Deleting vs. Deactivating Instagram: Key Differences

Should You Deactivate or Delete? Factors to Consider

• Mental Health Breaks: If you’re feeling overwhelmed by social media and need a pause for your mental well-being, deactivation is an excellent choice. It allows you to step away without the finality of deletion, and you can return when you feel ready.
• Job Search Privacy: When actively job hunting, you might want to limit what potential employers can see. Temporarily deactivating your account hides your profile. Alternatively, you can make your account private.
• Serious Security Concerns or Harassment: If you’re facing persistent harassment or bullying, or believe your account security has been severely compromised, permanently deleting your Instagram account may be necessary for your safety and peace of mind. In less severe cases, blocking users and reporting content, coupled with deactivation, might suffice.
• Long-Term Digital Footprint Reduction: If your goal is to minimize your online presence and permanently remove your data from Instagram, then opting to delete Instagram account is the appropriate action. This is a long-term decision aimed at reducing your overall digital footprint.
• Quick Self-Assessment Questions:
  • Do you plan to use your current Instagram profile, including its photos and connections, in the future? If yes, consider deactivation.
  • Is your primary concern data privacy, and do you want Meta to remove your information? If yes, and you’re sure you don’t want to return, consider permanent deletion.
  • Are you simply looking for a temporary escape from notifications and social pressures? If yes, deactivation is likely sufficient.
• Recommendation Based on Goals: If you need a temporary pause, want to hide your profile for a while, or think you might return, learning how to deactivate your Instagram account is your best approach. If your objective is to sever ties and permanently remove your data, deleting your Instagram account is the right path.

How to Temporarily Disable Your Instagram Account

1. Via Mobile App (iOS or Android):
   1. Open the Instagram app and navigate to your profile page.
   2. Tap the menu icon (three horizontal lines) located in the top-right corner.
   3. Select Settings and privacy from the menu.
   4. Tap on Accounts Center, which is usually the first option.
   5. Under the “Account settings” section, tap on Personal details.
   6. Choose Account ownership and control.
   7. Tap on Deactivation or deletion.
   8. Select the Instagram account you wish to deactivate if multiple accounts are listed.
   9. Ensure Deactivate account is selected and tap Continue.
   10. You will be prompted to enter your Instagram password for verification. Enter it and tap Continue.
   11. Instagram will ask for a reason for deactivation. Choose one from the list and tap Continue.
   12. Finally, confirm your decision by tapping Deactivate Account.
2. Via Web Browser (Desktop or Mobile):
   1. Navigate to Instagram.com in your preferred web browser and log in to your account.
   2. Click on More (represented by three horizontal lines) in the bottom-left menu.
   3. Select Settings from the menu that appears.
   4. You should be directed to the Accounts Center. If not, click on it.
   5. Under “Account settings,” click Personal details.
   6. Click Account ownership and control.
   7. Choose Deactivation or deletion.
   8. Select your account, ensure Deactivate account is chosen, and click Continue.
   9. Enter your password when prompted and click Continue.
   10. Provide a reason for deactivating and then confirm the deactivation.
3. Time Limits for Reactivation: There is no specific time limit imposed by Instagram for how long an account can remain deactivated. You can reactivate it at any time by logging back into your account with your username and password.
4. Data Visibility During Deactivation: When your Instagram account is deactivated, your profile, photos, videos, Stories, comments, and likes will be hidden from all other users, including your followers. It will essentially appear as though your account does not exist. However, your information is not deleted from Instagram’s servers. Messages you have previously sent to other users may still be visible to them.

Step by Step: Permanently Delete Your Instagram Account

If you’ve decided to permanently delete your Instagram account, follow these steps carefully:

1. Log in via a browser: Log into your Instagram account. Account deletion must be completed through a web browser on your mobile phone or personal computer.
2. Go to Accounts Center: Click your profile picture at the top and navigate to Settings & Privacy > Accounts Center.
3. Inside Accounts Center: Navigate to Personal Details > Account Ownership and Control. Select Deactivation or Deletion.
4. Select the account you want to delete: If you manage multiple accounts, make sure you choose the correct one.
5. Click Delete Account: Select Delete Account, then click Continue.
6. Confirm your decision: Instagram will ask you to select a reason and re-enter your password. Once confirmed, your account will be scheduled for deletion.

Important to Know

• Instagram provides a 30-day grace period. If you log back in during this time, the deletion request is canceled.
• After 30 days, your account and data are permanently removed.
• This process cannot be reversed once the grace period ends, so make sure you’re fully certain before proceeding.
• Consider downloading your data, including photos, videos, messages, before deleting your account.

Back Up Your Instagram Photos and Data Before You Leave

Before you take the irreversible step of deleting your Instagram account, it is highly recommended that you back up your data. This ensures that you retain a copy of your photos, videos, messages, and other information you’ve shared on the platform.

Once an Instagram account is deleted, this data cannot be recovered. Instagram provides a built-in tool, often referred to as Meta’s “Download Your Information” feature, that lets you request a complete copy of your data. This includes content types such as your photos (including feed posts, Stories, and Reels you’ve archived or posted), videos, comments you’ve made, your profile information, and direct messages (DMs).

While some users might have manually saved individual photos or videos to their devices over time, using Instagram’s official download tool is the most comprehensive method to secure a full archive. This is a vital step before you learn how to delete Instagram and commit to removing your presence.

Request and Download a Copy of Your Instagram Data

1. Requesting Your Data (iOS and Android Devices):
   1. Open the Instagram app on your mobile device and navigate to your profile by tapping your profile picture in the bottom-right corner.
   2. Tap the menu icon (three horizontal lines) in the top-right corner of your profile page.
   3. From the menu, select Your activity.
   4. Scroll down to the bottom of the “Your activity” screen and tap on Download your information.
   5. Tap Request a download. If you have multiple accounts linked through Accounts Center, select your Instagram profile.
   6. You’ll have the option to request a Complete copy of your data or to Select types of information if you only need specific data.
   7. Configure your file options: choose a format (HTML is generally easier for viewing, while JSON is better for transferring data to another service), select media quality (e.g., high, medium, low), and specify a date range if you don’t want all your data.
   8. Ensure your email address is correct, as this is where the download link will be sent. Tap Submit request.
2. Requesting Your Data (Desktop/Web Browser):
   1. Open your web browser, go to Instagram.com, and log in to your account.
   2. Click on the More option (represented by three horizontal lines) found in the menu on the bottom-left side of the page.
   3. From the popup menu, select Your activity.
   4. Click on Download your information.
   5. Click the Request a download button. You’ll then follow similar prompts as on the mobile app: select the profile (if applicable), choose between a complete copy or specific types of information, and set your file options (format, media quality, date range). Submit the request.
3. Email Delivery Times, File Formats: Instagram (Meta) states that it may take up to 14 days to collect your information and prepare it for download, though for many users, this process is much faster, often completed within a few hours or even minutes, especially for accounts with less data. You will receive an email at the address associated with your account containing a link to download your data. This link is typically valid for only a few days for security reasons, so download it promptly. The data is usually delivered as a ZIP file. Inside, you’ll find your information organized in folders, typically in HTML (for easy viewing in a browser) or JSON (a structured data format useful for developers or data transfer).
4. How to Interpret the Archive Once Received: After downloading and unzipping the file, if you selected the HTML format, look for an `index.html` file. Opening this file in a web browser provides a navigable interface to view your data, including posts, messages, profile information, and more. Photos and videos will typically be in separate folders, often organized by date, in their original formats (e.g., JPG for photos, MP4 for videos). If you choose JSON, the files will contain raw data that can be parsed programmatically.

Troubleshooting: Why Can’t I Delete My Instagram Account?

• Forgotten Password: To confirm your identity and proceed with account deletion, Instagram requires your current password. If you’ve forgotten it, use the “Forgot password?” option on the login page to reset it before attempting to delete your Instagram account again.
• Two-Factor Authentication (2FA) Loops: If you have 2FA enabled but are unable to receive security codes, or your backup codes are not working, this can prevent you from completing the deletion process. Try to resolve the 2FA issue first, which might involve checking your SMS, authentication app, or using recovery codes. Refer to Instagram’s Help Center for 2FA troubleshooting.
• Active Advertisements or Boosted Posts: If your Instagram account is running active ad campaigns or has recently boosted posts, you may need to pause these activities or wait for them to complete before the system allows deletion. Check your settings in Meta Ads Manager.
• Linked Business Pages or Third-Party Applications: Connections to Facebook Business Pages, or certain third-party app integrations, might sometimes interfere with the Instagram delete account process. Review your linked accounts and app permissions, and consider unlinking them if necessary. Ensure your Instagram account isn’t the sole admin for a critical business asset.
• Using an Incorrect Deletion Path: Ensure you are navigating through the correct menu options, typically via Accounts Center > Personal Details > Account Ownership and Control > Deactivation or Deletion, and specifically selecting “Delete account” rather than “Deactivate account.” The steps for how to delete instagram can sometimes change slightly with app updates.
• Temporary System Glitches: Occasionally, the inability to delete might be due to temporary glitches or server-side issues on Instagram’s end. In such cases, waiting a few hours and trying again, or using a different device or web browser, can resolve the issue.
• If you’ve tried these steps and still can’t delete your account, the most reliable source for assistance is Meta’s Instagram Help Center, which provides detailed guidance and solutions for common account issues.

How Long Does the Deletion Process Take?

When you submit a request to delete an Instagram account permanently, the removal isn’t immediate. Instagram implements a 30-day grace period starting from the moment you confirm your deletion request. During this 30-day window, your account, along with all your information like photos, videos, and profile details, becomes invisible to other users on the platform.

However, it’s not yet entirely deleted. If you change your mind and log back into your account at any time within these 30 days, the deletion request will be automatically cancelled, and your account will be reinstated. If you do not log in during this period, your account will be permanently deleted after the 30 days conclude.

Following this, Instagram states that the complete deletion of your data from their backend systems and servers can take up to an additional 90 days. Therefore, the entire process from request to potential full backend deletion can span up to 120 days.

It’s also important to note that even after the 90-day backend deletion window, copies of some of your content may remain in backup storage that Instagram uses for disaster recovery, software errors, or other data loss events, though this data is generally not accessible. Cached copies of your profile might also briefly appear in search engine results until their indexes are updated.

What Happens After You Delete Your Account?

After you successfully delete your Instagram account and the 30-day grace period has passed, your account is permanently removed from the platform. This means your profile, including all photos, videos, comments, likes, and followers, will be permanently removed.

You will no longer be able to log in or reactivate that specific account. Your username might become available for others to use in the future, although Instagram may have policies that prevent immediate reuse. Any Direct Messages (DMs) you sent will typically remain visible to the recipients; however, they will usually be attributed to a generic “Instagram User” or a similar placeholder, without any link back to your deleted profile or your profile picture.

Tags of your former account on other users’ photos will persist, but they will become inactive text rather than a clickable link to a profile. If you had embedded Instagram posts on external websites or blogs, these embeds will likely stop displaying your content or show an error message.

Any third-party applications or services that were connected to your Instagram account will lose their access and will no longer function with that account. While Instagram aims to delete your data, its policy notes that copies of some information (such as log records) may remain in its database but are disassociated from personal identifiers.

Furthermore, advertisers and Meta may retain aggregated, anonymized engagement metrics (e.g., if you clicked on an ad), but this data would not be linked to your specific, now-deleted, account.

Can You Recover or Reactivate a Deleted or Disabled Account?

Whether you can recover an Instagram account depends on whether it was disabled (deactivated) or permanently deleted. If you chose to deactivate your Instagram account, this is a temporary measure. You can reactivate a disabled account at any time simply by logging back in with your username and password. Upon reactivation, your profile, photos, comments, and likes will be restored to their previous state.

However, if you followed the steps to permanently delete an Instagram account, the situation is different. After you request deletion, Meta provides a 30-day window during which your account is hidden but not yet permanently erased. If you log back into your account within 30 days, the deletion request is cancelled, and your account is restored. If these 30 days lapse without your logging in, your account and all associated data will be permanently deleted and cannot be recovered by you or Instagram support. There is no way to get it back once this point is reached.

While you might be able to create a new account, you generally cannot reuse the same username immediately, as Instagram may hold it for a period, or it could be claimed by someone else. If you attempt recovery after the 30-day window for a permanently deleted account, it will fail.

Will Your Followers Know If You Leave Instagram?

Instagram does not send out a direct notification to your followers informing them that you have decided to delete your Instagram account or even if you’ve chosen to deactivate your Instagram account. However, your followers will notice your absence in different ways depending on your action. If you deactivate your account, your profile, along with all your posts, comments, and likes, becomes completely invisible on the platform.

If a follower searches for your username, they won’t find your account. It will appear as if you’ve vanished or your account never existed, until you decide to reactivate it by logging back in. If you proceed to delete your Instagram account permanently, after the 30-day grace period, your profile and all its content are permanently removed.

For your followers, this means they will no longer see your account in their follower lists or following lists. Any past comments or likes you made on their posts might disappear or become attributed to a generic “Instagram User.”

Essentially, your digital presence on Instagram ceases to exist. If you wish to leave quietly without drawing attention, both deactivation and deletion provide formal notification.

However, a sudden disappearance will likely be noticed by those who regularly interact with you or check your profile. You may choose to inform close friends or followers directly before deleting your Instagram account to manage their expectations.

Alternative to Deleting: Make Your Account Private and Protect Your Data

1. Switching to a Private Profile on Mobile (iOS & Android):
   1. Open the Instagram app and go to your profile by tapping your profile picture.
   2. Tap the menu icon (three horizontal lines) in the top-right corner.
   3. Select Settings and privacy from the menu.
   4. Scroll down to the “Who can see your content” section and tap on Account privacy.
   5. Toggle the Private account switch to the on position. You may need to confirm your choice.
2. Switching to a Private Profile on Web Browser:
   1. Go to Instagram.com and log in to your account.
   2. Click on More (three horizontal lines) in the menu on the bottom-left side of the screen.
   3. Select Settings from the pop-up menu.
   4. In the left navigation bar, click on Settings and privacy (or it may directly show “Account privacy” options).
   5. Under “Who can see your content,” find the Account privacy section and check the box next to Private Account.
3. Privacy Trade-offs and Benefits: Making your account private means only your approved followers can see your posts, Stories, Reels, and list of followers/following. People who want to follow you must send a request, which you can approve or deny. This significantly increases your control over who views your content. Your bio and profile picture remain public. This doesn’t remove your data from Instagram’s servers like deletion would, but it limits public access to your shared content.
4. How It Limits Data Sharing: While Instagram still collects your data as per its privacy policy, a private account restricts other users from easily accessing, sharing, or misusing your content. Your posts won’t appear in public hashtag searches or on the Explore page for non-followers.
5. Why It May Be a Middle-Ground Solution: If your primary concern is controlling your audience and enhancing privacy without permanently leaving the platform or losing your content and connections, setting your account to private is an excellent alternative to deactivation or deletion. It offers a significant degree of control over your content’s visibility, making it a good middle-ground solution if you’re not ready to fully delete your Instagram account.

The post How to Delete or Deactivate Your Instagram Account appeared first on McAfee Blog.

Imagine someone putting your personal information out online for thousands of strangers to see—your home address, phone number, even details about your family members or workplace. This invasive practice, known as doxing, has become a significant concern in the digital age. It’s not just about privacy anymore; it’s about the potential for real-world harm. This article explains what doxing is and how to prevent it from happening to you.

Key Takeaways

• Doxxing is the act of publicly exposing someone’s personal information online without their consent.
• Doxxing is often intended to harass or intimidate victims online and in real life and can result in serious personal, professional, and safety-related harm.
• Doxxing is not always illegal, sharing publicly available information is generally permissible, but hacking or sharing stolen, confidential data is illegal.
• Protect yourself from doxxing by reducing your online personal information and using strong passwords, a VPN, and antivirus protection.
• Use preventive habits to safeguard your privacy.

What is doxing?

Doxing (or “doxxing”) is the practice of revealing another individual’s personal information (home address, full name, phone number, place of work, and more) in an online public space without the person’s consent.

The term “doxing” comes from the hacker world and references the act of “dropping dox” (as in “docs”) with malicious intent to the victim. The severity of the personal data leak may also go beyond phone numbers and addresses to include releasing private photos, Social Security numbers (SSNs), financial details, personal texts, and other more invasive attacks.

What’s an example of doxing?

One of the first incidents of doxing took place back in the late 1990s when users of the online forum Usenet circulated a list of suspected neo-Nazis. The list included the suspected individuals’ email accounts, phone numbers, and addresses.

One of the most infamous examples of doxing was during 2014’s Gamergate controversy, involving issues of sexism and misogyny in the video game industry. Female video game developers and journalists were subjected to relentless harassment and doxing, placing their personal safety in jeopardy.

Several high-profile cases of celebrity doxing have made headlines over the years, serving as stark reminders of the dangers of online harassment and privacy invasion. In 2017, a woman hacked Selena Gomez’s email and leaked her Los Angeles-area home address online. In 2021, rapper Kanye West famously doxed Drake when he tweeted the star’s home address.

Is doxing illegal?

While doxing can hurt people, it’s not necessarily a crime. In some cases, a doxer finds publicly available information and shares it broadly. Since the data is public record, it’s not illegal to share it. A doxer might invite others to visit the home or workplace of their target rather than taking a specific action.

That said, it is illegal to hack a device or computer without permission from the owner — even if the information collected is never used. The legality of doxing must be taken on a case-by-case basis, and law enforcement must build its case based on existing applicable laws. For example, if the doxer attempted to apply for a credit card using your private data, they could be prosecuted for fraud or identity theft.

How to protect yourself from doxing

You can follow a few critical practices to help protect yourself from doxing. Start by limiting what you share online, using strong passwords, and taking advantage of secure technologies like virtual private networks (VPNs).

Limit the personal information you share online

Limiting the amount of personal information you share online is one of the best ways to protect yourself from doxing. Avoid oversharing personal details of your life (like your child’s name, pet’s name, or place of work), and maintain the highest possible privacy settings for any social media app or website.

You should also take caution when tagging friends, locations, and photos, as this may give doxers more access to your data. Check out our Ultimate Guide to Safely Sharing Online to learn more.

Check data broker websites for your information

Data brokers are companies that mine the internet and public records for financial and credit reports, social media accounts, and more. They then sell that data to advertisers, companies, or even individuals who may use it to dox somebody.

You might be surprised to see the amount of sensitive information available to anyone who wants it with an online search. Data brokers often have contact information, including real names, current and former addresses, birth dates, phone numbers, social media profiles, political affiliations, and other information that most consider private.

While you can remove your private information from many data broker sites, they tend to make the process tedious and frustrating. McAfee Personal Data Cleanup makes the process much easier. All you have to do is enter your name, date of birth, and home address, and we’ll scan it across high-risk data broker sites. We’ll then help you remove it.

Use strong passwords and keep them secure

Having strong passwords can make you less vulnerable to hackers and doxers. Keep yourself more secure by following a few simple rules.

• Have long and strong passwords (at least eight to 10 characters).
• Don’t create passwords that include any words from your social media sites (like pet or child names).
• Change your passwords frequently — at least every three months.
• Don’t use the same password for multiple online accounts — unique passwords only.
• Use random sequences of letters and numbers without identifiable words.
• Turn on two-factor or multi-factor authentication (MFA) for critical accounts (Gmail, LinkedIn, Facebook, online banking).
• Don’t write down passwords (or keep them in a secure location if you must).

Make password management much easier by using a password manager and generator tool. True Key uses the strongest encryption available to decrypt your existing passwords and can help generate new strong passwords.

Use a virtual private network

When browsing on public Wi-Fi networks like those at airports and coffee shops, your data is at greater risk of being compromised by cybercriminals who may lift sensitive information for personal gain.

A virtual private network (VPN) service (like the one found in McAfee+) gives you an additional layer of protection by hiding your IP address and browsing activities when you’re on an unsecured network.

Protect your device with antivirus protection

Scammers, doxers, and hackers work hard to get personal information every day. With McAfee+, you can use the internet with confidence knowing you have the support of award-winning antivirus software to keep you and your family members safe online.

Get real-time threat protection through malware detection, quarantine, and removal, and schedule real-time or on-demand file and application scanning. You’ll also benefit from an advanced firewall for home network security.

Keep your online information secure with McAfee

We all increasingly rely on the internet to manage our lives. As a result, it’s important to address the risks that come with the rewards.

Comprehensive cybersecurity tools like those that come with McAfee+ can help you avoid scams, doxing attacks, identity theft, phishing, and malware. We can also help keep your sensitive information off the dark web with our Personal Data Cleanup.

With McAfee’s experts on your side, you can enjoy everything the web offers with the confidence of total protection.

The post What is Doxing? appeared first on McAfee Blog.

Some of the strongest passwords you can use are the ones you don’t have to remember. While that may sound strange, it’s true. The key is using a password manager, a tool that creates and securely stores strong, unique passwords for each of your accounts.

Remembering dozens of different passwords seems like an impossible task. This leads many people to create simple, predictable passwords or reuse the same one across multiple accounts. A 2025 study by Cybernews revealed that of 19 million breached passwords, 94% were reused, with “123456” and “password” still being the most-used passwords.

Hackers count on this. When you create short or reused passwords, a single data breach can unlock your entire digital life, from email to online banking. This guide will cover the latest advice on password security for 2026, so you can learn how to protect your digital accounts effectively.

Key Takeaways

• NIST updated 2026 guidance: Prioritize password length (12-16+ characters) over complexity. Avoid forced special character use and frequent changes.
• Use passphrases: Combine 3–4 random words (e.g., “SunnyBeach2026Walking”) to create memorable but unpredictable credentials that are harder to crack.
• Enabling multi-factor authentication adds an essential layer of protection beyond passwords alone.
• Reusing passwords is a top security threat: Use a password manager to securely store, generate, and autofill passwords for all your accounts.

The Risks of a Weak Password

Weak passwords remain a top cause of security incidents. When attackers gain access to an account, the impact can be severe, leading to identity theft or financial fraud. These incidents are more common than you might think. We’ve seen massive data leaks exposing millions of customer records, often because people reused the same password across different platforms.

It’s not just about your personal accounts. When your local school district, healthcare provider, or utility company suffers a password-related breach, your personal information could be exposed. Strong passwords create a baseline of security that protects entire communities, not just individual users.

The Latest Advice for Strong Passwords in 2026

Password guidance has changed significantly. Passwords that were previously considered “strong” aren’t strong anymore. Decades of data proved that old rules, like forcing frequent password changes, often led to weaker habits. Research and updated recommendations from authorities like the National Institute of Standards and Technology (NIST) now point to a simpler, more effective approach.

The new focus is on length over complexity.

The old requirement to include a symbol, number, and capital letter often resulted in predictable patterns like “P@ssw0rd!1”. Today, NIST encourages using longer passphrases of 12-16 characters or more. This approach is much harder for attackers to crack.

The updated guidance recommends:

• Focusing on length, with support for passphrases.
• Allowing up to 64 characters, including spaces.
• Dropping forced, periodic password changes unless there is evidence of a compromise.

→ Related: The Difference Between Passwords and Passphrases

Strong vs Weak Passwords

Strong Passwords:

• Long: At least 12–16 characters (the longer, the better).
• Unique: A different password for each account.
• Unpredictable: Uses random words, not personal info or common phrases.
• May include: Numbers, symbols, and both lowercase & uppercase letters.

Weak Passwords:

• Short: Fewer than 12 characters.
• Reused: The same password across multiple accounts.
• Predictable: Includes personal details (like birthdays or pet names), common words, or easily guessed patterns (like “123456” or “password”).
• Minimal variation: Simple substitutions (like “P@ssw0rd”) that are easily cracked.

A strong password protects your account even in the face of automated hacking tools, while a weak password can be guessed in seconds.

Tips to Build a Strong Password or Passphrase

Creating a strong password doesn’t have to be a headache. A passphrase strings together several random words, making it easy for you to remember but difficult for an attacker to guess.

1. Aim for 15+ Characters

A passphrase with 16 or more characters is significantly harder to crack than a short, complex password. The key is to create a story or image that is memorable to you but not obvious to others. For example, “CorrectHorseBatteryStaple” is much stronger than “P@ssw0rd!”.

2. Choose 3 to 4 Random Words That Aren’t Commonly Paired

String together random words to create your passphrase. Instead of a random string like “xK9$mPz2#qL,” you might create something like “SunnyBeach2026Walking!” or “Coffee-Morning-Mountain-Trail15.”

3. Add Numbers or Symbols That Mean Something to You

Find a number with meaning to help you remember it but make sure it’s only meaningful and memorable to you. It could be the total number of your mother’s siblings, or the number of minutes it takes you to commute from your home to the office, or the number of steps down the stairs from your apartment floor to the ground floor. “123456” is not acceptable.

4. Make It Unique for Each Account

Uniqueness is non-negotiable. If your password is unique, a breach at one site doesn’t put your other accounts at risk. You can create a base phrase and modify it slightly for each service in a way that isn’t obvious. For example, “TealElephantIndia602~RollerbladinG,” with the final “G” standing for your Gmail account.

5. Use a Password Manager

Maintaining unique, long passphrases for all your accounts is nearly impossible without help. A password manager is an essential tool. It generates strong, random passwords, stores them securely in an encrypted vault, and autofills them for you. You only need to remember one strong master passphrase, and the manager handles the rest. Many also alert you if your passwords appear in known data breaches.

6. Add Multi-Factor Authentication

Even the strongest passphrase can be compromised. A multi-factor authentication (MFA) adds protection by requiring the user to key in a second factor. A stolen passphrase alone won’t grant an attacker access. Enable MFA on all your important accounts: email, banking, social media, and your password manager itself.

Want more tips? Read 15 Tips for Better Password Security.

Your 2026 Passphrase Action Plan

Knowing what to do is only half the battle. This action plan breaks the process into manageable steps, helping you strengthen your most important accounts first and build better password habits over time.

Week 1: Secure Your Vault

• Choose a reputable password manager and install it on your devices.
• Create a strong master passphrase of 15+ characters to secure your manager.
• Enable MFA on your password manager account.

Week 2: Protect Your Most Important Accounts

• Prioritize your primary email, banking, and financial accounts.
• Use your password manager to generate and save a new, unique passphrase for each one.
• Enable MFA for each account, preferably using an authenticator app.

Weeks 3-4: Work Through Secondary Accounts

• Move on to shopping sites (especially those with saved payment methods), work-related accounts, and social media platforms.
• Update each with a unique passphrase stored in your manager.

Ongoing: Make it a Habit

• Add new accounts and passphrases to your manager as you create them.
• Review your password manager’s security dashboard monthly for weak or reused passwords.
• Act immediately on any breach alerts.

For ongoing guidance, our comprehensive guide to keeping your passwords secure provides year-round support.

Family Guidance

Teaching young children and teens about passphrase security is also teaching them life skills in the digital age. Start them early with age-appropriate lessons, adding more lessons as they grow.

• Elementary age: Allow them to create simple passphrases they can remember, and introduce basic privacy concepts. Remind them never to share passwords, passphrases, and other personal information.
• Middle school: Introduce them to a trusted password manager tool, explaining why reusing passwords is risky and reminding them about the principles of creating passphrases and MFA. Consider family password managers that let you share certain credentials securely while maintaining individual vaults.
• High school: At this stage, they should be well-versed in full passphrase hygiene and MFA. They should have, at the very least, an awareness of phishing attempts and other online scams.

Final Thoughts

Passwords may seem inconsequential, but they are important components of your digital security. By focusing on length, uniqueness, and the right tools, you can significantly strengthen your password and safeguard your data.

Managing dozens of unique, strong passwords across all your accounts is challenging, but a password manager makes it easy. By generating and securely storing complex passwords for every account, a password manager saves you time and ensures your credentials stay protected. With features like encrypted storage, secure autofill, and the ability to update passwords quickly, your accounts remain both secure and convenient to access. McAfee’s Password Manager offers industry-leading protection, including advanced encryption and multi-factor authentication, helping you safeguard your digital identity with confidence.

The post How To Create The Strongest Passwords appeared first on McAfee Blog.

Is your personal computer (PC) feeling a bit sluggish? Giving it a good, old-fashioned cleaning can improve its performance, and it only takes minutes. If you’ve never cleaned your PC before, you have a few options to speed up the process.

In this guide, we explain why computers slow down over time, set expectations for what a cleaning routine can and can’t do, and share step-by-step instructions to help you clean your PC and restore optimal performance. 

PCs perform more slowly over time

For the most part, PCs don’t slow down on their own. It’s rarely one single problem. It’s how we accumulate apps, files, and services that slow your PC down as it ages. A few examples come to mind:

• You create files: These personal files that you create take up increasing amounts of disk space. When your drive gets crowded, Windows has less room to perform its background tasks, so everything feels slower.
• Temporary files add up: These are created constantly for updates, browsing, and app activity, and they don’t always clean up after themselves.
• You collect unused apps: Old apps consume storage, and some keep running services even when you never open them.
• Windows adds services: When Windows updates, it further accumulates background services and other processes that reduce performance.
• Startup programs multiply: Many apps sneak into your startup list, which makes your computer boot slower and run “busy” right from the start.
• Dust builds up inside the machine: Dust traps heat, and when your PC gets too warm, it automatically slows down to protect itself.

What PC cleaning can and can’t do for performance

Cleaning is definitely worth doing, but you should set realistic expectations for how much your PC’s performance can improve. Similar to decluttering your home, you are not rebuilding your house, but it will feel much easier to live in.

What PC cleaning can accomplish

PC cleaning addresses software-level performance bottlenecks. When you remove temporary files, clear browser caches, and delete unused applications, you’re freeing up valuable disk space and reducing the workload on your system. This directly impacts how quickly your computer can access and process information.

Startup optimization also delivers some of the most noticeable improvements. If your computer takes several minutes to boot because too many programs are launching automatically, trimming your startup list can cut boot times significantly. You’ll also notice improved responsiveness during everyday tasks when fewer background processes compete for system resources.

You will also notice faster web browsing when you clear accumulated browser data, quicker file searches when your system isn’t indexing thousands of temporary files, and smoother multitasking when background services aren’t consuming unnecessary memory. With proper system maintenance, you can restore 15-30% of lost performance on aging computers.

What PC cleaning cannot fix

Hardware limitations represent the biggest constraint on what cleaning can accomplish. If your processor struggles with modern software demands or your RAM is maxed out during normal use, no amount of cleaning will change these hardware realities. Cleaning your PC to make it faster depends largely on whether software bloat or hardware constraints are your primary bottleneck.

Gaming performance, video editing, and other intensive tasks rely heavily on central processing unit (CPU) and graphics processing unit (GPU) capabilities. While a clean system ensures these components aren’t fighting unnecessary background processes, cleaning won’t magically boost frame rates or rendering speeds beyond your hardware’s capabilities.

But first, back up your files

Any cleanup is safer when you know your important stuff is protected. You don’t have to do a complicated backup routine; just make sure the essentials are safe.

• Check your cloud backups: If you use OneDrive, Google Drive, or iCloud, you may already be backed up without realizing it. Give those files a quick review. It only takes two minutes to confirm that your data is backed up in the cloud.
• Consider an external backup: An external drive gives you a second copy of your files in case something goes wrong. It’s especially helpful for photos, work documents, or anything you’d hate to lose.

In newer versions of Windows, go to Settings > Update & Security > Backup to set up File History, or use Settings > Accounts > Sync your settings for cloud backup. This ensures you won’t lose important files.

Step by step: Clean up your computer

Now that you’ve ensured your important files are safe, you can start the cleanup process that makes a noticeable difference in PC performance. You don’t need advanced technical skills, and you don’t need to do everything at once.

Remove temporary files and unused apps

Go to Settings > System > Storage > Temporary files and review the categories. This will take you to a screen that gives you insight into what your drive space looks like and allow you to safely remove many of them with a few clicks, especially cache and old system leftovers. 

In Windows 10/11, go to Settings > Apps > Apps & features, then sort apps by size or installation date to identify large or forgotten programs. Click any app and select “Uninstall” to remove it. 

You can also use the built-in Disk Cleanup tool by typing “Disk Cleanup” in the Start menu search. Select categories such as “Temporary files,” “Recycle Bin,” and “System cache” to review the files and remove any that are not needed. If you’re unsure what a program does, research it online before removing it, as some applications may be essential for your system’s operation. For example, you might want to keep “Windows update log files,” in case you ever need to troubleshoot Windows.

Set Windows Storage Sense for automatic cleanup

Instead of performing a manual cleanup, you can use Windows Storage Sense to keep your system clean. Navigate to Settings > System > Storage > Storage Sense to configure this powerful feature. You can set it to automatically remove temporary files, empty your recycle bin, and clear your Downloads folder of files older than 30 days.

Removing old and unused apps benefits you in two ways. First, it frees up disk space. Second, outdated apps can contain security loopholes that hackers may exploit. Older apps might have gone without an update, which can lead to security loopholes that hackers can exploit. Remove the old app, and you remove the loophole.

Use Disk Cleanup

Disk Cleanup is an older Windows tool, but it’s still reliable. It can clear system files and cached data safely when used carefully. In Disk Cleanup, you can confidently delete Temporary files, Recycle Bin contents, System error memory dump files, and old Windows Update cleanup files. Temporary Internet Files and Downloaded Program Files are also safe to remove, as your browser will recreate what it needs.

To access this tool, search “Disk Cleanup” in the Start menu, and choose your main drive (usually C:) when prompted. Review the temporary file categories before removing them. Just read descriptions, and avoid deleting anything you might need for troubleshooting.

Manage large files effectively

Identify space-consuming files by looking for large video files, old software installers, or duplicate files that you no longer need. Move important large files to external storage or cloud services to free up local space while keeping them accessible.

Clear your browser cache and cookies

This one is a bit of a double-edged sword. Your cache and cookies make many web pages load faster. By storing images, preferences, and other info, cookies speed up load times. However, the data that cookies store can get bloated over time. If the disk space they use looks a little high to you, clean them out. You can do this in Windows by typing “Cookies” in your search bar or selecting “Delete browsing data” from your browser’s menu.

Note that this may remove any saved passwords stored in your browser. However, if you’re using a password manager, this isn’t a worry. The manager does the remembering for you.

Shut off startup apps

Windows runs several apps at startup, some of which you certainly need, such as antivirus software or online protection software. Other apps, however, might not be needed to run right away and just slow down startup.

To review your startup apps, type “Startup” in the Windows search bar or press Ctrl + Shift + Esc to open Task Manager. Click the Startup tab to see a list of apps and their impact on performance. Disable programs you don’t need immediately, but keep essential security software enabled. Focus on applications marked with “High” startup impact. 

Keep essential security software enabled at startup, and research unfamiliar programs before disabling them or just leave them alone.

Erase sensitive files from the recycle bin

You’d think that deleting files in the recycle bin erases them entirely. Not so. It only removes the “pointer” to those files, but the data remains on the drive. The only way to completely remove files is when something new overwrites them, which can take time.

To completely erase files with sensitive info, use a file shredder tool similar to that in McAfee+. Although this doesn’t necessarily improve performance, it helps prevent identity theft.

Update your operating system and drivers

Ensure optimal performance and security with the latest updates. Go to Settings > Update & Security > Windows Update and click “Check for updates.” For driver updates, visit Settings > Update & Security > Windows Update > View optional updates, or use Device Manager by right-clicking the Start button and selecting it. Updated drivers improve hardware compatibility and can resolve performance issues.

Run a comprehensive security scan

If your PC feels abnormally slow, malware may be the real cause. Complete your cleanup by scanning for malware and other threats that may be causing the slowdown. Some threats run quietly in the background, consuming system resources and compromising privacy.

• Use built-in Windows Security or trusted tools: Start with a quick scan, and follow up with a deeper scan if anything looks suspicious. This can remove hidden processes that slow down your system.
• Avoid random “free cleaners”: Many of them bundle adware or unwanted programs. Stick to well-known security vendors and official sources.

Deep clean with a PC Optimizer

For a deeper clean, consider PC cleaning software such as McAfee PC Optimizer, designed to detect and clear out unnecessary files, manage startup apps, and even clean the registry at the press of a button. These cleaners usually come with customizable settings to suit your preferences. You can set automatic clean-ups at regular intervals, thus saving time, and freeing you from the hassle of remembering to run the cleanup.

To choose reliable and safe PC cleaning software, read reviews and understand what each feature does. Always use a trusted, reputable security software and avoid downloading PC cleaners from unknown sources, as some may contain malware.

Special considerations for SSD drives

If your PC uses a solid-state drive (SSD), avoid traditional defragmentation as it can reduce the drive’s lifespan without providing performance benefits. Windows automatically runs TRIM commands to instruct your SSD to delete data blocks that are no longer used. 

You can manually enable TRIM by opening Command Prompt as an administrator and running “fsutil behavior set DisableDeleteNotify 0” to confirm it’s enabled. However, we do not recommend doing this. It’s best to let Windows handle optimization automatically. 

Windows registry: To clean or not to clean

The Windows registry is your computer’s central database, storing critical configuration settings for your operating system and installed programs. Registry cleaning is a misunderstood part of PC optimization. Many people think it’s essential, but modern Windows systems usually don’t benefit from it. In addition, today’s Windows versions manage registry complexity more effectively than older versions. 

Unlike clearing temporary files or uninstalling old apps, manual registry changes can have far-reaching consequences and serious issues if done incorrectly. A single incorrect change can prevent apps from opening or cause system instability. Unless you’re troubleshooting a specific issue, it’s safer to skip it.

A clean slate for you and your PC

Restart your computer after completing these steps to ensure all changes take effect properly. Regular maintenance every 3-6 months will help keep your PC running smoothly and securely.

Physically clean your computer

Another aspect of cleaning your PC to improve its performance entails physical cleanup, specifically dust removal. When dust builds up, your PC can’t cool itself properly, leading to slower speeds, louder fans, and random stuttering. Follow this quick guide:

• Power down and disconnect everything: Turn off your computer entirely and unplug all cables before cleaning. This prevents electrical damage and keeps you safe during the cleaning process.
• Discharge static electricity: Touch a grounded metal object or use an anti-static wrist strap before handling internal components. Static electricity can damage sensitive computer parts.
• Use compressed air for dust removal: Blow out dust from vents, fans, and internal components using short bursts of compressed air. Hold the can upright and maintain a few inches of distance to avoid moisture buildup.
• Support fan blades while cleaning: Gently hold fan blades in place when using compressed air to prevent them from spinning too fast, which can damage the motor or create electrical feedback.
• Clean case vents and intake areas: Remove dust from all ventilation openings, especially intake fans and exhaust vents, which tend to accumulate dust.
• Avoid liquids near electronics: Never use water, cleaning solutions, or damp cloths on internal components. If you must clean the exterior case, use slightly damp cloths only on plastic surfaces, avoiding all ports and openings.
• Focus on heat-generating components: Pay special attention to the CPU cooler, graphics card fans, and power supply vents, as dust here directly impacts cooling performance.
• Clean regularly for sustained performance: Dust-free systems run cooler and prevent thermal throttling, where your CPU or GPU reduces performance to avoid overheating. This keeps your computer running at optimal speed.
• Know when to seek professional help: If you’re uncomfortable opening your computer case or notice excessive dust buildup in hard-to-reach areas, consider having a professional service perform a thorough cleaning.
• Reassemble and test: Once you have completed the cleaning, reconnect all cables and secure the side panel. Power on your system and check that the CPU fan spins properly. Monitor temperatures during initial use to ensure adequate cooling.

Clean your PC to improve your game, somewhat

If you’re asking this question, you’re probably gaming — and yes, cleaning can help restore lost frames per second (FPS), but it won’t magically exceed your hardware’s capabilities. 

Dust buildup causes thermal throttling, which leads to frame drops and stuttering. Physical cleaning will reduce overheating, improve airflow, and help maintain stable frame rates.

Meanwhile, too many processes can consume CPU time and RAM, hindering your gaming experience. Trimming startup apps and closing unused background tools can improve gaming smoothness.

Remember, though, that cleaning won’t address your PC’s hardware limitations. If your GPU can’t handle your settings, no amount of cleanup will make it a high-end card. Cleaning keeps your current hardware running at its best.

Find the best PC cleaner

For most users, combining manual cleaning with reputable automated tools provides the best results. Quality PC optimizers can safely handle routine maintenance tasks, but it’s also important to choose trusted solutions that won’t cause more problems than they solve.

Make safe choices

The market offers both legitimate optimization software as well as potentially harmful programs that could compromise your system’s security and privacy. Red flags to watch for include solutions that:

• Bundle adware or unwanted programs that install alongside the cleaner
• Promise unrealistic performance gains through aggressive registry modifications
• Exaggerate scan results, claiming thousands of “critical errors” to pressure you into purchasing
• Request excessive system permissions beyond what’s needed for basic cleanup tasks
• Lack of transparency about what files or settings will be modified

Choose trustworthy PC cleaning tools by:

• Downloading only from official vendors and verified software repositories
• Reading user reviews and expert evaluations from reputable technology publications
• Verifying the software publisher’s reputation and track record in cybersecurity
• Checking for clear privacy policies that explain data collection practices
• Looking for tools that provide detailed cleanup reports before making changes
• Considering integrated solutions that include PC optimization and protection capabilities for better compatibility and coordinated system management

Consider hardware upgrades

If you have done everything you can to clean your PC systemically and physically, and it is still running slow, it might be time to consider a hardware upgrade. Modern computers with sufficient RAM and processing power respond well to maintenance, while older systems may need hardware upgrades to see meaningful improvements. In this day and age, upgrading to 8GB or 16GB will likely deliver more dramatic performance improvements than any cleaning routine. 

Similarly, switching from a traditional hard drive to an SSD provides speed boosts that far exceed what software optimization can do. For example, upgrading to an SSD can dramatically reduce boot times, while routine PC cleaning typically produces more modest improvements. The sweet spot for PC cleaning benefits occurs when you can balance adequate hardware and software accumulation. 

Final thoughts

Cleaning your PC is an essential part of maintaining its performance. While it might not drastically increase your PC’s speed, it contributes to overall efficiency, responsiveness, and longevity.

The key to lasting results is establishing a consistent maintenance routine, whether it means weekly disk cleanups, monthly startup reviews, or quarterly deep cleans with trusted tools. Take note that it is best to approach PC cleaning carefully, deleting with discretion to avoid accidentally removing necessary files or applications. For those who aren’t comfortable doing it manually, reliable PC cleaning software like McAfee+ can simplify the process and save time.

The post Does PC Cleaning Improve Performance? appeared first on McAfee Blog.

A simple click of a link can’t cause any trouble, right? Wrong.

It doesn’t matter if you quickly close out of a window. It doesn’t matter if you only take a quick peek and don’t touch anything else while you’re on a risky webpage. Often, just clicking on a single link can compromise your device, online privacy, and even your personal information. The mere action of clicking a suspicious link could expose you to malware, scams, or identity theft.

Here’s everything you need to know to recognize, steer clear of, and take the proper action in case you accidentally click on a questionable link.

Consequences of clicking on a risky link

A risky link is any hyperlink that redirects you to an unexpected and possibly compromised webpage. Often, these webpages trick visitors into divulging personal information or automatically download malicious payloads (viruses, malware, spyware, etc.) onto your device. 

Email remains the most frequent delivery method, with phishing messages designed to look like urgent notifications from trusted companies. A variation of this is SMS phishing or “smishing,” where attackers send sketchy links through text messages claiming package delivery issues. Another common method involves sending malicious links via direct messages on social media, where compromised accounts target their contact lists. According to the Federal Trade Commission (FTC), $70 million was lost to phishing and spoofing in 2024. 

Hackers could also use your browser to deliver their criminal work. In drive-by downloads, for instance, simply visiting a compromised webpage can automatically install malware on your device without any additional action from you. Outdated browsers and plugins are another entry point for cybercriminals to gain unauthorized access to your system. 

A bad link might also direct you to a fake login page that looks identical to a legitimate site, such as your bank. Any information you enter on these fraudulent pages goes directly to scammers, who can then access your real accounts.

Meanwhile, mobile malware is a vast category of malicious software that often makes its way onto devices through infected links. Malware can spy on you, monitor your keystrokes, infect your device with a botnet, and ultimately compromise your device and the information it stores.

Risk factors as entry points 

As threat actors continuously adapt their tactics to circumvent security solutions, one critical factor that determines your risk level is your device’s security posture. A device with updated software, a modern browser, active antivirus protection, and restricted permissions is far less likely to be compromised by a malicious site or download. Conversely, outdated systems, unpatched vulnerabilities, or disabled security features create easy openings for attackers to exploit. 

Another risk factor is the rhythm or pace at which you operate your devices. As artificial intelligence tools are increasingly helping scammers and phishers disguise their malicious links to look more believable, you will need to slow down, control the impulse to click, and take a minute to intentionally look at what you are doing. If you read quickly, you could accidentally click a malicious link and fall for a scam.

Check before you click

Even the most convincing messages can hide dangerous links. Before you click on anything, it’s worth taking a few seconds to verify where that link actually leads. These quick checks can help you spot red flags and avoid landing on malicious or fraudulent websites designed to steal your information.

• Be skeptical: It seems pessimistic, but reserve a bit of skepticism for every incredible deal, unbelievable discount, or free download you encounter online. Just because an email advertises on Facebook doesn’t mean it’s a legitimate organization. Its real business might not be selling t-shirts but phishing for personal information. Scammers often hide their malicious links behind clickbait.
• Look before you click: On your desktop, hover over any link to see the destination URL appear at the bottom of your browser window or in a tooltip. On mobile, press and hold your finger over the link for a few seconds to preview where it leads. Look for misspellings in domain names, suspicious characters, or URLs that don’t match what you’d expect from the sender.
• Pay attention to prompts: When a website requests your approval to download files, access your camera, or run scripts, pay careful attention. Legitimate sites rarely need extensive permissions for basic browsing, so unusual permission requests should raise immediate red flags.
• Verify website security indicators: Check that the site uses HTTPS, viewable through a lock icon in your browser’s address bar. Be especially cautious with shortened links such as bit.ly or tinyurl.com. Expand them first using preview tools or browser extensions that show the full destination before clicking.
• Use URL inspection tools: When you’re unsure about a link, copy and paste it into reputable URL checking services that scan for malicious content. Many browsers have built-in safe browsing warnings that alert you to potentially dangerous sites.
• Analyze the context and sender: Consider the sender and whether the message feels urgent or too good to be true. Scammers often create artificial urgency with phrases such as “act now” or “limited time.” If the sender is someone you know, verify through a different channel that they actually sent it.
• For sensitive activities, go directly to official sites: Open a new browser tab and type the website address yourself to avoid convincing-looking fake sites designed to steal your credentials. Never click links in emails or messages for banking, shopping, or other sensitive activities.
• Trust your instincts: If something feels off about a message or a link, take a moment to think and investigate. A few seconds of caution can prevent hours of cleanup and millions of dollars in recovery.

So you clicked. What next?

If you’ve accidentally clicked a phishing link, don’t panic, but do act fast. Quick, calm steps can make all the difference in preventing further damage. Here’s what to do right away to secure your device, accounts, and personal information.

1. Disconnect from the internet immediately: If you’re on Wi-Fi, turn off your wireless connection or unplug your ethernet cable. This prevents malicious software from communicating with remote servers or downloading cyber threats onto your device.
2. Do not enter any personal information: If the bad link directed you to a login page or form requesting credentials, close the browser tab immediately. Never input passwords, Social Security numbers, banking details, or other sensitive data on pages you’ve reached through suspicious links.
3. Run a comprehensive security scan: Perform a full system scan using your antivirus software to detect and remove any malware that may have been downloaded when you clicked the link. Allow the scan to complete entirely, even if it takes several hours.
4. Change your passwords immediately: From another uncompromised device, revise your login credentials. Start with your most critical accounts, email, banking, and financial services, followed by social media, work accounts, and shopping sites. Use strong, unique passwords for each account to prevent credential stuffing attacks.
5. Enable multi-factor authentication (MFA): Strengthen the security of your accounts by enabling MFA wherever possible to reduce the risk of unauthorized access, even if criminals have obtained your login credentials through a phishing attempt.
6. Review your account activity: Check recent login attempts, transaction histories, and account settings across all your important accounts. Look for unauthorized changes, unfamiliar devices, or suspicious activity that occurred around the time you clicked the link.
7. Review and revoke access for suspicious apps: Review and remove any unfamiliar applications or browser extensions that have access to your accounts. Phishing attacks sometimes attempt to install malicious browser extensions or authorize fraudulent apps.
8. Clear your browser data: Delete your browsing history, cookies, and cached files to remove any potentially malicious code or tracking cookies that could compromise your future browsing sessions.
9. Report the phishing attempt: Forward suspicious emails to your email provider’s spam team and report the incident to the FTC. If you received the link via text, report it to your mobile carrier. These steps protect others from falling victim to the scheme.
10. Consider credit monitoring and identity protection: If you suspect your personally identifiable information was compromised, place a fraud alert on your credit reports and consider freezing your credit. Monitor your financial statements closely for unauthorized transactions and unusual activity in the weeks following the incident.

Get support from the right tools

Even with your strong digital habits and awareness, it’s easy for something to slip through the cracks. With the right technology that catches potential threats before they reach you, you can browse, message, and shop online without worry.

McAfee’s Scam Detector proactively alerts you and automatically protects you the moment it detects a scam link in your texts, emails, or on social media. If you accidentally click on a scam link, the app will block the malicious webpage from loading. The more you use this artificial intelligence-powered tool, the smarter it becomes. 

Final thoughts

Protecting yourself from those risky phishing links doesn’t require becoming a security expert. It only takes simple habits to dramatically reduce these threats. Take a moment to be intentional and alert, and make informed choices about the links you encounter. 

By taking time to verify URLs, staying reasonably skeptical, enabling automatic updates, trusting your instincts, and relying on trusted security tools for safe browsing and scam detection, you can create powerful barriers against cybercriminals.

Whether you’re browsing social media, checking emails, or exploring new websites, that brief pause to assess whether a link looks legitimate can be the difference between safety and falling victim to sketchy links and credential theft. Share these simple safety practices with your family members, especially those who might be less familiar with online threats, because collective awareness makes everyone safer.

The post What Are the Risks of Clicking on Malicious Links? appeared first on McAfee Blog.

Chances are, you have more personal information posted online than you think.

In 2024, the U.S. Federal Trade Commission (FTC) reported that 1.1 million identity theft complaints were filed, where $12.5 billion was lost to identity theft and fraud overall—a 25% increase over the year prior.

What fuels all this theft and fraud? Easy access to personal information.

Here’s one way you can reduce your chances of identity theft: remove your personal information from the internet.

Scammers and thieves can get a hold of your personal information in several ways, such as information leaked in data breaches, phishing attacks that lure you into handing it over, malware that steals it from your devices, or by purchasing your information on dark web marketplaces, just to name a few.

However, scammers and thieves have other resources and connections to help them commit theft and fraud—data broker sites, places where personal information is posted online for practically anyone to see. This makes removing your info from these sites so important, from both an identity and privacy standpoint.

What are data brokers?

Data broker sites are massive repositories of personal information that also buy information from other data brokers. As a result, some data brokers have thousands of pieces of data on billions of individuals worldwide.

What kind of data could they have on you? A broker may know how much you paid for your home, your education level, where you’ve lived over the years, who you’ve lived with, your driving record, and possibly your political leanings. A broker could even know your favorite flavor of ice cream and your preferred over-the-counter allergy medicine thanks to information from loyalty cards. They may also have health-related information from fitness apps. The amount of personal information can run that broadly, and that deeply.

With information at this level of detail, it’s no wonder that data brokers rake in an estimated $200 billion worldwide every year.

Sources of your information

Your personal information reaches the internet through six primary methods, most of which are initiated by activities you perform on a daily basis. Understanding these channels can help you make more informed choices about your digital footprint.

Digitized public records

When you buy a home, register to vote, get married, or start a business, government agencies create public records that contain your personal details. These records, once stored in filing cabinets, are now digitized, accessible online, and searchable by anyone with an internet connection.

Social media sharing and privacy gaps

Every photo you post, location you tag, and profile detail you share contributes to your digital presence. Even with privacy settings enabled, social media platforms collect extensive data about your behavior, relationships, and preferences. You may not realize it, but every time you share details with your network, you are training algorithms that analyze and categorize your information.

Data breaches

You create accounts with retailers, healthcare providers, employers, and service companies, trusting them to protect your information. However, when hackers breach these systems, your personal information often ends up for sale on dark web marketplaces, where data brokers can purchase it. The Identity Theft Research Center Annual Data Breach Report revealed that 2024 saw the second-highest number of data compromises in the U.S. since the organization began recording incidents in 2005.

Apps and ad trackers

When you browse, shop, or use apps, your online behavior is recorded by tracking pixels, cookies, and software development kits. The data collected—such as your location, device usage, and interests—is packaged and sold to data brokers who combine it with other sources to build a profile of you.

Loyalty programs

Grocery store cards, coffee shop apps, and airline miles programs offer discounts in exchange for detailed purchasing information. Every transaction gets recorded, analyzed, and often shared with third-party data brokers, who then create detailed lifestyle profiles that are sold to marketing companies.

Data broker aggregators

Data brokers act as the hubs that collect information from various sources to create comprehensive profiles that may include over 5,000 data points per person. Seemingly separate pieces of information become a detailed digital dossier that reveals intimate details about your life, relationships, health, and financial situation.

The users of your information

Legally, your aggregated information from data brokers is used by advertisers to create targeted ad campaigns. In addition, law enforcement, journalists, and employers may use data brokers because the time-consuming pre-work of assembling your data has largely been done.

Currently, the U.S. has no federal laws that regulate data brokers or require them to remove personal information if requested. Only a few states, such as Nevada, Vermont, and California, have legislation that protects consumers. In the European Union, the General Data Protection Regulation (GDPR) has stricter rules about what information can be collected and what can be done with it.

On the darker side, scammers and thieves use personal information for identity theft and other forms of fraud. With enough information, they can create a high-fidelity profile of their victims to open new accounts in their name. For this reason, cleaning up your personal information online makes a great deal of sense.

Types of personal details to remove online

Understanding efforts to remove personal information, which data types pose the greatest threat, can help you prioritize your removal efforts. Here are the high-risk personal details you should target first, ranked by their potential for harm.

Highest priority: Identity theft goldmines

• Social Security Number (SSN) with full name and address: This combination provides everything criminals need for identity theft, leading to fraudulent credit accounts, tax refund theft, and employment fraud that may take years to resolve, according to the FTC.
• Financial account information: Bank account numbers, credit card details, and investment account information enable direct financial theft. Even partial account numbers can be valuable when combined with other personal details from data breaches.
• Driver’s license and government-issued ID information: These serve as primary identity verification for many services and can be used to bypass security measures at financial institutions and government agencies.

High priority: Personal identifiers

• Full name combined with home address: This pairing makes you vulnerable to targeted scams and physical threats, while enabling criminals to gather additional information about your household and family members.
• Date of birth: Often used as a security verification method, your date of birth, combined with other identifiers, can unlock accounts and enable age-related targeting for scams.
• Phone numbers: This information enables SIM swapping, where criminals take control of your phone number to bypass two-factor authentication and access your accounts.

Medium-high priority: Digital and health data

• Email addresses: Your primary email serves as the master key to password resets across multiple accounts. In contrast, secondary emails can reveal personal interests and connections that criminals exploit in social engineering.
• Medical and health app data: This is highly sensitive information that can be used for insurance discrimination, employment issues, or targeted health-related scams.
• Location data and photos with metadata: Reveals your daily patterns, workplace, home address, and frequented locations. Photos with embedded GPS coordinates can reveal your exact location and potentially enable stalking or burglary.

Medium priority: Account access points

• Usernames and account handles: These help criminals map your digital footprint across platforms to discover your personal interests, connections, and even potential security questions and answers. They also enable account impersonation and social engineering against your contacts.

When prioritizing your personal information removal efforts, focus on combinations of data rather than individual pieces. For example, your name alone poses minimal risk, but when combined with your address, phone number, and date of birth, it creates a comprehensive profile that criminals can exploit. Tools such as McAfee Personal Data Cleanup can help you identify and systematically remove these high-risk combinations from data broker sites.

Step-by-step guide to finding your personal data online

1. Targeted search queries: Search for your full name in quotes (“John Smith”), then combine it with your city, phone number, or email address. Try variations like “John Smith” + “123 Main Street” or “John Smith” + “555-0123”. Don’t forget to search for old usernames, maiden names, or nicknames you’ve used online. Aside from Google, you can also check Bing, DuckDuckGo, and people search engines.
2. Major data broker and people search sites: Search for yourself in common data aggregators: Whitepages, Spokeo, BeenVerified, Intelius, PeopleFinder, and Radaris. Take screenshots of what you find as documentation. To make this process manageable, McAfee Personal Data Cleanup scans some of the riskiest data broker sites and shows you which ones are selling your personal info.
3. Social media platforms and old accounts: Review your Facebook, Instagram, LinkedIn, Twitter, and other platforms for publicly visible personal details. Check old accounts—dating sites, forums, gaming platforms, or professional networks. Look for biographical information, location data, contact details, photos, and even comment sections where you may have shared details.
4. Breach and dark web monitoring tools: Have I Been Pwned and other identity monitoring services can help you scan the dark web and discover if your email addresses or phone numbers appear in data breaches.
5. Ongoing monitoring alerts: Create weekly Google Alerts for your and your family members’ full names, address combinations, and phone numbers. Some specialized monitoring services can track once your information appears on new data broker sites or gets updated on existing ones.
6. Document everything in a tracker: Create a spreadsheet or document to systematically track your findings. Include the website name and URL, the specific data shown, contact information for removal requests, date of your opt-out request, and follow-up dates. Many sites require multiple follow-ups, so having this organized record is essential for successful removal.

This process takes time and persistence, but services such as McAfee Personal Data Cleanup can continuously monitor for new exposures and manage opt-out requests on your behalf. The key is to first understand the full scope of your online presence before beginning the removal process.

Remove your personal information from the internet

Let’s review some ways you can remove your personal information from data brokers and other sources on the internet.

Request to remove data from data broker sites

Once you have found the sites that have your information, the next step is to request that it be removed. You can do this yourself or employ services such as McAfee’s Personal Data Cleanup, which can help manage the removal for you depending on your subscription. ​It also monitors those sites, so if your info gets posted again, you can request its removal again.

Limit the data Google collects

You can request to remove your name from Google search to limit your information from turning up in searches. You can also enable “Auto Delete” in your privacy settings to ensure your data is regularly deleted. Occasionally, deleting your cookies or browsing in incognito mode prevents websites from tracking you. If Google denies your initial request, you can appeal using the same tool, providing more context, documentation, or legal grounds for removal. Google’s troubleshooter tool may explain why your request was denied—either legitimate public interest or newsworthiness—and how to improve your appeal.

It’s important to know that the original content remains on the source website. You’ll still need to contact website owners directly to have your actual content removed. Additionally, the information may still appear in other search engines.

Delete old social media accounts

If you have old, inactive accounts that have become obsolete, such as Myspace or Tumblr, you may want to deactivate or delete them entirely. For social media platforms that you use regularly, such as Facebook and Instagram, consider adjusting your privacy settings to keep your personal information to the bare minimum.

Remove personal info from websites and blogs

If you’ve ever published articles, written blogs, or created any content online, it is a good time to consider taking them down if they no longer serve a purpose. If you were mentioned or tagged by other people, it is worth requesting them to take down posts with sensitive information.

Delete unused apps and restrict permissions in those you use

Another way to tidy up your digital footprint is to delete phone apps you no longer use, as hackers are able to track personal information on these and sell it. As a rule, share as little information with apps as possible using your phone’s settings.

Remove your info from other search engines

• Bing: Submit removal requests through Bing’s Content Removal tool for specific personal information like addresses, phone numbers, or sensitive data. Note that Bing primarily crawls and caches content from other websites, so removing the original source content first will prevent re-indexing.
• Yahoo: Yahoo Search results are powered by Bing, so use the same Bing Content Removal process. For Yahoo-specific services, contact their support team to request the removal of cached pages and personal information from search results.
• DuckDuckGo and other privacy-focused engines: These search engines don’t store personal data or create profiles, but pull results from multiple sources. We suggest that you focus on removing content from the original source websites, then request the search engines to update their cache to prevent your information from reappearing in future crawls.

Escalate if needed

After sending your removal request, give the search engine or source website 7 to 10 business days to respond initially, then follow up weekly if needed. If a website owner doesn’t respond within 30 days or refuses your request, you have several escalation options:

• Contact the hosting provider: Web hosts often have policies against sites that violate privacy laws
• File complaints: Report to your state attorney general’s office or the Federal Trade Commission
• Seek legal guidance: For persistent cases involving sensitive information, consult with a privacy attorney

For comprehensive guidance on website takedown procedures and your legal rights, visit the FTC’s privacy and security guidance for the most current information on consumer data protection. Direct website contact can be time-consuming, but it’s often effective for removing information from smaller sites that don’t appear on major data broker opt-out lists. Stay persistent, document everything, and remember that you have legal rights to protect your privacy online.

Remove your information from browsers

After you’ve cleaned up your data from websites and social platforms, your web browsers may still save personal information, such as your browsing history, cookies, autofill data, saved passwords, and even payment methods. Clearing this information and adjusting your privacy settings helps prevent tracking, reduces targeted ads, and limits the amount of personal data websites can collect about you.

• Clear your cache: Clearing your browsing data is usually done by going to Settings and looking for the Privacy and Security section, depending on the specific browser. This is applicable in Google Chrome, Safari, Firefox, Microsoft Edge, as well as mobile phone operating systems such as Android and iOS.

• Disable autofill: Autofill provides the convenience of not having to type your information every time you complete a form. That convenience has a risk, though, autofill saves addresses, phone numbers, and even payment methods. To prevent websites from automatically populating forms with your sensitive data, disable the autofill settings independently. For better security, consider using a dedicated password manager instead of browser-based password storage.
• Set up automatic privacy protection: Set up your browsers to automatically clear cookies, cache, and site data when you close them. This ensures your browsing sessions don’t leave permanent traces of your personal information on your device.
• Use privacy-focused search engines: Consider using privacy-focused search engines like DuckDuckGo as your default. These proactive steps significantly reduce the amount of personal information that browsers collect and store about your online activities.

Get your address off the internet

When your home address is publicly available, it can expose you to risks like identity theft, stalking, or targeted scams. Taking steps to remove or mask your address across data broker sites, public records, and even old social media profiles helps protect your privacy, reduce unwanted contact, and keep your personal life more secure.

1. Opt out of major data broker sites: The biggest address exposers are Whitepages, Spokeo, and BeenVerified. Visit their opt-out pages and submit removal requests using your full name and current address. Most sites require email verification and process removals within 7-14 business days.
2. Contact public records offices about address redaction: Many county and state databases allow address redaction for safety reasons. File requests with your local clerk’s office, voter registration office, and property records department. Complete removal isn’t always possible, but some jurisdictions offer partial address masking.
3. Enable WHOIS privacy protection on domain registrations: If you own any websites or domains, request your domain registrar to add privacy protection services to replace your personal address with the registrar’s information.
4. Review old forums and social media profiles: Check your profiles on forums, professional networks, and social platforms where you may have shared your address years ago. Delete or edit posts containing location details, and update bio sections to remove specific address information.
5. Verify removal progress: Every month, do a search of your name and address variations on different search engines. You can also set up Google Alerts to monitor and alert you when new listings appear. Most data broker removals need to be renewed every 6-12 months as information gets re-aggregated.

The cost to delete your information from the internet

The cost to remove your personal information from the internet varies, depending on whether you do it yourself or use a professional service. Read the guide below to help you make an informed decision:

DIY approach

Removing your information on your own primarily requires time investment. Expect to spend 20 to 40 hours looking for your information online and submitting removal requests. In terms of financial costs, most data brokers may not charge for opting out; however, other expenses could include certified mail fees for formal removal requests, which range from $3 to $8 per letter, and possibly notarization fees for legal documents. In total, this effort can be substantial when dealing with dozens of sites.

Professional removal services

Depending on which paid removal and monitoring service you employ, basic plans typically range from $8 to $25 monthly, while annual plans, which often provide better value, range from $100 to $600. Premium services that monitor hundreds of data broker sites and provide ongoing removal can cost $1,200-$2,400 annually.

The difference in pricing is driven by several factors. This includes the number of data broker sites to be monitored, which could cover more than 200 sites, and the scope of removal requests, which may include basic personal information or comprehensive family protection. The monitoring frequency and additional features, such as dark web monitoring, credit protection, identity restoration support, and insurance coverage, typically command higher prices.

The value of continuous monitoring

The upfront cost may seem significant, but continuous monitoring provides essential value. A McAfee survey revealed that 95% of consumers’ personal information ends up on data broker sites without their consent. It is possible that after the successful removal of your information, it may reappear on data broker sites without ongoing monitoring. This makes continuous protection far more cost-effective than repeated one-time cleanups.

Services such as McAfee Personal Data Cleanup can prove invaluable, as it handles the initial removal process, as well as ongoing monitoring to catch when your information resurfaces, saving you time and effort while offering long-term privacy protection.

Aside from the services above, comprehensive protection software can help safeguard your privacy and minimize your exposure to cybercrime with these offerings, such as:

• An unlimited virtual private network to make your personal information much more difficult to collect and track
• Identity monitoring that tracks and alerts you if your specific personal information is found on the dark web
• Identity theft coverage and restoration helps you pay for legal fees and travel expenses, and further assistance from a licensed recovery pro to repair your identity and credit
• Other features, such as safe browsing to help you avoid dangerous links, bad downloads, malicious websites, and more online threats when you’re online

So while it may seem like all this rampant collecting and selling of personal information is out of your hands, there’s plenty you can do to take control. With the steps outlined above and strong online protection software in place, you can keep your personal information more private and secure.

Essential steps if your information is found on the dark web

Unlike legitimate data broker sites, the dark web operates outside legal boundaries where takedown requests don’t apply. Rather than trying to remove information that’s already circulating, you can take immediate steps to reduce the potential harm and focus on preventing future exposure. A more effective approach is to treat data breaches as ongoing security issues rather than one-time events.

Both the FTC and Cybersecurity and Infrastructure Security Agency have released guidelines on proactive controls and continuous monitoring. Here are the key steps of those recommendations:

1. Change your passwords immediately and enable multi-factor authentication. Start with your most critical accounts—banking, email, and any services linked to financial information. Create unique, strong passwords for each account and enable MFA where possible for an extra layer of protection.
2. Monitor your financial accounts and credit reports closely. Check your bank statements, credit card accounts, and investment accounts for any unauthorized activity. Request your free annual credit reports from all three major bureaus and carefully review them for accounts you didn’t open or activities you don’t recognize.
3. Place fraud alerts or credit freezes. Contact Equifax, Experian, and TransUnion to place fraud alerts, which require creditors to verify your identity before approving new accounts. Better yet, consider a credit freeze to block access to your credit report entirely until you lift it.
4. Replace compromised identification documents if necessary. If your Social Security number, driver’s license, or passport information was exposed, contact the appropriate agencies to report the breach and request new documents. IdentityTheft.gov provides step-by-step guidance for replacing compromised documents.
5. Set up ongoing identity monitoring and protection. Consider using identity monitoring services that scan the dark web and alert you to new exposures of your personal information.
6. Document everything and report the incident. Keep detailed records of any suspicious activities you discover and all steps you’ve taken. File a report with the FTC and police, especially if you’ve experienced financial losses. This documentation will be crucial for disputing fraudulent charges or accounts.

Legal and practical roadblocks

As you go about removing your information from the internet, it is important to set realistic expectations. Several factors may limit how completely you can remove personal data from internet sources:

• The United States lacks comprehensive federal privacy laws requiring companies to delete personal information upon request.
• Public records, court documents, and news articles often have legal protections that prevent removal.
• International websites may not comply with U.S. deletion requests.
• Cached copies could remain on search engines and archival sites for years.
• Data brokers frequently repopulate their databases from new sources even after opt-outs.

While some states like California have stronger consumer privacy rights, most data removal still depends on voluntary compliance from companies.

Final thoughts

Removing your personal information from the internet takes effort, but it’s one of the most effective ways to protect yourself from identity theft and privacy violations. The steps outlined above provide you with a clear roadmap to systematically reduce your online exposure, from opting out of data brokers to tightening your social media privacy settings.

This isn’t a one-time task but an ongoing process that requires regular attention, as new data appears online constantly. Rather than attempting to completely erase your digital presence, focus on reducing your exposure to the most harmful uses of your personal information. Services like McAfee Personal Data Cleanup can help automate the most time-consuming parts of this process, monitoring high-risk data broker sites and managing removal requests for you.

The post How to Remove Your Personal Information From the Internet appeared first on McAfee Blog.

Deleting your browsing history has its benefits. Firstly, it can improve the performance of your device. Secondly, it can help make you more private online to a point. In fact, clearing your history periodically is just one of several steps you can take to enhance your privacy. It won’t erase you from the internet, but it does reduce the data stored on your devices and in your accounts.

To help you understand the benefits of deleting your browser history, we’ll walk you through what your browsing history includes, how to clear it in popular browsers, the pros and cons of using incognito mode, as well as additional tips for enhancing your privacy and optimizing your device’s performance.

Clearing your browsing and search history matters

The two ways your browser uses to build your history are remembering the websites you visit and saving the topics that you search for. Together, they paint a comprehensive picture of your digital life. 

Over time, the cached browsing data, such as files, cookies, and stored history consume valuable storage space and slow down your computer, especially on older devices or those with limited storage capacity.

Although your browsing or search history may seem harmless, the bigger concern about this stored information goes deeper than device performance. They create detailed profiles of your interests, habits, and personal information that can impact your privacy in ways you might not expect.

Your search history directly feeds into the hidden processes that customize your online experience, allowing companies to build detailed profiles about the interests, relationships, health concerns, and financial situations that you research. What’s more, tracking technologies in the search engine follow you across websites, collecting more data about you.

Similarly, your browser saves your preferences and the sites you visit to load pages faster. That’s a convenience for you, but browsers also share this data with data brokers, advertising networks, and analytics companies, who use it to customize the ads displayed on your browser.

Additionally, data brokers frequently purchase and resell browsing and search data to create consumer profiles for marketing, insurance, and even employment purposes. Your search for health information might influence insurance rates, while your browsing patterns could affect loan approvals or job opportunities. Additionally, this aggregated data makes you vulnerable during security breaches, potentially exposing sensitive personal information to malicious actors.

Benefits of regularly clearing your browser history 

When you regularly delete your browsing and search history, you gain several immediate advantages, such as greater control over your digital footprint and online reputation by limiting data collection and profiling. You will also enjoy the improved performance of your device as a result of freeing up storage space, and you will receive fewer targeted advertisements, as algorithms have less data to work with. Most importantly, you reduce your risk of data exposure in the event of a security breach or device theft.

Taking control of your browsing and search history puts you back in charge of your digital privacy. 

Delete your internet history in the browser

There’s no fixed or recommended time for deleting your browsing history, cache, and cookies. It’s all relative to your system’s storage space and personal preferences. To get started, refer to this step-by-step guide when you believe it’s time to clear your browser.

Google Chrome

To delete your browser history on Google Chrome:

• Open the Chrome browser on your laptop or computer.
• Select the three vertical dots in the upper right corner.
• Find an option that says “Clear browsing data.”
• Select your preferred time range near the top of the screen. To delete all data since you first used your browser, select “All time.” If you want to delete history from the past hour, select “Last hour.”
• Next, check the boxes saying “Cookies and other site data” and “Cache images and files,” and select “Clear data.”

Some of your settings may be deleted when you clear your browser history. For example, you might have to re-sign into your accounts. But that is a small price to pay for keeping your privacy. If you want to delete cookies and cache for a specific site, you can check out Google’s Chrome support page.

Microsoft Edge

Clearing your Microsoft Edge browsing data is similar to the process in Chrome. On your device, turn off sync before clearing the data, as the selected data will be deleted across all your synced devices if sync is turned on.

• Open the Microsoft Edge browser on your device.
• Select the three horizontal dots in the upper right corner.
• Find the option that says “Delete browsing data.”
• You will be prompted to select the time range from a dropdown list, ranging from “Last hour” to “All time.”

• You’ll see an option to select which types of browsing data to clear. Select the data you want to delete, such as browsing or download history, cookies, and cached images and files. You may keep the saved passwords and autofill data unchecked.
• Select the “Clear now” option.

Mozilla Firefox

To delete your browsing, search, and download history on Mozilla Firefox, follow these basic steps:

• Select “Menu” and select “History.”
• Select the “Clear recent history” option.
• In “Time range to clear,” select “Everything” from the drop-down menu.
• Select “Cache” and other items to delete in the options list.
• Ensure the files you want to keep aren’t selected.
• Select “OK.”

Safari

Here are simple steps to clear browser cache and cookies on Safari on the Apple macOS, but an iPad or iPhone might have slightly different steps.

• Go to the Safari app on your Mac.
• Choose Safari > Settings, then click Privacy.
• Click Manage Website Data.
• Select one or more websites, then click Remove or Remove All.

That’s all! You’ve now deleted your browser history on Safari.

Opera

To clear the cache and browser history in Opera:

• On your Opera browser, go to Settings (Alt+P).
• Select Privacy & Security on the left, then click “Delete browsing data.”
• Select a time range and the data you wish to clear, and click “Delete data.”

Delete your history at the account level, across all devices

After clearing your browser and search history, you may also want to consider deleting your account-level history. While browser-level history encompasses the searches and websites stored locally on your device, your account-level history refers to the searches that are logged and stored when you’re signed into that account. 

Related to this, when you’re signed into accounts such as Google, Microsoft, or other services on several devices at once, your search and browsing activity is automatically synchronized across all the devices you are signed into. Deleting the search and browsing history on your phone won’t remove it from your laptop. To clear history on all your devices where you are signed in, you will need to delete it at the account level, where the syncing happens. In doing so, you are addressing the source of data collection that follows you across all your devices and online activities. This action provides genuine privacy protection, rather than just cleaning up individual browsers.

Here’s how to delete your search history so it disappears from every device where you’re signed in:

1. Access your account activity center on Google or your Microsoft Privacy Dashboard. Other services have similar activity management pages.
2. Look for “Web & App Activity” or “Search History” sections on the respective accounts. Choose to delete by time range (last hour, day, week) or select “All time” to delete search history from your account completely. The automatic synchronizing typically takes a few minutes to propagate across your devices.
3. Verify on another device. To check another device where you’re signed in, type previous search terms to see if autocomplete suggestions appear. Also, check that your search history pages show no recent activity. You may need to refresh your browser or restart your search app.

Manage multiple accounts and profiles

Many people use multiple accounts or browser profiles for work, personal use, or family sharing. Each requires separate attention:

• Make sure to clear your history for each account. Log into each Google, Microsoft, Yahoo, or other account you use and clear the search history separately. The deletion of one account doesn’t affect another.
• Check browser profiles individually. If you use multiple browsers or browser profiles, each may be signed into different accounts. Clear the history for each profile separately.
• Don’t forget your guest or incognito usage. While private browsing doesn’t save history locally, you might still be signed into accounts that track your activity.

Other accounts you need to wipe clean

Now you know that your browsers and search engines aren’t the only accounts you need to scrub, here is a short list of other online services that you will need to check and clear:

Bing

1. Sign in to your Microsoft account and navigate to the Privacy dashboard to access all your account-level privacy settings across Microsoft services. This central hub controls how Microsoft collects and uses your data across all its services.
2. Locate search history settings. In the Privacy dashboard, find the “Search history” section under your activity data to view all the search queries you’ve made while signed into your Microsoft account on Bing.
3. Choose your deletion method.

• Delete individual searches: Click the “X” next to each query you want to remove from your search history.
• Clear all search history: Select “Clear all search history” to delete search history completely and start fresh
• Delete by date range: Choose a specific time period to clear history from just that timeframe

Confirm your deletion. Microsoft will ask you to confirm your choice before permanently removing your search history. Remember, this action cannot be undone, so make sure you’re comfortable with losing this data.

Disable future personalization (optional). To prevent Bing from saving future searches, turn off the “Search history” collection in your privacy settings. 

To see the synchronized changes in your search history across all devices and all Microsoft accounts, including Windows PCs, Xbox, and mobile devices, you will need to refresh Bing. The caveat to deleting your Bing search history is that it prevents the engine from personalizing your search results and ads. You will notice fewer relevant suggestions and more generic search experiences until you build up new search patterns.

Yahoo!

1. Sign in to your Yahoo.com using your Yahoo email address and password, and navigate to your search history settings. Click on your profile icon or name and select “Account Info” from the dropdown menu. On the left sidebar, go to Privacy or Privacy Dashboard > Manage your data and activity.
2. Find and select “Search History” or “Web Search History” to display all the search queries you’ve made while signed into your Yahoo account on different devices and browsers.
3. To remove a specific search, click the “X” or “Delete” button next to the individual query. You can also use the search bar in your history to find specific terms you want to delete.
4. To delete your entire Yahoo search history, choose the “Clear All” or “Delete All” option at the top of your search history page. 
5. To review ad personalization settings in your privacy dashboard, navigate to “Ad Interest Manager” or “Advertising Preferences.” You can turn off personalized advertising or modify your ad interests.

After the deletions, you may need to sign out and back in to see the changes reflected across all your devices. You can verify the deletion by rechecking your search history or noticing changes in your personalized search suggestions. However, it doesn’t affect data that Yahoo may have already collected and shared with advertising partners.

Brave

1. Open the Brave browser on your computer.
2. Click on the menu icon (three horizontal lines) in the upper-right corner of the browser window.
3. Select “History” from the dropdown menu, then choose “Clear browsing data” to see options for different time ranges from the dropdown menu.
4. Check the boxes for the data you want to delete: Browsing history, cookies and other site data, and cached images and files
5. Click on the “Advanced” tab to access more clearing options, including saved passwords, autofill data, and site settings.
6. Click “Clear data” to delete your selected browsing information.

Keep in mind that Brave’s built-in privacy settings, including Brave Shields, already block many trackers and ads by default. You can adjust these settings by clicking on the Brave Shields icon (lion logo) in the address bar. Brave offers a private browsing mode that doesn’t save your history automatically.

Other Google accounts

Google offers auto-delete features for three main types of activity data, each with flexible time intervals that let you balance convenience with privacy.

Google auto-delete

To enable auto-delete in your other Google services, visit myactivity.google.com, click “Web & App Activity,” then select “Auto-delete.” You can choose to remove activity older than 3 months, 18 months, or 36 months. The 18-month option strikes a good balance, retaining sufficient data for personalized use while preventing excessive accumulation.

YouTube history

YouTube watch and search history can be managed separately from your general web activity. In your Google Account settings under “YouTube History,” you’ll find auto-delete options for both the videos you’ve viewed and what you’ve searched for on YouTube. The same time intervals apply: 3, 18, or 36 months.

Location history auto-delete

Given the sensitive nature of location data, you can set Google to delete it automatically through your Google account’s “Location History” settings. You can choose the 3-month option for more frequent cleanup, although the 18-month option works well if you use location-based features regularly.

Combine auto-delete with pausing

For maximum control, combine auto-delete with the strategic pausing of history collection. When you’re researching sensitive topics, planning surprises, or conducting confidential work, you can pause your Web & App Activity in your Google Account settings to prevent those searches from being saved. Once you’re finished, turn the history collection back on and let your auto-delete selection handle the routine cleanup. This approach enables you to maintain your privacy protection while still receiving personalized search results for your regular online activities.

Incognito history

While incognito mode prevents your browser from storing your browsing history, cookies, and search history locally, it does not make you completely invisible online. Your internet service provider, workplace network administrators, and the websites you visit can still track your online activity. Additionally, any accounts you log into during private browsing will still have records of your activity. 

Meanwhile, some types of data can remain on your device, such as the downloaded files. Your DNS cache may also keep records of your browsing activity, while websites and bookmarks may leave traces on your local storage data. To clear these completely, you’ll need to take a few additional steps. 

• Delete downloads. Manually delete any files you downloaded during your private session. Don’t forget to clear your trash bin as well.
• Clear your DNS cache. Clear your DNS cache by opening Command Prompt as an administrator and typing “ipconfig /flushdns” on Windows, or using “sudo dscacheutil -flushcache” on Mac. 
• Check browser data and bookmarks. Clear your browser’s site data and local storage through your browser settings, even after using incognito mode. Finally, check and remove any bookmarks you may have accidentally saved.

• Review stored site permissions and data. Some websites can still store permissions you granted during incognito sessions. Review your browser’s site permissions in Settings > Privacy and Security to see what data the websites collected.
• Remove cached images and temporary files. Some cached images or temporary files might remain in system folders after your private sessions. Use disk cleanup tools or manually check your browser’s temporary file folders to remove them.

Social media

Most social platforms store search history in Privacy, Security, or Data settings sections of your account. Look for terms such as “Activity,” “Search History,” or “Personalization” to find these options. For specific social media, here are some quick instructions:

• Facebook: Go to Settings & Privacy > Settings > Your Facebook Information > Activity Log. Filter by “Search” to find and delete individual search queries, or go to “Search History” to clear all searches at once.
• Instagram: Go to your profile, tap the menu icon, select Settings > Security > Search History. You can delete individual searches or tap “Clear All” to remove your entire search history.
• Twitter/X: Access Settings and Privacy > Privacy and Safety > Data Sharing and Off-Twitter Activity. Look for “Personalization and Data” settings where you can manage and delete your search history data.
• TikTok: Open Settings and Privacy > Privacy > Personalization and Data. Select “Search History” to view and delete individual searches or clear your entire search history.
• LinkedIn: Go to Settings & Privacy > Data Privacy > How LinkedIn uses your data. Look for “Search History” options to manage what you’ve searched for on the platform.

Make your browsing more private

Clearing your cache is only the first step. Preventing others from gathering info about you while you browse is the next. So keeping your browsing private from advertisers, websites, ISPs, and other third parties calls for extra measures:

Use a VPN

When you use a VPN, you can hide several things from your ISP and other third parties, like the websites and apps you use, the time spent on them, your search history, and downloads. As for websites and apps, a VPN can hide your IP address and your location, all of which can thwart ad tracking on those sites and apps.

A strong VPN service offers yet another benefit. It protects you from hackers and snoops. Our VPN uses bank-grade encryption to keep your data and info secure. With a VPN, a snoop would only see garbled content thanks to your VPN’s encryption functionality.

Clean up your info online

One major privacy leak comes at the hands of online data brokers, companies that collect and resell vast amounts of personal information about millions of people. In fact, they make up a multibillion-dollar industry that spans worldwide. Additionally, there are so-called “White Pages” and “people finder” sites that post info like names, addresses, and other public records that anyone can access.

With all this information collected in a central location that’s easily searchable and accessible, these sites can be an ideal resource for hackers, spammers, and thieves. McAfee Personal Data Cleanup can help you take control. It scans high-risk data broker sites and lets you know which ones are selling your data, and depending on your McAfee+ plan, it can remove it for you, too.

Delete old accounts

Consider all those dozens and dozens of old (and forgotten) online accounts you don’t use anymore. Several might have various pieces of personal info stored on them, even though it’s been ages since you used them. Deleting these accounts and the info linked with them can improve your privacy. What’s more, deleting them can help prevent identity theft if those sites get breached.

Our Online Account Cleanup can save you hours and hours of time by cleaning things up with just a few clicks. It shows you which accounts are tied to your email address and what info is usually shared with each account. It also shows you which are riskiest to keep, helping you determine which ones to delete.

One step closer to better online privacy 

Deleting your browser history can give you a performance boost and delete tracking cookies used by third parties. To prevent others from collecting your information while you browse and to clean up the online places where it appears, get comprehensive online protection software like our McAfee+.

It offers several features that can help you be safer and more private online:

• Identity monitoring can track several pieces of personal info and alert you if it’s found on the dark web.
• Identity theft coverage & restoration, which covers you with $2 million for legal fees, travel expenses, and stolen funds reimbursement, along with help from a licensed recovery pro to repair your identity and credit.
• Other features like web protection can help you avoid dangerous links, bad downloads, malicious websites, and more when you’re online—all of which scammers and thieves can use to steal personal info.

With all this data collection happening online, there’s still plenty you can do to take control. With the steps outlined above and strong online protection software at your back, you can keep your personal info more private and secure.

Final Thoughts

Taking control of your digital privacy only requires small actions to make a significant difference in protecting your personal information. By routinely clearing your search history and browser data, setting up auto-delete features, and combining these practices with privacy tools such as VPNs and data cleanup services, you’re building a stronger foundation for your online security. These simple steps you can take today will compound over time, giving you greater control over your digital footprint and reducing unwanted tracking. Staying private online is an ongoing journey. Continue to explore new ways to protect yourself and stay informed about emerging privacy practices that can benefit you.

The post How to Delete Your Browser History appeared first on McAfee Blog.

Losing your phone or having it stolen can feel like a nightmare, especially when you consider the treasure trove of personal information stored on your device. From banking apps and email accounts to social media profiles and payment methods, smartphones contain virtually our entire digital lives. When a criminal or pickpocket gains access to your phone, they potentially have the keys to your identity, finances, and online presence. However, acting quickly and methodically can help minimize the risks and protect you from identity theft and financial fraud.

Online safety advocate Amy Bunn emphasizes the scope of this vulnerability: “What many people don’t realize is how much information is stored or accessible through their phone — not just apps, but things like saved passwords, cloud backups, and multi-factor authentication codes. If someone gains access, they can move quickly to impersonate you or steal your identity. Features like remote wipe, app-specific PINs, and identity monitoring may not feel urgent until something goes wrong — but having them in place can make a big difference in how quickly you can recover and how much damage you can prevent.” The reality is sobering, criminals with access to your phone can make unauthorized purchases, hack into your accounts, and even steal your identity to open new credit lines in your name. But by following these nine critical steps immediately after discovering your phone is missing, you can significantly reduce the potential damage and protect your most sensitive information.

1. Try to Locate Your Phone Using Built-in Tracking

Before taking any drastic measures, start with the obvious: try calling your phone from another device. You might hear it ring nearby, or someone who found it might answer and be willing to return it. If this doesn’t work, turn to your phone’s built-in tracking capabilities.

For iPhone users, Apple’s Find My service allows you to see your device’s location on a map, play a sound to help locate it, and even view its last known location if the battery has died. Android users can access Google’s Find My Device with similar functionality. Both services can be accessed from any computer or other device by logging into your Apple or Google account. These tracking tools not only help you locate your phone but also provide remote control options that become crucial if recovery seems unlikely.

2. Lock Your Phone Remotely to Prevent Unauthorized Access

If you can’t physically retrieve your phone or suspect it’s in the wrong hands, immediately lock it remotely. This creates an additional barrier between a potential thief and your personal information, preventing access to your apps, messages, emails, and saved payment methods.

Both iPhone and Android devices offer remote locking capabilities through their respective tracking services. You can also set a custom message to display on the lock screen with your contact information, which could help if someone honest finds your phone and wants to return it. For iPhone users, this means accessing iCloud.com or using the Find My app on another Apple device, selecting your lost phone, and choosing “Mark as Lost.” Android users can visit android.com/find, select their device, and choose “Secure Device” to lock it and display a custom message.

3. File a Police Report for Documentation

While law enforcement may not actively search for your stolen phone, filing a police report creates an official record that can prove invaluable if you need to dispute fraudulent charges or deal with insurance claims. When you visit your local police department, bring as much information as possible about when and where your phone was lost or stolen.

Having your phone’s IMEI number (International Mobile Equipment Identity) or serial number available will strengthen your report. You can usually find these numbers in your phone’s settings, on the original packaging, or through your carrier’s account portal. This documentation becomes particularly important if criminals use your phone to commit further crimes or if you need to prove to financial institutions that fraudulent activity resulted from theft.

4. Contact Your Mobile Carrier Immediately

Your next call should be to your mobile carrier to suspend service on your stolen or lost device. This prevents unauthorized calls, texts, or data usage that could result in unexpected charges on your bill. More importantly, it helps protect your account from being hijacked or used to access two-factor authentication codes sent to your number.

Most major carriers can also blacklist your stolen device, making it much harder for thieves to use even if they manage to bypass the screen lock. When you contact your carrier, ask about temporary suspension options if you’re still hoping to recover your phone, or proceed with permanent cancellation if you’re ready to move to a replacement device. Many carriers also offer insurance programs that may help cover the cost of a replacement phone.

5. Secure All Connected Accounts

Even with remote locking enabled, sophisticated criminals may find ways to access your stored information. This makes securing your online accounts one of the most critical steps in protecting yourself from identity theft. Your phone likely has saved passwords, active app sessions, and stored payment information that could be exploited.

Start by changing passwords for your most sensitive accounts, particularly email, banking, and financial services. Focus on creating strong, unique passwords that would be difficult for criminals to guess. McAfee’s Password Manager can secure your accounts by generating and storing complex passwords and auto-filling your info for faster logins across devices. Next, remotely sign out of all apps and services that were logged in on your stolen device. Most major platforms, including Google, Apple, Microsoft, and social media sites, offer account security settings where you can view active sessions and log out of all devices remotely. This step is crucial because it prevents thieves from accessing your accounts even if they bypass your phone’s lock screen.

Consider this an opportunity to enable two-factor authentication on accounts that support it, adding an extra layer of security for the future. While you’re at it, monitor your online and financial accounts closely for any suspicious activity, unauthorized transactions, or login attempts from unfamiliar locations.

6. Remove Stored Payment Methods from Mobile Apps

Your stolen phone likely contains mobile payment apps like Apple Pay, Google Pay, or individual retailer apps with stored credit card information. Criminals can potentially use these payment methods to make unauthorized purchases, so removing them quickly is essential for protecting your finances.

For Apple Pay users, marking your device as lost through Find My iPhone will automatically suspend Apple Pay on that device. Alternatively, you can manually remove payment methods by signing into your Apple ID account at appleid.apple.com, selecting your lost device, and choosing to remove all cards. Google Pay users should visit payments.google.com, navigate to payment methods, and remove any cards linked to the compromised device.

Don’t stop there – contact your bank or credit card issuer directly to alert them about the potential for fraud. They can freeze or cancel the cards linked to your mobile payment apps and monitor for any suspicious transactions. Review your recent statements carefully and report any charges that weren’t made by you. Most financial institutions have straightforward fraud dispute processes and will work quickly to resolve unauthorized transactions.

7. Erase Your Phone’s Data Remotely

When all hope of recovering your phone is lost, remote data erasure becomes your final line of defense against identity theft. This nuclear option wipes all stored data, settings, media, and personal information from your device, ensuring that criminals can’t access your photos, contacts, passwords, financial information, or any other sensitive data.

Both iPhone and Android devices offer comprehensive remote wipe capabilities through their respective tracking services. For iPhone users, this means accessing Find My and selecting “Erase iPhone,” which will restore the device to factory settings and remove all personal information. Android users can accomplish the same thing through Find My Device by selecting “Erase Device.”

Keep in mind that once you erase your phone remotely, you’ll lose the ability to track it further, so make sure you’ve exhausted all other options first. However, the peace of mind that comes from knowing your personal information can’t be accessed often outweighs the slim chance of recovery.

8. Alert Your Contacts About Potential Scams

Criminals with access to your phone may attempt to exploit your personal relationships by impersonating you in messages or calls to your contacts. They might send urgent requests for money, ask for sensitive information, or attempt to trick your friends and family into various scams using your trusted identity.

As Amy Bunn warns, “Unfortunately, a stolen or lost phone often triggers the next wave of problems — scams. Criminals may use your personal details to send convincing phishing messages or pose as you to friends and family. That’s why tools like scam detection, identity monitoring, and security alerts matter. They not only help people lock down their accounts quickly but also give them an early warning when fraudsters try to take advantage of the situation.”

Reach out to your closest contacts through alternative communication methods to warn them that your phone has been compromised. Let them know to be suspicious of any unusual requests coming from your number and to verify your identity through a different channel if they receive anything questionable. This proactive step can prevent your loved ones from becoming secondary victims of the crime.

9. Plan Your Replacement Device

Once you’ve accepted that your phone is truly gone, it’s time to focus on getting back online securely. Check with your mobile carrier about replacement options, as some plans include insurance coverage that can significantly reduce the cost of a new device. Even if you don’t have insurance, carriers often offer payment plans for replacement phones.

When you get your new device, you’ll be able to restore your data from cloud backups like iCloud or Google Drive. This is why maintaining regular automatic backups is so important – they ensure you don’t lose photos, contacts, app data, and other important information permanently. During the setup process, take the opportunity to review and strengthen your security settings based on what you’ve learned from this experience.

10. How McAfee Can Help Protect Against Identity Theft

The theft of your phone represents just one potential pathway to identity theft, but it’s often one of the most impactful because of how much personal information our devices contain. While following the steps above can help minimize immediate damage, comprehensive protection requires ongoing vigilance and professional monitoring services.

McAfee’s Identity Protection offers multiple layers of defense that can alert you to potential identity theft before it becomes a major problem. Through comprehensive identity monitoring, McAfee identifies your personal information across the dark web and various databases, providing early warnings when your data appears in places it shouldn’t. This includes monitoring of social security numbers, government IDs, credit card numbers, bank account details, email addresses, and phone numbers – often alerting users up to 10 months earlier than similar services.

The credit monitoring component keeps watch over changes to your credit score, reports, and accounts, sending timely notifications when new accounts are opened, credit inquiries are made, or suspicious activity is detected. This early warning system can help you catch identity thieves before they cause significant financial damage. Perhaps most importantly, if you do become a victim of identity theft in the U.S., McAfee provides up to $2 million in identity theft coverage and restoration support for select McAfee+ plans.

Prevention Strategies for the Future

While no one plans to have their phone stolen, taking preventive measures can significantly reduce the potential impact if it happens to you. Enable device tracking features like Find My or Find My Device before you need them, and make sure you know how to access these services from other devices. Use a strong passcode or biometric authentication that would be difficult for thieves to guess or bypass quickly.

Consider adding a PIN to your SIM card to prevent thieves from removing it and using it in another device. Maintain regular automatic backups to cloud services so you won’t lose important data permanently if your phone disappears. Most importantly, review and limit the amount of sensitive information you store directly on your device and consider using additional authentication methods for your most critical accounts.

Record your phone’s IMEI number and serial number in a safe place where you can access them if needed for police reports or insurance claims. These small preparatory steps can save significant time and stress if the worst happens.

The Bigger Picture: Comprehensive Digital Protection

Phone theft is just one of many ways criminals can gain access to your personal information and identity. In our interconnected digital world, comprehensive protection requires a multi-layered approach that goes beyond device security. Data breaches at major companies, phishing attacks, social engineering scams, and various online threats all pose risks to your identity and financial well-being.

This is where integrated protection services like McAfee+ become invaluable. Rather than trying to manage multiple security concerns separately, comprehensive identity and device protection provides peace of mind through continuous monitoring, early warning systems, and professional restoration support when things go wrong. The goal isn’t just to react to problems after they occur, but to prevent them from happening in the first place and to minimize their impact when prevention isn’t enough.

Having your phone stolen is stressful enough without worrying about the long-term consequences for your identity and finances. By following these nine essential steps quickly and methodically, you can significantly reduce the potential damage and protect yourself from becoming a victim of identity theft. Remember, the key is acting fast – every minute counts when it comes to protecting your digital life from criminals who might have gained access to your most personal information.

The post What to Do if Your Phone is Stolen or Lost: 10 Steps to Protect Your Identity appeared first on McAfee Blog.

As another school year begins, the digital landscape our children navigate has become increasingly complex. With artificial intelligence tools now readily available and social media platforms evolving rapidly, considering creating a family technology pledge has never been more crucial, or more challenging.

Gone are the days when we simply worried about screen time limits. Today’s parents must address everything from AI-assisted homework to the growing threat of deepfake cyberbullying. The technology shaping our kids’ lives isn’t just about phones and social media anymore—it’s about preparing them for a world where artificial intelligence is reshaping how they learn, communicate, and express themselves.

The New Digital Reality for Tweens and Teens

Recent research from the Pew Research Center shows that 26% of students aged 13-17 are using ChatGPT to help with their assignments, double the number from 2023. Meanwhile, surveys reveal that between 40 and 50 percent of students are aware of deepfakes being circulated at school. These statistics underscore a reality many parents aren’t prepared for: our children are already immersed in an AI-powered world, whether we’ve given them permission or not.

The key to successful digital parenting in 2025 isn’t necessarily about banning technology—it’s about having intentional, educational conversations that prepare our children to use these powerful tools responsibly. We need to acknowledge that technology is here to stay, so the best thing we can do is accept it’s here, educate our kids on how to use it safely, and introduce boundaries and rules to help keep them protected.

Creating Your Family Technology Pledge: A Collaborative Approach

For any pledge to be effective, lasting, and conflict-free, we need to shift the focus from simply setting rules to creating an open, constructive dialogue that helps all family members use technology in healthy ways. The most successful technology pledges are created collaboratively, not decided without collaboration. This ensures everyone feels included and that the guidelines reflect your family’s unique needs and values.

The most important consideration in tailoring a pledge to your kids’ ages and maturity levels, and to your family’s schedule. There’s no point making pledges that don’t reflect your children’s actual technology use or your family’s realistic expectations. Remember, this is about starting conversations and creating a framework for ongoing dialogue, not a rigid set of rules that’s destined to fail.

Responsible AI Use for Academic Success

One of the biggest changes in recent years is the need to address AI tools like ChatGPT, Claude, and other learning platforms. Rather than trying to catch assignments written by AI, many schools are now launching programs that include AI Learning Modes, recognizing that these tools can be valuable when used appropriately.

The benefits of AI assistance in education are significant and shouldn’t be ignored. AI can serve as a personalized tutor, explaining complex concepts in multiple ways until a student understands. It can help students with learning differences access the curriculum more effectively, and students working in a second language can use these tools to level the playing field. When used properly, AI can enhance critical thinking by helping students explore different perspectives on topics and organizing their thoughts more clearly.

However, the risks of over-reliance on AI are equally real and concerning. New research has shown that overreliance on AI might erode our ability to think critically, and critical thinking skills are essential for success in the real world. Students may become dependent on AI for basic problem-solving, missing opportunities to develop their own analytical skills and unique voice. Academic integrity concerns arise when AI does the work instead of supporting learning, potentially undermining the entire educational process.

Your family technology pledge should address these nuances.. Children should understand that they will use AI tools to enhance their learning, not replace it. This means always disclosing when they’ve used AI assistance on assignments, using AI to explain concepts they don’t understand while still working through problems themselves, and never submitting AI-generated work as their own original thinking. They should learn to ask AI to help with organizing thoughts, not creating them, and use AI to check their work for errors while ensuring the ideas and solutions remain their own.

Digital Identity and Deepfake Prevention

The rise of AI-generated content has created unprecedented risks for students, particularly regarding deepfake technology. Research shows that girls are most often targeted by deepfake images, and for victims, the emotional and psychological impact can be severe and long-lasting. What’s particularly alarming is that one photo posted online is all that’s needed to create a deepfake, making this a potential risk for every student.

Parents should help their children become mindful of what photos they share on social media, understanding that any image could potentially be misused. Children must understand that they should never participate in group chats or conversations where deepfakes are being shared, even passively. They need to recognize that creating deepfakes of others, even as a “joke,” can cause serious psychological harm and that possession of manipulated sexual imagery involving minors is illegal.

Helpful Tips for Parents

Creating a family technology pledge isn’t about limiting your child’s potential—it’s about empowering them to navigate an increasingly complex digital world safely and ethically. The emergence of AI tools and deepfakes is forcing families to have important conversations about ethics, empathy, and responsibility that previous generations never had to consider.

The goal isn’t to create a perfect document that anticipates every possible scenario. Instead, it’s to establish a foundation for ongoing dialogue about how technology can enhance rather than detract from your family’s values and your child’s growth into a thoughtful, responsible digital citizen. To help parents and guardians start discussions, we’ve created a first draft Technology Pledge that you can use to start a discussion with your family. Click here to download McAfee’s Technology Pledge

The digital landscape will continue to evolve, but the fundamental principles of kindness, honesty, and critical thinking remain constant. By creating a thoughtful technology pledge and maintaining open dialogue about digital challenges, you’re giving your child the tools they need to thrive in whatever technological environment they encounter. Start the conversation today. Your child’s digital future depends on it.

The post How to Create a Family Technology Pledge appeared first on McAfee Blog.

October marks Cybersecurity Awareness Month, and this year’s message couldn’t be clearer: small actions can make a big difference in your online safety. As cyber threats continue to evolve and become more sophisticated, the importance of taking proactive steps to protect yourself, your family, and your personal information has never been greater.

The 2025 theme, “Secure Our World,” focuses on simple yet powerful steps that anyone can implement to boost their digital security. At the heart of this year’s campaign are the “Core 4” essential practices that form the foundation of good cybersecurity habits. These four pillars represent the most impactful actions you can take to strengthen your digital defenses without requiring technical expertise or significant time investment.

The Foundation: Understanding the Core 4

The Core 4 principles serve as your digital security roadmap. Using strong passwords paired with a reliable password manager eliminates one of the most common vulnerabilities that cybercriminals exploit. When every account has a unique, complex password, a breach of one service doesn’t compromise your entire digital life.

Enabling multifactor authentication adds a crucial second layer of protection that makes unauthorized access exponentially more difficult. Even if someone obtains your password, they would still need access to your phone or authentication app to breach your accounts. This simple step blocks the vast majority of automated attacks and significantly raises the bar for would-be intruders.

Keeping your software updated ensures that known security vulnerabilities are patched as soon as fixes become available. Cybercriminals often target outdated software because they know exactly which weaknesses to exploit. By maintaining current versions of your operating system, apps, and security software, you close these doors before attackers can walk through them.

The fourth pillar, recognizing and reporting scams, has become increasingly critical as fraudulent schemes grow more sophisticated and prevalent. Today’s scammers leverage artificial intelligence to create convincing fake emails, text messages, and even video content that can fool even cautious consumers.

The Growing Scam Epidemic

The statistics paint a sobering picture of today’s threat landscape. According to McAfee’s comprehensive Scamiverse Report, 59% of people globally say they or someone they know has been a victim of an online scam, with Americans facing an average of 14+ scams per day. Between February and March 2025 alone, scam text volumes nearly quadrupled, with almost half using cloaked links to disguise malicious intent.

The burden on consumers is staggering. Americans spend an average of 93.6 hours per year – nearly two and a half work weeks, just reviewing messages to identify fakes. This represents 1.6 hours per week spent verifying whether communications are legitimate, a significant drain on time that could be spent on productive activities. The emotional toll is equally concerning, with 35% of people globally experiencing moderate to significant distress from scams, and two-thirds of people reporting they are more worried about scams than ever before.

What makes modern scams particularly dangerous is their increasing sophistication and alarming success rates. When scams do succeed, 87% of victims lose money, with financial losses often being substantial. According to the Scamiverse Report, 33% of scam victims lost over $500, while 21% lost more than $1,000, and 8% lost over $5,000. Most troubling is the speed at which these crimes unfold – 64% of successful scams result in money or information theft in less than one hour.

Young adults face particularly high risks, with 77% of people aged 18-24 having been scam victims – significantly higher than the global average. This demographic encounters an average of 3.5 deepfake videos daily, compared to 1.2 daily for Americans over 65. The pattern suggests that digital nativity doesn’t necessarily translate to better scam detection abilities.

The Evolution of Digital Deception

Today’s cybercriminals have embraced artificial intelligence as a force multiplier for their fraudulent activities. The accessibility of deepfake creation tools has democratized sophisticated fraud techniques that were once available only to well-funded criminal organizations. For just $5 and in 10 minutes, scammers can create realistic deepfake videos using any of the 17 different AI tools tested by McAfee Labs.

The scale of this threat has exploded exponentially. North America has seen a staggering 1,740% increase in deepfakes over the past year, with over 500,000 deepfakes shared on social media in 2023 alone. Americans now encounter an average of 3 deepfake videos per day, yet confidence in detection abilities remains concerning – while 56% of Americans believe they can spot deepfake scams, 44% admit they lack confidence in their ability to identify manipulated content.

The platform distribution reveals where consumers are most at risk. Among Americans, 68% report encountering deepfakes on Facebook, followed by 30% on Instagram, 28% on TikTok, and 17% on X (formerly Twitter). Older adults appear particularly vulnerable on Facebook, with 81% of those 65+ encountering deepfakes on the platform.

Understanding these evolving threats requires more than awareness—it demands tools that can keep pace with rapidly changing criminal tactics. Traditional approaches that rely solely on user education and manual verification are no longer sufficient when facing AI-generated content that can fool even security-conscious individuals. The challenge becomes even greater when considering that repeat victimization is common, with 26% of scam victims falling victim to another scam within 12 months.

People are developing some detection strategies, but these manual methods have limitations. According to the Scamiverse Report, 40% of people look for over-the-top claims like unrealistic discounts, while 35% watch for distorted imagery or suspicious website links. Other detection methods include identifying images that seem too perfect (33%), generic audio (28%), and audio-lip sync mismatches (28%). However, only 17% use more advanced techniques like reverse image searches to verify content authenticity.

Technology Fighting Back: The Rise of AI-Powered Protection

The same artificial intelligence that enables sophisticated scams can also serve as our defense against them. Advanced security solutions now use machine learning algorithms to analyze patterns, context, and content in real-time, identifying threats that would be impossible for humans to detect quickly enough. This technological arms race requires consumers to leverage AI-powered protection to match the sophistication of modern threats.

McAfee’s Scam Detector represents a significant advancement in consumer protection, using AI-powered detection to identify and alert consumers of scam texts, emails, and AI-generated audio in deepfake videos across multiple platforms and devices. This technology addresses the reality that manual detection methods, while useful, aren’t sufficient against the volume and sophistication of current threats. When people are spending nearly 94 hours per year just trying to identify fake messages, automated protection becomes essential for reclaiming both time and peace of mind. With scam detector, you can automatically know what’s real and what’s fake.

Comprehensive Scam Protection in Action

McAfee’s Scam Detector works across three critical communication channels: text messages, emails, and video content. For text message protection, the system monitors incoming SMS communications and alerts users to potentially dangerous content before they open suspicious messages. This proactive approach prevents the curiosity factor that often leads people to engage with scam content—total protection with no guesswork.

Email protection extends to major providers, including Gmail, Microsoft, Yahoo Mail, and more, with lightning-fast background scanning that identifies suspicious messages and provides clear explanations of the risks involved. This educational component helps users understand the specific tactics scammers employ, from urgency language to impersonation strategies.

The scam detection capability represents a unique advancement in consumer protection, using AI to detect deepfake audio and other manipulative media designed to impersonate trusted individuals or spread disinformation. This feature addresses the growing threat of fake celebrity endorsements, manipulated political content, and fraudulent investment pitches that leverage realistic-sounding audio content and is trained to identify AI-generated audio.

In February 2025, McAfee Labs found that 59% of deepfake detections came from YouTube, more than all other domains combined, reinforcing the platform’s role as a primary source of deepfake content. This data underscores the importance of having protection that works across the platforms where people naturally consume video content.

Building Comprehensive Digital Protection

Effective cybersecurity extends beyond scam detection to encompass all aspects of digital life. Password management remains fundamental, as weak or reused passwords continue to be primary attack vectors. A quality password manager not only generates strong, unique passwords for every account but also alerts users when their credentials appear in data breaches.

Virtual private networks (VPNs) such as Secure VPN provide essential protection when using public Wi-Fi networks, encrypting internet traffic to prevent eavesdropping and man-in-the-middle attacks. This protection is particularly important for remote workers and travelers who frequently connect to untrusted networks.

Identity monitoring services watch for signs that personal information has been compromised or is being misused. McAfee’s Identity Monitoring services scan for data breach databases, monitor credit reports, and alert users to suspicious activity across various financial and personal accounts. Select plans of McAfee+, can provide up to $2M of identity theft coverage. Early detection of identity theft can significantly reduce the time and effort required for recovery. Our identity monitoring service can notify you up to 10 months sooner than similar services.

Device protection through comprehensive antivirus and anti-malware solutions remains crucial as cyber threats continue to target endpoints. Modern security suites use behavioral analysis and machine learning to identify previously unknown threats while maintaining system performance.

The Human Element in Online Protection

While technology provides powerful tools for protection, human judgment remains irreplaceable in maintaining security. Understanding common social engineering tactics helps consumers recognize when they’re being manipulated, even when automated systems might not detect a threat immediately.

Scammers frequently exploit emotions like fear, urgency, and greed to bypass rational decision-making. Messages claiming immediate action is required to avoid account closure, unexpected windfalls that require upfront payments, or urgent requests from family members in distress all follow predictable patterns that become easier to recognize with awareness and practice.

Verification through independent channels remains one of the most effective defense strategies. When receiving unexpected requests for money or personal information, contacting the supposed sender through a known, trusted method can quickly expose fraudulent communications.

Creating a Culture of Security Awareness

Cybersecurity is most effective when it becomes a shared responsibility within families and communities. Parents can model good digital hygiene practices for their children while teaching age-appropriate lessons about online safety. Regular family discussions about recent scam trends and security practices help create an environment where everyone feels comfortable reporting suspicious activity.

Workplace security awareness programs extend protection beyond individual households to encompass professional environments where data breaches can have far-reaching consequences. Employees who understand their role in organizational security are more likely to follow proper protocols and report potential threats promptly.

Community education initiatives, often supported by local law enforcement and cybersecurity organizations, provide valuable resources for groups that might be particularly vulnerable to certain types of fraud, such as seniors targeted by tech support scams or small business owners facing ransomware threats.

Looking Forward: The Future of Consumer Protection

The cybersecurity landscape will continue evolving as both threats and defenses become more sophisticated. Artificial intelligence will play an increasingly central role on both sides of this digital arms race, making advanced protection tools essential for ordinary consumers who lack specialized technical knowledge.

Integration between different security tools will likely improve, creating more seamless protection that works across all devices and platforms without requiring separate management interfaces. This consolidation will make comprehensive security more accessible to consumers who currently find managing multiple security solutions overwhelming.

Regulatory initiatives may also shape the future of consumer protection, potentially requiring stronger default security measures on devices and platforms while establishing clearer responsibilities for organizations that handle personal data.

Taking Action This Cybersecurity Awareness Month

Cybersecurity Awareness Month provides an excellent opportunity to evaluate and improve your digital protection strategy. Start by implementing the Core 4 practices: use strong passwords with a password manager, enable multifactor authentication on all important accounts, keep your software updated, and learn to recognize and report scams.

Consider comprehensive protection solutions that address multiple threat vectors simultaneously rather than relying on piecemeal approaches. Look for services that combine device protection, identity monitoring, scam detection, and privacy tools in integrated packages that work together seamlessly.

Remember that cybersecurity is an ongoing process rather than a one-time setup. Threats evolve constantly, requiring regular updates to both your tools and your knowledge. Stay informed about emerging threats through reliable sources and adjust your protection strategies accordingly. McAfee delivers smarter protection against evolving threats.

The digital world offers tremendous benefits for communication, commerce, education, and entertainment. By taking proactive steps to protect yourself and your family, you can enjoy these advantages while minimizing the risks that come with our increasingly connected lives. Small actions today can prevent significant problems tomorrow, making cybersecurity one of the most valuable investments you can make in your digital future.

The post Secure Your World This Cybersecurity Awareness Month appeared first on McAfee Blog.

Beth Hyland never imagined love would cost her $26,000. At 53, she considered herself cautious and financially aware. But when she matched with someone calling himself “Richard Dobb”, the whirlwind connection, late-night conversations, and promises of a future together felt genuine. What she didn’t realize was that she was being drawn into one of the most devastating and personal scams out there—romance fraud.

The Beginning of the Scam

Beth and Richard’s connection quickly escalated. They weren’t “officially” engaged, but in her mind, they were planning a future together. Richard told her he had just completed a project in Qatar and needed to pay a translator to finalize things. The catch? He claimed he couldn’t access his funds unless he went in person to a bank branch in England.

That’s when the requests for money began.

How the Fraud Unfolded

Richard framed it as a temporary problem. If Beth could just help him raise the money, they’d be set. Wanting to support her partner, she took out a $15,000 loan and added another $5,000 in cash advances from her credit card.

When she asked how to send the money, he directed her to a cryptocurrency site.

Beth’s financial advisor became concerned. “I think you’re in a romance scam,” he told her. But Beth didn’t want to believe it.

“No,” she thought, “we’re in love. He wouldn’t do this to me.”

Her last message to Richard was desperate: “If you’re real, prove me wrong. Bring me my money, and maybe we’ll talk.”

She never heard from him again.

Why Beth Shared Her Story

Romance scams are uniquely painful because they prey on trust, hope, and human connection. Beth said, “People would be surprised at how much this happens, how much it goes on.”

Like many victims, she wishes there had been a tool to fact-check the links, the stories, and the too-good-to-be-true excuses. That’s where technology like McAfee’s Scam Detector could have made all the difference, flagging suspicious links and warning her before thousands of dollars vanished.

Protect Yourself from Romance Scams

• Be cautious with requests for money. Love should never come with a price tag.
• Watch for excuses. Scammers often create urgent, dramatic reasons why they can’t access funds.
• Fact-check with technology. Tools like McAfee’s Scam Detector analyze suspicious links and help you avoid falling for fake websites or fraudulent requests.
• Trust your gut and outside voices. If friends, family, or advisors raise concerns, listen.

Beth’s Final Word

Romance scams thrive on silence. Victims often feel embarrassed, but Beth wants her story out there.

“It would have been really good if there was technology where I could have checked these links to fact-check all of that,” she reflected.

Her experience is a reminder that scammers aren’t just after money—they target trust. By sharing her story, Beth hopes others will pause before sending money to someone they’ve never met in person. And with tools like McAfee’s Scam Detector, more people can spot the lies before love turns into loss.

 

The post “If You’re Real, Prove Me Wrong”: Beth’s Romance Scam Story appeared first on McAfee Blog.

Deshawn never thought he’d be the kind of person to fall for a scam. At 30, he was tech-savvy, careful, and always aware of the world around him. But one busy afternoon, a single text message changed everything. What looked like a routine delivery notification turned into a $420 lesson that convenience can be a scammer’s greatest weapon.“I thought this stuff only happened to older people.” That’s what Deshawn, 30, told us after a fake delivery text nearly drained his bank account. It all started on what he thought was just a busy day.

How the Scam Hooked Him

Deshawn was juggling errands when a text came through: a delivery company said his package was being held at a facility. To recover it, all he had to do was click the link.

Since he really was expecting packages, it felt routine. He tapped the link, entered his information, and moved on.

The next day, his bank flagged a transaction: $420 spent—in Jamaica. Deshawn had never been there. That’s when it clicked. The delivery text was a scam, and the fraudsters had his financial info.

The Aftermath

“When I saw purchases hitting my card, I felt like an idiot,” Deshawn admitted. “I thought things like this only happened to older people.”

But scams don’t discriminate. Deshawn realized the very convenience he relied on—quick taps, fast responses—was exactly what scammers exploit.

“Even if you’re detail-oriented, even if you check all the boxes, it can happen to you,” he said.

Why His Story Matters

Scammers count on assumptions. They count on younger people thinking they’re “too smart” or “too aware” to get tricked. But as Deshawn’s story shows, anyone can fall for a scam—especially when it looks like an everyday task, like recovering a package.

“It’s crazy how a device in your pocket and one tap can take your money,” Deshawn reflected. He wishes more people his age would share their experiences, so others wouldn’t let their guard down.

How to Stay Safe from Fake Delivery Scams

• Don’t click links in unexpected texts. Go directly to the retailer’s or delivery service’s official site or app to track packages.
• Double-check the sender. Scammers often spoof numbers or use odd-looking email addresses.
• Watch for urgency. Messages that push you to act fast are classic scam red flags.
• Use security tools. McAfee’s Scam Detector can help identify and block suspicious links before you click.

Final Word from Deshawn

“I used to laugh at the idea of being a scam target. Now I know it can happen to anyone. Sharing my story means maybe the next person will pause before they tap.”

The post A Fake Delivery Text Nearly Cost Deshawn Hundreds: His Scam Story appeared first on McAfee Blog.

While you can’t delete your personal info from the internet entirely, you can take strong steps to remove it from risky places where others could exploit it for profit or harm.

Why is it so important to take control of our personal info? Because so much of business, finance, healthcare, and life in general runs on data, your personal info has a dollar value attached to it.

For instance, personal info fuels targeted advertising and marketing campaigns, just as it helps adjusters set insurance rates and healthcare providers make projections about our well-being. Businesses want it for employment background checks. Law enforcement uses it to investigate persons of interest. Banks and credit card companies base their approvals on it. Of course, hackers, scammers, and thieves want to steal it too—to drain your accounts and wage other attacks on you.

The high value of your personal info makes a strong argument for controlling, as much as possible, what and where you share. In this article, we’ll show how easy it is to do by giving you tips on how to reduce your digital footprint on the internet and keep your identity private.

Key Takeaways

• Personal data is widely collected and exploited for advertising, identity verification, and criminal activity, making it essential to limit how much of it is publicly accessible.
• While you can’t fully erase yourself from the internet, you can significantly reduce your digital footprint by removing data from social media, public records, and people‑search sites.
• The first step is understanding your “digital shadow”, the active and passive trails you create through posts, tags, records, and online tracking.
• Conduct a full audit of your online presence to identify accounts to delete, data‑broker opt‑outs to submit, and platforms where removal requests can reduce your exposure.
• Reducing your footprint lowers your risk of identity theft, scams, and harassment while strengthening both personal privacy and reputation management.

Why delete yourself from the internet?

Taking steps to delete yourself from the internet is one of the most powerful moves you can make to protect your privacy and security.

Every day, data brokers and people-search websites scrape public records and online activity to build a detailed profile of you that they can sell to anyone. This exposure increases your risk of identity theft, being targeted for scams, and even online harassment. For instance, a scammer could use your leaked address and phone number from a data broker site to target you with phishing attacks. Similarly, an old, embarrassing social media post could surface during a background check, impacting your career.

By removing your information from the internet, you reclaim control and empower yourself to manage your reputation, prevent your data from being misused, and significantly reduce unwanted digital noise.

Understand your digital shadow

Taking control of your personal info starts with a look at your digital shadow, also known as a digital or electronic footprint, which is the trail of data that you leave behind while engaging in online activities. This information includes your posts in forums and social media profiles, other people’s posts that mention you, your pictures in an online newsletter, your name listed in the standings of your co-ed soccer league, your bio on the company’s “About Us” page, and even online reviews you write. Your digital shadow grows larger as you say more things, and as others mention you online.

With the addition of public records, your shadow grows yet more. That might include your home mortgage payments, who lives there with you, your age, children, driving record, education, occupation, and estimated income. It all depends on where you live and what data regulations are in place there.

Some regions have stricter privacy rules than others when it comes to public records. For example, in the U.S., California, Virginia, Connecticut, Colorado, Utah, Iowa, Indiana, Tennessee, Oregon, Montana, Texas, and Delaware have strong data privacy laws. The European Union has the General Data Protection Regulation (GDPR).

Then there’s the hundreds of data points about you gathered and sold by online data brokers from private sources like supermarket club cards that track your shopping history, app developers and websites that sell info to anyone who’ll pay, including hackers, scammers, and spammers.

Finally, a sizable portion of your shadow comes from the deep web, which forms the 95% of the internet that’s not searchable. Any time you go through a paywall or use a password to access internet content, such as logging into your bank account, accessing medical records through your healthcare provider, using corporate web pages as part of your workday, or streaming a show—you’re entering the deep web. All the info that forms the basis of your credit score, health history, financial info, and the data that websites and advertisers capture about you online.

A subset of the deep web is the dark web. It’s not searchable as well, and requires a special browser to access. Some of the sites and data stores found there are entirely legitimate, questionable, or outright illegal. You’ll find dark marketplaces here where bad actors put up personal info for sale, even yours.

Everyone online indeed has a digital shadow, and some shadows are longer than others.

The importance of taking control

So, what’s the big deal? That’s how the internet works, right? That’s a fair question. Part of the answer comes down to how much you value your privacy. More importantly, keeping a lower online profile offers better protection from cybercrime.

Consider research published by the science journal National Library of Medicine in 2019, where the abstract states that:

“Using our model, we find that 99.98% of Americans would be correctly re-identified in any dataset using 15 demographic attributes. Our results suggest that even heavily sampled anonymized datasets are unlikely to satisfy the modern standards for anonymization set forth by GDPR [Europe’s General Data Protection Regulation] and seriously challenge the technical and legal adequacy of the de-identification release-and-forget model.”

This means that even though that data has been scrubbed to make the people in it anonymous, a hacker needs only 15 pieces of info to identify you for certain. From there, they could pinpoint any health conditions linked to you. That further strengthens the argument for taking control of your personal info.

Step-by-step guide: How to delete yourself from the internet

Now that you understand the importance of deleting your personal information from the internet, here is a detailed guide on how to go about this process:

1. Conduct a digital footprint audit: Start by searching your name, email addresses, and phone numbers in various search engines. This initial audit helps you understand your public exposure and creates a baseline for your cleanup efforts.
2. Delete or secure social media: Permanently delete accounts you no longer use. For those you keep, tighten privacy settings to limit what the public and search engines can see. McAfee Social Privacy Manager simplifies this by adjusting over 100 settings across platforms with just a few clicks.
3. Be choosy about app permissions on your phones. Fewer apps mean fewer avenues of potential data collection. If you have old, unused apps, consider deleting them, along with the accounts and data linked with them.
4. Purge old online accounts: Forgotten accounts on shopping sites, forums, and old web services are prime targets for data breaches. Tools like McAfee Online Account Cleanup can scan the web for your old accounts, show their risk level, and delete these liabilities.
5. Target data broker and people-search sites: This is the most critical step for privacy. Manually sending opt-out requests is tedious and often temporary. Services like McAfee Personal Data Cleanup automate this process by finding your data, and sending removal requests on your behalf, with ongoing scans to ensure your personal information stays off these sites.
6. Submit legal removal requests: With new privacy laws emerging, leverage your rights. Use official processes like Google’s “Results about you” tool and submit formal takedown notices under regulations like GDPR or California Consumer Privacy Act (CCPA) where applicable.
7. Adopt proactive privacy tools: Prevent future data collection by making a bank-grade VPN encryption your default. A VPN encrypts your traffic and masks your IP address, making you harder to track.
8. Establish continuous monitoring: Erasing yourself from the internet is an ongoing process. Regularly repeat these steps and use automated tools to monitor for new exposures to ensure your digital footprint stays minimal over the long term.

To give you a deeper understanding, here is a more detailed explanation of the impact of following the steps above:

Deleting or deactivating your social media accounts

Facebook

• Deactivation: Your profile becomes invisible, but Facebook retains your data. You can reactivate anytime. Find this in Settings > Your Facebook Information > Deactivation and Deletion.
• Deletion: This is permanent. After a grace period (usually 30 days), your data is removed and unrecoverable. You can download a copy of your information before deletion via Settings > Your Facebook Information > Download Your Information.
• Privacy Impact: Deletion significantly reduces your discoverable footprint; deactivation is a temporary measure.

X (formerly Twitter):

• Deactivation: Your account is hidden for 30 days. If you don’t log in during this period, it’s permanently deleted. Go to Settings and privacy > Your account > Deactivate your account.
• Data download: You can request your archive via Settings and privacy > Your account > Download an archive of your data.
• Privacy Impact: Permanent deletion removes your tweets and profile information from X’s active servers.

Instagram (owned by Meta/Facebook):

• Deactivation: Hides your profile, photos, comments, and likes until you reactivate. This action is accessible through Edit Profile > Temporarily disable my account, usually done via a web browser.
• Deletion: Permanently removes your profile and all content. Use the dedicated “Delete Your Account” page in Instagram’s Help Center or within the app: Settings > Account > Delete account. There’s a 30-day period before permanent removal.
• Data download: Request your data via Settings > Your activity > Download your information.
• Privacy impact: Deletion is a strong step towards removing your visual and personal data from this platform.

TikTok:

• Deactivation/Deletion: TikTok combines these. You request deletion, and there’s a 30-day deactivation period during which you can reactivate. After 30 days, deletion is permanent. Go to Profile > three-line icon (Menu) > Settings and privacy > Account > Deactivate or delete account.
• Data Download: Available under Settings and privacy > Account > Download your data.
• Privacy Impact: Removes your videos and profile from the platform. Given TikTok’s data collection practices, deletion is advisable if you’re concerned about privacy.

LinkedIn:

• Hibernation: Temporarily deactivates your profile. Go to Settings & Privacy > Account preferences > Account management > Hibernate account.
• Close account: Permanently deletes your profile and data. Go to Settings & Privacy > Account preferences > Account management > Close account. There’s a short grace period of usually a few days.
• Data download: Request an archive under Settings & Privacy > Data privacy > Get a copy of your data.
• Privacy impact: Closing your account removes your professional profile from public view and LinkedIn’s network.

Snapchat:

• Deletion: Snapchat primarily offers deletion. Your account is first deactivated for 30 days, then permanently deleted. Access via the Snapchat accounts portal and select “Delete My Account,” or within the app: Settings > Account Actions > Delete Account.
• Data Download: Available through the accounts portal or in-app under “My Data.”
• Privacy Impact: Removes your snaps, stories, and account data from the platform.

After attempting to delete yourself from internet social media platforms, tools like McAfee Social Privacy Manager can be invaluable. It helps audit your social media accounts, identifying residual information or settings that might still compromise your privacy, ensuring your cleanup is as thorough as possible. It can personalize your privacy settings across multiple platforms with just a few clicks.

Opt out of people search and data broker websites

People search sites and data broker websites are entities that collect, compile, and sell your personal information to businesses and individuals. This information can include addresses, phone numbers, relatives, employment history, and even more sensitive data. Removing yourself from the internet heavily involves addressing these sites. Some of the most prominent sites include Spokeo, BeenVerified, Whitepages, ZoomInfo, Intelius, MyLife, and Radaris. To manually opt out of these sites, you can follow this tedious process:

• Visit each data broker’s website.
• Search for their opt-out page or privacy policy, which usually contains removal instructions. This can sometimes be hidden in footers or FAQs.
• You’ll often need to find your specific listing on their site first.
• Follow their specific procedure, which might involve filling out an online form, sending an email, or even mailing a physical letter. Some may require you to provide identification to verify you are the person whose data you’re requesting to remove.
• Keep records of your requests and their confirmations.

Manually opting out is time-consuming, often confusing, and your information can reappear later as brokers continually update their databases. This is a significant challenge when trying to delete yourself from the internet. Automated services, like McAfee Personal Data Cleanup, streamline this by scanning for your information on numerous data broker sites and automate the opt-out requests on your behalf. More importantly, it provides ongoing monitoring and removal, as data brokers frequently re-acquire and re-post information, making one-time manual removals often insufficient. This continuous service is vital for maintaining a reduced digital footprint.

Requesting removal from Google search results

When removing your information from the internet, tackling Google search results is a significant step. Google offers a tool to request the removal of certain personally identifiable information (PII) or doxxing content from its search results. To begin:

• Visit Google’s “Results about you” tool in your Google account or search for “Google remove personal information.” Prerequisites usually involve submitting URLs of the pages displaying your information and screenshots of the specific content.
• Qualifying content for removal includes personal contact info like phone numbers, email or physical addresses when they appear as part of doxxing content, non-consensual explicit imagery, and certain financial or medical information.
• When Google reviews each request, removal timelines can vary. It may take several days or weeks.
• For image takedowns, the process is similar, but ensuring the image is also removed from the source website is crucial, as Google only removes it from search results.
• If content is removed from a website but still shows in search results, it’s likely a cached version. You can use Google’s “Remove outdated content” tool to request an update to the cached result.
• Using a VPN when submitting these sensitive removal requests can add a layer of privacy by masking your IP address, preventing your location and online activity from being directly linked to the removal process.

Benefits of deleting your info from the internet

Shortening your so-called digital shadow helps improve everyday life in several ways. It can:

• Reduce the number of sketchy texts, emails, and calls you get. If a hacker, scammer, or spammer can’t track down your contact info, they can’t reach you on your computers and phones. Removing info from data broker sites, old accounts you no longer use, and even social media can make it harder for them to reach you.
• Reduce the risk of identity crimes. Bad actors turn your info against you such as taking out loans in your name, filing bogus insurance claims, and even impersonating you for employment or criminal purposes. When you have less info online, they have less info to work with.
• Keep snoops out of your business. Tracking and monitoring are simple facts of going online. Sites and businesses do it for performance and marketing purposes. Hackers and bad actors do it for outright theft. Taking steps to mask and outright hide your activities online benefits your privacy and your security.
• Take control of your info’s movement. Increased privacy largely gives you—not someone else—the power to share your info. The fact is that many companies with loose data privacy and data security measures share your info with third parties. Increased privacy gives you far more control of where your info does and doesn’t go.

Can you completely remove yourself from the internet?

Realistically, it’s virtually impossible to erase every trace of your existence online. Certain data, like public records such as property ownership, court records, or voter registration cannot be removed as they are legally required to be public.

Technical limitations that enable your data to persist include cached pages on search engines, which can take time to update even after original content is removed, digital archives like the Wayback Machine, and information stored on the immutable blockchain. Legal requirements may also compel organizations to retain data for specific periods.

The goal isn’t total erasure, which is largely unattainable, but rather significant minimization of your digital footprint. Focus on removing sensitive personal information from as many sources as possible and controlling what new data is generated. This is where continuous monitoring becomes crucial.

Some online security software providers assist in this ongoing effort by regularly scanning for and requesting the removal of your discoverable data from data broker sites, a more practical approach than trying to scrub yourself off the internet entirely.

You have the right to be forgotten

The “right to be forgotten,” formally known as the Right to Erasure, is a significant privacy principle under the General Data Protection Regulation (GDPR) in the European Union. It allows individuals to request that organizations delete their personal data under specific circumstances, such as when the data is no longer necessary for the purpose it was collected, consent is withdrawn, or the data was unlawfully processed.

While GDPR is an EU law, its global influence inspired similar legislation such as the California Consumer Privacy Act (CCPA) and other U.S. state-level privacy laws in Virginia and Colorado. Eligibility typically requires the organization holding the data to have no overriding legitimate grounds for retaining the data. Geographical limitations are key: GDPR primarily protects individuals within the EU, while U.S. laws apply to residents of specific states.

To submit a request, you need to contact the organization directly, clearly stating your request for erasure and the grounds for it. EU citizens can use Google’s GDPR removal request form to petition for the delisting of search results containing your name if they are inadequate, no longer relevant, or excessive.

In California, CCPA request forms can often be found on businesses’ privacy pages. To submit a request to remove your personal information, you must:

1. Identify the data controller.
2. Clearly articulate your request for erasure, citing the relevant legal basis.
3. Provide sufficient information for the organization to identify you and the specific data.
4. Keep records of your request and any responses.

You should also check the websites of other relevant data protection authorities such as the ICO in the UK for the GDPR or the California Attorney General for the CCPA.

To complement these efforts, you could consider using McAfee tools like Personal Data Cleanup, which proactively finds and helps remove your data from sources that might not be directly covered or are cumbersome to address individually.

Pro tips to prevent future data collection

When apps, websites, and even devices constantly gather your personal information, protecting your privacy requires more than just basic settings. There are smart ways to take control of your data. We’ve put together some tips to help you minimize or avoid unwanted data collection, stay under the radar, and make more informed choices about who gets access to your digital life.

• Use throw-away email addresses: Create disposable email accounts for one-time sign-ups or services you don’t trust. This keeps your primary inbox clean and reduces the amount of personal data associated with it.
• Install browser privacy extensions: Employ extensions that block trackers, scripts, and ads. Tools like ad blockers and anti-tracking add-ons can significantly reduce the amount of data websites collect about your browsing habits.
• Utilize encrypted messaging apps: Opt for messaging services that offer end-to-end encryption, such as Signal or WhatsApp to protect your communications from being intercepted.
• Switch to privacy-focused search engines: Search engines like DuckDuckGo or Startpage do not track your search history or profile you, offering a more private way to find information online.
• Maintain consistent VPN usage: A virtual private network encrypts your internet connection and masks your IP address, making it harder for websites, internet service providers, and snoopers to track your online activities and location.
• Review app permissions regularly: Scrutinize the permissions requested by mobile apps. Grant only necessary permissions and revoke excessive permissions.
• Secure IoT devices: Change default passwords on all Internet of Things devices like smart speakers, cameras, and thermostats. Keep their firmware updated and, if possible, connect them to a separate, isolated network to limit their access to your primary network.
• Quick privacy checklist: Log out of accounts when not in use. Clear your browser cookies and cache regularly. Be cautious when using public Wi-Fi—use a VPN. Think before clicking on links or downloading attachments. Limit the personal information you share online. Do a monthly cleanup of unused online accounts. Use strong, unique passwords and enable two-factor authentication.
• Use automated tools: McAfee Personal Data Cleanup automates the removal process from data brokers, making this essential task much more manageable.

FAQs about removing your data from the internet

How long does it take to remove my info?

The timeline varies. Some removals are instant, while data broker opt-outs can take weeks. In addition, removing your information is an ongoing process, as data can reappear. Continuous monitoring is key to keeping your information off the internet.

Will data brokers relist my information?

Yes, frequently. Data brokers constantly scan for new information, so your data can reappear after removal. This is why automated, ongoing services like McAfee Personal Data Cleanup are essential for lasting privacy.

Is it free to remove myself from the internet?

Manual methods are free but extremely time-consuming and repetitive. Paid services offer a more effective, automated solution that saves you hundreds of hours and provides continuous protection.

What information can I not remove?

Certain public records, such as property ownership, court documents, and voter registration information, are legally required to be accessible and generally cannot be removed by an individual.

Do I have a “right to be forgotten” in the US?

There is no federal law, but individual states like California and a few others offer residents the right to delete their data. You must check your specific state’s laws and submit requests directly to companies.

How do I find all my forgotten online accounts?

Manually searching for every old account is nearly impossible. McAfee Online Account Cleanup helps by scanning the internet to find accounts linked to your email, assessing their risk, and helping you delete them.

Final thoughts

While the goal to completely erase yourself from the internet is not fully achievable, you can take significant control over your identity by minimizing your digital shadow or footprint.

Once you have successfully reduced your digital footprint, your privacy is an ongoing commitment, not a one-time task. By staying vigilant and using the right tools, you can dramatically decrease your exposure to risks like identity theft and scams.

Online security software providers like McAfee offer comprehensive privacy services, including Personal Data Cleanup and a secure VPN, to support your need to manage your online presence confidently and safeguard your digital life for the long term.

The post How Do You Remove Your Information From the Internet? appeared first on McAfee Blog.

Scammers didn’t take a summer break. They kept busy, ramping up a fresh wave of back-to-school shopping scams. As busy families rush to get kitted out for a new school year, scammers are ready with a glut of phony shopping sites, bogus offers, and fake delivery notifications designed to steal your money and personal info. Let’s get a rundown of what scams are out there this year and how you can avoid them.

What back-to-school shopping scams are out there?

Scammers look to cash in on all the spending that tends to peak in July and August. According to the National Retail Federation, the average U.S. family spends nearly $860 per child to prep them for school—which includes supplies, clothing, and shoes for the new school year. So, like any time of year where a holiday or seasonal event drives a spike in online shopping, we see a rise in scam shopping sites.

The scammers behind these sites promote them in several ways, such as through sponsored search links, email offers, and through social media ads (more on that in a moment). Typically, these sites fall into two categories:

• Bogus shopping sites where shoppers pay for goods and never receive them. Not only are victims charged for the non-existent goods, but the scammers also have their payment info to use moving forward.
• Sites that sell counterfeit or cheap knockoff goods. Shoppers get less than they pay for, and they potentially unwittingly support sweatshops and child labor in the process.

While scammers use the lure of low-priced classroom staples like pens, notebooks, backpacks, and the like, they also crank out non-existent deals everything from clothing and shoes to big-ticket items like laptop computers. Also popular are phony shopping sprees and giveaways, which also lure shoppers into handing over their account and personal info. In all, with online shopping hitting another seasonal peak, it’s time for shoppers to give those ads and deals a particularly closer look. Scammers are out there in force.

How are scammers using social media for back-to-school scams?

Fake social media ads remain a mainstay of the scammer arsenal, and scammers most certainly put them to use during back-to-school time. Scammers love social media ads because they offer precise audience targeting. With a convincing-looking ad created using AI tools, they can reach vast numbers of interested buyers—people who are on the lookout for back-to-school deals. With these ads, they point potential victims to the sites mentioned above, all with the hope that unsuspecting shoppers will impulsively click on the deal. From there, the scam works much the same as above. Shoppers end up on a scam site that often looks convincing (thanks again to AI tools that help scammers spin them up quickly) where they enter their personal and account info, only to end up getting scammed.

Three ways you can avoid back-to-school shopping scams.

1. Look up retailers you’re not familiar with. When you’re shopping online and come across a retailer you haven’t seen before, do some quick research on the company. How long have they been around? Have any complaints been recorded by your attorney general or local consumer protection agency? Also a quick search of “[company name] scam” can help. You might come across posts and reports about a scam related to that company. One extra resource comes courtesy of the Better Business Bureau (BBB) at BBB.org. There you can look up a company, verify its info, and see a list of any complaints against it.
2. When shopping, pay with a credit card instead of your debit card. In the U.S., the Fair Credit Billing Act offers the public protection against fraudulent charges on credit cards. Citizens can dispute charges of over $50 for goods and services that were never delivered or otherwise billed incorrectly. (Note that many credit card companies have their own policies that improve upon the Fair Credit Billing Act as well.) However, debit cards don’t get the same protection under the act. Avoid using a debit card while shopping online and use your credit card for extra assurance.
3. Get a scam detector to spot bogus links and offers for you. Even with these tips and tools, spotting bogus links with the naked eye can get tricky. Some look “close enough” to a legitimate link that you might overlook it. Yet a combination of features in our McAfee+ plans can help do that work for you. Our Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

Also watch out for phony delivery message scams during back-to-school season.

Another popular scammer ploy involves shipping notifications. Scammers know that with lots of online shopping comes a lot of online shipping notifications. They send phony delivery messages by the thousands, all with the aim of catching a few victims who have real packages on the way.

They pose as legitimate shippers and retailers, do their best to look and sound like them, and use urgency to get people to act. “Your package can’t be delivered. Please click this link within the next 24 hours to get your shipment.” And so on. In some cases, those links lead to phishing and malware sites. In others, the notification contains an attachment that installs malware if clicked.

With these scams in the mix, here’s how you can stay safe:

1. Don’t tap on links in text messages: If you follow one piece of advice, it’s this. Companies use their standard addresses and phone numbers to contact customers. Follow up on their websites to see what they are. The USPS, UPS, FedEx, and Amazon each have pages dedicated to sharing that info.
2. Confirm directly: If you have concerns, get in touch with the company you think might have sent it. Manually type in their website and enquire there. Again, don’t click or tap any links.
3. Use the shipping company’s or retailer’s app: the USPS, UPS, FedEx, and Amazon all have legitimate apps available in Apple’s App Store and Google Play. You can also count on those to track packages and verify info about your shipments.

 

The post Scammers Take Advantage of Back-to-School Shopping Scams. appeared first on McAfee Blog.

News of a major data breach that could affect nearly three billion records comes to light from a somewhat unusual source — a class-action complaint filed in Florida. Even as details come to light, we advise people to act as if this is indeed a large and significant breach and thus will need to take precautions. In this case, we will guide you on what to do if your sensitive personal information has been exposed in a data breach and how you can stay protected in the future.

The National Public Data breach

First, the details. The filed complaint concerns the National Public Data (NPD), a public records data provider that offers background checks and fraud prevention services. Per their website, “[NPD obtains] information from various public record databases, court records, state and national databases, and other repositories nationwide.” The complaint alleges that NPD was hit by a data breach in or around April 2024. The complaint filed in the U.S. District Court further alleges that:

• The company had sensitive information breached, such as full names, current and past addresses spanning at least the last three decades, Social Security numbers (SSNs), info about parents, siblings, and other relatives including some who have been deceased for nearly 20 years, and other personal info.
• The company “scraped” this information from non-public sources. This info was collected without the consent of the complainant and the billions of others who might qualify to join in the class action complaint.
• The company “assumed legal and equitable duties to those individuals to protect and safeguard that information from unauthorized access and intrusion.”

When combined, these data points create a comprehensive profile of an individual, significantly increasing the risk of sophisticated identity theft. With this information, criminals could open new lines of credit, file fraudulent tax returns, or access other sensitive accounts in your name. While details of the NPD breach are still emerging, the potential scope of this personal data breach means it’s wise to act now to protect your identity.

Unreported data breach discovered by McAfee

In the United States, there is no single federal law governing data breach notifications. Instead, a patchwork of laws across all 50 states, the District of Columbia, and U.S. territories requires companies to notify consumers if their personal information is compromised. These laws specify who must be notified, when, and how.

Typically, companies self-report these breaches, thanks to regulations and legislation that require them to do so in a timely manner. Consumers then receive notifications via email or physical mail. However, as this alleged National Public Data breach shows, information about an incident can sometimes surface through other channels, such as court filings, security researcher reports, or identity theft protection alerts, occasionally even before a formal announcement from the affected company.

That way, initial word of breaches may reach customers through emails, news reports, and sometimes through notifications to certain state attorney generals. In this case, it appears that no notices were sent to potential victims. Further, we were unable to find any filings with state attorneys general.

The primary plaintiff discovered the breach when he “received a notification from his identity theft protection service provider notifying him that his [personal info] was compromised as a direct result of the ‘nationalpublicdata.com’ breach …”

Further, in June, The Register reported that a hacker group by the name of USDoD claimed it hacked the records of nearly 3 billion people and put them up for sale on the dark web. The price tag—U.S. $3.5 million. The group further claimed that the records include information about U.S., Canadian, and British citizens.

From an online protection standpoint, this alleged breach could contain highly sensitive information that, if true, would put three billion people at risk of identity theft. The mere possibility of breached Social Security numbers alone makes it something worth acting on.

Data breaches and how they happen

A data breach is a security incident where sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an individual unauthorized to do so.

The main goal for attackers is often financial gain; they can sell vast datasets of personal information on the dark web or use it directly for identity theft and fraud. Large, aggregated records like those allegedly exposed in the NPD breach are especially valuable because they provide a complete picture of an individual, making fraudulent activities easier to execute.

Data breaches happen in several ways:

• Phishing and social engineering: Criminals trick employees or individuals into revealing sensitive information, like passwords or account details, through deceptive emails, texts, or calls.
• Stolen or weak credentials: Hackers use passwords and usernames exposed in previous breaches (a technique called credential stuffing) to gain access to other systems. Using simple or reused passwords makes this easy.
• Software vulnerabilities: Cybercriminals exploit security flaws in outdated software, applications, or operating systems to gain unauthorized access to a company’s network.
• Misconfigured databases and cloud services: Sometimes, sensitive data is left on servers that are not properly secured, making them publicly accessible to anyone who knows where to look.
• Insider threats: A data breach can be caused intentionally or unintentionally by a current or former employee with access to sensitive information.

Data breach impact on Social Security numbers

The legal complaint against National Public Data explicitly alleges that Social Security numbers were part of the compromised information. An SSN is one of the most critical pieces of personal data because it is a unique, lifelong identifier used for employment, banking, credit, and government benefits.

Unlike a credit card number, an SSN cannot be easily changed. If your SSN is exposed in a data breach, it puts you at a much higher risk for serious financial and legal fraud that can be difficult to resolve. Given the severity of this allegation, it is essential to take immediate preventative actions as if your SSN has been compromised.

Check if your Social Security data is exposed

It’s natural to want to know immediately if your information was part of a data breach. However, you should be extremely cautious. Never enter your Social Security number or other sensitive data into an unknown website that claims to have the capability to check for breach exposure.

Many of these are scams designed to steal your information. The safest approach is to use a trusted identity monitoring service, which scans the dark web and breach databases for your information without requiring you to share sensitive details insecurely. Be wary of phishing emails that pretend to be official notifications about the breach. Instead of clicking links, go directly to the company’s official website for information.

Follow these steps if your Social Security number is exposed

1. Place a security freeze on your credit. Contact all three major credit bureaus (Equifax, Experian, and TransUnion) to freeze your credit. A freeze restricts access to your credit report, making it much harder for identity thieves to open new accounts in your name.
2. Set up fraud alerts. A fraud alert requires potential creditors to verify your identity before issuing new credit. You can place an initial one-year alert for free by contacting just one of the credit bureaus, which will then notify the other two.
3. Change your passwords: Secure your online accounts, starting with your email, financial, and government accounts. Use strong, unique passwords for each one and enable two-factor authentication (2FA) wherever possible.
4. Monitor your financial accounts and credit reports. Keep a close eye on your bank accounts, credit card statements, and credit reports for any suspicious activity. You are entitled to free weekly credit reports from all three bureaus at AnnualCreditReport.com.
5. File a report if you see fraud. If you find evidence of identity theft, file a report immediately with the Federal Trade Commission (FTC) at IdentityTheft.gov. This report is crucial for disputing fraudulent charges and accounts.
6. Consider an IRS Identity Protection PIN (IP PIN). This is a six-digit number known only to you and the IRS, which provides an extra layer of protection against tax refund fraud.
7. Check your Social Security benefits. Create a “my Social Security” account on the Social Security Administration’s website to check your statement for any unauthorized activity.
8. Document everything: Keep detailed records of all calls, emails, and correspondence related to the theft. Note dates, times, and the names of people you speak with.

Protect yourself against data breaches moving forward

The NPD breach shows the risks and frustrations that we, as consumers, face in the wake of such attacks. It often takes months before we receive any kind of notification. And of course, that gap gives hackers plenty of time to do their damage. They might use stolen info to commit identity crimes, or they might sell it to others who’ll do the same.

Either way, we’re often in the dark until we get hit with a case of identity theft ourselves. Indeed, word of an attack that affects you might take some time to reach you. With that, a mix of measures offer the strongest protection from data breaches. To fully cover yourself, we suggest the following:

Check your credit, consider a security freeze, and get ID theft protection

With your personal info potentially on the dark web, strongly consider taking preventive measures now. Checking your credit and getting identity theft protection can help keep you safer in the aftermath of a breach. Further, a security freeze can help prevent identity theft if you spot any unusual activity. You can get all three in place with our McAfee+ Advanced or Ultimate plans. Features include:

• Credit monitoring keeps an eye on changes to your credit score, report, and accounts, providing timely notifications and guidance so you can take action to tackle identity theft.
• Security freeze protects you proactively by stopping unauthorized access to existing credit card, bank, and utility accounts or from new ones being opened in your name. And it won’t affect your credit score.
• ID Theft & Restoration Coverage gives you $2 million in identity theft coverage and identity restoration support if it is determined that you’re a victim of identity theft.​ This way, you can cover losses and repair your credit and identity with a licensed recovery expert.

Monitor your identity and transactions

Breaches and leaks can lead to exposure, particularly on dark web marketplaces where personal info gets bought and sold. Our Identity Monitoring can help notify you quickly if that happens. It keeps tabs on everything from email addresses to IDs and phone numbers for signs of breaches. If spotted, it offers advice that can help secure your accounts before they’re used for identity theft.​

Also in our McAfee+ plans, you’ll find several types of transaction monitoring that can spot unusual activity. These features track transactions on credit cards and bank accounts, along with retirement accounts, investments, and loans for questionable transactions. Finally, further features can help prevent a bank account takeover and keep others from taking out short-term payday loans in your name.

Keep an eye out for phishing attacks

With some personal info in hand, bad actors might seek out more. They might follow up a breach with rounds of phishing attacks that direct you to bogus sites designed to steal your personal info — either by tricking you into providing it or by stealing it without your knowledge. So look out for phishing attacks, particularly after breaches.

If you are contacted by a company, make certain the communication is legitimate. Bad actors might pose as authorized services to steal personal info. Don’t click or tap on links sent in unsolicited or unexpected emails, texts, or messages. Instead, go straight to the appropriate website or contact them by phone directly.

For even more security, you can use our new Scam Detector. It puts a stop to scams even before you click by detecting any suspicious links and sending you an alert. If you accidentally tap a bad link, it blocks the sketchy sites they can take you to.

Update your passwords and use two-factor authentication

Changing your password is a strong preventative measure. Strong and unique passwords are best, which means never reusing your passwords across different sites and platforms. Using a password manager helps you keep on top of it all, while also storing your passwords securely.

While a strong and unique password is a good first line of defense, enabling two-factor authentication across your accounts helps your cause by providing an added layer of security. It’s increasingly common to see nowadays, where banks and all manner of online services will only allow access to your accounts after you’ve provided a one-time passcode sent to your email or smartphone.

Remove your personal info from data broker sites

According to the filed complaint, National Public Data “scrapes” personal info from non-public sources. Further, the home page of the website mentions that it gathers info “from various public record databases, court records, state and national databases, and other repositories nationwide.” While we can’t confirm this ourselves, we can cautiously call out that these sources might include data broker sites.

While any damage here has already been done, we recommend removing your personal info from these data broker sites. This can prevent further exposure in the event of future breaches elsewhere. Our Personal Data Cleanup can do this work for you. It scans data broker sites and shows you which ones sell your personal info.

From there, it shows how you can remove your data. McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, and automatically sends removal requests on your behalf..

Additional steps to help prevent future data breaches

• Minimize data sharing: When signing up for new services or apps, provide only the minimum information required. The less data you share, the less can be exposed in a breach.
• Set up account alerts: Enable notifications for your financial and credit card accounts to get real-time alerts for transactions or login attempts.
• Keep software updated: Regularly update your operating system and applications to patch security vulnerabilities.
• Limit your digital footprint: Use a service like McAfee’s Personal Data Cleanup to find and request the removal of your personal info from data broker sites that collect and sell it.

Final thoughts

News of a massive personal data breach can be unsettling, but it’s important to respond with calm, proactive steps rather than panic. The best defense is a strong offense: actively monitor your financial accounts and credit reports, consider placing a security freeze on your credit as a powerful preventative measure, and strengthen your online account security with unique passwords and two-factor authentication. By using identity monitoring services and taking these incremental actions today, you can significantly reduce your risk and stay ahead of potential threats, empowering you to live your digital life more confidently.

The post Data Breach Exposes 3 Billion Personal Information Records appeared first on McAfee Blog.

You can request data brokers to remove your personal info from their databases. But finding their request forms is another challenge entirely, especially when they’re hidden. Recent reporting from CalMatters and The Markup found that 35 data brokers injected code into their websites that hid their opt out pages from search, making it more difficult for people to delete their data.If you don’t like the idea of your sensitive personal info being collected, bought, and sold without your knowledge, this is important news for you.
And these brokers collect plenty of it. They compile often exacting profiles of people, which can include things like purchasing habits, health data, financial info, real-time location data (gathered from smartphone apps), and even inferred info like political leanings, lifestyle choices, and religious beliefs.
As you can see, this level of data collection can get entirely personal.

Moreover, practically anyone can purchase this sensitive info. That ranges from advertisers to law enforcement and from employers to anyone on the street who wants to know a lot more about you.
This report stands as a good reminder that data collection on this level is an everyday fact of life—and that you can still take some control of it.
With a quick look at the report, we’ll then show you what’s going on with all this data collection and what you can do about it.

Data brokers making it tougher to remove personal data from their sites

As part of the article, reporters analyzed 499 data broker sites registered in the state of California. Of them, 35 had search-blocking code. Additionally per the article, many opt out pages “required scrolling multiple screens, dismissing pop-ups for cookie permissions, and newsletter sign-ups and then finding a link that was a fraction the size of other text on the page.” Once the publications contacted the data brokers in question, multiple companies halted the practice, some responding that they were unaware their site had search-blocking code. Several others didn’t respond by the time the article was published and kept their practices in place.

Where do data brokers get such personal info?

There are several ways information brokers can get information about you…

Sources available to the public: Some of your personal records are easily available to the public. Data brokers can collect public records like your voter registration records, birth certificate, criminal record, and even bankruptcy records. By rounding them up from multiple sources and gathering them in one place, it takes someone seconds to find out all these things about you, rather than spending hours poring over public records.

Search, browsing, and app usage: Through a combination of data collected from internet service providers (ISPs), websites, and apps, data brokers can get access to all kinds of activity. They can see what content you’re interested in, how much time you spend on certain sites, and even your daily travels thanks to location data. They also use web scraping tools (software that pulls info from the web), to gather yet more. All this data collecting makes up a multi-billion-dollar industry where personal data is gathered, analyzed, sold, and then sold again and again—all without a person’s knowledge.
Online agreements: As it is with smartphone apps, you’ll usually have to sign an agreement when signing up for a new online service. Many of these agreements have disclosures in the fine print that give the company the right to collect and distribute your personal info.

Purchase history: Data brokers want to know what products or services you’ve purchased, how you paid for them (credit card, debit card, or coupon), and when and where you purchased them. In some cases, they get this info from loyalty programs at places like supermarkets, drugstores, and other retailers. Kroger, one of the largest grocery chains, is a good example of how purchasing insights end up in the hands of others. According to Consumer Reports, the company draws 35% of its net income from selling customer data to other companies.
“What can I do about companies collecting my data?”

For starters, there aren’t any data privacy laws on the federal level. So far, that has fallen to individual states to enact. As such, data privacy laws vary from state-to-state, with California having some of the earliest and strongest protections on record, via the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

In all, 20 states currently have comprehensive privacy laws in place, with five others that have put narrower privacy protections in place, covering data brokers, internet service providers, and medical/biometric data.
States with Comprehensive Data Privacy Laws

• California
• Virginia
• Colorado
• Connecticut
• Utah
• Iowa
• Indiana
• Tennessee
• Texas
• Florida
• Montana
• Oregon
• Delaware
• New Hampshire
• New Jersey
• Kentucky
• Nebraska
• Rhode Island

For specific laws in your state and how they can protect you, we suggest doing a search for “data privacy laws [your state]” for more info.
Even if your state has no or narrow data privacy laws in place, you still have several ways you can take back your privacy.

How to protect your data from data brokers

The first thing you can do is keep a lower profile online. That can limit the amount of personal info they can get their hands on:

Be selective about what you share online. Don’t overshare personal info on social media. Avoid things like online quizzes and sweepstakes. And be aware that some data brokers indeed scour the web with scraping tools that gather up info from things like forum posts.

Go private. Even better, lock down your privacy on social media. Social media platforms like Facebook, Instagram, and others have several settings that keep your profile from being scraped in the ways mentioned above. Features like our Social Privacy Manager can make quick work of this by adjusting more than 100 privacy settings across your accounts in a few clicks.

Use a virtual private network (VPN) whenever possible. A VPN hides your IP address and encrypts your data while you surf the web. McAfee’s Secure VPN protects your personal data and credit card information so you can browse, bank, and shop online without worrying about prying eyes, like data brokers and internet service providers (ISPs) that collect info about what you do online.

Remove your info from data brokers quickly with McAfee

The list of data brokers is long. Cleaning up your personal data online can quickly eat up your time, as it requires you to reach out to multiple data brokers and opt out. Rather than removing yourself one by one from the host of data broker sites out there, you have a solution: our Personal Data Cleanup.
Personal Data Cleanup scans data broker sites and shows you which ones are selling your personal info. It also provides guidance on how you can remove your data from those sites. And if you want to save time on manually removing that info, you have options. Our McAfee+ Advanced and Ultimate plans come with full-service Personal Data Cleanup, which sends requests to remove your data automatically. If the thought of your personal info getting bought and sold in such a public way bothers you, our Personal Data Cleanup can put you back in charge of it.

The post You Have a Right to Delete Your Data—But Dozens of Data Brokers Hide How to Do It appeared first on McAfee Blog.

Scammers are exploiting the massive popularity of Labubu collectible toys through fake websites and social media ads, resulting in consumers losing hundreds of dollars to counterfeit “Lafufu” dolls or receiving nothing at all. Here’s how to protect yourself from becoming their next victim.

The Viral Phenomenon That Caught Cybercriminals’ Attention

If you haven’t heard of Labubu dolls yet, you’re about to understand why they’ve become both a cultural obsession and a cybersecurity nightmare. These small, mischievous-looking plush toys with distinctive sharp teeth have exploded in popularity thanks to celebrity endorsements from Rihanna, Dua Lipa, and BLACKPINK’s Lisa, plus viral TikTok unboxing videos.

Created by Hong Kong artist Kasing Lung and sold exclusively by Pop Mart since 2019, these $20-$30 “blind box” collectibles have generated such intense demand that rare “secret” versions are reselling for thousands of dollars. Fans line up for hours at Pop Mart stores and even travel internationally to get their hands on authentic Labubus. Where there’s viral demand and limited supply, cybercriminals inevitably follow.

The Anatomy of a Modern Scam Operation

The Scale of the Problem

The Better Business Bureau has received over 76 reports from consumers who thought they were purchasing authentic Labubu dolls but instead received counterfeit versions dubbed “Lafufus” – or worse, nothing at all. Some victims report losses of nearly $500 from a single fraudulent transaction.

How the Scam Works

The attack vector is disturbingly familiar yet devastatingly effective:

1. Social Media Infiltration: Scammers flood TikTok and Instagram with sponsored ads featuring “limited edition” Labubu dolls at discounted prices
2. Fake Website Creation: Professional-looking e-commerce sites mimic Pop Mart’s official branding and use urgent language like “limited stock” and countdown timers
3. Payment Harvesting: Once victims enter payment information, scammers either ship low-quality counterfeits or disappear entirely
4. Digital Vanishing Act: When complaints mount, the entire operation disappears overnight, only to resurface under a new domain name

The Most Dangerous Platforms

The BBB has specifically flagged these scam operations:

• Kawaii Room
• Cult Neo
• Bubulands
• Bears R Us
• Labubu Fantasy

Additionally, TikTok live streams claiming to be “Pop Mart USA” have been particularly problematic, using high-pressure sales tactics and fake countdown timers to rush buyers into immediate purchases.

Red Flags To Recognize

Website Warning Signs

• Prices significantly below retail ($20-30 for authentic Labubus)
• Domains that slightly misspell official brand names
• Lack of verifiable contact information or customer service
• No official Pop Mart branding or licensing information
• Generic order confirmation emails without proper company details

Sponsored Ads on TikTok or Instagram Promoting “Exclusive Deals”

These fraudulent advertisements are designed to look legitimate and often feature professional product photography stolen from Pop Mart’s official channels. The ads frequently claim unrealistic discounts such as “50% off limited edition Labubu” or similar offers that seem too good to be true. Promotional copy emphasizes false urgency with phrases like “Last 24 hours!” or “Only 100 left!” to pressure consumers into making immediate purchases without proper consideration.

Warning signs include links that redirect to domains other than popmart.com or Pop Mart’s official Amazon store, indicating fraudulent operations. These ads typically originate from accounts with generic names or recently created profiles that have little post history, suggesting they were established specifically for scamming purposes. The comments sections are either disabled entirely or filled with obviously fake positive reviews designed to create an illusion of satisfied customers.

Scammers often use unofficial terminology or deliberate misspellings of “Labubu,” sometimes intentionally using variations like “Lafufu” to avoid detection by platform algorithms designed to identify and remove fraudulent content related to official brand names.

Live Streams with Urgent Countdowns Creating Artificial Scarcity

TikTok live streams have become a particularly dangerous vector for Labubu scams, operating as sophisticated psychological manipulation campaigns. These streams claim to be “Pop Mart USA” and run for up to 12 hours daily, using countdown timers that reset repeatedly to create false urgency. The hosts make claims of “restocks” or “newly available inventory” that never actually existed, giving viewers only seconds to purchase once items “drop” to prevent careful consideration.

The manipulation extends to chat features filled with fake comments from bot accounts expressing excitement, while QR codes displayed on stream appear authentic but lead to fraudulent websites. Many hosts wear Pop Mart merchandise or display authentic products while selling counterfeits, using stream titles with official-sounding language like “Official Pop Mart Restock Event” to enhance their credibility.

Multiple Similar Accounts Claiming to be Official Retailers

Scammers create networks of interconnected fake accounts to build credibility and reach wider audiences. These profiles use variations of names like “Pop Mart USA” or “Official Labubu Store,” copying official Pop Mart language and contact information in their bio sections. They use profile pictures featuring Pop Mart’s logo or official product photography without permission, engaging in cross-promotion between fake accounts to create an illusion of legitimacy.

These fraudulent accounts maintain artificially inflated follower counts through bot networks and post histories that are either very recent or filled with stolen content from official accounts. The posting patterns appear inconsistent, suggesting automated or outsourced management, while comments and engagement seem coordinated rather than organic.

QR Codes and Fabricated “Proof of Authenticity”

Visual “proof” elements appear legitimate but are actually fabricated to deceive consumers. QR codes redirect to fake verification websites rather than Pop Mart’s official system, while authenticity certificates or stamps use similar but not identical branding to official materials. Scammers use photos of authentic Labubu products to “prove” legitimacy while shipping counterfeits, providing serial numbers or batch codes that don’t match Pop Mart’s actual numbering systems.

The deception includes holographic stickers or security features that look similar but lack proper verification methods, screenshots of “authentication apps” that are actually fake applications created by scammers, and references to verification through third-party services that don’t actually authenticate Pop Mart products. Authentic packaging may be displayed while the actual shipped products come in generic or counterfeit boxes.

Payment Red Flags

Several warning signs indicate fraudulent operations. Scammers often request payment through peer-to-peer apps like CashApp or Venmo, avoid implementing secure checkout processes or SSL certificates, and make it impossible to cancel orders immediately after placement. Customer service typically becomes unresponsive after payment is received, leaving consumers with no recourse.

Spotting Authentic vs. Counterfeit Labubus

Authentic Labubu Characteristics

Genuine Labubu toys have exactly nine pointed teeth, which serves as the key identifier for authenticity. They feature a pale peach complexion with specific color consistency and display the official Pop Mart logo stamped on the bottom of one foot. Authentic products come in proper packaging with legitimate QR codes and holographic stickers, including authenticity stamps that can be verified through Pop Mart’s official system.

Counterfeit “Lafufu” Warning Signs

Counterfeit versions exhibit several telltale signs of fraudulent manufacturing. These fake toys have more or fewer than nine teeth, different facial colors or expressions, and missing or fake Pop Mart branding. The materials and construction quality are noticeably poor, and packaging lacks verifiable QR codes that connect to official authentication systems.

Your Cybersecurity Action Plan

Protecting yourself from these scams requires a multi-layered approach starting with shopping exclusively through official channels. Purchase only from Pop Mart’s official website at popmart.com or their verified Amazon store to ensure authenticity. Before making purchases from unfamiliar retailers, always search for “[website name] + scam” to verify their legitimacy.

Use secure payment methods that offer fraud protection and dispute capabilities, particularly credit cards rather than peer-to-peer payment apps. Maintain extreme skepticism toward social media ads, especially those creating artificial urgency or pressure to purchase immediately.

If You’ve Been Targeted

If you discover you’ve been scammed, document everything immediately by saving screenshots, emails, and transaction records. Contact your credit card company or bank without delay to dispute charges and report the scam to the Better Business Bureau’s Scam Tracker. File complaints with the Federal Trade Commission to help authorities track these criminal operations.

Financial Recovery

Request chargebacks through your credit card provider and provide all documentation showing misrepresentation of goods. Avoid using peer-to-peer payment apps for future purchases as they offer limited fraud protection and fewer options for recovery when scams occur.

The Broader Cybersecurity Implications

The Labubu scam represents a troubling evolution in cybercriminal tactics, demonstrating how quickly bad actors can weaponize viral trends to create sophisticated fraud networks. These operations exploit consumer psychology around FOMO (fear of missing out) and artificial scarcity to pressure victims into making hasty financial decisions.

Several factors make this particularly dangerous for consumers and cybersecurity professionals alike. The speed of adaptation allows scammers to create convincing fake operations within days of a trend emerging, while social media amplification means platforms struggle to quickly identify and remove fraudulent sponsored content. The international scope of many operations makes law enforcement cooperation challenging, and the target demographics often include Gen Z consumers who may be early adopters of trends but lack experience with sophisticated scams.

Industry Response and Future Outlook

Pop Mart has been working to combat counterfeiting, but the distributed nature of online fraud makes this an ongoing challenge. Social media platforms are slowly improving their ad verification processes, though scammers continue finding workarounds to exploit system vulnerabilities.

International customs officials have begun seizing shipments of counterfeit Labubu toys, with hundreds of thousands of fake units confiscated in recent operations. However, the profit margins on these scams remain attractive enough that new operations continue launching regularly, adapting their tactics to avoid detection.

Protecting the Next Generation of Consumers

As cybersecurity professionals and informed consumers, we have a responsibility to educate others about these evolving threats. The Labubu scam won’t be the last time cybercriminals exploit viral cultural phenomena – it represents the most recent example of an increasingly sophisticated playbook that targets consumer psychology and cultural trends.

Consumer protection requires constant vigilance and education. Always verify the authenticity of sellers before providing payment information, maintain suspicion of deals that seem too good to be true, and use payment methods that offer fraud protection and dispute capabilities. Report suspected scams to relevant authorities to help protect other consumers from similar harm.

The intersection of viral culture and cybercrime is only going to become more complex as digital trends accelerate and criminal operations become more sophisticated. By staying informed about these tactics and sharing knowledge with our communities, we can help reduce the success rate of these operations and protect consumers from financial harm.

Remember that when it comes to viral trends and online shopping, a healthy dose of skepticism isn’t cynicism – it’s cybersecurity best practice. The cost of verification is always less than the cost of victimization.

 

The post Going Lacoocoo over Labubu: How Viral Toy Trends Are Becoming Scams appeared first on McAfee Blog.

Even years after its release, Fortnite still stands as the online “battle royale” game of choice, with millions of younger gamers packing its servers every month—along with fair share of scammers who want to target them both in and out of the game. What makes Fortnite such a proverbial hunting ground for scammers? The answer lies in an in-game economy—one fueled with its own virtual currency that’s backed by real dollars. As to how all that plays out, that calls for a closer look at the game. Fortnite’s in-game currency, V-Bucks, has become a prime target for cybercriminals. One of the most prevalent threats is the so-called “free V-Bucks generator” scam—a fraudulent scheme that promises players free or discounted V-Bucks in exchange for completing online forms, providing account credentials, or downloading software. These offers are entirely illegitimate. No third-party service can generate V-Bucks, and engaging with such sites puts users at significant risk of credential theft, malware infection, and financial fraud.

What is Fortnite?

Fortnite is player-versus-player game where up to 100 players fight as individuals, duos, or squads of up to four, battle on a cartoon-like island where the playable area increasingly shrinks as the game goes on. Along the way, players gain weapons and items that by rummaging through “loot boxes” or through bundles of loot left behind by eliminated players. Fortnite has several game modes, yet the most popular is the “battle royale” mode described here, where the last player, or team, left standing wins.

Is Fortnite free to play?

On the surface, Fortnite is free to play. However, money quickly enters the picture with Fortnite’s in-game currency known as V-Bucks. Players pay real money to purchase different amounts of V-Bucks through the Fortnite Item Shop or through official Fortnite V-Bucks gift cards available in stores and online.

Players use V-Bucks for all kinds of in-game purchases, notably outfits and game avatars known commonly as “skins” based on pop-culture icons like Marvel superheroes and popular singers, along with other game weapons and items. Further, players use V-Bucks to purchase “Battle Passes” that give them access to further in-game purchases and rewards. Finally, players can also purchase “Loot Llamas,” which are bundles of items, skins, and weapons as well (which players can also acquire these through gameplay to some degree).

And that’s where scammers enter the picture. Because wherever money changes hands online, scammers are sure to crop up. And with Fortnite in particular, players are more than willing to pay for V-Bucks, which can turn unwary kids into targets.

What are Fortnite scams, and what do they look like?

In all, players love spending V-Bucks because it lets them create custom avatars loaded with unique items. This makes up a big part of the game’s appeal above and beyond the gameplay itself, to the point where players sporting rarer skins and items take on the air of status symbols.

Bad actors out there do their best to capitalize on this mix of customization, status, and money with several types of scams designed to lure in young gamers. Put plainly, the game’s economy gives scammers a powerful emotional hook they can set—the drive to stand out on the battlefield is high.

Three of the most common Fortnite scams include:

Phishing scams

Just like shopping scams, fake ticket scams, and the like, these scams lure children into clicking links to phishing sites that promise in-game rewards, items, and discounted V-Bucks—but steal credit and debit card info. Young gamers might come across these links in search, yet YouTube has been rife with links to Fortnite scams as well. An examination of domains such as 750ge.com and ggfn.us reveals the use of established phishing methodologies coupled with malware delivery systems. These sites leverage Fortnite’s widespread appeal to attract users seeking free premium content, employing social engineering techniques that mirror those seen in Roblox-related scams and other forms of online fraud.

Social engineering scams

Scammers pose as friendly gamers and build up trust over time, only to betray that trust by asking children to share personal info, passwords, or credit card numbers for “discounted” V-Bucks or items. Some also get children to download malware, promising that the (harmful) app “generates” V-Bucks or gives them “upgrades” of some kind.

Account takeovers and ransoms

Also under the guise of providing items, upgrades, or V-Bucks, scammers persuade children into handing over their login info. This can give them access to personal and financial info contained in the Epic Games Launcher. Further, because some players have spent a great deal of time and money on their account, some scammers hold hijacked accounts for ransom—demanding payment for the return of the account. As it is with any kind of ransomware or ransom attack online, payment is no guarantee that the scammer will return the account.

How to Secure Your Epic Games Account

When it comes to protecting your Fortnite and Epic purchases, a few disciplined habits go a long way. Follow the guidance below to significantly reduce account-takeover risk and streamline recovery if something goes wrong.

Use Unique Passwords

Use a password that you don’t use anywhere else. Credential-stuffing attacks rely on recycled passwords from other breaches; a unique, long passphrase (ideally 14+ characters) blocks that common tactic. Consider a reputable password manager to generate and store complex credentials safely.

Enable Two-Factor Authentication (2FA)

Turn on 2FA so a one-time code is required at sign-in, stopping most unauthorized logins even if a password leaks. Epic supports email, SMS, and authenticator-app methods—use an app whenever possible for stronger protection. Note: 2FA is required for certain programs (e.g., tournaments, Support-A-Creator) and is strongly recommended for all players.

Secure and Verify your Email Address

Your email is the recovery backbone for your Epic account. Use an email you’ll keep long-term, enable that mailbox’s own 2FA, and verify the address within Epic. A verified, secured email makes account recovery faster and helps Player Support confirm ownership if there’s suspicious activity.

Link Your Social Accounts for Extra Security

Linking trusted single-sign-on options (e.g., Google) can simplify logins without creating yet another password—provided those social accounts are themselves protected with unique passwords and 2FA. Treat your SSO accounts as keys: if they’re well-secured, they reduce friction without sacrificing safety.

Keep Your Devices Secure

Good account security starts with healthy devices. Keep operating systems and browsers up to date, use reputable antivirus/anti-malware, and avoid installing unknown software or extensions. A compromised device can capture keystrokes and tokens regardless of how strong your password is.

Don’t Buy or Share Accounts

Buying, selling, or sharing accounts violates policy and exposes you to scams, chargebacks, and permanent loss of access. If someone else knows your password—or if ownership is disputed—support may not be able to help. Keep your credentials private and your account strictly personal.

Don’t Trust Suspicious Offers

Ignore sites and messages promising free or discounted V-Bucks, skins, or creator perks. These are common phishing and malware lures that mimic Epic branding to steal credentials or install harmful software. Only transact through official Epic channels and in-game menus.

If You Suspect Compromise

If you can still log in: immediately reset your email password, then your Epic password, and enable 2FA. Review recent logins and unlink unknown devices. If you can’t log in: work through Epic’s recovery steps starting with your email account and Epic password reset. Have purchase details handy to verify ownership.

What are the parental controls for Fortnite?

With many Fortnite scams, scammers need a way to speak with your child, ideally in the game itself. Fortunately, Fortnite has several parental controls that make it far more difficult for scammers to approach them and that give you further control over payments made through the platform.

Here are a few of the things you can manage from Fortnite’s parental controls:

Social permissions

This lets you manage your child’s online social interactions across Epic’s experiences and games by setting permissions for friend requests, voice and text chat, and mature language filtering.

Purchasing settings

Here you can set permissions to help prevent unauthorized payments while using Epic Games payment services.

Age-rating restrictions

You can manage which experiences your child can access in Fortnite, and which games your child can access in the Epic Games Store based on age ratings.

Time limit controls & time reports

Set time limits and view the total time your child spends in Fortnite and Unreal Editor for Fortnite (UEFN) each week. Choose if you want to receive email reports for your child’s time spent in Fortnite and UEFN.

Should I trust a website that’s offering free V-Bucks?

As Epic Games states, avoid trusting any offers for Epic Games products—such as free titles or V-Bucks that come from external or unverified sites, as they are likely scams. Legitimate promotions are only shared through the Epic Games Store, the official Epic Games website, or their verified social media channels, so if you don’t see it there, it’s not real.

Additionally, for parents of younger players …

Fortnite offers what Epic Games calls “Cabined Accounts,” a safer space that disables voice and text chat, while also disabling the ability to pay for items with real money. (In the U.S., Cabined Accounts are for children under 13 years old. Elsewhere, under that country’s age of digital consent.) Players with Cabined Accounts can still play titles from Epic Games like Fortnite, Rocket League or Fall Guys, but won’t be able to access certain features such as voice chat until their parent or guardian provides consent.

 

Source: Epic Games

What other parental controls can you set to keep your kids safe on Fortnite?

Be aware, though. The parental controls listed above only apply to games on the Epic Games platform. That means your child may still be able to access voice chat using the chat system built into the gaming console or device they’re playing on. So you’ll want to check out the parental controls on their console or device as well, which we’ve listed below:

PlayStation

PlayStation® 5 parental controls and PlayStation® 4 parental controls

Xbox

Xbox parental controls

Nintendo Switch

Nintendo Switch parental controls

Windows

Windows parental controls

iOS

iOS parental controls

Google Play

Google Play parental controls

More ways you can protect your kids from Fortnite and online game scams

Make sure your kids know that virtual money is often real money.

Whether it’s Fortnite V-Bucks or many of the other virtual currencies used in online games, many are tied back to real dollars. It costs real money to buy them. Ultimately, the same goes for the in-game purchases they make. Younger gamers don’t always make this connection, which is how we get the occasional headline story about a grade-school child who racks up a multi-thousand-dollar credit card bill. Have a sit-down with your child and help them understand this connection between “virtual” money and “real” money. And with that, you can have a follow-on chat about an allowance for online game purchases (which you can often set using a game’s parental controls). Do note, Epic Games does not offer legitimate V-Bucks generators outside their official platforms. Any site claiming otherwise is operating a fraud scheme that poses significant security risks to users.

Set the parental controls for the games they play.

We’ve outlined what Fortnite offers by way of parental controls, as well as the parental controls offered on several top gaming platforms. Once more, note that you’ll want to set parental controls on the any of the games your children play that include online chat or purchases. Granted, the controls vary from game to game, but a quick web search will let you know what your options are. In some cases, as with Fortnite, gaming companies have entire websites dedicated to parental controls and overall child safety.

Help your kids know the difference between “friends” in games and friends in real life.

As we outlined above, many scammers try to trick young gamers into thinking they’re a friend—when in fact any kind of “friendship” is part of a scam. Make sure you let them know it’s always okay to speak with you or another trusted adult if a “friend” asks them for personal info or anything that has to do with money. The same goes for asking them to chat on other apps outside the game, such as Whatsapp, or to meet up in person. Understandably, the answer to questions like these is always “no.” Note that some games and platforms let you report accounts for behavior like this. Use those tools as needed.

Use a credit card to pay for online games.

In the U.S., the Fair Credit Billing Act allows you to dispute charges. Additionally, some credit cards offer their own anti-fraud protections that can help you dispute a billing. Further, if your credit card offers online account alerts for when a purchase is made, set that up so you can track what your children are spending online. Lastly, use credit monitoring to track any unusual purchases. Credit monitoring like ours provides timely notifications and guidance so you can take action to tackle identity theft.

Get a scam detector working for you.

Phony sites, emails, texts, and on and on and on—scammers put them all into play. Yet a combination of features in our McAfee+ plans can help you and your children spot them.

McAfee’s Scam Detector helps you stay safer with advanced scam detection technology built to spot and stop scams across text messages, emails, and videos. Likewise, our Web Protection will alert you if a link might take you to a sketchy site. It’ll also block those sites if you accidentally tap or click on a bad link.

 

 

The post Fortnite Impersonation Scams: A No-Nonsense Parent Guide appeared first on McAfee Blog.

Meta has unleashed a groundbreaking feature that transforms Instagram from a photo-sharing platform into a real-time location broadcaster. While the company promises enhanced connectivity, cybersecurity experts are sounding alarm bells about potential dangers lurking beneath this seemingly innocent update. 

Understanding the Digital Surveillance Landscape

Instagram’s freshly minted “Map” functionality represents a seismic shift in social media architecture. Unlike traditional posting where you deliberately choose what to share, this feature operates as an always-on location transmitter that continuously broadcasts your whereabouts to selected contacts whenever you launch the application. 

The mechanism mirrors Snapchat’s infamous Snap Map, but with Instagram’s massive user base—over 2 billion active accounts—the implications for personal security amplify exponentially. This feature enables users to share their real-time location with friends and view theirs on a live map, but it also raises serious privacy concerns from targeted advertising to potential stalking and misuse in abusive relationships. 

McAfee’s Chief Technology Officer Steve Grobman provides crucial context: “Features like location sharing aren’t inherently bad, but they come with tradeoffs. It’s about making informed choices. When people don’t fully understand what’s being shared or who can see it, that’s when it becomes a risk.” 

The Hidden Dangers Every Consumer Should Recognize 

Stalking and Harassment Vulnerabilities 

Digital predators can exploit location data to track victims with unprecedented precision. Relationship and parenting experts warn location sharing can turn into a stressful or even dangerous form of control, with research showing that 19 percent of 18 to 24-year-olds think it’s reasonable to expect to track an intimate partner’s location. 

Steve Grobman emphasizes the real-world implications: “There’s also a real-world safety concern. If someone knows where you are in real time, that could lead to stalking, harassment, or even assault. Location data can be powerful, and in the wrong hands, dangerous.” 

Professional and Personal Boundary Erosion

Your boss, colleagues, or acquaintances might gain unwanted insights into your personal activities. Imagine explaining why you visited a competitor’s office or why you called in sick while appearing at a shopping center. 

The Social Network Vulnerability

The danger often comes from within your own network. Grobman warns: “It only takes one person with bad intentions for location sharing to become a serious problem. You may think your network is made up of friends, but in many cases, people accept requests from strangers or someone impersonating a contact without really thinking about the consequences.” 

Data Mining and Commercial Exploitation

While Instagram claims it doesn’t use location data from this feature for ad targeting, the platform’s history with user data suggests caution. Your movement patterns create valuable behavioral profiles for marketers. 

The Mosaic Effect: Building Detailed Profiles

Cybercriminals employ sophisticated data aggregation techniques. According to Grobman: “Criminals can use what’s known as the mosaic effect, combining small bits of data like your location, routines, and social posts to build a detailed profile. They can use that information to run scams against a consumer or their connections, guess security questions, or even commit identity theft.” 

Immediate Action Steps: Protecting Your Digital Territory

Step 1: Verify Your Current Status 

For iPhone Users: 

• Launch Instagram and navigate to your Direct Messages (DM) inbox 
• Look for the “Map” icon at the top of your message list 
• If present, tap to access the feature 
• Check if your location is currently being broadcast 

For Android Users: 

• Open Instagram and go to your DM section
• Locate the map symbol above your conversation threads
• Select the map to examine your sharing status 

Step 2: Disable Location Broadcasting Within Instagram

Method 1: Through the Map Interface 

• Access the Map feature in your DMs
• Tap the Settings gear icon in the upper-right corner 
• Select “Who can see your location” 
• Choose “No One” to completely disable sharing 
• Confirm your selection 

Method 2: Through Profile Settings 

• Navigate to your Instagram profile 
• Tap the three horizontal lines (hamburger menu) 
• Select Settings and Activity 
• Choose “Privacy and Security” 
• Find “Story, Live and Location” section 
• Tap “Location Sharing” 
• Set preferences to “No One” 

Step 3: Implement Device-Level Protection

iPhone Security Configuration: 

• Open Settings on your device 
• Scroll to Privacy & Security 
• Select Location Services 
• Find Instagram in the app list 
• Choose “Never” or “Ask Next Time” 

Android Security Setup: 

• Access Settings on your phone 
• Navigate to Apps or Application Manager 
• Locate Instagram 
• Select Permissions 
• Find Location and switch to “Don’t Allow” 

Step 4: Verify Complete Deactivation

After implementing these changes: 

• Restart the Instagram application 
• Check the Map feature again 
• Ensure your location doesn’t appear 
• Ask trusted contacts to confirm you’re invisible on their maps 

Advanced Privacy Fortification Strategies

Audit Your Digital Footprint 

Review all social media platforms for similar location-sharing features. Snapchat, Facebook, and TikTok offer comparable functionalities that require individual deactivation. 

Implement Location Spoofing Awareness 

Some users consider VPN services or location-spoofing applications, but these methods can violate platform terms of service and create additional security vulnerabilities. 

Regular Security Hygiene 

Establish monthly reviews of your privacy settings across all social platforms. Companies frequently update features and reset user preferences without explicit notification. 

Grobman emphasizes the challenge consumers face: “Most social platforms offer privacy settings that offer fine-grained control, but the reality is many people don’t know those settings exist or don’t take the time to use them. That can lead to oversharing, especially when it comes to things like your location.” 

Family Protection Protocols 

If you’re a parent with supervision set up for your teen, you can control their location sharing experience on the map, get notified when they enable it, and see who they’re sharing with. Implement these controls immediately for underage family members. 

Understanding the Technical Mechanics 

Data Collection Frequency 

Your location updates whenever you open the app or return to it while running in the background. This means Instagram potentially logs your position multiple times daily, creating detailed movement profiles. 

Data Retention Policies 

Instagram claims to hold location data for a maximum of three days, but this timeframe applies only to active sharing, not the underlying location logs the platform maintains for other purposes. 

Visibility Scope 

Even with location sharing disabled, you can still see others’ shared locations on the map if they’ve enabled the feature. This asymmetric visibility creates potential social pressure to reciprocate sharing. 

Red Flags and Warning Signs 

Monitor these indicators that suggest your privacy may be compromised: 

• Unexpected visitors appearing at locations you’ve visited 
• Colleagues or acquaintances referencing your whereabouts without your disclosure
• Targeted advertisements for businesses near places you’ve recently visited
• Friends asking about activities they shouldn’t know about 

The Broader Cybersecurity Context

This Instagram update represents a concerning trend toward ambient surveillance in social media. Companies increasingly normalize continuous data collection by framing it as connectivity enhancement. As consumers, we must recognize that convenience often comes at the cost of privacy. 

The feature’s opt-in design provides some protection, but user reports suggest the system may automatically activate for users with older app versions who previously granted location permissions. This highlights the importance of proactive privacy management rather than reactive protection. 

Your Privacy Action Plan

Immediate (Next 10 Minutes): 

• Disable Instagram location sharing using the steps above
• Check device-level location permissions for Instagram 

This Week: 

• Audit other social media platforms for similar features
• Review and update privacy settings across all digital accounts
• Inform family members about these privacy risks 

Monthly Ongoing: 

• Monitor Instagram for new privacy-affecting features 
• Review location permissions for all mobile applications 
• Stay informed about emerging digital privacy threats 

Expert-Recommended Protection Strategy:

Grobman advises a comprehensive approach: “The best thing you can do is stay aware and take control. Review your app permissions, think carefully before you share, and use tools that help protect your privacy. McAfee+ includes identity monitoring, scam detection. McAfee’s VPN keeps your IP address private, but if a consumer allows an application to identify its location via GPS or other location services, VPNs will not protect location in that scenario. Staying safe online is always a combination of the best technology along with good digital street smarts.” 

Remember: Your location data tells the story of your life—where you work, live, worship, shop, and spend leisure time. Protecting this information isn’t paranoia; it’s fundamental digital hygiene in our hyper-connected world. 

The choice to share your location should always remain yours, made with full awareness of the implications. By implementing these protective measures, you’re taking control of your digital footprint and safeguarding your personal security in an increasingly surveilled digital landscape. 

 

The post Instagram’s New Tracking Feature: What You Need to Know to Stay Safe  appeared first on McAfee Blog.

The UK’s digital landscape underwent its most significant transformation yet on Friday, July 25, 2025. The Online Safety Act 2023, seven years in the making, is now being fully enforced by Ofcom (the UK’s communications regulator). These new rules fundamentally change how British citizens access and interact with online content, with the primary goal of protecting children from harmful material.

What Is the Online Safety Act?

The Online Safety Act is comprehensive legislation designed to make the UK “the safest place in the world to be online.” The law places legal responsibilities on social media companies, search engines, and other online platforms to protect users—especially children—from illegal and harmful content.

The Act applies to virtually any online service that allows user interaction or content sharing, including social media platforms, messaging apps, search engines, gaming platforms, dating apps, and even smaller forums or comment sections.

Origins of the Online Safety Act

The journey to the UK Online Safety Act was a long and complex one, beginning with the Government’s 2019 Online Harms White Paper. This initial proposal outlined the need for a new regulatory framework to tackle harmful content. The draft Online Safety Bill was published in May 2021, sparking years of intense debate and scrutiny in Parliament. Public pressure, significantly amplified by tragic events and tireless campaigning from organizations like the Molly Rose Foundation, played a crucial role in shaping the legislation and accelerating its passage. After numerous amendments and consultations with tech companies, civil society groups, and child safety experts, the bill finally received Royal Assent on October 26, 2023, officially becoming the Online Safety Act.

Who Must Comply with the Online Safety Act?

This new UK internet law applies to a vast range of online services accessible within the UK. The core focus is on platforms that host user-generated content (known as user-to-user services) and search engines. Ofcom, the regulator, has established a tiered system to apply the rules proportionally. Category 1 services are the largest and highest-risk platforms like Meta (Facebook, Instagram), X (formerly Twitter), and Google, which face the most stringent requirements. Category 2A covers search services, and Category 2B includes all other in-scope services that don’t meet the Category 1 threshold. This includes smaller social media sites, online forums, and commercial pornographic websites. Notably, services like email, SMS, and content on recognized news publisher websites are exempt from these specific regulations.

The Changes That Started July 25, 2025

Mandatory Age Verification for Adult Content

The most immediate change for consumers is the replacement of simple “Are you 18?” checkboxes with robust age verification. As Oliver Griffiths from Ofcom explained: “The situation at the moment is often ridiculous because people just have to self-declare what their birthday is. That’s no check at all.”

There are three main ways that Brits will now be asked to prove their age:

Age Estimation Methods:

• Facial age estimation using approved third-party services like Yoti or Persona
• Email-based age verification that checks if your email is linked to household utility bills

Information Verification:

• Bank or mobile provider checks where these institutions confirm your adult status
• Simple computer verification that gives websites a “yes” or “no” without sharing personal details

Document Verification:

• Official ID verification requiring passport or driver’s license, similar to showing ID at a supermarket

Important Dates and Compliance Deadlines

• October 2023: The Online Safety Act receives Royal Assent and becomes law.
• November 2023 – May 2025: Ofcom undertakes three phases of consultation, developing the detailed rules and codes of practice needed to enforce the Act.
• July 25, 2025: The first key enforcement date for the Online Safety Act 2025. Ofcom begins enforcing rules on illegal content, with a primary focus on services hosting pornography to implement robust age assurance measures.
• Late 2025: The deadline for all in-scope services to complete their first illegal content risk assessments.
• Early 2026: Expected deadline for larger platforms (Category 1) to comply with duties related to protecting children from legal but harmful content.
• Beyond 2026: Ongoing compliance cycles, with platforms required to submit regular transparency reports to Ofcom detailing the safety measures they have in place.

Stricter Content Controls for Children

Platforms must now actively prevent children from accessing content related to suicide, self-harm, eating disorders, pornography, violent or abusive material, online bullying, dangerous challenges or stunts, and hate speech.

Social media platforms and large search engines must keep harmful content off children’s feeds entirely, with algorithms that recommend content required to filter out dangerous material.

Enhanced Platform Responsibilities

Online services must now provide clear and accessible reporting mechanisms for both children and parents, procedures for quickly taking down dangerous content, and identify a named person “accountable for children’s safety” with annual reviews of how they manage risks to children.

How to Comply with the Online Safety Act

1. Conduct Detailed Risk Assessments: Platforms must proactively identify and evaluate the risks of illegal and harmful content appearing on their service, paying special attention to risks faced by children.
2. Practice “Safety by Design”: This principle requires companies to build safety features directly into their services from the start, rather than treating safety as an afterthought. This includes systems to prevent harmful content from being recommended by algorithms.
3. Implement Robust Age-Assurance: For services that host pornography or other age-restricted content, this means selecting and deploying effective age verification technologies to prevent children from gaining access. This is a key part of the porn law change UK citizens are now seeing.
4. Publish Transparency Reports: Companies must regularly report to Ofcom and the public on the steps they are taking to manage risks and comply with the Online Safety Act.
5. Appoint a UK Representative: Companies based outside the UK that are in scope of the Act must appoint a legal representative within the country to be accountable for compliance.

Ofcom’s enforcement will follow a proportionality principle, meaning the largest platforms with the highest reach and risk will face the most demanding obligations. Platforms are strongly advised to seek early legal and technical guidance to ensure they meet their specific duties under the new law.

The Scale of the Problem

The statistics that drove this legislation are shocking:

• Around 8% of children aged 8-14 in the UK visited an online porn site or app in a month
• 15% of 13-14-year-olds accessed online porn in a month
• Boys aged 13-14 are significantly more likely to visit porn services than girls (19% vs 11%)
• The average age children first see pornography is 13, with 10% seeing it by age 9

According to the Children’s Commissioner, half of 13-year-olds surveyed reported seeing “hardcore, misogynistic” pornographic material on social media sites, with material about suicide, self-harm, and eating disorders described as “prolific.”

Major Platforms Already Complying

Major websites like PornHub, X (formerly Twitter), Reddit, Discord, Bluesky, and Grindr have already committed to following the new rules. Over 6,000 websites hosting adult content have implemented age-assurance measures.

Reddit started checking ages last week for mature content using technology from Persona, which verifies age through uploaded selfies or government ID photos. X has implemented age estimation technology and ID checks, defaulting unverified users into sensitive content settings.

Privacy and Security: What You Need to Know

Many consumers worry about privacy implications of age verification, but the system has built-in protections:

• Adult websites don’t actually receive your personal information
• Age-checking services don’t learn what content you’re trying to view
• The process is compliant with data protection laws and simply gives websites a “yes” or “no”
• You remain anonymous with no link between your identity and online habits

Best Practices for Privacy:

• Choose facial age estimation when available (supported by over 80% of users)
• Avoid photo ID verification when possible to minimize data sharing
• Understand that verification status may be stored to avoid repeated checks

Enforcement: Real Consequences for Non-Compliance

Companies face serious penalties for non-compliance: fines of up to £18 million or 10% of global revenue (whichever is higher). For a company like Meta, this could mean a £16 billion fine.

In extreme cases, senior managers at tech companies face criminal liability and up to two years in jail for repeated breaches. Ofcom can also apply for court orders to block services from being available in the UK.

Ofcom has already launched probes into 11 companies suspected of breaching parts of the Online Safety Act and expects to announce new investigations into platforms that fail to comply with age check requirements.

The VPN Reality Check

While some might consider using VPNs to bypass age verification, Ofcom acknowledges this limitation but emphasizes that most exposure isn’t from children actively seeking harmful content: “Our research shows that these are not people that are out to find porn — it’s being served up to them in their feeds.”

As Griffiths explained: “There will be dedicated teenagers who want to find their way to porn, in the same way as people find ways to buy alcohol under 18. They will use VPNs. And actually, I think there’s a really important reflection here… Parents having a view in terms of whether their kids have got a VPN, and using parental controls and having conversations, feels a really important part of the solution.”

What This Means for Different Users

For Parents

You now have stronger tools and clearer accountability from platforms. Two-thirds of parents already use controls to limit what their children see online, and the new rules provide additional safeguards, though about one in five children can still disable parental controls.

For Adult Users

You may experience “some friction” when accessing adult material, but the changes vary by platform. On many services, users will see no obvious difference at all, as only platforms which permit harmful content and lack safeguards are required to introduce checks.

For Teens

Stricter age controls mean more restricted access to certain content, but platforms must also provide better safety tools and clearer reporting mechanisms.

The Bigger Picture: Managing Expectations

Industry experts and regulators emphasize that this is “the start of a journey” rather than an overnight fix. As one tech lawyer noted: “I don’t think we’re going to wake up on Friday and children are magically protected… What I’m hoping is that this is the start of a journey towards keeping children safe.”

Ofcom’s approach will be iterative, with ongoing adjustments and improvements. The regulator has indicated it will take swift action against platforms that deliberately flout rules but will work constructively with those genuinely seeking compliance.

Impact of the Online Safety Act on Users and Industry

The UK Online Safety Act is set to have a profound impact, bringing both significant benefits and notable challenges. For users, the primary benefit is a safer online environment, especially for children who will be better shielded from harmful content. Increased transparency from platforms will also empower users with more information about the risks on services they use. However, some users have raised concerns about data privacy related to age verification and the potential for the Act to stifle free expression and lead to over-removal of legitimate content.

For the tech industry, the law presents major operational hurdles. Compliance will require substantial investment in technology, content moderation, and legal expertise, with costs potentially running into the billions across the sector. Smaller platforms may struggle to meet the requirements, potentially hindering innovation and competition. The key takeaway is that the Online Safety Act marks a paradigm shift, moving from self-regulation to a legally enforceable duty of care, the full effects of which will unfold over the coming years as Ofcom’s enforcement ramps up.

Criticism and Future Developments

Some campaigners argue the measures don’t go far enough, with the Molly Rose Foundation calling for additional changes and some MPs wanting under-16s banned from social media completely. Privacy advocates worry about invasive verification methods, while others question effectiveness.

Parliament’s Science, Innovation and Technology Committee has criticized the act for containing “major holes,” particularly around misinformation and AI-generated content. Technology Secretary Peter Kyle has promised to “shortly” announce additional measures to reduce children’s screen time.

Looking Ahead

This week’s implementation represents “the most significant milestone yet” in the UK’s bid to become the safest place online. While the changes may not be immediately visible to all users, they establish crucial foundations for ongoing child safety improvements.

The Online Safety Act is designed to be a living framework that evolves with technology and emerging threats. Expect continued refinements, additional measures, and stronger enforcement as the system matures.

The Online Safety Act represents a fundamental shift in how online platforms operate in the UK. While it may introduce some inconvenience through age verification processes, the legislation prioritizes protecting children from genuine harm.

The success of these measures will depend on consistent enforcement, platform cooperation, and ongoing parental engagement. As one Ofcom official noted: “I think people accept that we’re not able to snap our fingers and do everything immediately when we are facing really deep-seated problems that have built up over 20 years. But what we are going to be seeing is really big progress.”

Stay informed about these changes, understand your verification options, and remember that these new safeguards are designed to protect the most vulnerable internet users while preserving legitimate access for adults.

 

 

The post UK’s New Online Safety Act: What Consumers Need to Know appeared first on McAfee Blog.