Login
With a record-breaking number of Americans set to travel over the July 4th holiday, most of them by car, scammers have adjusted their plans accordingly. New research reveals the top 10 U.S. destinations where scammers plant the bulk of their online travel scams.
Our McAfee Labs team kicked off this research by analyzing TripAdvisor’s Popular Domestic Destinations for US Travelers and Fastest Growing Domestic Destinations for US Travelers lists. From there, they identified the locales that generated the highest volume of risky search results.
For people researching and booking travel online, those results could lead to all manner of sketchy sites. Some host malware, others steal personal info, and yet more lead to phony booking sites that take their money and leave them with nowhere to stay.
Paired with that research, we also polled 1,000 Americans on their travel plans, including how they’re researching and booking online and the travel scams they’ve encountered over the years.
Together, they offer a view of what travel scams look like today — and insights into how you can avoid them.
Of the Americans we surveyed, 85% said they’ll travel this year. Within that mix, you’ll find both splurging and bargain-hunting as travelers do their planning and booking online.
As far as splurging goes, 65% said they’ll spend more on wining and dining, 53% on experiences like tours and sightseeing, and 48% on shopping for themselves and others.
Not so surprisingly on the bargain-hunting side, people said they’re looking for the cheapest airfare (48%), cheapest accommodations (46%), and deals on activities and excursions (34%).
To plan their travels, many Americans said they’ve turned to AI. Or that they would at least consider it.
When asked, “Have you or would you use an Artificial Intelligence (AI) tool like WhereTo, ChatGPT, or Vaca Chatbot to help you plan your next vacation?” we uncovered the following:
Overall, online resources lead the way when it comes time to plan and book travel. More than half of Americans say they use online reviews as a primary resource, with online travel sites close behind at just under half.
Still, traditional sources of travel research remain popular. Recommendations from family and friends weighed in at 40%, with another 36% saying they flip through travel books and guides.
As far as Americans’ concerns about travel scams, those remain high. Nearly four out of five people (79%) said they research and pay attention to travel scams as part of their planning. Which is wise, as many people said they’ve gotten burned by one.
When asked if they’d ever fallen for a scam while booking travel, 28% said yes. The top three booking scams they reported include:
Yet another 28% said they’d fallen prey to a scam while traveling. The top three scams for those Americans included:
How’d all these scams add up? In all, we found that 32% of victims said they lost between $501–1000 in a single scam. Another 24% of victims said they lost more than $1,000. Only a relatively small percentage of people – just 15% — said they lost nothing, a figure that shows just how successful travel scams can be.
This falls in line with reports from the Federal Trade Commission (FTC). As published in their 2023 Data Book, more than 55,000 Americans reported a travel scam with a median loss of nearly $1,200 per case.[i] As always with FTC statistics, this only includes reported cases of fraud. The number of actual scams more than likely climbs higher than that.
And now, our list.
Once again, these destinations return the highest volume of potential scam results in search. As always, booking any travel online calls for care (and we’ll cover that next). Yet when it comes to researching and booking travel in the U.S., scammers appear to favor the following destinations the most:
Our recommendations for U.S. travel fall in line with the ones we offered earlier this year when we shared the results of the top ten riskiest international destinations. Our list begins with a cornerstone piece of advice: Trust a trusted platform.
That’s your best place to start. Book your vacation rental through a reputable outlet. Vacation rental platforms like Airbnb and VRBO have policies and processes in place that protect travelers from scammers. The same goes for booking other travel needs above and beyond renting. Travel platforms such as Expedia, Priceline, Orbitz, and others also have protections in place.
From there, you have several other ways you can avoid booking scams…
Look for signs of rental scams.
Do a reverse image search on the photos used in the property’s listing and see what comes up. It might be a piece of stock photography designed to trick you into thinking it was taken at an actual property for rent. (Scammers sometimes highjack photos of actual properties not for rent too. Some now use AI-generated images as well.) Also, read the reviews for the property. Listings with no reviews are a red flag.
Only communicate and pay on the platform
The moment a host asks to communicate outside of the platform is another red flag. Scammers will try to lure you off the platform where they can request payment in forms that are difficult to recover or trace after you realize you’ve been scammed.
Moreover, paying for your rental outside the platform might also go against the terms of service, as in the case of Airbnb. Or, as with VRBO, paying outside the platform voids their “Book with Confidence Guarantee,” which offers you certain protections. Use the platform to pay and use a credit card when you do. In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing.
Never pay with cryptocurrency, wire transfers, or gift cards
If someone asks you to pay for your trip one of these ways, it’s a scam. Travel scammers prefer these payment methods because they’re exceptionally tough to track. Once that money gets sent, it’s likewise exceptionally tough to get back.
Keep an eye out for phishing attacks
Scammers use phishing emails and messages to trick travelers into revealing sensitive info or downloading malware onto their devices. As you book, look for unsolicited messages claiming to be from airlines, hotels, or financial institutions. Particularly if they ask for personal info or prompt you to click on suspicious links. When in question, contact the sender directly using official contact info from their official website.
Also, look into McAfee Scam Protection, included with our McAfee+ plans. It blocks links to scam sites that crop up in emails, messages, and texts. AI technology automatically scans the links and alerts you if it might send you to a scam site.
Let your bank and credit card companies know you’re traveling
Give your bank and credit card companies a call before you head out. They have anti-fraud measures in place that look for unusual activity, such as when your card is used in a location other than somewhere relatively near your home. This can trigger a freeze, which can put you in a lurch if you’re looking to withdraw cash or make a payment. Contacting your bank and credit card companies before you travel can help prevent this.
Have an easy way to keep tabs on your accounts and credit
Fraud can happen at any time, even when you’re out of town. A couple of things can help you nip it quickly before it takes a big bite out of your credit card or bank accounts. Transaction monitoring notifies you of any questionable activity in your credit cards or bank accounts. It can further alert you to any other questionable activity in your 401(k) plans, investments, and loans.
So say that your debit card info got skimmed in a sketchy ATM or point-of-sale machine — you’ll get an alert if thieves try to make a purchase with it. From there, you can contact your bank and take the extra step of putting a security freeze in place to prevent further fraud. You can security freeze and transaction monitoring features in our McAfee+ plans as well.
Protect your identity
Before you hop on a plane, train, or automobile, consider investing in identity protection. This way, you can head off any issues that might crop up when you should be enjoying yourself. For example, imagine losing your wallet. Immediately, a dark cloud of “what ifs” rolls in. What if someone’s running up charges on your cards? What if someone used your ID or insurance cards to impersonate you online? Not a great feeling any time, especially on vacation.
With identity theft coverage and restoration in place, you can recoup your losses and restore your identity if a thief damaged it in any way. Ours provides up to $2 million in coverage, along with lost wallet protection that cancels and replaces lost cards with little effort from you.
[i] https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Annual-Data-Book-2023.pdf
The post The Top 10 Online Booking Scam Hotspots in the U.S. Revealed appeared first on McAfee Blog.
What is our real job as parents? Is it to ensure our kids get good grades? – Maybe. Or is it ensuring we can give them the latest and greatest clothing and devices? Mmmm, not really. When all is said and done, I believe our real job is to keep our kids safe, teach them to be independent, and set them up for success – both online and offline.
As first-generation digital parents, many of us are learning on the job. While we can still glean advice from our own parents on dealing with our teenager’s hormones and driving challenges, there’s no intergenerational wisdom for anything digital. So, it is inevitable that many of us parents feel unsure about how and why to be proactive about online safety.
With four grown boys, 12 nieces and nephews, and almost 13 years in this job talking to families about online safety, I’ve developed a pretty good understanding of how families want to live their lives online, their biggest concerns, and how they value safety and security. Here’s what I’ve learnt:
I’ve often dreamt about wrapping my boys in cotton wool and keeping them away from the real world. But unfortunately, that’s not how it works. The internet definitely has some hugely positive features for teens and tweens but there are some challenges too. Here is what parents are most concerned about:
1. Social Media
Without a doubt, tween and teen social media usage would currently be the biggest concern for most parents. In Australia, there is currently a move to delay children using social media to 16. The Prime Minister is a fan as are many state and territory leaders. There’s no doubt parents are concerned about the impact social media is having on their children’s mental health. Whether dealing with followers, friends, or FOMO (fear of missing out), harassment, or exposure to unhelpful, or even dangerous influencers, parents are worried and often feel helpless about how best to help their kids.
2. Bullying
Parents have every right to be concerned. Cyberbullying does happen. In fact, 1 child in 3 reports being the victim of cyberbullying according to a UNICEF study. And in a study conducted by McAfee in 2022 that does a deep dive into the various types of bullying, there’s no doubt that the problem is still very much a reality.
3. Inappropriate Content
There really isn’t anything you can’t find online. And therein lies the problem. With just a few clicks, a curious, unsupervised 10-year-old could access images and information that would be wildly inappropriate and potentially traumatic. And yes, I’m talking sex, drugs and rock and roll themes! There are things online that little, inexperienced eyes are just not ready for – I am not even sure I am either, to be honest!
4. Screen Time
While I think many parents still find the word screen time a little triggering, I think some parents now realise that not all screen time ‘was created equally’. It’s more about the quality and potential benefit of screen time as opposed to the actual time spent on the screen. For example, playing an interactive, good quality science game as opposed to scrolling on Instagram – clearly the game wins!
However, parents are still very concerned that screen time doesn’t dominate their kids’ lives and adversely affects their kids’ levels of physical activity, face-to-face time with family and friends, and their ability to sleep.
While there is no silver bullet here, being proactive about your family’s online security is THE best way of protecting your family members, minimising the risk of unpleasant interactions, and setting them up for a positive online experience. And it will also reduce your stress big time – so it’s a complete no-brainer!!
Here are 5 things you can kick off today that will have a profound impact on your family’s online security:
1. Talk, talk, talk!!
Yes, that’s right – simply talk! Engaging with your kids about their online lives – what they like to do, sites and apps they use and any concerns they have is one of the best ways to keep them safe. As is sharing your own stories. If your kids know that you understand the digital world, they will be far more likely to come to you if they experience any issues at all. And that’s exactly what we want!!
2. Parental Controls and Monitoring
Parental controls can work really well alongside a proactive educational approach to online safety. As well as teaching kids healthy digital habits, they can also help parents monitor usage, set limits, and even keep tabs on their kids’ whereabouts. Gold!! Check out more details here.
3. Social Media Safety
Undertake an audit of all family member’s privacy settings to ensure that are set to the highest level. This will ensure only trusted people can view and interact with your kids’ profiles. Also, remind your kids not to overshare as it could lead to their identities being stolen. And check out McAfee’s Social Privacy Manager which can help you manage more than 100 privacy settings on social media accounts in seconds.
4. Make a Plan In Case of Aggressive Behaviour
As a cup-half-full type, I’m not a fan of negativity but I am a fan of plans. So, I do recommend creating an action plan for your kids in case they encounter something tricky online, in particular bullying or aggressive behaviour. I recommend you tell them to take screenshots, disengage, tell someone they trust (ideally you), and report the behaviour to the relevant social media platform or app. In some cases, you could involve your child’s school however this obviously depends on the perpetrator.
5. Passwords please!
I know you have probably heard it before, but password management is such a powerful way of staying safe online. In an ideal world, every online account should have its own unique password. Why? Well, if your logins get stolen in a data breach then the cybercriminals will not be able to reuse them to log into any of your other accounts.
And while you’re at it, ensure all passwords are at least 8-10 characters long, and contain random symbols, numbers and both upper and lowercase letters. If all is too hard, simply engage a password manager that will both generate and remember all the passwords for you. What a relief!
And of course, it goes without saying that a big part of being safe online is having super-duper internet protection software that will give you (and your family members) the best chance of a safe and secure online experience. McAfee+’s family plans not only give you a secure VPN, 24/7 identity and financial monitoring and alerts but AI-powered scam protection and advanced anti-virus that will protect each of your family members from fake texts, risky links, viruses, malware and more. Sounds like a plan to me!!
Till next time
Stay safe everyone!
Alex
The post What Security Means to Families appeared first on McAfee Blog.
“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.
The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:
Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:
To protect yourself from vishing scams, you should:
Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.
The post How to Protect Yourself from Vishing appeared first on McAfee Blog.
Citing national security concerns, the U.S. Department of Commerce has issued a ban on the sale of all Kaspersky online protection software in the U.S. This ban takes effect immediately.
Of major importance to current customers of Kaspersky online protection, the ban also extends to security updates that keep its protection current. Soon, Kaspersky users will find themselves unprotected from the latest threats.
Current Kaspersky users have until September 29, 2024 to switch to new online protection software. On that date, updates will cease. In fact, the Department of Commerce shared this message with Kaspersky customers:
“I would encourage you, in as strong as possible terms, to immediately stop using that [Kaspersky] software and switch to an alternative in order to protect yourself and your data and your family.”
As providers of online protection ourselves, we believe every person has the right to be protected online. Of course, we (and many industry experts!) believe McAfee online protection to be second to none, but we encourage every single person to take proactive steps in securing their digital lives, whether with McAfee or a different provider. There is simply too much at stake to take your chances. The nature of life online today means we are living in a time of rising cases of online identity theft, data breaches, scam texts, and data mining.
If you’re a current Kaspersky US customer, we hope you’ll strongly consider McAfee as you look for a safe and secure replacement. For a limited time, you can get a $10 discount to switch to McAfee using code MCAFEEKASUS10 at checkout.
With that, we put together a quick Q&A for current Kaspersky users who need to switch their online protection software quickly. And as you’ll see, the Department of Commerce urges you to switch immediately.
Yes. The Department of Commerce has issued what’s called a “Final Determination.” In the document, the government asserts that:
“The Department finds that Kaspersky’s provision of cybersecurity and anti-virus software to U.S. persons, including through third-party entities that integrate Kaspersky cybersecurity or anti-virus software into commercial hardware or software, poses undue and unacceptable risks to U.S. national security and to the security and safety of U.S. persons.”
(i) This news follows the 2017 ban on using Kaspersky software on government devices. (ii) That ban alleged that Russian hackers used the software to steal classified materials from a device that had Kaspersky software installed. (iii) Kaspersky has denied such allegations.
Yes. In addition to barring new sales or agreements with U.S. persons from July 20, the ban also applies to software updates. Like all online protection software, updates keep people safe from the latest threats. Without updates, the software leaves people more and more vulnerable over time. The update piece of the ban takes hold on September 29. With that, current users have roughly three months to get new online protection that will keep them protected online.
The answer depends on your device. The links to the following support pages can walk you through the process:
Today, you need more than anti-virus to keep you safe against the sophisticated threats of today’s digital age. You need comprehensive online protection. By “comprehensive” we mean software that protects your devices, identity, and privacy. Comprehensive online protection software from McAfee covers all three — because hackers, scammers, and thieves target all three.
“Comprehensive” also means that your software continues to grow and evolve just as the internet does. It proactively rolls out new features as new threats appear, such as:
Scam Protection that helps protect you against the latest scams via text, email, QR codes, and on social media. Also, should you accidentally click, web protection blocks sketchy links that crop up in searches and sites.
Social Privacy Manager that helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks. It also protects privacy on TikTok, making ours the first privacy service to protect people on that platform. For families, that means we now cover the top two platforms that teens use, TikTok and YouTube.
AI-powered protection that doesn’t slow you down. For more than a decade, our award-winning protection has used AI to block the latest threats — and today it provides 3x faster scans with 75% fewer processes running on the PC. Independent tests from labs like AV-Comparatives have consistently awarded McAfee with the highest marks for both protection and for performance.
What should I do about the Kaspersky ban?
As the Department of Commerce urges, switch now.
Yet, make a considered choice. Comprehensive online protection software that looks out for your devices, identity, and privacy is a must — something you are likely aware of already as a Kaspersky user.
We hope this rundown of the Kaspersky news helps as you seek new protection. And we also hope you’ll give us a close look. Our decades-long track record of award-winning protection and the highest marks from independent labs speaks to how strongly we feel about protecting you and everyone online. Kaspersky US customers can get a discount to switch to McAfee for a limited time, using code MCAFEEKASUS10 at checkout.
The post The Kaspersky Software Ban—What You Need to Know to Stay Safe Online appeared first on McAfee Blog.
As the summer sun beckons us to explore new destinations, many of us rely on public Wi-Fi to stay connected while on the go. Whether checking emails, browsing social media, or planning our next adventure, access to Wi-Fi has become an essential part of our travel experiences. However, amidst the convenience lies a lurking threat to our cybersecurity. Public Wi-Fi networks are typically unencrypted, meaning data transmitted over these networks can be intercepted by hackers.
A study found that 40% of respondents have had their information compromised while using public Wi-Fi. In one notorious incident, a hacker accessed a journalist’s confidential work emails through in-flight Wi-Fi and then confronted him at baggage claim to reveal the breach. Often, individuals remain unaware of such compromises until well after the fact.
Since public Wi-Fi networks are often unsecure and used by many people, they are prime targets for cybercriminals looking to steal personal information such as passwords, credit card numbers, and other sensitive data. But fear not! With the right precautions, you can enjoy your summer travels while keeping your data safe and secure.
1. Understanding the Risks: Before delving into the world of public Wi-Fi, it’s crucial to understand the risks involved. Public networks, such as those found in cafes, airports, and hotels, are often unencrypted, meaning that cybercriminals can intercept data transmitted over these networks. This puts your sensitive information, including passwords, credit card details, and private messages, at risk of being compromised.
2. Utilize a Virtual Private Network: One of the most effective ways to safeguard your data while using public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, creating a secure tunnel between your device and the internet. This encryption prevents hackers from intercepting your data, ensuring your online activities remain private and secure. Invest in a reputable VPN service and install it on your devices before embarking on your summer adventures for added protection. Check out our step-by-step tutorial if it’s your first time setting up a VPN.
3. Keep Software Updated: Another essential aspect of cybersecurity is keeping your devices and software up-to-date. Updates often include security patches that address vulnerabilities and protect against emerging threats. Before setting off on your summer travels, install any available updates for your operating system, web browser, and security software. This simple step can significantly reduce the risk of falling victim to cyberattacks while connected to public Wi-Fi networks.
4. Enable Multi-Factor Authentication: Adding an extra layer of security to your online accounts can help prevent unauthorized access, even if your passwords are compromised. Multi-factor authentication (MFA) requires you to provide two or more forms of verification before accessing your accounts, such as a password, a fingerprint scan, or a one-time code sent to your mobile device. Enable MFA on your email, social media, and banking accounts before your travels to enhance your cybersecurity defenses.
5. Exercise Caution: Avoid accessing sensitive information while connected to public Wi-Fi. Refrain from logging into banking or shopping accounts and accessing confidential work documents while connected to unsecured networks. Instead, save these tasks for when you’re connected to a trusted network or using your mobile data.
6. Practice Good Password Hygiene: While connected to public Wi-Fi, it’s crucial to use strong, unique passwords for all your accounts. Avoid using easily guessable passwords or reusing the same password across multiple accounts, as this increases the risk of unauthorized access to your sensitive information. Consider using a reputable password manager to generate and store complex passwords securely.
7. Consider a Personal Hotspot: Using a personal hotspot instead of public Wi-Fi networks can often be a safer choice. Many mobile devices allow you to create a secure Wi-Fi network using your cellular data connection. Check your phone provider’s data plan beforehand to ensure this option doesn’t incur additional data charges.
Connecting to public Wi-Fi safely during your summer travels requires awareness and preparation. By taking steps like utilizing a VPN, keeping your software updated, and enabling MFA, you can enjoy the convenience of staying connected while protecting your personal information from cyber threats.
To further safeguard your digital devices, explore McAfee’s array of software solutions to discover the perfect fit for your security requirements. With the right cybersecurity tools, it’s easy to surf the web securely while exploring new destinations during your summer adventures.
The post How to Safely Connecting to Public Wi-Fi While Traveling appeared first on McAfee Blog.
This has to be a first. Something from our blogs got made into a movie.
We’re talking about voice scams, the soundalike calls that rip people off. One such call sets the action in motion for a film released this weekend, “Thelma.”
The synopsis of the comedy reads like this …
“When 93-year-old Thelma Post gets duped by a phone scammer pretending to be her grandson, she sets out on a treacherous quest across the city to reclaim what was taken from her.”
Voice scams have been around for some time. They play out like an email phishing attack, where scammers try to trick people into forking over sensitive info or money — just in voice form over the phone. The scammer poses as someone the victim knows, like a close family member.
Yet the arrival of AI has made voice scams far more convincing. Cheap and freely available AI voice cloning tools have flooded the online marketplace in the past couple of years. They’re all completely legal as well.
Some cloning tools come in the form of an app. Others offer cloning as a service, where people can create a clone on demand by uploading audio to a website. The point is, practically anyone can create a voice clone. They sound uncanny too. Practically like the real thing, and certainly real enough over the phone. And it only takes a small sample of the target’s voice to create one.
Our own labs found that just a few seconds of audio was enough to produce a clone with an 85% voice match to the original. That number bounced up to 95% when they trained the clone further on a small batch of audio pulled from videos.
As to how scammers get a hold of the files they need, they have a ready source. Social media. With videos harvested from public accounts on YouTube, Instagram, TikTok, and other platforms, scammers have little trouble creating clones — clones that say whatever a scammer wants. All it takes is a script.
That’s where the attack comes in. It typically starts with a distress call, just like in the movie.
For example, a grandparent gets an urgent message on the phone from their grandchild. They’re stuck in the middle of nowhere with a broken-down car. They’re in a hospital across the country with a major injury. Or they’re in jail overseas and need to get bailed out. In every case, the solution to the problem is simple. They need money. Fast.
Sure, it’s a scam. Yet in the heat of the moment, it all sounds terribly real. Real enough to act right away.
Fearing the worst and unable to confirm the situation with another family member, the grandparent shoots the money off as instructed. Right into the hands of a scammer. More often than not, that money is gone for good because the payment was made with a wire transfer or through gift cards. Sometimes, victims pay out in cash.
Enter the premise for the movie. Thelma gets voice-scammed for thousands, then zips across Los Angeles on her friend’s mobility scooter to get her money back from the voice scammers.
The reality is of course more chilling. According to the U.S. Federal Trade Commission (FTC), nearly a million people reported a case of imposter fraud in 2023. Total reported losses reached close to $2.7 billion. Although not tracked and reported themselves, voice clone attacks certainly figure into this overall mix.
Even as we focus on the character of Thelma, voice clone attacks target people of all ages. Parents have reported cases involving their children. And married couples have told of scams that impersonate their older in-laws.
Common to each of these attacks is one thing: fear. Something horrible has happened. Or is happening. Here, scammers look to pull an immediate emotional trigger. Put plainly, they want to scare their victim. And in that fear, they hope that the victim immediately pays up.
It’s an odds game. Plenty of attacks fail. A parent might be sitting at the dinner table with their child when a voice clone call strikes. Or a grandchild might indeed be out of town, yet traveling with their grandmother when the scammer gives her a ring.
Yet if even a handful of these attacks succeed, a scammer can quickly cash in. Consider one attack for hundreds, if not thousands, or dollars. Multiply that by five, ten, or a dozen or so times over, a few successful voice clone scams can rack up big returns.
Yet you can protect yourself from these attacks. A few steps can make it more difficult for scammers to target you. A few others can prevent you from getting scammed if a voice clone pops up on the other end of the phone.
Make it tougher for scammers to target you by:
Clear your name from data broker sites. How’d that scammer get your phone number anyway? Chances are, they pulled that info off a data broker site. Data brokers buy, collect, and sell detailed personal info, which they compile from several public and private sources, such as local, state, and federal records, in addition to third parties. Our Personal Data Cleanup scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and helps you remove your data.
Set your social media accounts to private. Scammers sift through public social media profiles in search of info on their targets. In some cases, an account can provide them with everything they need to launch an attack. Family names, family interests, where the family goes for vacation, where family members work — and videos that they can use for cloning. By making your accounts private, you deny scammers the resources they require. Our Social Privacy Manager can do this for you across all your accounts in only a few clicks.
Prevent getting scammed by:
Recognize that voice clone attacks are a possibility. As we’re still in the relatively early days of AI tools, not everyone is aware that this kind of attack is possible. Keeping up to date on what AI can do and sharing that info with your family and friends can help them spot an attack. As we’ve reported here before, voice clones are only the start. Other imposter scams run on video calls where a scammer takes on someone else’s voice and looks. All in real-time.
Always question the source. In addition to voice cloning tools, scammers have other tools that can spoof phone numbers so that they look legitimate. Even if it’s a voicemail or text from a number you recognize, stop, pause, and think. Does that really sound like the person you think it is? Hang up and call the person directly or try to verify the info before responding.
Set a verbal codeword with kids, family members, or trusted close friends. Even in the most high-tech of attacks, a low-tech precaution can keep everyone safe. Have a codeword. Save it for emergencies. Make sure everyone uses it in messages and calls when they ask for help. Further, ensure that only you and those closest to you know what the codeword is. This is much like the codewords that banks and alarm companies use to help ensure that they’re speaking to the proper account holder. It’s a simple, powerful step. And a free one at that.
The post Thelma – The Real-Life Voice Scam That Made It into the Movies appeared first on McAfee Blog.
Kids engage online far differently than adults. Between group chats, social apps, and keeping up with digital trends, their interests, and attention spans constantly shift, which means online privacy concerns get sidelined. Here are a few ways to move online privacy center stage.
Few things will put kids to sleep faster than talking with parents about online stuff like privacy. So, flip the script. Talk about the things they love online—shopping, TikTok, and group chats. Why? Because all that daily fun could come to a screeching halt should a bad actor get a hold of your child’s data. Establishing strong digital habits allows your child to protect what they enjoy including their Venmo account, video games, and midnight chatting. Doing simple things such as maximizing privacy settings on social networks, limiting their social circles to known friends, and refraining from oversharing, can dramatically improve digital privacy.
We say it often: The best way to keep your kids safe online is by nurturing a strong relationship with them. A healthy parent-child connection is at the heart of raising kids who can make good choices online. Connect with your child daily. Talk about what’s important to them. Listen. Ask them to show you their favorite apps. Soon, you’ll discover details about their online life and gain the trust you need to discuss difficult topics down the road.
According to the latest Data Breach Investigations Report (DBIR), which examined the state of cybersecurity in 2023, some 68% of global breaches, regardless of whether they included a third party or not, involved a non-malicious human action, such as a person making an error or becoming a victim of a social engineering attack. For that reason, consider putting an extra layer of protection between your family and cyberspace. A few ways to do that:
A good digital offense is the best way to guard yourself and your family against those out to misuse your data. Offensive tactics and habits include using strong passwords, maximizing privacy settings on social networks, using a VPN, and boosting security on the many IoT devices throughout your home.
Get in the habit of deep cleaning your technology and bring your kids into the routine. Here’s how:
Establish rules and guidelines for online behavior, and make sure everyone in the family understands the importance of protecting their personal information.
Keep the conversation about online safety ongoing. Regularly check in with your kids about their online experiences and encourage them to speak up if they encounter anything suspicious or uncomfortable.
It’s hard to slow down and get serious about online privacy if you’ve never experienced a breach or online theft of some kind. However, chances are, the dark side of online living will impact your family before long. Ready to go deeper? Dig into these cybersecurity tips for every age and stage.
The post How to Get Kids Focused on Their Online Privacy appeared first on McAfee Blog.
Falling in love in the internet age is a whole different ball game to the social-media-free ’70s, ’80s and ’90s. Awkward calls on the home phone, sending cards in the mail, and making mixtapes were all key relationship milestones back in the days of roller skates. But fast forward to the new millennium and dating is a whole different sport.
No longer are teens relying on their friends and family for introductions to new love interests, it’s all doable online thanks to the plethora of available dating apps and social media platforms. So it’s no surprise that research confirms that meeting online has officially displaced the traditional ways romantic partnerships were formed.
But how does it actually work? How do teens really connect online? Is it just about the dating apps? What about Instagram? Don’t they also use messaging apps to meet? And what does ‘benching’ and ‘beta-testing’ mean?
Ah, yes I know it can feel overwhelming but don’t stress – I got you! I’ve put together all the key information you need to know if you have kids who are starting their online dating journey.
When many of us think about online dating, we think about the major dating apps like Tinder and Bumble however that’s actually not where it all happens. In fact, many teens inform me that it really is all about Instagram, Snapchat, and increasingly, TikTok. I am reliably informed that these social media platforms give you a more authentic understanding of someone – great! But, in my opinion, there are potential safety issues with using social media to attract a mate. Particularly, if you have a young, inexperienced teen on your hands.
In order for people to be able to follow you on these platforms (and send you messages), you need to have your profile set to public. So, if you have a young, naïve teen who has their social media accounts set to public to ramp up their love life, then I consider this to be a safety concern. They can receive messages from anyone which is not ideal.
In 2024, chances are your teens will not meet a potential mate in real life (IRL) – it all happens online. But even on the rare chance they do first meet in person, or they eyeball someone they fancy across the school playground, the relationship will develop online. That’s where the magic happens!
So instead of multiple landline telephone calls to friends to ‘suss out’ their crush, they spend multiple hours researching their crush online. They’ll check out and dissect their photos and posts, find all their social media accounts, and then, depending on their level of courage, they may follow all their accounts. Colloquially, this is often referred to as ‘social media stalking’.
Once they’ve built up the courage, teens may start liking the posts of their crush. Some may even go back over old social media posts and photos from several years back to demonstrate their level of interest. This is known as ‘deepliking’. Some teens think this is an effective strategy, others consider this to be off-putting – each to their own!! But the goal here is to put yourself on the radar of your crush.
Now, once the ‘likes’ have gathered some momentum, the teen may decide it’s time to ‘slide into their crush’s DM’s’. Ah – there’s that expression. All it really means is that your teen will send a direct message to their love interest – usually on a social media app such as Instagram or TikTok.
But they may not even need to ‘slide into the DM’s’. I am reliably informed that if you like a few posts of a potential love interest and then, they like a few of yours, you’re flirting and there’s definitely a spark!! The love interest may then just be the one initiating interest.
Now, if there is a spark and the crush has replied, the next phase is messaging – and a lot of it! Potentially 1000’s of messages. I have first-hand experience of paying a telephone bill for someone (no names) who was super smitten with a girl in the days before unlimited data. All I can say is ouch!!!
Now this messaging may take place on a social media app, a messaging app such as WhatsApp, Messenger, or even via text. Or possibly even a combination of them all!! The key here is to keep the messaging going to suss out whether there is a vibe!
But the messaging stage is where it can get messy and confusing. It’s not unusual for teens to be messaging with several potential love interests at once – essentially keeping their options open. Some refer to this as ‘beta-testing’, I would refer to it as disrespectful and probably exhausting – but hey, I’m old school! But this is often a reality for many teens, and it can be quite demoralising to feel like you’re being ‘managed’.
Now, this is a big moment. When your teen and their crush have decided they are exclusive and officially a thing, the next step is to let the world know and make it official. So, they may choose to update their status on their social media platforms to ‘in a relationship’. But if they are after a softer launch, they may simply post a pic of each other, or even together.
Believe it or not, some teens may never actually meet in real life (IRL) but still be in a relationship. If this is the case then it’s more likely that sexting will be part of the relationship. Research shows that 1 in 3 Aussie teens (aged 14 to 17) have some experience with sexting ie sending, receiving, being asked, and asking for nude pics however I think in reality, it is likely more – not everyone answers surveys honestly!
So, yes sexting does happen and while I wish it just didn’t, we can’t put our heads in the sand. So, I encourage all parents to remind their kids that once they send an image they lose control of it, that not all relationships last forever, and that they should never be coerced into doing something they are not comfortable with. Stay tuned for further posts with more sexting tips!
At the risk of being a cynic, chances are your child’s teen relationships will probably not last a lifetime. So, how do you break up when you’re a digital native?
Well, before the break-up phase, ‘benching’ can occur. This happens when one partner no longer wants to meet up with the other in person. It may also be the moment when your teen’s messages are no longer returned – this is called LOR – left on read. Most of us would call this ghosting. But regardless of what you call it, it’s not a nice feeling.
Call me old fashioned but I am a big fan of breaking up with your love in person and my boys know that. Tapering off contact or telling someone that the relationship is over via text is disrespectful, in my opinion.
Helping kids through heartache is tough – I’ve been there!! If your teen is finding life post-relationship hard, why don’t you suggest they delete their social media apps for a week or 2? It’s hard to move on from someone when you are still receiving messages and/or seeing their notifications. It may even be worth unfriending or unfollowing the ex as well.
So, even though the landscape has changed, and the mixtapes have gone, please don’t forget that dating and romance can be super tricky when you are a teen. Not only are you dealing with matters of the heart but in the world’s biggest public forum – the internet. So be kind, gentle, and supportive! And be grateful for the simplicity of the ’70s, ’80s and ’90s.
Alex xx
The post How Teens Date in the Digital Age appeared first on McAfee Blog.
Traveling on a budget while backpacking allows individuals to immerse themselves fully in local cultures, explore off-the-beaten-path destinations, and forge genuine connections with fellow travelers, all while minimizing expenses. However, amidst the thrill of exploring new places, it’s crucial to safeguard your digital assets and personal information. Experiencing multiple scams on a single trip, as this twenty-one-year-old woman did in Chile and Bolivia, is rare. However, her cautionary tale highlights the importance of careful preparation when traveling, particularly in unfamiliar destinations.
Being informed about different scam risks is critical to ensuring a safe journey. Beyond the dangers inherent in unencrypted public Wi-Fi, cybercriminals also deploy Wi-Fi network spoofing, setting up fake networks in tourist hotspots to intercept travelers’ data. ATM skimming is another prevalent threat, especially in popular tourist areas, where criminals install devices to steal card information from unsuspecting users.
Accommodation scams on online booking platforms have also become more common, leaving travelers stranded without a place to stay after falling victim to fake listings or fraudulent hosts. One individual wired $3,100 to a cybercriminal after receiving a scam email, purportedly from Booking.com, offering a 20% accommodation discount for paying the host directly via wire transfer.
Given these risks, backpackers should take proactive measures to safeguard their devices and data. Here are some practical tips and strategies to ensure your cybersecurity while backpacking on a budget:
While backpacking offers incredible opportunities for adventure and exploration, it’s essential to prioritize cybersecurity to safeguard your digital assets and personal information. By following these practical tips and strategies, you can enjoy your travels with peace of mind, knowing you’ve taken steps to protect yourself against cyber threats.
The post How to Safeguard Your Digital Assets While Backpacking on a Budget appeared first on McAfee Blog.
By now you’ve probably heard of the term “phishing”—when scammers try to fool you into revealing your personal info or sending money, usually via email — but what about “vishing”? Vishing, or voice phishing, is basically the same practice, but done by phone.
There are a few reasons why it’s important for you to know about vishing. First off, voice phishing scams are prevalent and growing. A common example around tax season is the IRS scam, where fraudsters make threatening calls to taxpayers pretending to be IRS agents and demanding money for back taxes. Another popular example is the phony tech support scam, in which a scammer calls you claiming that they represent a security provider.
The scammers might say they’ve noticed a problem with your computer or device and want money to fix the problem, or even request direct access to your machine. They might also ask you to download software to do a “security scan” just so they can get you to install a piece of malware that steals your personal info. They might even try to sell you a worthless computer warranty or offer a phony refund.
These kinds of attacks can be very persuasive because the scammers employ “social engineering” techniques. This involves plays on emotion, urgency, authority, and even sometimes threats. The end result, scammers manipulate their victims into doing something for fraudulent purposes. Because scammers can reach you at any time on your most private device, your smartphone, it can feel more direct and personal.
Vishing scams don’t always require a phone call from a real person. Often, scammers use a generic or targeted recording, claiming to be from your bank or credit union. For instance, they might ask you to enter your bank account number or other personal details, which opens you up to identity theft.
Increasingly, scammers use AI tools in voice cloning attacks. With readily available voice cloning apps, scammers can replicate someone else’s voice with remarkable accuracy. While initially developed for benign purposes such as voice assistants and entertainment, scammers now use voice cloning tools to exploit unsuspecting victims.
The incoming number might even appear to have come from your bank, thanks to a trick called “caller ID spoofing,” which allows scammers to fake the origin of the call. They can do this by using Voice over Internet Protocol (VoIP) technology, which connects calls over the internet instead of traditional phone circuits, allowing them to easily assign incoming phone numbers.
Don’t risk losing your money or valuable personal info to these scams. Here’s how to avoid vishing attacks:
The post How to Avoid Being Phished by Your Phone appeared first on McAfee Blog.
I often joke about how I wish I could wrap up my kids in cotton wool to protect them from all the challenges of the real world. When they were little, I would have loved to protect them from some of the trickier kids in the playground. But as they got older, it was all about the internet and of course, alcohol, drugs and fast cars!
Unfortunately, I don’t have solutions for all of the above parenting challenges but with over 12 years of experience as Cybermum, I know a thing or two about keeping kids safe online.
The CEOs of the world’s largest social media platforms were recently summoned to a Senate Judicial Committee hearing in Washington. The Kids Online Safety Act (KOSA) is still being heavily debated and representatives from Meta, Discord, TikTok, Snap and X, the company formerly known as Twitter, were invited to participate in the hearing. Designed to regulate social media and better protect children, the proposed bill has a lot of support but there is still a way to go before it takes its final shape and potentially becomes law.
In my opinion, there’s no question that governments worldwide need to play a bigger, more vocal role in this arena and insist on better protections for all social media users, particularly our kids. In 2019, Australia passed its own Online Safety Act and the UK did the same in 2023 with its Online Safety Law. And while these are all very important steps forward, I honestly believe that the role families play in teaching their kids about online safety is even more important.
I totally understand that teaching kids about online safety can just feel like another task on a never-ending to-do list. I’ve been there! But think of it like this. Haven’t you been talking to your kids about sun safety and road safety along the way? You know, dropping in little reminders and tips as you drop them at school or pick them up from a play date? Well, this is how you need to think about online safety. Focus on breaking it down into little chunks so it doesn’t feel hard.
Now that we have our mindset sorted, let me share my top tips for helping your kids stay safe while they are online.
As soon as your kids can pick up a device, your conversations about online safety need to start. Yes, I know it might seem ridiculous, but it is THE best way to help ‘mould and shape’ your offspring’s mind in a cyber-safe way. If your 2-year-old likes to play games on your iPad, it could be as simple as:
And when your kids get older, weave in more age-appropriate messages, such as:
Spending time online with your child from an early age is another great way of helping them understand the difference between good and bad content. And modelling good digital citizenship while you are online with your kids will help ‘mould and shape’ their understanding of how to interact safely and positively.
I’m a big fan of ensuring kids have clarity on boundaries and expectations, particularly when it comes to all things online. Your easiest fix here? A family technology agreement. I love a family technology agreement because it can be tailored to your kids, their ages and maturity levels. Check out my previous blog post on how to develop one for your family here. One final piece of advice here – don’t start introducing tech contracts during a family blow up. Please wait till everyone is calm otherwise I can assure you, you’ll encounter resistance from some family members!
There are a few key fundamental basics that I think every child needs to know to keep themselves safe online. Here are my top 5:
I would also include these basics in your family technology contract.
As your kids get older, it becomes harder to monitor their every move online. Yes, you can create bookmarks with ‘approved’ sites and install parental controls however it is inevitable that there will be an opportunity for unsupervised internet usage. But if you have helped your kids develop critical thinking skills then it is far more likely that they will be able to navigate the internet is a safe and responsible way.
Where to start? Always encourage a healthy scepticism and encourage them to not accept that everything they read online is true. When it is age-appropriate, help them to identify reliable sources, spot less reliable websites, and question the underlying purpose of the information that has been shared.
Taking some time to understand how your child spends their time online is the best way of truly understanding the risks and challenges they face. And when you understand the risks they face, you can help them prepare for them. So, join ALL the social media platforms your kids are on, play their games and download their messaging apps. Not only will you develop a better understanding of how to manage the privacy settings on each of the platforms, but the often very specific language used and the online culture can often form a big part of your child’s life. And the best part – if they know you understand their world, you will develop a little ‘tech cred’ which means that they will be more likely to come to you with any issues or problems that may face online. Awesome!
A set of good-quality parental controls can be a wonderful addition to any digital parenting toolkit. Many will allow you to filter the content your child sees, block certain websites, and even track your child’s browsing history and location. But please remember, no parental controls will ever replace an invested parent! Check out McAfee’s website for more information.
Now, I know that might feel like a lot but please don’t stress. Simply chunk it down and give yourself a new task every week such as joining a new social media platform or playing your child’s favourite online game. The most important thing to remember is to keep talking to your kids. Why not start the conversation by asking them for advice or, sharing something you saw online? Remember, your goal here is to get yourself some tech cred! Good luck!!
Alex xx
The post How to Keep Your Kids Safe Online appeared first on McAfee Blog.
As pharmacies each week fill more than one million prescriptions for Ozempic and other GLP-1 weight loss drugs, scammers are cashing in on the demand. Findings from our Threat Research Team reveal a sharp surge in Ozempic and weight loss scams online.
Any time money and scarcity meet online, you’ll find scammers. That’s what we have here with Ozempic and weight loss scams.
Doctors have prescribed GLP-1 drugs to treat diabetes for nearly two decades. Demand spiked with the U.S. Food and Drug Administration’s (FDA) approval of several GLP-1 drugs for weight loss.
Now, what was a $500 million market for the drug in 2020 stands to clear more than $7.5 billion in 2024.[i] As a result, these drugs are tough to come by as pharmaceutical companies struggle to keep up.
McAfee’s Threat Research Team uncovered just how prolific these weight-loss scams have become. Malicious websites, scam emails and texts, posts on social media, and marketplace listings all round out the mix.
Across all these scams, they offer to accept payment through Bitcoin, Zelle, Venmo, and Cash App. All are non-standard payment methods for prescription drugs and are certain red flags for scams.
Example of a scam website
Also common to these scams: a discount. McAfee researchers discovered several scams that offered bogus drugs at a discount if victims paid in cryptocurrency. Others offered them at greatly reduced prices, well under the $1,000 per dose — the legitimate drug’s cost.
Bogus Craigslist ad
As with so many scams, you can file these Ozempic and weight loss scams under “Too Good To Be True.” Steep discounts and offers to purchase the drugs without a prescription are sure-fire signs of a scam. And with this scam comes significant risks.
These scams can rip you off, harm your health, or both.
In many instances, these scams never deliver. Anything at all. The scam sites simply pocket the money in return for nothing. Further, many steal personal and financial info to commit identity theft down the road.
In some cases, scammers do indeed deliver. Yet instead of receiving an injection pen with the proper drug, scammers send EpiPens loaded with allergy medication, insulin pens, or pens loaded with a saline solution.
One scam victim shared her story with us after she got scammed with a phony pen:
“I started using Ozempic in February 2023, as part of managing my diabetes. At first, it was reliably in stock but when it got more popular a few months later, stock got really low.
Around September, it got really hard to find Ozempic in stock and there was about a month and a half when my mom and I couldn’t find it at all. I mentioned it to a co-worker, who said she had a friend selling it. I was skeptical but did know her friend was connected to the medical industry and the price was only slightly higher than what I’d been paying. It didn’t sound outrageous, so I decided we’d try it. I got the product and gave her the money.
When we opened the box up, it didn’t look or feel right. The packaging felt flimsy and the pen looked quite different from the one we had been using. My mom inspected it and immediately noticed something was wrong. I took photos and videos and with my doctor’s help, we got in touch with a rep [from the legitimate pharma company], who confirmed it was fake. It wasn’t Ozempic, it was an insulin pen.
Realizing that I’d almost injected myself with the wrong substance, thinking it was Ozempic, was terrifying and could have been fatal. It’s really scary to think about what could have happened if we hadn’t done a careful double-check.”
This story frames exactly what’s at stake with Ozempic and weight loss scams. Unlike the bulk of online scams out there, these scams can lead to physical harm — which makes the need to avoid them that much more urgent.
Remember, buying Ozempic or similar drugs without a prescription is illegal. That makes selling these drugs on social media like Facebook Marketplace, Craigslist, or other related sites illegal as well. Further, watch out for foreign pharmacies and sites you’re not familiar with. Per the FDA, they might sell drugs unapproved by the FDA. Likewise, they might be phony.
Only buy from reputable pharmacies. You can check a pharmacy’s license through your state board of pharmacy (this link from the FDA can help you track that down). If the pharmacy you’re considering isn’t listed, don’t use it. Also, make sure it has a phone number and physical address in the U.S.
Watch out for unreasonably low prices. Once again, if an offer is too good to be true, it probably is. In addition, never use a digital wallet app, bitcoin, prepaid debit cards, or wire funds to pay for your prescription. PayPal, Apple Pay, or a credit card payment are typical options for legitimate pharmacies.
Keep an eye out for website errors and missing product details. Scam websites typically lack verifiable product info. Pay attention to and read the fine print. Look for product batch numbers, expiration dates, or manufacturer details to confirm what you’re purchasing is legit. Other sites fail the eye test, as they look poorly designed and have grammar issues.
A poorly written scam on social media…
Look for misleading claims. If any drug offers rapid weight loss or miracle cures, be on guard. Purchasing counterfeit Ozempic poses significant health risks, including exposure to harmful substances, incorrect dosages, and lack of therapeutic effects. In addition to financial loss, you can experience adverse reactions or worsening of your condition by purchasing ineffective or counterfeit medications.
Consider AI-powered scam protection. McAfee Scam Protection uses AI to detect and block dangerous links that scammers drop into emails, text messages, and social media messages. Additionally, McAfee Web Protection detects and blocks links to scam sites that crop up in search and while browsing.
Stay vigilant. Scammers create fake profiles across social media channels. Do not blindly trust sellers on Telegram, Craigslist, Facebook, TikTok. Many scammers are using these to run their operations. Don’t believe testimonials either! Scammers use fake testimonials to build trust.
Truly, these scams can cause great harm. They can take a toll on your finances and your health. The good news here is that you can avoid them entirely.
This stands as a good reminder…when something gets popular and scarce, it spawns scams. That’s what we’re seeing with these in-demand drugs. And it’s just as we’ve seen before with popular toys around the holidays and even rental cars during peak periods of travel. Where there’s a combination of urgency, need, and money, your chances of stumbling across a scam increase.
[i] https://www.jpmorgan.com/insights/global-research/current-events/obesity-drugs
The post How Ozempic Scams Put People’s Finances and Health at Risk appeared first on McAfee Blog.
Summer vacations are a time for families to relax, unwind, and create lasting memories together. Whether you’re heading to the beach, embarking on a road trip, or exploring new destinations, it’s important to prioritize the online safety of your loved ones. However, our Safer Summer Holidays Travel Report found that almost half (48%) of travelers admitted to being less security conscious when on holiday, such as by choosing to connect to Wi-Fi networks even though they look a bit suspicious (22%).
With the increasing prevalence of online threats and the growing reliance on technology, taking proactive steps to protect your family’s digital well-being is more crucial than ever. Here are some actionable tips to ensure a safe and enjoyable online experience during your summer adventures.
Teach your children about the importance of practicing safe online behavior and what safer online habits are. Explain the risks of sharing personal information online, interacting with strangers, and clicking suspicious links or attachments. Talk about the concept of “phishing” and how to recognize suspicious links or messages. Encourage open communication and make sure your children feel comfortable coming to you if they encounter any concerning or questionable content online.
When connecting to the internet while on vacation, be cautious about the Wi-Fi networks you use. Public Wi-Fi networks, such as those found in hotels, airports, and cafes, may not be secure and could expose your family to cyber threats like hacking and identity theft. That’s because they are often a missing layer of protection called encryption. Encryption acts like a secret code, scrambling the data as it travels from your device to the Wi-Fi router, so nobody else can understand it. Without this protection, hackers can easily sneak in and read the information you’re sending over the Wi-Fi network, putting your privacy and security at risk. If you do need to connect to a public Wi-Fi network, use a virtual private network (VPN) to encrypt your internet connection and protect sensitive data from prying eyes.
When traveling, it is essential to be cautious of certain payment methods, especially when dealing with vacation rentals, tours, or travel packages. Scammers often insist on wire transfers, gift cards, or cryptocurrency as the only acceptable forms of payment for accommodations. These payment methods are untraceable and nearly impossible to recover once sent. Exercise skepticism and avoid any requests for payment through these channels, as they are typically red flags indicating fraudulent activity. Instead, opt for secure and traceable payment methods, such as credit cards or reputable online payment platforms.
Take precautions to secure your devices against theft or loss while traveling. Use strong passwords or biometric authentication methods to lock your devices and prevent unauthorized access. Consider installing tracking apps or software that allow you to remotely locate, lock, or erase your devices in case they are lost or stolen. Additionally, avoid leaving your devices unattended in public places and always be vigilant of your surroundings.
While traveling, keep a close eye on your bank accounts, credit card statements, and other financial accounts. Check for unauthorized transactions or suspicious activity and immediately report any discrepancies to your financial institution. Consider enabling alerts or notifications on your accounts to receive real-time updates on account activity and detect any signs of fraud or unauthorized access.
Before you leave for vacation, ensure all devices within the family have the latest software updates. Cybercriminals often exploit vulnerabilities in outdated software to gain access to devices and steal sensitive information. Updates not only improve performance but also fix any security vulnerabilities that cybercriminals could exploit to gain unauthorized access to your devices and potentially compromise your sensitive information.
Before you embark on your vacation, take the time to set up parental controls on all your devices. Vacations might involve more downtime or long journeys, leading to increased screen time for children. Parental control features can allow you to restrict access to certain websites, apps, and content, allowing you to more effectively ensure that kids stay safe and engage with only appropriate content. Use these tools to create a safe online environment for your children and prevent them from stumbling upon inappropriate or harmful content. Our Social Privacy Manager can also help protect your child’s social media visibility and data.
With McAfee+ Family plans, you can safeguard up to 6 family members under one subscription with each member receiving individualized identity and privacy protection, secure VPN, and personalized notifications offering guidance on enhancing their online security. Rest assured, each family member can connect with confidence, knowing their personal information, online privacy, and devices are all securely protected.
Following these family-friendly cybersecurity tips, you can enjoy a safe and secure online experience during your summer vacations. Taking proactive steps to protect against cyber threats can help ensure peace of mind, knowing that your family’s online safety is safeguarded wherever your summer adventures may take you.
The post Family-Friendly Online Safety Tips for Summer Vacations appeared first on McAfee Blog.
Summer is synonymous with vacations, a time when families pack their bags, grab their sunscreen, and embark on exciting adventures. In the digital age, smartphones have become an indispensable part of our lives, serving as cameras, maps, entertainment hubs, and communication tools. While these devices enhance our travel experiences, they also become prime targets for theft or damage while we’re away from home. From keeping us connected with family and friends, assisting in navigation, capturing moments, to even helping us with language translation – it is a device of many conveniences. However, when you bring your smartphone while vacationing, like any other valuable item, it becomes a target for theft and damage. Not to mention the potential for high roaming charges.
Don’t let the fear of losing or damaging your valuable devices dampen your vacation spirit! By taking some simple precautions and implementing effective strategies, you can ensure that your family’s smartphones remain safe and secure throughout your travels. In this blog post, we’ll share essential tips and tricks for safeguarding your devices, so you can focus on creating unforgettable memories without any tech-related worries. This article will provide you with tips on how to protect your family’s smartphones while on vacation. We will cover strategies like enabling security settings, backing up data, checking for travel insurance policies, and utilizing helpful apps. Ensuring the safety of your devices will make your vacation more enjoyable and worry-free.
Traveling without smartphones seems almost impossible. However, having them on vacation puts them at risk. In tourist hotspots, where distractions are many, it is easy to lose or have your device stolen. Moreover, using public Wi-Fi networks can expose your smartphone to cyber attacks.
→ Dig Deeper: The Risks of Public Wi-Fi and How to Close the Security Gap
Therefore, it is vital to be proactive in securing both your smartphones and the data they contain. Not only will it save you from the high costs of replacing a lost or damaged phone, but it also prevents potential misuse of personal and financial information. Implementing even just a few of these safety measures can help ensure your family’s smartphones are well-protected during your vacation. So let’s dive into the practical steps you can take.
The first layer of protection for your phone should be a physical one. It starts with investing in a good quality, durable phone case. A waterproof case is always a good idea, especially if you’re planning on vacationing near the beach or a pool. A screen protector can also keep your screen from shattering or getting scratched. Remember, you’re more likely to drop your phone while on vacation as you juggle through maps, travel apps, and numerous photo opportunities.
Another aspect of physical protection is to be mindful of where you store your phone. Avoid leaving it in plain sight or unattended, which could invite potential thieves. Instead, carry it in a secure, zipped pocket or bag. If you’re staying at a hotel, consider using the safe to store your phone when not in use. Most importantly, be aware of your surroundings and keep your phone safely tucked away in crowded places.
McAfee Pro Tip: Activating the correct features can determine whether your personal data is lost permanently or if your device can swiftly recover. Install McAfee Mobile Security and learn more tips on what to do if your phone gets stolen on this blog.
Safeguarding your phone is not just about protecting the physical device—your personal and sensitive data deserves protection too. Before you leave for your vacation, make sure that your phone is password-protected. Optimally, use a complex password, fingerprint, or face recognition feature instead of a simple four-digit PIN. This singular step can deter any prying eyes from accessing your information if your phone is lost or stolen.
Ensure your phone’s software is up to date. Regular updates not only enhance the device’s performance but also incorporate vital security patches, fortifying its defenses against potential threats like malware. By staying vigilant and keeping your phone’s software current, you contribute to a more secure environment, minimizing the risk of unauthorized eyes accessing your valuable information in the event of a loss or theft.
→ Dig Deeper: Why Software Updates Are So Important
Backing up your smartphone’s data before leaving for vacation can save you from a lot of stress. In case of loss, theft, or damage, having a backup ensures that you won’t lose your cherished photos, contacts, and other essential data. Most smartphones allow you to back up your data to the cloud. Make sure to do this over a safe, secure network and not on public Wi-Fi.
For Android users, Google provides an automatic backup service for things like app data, call history, and settings. You can check if this feature is enabled on your phone by going to the Google Drive App and checking in the Backups section. For iPhone users, iCloud Backup can help save most of your data and settings. To enable it, go to Settings, tap on your name, then tap iCloud and scroll down to tap iCloud Backup.
Without proper management, staying connected while abroad can result in expensive roaming charges. Before you leave, check with your mobile provider to understand the costs associated with using your phone abroad. Some providers offer international plans that you can temporarily switch to for your vacation. If your provider’s charges are too high, consider purchasing a local SIM card once you arrive at your destination or use an international data package.
Another way to avoid roaming charges is by using Wi-Fi. Most hotels, cafes, and many public spaces have free Wi-Fi available. However, again, public Wi-Fi is not always safe. So, avoid accessing sensitive information such as bank accounts, and before traveling, download maps and essential content before traveling to reduce the need for constant data usage. This is especially helpful for navigation apps. To protect your data in such situations, it’s advisable to use a Virtual Private Network (VPN).
→ Dig Deeper: How to Keep Your Data & Devices Safe While Traveling
Several apps can help protect your phone and its data during your vacation. Most smartphone operating systems offer a “Find My Phone” feature that can locate, lock, or erase your device if it is lost or stolen. Make sure this feature is enabled before you leave.
Again, antivirus apps can provide an extra layer of protection against virus and malware threats. Password manager apps can help you create and store complex, unique passwords for your accounts to enhance security.
VPN apps can protect your data from being intercepted when using public Wi-Fi networks. There are also apps that monitor your data usage and can alert you if you’re near your limit to avoid unexpected charges. Research and install these apps prior to your vacation for added security and peace of mind.
Your family’s smartphones are essential travel companions that deserve as much protection as any other valuable item during your vacation. By physically safeguarding the device, securing your data, backing up regularly, understanding roaming charges, and utilizing productive apps, you can enjoy a worry-free vacation. Remember, in the event of a mishap, having travel insurance can provide an extra layer of financial protection. So, before setting off, review your policy and check if it covers lost or stolen devices. In the end, preparation is key, so take the time to implement these safety measures and enjoy your vacation with peace of mind.
Above and beyond security settings and software, there’s you. Get in the habit of talking with your child for a sense of what they’re doing online. As a mom, I like to ask them about their favorite games, share some funny TikTok clips or cute photos with them, and generally make it a point to be a part of their digital lives. It’s great, because it gives you peace of mind knowing what types of things they are doing or interactions they are having online.
For those of you hitting the road in the coming weeks, enjoy your travels, wherever they take you!
The post How To Protect Your Family’s Smartphones While on Vacation appeared first on McAfee Blog.
The number of people who use VPNs (virtual private networks) continues to mushroom. Recent research shows that 46% of American adults now use a VPN — 23% of which use it for strictly personal purposes.[i] Within that mix, 43% said they use a free VPN service. Yet “free” VPNs often come with a price. Typically at the expense of your privacy.
A personal VPN establishes a secure tunnel over the internet, offering you both privacy and freedom from IP-based tracking. It protects your identity and financial info by encrypting, or scrambling, the data that flows through the tunnel. Moreover, it can mask your true location, making it appear as though you are connecting from somewhere else.
Sometimes a VPN is included in more robust security software, as it is in our McAfee+ plans. It’s also, but often it is a standalone tool, that is offered for a monthly subscription rate or for free. While it might be tempting to go for a free option, there are some serious considerations that you should take to heart.
Because free VPNs don’t charge a subscription, many make revenue indirectly through advertising. This means that users get bombarded with ads. And they get exposed to tracking by the provider. In fact, one study of 283 free VPN providers found that 72% included trackers.[ii] The irony is worth pointing out. Many people use VPNs to shroud their browsing from advertisers and other data collectors. Meanwhile, free VPNs often lead to that exact kind of exposure.
But beyond the frustration of ads, slowness, and upgrade prompts is the fact that some free VPN tools include malware that can put your sensitive info at risk. The same study found that 38% of the free VPN applications in the Google Play Store were found to have malware, such as keyloggers, and some even stole data from devices.
Also concerning is how these free providers handle your data. In one worrying case, security researchers uncovered seven VPN providers that gathered user logs despite pledges not to.[iii]
Clearly, many so-called “free” VPNs aren’t free at all.
VPNs are critical tools for enhancing our privacy and shouldn’t be an avenue opening the door to new risks. That’s why your best bet is to look for a paid VPN with the following features:
Unlimited bandwidth — You want your network connection to stay secure no matter how much time you spend online.
Speedy performance — We all know how frustrating a sluggish internet connection can be when you are trying to get things done. Whether connecting for productivity, education, or entertainment, we’re all dependent on bandwidth. That’s why it’s important to choose a high-speed VPN that enhances your privacy, without sacrificing the quality of your connection.
Multiple device protection — These days many of us toggle between mobile devices, laptops, and computers, so they should all be able to connect securely.
Less battery drain — Some free mobile VPNs zap your battery life, making users less likely to stay protected. You shouldn’t have to choose between your battery life and safeguarding your privacy.
Ease of use — For technology to really work, it has to be convenient. After all, these technologies should power your connected life, not serve as a hindrance.
Fortunately, we don’t have to sacrifice convenience, or pay high prices, for a VPN that can offer a high level of privacy and protection. A comprehensive security suite like McAfee+ includes our standalone VPN with auto-renewal and takes the worry out of connecting, so you can focus on what’s important to you and your family, and enjoy quality time together.
[i] https://www.security.org/resources/vpn-consumer-report-annual/
[ii] https://www.icir.org/vern/papers/vpn-apps-imc16.pdf
[iii] https://www.pcmag.com/news/7-vpn-services-found-recording-user-logs-despite-no-log-pledge
The post How Free VPNs Come With a Price appeared first on McAfee Blog.
My mother recently turned 80, so of course a large celebration was in order. With 100 plus guests, entertainment, and catering to organise, the best way for me to keep everyone updated (and share tasks) was to use Google Docs. Gee, it worked well. My updates could immediately be seen by everyone, the family could access it from all the devices, and it was free to use! No wonder Google has a monopoly on drive and document sharing.
But here’s the thing – hackers know just how much both individuals and businesses have embraced Google products. So, it makes complete sense that they use reputable companies such as Google to devise phishing emails that are designed to extract our personal information. In fact, the Google Docs phishing scam was widely regarded as one of the most successful personal data extraction scams to date. They know that billions of people worldwide use Google so an invitation to click a link and view a document does not seem like an unreasonable email to receive. But it caused so much grief for so many people.
Emails designed to trick you into sharing your personal information are a scammer’s bread and butter. This is essentially what phishing is. It is by far the most successful tool they use to get their hands on your personal data and access your email.
‘But why do they want my email logins?’ – I hear you ask. Well, email accounts are what every scammer dreams of – they are a treasure trove of personally identifiable material that they can either steal or exploit. They could also use your email to launch a wide range of malicious activities from spamming and spoofing to spear phishing. Complicated terms, I know but in essence these are different types of phishing strategies. So, you can see why they are keen!!
But successful phishing emails usually share a few criteria which is important to know. Firstly, the email looks like it has been sent from a legitimate company e.g. Microsoft, Amex, or Google. Secondly, the email has a strong ‘call to action’ e.g. ‘your password has been changed, if this is not the case, please click here’. And thirdly, the email does not seem too out of place or random from the potential victim’s perspective.
Despite the fact that scammers are savvy tricksters, there are steps you can take to maximise the chances your email remains locked away from their prying eyes. Here’s what I suggest:
Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks. If you have any doubts, always contact the company directly to verify.
Make sure you have super-duper internet security software that includes all the bells and whistles. Not only does internet security software McAfee+ include protection for daily browsing but it also has a password manager, a VPN, and a social privacy manager that will lock down your privacy settings on your social media accounts. A complete no-brainer!
Avoid using public Wi-Fi to log into your email from public places. It takes very little effort for a hacker to position themselves between you and the connection point. So, it’s entirely possible for them to be in receipt of all your private information and logins which clearly you don’t want. If you really need to use it, invest in a Virtual Private Network (VPN) which will ensure everything you share via Wi-Fi will be encrypted. Your McAfee+ subscription includes a VPN.
Public computers should also be avoided even just to ‘check your email’. Not only is there a greater chance of spyware on untrusted computers but some of them sport key-logging programs which can both monitor and record the keys you strike on the keyboard – a great way of finding out your password!
Ensuring each of your online accounts has its own unique, strong, and complex password is one of the best ways of keeping hackers out of your life. I always suggest at least 10-12 characters with a combination of upper and lower case letters, symbols, and numbers. A crazy nonsensical sentence is a great option here but better still is a password manager that will remember and generate passwords that no human could! A password manager is also part of your McAfee+ online security pack.
Even if you have taken all the necessary steps to protect your email from hackers, there is the chance that your email logins may be leaked in a data breach. A data breach happens when a company’s data is accessed by scammers and customers’ personal information is stolen. You may remember the Optus, Medibank and Latitude hacks of 2022/23?
If you have had your personal information stolen, please be assured that there are steps you can take to remedy this. The key is to act fast. Check out my recent blog post here for everything you need to know.
So, next time you’re organising a big gathering don’t hesitate to use Google Docs to plan or Microsoft Teams to host your planning meetings. While the thought of being hacked might make you want to withdraw, please don’t. Instead, cultivate a questioning mindset in both yourself and your kids, and always have a healthy amount of suspicion when going about your online life. You’ve got this!!
Till next time,
Stay safe!
Alex
The post How To Prevent Your Emails From Being Hacked appeared first on McAfee Blog.
Following a whirlwind year of travel in 2023, 40% of Americans are gearing up for even more adventures in 2024. As the warmth of summer approaches and travel plans start to take shape, it’s crucial to prepare for often overlooked risks that may come up while traveling. The mix of unfamiliar surroundings, increased distraction, and reliance on public Wi-Fi creates an ideal environment for malicious actors to exploit. From impersonation tricks to oversharing on social media, attackers have plenty of ways to target unsuspecting travelers.
What are the most common scams you should watch out for, and how can you stay safe from them?
One of the most common social engineering threats while traveling is impersonation scams. Attackers may pose as hotel staff, tour guides, or even fellow travelers to gain access to personal information or valuable belongings. Always verify the identity of individuals before sharing any sensitive information or handing over personal belongings. If someone claims to be an employee of a hotel or a service provider, don’t hesitate to ask for official identification or contact the establishment directly to confirm their identity.
Public Wi-Fi networks are a convenient way to stay connected while traveling, but they also pose significant security risks. Hackers can easily intercept data transmitted over these networks, including login credentials, credit card information, and personal messages. Avoid accessing sensitive accounts or conducting financial transactions while connected to public Wi-Fi. Instead, use a virtual private network (VPN) to encrypt your internet connection and protect your data from prying eyes.
Sharing vacation photos and updates on social media may seem harmless, but it can inadvertently put you at risk. Posting your location in real time or sharing details about your travel itinerary can make you a target for thieves and cybercriminals. Avoid oversharing on social media, especially when it comes to your whereabouts, and consider waiting to post travel updates until you are home.
Take a deep dive into your privacy settings to ensure that bad actors can’t access your personal information through your social media accounts. Our Social Privacy Manager can do that work for you, automatically adjusting more than 100 privacy settings across all the accounts you choose.
Phishing emails and texts are a common tactic used by cybercriminals to trick travelers into revealing sensitive information or downloading malware onto their devices. Be wary of unsolicited messages claiming to be from airlines, hotels, or financial institutions, especially if they ask for personal information or prompt you to click on suspicious links. Verify the legitimacy of any unexpected communications by contacting the sender directly using official contact information obtained from their official website or a trusted source.
In addition to being aware of the risks, there are proactive steps you can take to protect your personal information before traveling:
By staying informed and vigilant, you can minimize the risk of falling victim to scams while traveling and enjoy a worry-free vacation experience. Remember to trust your instincts and err on the side of caution when encountering unfamiliar situations or individuals.
Having a complete set of online protection software is like having a team of cyber guardians watching over you on vacation. With the right precautions in place, you can focus on making memories and exploring new destinations without compromising your personal information or security. Safe travels!
The post How to Stay Safe Against Scams While Traveling appeared first on McAfee Blog.
Authored by Dexter Shin
Many government agencies provide their services online for the convenience of their citizens. Also, if this service could be provided through a mobile app, it would be very convenient and accessible. But what happens when malware pretends to be these services?
McAfee Mobile Research Team found an InfoStealer Android malware pretending to be a government agency service in Bahrain. This malware pretends to be the official app of Bahrain and advertises that users can renew or apply for driver’s licenses, visas, and ID cards on mobile. Users who are deceived by advertisements that they are available on mobile will be provided with the necessary personal information for these services without a doubt. They reach users in various ways, including Facebook and SMS messages. Users who are not familiar with these attacks easily make the mistake of sending personal information.
In Bahrain, there’s a government agency called the Labour Market Regulatory Authority (LMRA). This agency operates with full financial and administrative independence under the guidance of a board of directors chaired by the Minister of Labour. They provide a variety of mobile services, and most apps provide only one service per app. However, this fake app promotes providing more than one service.
Figure 1. Legitimate official LMRA website
Figure 2. Fake app named LMRA
Excluding the most frequently found fake apps pretending LMRA, there are various fake apps included Bank of Bahrain and Kuwait (BBK), BenefitPay, a fintech company in Bahrain, and even apps pretending to be related to Bitcoin or loans. These apps use the same techniques as the LMRA fake apps to steal personal information.
Figure 3. Various fake apps using the same techniques
From the type of app that this malware pretends, we can guess that the purpose is financial fraud to use the personal information it has stolen. Moreover, someone has been affected by this campaign as shown in the picture below.
Figure 4. Victims of financial fraud (Source: Reddit)
They distribute these apps using Facebook pages and SMS messages. Facebook pages are fake and malware author is constantly creating new pages. These pages direct users to phishing sites, either WordPress blog sites or custom sites designed to download apps.
Figure 5. Facebook profile and page with a link to the phishing site
Figure 6. One of the phishing sites designed to download app
In the case of SMS, social engineering messages are sent to trick users into clicking a link so that they feel the need to urgently confirm.
Figure 7. Phishing message using SMS (Source: Reddit)
When the user launches the app, the app shows a large legitimate icon for users to be mistaken. And it asks for the CPR and phone number. The CPR number is an exclusive 9-digit identifier given to each resident in Bahrain. There is a “Verify” button, but it is simply a button to send information to the C2 server. If users input their information, it goes directly to the next screen without verification. This step just stores the information for the next step.
Figure 8. The first screen (left) and next screen of a fake app (right)
There are various menus, but they are all linked to the same URL. The parameter value is the CPR and phone numbers input by the user on the first screen.
Figure 9. All menus are linked to the same URL
The last page asks for the user’s full name, email, and date of birth. After inputting everything and clicking the “Send” button, all information inputted so far will be sent to the malware author’s c2 server.
Figure 10. All data sent to C2 server
After sending, it shows a completion page to trick the user. It shows a message saying you will receive an email within 24 hours. But it is just a counter that decreases automatically. So, it does nothing after 24 hours. In other words, while users are waiting for the confirmation email for 24 hours, cybercriminals will exploit the stolen information to steal victims’ financial assets.
Figure 11. Completion page to trick users
In addition, they have a payload for stealing SMS. This app has a receiver that works when SMS is received. So as soon as SMS comes, it sends an SMS message to the C2 server without notifying the user.
Figure 12. Payload for stealing SMS
We confirmed that there are two types of these apps. There is a type that implements a custom C2 server and receives data directly through web API, and another type is an app that uses Firebase. Firebase is a backend service platform provided by Google. Among many services, Firestore can store data as a database. This malware uses Firestore. Because it is a legitimate service provided by Google, it is difficult to detect as a malicious URL.
For apps that use Firebase, dynamically load phishing URLs stored in Firestore. Therefore, even if a phishing site is blocked, it is possible to respond quickly to maintain already installed victims by changing the URL stored in Firestore.
Figure 13. Dynamically loading phishing site loaded in webview
According to our detection telemetry data, there are 62 users have already used this app in Bahrain. However, since this data is a number at the time of writing, this number is expected to continue to increase, considering that new Facebook pages are still being actively created.
Recent malware tends to target specific countries or users rather than widespread attacks. These attacks may be difficult for general users to distinguish because malware accurately uses the parts needed by users living in a specific country. So we recommend users install secure software to protect their devices. Also, users are encouraged to download and use apps from official app stores like Google Play Store or Apple AppStore. If you can’t find an app in these stores, you must download the app provided on the official website.
McAfee Mobile Security already detects this threat as Android/InfoStealer. For more information, visit McAfee Mobile Security.
Samples:
| SHA256 | Package Name | App Name |
| 6f6d86e60814ad7c86949b7b5c212b83ab0c4da65f0a105693c48d9b5798136c | com.ariashirazi.instabrowser | LMRA |
| 5574c98c9df202ec7799c3feb87c374310fa49a99838e68eb43f5c08ca08392d | com.npra.bahrain.five | LMRA Bahrain |
| b7424354c356561811e6af9d8f4f4e5b0bf6dfe8ad9d57f4c4e13b6c4eaccafb | com.npra.bahrain.five | LMRA Bahrain |
| f9bdeca0e2057b0e334c849ff918bdbe49abd1056a285fed1239c9948040496a | com.lmra.nine.lmranine | LMRA |
| bf22b5dfc369758b655dda8ae5d642c205bb192bbcc3a03ce654e6977e6df730 | com.stich.inches | Visa Update |
| 8c8ffc01e6466a3e02a4842053aa872119adf8d48fd9acd686213e158a8377ba | com.ariashirazi.instabrowser | EasyLoan |
| 164fafa8a48575973eee3a33ee9434ea07bd48e18aa360a979cc7fb16a0da819 | com.ariashirazi.instabrowser | BTC Flasher |
| 94959b8c811fdcfae7c40778811a2fcc4c84fbdb8cde483abd1af9431fc84b44 | com.ariashirazi.instabrowser | BenefitPay |
| d4d0b7660e90be081979bfbc27bbf70d182ff1accd829300255cae0cb10fe546 | com.lymors.lulumoney | BBK Loan App |
Domains:
Firebase(for C2):
The post Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud appeared first on McAfee Blog.
As election season approaches, the importance of safeguarding our democratic processes has never been more critical. Ensuring election security is not just the responsibility of government bodies but also of every individual voter. This blog post aims to provide valuable insights and practical tips for consumers to protect their votes and understand the mechanisms in place to secure elections.
Election security encompasses a broad range of practices designed to ensure the integrity, confidentiality, and accessibility of the voting process. This includes safeguarding against cyber threats, ensuring the accuracy of voter registration databases, protecting the physical security of voting equipment, and maintaining transparency in the vote counting process. As voters, being aware of these elements helps us appreciate the complexity and importance of secure elections.
One of the first steps to secure your vote is to ensure that you are registered correctly. Check your voter registration status well in advance of the election day through your local election office or official state website. This helps to avoid any last-minute issues and ensures your eligibility to vote.
Misinformation can spread rapidly, especially during election periods. Rely on official sources for information about polling locations, voting procedures, and deadlines. Avoid sharing unverified information on social media and report any suspicious content to the relevant authorities.
Whether you are voting in person or by mail, make sure to follow the recommended procedures. If voting by mail, request your ballot from a verified source and return it through secure methods such as official drop boxes or by mail with sufficient time to ensure it is received before the deadline.
Scammers often target voters to steal personal information. Be cautious of unsolicited phone calls, emails, or texts asking for your personal details. Official election offices will not request sensitive information such as your Social Security number via these methods.
If you notice anything unusual at your polling place or have concerns about the voting process, report it immediately to election officials. This includes any signs of tampering with voting machines, suspicious behavior, or attempts to intimidate voters.
Familiarize yourself with the voting process in your area. This includes knowing your polling location, understanding what identification is required, and learning about the different ways you can cast your vote. Many states provide detailed guides and resources for first-time voters.
Plan your voting day in advance. Decide whether you will vote in person or by mail, and make sure you have all necessary documentation ready. If you are voting in person, consider going during off-peak hours to avoid long lines.
Before you head to the polls, research the candidates and issues on the ballot. This will help you make informed decisions and feel more confident in your choices.
Don’t hesitate to ask for help if you need it. Election officials and poll workers are there to assist you. Additionally, many organizations offer support for first-time voters, including transportation to polling places and information hotlines.
Understand the security measures your state has implemented to protect the election process. This might include the use of paper ballots, post-election audits, and cybersecurity protocols. Being aware of these measures can increase your confidence in the election’s integrity.
If your state offers early voting, take advantage of it. Early voting can reduce the stress of long lines and crowded polling places on election day, making the process smoother and more secure.
Encourage friends and family to vote and educate them about election security. A well-informed electorate is a key component of a secure and fair election.
Keep up with reputable news sources to stay informed about any potential security threats or changes in the voting process. This will help you stay prepared and responsive to any issues that might arise.
By following these tips and staying vigilant, every voter can contribute to a secure and fair election process. Remember, your vote is your voice, and protecting it is essential for the health of our democracy. Happy voting!
The post What You Need to Know About Election Security appeared first on McAfee Blog.
As the name implies, spear phishing attacks are highly targeted scams. They often occur in professional settings, where the scammers go after one “big phish,” such as a ranking employee with access to finances or data. From there, the scammers employ social engineering (aka manipulation) to trick the target into transferring funds to them or giving them access to sensitive company systems. Sometimes, it’s a mix of both.
Some of the most striking examples of spear phishing attacks come from the Shamoon2 attacks seen in Saudi Arabia back in 2016. Successive waves of attacks ultimately infected machines with malware and destroyed systems.
So, how did this specific spear phishing attack work, exactly? Cybercriminals targeted specific organizations in Saudi Arabia with emails that included malicious attachments in them. Then, when victims clicked and opened the attachment, they were infected, valuable company data was taken and systems were quickly wiped.
Spear phishing has been around for quite some time yet remains as effective as ever. Spear phishing’s success is based on familiarity. Usually, cybercriminals pretend to be an organization or individual that you know and include a piece of content—a link, an email attachment, etc.—that they know you’ll want to interact with.
For example, cybercriminals have taken advantage of tragedies in the headlines and used targeted emails claiming to be a charitable organization asking for donations. In the case of Shamoon2, the attackers lured in victims with a tempting email attachment sent from organizations the victims were likely to trust. But instead of giving to their charity of choice, or opening a seemingly harmless workplace attachment, victims then self-infect their systems with malware.
Moreover, we have seen spear phishing attacks take on an entirely new form with the advent of AI deepfakes. Now, instead of reaching out to victims via email, sophisticated scammers create deepfakes that pose as employees on video calls. All in real-time. Such was the case in Hong Kong in February 2024 where a host of deepfakes pressured a company’s finance officer into transferring $25 million to the scammers running the deepfakes.[i]
Moral of the story: spear phishing (and regular phishing) attacks can be tricky. However, fear not, there’s a lot you can do to stay on top of this threat.
For starters:
Spear phishing attacks can be easily deceiving. In fact, cybercriminals have been able to impersonate known, credible charities or an employer’s business partners and customers. So, if you receive an email from an organization asking for donations or a partner asking you to open a file you didn’t request, a good rule of thumb is to go directly to the organization through a communications channel other than email. Go to the company’s site and do more research from there. That way, you can ensure you’re gaining accurate information and can interact with the right people, rather than cyber-attackers.
Always check for legitimacy first. Spear phishing emails rely on you—they want you to click a link, or open an attachment. But before you do anything, you always need to check an email’s content for legitimacy. Hover over a link and see if it’s going to a reliable URL. Or, if you’re unsure about an email’s content or the source it came from, do a quick Google search and look for other instances of this campaign, and what those instances could tell you about the email’s legitimacy.
Fraudsters select their victims carefully in these targeted attacks. They hunt down employees with access to info and funds and then do their research on them. Using public records, data broker sites, “people finder” sites, and info from social media, fraudsters collect intel on their marks. Armed with that, they can pepper their conversations with references that sound more informed, more personal, and thus more convincing. Just because what’s being said feels or sounds somewhat familiar doesn’t always mean it’s coming from a trustworthy source.
With that, employees can reduce the amount of personal info others can find online. Features like McAfee Personal Data Cleanup can help remove personal info from some of the riskiest data broker sites out there. I also keep tabs on those sites if more personal info appears on them later. Additionally, employees can set their social media profiles to private by limiting access to “friends and family only,” which denies fraudsters another avenue of info gathering. Using our Social Privacy Manager can make that even easier. With just a few clicks, it can adjust more than 100 privacy settings across their social media accounts — making them more private as a result.
[i] https://metro.co.uk/2024/02/05/horrifying-deepfake-tricks-employee-giving-away-20-million-20225490/
The post How to Protect Yourself From a Spear Phishing Scam appeared first on McAfee Blog.
As Americans make their travel plans, scammers lie in wait. We’ve uncovered the top ten “riskiest” destinations for travel scams — places that turn up the most unsafe results when you look them up online.
That list features prominently in this year’s Safer Summer Holidays’ Travel Report, which also reveals some striking survey findings.
Before we get to our top ten list, a little context helps put it into perspective. Based on our survey, more than 25% of Americans have been affected by travel scams. These take several forms, and generally, they involve some mix of phony booking sites, bogus rental listings, and travel experiences that never materialize. Other tricks like phishing emails and messages round out the mix.
That stat stands as words to the wise as most people said they’re gearing up for travel. A good 85% of Americans said they’re hitting the road this year. Moreover, 45% of them said they plan on spending more on travel this year than last.
No doubt about it, vacationers and trip-takers should keep a sharp eye out for travel scams this year.
With those forms of travel scams in mind, this year’s survey of travelers revealed several striking stats.
Whether it happened this year or in years prior, these scams included:
Another 28% said they got hit with a scam when they arrived at their destination. Here’s what these scams looked like for travelers:
How did all these scams add up? In all, we found that 32% of victims said they lost between $501-1000 in a single scam. Another 24% of victims said they lost $1,000 or more on a travel scam. Only a relatively small percentage of people said they lost nothing. Just 15%, a figure that shows just how successful travel scams can be.
This falls right in line with reports from the Federal Trade Commission (FTC). As published in their 2023 Data Book, more than 55,000 Americans reported a travel scam. The median loss — nearly $1,200 per case.[i] As always with FTC statistics, they only documented reported cases of fraud. The number of actual scams more than likely climbs higher than that.
Like the many other scams people come across online, several travel scams rely on sketchy links and sites. With that, further research helped us uncover which travel destinations have the highest amounts of sketchy links that turn up in search.
Using travel-related keywords like “discount,” “Airbnb,” “local cuisine,” and “tours,” we then paired them with a list of destinations. From that pairing, the following destinations returned more sketchy links than all others:
Booking any online travel calls for scrutiny and care. However, apparently scammers favor these destinations over others when targeting American travelers.
Trust a trusted platform.
That’s your best place to start. Book your vacation rental through a reputable outlet. Vacation rental platforms like Airbnb and VRBO have policies and processes in place that protect renters from scammers. The same goes for booking other travel needs above and beyond renting. Travel platforms such as Expedia, Priceline, Orbitz, and others have their own protections in place.
From there, you have several other ways you can avoid booking scams …
Look for signs of rental scams.
Do a reverse image search on the photos used in the property’s listing and see what comes up. It might be a piece of stock photography designed to trick you into thinking it was taken at an actual property for rent. (Scammers sometimes highjack photos of actual properties not for rent too. Some now use AI-generated images as well.) Also, read the reviews for the property. Listings with no reviews are a red flag.
Only communicate and pay on the platform.
The moment a host asks to communicate outside of the platform is another red flag. Scammers will try to lure you off the platform where they can request payment in forms that are difficult to recover or trace after you realize you’ve been scammed.
Moreover, paying for your rental outside the platform might also go against the terms of service, as in the case of Airbnb. Or, as with VRBO, paying outside the platform voids their “Book with Confidence Guarantee,” which offers you certain protections. Use the platform to pay and use a credit card when you do. In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing.
Never pay with cryptocurrency, wire transfers, or gift cards.
If someone asks you to pay for your trip one of these ways. It’s a scam. Travel scammers prefer these payment methods because they’re exceptionally tough to track. Once that money gets sent, it’s likely exceptionally tough to get back.
Keep an eye out for phishing attacks.
Scammers use phishing emails and messages to trick travelers into revealing sensitive info or downloading malware onto their devices. As you book, look for unsolicited messages claiming to be from airlines, hotels, or financial institutions. Particularly if they ask for personal info or prompt you to click on suspicious links. When in question, contact the sender directly using official contact info from their official website.
Also, look into McAfee Scam Protection, included with our McAfee+ plans. It blocks links to scam sites that crop up in emails, messages, and texts. AI technology automatically scans the links and alerts you if it might send you to a scam site.
Let your bank and credit card companies know you’re traveling.
Give your bank and credit card companies a call before you head out. They have anti-fraud measures in place that look for unusual activity, such as when your card is used in a location other than somewhere relatively near your home. This can trigger a freeze, which can put you in a lurch if you’re looking to withdraw cash or make a payment. Contacting your bank and credit card companies before you travel can help prevent this.
Have an easy way to keep tabs on your accounts and credit.
Fraud can happen at any time, even when you’re out of town. A couple of things can help you nip it quickly before it takes a big bite out of your credit card or bank accounts. Transaction monitoring notifies you of any questionable activity in your credit cards or bank accounts. It can further alert you to any other questionable activity in your 401(k) plans, investments, and loans.
So, say that your debit card info got skimmed in a sketchy ATM or point-of-sale machine — you’ll get an alert if thieves try to make a purchase with it. From there, you can contact your bank and take the extra step of putting a security freeze in place to prevent further fraud. You can security freeze and transaction monitoring features in our McAfee+ plans as well.
Protect your identity.
Before you hop on a plane, train, or automobile, consider investing in identity protection. This way, you can head off any issues that might crop up when you should be enjoying yourself. For example, imagine losing your wallet. Immediately, a dark cloud of “what ifs” rolls in. What if someone’s running up charges on your cards? What if someone used your ID or insurance cards to impersonate you online? Not a great feeling any time, especially on vacation.
With identity theft coverage and restoration in place, you can recoup your losses and restore your identity if a thief damaged it in any way. Ours provides up to $2 million in coverage, along with lost wallet protection that cancels and replaces lost cards with little effort from you.
Top 10 ‘Riskiest’ Online Destinations Overview and Methodology
The research was conducted by McAfee Labs researchers between March 11th – 29th 2024, utilizing McAfee WebAdvisor to find risky URLs related to a range of popular holiday destinations. This includes web pages delivering malware threats, phishing, or scam content. Researchers queried country-specific search engines from the matching locations with a variety of holiday destination terms and calculated the percentage of risky URLs returned within the search results. The final result of “riskiest” online destinations means the cities and countries that are popular search subjects and therefore key targets for cybercriminals when creating phishing and other online scams.
[i] https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Annual-Data-Book-2023.pdf
The post The Top 10 Riskiest Online Destinations Revealed appeared first on McAfee Blog.
As technology advances, so do the methods used by cybercriminals to spread misinformation and scams. One of the most concerning developments in recent years is the rise of deepfakes—highly realistic and often convincing digital manipulations of audio and video. With deepfakes increasingly appearing in social media feeds, it’s crucial for everyone to be vigilant and informed. Here’s what you need to know to spot deepfakes and protect yourself from their potential harm.
Deepfakes are synthetic media in which a person in an existing image or video is replaced with someone else’s likeness, often using advanced machine learning and artificial intelligence techniques. These can be used to create misleading videos of public figures, celebrities, or even everyday people. The realism of deepfakes has made them a powerful tool for creating fake news, impersonating individuals, and even committing fraud.
With nearly two-thirds of people globally expressing increased concern about deepfakes, McAfee Deepfake Detector comes at a crucial time. The advanced AI-powered technology, previously known as ‘Project Mockingbird,’ made its debut earlier this year, addressing consumers’ growing need for identifying deepfake scams and misinformation. In the latest round of deepfake scams, McAfee researchers recently validated the following video featuring Gwyneth Paltrow is a deepfake scam.
Gwyneth Paltrow follows a long list of celebrities and public figures that cybercriminals are targeting. Earlier this year, McAfee highlighted how a Taylor Swift deepfake was used in a Le Creuset cookware scam
In our digital age, the ability to discern real from fake has never been more challenging or more important. By staying vigilant and informed, consumers can better protect themselves from the deceptive and often damaging effects of deepfakes. Remember, in a world where seeing is no longer believing, a critical eye is your best defense.
The post Deepfake Drama: How Gwyneth Paltrow Became the Latest Target in AI Deception appeared first on McAfee Blog.
I think I could count on my hand the people I know who have NOT had their email hacked. Maybe they found a four-leaf clover when they were kids!
Email hacking is one of the very unfortunate downsides of living in our connected, digital world. And it usually occurs as a result of a data breach – a situation that even the savviest tech experts find themselves in.
In simple terms, a data breach happens when personal information is accessed, disclosed without permission, or lost. Companies, organisations, and government departments of any size can be affected. Data stolen can include customer login details (email addresses and passwords), credit card numbers, identifying IDs of customers e.g. driver’s license numbers and/or passport numbers, confidential customer information, company strategy, or even matters of national security.
Data breaches have made headlines, particularly over the last few years. When the Optus and Medibank data breaches hit the news in 2022 affecting almost 10 million Aussies a piece, we were all shaken. But then when Aussie finance company Latitude, was affected in 2023 with a whopping 14 million people from both Australia and New Zealand affected, it almost felt inevitable that by now, most of us would have been impacted.
But these were the data breaches that grabbed our attention. The reality is that data breaches have been happening for years. In fact, the largest data breach in Australian history actually happened in May 2019 to the online design site Canva which affected 137 million users globally including many Aussies.
So, in short – it can happen to anyone, and the chances are you may have already been affected.
The sole objective of a hacker is to get their hands on your data. And any information that you share in your email account can be very valuable to them. But why do they want your data, you ask? It’s simple really – so they can cash in! Some will keep the juicy stuff for themselves – passwords or logins to government departments or large companies they may want to ’target’ with the aim of extracting valuable data and/or funds. But the more sophisticated ones will sell your details including name, telephone, email address, and credit card details, and cash in on the Dark Web. They often do this in batches. Some experts believe they can get as much as AU$250 for a full set of details including credit cards. So, you can see why they’d be interested in you!
The other reason why hackers will be interested in your email address and password is that many of us re-use these login details across our other online accounts too. So, once they’ve got their hands on your email credentials then they may be able to access your online banking and investment accounts – the possibilities are endless if you are using the same login credentials everywhere. So, you can see why I harp on about using a unique password for every online account!
There is a plethora of statistics on just how big this issue is – all of them concerning.
According to the Australian Institute of Criminology, there were over 16,000 reports of identity theft in 2022.
The Department of Home Affairs and Stay Smart Australia reports that cybercrime costs Australian businesses $29 billion a year with the average business spending around $275,000 to remedy a data breach
And although there has been a slight reduction in Aussies falling for phishing scams in recent years (down from 2.7% in 2020/1 to 2.5% in 2022/3), more Australians are falling victim to card fraud scams with a total of $2.2 billion lost in 2023.
But regardless of which statistic you choose to focus on, we have a big issue on our hands!
If you find yourself a victim of email hacking there are a few very important steps you need to take and the key is to take them FAST!!
This is the very first thing you must do to ensure the hacker can’t get back into your account. It is essential that your new password is complex and totally unrelated to previous passwords. Always use at least 8-10 characters with a variety of upper and lower case and throw in some symbols and numbers. I really like the idea of a crazy, nonsensical sentence – easier to remember and harder to crack! But, better still, get yourself a password manager that will create a password that no human would be capable of creating.
If you find the hacker has locked you out of your account by changing your password, you will need to reset the password by clicking on the ‘Forgot My Password’ link.
This is time-consuming but essential. Ensure you change any other accounts that use the same username and password as your compromised email. Hackers love the fact that many people still use the same logins for multiple accounts, so it is guaranteed they will try your info in other email applications and sites such as PayPal, Amazon, Netflix – you name it!
Once the dust has settled, please review your password strategy for all your online accounts. A best practice is to ensure every online account has its own unique and complex password.
A big part of the hacker’s strategy is to ‘get their claws’ into your address book with the aim of hooking others as well. Send a message to all your email contacts as soon as possible so they know to avoid opening any emails (most likely loaded with malware) that have come from you.
Yes, multi-factor authentication (or 2-factor authentication) adds another step to your login but it also adds another layer of protection. Enabling this will mean that in addition to your password, you will need a special one-time use code to log in. This can be sent to your mobile phone or alternatively, it may be generated via an authenticator app. So worthwhile!
It is not uncommon for hackers to modify your email settings so that a copy of every email you receive is automatically forwarded to them. Not only can they monitor your logins for other sites, but they’ll keep a watchful eye over any particularly juicy personal information. So, check your mail forwarding settings to ensure no unexpected email addresses have been added.
Don’t forget to check your email signature to ensure nothing spammy has been added. Also, ensure your ‘reply to’ email address is actually yours! Hackers have been known to create an email address here that looks similar to yours – when someone replies, it goes straight to their account, not yours!
This is essential also. If you find anything, please ensure it is addressed, and then change your email password again. And if you don’t have it – please invest. Comprehensive security software will provide you with a digital shield for your online life. McAfee+ lets you protect all your devices – including your smartphone – from viruses and malware. It also contains a password manager to help you remember and generate unique passwords for all your accounts.
If you have been hacked several times and your email provider isn’t mitigating the amount of spam you are receiving, then consider starting afresh but don’t delete your email address. Many experts warn against deleting email accounts as most email providers will recycle your old email address. This could mean a hacker could spam every site they can find with a ‘forgot my password’ request and try to impersonate you – identity theft!
Your email is an important part of your online identity so being vigilant and addressing any fallout from hacking is essential for your digital reputation. And even though it may feel that ‘getting hacked’ is inevitable, you can definitely reduce your risk by installing some good quality security software on all your devices. Comprehensive security software such as McAfee+ will alert you when visiting risky websites, warn you when a download looks ‘dodgy’, and will block annoying and dangerous emails with anti-spam technology.
It makes sense really – if you don’t receive the ‘dodgy’ phishing email – you can’t click on it! Smart!
And finally, don’t forget that hackers love social media – particularly those of us who overshare on it. So, before you post details of your adorable new kitten, remember it may just provide the perfect clue for a hacker trying to guess your email password!
Till next time
Alex
The post What to Do If Your Email Is Hacked appeared first on McAfee Blog.
At the beginning of the year, the Associated Press described artificial intelligence (AI) as “easily the biggest buzzword for world leaders and corporate bosses.” You’ve likely heard talk about AI everywhere from the news to social media to around the dinner table. Amid this chatter, it’s easy to wonder: what exactly is AI, and why is it of such importance?
Artificial intelligence is defined as “a machine’s ability to perform the cognitive functions we associate with human minds, such as perceiving, reasoning, learning, interacting with the environment, problem-solving, and even exercising creativity.” AI is a branch of computer science with subfields, including machine learning, natural language processing, and robotics.
AI traces its roots to the mid-20th century, with pioneers like Alan Turing and John McCarthy laying the groundwork for its development. In 1956, the Dartmouth Conference marked a significant milestone, officially inaugurating AI as a distinct field of study.
Since then, AI has evolved rapidly, with researchers and innovators continuously pushing boundaries to create intelligent machines capable of emulating human cognitive abilities. AI’s potential impact on technology, society, and various industries continues to expand, shaping the way we live, work, and interact with the world around us.
Most people interact with AI every day, often without even realizing it. AI has become integrated into daily life, simplifying tasks, delivering personalized content, and enhancing convenience for consumers across various digital platforms. From using voice assistants like Siri or Alexa to receiving personalized recommendations on streaming platforms like Netflix or Spotify, AI plays a significant role in enhancing user experiences.
Social media platforms utilize AI algorithms to curate news feeds and suggest content tailored to individual preferences. AI-powered product recommendations and chatbots that assist with customer inquiries enrich online shopping experiences. Ride-sharing services employ AI to match drivers with passengers efficiently, enhancing accessibility and reducing wait times.
AI chatbots like ChatGPT assist people daily by providing instant access to information and guidance. Whether troubleshooting technical issues, offering advice, or providing recommendations, AI chatbots serve as efficient virtual assistants that enable users to quickly find solutions to their questions.
AI has the potential to revolutionize industries, address societal challenges, and transform everyday life through increased efficiency and innovation. For example, in healthcare, new hope for a cancer cure has emerged as a personalized cancer vaccine is being developed using AI and DNA sequencing. AI-powered systems are also assisting doctors in diagnosing diseases more accurately and quickly, leading to better patient outcomes.
This kind of progress is incredible, but AI also presents challenges and risks.
One notably concerning aspect is the rise of deepfake technology, which enables the creation of highly realistic but fake videos or audio recordings. These deepfakes can be used for everything from voice cloning attacks to creating a fake Taylor Swift advertisement. Deepfakes have the potential to deceive and manipulate individuals, spread misinformation, and undermine trust in visual and audio media.
In an election year, AI-driven manipulation is especially dangerous. From automated disinformation campaigns to targeted voter suppression tactics, AI algorithms can be deployed to sway public opinion, amplify divisive rhetoric, and undermine the integrity of the electoral process. Deepfake videos could be used to fabricate scandalous incidents or speeches, leading to widespread confusion and mistrust among voters. That’s why we joined other leading tech companies in a commitment to combat the deceptive use of AI in the 2024 elections.
In addition to deepfake technology, AI is being increasingly utilized for nefarious purposes such as phishing attacks. By leveraging AI algorithms, hackers can craft highly convincing emails or messages impersonating trusted individuals or organizations. These AI-driven phishing attempts can manipulate individuals into divulging sensitive information or clicking on malicious links.
Consequently, there is a pressing need to develop safeguards to mitigate AI’s negative impact while harnessing its positive potential for the benefit of society. Individuals can utilize identity theft protection software powered by AI to stay vigilant against such threats, receiving real-time alerts about suspicious activities and potential breaches to safeguard their personal information.
AI represents the frontier where technology converges with the complexities of human intelligence, propelling innovation towards unprecedented realms of possibility. It holds immense significance in today’s world because it offers unprecedented opportunities for innovation and progress.
The post What is Artificial Intelligence? appeared first on McAfee Blog.
According to Pew, three-in-ten U.S. adults say they have used a dating site or app. That number climbs to 53% for people under the age of 30. More and more people are turning to digital platforms to find love and companionship or simply to expand their social circles. However, as the popularity of online dating grows, so do the potential risks associated with it. From privacy concerns to identity theft, the digital dating world can be fraught with peril if you’re not careful. But fear not, by following a few simple guidelines, you can navigate the online dating scene safely and securely.
This article is for you or anyone you know who may be hopping onto an online dating app like Match, Bumble, Plenty of Fish, eHarmony, Tinder, or OkCupid. Think of it as an advice column of a different sort, where we talk about dating in light of your online privacy and safety.
For starters, we have a couple of previous blogs that offer sound advice about online dating. The first covers ways you can protect your privacy when you’re using online dating apps, which starts with picking a dating app that has a good reputation. The second rounds out the topic with further online dating advice for adults and teens alike. Give them a look!
It starts with basic hygiene. Digital hygiene, that is. Before you dive into a dating app, ensure that your device (and all your connected devices while you’re at it) has a comprehensive security solution in place. As you surf, chat, and meet up online, you’ll want to know that you’re protected against malware, viruses, phishing attacks, sketchy links, and so forth. Other features will come in handy (and be necessary as well), like ones that help you manage your passwords, protect your identity, safeguard your privacy, and more—all of which we’ll talk about in a bit.
Picking the right app is like picking the right date. From a security standpoint, these apps are the keepers of highly personal information about you, so you’ll want to know how they handle data, what privacy protections are in place, what information they gather when you first sign up, and what they continue to gather as you use the app. Do your research. Read up on their privacy policies. See what other people have to say about their experiences. And get a sense of what the app is all about. What’s its approach to dating? What kind of relationships are they focusing on? Make sure all of it feels right to you.
Only give the app the information that’s absolutely necessary to sign up. Dating apps ask questions so that they can help you find an ideal match, yet only share what you feel comfortable sharing. This is true from a personal standpoint, but it’s true from a security standpoint too. Anything you share along those lines could be at risk of a hack or a breach, the likes of which were reported by Wired and Forbes last year. If your info is compromised, it could lead to anywhere from identity theft to harassment, so when you use a dating app, keep the sharing to a minimum—and keep your eyes peeled for any suspicious activity across your social media, online accounts, and even your finances.
Another password to remember! That’s just what you need, right? Right! It absolutely is, and a strong one is vital. You can create one and manage all of your passwords with McAfee+’s password manager. It’ll encrypt your passwords and use multi-factor authentication, which offers even further protection from hacks and attacks on your account.
You can help keep your chats more private, and just about anything else you’re doing online, by using a VPN (virtual private network). For example, our VPN uses bank-level encryption to keep your personal data and activities private from hackers. And it’ll hide other information associated with your dating account while you’re online, like personal details, credit card numbers, and so forth. Given the security risks we’ve talked about so far, you’ll want to look into a VPN.
If you’re not using a VPN on your device, don’t use your dating app on public Wi-Fi. The issue is this: plenty of public Wi-Fi hotspots aren’t secure. Someone else on the network could easily intercept the information you send over it, including your passwords, any photos you share, and any chats you have. In other words, using public Wi-Fi without protection is like opening a door that leads right to you and your most personal data. This applies to everything on public Wi-Fi, not just dating apps. If you use public Wi-Fi at all, you really should use a VPN.
In the ever-evolving landscape of online dating, safeguarding your privacy and security is paramount. By implementing strategies such as using strong passwords, employing a reliable VPN, and exercising caution on public Wi-Fi, you can navigate the digital dating sphere with confidence. Remember, your safety and privacy are non-negotiable priorities in the pursuit of love and companionship online.
The post How to Safely Date Online appeared first on McAfee Blog.
There are now over 5 billion active social media users worldwide, representing 62.3% of the global population. While social networks serve as valuable tools for staying connected with loved ones and documenting life events, the ease of sharing information raises concerns. With a mere few clicks, posts and messages can inadvertently divulge significant personal details, potentially compromising privacy and leaving individuals vulnerable to identity theft. That’s why it’s crucial to make sure you’ve got the know-how to keep your privacy protected while using these platforms.
To empower you in this digital age, we’ve compiled a comprehensive guide featuring ten essential tips to fortify your online security and preserve your privacy on social networks:
Whether you’re a seasoned social media user or just dipping your toes into the digital waters, these strategies will equip you with the knowledge and tools needed to safeguard your online identity effectively. With the added support of McAfee+, you can ensure an extra layer of security to keep your online presence more secure and private through advanced privacy features, 24/7 identity monitoring and alerts, and real-time protection against viruses, hackers, and risky links.
The post How to Protect Yourself on Social Networks appeared first on McAfee Blog.
It used to be the case that only businesses used virtual private networks (VPNs) to connect securely to the internet and keep their private data safe. But these days, with the rapid growth of online threats and privacy concerns, even casual internet users should seriously consider using a VPN. Nearly 30% of people now use VPNs for personal reasons, and that number is only growing as more people learn about how VPNs offer an effective way to safeguard online privacy, enhance security, and protect against various cyber threats.
If you are not familiar with this technology, a VPN essentially allows you to send and receive data across a public network as if it were a private network that encrypts, or scrambles, your information so others cannot read it. Let’s take a look at the top 3 reasons why a VPN could come in handy for you.
Now that you know why having a personal VPN is so useful, here are a few tips to help you choose the right product for you:
The post Why You Need a Personal VPN appeared first on McAfee Blog.
How do you manage your Facebook friends? Do you keep your list really tight and only include ‘active’ pals? Or do you accept everyone you’ve ever laid eyes on? I’m probably somewhere in between. But… if I have never had a personal conversation with them or ‘eyeballed’ them in the flesh, then they are not on my friend list!
On the average week, I usually receive a few friend requests. Some are from people who I may have just met or reconnected with when I’ve been out and about – lovely and totally acceptable! But I do also receive requests from people whom I have never met and then, even more bizarrely – requests from people who I am already friends with. Weird, yes, I agree! Now, my gut (and experience) tells me that these are fake accounts. Why? Well, I have never eyeballed any of these ‘new friends’ and, to top it off they have very little personal info on their profiles so that’s suspicious! And the requests from friends I already have? Well, unless I have heard directly from a friend that they are setting up a new Facebook account (very rare), these are likely fake accounts that scammers have set up to try and lure people known to the account holder to share private information. I recently mentioned my Facebook friend situation to my 20-year-old son who informed me he gets about 10 a week!
And while it can be annoying being harassed by randoms – as my kids would say – the issue is far bigger than that. Fake Facebook accounts are usually designed by clever cyber criminals who are trying to extract personal information from unsuspecting naive types – often kids and less tech-savvy types. And why do they want our personal information? It allows them to put together a profile that they can use to steal our identity so they can apply for loans, mobile phone plans, etc – but we’ll get to that later.
According to reports, Facebook deleted a whopping 27.67 billion fake accounts between October 2017 and mid 2023 – which is 3.5 times more than the total population of the entire planet! In early 2023, Facebook estimated that fake accounts represent approximately 4-5% of all active monthly users. Now, as of late 2023, there are over 3 billion active Facebook users which means there are around 150 million fake Facebook accounts. So, it’s highly likely that you (and your kids) will have been affected.
Experts believe that fake accounts fall into two categories, being operated either by a bot (aka web robot) or by an ill-intentioned human. But irrespective of type, there are several warning signs that an account is fake. If the account in question displays any of these signs, then avoid it at all costs:
Beauty
Bots and scammers will use beauty to lure in ‘friends’ and will often feature a pic of a gorgeously attractive girl or handsome guy on their pages. Why? We are only human – an enticing photo dramatically increases the chance of having a friend request accepted.
But remember, ‘real people’ aren’t flawless and perfectly formed. But if you still aren’t sure, why not use Google Image search to verify the pic? As soon as you upload it to Google, you’ll quickly find if there is someone else that belongs to that image.
However, AI image generators are also making this a little more complicated. These easy-to-use tools make it super easy for scammers to create alluring vaguely realistic images within minutes. And as these images are new, it’s very hard to find any data about the image making it harder to identify that the photo is not of a real person. All the scammer needs to do is provide 3 or more photos and the tool quickly generates an often appealing. So, please lock down your personal social media platforms so that cyber hackers can’t get their hands on your pics!
Not Many Pics But Too Many/Not Enough Friends
Bots and scammers tend not to post lots of photos. Their aim is to use minimum effort to create the illusion that a real person is behind the account, so they don’t bother too much with fleshing out a personal life.
But often, they will put a lot of effort into developing a fake friend list. This is always worth looking at. ‘Real’ Facebook users will usually have between 200 and 350 friends, so if the account in question has just a handful of friends, or instead several thousand then proceed with caution!
Weird (or No) Bio Information
If the biography information on the account seems fanciful or just plain unrealistic, then it’s likely not to be a legitimate account. I recently received a request from a US marine who had fought in every recent war, was a professional athlete, and had visited 30-plus countries in the last year! This fanciful detail had my alarm bells ringing and a reverse image search proved just that!
A lack of information in the About section is another red flag. ‘Real people’ usually like to enter their accomplishments and the schools/universities they attended in detail so they can connect more easily with old friends.
Sometimes scammers might attempt to flesh out this section by simply repeating a theme or city. For example: Works in Sydney, went to The University of Sydney, Lives in Sydney. And while it’s not a crime to work, live and study in Sydney – I did! – this coupled with an alluring picture and no friends does start to make you question the validity of the profile.
The Account Doesn’t Message
Bots can easily accept friend requests but can’t respond to messages. So, if you are unsure this is a great little test – just send a message and see what you get back!
Blank Wall
Blank walls are a dead giveaway for a fake account. If your possible ‘new friend’ has either no activity or just a few likes – then be suspicious!
The Account Name Doesn’t Match the URL
If the account name and URL don’t match then this is another red flag. When a genuine person’s Facebook account is hacked, a scammer (or new owner) may change the name on the account to better suit their new intentions. It’s important to note that stolen Facebook accounts can be bought and sold. For example, an account could be taken over by a scammer and then sold to someone who wants to become an influencer. The new owner, the influencer, has no need for the previous identity but simply wants the legitimacy (and friend list) of an established account.
As mentioned earlier, cyber hackers (or scammers) create fake Facebook accounts with the aim of trying to friend people and get access to their personal information. Identity theft is their motivation. They can profit from this private information by personally taking out loans or credit cards in someone else’s name. Or – and this is more likely – they on-sell the information so others can do so.
But fake Facebook accounts can also be created just to make money. Buying and selling Facebook fans is a multimillion-dollar business, as both companies and individuals pay big money to get fans and likes on their pages. And with the software to create these fake Facebook pages costing no more than $200, you can see how easily profits can be made.
What To Do If You Are Sure A Facebook Account Is Fake
Lastly, do NOT insist your kids delete their Facebook accounts because of the threat of fake accounts. Managing fake accounts is just part of living in our digital world. Our job is to teach our kids how to think critically so they can navigate the challenges of being online. Our biggest job as parents of digital natives is to teach them how to assess risks and navigate the challenges and obstacles. Whoever thought discussing a fake Facebook account could have so many benefits!
Take care.
Alex xx
The post How To Spot A Fake Facebook Account appeared first on McAfee Blog.
From impersonating police officers in Pennsylvania to employees of the City of San Antonio, scammers have been impersonating officials nationwide in order to scam people. A nurse in New York even lost her life savings to a spoofing scam. Phone spoofing is a technique used by callers to disguise their true identity and phone number when making calls. By altering the caller ID information displayed on the recipient’s phone, spoofers can make it appear as though the call is coming from a different number, often one that looks more trustworthy or familiar to the recipient. This deceptive practice is commonly employed by telemarketers, scammers, and individuals seeking to engage in fraudulent activities, making it more difficult for recipients to identify and block unwanted or suspicious calls.
Most spoofing is done using a VoIP (Voice over Internet Protocol) service or IP phone that uses VoIP to transmit calls over the internet. VoIP users can usually choose their preferred number or name to be displayed on the caller ID when they set up their account. Some providers even offer spoofing services that work like a prepaid calling card. Customers pay for a PIN code to use when calling their provider, allowing them to select both the destination‘s number they want to call, as well as the number they want to appear on the recipient’s caller ID.
Scammers often use spoofing to try to trick people into handing over money, personal information, or both. They may pretend to be calling from a bank, a charity, or even a contest, offering a phony prize. These “vishing” attacks (or “voice phishing”), are quite common, and often target older people who are not as aware of this threat.
For instance, one common scam appears to come from the IRS. The caller tries to scare the receiver into thinking that they owe money for back taxes, or need to send over sensitive financial information right away. Another common scam is fake tech support, where the caller claims to be from a recognizable company, like Microsoft, claiming there is a problem with your computer and they need remote access to fix it.
There are also “SMiShing” attacks, or phishing via text message, in which you may receive a message that appears to come from a reputable person or company, encouraging you to click on a link. But once you do, it can download malware onto your device, sign you up for a premium service, or even steal your credentials for your online accounts.
The convenience of sending digital voice signals over the internet has led to an explosion of spam and robocalls over the past few years. Between January 2019 and September 2023, Americans lodged 2.04 million complaints about unwanted phone calls where people or robots falsely posed as government representatives, legitimate business entities, or people affiliated with them.
Since robocalls use a computerized autodialer to deliver pre-recorded messages, marketers and scammers can place many more calls than a live person ever could, often employing tricks such as making the call appear to come from the recipient’s own area code. This increases the chance that the recipient will answer the call, thinking it is from a local friend or business.
And because many of these calls are from scammers or shady marketing groups, just registering your number on the FTC’s official “National Do Not Call Registry” does little help. That’s because only real companies that follow the law respect the registry.
To really cut back on these calls, the first thing you should do is check to see if your phone carrier has a service or app that helps identify and filter out spam calls.
For instance, both AT&T and Verizon have apps that provide spam screening or fraud warnings, although they may cost you extra each month. T-Mobile warns customers if a call is likely a scam when it appears on your phone screen, and you can sign up for a scam-blocking service for free.
There are also third-party apps such as RoboKiller that you can download to help you screen calls, but you should be aware that you will be sharing private data with them.
Enhance your smartphone security effortlessly with McAfee+ which has 24/7 identity monitoring and alerts, advanced privacy features, and AI-powered security for real-time protection against viruses, hackers, and risky links.
The post How to Stop Phone Spoofing appeared first on McAfee Blog.
Fitness trackers worn on the wrist, glucose monitors that test blood sugar without a prick, and connected toothbrushes that let you know when you’ve missed a spot—welcome to internet-connected healthcare. It’s a new realm of care with breakthroughs big and small. Some you’ll find in your home, some you’ll find inside your doctor’s office, yet all of them are connected. Which means they all need to be protected. After all, they’re not tracking any old data. They’re tracking our health data, one of the most precious things we own.
Internet-connected healthcare, also known as connected medicine, is a broad topic. On the consumer side, it covers everything from smart watches that track health data to wireless blood pressure monitors that you can use at home. On the practitioner side, it accounts for technologies ranging from electronic patient records, network-enabled diagnostic devices, remote patient monitoring in the form of wearable devices, apps for therapy, and even small cameras that can be swallowed in the form of a pill to get a view of a patient’s digestive system.
Additionally, it also includes telemedicine visits, where you can get a medical issue diagnosed and treated remotely via your smartphone or computer by way of a video conference or a healthcare provider’s portal—which you can read about more in one of my blogs. In all, big digital changes are taking place in healthcare—a transformation that’s rapidly taking shape to the tune of a global market expected to top USD 534.3 billion by 2025.
Advances in digital healthcare have come more slowly compared to other aspects of our lives, such as consumer devices like phones and tablets. Security is a top reason why. Not only must a healthcare device go through a rigorous design and approval process to ensure it’s safe, sound, and effective, but it’s also held to similar rigorous degrees of regulation when it comes to medical data privacy. For example, in the U.S., we have the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which sets privacy and security standards for certain health information.
Taken together, this requires additional development time for any connected medical device or solution, in addition to the time it takes to develop one with the proper efficacy. Healthcare device manufacturers cannot simply move as quickly as, say, a smartphone manufacturer can. And rightfully so.
However, for this blog, we’ll focus on the home and personal side of the equation, with devices like fitness trackers, glucose monitors, smartwatches, and wearable devices in general—connected healthcare devices that more and more of us are purchasing on our own. To be clear, while these devices may not always be categorized as healthcare devices in the strictest (and regulatory) sense, they are gathering your health data, which you should absolutely protect. Here are some straightforward steps you can take:
1) First up, protect your phone
Many medical IoT devices use a smartphone as an interface, and as a means of gathering, storing, and sharing health data. So whether you’re an Android owner or iOS owner, get security software installed on your phone so you can protect all the things it accesses and controls. Additionally, installing it will protect you and your phone in general as well.
2) Set strong, unique passwords for your medical IoT devices
Some IoT devices have found themselves open to attack because they come with a default username and password—which are often published on the internet. When you purchase any IoT device, set a fresh password using a strong method of password creation. And keep those passwords safe. Instead of keeping them in a notebook or on sticky notes, consider using a password manager.
3) Use two-factor authentication
You’ve probably come across two-factor authentication while banking, shopping, or logging into any other number of accounts. Using a combination of your username, password, and a security code sent to another device you own (typically a mobile phone) makes it tougher for hackers to crack your device. If your IoT device supports two-factor authentication, use it for extra security.
4) Update your devices regularly
This is vital. Make sure you have the latest updates so that you get the latest functionality from your device. Equally important is that updates often contain security upgrades. If you can set your device to receive automatic updates, do so.
5) Secure your internet router
Your medical IoT device will invariably use your home Wi-Fi network to connect to the internet, just like your other devices. All the data that travels on there is personal and private, and that goes double for any health data that passes along it. Make sure you use a strong and unique password. Also, change the name of your router so it doesn’t give away your address or identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. You may also want to consider investing in an advanced internet router that has built-in protection, which can secure and monitor any device that connects to your network.
6) Use a VPN and a comprehensive security solution
Similar to the above, another way you can further protect the health data you send over the internet is to use a virtual private network, or VPN. A VPN uses an encrypted connection to send and receive data, which shields it from prying eyes. A hacker attempting to eavesdrop on your session will effectively see a mishmash of garbage data, which helps keep your health data secure.
7) When purchasing, do your research
Read up on reviews and comments about the devices you’re interested in, along with news articles about their manufacturers. See what their track record is on security, such as if they’ve exposed data or otherwise left their users open to attack.
Bottom line, when we speak of connected healthcare, we’re ultimately speaking about one of the most personal things you own: your health data. That’s what’s being collected. And that’s what’s being transmitted by your home network. Take these extra measures to protect your devices, data, and yourself as you enjoy the benefits of the connected care you bring into your life and home.
The post How to Protect Your Internet-Connected Healthcare Devices appeared first on McAfee Blog.
In the hands of a thief, your Social Security Number is the master key to your identity.
With a Social Security Number (SSN), a thief can unlock everything from credit history and credit line to tax refunds and medical care. In extreme cases, thieves can use it to impersonate others. So, if you suspect your number is lost or stolen, it’s important to report identity theft to Social Security right away.
Part of what makes an SSN so powerful in identity theft is that there’s only one like it. Unlike a compromised credit card, you can’t hop on the phone and get a replacement. No question, the theft of your SSN has serious implications. If you suspect it, report it. So, let’s take a look at how it can happen and how you can report identity theft to Social Security if it does.
Yes. Sort of. The Social Security Administration can assign a new SSN in a limited number of cases. However, per the SSA, “When we assign a different Social Security number, we do not destroy the original number. We cross-refer the new number with the original number to make sure the person receives credit for all earnings under both numbers.”
In other words, your SSN is effectively for forever, which means if it’s stolen, you’re still faced with clearing up any of the malicious activity associated with the theft potentially for quite some time. That’s yet another reason why the protection of your SSN deserves particular attention.
There are several ways an SSN can end up with a thief. Some involve physical theft, and others can take the digital route. To what extent are SSNs at risk? Notably, there was the Equifax breach of 2017, which exposed some 147 million SSNs. Yet just because an SSN has been potentially exposed does not mean that an identity crime has been committed with it.
So, let’s start with the basics: how do SSNs get stolen or exposed?
That’s quite the list. Broadly speaking, the examples above give good reasons for keeping your SSN as private and secure as possible. With that, it’s helpful to know that there are only a handful of situations where your SSN is required for legitimate purposes, which can help you make decisions about how and when to give it out. The list of required cases is relatively short, such as:
You’ll notice that places like doctor’s offices and other businesses are not listed here, though they’ll often request an SSN for identification purposes. While there’s no law preventing them from asking you for that information, they may refuse to work with you if you do not provide that info. In such cases, ask what the SSN would be used for and if there is another form of identification that they can use instead. In all, your SSN is uniquely yours, so be extremely cautious in order to minimize its potential exposure to theft.
Let’s say you spot something unusual on your credit report or get a notification that someone has filed a tax return on your behalf without your knowledge. These are possible signs that your identity, if not your SSN, is in jeopardy, which means it’s time to act right away using the steps below:
1. Report the theft to local and federal authorities.
File a police report and a Federal Trade Commission (FTC) Identity Theft Report. This will help in case someone uses your Social Security number to commit fraud since it will provide a legal record of the theft. The FTC can also assist by guiding you through the identity theft recovery process as well. Their site really is an excellent resource.
2. Contact the businesses involved.
Get in touch with the fraud department at each of the businesses where you suspect theft has taken place, let them know of your situation, and follow the steps they provide. With your police and FTC reports, you will already have a couple of vital pieces of information that can help you clear your name.
3. Reach the Social Security Administration and the IRS.
Check your Social Security account to see if someone has gotten a job and used your SSN for employment purposes. Reviewing earnings associated with your SSN can uncover fraudulent use. You can also contact the Social Security Fraud Hotline at (800) 269-0271 or reach out to your local SSA office for further, ongoing assistance. Likewise, contact the Internal Revenue Service at (800) 908-4490 to report the theft and help prevent someone from submitting a tax return in your name.
As we’ve talked about in some of my other blog posts, identity theft can be a long-term problem where follow-up instances of theft can crop up over time. However, there are a few steps you can take to minimize the damage and ensure it doesn’t happen again. I cover several of those steps in detail in this blog here, yet let’s take a look at a few of the top items as they relate to SSN theft:
Consider placing a fraud alert.
By placing a fraud alert, you can make it harder for thieves to open accounts in your name. Place it with one of the three major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. During the year-long fraud alert period, it will require businesses to verify your identity before issuing new credit in your name.
Look into an all-out credit freeze.
A full credit freeze is in place until you lift it and will prohibit creditors from pulling your credit report altogether. This can help stop thieves dead in their tracks since approving credit requires pulling a report. However, this applies to legitimate inquiries, including any that you make, like opening a new loan or signing up for a credit card. If that’s the case, you’ll need to take extra steps as directed by the particular institution or lender. Unlike the fraud alert, you’ll need to notify each of the three major credit bureaus (Experian, TransUnion, Equifax) when you want the freeze lifted.
Monitor your credit reports.
Once a week you can access a free credit report from Experian, TransUnion, and Equifax. Doing so will allow you to spot any future discrepancies and offer you options for correcting them.
Sign up for an identity protection service.
Using a service to help protect your identity can monitor several types of personally identifiable information and alert you of potentially unauthorized use. Our own Identity Protection Service will do all this and more, like offering guided help to neutralize threats and prevent theft from happening again. You can set it up on your computers and smartphone to stay in the know, address issues immediately, and keep your identity secured.
Of all the forms of identity theft, the theft of a Social Security Number is certainly one of the most potentially painful because it can unlock so many vital aspects of your life. It’s uniquely you, even more than your name alone – at least in the eyes of creditors, banks, insurance companies, criminal records, etc. Your SSN calls for extra protection, and if you have any concerns that it may have been lost or stolen, don’t hesitate to spring into action.
The post How to Report Identity Theft to Social Security appeared first on McAfee Blog.
It happens with more regularity than any of us like to see. There’s either a headline in your news feed or an email from a website or service you have an account with—there’s been a data breach. So what do you do when you find out that you and your information may have been caught up in a data breach? While it can feel like things are out of your hands, there are actually several things you can do to protect yourself.
Let’s start with a look at what kind of information may be at stake and why crooks value that information so much (it’s more reasons than you may think).
The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.
Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:
As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that the median time to detect breaches is 5 days. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.)
The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.
With this information in hand, a crook can commit several types of identity crime—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credit cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get an ID issued in your name as well.
Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or other gains.
Most breaches are financially motivated, with some researchers saying that 97% of breaches are about the money. However, we’ve also seen hackers simply dump stolen information out there for practically anyone to see. The motivations behind them vary, yet they could involve anything from damaging the reputation of an organization to cases of revenge.
A list of big data breaches is a blog article of its own, yet here’s a quick list of some of the largest and most impactful breaches we’ve seen in recent years:
Needless to say, it’s not just the big companies that get hit. Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location.
In short, when it comes to data breaches, practically any business is a potential target because practically every business is online in some form or fashion. Even if it’s by way of a simple point-of-sale machine.
When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps.
1. Change your passwords and use two-factor authentication
Given the possibility that your password may be in the hands of a hacker, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.
2. Keep an eye on your accounts
If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed.
3. Sign up for an identity protection service
If you haven’t done so already, consider signing up for a service that can monitor dozens of types of personal information and then alert you if any of them are possibly being misused. Identity protection such as ours gives you the added benefit of a professional recovery specialist who can assist with restoring your affairs in the wake of fraud or theft, plus up to $1 million in insurance coverage.
Our advice is to take a deep breath and get to work. By acting quickly, you can potentially minimize and even prevent any damage that’s done. With that, we have two articles that can help guide the way if you think you’re the victim of identity theft, each featuring a series of straightforward steps you can take to set matters right:
Again, if you have any concerns. Take action. The first steps take only minutes. Even if the result is that you find out all’s well, you’ll have that assurance and you’ll have it rather quickly.
The post What to Do If You’re Caught Up in a Data Breach appeared first on McAfee Blog.
In a world where deepfake scams and misinformation are on the rise, McAfee has announced significant enhancements to its AI-powered deepfake detection technology. Leveraging the power of the Neural Processing Unit (NPU) in Intel® Core Ultra processor-based PCs, McAfee Deepfake Detector is set to revolutionize the fight against deepfakes, providing consumers with the tools they need to discern truth from fiction.
With nearly two-thirds of people globally expressing increased concern about deepfakes, McAfee Deepfake Detector comes at a crucial time. The advanced AI-powered technology, previously known as ‘Project Mockingbird,’ made its debut earlier this year, addressing consumers’ growing need for identifying deepfake scams and misinformation.
Cybercriminals are increasingly using AI to manipulate audio in videos, creating convincing deepfake scams. McAfee’s Deepfake Detector utilizes advanced AI detection techniques, including transformer-based Deep Neural Network models, expertly trained to detect and notify customers when audio in a video is likely generated or manipulated by AI. This cutting-edge and first of its kind technology is designed to empower users to live their lives online with confidence.
McAfee’s collaboration with Intel is the next step in the company’s commitment to delivering innovative online protection solutions. By leveraging Intel Core Ultra processor’s NPU, McAfee’s AI models can complete inference locally, without compromising user privacy by sending private information to the cloud. This collaboration has resulted in up to a 300% performance improvement on the same model, along with improved battery life.
McAfee Deepfake Detector utilizes advanced AI detection models to identify AI-generated audio within videos, helping people understand their digital world and assess the authenticity of content. McAfee Deepfake Detector will soon be available for English language detection, with plans for other languages to roll out in subsequent phases.
The combination of Intel’s AI PC technology and McAfee’s Deepfake Detector offers substantial benefits to customers. With local model execution, users can enjoy enhanced performance, improved battery life, and greater control over their data. There is no longer a need to send large files to the cloud for analysis, providing peace of mind and privacy.
McAfee’s Chief Technology Officer, Steve Grobman, emphasizes the importance of staying one step ahead of AI-generated deepfakes, noting that the collaboration with Intel enables McAfee to deliver a seamless and robust customer experience. By leveraging Intel’s Core Ultra processor technology and NPU, McAfee provides consumers with the most advanced and powerful generative AI deepfake detection capabilities, without compromising on performance or privacy.
Intel’s Vice President and General Manager of Ecosystem Partner Enabling, Carla Rodríguez, highlights the partnership’s commitment to using AI for good. The collaboration with McAfee aims to bring innovative solutions like McAfee Deepfake Detector to market, leveraging the NPU in Intel Core Ultra processor-based PCs. This collaboration drives the detection of malicious and misleading deepfakes while delivering optimal performance and privacy.
With the rise of deepfake scams and misinformation, McAfee’s AI-powered Deepfake Detector, on Intel-based AI PCs, is a game-changer in the fight against deepfakes. By harnessing the power of AI and local model execution, McAfee empowers users to discern truth from fiction, ensuring a safer and more secure online experience. Stay one step ahead with McAfee’s Deepfake Detector and protect yourself from the dangers of deepfakes.
The post McAfee and Intel Collaborate to Combat Deepfakes with AI-Powered Deepfake Detection appeared first on McAfee Blog.
It’s the romance scam story that plays out like a segment on a true crime show. It starts with a budding relationship formed on an online dating site. It ends with an ominous note and an abandoned car on a riverside boat ramp hundreds of miles away from the victim’s home.
The story that follows offers a look at how far romance scams can go. With that, we warn you that this story comes to a grim ending. We share it to show just how high the stakes can get in these scams and how cunning the scammers who run them can be.
Most importantly, it gives us an opportunity to show how you can spot and avoid romance scams in all their forms.
As recently reported across several news outlets, comes the story of Laura, a 57-year-old retired woman from Chicago who joined an online dating service in search of a relationship. She went with a known site, thinking it would be safer than some of the other options online.
Sure enough, she met “Frank Borg,” who posed as a ruggedly good-looking Swedish businessman. A relationship flourished, and within days the pair professed their love for each other.
Over time, however, the messages became increasingly transactional. Transcripts show that “Frank” started asking for money, which Laura wired to a bogus company. All to the eventual tune of $1.5 million and a mortgaged home.
Yet the scam cut yet deeper than that. “Frank” then had her open several phony dating profiles on different online dating sites, set up new bank accounts, and further spin up fake companies. In all, “Frank” appears to not only have scammed Laura, he also weaponized her — turning her into an accomplice as “Frank” sought to scam others.
As the account goes, Laura grew suspicious about a year into the scam. A gap appears in her correspondence with “Frank,” and it appears that some conversations went offline. Today, Laura’s daughter speculates that her mother knew that what she was doing was illegal and was threatened to keep at it.
The story ends two years after the romance started, with Laura going missing, only to be found drowned in the Mississippi River. Left behind, a note, found by her daughter while searching Laura’s house. It wrote of living a double life that left her broke because of “Frank.” The note also left instructions for accessing her email, which chronicled the online part of the affair in detail.
Investigations found no clear evidence of foul play, yet several questions remain. What is known is that “Frank’s” profile picture was a doctor from Chile and that the emails originated in Ghana.
While Laura’s story falls into a heartbreaking extreme, romance scams of all sorts happen often enough. According to the Federal Bureau of Investigation’s (FBI) 2023 Internet Crime Report, losses to reported cases of romance scams topped more than $650 million.i
The U.S. Federal Trade Commission (FTC) cites even higher figures for 2023, at $1.4 billion, for a median loss of $2,000 per reported case.ii That makes romance scams the highest in reported losses for any form of imposter scam according to the FTC.
Sadly, many romance scams go unreported. The reasons vary. Understandably, some victims feel ashamed. This is particularly the case when it comes to older victims. Many fear their friends and families might take it as a sign that they aren’t able to fully care for themselves anymore. Other victims might feel that the romance was real — that they weren’t scammed at all. They believe that their love interest will come back.
Practically anyone can fall victim to a romance scam. People of all ages and backgrounds have found themselves entangled in romance scams. With that, there should be no shame. These scammers have shown time and time again how sophisticated their playbooks are. They excel at slow and insidious manipulation over time.
When the scammer starts asking for money, the victim is locked in. They believe that they’re in love with someone who loves them just the same. They fork over the money without question. And that’s what makes these scams so exceptionally damaging.
Sophisticated as these scammers are, you can spot them.
Even with the arrival of AI chat tools and deepfake technology, romance scammers still rely on a set of age-old tricks. Ultimately, romance scammers play long and patient mind games to get what they want. In many cases, scammers use scripted playbooks put together by other scammers. They follow a common roadmap, one that we can trace and share so you can avoid falling victim.
Top signs include …
It seems too good to be true.
If the person seems like a perfect match right from the start, be cautious. Scammers often stake out their victims and create profiles designed to appeal to their desires and preferences. In some cases, we’ve seen instances where a scammer uses pictures and profiles similar to the deceased partners of widowers.
Love comes quickly. Too quickly.
As the case was with “Frank,” two weeks hadn’t passed before the word “love” appeared in the messages. Take that as a red flag, particularly online when you’ve had no in-person contact with them. A rush into declarations of love might indicate ulterior motives.
The story doesn’t check out.
Victims might think they’re talking to a romantic partner, yet they’re talking with a scammer. Sometimes several different scammers. As we’ve shown in our blogs before, large online crime organizations run some romance scams. With several people running the scam, inconsistencies can crop up. Look out for that.
What’s more, even individual scammers forget details they’ve previously shared or provide conflicting info about their background, job, or family. It’s possible that one romance scammer has several scams going on at once, which can lead to confusion on their part.
You feel pressured.
Romance scammers pump their victims for info. With things like addresses, phone numbers, and financial details, scammers use that info to commit further identity theft or scams. If someone online presses you for this info, keep it to yourself. It might be a scam.
Another mark of a scam — if the person asks all sorts of prying questions and doesn’t give up any such info about themselves. A romance scam is very one way in this regard.
You’re asked for money in some form or fashion.
This is the heart of the scam. With the “relationship” established, the scammer starts asking for money. They might ask for bank transfers, cryptocurrency, money orders, or gift cards. In all, they ask for funds that victims have a tough time getting refunded, if at all. Consider requests for money in any form as the reddest of red flags.
Watch out for AI.
Scammers now use AI. And that actually gives us one less tell-tale sign of a romance scam. It used to be that romance scammers refused to hop on video calls as they would reveal their true identities. The same for voice chats. (Suddenly, that Swedish businessman doesn’t sound so Swedish.) That’s not the case anymore. With AI audio and video deepfake technology so widely available, scammers can now sound and look the part they’re playing — in real time. AI mirrors every expression they make as they chat on a video call.
As things stand now, these technologies have limits. The AI can only track faces, not body movements. Scammers who use this technology must sit rather rigidly. Further, many AI tools have a hard time capturing the way light reflects or catches the eye. If something looks off, the person on the other end of the call might be using deepfake technology.
The important point is this: today’s romance scammers can make themselves appear like practically anyone. Just because you’re chatting with a “real” person on a call or video meeting, that’s no guarantee they are who they say.
Romance scammers track down their victims in several ways. Some scammers blast out direct messages and texts en masse with the hope they’ll get a few bites. Others profile their potential victims before they contact them. Likewise, they’ll research anyone who indeed gives them a bite with a response to a blast.
In all cases, locking down your privacy can make it tougher for a scammer to target you. And tougher for them to scam you if they do. Your info is their goldmine, and they use that info against you as they build a “relationship” with you.
With that in mind, you can take several steps …
Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public can see it. Including scammers.
Watch what you post on public forums. As with social media, scammers harvest info from online forums dedicated to sports, hobbies, interests, and the like. If possible, use a screen name on these sites so that your profile doesn’t immediately identify you. Likewise, keep your personal details to yourself. When posted on a public forum, it becomes a matter of public record. Anyone, including scammers, can look it up.
Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. That includes your contact info. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
We’ve always had to keep our guard up to some extent when it comes to online romance. Things today call for even more skepticism. Romance scams have become tremendously more sophisticated, largely thanks to AI tools.
Even with technology reshaping the tricks scammers can pull, recognizing that their tactics remain the same as ever can protect you from harm.
Romance scammers flatter, manipulate, and pressure their way into the lives of their victims. They play off emotions and threaten to “leave” if they don’t get what they ask for. Emotionally, none of it feels right. Any kind of emotional extortion like that is a sign to end an online relationship, hard as that might be.
The trick is that the victim might be in deep at that point. They might not act even if things feel wrong. That’s where family and friends come in. If something doesn’t feel right, share what’s happening with someone you’ve known and trusted for years. That can help clear up any clouded judgment. Sometimes it takes an extra set of eyes to spot a scammer.
If you or someone you know falls victim to a romance scam, remember that no one is alone in this. Thousands and thousands of others are victims too. It might come as some comfort, particularly as many, many victims are otherwise savvy and centered people. Anyone, anyone, can find themselves a victim.
Lastly, romance scams are crimes. If one happens to you, report it. In the U.S., you can report it to the FBI’s Internet Crime Complaint Center (IC3) and you can file a complaint with the FTC. Also, report any theft or threats to your local authorities.
In all, the word on romance online is this — take things slowly. “Love” in two weeks or less hoists a big red flag. Very much so online. Know those signs of a scam when you see them. And if they rear their head, act on them.
The post How to Avoid Romance Scams appeared first on McAfee Blog.
You consider yourself a responsible person when it comes to taking care of your physical possessions. You’ve never left your wallet in a taxi or lost an expensive ring down the drain. You never let your smartphone out of your sight, yet one day you notice it’s acting oddly.
Did you know that your device can fall into cybercriminals’ hands without ever leaving yours? SIM swapping is a method that allows criminals to take control of your smartphone and break into your online accounts.
Don’t worry: there are a few easy steps you can take to safeguard your smartphone from prying eyes and get back to using your devices confidently.
First off, what exactly is a SIM card? SIM stands for subscriber identity module, and it is a memory chip that makes your phone truly yours. It stores your phone plan and phone number, as well as all your photos, texts, contacts, and apps. In most cases, you can pop your SIM card out of an old phone and into a new one to transfer your photos, apps, etc.
Unlike what the name suggests, SIM swapping doesn’t require a cybercriminal to get access to your physical phone and steal your SIM card. SIM swapping can happen remotely. A hacker, with a few important details about your life in hand, can answer security questions correctly, impersonate you, and convince your mobile carrier to reassign your phone number to a new SIM card. At that point, the criminal can get access to your phone’s data and start changing your account passwords to lock you out of your online banking profile, email, and more.
SIM swapping was especially relevant right after the AT&T data leak. Cybercriminals stole millions of phone numbers and the users’ associated personal details. They could later use these details to SIM swap, allowing them to receive users’ text or email two-factor authentication codes and gain access to their personal accounts.
The most glaring sign that your phone number was reassigned to a new SIM card is that your current phone no longer connects to the cell network. That means you won’t be able to make calls, send texts, or surf the internet when you’re not connected to Wi-Fi. Since most people use their smartphones every day, you’ll likely find out quickly that your phone isn’t functioning as it should.
Additionally, when a SIM card is no longer active, the carrier will often send a notification text. If you receive one of these texts but didn’t deactivate your SIM card, use someone else’s phone or landline to contact your wireless provider.
Check out these tips to keep your device and personal information safe from SIM swapping.
With just a few simple steps, you can feel better about the security of your smartphone, cellphone number, and online accounts. If you’d like extra peace of mind, consider signing up for an identity theft protection service like McAfee+. McAfee, on average, detects suspicious activity ten months earlier than similar monitoring services. Time is of the essence in cases of SIM swapping and other identity theft schemes. An identity protection partner can restore your confidence in your online activities.
The post How to Protect Your Smartphone from SIM Swapping appeared first on McAfee Blog.
For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets.
In a recent CBS News story, one Texan woman was scammed out of $3,200 by a scammer claiming to be a German Cardiologist. After months of exchanging messages and claiming to be in love with her, he said that he’d been robbed while on a business trip in Nigeria and needed her help.
According to the U.S. Federal Trade Commission (FTC), the reported cost of online romance scams was $1.14 billion in 2023.
Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.
With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay:
The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help.
People who have filed fraud reports say they’ve paid their scammer in a few typical ways.
One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge.
Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all.
One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.
In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends.
When it comes to meeting new people online, the FTC suggests the following:
Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up.
As mentioned above, some romance scammers troll social media and reach out through direct messages or friend requests. With that, there are three things you can do to cut down your chances of getting caught up with a scammer:
Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit.
Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q4 of 2023 alone, Facebook took action on 693 million fake accounts. Reject such requests.
Online protection software like ours can help you spot fakes and scams. Features like McAfee Scam Protection use advanced AI to detect scam links in texts, email, and social media messages before you click. Our Personal Data Cleanup can keep you safer still by removing your personal info from sketchy data broker sites — places where scammers go to harvest useful info on their victims. And if the unfortunate happens, we offer $2 million in identity theft coverage and identity restoration support.
If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel.
Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.
If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.
Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too.
The post How to Spot Dating Scams appeared first on McAfee Blog.
According to reports from the Federal Trade Commission’s Consumer Sentinel database, text message scams swindled $372 million from Americans in 2023 alone. The staggering figure highlights a growing concern for consumers globally, who increasingly interact with brands and service providers via text, email, and even social media. As our reliance on technology continues, it is important for everyone to understand how to spot scam texts amid the real messages they receive. amid the real messages they receive.
With such frequent communication from brands and organizations, you can be hard-pressed to figure out what is a scam or not. This practical and actionable advice may be able to help you spot the imposters and protect yourself against even the most hard-to-identify scam messages.
Most of us probably avoid reading disclaimers and terms of service from brands and organizations. Paying attention to guidelines for how an organization will contact you will help you stay safe from scams. Just take it from entertainment host, Andy Cohen.
Cohen received an email he thought was from his bank’s fraud department. Later, the scammer texted Cohen claiming to be from the bank, asking for more information. Cohen ended up sending the scammer money because he believed they were a bank representative. These days, many banks and brands have FYIs on their website about how to spot a legitimate text. Like this page from Chase, which goes over what a real Chase text looks like.
We have a similar disclosure on our site. For example, our customer service teams will never request sensitive information such as social security numbers, PINs, or bank or payment details. As soon as you sign up for a new account, it’s a good idea to check for this sort of disclaimer and familiarize yourself with contact methods and the type of information organizations might request.
Scam messages are so successful because scammers make them look real. During the holidays, when shoppers are ready to leap at deals, scam messages can be hard to resist. With an increased volume of scam texts during major shopping seasons, it’s no wonder open rates can be as high as 98%.
Consumers can protect themselves against realistic-looking scam messages by verifying the source of the message. If an email hits your mobile inbox, click on the sender’s name to expand their full email address. Typical brand emails will have a “do not reply” somewhere in the address or an official “@branddomain.com” email address. Scam email addresses often appear as strings of gibberish.
If unsure whether a text from a company is real, log into your account directly to see if it reflects the overdue bill or extra store credit that the text message suggests.
Knowing about the latest cybersecurity trends is always good practice. Scammers change their tactics constantly. Text scams that were popular one year may be totally out of style the next time you get a scam message.
Individuals looking for a place to start can check out FTC, FBI, and CISA websites. Those agencies offer valuable insights about fraud trends and recommendations about how people can protect themselves. The Better Business Bureau (BBB) has an interactive scam tracking tool, and AARP provides tips for older Americans who may not be as in tune with the latest tech trends and tools.
Thankfully, the software designed to protect against scams evolves, as well. Consumers can turn to product suites that offer features like finding and removing personal info from sites that sell it, adjusting social media controls, and even providing alerts about suspicious financial transactions.
For scam texts, AI is here to help. McAfee Scam Protection uses AI to scan SMS text messages and alert you about unsafe links. Users can delete those messages without opening them, reducing the risk of compromise and removing any question about whether the message is fraudulent or for real.
The $372 million figure is a stark reminder of growing fraud. As we continue into the digital age, the threat of fraudulent communications from scammers looms. To safeguard against bad actors, consumers must be proactive. By paying attention to brand communication guidelines, verifying the source of messages, remaining educated, and using modern privacy and identity products, consumers can avoid scams before they start.
The post How to Tell If Your Text Message Is Real appeared first on McAfee Blog.
We’ve said it several times in our blogs — it’s tough knowing what’s real and what’s fake out there. And that’s absolutely the case with AI audio deepfakes online.
Bad actors of all stripes have found out just how easy, inexpensive, and downright uncanny AI audio deepfakes can be. With only a few minutes of original audio, seconds even, they can cook up phony audio that sounds like the genuine article — and wreak all kinds of havoc with it.
A few high-profile cases in point, each politically motivated in an election year where the world will see more than 60 national elections:
Yet deepfakes have targeted more than election candidates. Other public figures have found themselves attacked as well. One example comes from Baltimore County in Maryland, where a high school principal has allegedly fallen victim to a deepfake attack.
It involves an offensive audio clip that resembles the principal’s voice which was posted on social media, news of which spread rapidly online. The school’s union has since stated that the clip was an AI deepfake, and an investigation is ongoing.iii In the wake of the attack, at least one expert in the field of AI deepfakes said that the clip is likely a deepfake, citing “distinct signs of digital splicing; this may be the result of several individual clips being synthesized separately and then combined.”iv
And right there is the issue. It takes expert analysis to clinically detect if an audio clip is an AI deepfake.
Audio deepfakes give off far fewer clues, as compared to the relatively easier-to-spot video deepfakes out there. Currently, video deepfakes typically give off several clues, like poorly rendered hands and fingers, off-kilter lighting and reflections, a deadness to the eyes, and poor lip-syncing. Clearly, audio deepfakes don’t suffer any of those issues. That indeed makes them tough to spot.
The implications of AI audio deepfakes online present themselves rather quickly. In a time where general awareness of AI audio deepfakes lags behind the availability and low cost of deepfake tools, people are more prone to believe an audio clip is real. Until “at home” AI detection tools become available to everyday people, skepticism is called for.
Just as “seeing isn’t always believing” on the internet, we can “hearing isn’t always believing” on the internet as well.
The people behind these attacks have an aim in mind. Whether it’s to spread disinformation, ruin a person’s reputation, or conduct some manner of scam, audio deepfakes look to do harm. In fact, that intent to harm is one of the signs of an audio deepfake, among several others.
Listen to what’s actually being said. In many cases, bad actors create AI audio deepfakes designed to build strife, deepen divisions, or push outrageous lies. It’s an age-old tactic. By playing on people’s emotions, they ensure that people will spread the message in the heat of the moment. Is a political candidate asking you not to vote? Is a well-known public figure “caught” uttering malicious speech? Is Taylor Swift offering you free cookware? While not an outright sign of an AI audio deepfake alone, it’s certainly a sign that you should verify the source before drawing any quick conclusions. And certainly before sharing the clip.
Think of the person speaking. If you’ve heard them speak before, does this sound like them? Specifically, does their pattern of speech ring true or does it pause in places it typically doesn’t … or speak more quickly and slowly than usual? AI audio deepfakes might not always capture these nuances.
Listen to their language. What kind of words are they saying? Are they using vocabulary and turns of phrase they usually don’t? An AI can duplicate a person’s voice, yet it can’t duplicate their style. A bad actor still must write the “script” for the deepfake, and the phrasing they use might not sound like the target.
Keep an ear out for edits. Some deepfakes stitch audio together. AI audio tools tend to work better with shorter clips, rather than feeding them one long script. Once again, this can introduce pauses that sound off in some way and ultimately affect the way the target of the deepfake sounds.
Is the person breathing? Another marker of a possible fake is when the speaker doesn’t appear to breathe. AI tools don’t always account for this natural part of speech. It’s subtle, yet when you know to listen for it, you’ll notice it when a person doesn’t pause for breath.
It’s upon us. Without alarmism, we should all take note that not everything we see, and now hear, on the internet is true. The advent of easy, inexpensive AI tools has made that a simple fact.
The challenge that presents us is this — it’s largely up to us as individuals to sniff out a fake. Yet again, it comes down to our personal sense of internet street smarts. That includes a basic understanding of AI deepfake technology, what it’s capable of, and how fraudsters and bad actors put it to use. Plus, a healthy dose of level-headed skepticism. Both now in this election year and moving forward.
[iii] https://www.baltimoresun.com/2024/01/17/pikesville-principal-alleged-recording/
[iv] https://www.scientificamerican.com/article/ai-audio-deepfakes-are-quickly-outpacing-detection/
The post How to Spot AI Audio Deepfakes at Election Time appeared first on McAfee Blog.
Deepfake technology has certainly made everything far more complicated online. How do you know for sure what’s real? Can you actually trust anything anymore? Recently, a Hong Kong company lost A$40 million in a deepfake scam after an employee transferred money following a video call with a scammer who looked like his boss! Even Oprah and Taylor have been affected by deepfake scammers using them to promote dodgy online schemes. So, how do we get our heads around it, and just as importantly, how do we help our kids understand it? Don’t stress – I got you. Here’s what you need to know.
Deepfake technology is essentially photoshopping on steroids. It’s when artificial intelligence is used to create videos, voice imitations, and images of people doing and saying things they never actually did. The ‘deep’ comes from the type of artificial intelligence that is used – deep learning. Deep learning trains computers to process data and make predictions in the same way the human brain does.
When it first emerged around 2017, it was clunky and many of us could easily spot a deepfake however it is becoming increasingly sophisticated and convincing. And that’s the problem. It can be used to create great harm and disruption. Not only can it be used by scammers and dodgy operators to have celebrities promote their products, but it can also be used to undertake image abuse, create pornographic material, and manipulate the outcome of elections.
When deepfakes first emerged they were clunky because they used a type of AI model called Generative Adversarial Network (or GAN). This is when specific parts of video footage or pictures are manipulated, quite commonly the mouth. You may remember when Australian mining magnate Andrew Forest was ‘deepfake’ into spruiking for a bogus ‘get rich quick’ scheme. This deepfake used GAN – as they manipulated just his mouth.
But deepfakes are now even more convincing thanks to the use of a new type of generative AI called a diffusion model. This new technology means a deepfake can be created from scratch without having to even manipulate original content making the deepfake even more realistic.
Experts and skilled scammers were the only ones who really had access to this technology until 2023 when it became widely available. Now, anyone who has a computer or phone and the right app (widely available) can make a deepfake.
While it might take a novice scammer just a few minutes to create a deepfake, skilled hackers are able to produce very realistic deepfakes in just a few hours.
As I mentioned before, deepfakes are generated to either create harm or cause disruption. But a flurry of recent research is showing that creating deepfake pornographic videos is where most scammers are putting their energy. A recent study into deepfakes in 2023 found that deepfake pornography makes up a whopping 98% of all deepfake videos found online. And not surprisingly, 99% of the victims are women. The report also found that it now takes less than 25 minutes and costs nothing to create a 60-second deepfake pornographic video of anyone using just one clear face image! Wow!!
Apart from pornography, they are often used for election tampering, identity theft, scam attempts and to spread fake news. In summary, nothing is off limits!
The ability to spot a deepfake is something we all need, given the potential harm they can cause. Here’s what to look out for:
There are two main ways you could be affected by deepfakes. First, as a victim e.g. being ‘cast’ in a deepfake pornographic video or photo. Secondly, by being influenced by a deepfake video that is designed to create harm e.g. scam, fake news, or even political disinformation.
But the good news is that protecting yourself from deepfake technology is not dissimilar to protecting yourself from general online threats. Here are my top tips:
Be Careful What You Share
The best way to protect yourself from becoming a victim is to avoid sharing anything online at all. I appreciate that this perhaps isn’t totally realistic so instead, be mindful of what and where you share. Always have privacy settings set to the highest level and consider sharing your pics and videos with a select group instead of with all your online followers. Not only does this reduce the chances of your pictures making their way into the hands of deepfake scammers but it also increases the chance of finding the attacker if someone does in fact create a deepfake of you.
Consider Watermarking Photos
If you feel like you need to share pics and videos online, perhaps add a digital watermark to them. This will make it much harder for deepfake creators to use your images as it is a more complicated procedure that could possibly be traceable.
Be Cautiously Suspicious Always
Teach your kids to never assume that everything they see online is true or real. If you always operate with a sceptical mindset, then there is less of a chance that you will be caught up in a deepfake scam. If you find a video or photo that you aren’t sure about, do a reverse image search. Or check to see if it’s covered by trusted news websites, if it’s a news video. Remember, if what the person in the video is saying or doing is important, the mainstream news media will cover it. You can always fact check what the ‘person’ in the video is claiming as well.
Use Multi-Factor Authentication
Adding another layer of security to all your online accounts will make it that much harder for a deepfake creator to access your accounts and use your photos and videos. Multi-factor authentication or 2-factor authentication means you simply add an extra step to your login process. It could be a facial scan, a code sent to your smartphone, or even a code generated on an authenticator app like Google Authenticator. This is a complete no-brainer and probably adds no more than 30 seconds to the logging in process.
Keep Your Software Updated
Yes, this can make a huge difference. Software updates commonly include ‘patches’ or fixes for security vulnerabilities. So, if your software is out of date, it’s a little like having a broken window and then wondering why people can still get in! I recommend turning on automatic updates, so you don’t have to think about it.
Passwords Are Key
A weak password is also like having a broken window – it’s so much easier for deepfake scammers to access your accounts and your pics and videos. I know it seems like a lot of work but if every one of your online accounts has its own complex and individual password then you have a much greater chance of keeping the deepfake scammers away!
So, be vigilant, always think critically, and remember you can report deepfake content to your law enforcement agency. In the US, that’s the FBI and in Australia, it is the eSafety Commissioner’s Office.
Stay safe all!
Alex
The post How To Teach Your Kids About Deepfakes appeared first on McAfee Blog.
Imagine receiving a call from a loved one, only to discover it’s not them but a convincing replica created by voice cloning technology. This scenario might sound like something out of a sci-fi movie, but it became a chilling reality for a Brooklyn couple featured in a New Yorker article who thought their loved ones were being held for ransom. The perpetrators used voice cloning to extort money from the couple as they feared for the lives of the husband’s parents.
Their experience is a stark reminder of the growing threat of voice cloning attacks and the importance of safeguarding our voices in the digital age. Voice cloning, also known as voice synthesis or voice mimicry, is a technology that allows individuals to replicate someone else’s voice with remarkable accuracy. While initially developed for benign purposes such as voice assistants and entertainment, it has also become a tool for malicious actors seeking to exploit unsuspecting victims.
As AI tools become more accessible and affordable, the prevalence of deepfake attacks, including voice cloning, is increasing. So, how can you safeguard yourself and your loved ones against voice cloning attacks? Here are some practical steps to take:
Voice cloning attacks represent a new frontier in cybercrime. With vigilance and preparedness, it’s possible to mitigate the risks and protect yourself and your loved ones. By staying informed, establishing safeguards, and remaining skeptical of unexpected communications, you can thwart would-be attackers and keep your voice secure in an increasingly digitized world.
The post How to Protect Yourself Against AI Voice Cloning Attacks appeared first on McAfee Blog.
‘Ensure your privacy settings are set to the highest level’ – if you’ve been reading my posts for a bit then you’ll know this is one of my top online safety tips. I’m a fan of ensuring that what you (and your kids) share online is limited to only the eyes that you trust. But let’s talk honestly. When was the last time you checked that your privacy settings were nice and tight? And what about your kids? While we all like to think they take our advice, do you think they have? Or it is all a bit complicated?
Research from McAfee confirms that the majority of us are keen to share our content online but with a tighter circle. In fact, 58% of social media users are keen to share content with only their family, friends, and followers but there’s a problem. Nearly half (46%) do not adjust their privacy settings on their social media platforms which means they’re likely sharing content with the entire internet!
And it’s probably no surprise why this is the case. When was the last time you tried to check your privacy settings? Could you even find them? Well, you are not alone with 55% of survey respondents confessing that they struggled to find the privacy settings on their social media platforms or even understand how they work.
Well, the good news is there is now a much easier way to decide exactly who you want to share with online. Introducing McAfee’s Social Privacy Manager. All you need to do is select your privacy preferences in a few quick clicks and McAfee will then adjust the privacy settings on your chosen social media accounts. Currently, McAfee’s software works with more than 100 platforms including LinkedIn, Google, Instagram, YouTube, and TikTok. It works across Android and iOS devices and on Windows and Mac computers also. The software is part of the McAfee+ suite.
Well, once you’ve got your social media privacy under control – you can relax – but just for a bit. Because there are a few other critical steps you need to take to ensure your online privacy is as protected as possible. Here’s what I recommend:
1. A Clever Password Strategy
In my opinion, passwords are one of the most powerful ways of protecting yourself online. If you have a weak and easily guessed password, you may as well not even bother. In an ideal world, every online account needs its own unique, complex password – think at least 12 characters, a combination of numbers, symbols, and both lower and upper case letters. I love using a crazy sentence. Better still, why not use a password manager that will create a password for you that no human could – and it will remember them for you too! A complete no-brainer!
2. Is Your Software Up To Date?
Software that is out of date is a little like leaving your windows and doors open and wondering why you might have an intruder. It exposes you to vulnerabilities and weaknesses that scammers can easily exploit. I always recommend setting your software to update automatically so take a little time to ensure yours is configured like this.
3. Think Critically Always
I encourage all my family members – both young and old – to always operate with a healthy dose of suspicion when going about their online business. Being mindful that not everything you see online is true is a powerful mindset. Whether it’s a sensational news article, a compelling ‘must have’ shopping deal, or a ‘TikTok’ influencer providing ‘tried and tested’ financial advice – it’s important to take a minute to think before acting. Always fact-check questionable news stories – you can use sites like Snopes. Why not ‘google’ to see if other customers have bad experiences with the shopping site that’s catching your eye? And if that TikTok influencer is really compelling, do some background research. But, if you have any doubts at all – walk away!
4. Wi-Fi – Think Before You Connect
Let’s be honest, Wi-Fi can be a godsend when you are travelling. If you don’t have mobile coverage and you need to check in on the kids then a Wi-Fi call is gold. But using public Wi-Fi can also be a risky business. So, use it sparingly and never ever conduct any financial transactions while connected to it – no exceptions! If you are a regular traveller, you might want to consider using a VPN to help you connect securely. A VPN will ensure that anything you send using Wi-Fi will be protected and unavailable to any potential prying eyes!
Keeping you and your family safe online is no easy feat. It’s time-consuming and let’s be honest sometimes quite overwhelming. If you have 3 kids and a partner and decided to manually update (or supervise them updating) their privacy settings then I reckon you’d be looking at least half a day’s work – plus all the associated negotiation! So, not only will McAfee’s Social Privacy Manager. ensure you and your loved ones have their social media privacy settings set nice and tight, it will also save you hours of work. And that my friends, is a good thing!
The post How Do You Manage Your Social Media Privacy? appeared first on McAfee Blog.
In recent news, Roku, a leading streaming platform, reported that over 591,000 user accounts were affected by credential stuffing attacks. This incident underscores the critical importance of safeguarding your online accounts against cyber threats. Here’s what you need to know to protect yourself and your streaming accounts.
As a proactive security measure, Roku has reset the passwords for all affected accounts. It is also notifying customers about the data leak and is refunding or reversing charges for those with unauthorized charges made by cybercriminals.
Credential stuffing is a type of cyber-attack where hackers use lists of stolen usernames and passwords from other data breaches to gain unauthorized access to user accounts on various platforms. In Roku’s case, hackers exploited this method to compromise over half a million accounts.
Hackers obtain lists of usernames and passwords from previous data breaches or leaks. These credentials are often available for sale on the dark web. They then use automated tools to input these stolen credentials into multiple websites or services, including streaming platforms like Roku. When the stolen credentials match an existing Roku account, the hackers gain access and can potentially take control of the account.
When cybercriminals gain access to your streaming accounts, they can do more than just watch your favorite shows. They may sell your account credentials on the dark web, use your personal information for identity theft, or even lock you out of your own account. This not only compromises your privacy but also puts your financial information at risk if you have payment methods linked to your streaming accounts.
The recent credential-stuffing attack on Roku serves as a stark reminder of the importance of prioritizing online protection in an increasingly digital world. By following best practices such as using strong passwords, enabling two-factor authentication, and staying vigilant about account activity, you can significantly reduce the risk of falling victim to cyber attacks. Protecting your streaming accounts isn’t just about safeguarding your entertainment preferences—it’s about safeguarding your privacy and personal information. Take the necessary steps today with McAfee+ to secure your online accounts and enjoy a safer, more secure streaming experience.
The post How to Protect Your Streaming Accounts: Lessons from Roku’s Data Leak appeared first on McAfee Blog.
Some conversations on social media can get … heated. Some can cross the line into harassment. Or worse.
Harassment on social media has seen an unfortunate rise in recent years. Despite platforms putting in reporting mechanisms, policies, and even using AI to detect and remove harmful speech, people are seeing more and more harassment on social media.
Yet even as it becomes more prevalent, nothing about it is usually. Or acceptable. No, you can’t prevent social media harassment. Yet you can protect yourself in the face of these attacks.
In 2023, research showed that 52% of American adults said they experienced harassment at some point online. That’s up from 40% in 2022. Also in 2023, 33% said they experienced it in the last year, a jump of 10% from 2022.i
The same trend follows for teens, where 51% of them said they experienced harassment in the past year, compared to 36% in the year prior.ii
Earlier research conducted in the U.S. tracked a significant rise in harassment online between 2014 and 2020. This included the doubling or the near doubling of the most severe forms of online harassment.iii
Our own research in 2022 also noted a rise of another kind — worry about online harassment. Globally, 60% of children said they were more worried that year about social media harassment (cyberbullying) compared to the year prior. Their parents showed yet more concern, with 74% of them more worried that year about their child being harassed than the last.iv
Stats are one thing, yet behind each figure stands a victim. Harassment takes a hard toll on its victims — emotional, financial, and sometimes physical. That becomes clear the moment you look at the forms it can take.
Social media harassment includes:
It includes other acts, such as:
In practice, the results can get ugly. Scanning press releases from various state attorneys general, you’ll find unflinching accounts of harassment. Like a targeted, three-year cyberstalking campaign against a victim and that person’s parents, coworkers, siblings, and court-mandated professionals.v Another, where the harasser attempted to defame his victim through a fake LinkedIn profile — and further doxed his victim by publicly posting source code the victim had written worth millions of dollars.vi
All of this serves as a reminder. Harassment can quickly turn into a crime.
The unfortunate fact remains that you can’t prevent social media harassment. Some people simply find themselves driven to do it. You can take several steps to shield yourself from attackers and deny them the info they need to fuel their attacks.
Secure your accounts.
Account security should be a high priority for you, your loved ones, and anyone else. That’s especially true during periods of harassment. Every account you have should be secured with a complex password — at least 12 to 14 characters long, with numbers, capital letters, lowercase letters, and symbols. And with two-factor authentication.
Two-factor authentication is especially important when it comes to account security. The reason is simple: a lot of harassers are tech-savvy, and enjoy taking over a victim’s account to make offensive comments in their name and damage their reputation.
Two-factor authentication prevents account takeovers like this. It requires a user to know the password and username for an account, along with another way they can prove they are who they say they are. Often that involves a code sent to their smartphone that they can use to verify their identity. At McAfee, we recommend you use two-factor authentication on any account that offers it.
Control who can follow you.
Social media platforms offer plenty of ways you can lock down your privacy, even as you remain “social” on them to some degree. Our Social Privacy Manager can help you be as private as you like. It helps you adjust more than 100 privacy settings across your social media accounts in only a few clicks, so your personal info is only visible to the people you want to share it with. By making yourself more private, you deny a potential harasser an important source of info about you, in addition to your friends, family, and life overall.
Limit what you share online.
Limit how much info you share about yourself on social media websites. Addresses, phone numbers, and locations shouldn’t be shared in posts and shouldn’t be included in biographies. Attackers can use this type of info to make false threats and, in some cases, falsify crimes to elicit a police response — this is a technique called “SWATTING” and it’s quite serious.vii
In some instances, harassers gather info about their victims on data brokers or “people finder” sites. Some of this info can get pretty detailed, and these sites will sell it to anyone. You can clean up that info, however. Our Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites — or remove it for you, depending on your plan.
Report the harassment to the social media platform.
If you find yourself targeted, don’t respond. That’s what the harasser wants. Use your social media platform’s tools to block and then report the harasser. Many platforms have web pages dedicated to harassment that walk you through the process.
Report harassment to the authorities.
First off, if you feel that you are in immediate danger, contact your local authorities for help.
In many cases, harassment is illegal. Slander, threats, damage to your professional reputation, doxing, and many of the examples mentioned earlier can amount to a crime. There are options for victims, legally speaking. If you feel a harassment campaign has crossed the line, then it’s time to contact the authorities. Bring proof of harassment. Take screenshots of everything and submit them as part of your complaint.
Talk with trusted family members and friends.
We’ve seen just how damaging and painful harassment can be. Let trusted people in your life know what’s happening. Lean on them for support. And have them help you find any resources you might need in the wake of harassment, such as counseling or even legal assistance. You might find this tough to do, yet realize that you’re not at fault here. Any ugliness you’re dealing with comes from the hands of a harasser. Not yours. Close family and friends will recognize this.
[i] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[ii] https://www.adl.org/resources/report/online-hate-and-harassment-american-experience-2023
[iii] https://www.pewresearch.org/internet/2021/01/13/the-state-of-online-harassment/
[vii] https://www.theguardian.com/technology/2016/apr/15/swatting-law-teens-anonymous-prank-call-police
The post How to Protect Yourself From Social Media Harassment appeared first on McAfee Blog.
In a world where digital communication dominates, the art of scamming has evolved into a sophisticated game of deception. A recent story in The Cut featured a seasoned personal finance journalist falling prey to an Amazon scam call and being duped out of a staggering $50,000. The story serves as a stark reminder that anyone, regardless of their expertise or background, can become a victim of vishing. Short for “voice phishing,” vishing is a form of cybercrime where scammers use phone calls to deceive individuals into revealing personal or financial information.
Contrary to common belief, it’s not just the elderly or technologically naive who fall victim to such schemes. One national survey found that only 15% of Gen Z and 20% of millennials express concern about falling victim to financial fraud. However, the Federal Trade Commission paints a different picture, indicating that younger adults are over four times more likely to report losing money to fraud than older adults. This dissonance highlights the need for heightened awareness and education across all age groups.
Vishing is a form of fraud that exploits the trust we place in phone calls. It operates through various strategies, all aimed at tricking victims. For example, wardialing involves automated systems dialing phone numbers to find vulnerable targets. VoIP, or Voice over Internet Protocol, allows scammers to make calls over the internet, often making it harder to trace them.
Caller ID spoofing is another tactic where scammers manipulate the caller ID to display a trusted or familiar number, tricking recipients into answering. These techniques create a false sense of legitimacy, making it difficult for individuals to distinguish between real and fraudulent calls.
Vishing exploits trust and naivety to obtain sensitive information or conduct unauthorized transactions. Humans have always been vulnerable to scams, but the abundance of personal data available on the dark web, obtained from various data breaches and leaks, has significantly heightened the threat. For example, LinkedIn experienced a data breach in 2021 that exposed data from 700 million users on a dark web forum.
A data breach like that presents scammers with a treasure trove of details about potential victims, enabling them to personalize their attacks with alarming precision. By incorporating specific details gleaned from these data sources, scammers can craft convincing narratives and establish a false sense of trust and credibility with their targets. Consequently, even individuals who exercise caution in safeguarding their personal information may find themselves vulnerable to vishing scams.
As a result, individuals must remain vigilant and adopt comprehensive security practices. Familiarizing oneself with the telltale signs of a scam call is the first line of defense. Be wary of:
If an unsolicited call seems suspicious, hang up the phone. Verify the caller’s legitimacy through independent channels, such as contacting the organization directly using a trusted phone number. In addition to recognizing signs of scam calls, implementing call-blocking technologies or screening unknown numbers can reduce exposure to potential scams. McAfee Mobile Security’s call blocker feature can be employed to diminish the volume of incoming calls.
The alarming reality is that vishing knows no bounds and can affect any age or demographic. The unfortunate ordeal of the seasoned journalist losing $50,000 serves as a sobering reminder of the perils lurking behind seemingly innocuous phone calls. Vishing demands vigilance and awareness. Security software and apps can significantly increase the overall security of your phone by detecting and preventing various threats, such as malware, phishing attempts, and unauthorized access to sensitive information.
By adopting proactive measures, we can fortify our defenses against vishing scams and safeguard our financial well-being. Stay informed, stay vigilant, and stay protected.
The post A Finance Journalist Fell Victim to a $50K Vishing Scam – Are You Also at Risk? appeared first on McAfee Blog.
In today’s digital landscape, distinguishing between legitimate communications and phishing attempts can feel like navigating a labyrinth blindfolded. Phishing is a deceptive tactic where cybercriminals use fraudulent emails, texts, or messages to trick individuals into revealing sensitive information or clicking on malicious links. And let’s not forget its crafty sibling, “smishing” – the text message iteration of this digital charade.
Now that most brands and even government agencies communicate with consumers via text or email, it’s hard to know whether a message is legit or not. Consider the United States Postal Service, which should be solely focused on dependable package delivery, yet is frequently tasked with warning individuals against clicking on links from unsolicited messages impersonating the postal service.
Many people are concerned that they’ll unwittingly open an official-looking email or text only to become victims of a scam. Fortunately, there are steps you can take to educate yourself and establish safeguards against phishing and smishing attempts.
Here are five steps for staying cyber savvy and protecting yourself from phishing scams:
In a world where even simple emails and text messages can harbor malevolent intent, it’s crucial to fortify yourself with knowledge and vigilance. Using multifactor authentication and learning how to spot scam messages will help you avoid scams. If you want additional protection, our AI-powered Scam Protection scans text messages and alerts users or filters out the text if it detects a scam link. The software also blocks links from scam emails, texts, and social media messages in the event you accidentally click one. It’s not always easy to spot phishing scams, but we can help by providing that first — and second line of defense.
The post Stay Cyber Savvy: Your 5-Step Guide to Outsmarting Phishing Scams appeared first on McAfee Blog.
While last-minute tax filers stare down the clock, scammers look for easy pickings. Tax scams are in full swing as April 15th approaches, and we have a rundown of the top ones making the rounds this year.
For starters, the stakes this year remain the same as ever. Scammers are taking advantage of the stress and uncertainty that comes with tax season as they target people’s personal info, money, or both. Their avenues of attack remain the same as well, via email, texts, direct messages, and the phone.
Yet there’s a new wrinkle this year. Scammers have tapped into AI tools that make their scams look and feel far more sophisticated than ever.
We saw the first stirrings of AI-driven scams last year as AI tools first entered the marketplace. This year, AI-driven scams feature more and more in the landscape of threats. Scammers use them to generate images, write copy, and build websites in a fraction of the time that it once took. While they still make some of the design and writing mistakes they’ve made in the past, they make far fewer of them.
We have a couple of tax scams to share from the many we’ve uncovered. The first one involves a popular brand of tax software here in the U.S.
Example of a scammer email
At first blush, this bogus email looks pretty legit. At first. The layout, photograph, and link all look like standard fare for an email. Though looking more closely, you can spot several AI fingerprints all over it.
For one, big brands like TurboTax have writers, editors, and reviewers who comb over copy before it gets approved for release. Here, the headline breaks a pretty standard formatting rule. In “headline case” writing, the “with” should be lowercase. Sure, mistakes get made, and this might be one example. Yet the problems go deeper than that.
Read the fine print. You’ll see that the grammar is off. The paragraph overall has a broken feel to it. You’ll also see that the copy mentions “market leader” twice — and awkwardly so. And what company mentions its competitors in an email like this? They’re not out to boost competitors.
Lastly, the email spells out the company’s name wrong in the fine print. It’s “TurboTax,” not “Turbo Tax with License Code.” All of this points to an obvious fake. But only by looking closely at it. It’s as if the scammers prompted an AI chatbot with “Describe what TurboTax is” and got this as a response.
Granted, that represents an example of rather sloppy work. The next example looks more convincing. This time, the scammers impersonate the IRS:
Example of a scammer website
We discovered this fake IRS site when our McAfee Labs team investigated a link sent in an email. The bait is the promise of getting a tax ID number for a business or organization. The hook is this bogus site designed to harvest personal and business info.
If you’ve visited the IRS site recently, you’ll recognize the look and feel of an IRS webpage quickly. It seems familiar enough, yet once again a closer look reveals a few things.
First, a small grammatical error rears its head in the copy. The term “setup” is a noun, yet the copy uses it as a verb. It should read “set up” instead. Granted, this is a common error. Many sites make it, yet it’s a red flag nonetheless. Next, the contact method in the top right raises yet another. Contact “an EIN expert” via email during set hours? Set hours are for phone calls, not email.
We omitted the final telltale sign — the URL. It was clearly a fake and not the official irs.gov address.
In all, it shows just how cagey tax scammers can be today. Particularly with AI. It puts a fresh look on some old tactics, making scams tougher to spot.
Sketchy email attachments — the five most popular types.
This classic is back. Scammers spread all manner of malware with email attachments. One example: spyware that steals info as you type usernames and passwords as you log into your accounts. Another: ransomware that holds the data on your device hostage until you pay. Maybe. The list goes on, yet scammers always try to package it up in a way that looks legit.
One way they pull that off is with a phony tax document bundled up in a .pdf document. In fact, the .pdf format marks the number one file type that hackers and scammers use in their attacks. By our count, it tops the number two file type by a ratio of roughly 6 to 1.
Here are the top five file types used by scammers and hackers:
What makes the .pdf format so popular? People trust it. It gets commonly used in business, and many legitimate tax forms come in that format. However, it also offers a versatile platform for exploits. Hackers and scammers can embed malicious links and content within them. So clicking what’s inside that .pdf doc can lead to trouble, say in the form of a malicious website designed to steal personal info.
Starting in the second half of last year, we noted a spike in malicious attachments that used the .pdf format. Another reason that makes .pdf files so popular, email filters tend to focus on other file types like the executable .exe format. So, a .pdf has a better shot at slipping through.
Our advice:
As always, strong antivirus software can detect and protect you from malicious email attachments. Our Next-gen Threat Protection found in all our McAfee+ plans once again proves itself as a top option for antivirus. Results from the independent lab AV-TEST in December 2023 saw it block 100% of entirely new malware attacks in real-world testing. It likewise scored 100% against malware discovered in the previous four weeks. In all, it received the highest marks for protection, performance, and usability — earning it the AV-TEST Top Product certification.
Tax time phishing scams.
Phishing scams crop up in plenty of places and take plenty of forms. As in years past, we see scammers cranking up their bogus texts, direct messages, and emails. They all follow the tax season theme, yet they take different approaches to roping in victims. Some include:
Additionally, many phishing attacks point people to malicious websites — once again that steal personal info. We’ve seen a spike in malicious tax-related URLs starting in the second half of last year as well.
Our advice:
You can absolutely protect yourself from phishing scams. Now with the help of AI. McAfee Scam Protection detects suspicious URLs with AI before they’re opened or clicked on. This takes the guesswork out of those sometimes convincing-looking messages by letting you know if they’re fakes. If you accidentally click or tap on a suspicious link in a text, email, social media, or browser search, it blocks the scam site from loading. You’ll find McAfee Scam Protection across our McAfee+ plans.
Fake charity scams also crop up this time of year.
Whether it’s for natural disaster aid, aiding refugees in war-torn regions, or even protecting animals and pets, scammers set up phony charities with the aim of pulling heartstrings. And then stealing money as a result.
Scammers reach out with the usual methods, by email, text, direct message, and sometimes phone calls as well. They all share one thing in common. They all give potential victims a chance to support a cause that they care for and get a tax credit in return. Yet with these scams, the charity doesn’t exist. Instead, money and personal info end up in the hands of scammers.
Our advice:
Yet you have several ways you can spot a fake charity. For one, the message often has a pressing, almost alarming, tone. One that urges you to “act now.” Before acting, take a moment. Research the charity. See how long they’ve been in operation, how they put their funds to work, and who truly benefits from them.
Likewise, note that some charities pass along more money to their beneficiaries than others. Generally, most reputable organizations only keep 25% or less of their funds for operations, while some less-than-reputable organizations keep up to 95% of funds, leaving only 5% for advancing the cause they advocate. In the U.S., the Federal Trade Commission (FTC) has a site full of resources so that you can make your donation truly count. Resources like Charity Watch and Charity Navigator, along with the BBB’s Wise Giving Alliance can also help you identify the best charities.
Keep an ear out for scam calls.
Scammers like to pick up the phone too. A popular form of attack involves “the call from the IRS.” Typically, a recorded message notifies the recipient that they owe money. And because scammers know just how jarring a call from the IRS can be, they apply heavy pressure in the message.
In the past, we’ve heard messages that threatened fines, jail time, and revoking driver’s licenses. They’ve mentioned the police and other law enforcement agents in them as well, just to turn up the heat.
Now with AI, scammers can create robocalls that sound highly realistic in only moments of time. It’s as simple as writing a few lines of a script, feeding it into an AI tool, and then generating an audio file. No need for another person to record the message. AI takes care of it all.
Our advice:
The best way you can avoid falling for this scam is by knowing what the IRS will and will not do when they contact you. From the irs.gov website, the IRS will not:
Lastly, also know that the IRS is here to help. The agency offers a full help page with online resources, along with several ways you can contact the IRS for help. If you have any questions about a notification that you received, contact them.
While scammers have a wealth of tools available to them, you have one tool that protects you from all kinds of threats. Comprehensive online protection software like McAfee+ offers yet more ways to steer clear of tax scams.
In addition to the antivirus and scam protection features we mentioned, it can make you more private on social media, which can prevent scammers from profiling you. It can also remove your personal info from the data broker sites scammers use to contact their victims. (Granted, scammers have to get your contact info from somewhere, and these sites offer that info, plus much more.) Also, a VPN can help you connect and file your taxes even more securely, so what you do stays private.
And if the unfortunate happens, our identity theft coverage can help you recover. It provides $2 million in identity theft coverage and a licensed recovery expert who can help restore your identity.
Yes, we’re seeing plenty of old scams with new twists this year. Yet the same ways you can protect yourself from them only get better and better.
The post The Top Tax Scams of 2024 appeared first on McAfee Blog.
It’s that time of year again – tax season! Whether you’ve already filed in the hopes of an early refund or have yet to start the process, one thing is for sure: cybercriminals will certainly use tax season as a means to get victims to give up their personal and financial information. This time of year is advantageous for malicious actors since the IRS and tax preparers are some of the few people who actually need your personal data. As a result, consumers are targeted with various scams impersonating trusted sources like the IRS or DIY tax software companies. Fortunately, every year the IRS outlines the most prevalent tax scams, such as voice phishing, email phishing, and fake tax software scams. Let’s explore the details of these threats.
So, how do cybercriminals use voice phishing to impersonate the IRS? Voice phishing, a form of criminal phone fraud, uses social engineering tactics to gain access to victims’ personal and financial information. For tax scams, criminals will make unsolicited calls posing as the IRS and leave voicemails requesting an immediate callback. The crooks will then demand that the victim pay a phony tax bill in the form of a wire transfer, prepaid debit card or gift card. In one case outlined by Forbes, victims received emails in their inbox that allegedly contained voicemails from the IRS. The emails didn’t actually contain any voicemails but instead directed victims to a suspicious SharePoint URL. Last year, a number of SharePoint phishing scams occurred as an attempt to steal Office 365 credentials, so it’s not surprising that cybercriminals are using this technique to access taxpayers’ personal data now as well.
In addition to voice phishing schemes, malicious actors are also using email to try and get consumers to give up their personal and financial information. This year alone, almost 400 IRS phishing URLs have been reported. In a typical email phishing scheme, scammers try to obtain personal tax information like usernames and passwords by using spoofed email addresses and stolen logos. In many cases, the emails contain suspicious hyperlinks that redirect users to a fake site or PDF attachments that may download malware or viruses. If a victim clicks on these malicious links or attachments, they can seriously endanger their tax data by giving identity thieves the opportunity to steal their refund. What’s more, cybercriminals are also using subject lines like “IRS Important Notice” and “IRS Taxpayer Notice” and demanding payment or threatening to seize the victim’s tax refund.
Cybercriminals are even going so far as to impersonate trusted brands like TurboTax for their scams. In this case, DIY tax preparers who search for TurboTax software on Google are shown ads for pirated versions of TurboTax. The victims will pay a fee for the software via PayPal, only to have their computer infected with malware after downloading the software. You may be wondering, how do victims happen upon this malicious software through a simple Google search? Unfortunately, scammers have been paying to have their spoofed sites show up in search results, increasing the chances that an innocent taxpayer will fall victim to their scheme.
Money is a prime motivator for many consumers, and malicious actors are fully prepared to exploit this. Many people are concerned about how much they might owe or are predicting how much they’ll get back on their tax refund, and scammers play to both of these emotions. So, as hundreds of taxpayers are waiting for a potential tax return, it’s important that they navigate tax season wisely. Check out the following tips to avoid being spoofed by cybercriminals and identity thieves:
File before cybercriminals do it for you. The easiest defense you can take against tax season schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post How to Steer Clear of Tax Season Scams appeared first on McAfee Blog.
Four in ten Americans say they use peer-to-peer payment services, like Venmo, PayPal, or Apple Pay, at least once a month. These platforms have made it even easier to send money by adding QR codes that people can quickly scan to pull up someone’s profile and complete a payment. Two-thirds of restaurants have started including QR codes on tables to access menus. Scanning QR codes has become a normal, convenient way to exchange money or information.
Unfortunately, scammers are always looking for ways to take advantage of moments when people are primed to part with their money. The Federal Trade Commission is warning that scammers now use QR codes to hide harmful links to steal personal information. This new type of phishing attack, called “quishing,” highlights how scamming methods are constantly changing. In response, artificial intelligence (AI) is becoming an even more crucial part of defending against scammers.
To protect yourself against phishing attacks, it’s crucial to remain vigilant and employ proactive measures. Make sure to scrutinize all incoming emails, text messages, or social media communications for any signs of suspicious or unsolicited requests, especially those urging immediate action or requesting sensitive information.
Avoid clicking links, downloading attachments, or scanning QR codes from unknown or untrusted sources. Check the legitimacy of the sender by cross-referencing contact information with official sources or contacting the organization directly through trusted channels.
Before accepting where a QR code is going to take you, carefully examine the associated URL. Verify its authenticity by scrutinizing for any discrepancies, such as misspellings or altered characters, especially if it resembles a familiar URL.
Safeguard your mobile device and accounts by regularly updating the operating system. Additionally, bolster the security of your online accounts by implementing robust passwords and integrating multi-factor authentication measures to thwart unauthorized access.
As fraudsters continually evolve their tactics, distinguishing between what’s real and what’s fake becomes increasingly challenging. However, there is formidable technology available to safeguard against their schemes. AI can analyze vast amounts of data in real-time to detect patterns and anomalies indicative of fraudulent behavior. By continuously learning from new data and adapting algorithms, AI can stay ahead of evolving fraud tactics.
The McAfee+ suite of identity and privacy protections uses AI for identity protection, transaction monitoring, credit monitoring, and proactive Scam Protection to keep you safe from even the most sophisticated scam attempts. Scam Protection employs AI technology to block risky sites, serving as a secondary defense against accidental clicks on spam links. This ensures that even after being tricked into clicking, your device won’t open the fraudulent site.
Don’t leave your digital defenses to chance. See for yourself what advanced security looks like today.
The post How to Protect Against New Types of Scams Like QR Phishing appeared first on McAfee Blog.
Scammers are turning a buck on the eclipse. A rash of eclipse scams have appeared online, many involving the sale of unsafe viewers and solar eclipse glasses.
With the eclipse making its way from Texas, through the Midwest, and up through the Northeast on April 8th, people increasingly want to get their hands on equipment to view it. And as it always is when it comes to big events and scarcity, scammers rush in.
A map of the eclipse path – GreatAmericanEclipse.com
As such, the Better Business Bureau (BBB) issued a consumer warning about the sale of cheap, knockoff solar eclipse glasses.i Worse yet, viewing the eclipse with these bogus glasses can harm your eyes. So as if getting ripped off wasn’t bad enough, this scam can damage a person’s vision.
Here, we’ll put you on the path to buying a safe set of viewing glasses — and offer several ways you can avoid buying knockoffs from a scammer.
The American Astronomical Society has a list you’ll find helpful. With a visit to their page dedicated to suppliers of solar filters and viewers, you’ll have your pick of places where you can purchase. The list is long, featuring a mix of online and retail outlets where you can get safe, approved gear for viewing.
Also, check out the society’s page on safe viewing for the eclipse. It covers what you need to know to view the eclipse safely, from how to use a viewer, the ISO 12312-2 standard that all viewers must adhere to, and how to properly clean viewers so they remain safe.
How do so many scams ramp up so quickly for such a highly specific event? It doesn’t take much to spin up e-commerce sites and pump out ads nowadays. Thanks to a host of low-cost and easy-to-use tools for publishing and advertising online, scammers of all sizes can create bogus shopping experiences much more quickly than ever.
And as we’ve discussed so often in our blogs as of late, scams look and feel increasingly sophisticated today. AI gives scammers ready access to design tools, audio and video creation tools, copywriting bots, and more. Then add in the ease with which scammers can post their ads in search and on social media, and they have quick and ready ways of reaching potential victims.
Even so, a few extra steps and a bit of caution can help you avoid these scams.
1. Stick with known, legitimate retailers online.
This is a great piece of advice to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the BBB asks shoppers to do their research. Ensure that the retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search by typing in their name.
2. Research new sellers for their history and reviews.
Never heard of that retailer before? See when they launched their website. A relatively new site might be a sign that it’s part of a scam.
A quick visit to the ICANN (Internet Corporation for Assigned Names and Numbers) website can show you certain background info for any website you type in. Given how quickly and easily scammers can register and launch a website, this kind of info can help you sniff out a scam.
Of course, it might also indicate a new business that’s entirely legitimate, so a little more digging is called for. That’s where reviews come in. Aside from the resources listed above, a simple web search of “[company name] reviews” or “[company name] scam” can help you discover if the retailer is legit.
3. Look for the lock icon in your browser when you shop.
Secure websites begin their addresses with “https,” not just “http.” That extra “s” stands for “secure,” which means that it uses a secure protocol for transmitting sensitive info like passwords, credit card numbers, and the like over the internet. It often appears as a little padlock icon in the address bar of your browser, so double-check for that. If you don’t see that it’s secure, it’s best to avoid making purchases on that website.
4. Pay with a credit card instead of your debit card.
Credit cards offer fraud protections that debit cards don’t. Another key difference: when fraud occurs with a debit card, you fight to get your money back — it’s gone straight out of your account. With a credit card, the issuer fights to get their money back. They’re the ones who take the financial hit.
Additionally, in the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. The act gives citizens the power to dispute charges over $50 for goods and services that were never delivered or otherwise billed incorrectly. Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well. However, debit cards aren’t afforded the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
5. Protect your devices for shopping.
A complete suite of online protection software like McAfee+ can offer layers of extra security while you shop. It includes scam protection that can block malicious and questionable links that might lead you down the road to malware or a phishing scam — along with a password manager that can create and securely store strong, unique passwords.
If you have some last-minute bookings and travel in your plans for the eclipse, look out for online rental fraud scams. With a few images cobbled together from the internet, scammers list phony properties and seek to get paid outside legitimate rental platforms — leaving you short of funds and short of a place to stay when you finally arrive.
You can avoid these scams rather easily. Trust a trusted platform. Book your vacation rental through a reputable outlet. Vacation rental platforms like Airbnb and VRBO have policies and processes in place that protect renters from scammers.
You have several other ways you can avoid booking scams …
First, look at the listing.
Do the photos look grainy or like they came from a magazine? Do a reverse image search on the photo and see what comes up. It might be a piece of stock photography designed to trick you into thinking it was taken at an actual property for rent. Also, read the reviews for the property. Listings with no reviews are a red flag.
Only communicate on the platform.
The moment a host asks to communicate outside of the platform is another red flag. Scammers will try to lure you off the platform where they can request payment in forms that are difficult to recover or trace after you realize you’ve been scammed. That includes methods such as certified checks, money transfers like Western Union, and online payment apps like Zelle. Generally, when that money is gone, it’s gone for good.
Only pay on the platform.
Likewise, paying for your rental outside the platform might also go against the terms of service, as in the case of Airbnb. Or, as with VRBO, paying outside the platform voids their “Book with Confidence Guarantee,” which offers you certain protections. Use the platform to pay and use a credit card when you do. In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing.
With big events comes scarcity. Postseason sports and merch. Holiday shopping and hot gifts. Vacation time and rentals at popular destinations. Scammers love this combination. With people in a rush to buy or book, scammers take advantage. As we now see, we can add eclipses to that list, just as we saw with the 2017 eclipse.
In addition to the advice above, take your time and ensure a safe purchase. Given that variants of this scam involve phony, unsafe viewing glasses, take the extra care that your vision absolutely deserves. Go with a reputable retailer with ISO-approved lenses.
The post How to Avoid Solar Eclipse Scams appeared first on McAfee Blog.
Smartphones have enabled a whole new digital world, where apps are gateways to just about any service imaginable. However, like many technological developments, mobile app proliferation can be a bit of a two-edged sword. A report analyzing more than 1 billion smartphone transactions found 45,000 malicious mobile apps, many of which were in the gaming category.
From ad fraud to taking advantage of embedded system security issues, fraudsters are consistently targeting smartphone apps. The trouble is that it’s not always immediately clear which apps pose a threat in a world where one in 36 mobile apps are considered high-risk.
These security concerns require a proactive approach with the ability to spot the signs of fraud or malice so that those apps can be avoided from the get-go. That’s where the four Rs of personal mobile security come into play.
Review
Staying informed about common scam tactics and emerging threats through reliable cybersecurity resources can empower consumers to make informed decisions and recognize potential risks more effectively. Our annual Consumer Mobile Threat Report always gives up-to-date information about the cyberattack landscape.
Understanding what a malicious or scam app looks like can help you avoid downloading a fraudulent app. For example, many fraud apps have very short descriptions or reviews from people who have previously been duped. In addition to scrutinizing the descriptions and reviews of apps, it’s essential to download apps only from trusted sources such as official app stores like Google Play Store or Apple App Store. Third-party app stores or unknown websites may host malicious apps.
Re-check
Fraudsters excel at creating seemingly legitimate apps to carry out scams, often by deploying deceptive tactics such as requesting unnecessary permissions or operating stealthily in the background. Exercise caution and conduct thorough checks of device settings whenever installing a new app.
It’s also essential to remain vigilant for indicators of suspicious activity, especially if you may have installed apps without security checks in the past. Be on the lookout for anomalies, such as unauthorized subscriptions, unfamiliar social media logins, or unusually rapid battery drain, which could signal the presence of fraudulent apps operating without their knowledge. Some malicious apps may also consume data in the background, leading to unusual spikes in data usage. Regularly monitoring data usage can help individuals detect and address any unauthorized app activity.
Revoke
Over time, it’s easy to inadvertently grant excessive permissions to apps or connect accounts to services that you no longer use or trust. This can create vulnerabilities that malicious actors could exploit to gain unauthorized access to sensitive information.
Conduct an app review on your phone and revoke permissions or access granted to apps or services that are no longer needed or trusted. It’s essential to regularly audit and remove unnecessary permissions, apps, or connections to minimize the potential attack surface and reduce the risk of unauthorized access.
Reinforce
Reinforce your security posture with modern tools. Antivirus software remains a cornerstone of digital defense, offering proactive detection and mitigation of various threats, including malware, ransomware, and phishing attempts. For enhanced protection, consumers can opt for comprehensive security suites such as McAfee+, which not only includes antivirus capabilities but also integrates features like firewall protection, secure browsing, and identity theft prevention.
By leveraging these advanced security solutions, users can significantly reduce their vulnerability to cyberattacks and safeguard their personal and sensitive information effectively. Additionally, staying informed about emerging threats and regularly updating security software ensures ongoing resilience against evolving cyber threats in today’s dynamic digital landscape.
The post The Four Rs of Personal Mobile Security appeared first on McAfee Blog.
With the rise of cheap and easy-to-use AI tools, deepfake attacks find themselves likewise on the rise. Startling as that news might sound, you have several ways of falling victim to one.
Right now, we’re seeing plenty of AI voice cloning tools used in deepfake attacks. These attacks work much like classic targeted phishing attacks, also known as “spearphishing,” given the precision scammers use to pull them off.
It works like this:
A scammer identifies a target, gathers info on them, and then uses that info against them in a deepfake attack. With info gathered from their social media profiles, public records, “people finder” sites, and data broker sites, scammers create convincing-sounding messages with AI voice-cloning tools.
All they need is a script and a sample of a person’s voice that they want to impersonate — pulled from, say, YouTube, a social media video, a conference call, what have you. Just a few minutes does the trick, creating a voice clone that requires an expert to detect.
Between an uncanny voice clone and a script peppered with all kinds of personal details, these deepfake messages sound legit.
Moreover, scammers use another tool to get their victims to act. Urgency. They play on people’s emotions so that they’ll take the bait in the head of the moment. Imagine a deepfake message that sounds like it’s from a friend or family member. Their car broke down in the middle of nowhere and they need money for a repair or they run into trouble while traveling abroad and likewise need money to get out of a jam. In all, the voice clone says it needs help and needs it now.
Before the victim knows it, they’ve readily handed over funds, personal info, or both to a scammer — which leads to things like identity theft and fraud.
As these attacks started cropping up last year, we surveyed people worldwide to get a sense of just how often they occur. Out of 7,000 people surveyed, one in four said that they had experienced an AI voice cloning scam or knew someone who had.
Moreover, those attacks came at a cost. Of the people who reported losing money to an audio deepfake, 36% said they lost between $500 and $3,000, while 7% got taken for sums anywhere between $5,000 and $15,000.
Again, as even as convincing as these deepfake messages might sound, you can keep yourself safer from these attacks. It starts with keeping your personal info out of the hands of scammers.
Make your social media more private. Our new McAfee Social Privacy Manager personalizes your privacy based on your preferences. It does the heavy lifting by adjusting more than 100 privacy settings across your social media accounts in only a few clicks. This makes sure that your personal info is only visible to the people you want to share it with. It also keeps it out of search engines where the public, and scammers, can see it.
Remove your info from data brokers that sell it. McAfee Personal Data Cleanup helps you remove your personal info from many of the riskiest data broker sites out there. Running it regularly can keep your name and info off these sites, even as data brokers collect and post new info. Depending on your plan, it can send requests to remove your data automatically.
Delete your old accounts. Yet another source of personal info comes from data breaches. Scammers use this info as well to complete a sharper picture of their potential victims. With that, many internet users can have over 350 online accounts, many of which they might not know are still active. McAfee Online Account Cleanup can help you delete them. It runs monthly scans to find your online accounts and shows you their risk level. From there, you can decide which to delete, protecting your personal info from data breaches and your overall privacy as a result.
Set a verbal password with your friends and family. Several deepfake attacks involve an urgent voice message from a friend or family member. Setting a verbal password like you do with banks and alarm companies can help determine if a message is real or fake. Make sure everyone knows and uses it in messages when they ask for help.
Typically, deepfake attacks lead to some kind of fraud. Victims hand over money, personal info, credit card numbers, and gift cards after being taken in by the fraudster. So while deepfakes are new, the attack itself plays out like an age-old con game. With the age-old results. Given that, recovering from a deepfake attack follows the same steps it takes to recover from practically any type of fraud.
File a police report.
Someone stole from you. Treat fraud like the crime it is. Start by contacting law enforcement to file a report. Your local police department can issue a formal report, which you might need to get your bank or other financial institution to reverse fraudulent charges.
Before contacting the police, gather all the relevant info about what happened. This could include the dates and times of fraudulent activity and any account numbers affected. Bringing copies of your bank statements can be useful. Also, make note of any suspicious activity that might be related. For example, was your debit card recently lost or your email hacked? The police will want to know.
Notify the companies involved.
Depending on how you responded to the deepfake, the companies involved might include banks, credit card companies, the providers of gift cards, and other money transfer services. Each will have a method of reporting fraud. Some might offer ways to reverse the charges or recoup the funds. But not always. Scammers ask for payment in gift cards and money transfers for a reason. They’re as good as cash. After that money is gone, it’s likely gone for good.
In the U.S., File a report with the Federal Trade Commission.
In the U.S., the Federal Trade Commission (FTC) hosts IdentityTheft.gov where you can further report such crimes. Along with the details you provide, it can create a free recovery plan you can use to address the effects of identity theft, like contacting the major credit bureaus or alerting the Internal Revenue Service (IRS) fraud department. You can report your case online or by calling 1-877-438-4338.
For another excellent resource from the FTC, you can visit their page dedicated to scam recovery. It offers detailed guidance for several types of scams and what to do if you fall victim to one.
And outside of the U.S.
Our knowledge base article on identity theft offers suggestions for the specific steps you can take in specific countries, along with helpful links for local authorities that you can turn to for reporting and assistance.
Put a freeze on your credit to prevent further theft.
A credit freeze is another smart move, which you can do through each of the three major credit bureaus. You can either call them or start the process online. This prevents people from accessing your credit report. Lenders, creditors, retailers, landlords, and others might want to see your credit as proof of financial stability. For example, if someone tries to open a phone contract under your name, the retailer might check the credit report. If there is a credit freeze in place, they won’t be able to view it and won’t issue the contract. If you need to allow someone access to your credit report, you can temporarily lift the freeze. And depending on your plan, you can issue a credit freeze or an even more comprehensive security freeze right from the McAfee app.
Use identity theft coverage to recover from deepfake fraud.
Having coverage in place before an attack can save you time and money should the unexpected happen. Our Identity Theft & Restoration Coverage can help. It offers $2 million in coverage and assistance from a licensed identity restoration pro who can repair your identity and your credit after an attack.
The post Are You a Victim of a Deepfake Attack? Here’s What to Do Next appeared first on McAfee Blog.
As taxpayers prepare their returns for April 15th, scammers prepare too. They see tax season as high time to run all kinds of scams and identity theft schemes.
Fake accountants, fake tax software, robocalls, and more all make the list. We’ll give you a look at what’s happening out there right now. And we’ll run down several ways you can keep safe.
A commonly used tactic involves hackers posing as collectors from the IRS, as tax preparers, or government bureaus. This tactic is pretty effective due to Americans’ concerns about misfiling their taxes or accidentally running into trouble with the IRS. Scammers take advantage of this fear, manipulating innocent users into providing sensitive information or money over the phone or by email. And in extreme cases, hackers may be able to infect computers with malware via malicious links or attachments sent through IRS email scams.
Another tactic used to take advantage of taxpayers is the canceled social security number scam. Hackers use robocalls claiming that law enforcement will suspend or cancel the victim’s Social Security number in response to taxes owed. Often, victims are scared into calling the fraudulent numbers back and persuaded into transferring assets to accounts that the scammer controls. Users need to remember that the IRS will only contact taxpayers through snail mail or in person, not over the phone.
Another scam criminals use involves emails impersonating the IRS. Victims receive a phishing email claiming to be from the IRS, reminding them to file their taxes or offering them information about their tax refund via malicious links. If a victim clicks on the link, they will be redirected to a spoofed site that collects the victim’s personal data, facilitating identity theft. What’s more, a victim’s computer can become infected with malware if they click on a link with malicious code, allowing fraudsters to steal more data.
Scammers also take advantage of the fact that many users seek out the help of a tax preparer or CPA during this time. These criminals will often pose as professionals, accepting money to complete a user’s taxes but won’t sign the return. This makes it look like the user completed the return themselves. However, these ghost tax preparers often lie on the return to make the user qualify for credits they haven’t earned or apply changes that will get them in trouble. Since the scammers don’t sign, the victim will then be responsible for any errors. This could lead to the user having to repay money owed, or potentially lead to an audit.
While these types of scams can occur at any time of the year, they are especially prevalent leading up to the April tax filing due date. Consumers need to be on their toes during tax season to protect their personal information and keep their finances secure. To avoid being spoofed by scammers and identity thieves, follow these tips:
File before cybercriminals do it for you. The easiest defense you can take against tax seasons schemes is to get your hands on your W-2 and file as soon as possible. The more prompt you are to file, the less likely your data will be raked in by a cybercriminal.
Keep an eye on your credit and your identity. Keeping tabs on your credit report and knowing if your personal information has been compromised in some way can help prevent tax fraud. Together, they can let you know if someone has stolen your identity or if you have personal info on the dark web that could lead to identity theft.
Beware of phishing attempts. It’s clear that phishing is the primary tactic crooks are leveraging this tax season, so it’s crucial you stay vigilant around your inbox. This means if any unfamiliar or remotely suspicious emails come through requesting tax data, double check their legitimacy with a manager or the security department before you respond. Remember: the IRS will not initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial info. So someone contacts you that way, ignore the message.
Watch out for spoofed websites. Scammers have extremely sophisticated tools that help disguise phony web addresses for DIY tax software, such as stolen company logos and site designs. To avoid falling for this, go directly to the source. Type the address of a website directly into the address bar of your browser instead of following a link from an email or internet search. If you receive any suspicious links in your email, investigating the domain is usually a good way to tell if the source is legitimate or not.
Protect yourself from scam messages. Scammers also send links to scam sites via texts, social media messages, and email. McAfee Scam Protection can help you spot if the message you got is a fake. It uses AI technology that automatically detects links to scam URLs. If you accidentally click, don’t worry, it can block risky sites if you do.
Clean up your personal info online. Crooks and scammers have to find you before they can contact you. After all, they need to get your phone number or email from somewhere. Sometimes, that’s from “people finder” and online data brokers that gather and sell personal info to any buyer. Including crooks. McAfee Personal Data Cleanup can remove your personal info from the data broker sites scammers use to contact their victims.
Consider an identity theft protection solution. If for some reason your personal data does become compromised, be sure to use an identity theft solution such as McAfee Identity Theft Protection, which allows users to take a proactive approach to protect their identities with personal and financial monitoring and recovery tools to help keep their identities personal and secured.
The post Watch Out For IRS Scams and Avoid Identity Theft appeared first on McAfee Blog.
AT&T, one of the largest telecom giants, recently acknowledged a significant data leak that has affected millions of its customers. The leaked dataset, which includes personal information such as names, addresses, phone numbers, and Social Security numbers, has raised concerns about privacy and security. In this blog post, we will provide an overview of the situation, explain the steps AT&T is taking to address the issue, and offer guidance on how you can protect yourself.
The Data Leak: AT&T has confirmed that the leaked dataset contains information from over 7.6 million current customers and 65 million former customers. The compromised data may include full names, email addresses, mailing addresses, phone numbers, Social Security numbers, dates of birth, AT&T account numbers, and passcodes. The company has reset the security passcodes of affected active customers.
AT&T’s Response: AT&T is actively reaching out to affected customers via email or letter to inform them about the data that was included in the leak and the measures being taken to address the situation. The company has also initiated a thorough investigation, working with external cybersecurity experts to analyze the incident. So far, there is no evidence of authorized access to AT&T’s systems resulting in data exfiltration.
Protecting Yourself: If you are an AT&T customer, it is crucial to take steps to protect yourself from potential fraud or identity theft. AT&T recommends setting up free fraud alerts with credit bureaus Equifax, Experian, and TransUnion. These alerts can help notify you of any suspicious activity related to your personal information. Additionally, consider implementing the following measures:
McAfee+ automatically monitors your personal data, including your:
✓ Social Security Number / Government ID
✓ Driver’s license number
✓ Passport number
✓ Tax ID
✓ Date of birth
✓ Credit card numbers
✓ Bank account numbers
✓ Usernames
✓ Insurance ID cards
✓ Email addresses
✓ Phone numbers
AT&T’s data leak is a concerning incident that highlights the importance of safeguarding personal information in the digital age. By staying informed, taking proactive measures to protect yourself, and remaining vigilant against potential threats, you can minimize the risk of falling victim to fraud or identity theft. Remember, your privacy and security are paramount, and it’s crucial to stay one step ahead of cybercriminals.
The post AT&T Data Leak: What You Need to Know and How to Protect Yourself appeared first on McAfee Blog.
People under 60 are losing it online. And by it, I mean money—thanks to digital identity theft.
In its simplest form, your digital identity is made up of a whole host of things that can be traced back to you and who you are. That can range anywhere from photos you post online to online shopping accounts, email accounts to telephone numbers, and bank accounts to your tax ID.
In this way, your digital identity is like dozens upon dozens of puzzle pieces made up of different accounts, ID numbers, and so forth. When put together, they create a picture of you. And that’s why those little puzzle pieces of your identity are such attractive targets for hackers. If they get the right combination of them, you can end up a victim of theft or fraud.
Here’s what’s happening: people under 60 were twice as likely to report losing money while shopping online. The spotlight also shows that adults under 60 are more than four times more likely to report losing money to an investment scam, and the majority of those losses happened in scams involving some form of cryptocurrency investments.
And it’s no surprise younger adults get targeted this way. They’re far more likely than any other age group to use mobile apps for peer-to-peer payments, transfer money between accounts, deposit checks, and pay bills. In short, there’s a lot of money flowing through the palms of their hands thanks to their phones, as well as their computers.
Protecting yourself from hackers and fraud means protecting your digital identity. And that can feel like a pretty huge task given all the information your digital identity includes. It can be done, though, especially if you think about your identity like a puzzle. A piece here, another piece there, can complete the picture (or complete it just enough) to give a hacker what they need to separate you from your money. Thus, the way to stay safe is to keep those puzzle pieces out of other people’s hands.
It’s actually not that tough. With a few new habits and a couple of apps to help you out, you can protect yourself from the headaches and flat-out pain of fraud. Here’s a list of straightforward things that you can get started on right away:
1. Start with the basics—security software
Protect yourself by protecting your stuff. Installing and using security software on your computers and phones can prevent all kinds of attacks and make you safer while you surf, bank, and shop online. I should emphasize it again—protect your phone. Only about half of people protect their phones even though they use them to hail rides, order food, send money to friends, and more. Going unprotected on your phone means you’re sending all that money on the internet in a way that’s far, far less safe than if you use online protection.
2. Create strong passwords
You hear this one all the time and for good reason—strong, unique passwords offer one of your best defenses against hackers. Never re-use them (or slight alterations of them) across the different platforms and services you use. Don’t forget to update them on the regular (that means at least every 60 days)! While that sounds like a lot of work, a password manager can keep on top of it all for you. And if your platform or service offers the use of two-factor authentication, definitely make use of that. It’s a further layer of security that makes hacking tougher for crooks.
3. Keep up to date with your updates
Updates have a way of popping up on our phones and computers nearly every day, resist the urge to put them off until later. Aside from making improvements, updates often include important security fixes. So, when you get an alert for your operating system or app on your devices, go ahead and update. Think of it as adding another line of defense from hackers who are looking to exploit old flaws in your apps.
4. Think twice when you share
Social media is one place hackers go to harvest personal information because people sometimes have a way of sharing more than they should. With info like your birthday, the name of your first school, your mother’s maiden name, or even the make of your first car, they can answer common security questions that could hack into your accounts. Crank up the privacy settings on your accounts so only friends and family can see your posts—and realize the best defense here is not to post any possibly sensitive info in the first place. Also, steer clear of those “quizzes” that sometimes pop up in your social feeds. Those are other ways that hackers try to gain bits of info that can put your identity at risk.
5. Shred it
Even though so many of us have gone paperless with our bills, identity theft by digging through the trash, or “dumpster diving,” is still a thing. Things like medical bills, tax documents, and checks still might make their way to your mailbox. You’ll want to dispose of them properly when you’re through with them. First, invest in a paper shredder. Once you’ve online deposited that check or paid that odd bill, shred it so that any personal or account info on there can’t be read (and can be recycled securely). Second, if you’re heading out of town for a bit, have a friend collect your mail or have the post office put a temporary hold on your mail. That’ll prevent thieves from lifting personal info right from your mailbox while you’re away.
6. Check your credit
Even if you don’t think there’s a problem, go ahead and check your credit. The thing is, someone could be charging things against your name without you even knowing it. Depending on where you live, different credit reporting agencies keep tabs on people’s credit. In the U.S., the big ones are Equifax, Experian, and TransUnion. Also in the U.S., the Fair Credit Reporting Act (FCRA) requires these agencies to provide you with a free credit check at least once every 12 months. Canada, the UK, and other nations likewise offer ways to get a free credit report. Run down your options—you may be surprised by what you find.
As I just mentioned, the quickest way to get sense of what’s happening with your identity is to check your credit. Identity theft goes beyond money. Crooks will steal identities to rent apartments, access medical services, and even get jobs. Things like that can show up on a credit report, such as when an unknown address shows up in a list of your current and former residences or when a company you’ve never worked for shows up as an employer. If you spot anything strange, track it down right away. Many businesses have fraud departments with procedures in place that can help you clear your name if you find a charge or service wrongfully billed under your name.
Other signs are far more obvious. You may find collection agencies calling or even see tax notices appearing in your mailbox (yikes). Clearly, cases like those are telltale signs that something is really wrong. In that case, report it right away:
Likewise, many nations offer similar government services. A quick search will point you in the right direction.
Another step you can take is to ask each credit bureau to freeze your credit, which prevents crooks from using your personal information to open new lines of credit or accounts in your name. Fraud alerts offer another line of protection for you as well, and you can learn more about fraud alerts here.
With so many bits and pieces of information making up your digital identity, a broader way of keeping it safe involves asking yourself a question: what could happen if someone got their hands on this info? Further realizing that even little snippets of unsecured info can lead to fraud or theft in your name helps—even that un-shredded bill or innocuous refund check for a couple of bucks could give a crook the puzzle piece they need. You can keep your digital identity safe by keeping those pieces of info out of other people’s hands.
The post How to Protect Your Digital Identity appeared first on McAfee Blog.
Got any ‘rizz’? Did you ‘slay’ that dinner? Is the ‘cozzie livs’ stressing you out?
If you do not comprehendo, then you wouldn’t be alone. As a mum of 4, I can attest that understanding teenage slang can be quite the feat – as soon as you finally understand a few terms, there’s more! And while you don’t want to seem too intrusive (or uncool) and constantly ask your kids to translate, you probably want to keep a handle on what’s going on – in case you need to get involved!!
Where Does Slang Come From and Why Do We Use It?
Nothing ever stays the same and that includes language. Slang happens when we shorten words. Think fab instead of fabulous; or when we combine words think chill and relax = chillax. It can also ‘evolve’ when we give words new, unexpected meanings eg cheugy – a term to often describe older generations when they make an effort but fail – harsh!!
And more often than not, words that end up becoming slang will become part of our everyday language. Did you know that the word ‘mad’ was in fact a slang word for angry that became popular around 100 years ago?
Emily Brewster, senior editor at Merriam Webster Dictionary believes that ‘slang can be used to have a special form of communication with a subset of people.’ And ‘by using words that are only understood by the small group of people there’s an intimacy that can develop.’ So, really it’s a type of bonding tool!!
What Slang Do You Need To Know Now
While slang can sometimes be geographic based, the rise of platforms like TikTok have meant that its far more universal than it was in pre-social media days. So, if you’re keen to know the top words your kids are using so you ensure all is well, then here’s your go-to guide with the top 20 slang words. Apologies in advance for the potentially lewd references!!
1. Addy – address
‘Can you send me your addy? I’ll be there soon.’
2. Based – when you agree with something; or when you want to recognize someone for being themselves
‘You’re going to that party? Based.’
3. Ate that – to successfully achieve something
‘I love that dress. You totally ate that look’ (the dress looked great on you)
4. Basic – average
A word to describe someone who is predictable or bland. It’s an insult.
5. Cappin – lying
‘He’s so cappin’ (he is so not telling the truth)
6. Cheugy – basic, out of date or trying too hard
‘My older brother still wears his uggs, that’s so cheugy!’
7. Cozzie Livs – the cost of living crises
An Australian slang expression that was nominated as Macquarie Dictionary’s word of the year in 2023.
‘I can’t go out tonight. Especially with the cozzie livs and all that jazz.’
8. Ded – so funny or embarrassing!
‘OMG. That pic has me ded’
9. Delulu – a short-hand term for delusional. It’s often used to describe someone in a humorous way who chooses to reject reality in favour of a more interesting interpretation of events.
‘She’s so delulu. She thinks she’s going to marry the lead actor in her favourite movie.’
10. Gas Up – to encourage or hype someone up.
‘My sister was feeling down so I gassed her up and reminded her just how great she is.’
11. Low key – The opposite of high key, it can mean slightly, occasionally, or even secretly.
‘I low key want a Poke bowl right now!’
12. High key – the opposite of ‘low key’. The term is used to when you really like something like something or want to emphasise it.
‘I high key love that brand’ (you’re a fan!)
13. IFKKYK – if you know you know.
It means if you weren’t there, you wouldn’t know. It could also refer to an inside joke.
‘Last night’s concert was amazing! IFKKYK’
14. No Cap – a term to emphasise that you’re not lying. A modern way of saying ‘I swear’
‘I saw him take the last biscuit. No cap’
15. Pop Off – when someone is doing well – often used in gaming.
‘Look at Ninja (streamer). He’s popping off on Fortnight’
16. Rizz – charisma. It can also describe one’s ability to attract a partner.
‘She’s got rizz!’
17. Roman Empire – something you love and think about all the time.
‘Visiting Paris is my Roman Empire’ or ‘America Ferrera’s Barbie monologue is my Roman Empire.’
18. Salty – annoyed or upset.
‘I don’t know why he is so salty’.
19. Simp – someone who tries too hard or goes above and beyond to impress the person they like.
‘He got her a ring after four dates. He’s such a simp!’
20. Slay – to do something exceedingly well.
‘He slayed that performance’.
So, next time your teen drops a phrase or acronym they think you can’t decipher, you will have NP (no problem) understanding what’s happening in your kids’ lives and absolutely no FOMO (fear of missing out)!
Good luck!!
Alex x
The post Teen Slang – What You Need To Know To Understand Your Teen appeared first on McAfee Blog.
There used to be a time when one roommate split the cost of rent with another by writing a check. Who still owns a checkbook these days? Of course, those days are nearly long gone, in large part thanks to “peer to peer” (P2P) mobile payment apps, like Venmo, Zelle, or Cash App. Now with a simple click on an app, you can transfer your friend money for brunch before you even leave the table. Yet for all their convenience, P2P mobile payment apps could cost you a couple of bucks or more if you’re not on the lookout for things like fraud. The good news is that there are some straightforward ways to protect yourself.
You likely have one of these apps on your phone already. If so, you’re among the many. It’s estimated that 49% of adults in the U.S. use mobile payment apps like these.
Yet with all those different apps come different policies and protections associated with them. So, if you ever get stuck with a bum charge, it may not always be so easy to get your money back.
With that, here are seven quick tips for using your P2P mobile payment apps safely.
In addition to securing your account with a strong password, go into your settings and set up your app to use a PIN code, facial ID, or fingerprint ID. (And make sure you’re locking your phone the same way too.) This provides an additional layer of protection in the event your phone is stolen or lost and someone, other than you, tries to make a payment with it.
What’s worse than sending money to the wrong person? When paying a friend for the first time, have them make a payment request for you. This way, you can be sure that you’re sending money to the right person. With the freedom to create account names however one likes, a small typo can end up as a donation to a complete stranger. To top it off, that money could be gone for good!
Another option is to make a test payment. Sending a small amount to that new account lets both of you know that the routing is right and that a full payment can be made with confidence.
Bye, bye, bye! Unlike some other payment methods, new mobile payment apps don’t have a way to dispute a charge, cancel a payment, or otherwise use some sort of recall or retrieval feature. If anything, this reinforces the thought above—be sure that you’re absolutely making the payment to the right person.
Credit cards offer a couple of clear advantages over debit cards when using them in association with mobile payment apps (and online shopping for that matter too). Essentially, they can protect you better from fraud:
Report any activity like this immediately to your financial institution. Timing can be of the essence in terms of limiting your liabilities and losses. For additional info, check out this article from the Federal Trade Commission (FTC) that outlines what to do if your debit or credit card is stolen and what your liabilities are.
Also, note the following guidance from the FTC on payment apps:
“New mobile apps and forms of payment may not provide these same protections. That means it might not always be easy to get your money back if something goes wrong. Make sure you understand the protections and assurances your payment services provider offers with their service.”
It’s sad but true. Crooks are setting up all kinds of scams that use mobile payment apps. A popular one involves creating fake charities or posing as legitimate ones and then asking for funds by mobile payment. To avoid getting scammed, check and see if the charity is legit. The FTC suggests researching resources like Better Business Bureau’s Wise Giving Alliance, Charity Navigator, Charity Watch or, GuideStar.
Overall, the FTC further recommends the following to keep yourself from getting scammed:
With so much of your life on your phone, getting security software installed on it can protect you and the things you keep on your phone. Whether you’re an Android owner or iOS owner, mobile security software can keep your data, shopping, and payments secure.
The post Avoid Making Costly Mistakes with Your Mobile Payment Apps appeared first on McAfee Blog.
Before you take the fun-looking quiz that popped up in your social media feed, think twice. The person holding the answers may be a hacker.
Where people go, hackers are sure to follow. So it’s no surprise hackers have set up shop on social media. This has been the case for years, yet now social media-based crime is on the rise. Since 2021, total reported losses to this type of fraud reached $2.7 billion.
Among these losses are cases of identity theft, where criminals use social media to gather personal information and build profiles of potential victims they can target. Just as we discussed in our recent blog, “Can thieves steal identities with only a name and address?” these bits of information are important pieces in the larger jigsaw puzzle that is your overall identity.
Let’s uncover these scams these crooks use so that you can steer clear and stay safe.
“What’s your spooky Halloween name?” or “What’s your professional wrestler name?” You’ve probably seen a few of those and similar quizzes in your feed where you use the street you grew up on, your birthdate, your favorite song, and maybe the name of a beloved first pet to cook up a silly name or some other result. Of course, these are pieces of personal information, sometimes the answer to commonly used security questions by banks and other financial institutions. (Like, what was the model of your first car?) With this info in hand, a hacker could attempt to gain access to your accounts.
Similarly, scammers will also post surveys with the offer of a gift card to a popular retailer. All you have to do is fork over your personal info. Of course, there’s no gift card coming. Meanwhile, that scammer now has some choice pieces of personal info that they can potentially use against you.
How to avoid them: Simply put, don’t take those quizzes and surveys online.
The list here is long. These include posts and direct messages about phony relief funds, grants, and giveaways—along with bogus business opportunities that run the gamut from thinly veiled pyramid schemes and gifting circles to mystery shopper jobs. What they all have in common is that they’re run by scammers who want your information, money, or both. If this sounds familiar, like those old emails about transferring funds for a prince in some faraway nation, it is. Many of these scams simply made the jump from email to social media platforms.
How to avoid them: Research any offer, business opportunity, or organization that reaches out to you. A good trick is to do a search of the organization’s name plus the term “scam” or “review” or “complaint” to see if anything sketchy comes up.
If there’s one government official that scammers like to use to scare you, it’s the tax collector. These scammers will use social media messaging (and other mediums like emails, texts, and phone calls) to pose as an official who’s either demanding back taxes or offering a refund or credit—all of which are bogus and all of which involve you handing over your personal info, money, or both.
How to avoid them: Delete the message. In the U.S., the IRS and other government agencies will never reach out to you in this way or ask you for your personal information. Likewise, they won’t demand payment via wire transfer, gift cards, or cryptocurrency like Bitcoin. Only scammers will.
These are far more targeted than the scams listed above because they’re targeted and often rely upon specific information about you and your family. Thanks to social media, scammers can gain access to that info and use it against you. One example is the “grandkid scam” where a hacker impersonates a grandchild and asks a grandparent for money. Similarly, there are family emergency scams where a bad actor sends a message that a family member was in an accident or arrested and needs money quickly. In all, they rely on a phony story that often involves someone close to you who’s in need or trouble.
How to avoid them: Take a deep breath and confirm the situation. Reach out to the person in question or another friend or family member to see if there really is a concern. Don’t jump to pay right away.
This is one of the most targeted attacks of all—the con artist who strikes up an online relationship to bilk a victim out of money. Found everywhere from social media sites to dating apps to online forums, this scam involves creating a phony profile and a phony story to go with it. From there, the scammer will communicate several times a day, perhaps talking about their exotic job in some exotic location. They’ll build trust along the way and eventually ask the victim to wire money or purchase gift cards.
How to avoid them: Bottom line, if someone you’ve never met in person asks you for money online, it’s a good bet that it’s a scam. Don’t do it.
Now with an idea of what the bad actors are up to out there, here’s a quick rundown of things you can do to protect yourself further from the social media scams they’re trying to pull.
Above and beyond what we’ve covered so far, some online protection basics can keep you safer still. Comprehensive online protection software will help you create strong, unique passwords for all your accounts, help you keep from clicking links to malicious sites, and prevent you from downloading malware. Moreover, it can provide you with identity protection services like ours, which keep your personal info private with around-the-clock monitoring of your email addresses and bank accounts with up to $1M of ID theft insurance.
Together, with some good protection and a sharp eye, you can avoid those identity theft scams floating around on social media—and get back to enjoying time spent online with your true family and friends.
The post Quizzes and Other Identity Theft Schemes to Avoid on Social Media appeared first on McAfee Blog.
What’s the difference between identity fraud and identity theft? Well, it’s subtle, so much so that it’s easy to use them nearly interchangeably. While both can take a bite out of your wallet, they are different—and knowing the differences can help you understand what’s at stake.
Let’s start with an overview and a few examples of each.
So there’s that subtle difference we mentioned. Identity fraud involves the misuse of an existing account. Identity theft means the theft of your personal information, which is then used to impersonate you in some way, such as opening new accounts in your name.
Above and beyond those definitions and examples, a couple of real-life examples put the differences in perspective as well.
As for identity fraud, individual cases of fraud don’t always make the headlines, but that’s not to say you won’t hear about it in a couple of different ways.
The first way may be news stories about data breaches, where hackers gain things like names, emails, and payment information from companies or organizations. That info can then end up in the hands of a fraudster, who then accesses those accounts to drain funds or make purchases.
On a smaller scale, you may know someone who has had to get a new credit or debit card because theirs was compromised, perhaps by a breach or by mistakenly making a payment through an insecure website or by visiting a phony login page as part of a phishing attack. These can lead to fraud as well.
It usually starts with someone saying anything from, “That’s strange …” to “Oh, no!” There’ll be a strange charge on your credit card bill, a piece of mail from a bill collector, or a statement from an account you never opened—just to name a few things.
With that, I have a few recent blogs that help you spot all kinds of identity crime, along with advice to help keep it from happening to you in the first place:
While there are differences between identity fraud and identity theft, they do share a couple of things in common: you can take steps to prevent them, and you can take steps to limit their impact should you find yourself faced with one or the other.
The articles called out above will give you the details, yet staying safe begins with vigilance. Check on your accounts and credit reports regularly and really scrutinize what’s happening in them. Consider covering yourself with an identity monitoring solution — and act on anything that looks strange or outright fishy by reporting it to the company or institution in question.
The post How To Tell The Difference Between Identity Fraud and Identity Theft? appeared first on McAfee Blog.
When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.
A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.
Unfortunately, it can happen in several ways.
In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).
In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who are shopping or banking online without the security of a VPN.
Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to 1 million in 2023. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:
However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.
Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:
As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.
The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:
Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.
Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.
The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.
You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.
A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.
This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.
If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid by an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.
Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.
Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.
With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.
With McAfee+ Ultimate you can:
In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done.
Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer to any questions you’ll face in the process of restoring your identity will help you see things through.
Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.
The post How to Detect Signs of Identity Theft appeared first on McAfee Blog.
Can thieves steal identities with only a name and address?
In short, the answer is “no.” Which is a good thing, as your name and address are in fact part of the public record. Anyone can get a hold of them. However, because they are public information, they are still tools that identity thieves can use.
If you think of your identity as a jigsaw puzzle, your name and address are the first two pieces that they can use to build a bigger picture and ultimately put your identity at risk.
With that, let’s look at some other key pieces of your identity that are associated with your name and address—and what you can do to protect them.
For starters, this information is so general that it is of little value in and of itself to an identity thief. Yet a determined identity thief can do a bit of legwork and take a few extra steps to use them as a springboard for other scams.
For example, with your name and address a thief could:
There are volumes of public information that are readily available should someone want to add some more pieces to your identity jigsaw puzzle, such as:
In the U.S., the availability of such information will vary from state to state and different levels of government may have different regulations about what information gets filed—in addition to whether and how those reports are made public. Globally, different nations and regions will collect varying amounts of public information and have their own regulations in place as well. More broadly, though, many of these public databases are now online. Consequently, accessing them is easier than the days when getting a hold of that information required an in-person visit to a library or public office.
Cybercriminals can gain additional information about you from other online sources, such as data brokers. And data brokerage is a big business, a global economy estimated at $280 billion U.S. dollars a year. What fuels it? Personal information, representing thousands of data points on billions of people scraped from public records, social media, smartphone apps, shopper loyalty cards, third-party sources, and sometimes other data broker sites as well.
The above-the-board legal intent of data broker sites is to sell that information to advertisers so that they can create highly targeted campaigns based on people’s behaviors, travels, interests, and even political leanings. Others such as law enforcement officials, journalists, and others who are conducting background checks will use them too.
On the dark side, hackers, scammers, and thieves will buy this information as well, which they can use to commit identity theft and fraud. The thing is, data brokers will sell to anyone. They don’t discriminate.
Phishing attacks aren’t just for email, texts, and direct messages. In fact, thieves are turning to old tricks via old-fashioned physical mail. That includes sending phony offers or impersonating officials of government institutions, all designed to trick you into giving up your personally identifiable information (PII).
What might that look like in your mailbox? They can take the form of bogus lottery prizes that request bank information for routing (non-existent) winnings. Another favorite of scammers is bogus tax notifications that demand immediate payment. In all, many can look quite convincing at first blush, yet there are ready ways you can spot them. In fact, many of the tips for avoiding these physical mail phishing attacks are the same for avoiding phishing attacks online.
Recently, I’ve seen a few news stories like this where thieves reportedly abuse the change-of-address system with the U.S. Postal Service. Thieves will simply forward your mail to an address of their choosing, which can drop sensitive information like bank and credit card statements in their mailbox. From there, they could potentially have new checks sent to them or perhaps an additional credit card—both of which they can use to drain your accounts and run up your bills.
The Postal Service has mechanisms in place to prevent this, however. Among these, the Postal Service will send you a physical piece of mail to confirm the forwarding. So, if you ever receive mail from the Postal Service, open it and give it a close look. If you get such a notice and didn’t order the forwarding, visit your local post office to get things straightened out. Likewise, if it seems like you’re missing bills in the mail, that’s another good reason to follow up with your post office and the business in question to see if there have been any changes made in your mail forwarding.
So while your name and address are out there for practically all to see, they’re largely of little value to an identity thief on their own. But as mentioned above, they are key puzzle pieces to your overall identity. With enough of those other pieces in hand, that’s where an identity thief can cause trouble.
Other crucial pieces of your identity include:
Let’s start with the biggest one. This is the master key to your identity, as it is one of the most unique identifiers you have. As I covered in my earlier blog on Social Security fraud, a thief can unlock everything from credit history and credit line to tax refunds and medical care with your Social Security or tax ID number. In extreme cases, they can use it to impersonate you for employment, healthcare, and even in the event of an arrest.
You can protect your Social Security Number by keeping it locked in a safe place (rather than in your wallet) and by providing your number only when absolutely necessary. For more tips on keeping your number safe, drop by that blog on Social Security fraud I mentioned.
Thieves have figured out ways of getting around the fact that IDs like these include a photo. They may be able to modify or emulate these documents “well enough” to pull off certain types of fraud, particularly if the people requesting their bogus documents don’t review them with a critical eye.
Protecting yourself in this case means knowing where these documents are at any time. (With passports, you may want to store those securely like your Social Security or tax ID number.) Also be careful when you share this information, as the identifiers on these documents are highly unique. If you’re uncomfortable with sharing this information, you can ask if other forms of ID might work—or if this information is really needed at all. Also, take a moment to make copies of these documents and store them in a secure place. This can help you provide important info to the proper authorities if they’re lost or stolen.
With data breaches large and small making the news (and many more that do not), keeping a sharp eye on your accounts is a major part of identity theft prevention. We talk about this topic quite often, and it’s worth another mention because protecting these means protecting yourself from thieves who are after direct access to your finances and more.
Secure your digital accounts for banking, credit cards, financials, and shopping by using strong, unique passwords for each of your accounts that you change every 60 days. Sound like a lot of work? Let a password manager do it for you, which you can find in comprehensive online protection software. By changing your strong passwords and keeping them unique can help prevent you from becoming a victim if your account information is part of a breach—by the time a crook attempts to use it, you may have changed it and made it out of date.
In addition to protecting the core forms of identity mentioned above, a few other good habits go a long way toward keeping your identity secure.
By protecting your devices, you protect what’s on them, like your personal information. Comprehensive online protection software can protect your identity in several ways, like creating and managing the strong, unique passwords we talked about and providing further services that monitor and protect your identity—in addition to digital shredders that can permanently remove sensitive documents (simply deleting them won’t do that alone.) Further, it can monitor your identity and monitor your credit, further protecting you from theft and fraud.
Identity theft where thieves dig through trash or go “dumpster diving” for literal scraps of personal info in bills and statements, has been an issue for some time. You can prevent it by shredding up any paper medical bills, tax documents, and checks once you’re through with them. Paper shredders are inexpensive, and let’s face it, kind of fun too. Also, if you’re traveling, have a trusted someone collect your mail or have the post office put a temporary hold on your mail. Thieves still poach mail from mailboxes too.
Getting statements online cuts the paper out of the equation and thus removes another thing that a thief can physically steal and possibly use against you. Whether you use electronic statements through your bank, credit card company, medical provider, or insurance company, use a secure password and a secure connection provided by a VPN. Both will make theft of your personal info far tougher on identity thieves.
A VPN is a Virtual Private Network, a service that protects your data and privacy online. It creates an encrypted tunnel to keep you more anonymous online by masking your IP address, device information, and the data you’re passing along that connection. In this way, it makes it far more difficult for advertisers, data brokers, and bad actors to skim your private information—in addition to shielding your information from crooks and snoops while you’re banking, shopping, or handling any kind of sensitive information online.
Give your statements a close look each time they come around. While many companies and institutions have fraud detection mechanisms in place, they don’t always catch every instance of fraud. Look out for strange purchases or charges and follow up with your bank or credit card company if you suspect fraud. Even the smallest charge could be a sign that something shady is afoot.
This is a powerful tool for spotting identity theft. And in many cases, it’s free to do so. In the U.S., the Fair Credit Reporting Act (FCRA) requires the major credit agencies to provide you with a free credit check at least once every 12 months. Canada provides this service, and the UK has options to receive free reports as well, along with several other nations. It’s a great idea to check your credit report, even if you don’t suspect a problem.
If the thought of your personal info being bought and sold puts you off, there’s something you can do about it. Our Personal Data Cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites, and with select products, it can even manage the removal for you.
While thieves need more than just your name and address to commit the overwhelming majority of fraud, your name and address are centerpieces of the larger jigsaw puzzle that is your overall identity.
And the interesting thing is your puzzle gets larger and larger as time goes on. With each new account you create and service that you sign into, that’s one more piece added to the puzzle. Thieves love getting their hands on any pieces they can because with enough of them in place, they can try and pull a fast one in your name. By looking after each piece and knowing what your larger jigsaw puzzle looks like, you can help keep identity thieves out of your business and your life.
The post Can Thieves Steal Identities With Only a Name and Address? appeared first on McAfee Blog.
FreshRSS 