Login
How do hackers hack phones? In several ways. But also, there are several ways you can prevent it from happening to you. The thing is that our phones are like little treasure chests. They’re loaded with plenty of personal data, and we use them to shop, bank, and take care of other personal and financial matters—all of which are of high value to identity thieves. However, you can protect yourself and your phone by knowing what to look out for and by taking a few simple steps. Let’s break it down by first understanding what phone hacking is, taking a look at some common attacks, and learning how you can prevent it.
Phone hacking refers to any method where an unauthorized third party gains access to your smartphone and its data. This isn’t just one single technique; it covers a wide range of cybercrimes. A phone hack can happen through software vulnerabilities, like the spyware campaigns throughout the years that could monitor calls and messages. It can also occur over unsecured networks, such as a hacker intercepting your data on public Wi-Fi. Sometimes, it’s as simple as physical access, where someone installs tracking software on an unattended device.
Hackers have multiple avenues of attacking your phone. Among these common methods are using malicious apps disguised as legitimate software, exploiting the vulnerabilities of unsecure public Wi-Fi networks, or deploying sophisticated zero-click exploits that require no interaction from you at all. The most common method, however, remains social engineering, where they trick you into giving them access. Let’s further explore these common hacking techniques below.
Whether hackers sneak it onto your phone by physically accessing your phone or by tricking you into installing it via a phony app, a sketchy website, or a phishing attack, hacking software can create problems for you in a couple of ways:
Some possible signs of hacking software on your phone include:
In all, hacking software can eat up system resources, create conflicts with other apps, and use your data or internet connection to pass your personal information into the hands of hackers.
This classic form of attack has been leveled at our computers for years. Phishing is where hackers impersonate a company or trusted individual to get access to your accounts or personal info or both. These attacks take many forms such as emails, texts, instant messages, and so forth, some of which can look really legitimate. Common to them are links to bogus sites that attempt to trick you into handing over personal info or that install malware to wreak havoc on your device or likewise steal information. Learning to spot a phishing attack is one way to keep yourself from falling victim to one.
Professional hackers can use dedicated technologies that search for vulnerable mobile devices with an open Bluetooth connection. Hackers can pull off these attacks when they are within range of your phone, up to 30 feet away, usually in a populated area. When hackers make a Bluetooth connection to your phone, they might access your data and info, yet that data and info must be downloaded while the phone is within range. This is a more sophisticated attack given the effort and technology involved.
In August of 2019, then CEO of Twitter had his phone hacked by SIM card swapping scam. In this type of scam, a hacker contacts your phone provider, pretends to be you, then asks for a replacement SIM card. Once the provider sends the new SIM to the hacker, the old SIM card is deactivated, and your phone number will be effectively stolen. This enables the hacker to take control of your phone calls, messages, among others. The task of impersonating someone else seems difficult, yet it happened to the CEO of a major tech company, underscoring the importance of protecting your personal info and identity online to prevent hackers from pulling off this and other crimes.
While a phone call itself cannot typically install malware on your device, it is a primary tool for social engineering, known as vishing or voice phishing. A hacker might call, impersonating your bank or tech support company, and trick you into revealing sensitive information like passwords or financial details. They might also try to convince you to install a malicious app. Another common tactic is the “one-ring” scam, where they hang up hoping you’ll call back a premium-rate number. To stay safe, be wary of unsolicited calls, never provide personal data, block suspicious numbers, and check that your call forwarding isn’t enabled.
Generally, a phone that is powered off is a difficult target for remote hackers. However, modern smartphones aren’t always truly off. Features like Apple’s Find My network can operate in a low-power mode, keeping certain radios active. Furthermore, if a device has been previously compromised with sophisticated firmware-level malware, it could activate upon startup. The more common risk involves data that was already stolen before the phone was turned off or if the device is physically stolen. While it’s an uncommon scenario, the only sure way to take a device offline and completely sever all power is by removing the battery, where possible.
Hacking a phone’s camera is referred to as camfecting, usually done through malware or spyware hidden within a rogue application. Once installed, these apps can gain unauthorized permission to access your camera and record video or capture images without your knowledge. Occasionally, vulnerabilities in a phone’s operating system (OS) have been discovered that could allow for this, though these are rare and usually patched quickly. Protect yourself by regularly reviewing app permissions in your phone’s settings—for both iOS and Android—and revoking camera access for any app that doesn’t absolutely need it. Always keep your OS and apps updated to the latest versions.
This is a long-standing debate with no simple answer. iPhones are generally considered more secure due to Apple’s walled garden approach: a closed ecosystem, a strict vetting process for the App Store, and timely security updates for all supported devices. Android’s open-source nature offers more flexibility but also creates a more fragmented ecosystem, where security updates can be delayed depending on the device manufacturer. However, both platforms use powerful security features like application sandboxing.
The most important factor is not the brand but your behavior. A user who practices good digital hygiene—using strong passwords, avoiding suspicious links, and vetting apps—is well-protected on any platform.
Detecting a phone hack early can save you from significant trouble. Watch for key red flags: your battery draining much faster than usual, unexpected spikes in your mobile data usage, a persistently hot device even when idle, or a sudden barrage of pop-up ads. You might also notice apps you don’t remember installing or find that your phone is running unusually slow. To check, go into your settings to review your battery and data usage reports for any strange activity. The most effective step you can take is to install a comprehensive security app, like McAfee® Mobile Security, to run an immediate scan and detect any threats.
Discovering that your phone has been hacked can be alarming, but acting quickly can help you regain control and protect your personal information. Here are the urgent steps to take so you can remove the hacker, secure your accounts, and prevent future intrusions.
While there are several ways a hacker can get into your phone and steal personal and critical information, here are a few tips to keep that from happening:
Your smartphone is central to your life, so protecting it is essential. Ultimately, your proactive security habits are your strongest defense against mobile hacking. Make a habit of keeping your operating system and apps updated, be cautious about the links you click and the networks you join, and use a comprehensive security solution like McAfee® Mobile Security.
By staying vigilant and informed, you can enjoy all the benefits of your mobile device with confidence and peace of mind. Stay tuned to McAfee for the latest on how to protect your digital world from emerging threats.
The post How Do Hackers Hack Phones and How Can I Prevent It? appeared first on McAfee Blog.
Scammers didn’t take a summer break. They kept busy, ramping up a fresh wave of back-to-school shopping scams. As busy families rush to get kitted out for a new school year, scammers are ready with a glut of phony shopping sites, bogus offers, and fake delivery notifications designed to steal your money and personal info. Let’s get a rundown of what scams are out there this year and how you can avoid them.
Scammers look to cash in on all the spending that tends to peak in July and August. According to the National Retail Federation, the average U.S. family spends nearly $860 per child to prep them for school—which includes supplies, clothing, and shoes for the new school year. So, like any time of year where a holiday or seasonal event drives a spike in online shopping, we see a rise in scam shopping sites.
The scammers behind these sites promote them in several ways, such as through sponsored search links, email offers, and through social media ads (more on that in a moment). Typically, these sites fall into two categories:
While scammers use the lure of low-priced classroom staples like pens, notebooks, backpacks, and the like, they also crank out non-existent deals everything from clothing and shoes to big-ticket items like laptop computers. Also popular are phony shopping sprees and giveaways, which also lure shoppers into handing over their account and personal info. In all, with online shopping hitting another seasonal peak, it’s time for shoppers to give those ads and deals a particularly closer look. Scammers are out there in force.
Fake social media ads remain a mainstay of the scammer arsenal, and scammers most certainly put them to use during back-to-school time. Scammers love social media ads because they offer precise audience targeting. With a convincing-looking ad created using AI tools, they can reach vast numbers of interested buyers—people who are on the lookout for back-to-school deals. With these ads, they point potential victims to the sites mentioned above, all with the hope that unsuspecting shoppers will impulsively click on the deal. From there, the scam works much the same as above. Shoppers end up on a scam site that often looks convincing (thanks again to AI tools that help scammers spin them up quickly) where they enter their personal and account info, only to end up getting scammed.
Another popular scammer ploy involves shipping notifications. Scammers know that with lots of online shopping comes a lot of online shipping notifications. They send phony delivery messages by the thousands, all with the aim of catching a few victims who have real packages on the way.
They pose as legitimate shippers and retailers, do their best to look and sound like them, and use urgency to get people to act. “Your package can’t be delivered. Please click this link within the next 24 hours to get your shipment.” And so on. In some cases, those links lead to phishing and malware sites. In others, the notification contains an attachment that installs malware if clicked.
With these scams in the mix, here’s how you can stay safe:
The post Scammers Take Advantage of Back-to-School Shopping Scams. appeared first on McAfee Blog.
You can request data brokers to remove your personal info from their databases. But finding their request forms is another challenge entirely, especially when they’re hidden. Recent reporting from CalMatters and The Markup found that 35 data brokers injected code into their websites that hid their opt out pages from search, making it more difficult for people to delete their data.If you don’t like the idea of your sensitive personal info being collected, bought, and sold without your knowledge, this is important news for you.
And these brokers collect plenty of it. They compile often exacting profiles of people, which can include things like purchasing habits, health data, financial info, real-time location data (gathered from smartphone apps), and even inferred info like political leanings, lifestyle choices, and religious beliefs.
As you can see, this level of data collection can get entirely personal.
Moreover, practically anyone can purchase this sensitive info. That ranges from advertisers to law enforcement and from employers to anyone on the street who wants to know a lot more about you.
This report stands as a good reminder that data collection on this level is an everyday fact of life—and that you can still take some control of it.
With a quick look at the report, we’ll then show you what’s going on with all this data collection and what you can do about it.
As part of the article, reporters analyzed 499 data broker sites registered in the state of California. Of them, 35 had search-blocking code. Additionally per the article, many opt out pages “required scrolling multiple screens, dismissing pop-ups for cookie permissions, and newsletter sign-ups and then finding a link that was a fraction the size of other text on the page.” Once the publications contacted the data brokers in question, multiple companies halted the practice, some responding that they were unaware their site had search-blocking code. Several others didn’t respond by the time the article was published and kept their practices in place.
There are several ways information brokers can get information about you…
Sources available to the public: Some of your personal records are easily available to the public. Data brokers can collect public records like your voter registration records, birth certificate, criminal record, and even bankruptcy records. By rounding them up from multiple sources and gathering them in one place, it takes someone seconds to find out all these things about you, rather than spending hours poring over public records.
Search, browsing, and app usage: Through a combination of data collected from internet service providers (ISPs), websites, and apps, data brokers can get access to all kinds of activity. They can see what content you’re interested in, how much time you spend on certain sites, and even your daily travels thanks to location data. They also use web scraping tools (software that pulls info from the web), to gather yet more. All this data collecting makes up a multi-billion-dollar industry where personal data is gathered, analyzed, sold, and then sold again and again—all without a person’s knowledge.
Online agreements: As it is with smartphone apps, you’ll usually have to sign an agreement when signing up for a new online service. Many of these agreements have disclosures in the fine print that give the company the right to collect and distribute your personal info.
Purchase history: Data brokers want to know what products or services you’ve purchased, how you paid for them (credit card, debit card, or coupon), and when and where you purchased them. In some cases, they get this info from loyalty programs at places like supermarkets, drugstores, and other retailers. Kroger, one of the largest grocery chains, is a good example of how purchasing insights end up in the hands of others. According to Consumer Reports, the company draws 35% of its net income from selling customer data to other companies.
“What can I do about companies collecting my data?”
For starters, there aren’t any data privacy laws on the federal level. So far, that has fallen to individual states to enact. As such, data privacy laws vary from state-to-state, with California having some of the earliest and strongest protections on record, via the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
In all, 20 states currently have comprehensive privacy laws in place, with five others that have put narrower privacy protections in place, covering data brokers, internet service providers, and medical/biometric data.
States with Comprehensive Data Privacy Laws
For specific laws in your state and how they can protect you, we suggest doing a search for “data privacy laws [your state]” for more info.
Even if your state has no or narrow data privacy laws in place, you still have several ways you can take back your privacy.
The first thing you can do is keep a lower profile online. That can limit the amount of personal info they can get their hands on:
Be selective about what you share online. Don’t overshare personal info on social media. Avoid things like online quizzes and sweepstakes. And be aware that some data brokers indeed scour the web with scraping tools that gather up info from things like forum posts.
Go private. Even better, lock down your privacy on social media. Social media platforms like Facebook, Instagram, and others have several settings that keep your profile from being scraped in the ways mentioned above. Features like our Social Privacy Manager can make quick work of this by adjusting more than 100 privacy settings across your accounts in a few clicks.
Use a virtual private network (VPN) whenever possible. A VPN hides your IP address and encrypts your data while you surf the web. McAfee’s Secure VPN protects your personal data and credit card information so you can browse, bank, and shop online without worrying about prying eyes, like data brokers and internet service providers (ISPs) that collect info about what you do online.
The list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt out. Rather than removing yourself one by one from the host of data broker sites out there, you have a solution: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically. If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
The post You Have a Right to Delete Your Data—But Dozens of Data Brokers Hide How to Do It appeared first on McAfee Blog.
Scammers are exploiting the massive popularity of Labubu collectible toys through fake websites and social media ads, resulting in consumers losing hundreds of dollars to counterfeit “Lafufu” dolls or receiving nothing at all. Here’s how to protect yourself from becoming their next victim.
If you haven’t heard of Labubu dolls yet, you’re about to understand why they’ve become both a cultural obsession and a cybersecurity nightmare. These small, mischievous-looking plush toys with distinctive sharp teeth have exploded in popularity thanks to celebrity endorsements from Rihanna, Dua Lipa, and BLACKPINK’s Lisa, plus viral TikTok unboxing videos.
Created by Hong Kong artist Kasing Lung and sold exclusively by Pop Mart since 2019, these $20-$30 “blind box” collectibles have generated such intense demand that rare “secret” versions are reselling for thousands of dollars. Fans line up for hours at Pop Mart stores and even travel internationally to get their hands on authentic Labubus. Where there’s viral demand and limited supply, cybercriminals inevitably follow.
The Better Business Bureau has received over 76 reports from consumers who thought they were purchasing authentic Labubu dolls but instead received counterfeit versions dubbed “Lafufus” – or worse, nothing at all. Some victims report losses of nearly $500 from a single fraudulent transaction.
The attack vector is disturbingly familiar yet devastatingly effective:
1. Social Media Infiltration: Scammers flood TikTok and Instagram with sponsored ads featuring “limited edition” Labubu dolls at discounted prices
2. Fake Website Creation: Professional-looking e-commerce sites mimic Pop Mart’s official branding and use urgent language like “limited stock” and countdown timers
3. Payment Harvesting: Once victims enter payment information, scammers either ship low-quality counterfeits or disappear entirely
4. Digital Vanishing Act: When complaints mount, the entire operation disappears overnight, only to resurface under a new domain name
The BBB has specifically flagged these scam operations:
Additionally, TikTok live streams claiming to be “Pop Mart USA” have been particularly problematic, using high-pressure sales tactics and fake countdown timers to rush buyers into immediate purchases.
These fraudulent advertisements are designed to look legitimate and often feature professional product photography stolen from Pop Mart’s official channels. The ads frequently claim unrealistic discounts such as “50% off limited edition Labubu” or similar offers that seem too good to be true. Promotional copy emphasizes false urgency with phrases like “Last 24 hours!” or “Only 100 left!” to pressure consumers into making immediate purchases without proper consideration.
Warning signs include links that redirect to domains other than popmart.com or Pop Mart’s official Amazon store, indicating fraudulent operations. These ads typically originate from accounts with generic names or recently created profiles that have little post history, suggesting they were established specifically for scamming purposes. The comments sections are either disabled entirely or filled with obviously fake positive reviews designed to create an illusion of satisfied customers.
Scammers often use unofficial terminology or deliberate misspellings of “Labubu,” sometimes intentionally using variations like “Lafufu” to avoid detection by platform algorithms designed to identify and remove fraudulent content related to official brand names.
TikTok live streams have become a particularly dangerous vector for Labubu scams, operating as sophisticated psychological manipulation campaigns. These streams claim to be “Pop Mart USA” and run for up to 12 hours daily, using countdown timers that reset repeatedly to create false urgency. The hosts make claims of “restocks” or “newly available inventory” that never actually existed, giving viewers only seconds to purchase once items “drop” to prevent careful consideration.
The manipulation extends to chat features filled with fake comments from bot accounts expressing excitement, while QR codes displayed on stream appear authentic but lead to fraudulent websites. Many hosts wear Pop Mart merchandise or display authentic products while selling counterfeits, using stream titles with official-sounding language like “Official Pop Mart Restock Event” to enhance their credibility.
Scammers create networks of interconnected fake accounts to build credibility and reach wider audiences. These profiles use variations of names like “Pop Mart USA” or “Official Labubu Store,” copying official Pop Mart language and contact information in their bio sections. They use profile pictures featuring Pop Mart’s logo or official product photography without permission, engaging in cross-promotion between fake accounts to create an illusion of legitimacy.
These fraudulent accounts maintain artificially inflated follower counts through bot networks and post histories that are either very recent or filled with stolen content from official accounts. The posting patterns appear inconsistent, suggesting automated or outsourced management, while comments and engagement seem coordinated rather than organic.
Visual “proof” elements appear legitimate but are actually fabricated to deceive consumers. QR codes redirect to fake verification websites rather than Pop Mart’s official system, while authenticity certificates or stamps use similar but not identical branding to official materials. Scammers use photos of authentic Labubu products to “prove” legitimacy while shipping counterfeits, providing serial numbers or batch codes that don’t match Pop Mart’s actual numbering systems.
The deception includes holographic stickers or security features that look similar but lack proper verification methods, screenshots of “authentication apps” that are actually fake applications created by scammers, and references to verification through third-party services that don’t actually authenticate Pop Mart products. Authentic packaging may be displayed while the actual shipped products come in generic or counterfeit boxes.
Several warning signs indicate fraudulent operations. Scammers often request payment through peer-to-peer apps like CashApp or Venmo, avoid implementing secure checkout processes or SSL certificates, and make it impossible to cancel orders immediately after placement. Customer service typically becomes unresponsive after payment is received, leaving consumers with no recourse.
Genuine Labubu toys have exactly nine pointed teeth, which serves as the key identifier for authenticity. They feature a pale peach complexion with specific color consistency and display the official Pop Mart logo stamped on the bottom of one foot. Authentic products come in proper packaging with legitimate QR codes and holographic stickers, including authenticity stamps that can be verified through Pop Mart’s official system.
Counterfeit versions exhibit several telltale signs of fraudulent manufacturing. These fake toys have more or fewer than nine teeth, different facial colors or expressions, and missing or fake Pop Mart branding. The materials and construction quality are noticeably poor, and packaging lacks verifiable QR codes that connect to official authentication systems.
Protecting yourself from these scams requires a multi-layered approach starting with shopping exclusively through official channels. Purchase only from Pop Mart’s official website at popmart.com or their verified Amazon store to ensure authenticity. Before making purchases from unfamiliar retailers, always search for “[website name] + scam” to verify their legitimacy.
Use secure payment methods that offer fraud protection and dispute capabilities, particularly credit cards rather than peer-to-peer payment apps. Maintain extreme skepticism toward social media ads, especially those creating artificial urgency or pressure to purchase immediately.
If you discover you’ve been scammed, document everything immediately by saving screenshots, emails, and transaction records. Contact your credit card company or bank without delay to dispute charges and report the scam to the Better Business Bureau’s Scam Tracker. File complaints with the Federal Trade Commission to help authorities track these criminal operations.
Request chargebacks through your credit card provider and provide all documentation showing misrepresentation of goods. Avoid using peer-to-peer payment apps for future purchases as they offer limited fraud protection and fewer options for recovery when scams occur.
The Labubu scam represents a troubling evolution in cybercriminal tactics, demonstrating how quickly bad actors can weaponize viral trends to create sophisticated fraud networks. These operations exploit consumer psychology around FOMO (fear of missing out) and artificial scarcity to pressure victims into making hasty financial decisions.
Several factors make this particularly dangerous for consumers and cybersecurity professionals alike. The speed of adaptation allows scammers to create convincing fake operations within days of a trend emerging, while social media amplification means platforms struggle to quickly identify and remove fraudulent sponsored content. The international scope of many operations makes law enforcement cooperation challenging, and the target demographics often include Gen Z consumers who may be early adopters of trends but lack experience with sophisticated scams.
Pop Mart has been working to combat counterfeiting, but the distributed nature of online fraud makes this an ongoing challenge. Social media platforms are slowly improving their ad verification processes, though scammers continue finding workarounds to exploit system vulnerabilities.
International customs officials have begun seizing shipments of counterfeit Labubu toys, with hundreds of thousands of fake units confiscated in recent operations. However, the profit margins on these scams remain attractive enough that new operations continue launching regularly, adapting their tactics to avoid detection.
As cybersecurity professionals and informed consumers, we have a responsibility to educate others about these evolving threats. The Labubu scam won’t be the last time cybercriminals exploit viral cultural phenomena – it represents the most recent example of an increasingly sophisticated playbook that targets consumer psychology and cultural trends.
Consumer protection requires constant vigilance and education. Always verify the authenticity of sellers before providing payment information, maintain suspicion of deals that seem too good to be true, and use payment methods that offer fraud protection and dispute capabilities. Report suspected scams to relevant authorities to help protect other consumers from similar harm.
The intersection of viral culture and cybercrime is only going to become more complex as digital trends accelerate and criminal operations become more sophisticated. By staying informed about these tactics and sharing knowledge with our communities, we can help reduce the success rate of these operations and protect consumers from financial harm.
Remember that when it comes to viral trends and online shopping, a healthy dose of skepticism isn’t cynicism – it’s cybersecurity best practice. The cost of verification is always less than the cost of victimization.
The post Going Lacoocoo over Labubu: How Viral Toy Trends Are Becoming Scams appeared first on McAfee Blog.
Even years after its release, Fortnite still stands as the online “battle royale” game of choice, with millions of younger gamers packing its servers every month—along with fair share of scammers who want to target them both in and out of the game. What makes Fortnite such a proverbial hunting ground for scammers? The answer lies in an in-game economy—one fueled with its own virtual currency that’s backed by real dollars. As to how all that plays out, that calls for a closer look at the game. Fortnite’s in-game currency, V-Bucks, has become a prime target for cybercriminals. One of the most prevalent threats is the so-called “free V-Bucks generator” scam—a fraudulent scheme that promises players free or discounted V-Bucks in exchange for completing online forms, providing account credentials, or downloading software. These offers are entirely illegitimate. No third-party service can generate V-Bucks, and engaging with such sites puts users at significant risk of credential theft, malware infection, and financial fraud.
Fortnite is player-versus-player game where up to 100 players fight as individuals, duos, or squads of up to four, battle on a cartoon-like island where the playable area increasingly shrinks as the game goes on. Along the way, players gain weapons and items that by rummaging through “loot boxes” or through bundles of loot left behind by eliminated players. Fortnite has several game modes, yet the most popular is the “battle royale” mode described here, where the last player, or team, left standing wins.
On the surface, Fortnite is free to play. However, money quickly enters the picture with Fortnite’s in-game currency known as V-Bucks. Players pay real money to purchase different amounts of V-Bucks through the Fortnite Item Shop or through official Fortnite V-Bucks gift cards available in stores and online.
Players use V-Bucks for all kinds of in-game purchases, notably outfits and game avatars known commonly as “skins” based on pop-culture icons like Marvel superheroes and popular singers, along with other game weapons and items. Further, players use V-Bucks to purchase “Battle Passes” that give them access to further in-game purchases and rewards. Finally, players can also purchase “Loot Llamas,” which are bundles of items, skins, and weapons as well (which players can also acquire these through gameplay to some degree).
And that’s where scammers enter the picture. Because wherever money changes hands online, scammers are sure to crop up. And with Fortnite in particular, players are more than willing to pay for V-Bucks, which can turn unwary kids into targets.
In all, players love spending V-Bucks because it lets them create custom avatars loaded with unique items. This makes up a big part of the game’s appeal above and beyond the gameplay itself, to the point where players sporting rarer skins and items take on the air of status symbols.
Bad actors out there do their best to capitalize on this mix of customization, status, and money with several types of scams designed to lure in young gamers. Put plainly, the game’s economy gives scammers a powerful emotional hook they can set—the drive to stand out on the battlefield is high.
Three of the most common Fortnite scams include:
Just like shopping scams, fake ticket scams, and the like, these scams lure children into clicking links to phishing sites that promise in-game rewards, items, and discounted V-Bucks—but steal credit and debit card info. Young gamers might come across these links in search, yet YouTube has been rife with links to Fortnite scams as well. An examination of domains such as 750ge.com and ggfn.us reveals the use of established phishing methodologies coupled with malware delivery systems. These sites leverage Fortnite’s widespread appeal to attract users seeking free premium content, employing social engineering techniques that mirror those seen in Roblox-related scams and other forms of online fraud.
Scammers pose as friendly gamers and build up trust over time, only to betray that trust by asking children to share personal info, passwords, or credit card numbers for “discounted” V-Bucks or items. Some also get children to download malware, promising that the (harmful) app “generates” V-Bucks or gives them “upgrades” of some kind.
Also under the guise of providing items, upgrades, or V-Bucks, scammers persuade children into handing over their login info. This can give them access to personal and financial info contained in the Epic Games Launcher. Further, because some players have spent a great deal of time and money on their account, some scammers hold hijacked accounts for ransom—demanding payment for the return of the account. As it is with any kind of ransomware or ransom attack online, payment is no guarantee that the scammer will return the account.
When it comes to protecting your Fortnite and Epic purchases, a few disciplined habits go a long way. Follow the guidance below to significantly reduce account-takeover risk and streamline recovery if something goes wrong.
Use a password that you don’t use anywhere else. Credential-stuffing attacks rely on recycled passwords from other breaches; a unique, long passphrase (ideally 14+ characters) blocks that common tactic. Consider a reputable password manager to generate and store complex credentials safely.
Turn on 2FA so a one-time code is required at sign-in, stopping most unauthorized logins even if a password leaks. Epic supports email, SMS, and authenticator-app methods—use an app whenever possible for stronger protection. Note: 2FA is required for certain programs (e.g., tournaments, Support-A-Creator) and is strongly recommended for all players.
Your email is the recovery backbone for your Epic account. Use an email you’ll keep long-term, enable that mailbox’s own 2FA, and verify the address within Epic. A verified, secured email makes account recovery faster and helps Player Support confirm ownership if there’s suspicious activity.
Linking trusted single-sign-on options (e.g., Google) can simplify logins without creating yet another password—provided those social accounts are themselves protected with unique passwords and 2FA. Treat your SSO accounts as keys: if they’re well-secured, they reduce friction without sacrificing safety.
Good account security starts with healthy devices. Keep operating systems and browsers up to date, use reputable antivirus/anti-malware, and avoid installing unknown software or extensions. A compromised device can capture keystrokes and tokens regardless of how strong your password is.
Buying, selling, or sharing accounts violates policy and exposes you to scams, chargebacks, and permanent loss of access. If someone else knows your password—or if ownership is disputed—support may not be able to help. Keep your credentials private and your account strictly personal.
Ignore sites and messages promising free or discounted V-Bucks, skins, or creator perks. These are common phishing and malware lures that mimic Epic branding to steal credentials or install harmful software. Only transact through official Epic channels and in-game menus.
If you can still log in: immediately reset your email password, then your Epic password, and enable 2FA. Review recent logins and unlink unknown devices. If you can’t log in: work through Epic’s recovery steps starting with your email account and Epic password reset. Have purchase details handy to verify ownership.
With many Fortnite scams, scammers need a way to speak with your child, ideally in the game itself. Fortunately, Fortnite has several parental controls that make it far more difficult for scammers to approach them and that give you further control over payments made through the platform.
Here are a few of the things you can manage from Fortnite’s parental controls:
This lets you manage your child’s online social interactions across Epic’s experiences and games by setting permissions for friend requests, voice and text chat, and mature language filtering.
Here you can set permissions to help prevent unauthorized payments while using Epic Games payment services.
You can manage which experiences your child can access in Fortnite, and which games your child can access in the Epic Games Store based on age ratings.
Set time limits and view the total time your child spends in Fortnite and Unreal Editor for Fortnite (UEFN) each week. Choose if you want to receive email reports for your child’s time spent in Fortnite and UEFN.
As Epic Games states, avoid trusting any offers for Epic Games products—such as free titles or V-Bucks that come from external or unverified sites, as they are likely scams. Legitimate promotions are only shared through the Epic Games Store, the official Epic Games website, or their verified social media channels, so if you don’t see it there, it’s not real.
Fortnite offers what Epic Games calls “Cabined Accounts,” a safer space that disables voice and text chat, while also disabling the ability to pay for items with real money. (In the U.S., Cabined Accounts are for children under 13 years old. Elsewhere, under that country’s age of digital consent.) Players with Cabined Accounts can still play titles from Epic Games like Fortnite, Rocket League or Fall Guys, but won’t be able to access certain features such as voice chat until their parent or guardian provides consent.
Source: Epic Games
Be aware, though. The parental controls listed above only apply to games on the Epic Games platform. That means your child may still be able to access voice chat using the chat system built into the gaming console or device they’re playing on. So you’ll want to check out the parental controls on their console or device as well, which we’ve listed below:
PlayStation
PlayStation® 5 parental controls and PlayStation® 4 parental controls
Xbox
Nintendo Switch
Nintendo Switch parental controls
Windows
iOS
Google Play
Whether it’s Fortnite V-Bucks or many of the other virtual currencies used in online games, many are tied back to real dollars. It costs real money to buy them. Ultimately, the same goes for the in-game purchases they make. Younger gamers don’t always make this connection, which is how we get the occasional headline story about a grade-school child who racks up a multi-thousand-dollar credit card bill. Have a sit-down with your child and help them understand this connection between “virtual” money and “real” money. And with that, you can have a follow-on chat about an allowance for online game purchases (which you can often set using a game’s parental controls). Do note, Epic Games does not offer legitimate V-Bucks generators outside their official platforms. Any site claiming otherwise is operating a fraud scheme that poses significant security risks to users.
We’ve outlined what Fortnite offers by way of parental controls, as well as the parental controls offered on several top gaming platforms. Once more, note that you’ll want to set parental controls on the any of the games your children play that include online chat or purchases. Granted, the controls vary from game to game, but a quick web search will let you know what your options are. In some cases, as with Fortnite, gaming companies have entire websites dedicated to parental controls and overall child safety.
As we outlined above, many scammers try to trick young gamers into thinking they’re a friend—when in fact any kind of “friendship” is part of a scam. Make sure you let them know it’s always okay to speak with you or another trusted adult if a “friend” asks them for personal info or anything that has to do with money. The same goes for asking them to chat on other apps outside the game, such as Whatsapp, or to meet up in person. Understandably, the answer to questions like these is always “no.” Note that some games and platforms let you report accounts for behavior like this. Use those tools as needed.
In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing. Further, if your credit card offers online account alerts for when a purchase is made, set that up so you can track what your children are spending online. Lastly, use credit monitoring to track any unusual purchases. Credit monitoring like ours provides timely notifications and guidance so you can take action to tackle identity theft.
Phony sites, emails, texts, and on and on and on—scammers put them all into play. Yet a combination of features in our McAfee+ plans can help you and your children spot them.
McAfee’s Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.
The post Fortnite Impersonation Scams: A No-Nonsense Parent Guide appeared first on McAfee Blog.
Meta has unleashed a groundbreaking feature that transforms Instagram from a photo-sharing platform into a real-time location broadcaster. While the company promises enhanced connectivity, cybersecurity experts are sounding alarm bells about potential dangers lurking beneath this seemingly innocent update.
Instagram’s freshly minted “Map” functionality represents a seismic shift in social media architecture. Unlike traditional posting where you deliberately choose what to share, this feature operates as an always-on location transmitter that continuously broadcasts your whereabouts to selected contacts whenever you launch the application.
The mechanism mirrors Snapchat’s infamous Snap Map, but with Instagram’s massive user base—over 2 billion active accounts—the implications for personal security amplify exponentially. This feature enables users to share their real-time location with friends and view theirs on a live map, but it also raises serious privacy concerns from targeted advertising to potential stalking and misuse in abusive relationships.
McAfee’s Chief Technology Officer Steve Grobman provides crucial context: “Features like location sharing aren’t inherently bad, but they come with tradeoffs. It’s about making informed choices. When people don’t fully understand what’s being shared or who can see it, that’s when it becomes a risk.”
Digital predators can exploit location data to track victims with unprecedented precision. Relationship and parenting experts warn location sharing can turn into a stressful or even dangerous form of control, with research showing that 19 percent of 18 to 24-year-olds think it’s reasonable to expect to track an intimate partner’s location.
Steve Grobman emphasizes the real-world implications: “There’s also a real-world safety concern. If someone knows where you are in real time, that could lead to stalking, harassment, or even assault. Location data can be powerful, and in the wrong hands, dangerous.”
Your boss, colleagues, or acquaintances might gain unwanted insights into your personal activities. Imagine explaining why you visited a competitor’s office or why you called in sick while appearing at a shopping center.
The danger often comes from within your own network. Grobman warns: “It only takes one person with bad intentions for location sharing to become a serious problem. You may think your network is made up of friends, but in many cases, people accept requests from strangers or someone impersonating a contact without really thinking about the consequences.”
While Instagram claims it doesn’t use location data from this feature for ad targeting, the platform’s history with user data suggests caution. Your movement patterns create valuable behavioral profiles for marketers.
Cybercriminals employ sophisticated data aggregation techniques. According to Grobman: “Criminals can use what’s known as the mosaic effect, combining small bits of data like your location, routines, and social posts to build a detailed profile. They can use that information to run scams against a consumer or their connections, guess security questions, or even commit identity theft.”
For iPhone Users:
For Android Users:
Method 1: Through the Map Interface
Method 2: Through Profile Settings
iPhone Security Configuration:
Android Security Setup:
After implementing these changes:
Audit Your Digital Footprint
Review all social media platforms for similar location-sharing features. Snapchat, Facebook, and TikTok offer comparable functionalities that require individual deactivation.
Implement Location Spoofing Awareness
Some users consider VPN services or location-spoofing applications, but these methods can violate platform terms of service and create additional security vulnerabilities.
Regular Security Hygiene
Establish monthly reviews of your privacy settings across all social platforms. Companies frequently update features and reset user preferences without explicit notification.
Grobman emphasizes the challenge consumers face: “Most social platforms offer privacy settings that offer fine-grained control, but the reality is many people don’t know those settings exist or don’t take the time to use them. That can lead to oversharing, especially when it comes to things like your location.”
Family Protection Protocols
If you’re a parent with supervision set up for your teen, you can control their location sharing experience on the map, get notified when they enable it, and see who they’re sharing with. Implement these controls immediately for underage family members.
Data Collection Frequency
Your location updates whenever you open the app or return to it while running in the background. This means Instagram potentially logs your position multiple times daily, creating detailed movement profiles.
Data Retention Policies
Instagram claims to hold location data for a maximum of three days, but this timeframe applies only to active sharing, not the underlying location logs the platform maintains for other purposes.
Visibility Scope
Even with location sharing disabled, you can still see others’ shared locations on the map if they’ve enabled the feature. This asymmetric visibility creates potential social pressure to reciprocate sharing.
Red Flags and Warning Signs
Monitor these indicators that suggest your privacy may be compromised:
This Instagram update represents a concerning trend toward ambient surveillance in social media. Companies increasingly normalize continuous data collection by framing it as connectivity enhancement. As consumers, we must recognize that convenience often comes at the cost of privacy.
The feature’s opt-in design provides some protection, but user reports suggest the system may automatically activate for users with older app versions who previously granted location permissions. This highlights the importance of proactive privacy management rather than reactive protection.
Immediate (Next 10 Minutes):
This Week:
Monthly Ongoing:
Grobman advises a comprehensive approach: “The best thing you can do is stay aware and take control. Review your app permissions, think carefully before you share, and use tools that help protect your privacy. McAfee+ includes identity monitoring, scam detection. McAfee’s VPN keeps your IP address private, but if a consumer allows an application to identify its location via GPS or other location services, VPNs will not protect location in that scenario. Staying safe online is always a combination of the best technology along with good digital street smarts.”
Remember: Your location data tells the story of your life—where you work, live, worship, shop, and spend leisure time. Protecting this information isn’t paranoia; it’s fundamental digital hygiene in our hyper-connected world.
The choice to share your location should always remain yours, made with full awareness of the implications. By implementing these protective measures, you’re taking control of your digital footprint and safeguarding your personal security in an increasingly surveilled digital landscape.
The post Instagram’s New Tracking Feature: What You Need to Know to Stay Safe appeared first on McAfee Blog.
The UK’s digital landscape underwent its most significant transformation yet on Friday, July 25, 2025. The Online Safety Act 2023, seven years in the making, is now being fully enforced by Ofcom (the UK’s communications regulator). These new rules fundamentally change how British citizens access and interact with online content, with the primary goal of protecting children from harmful material.
The Online Safety Act is comprehensive legislation designed to make the UK “the safest place in the world to be online.” The law places legal responsibilities on social media companies, search engines, and other online platforms to protect users—especially children—from illegal and harmful content.
The Act applies to virtually any online service that allows user interaction or content sharing, including social media platforms, messaging apps, search engines, gaming platforms, dating apps, and even smaller forums or comment sections.
The journey to the UK Online Safety Act was a long and complex one, beginning with the Government’s 2019 Online Harms White Paper. This initial proposal outlined the need for a new regulatory framework to tackle harmful content. The draft Online Safety Bill was published in May 2021, sparking years of intense debate and scrutiny in Parliament. Public pressure, significantly amplified by tragic events and tireless campaigning from organizations like the Molly Rose Foundation, played a crucial role in shaping the legislation and accelerating its passage. After numerous amendments and consultations with tech companies, civil society groups, and child safety experts, the bill finally received Royal Assent on October 26, 2023, officially becoming the Online Safety Act.
This new UK internet law applies to a vast range of online services accessible within the UK. The core focus is on platforms that host user-generated content (known as user-to-user services) and search engines. Ofcom, the regulator, has established a tiered system to apply the rules proportionally. Category 1 services are the largest and highest-risk platforms like Meta (Facebook, Instagram), X (formerly Twitter), and Google, which face the most stringent requirements. Category 2A covers search services, and Category 2B includes all other in-scope services that don’t meet the Category 1 threshold. This includes smaller social media sites, online forums, and commercial pornographic websites. Notably, services like email, SMS, and content on recognized news publisher websites are exempt from these specific regulations.
Mandatory Age Verification for Adult Content
The most immediate change for consumers is the replacement of simple “Are you 18?” checkboxes with robust age verification. As Oliver Griffiths from Ofcom explained: “The situation at the moment is often ridiculous because people just have to self-declare what their birthday is. That’s no check at all.”
There are three main ways that Brits will now be asked to prove their age:
Platforms must now actively prevent children from accessing content related to suicide, self-harm, eating disorders, pornography, violent or abusive material, online bullying, dangerous challenges or stunts, and hate speech.
Social media platforms and large search engines must keep harmful content off children’s feeds entirely, with algorithms that recommend content required to filter out dangerous material.
Online services must now provide clear and accessible reporting mechanisms for both children and parents, procedures for quickly taking down dangerous content, and identify a named person “accountable for children’s safety” with annual reviews of how they manage risks to children.
Ofcom’s enforcement will follow a proportionality principle, meaning the largest platforms with the highest reach and risk will face the most demanding obligations. Platforms are strongly advised to seek early legal and technical guidance to ensure they meet their specific duties under the new law.
The statistics that drove this legislation are shocking:
According to the Children’s Commissioner, half of 13-year-olds surveyed reported seeing “hardcore, misogynistic” pornographic material on social media sites, with material about suicide, self-harm, and eating disorders described as “prolific.”
Major websites like PornHub, X (formerly Twitter), Reddit, Discord, Bluesky, and Grindr have already committed to following the new rules. Over 6,000 websites hosting adult content have implemented age-assurance measures.
Reddit started checking ages last week for mature content using technology from Persona, which verifies age through uploaded selfies or government ID photos. X has implemented age estimation technology and ID checks, defaulting unverified users into sensitive content settings.
Many consumers worry about privacy implications of age verification, but the system has built-in protections:
Companies face serious penalties for non-compliance: fines of up to £18 million or 10% of global revenue (whichever is higher). For a company like Meta, this could mean a £16 billion fine.
In extreme cases, senior managers at tech companies face criminal liability and up to two years in jail for repeated breaches. Ofcom can also apply for court orders to block services from being available in the UK.
Ofcom has already launched probes into 11 companies suspected of breaching parts of the Online Safety Act and expects to announce new investigations into platforms that fail to comply with age check requirements.
While some might consider using VPNs to bypass age verification, Ofcom acknowledges this limitation but emphasizes that most exposure isn’t from children actively seeking harmful content: “Our research shows that these are not people that are out to find porn — it’s being served up to them in their feeds.”
As Griffiths explained: “There will be dedicated teenagers who want to find their way to porn, in the same way as people find ways to buy alcohol under 18. They will use VPNs. And actually, I think there’s a really important reflection here… Parents having a view in terms of whether their kids have got a VPN, and using parental controls and having conversations, feels a really important part of the solution.”
You now have stronger tools and clearer accountability from platforms. Two-thirds of parents already use controls to limit what their children see online, and the new rules provide additional safeguards, though about one in five children can still disable parental controls.
You may experience “some friction” when accessing adult material, but the changes vary by platform. On many services, users will see no obvious difference at all, as only platforms which permit harmful content and lack safeguards are required to introduce checks.
Stricter age controls mean more restricted access to certain content, but platforms must also provide better safety tools and clearer reporting mechanisms.
Industry experts and regulators emphasize that this is “the start of a journey” rather than an overnight fix. As one tech lawyer noted: “I don’t think we’re going to wake up on Friday and children are magically protected… What I’m hoping is that this is the start of a journey towards keeping children safe.”
Ofcom’s approach will be iterative, with ongoing adjustments and improvements. The regulator has indicated it will take swift action against platforms that deliberately flout rules but will work constructively with those genuinely seeking compliance.
The UK Online Safety Act is set to have a profound impact, bringing both significant benefits and notable challenges. For users, the primary benefit is a safer online environment, especially for children who will be better shielded from harmful content. Increased transparency from platforms will also empower users with more information about the risks on services they use. However, some users have raised concerns about data privacy related to age verification and the potential for the Act to stifle free expression and lead to over-removal of legitimate content.
For the tech industry, the law presents major operational hurdles. Compliance will require substantial investment in technology, content moderation, and legal expertise, with costs potentially running into the billions across the sector. Smaller platforms may struggle to meet the requirements, potentially hindering innovation and competition. The key takeaway is that the Online Safety Act marks a paradigm shift, moving from self-regulation to a legally enforceable duty of care, the full effects of which will unfold over the coming years as Ofcom’s enforcement ramps up.
Some campaigners argue the measures don’t go far enough, with the Molly Rose Foundation calling for additional changes and some MPs wanting under-16s banned from social media completely. Privacy advocates worry about invasive verification methods, while others question effectiveness.
Parliament’s Science, Innovation and Technology Committee has criticized the act for containing “major holes,” particularly around misinformation and AI-generated content. Technology Secretary Peter Kyle has promised to “shortly” announce additional measures to reduce children’s screen time.
This week’s implementation represents “the most significant milestone yet” in the UK’s bid to become the safest place online. While the changes may not be immediately visible to all users, they establish crucial foundations for ongoing child safety improvements.
The Online Safety Act is designed to be a living framework that evolves with technology and emerging threats. Expect continued refinements, additional measures, and stronger enforcement as the system matures.
The Online Safety Act represents a fundamental shift in how online platforms operate in the UK. While it may introduce some inconvenience through age verification processes, the legislation prioritizes protecting children from genuine harm.
The success of these measures will depend on consistent enforcement, platform cooperation, and ongoing parental engagement. As one Ofcom official noted: “I think people accept that we’re not able to snap our fingers and do everything immediately when we are facing really deep-seated problems that have built up over 20 years. But what we are going to be seeing is really big progress.”
Stay informed about these changes, understand your verification options, and remember that these new safeguards are designed to protect the most vulnerable internet users while preserving legitimate access for adults.
The post UK’s New Online Safety Act: What Consumers Need to Know appeared first on McAfee Blog.
As reports emerge of a new TikTok app known internally as “M2” specifically designed for US users, McAfee warns that the transition period could create perfect conditions for cybercriminals to exploit unsuspecting consumers – including by distributing fake or malicious TikTok apps disguised as the real thing. Here’s what you need to know about the potential risks and how to stay protected.
According to reports from The Information, TikTok is reportedly building a new version of the app just for the United States that could launch as soon as September 5. This development comes as ByteDance faces pressure to sell TikTok’s US operations or face a ban under federal legislation. The existing TikTok app will be removed from US app stores on the same day the new US app launches, although Americans may be able to continue using the current app until March of next year.
The transition won’t be seamless. Transferring the profiles and content of current users to the new app could pose practical challenges, and such a move could also make it harder for American TikTok users to see content from users in other countries. This disruption period presents significant cybersecurity risks that users must be aware of.
ByteDance has been on the clock to find a new owner for TikTok’s US operations since then-President Joe Biden signed the sale-or-ban law last year over national security concerns. The Chinese government has indicated it would block any transfer of TikTok’s algorithm, meaning any new, separate American TikTok would need its own algorithm, possibly built from the ground up. President Trump has stated there are wealthy buyers ready to purchase TikTok’s US operations, though ByteDance currently has until September 17 to sell the app or face a US ban.
The announcement of a new TikTok app creates a perfect storm for cybercriminals looking to exploit confused users during the transition period. Based on McAfee’s recent research into Android malware campaigns, we can expect to see a surge in fake TikTok apps appearing across various distribution channels.
Drawing from our analysis of current malware trends, cybercriminals will likely leverage several tactics:
1. Timing Confusion: During the transition period when users are uncertain about which app is legitimate, scammers will capitalize on this confusion by distributing fake “new TikTok” apps through unofficial channels and app stores.
2. Sophisticated Impersonation: Cybercriminals are getting smarter, using development toolkits like .NET MAUI to create fake apps that look and feel like the real thing. Expect to see convincing fake TikTok apps that mirror the official design and functionality.
3. Advanced Evasion Techniques: These fake apps hide their code in binary files so it can’t be easily detected, letting them stay on your phone longer—stealing quietly in the background. The new TikTok transition provides perfect cover for such sophisticated malware.
These apps aren’t in the Google Play Store. Instead, hackers will likely share them on fake websites, messaging apps, and sketchy links in texts or chat groups. During the TikTok transition, be especially wary of:
Based on recent malware campaigns we’ve analyzed, fake TikTok apps could potentially:
To stay safe during this vulnerable period, follow these essential guidelines:
Hackers are getting creative, but you can stay one step ahead. These recent .NET MAUI-based threats are sneaky—but they’re not unstoppable. The key is maintaining vigilance and using comprehensive security tools that evolve with the threat landscape.
As we navigate the transition to a new TikTok app for US users, remember that cybercriminals will attempt to exploit every opportunity for confusion and uncertainty. By staying informed, using official download sources, and leveraging tools like McAfee’s Mobile Security, you can continue enjoying social media safely.
The digital landscape is constantly evolving, but with the right knowledge and tools, you can stay protected while enjoying the platforms you love. Whether you’re transitioning to a new TikTok app or simply want better control over your social media privacy, McAfee+ provides the comprehensive protection you need in today’s connected world.
The post New TikTok App on the Horizon: What US Users Need to Know About the Risks appeared first on McAfee Blog.
If someone called you claiming to be a government official, would you know if their voice was real? This question became frighteningly relevant this week when a cybercriminal used social engineering and AI to impersonate Secretary of State Marco Rubio, fooling high-level officials with fake voice messages that sounded exactly like him. It raises a critical concern: would other world leaders be able to tell the difference, or would they fall for it too?
In June 2025, an unknown attacker created a fake Signal account using the display name “Marco.Rubio@state.gov” and began contacting government officials with AI-generated voice messages that perfectly mimicked the Secretary of State’s voice and writing style. The imposter successfully reached at least five high-profile targets, including three foreign ministers, a U.S. governor, and a member of Congress.
The attack wasn’t just about pranks or publicity. U.S. authorities believe the culprit was “attempting to manipulate powerful government officials with the goal of gaining access to information or accounts.” This represents a sophisticated social engineering attack that could have serious national and international security implications.
The Rubio incident isn’t isolated. In May, someone breached the phone of White House Chief of Staff Susie Wiles and began placing calls and messages to senators, governors and business executives while pretending to be Wiles. These attacks are becoming more common because:
While the Rubio case involved government officials, these same techniques are being used against everyday Americans. A recent McAfee study found that 59% of Americans say they or someone they know has fallen for an online scam in the last 12 months, with scam victims losing an average of $1,471. In 2024, our research revealed that 1 in 3 people believe they have experienced some kind of AI voice scam
Some of the most devastating are “grandparent scams” where criminals clone a grandchild’s voice to trick elderly relatives into sending money for fake emergencies. Deepfake scam victims have reported losses ranging from $250 to over half a million dollars.
Common AI voice scam scenarios:
One big reason deepfake scams are exploding? The tools are cheap, powerful, and incredibly easy to use. McAfee Labs tested 17 deepfake generators and found many are available online for free or with low-cost trials. Some are marketed as “entertainment” — made for prank calls or spoofing celebrity voices on apps like WhatsApp. But others are clearly built with scams in mind, offering realistic impersonations with just a few clicks.
Not long ago, creating a convincing deepfake took experts days or even weeks. Now? It can cost less than a latte and take less time to make than it takes to drink one. Simple drag-and-drop interfaces mean anyone — even with zero technical skills – can clone voices or faces.
Even more concerning: open-source libraries provide free tutorials and pre-trained models, helping scammers skip the hard parts entirely. While some of the more advanced tools require a powerful computer and graphics card, a decent setup costs under $1,000, a tiny price tag when you consider the payoff.
Globally, 87% of scam victims lose money, and 1 in 5 lose over $1,000. Just a handful of successful scams can easily pay for a scammer’s gear and then some. In one McAfee test, for just $5 and 10 minutes of setup time, we created a real-time avatar that made us look and sound like Tom Cruise. Yes, it’s that easy — and that dangerous.
Figure 1. Demonstrating the creation of a highly convincing deepfake
Recognizing the urgent need for protection, McAfee developed Deepfake Detector to fight AI-powered scams. McAfee’s Deepfake Detector represents one of the most advanced consumer tools available today.
While McAfee’s Deepfake Detector is built to identify manipulated audio within videos, it points to the kind of technology that’s becoming essential in situations like this. If the impersonation attempt had taken the form of a video message posted or shared online, Deepfake Detector could have:
Our technology uses advanced AI detection techniques — including transformer-based deep neural networks — to help consumers discern what’s real from what’s fake in today’s era of AI-driven deception.
While the consumer-facing version of our technology doesn’t currently scan audio-only content like phone calls or voice messages, the Rubio case shows why AI detection tools like ours are more critical than ever — especially as threats evolve across video, audio, and beyond – and why it’s crucial for the cybersecurity industry to continue evolving at the speed of AI.
While technology like McAfee’s Deepfake Detector provides powerful protection, you should also:
The Rubio incident shows that no one is immune to AI voice scams. It also demonstrates why proactive detection technology is becoming essential. Knowledge is power, and this has never been truer than in today’s AI-driven world.
The race between AI-powered scams and AI-powered protection is intensifying. By staying informed, using advanced detection tools, and maintaining healthy skepticism, we can stay one step ahead of cybercriminals who are trying to literally steal our voices, and our trust.
The post When AI Voices Target World Leaders: The Growing Threat of AI Voice Scams appeared first on McAfee Blog.
Summer festival season is upon us, and music lovers are eagerly anticipating everything from The Weeknd tickets to intimate local music festivals. But while you’re dreaming of unforgettable performances, scammers are plotting to turn your concert and festival excitement into their profitable payday. The sobering reality? UK gig-goers lost over £1.6 million to ticket fraud in 2024 more than double the previous year’s losses. With approximately 3,700 gig ticket fraud reports made to Action Fraud in 2024, and almost half originating from social media platforms, the threat to festival-goers has never been greater. A Lloyds Bank analysis of scam reports from its customers has revealed that Oasis Live ’25 tickets are a top target for fraudsters. In the first month following the reunion tour announcement, these fake ticket scams made up roughly 70% of all reported concert ticket fraud cases since August 27, 2024. According to Lloyds, the average victim lost £436 ($590), with some reporting losses as high as £1,000 ($1,303).
Concert tickets have become the ultimate playground for cybercriminals, and it’s easy to see why. The perfect storm of high demand, limited supply, and emotional urgency creates ideal conditions for fraud. When your favorite artist announces a tour, tickets often sell out in minutes, leaving desperate fans scrambling on secondary markets where scammers thrive. Unlike typical retail purchases, concert tickets are intangible digital products that are difficult to verify until you’re standing at the venue gate, often too late to get your money back. Scammers exploit this by creating fake ticketing websites with legitimate-sounding names, posting counterfeit tickets on social media marketplaces, and even setting up fraudulent “last-minute deals” outside venues.
The emotional investment fans have in seeing their favorite performers makes them more likely to ignore red flags like unusual payment methods, prices that seem too good to be true, or sellers who refuse to use secure payment platforms. Add in the time pressure of limited availability, and scammers have found the perfect recipe for separating music lovers from their money. With the average concert scam victim losing over $400 according to the Better Business Bureau, what should be an exciting musical experience often becomes a costly lesson in digital fraud.
How It Works: Scammers create convincing counterfeit tickets using stolen designs, logos, and QR codes from legitimate events. They may purchase one real ticket and then sell multiple copies to different buyers, knowing only the first person through the gate will succeed.
The Digital Danger: With the rise of digital tickets and QR codes, scammers can easily screenshot, photograph, or forward ticket confirmations to multiple victims. Since many festival-goers don’t realize that QR codes can only be scanned once, multiple people may believe they own the same valid ticket.
How It Works: Fraudsters create entirely fictional festivals, remember the Fyre Festival? A complete fake lineups featuring popular artists, professional websites, and aggressive marketing campaigns. They invest heavily in making these events appear legitimate, sometimes even securing fake venues and promotional partnerships.
The Impersonator: Some scammers specifically target popular festivals by creating fake events with slight name variations or claiming to offer exclusive “VIP experiences” that don’t exist.
How It Works: Scammers create fake profiles or hack legitimate accounts to advertise sold-out festival tickets. They often target popular festival hashtags and engage with desperate fans seeking last-minute tickets on TikTok, Instagram, and Facebook Marketplace.
The FOMO Factor: These scammers exploit the fear of missing out by creating false urgency: “Only 2 tickets left!” or “Someone just backed out, quick sale needed!”
How It Works: Legitimate-seeming sellers request payment through untraceable methods like bank transfers, gift cards, or cryptocurrency. Once payment is sent, the “seller” disappears, leaving victims with no recourse for recovery.
How It Works: Fraudsters create fake QR codes that lead to malicious websites designed to steal your personal information or payment details. These might be disguised as “ticket verification” sites or fake festival apps.
The Modern Twist: Some scammers send QR codes claiming they contain your tickets, but scanning them actually downloads malware or leads to phishing sites designed to harvest your personal information.
McAfee’s Scam Detector is your shield against concert and ticket scams this summer. This advanced scam detection technology is built to spot and stop scams across text messages, emails, and videos. Here’s how Scam Detector protects concert-goers:
Scam Detector catches suspicious messages across apps like iMessage, WhatsApp, and Facebook Messenger—exactly where ticket scammers often strike.
Flags phishing emails that appear to be from venues, ticketing companies, or resale platforms across Gmail, Outlook, and Yahoo. The system alerts you and explains why an email was flagged, helping you learn to spot concert scams as you go.
Detects AI-generated or manipulated audio in videos on platforms like YouTube, TikTok, and Facebook—perfect for catching fake artist endorsements or fraudulent venue announcements that scammers use to promote fake ticket sales.
Found a great ticket deal but feeling uncertain? Upload a screenshot, message, or link for instant analysis. Scam Detector offers context so you understand exactly why a ticket offer might be fraudulent.
Choose the level of protection that works for your concert-going habits:
If you do click a suspicious ticket link, McAfee’s Scam Detector can help block dangerous sites before they load, protecting you from fake ticketing websites.
McAfee’s Scam Detector delivers reliable protection against the most common ticket scam tactics without false alarms that might block legitimate communications from venues or artists. Scam Detector uses on-device AI wherever possible, meaning your concert ticket searches and purchase communications aren’t sent to the cloud for analysis. Your excitement about seeing your favorite band stays between you and your devices.
Make This Summer About Music, Not Scams. Don’t let fraudsters steal your summer concert experience. With McAfee’s Scam Detector, you can focus on what really matters: getting legitimate tickets to see amazing live music. The technology works in the background, identifying scams and educating you along the way, so you can make confident decisions about your concert purchases.Summer festivals, arena shows, and outdoor concerts are waiting—make sure you’re protected while you’re getting ready to rock.
Learn more about McAfee’s Scam Detector at: https://www.mcafee.com/en-us/scam-detector.
The post How to Protect Yourself from Concert and Festival Ticket Scams appeared first on McAfee Blog.
As Amazon Prime Day approaches (July 8-11, 2025), millions of shoppers are gearing up for what promises to be one of the biggest online shopping events of the year. But while you’re hunting for deals, cybercriminals may be hunting for you. A recent devastating case from Montana serves as a stark reminder that not all “Amazon” calls are what they seem.
In April 2025, an elderly Missoula woman received what seemed like a routine customer service call. The caller claimed to be from Amazon’s fraud department and asked if she had recently purchased computer equipment. When she said no, the caller’s tone shifted to concern; they claimed her identity had been stolen, and immediate action was needed.
What followed was a masterfully orchestrated scam that would ultimately cost the woman nearly $1 million. The fake Amazon representative transferred her to what appeared to be the “Social Security Department,” where another scammer told her that her personal information had been linked to a money laundering investigation. To “protect” her funds, she was then connected to someone claiming to be a U.S. Marshal.
The supposed federal agent convinced her that the money in her bank accounts needed to be “legalized” to keep it safe from the criminals who had stolen her identity. Over multiple visits to her home, the woman handed over cash and gold to people she believed were federal agents protecting her life savings. Instead, she was systematically robbed.
The scam only unraveled when law enforcement, working with the victim, set up a sting operation. When 29-year-old Zabi Ullah Mohammed arrived for what he thought would be another pickup, police were waiting. They found nearly $70,000 in cash in his vehicle, along with airline tickets and rental car documents – evidence of a sophisticated, multi-state operation.
This Montana case isn’t an isolated incident, it’s part of a growing trend that peaks during major shopping events like Prime Day. What makes this year particularly concerning is the economic backdrop driving consumer behavior.
With recently implemented tariffs now in effect, including 25% on certain goods from Canada and Mexico and additional levies on Chinese products, American households are feeling unprecedented financial pressure. Recent polling shows 73% of Americans expect significant price increases in the coming months, while economists project tariffs could cost the average household nearly $1,200 annually.
This economic anxiety is creating a perfect storm for scammers, as our research shows that 46% of shoppers plan to shop more during Prime Day specifically hoping to save money in light of tariff-related price hikes. Older consumers are particularly motivated by these concerns, with 68% of shoppers aged 65+ citing tariff worries as a key driver for increased online shopping – making them prime targets for sophisticated scams promising exclusive deals and savings.
“As inflation and tariffs push more people to hunt for deals, scammers are using generative AI to craft scams that are more polished, personal, and persuasive,” said Abhishek Karnik, Head of Threat Research at McAfee. “From retailer impersonations to hyper-realistic delivery scams, these threats are getting harder to spot. The good news is that the tools to fight back are getting smarter too. The best way to stay safe is to pause before you click, trust your instincts, and use AI-powered protection like McAfee’s Scam Detector to stay one step ahead.”
Figure 1. Examples of Amazon tariff and job scams
Figure 2. An example of a fake Amazon sign-in page.
Figure 3. Examples of Amazon phishing scams
Older adults are particularly at risk, with 68% of shoppers aged 65+ saying tariff-related concerns motivate them to shop more online, potentially making them targets for scams promising “deals.” Heavy shoppers face the highest risk, with 23% reporting being scammed during major sale events – more than double the rate of light shoppers. More than one-third (35%) of scam victims don’t tell anyone about being defrauded. The main reasons for staying silent include embarrassment (27%), not wanting to appear gullible (24%), and shame (9%).
Younger shoppers are far more likely to take risks on unfamiliar brands — especially on social media. Nearly a quarter of 18–34-year-olds say they’re willing to buy from unknown retailers if the deal looks good, with 22% of 18–24s and 21% of 25–34-year-olds ready to click “buy now” on offers from unknown brands. In stark contrast, older adults (65+) show extreme caution, with only 1% willing to engage with unfamiliar advertisements.
That openness comes with a serious trade-off. Platforms like TikTok Shop and Instagram Shopping are fast becoming hotspots for scam exposure. Nearly 1 in 3 young shoppers say they’ve encountered deepfake videos of influencers promoting deals or products that turned out to be scams during past sale events, and of those, a staggering 71% say either they or someone they know lost money. With 29% of shoppers browsing TikTok Shop and 10% using Instagram Shopping, these social platforms have become both a go-to destination for deals and a growing cybersecurity risk. The seamless integration of shopping and social content makes it easier than ever for scammers to blend fraudulent offers with legitimate content, creating a perfect storm of vulnerability.
The good news? These scams are preventable if you know what to watch for and take the right precautions. Here’s your defense playbook:
While 89% of people plan to take specific safety steps during Prime Day, the sophistication of modern scams means we all need to stay vigilant. The Montana woman’s story shows how even intelligent, cautious people can fall victim to well-orchestrated psychological manipulation.
This Prime Day, remember that the best deal is the one that doesn’t cost you your life savings. Legitimate retailers will never pressure you to act immediately or ask you to pay with untraceable methods. When in doubt, hang up, take a breath, and verify independently. Your skepticism might just save your bank account, and your peace of mind.
Key Takeaway: Amazon, and most other retailers, will not ask you to provide sensitive information over the phone or request payment via gift cards, wire transfers, or cash. When shopping this Prime Day, if something seems suspicious, it probably is. Trust your instincts and verify independently.
The post How to Shop Safely During Amazon Prime Day appeared first on McAfee Blog.
Picture this: You’ve just arrived at a bustling airport, exhausted from your journey but excited for your vacation. While waiting for your connecting flight, you pull out your phone to share that first travel selfie or check your hotel reservation. You spot the airport’s free Wi-Fi network and connect without a second thought. What you don’t realize is that you may have just handed cybercriminals the keys to your digital life.
Tourist hotspots—airports, hotels, cafes, and popular destinations have become hunting grounds for hackers who exploit the very convenience that makes these locations attractive to travelers. The combination of rushed tourists, ubiquitous free Wi-Fi, and relaxed security awareness creates the perfect storm for cybercrime.
The statistics paint an alarming picture of just how dangerous public Wi-Fi can be for travelers:
These aren’t just numbers—they represent real people whose vacations turned into identity theft nightmares, drained bank accounts, and compromised personal information that can haunt them for years.
Airport Wi-Fi is known to be a “hacker honeypot” due to typically lax security. Think about it: thousands of tired, distracted travelers pass hrough daily, each carrying devices loaded with personal and financial information. Just one airport network could hold hundreds to thousands of potential targets.
Unsecured hotel networks can be accessed by anyone near the hotel, allowing them to monitor traffic to connected devices. Many hotels prioritize convenience over security, offering open networks that make it trivially easy for cybercriminals to intercept your data.
Popular cafes, restaurants, and tourist attractions often offer free Wi-Fi as a customer amenity. However, public Wi-Fi networks are typically unencrypted, meaning data transmitted over these networks can be intercepted by hackers.
Cybercriminals are now updating an old cybercrime tactic called “evil twin” attacks. Here’s how it works: hackers create fake Wi-Fi networks with names that closely resemble legitimate ones. Instead of connecting to “Airport_WiFi,” you might accidentally connect to “Airport_Wi-Fi” or “Airport_Free_WiFi.” The miniaturization of digital twinning technology has made this kind of cyberattack more appealing to hackers, with the technology to pull it off available for less than $500.
The biggest threat to free Wi-Fi security is the ability for hackers to position themselves between you and the connection point. Instead of your data going directly to its intended destination, it first passes through the hacker’s system, giving them access to everything: emails, passwords, credit card information, and even business credentials.
Hackers use packet sniffing tools to capture and analyze traffic, extracting personal information from unsuspecting users. This sophisticated technique allows cybercriminals to intercept and read data that isn’t properly encrypted, turning your private communications into an open book.
Hackers can use an unsecured Wi-Fi connection to distribute malware. Some have even managed to hack connection points themselves, causing pop-up windows to appear offering fake software updates that actually install malicious code on your device.
“When on vacation, people tend to forget about their online security,” said cybersecurity expert Daniel Markuson. The excitement of travel combined with the stress of navigating unfamiliar places creates a perfect storm where normal security awareness takes a backseat to convenience.
“It is typical to scroll through your phone while waiting for a flight or train. However, when on vacation, people tend to forget about their online security. Hackers take advantage of that and use the public Wi-Fi network weaknesses in airports and train stations to get their hands onto sensitive personal or corporate data”.
Understanding these threats is the first step, but protection requires the right tools. McAfee Mobile Security, available on both the Google Play Store and iOS App Store for iPhones, provides comprehensive protection designed specifically for the challenges travelers face.
McAfee’s automatic VPN proxy ensures secure browsing and hides your IP address for added privacy, while the network scanner and Wi-Fi security verify connections, keeping you safe on public networks.
Receive alerts when connecting to an unsecured Wi-Fi network or hotspot. Wi-Fi scan analyzes networks for security and ensures a safer online connection. This feature acts as your personal network security expert, warning you before you connect to potentially dangerous networks.
Safe Browsing Protection: Block malicious websites automatically so you can browse safely. Safe browsing alerts protect you from phishing and leaking personal info.
Text and Email Scam Detection: Text scam protection filters risky messages and phishing attempts, and blocks harmful sites. Identify risky emails and get scam warnings with email scam protection.
For Android Users: McAfee Mobile Security is available on the Google Play Store. The app combines antivirus protection, VPN security, and identity monitoring in one comprehensive package.
For iPhone Users: iOS users can download McAfee Security from the App Store, providing the same robust protection optimized for Apple devices.
While McAfee’s mobile security provides robust protection, combining it with smart travel habits creates an impenetrable defense:
Verify Network Names Always confirm the exact Wi-Fi network name with establishment staff. Hackers create fake Wi-Fi hotspots that have convincing names designed to trick travelers.
Use Mobile Hotspot When Possible “My favorite way to avoid evil twin attacks is to use your phone’s mobile hotspot if possible,” said cybersecurity expert Brian Callahan. This creates a secure, personal network that only you control.
Disable Auto-Connect Set your mobile device to ‘ask’ before it connects to a Wi-Fi network, rather than automatically connecting to an available network. This simple setting prevents your device from automatically connecting to malicious networks.
Keep Software Updated Updates often include security patches that address vulnerabilities and protect against emerging threats. Before traveling, ensure all your devices and security software are current.
Consider the true cost of a security breach while traveling:
Compare this to the minimal cost of McAfee Mobile Security, which provides comprehensive protection for less than the price of a coffee at most airport cafes.
As cyber threats evolve, traditional security measures like VPNs may no longer be sufficient on their own. However, McAfee’s mobile security suite evolves continuously, incorporating the latest threat intelligence and protection technologies to stay ahead of cybercriminals.
The integration of AI-powered threat detection, real-time network analysis, and behavioral monitoring means your protection improves automatically as new threats emerge.
Don’t let cybercriminals turn your dream vacation into a digital nightmare. Before your next trip:
With the right cybersecurity tools, it’s easy to surf the web securely while exploring new destinations. McAfee Mobile Security ensures that your only worry while traveling is choosing which adventure comes next not whether your personal information is safe.
Your journey should be about creating memories, not dealing with the aftermath of cybercrime. With McAfee Mobile Security protecting your digital life, you can focus on what really matters: enjoying every moment of your travels while staying completely secure. Ready to protect your travels? Download McAfee Mobile Security today from the Google Play Store or iOS App Store and travel with confidence, knowing your digital life is secure no matter where your adventures take you.
The post Why Public Wi-Fi at Tourist Hotspots is a Goldmine for Hackers appeared first on McAfee Blog.
Your dream vacation could become a nightmare if you fall for these sophisticated AI-powered scams. The travel industry is experiencing an unprecedented surge in AI-powered fraud. What started as simple fake booking websites has evolved into something far more sinister: criminals are now using artificial intelligence to clone the voices and identities of trusted travel agents, creating convincing impersonations that can fool even the most cautious travelers.
Recent data paints a sobering picture. Booking.com reports a staggering 500 to 900 percent increase in travel scams over the past 18 months, largely driven by AI technology. McAfee research reveals that 30 percent of adults have either fallen victim to online travel scams or know someone who has while trying to save money on travel.
Gone are the days when scammers relied solely on poorly written emails with obvious typos. Today’s travel fraudsters are weaponizing AI voice cloning technology that requires as little as three seconds of audio to create a convincing replica of someone’s voice. Here’s how these sophisticated scams typically unfold:
The Setup: Criminals research legitimate travel agents, tour operators, or booking specialists through social media, company websites, and online videos. They harvest voice samples from promotional videos, webinars, or even customer service recordings.
The Clone: Using readily available AI tools—some costing as little as $5 to $10 per month—scammers create voice clones that perfectly mimic speech patterns, accents, and even emotional nuances of real travel professionals.
The Hook: Armed with these cloned voices, criminals make convincing phone calls to potential victims, often claiming to represent established travel agencies or offering “exclusive” deals that create urgency to book immediately.
While AI voice cloning technology has become incredibly sophisticated, there are still warning signs you can watch for:
Listen for inconsistencies: Pay attention to unusual word choices, stilted language, or responses that seem rehearsed or robotic. AI-generated voices may struggle with emotional range or natural conversation flow.
Verify through multiple channels: If someone claiming to be a travel agent unexpectedly contacts you, hang up and call the agency directly using a number you find independently—never redial the number that called you.
Be wary of pressure tactics: Legitimate travel agents won’t pressure you to book immediately or demand payment through untraceable methods like wire transfers, cryptocurrency, or gift cards.
Check for licensing and credentials: Ask for specific licensing information and verify it independently. Real travel agents are typically registered with industry organizations and local business bureaus.
Voice cloning is just one weapon in the modern scammer’s arsenal. Criminals are also using AI to:
Create convincing fake websites: AI tools can quickly generate professional-looking travel booking sites that mirror legitimate companies, complete with stolen branding and customer reviews.
Generate fake reviews: AI-written testimonials can flood fake listings with glowing five-star reviews that seem authentic but are entirely fabricated.
Produce deepfake videos: Some sophisticated scams now include video calls featuring AI-generated faces that can interact in real-time, making the deception even more convincing.
Automate phishing campaigns: AI helps criminals create personalized emails and messages that target specific individuals based on their travel history and preferences.
The financial consequences of AI-powered travel scams can be catastrophic. VPNRanks predicts that travel scam losses could reach $13 billion globally by 2025, with an average loss of nearly $1,000 per victim. Even more concerning, business travelers face a 65 percent higher risk of falling victim compared to leisure travelers.
The sophistication of these scams means that even cybersecurity-savvy individuals can be caught off guard. In one notable case, a finance worker in Hong Kong was tricked by an AI-powered deepfake video call into transferring over $25 million to criminals who had used publicly available footage to impersonate multiple senior executives.
At McAfee, we understand that the same AI technology enabling these scams can also be our best defense against them. Our comprehensive McAfee+ protection suite includes several key features specifically designed to combat these emerging threats:
McAfee Scam Detector: Our AI technology powers advanced scam detection that can identify suspicious patterns and behaviors. This includes recognizing potentially fraudulent communications before they reach you on text messages, email and even deepfake protection.
Identity Monitoring and Alerts: Our comprehensive identity monitoring watches for signs that your personal information may have been compromised—a critical early warning system since scammers often research their targets extensively before launching attacks.
Safe Browsing Protection: When you’re researching travel options online, our web advisor protection features block access to known malicious sites and warn you about suspicious domains in real-time.
Personal Data Cleanup: We help remove your personal information from data broker sites that scammers often use to research potential victims, reducing your exposure to targeted attacks.
Protection against AI-powered travel scams requires a multi-layered approach combining technology, awareness, and smart practices:
Verify independently: Always confirm travel arrangements through official channels. If someone calls claiming to represent a travel company, hang up and call the company directly using contact information from their official website.
Be skeptical of urgency: Legitimate travel deals don’t require immediate action. Take time to research and verify any offer, especially if it involves upfront payments or personal information.
Use secure payment methods: Avoid wire transfers, cryptocurrency, or gift cards for travel payments. Use credit cards that offer fraud protection and dispute resolution.
Limit social media exposure: Be cautious about posting travel plans, photos, or videos that could provide scammers with material to clone your voice or research your activities.
Trust your instincts: If something feels off about a conversation or offer, don’t ignore that feeling. It’s better to miss out on a potentially legitimate deal than fall victim to a sophisticated scam.
As AI technology continues to evolve, we can expect travel scams to become even more sophisticated. Future threats may include real-time deepfake video calls, AI-generated virtual travel agents with full conversational abilities, and hyper-personalized scams based on extensive data analysis.
The key to staying protected is maintaining vigilance while leveraging advanced security tools. McAfee’s AI-powered protection evolves continuously to stay ahead of emerging threats, providing you with the most current defense against the latest scamming techniques.
Your dream vacation should remain exactly that—a dream come true, not a financial nightmare. By staying informed about these threats and using comprehensive protection like McAfee’s identity and scam protection services, you can travel with confidence, knowing you’re protected against even the most sophisticated AI-powered fraud attempts.
Remember: in our digital age, the best travel companion isn’t just a good guidebook—it’s robust cybersecurity protection that travels with you wherever you go.
Ready to protect yourself from AI-powered scams? Learn how McAfee+ and its comprehensive identity theft protection and AI-powered scam detection is designed to keep you safe while traveling and beyond.
The post How Criminals Are Using AI to Clone Travel Agents and Steal Your Money appeared first on McAfee Blog.
Reports last week detail a “16 billion password leak”, with major news outlets worldwide proclaiming this as one of the “largest data breach in history. The exposed dataset appears to be a massive compilation of previously leaked login credentials combined with recent information harvested from devices infected with a type of malware called an infostealer. The vast amount of stolen login credentials, especially from the platforms people use and rely on every day, serves as a powerful reminder of the need for up-to-date online security combined with strong cyber hygiene.
If cybercriminals get hold of your login credentials, the consequences can be serious—think hijacked social media accounts, stolen identities, phishing attacks launched from your personal email account, and potentially even financial loss. The good news? You can take action right now to boost your security and stay protected from scammers.
Don’t let the “old data” narrative fool you into complacency. As McAfee CTO Steve Grobman notes: “With over 16 billion login credentials exposed worldwide, the scale of this breach is a stark reminder of the prevalence of data leaks and the importance of practicing good cyber hygiene.”
This compilation represents a significant threat because:
Password Reuse Amplifies Risk: If you reuse passwords across multiple sites, one stolen credential can unlock multiple accounts.
Social Media Account Takeovers: “Email and social media logins are particularly valuable, as they allow scammers to reset passwords and dig even deeper into someone’s digital life, even impersonating victims,” Grobman explains.
Identity theft: With access to information, like the username and password for your banking or financial account, cybercriminals could steal your identity to open new accounts, apply for loans, and commit fraud.
Increase in Phishing Attacks: In Grobman’s words: “For cybercriminals, this data is gold. It gives them everything they need to scam, impersonate, and steal. With a trove of personal information circulating widely, people should be on high alert for targeted scam emails and texts that look like they’re from trusted brands or known contacts.”
Ongoing Infostealer Infections on Unprotected Devices: New databases appear “every few weeks” with “fresh, weaponizable intelligence” which means that without the right protection you may have malware on your device silently stealing your data. And according to the researchers, the problem isn’t getting better—it’s accelerating.
Following McAfee’s official guidance, here’s what you need to do immediately:
Before changing any passwords, scan your devices for malware. If you’re concerned that an infostealer might be present on your computer, scan your device with a trusted antivirus program before changing any passwords. Otherwise, newly entered credentials could be stolen as well.
Steve Grobman’s recommendation is clear: “Now is the time to update passwords – especially for email, banking, and shopping accounts.” You should:
Enable Two-Factor Authentication everywhere possible. As our CTO recommends: “Enable two-factor authentication wherever possible” to add that crucial second layer of security.
Use authenticator apps, such as Google Authenticator, Duo, and Authy, and do not use SMS. You should avoid using SMS texts to receive 2FA codes, as threat actors can conduct SIM-swapping attacks to hijack your phone number and obtain them.
Given the elevated risk of targeted scams using your real information, Grobman specifically recommends: ” Use scam detection technology, like McAfee’s Scam Detector, to help flag risky messages before they cause harm.”
While this specific data compilation may contain both older and newer data, it highlights a fundamental truth: your credentials are constantly being targeted by cybercrooks.
The infostealer problem has gotten so pervasive that manual monitoring simply isn’t sufficient anymore. You need automated, professional-grade protection that works 24/7.
Traditional approaches wait for you to discover you’ve been compromised. McAfee’s approach is different:
There are thousands, if not hundreds of thousands, of similarly leaked archives being shared online, resulting in billions of credentials records released for free. This 16 billion record compilation is just the latest in an ongoing parade of massive credential dumps.
The Trend Is Accelerating: As infostealers have become so abundant and commonly used, threat actors release massive compilations for free on Telegram, Pastebin, and Discord to build reputation and attract customers to their paid services.
Given the scale of credential theft over the years, assume some of your information is already in criminal hands. This mindset shift changes everything:
Your credentials are valuable to criminals, and they’re actively working to steal and exploit them. The question isn’t whether your information will appear in future compilations—it’s whether you’ll be protected when it does.
McAfee Identity Monitoring provides timely dark web alerts, complete with guidance on how to quickly secure your info if they’re found in breaches.
Get McAfee+, with all-in-one scam, privacy, and identity protection and gain immediate access to:
Remember: Take this opportunity to update your passwords immediately and improve your cybersecurity habits — because the threat is real, ongoing, and growing.
The post 16 Billion Stolen Logins for Apple, Google, Facebook and More: How to Stay Safe appeared first on McAfee Blog.
The modern family juggling act has never been more complex—or more dangerous. If you’re caring for aging parents while raising children, you’re part of what researchers call the “Sandwich Generation.” According to Pew Research, nearly half (47%) of adults in their 40s and 50s find themselves wedged between these dual responsibilities. But in today’s digital landscape, this demographic faces a uniquely modern threat: becoming the primary target of an unprecedented scam epidemic.
As a cybersecurity professional who has witnessed the evolution of online threats over two decades, I can tell you that today’s scam landscape is unlike anything we’ve seen before. The stakes are higher, the tactics more sophisticated, and the Sandwich Generation is squarely in the crosshairs.
McAfee’s recent State of the Scamiverse report paints a troubling picture of digital life in the UK. The statistics are staggering: 60% of Brits report either falling victim to an online scam or knowing someone who has. When these attacks succeed, the financial impact is severe—victims lose an average of £936, with some reporting devastating losses exceeding £7,980.
Perhaps most alarming is the speed at which these crimes unfold. A shocking 68% of victims said it took less than an hour to be defrauded, with 48% reporting that fraud occurred within just 30 minutes of engaging with a scammer. This isn’t the slow-burn con artistry of yesteryear—this is lightning-fast digital predation.
The financial losses, while significant, represent only part of the damage. The psychological impact cuts deeper than many realize. Our research shows that 32% of Brits who fell for online scams experienced moderate to significant distress, including anxiety, depression, and damaged self-esteem. For the Sandwich Generation, already stretched thin emotionally and financially, this psychological burden can be overwhelming.
Consider the compounding effects: 80% of scam victims reported that the experience impacted their self-esteem and ability to trust others. When you’re responsible for protecting not just yourself but also tech-savvy teenagers and digitally-vulnerable parents, this erosion of confidence can have far-reaching consequences for your entire family’s digital safety.
From a cybercriminal’s perspective, the Sandwich Generation represents the perfect storm of vulnerability. Here’s why you’re in their crosshairs:
Overwhelm and Distraction: Scam tactics are most effective when targets are tired, rushed, or mentally overloaded. The constant juggling act of work, children’s needs, and aging parents’ care creates exactly these conditions.
Multiple Attack Vectors: You’re not just protecting yourself—you’re managing the digital lives of three generations. Children who overshare on social media and parents who may trust too readily both create entry points for scammers.
The “Family Tech Lead” Burden: In most households, one person becomes the de facto IT support for everyone. If that’s you, you’re essentially protecting three generations of users with the cybersecurity knowledge and tools designed for one.
Time Poverty: When you’re constantly switching between helping with homework, managing medical appointments, and handling your own responsibilities, the careful scrutiny required to spot sophisticated scams becomes nearly impossible.
The repeat victimization rate is particularly concerning. Once scammers identify a successful target, they often share that information within criminal networks, leading to sustained harassment and repeated attempts.
Protecting Your Children (The Digital Natives)
Despite their technological fluency, young people face unique vulnerabilities:
Social Media Saturation: 28% of 18-24-year-olds receive scam messages via social media platforms. The integration of these platforms into daily life makes detection more challenging.
Gaming Community Exploitation: Scammers infiltrate gaming communities with fake giveaways, cryptocurrency cons, and phishing attempts disguised as game-related communications.
Celebrity Deepfake Scams: AI-generated celebrity endorsements for cryptocurrency schemes or investment opportunities are becoming increasingly sophisticated and harder to detect.
Overconfidence Bias: Young people often believe their digital nativity makes them immune to scams, leading to less cautious behavior online.
Protecting Your Parents (The Trusting Generation)
Older adults face different but equally serious threats:
Email-Based Attacks: 67% of over-55s encounter scams primarily through email, a medium they often trust more than social media.
Authority Impersonation: Tech support scams, fake government communications, and bank impersonation attempts exploit older adults’ respect for authority and institutions.
Voice Cloning Threats: 21% of Brits have encountered AI voice scams impersonating loved ones—a particularly dangerous development for older users who may be more trusting of familiar voices.
Isolation Exploitation: Scammers often target older adults during periods of loneliness or health concerns, when they’re more likely to engage with unexpected communications.
Mobile Device Security
Mobile scams have reached epidemic proportions in the UK, with 35% of Brits falling victim to SMS or call-based scams in the past year. The most common mobile threats include:
Package Delivery Scams (33%): “Your parcel couldn’t be delivered” texts that lead to fake websites designed to steal personal information or payment details.
Subscription Renewal Cons (23%): Messages claiming services like Netflix require payment information updates, leading to credential theft or unauthorized charges.
Social Engineering Openers (16%): Simple “Hey, how are you?” messages that gradually build trust before introducing investment or romance scams.
Computer and Email Security
Email remains the primary attack vector, with 32% of Brits falling victim to phishing attempts last year. The sophistication of these attacks has increased dramatically—while 78% of people believe they can spot scams, today’s emails often perfectly mimic legitimate communications.
Artificial intelligence has revolutionized scamming, with 21% of Brits encountering AI-generated scams. The challenge is significant: 53% of people admit that deepfakes are difficult to spot, and the technology improves daily.
Just as you have a fire escape plan, your family needs a comprehensive fraud response strategy. This should include:
Technology alone cannot solve this crisis. The most effective defense combines good security tools with open family communication and ongoing education. Regular conversations about online safety should be as normal as discussions about physical safety.
For Children: Focus on critical thinking skills rather than fear-based messaging. Teach them to question unexpected opportunities and verify information through multiple sources.
For Parents: Emphasize that asking for help with suspicious communications is a sign of wisdom, not weakness. Create an environment where they feel comfortable seeking guidance.
For Everyone: Establish family rules about financial communications—for example, agreeing that no family member will ever ask for money or personal information via text or email without prior verbal confirmation.
The scam landscape evolves constantly, driven by technological advancement and criminal innovation. As someone who has tracked these trends for two decades, I can tell you that the only constant is change. What worked last year may be ineffective today, and tomorrow will bring new challenges.
The key is building adaptable defenses: security awareness that can evolve with threats, technology solutions that update automatically, and family communication patterns that encourage ongoing vigilance without creating paranoia.
The Sandwich Generation faces unique challenges in today’s digital world, but you’re not powerless. By understanding the threat landscape, implementing appropriate security measures, and fostering open communication about online safety, you can protect your family’s financial security and emotional well-being.
Remember that in the UK today, encountering scam attempts isn’t rare—it’s daily. The goal isn’t to avoid all contact with potential threats but to recognize them quickly and respond appropriately. With the right preparation and tools, you can maintain your family’s digital confidence while staying one step ahead of the scammers.
Your role as the family’s digital guardian is challenging, but it’s also crucial. You’re not just protecting money—you’re protecting your family’s trust, confidence, and peace of mind in an increasingly connected world.
Stay vigilant, stay informed, and remember: when in doubt, pause, check, and verify. Your family’s digital safety depends on it.
The post How the Sandwich Generation Can Fight Back Against Scams appeared first on McAfee Blog.
Ah, summer. The season of sun-soaked beaches, bucket list adventures, and Instagram-worthy Aperol Spritzes. For many, it’s also a time of new connections—whether it’s a whirlwind vacation romance, a flirtatious chat over sangria, or that handsome stranger who slides into your DMs while you’re posting travel pics.
But while your heart may be on holiday, romance scammers are very much on the job.
Every summer, there’s a spike in cybercrime that preys on people’s heightened emotions, loneliness, and lowered guard while traveling. Romance scams aren’t just the stuff of Netflix documentaries or embarrassing Reddit threads—they’re a multi-billion dollar business. In fact, in the U.S. alone, consumers reported losing $1.3 billion to romance scams in 2023, according to the FTC. And those are just the ones who reported it.
Whether you’re vacationing in Ibiza or just swiping Tinder in Tuscany, here’s what you need to know to keep your love life and your bank account scam-free this summer.
Let’s break down the perfect storm:
Scammers love this combo. It gives them everything they need to make you feel special, disarmed, and emotionally invested—before making their move.
And don’t think these scams are limited to dating apps. They happen on Facebook, Instagram, TikTok, WhatsApp, Airbnb experiences, and yes, even LinkedIn. Love (and deception) finds a way.
No matter where you are in the world, these red flags are global. If your new summer fling is showing any of these signs, take a step back before you step deeper in:
They move too fast.
They say they love you after two days. They want to video call all the time. They talk about marriage before you’ve even exchanged last names. Classic sign of love bombing.
They avoid meeting in person or always have a reason to cancel.
Even if you’re in the same city, they’ll say they’re stuck at customs, quarantining, or detained by border patrol (yes, really). This isn’t just shady—it’s scripted.
They need money—urgently.
Hospital bill. Stolen passport. Emergency flight. Sick relative. Whatever it is, it’s always an emergency and always comes with a request for money, gift cards, or cryptocurrency.
They ask you to keep the relationship private.
“Let’s keep this just between us.” Translation? “Please don’t tell your smarter friends who would spot me a mile away.”
They want to take the chat off-platform.
If someone you met on a dating app pushes you onto WhatsApp, Telegram, or a private email chain quickly, it’s a red flag.
Summer brings out some unique variations on the classic romance scam, here are a number of the common types of travel romance scams.
The “Travel Buddy” Scam
You meet someone on a travel app or forum who wants to join your trip. They seem cool—until they ghost you after you book everything in their name. Or worse, they show up and mooch off you the entire time.
The “Local Lover” Scam
A charming local sweeps you off your feet. They say they want to visit you in your home country, but need help with a visa fee, plane ticket, or travel insurance.
The “Digital Dater” Abroad
You’re on vacation and your dating app blows up with matches. Coincidence? Hardly. Scammers geo-fence popular tourist zones because they know travelers are emotionally available and often disconnected from their usual guardrails.
The “Crypto Casanova”
You match with someone on a dating app who subtly mentions they’ve made loads of money on crypto. Soon, they offer to help you invest. Spoiler alert: the platform they send you to is fake. Your money is gone, and so are they.
You don’t have to be a digital hermit on your holiday. But you do need a bit of cyber street smarts. Here’s how to travel (and flirt) safely:
No sharing your hotel, flight info, or travel itinerary with someone you just met online. And definitely don’t post your boarding pass or hotel room number on socials.
Not for flights, food, phone credit, visas, crypto, or “emergencies.” If someone asks for money, it’s a scam. Every. Single. Time.
If someone seems too good to be true, screenshot their profile pics and run a reverse image search. If they’re stolen from a model or influencer, you’ll know quickly.
Stick with apps that offer verified profiles, video chat, and in-app messaging. The more friction between you and scammers, the better.
If something feels off, it probably is. Don’t let the vacation buzz cloud your common sense.
If someone claims to be in Paris but always replies at 3 a.m. Paris time? Red flag.
A few too many cocktails and you’re more likely to miss signs of manipulation or send info you shouldn’t. Scammers love an intoxicated target.
Let someone back home know who you’re talking to. Share screenshots if necessary. Having a second pair of eyes can save you.
Don’t send sensitive messages, share banking info, or access dating apps over public Wi-Fi. Use a VPN like McAfee Secure VPN if you must connect while on the go.
Romantic attention can feel flattering—especially if you’re traveling solo. But don’t confuse flattery with trust. If someone’s pushing boundaries, bail.
If your gut’s screaming “scam,” don’t ignore it. Cut contact immediately. Don’t argue, don’t explain. Just block and move on.
Report them to the platform.
Whether it’s a dating app or social media site, reporting helps stop them from targeting others.
Tell your bank if you sent money.
They may be able to freeze a transaction or help with fraud recovery.
Talk to someone.
Shame is what scammers count on. Speak up. You are not alone, and you are not stupid.
Look, summer romance can be amazing. I’m not here to kill the vibe. But don’t confuse intensity for intimacy, especially when someone is operating behind a screen. If you’re lucky, your summer fling ends with a postcard and a good story. If you’re not careful, it could end with an empty bank account, a broken heart, and a bruised ego.
Be bold. Be open. But above all be smart. McAfee’s Scam Detector, can help in the fight against scammers. Our scam detector catches suspicious text messages so you can reply with confidence. We’ll filter out risky emails and phishing attempts so your inbox stays secure. With our leading, cutting-edge protection, we’ll spots deepfake videos so you can stay ahead of misinformation. Love doesn’t need to be transactional. And real connections don’t pressure, isolate, or guilt-trip. This summer, protect your heart like your passport: with care, vigilance, and just the right amount of suspicion.
The post Love, Lies, and Long Flights: How to Avoid Romance Scams While Traveling This Summer appeared first on McAfee Blog.
Summer vacation season is upon us, and millions of families are booking accommodations for their dream getaways. But with the surge in travel bookings comes an unfortunate reality: accommodation scams are on the rise, and they’re becoming increasingly sophisticated. As a cybersecurity professional, I’ve seen how devastating these scams can be—not just financially, but emotionally, when your family vacation turns into a nightmare.
The good news? With the right knowledge and proactive measures, you can protect yourself and your family from these predators. Even better, if you do fall victim to a scam, there are specific steps you can take to minimize the damage and potentially recover your losses.
Travel accommodation fraud has skyrocketed in recent years. Scammers have become expert at creating convincing fake listings on legitimate platforms like Airbnb, Booking.com, and even creating entirely fraudulent websites that mimic well-known hotel chains. They steal photos from real properties, craft compelling descriptions, and even create fake reviews to lure unsuspecting travelers.
What makes these scams particularly insidious is the emotional investment. You’re planning a special family vacation, perhaps saving for months, and the excitement of finding what seems like the “perfect” place clouds your judgment. Scammers exploit this vulnerability ruthlessly.
I can tell you that prevention is always your best defense. Here are the warning signs that should make you pause before clicking “book now”:
If you’ve fallen victim to an accommodation scam, time is critical. Here’s what you need to do immediately:
One of the most effective ways to protect your family from travel scams and other online threats is to implement comprehensive digital protection. Solutions like McAfee’s family protection plans offer multiple layers of security that work together to keep scammers at bay.
Modern family protection services provide several key features that directly combat travel scams:
Real-Time Scam Protection: Advanced scam detection technology automatically identifies and blocks fraudulent websites, phishing emails, and suspicious links before you interact with them. This means if you accidentally click on a fake booking site, the protection software will warn you before you enter any personal information.
Secure VPN for Travel Research: When researching accommodations on public Wi-Fi networks (like those in airports or coffee shops), a VPN encrypts your connection, preventing scammers from intercepting your personal information or redirecting you to fake websites.
Financial Transaction Monitoring: Comprehensive protection plans monitor your bank accounts and credit cards for unusual activity (US only), sending immediate alerts if suspicious transactions occur. This early warning system can help you catch fraudulent charges within hours rather than weeks.
Identity Monitoring and Dark Web Surveillance: These services continuously scan the dark web and other sources where stolen personal information is traded, alerting you if your data appears in places it shouldn’t. This is particularly valuable since accommodation scammers often sell stolen personal information to other criminals.
Personal Data Cleanup: Many protection services help identify and remove your personal information from data broker sites that scammers often use to research potential victims and make their approaches more convincing.
For families, comprehensive protection plans typically cover up to six family members, providing each person with their own monitoring and protection while giving parents oversight of their children’s online activities. With identity theft coverage up to $2 million per family and 24/7 restoration assistance, these services provide both prevention and recovery support.
Twenty years in cybersecurity has taught me that the cost of prevention is always less than the cost of recovery. Whether it’s taking time to properly research accommodations, investing in comprehensive family protection software, or educating your family about scam tactics, these upfront investments pay dividends in peace of mind and financial security.
Travel scams prey on our excitement and trust during what should be joyful family times. By staying vigilant, using proper protection tools, and knowing how to respond quickly if something goes wrong, you can ensure your family’s summer vacation memories are made for all the right reasons.
Remember: legitimate accommodation providers want to build trust and will readily provide verification. If anyone pressures you to skip verification steps or pay through unusual methods, walk away. Your family’s safety and financial security are worth more than any “deal” that seems too good to be true.
Safe travels, and remember—the best vacation is one where the only surprises are pleasant ones.
The post What to Do If You Book a Hotel or Airbnb and It Turns Out to Be a Scam appeared first on McAfee Blog.
In a significant security incident, Coinbase, a leading cryptocurrency trading platform, recently disclosed a data breach impacting nearly 70,000 users. This breach, attributed to “insider wrongdoing,” exposed sensitive personal information. This post details how the breach occurred, what data was compromised, and, most importantly, provides crucial steps you can take to protect yourself from potential follow-on attacks and identity theft.
This comprehensive guide will delve into the specifics of this breach: how the “insider wrongdoing” facilitated the attack, precisely what information was exposed, and the immediate, actionable steps you can take to safeguard your digital assets and personal identity in the wake of this incident.
According to a filing with the Office of the Maine Attorney General, which mandates public disclosure for such incidents, a total of 69,461 individuals were affected by this breach. The incident itself occurred on December 26, 2024, though the first signs of the compromise were only detected on May 11, 2025. This timeline is not uncommon for data breaches, as it can often take months for criminal activity to be fully uncovered.
Coinbase’s official statement details the progression of the breach:
Criminals targeted our customer support agents overseas. They used cash offers to convince a small group of insiders to copy data in our customer support tools for less than 1% of Coinbase monthly transacting users. Their aim was to gather a customer list they could contact while pretending to be Coinbase—tricking people into handing over their crypto. They then tried to extort Coinbase for $20 million to cover this up.
In a firm stance against such criminal activity, Coinbase has publicly refused to pay the ransom. Instead, the company has established a substantial $20 million reward fund, offering it for information that leads to the arrest and conviction of the attackers responsible.
The attackers gained access to a range of sensitive user data. According to Coinbase, the compromised information includes:
• Personal Identifiers: Names, physical addresses, phone numbers, and email addresses.
• Financial Data (Masked): Masked Social Security numbers (last 4 digits only) and masked bank account numbers, along with some bank account identifiers.
• Identity Documents: Images of government-issued IDs (e.g., driver’s licenses, passports).
• Account Activity: Snapshots of account balances and transaction history.
• Limited Corporate Data: Documents, training materials, and communications accessible to support agents.
Crucially, Coinbase has confirmed that the attackers did not gain access to the following critical elements:
• Login credentials or two-factor authentication (2FA) codes.
• Private keys associated with user wallets.
• Any direct ability to move or access customer funds.
• Access to “Coinbase Prime” accounts.
• Access to any Coinbase or Coinbase customer hot or cold wallets.
To summarize the company’s own words, they’re “protecting their customers and standing up to extortionists” by taking several steps. Highlights of their response include:
• Affected Account Holder Notifications: Email notifications were dispatched to all affected account holders on May 15, 2025. Furthermore, “flagged accounts now require additional ID checks on large withdrawals and include mandatory scam-awareness prompts.”
• Enhanced Defenses: The company is significantly increasing its investment in insider-threat detection and automated response systems. They are also “simulating similar security threats to find failure points in any internal system.”
• Securing Support Operations: Coinbase plans to open a new support hub within the U.S. and implement “stronger security controls and monitoring across all locations.”
Additionally, Coinbase is actively collaborating with law enforcement agencies and intends to pursue criminal charges against the insiders involved, who were reportedly terminated immediately upon discovery of their involvement.
For one, the people holding the stolen data apparently attempted to extort the company—a ransom that the company says it will not pay, as covered above. With that, there’s the possibility the people involved might turn to other buyers or release the info on the dark web, whether for sale or for free.
As with any breach, expect follow-on scams in the wake of this breach, as a potential wave of scammers might pose as Coinbase employees. Some might use the stolen info to make the scam sound more credible, some might not. Regardless, this attack calls for extra vigilance on the part of Coinbase users and crypto holders in general.
Coinbase offered specific guidance for its users, which we’ll add to—all so Coinbase users and crypto traders in general can stay safer.
Coinbase suggests:
• Turn on withdrawal allow listing —Only permit transfers to wallets that you are confident you fully control and where the seed phrase is secure and was not provided to you or shared with anyone.
• Enable strong two-factor authentication —Hardware keys are best.
• Hang up on imposters —Coinbase will never ask for your password, 2FA codes, or to move funds to a “safe” wallet.
• Lock first, ask later —If something feels off, lock your account in-app and email security@coinbase.com.
Beyond Coinbase’s advice, McAfee offers robust solutions to further protect yourself:
Protect yourself from scammers
• McAfee Scam Detector: Our advanced Scam Detector technology is designed to identify and block scams across text messages, emails, and videos. This is particularly crucial after a breach, as scammers might send bogus “account alerts” with links to phishing sites. Scam Detector automatically detects these threats and blocks risky links, even if you accidentally click them.
• Reduce Your Digital Footprint: Limit the amount of personal information available to scammers. The more details they have about you, the more credible their phishing attempts can appear.
• McAfee Personal Data Cleanup: Many scammers gather information from data broker sites. Our Personal Data Cleanup service scans the riskiest data broker sites, identifies where your personal information is being sold, and, depending on your McAfee+ plan, can help you remove it.
• McAfee Social Privacy Manager: Social media platforms are notorious for being a source of personal information for scammers. McAfee Social Privacy Manager allows you to adjust over 100 privacy settings across your social media accounts in just a few clicks, significantly enhancing your online privacy.
These features are all included in our comprehensive McAfee+ plans.
Follow-on attacks after data breaches often involve identity theft. With pieces of personal info that they can puzzle together, thieves then try to open new accounts, lines of credit, and so forth in someone else’s name. Protection like the following, also included in our McAfee+ plans, can keep you safer.
Transaction Monitoring and Credit Monitoring help you spot any questionable financial activity quickly. Meanwhile, Security Freeze can prevent unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name.
And if identity theft unfortunately happens to you, up to $2 million in ID theft coverage & restoration can help you recover quickly.
Additionally, Identity Monitoring scans the dark web for your personal info, including email, government IDs, credit card and bank account numbers, and more. It helps keep your personal info safe, with early alerts if your data is found on the dark web, an average of 10 months ahead of similar services.
The Coinbase data breach serves as a stark reminder of the persistent threats in the digital world. While Coinbase is taking steps to address the breach, proactive personal security measures are paramount. By implementing the recommendations from both Coinbase and McAfee, you can significantly reduce your risk of falling victim to scams and identity theft. Stay vigilant, secure your accounts, and protect your digital life.
The post How to Protect Your Crypto After the Coinbase Breach appeared first on McAfee Blog.
At McAfee, we see the real faces behind the statistics. Our research shows, globally, people spend an average of 83 hours annually reviewing suspicious messages. We don’t just see numbers, we see the schoolteacher who was scammed out of Taylor Swift tickets, the new father who was duped by an IRS tax scam, and the life coach who was impacted by a SIM swap scam.
This is why we’re proud to announce that McAfee has joined the Global Anti-Scam Alliance (GASA) as a Foundation Member—because protecting people from scams isn’t just about technology. It’s about understanding the human cost of digital deception and working together to stop it.
Through our Scam Stories initiative and Keep It Real campaign, we’ve heard countless accounts from real people who’ve experienced the devastating impact of scams. Take Chris Carmack and Erin Slaver, who thought they were simply ordering custom patio cushions from what appeared to be a trustworthy small business. After paying through a special link, the cushions never arrived. Delays turned into excuses, messages went unanswered, and the seller’s account eventually disappeared along with their money.
What strikes us most about these stories isn’t just the financial loss—it’s the emotional aftermath. The embarrassment. The self-doubt. The way victims blame themselves for “falling for it,” when the reality is that today’s scams are sophisticated operations designed by professionals who exploit our trust and humanity.
We’re working to change that narrative. Being scammed isn’t a sign of weakness—it’s evidence of how advanced and manipulative these criminal enterprises have become. When we launched our Scam Stories campaign, we made a commitment: to end the stigma around being scammed and empower people to speak out, because silence is exactly what scammers count on.
The Global Anti-Scam Alliance represents something powerful: a coordinated, international response to a global threat. Nearly $1.026 trillion was lost by consumers worldwide last year in scams, with 78% of participants experiencing at least one scam in the last 12 months. These aren’t isolated incidents—they’re part of a sophisticated ecosystem that spans borders, platforms, and industries.
At McAfee, we bring unique strengths to this alliance:
Cutting-Edge Protection: Our AI-powered Scam Detector, now included in all core McAfee plans, automatically identifies scams across text, email, and video, including deepfake detection. We’re not just reacting to scams, we’re anticipating them.
Real-World Insight: Through our comprehensive scam research and our direct connection with victims through Scam Stories, we understand how scams actually impact people’s lives. This isn’t theoretical—it’s deeply personal.
Global Reach: We protect millions of users worldwide, giving us visibility into emerging scam trends across different regions and demographics. We’ve seen how scammers adapt their tactics and how victims respond.
Educational Mission: Beyond technology, we’re committed to raising awareness. Our partnership with FightCybercrime.org includes donating $50,000 in protection products to scam victims and the professionals who support them.
Online scams have evolved far beyond the obvious emails of the past. Today’s scammers use AI to create convincing deepfakes, exploit trusted brands, and craft personalized attacks that fool cybersecurity experts. A McAfee Labs study shows that for just $5 and in 10 minutes, the price of a latte, a scammer can create a realistic-looking deepfake video or AI voice scams.
“Last year alone, people lost more than $1 trillion to scams. That is not just a cybersecurity issue. It is a trust issue,” said Dan Huynh, Vice President of Business Development at McAfee and board member of the Global Anti-Scam Alliance (GASA). “We joined GASA because we believe collaboration amplifies impact. By uniting with others equally committed to stopping scams, we can drive greater change. It takes real coordination, shared insight, and urgency to protect people—and GASA is how we turn that commitment into action.”
This isn’t a problem that any one company, government, or organization can solve alone. It requires the kind of coordinated response that GASA represents, bringing together governments, consumer protection organizations, financial institutions, tech platforms, and cybersecurity leaders to share intelligence, shape policy, and deliver rapid, systemic action.
Joining GASA isn’t just about adding our name to a membership list. It’s about doubling down on our commitment to protect people, not just devices. In an always-online world. We’re bringing our advanced AI technology, our research insights, and our deep understanding of the human impact of scams to help build smarter, faster, more connected defenses.
We intend to work across borders and sectors to drive meaningful change. We intend to build tools that don’t just react but anticipate. And we intend to empower people with the clarity, context, and confidence they need to protect themselves in an increasingly complex digital world.
Most importantly, we’re committed to continuing our Scam Stories campaign, giving victims a voice, ending the shame that keeps people silent, and helping everyone understand that in today’s world, being scammed says nothing about your intelligence and everything about how sophisticated these criminal operations have become.
At McAfee, we’ve always believed that everyone should be able to live their lives online with confidence. By joining GASA, we’re taking that mission global—because when it comes to stopping scams, we’re all stronger together.
Learn more about McAfee’s scam protection at McAfee.com and share your story to help others stay safe at our Scam Stories page. Together, we can keep it real and keep each other safe.
The post Standing Together Against Scams: McAfee Joins the Global Anti-Scam Alliance appeared first on McAfee Blog.
German sportswear giant Adidas has confirmed a significant cybersecurity incident that compromised customer personal information through an attack on their customer service operations. The breach primarily exposed contact details of consumers who had previously interacted with Adidas’s help desk support system, though the company has assured customers that sensitive financial data including passwords, credit card numbers, and other payment information remained secure. While acknowledging the severity of the situation, Adidas emphasized their unwavering commitment to consumer privacy and security, expressing sincere regret for any anxiety or disruption the incident may have caused their customer base.
On May 27, 2025, German sportswear giant Adidas disclosed a significant data breach affecting their customer base. The breach didn’t originate from Adidas directly, but rather through a compromised third-party customer service provider—a scenario that’s becoming increasingly common in our interconnected business ecosystem.
According to Adidas’s official statement, an “unauthorized external party obtained certain consumer data through a third-party customer service provider.” The company immediately launched containment measures and began collaborating with leading information security experts to investigate the incident.
Fortunately, the stolen information reportedly did not include payment-related data or customer passwords. However, the attackers did gain access to customer contact information, which can still pose significant risks for affected individuals.
This breach highlights a critical vulnerability in modern business operations: supply chain security. Companies today rely on numerous third-party vendors for various services, from customer support to data processing. Each vendor represents a potential entry point for cybercriminals.
What makes these incidents particularly concerning is the trust relationship involved. When you provide information to Adidas, you’re not just trusting Adidas with your data. You’re implicitly trusting every company they work with. This creates an expanded attack surface that consumers often don’t consider.
From our experience investigating similar incidents, third-party breaches often go undetected longer than direct attacks because monitoring and security controls may be less stringent at vendor locations. This extended dwell time gives attackers more opportunities to exfiltrate data and potentially pivot to other systems.
While Adidas stated that payment information wasn’t compromised, the exposure of contact information creates several risks that consumers should understand:
Identity Theft Foundation Building: Contact information serves as a building block for identity theft. Criminals often combine data from multiple breaches to create comprehensive victim profiles.
Targeted Phishing Campaigns: With your name, email, and potentially phone number, scammers can craft highly convincing phishing messages that appear to come from Adidas or related services.
Social Engineering Attacks: Armed with your shopping preferences and contact details, attackers can impersonate customer service representatives to trick you into revealing additional sensitive information.
Secondary Account Compromise: If you use the same email for multiple accounts, this breach could be the first domino in a chain of compromises.
Here’s your immediate action plan:
1. Assume You’re Affected
Even if you haven’t received notification from Adidas yet, assume your information may have been compromised if you’ve been an Adidas customer. Companies often take weeks to identify all affected individuals.
2. Change Your Passwords Immediately
Start with your Adidas account, then move to any accounts that share the same password. Use strong, unique passwords for each account. This is non-negotiable. In 2025, password reuse is one of the fastest ways to turn a single breach into multiple compromised accounts.
3. Enable Two-Factor Authentication Everywhere
If you haven’t already, enable two-factor authentication (2FA) on all accounts that support it, starting with email, banking, and shopping accounts. This adds a crucial second layer of security.
4. Monitor Your Financial Accounts
Check bank statements, credit card bills, and investment accounts for any unusual activity. Set up account alerts if you haven’t already—many financial institutions offer real-time transaction notifications.
5. Review Your Credit Reports
You’re entitled to free credit reports from all three major bureaus annually. Consider spacing them out throughout the year for ongoing monitoring, or use a service that provides more frequent updates.
Implement a Defense-in-Depth Approach
No single security measure is perfect. Layer your defenses by combining strong passwords, 2FA, regular monitoring, and comprehensive security software.
Consider Credit Freezing
A security freeze prevents criminals from opening new accounts in your name. It’s free, reversible, and one of the most effective identity theft prevention tools available.
Stay Informed About Breach Trends
Bookmark the McAfee Blog and other and breach notification services. The faster you know about incidents affecting services you use, the quicker you can respond.
How McAfee+ Can Help Protect You
McAfee+ offers several features specifically designed to help individuals navigate the aftermath of data breaches:
Dark Web Monitoring
McAfee’s service monitors the dark web for your personal info, including email, government IDs, credit card and bank account info, and more. This can help keep your personal info safe with early alerts that show you if your data is found on the dark web, an average of 10 months ahead of similar services.
This is crucial because stolen data from breaches like Adidas often ends up for sale on dark web marketplaces. Early detection can help you take protective action before criminals have a chance to use your information.
Personal Data Cleanup
McAfee’s personal data cleanup service can scan some of the riskiest data broker sites and show you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites and, with select products, even manage the removal for you.
Data brokers collect and sell personal information to anyone willing to pay, including scammers and identity thieves. Reducing your exposure through these services limits the information available to criminals who might try to combine it with data from the Adidas breach.
Identity Monitoring and Restoration
McAfee’s Advanced plan provides identity monitoring, data removal, identity restoration, and identity theft insurance. Their monitoring covers up to 60 unique types of personal information and includes up to $2 million in identity theft coverage with professional recovery specialists.
AI-Powered Scam Protection
McAfee’s scam detector will alert you to suspicious text messages and emails that you receive. This is particularly valuable in the aftermath of a breach when criminals often launch targeted phishing campaigns using stolen contact information.
Comprehensive Financial Monitoring
Financial protection Services include transaction monitoring; financial account and payday loan monitoring; bank account takeover monitoring; safe cards. This helps detect unauthorized use of your financial accounts, which could occur if criminals combine information from multiple breaches.
The Adidas breach won’t be the last of its kind. As our digital ecosystem becomes more interconnected, these incidents will likely become more frequent. The key is building personal and organizational resilience through proactive security measures rather than reactive responses.
For consumers, this means adopting a security-first mindset in all digital interactions. Assume breaches will happen, prepare accordingly, and maintain tools and services that can help you detect and respond to threats quickly.
Act quickly: Don’t wait for official notification from Adidas. If you’re a customer, take protective action now.
Invest in comprehensive protection: Services like McAfee+ provide multiple layers of protection that work together to address different aspects of the post-breach threat landscape.
Stay vigilant: Monitor your accounts regularly and be skeptical of unsolicited communications, especially those claiming to be from Adidas or related to this incident.
Learn and adapt: Use this incident as motivation to improve your overall cybersecurity posture. Review your digital habits and make necessary improvements.
Remember, in cybersecurity, there’s no such thing as perfect protection—only degrees of risk reduction. The goal is to make yourself a harder target while maintaining the tools and knowledge necessary to respond quickly when incidents occur.
The Adidas breach serves as another reminder that in our interconnected world, your security is only as strong as the weakest link in the chain. By taking proactive steps and leveraging comprehensive protection services, you can significantly reduce your risk and impact from these increasingly common incidents.
The post Adidas Data Breach: What Consumers Need to Know and How to Protect Yourself appeared first on McAfee Blog.
In today’s online world, scams are everywhere—and they’re harder to spot than ever. From sophisticated phishing texts and deepfake videos to emails that look just like messages from your bank or delivery provider, scammers are constantly evolving. And so are we.
Introducing McAfee’s Scam Detector: advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. It’s included at no extra cost in all core McAfee plans for customers in the U.S., UK, and Australia—helping millions stay safer online without having to upgrade.
Scam messages are getting smarter and more frequent. McAfee Labs saw scam text volumes nearly quadruple between February and March 2025. Nearly half used cloaked links to disguise malicious intent. Scams mimicked toll charges, deliveries, payment services, and even messages from loved ones.
Scammers use urgency and fear to push people into quick decisions—and it’s working. That’s why Scam Detector was designed with AI-powered detection, educational guidance, and coverage that works across multiple platforms and devices.
McAfee’s Scam Detector flags ~1.5% of text messages analyzed as potential scams and ~1.8% of email messages analyzed as potential scams. The text scam detection model included in the initial release achieves greater than 99% accuracy.
1) Smarter text scam detection
2) AI-based scam analysis for email
3) Deepfake detection for video
4) On-demand Scam Check
5) Custom Sensitivity Settings
Choose the level of detection that works for you:
6) Safe Browsing Layer
Scam Detector uses on-device AI wherever possible. That means your messages and data aren’t sent to the cloud for analysis. And because scam protection is now included in all core McAfee plans, there’s no need for additional purchases.
Scam Detector is now included in all core plans:
Available for customers in the U.S., UK, and Australia, this new feature rolls out automatically in the McAfee app. No upgrade required.
McAfee’s Scam Detector is designed to help people stay safer by identifying scams, explaining why they were flagged, and giving users more confidence in their digital decisions.
In a time when scams are harder to detect than ever, it’s one more way McAfee is protecting people—not just devices.
Learn more at https://www.mcafee.com/en-us/scam-detector.
The post Introducing McAfee’s Scam Detector – Now Included in All Core Plans appeared first on McAfee Blog.
Welcome to the first edition of This Week in Scams, a new weekly series from McAfee breaking down the latest fraud trends, headlines, and real-time threats we’re detecting across the digital landscape.
This week, we’re spotlighting the FBI’s shocking new cybercrime report, the rise of AI-generated deepfakes, and a sophisticated Gmail impersonation scam flagged by Google. We’re also seeing a surge in location-specific toll scams and fake delivery alerts—a reminder that staying ahead of scammers starts with knowing how they operate.
Let’s dive in.
$16.6 Billion Lost to Online Scams in 2024
The FBI’s latest Internet Crime Report is here—and the numbers are staggering. Americans lost $16.6 billion to online scams last year, up from $12.5 billion in 2023. Older adults and crypto investors were hit especially hard, but the agency warns the real total is likely much higher, since many victims never report the crime.
Read more
AI-Powered Deepfake Scams Get More Convincing
Deepfake-enabled fraud has already caused more than $200 million in financial losses in just the first quarter of 2025.
McAfee researchers estimate the average American sees three deepfakes per day, many of which are designed to mimic real people, services, or news stories. Whether it’s fake crypto pitches, job offers, or social media stunts—seeing is no longer believing.
Read more
Google Warns Users of Sophisticated Email Scam
Google is alerting Gmail users to a new type of phishing email that looks like it comes from Google itself. These messages often appear in legitimate email threads and pass all typical security checks, but lead victims to a cloned Google login page designed to steal credentials. The scam highlights how attackers are evolving to outsmart traditional filters.
Read more
McAfee Researchers have observed a recent surge in the following scam types:
Fake Delivery Notifications: Scammers impersonate delivery services like USPS, UPS, and FedEx, sending fake tracking links that install malware or steal payment info
Invoice Scams: Fraudulent messages that claim you owe money for a product or service, often accompanied by a fake invoice PDF or request for payment via phone
Cloud Storage Spoofs: Emails that pretend to be from Google Drive, Dropbox, or OneDrive, prompting you to “log in” to view shared files. The links lead to phishing sites designed to capture your credentials.
Toll Text Scams: Personalized smishing messages that claim you owe a toll and link to fake payment sites. These messages often use location data—like your area code or recent city visits—to appear legitimate. McAfee Labs saw toll scam texts spike nearly 4x between January and February.
This week, Steve Grobman, executive vice president and chief technology officer at McAfee, said the toll scam is effective because it hits all the correct social points for a consumer.
These scams often rely on urgency and familiarity—pretending to be something you trust or expect—to get you to act quickly without double-checking.
Thanks for reading—See you next week with more scam alerts, insights, and protection tips from the McAfee team.
The post This Week in Scams: $16.6 Billion Lost, Deepfakes Rise, and Google Email Scams Emerge appeared first on McAfee Blog.
Job scams are on the rise. And asking the right questions can help steer you clear of them.
That rise in job scams is steep, according to the U.S. Federal Trade Commission (FTC). Recent data shows that reported losses have grown five times over between 2020 and 2024. In 2024 alone, reported losses hit half a billion dollars, with unreported losses undoubtedly pushing actual losses yet higher.
Last week, we covered how “pay to get paid” scams account for a big chunk of online job scams. Here, we’ll cover a couple more that we’ve seen circulating on social media and via texts—and how some pointed questions can help you avoid them.
Some job scammers pose as recruiters from job agencies who reach potential victims the same way legitimate agencies do—by email, text, and networking sites. Sometimes this leaves people with their guard down because it’s not unheard of at all to get contacted this way, “out of the blue” so to speak.
Yet one of the quickest ways to spot a scammer is when the “recruiter” asks to pay a fee for the matchmaking, particularly if they ask for it up front. Legitimate headhunters, temp agencies, and staffing agencies typically get paid by the company or business that ultimately does the hiring. Job candidates don’t pay a thing.
Another form of scam occurs during the “onboarding” process of the job. The scammer happily welcomes the victim to the company and then informs them that they’ll need to take some online training and perhaps buy a computer or other office equipment. Of course, the scammer asks the victim to pay for all of it—leaving the victim out of hundreds of dollars and the scammer with their payment info.
One way you can spot a job scam is to press for answers. Asking pointed questions about a company and the job it’s offering, just as you would in any real interview, can reveal gaps in a scammer’s story. In effect, scammers are putting on an acting job, and some don’t thoroughly prepare for their role. They don’t think through the details, hoping that victims will be happy enough about a job prospect to ask too many questions.
If the hiring process moves quicker than expected or details about a job seem light, it’s indeed time to ask questions. Here are a few you can keep handy when you start to wonder if you have a scam on your hands …
This is a great place to start. Legitimate employers write up job listings that they post on their website and job sites. In those descriptions, the work and everything it entails gets spelled out to the letter. A real employer should be able to provide you with a job description or at least cover it clearly over the course of a conversation.
This one can trip up a scammer quickly. A scammer might avoid giving a physical address. Likewise, they might offer up a fake one. Either a non-answer or a lie can readily call out a scam by following up the question with a web search for a physical address. (Resources like the Better Business Bureau can also help you research a company and its track record.)
Asking about co-workers, bosses, reporting structures and the like can also help sniff out a scam. Real employers, once again, will have ready answers here. They might even start dropping names and details about people’s tenure and background. Meanwhile, this is one more place where scammers might tip their hand because they haven’t made up those details.
This question alone can offer a telltale sign. Many job scams move through the hiring process at relative breakneck speed—skipping past the usual interview loops and callbacks that many legitimate jobs have. Scammers want to turn over their victims quickly, so they’ll make the “hiring process” quick as well. If it feels like you’re blazing through the steps, it could be a scam.
Every business has a story, even if it’s still in its startup days. Anyone in a recruiting or hiring position will have a good handle on this question, as they will on any follow-up questions about the company’s mission or goals. Again, vagueness in response to these kinds of questions could be a sign of a scam.
Whether it’s through social media sites like Facebook, Instagram, and the like, scammers often reach out through direct messages. Recruiters stick to legitimate business networking sites like LinkedIn. Companies maintain established accounts on recruiting platforms that people know and trust, so view any contact outside of them as suspicious.
Scammers use the “hiring process” to trick people into providing their personal info with malicious links. Web protection, included in our plans, can steer you clear of them. Likewise, our Scam Detector scans URLs in your text messages and alerts you if they’re sketchy. If you accidentally click a bad link, both web and text scam protection will block a risky site.
Many scammers get your contact info from data broker sites. McAfee’s Personal Data Cleanup scans some of the riskiest data broker sites, shows you which ones are selling your personal info, and, depending on your plan, can help you remove it. Our Social Privacy Manager lowers your public profile lower still. It helps you adjust more than 100 privacy settings across your social media accounts in just a few clicks, so your personal info is only visible to the people you want to share it with.
The post Interviewing for a Job? Spot a Scam with These Questions appeared first on McAfee Blog.
How does this job offer sound? When you pay, you get paid. Sounds fishy, right? In fact, it’s one of the fastest-growing job scams out there right now.
Looking at job scams overall, a data from the U.S. Federal Trade Commission (FTC) shows that job scam reports have nearly tripled between 2020 and 2024. Further, reported losses grew more than five times—spiking to $501 million in 2024.
In all, job scams are more common and more costly than ever.
And leading those losses is a new breed of job scam, where victims indeed “pay to get paid.”
The FTC has dubbed these “pay to get paid” scams as “gamified job scams” or “task scams.” Given the way these scams work, the naming fits. The work feels like a gamey task—and the only winner is the scammer.
It all plays out like this:
You get a job offer by text or private message. The scammer offers you “work” involving “app optimization” or “product boosting,” which they often describe in loose, hazy terms.
You accept the offer. Then the scammer sets you up with an account on an app or platform where you get tasked to “like” or “rate” sets of videos or product images online.
You get to work. The app or platform is fake, yet it looks like you’re racking up commissions as you click and complete sets of tasks. At this point the scammer might dole out a small payment or two, making you think the job truly is legit.
The scammer sets the hook. Here’s where the gamey “pay to get paid” part comes in—if you want more “work,” you must pay for it. At this point, the scammer requires a “deposit” for your next set of tasks. Like a video game, the scammer sweetens the deal by saying the next set can “level up” your earnings.
You get scammed. You make the deposit, complete the task set, and try to get your earnings from the app or platform—only to find that the scammer and your money are gone. It was all fake.
Based on what we’ve seen in the past, these scams borrow from other “easy money” con games found on payment apps. “Easy money” scams build slowly as scammers build a false sense of trust with victims by making small returns on small investments over time. Finally, with the con set, the scammer asks for a huge amount and disappears with it. “Pay to get paid” scams can work much the same way.
A few things to keep in mind about this scam as well:
Step one—ignore job offers over text and social media
A proper recruiter will reach out to you by email or via a job networking site. Moreover, they’ll give you clear details about a possible job, and they’ll answer any questions you have just as clearly.
Quite the opposite, scammers write vague texts and private messages. They’re often big on hype but short on details. Asking questions about the job will get you similarly vague answers. Ignore these offers.
Step two—look up the company
In the case of online job offers in general, look up the company. Check out their background and see if it’s an actual company—and see if that matches up with what that recruiter is telling you.
In the U.S., you have several resources that can help you answer that question. The Better Business Bureau (BBB) offers a searchable listing of businesses in the U.S., along with a brief profile, a rating, and even a list of complaints (and company responses) waged against them. Spending some time here can quickly shed light on the legitimacy of a company.
For a listing of businesses with U.S. and international locations, organizations like S&P Global Ratings and the Dun and Bradstreet Corporation can provide background info as well.
Lastly, check out the company’s website. See if it has a job listing that matches the one you’re offered. Legwork like this can help uncover a scam.
Step three—refuse to pay
As simple as it sounds, don’t pay to get paid.
Any case where you’re asked to pay to up front, with any form of payment, refuse. A legitimate employer will never ask you to invest or deposit a small amount of money with the promise of a big return. And a legitimate employer will provide you with things like training or equipment to do the job you’re qualified for.
Online protection software like ours can help keep you far safer from job scams and scams in general. Specific to job scams, here are just a few ways it can help:
The post “Pay to Get Paid” – The New Job Scam That’s Raking in Millions Right Now appeared first on McAfee Blog.
As Tax Day looms and last-minute taxpayers feel the pressure, a surge of IRS scams is on the rise.
Research by our McAfee Labs team projects a fresh wave of sophisticated tax scams as the stress of peak filing season sets in, with bogus text messages leading the way.
Nearly half of taxpayers complete their taxes between mid-March and April 15, which gives scammers ample opportunity to cash in as people rush their filings with the IRS.
Based on our data from 2024, here’s what we can expect in the coming days:
In addition to posing as the IRS, scammers will pose as tax prep and tax software companies as well. Just as in years past, taxpayers can further expect scams built around quick refunds and easy filing solutions that are actually fronts for scams. Yet whatever guise scammers put on, their aim remains the same. They want to dupe taxpayers out of their personal and financial info.
Tax season is high season for scammers because so much personal info gets gathered and shared online. With that, many taxpayers have their guard down. They expect to see messages, ads, and so forth about their taxes, which can make them more willing to share some of their most personal info. That’s where scammers step in. They want to:
Looking at this list, you can see what makes tax scams so damaging. Many of them target our most precious of personal info—our Social Security Numbers (SSNs).
A stolen SSN opens the door to some of the most painful forms of identity theft, like imposter fraud, insurance fraud, employment fraud, and more. These follow-on attacks can cause great harm to a victim’s finances and reputation in ways that can take months, or even years, to repair.
In effect, tax scams deliver a one-two punch.
It begins by baiting the victim with a phony message from a scammer posing as the IRS, a tax prep business, or a tax software company. That might come by email, a direct message on social media, or even in paid search results.
Largely, scammers bait victims with texts. Mobile attacks indeed dominate the preferred contact method, just as we called out. Here, scammers often use link shorteners to disguise fraudulent links. (You’ve likely seen plenty of link shorteners like bit.ly and goo.gl. They make it easier to share long addresses, but the flipside is that there’s no quick way to tell where they really take you.)
In some cases, scammers attempt to trick taxpayers by weaving “irs.gov” into the web address. Below you can see one example, where the domain isn’t “irs.gov.” It’s actually “entes-tax[dot]com,” which leads to a scam site.
Scam texts that weave “irs.gov” into a malicious link
As for the text itself, scammers send urgent-sounding messages about tax returns like, “Your refund is on hold, contact the IRS immediately.” Other scammers use fear, leveling threats like jail time for non-payment. In other cases, scammers threaten to revoke things like driver’s licenses and business licenses, or even immigration status. According to the IRS, these are common signs of a scam. The IRS never uses threats or tactics like these to resolve tax issues.
The second punch comes by clicking the link in these messages, which leads to IRS copycat scam sites. And they can look convincing. The most sophisticated of them mirror the look and feel of the official IRS website and use URLs that look “close enough” to an IRS URL, which can trick anyone who doesn’t examine them closely.
Example of a fake IRS claim website
And that’s where the damage gets done. Under the false pretense of receiving a refund or making a payment, the scammers collect that precious personal info we talked about, which can cause short- and long-term fallout for victims.
The same approach works for scammers who pose as tax prep services and tax software companies. The texts and websites look different, yet they’re still part of a scheme for collecting the same types of personal and financial info.
Clever as these scams are, you can avoid them. The first step is awareness. By reading this article and sharing it with others, you spread the word about these scams and just how rampant they are.
From there, you can take several more steps that can keep you far safer during tax time:
The post Your Phone Is the #1 Target in a New Wave of IRS Scams, McAfee Finds appeared first on McAfee Blog.
Al Roker never had a heart attack. He doesn’t have hypertension. But if you watched a recent deepfake video of him that spread across Facebook, you might think otherwise.
In a recent segment on NBC’s TODAY, Roker revealed that a fake AI-generated video was using his image and voice to promote a bogus hypertension cure—claiming, falsely, that he had suffered “a couple of heart attacks.”
“A friend of mine sent me a link and said, ‘Is this real?'” Roker told investigative correspondent Vicky Nguyen. “And I clicked on it, and all of a sudden, I see and hear myself talking about having a couple of heart attacks. I don’t have hypertension!”
The fabricated clip looked and sounded convincing enough to fool friends and family—including some of Roker’s celebrity peers. “It looks like me! I mean, I can tell that it’s not me, but to the casual viewer, Al Roker’s touting this hypertension cure… I’ve had some celebrity friends call because their parents got taken in by it.”
While Meta quickly removed the video from Facebook after being contacted by TODAY, the damage was done. The incident highlights a growing concern in the digital age: how easy it is to create—and believe—convincing deepfakes.
“We used to say, ‘Seeing is believing.’ Well, that’s kind of out the window now,” Roker said.
Al Roker isn’t the first public figure to be targeted by deepfake scams. Taylor Swift was recently featured in an AI-generated video promoting fake bakeware sales. Tom Hanks has spoken out about a fake dental plan ad that used his image without permission. Oprah, Brad Pitt, and others have faced similar exploitation.
These scams don’t just confuse viewers—they can defraud them. Criminals use the trust people place in familiar faces to promote fake products, lure them into shady investments, or steal their personal information.
“It’s frightening,” Roker told his co-anchors Craig Melvin and Dylan Dreyer. Craig added: “What’s scary is that if this is where the technology is now, then five years from now…”
Nguyen demonstrated just how simple it is to create a fake using free online tools, and brought in BrandShield CEO Yoav Keren to underscore the point: “I think this is becoming one of the biggest problems worldwide online,” Keren said. “I don’t think that the average consumer understands…and you’re starting to see more of these videos out there.”
According to McAfee’s State of the Scamiverse report, the average American sees 2.6 deepfake videos per day, with Gen Z seeing up to 3.5 daily. These scams are designed to be believable—because the technology makes it possible to copy someone’s voice, mannerisms, and expressions with frightening accuracy.
And it doesn’t just affect celebrities:
While the technology behind deepfakes is advancing, there are still ways to spot—and stop—them:
And most importantly, be skeptical of celebrity endorsements on social media. If it seems out of character or too good to be true, it probably is.
McAfee’s Deepfake Detector, powered by AMD’s Neural Processing Unit (NPU) in the new Ryzen AI 300 Series processors, identifies manipulated audio and video in real time—giving users a critical edge in spotting fakes.
This technology runs locally on your device for faster, private detection—and peace of mind.
Al Roker’s experience shows just how personal—and persuasive—deepfake scams have become. They blur the line between truth and fiction, targeting your trust in the people you admire.
With McAfee, you can fight back.
The post ‘Seeing is Believing is Out the Window’: What to Learn From the Al Roker AI Deepfake Scam appeared first on McAfee Blog.
We’re thrilled to share that McAfee has earned two prestigious AV-TEST Awards: Best Advanced Protection and Best Performance for Consumer Users.
“We are honored to receive both the Best Advanced Protection and the Best PC Performance awards,” said McAfee’s Chief Technology Officer, Steve Grobman. “AV-TEST is a renowned institute with an excellent reputation for independent analysis and quality assurance, and this recognition reinforces our leadership in online protection. As our digital world continues to evolve, so do the tactics of cybercriminals. With McAfee’s AI-powered threat protection, we can stay one step ahead and keep our customers safe from scams without compromising PC performance.”
These awards recognize our commitment to delivering powerful protection from malware, data stealers, and other threats—without slowing down your devices. Throughout 2024, McAfee consistently excelled in AV-TEST’s rigorous evaluations, standing out for both threat detection and system efficiency.
As the only vendor to top both categories in 2024, McAfee is proud to provide trusted protection that enhances—not hinders—your PC’s performance.
McAfee Total Protection isn’t just antivirus software—it’s an all-in-one digital safety solution designed to keep your identity, devices, and privacy protected across unlimited devices. Here’s a breakdown of what’s inside:
With McAfee Total Protection, you get real-time defense powered by artificial intelligence to block viruses, malware, and phishing scams before they can reach you. It works across all your compatible devices—Windows, macOS, iOS, and Android—so you’re covered wherever you go.
Our Secure VPN uses bank-grade encryption to shield your personal info and browsing activity, especially on public Wi-Fi.
Keep your online accounts secure with our built-in password manager, which stores, generates, and auto-fills strong passwords across devices. That means one less thing to remember—and a lot more peace of mind.
Protect yourself and your loved ones with the award-winning solution that topped both protection and performance rankings in 2024. Start your free trial of McAfee Total Protection today.
The post McAfee Wins AV-TEST Awards for Best Advanced Protection and Best Performance appeared first on McAfee Blog.
Cybercriminals are getting smarter. They’re now using a development toolkit called .NET MAUI to create fake apps that look and feel like the real thing—banking apps, dating apps, and even social media. But instead of helping you, these apps secretly steal your private info.
We break down the full research from McAfee Labs here:
.NET MAUI is a tool used by developers to build apps that work on many devices—like phones, tablets, and computers—all from one set of code.
That’s great for app creators. But now, hackers are using it too. While McAfee is able to detect this malware, the decision to build with .NET MAUI helps hide their dangerous code from most antivirus software. Think of it like a thief wearing an invisibility cloak—unless you’re really looking, you won’t see them.
Hackers are creating apps that look like they’re from real companies. For example, one fake app pretended to be IndusInd Bank, asking users to enter sensitive information like:
Once you hit submit, that info goes straight to the hacker’s server.
Figure 1. Fake IndusInd Bank app’s screen requesting user information
Normal Android apps have code in a format security tools can scan. These fake apps hide their code in binary files so it can’t be easily detected. That lets them stay on your phone longer—stealing quietly in the background.
In another case, hackers made an app that pretended to be a social media platform. This one targeted Chinese-speaking users and was even trickier than the fake bank app.
Here’s what it did:
And instead of using regular internet traffic, it sent stolen data through secret encrypted channels—so even if someone intercepted it, they couldn’t read it.
Figure 2. Various fake apps using the same technique
These apps aren’t in the Google Play Store. Instead, hackers are sharing them on:
So if someone sends you a link to a cool new app that’s not from the Play Store—be extra careful.
Here are a few easy ways to stay safe:
Hackers are getting creative, but you can stay one step ahead. These new .NET MAUI-based threats are sneaky—but they’re not unstoppable.
With smart habits and the right tools, you can keep your phone and your personal info safe. Want real-time protection on your phone? Download McAfee+ and get ahead of the latest threats.
The post New Android Malware Sneaks Past Security by Pretending to Be Real Apps appeared first on McAfee Blog.
The collapse of genetic testing giant 23andMe has raised serious privacy concerns for millions of people who shared their DNA with the company. Once valued at $6 billion, the company has filed for bankruptcy and is now selling off assets—including, potentially, your genetic data.
If you’ve ever used 23andMe to explore your ancestry or health traits, now is the time to take action.
Here’s what’s going on, what it means for your data, how to delete your account, and steps you can take to better protect your online privacy going forward.
23andMe, once a pioneer in at-home genetic testing, has fallen into financial distress after a series of challenges, including a massive data breach in 2023 that exposed personal information of nearly 7 million users, according to TechCrunch. The company’s value plummeted by more than 99%, leading to mass board resignations and a March 2024 bankruptcy filing.
Now, as 23andMe prepares to sell off its assets under court supervision, its massive database of customer DNA—reportedly from more than 15 million users—is on the table. Despite the company’s assurances that its privacy policy remains in effect, experts and privacy advocates warn that your sensitive genetic data could end up in the hands of third parties, including pharmaceutical companies or even law enforcement agencies.
If you used 23andMe, yes.
Genetic data is some of the most personal information you can share. It can reveal details about your ancestry, health risks, and even family secrets. With 23andMe not covered by HIPAA (the federal health privacy law), your DNA data isn’t protected the way medical records at a doctor’s office would be, The Harvard Gazette reports.
Although 23andMe claims it won’t share individual-level data without consent, it does reserve the right to sell or transfer personal information as part of a bankruptcy or acquisition. That means your data could be bought by another company—one with different privacy practices or intentions.
California residents, in particular, have the legal right to delete their data under the Genetic Information Privacy Act (GIPA) and the California Consumer Privacy Act (CCPA).
If you’re ready to take action, here’s how to delete your genetic data and revoke research permissions through your 23andMe account:
Your DNA isn’t the only personal data at risk. From email addresses and home addresses to phone numbers and even shopping habits, data brokers are collecting and selling your information online—often without your knowledge or consent.
That’s why it’s critical to take control of your digital footprint. All McAfee+ plans provide the ability to scan the web for details of your personal information. McAfee’s Online Account Cleanup scans for accounts you no longer use and helps you delete them, along with your personal info. McAfee’s Personal Data Cleanup, takes this a step further, by scanning data broker sites for your personal information, and requesting the removal of you details from those sites.
Combined, these tools can give you back control over your privacy. All our McAfee+ plans include scans to find your accounts and direct you on how to remove your data.
Bottom Line: If you’ve ever used 23andMe, your genetic data could be at risk of being transferred or sold. Take action now by deleting your account and revoking permissions. And to keep the rest of your personal data protected, use tools like McAfee+ to keep your personal data safe online.
The post How to Delete Your Data from 23andMe and Protect Your Privacy appeared first on McAfee Blog.
Online scams are evolving faster than ever, with cybercriminals using AI, deepfake technology, and social engineering to trick unsuspecting users.
In the past year, Americans have been targeted by an average of 14 scam messages per day, and deepfake scams have surged 1,740% in North America, according to McAfee’s State of the Scamiverse report.
These scams go beyond simple phishing emails—scammers now impersonate trusted companies, friends, and even loved ones, making it critical to recognize the warning signs before falling victim.
Here’s how you can spot an online scam and protect yourself:
Scams are scary, but you can prevent yourself from falling for one by knowing what to look for. Here are a few tell-tale signs that you’re dealing with a scammer.
If you get a message that you’ve won a big sum of cash in a sweepstakes you don’t remember entering, it’s a scam. Scammers may tell you that all you need to do to claim your prize is send them a small fee or give them your banking information.
When you enter a real sweepstakes or lottery, it’s generally up to you to contact the organizer to claim your prize. Sweepstakes aren’t likely to chase you down to give you money.
Scammers will often ask you to pay them using gift cards, money orders, cryptocurrency (like Bitcoin), or through a particular money transfer service. Scammers need payments in forms that don’t give consumers protection.
Gift card payments, for example, are typically not reversible and hard to trace. Legitimate organizations will rarely, if ever, ask you to pay using a specific method, especially gift cards.
When you have to make online payments, it’s a good idea to use a secure service like PayPal. Secure payment systems can have features to keep you safe, like end-to-end encryption.
Scammers may try to make you panic by saying you owe money to a government agency and you need to pay them immediately to avoid being arrested. Or the criminal might try to tug at your heartstrings by pretending to be a family member in danger who needs money.
Criminals want you to pay them or give them your information quickly — before you have a chance to think about it. If someone tries to tell you to pay them immediately in a text message, phone call, or email, they’re likely a scammer.
Many scammers pretend to be part of government organizations like the Internal Revenue Service (IRS). They’ll claim you owe them money. Criminals can even use technology to make their phone numbers appear legitimate on your caller ID.
If someone claiming to be part of a government organization contacts you, go to that organization’s official site and find an official support number or email. Contact them to verify the information in the initial message.
Scammers may also pretend to be businesses, like your utility company. They’ll likely say something to scare you, like your gas will be turned off if you don’t pay them right away.
Most legitimate organizations will thoroughly proofread any copy or information they send to consumers. Professional emails are well-written, clear, and error-free. On the other hand, scam emails will likely be full of grammar, spelling, and punctuation errors.
It might surprise you to know that scammers write sloppy emails on purpose. The idea is that if the reader is attentive enough to spot the grammatical mistakes, they likely won’t fall for the scam.
There are certain scams that criminals try repeatedly because they’ve worked on so many people. Here are a few of the most common scams you should watch out for.
A phishing scam can be a phone or email scam. The criminal sends a message in which they pretend to represent an organization you know. It directs you to a fraud website that collects your sensitive information, like your passwords, Social Security number (SSN), and bank account data. Once the scammer has your personal information, they can use it for personal gain.
Phishing emails may try anything to get you to click on their fake link. They might claim to be your bank and ask you to log into your account to verify some suspicious activity. Or they could pretend to be a sweepstakes and say you need to fill out a form to claim a large reward.
During the coronavirus pandemic, new phishing scams have emerged, with scammers claiming to be part of various charities and nonprofits. Sites like Charity Navigator can help you discern real groups from fake ones.
These scams also became much more prominent during the pandemic. Let’s say you’re preparing to fly to Paris with your family. A scammer sends you a message offering you an insurance policy on any travel plans you might be making. They’ll claim the policy will compensate you if your travel plans fall through for any reason without any extra charges.
You think it might be a good idea to purchase this type of insurance. Right before leaving for your trip, you have to cancel your plans. You go to collect your insurance money only to realize the insurance company doesn’t exist.
Real travel insurance from a licensed business generally won’t cover foreseeable events (like travel advisories, government turmoil, or pandemics) unless you buy a Cancel for Any Reason (CFAR) addendum for your policy.
Grandparent scams prey on your instinct to protect your family. The scammer will call or send an email pretending to be a family member in some sort of emergency who needs you to wire them money. The scammer may beg you to act right away and avoid sharing their situation with any other family members.
For example, the scammer might call and say they’re your grandchild who’s been arrested in Mexico and needs money to pay bail. They’ll say they’re in danger and need you to send funds now to save them.
If you get a call or an email from an alleged family member requesting money, take the time to make sure they’re actually who they say they are. Never wire transfer money right away or over the phone. Ask them a question that only the family member would know and verify their story with the rest of your family.
You get an email from a prince. They’ve recently inherited a huge fortune from a member of their royal family. Now, the prince needs to keep their money in an American bank account to keep it safe. If you let them store their money in your bank account, you’ll be handsomely rewarded. You just need to send them a small fee to get the money.
There are several versions of this scam, but the prince iteration is a pretty common one. If you get these types of emails, don’t respond or give out your financial information.
Your online experience is rudely interrupted when a pop-up appears telling you there’s a huge virus on your computer. You need to “act fast” and contact the support phone number on the screen. If you don’t, all of your important data will be erased.
When you call the number, a fake tech support worker asks you for remote access to your device to “fix” the problem. If you give the scammer access to your device, they may steal your personal and financial information or install malware. Worse yet, they’ll probably charge you for it.
These scams can be pretty elaborate. A scam pop-up may even appear to be from a reputable software company. If you see this type of pop-up, don’t respond to it. Instead, try restarting or turning off your device. If the device doesn’t start back up, search for the support number for the device manufacturer and contact them directly.
Scammers will often pose as popular e-commerce companies by creating fake websites. The fake webpages might offer huge deals on social media. They’ll also likely have a URL close to the real business’s URL but slightly different.
Sometimes, a criminal is skilled enough to hack the website of a large online retailer. When a scammer infiltrates a retailer’s website, they can redirect where the links on that site lead. This is called formjacking.
For example, you might go to an e-commerce store to buy a jacket. You find the jacket and put it in your online shopping cart. You click “check out,” and you’re taken to a form that collects your credit card information. What you don’t know is that the checkout form is fake. Your credit card number is going directly to the scammers.
Whenever you’re redirected from a website to make a payment or enter in information, always check the URL. If the form is legitimate, it will have the same URL as the site you were on. A fake form will have a URL that’s close to but not exactly the same as the original site.
These scams are similar to tech support scams. However, instead of urging you to speak directly with a fake tech support person, their goal is to get you to download a fake antivirus software product (scareware).
You’ll see a pop-up that says your computer has a virus, malware, or some other problem. The only way to get rid of the problem is to install the security software the pop-up links to. You think you’re downloading antivirus software that will save your computer.
What you’re actually downloading is malicious software. There are several types of malware. The program might be ransomware that locks up your information until you pay the scammers or spyware that tracks your online activity.
To avoid this scam, never download antivirus software from a pop-up. You’ll be much better off visiting the website of a reputable company, like McAfee, to download antivirus software.
Dealing with credit card debt can be extremely stressful. Scammers know this and try to capitalize off it. They’ll send emails posing as credit experts and tell you they can help you fix your credit or relieve some of your debt. They might even claim they can hide harmful details on your credit report.
All you have to do is pay a small fee. Of course, after you pay the fee, the “credit expert” disappears without helping you out with your credit at all. Generally, legitimate debt settlement firms won’t charge you upfront. If a credit relief company charges you a fee upfront, that’s a red flag.
Before you enter into an agreement with any credit service, check out their reputation. Do an online search on the company to see what you can find. If there’s nothing about the credit repair company online, it’s probably fake.
Admitting that you’ve fallen for an online scam can be embarrassing. But reporting a scammer can help stop them from taking advantage of anyone else. If you’ve been the victim of an online scam, try contacting your local police department and filing a report with the Federal Trade Commission (FTC).
Several other law enforcement organizations handle different types of fraud. Here are a few examples of institutions that can help you report scams.
Fraudsters shouldn’t stop you from enjoying your time online. Just by learning to spot an online scam, you can greatly strengthen your immunity to cybercrimes.
For an even greater internet experience, you’ll want the right tools to protect yourself online. McAfee+ can help you confidently surf the web by providing all-in-one protection for your personal info and privacy. This includes identity protection — which comes with 24/7 monitoring of your email addresses and bank accounts — and antivirus software to help safeguard your internet connection.
Get the peace of mind that comes with McAfee having your back.
The post How to Recognize an Online Scammer appeared first on McAfee Blog.
In a digital landscape hungry for the next big thing in Artificial Intelligence, a new contender called DeepSeek recently burst onto the scene and has quickly gained traction for its advanced language models.
Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.
Unfortunately, a recent investigation by McAfee Labs found that the same hype is now fueling a barrage of malware attacks disguised as DeepSeek software and updates.
Here’s a breakdown of those research findings:
It starts with a user searching online to find DeepSeek to use for themselves. Innocent enough. The problem comes from malicious results that promise access to DeepSeek, but actually steal data and infect computers.
McAfee Labs’ blog post pulls back the curtain on three main deception methods:
1. Fake “DeepSeek” Installers
2. Unrelated Third-Party Software Installs
3. Fake Captcha Pages
McAfee’s experts underscore the importance of careful online habits and shares best practices to keep threats at bay:
FreshRSS 
Windows + R and paste something you can’t see in full, don’t do it.
McAfee Labs’ findings reveal just how adaptable—and opportunistic—cybercriminals can be when fresh digital gold rushes emerge. By following basic security practices and staying skeptical about anything that seems too good to be true, you can explore new AI frontiers without handing over the keys to your device.
When in doubt, stop, do your due diligence, and only download from verified sources. Your curiosity about the latest tech trends shouldn’t come at the cost of your personal data or system security.
The post Bogus ‘DeepSeek’ AI Installers Are Infecting Devices with Malware, Research Finds appeared first on McAfee Blog.
Tax season is already stressful for many Americans, and to make matters worse, it’s also a golden opportunity for scammers.
According to a new 2025 tax season survey conducted by McAfee, nearly half (48%) of people say they, or someone they know, has received a message via email, social media, phone call, or text message falsely claiming to be from the IRS or an official state tax authority.
And when these deceptive messages and other manipulative AI practices work, research reveals it costs — a lot.
Gen Z adults (18-24) surveyed by McAfee reported experiencing the most scams, with nearly 40% saying they or someone they know has been scammed.
While young adults face high rates of attempted fraud, older adults (65-74) are still at greater risk of large financial losses. Among men in that age group who lost money in such a scam, 40% reported losing between $751 and $1,000, and half of the women lost between $2,501 and $5,000.
Meanwhile, the steepest losses overall were reported by those aged 45-54, with 10% saying they lost more than $10,000.
Criminals have long relied on phishing emails and fraudulent calls to obtain personal information—especially during tax season. Today, AI is raising the stakes.
Deepfake audio lets scammers sound exactly like IRS agents, and AI-generated phishing emails perfectly replicate official communications from reputable tax preparation services.
In fact, more than half (55%) of Americans say they’ve noticed scam attempts becoming more realistic than in previous years, and 87% worry AI is making them even harder to detect.
Here’s how a typical tax scam might play out: It often starts with an urgent text or email claiming your refund was rejected—or that you owe back taxes and must pay immediately. These messages can look and sound incredibly convincing, prompting recipients to click a malicious link or call a fake helpline.
Once scammers have your attention, they’ll ask for personal or financial information—like your Social Security number, bank details, or a credit card—to “fix” the supposed problem. Of course, it’s all a ploy to steal your identity or your cash.
McAfee highlights several tactics that have emerged in these AI-driven scams:
Tax scams show no signs of slowing down in 2025. Whether you’re part of Gen Z, a senior, or somewhere in between, it pays to stay vigilant.
By recognizing the signs of a scam, safeguarding your personal information, and taking proactive steps, you can help ensure your refund ends up where it belongs: in your pocket.
The post Financial Losses from Tax Scams Top $1,000 on Average—and Gen Z is a Growing Target appeared first on McAfee Blog.
Scams are big business for cybercriminals, and they’re getting more sophisticated than ever. According to McAfee’s State of the Scamiverse 2025 report, the average person encounters 12 scams per day, while Americans see over 14 scam attempts daily, including three deepfake videos.
Fraudsters are leveraging AI-powered tools to create hyper-realistic deepfakes for as little as $5 and 10 minutes, making it harder than ever to distinguish between what’s real and what’s fake. The financial impact is staggering—87% of scam victims lose money, with one-third losing over $500, and nearly one in ten losing more than $5,000.
As a parent, one of my greatest concerns is ensuring my family doesn’t fall victim to these evolving scams.
So, here are five key ways to keep your loved ones safe in today’s Scamiverse.
Teaching kids (and adults) to be skeptical of what they see online is a crucial first step in scam prevention. Given the rise of deepfakes and AI-generated frauds, it’s essential to develop a questioning mindset:
With detected deepfakes surging tenfold globally and a 1,740% increase in North America alone, it’s more important than ever to show real-world examples of scams to kids and teens so they can recognize the signs.
Good digital habits can prevent many scams before they happen. Yet, 35% of scam victims say falling for a scam caused them moderate to significant distress, highlighting the importance of strong cyber hygiene:
Cybercriminals use the mosaic effect—piecing together publicly available information—to commit identity theft and financial fraud. Here’s how to lock down your digital footprint:
Phishing scams remain one of the most successful fraud tactics, often tricking victims into clicking on malicious links. According to McAfee, the most commonly reported scam types include:
To stay safe:
Staying informed is one of the best defenses against scams. With social media users sharing over 500,000 deepfakes in 2023, awareness is key. Here’s how to stay ahead:
Whether it’s deepfake impersonation scams, fraudulent investment schemes, or phishing texts, scammers are evolving rapidly. But with awareness, skepticism, and strong digital habits, you can help ensure your family stays protected from the ever-growing Scamiverse.
For more tips and security solutions, check out McAfee’s advanced protection tools to stay one step ahead of the fraudsters.
The post Protect Your Family From Scams With These 5 Key Online Safety Tips appeared first on McAfee Blog.
The internet is brimming with content designed to entertain, inform—and sometimes deceive. The latest tool in a cybercriminal’s arsenal? Deepfakes. From fabricated celebrity endorsements to fraudulent job interviews, AI-generated deepfake scams are growing at an alarming rate. As deepfake technology becomes more advanced, it’s harder than ever to discern real from fake—until it’s too late.
According to McAfee’s latest “State of the Scamiverse” report, deepfake scams have become an everyday reality. The average American now encounters 2.6 deepfake videos daily, with younger adults (18-24) seeing even more – about 3.5 per day. And for less than the cost of a latte and in under 10 minutes, scammers today can create shockingly convincing deepfake videos of anyone: your mom, your boss, or even your child.
At McAfee, we’re committed to helping users navigate this evolving threat landscape with cutting-edge protection tools. Understanding how deepfake scams work and how to safeguard yourself is the first step in staying ahead of cybercriminals.
Deepfake scams exploit the power of AI to create hyper-realistic audio, video, and images that can impersonate anyone—from politicians to CEOs, from family members to Hollywood stars. These fake videos and voices have been used to:
Our research shows that people encounter nearly three deepfakes a day online and that the number is growing, making the urgency to combat these scams greater than ever.
Figure 1: AN AI-Generated image of the Pope went viral online.
Deepfake scams typically follow a predictable pattern:
While deepfake technology is becoming increasingly sophisticated, there are still ways to identify AI-generated deception:
To stay one step ahead of cybercriminals, consider these safety measures:
Deepfake scams are not just a futuristic concern—they are a real and present danger. Cybercriminals will continue refining their tactics, but with the right awareness and security tools, you can outsmart them.
McAfee remains at the forefront of AI-driven security solutions, ensuring you have the protection you need in an increasingly deceptive digital world.
Stay one step ahead of deepfake threats. Download McAfee+ today and take control of your online security.
The post Data Shows You’ll Encounter A Deepfake Today—Here’s How To Recognize It appeared first on McAfee Blog.
Social media connects us to friends, trends, and news in real time—but it also opens the door to scammers looking to exploit trust and curiosity. From fake giveaways to impersonation scams, fraudsters use sophisticated tactics to trick users into handing over personal information, money, or access to their accounts.
Even the most internet-savvy users can fall victim to these deceptive schemes. That’s why it’s crucial to recognize the red flags before it’s too late. Whether it’s a DM from a “friend” in trouble, a deal that seems too good to be true, or a sudden request to verify your account, scammers prey on urgency and emotion to pull you in.
Here’s a look at some of the most common social media scams—and how you can stay one step ahead to protect yourself and your accounts.
Fraudsters use various tactics to lure unsuspecting users into their schemes, including:
Recognizing these red flags can help you stay safe:
Follow these precautions to reduce your risk of falling victim:
If you suspect you’ve fallen victim to a social media scam, take immediate action:
Social media scams are becoming more sophisticated, but you can protect yourself by staying informed and cautious.
Always verify messages, be skeptical of too-good-to-be-true offers, and use strong security measures to safeguard your accounts.
By recognizing these scams early, you can avoid financial loss and keep your personal information safe online.
McAfee helps protect you from online threats with advanced security tools, including identity monitoring, safe browsing features, and real-time malware protection. Stay one step ahead of scammers with trusted cybersecurity solutions.
The post The 9 Most Common Social Media Scams—and How to Spot Them Before It’s Too Late appeared first on McAfee Blog.
Typos. Too-good-to-be-true offers. Urgent warnings.
Scammers are getting smarter—and more convincing. New research from the Federal Trade Commission (FTC) reveals that Americans lost a staggering $12.5 billion to fraud in 2024, a 25% increase from the previous year. The median reported loss was $497, with imposter scams alone accounting for nearly $3 billion in losses.
Fraud isn’t just increasing—it’s hitting certain areas harder than others. Florida, Georgia, and Delaware ranked as the top three states with the highest per-capita fraud reports, while California led in total reports with over 500,000 cases.
And where are these scams happening? Scammers are reaching victims through phone calls, text messages, and social media, with social media emerging as one of the most lucrative platforms for fraud—70% of fraud reports linked to social media resulted in financial losses.
With scammers using increasingly sophisticated tactics, knowing how to spot red flags in emails and links is more critical than ever.
Here’s how to protect yourself from the latest phishing threats.
Simple Steps to Check a Link Before Clicking
How to Protect Yourself from Phishing Attacks
Preventative Measures
What to Do if You Clicked a Suspicious Link
Phishing attacks are becoming more deceptive, but staying informed and cautious can protect you. Always verify links and emails before clicking, and use trusted cybersecurity tools like McAfee+ to keep your accounts and data safe.
Stay vigilant—don’t let scammers catch you off guard!
The post Avoid Being Scammed: How to Identify Fake Emails and Suspicious Links appeared first on McAfee Blog.
Cryptocurrency offers exciting opportunities—but it’s also a favorite playground for scammers.
With the rapid rise of deepfake technology and deceptive AI-driven schemes, even seasoned investors can fall victim to fraud. According to McAfee’s State of the Scamiverse report, deepfake scams are on the rise, with the average American now encountering 2.6 deepfake videos daily. And younger adults (18-24) see even more – about 3.5 per day.
From fake investment opportunities to phishing attempts, bad actors are more sophisticated than ever.
The recent wave of Trump-themed meme coins—more than 700 copycats attempting to mimic the real thing—highlights just how rampant crypto scams have become. If even the president’s cryptocurrency isn’t safe from impersonators, how can everyday investors protect themselves?
By knowing the red flags, you can safeguard your money and personal data from crypto scammers.
Scammers often lure victims with guaranteed returns or impossibly high profits. If an investment promises “risk-free” earnings or sounds like a financial miracle, run the other way—legitimate investments always carry some level of risk.
Example: A Ponzi scheme disguised as a crypto investment fund may claim to offer “10% daily profits” or “instant payouts.” In reality, they use new investors’ money to pay early participants—until the scam collapses.
Fraudsters frequently impersonate public figures—from Elon Musk to Donald Trump—to promote fake coins or crypto investments. The explosion of Trump-themed meme coins shows how easily scammers exploit famous names. Even if a project appears linked to a well-known figure, verify through official channels.
Example: A deepfake video featuring a celebrity “endorsing” a new crypto token. McAfee’s research found that nearly 3 deepfake videos per day are encountered by the average American, many of them tied to scams.
Scammers often set up fraudulent crypto exchanges or wallet apps that look legitimate but are designed to steal your money. They might advertise low fees, special bonuses, or exclusive access to new coins.
How to Protect Yourself:
Always use well-established exchanges with a proven track record.
Look for HTTPS encryption and verify the URL carefully.
Research if the platform is licensed and regulated.
Scammers thrive on urgency. They’ll push you to act immediately before you have time to think critically. Whether it’s a limited-time pre-sale or a “secret investment opportunity,” don’t let fear of missing out (FOMO) cloud your judgment.
Example: “Only 10 spots left! Invest now before prices skyrocket!”—Classic scam tactics designed to trigger impulsive decisions.
No legitimate crypto project will ever ask for:
Example: A fake customer support email pretending to be from Coinbase, asking you to confirm your wallet password—this is a phishing attempt!
Do Your Research: Always Google the project’s name + “scam” before investing.
Check Regulatory Status: See if the platform is licensed (DFPI, SEC, or other regulators).
Verify Official Websites & Socials: Scammers create lookalike websites with small typos—double-check URLs!
Use Cold Storage: Store your assets in a hardware wallet to protect against hacks.
Use tools like McAfee+: To monitor for potential scams and get warnings for potential deepfakes and other scam red flags.
Crypto offers incredible potential—but with great opportunity comes risk. Scammers are always evolving, using deepfake videos, phishing, and fraudulent investment schemes to trick even the savviest investors. By staying informed and following basic security practices, you can avoid getting caught in the next big crypto scam.
The post How to Spot a Crypto Scam: The Top Red Flags to Watch For appeared first on McAfee Blog.
It started with a DM.
For five months, 25-year-old computer programmer Maggie K. exchanged daily messages with the man she met on Instagram, convinced she had found something real.
When it was finally time to meet in person, he never showed. Instead, he claimed he missed his flight and needed money to rebook. Desperate to finally see him, she sent the cash.
Then, silence. His accounts vanished. He hadn’t just ghosted her—he had never existed at all.
“I ignored my gut feeling… I sent him $1,200. Then he disappeared,” Maggie told McAfee, hoping that her story would educate others. “When I reported the scam, the police told me his images were AI-generated. He wasn’t even a real person. That was the scariest part – I had trusted someone who never even existed.”
These scams work because they prey on trust and emotions. And they aren’t just targeting the naïve; anyone, even tech professionals as Maggie’s case shows, can be fooled.
McAfee’s latest research reveals more than half (52%) of people have been scammed out of money or pressured to send money or gifts by someone they met online.
And romance scams aren’t just happening in dating apps anymore. Social media, messaging platforms and AI chatbots are fuelling an explosion of online romance fraud.
McAfee’s findings highlight a staggering rise in:
With 62% of people saying they’ve used dating apps, social media, or messaging platforms to connect with potential partners, scammers have a bigger pool of victims than ever before.
Younger users are the most active online daters, with 31% of 18-24-year-olds currently using online dating platforms. Tinder is the most popular dating app overall (46%), with its highest engagement among 18-24-year-olds (73%). Just over 40% of respondents said they use Instagram, 29% use Snapchat and 25% use TikTok to meet potential partners. But these platforms also present new risks, as fake apps designed to steal personal information lurk in app stores.
McAfee researchers found nearly 11,000 attempts to download fraudulent dating apps in recent months. The most impersonated?
Downloading a fake app could expose your login credentials, financial information or even install malware onto your device.
And once money is lost, its rarely recovered, as scammers use cryptocurrency, untraceable gift cards and offshore accounts to move stolen funds.
McAfee researchers urge anyone looking for love online to stay vigilant by following these critical safety measures:
1) Watch for “love bombing.” Scammers overwhelm victims with affection early on to gain trust.
2) Verify their identity. Use reverse image searches and insist on live video calls which AI-generated scammers avoid.
3) Never send money. No real partner will pressure you for financial help—especially when you’ve never met.
4) Be wary of celebrity DMs. If a famous figure suddenly messages you, it’s likely a scam.
5) Avoid suspicious links. McAfee blocked over 321,000 fraudulent dating sites—avoid clicking on unknown links or apps.
6) Use online protection tools. Tools like McAfee+ can detect and block suspicious messages, phishing attempts, and AI-generated fraud in real time. McAfee+ offers maximum identity, privacy, and device protection to detect and prevent fraudulent activity before it causes harm.
The post AI chatbots are becoming romance scammers—and 1 in 3 people admit they could fall for one appeared first on McAfee Blog.
McAfee has been named the top brand in the Antivirus and Security Software category in TIME and Statista’s 2024 World’s Best Brands list, ranking above all major industry competitors.
The list, which surveyed over 22,000 U.S. consumers, ranks brands based on trust, awareness, and customer satisfaction across 66 industries.
TIME’s World’s Best Brands of 2024 rankings highlight consumer preferences across industries, from tech to retail. The inclusion of cybersecurity in the list speaks to a broader trend: digital safety is no longer just a concern for businesses and IT professionals—it’s a household necessity.
Recent data supports this shift. A global McAfee study found that 59% of people have fallen victim to an online scam or know someone who has, with 87% of those affected losing money—an average loss of $1,366 USD. As the financial and personal stakes of online security continue to rise, consumers are looking for trusted brands that offer comprehensive, easy-to-use protection.
For those looking to strengthen their digital defenses, McAfee+ provides award-winning security that protects against malware, scams, and online fraud—allowing consumers to browse, shop, and connect with confidence.
The post McAfee Named #1 Antivirus and Security Software Brand in TIME’s 2024 World’s Best Brands appeared first on McAfee Blog.
Beyoncé has officially announced her Cowboy Carter world tour, and the excitement is through the roof! With her last tour selling out in record time, fans know they need to act fast to secure their tickets. Unfortunately, that urgency is exactly what scammers prey on.
In 2022 alone, Americans lost nearly $8.8 billion to fraud, and ticket scams are one of the most common ways scammers cash in on eager fans. But don’t worry—we’ve got you covered. Before you rush to buy tickets to Beyoncé’s latest tour, here’s how to spot and avoid ticket scams so you don’t get left outside the stadium with nothing but regret.
Ticket scams come in different forms, but the most common ones include:
Scammers know how to create a sense of urgency, often advertising tickets to sold-out events at too-good-to-be-true prices. If you’re desperate to see Beyoncé, it’s easy to get caught up in the rush—but staying cautious can save you from getting scammed.
The best way to avoid being scammed is to buy only from reputable sources like official ticketing platforms (Ticketmaster, Live Nation, AXS) or directly from the event’s website. However, if you’re looking elsewhere, be on the lookout for these red flags:
When an event sells out, scammers flood social media with offers. Platforms like Facebook Marketplace, Instagram, and Craigslist are filled with fake ticket sellers. If you didn’t get tickets during the official sale, be cautious about where you’re looking.
Pro Tip: Follow Beyoncé’s official social media pages and event organizers for updates. Sometimes, extra dates or official resale opportunities become available.
Scammers often advertise tickets below face value to lure in victims. While real fans sometimes sell their tickets at a discount, it’s a huge red flag if the price is way lower than expected.
Pro Tip: If you’re buying from an individual, check their profile carefully. Look for signs of a fake account, such as recently created pages or multiple listings in different cities.
Some scammers go the extra mile, creating entire websites that mimic real ticket platforms. These fake sites not only sell counterfeit tickets but may also steal your credit card information.
Pro Tip: Always type in the official ticketing site’s URL manually or search for it on Google. Avoid clicking links from unknown sources, and double-check that the site uses “HTTPS” and has no misspellings in the URL.
Even if you get a real ticket, that doesn’t mean it’s yours alone. Some scammers sell the same ticket to multiple people, leading to chaos when multiple buyers show up at the event.
Pro Tip: Only buy from platforms that offer verified resale tickets with guarantees, like StubHub, SeatGeek, or VividSeats.
Some scammers sell general admission tickets as if they were premium seats. You may think you’re getting front-row access, only to find out you overpaid for a standing-room ticket.
Pro Tip: Always confirm the seat location with the seller. Many venues have seating charts available online, so check before purchasing.
Scammers hack into Ticketmaster accounts and transfer tickets to themselves, effectively locking the rightful owner out of their seats. Victims often receive a flood of emails, including notifications of ticket transfers they never authorized. By the time they realize what’s happened, their tickets are gone, likely resold by the scammer.
Pro Tip: To prevent this, ensure your Ticketmaster account is secure by using a strong password, enabling two-factor authentication, and being wary of suspicious login attempts or phishing emails.
To make sure you don’t fall victim to a ticket scam, follow these golden rules:
Buy from official sources – Beyoncé’s official website, Ticketmaster, and AXS are your safest bets.
Use a credit card – If something goes wrong, you can dispute the charge.
Be wary of social media sellers – If you’re buying from a stranger, research their profile and history first.
Check the URL – Make sure you’re on the real ticketing website before purchasing.
Avoid high-pressure sales tactics – Scammers want you to act fast—don’t fall for it!
Beyond ticket scams, cybercriminals also use major events like Beyoncé’s tour to spread malware and phishing attacks. McAfee’s comprehensive online protection can help keep your devices and personal information safe by blocking malicious websites, preventing identity theft, and alerting you to potential fraud.
Beyoncé’s Cowboy Carter tour is one of the most anticipated events of the year, and everyone wants to be part of the experience. But scammers know this too, and they’re out in full force. By staying smart, sticking to verified ticket sources, and being wary of deals that seem too good to be true, you can avoid scams and secure your spot at one of the biggest concerts of 2025.
Stay safe, Beyhive—and get ready to enjoy the show!
The post Buying Tickets for Beyoncé’s Cowboy Carter Tour? Don’t Let Scammers Ruin Your Experience appeared first on McAfee Blog.
The rise of AI-driven cyber threats has introduced a new level of sophistication to phishing scams, particularly those targeting Gmail users.
Criminals are using artificial intelligence to create eerily realistic impersonations of Google support representatives, Forbes recently reported. These scams don’t just rely on misleading emails; they also include convincing phone calls that appear to come from legitimate sources.
If you receive a call claiming to be from Google support, just hang up—this could be an AI-driven scam designed to trick you into handing over your Gmail credentials.
Here’s everything you need to know about the scam and how to protect yourself:
Hackers have devised a multi-step approach to trick users into handing over their Gmail credentials. Here’s how the scam unfolds:
The attack often begins with a phone call from what appears to be an official Google support number. The caller, using AI-generated voice technology, convincingly mimics a real Google representative. Their tone is professional, and the caller ID may even display “Google Support,” making it difficult to immediately recognize the scam.
Once engaged, the scammer informs the victim that suspicious activity has been detected on their Gmail account. They may claim that an unauthorized login attempt has occurred, or that their account is at risk of being locked. The goal is to create a sense of urgency, pressuring the victim to act quickly without thinking critically.
To appear credible, the scammer sends an email that looks almost identical to a real Google security notification. The email may include official-looking branding and a request to verify the user’s identity by entering a code. The email is designed to look so authentic that even tech-savvy individuals can be fooled.
If the victim enters the verification code, they inadvertently grant the attacker full access to their Gmail account. Since the scammer now controls the two-factor authentication process, they can lock the real user out, change passwords, and exploit the account for further attacks, including identity theft, financial fraud, or spreading phishing emails to others.
This scam is particularly dangerous because it combines multiple layers of deception, making it difficult to spot. Unlike standard phishing emails that may contain poor grammar or suspicious links, AI-enhanced scams:
To protect yourself from AI-powered scams, follow these essential security measures:
1. Be Skeptical of Unsolicited Calls from “Google”
Google does not randomly call users about security issues. If you receive such a call, hang up immediately and report the incident through Google’s official support channels.
2. Verify Security Alerts Directly in Your Account
If you receive a message stating that your account has been compromised, do not click any links or follow instructions from the email. Instead, go directly to your Google account’s security settings and review recent activity.
3. Never Share Verification Codes
Google will never ask you to provide a security code over the phone. If someone requests this information, it is a scam.
4. Enable Strong Authentication Methods
5. Regularly Monitor Your Account Activity
Check the “Security” section of your Google account to review login activity. If you see any unrecognized sign-ins, take immediate action by changing your password and logging out of all devices.
6. Use a Password Manager
A password manager helps create and store strong, unique passwords for each of your accounts. This ensures that even if one password is compromised, other accounts remain secure.
If you believe your account has been compromised, take these steps immediately:
As AI technology advances, cybercriminals will continue to find new ways to exploit users. By staying informed and implementing strong security practices, you can reduce the risk of falling victim to these sophisticated scams.
At McAfee, we are dedicated to helping you protect your digital identity. Stay proactive, stay secure, and always verify before you trust.
For more cybersecurity insights and protection tools, check out McAfee+.
The post How to Make Sure Your Gmail Account is Protected in Light of Recent AI Scams appeared first on McAfee Blog.
Video games are a favorite pastime for millions of kids and teenagers worldwide, offering exciting challenges, epic battles, and opportunities to connect with friends online. But what happens when the search for an edge in these games—like cheats or special hacks—leads to something far more dangerous?
McAfee Labs has uncovered a growing threat aimed at gamers, especially kids, who unknowingly download malware disguised as game hacks, software cracks, and cryptocurrency tools.
Here’s what you need to know about this sneaky scam and how to stay safe:
Popular games like Minecraft, Roblox, Fortnite, Apex Legends, and Call of Duty are among those targeted by these scams. Gamers searching for cheats to gain an advantage—like seeing through walls, speeding up characters, or unlocking premium items—are being lured to malicious links. These links often appear on GitHub, a platform where developers share and collaborate on code, or in YouTube videos claiming to offer step-by-step instructions.
GitHub is typically trusted by programmers and tech enthusiasts, but cybercriminals exploit this trust by uploading malware that masquerades as game hacks. By naming their repositories after popular games or tools, scammers trick users into downloading malware instead of the promised cheat software.
The process starts when someone searches online for free cheats or cracked software—like tools to unlock premium features of Spotify or Adobe—and stumbles upon a GitHub repository or a YouTube video. These repositories often look convincing, with professional descriptions, screenshots, and even licenses designed to appear legitimate.
Figure 1: Attack Vector
Once users follow the instructions, they’re often asked to disable their antivirus software or Windows Defender. The reasoning provided is that antivirus programs will mistakenly identify the hack or crack as dangerous. In reality, this step clears the way for malware to infect their device.
Instead of receiving a functional cheat, victims unknowingly install a dangerous program known as Lumma Stealer or similar malware variants. This software quietly:
Each week, new repositories and malware variants appear as older ones are detected and removed. This cycle makes it difficult for platforms like GitHub to completely eliminate the threat.
Kids and teens are prime targets because they often lack experience in identifying online scams. The promise of features like “Aimbots” (to improve shooting accuracy) or “Anti-Ban” systems (to avoid getting caught by game administrators) makes these fake downloads even more tempting. Scammers exploit this curiosity and eagerness, making it easier to trick young gamers into infecting their devices.
Figure 2: YouTube Video containing malicious URL in description.
McAfee Labs offers these tips to avoid falling victim to these scams:
The takeaway? Scammers will go to great lengths to exploit the interests and habits of gamers. And unfortunately, this isn’t the first time we’ve seen such malware attacks targeting gamers. By educating yourself and your family about these threats, you can play smarter and stay safer online. Always remember: no cheat or crack is worth compromising your security.
Read the full report from McAfee Labs outlining our research and findings on this malware risk. Learn more about how you can protect yourself with McAfee+.
The post Scam Alert: Fake Minecraft, Roblox Hacks on YouTube Hide Malware, Target Kids appeared first on McAfee Blog.
The artificial intelligence arms race has a new disruptor—DeepSeek, a Chinese AI startup that has quickly gained traction for its advanced language models.
Positioned as a low-cost alternative to industry giants like OpenAI and Meta, DeepSeek has drawn attention for its rapid growth, affordability, and potential to reshape the AI landscape.
But as the buzz around its capabilities grows, so do concerns about data privacy, cybersecurity, and the implications of feeding personal information into AI tools with uncertain oversight.
DeepSeek’s AI models, including its latest version, DeepSeek-V3, claim to rival the most sophisticated AI systems developed in the U.S.—but at a fraction of the cost.
According to reports, training its latest model required just $6 million in computing power, compared to the billions spent by its American counterparts. This affordability has allowed DeepSeek to climb the ranks, with its AI assistant even surpassing ChatGPT as the top free app on Apple’s U.S. App Store.
What makes DeepSeek’s rise even more surprising is how abruptly it entered the AI race. The company originally launched as a hedge fund before pivoting to artificial intelligence—an unusual shift that has fueled speculation about how it managed to develop such advanced models so quickly. Unlike other AI startups that spent years in research and development, DeepSeek seemed to emerge overnight with capabilities on par with OpenAI and Meta.
However, DeepSeek’s meteoric rise has sparked skepticism. Some analysts and AI experts question whether its success is truly due to breakthrough efficiency or if it has leveraged external resources—potentially including restricted U.S. AI technology. OpenAI has even accused DeepSeek of improperly using its proprietary tech, a claim that, if proven, could have major legal and ethical ramifications.
One of the biggest concerns surrounding DeepSeek isn’t just how it handles user data—it’s that it reportedly failed to secure it altogether.
According to The Register, security researchers at Wiz discovered that DeepSeek left a database completely exposed, with no password protection, allowing public access to millions of chat logs, API keys, backend data, and operational details.
This means that conversations with DeepSeek’s chatbot, including potentially sensitive information, were openly available to anyone on the internet. Worse still, the exposure reportedly could have allowed attackers to escalate privileges and gain deeper access into DeepSeek’s infrastructure. While the issue has since been fixed, the incident highlights a glaring oversight: even the most advanced AI models are only as trustworthy as the security behind them.
Here’s why caution is warranted:
DeepSeek specifically states in its terms of service that it collects, stores, and has permission to share just about all the data you provide while using the service.
Figure 1. Screenshot of DeepSeek Privacy Policy shared on LinkedIn
It specifically notes collecting your profile information, credit card details, and any files or data shared in chats. What’s more, that data isn’t stored in the United States, which has strict data privacy regulations. DeepSeek is a Chinese company with limited required protections for U.S. consumers and their personal data.
If you’re using AI tools—whether it’s ChatGPT, DeepSeek, or any other chatbot—it’s crucial to take steps to protect your information:
As AI chatbots like DeepSeek gain popularity, safeguarding your personal data is more critical than ever. With McAfee’s advanced security solutions, including identity protection and AI-powered threat detection, you can browse, chat, and interact online with greater confidence—because in the age of AI, privacy is power.
The post Explaining DeepSeek: The AI Disruptor That’s Raising Red Flags for Privacy and Security appeared first on McAfee Blog.
Identity theft is a growing concern, and Data Privacy Week serves as an important reminder to safeguard your personal information. In today’s digital age, scammers have more tools than ever to steal your identity, often with just a few key details—like your Social Security number, bank account information, or home address.
Unfortunately, identity theft claims have surged in recent years, jumping from approximately 650,000 in 2019 to over a million in 2023, according to the Federal Trade Commission (FTC). This trend underscores the urgent need for stronger personal data protection habits.
So, how do scammers pull it off, and how can you protect yourself from becoming a victim?
How Do Scammers Steal Your Identity?
Scammers are resourceful, and there are multiple ways they can access your personal information. The theft can happen both in the physical and digital realms.
When scammers steal your identity, they often leave behind a trail of unusual activity that you can detect. Here are some common signs that could indicate identity theft:
If you suspect that your identity has been stolen, time is of the essence. Here’s what you need to do:
While you can’t completely eliminate the risk of identity theft, there are several steps you can take to protect yourself:
Identity theft can be a stressful and overwhelming experience, but by acting quickly and taking proactive steps to protect your personal information, you can minimize the damage and reclaim your identity.
The post How Scammers Steal Your Identity and What You Can Do About It appeared first on McAfee Blog.
Data Privacy Week is here, and there’s no better time to shine a spotlight on one of the biggest players in the personal information economy: data brokers. These entities collect, buy, and sell hundreds—sometimes thousands—of data points on individuals like you. But how do they manage to gather so much information, and for what purpose? From your browsing habits and purchase history to your location data and even more intimate details, these digital middlemen piece together surprisingly comprehensive profiles. The real question is: where are they getting it all, and why is your personal data so valuable to them? Let’s unravel the mystery behind the data broker industry.
Data brokers aggregate user info from various sources on the internet. They collect, collate, package, and sometimes even analyze this data to create a holistic and coherent version of you online. This data then gets put up for sale to nearly anyone who’ll buy it. That can include marketers, private investigators, tech companies, and sometimes law enforcement as well. They’ll also sell to spammers and scammers. (Those bad actors need to get your contact info from somewhere — data brokers are one way to get that and more.)
And that list of potential buyers goes on, which includes but isn’t limited to:
These companies and social media platforms use your data to better understand target demographics and the content with which they interact. While the practice isn’t unethical in and of itself (personalizing user experiences and creating more convenient UIs are usually cited as the primary reasons for it), it does make your data vulnerable to malicious attacks targeted toward big-tech servers.
Most of your online activities are related. Devices like your phone, laptop, tablets, and even fitness watches are linked to each other. Moreover, you might use one email ID for various accounts and subscriptions. This online interconnectedness makes it easier for data brokers to create a cohesive user profile.
Mobile phone apps are the most common way for data brokerage firms to collect your data. You might have countless apps for various purposes, such as financial transactions, health and fitness, or social media.
A number of these apps usually fall under the umbrella of the same or subsidiary family of apps, all of which work toward collecting and supplying data to big tech platforms. Programs like Google’s AdSense make it easier for developers to monetize their apps in exchange for the user information they collect.
Data brokers also collect data points like your home address, full name, phone number, and date of birth. They have automated scraping tools to quickly collect relevant information from public records (think sales of real estate, marriages, divorces, voter registration, and so on).
Lastly, data brokers can gather data from other third parties that track your cookies or even place trackers or cookies on your browsers. Cookies are small data files that track your online activities when visiting different websites. They track your IP address and browsing history, which third parties can exploit. Cookies are also the reason you see personalized ads and products.
Data brokers collate your private information into one package and sell it to “people search” websites. As mentioned above, practically anyone can access these websites and purchase extensive consumer data, for groups of people and individuals alike.
Next, marketing and sales firms are some of data brokers’ biggest clients. These companies purchase massive data sets from data brokers to research your data profile. They have advanced algorithms to segregate users into various consumer groups and target you specifically. Their predictive algorithms can suggest personalized ads and products to generate higher lead generation and conversation percentages for their clients.
We tend to accept the terms and conditions that various apps ask us to accept without thinking twice or reading the fine print. You probably cannot proceed without letting the app track certain data or giving your personal information. To a certain extent, we trade some of our privacy for convenience. This becomes public information, and apps and data brokers collect, track, and use our data however they please while still complying with the law.
There is no comprehensive privacy law in the U.S. on a federal level. This allows data brokers to collect personal information and condense it into marketing insights. While not all methods of gathering private data are legal, it is difficult to track the activities of data brokers online (especially on the dark web). As technology advances, there are also easier ways to harvest and exploit data.
As of March 2024, 15 states in the U.S. have data privacy laws in place. That includes California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, Delaware, Florida, New Jersey, and New Hampshire.[i] The laws vary by state, yet generally, they grant rights to individuals around the collection, use, and disclosure of their personal data by businesses.
However, these laws make exceptions for certain types of data and certain types of collectors. In short, these laws aren’t absolute.
Some data brokers let you remove your information from their websites. There are also extensive guides available online that list the method by which you can opt-out of some of the biggest data brokering firms. For example, a guide by Griffin Boyce, the systems administrator at Harvard University’s Berkman Klein Center for Internet and Society, provides detailed information on how to opt-out of a long list of data broker companies.
Yet the list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt-out.
Rather than removing yourself one by one from the host of data broker sites out there, you have a solid option: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically.
If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.
[i] https://pro.bloomberglaw.com/insights/privacy/state-privacy-legislation-tracker/
The post How Data Brokers Sell Your Identity appeared first on McAfee Blog.
Romance scams have surged in sophistication, preying on emotions and exploiting the trust of victims in the digital age.
The latest case involving a French woman who believed she was romantically involved with actor Brad Pitt is a stark reminder of the vulnerabilities we face online. But this incident, unfortunately, does not stand alone. Scammers continue to exploit celebrity fame to defraud unsuspecting victims, using deepfakes and other manipulative tactics. Recent examples include:
The most recent Brad Pitt impersonation scam follows a straightforward but insidious pattern of manipulation. Here’s how the scam unfolded step by step:
The Initial Contact: Anne, a French interior decorator, downloaded Instagram during a family ski trip. Shortly after, she was approached by a scammer pretending to be Brad Pitt’s mother, who claimed her son needed someone like Anne in his life.
Building Trust: The scammer, posing as Pitt, used AI-generated photos and emotionally charged messages to gain Anne’s trust. The fake Brad Pitt “knew how to talk to women,” according to Anne, creating a sense of intimacy and connection.
Figure 1. These fake images were used in a fake Brad Pitt romance scam.
The Financial Request: The scammer fabricated a crisis, claiming Pitt needed $1 million for a kidney treatment but couldn’t access his funds due to his ongoing divorce from Angelina Jolie. Playing on Anne’s empathy, the fraudster requested financial help.
The Emotional Manipulation: At the time, Anne was going through her own divorce and had recently received a settlement. Believing she was aiding someone in need, she transferred $850,000 to the scammer.
The Scam Unravels: The hoax came to light after Pitt publicly debuted his relationship with Ines de Ramon at the Venice Film Festival. This contradiction exposed the deception and ended the scam.
Brad Pitt recently spoke out, according to Variety, condemning the scammers for taking “advantage of the strong bond between fans and celebrities.”
Romance scammers often exploit online dating platforms, social media, and fan communities to identify potential victims. Being aware of the warning signs can help you identify and avoid romance scams:
Unrealistic Claims: If someone’s story seems too good to be true, it likely is. For example, a Hollywood star personally reaching out on a fan site is improbable. Celebrities rarely engage in direct, personal communication with fans, especially through unofficial platforms like fan sites, due to time constraints, security concerns, and the sheer volume of fan interactions.
Urgent Requests for Money: Scammers often fabricate crises requiring immediate financial assistance.
Reluctance to Meet in Person: Excuses to avoid face-to-face meetings or video calls can signal deception.
Inconsistencies in Their Story: Contradictory details or vague answers are common red flags.
Pressure to Keep the Relationship Secret: Scammers may isolate victims by discouraging them from discussing the relationship with friends or family.
While the tactics of romance scammers can be sophisticated, there are steps you can take to safeguard your heart and your finances:
Verify Identities: Use reverse image searches to check if profile pictures are stolen. Research their claims and background.
Be Cautious with Personal Information: Avoid sharing sensitive details, such as financial information or passwords.
Avoid Sending Money: Never transfer funds to someone you haven’t met in person, regardless of their story.
Keep Conversations Public: Use the messaging platform of the dating site or social media app rather than moving to private communication.
Watch Out For in AI: Artificial intelligence (AI) has made it much easier for scammers to create deepfake audio and video to create even more realistic romance scams. McAfee’s Ultimate Guide to AI Deepfakes can help you learn how to spot and protect yourself from deepfakes.
Trust Your Instincts: If something feels off, listen to your intuition, which can pick up on subtle inconsistencies or red flags that your conscious mind may overlook, acting as an early warning system.
Figure 2. An AI-generated image that circulated widely showed the Pope wearing a designer coat.
If you believe you are being targeted by a romance scam, take the following steps:
Cease Communication: Stop interacting with the individual immediately.
Report the Incident: Notify the dating platform or social media site, and report the scam to your local authorities or organizations like the FTC.
Protect Your Accounts: Change passwords and monitor your financial accounts for suspicious activity.
Seek Support: Talk to trusted friends or family members about the situation.
Raising awareness about romance scams is essential in preventing others from falling victim. Share information about common tactics and red flags with your loved ones, particularly those who may be more vulnerable, such as elderly family members or friends navigating online dating for the first time.
While the promise of romance can be enticing, it’s crucial to approach online relationships with caution and awareness.
By recognizing red flags, protecting your personal information, and reporting suspicious activity, you can safeguard yourself and others from the emotional and financial devastation of romance scams.
The post Breaking Down the Brad Pitt Scam: How it Happened and What We Can Learn appeared first on McAfee Blog.
Inauguration Day has come and gone, and the peaceful transfer of power couldn’t have happened without the intricate systems that ensure the integrity of the electoral process—specifically, cybersecurity.
Behind the scenes, a vast network of digital defenses worked to protect elections from disinformation, cyberattacks, and manipulation, all of which pose increasing threats in today’s digital age. From securing ballots to combating deepfakes, these measures play a critical role in upholding trust in democracy and making days like Inauguration Day possible.
In the digital age, elections face unprecedented threats designed to undermine public trust and disrupt democratic processes. Among the most common challenges are:
These threats highlight the urgent need for robust cybersecurity measures to protect the democratic process.
To counter these threats, governments and organizations have implemented advanced strategies and technologies:
These measures are critical in securing the journey from Election Day to Inauguration Day, building public confidence in the democratic process.
As you consume news about the inauguration and the new administration, it’s more important than ever to be vigilant about fake news. Fake news crops up in plenty of places on social media. And it has for some time now. In years past, it took the form of misleading posts, image captions, quotes, and the sharing of outright false information in graphs and charts. Now with the advent of AI, we see fake news taken to new levels of deception:
It’s critical to be wary of disinformation, intentionally misleading information manipulated to create a flat-out lie, as well as misinformation, which may include social posts that unknowingly get facts wrong.
To combat misinformation and AI deepfakes, it’s key to:
Deepfakes don’t just spread false information—they often lead users to phishing sites or malware. With tools like McAfee+, you can navigate the digital landscape with confidence.
The post From Election Day to Inauguration: How Cybersecurity Safeguards Democracy appeared first on McAfee Blog.
McAfee Total Protection users can feel even more secure online knowing that AV-Comparatives has named it the best in 2024 for both real-world protection and overall speed.
The two awards – the 2024 Real-World Protection Gold Award and the Best Overall Speed Gold Award – underscore McAfee’s commitment to providing powerful security without compromising PC performance, a critical combination at a time when 59% of people globally report falling victim to an online scam or knowing someone who has, with 87% of these individuals losing money—an astounding average loss of $1,366 USD.
“We are honored to receive both the Best Real-World Protection and the Best PC Performance awards,” said McAfee Chief Technology Officer Steve Grobman. “AV-Comparatives is a renowned institute with a reputation for analysis and quality assurance that stands tall, and this recognition further reinforces our leadership in online protection. With our AI-powered threat protection, we remain committed to staying one step ahead of cybercriminals while having the lowest impact on PC performance, so that people can enjoy their online lives with confidence.”
Each year, AV-Comparatives rigorously tests leading consumer security products to evaluate their effectiveness in real-world scenarios as well as their impact on system performance. McAfee’s standout results reflect the strength of its:
Protect yourself and your family today with McAfee Total Protection, which includes the award-winning anti-malware technology, scam protection, identity monitoring, Secure VPN, password management, and safe browsing capabilities for all-in-one security.
Get started with a free trial of McAfee Total Protection here. McAfee’s award-winning technology is also available in McAfee+ Premium, McAfee+ Advanced, and McAfee+ Ultimate.
Read the full report on AV-Comparatives’ awards here.
The post AV-Comparatives Crowns McAfee as 2024’s Leader in Online Protection and Speed appeared first on McAfee Blog.
Private tech companies gather tremendous amounts of user data. These companies can afford to let you use social media platforms free of charge because it’s paid for by your data, attention, and time.
Big tech derives most of its profits by selling your attention to advertisers — a well-known business model. Various documentaries (like Netflix’s “The Social Dilemma”) have tried to get to the bottom of the complex algorithms that big tech companies employ to mine and analyze user data for the benefit of third-party advertisers.
Tech companies benefit from personal info by being able to provide personalized ads. When you click “yes” at the end of a terms and conditions agreement found on some web pages, you might be allowing the companies to collect the following data:
For someone unfamiliar with privacy issues, it is important to understand the extent of big tech’s tracking and data collection. After these companies collect data, all this info can be supplied to third-party businesses or used to improve user experience.
The problem with this is that big tech has blurred the line between collecting customer data and violating user privacy in some cases. While tracking what content you interact with can be justified under the garb of personalizing the content you see, big tech platforms have been known to go too far. Prominent social networks like Facebook and LinkedIn have faced legal trouble for accessing personal user data like private messages and saved photos.
The info you provide helps build an accurate character profile and turns it into knowledge that gives actionable insights to businesses. Private data usage can be classified into three cases: selling it to data brokers, using it to improve marketing, or enhancing customer experience.
To sell your info to data brokers
Along with big data, another industry has seen rapid growth: data brokers. Data brokers buy, analyze, and package your data. Companies that collect large amounts of data on their users stand to profit from this service. Selling data to brokers is an important revenue stream for big tech companies.
Advertisers and businesses benefit from increased info on their consumers, creating a high demand for your info. The problem here is that companies like Facebook and Alphabet (Google’s parent company) have been known to mine massive amounts of user data for the sake of their advertisers.
To personalize marketing efforts
Marketing can be highly personalized thanks to the availability of large amounts of consumer data. Tracking your response to marketing campaigns can help businesses alter or improve certain aspects of their campaign to drive better results.
The problem is that most AI-based algorithms are incapable of assessing when they should stop collecting or using your info. After a point, users run the risk of being constantly subjected to intrusive ads and other unconsented marketing campaigns that pop up frequently.
To cater to the customer experience
Analyzing consumer behavior through reviews, feedback, and recommendations can help improve customer experience. Businesses have access to various facets of data that can be analyzed to show them how to meet consumer demands. This might help improve any part of a consumer’s interaction with the company, from designing special offers and discounts to improving customer relationships.
For most social media platforms, the goal is to curate a personalized feed that appeals to users and allows them to spend more time on the app. When left unmonitored, the powerful algorithms behind these social media platforms can repeatedly subject you to the same kind of content from different creators.
Here are the big tech companies that collect and mine the most user data.
Users need a comprehensive data privacy solution to tackle the rampant, large-scale data mining carried out by big tech platforms. While targeted advertisements and easily found items are beneficial, many of these companies collect and mine user data through several channels simultaneously, exploiting them in several ways.
It’s important to ensure your personal info is protected. Protection solutions like McAfee’s Personal Data Cleanup feature can help. It scours the web for traces of your personal info and helps remove it for your online privacy.
McAfee+ provides antivirus software for all your digital devices and a secure VPN connection to avoid exposure to malicious third parties while browsing the internet. Our Identity Monitoring and personal data removal solutions further remove gaps in your devices’ security systems.
With our data protection and custom guidance (complete with a protection score for each platform and tips to keep you safer), you can be sure that your internet identity is protected.
The post What Personal Data Do Companies Track? appeared first on McAfee Blog.
In a world where deepfake scams and misinformation are increasingly pervasive, McAfee is taking a bold step forward with major enhancements to its AI-powered deepfake detection technology. By partnering with AMD and harnessing the Neural Processing Unit (NPU) within the latest AMD Ryzen AI 300 Series processors announced at CES, McAfee Deepfake Detector is designed to empower users to discern truth from fiction like never before.
As deepfake technology becomes more sophisticated, so too does the challenge of identifying manipulated content. Nearly two-thirds of people globally report rising concerns over deepfakes, emphasizing the need for tools that can accurately detect falsified content.
To address this growing issue, McAfee introduced its cutting-edge AI technology, now supercharged through its collaboration with AMD, McAfee Deepfake Detector can deliver detection in seconds to help consumers navigate videos increasingly riddled with misinformation.
Cybercriminals are leveraging AI to manipulate audio and video, creating hyper-realistic deepfakes that are difficult to identify with the naked eye. McAfee’s Deepfake Detector uses advanced Convolution Neural Network models—AI tools specifically trained to identify manipulated or AI-generated audio within videos.
This groundbreaking technology is aimed at not only enhancing online safety but also setting a new standard for AI-powered tools.
McAfee’s partnership with AMD takes deepfake detection to the next level. By leveraging the 50 TOPS of performance in the latest AMD Ryzen AI 300 Series processors, McAfee Deepfake Detector achieves lightning–fast detection of deepfakes. This collaboration announced at CES marks a significant leap forward in balancing AI performance with user privacy, giving consumers the best of both worlds: robust protection and peace of mind.
This newest generation of AMD mobile processors represents huge leaps forward not just in compute and graphics performance but also in AI capabilities and experiences, all powered by the world’s most advanced family of processors1. McAfee Deepfake Detector leverages AMD XDNA 2 architecture providing up to a 5X increase in NPU power vs. the previous generation2, confirming continued AMD leadership in innovation and performance in this new category of AI PC computing.
McAfee’s Deepfake Detector integrates effortlessly into the user’s workflow, ensuring that everyone—from professionals to casual users—can access next-level protection without technical hurdles.
As deepfake technology evolves, McAfee Deepfake Detector is a game-changer in the fight against misinformation and scams. By combining AI-powered detection with the cutting-edge AMD Ryzen AI 300 Series processors and NPU technology, McAfee delivers:
Stay one step ahead of deepfake threats. Whether you’re a professional, a consumer, or simply navigating the digital world, McAfee empowers you to discern truth from fiction—designed for a safer, more secure online experience.
1 Based on node size. As of January 2024, AMD Ryzen AI 300 Series processors are amongst the most advanced series of processors based on 4nm node size, whereas available competitive (non-AMD) x86 laptop processors are based on 7nm TSMC process.
2 Based on engineering specifications as of May 2024 comparing total TOPS capacity for Ryzen AI 300 Series processor’s NPU to Ryzen 7040 Series processor’s NPU.
The post McAfee Deepfake Detector: Fighting Misinformation with AMD AI-Powered Precision appeared first on McAfee Blog.
You know that “Hi, how are you?” text from a stranger? It’s one of the top scams worldwide—right along with those fake delivery notices that try to reel you in a scam site with a fishy link. Now you have extra protection against them and all other kinds of scams with our new McAfee Scam Detector.
The time’s right for it too. Those scam stats above came from our latest research, which also uncovered just how often people get hit with scams and how costly they can be. 59% of Americans said they or someone they know has fallen for an online scam in the last 12 months, with scam victims losing an average of $1,471 to the scam.
Now here’s where our Scam Detector comes in. It helps stop scammers in their tracks with real-time protection against fake emails, suspicious texts, and deepfake videos that look incredibly real. By design, it helps you protect what scammers want — your money and your personal info.
McAfee Scam Detector starts with McAfee Smart AI, the same technology that already powers our online protection. From there, it helps keep you safe from email, text message, and video scams:
The best part is that we do this automatically. Once it’s set up, McAfee Scam Detector goes to work immediately. No need to copy, paste, or second-guess if a message is fake — we take care of it all for you, all in real-time. If we spot something sketchy, it lets you know, whether that’s on your mobile app, email inbox, or video platform.
Also, it lets you know what’s suspicious and why. That’s important to us. When it comes to scams, “knowing one when you see one” goes a long way toward keeping yourself safer online. Explaining why something’s dangerous can help you spot threats even when you’re on devices without McAfee-powered protection.
Soon, McAfee Scam Detector will be included in all McAfee+, McAfee Total Protection, and McAfee LiveSafe plans at no extra cost. It protects you wherever you’re online. Whether you’re using a phone, laptop, tablet, or Chromebook, our Scam Detector keeps you safe.
The post Introducing McAfee Scam Detector— Stop Scams Before They Strike appeared first on McAfee Blog.
As CES kicks off in Las Vegas, McAfee proudly stands at the forefront of innovation, showcasing our leadership in AI and our commitment to driving transformative breakthroughs in tech. Here are the key highlights of McAfee’s participation at CES 2025:
At CES, we are announcing McAfee Scam Detector – the most comprehensive protection against text, email, and video scams. Today’s scams are smarter, sneakier, and more convincing than ever. We’re helping consumers take back control with AI-powered scam detection to stop scammers in their tracks.
Tuesday Spotlight:
Dan Huynh, McAfee’s VP of Business Development, joins a panel of business leaders to explore the capabilities of AI-powered PCs. From enhanced video and photo editing to faster computing speeds and improved security, this session delves into how AI PCs are reshaping work, play, and creativity.
McAfee has announced an exciting partnership with AMD to combat deepfake scams and misinformation. The McAfee Deepfake Detector now leverages the Neural Processing Unit (NPU) in AMD Ryzen AI 300 Series processors, enabling faster and more accurate detection of manipulated content.
Qualcomm is also showcasing McAfee’s Deepfake Detector technology at CES, with demos running on their high-performance, low-powered AI silicon. These demonstrations highlight McAfee’s commitment to tackling the growing threat of malicious AI deepfakes.
Thursday Spotlight:
German Lancioni, McAfee’s Chief AI Scientist, takes the stage to discuss using AI as a tool against AI-generated disinformation. This session will tackle the question: How can people trust what they see in a world of malicious AI deepfakes?
As CES 2025 unfolds, McAfee is proud to lead the charge in addressing the challenges and opportunities that AI brings to our increasingly digital world. Through groundbreaking innovations, strategic partnerships, and thought leadership, we’re not just imagining the future of tech—we’re actively shaping it.
We invite you to join us and our partners at CES to experience our cutting-edge technologies firsthand, engage with experts, and learn how McAfee is redefining security in the age of AI. Together, we’re building a safer, smarter, and more trusted digital landscape for everyone. Stay tuned for more updates as we continue to push the boundaries of what’s possible.
The post McAfee Shines at CES 2025: Redefining AI Protection for All appeared first on McAfee Blog.
For less than the cost of a latte and in under 10 minutes, scammers today can create shockingly convincing deepfake videos of anyone: your mom, your boss, or even your child.
Imagine receiving a video call from your mom asking to borrow money for an emergency, or getting a voicemail from your boss requesting urgent access to company accounts. These scenarios might seem straightforward, but in 2025, they represent a growing threat: deepfake scams that can be created for just $5 in under 10 minutes. According to McAfee’s latest “State of the Scamiverse” report, deepfake scams have become an everyday reality. The average American now encounters 2.6 deepfake videos daily, with younger adults (18-24) seeing even more – about 3.5 per day. These aren’t just celebrity face-swaps or entertaining memes; they’re sophisticated scams designed to separate people from their money.
Welcome to the Scamiverse: an ever-expanding realm of online scams and fraud that’s targeting people everywhere. Despite increasing awareness, scams are on the rise globally, costing victims money, time, and emotional well-being. Understanding this evolving landscape is key to staying protected.
According to McAfee’s December 2024 survey of 5,000 adults:
Beyond financial losses, there’s a significant emotional toll. More than a third of victims reported moderate to significant distress after falling for an online scam, with many spending over a month trying to resolve the resulting issues. Deepfake scams surged tenfold in 2024, with North America experiencing a jaw-dropping 1,740% increase. Over 500,000 deepfakes circulated on social media in 2023 alone. Unsurprisingly, two-thirds of people report being more worried about scams than ever before.
Deepfakes are no longer futuristic tech—they’re an everyday reality. McAfee’s survey showed:
Deepfake videos are most commonly encountered on:
| Platform | % Reporting Deepfakes |
| 68% | |
| 30% | |
| TikTok | 28% |
| X (formerly Twitter) | 17% |
Interestingly, different age groups tend to encounter deepfakes on different platforms. While older Americans are more likely to see them on Facebook (over 80% of those 65+ report this), younger users more frequently encounter them on Instagram and TikTok. Younger Americans encounter more deepfakes (3.5 daily for ages 18-24) than older groups (1.2 for ages 65+), while seniors report higher exposure to deepfakes on Facebook.
Deepfakes leverage generative AI to create convincing fake videos and audio. Initially popularized through memes featuring celebrities like Tom Cruise and Mark Zuckerberg, deepfakes are now weaponized by scammers. These tools can:
McAfee Labs tested 17 deepfake creation tools, finding that scammers can:
These tools enable scammers to achieve professional-grade results with minimal effort, making deepfake scams increasingly accessible.
The McAfee survey highlighted a wide range of scams. Some frequently involve deepfakes, such as:
| Scam Type | % Reporting |
| Fake shipping notifications | 36% |
| Fake news videos | 21% |
| Celebrity endorsement scams | 18% |
With deepfake technology becoming more accessible and sophisticated, here are McAfee’s top tips to protect yourself:
As we move further into 2025, the threat of deepfake scams is likely to grow. While about half of Americans feel confident they can spot these scams, the technology is evolving rapidly. The best defense is staying informed, maintaining healthy skepticism, and using modern security tools designed to combat these AI-powered threats. Scams have evolved with AI, but so have defenses. Staying vigilant, leveraging advanced cybersecurity tools, and educating yourself can help you navigate the Scamiverse safely. As scammers grow smarter, so must we. Remember, if something seems off about a video call or message from a loved one or colleague, take a moment to verify through another channel. In the age of $5 deepfakes, that extra step could save you thousands of dollars and countless hours of stress.
The post State of the Scamiverse – How AI is Revolutionizing Online Fraud appeared first on McAfee Blog.
Brushing scams are a type of online fraud where sellers send unsolicited packages to individuals, even though they never made an order. These deceptive tactics are often used on popular e-commerce platforms such as Amazon and AliExpress. The goal of scammers is to artificially inflate product rankings and create fake reviews, ultimately boosting their sales and visibility. Read on to understand how brushing scams work and what steps you can take to stay safe.
A brushing scam is a fraudulent practice in which sellers send packages to people without their knowledge or consent. These items are typically cheap and low-quality, such as inexpensive jewelry or random gadgets, and are sent to fake addresses or addresses obtained illegally. Once the item is delivered, the fraudster writes a fake review praising the product, which helps the seller’s rating rise.
The term “brushing” originates from Chinese e-commerce, where the act of “brushing up” sales numbers involves creating fake orders and sending goods to random individuals. This practice boosts a product’s perceived popularity, tricking other buyers into thinking the product is highly rated, thus increasing its sales.
Here’s how a brushing scam typically unfolds:
These scammers often send products like costume jewelry, seeds, or inexpensive gadgets to inflate their reviews and rankings. If you find an unsolicited package at your door, there’s a high chance it’s part of a brushing scam.
Personal Data Exposure:
Receiving unsolicited parcels may indicate that your personal information has been compromised. Scammers typically access names and addresses through data breaches or purchase this information from illegal sources. In some cases, they may possess additional sensitive details, opening the door to identity theft.
Account Suspension:
If a fraudster uses your name to write fake reviews, your e-commerce account could be flagged or suspended by the platform while the issue is investigated.
Misleading Consumers:
Fake reviews can mislead you into purchasing low-quality products, especially when inflated ratings and positive comments are posted en masse.
Safety Hazards:
Some items involved in brushing scams, such as cosmetics, could be harmful. Other items, like flower seeds, may pose biosecurity risks or introduce invasive species to your local ecosystem.
If you’ve received an unexpected package and suspect it’s part of a brushing scam, report it to the online marketplace involved. Platforms typically provide a form for users to submit reports on fraudulent packages. Here’s how to handle it:
You can also report the incident to your local consumer protection agency or, in the case of U.S. residents, to the Federal Trade Commission (FTC).
If the scam occurs on Amazon, follow these steps:
It’s important not to consume or use the product, especially if its quality is questionable or if it’s an item like cosmetics or food. Update your passwords for Amazon and any linked accounts and monitor your financial statements for suspicious activity.
Here are some steps to prevent falling victim to brushing scams:
If you receive unexpected items from China or other overseas locations, it could be a sign of a brushing scam, especially if the items appear low-quality or irrelevant.
If you receive a package you didn’t order via USPS:
Brushing scams are a growing concern, but by staying vigilant and taking appropriate steps, you can protect your personal information and avoid falling prey to these deceptive tactics. Always report suspicious packages and reviews, and be cautious when interacting with unfamiliar sellers.
The post How to Protect Yourself from a Brushing Scam appeared first on McAfee Blog.
Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.
Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting.
Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.
The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.
By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location.
Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft.
Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.
Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information.
Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels.
The post How to Protect Your Data While On-the-Go appeared first on McAfee Blog.
Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go
Winter travel is filled with excitement—whether you’re heading to a snow-covered ski resort, visiting family for the holidays, or enjoying a cozy retreat in a picturesque town. According to Tripadvisor’s Winter Travel Index, 57% of Americans are gearing up for winter travel this year, with a staggering 96% planning to travel as much or more than they did last winter. Yet, with this seasonal joy comes a hidden danger: public Wi-Fi. Airports, hotels, coffee shops, and even ski lodges offer free Wi-Fi, making it easy to stay connected while on the go. But while these networks are convenient, they can also be risky.
Public Wi-Fi networks are notorious for their lack of security. Unlike your home network, which is likely password-protected and encrypted, many public networks are open and vulnerable to cyberattacks. Hackers can intercept your data, monitor your online activity, and even steal sensitive information like passwords, credit card numbers, and personal identification.
Common threats include Man-in-the-Middle attacks, where hackers intercept data exchanged between your device and the Wi-Fi network, and rogue hotspots, where cybercriminals set up fake Wi-Fi networks with names that mimic legitimate ones, tricking users into connecting.
Despite these risks, many travelers still connect to public Wi-Fi without taking the necessary precautions. But with a few simple steps, you can significantly reduce your exposure while traveling this winter.
1. Use a Virtual Private Network (VPN): Your Best Defense
The most effective way to protect your data on public Wi-Fi is by using a Virtual Private Network (VPN). A VPN encrypts your internet connection, making it virtually impossible for hackers to intercept your data. It creates a secure tunnel between your device and the internet, ensuring that your online activity remains private.
By encrypting your data, a VPN ensures that any information transmitted over the network is unreadable to anyone attempting to intercept it, such as hackers or cybercriminals. It also masks your IP address, adding a layer of anonymity that makes it difficult for snoopers to trace your online movements or identify your location.
2. Avoid Sensitive Transactions on Public Wi-Fi
Even with a VPN, it’s wise to avoid performing sensitive transactions on public Wi-Fi networks. For activities like online banking, shopping with credit cards, or accessing sensitive work documents, it’s best to reserve those tasks for secure, private networks. Taking a few extra precautions can further reduce your risk of data theft.
Safer Alternatives:
3. Spot Suspicious Wi-Fi Networks
Not all Wi-Fi networks are created equal. Some are outright traps set by hackers to lure unsuspecting users. Always verify the official network name with a staff member before connecting, especially in places like airports, hotels, or cafes. Knowing how to identify suspicious networks can save you from connecting to a rogue hotspot.
Red Flags to Watch For:
4. Keep Your Devices Secure
Protecting your data on public Wi-Fi isn’t just about the network—it’s also about securing your devices. Cybercriminals can exploit vulnerabilities in your smartphone, tablet, or laptop to gain access to your personal information.
Device Security Tips:
Stay Safe and Enjoy Your Winter Travels
Public Wi-Fi can be a lifesaver when you’re traveling, but it doesn’t have to be a risk. By following these simple tips—using a VPN, avoiding sensitive transactions, and securing your devices—you can enjoy your winter adventures without compromising your personal data. So, whether you’re sipping hot cocoa in a ski lodge or waiting for a flight home, stay connected, stay secure, and make the most of your winter travels.
The post Winter Travel Wi-Fi Safety: How to Protect Your Data While On-the-Go appeared first on McAfee Blog.
Two-step verification, two-factor authentication, multi-factor authentication…whatever your social media platform calls it, it’s an excellent way to protect your accounts.
There’s a good chance you’re already using multi-factor verification with your other accounts — for your bank, your finances, your credit card, and any number of things. The way it requires an extra one-time code in addition to your login and password makes life far tougher for hackers.
It’s increasingly common to see nowadays, where all manner of online services only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone. That’s where two-step verification comes in. You get sent a code as part of your usual login process (usually a six-digit number), and then you enter that along with your username and password.
Some online services also offer the option to use an authenticator app, which sends the code to a secure app rather than via email or your smartphone. Authenticator apps work much in the same way, yet they offer three unique features:
Google, Microsoft, and others offer authenticator apps if you want to go that route. You can get a good list of options by checking out the “editor’s picks” at your app store or in trusted tech publications.
Whichever form of authentication you use, always keep that secure code to yourself. It’s yours and yours alone. Anyone who asks for that code, say someone masquerading as a customer service rep, is trying to scam you. With that code, and your username/password combo, they can get into your account.
Passwords and two-step verification work hand-in-hand to keep you safer. Yet not any old password will do. You’ll want a strong, unique password. Here’s how that breaks down:
Now, with strong passwords in place, you can get to setting up multi-factor verification on your social media accounts.
When you set up two-factor authentication on Facebook, you’ll be asked to choose one of three security methods:
And here’s a link to the company’s full walkthrough: https://www.facebook.com/help/148233965247823
When you set up two-factor authentication on Instagram, you’ll be asked to choose one of three security methods: an authentication app, text message, or WhatsApp.
And here’s a link to the company’s full walkthrough: https://help.instagram.com/566810106808145
And here’s a link to the company’s full walkthrough: https://faq.whatsapp.com/1920866721452534
And here’s a link to the company’s full walkthrough: https://support.google.com/accounts/answer/185839?hl=en&co=GENIE.Platform%3DDesktop
1. TapProfileat the bottom of the screen.
2. Tap the Menu button at the top.
3. Tap Settings and Privacy, then Security.
4. Tap 2-step verification and choose at least two verification methods: SMS (text), email, and authenticator app.
5. Tap Turn on to confirm.
And here’s a link to the company’s full walkthrough: https://support.tiktok.com/en/account-and-privacy/personalized-ads-and-data/how-your-phone-number-is-used-on-tiktok
The post How to Protect Your Social Media Passwords with Multi-factor Verification appeared first on McAfee Blog.
It’s been a big year for big data breaches. Billions of records on millions of people have been exposed at an estimated cost of nearly $10 trillion dollars to people and businesses alike worldwide.[i]
While we still have a few weeks in the year left to go, here’s a roundup of five of the most noteworthy breaches this year. And while you can’t prevent big data breaches from happening, you can still take several preventive steps to protect yourself from the fallout. We’ll cover them here too.
News of a major data breach that involved nearly three billion records came to light over the summer from a somewhat unusual source — a class-action complaint filed in Florida.
The complaint concerned National Public Data (NPD), a company that provides background checks. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.”
The complaint alleged that NPD was hit by a data breach in or around April 2024. [ii] The complaint filed in the U.S. District Court further alleges:
Typically, companies self-report these breaches, thanks to regulations and legislation that require them to do so in a timely manner. That way, initial word of breaches reaches customers through emails, news reports, and sometimes through notifications to certain state attorney generals.
In this case, it appeared that no notices were immediately sent to potential victims.
As to how the primary plaintiff discovered the breach, he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …” (And you can certainly add online protection software to the list of ways you can find out about a data breach before a company notifies you.)
Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of 2.9 billion people and put them up for sale on the dark web.[iii] The price tag, U.S. $3.5 million. The group further claimed that the records include U.S., Canadian, and British citizens.
Just how big was the Ticketmaster data breach? It appears that over a half-billion people might have had their personal info compromised.
Ticketmaster’s parent company, Live Nation Entertainment, first announced the breach in late May. The company said that it had identified “unauthorized activity” from April 2 to May 18, 2024.
Soon after, the noted hacking group ShinyHunters claimed responsibility for the breach.[iv] According to the hackers, their 1.3 terabyte haul of data includes 560 million people — along with a mix of their names, addresses, email addresses, phone numbers, order information, and partial payment card details. They allegedly posted that info for sale on the dark web in late May.[v]
Live Nation then began notifying potential victims by physical mail, stating:
“The personal information that may have been obtained by the third party may have included your name, basic contact information, and <extra>.”
Per a support document posted by Ticketmaster, the <extra> part varied by individual. Depending on what was compromised, that might have included “email, phone number, encrypted credit card information as well as some other personal information provided to [Ticketmaster].”[vi]
Also affecting millions of people in 2024, a breach at Infosys McCamish Systems (IMS), a company that provides solutions and services to insurance companies and financial institutions. Per an announcement from IMS[vii], the company,
“[D]etermined that unauthorized activity occurred between October 29, 2023, and November 2, 2023. Through the investigation, it was also determined that data was subject to unauthorized access and acquisition.”
There’s a good chance you haven’t heard of IMS before reading this article. Yet to put the attack in perspective, it affected people who hold accounts with companies like Bank of America, Oceanview Life and Annuity Company, Fidelity Investments Life Insurance, Newport Group, and Union Labor Life Insurance.
Also per IMS, the full run of personal info swept up in the attack included:
| · Social Security Numbers
· Dates of birth · Medical records · Biometric data · Email address and passwords · Usernames and passwords |
· Driver’s license and state ID numbers
· Financial account info · Payment card info · Passport numbers · Tribal ID numbers · US military ID numbers |
Notifications went out to potential victims in several ways and at several times. Bank of America sent notices to 50,000 people in February, alerting them that their info was compromised by an unidentified third party.[viii] Fidelity Investments Life Insurance notified 28,000 potential victims in March.[ix] In late June, IMS began contacting the six million potential victims overall — eight months after the date of the initial attack.[x]
The second breach involves (FBCS), a bonded collection agency based on the U.S. east coast. On February 26, 2024, the company noted unauthorized access to their systems, which covered a twelve-day period starting on February 14.[xi] In an April notice of a “data event,” FBCS stated that people might have had the following info compromised:
“[C]onsumer name, address, date of birth, Social Security number, driver’s license number, other state identification number, medical claims information, provider information, and clinical information (including diagnosis/conditions, medications, and other treatment information), and/or health insurance information.”
FBCS went on to say that the compromised info varied from person to person.
Initially, the scope of the breach appeared to approach two million victims.[xii] Several updated filings continued to increase that number. At last reporting, the figure had ballooned to more than four million people affected.[xiii]
In April, mobile carrier AT&T learned that hackers had stolen the call and text logs of nearly all its customers, estimated at nearly 100 million people. That further included customers who used Cricket, Boost Mobile, and Consumer Cellular, which are mobile virtual network operators (MVNOs) that use AT&T’s network.
The compromised data covered a period between May 1, 2022, and October 31, 2022, with a small number of records from January 2, 2023, also affected. According to AT&T, hackers gained access through a third-party cloud platform account.[xiv]
The stolen data revealed the phone numbers customers communicated with, along with the frequency and total duration of calls and texts for specific periods. In this way, the breach affected more than just customers of AT&T — it affected anyone who may have called or texted with an AT&T customer.
However, AT&T assured customers that the content of calls or texts, timestamps, Social Security numbers, dates of birth, or other personal details were not compromised.
Of concern, a determined hacker with access to the data could infer a lot from these logs, such as businesses and people customers regularly speak with. In turn, this could fuel phishing scams by giving them extra credibility if the scammer poses as the businesses and people involved.
These breaches show the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same. Sometimes, we’re in the dark about a data breach until we get hit with a case of identity theft ourselves.
Indeed, plenty of breaches go unreported or under-reported. Even so, word of an attack that affects you might take some time to reach you. With that, preventative measures offer the strongest protection from data breaches.
To fully cover yourself, we suggest the following:
Check your credit, consider a security freeze, and get ID theft protection.
With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:
Monitor your identity and transactions.
Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.
Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts — along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.
Keep an eye out for phishing attacks.
With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.
If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as them to steal personal info. Don’t click or tap on links sent in emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.
For even more security, you can use our Text Scam Detector. It scans links in texts and lets you know if it’s risky. And if you accidentally click or tap a bad link, it blocks the sketchy sites they can take you to.
Update your passwords and use two-factor authentication.
Changing your password is a strong preventive measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.
While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.
[i] https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
[ii]https://www.bloomberglaw.com/public/desktop/document/HofmannvJericoPicturesIncDocketNo024cv61383SDFlaAug012024CourtDoc?doc_id=X6S27DVM6H69DSQO6MTRAQRIVBS
[iii] https://www.theregister.com/2024/06/03/usdod_data_dump/
[iv] https://www.pcmag.com/news/ticketmaster-confirms-user-email-addresses-phone-numbers-stolen-in-hack
[v] https://www.sec.gov/Archives/edgar/data/1335258/000133525824000081/lyv-20240520.htm
[vi] https://help.ticketmaster.com/hc/en-us/articles/26110487861137-Ticketmaster-Data-Security-Incident
[vii] https://www.infosysbpm.com/mccamish/about/notice-of-cybersecurity-incident.html
[viii] https://www.bankinfosecurity.com/bank-america-responds-to-breach-a-4487
[ix] https://www.securityweek.com/fidelity-investments-notifying-28000-people-of-data-breach/
[x] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/b152fd39-9f84-4ca5-a149-d20b94ed8ef6.html
[xi] https://www.fbcs-inc.com/cyber-incident/
[xii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/5fe1ede5-aafd-4da2-b1a4-0057a6cdadc6.shtml
[xiii] https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7e6ff931-a035-480f-a977-e11a8af7f768.html
[xiv] https://about.att.com/story/2024/addressing-illegal-download.html
The post 2024 Data Breaches Wrapped appeared first on McAfee Blog.
The holiday season often brings a rush of new gadgets—smartphones, tablets, laptops, and smart home devices—into households. One survey revealed that nearly 199 million U.S. adults planned to purchase tech products and services as gifts for the holiday season. For the tech-savvy among us, it also means becoming the go-to person for setting up, troubleshooting, and securing those shiny new devices. But while it’s great to help your loved ones get the most out of their tech, it’s just as important to ensure they’re protected from digital threats like malware, phishing, and privacy breaches.
This year, step up as the digital IT hero of the holidays by taking proactive measures to safeguard your family’s online life. Here’s a guide to help you create a safer digital environment for your loved ones by setting up their devices with robust cybersecurity protections.
One of the first steps in protecting new devices is ensuring that internet connections are secure. A Virtual Private Network (VPN) is essential for safeguarding your family’s data, especially when using public Wi-Fi networks at coffee shops, airports, or hotels. Without a VPN, any data you send or receive—such as login details, personal information, or banking credentials—can be intercepted by cybercriminals using simple hacking tools. A VPN encrypts your internet connection, making it much harder for anyone to spy on or steal your information, even on public networks. This layer of security is crucial to protect your privacy and keep your data safe from potential threats.
How to help:
Antivirus software plays a crucial role in protecting devices from malware, ransomware, and other cyber threats by continuously scanning for malicious activity and preventing harmful files from executing. It acts as a first line of defense, detecting and removing viruses before they can compromise your system or steal sensitive data.
How to help:
Passwords are the first and often most critical line of defense for online accounts, but unfortunately, many people still rely on weak or predictable combinations like “password123” or simple sequences of numbers. These easy-to-guess passwords leave accounts vulnerable to cybercriminals who use automated tools to crack them within minutes.
However, the threat doesn’t stop at weak passwords—data breaches pose an even greater risk. When large-scale breaches occur, they often expose millions of usernames and passwords to the public. Even strong, unique passwords can be compromised if they’ve been leaked in a breach, allowing attackers to use those credentials in credential-stuffing attacks, where they attempt to log in to multiple accounts using the same exposed password.
To counteract this, it’s critical to not only set strong, unique passwords for every account but also to enable multi-factor authentication (MFA) so that even if your password falls into the wrong hands, attackers can’t access your account without a second form of verification.
How to help:
Data loss can be catastrophic, whether it’s due to a hardware failure, theft, or ransomware attack. Setting up automatic backups ensures that your family’s important data—such as photos, videos, and documents—is safe, no matter what happens.
How to help:
New devices often come pre-loaded with a myriad of apps, many of which your family members may never use. Some of these could be bloatware or even pose security risks by running in the background and collecting data.
How to help:
By helping your family with these key cybersecurity steps, you’re not just setting up their devices—you’re providing them with the tools and knowledge to stay safe online. As the digital IT hero of the holidays, you’ll empower your loved ones to enjoy their new tech with confidence, knowing their data and privacy are protected.
The post How to Be Your Family’s Digital IT Hero for the Holidays appeared first on McAfee Blog.
As 89% of Americans plan to shop online during this holiday shopping season, many say they’re more concerned about being scammed online than they were last year. One big reason why—AI deepfakes.
Our 2024 Global Holiday Shopping Scams Study uncovered that 70% of American shoppers say AI-driven scams are changing the way they shop online.
In all, they think scam emails and messages will be more believable than ever and that it’ll be harder to tell what’s a real message from a retailer or delivery service. With that in mind, 58% of people say they’ll be more alert than ever to when it comes to fake messages. Another 11% said they’ll do less online shopping because of how AI is helping cybercriminals.
Overall, people say their confidence in spotting online scams is low, particularly when it comes to scams featuring AI-created content. Only 59% of Americans feel confident they can identify deepfakes or AI-generated content.
The effectiveness of deepfake shopping scams has been shown already, 1 in 5 Americans (21%) said they unknowingly paid for fake products endorsed by deepfake celebrities. For Gen Z and Millennials, that number leaps yet higher, with 1 in 3 people aged 18-34 falling victim to a deepfake scam. Meanwhile, older Americans have avoided these scams, with only 5% of shoppers aged 55 and up saying that they’ve fallen victim to one.
Additionally, 1 in 5 Americans (20%) say they or someone they know has fallen victim to a deepfake shopping scam, celebrity-based or otherwise. 70% of those people lost money to the deepfake holiday scam. Of those who lost money:
Across our research, three big findings stood out. The volume of scam messages is only increasing, chasing deals could lead to scams, and shopping on social media has risks of its own.
64% of Americans say they receive most of their scam messages via email, 20% encounter them primarily via text, and 16% find them on social media. These messages fall into several categories:
As the holiday season warms up, 84% of Americans say they’re on the hunt for the best holiday deals. But the rush for discounts could put them at risk. Scammers notoriously underprice hot items to lure in victims.
More than 100 million Americans shop on social media.i While social shopping offers convenience, it also exposes people to new risks, especially as scammers use these platforms to reach victims. We found that shoppers are increasingly turning to social channels, often in significant ways.
This is a great one to start with. Directly typing in the correct address for online stores and retailers is a prime way to avoid scammers online. In the case of retailers that you don’t know much about, the U.S. Better Business Bureau (BBB) asks shoppers to do their research and make sure that retailer has a good reputation. The BBB makes that easier with a listing of retailers you can search simply by typing in their name.
In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. Citizens can dispute charges of over $50 for goods and services that were never delivered or otherwise billed incorrectly. (Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.) However, debit cards don’t get the same protection under the Act. Avoid using a debit card while shopping online and use your credit card instead.
Scammers have to get your contact info from somewhere. Often, they get it from online data brokers and other “people finder” sites. These sites collect and sell massive amounts of personal info to any buyer. You can remove that info from some of the riskiest data brokers with our Personal Data Cleanup service. It can help you remove that info, and with select products it can even manage the removal for you. Likewise, set your social media accounts to “friends and family” only so that your profile info doesn’t show up in search results.
Phishing emails, texts, and sites lure people into clicking links that might lead to malware or handing over their personal info. And they look more believable than ever. If you receive an email or text message asking you to click on a link, it’s best to avoid interacting with the message altogether. Even if it’s a great-sounding deal or indicates it’ll provide useful info such as a parcel delivery update. Always go direct to the source and interact with reputable companies.
Yet better, you can use the combo of our Scam Protection and Web Protection found in our McAfee+ plans. Powered by our AI technology, they detect sketchy links and keep you from clicking on them by mistake.
Many scams are effective because the scammer creates a false sense of urgency or preys on a heightened emotional state. Pause before you rush to interact with any message that is threatening or urgent, especially if it is from an unknown or unlikely sender. The same very much applies for deals and sales online. Scammers will pop up bogus online ads and stores for sought-after gifts, of course with no intention of shipping you anything. Look out for offers that seem priced too low and hard-to-find items that are miraculously in stock at an online store you’ve never heard of. Stick with reputable retailers instead.
Survey methodology
The survey, which focused on the topic of deepfakes, scam messages, and holiday shopping, was conducted online in November 2024. 7,128 adults, age 18+, In 7 countries (US, Australia, India, UK, France, Germany, Japan), participated in the study.
The post How AI Deepfakes and Scams Are Changing the Way We Shop Online appeared first on McAfee Blog.
