sell it for profit. The files you have stored on your devices have a street value. That includes tax returns, financial docs, payment info, and so on. Moreover, when you consider all the important things you keep on your devices, like your photos and documents, those have value too. Should you get caught up in a ransomware attack, a hacker puts a price tag on them for their return.
Needless to say, and you likely know this already, antivirus is essential for you and your devices.
You’ll find our AI-powered antivirus in all our McAfee+ plans. Better yet, our plans have dozens of protections that block the ways hackers distribute malware. To name just a few, our Text Scam Detector blocks links to suspicious sites that host malware and other attacks — and our Web Protection does the same for your browser. It also includes our industry-first online protection score that shows you just how safe you are, along with suggestions that can make you safer still. Together, our McAfee+ plans offer more than just antivirus. They protect your devices, your privacy, and your identity overall.
[i] https://www.historyofinformation.com/detail.php?entryid=2860
[ii] https://www.historyofinformation.com/detail.php?id=1676
[iii] https://www.theatlantic.com/technology/archive/2016/05/the-computer-virus-that-haunted-early-aids-researchers/481965/
[iv] https://www.forbes.com/sites/daveywinder/2020/05/04/this-20-year-old-virus-infected-50-million-windows-computers-in-10-days-why-the-iloveyou-pandemic-matters-in-2020
The post What is Malware? appeared first on McAfee Blog.
If you think your Gmail account’s been hacked, you’ll want to act. And act quickly.
The fact is that your email has all manner of personal info in there. Receipts, tax correspondence, medical info, and so on. With a hacked account, that info might get deleted, shared, or used against you for identity theft.
Luckily, Google has mechanisms in place to restore a hacked Gmail account. We’ll walk through the steps here — and a few others that can keep you secure in the long term after you have your account back.
Several things can tip you off, including:
With varying degrees of certainty, those are some signs that your account has been hacked.
Also, many people have a Google Account linked with their Gmail password and login. Beyond email, that might include files in Google Drive, photos, a YouTube account, and other features that contain personal info. In those cases, that only increases the potential harm of a hacked account.
Additionally, services like Google Pay and Google Play complicate matters more in the event of a hacked account because they contain financial info.
If you see any unusual changes in those apps or services, that might be a sign of a hacked account as well.
If you think someone else has changed your password or deleted your account, head to Google’s account recovery page. It’ll take you through a multi-step process to restore your account.
With that, you’ll want to do some quick prep. First, do your best to begin the recovery process with a device that you typically use to access your account. Also, if possible, do it in a location where you typically access your account. This provides Google with identifiers that you are who you say you are.
After that, gather up your Gmail account passwords, old and current. The recovery page will ask for them, along with other questions. Do your best to answer each question the very best you can. There’s no penalty for a wrong answer and the more info you can provide, the better.
If you can log into your account, yet worry it’s been hacked, take these steps:
Next, run a virus scan on your device. Your password might have gotten compromised in one of several ways, including malware. This can remove any malware that might be spying on your device (and your passwords).
At this point, create a new password that’s strong and unique. Use at least 14 characters using a mix of upper- and lowercase letters, symbols, and numbers. Or have a password manager do that work for you.
And finally, set two-factor verification on your account if you aren’t already using it. This makes your account far tougher to hack, as two-factor verification requires a unique code to log in. One that only you receive. And just like with your password, never share your unique code. Anyone asking for it is a scammer.
By taking the steps we just covered, you’ve done two important things that can protect you moving forward. One is setting up a strong, unique password. The second is using two-factor verification.
The next thing is to get comprehensive online protection in place. Protection like you’ll find in our McAfee+ plans offers several features that can keep you and your accounts safe.
Once again, your password got compromised one way or another. It could have been spyware on your device. It could have been a phishing attack. It could have been a data breach. The list goes on. However, we refer to it as comprehensive online protection because it’s exactly that. In addition to antivirus, our McAfee+ plans have dozens of features that can protect your devices, identity, and privacy.
For example:
The important thing is this: if you think your Gmail account got hacked, act quickly. You might have much more than just your email linked to that account. Files, photos, and finances might be tied to it as well.
Even if something looks just slightly off, act as if your account got hacked. Log in, change your password, establish two-step verification if you haven’t, and take the other steps mentioned above. Above and beyond your email and all the personal info packed in there, your account can give a hacker access to plenty more.
The post How to Reset Your Gmail Password After Being Hacked appeared first on McAfee Blog.
The number of AI-powered fake news sites has now surpassed the number of real local newspaper sites in the U.S.
How? AI tools have made creating entire fake news sites quicker and easier than before — taking one person minutes to create what once took days for dozens and dozens of people.
Researchers say we crossed this threshold in June 2024, a “sad milestone” by their reckoning.[i] As traditional, trusted sources of local news shut down, they’re getting replaced with sensationalistic and often divisive fake news sites. What’s more, many of these fake news sites pose as hometown newspapers.
They’re anything but.
These sites produce disinformation in bulk and give it a home. In turn, the articles on these fake news sites fuel social media posts by the thousands and thousands. Unsuspecting social media users fall for the clickbait-y headlines, click the links, read the articles, and get exposed to yet more “news” on those sites – which they then share on their social feeds thinking the stories are legit. And the cycle continues.
As a result, social media feeds find themselves flooded with falsehoods, misrepresentations, and flat-out lies. Researchers spotted the first of them in mid-2023, and they number of them are growing rapidly today.
In all, the rise of AI-powered fake news sites now plays a major role in the spread of disinformation.
When we talk about so-called “fake news,” we’re really talking about disinformation and misinformation. You might see and hear those two terms used interchangeably. They’re different, yet they’re closely related.
Disinformation is intentionally spreading misleading info.
Misinformation is unintentionally spreading misleading info (the person sharing the info thinks it’s true).
This way, you can see how disinformation spreads. A bad actor posts a deepfake with deliberately misleading info — a form of disinformation. From there, others take the misleading info at face value and pass it along as truth via social media — a form of misinformation.
The bad actors behind disinformation campaigns know this relationship well. Indeed, they feed it. In many ways, they rely on others to amplify their message for them.
With that, we’re seeing an explosion of fake news sites with content nearly, if not entirely, created by AI — with bad actors pushing the buttons.
Funded by partisan operations in the U.S. and by disinformation operations abroad, these sites pose as legitimate news sources yet push fake news that suits their agenda — whether to undermine elections, tarnish the reputation of candidates, create rifts in public opinion, or simply foster a sense of unease.
One media watchdog organization put some striking figures to the recent onrush of fake news sites. In May 2023, the organization found 49 sites that it defined as “Unreliable AI-Generated News Websites,” or UAINS. In February 2024, that number grew to more than 700 UAINS.[ii]
Per the watchdog group, these sites run with little to no human oversight. Additionally, they try to pass themselves off as legitimate by presenting their AI “authors” as people.[iii] Brazenly, at least one publisher had to say this when confronted with the fact that his “reporter” bylines were really AI bots:
The goal was to create “AI personas” that can eventually “grow into having their own following,” maybe even one day becoming a TV anchor. “Each AI persona has a unique style … Some sort of — this is probably not the right word — personality style to it.” [iv]
Beyond spreading disinformation, these sites are profitable. Recent research found that among the top 100 digital advertisers, 55% of them had their ads placed on disinformation sites. Across all industries and brands, 67% of those with digital ads wound up on disinformation sites.[v]
To clarify, these advertisers support these disinformation sites unwittingly. The researchers cite the way that online advertising platforms algorithmically place ads on various sites as the culprit. Not the advertisers themselves.
So as we talk about disinformation sites cropping up at alarming rates, we also see bad actors profiting as they prop them up.
Follow-up research pushes the estimated number of AI-powered fake news sites yet higher. In June, analysts discovered 1,265 sites targeting U.S. internet users with fake news – many posing as “local” news outlets. Shockingly, that figure surpasses the number of local newspapers still running in the U.S., at 1,213 outlets.[vi] (Side note: between 2005 and 2022, some 2,500 local newspapers shuttered in the U.S.[vii])
The actors and interests behind these sites follow a straightforward formula. In word salad fashion, they’ll mix the name of a town with classic publication names like Times, Post, or Chronicle to try to give themselves an air of credibility. Yet the content they post is anything but credible. AI generates the content from tip-to-tail, all to suit the disinformation the site wants to pump out.
The U.S. isn’t alone here. Similar sites have cropped up in the European Union as well. The European Union’s Disinformation Lab (EU DisinfoLab) found that outside actors mimicked several legitimate European sites and used them to spread disinformation.[viii] Legitimate sites that outside actors mimicked included Bild, The Guardian, and the NATO website.
The answer is that it’s getting tougher and tougher.
Fake news sites once gave off several cues that they were indeed fake, whether because they were created by earlier, cruder versions of AI tools or by human content creators. They simply didn’t look, feel, or read right. That’s because it took a lot of manual work to create a fake news site and make it look legitimate.
For starters, the site needed a sharp visual design and an easy way of surfacing articles to readers. It also meant cooking up a virtual staff, including bios of owners, publishers, editors, and bylines for the writers on the site. It also called for creating credible “About” pages and other deeper site content that legitimate news sites feature. Oh, and it needed a nice logo too. Then, and only then, could the actors behind these sites start writing fake news articles.
Now, AI does all this in minutes.
The Poynter Institute for Media Studies, a non-profit journalism school and research organization, showed how it indeed took minutes using several different AI tools.[ix] One tool created fake journalists, along with backgrounds, bylines, and photos. Another tool provided the framework of web code to design and build the site. As for the articles themselves, a few prompts into ChatGPT wrote serviceable, if not bland, articles in minutes as well.
As a result, these sites can look “real enough” to casual viewers. Taken at face value, all the trappings of a legitimate news site are there, with one exception — the articles. They’re fake. And they go on to do the damage that the bad actors behind them want them to do.
The people who create these fake news sites rely on others to take the lies they push at face value — and then immediately react to the feelings they stir up. Outrage. Anger. Dark joy. Without pause. Without consideration. If an article or post you come across online acts taps into those emotions, it’s a sure-fire sign you should follow up and see if what you’ve stumbled across is really real.
Here are a few things you can do:
Seek out objective reporting.
Outside of a newspaper’s Op-Ed pages where editorial opinions get aired, legitimate editorial staff strive for objectivity—reporting multiple dimensions of a story and letting the facts speak for themselves. If you find articles that are blatantly one-sided or articles that blast one party while going excessively easy on another, consider that type of reporting a red flag.
Watch out for clickbait.
Sensationalism, raw plays to emotion, headlines that conjure outrage — they’re all profitable because they stir people up and get them to click. Content like this is the hallmark of fake news, and it’s certainly the hallmark of AI-powered fake news as well. Consider stories like these as red flags as well.
Use fact-checking resources.
Come across something questionable? Still uncertain of what you’re seeing? You can turn to one of the several fact-checking organizations and media outlets that make it their business to separate fact from fiction. Each day, they assess the latest claims making their way across the internet — and then figure out if they’re true, false, or somewhere in between.
Check other known and long-standing news sources.
Search for other reputable sources and see what they’re saying on the topic. If anything at all. If the accounts differ, or you can’t find other accounts at all, that might be a sign you’re looking at fake news.
Additionally, for a list of reputable information sources, along with the reasons they’re reputable, check out “10 Journalism Brands Where You Find Real Facts Rather Than Alternative Facts.” It’s published by Forbes and authored by an associate professor at The King’s College in New York City.[x] It certainly isn’t the end-all, be-all of lists, yet it provides you with a good starting point. Both left-leaning and right-leaning editorial boards are included in the list for balance.
Stick with trusted voter resources.
With Election Day coming around here in the U.S., expect many bad actors to push false voting info, polling results, and other fake news that tries to undermine your vote. Go straight to the source for voting info, like how to register, when, where, and how to vote — along with how to confirm your voting registration status. You can find all this info and far more with a visit to https://www.usa.gov/voting-and-elections.
You can find another excellent resource for voters at https://www.vote411.org, which is made possible by the League of Women Voters. Particularly helpful is the personalized voting info it offers. By entering your address, you can:
If you have further questions, contact your state, territory, or local election office. Once again, usa.gov offers a quick way to get that info at https://www.usa.gov/state-election-office.
[i] https://www.newsguardtech.com/press/sad-milestone-fake-local-news-sites-now-outnumber-real-local-newspaper-sites-in-u-s/
[ii] https://www.newsguardtech.com/press/newsguard-launches-2024-election-misinformation-tracking-center-rolls-out-new-election-safety-assurance-package-for-brand-advertising/
[iii] https://www.bloomberg.com/news/newsletters/2024-05-17/ai-fake-bylines-on-news-site-raise-questions-of-credibility-for-journalists
[iv] Ibid.
[v] https://www.nature.com/articles/s41586-024-07404-1
[vi] https://www.newsguardtech.com/press/sad-milestone-fake-local-news-sites-now-outnumber-real-local-newspaper-sites-in-u-s/
[vii] https://localnewsinitiative.northwestern.edu/research/state-of-local-news/2022/report/
[viii] https://www.cybercom.mil/Media/News/Article/3895345/russian-disinformation-campaign-doppelgnger-unmasked-a-web-of-deception/
[ix] https://www.poynter.org/fact-checking/2023/chatgpt-build-fake-news-organization-website/
[x] https://www.forbes.com/sites/berlinschoolofcreativeleadership/2017/02/01/10-journalism-brands-where-you-will-find-real-facts-rather-than-alternative-facts
The post Hallucinating Headlines: The AI-Powered Rise of Fake News appeared first on McAfee Blog.
In the aftermath of a major disaster like Hurricane Helene and Milton, people come together to rebuild and recover. Unfortunately, alongside the genuine help, there are always opportunistic scammers ready to exploit the chaos for personal gain. Knowing what to look out for can help protect you and your community from falling victim to these fraudulent schemes.
The National Center for Disaster Fraud (NCDF), established by the Justice Department after Hurricane Katrina in 2005, reminds the public to be cautious of hurricane-related solicitations. As natural disasters, like Hurricane Helene, often bring out the best in people eager to help, they also provide an opportunity for criminals to exploit the situation by stealing money or personal information. Here are some of common scams and fraud to watch out for, and how you can safeguard yourself.
As residents begin to rebuild, many turn to contractors for help with repairs. Scammers often pose as legitimate contractors but lack proper licensing or qualifications. They may demand upfront payment and then disappear without completing the work or do subpar repairs.
How to Protect Yourself:
Disasters often inspire a wave of generosity, but they also give rise to fake charities. Scammers may set up fraudulent organizations that claim to be helping victims of Hurricane Helene and Milton, only to pocket the money for themselves.
How to Protect Yourself:
After a major disaster, there is often a sharp increase in demand for essential goods like water, fuel, and building supplies. Unscrupulous businesses or individuals may take advantage by charging exorbitant prices.
How to Protect Yourself:
Scammers may pose as FEMA representatives, insurance adjusters, or other government officials. They’ll claim to help expedite your relief or insurance claim in exchange for personal information or payment.
How to Protect Yourself:
Cybercriminals often send out emails or texts that look like they’re from legitimate organizations, trying to trick people into clicking on malicious links. These phishing scams can lead to identity theft or financial loss.
How to Protect Yourself:
In the wake of Hurricane Helene and Milton, the most important thing you can do is stay vigilant. While the majority of people are focused on helping and healing, there will always be a small number looking to take advantage. By recognizing the signs of common scams and taking precautionary measures, you can protect yourself and your community from further harm. If you suspect you’ve been targeted by a scam, report it to local law enforcement or the Federal Trade Commission (FTC) immediately.
The post How to Avoid Scams in the Wake of Hurricane Helene and Milton appeared first on McAfee Blog.
With the election quickly approaching, it’s essential to be informed and cautious about the growing number of voting scams. Scammers are becoming more sophisticated, using everything from artificial intelligence to fake text messages to trick people into sharing sensitive information. Here’s a breakdown of the types of voting scams that have already been seen this year and the specific steps you can take to protect yourself.
Scammers pretending to be election workers are sending fraudulent text messages to Maryland voters, falsely claiming they are not registered to vote in November. The texts urge recipients to click a fake link to “resolve” their registration status. Similar scams have been reported across the country from Sacramento, California to Marietta, Georgia.
How to protect yourself:
A new voting scam is targeting seniors in Michigan, where scammers are asking for Social Security and credit card information under the pretense of early voting opportunities. Michigan’s Secretary of State office has received numerous complaints about seniors being approached in person by imposters posing as election workers while trying to steal individuals’ identities.
How to protect yourself:
A bipartisan group of 51 attorneys general issued a warning to Life Corporation, a company accused of sending scam robocalls during the New Hampshire primary. These calls used AI to impersonate President Biden and spread false information to discourage voter participation. While this bipartisan task force is committed to tackling illegal robocalls nationwide, citizens should still be aware of the risk of deepfake audio.
How to protect yourself:
Scams tend to increase during election years, so be proactive in safeguarding against these latest fraud tactics. By following these steps, you can help protect yourself from falling victim to election-related scams. Voting is a critical part of democracy, and staying vigilant is key to both safeguarding your personal information and your right to participate.
The post Beware of These Voting Scams Happening Now appeared first on McAfee Blog.
In today’s digital world, the line between reality and deception has become increasingly blurred, with cybercriminals leveraging cutting-edge AI technologies to exploit our trust and interest in celebrities. As we continue to engage with the internet in unprecedented ways, McAfee’s 2024 Celebrity Hacker Hotlist sheds light on a growing threat—online scams using the identities of our favorite stars.
At the forefront of McAfee’s latest list is Scarlett Johansson, a renowned actress, recognized for her roles in Marvel’s Black Widow and Lost in Translation. However, this time, Johansson isn’t making headlines for a movie—she’s ranked as the U.S. celebrity whose name is most frequently used in online scams. Her likeness has been used in AI-generated deepfakes, from unauthorized ads to fake endorsements, creating a major risk for unsuspecting fans. The list doesn’t stop with Johansson. Celebrities like Kylie Jenner, Taylor Swift, and Tom Hanks also find themselves in the top 10, with hackers exploiting their images, voices, and reputations to deceive internet users. Whether it’s for fake giveaways, cryptocurrency scams, tickets to high-demand concerts, free downloads, or disinformation campaigns, these stars are unwilling participants in the cybercrime ecosystem.
McAfee’s Threat Research Labs Team compiled the Celebrity Hacker Hotlist by identifying the celebrities – including social media influencers – whose names and likenesses are most often exploited to lead consumers to online scams. This ranges from the purchase of fake goods or services that then steal your money or bank details to social media or email scams that convince consumers to click a risky link that unknowingly installs malware. All of these scams jeopardize consumers’ data, privacy, and identity.
The top ten list includes a combination of longtime talent and more recently well-known names from various fields, showcasing their potential influence on consumers of all generations:
The advent of AI has revolutionized many industries, but it’s also given cybercriminals a powerful new tool: the deepfake. In addition to phishing scams and links containing malware that exploit the popularity and reputation of celebrities and deceive their fans, these highly realistic video or audio clips can mimic the likeness of a person, making it nearly impossible to tell whether the content is real or fake. Deepfakes of celebrities are now being used to promote fraudulent products, steal personal information, and trick people into downloading malware. Imagine watching a video of your favorite star endorsing a new product, only to find out later it wasn’t them at all. This is no longer a distant possibility but a reality many fans face as scammers get better at crafting fake content. In fact, some of these AI-generated videos are so convincing that even the savviest of internet users can fall for them.
For instance, Tom Hanks’ image was manipulated to promote dubious “miracle cures,” while Taylor Swift’s likeness has been used in fake political endorsements. Johnny Depp and Kylie Jenner’s names have been used by scammers in fake cryptocurrency giveaways, luring fans to engage with risky websites or phishing scams.
While these scams primarily aim to steal money or personal data from consumers, the effects are far-reaching. For fans, the consequences can be devastating, with financial losses ranging from a few hundred dollars to over half a million. In addition to the financial risks, victims often feel violated after engaging with fraudulent content. For celebrities, these scams can have a serious impact on their public image and brand. Many stars, including Johansson, have taken a firm stand against the unauthorized use of their images in AI-generated content. As Johansson has publicly expressed, it’s not just about personal privacy but about the broader implications of AI and the need for accountability in the tech world.
As AI becomes more accessible, these scams are only expected to rise. To combat this growing issue, McAfee recently introduced a powerful combination of educational resources and advanced, AI-powered technology: McAfee Deepfake Detector, the world’s first automatic and AI-powered deepfake detector, and the McAfee Smart AI Hub, a go-to online space for the latest in AI security knowledge and news. Here are some practical tips to protect yourself from AI-generated scams:
In 2024, staying safe online means being aware of the rapidly evolving landscape of AI and cybercrime. Scammers are getting better at mimicking trusted names like Scarlett Johansson, Kylie Jenner, and Johnny Depp to deceive fans. With AI-powered tools like deepfake detectors and informed vigilance, we can reduce the risk of falling victim to these digital traps. Stay informed, stay cautious, and always think twice before clicking on a too-good-to-be-true celebrity endorsement. For more information about McAfee’s 2024 Celebrity Hacker Hotlist and ways to protect yourself, visit https://www.mcafee.ai
The study was conducted by McAfee® threat intelligence researchers to determine the number of risky sites and amount of misleading content generated by searching a celebrity name with commonly used terms. A risk score was calculated for each celebrity using a combination of McAfee WebAdvisor results and an analysis of known deepfakes recorded between January 1 to September 15, 2024. McAfee’s WebAdvisor browser extension leverages McAfee’s technology to protect users from malicious websites and, when turned on, rates nearly every internet website it finds, using red, yellow and green icons to indicate the website’s risk level and blocking access to or warning a user if they click on a malicious or risky URL link. Ratings are created by using patented advanced technology to conduct automated website tests and works with Chrome, Edge, Safari, and Firefox.
The post Scarlett Johansson Tops McAfee’s 2024 Celebrity Hacker Hotlist for AI Online Scams appeared first on McAfee Blog.
Bad news travels quickly. Or so goes the old saying. Yet we do know this: disinformation and fake news spread faster than the truth. And what makes it spread even faster is AI.
A recent study on the subject shows that fake news travels across the internet than stories that are true. Complicating matters is just how quickly and easily people can create fake news stories with AI tools.
Broadly speaking, AI-generated content has flooded the internet in the past year — an onrush of AI voice clones, AI-altered images, video AI deepfakes, and all manner of text in posts. Not to mention, entire websites are populated with AI-created content.
One set of published research shows how this glut of AI-created content has grown since AI tools started becoming publicly available in 2023. In just the first three months of 2024, one set of research suggests that the volume of deepfakes worldwide surged by 245% compared to the start of 2023. In the U.S., that figure jumped to 303%.[i]
But before we dive into the topic, we need to make an important point — not all AI-generated content is bad. Companies use AI deepfake technologies to create training videos. Studios use AI tools to dub movies into other languages and create captions. And some content creators just want to get a laugh out of Arnold Schwarzenegger singing show tunes. So, while deepfakes are on the rise, not all of them are malicious.
The problem arises when people use deepfakes and other AI tools to spread disinformation. That’s what we’ll focus on here.
First, let’s look at what deepfakes are and what disinformation really is.
First, what is a deepfake? One dictionary definition of a deepfake reads like this:
An image or recording that has been convincingly altered and manipulated to misrepresent someone as doing or saying something that was not actually done or said.[ii]
Looking closely at that definition, three key terms stand out: “altered,” “manipulated,” and “misrepresent.”
Altered
This term relates to how AI tools work. People with little to no technical expertise can tamper with existing source materials (images, voices, video) and create clones of them.
Manipulated
This speaks to what can be done with these copies and clones. With them, people can create entirely new images, tracts of speech, and videos.
Misrepresent
Lastly, this gets to the motives of the creators. They might create a deepfake as an obvious spoof like many of the parody deepfakes that go viral. Or maliciously, they might create a deepfake of a public official spewing hate speech and try to pass it off as real.
Again, not all deepfakes are malicious. It indeed comes down to what drives the creator. Does the creator want to entertain with a gag reel or inform with a how-to video narrated by AI? That’s fine. Yet if the creator wants to besmirch a political candidate, make a person look like they’ve said or done something they haven’t, or to pump out false polling location info to skew an election, that’s malicious. They clearly want to spread disinformation.
You might see and hear these terms used interchangeably. They’re different, yet they’re closely related. And both will play a role in this election.
Disinformation is intentionally spreading misleading info.
Misinformation is unintentionally spreading misleading info (the person sharing the info thinks it’s true).
This way, you can see how disinformation spreads. A bad actor posts a deepfake with misleading info — a form of disinformation. From there, others take the misleading info at face value, and pass it along as truth — a form of misinformation.
The two work hand-in-hand by design, because bad actors have a solid grasp on how lies spread online.
Deepfakes primarily spread on social media. And disinformation there has a way of spreading quickly.
Researchers found that disinformation travels deeper and more broadly, reaches more people, and goes more viral than any other category of false info.[iii]
According to the research findings published in Science,
“We found that false news was more novel than true news, which suggests that people were more likely to share novel information … Contrary to conventional wisdom, robots accelerated the spread of true and false news at the same rate, implying that false news spreads more than the truth because humans, not robots, are more likely to spread it.”
Thus, bad actors pump false info about them into social media channels and let people spread it by way of shares, retweets, and the like.
And convincing deepfakes have only made it easier for bad actors to spread disinformation.
The advent of AI tools has spawned a glut of disinformation unseen before, and for two primary reasons:
In effect, the malicious use of AI makes it easier for fakery to masquerade as reality, with chilling authenticity that’s only increasing. Moreover, it churns out fake news on a massive scope and scale that’s increasing rapidly, as we cited above.
AI tools can certainly create content quickly, but they also do the work of many. What once took sizable ranks of writers, visual designers, and content producers to create fake stories, fake images, and fake videos now gets done with AI tools. Also as mentioned above, we’re seeing entire websites that run on AI-generated content, which then spawn social media posts that point to their phony articles.
Largely we’ve talked about disinformation, fake news, and deepfakes in the context of politics and in attempts to mislead people. Yet there’s another thing about malicious deepfakes and the bad news they peddle. They’re profitable.
Bad news gets clicks, and clicks generate ad revenue. Now with AI powering increasingly high volumes of clickbait-y bad news, it’s led to what some researchers have coined the “Disinformation Economy.” This means that the creators of some deepfakes might not be politically motivated at all. They’re in it just for the money. The more people who fall for their fake stories, the more money they make as people click.
And early indications show that disinformation has broader economic effects as well.
Researchers at the Centre for Economic Policy Research (CEPR) in Europe have started exploring the impact of fake news on economic stability. In their first findings, they said, “Fake news profoundly influences economic dynamics.”[iv] Specifically they found that as fake news sows seeds of uncertainty, it reverberates through the economy, leading to increased unemployment rates and lower industrial production.
They further found bad news can lead to pessimism, particularly about the economy, which leads to people spending less and lower sales for companies — which further fuels unemployment and reductions in available jobs as companies cut back.[v]
Granted, these early findings beg more research. Yet we can say this: many people turn to social media for their news, the place where fake news and malicious deepfakes spread.
Global research from Reuters uncovered that more people primarily get their news from social media (30%) rather than from an established news site or app (22%).[vi] This marks the first time that social media has toppled direct access to news. Now, if that leads to exposure to significant portions of pessimistic fake news, it makes sense that millions of people could have their perceptions altered by it to some extent — which could translate into some form of economic impact.
As you can quickly surmise, that comes down to us. Collectively. The fewer people who like and share disinformation and malicious deepfakes, the quicker they’ll die off.
A few steps can help you do your part in curbing disinformation and malicious deepfakes …
Verify, then share.
This all starts by ensuring what you’re sharing is indeed the truth. Doubling back and doing some quick fact-checking can help you make sure that you’re passing along the truth. Once more, bad actors entirely rely on just how readily people can share and amplify content on social media. The platforms are built for it. Stop and verify the truth of the post before you share.
Come across something questionable? You can turn to one of the several fact-checking organizations and media outlets that make it their business to separate fact from fiction:
Flag falsehoods.
If you strongly suspect that something in your feed is a malicious deepfake, flag it. Social media platforms have reporting mechanisms built in, which typically include a reason for flagging the content.
Get yourself a Deepfake Detector.
Our new Deepfake Detector spots AI phonies in seconds. It works in the background as you browse — and lets you know if a video or audio clip was created with AI audio. All with 95% accuracy.
Deepfake Detector monitors audio being played through your browser to determine if the content you’re watching or listening to contains AI-generated audio. McAfee doesn’t store any of this audio or browsing history.
Further, a browser extension shows just how much audio was deepfaked, and at what point in the video that content cropped up.
McAfee Deepfake Detector is available for English language detection in select new Lenovo AI PCs, ordered on Lenovo.com and select local retailers in the U.S., UK, and Australia.
From January to July of 2024, states across the U.S. introduced or passed 151 bills that deal with malicious deepfakes and deceptive media.[vii] However, stopping their spread really comes down to us.
The people behind AI-powered fake news absolutely rely on us to pass them along. That’s how fake news takes root, and that’s how it gets an audience. Verifying that what you’re about to share is true is vital — as is flagging what you find to be untrue or questionable.
Whether you use fact-checking sites to verify what you come across online, use a tool like our Deepfake Detector, or simply take a pass on sharing something that seems questionable, they’re all ways you can stop the spread of disinformation.
[i] https://sumsub.com/newsroom/deepfake-cases-surge-in-countries-holding-2024-elections-sumsub-research-shows/
[ii] https://www.merriam-webster.com/dictionary/deepfake
[iii] https://science.sciencemag.org/content/359/6380/1146
[iv] https://cepr.org/voxeu/columns/buzz-bust-how-fake-news-shapes-business-cycle
[v] https://www.uni-bonn.de/en/news/134-2024
[vi] https://reutersinstitute.politics.ox.ac.uk/digital-news-report/2023/dnr-executive-summary
[vii] Ibid.
The post Clickbait and Switch: How AI Makes Disinformation Go Viral appeared first on McAfee Blog.
You crack open your credit card statement and something seems … off. Maybe it’s a couple of small online purchases that make you think, “Hmm, that’s strange.” Or maybe a statement shows up in your mailbox — one for a card that you don’t own at all. That calls for a huge “What the heck???” Sure enough, you’re looking at cases of identity fraud and theft.
And there’s a difference between identity fraud and identity theft. It’s subtle. And because of that, they often get used interchangeably. Each one can really sting but in different ways.
So, put simply, identity fraud involves stealing from an existing account. Identity theft means that someone used your personal info to impersonate you in some way, such as opening new accounts in your name.
Each year, the U.S. Federal Trade Commission (FTC) publishes a data book that collects consumer reports of fraud, identity theft, and other similar crimes. Using the most recent data from the FTC, we can plot what the top forms of identity theft and fraud look like.
Credit cards
By far the top form of identity theft and fraud. As mentioned in the examples above, these can include crooks who string out several small purchases over time. All in the hope that the cardholder will overlook it. It can also include a one-whopper of a purchase for a big-ticket item. Here, the crook knows the card will likely get canceled quickly afterward. It’s a one-and-done deal.
Loans and leases
Second, we have loans and leases. This can range from student loans, personal loans, and auto loans, and to real estate rentals as well. Common across them all is someone impersonating you to take them out or tap into their funds in some way.
Bank accounts
Here, the creation of totally new accounts leads the way in this category. As we described above, that’s a form of identity theft. Yet identity fraud accounts for a noticeable chuck, which includes account takeovers. In these cases, crooks siphon off funds via debit cards, Electronic Funds Transfer (ETF), and other forms of withdrawal and transfer.
ID and government benefits
This covers cases where crooks use stolen personal info to get IDs. That includes driver’s licenses, passports, and other government documentation. Further, this category also encompasses the theft of government-issued benefits ranging from medical assistance to veteran’s pay.
Tax returns
While all forms of identity theft and fraud can pack a punch, this type hits particularly hard because it involves your SSN. Around tax time, scammers with access to SSNs will file bogus returns, all with the aim of claiming the refund for themselves.
Utilities
Largely, this involves people buying cell phones and opening new mobile accounts along with them. Yet it also includes people opening other utilities in other people’s names. Indeed, crooks will scam their way into getting free electricity, water, gas, and yes…cable TV.
Although these forms don’t top the list in terms of reports, they still bear mentioning. They’re serious enough, and they can go undetected for some time before their victims find out.
Medical identity theft
In this form, an imposter receives care, medications, or medical devices in someone else’s name. They might pass off phony documentation to the care provider involved, the insurance company that pays for the care, or a combination of the two. A few things can happen as a result. It can impact the care you can get and the benefits you can use. In extreme cases, the thief’s health info can get mixed in with yours and impact your care. Medical identity theft is a good reason to closely review all the medical and insurance statements you get.
Child identity theft
Imagine your child about to rent a first apartment. The property management company runs a credit check, only to find a horrendous credit rating. But how? An identity thief has been using your child’s identity for years now. After all, what parent thinks, “I really should run a credit report on my kindergartener.” And that’s fair. However, signing up your child for identity is a sound move. It can help spot if your child’s identity got stolen.
1) Notify the companies and institutions involved and consider a credit freeze.
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account in your credit monitoring service, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
In the meantime, consider putting a security freeze in place. A security freeze service prevents others from opening new credit, bank, and utility accounts in your name. It won’t hit your credit score, and you can unfreeze it when needed. You’ll find this feature in our McAfee+ plans as well.
2) File a police report.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Beyond that, filing a report is still a good idea. Identity theft is still theft, and reporting it provides an official record of it.
Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help you clear your name down the road. Likewise, save any evidence you have, such as statements or documents associated with the theft. They can help you clean up your record as well.
3) Contact the Federal Trade Commission (FTC).
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
4) Contact the IRS, if needed.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud — namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call, nor will they call and apply harassing pressure tactics — only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
5) Continue to monitor your credit report, invoices, and statements.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, in addition to reviewing your accounts closely.
Several features in our McAfee+ plans can do this work, and quite a bit more, for you:
The post What Are the 6 Types of Identity Theft appeared first on McAfee Blog.
In my world of middle-aged mums (mams), Instagram is by far the most popular social media platform. While many of us still have Facebook, Instagram is where it all happens: messaging, sharing, and yes, of course – shopping!! So, when one of my gal pals discovers that her Instagram account has been hacked, there is understandably a lot of panic!
Believe it or not, Facebook is still hanging onto the top spot as the most popular social media platform with just over 3 billion active monthly users, according to Statista. YouTube comes in 2nd place with 2.5 billion users. Instagram and WhatsApp tie in 3rd place with 2 billion users each. Interestingly, TikTok has 1.5 billion users and is in 4th place – but watch this space, I say!
Despite Facebook having the most monthly users, it isn’t where the personal conversations and engagement take place. That’s Instagram’s sweet spot. Instagram messaging is where links are shared and real personal interaction occurs. In fact, a new report shows that Instagram accounts are targeted more than any other online account and makeup just over a quarter of all social media hacks. So, it makes sense why hackers would expend considerable energy in trying to hack Instagram accounts. They’ll have a much greater chance of success if they use a platform where there is an appetite and trust for sharing links and personal conversations.
But why do they want to get their hands on your account? Well, they may want to steal your personal information, scam your loyal followers by impersonating you, sell your username on the black market or even demand ransoms! Hacking Instagram is big business for professional scammers!!
So, you reach for your phone early one morning to do a quick scroll on Instagram before you start the day, but you can’t seem to log on. Mmmmm. You then see some texts from friends checking whether you have in fact become a cryptocurrency expert overnight. OK – something’s off. You then notice an email from Instagram notifying you that the email linked to your account has been changed. Looks like you’ve been hacked! But please don’t spend any time stressing. The most important thing is to take action ASAP as the longer hackers have access to your account, the greater the chance they can infiltrate your life and create chaos.
The good news is that if you act quickly and strategically, you may be able to get your account back. Here is what I suggest you do – fast!:
1. Change Your Password & Check Your Account
If you are still able to log in to your account then change your password immediately. And ensure it is a password you haven’t used anywhere else. Then do a quick audit of your account and fix any changes the hacker may have made eg remove access to any device you don’t recognise, any apps you didn’t install, and delete any email addresses that aren’t yours.
Next, turn on two-factor authentication (2FA) to make it harder for the hacker to get back into your account. This will take you less than a minute and is absolutely critical. Instagram will give you the option to receive the login code either via text message or via an authentication app. I always recommend the app in case you ever lose control of your phone.
But, if you are locked out of your account then move on to step 2.
2. Locate The Email From Instagram
Every time there is a change to your account details or some new login activity, Instagram will automatically send a message to the email address linked with the account
But there’s good news here. The email from Instagram will ask you if you in fact made the changes and will provide a link to secure your account in case it wasn’t you. Click on this link!! If you can access your account this way, immediately check that the only linked email address and recovery phone number are yours and delete anything that isn’t yours. Then change your password.
But if you’ve had no luck with this step, move on to step 3.
3. Request a Log-In Link
You can also ask Instagram to email or text you a login link. On an iPhone, you just need to select ‘forgot password?’ and on your Android phone, tap ‘get help logging in’. You will need to enter the username, email address, and phone number linked to your account.
No luck? Keep going…
4. Request a Security Code
If the login link won’t get you back in, the next step is to request a security code. Simply enter the username, email address, or phone number associated with your account, then tap on “Need more help?” Select your email address or phone number, then tap “Send security code” and follow the instructions.
5. Video Selfie
If you have exhausted all of these options and you’ve had no luck then chances are you have found your way to the Instagram Support Team. If you haven’t, simply click on the link and it will take you there. Now, if your hacked account contained pictures of you then you might just be in luck! The Support Team may ask you to take a video selfie to confirm who you are and that in fact you are a real person! This process can take a few business days. If you pass the test, you’ll be sent a link to reset your password.
So, you’ve got your Instagram account back – well done! But wouldn’t it be good to avoid all that stress again? Here are my top tips to make it hard for those hackers to take control of your Insta.
1. It’s All About Passwords
I have no doubt you’ve heard this before but it’s essential, I promise! Ensuring you have a complex and unique password for your Instagram account (and all your online accounts) is THE best way of keeping the hackers at bay. And if you’re serious about this you need to get yourself a password manager that can create (and remember) crazily complex and random passwords that are beyond any human ability to create. Check out McAfee’s TrueKey – a complete no-brainer!
2. Turn on Multifactor Authentication (MFA)
Multi-factor authentication adds another layer of security to your account making it that much harder for a hacker to get in. It takes minutes to set up and is essential if you’re serious about protecting yourself. It simply involves using a code to log in, in addition to your password. You can choose to receive the code via a text message or an authenticator app – always choose the app!
3. Choose How To Receive Login Alerts
Acting fast is the name of the game here so ensure your account is set up with your best contact details, so you receive login alerts ASAP. This can be the difference between salvaging your account and not. Ensure the alerts will be sent to where you are most likely to see them first so you can take action straight away!
4. Audit Any Third-Party Apps
Third-party apps that you have connected to your account could potentially be a security risk. So, only ever give third-party apps permission to access your account when absolutely necessary. I suggest taking a few minutes to disconnect any apps you no longer require to keep your private data as secure as possible.
Believe it or not, Instagram is not just an arena for middle-aged mums! I can guarantee that your teens will be on there too. So, next time you’re sharing a family dinner, why not tell them what you’re doing to prevent yourself from getting hacked? And if you’re not convinced they are listening? Perhaps remind them just how devastating it would be to lose access to their pics and their people. I am sure that might just work.
Till next time
Stay safe online!
Alex
The post My Instagram Has Been Hacked – What Do I Do Now? appeared first on McAfee Blog.
Imagine this: you wake up one morning to find that your bank account has been emptied overnight. Someone halfway across the world has accessed your account using a password you thought was secure. Incidents like these are unfortunately becoming more common, with identity theft and fraud cases steadily increasing over the last decade.
This month is Cybersecurity Awareness Month, with the theme “Secure Our World,” which serves as a timely reminder to reassess and enhance your cybersecurity strategies against ever-evolving cyber threats. In an election year, the digital landscape becomes a breeding ground for cyber scams and malicious activities aimed at exploiting political fervor and public uncertainty. With the 2024 election on the horizon, it’s more critical than ever to strengthen our cybersecurity defenses.
By prioritizing cybersecurity awareness and implementing robust protective measures during this dedicated month, you can safeguard your personal information, protect your financial assets, and ensure the security of your digital interactions. Let’s explore five simple yet powerful ways to increase your internet security and have peace of mind in today’s digital landscape.
Passwords serve as the first line of defense against unauthorized access to your accounts but 78% of people use the same password for more than one account. Here’s how you can create and manage complex passwords:
Multifactor authentication (MFA) adds an extra layer of security by requiring two or more of the following factors to access your accounts:
Follow these steps to enable multifactor authentication:
Phishing is a common tactic used by cybercriminals to trick you into revealing sensitive information by impersonating legitimate entities, such as banks or reputable companies, to lure individuals into disclosing sensitive information like passwords or credit card numbers. These attacks often occur via email, text messages, or fake websites designed to appear authentic, exploiting human trust and curiosity to steal valuable data for malicious purposes.
Identifying Phishing Emails:
Reporting Phishing:
Software updates, also known as patches, often include security fixes to protect against known vulnerabilities. Here’s how to keep your software up to date:
Updating Operating Systems and Applications:
Social media platforms are integral parts of modern communication, but they also pose significant security risks if not managed carefully. Here are essential tips to enhance your social media security:
By implementing these straightforward yet effective cybersecurity practices, you can significantly reduce the risk of falling victim to online threats. McAfee+ can also keep you more secure and private online with 24/7 scans of the dark web to ensure your personal and financial info is safe, alerts about suspicious financial transactions and credit activity, and up to $2 million in identity theft coverage and restoration.
The post Top Tips for Cybersecurity Awareness Month appeared first on McAfee Blog.
What if I told you that the most important thing you need to keep your kids safe online doesn’t come in a box or via a download? And that it doesn’t require you to be monitoring or supervising their every move. And even better – it doesn’t cost any money!! Yep – you’d be interested, I’m sure. After almost 13 years as Cybermum, I’ve experienced plenty of ‘aha’ cybersafety moments. But, without doubt, one of the biggest learnings for me is that creating a family culture where there is calm, honest, and truly open communication is the best way to protect your kids online. In fact, it’s likely far more powerful than the latest apps or software, and here’s why…
I’m a big fan of trying to minimise the amount of time kids spend in front of a screen for so many reasons. There is a plethora of research to support how ‘too much’ screen time can adversely affect kids’ behaviour. A 2022 US study of K-12 educators in the US showed that 80% of educators believed that increased screen time worsened children’s behaviour. There are studies that show excessive (and early) screen time can potentially affect a child’s cognitive, linguistic, and social-emotional growth. And even some research shows that the effects of excessive screen time can be similar to the symptoms of autism.
But the reality is that screens aren’t going anywhere soon. We live in a digital world where you actually can’t go about your business without a device and a screen. When was the last time you tried going into a bank branch??? Instead, I believe we need to think of screens a little like we think of sugar. We know it’s not great for us, so we try and minimise our intake.
But how good would it be if our kids understood this perspective, so they also realised that too much screen time wasn’t ideal? Well, they can – weave it into family conversations!
When ‘digital parenting’ became a thing about 15 – 20 years ago, we were all told that we needed to constantly monitor our kids to ensure they weren’t visiting inappropriate websites or speaking to strangers online. I remember trying so hard to stay across the online movements of four kids – I’ve got to admit it was quite time-consuming and exhausting!! Full credit to those parents who put in the hours to keep their kids safe.
Fast forward to 2024 and there is now a comprehensive range of ‘parental control’ apps and software that can act as another set of ‘eyes and ears’ for parents. And while they can be great tools to have in your digital parenting toolbox, they are not the silver bullet. What happens when your child is visiting at another family’s house that doesn’t have parental controls set up? What happens if your child uses a friend’s device while travelling home on the bus to ‘get around’ the parental controls at home? And what about, if they work out how to turn them off?? Remember, are digital natives are quite savvy!!
But if you regularly talk online safety with your kids at home then you have a big head start here. In fact, your stress levels should be relatively low. When you make it a priority to talk to your kids about what they do online – in a non-judgemental way – and share your stories, the latest trends and risks then you are in a good place. If your kids know you understand their digital life, know that you can handle the tough stuff, and know with 100% confidence that you are NOT going to go berserk if they come to you with a problem then you do not need to worry about monitoring their every move. You’ve empowered them with knowledge and offered them a safety net – perfect!
Before I share my top tips with you I want to make it very clear that this is not an exercise in being a perfect parent. There is no such thing as a perfect parent – we are all on a journey and learning as we go. So, please don’t feel psyched out or worry that it’s too late. We’re all doing the best we can to raise our kids – so just keep on keeping on!
There are a few key things that I believe contribute to creating a top-notch communication culture in a family. Here are my top recommendations.
I learnt pretty early on in my parenting career that if you’re not being an active listener, you’re not really getting the full story. Active listening happens when you’re fully engaged with your child and is one of the best ways to communicate that you care and that you’re interested which in turn encourages them to open up more. Perfect! Here’s what I suggest:
Let’s be honest, very few of us are calm or relaxed 365 days of the year! But if you’re keen to maximise the chances that your kids will come to you if they do find themselves in a tricky situation then you need to ‘fake it till you make it’ my friends!
Conflict and heated discussions with teens are inevitable – I’ve definitely had my fair share! But it’s how you work through it that’s important. If you want a truly open and honest relationship with your child where they feel safe to talk about awkward things like sex, alcohol, cyberbullying, and even pornography, then you need to be ready to manage your own feelings and reactions when you hear things that you don’t expect or simply don’t like.
If you’re struggling to remain calm and deal with emotions from conversations with your teen then why not take some time to invest in yourself? Hit the road and walk it off, find some breathing exercises or a meditation on YouTube, or pick up the phone and call a friend. By role-modelling honest conversation and a calm approach, you’re teaching your children how to be respectful and calm and have open and tough conversations. What a life skill!
And if you can’t manage to remain calm and you lose your cool – simply apologise, give them a hug, and commit to doing better next time.
When I was growing up, I had a few friends who had very open relationships with their parents. Everything was discussed – nothing was off-limits! These friends all had a certain confidence, a knowing that they had someone in their corner who had their back, wouldn’t judge, and would be their ‘come what may’ for any situation. I was a little jealous!
Talking to your kids about sex, pornography, and cyberbullying can be really stressful. But there is so much research that shows that proactive conversations about tricky topics such as sex can be really beneficial. A review of research on British parents’ involvement in sex education found that they often felt embarrassed about broaching the subject with their kids. The same review compared this to countries such as Sweden where parents talked openly to their children about sex from an early age. It attributed the difference in approaches to the higher rates of teenage pregnancy and sexually transmitted diseases in England and Wales. Fascinating!
Start by teaching them the correct names for body parts. When they start preschool or school, you can teach them about respecting others and also about how to express their feelings. This will set them up for open and honest conversations and relationships.
Own the fact that it may feel really embarrassing or awkward when chatting to your kids about these topics. Perhaps make a joke of it. But assure them you’re going to do your best to help them navigate these issues and that you can absolutely handle it.
Why not break it up into small regular chats and take the pressure off? One big talk is overwhelming and could feel really awkward and pressured. A little bit of chatter often will feel more natural. Why not use films, books, or movies as a trigger for a conversation? The more natural and less contrived it feels, the more relaxed and receptive everyone will be.
Expressing disapproval or shock when your kids are sharing something tricky with you is the fastest way to shut down communication. So stop yourself! And if they do share something that surprises you, make sure you thank them and suggest you both talk about it more so you can better understand.
Now, if you have tweens or teens and you regret not prioritising your family’s communication culture earlier, do not stress. It’s never too late to make a difference! Yes, there might be a whole lot of awkwardness, but it will absolutely pass. Share stories of your online life, and news stories that you will start a conversation, ask them questions about their online life, and most importantly, be calm and don’t be critical or negative when they start sharing. Otherwise, it will be over ASAP.
You can absolutely handle this!
The post Top Strategies For Keeping Your Kids Safe Online appeared first on McAfee Blog.
In today’s digital world, both personal and professional environments are evolving faster than ever. As artificial intelligence (AI) becomes integral to our daily lives, it’s crucial that the devices we use stay ahead of the curve—both in terms of performance and security. According to Gartner, AI PCs are projected to total 114 million units in 2025, an increase of 165.5% from 2024. That’s why we’re excited to introduce the next generation of AI-powered PCs with our partners, designed to provide cutting-edge computing experiences with next-level AI-protection with McAfee Deepfake Detector.
These AI PCs have been built with one goal in mind: to harness the power of AI for every user. Whether you’re a content creator, business professional, gamer, or researcher, AI PCs adapt to your needs, offering enhanced processing speed, personalized optimization, and smart task management. From boosting productivity to delivering immersive entertainment, AI PCs are designed to handle it all.
We understand that in an age where digital content is omnipresent, online security must be a top priority. That’s why the following AI PCs come with McAfee Deepfake Detector preinstalled. This advanced tool is designed to protect you against the growing threat of AI-manipulated media, ensuring that you can trust the content you see online. McAfee’s Deepfake Detector uses cutting-edge algorithms to analyze AI-generated audio, distinguishing between real and manipulated content.
McAfee’s recent research shows that 27% of Americans say they may or will purchase an AI PC for themselves or a loved one during the 2024 holiday season. 40% of people aged 25-34 say the same. When asked what characteristics of an AI PC are most important to consumers:
As deepfakes become more sophisticated, this feature provides peace of mind, ensuring that you’re always one step ahead of malicious actors.
Our new AI PC range combines world-class performance with trusted security solutions. Whether you’re using these devices for work, play, or creativity, you’ll have the confidence of knowing your personal data and online experiences are safeguarded by the latest in AI-driven protection. McAfee Deepfake Detector is available on the following AI PC:
Stay tuned for more details about this exciting new range, and discover how we’re redefining the future of online protection
The post Introducing AI PCs with McAfee Deepfake Detector appeared first on McAfee Blog.
Scams are big business for cybercriminals. In 2023, Aussies lost a whopping $2.7 billion in scams. Barely a week goes by without yet another brave story of someone who shares their own scam story in the hope that it will alert others to the calculating ways of cyber criminals. While the hefty financial losses are often the stories that catch our eye, the impact on a victim’s confidence and mental health can’t be underestimated.
As a mum of 4, one of my greatest concerns is that my boys don’t end up losing their hard-earned money to online scams. So, in the spirit of parenthood, I want to share with you some of the scam protection tips I share with my beloved boys.
Teaching your kids to be cautiously suspicious and question what they see online may feel like you’re bursting their bubble but I’m all about keeping it real and protecting them. As soon as your kids are old enough to interact online, I would start weaving in messages such as
And as they get older, make the messages more targeted and pose questions that will get them thinking:
And when your kids hit the teenage years and they are operating independently online, there is no point sugar-coating anything about being online. I regularly share news stories and social media posts about the latest scams with my crew as well as the brave stories of scam victims.
Sometimes it can be the little things that can cause us to become unstuck like not updating software or downloading an app without checking the reviews. In an ideal world, we’d all get an A++ with our cyber hygiene basics but, we are all human – so mistakes will be made, and routines will go awry. This is an example of someone who would get an A++ for cyber hygiene – I’m about to share this with my boys!
Ensure the software on all your devices is up to date. And yes, that includes your gaming console too! Remember, software updates are usually designed to address security weaknesses.
Every online account needs to have its own unique password. I’m a big fan of password managers to make this process easier to manage. Check out TrueKey – McAfee’s free password manager – not only will it help you generate humanely impossible passwords, but it will remember them also. All you need to do is remember one ‘master password’ – a complete no-brainer!
Only visit websites that are secure and start with a ‘https’. Simply look for the closed lock icon in the URL bar. Install top-notch security software on your devices. I’m clearly a fan of McAfee+ – McAfee’s full ID theft protection and premium security software. Not only does it include antivirus but identity monitoring, scam protection, social privacy manager as well as unlimited VPN usage too!
Only ever download apps from trusted marketplaces such as the AppStore or Google Play. Apps collect data so you want to ensure it is safe, so you don’t become a victim of identity theft. Dodgy apps, particularly banking apps, are a particularly lucrative way scammers try to get their hands on your money. So, always read the reviews and do your due diligence before downloading.
Never answer calls from a number you don’t know. Some phones will allow you to silence calls from unknown numbers. There are also some apps that have been developed to identify scam numbers but make sure you do your homework before downloading!
At the risk of stating the obvious, the less you share online the less information there is for scammers to find and use. Sharing too many specific details on your social media platforms or your dating profiles can help a scammer to build a profile. This is often known as the ‘mosaic effect’ and can be how scammers can successfully steal identities. Here’s what I suggest:
All social media profiles need to be set to private. Some platforms will also allow you to limit the viewing of your past posts – definitely do this. And always turn off live location.
Only accept follow or friend requests from people you know and trust. Teens may be tempted to accept requests from anyone in order to boost their ‘numbers’, but this is a dangerous game and no different than sharing details of your private life with complete strangers who may in fact be scammers.
All photos contain metadata that can give the precise location where the pic was taken. So, be cautious and post pics of events, gatherings, and holidays post-event.
Phishing scams are by far one of the most successful ways scammers can make their way into our lives. Quite simply, this is when a cybercriminal poses as a legitimate institution and ‘tricks’ an unsuspecting user into sharing personal information. The stolen identifying information is then used to access accounts and can result in identity theft and potential financial loss.
Now, this can happen via telephone however email, text, and social media messaging platforms are the most common routes. Commonly, cyber criminals will encourage potential victims to click on fraudulent links to access special deals, check account balances, or view receipts. Here are my top tips to avoid becoming a victim:
Links could contain malicious or nasty software so avoid clicking on them if possible. You can always hover over the link to see the actual web address it will take you to.
If a link is fraudulent and you’ve clicked on it and then shared personal information, you may be at risk of having the details you shared stolen. So let’s avoid that! Instead, always manually type the website address into your browser and make sure you are visiting the legitimate website.
If you’ve received an email from someone that contains a link that has piqued your interest, contact the person directly and verify they sent it. This is particularly relevant when making a payment.
One of the best ways to stay abreast of scams is to commit to staying informed. Scan the news headlines daily and subscribe to relevant tech newsletters and social media groups. With so many people affected by scams, tech journalists will often cover the latest scams. And pay it forward – if you hear of a scam doing the rounds, share the intel with friends and family members.
Whether it’s a romance scam, toll scam, or a false delivery scam, there’s no disputing that scammers are trying very hard to infiltrate every aspect of our lives. And yes, it can feel overwhelming but taking just a few simple steps will ensure that you (and your family) are in the best possible position to shut down those scammers!
The post The Top 5 Ways To Protect Your Family From Scams appeared first on McAfee Blog.
As we head into a season filled with moments that matter to consumers – from the upcoming U.S. election to the holiday shopping rush – online safety is more important than ever. With AI-generated content on the rise and scammers able to carry out more sophisticated scams, it’s crucial to stay vigilant and ensure you’re fully protected. If you’ve ever thought, “is that text message really from my bank?” Or “I don’t want my personal life to be available to people I don’t know on my social media?” McAfee+ can help you.
This autumn, McAfee has introduced a set of innovative tools designed to make online protection simpler, faster, and more effective. This includes streamlined experiences that make it easier and faster to be protected from the start, as well as enhancements that reinforce privacy protection across social media platforms, protect against the latest smishing texts in real time, and provide control over performance impact of malware scans. Whether it’s staying safe during the rush of holiday shopping or navigating potential misinformation leading up to the elections, McAfee has you covered with the latest online protection.
During the busy autumn season, time is of the essence. With more people shopping online and receiving an influx of emails and text messages, the last thing you need is complicated, time-consuming setup processes. McAfee’s latest update is all about making protection simpler and more accessible.
The newly streamlined setup ensures you’re fully protected in fewer steps, whether you’re setting up Windows or mobile. And by integrating experiences that were initially cloud-based directly in Windows and mobile apps, consumers can seamlessly manage their online privacy and social media settings directly from their devices.
With the upcoming elections and family gatherings on the horizon, many of us may be sharing more on social media than usual. But how much is too much? With McAfee’s Social Privacy Manager, people get personalized privacy settings based on their sharing preferences – now with industry-first support for TikTok – in addition to platforms like Facebook, Instagram, and LinkedIn. In an era where online privacy concerns are skyrocketing, and 9 out of 10 social media users are concerned about protecting their online privacy and identity, McAfee continues to stand at the forefront of online security.
Whether you’re prepping for holiday photos or protecting your kids’ privacy on TikTok and YouTube, Social Privacy Manager empowers you to adjust over 100 privacy settings across seven social platforms – Facebook, Instagram, X, LinkedIn, YouTube, Google and TikTok – ensuring your information stays private with just a few clicks.
By adding TikTok support Social Privacy Manager also covers the top two platforms that teens use1, TikTok and YouTube. With a family plan, parents can now easily help set privacy settings for their kids – and with 43% of people feeling that online privacy risks have increased in 2024, McAfee’s focus on providing control over social media privacy is both timely and essential.
The McAfee Social Privacy Dashboard
Heading into the holiday season, consumers often face an uptick in phishing and smishing scams, as fraudsters take advantage of shopping rushes and delivery notifications to deceive people. More than a third (39%) of people who use mobile phones admit they have clicked on a text scam message such as a suspicious text from an unknown number or a fake package delivery text, and nearly half (44%) state that they or someone they know have been a victim of such a text scam.
In response to rising phishing and text scam threats, McAfee has upgraded its AI-powered Text Scam Detector. When a text message arrives that contains a link to a website, that link will be scanned and analyzed by McAfee Smart AITM in real-time. If the link leads to a malicious or phishing website, the text message will be blocked.
On iPhones, scam texts are automatically filtered into a junk folder, and on Android, you’ll receive instant alerts when a suspicious message arrives, helping you avoid costly mistakes when you’re busiest.
Text Scam Detector as part of McAfee Mobile Security
“Antivirus protection slows down my PC” is something that is often heard, however recent research from AV-Comparatives shows that this is not the case; in fact, McAfee provides protection with the least amount of performance impact on PCs, of all tested vendors.
To ensure people do not even have to worry about their computer slowing down during holiday shopping or while working through election news, McAfee’s Antivirus now offers a ‘Fast Scanning’ feature. This allows people to balance performance and security, offering customizable options for quick scans or deeper system checks without compromising PC speed.
The Antivirus Dashboard
Whether you’re working remotely, traveling for the holidays, or accessing election news online, privacy is essential – and while a VPN service is sometimes seen as a double-edged sword, providing privacy when people are connected to the internet but impacting the speed of that connection, McAfee’s Secure VPN now offers even faster, more stable connections with an expanded network of 7,000 servers in 48 countries. Additionally, consumers can enjoy extended WireGuard protocol support on Android, Windows, and iOS, for online privacy protection across devices no matter where you are.
VPN Settings
From safeguarding social media privacy to blocking scam texts and ensuring secure browsing, McAfee+ is designed to help you stay safe in an increasingly complex digital world. McAfee+ plans are available for both individuals and families – and with protections such as McAfee’s Social Privacy Manager and McAfee’s Text Scam Detector included, consumers can rest easy knowing that McAfee is constantly watching out for their online protection.
In today’s digital age, securing your online identity and privacy has never been more critical. McAfee’s latest product enhancements reflect the company’s commitment to delivering advanced, easy-to-use solutions that help consumers stay safe online. Whether you’re looking for protection from phishing and smishing scams, safeguarding privacy on social media, or malware, our expanded product range offers solutions for all consumers.
For more information on McAfee’s latest products and plans, visit McAfee.com.
The post How to Maximize the Latest McAfee+ Enhancements for Peace of Mind This Autumn appeared first on McAfee Blog.
In our fast-moving digital world, today’s conversations can take on new meanings years down the line. Then you might find yourself explaining posts that no longer reflect who you are.
This reality makes it crucial to start a conversation in your family about social media archives. Teens and tweens are constantly posting, snapping, tweeting, and commenting every day. According to the latest research, 97% of teens go online daily, with many saying they are “almost constantly” connected.
With so much activity, it’s just a matter of time before some questionable content resurfaces, potentially compromising a job, scholarship, or personal relationship. Old social posts don’t just haunt celebrities; in today’s digital culture, everyone’s online activity is open to scrutiny.
1. Vet your content. Ask yourself some key questions: Is there anything in this post or comment that could hurt me in the future? Does this post defame a specific race, religion, or lifestyle? Is this content contributing to the conversation or just noise?
2. Be Careful with Humor: Not everyone shares your sense of humor. What seems funny today could be viewed differently in the future. Just look at how comedians and public figures are often held accountable for jokes or comments made years ago.
3. Don’t pick at it—purge it. No doubt, people change. You may not be the 20-something hothead who began tweeting or blogging nearly a decade ago, but your archives are still out and say otherwise. In her book, The Life-Changing Magic of Tidying Up, Japanese cleaning consultant Marie Kondo takes tidying to a whole new level, some of which we can apply here. 1) Don’t analyze everything and just pair down — purge. 2) Get rid of anything that doesn’t spark joy for you 3) Don’t ask yourself what you like about a photo or post, ask yourself ‘Why should this stay?’ 4) Keep only the content that makes you happy or inspires you. Chop everything else.
4. Use X’s advanced search. Some of us have tweeted out several novels worth of content. Who has time to go through that? Twitter has advanced search features that will help you quickly find questionable tweets. Just go to https://twitter.com/search-advanced and enter keywords and phrases, along with your user account name. This search will help isolate tweets that could be compromising.
5. Am I being true to who I am? Most tweens and teens are not asking themselves this question, but we can still encourage our kids to engage in this specific self-reflection. Encourage young publishers to think about what message and image they hope to project to go through their archives with that in mind. Encourage them to review everything about their profiles from their bio to the kinds of movies and books they’ve called out, to their Facebook groups. Ask: Is this still who you are? Are these still the interests you’d like to project?
6. Delete immediately:
7. Review likes and post privacy settings. Even the posts of others (that are marked public) that you like or comment on will show up on Google, which means others could judge you guilty by association. It may be time-consuming, but you can clean up your Facebook ‘like’ history in the Activity Log. If you want to share but still limit who can view your posts, McAfee’s Social Privacy Manager helps you adjust your social media privacy settings based on how public or private you want to be online.
8. Google yourself. See what comes up. Be sure to check images, videos, news, and more tabs. You just never know what content will make it into remote circles. If you find something surprising, contact the site host and request they remove the content.
The post Could Your Social Media History Come Back to Bite You? appeared first on McAfee Blog.
Elections are the bedrock of democratic societies, but historically, they have been vulnerable to various forms of manipulation and fraud. Over the last decade, there have only been 1,465 proven cases of election fraud out of the hundreds of millions of votes cast, but election interference through tactics like deliberately spreading disinformation has become increasingly more common.
Election Day for determining the next U.S. President isn’t until November 5th, but early voting starts as early as September 6th in some states. With election season officially underway, understanding past election scams and current threats is crucial for safeguarding the future of democratic processes. As technology and political landscapes evolve, so do the methods used to undermine electoral integrity. Let’s examine the impact of historical election scams, how cybersecurity measures have advanced in response, and the current landscape of election cybersecurity threats.
Throughout history, election scams have come in many forms, from ballot stuffing to voter intimidation. One of the most notorious examples is the 1960 Kennedy-Nixon U.S. presidential election, which was so close that both Republicans and Democrats accused the other side of stuffing ballot boxes. Nixon later claimed in his autobiography that widespread fraud had happened in Illinois, which Kennedy won by less than 10,000 votes.
In more recent history, the 2016 U.S. presidential election highlighted a new dimension of electoral interference: cyber manipulation and disinformation. Russian operatives used social media to spread divisive content and hacked into the email accounts of political figures to release sensitive information. This year, Iranian hackers successfully breached the Trump campaign and targeted the Harris campaign as well.
Hacking is not limited to U.S. elections. In the 2017 French presidential election, hackers targeted the campaign of Emmanuel Macron, leaking internal documents and emails. While the impact of this breach was mitigated by the swift response of the Macron campaign and French authorities, it highlighted the vulnerability of political campaigns to cyberattacks and the importance of rapid countermeasures.
In response to these emerging threats, cybersecurity measures have evolved substantially. In the wake of the 2016 election interference, there was a heightened awareness of the vulnerabilities in electoral systems. This led to the development and implementation of more robust cybersecurity protocols aimed at protecting the integrity of elections.
As technology continues to advance, so do the tactics used by malicious actors. The current landscape of election cybersecurity threats includes:
To effectively address these threats, it is essential for both voters and election officials to be informed and proactive. Voters should be educated about the signs of misinformation and the importance of verifying information from credible sources. Election officials should stay informed about the latest cybersecurity practices and potential threats and adhere to best practices for cybersecurity, including regular updates, strong access controls, and encryption. Transparent communication with the public about the steps being taken to secure elections can build trust and counteract disinformation efforts.
Understanding past election scams and current cybersecurity threats is vital for protecting the integrity of democratic processes. By learning from historical incidents and staying vigilant against emerging threats, we can strengthen our electoral systems and ensure that future elections are fair, transparent, and secure. Through ongoing advancements in technology and policy, we can address the challenges of today and safeguard the future of democracy.
The post Past Election Scams: Lessons Learned and Current Threats appeared first on McAfee Blog.
In a recent special hosted by Oprah Winfrey titled “AI and the Future of Us”, some of the biggest names in technology and law enforcement discussed artificial intelligence (AI) and its wide-ranging effects on society. The conversation included insights from OpenAI CEO Sam Altman, tech influencer Marques Brownlee, and FBI Director Christopher Wray. These experts explored both the promises and potential pitfalls of this rapidly advancing technology. As AI continues to shape our world, it’s crucial to understand its complexities—especially for those unfamiliar with the nuances of AI technology.One of the most significant concerns raised in the special was the rise of AI-generated content, specifically deepfakes, and how they are being weaponized for disinformation. Deepfakes, alongside other generative AI advancements, are progressing at a pace that outstrips our capacity to manage them effectively, posing new challenges to the public.
A deepfake is a highly realistic piece of synthetic media, often video or audio, that uses AI to swap faces or voices to create fake, yet believable, content. Brownlee demonstrated how rapidly this technology is evolving by comparing two pieces of AI-generated footage. The newer sample, powered by OpenAI’s Sora, was far more convincing than its predecessor from just months earlier. While seasoned observers might spot the odd flaw, most people could easily mistake these fakes for real footage, especially as the technology improves.
A demonstration by tech expert Marques Brownlee revealed how AI-generated content has reached unprecedented levels of realism, making it difficult to distinguish between what’s real and what’s fake. This development raises serious concerns about misinformation, particularly in the context of deepfake technology, where AI can create highly realistic, yet entirely fabricated, videos and audio.
The ability of AI to generate convincingly fake content isn’t just a novelty—it’s a threat, particularly when used for malicious purposes. FBI Director Christopher Wray highlighted a chilling example of his introduction to deepfake technology. At an internal meeting, his team presented a fabricated video of him speaking words he never said. It was a stark reminder of how AI could be used to manipulate public opinion, create false narratives, and tarnish reputations. McAfee created Deepfake Detector as a defense against malicious and misleading deepfakes. McAfee Threat Labs data have found 3 seconds of your voice is all scammers and cybercriminals need to create a deepfake.
Wray discussed the increasing use of deepfakes in *sextortion*—a disturbing crime where predators manipulate images of children and teens using AI to blackmail them into sending explicit content. The misuse of AI doesn’t end there, though. In a world where misinformation and disinformation are rampant, deepfakes have become a powerful tool for deception, influencing everything from personal relationships to politics.
The upcoming U.S. presidential election is one area where deepfakes could have particularly dire consequences. Wray pointed out that foreign adversaries are already using AI to interfere with American democracy. Posing as ordinary citizens, these bad actors use fake social media accounts to spread misleading AI-generated content, adding to the chaos of political discourse. In fact, AI-generated images of high-profile figures like former President Donald Trump and Vice President Kamala Harris have already misled millions of people.
Bill Gates emphasized that AI’s progression is moving faster than many anticipated, even for experts in the field. This rapid evolution could lead to major societal shifts sooner than expected, presenting both exciting opportunities and significant challenges. Sam Altman of OpenAI echoed these concerns, stressing that the world is only beginning to see the full scope of AI’s potential impact on the economy and everyday life.
One of the more controversial points discussed was AI’s potential to displace jobs. Gates predicted that in the future, the workweek might shrink as automation takes over many tasks, suggesting a shift to a three-day workweek. While automation may replace many roles, Gates argued that human-centric professions—those requiring creativity and interpersonal skills—will remain in demand. This highlights the growing need for skills that machines can’t replicate.
Christopher Wray, Director of the FBI, warned of how AI is being weaponized by criminals. From manipulating innocent images into explicit content to using AI for extortion, the technology is being leveraged to amplify illegal activities. Wray illustrated how AI has made it easier for less experienced criminals to engage in more sophisticated crimes, particularly in targeting vulnerable populations like teenagers.
The overarching message from the discussion was clear: to mitigate the risks posed by AI, close collaboration between governments and technology companies is crucial. Altman stressed the importance of implementing safety measures, likening the regulation of AI to that of airplanes and pharmaceuticals. Gates echoed the call for responsible development, emphasizing that regulatory frameworks must evolve alongside the technology.
AI is advancing rapidly, changing the way we live, work, and communicate. For those unfamiliar with the intricacies of generative AI, the recent discussion on AI and the Future of Us” provided a comprehensive look at both the opportunities and dangers AI presents. From job market disruptions to the rise of deepfakes and disinformation, it’s clear that AI will continue to shape our world in unpredictable ways. By acknowledging both its promise and its peril, we can better prepare ourselves for the future of AI.
Despite the concerns raised, the conversation was not without optimism. AI holds immense potential to revolutionize sectors like healthcare and education. However, the discussion made it clear that thoughtful regulation and public awareness are necessary to ensure AI serves society positively and ethically. By balancing innovation with caution, there’s hope that AI can be harnessed to benefit everyone.
The post Unmasking AI and the Future of Us: Five Takeaways from the Oprah TV Special appeared first on McAfee Blog.
All day long, it’s almost always within arm’s reach. Your smartphone. And we rely on it plenty. That makes securing your phone so important. Good thing that some of the best tips for making your phone safer are also some of the easiest.
Here’s a quick rundown:
1. Lock your phone.
Locking your phone is one of the most basic smartphone security measures you can take. Trouble is, few of us do it. Our recent global research showed that only 56% of adults said that they protect their smartphone with a password, passcode, or other form of lock.[i] In effect, an unlocked phone is an open book to anyone who finds or steals a phone.
Setting up a lock screen is easy. It’s a simple feature found on iOS and Android devices. iPhones and Androids have an auto-lock feature that locks your phone after a certain period of inactivity. Keep this time on the low end, one minute or less, to help prevent unauthorized access.
We suggest using a six-digit PIN or passcode rather than using a gesture to unlock your phone. They’re more complex and secure. Researchers proved as much with a little “shoulder surfing” test. They looked at how well one group of subjects could unlock a phone after observing the way another group of subjects unlocked it.[ii]
2. Turn on “Find My Phone.”
Another powerful tool you have at your disposal is the Find My Phone feature made possible thanks to GPS technology. The “find my” feature can help you pinpoint your phone if your lost or stolen phone has an active data or Wi-Fi connection and has its GPS location services enabled. Even if the phone gets powered down or loses connection, it can guide you to its last known location.
Setting up this feature is easy. Apple offers a comprehensive web page on how to enable and use their “Find My” feature for phones (and other devices too). Android users can get a step-by-step walkthrough on Google’s Android support page as well.
3. Learn how to remotely track, lock or erase your phone.
In the event of your phone getting lost or stolen, a combination of device tracking, device locking, and remote erasing can help protect your phone and the data on it.
Different device manufacturers have different ways of going about it. But the result is the same — you can prevent others from using your phone, and even erase it if you’re truly worried that it’s in the wrong hands or gone for good. Apple provides iOS users with a step-by-step guide, and Google offers up a guide for Android users as well.
4. Back up your stuff in the cloud.
Thanks to cloud storage, you might be able to recover your photos, files, apps, notes, contact info, and more if your phone is lost or stolen. Android owners can learn how to set up cloud backup with Google Drive here, and iPhone users can learn the same for iCloud here.
5. Update your phone’s operating system and apps.
Keep your phone’s operating system up to date. Updates can fix vulnerabilities that hackers rely on to pull off their malware-based attacks — it’s another tried-and-true method of keeping yourself safer and your phone running great too.
The same goes for the apps on your phone. Ideally, set them up to update automatically so that you don’t have to take extra time to do it yourself. Also, look for opportunities to delete old apps and any data linked with them. Fewer apps on your phone means fewer vulnerabilities. And less data in fewer places can reduce your exposure to data breaches.
6. Stick with official app stores.
Legitimate app stores like Google Play and Apple’s App Store have measures in place that help ensure that apps are safe and secure. And for the malicious apps that sneak past these processes, Google and Apple are quick to remove them once discovered, making their stores that much safer. Meanwhile, third-party app stores might not have these measures in place. Further, they might be a front for hackers looking to spread mobile malware through malicious apps.
7. Go with a strong app recommendation.
Yet better than combing through user reviews yourself is getting a recommendation from a trusted source, like a well-known publication or from app store editors themselves. In this case, much of the vetting work has been done for you by an established reviewer. A quick online search like “best fitness apps” or “best apps for travelers” should turn up articles from legitimate sites that can suggest good options and describe them in detail before you download.
That’s not to say that you should overlook user reviews. Certainly, legitimate reviews can be a big help. Look closely at the listing, though. Check out the developer’s track record. Have they published several other apps with many downloads and good reviews? A legit app typically has quite a few reviews, whereas malicious apps may have only a handful of (phony) five-star reviews. Lastly, look for typos and poor grammar in both the app description and screenshots. They could be a sign that a hacker slapped the app together and quickly deployed it.
8. Keep an eye on app permissions.
Another way hackers weasel their way into your device is by getting permissions to access things like your location, contacts, and photos — and they’ll use sketchy apps to do it. So check and see what permissions the app is requesting. If it’s asking for way more than you bargained for, like a simple game wanting access to your camera or microphone, it might be a scam.
Delete the app and find a legitimate one that doesn’t ask for invasive permissions. If you’re curious about permissions for apps that are already on your phone, iPhone users can learn how to allow or revoke app permission here, and Android can do the same here.
9. Spot scam texts and their bad links.
Scam texts seem like an unfortunate fact of life. Scammers can blast thousands of phones with texts that contain links to phishing sites and to others that host malware. Our Text Scam Detector puts a stop to scams before you click — detecting any suspicious links and sending you an alert. And if you accidentally tap that bad link, it can still block the site for you.
10. Protect your smartphone with security software.
With all that we do on our phones, it’s important to get security software installed on them, just like we install it on our computers and laptops. Whether you go with comprehensive online protection software that secures all your devices or pick up an app in Google Play or Apple’s App Store, you’ll have malware, web, and device security that’ll help you stay safe on your phone.
[i] https://www.mcafee.com/content/dam/consumer/en-us/docs/reports/rp-connected-family-study-2022-global.pdf
[ii] https://arxiv.org/abs/1709.04959
The post 10 Quick Tips for Mobile Security appeared first on McAfee Blog.
FreshRSS 