If you have ever checked your child’s grades online, submitted a college paper through a school portal, downloaded homework assignments, or received messages from a teacher through a classroom app, there is a good chance you have used Canvas, a nationwide learning management system that was just in a massive data breach. 

This is exactly the moment McAfee+ Advanced was built for. With our built-in Scam Detector to flag risky links, QR codes, and deepfakes; Identity Monitoring that alerts you when your data appears where it shouldn’t; and Personal Data Cleanup that removes your information from the dark web and data brokers, McAfee+ Advanced is an all-in-one solution for protection after a data breach.

Now let’s get into what you need to know about this breach: 

Who Is Behind the Canvas Breach? 

The ransomware group ShinyHunters is claiming responsibility for the attack. The group alleges it stole roughly 275 million records tied to nearly 9,000 schools and educational institutions worldwide. 

How Did the Canvas Cyberattack Happen? 

Instructure, the company behind Canvas, confirmed a cyber incident affecting its cloud-hosted environment. The attackers later posted claims about the breach on their leak site, where ransomware groups pressure organizations into paying by threatening to release stolen data publicly. 

What Information Was Stolen in the Canvas Breach? 

The stolen data reportedly includes: 

• Student names  
• Teacher and staff names  
• Email addresses  
• Student IDs  
• Course and enrollment information  
• School-related records  

ShinyHunters claims the breach exposed roughly 275 million records and more than 231 million unique email addresses. 

How Could the Canvas Data Breach Impact Families and Students? 

Even if financial information was not exposed, this kind of data can still be extremely valuable to scammers. Criminals can use real school names, real classes, teacher names, and student information to create highly convincing phishing emails, fake school alerts, scholarship scams, tuition scams, or password reset messages. 

A scam message referencing your child’s actual school or assignment is much harder to spot as fake. 

This is a real message from Canvas from a community college professor after yours truly took an anthropology class for fun during the pandemic. It’s full of links to apply for programs and reach out to professors. It has exact details about courses I’ve taken.  

While this correspondence is real, it’s exactly the type of messaging that scammers could fake and replicate, replacing real links with fake “paid” opportunities to pursue degrees.  

Now think of the millions of messages and specific scenarios scammers have access to, to create dubious and convincing scams. That’s why protecting yourself after a breach is key.  

What To Do Right Now 

Here are some actions you can take immediately ot protect yourself after this breach:

• Change you or your child’s Canvas password immediately, and update any other accounts where they reuse that password 
• Turn on multi-factor authentication (2FA) on parent and student accounts wherever the school permits it — Instructure’s own post-incident guidance specifically called out enforcing MFA as a recommended precaution 
• Ask your school what identity protection is being offered if sensitive data was involved 
• Consider placing a credit freeze on your or your child’s file to block new accounts from being opened in their name 
• Avoid clicking links in any messages that reference the breach, go directly to the official site instead 

---

And that, my friends, is issue number one in this week’s This Week in Scams. Let’s get into what else is on our radar in cybersecurity and scam news. 

---

Fake Amazon Recall Texts Are Targeting Shoppers  

Your phone buzzes. It’s a text from an unknown number, but the message looks official. 

“Dear Amazon Customer, we are writing to inform you that an item from your March 2026 order has been identified for recall.” There’s an order number. A link at the top of the message. A note about quality standards and a refund waiting for you. 

It looks real. It has the Amazon logo, the branded formatting, even a reference to the “Amazon Customer Safety Team.” The only thing it doesn’t have? Any connection to Amazon at all. 

This is a fake Amazon recall scam, and it is making the rounds right now. The goal is to get you to click that link, which takes you to a site designed to harvest your login credentials, payment information, or both.  

If you get a text like this, do not click the link. Go directly to amazon.com in your browser, log in, and check your orders and messages from there. Amazon does not initiate recall or refund processes through unsolicited texts with outside links. 

What Is a Fake Amazon Recall Scam And How Does It Work? 

A fake Amazon recall scam is a text message or email in which criminals impersonate Amazon to convince you that one of your recent orders has been flagged for a product recall. The message directs you to an external link leading to a phishing site designed to steal your Amazon credentials, credit card details, or personal information. 

Red Flags To Watch For 

• The text comes from an unknown number, not a short code or verified sender 
• The link goes to a domain that is not amazon.com 
• The message asks you to complete a refund through an external link 
• Small typos or awkward phrasing appear in what looks like official communication 
• The greeting says “Dear Amazon Customer” rather than your actual name 

What To Do If You Get One 

• Do not click the link 
• Go to amazon.com directly and check your orders and account notifications 
• Report the text to Amazon at stop-spoofing@amazon.com 
• Block the number 

Where McAfee Steps In (So You Don’t Have to Guess)  

Scams today are layered.  A fake email leads to stolen credentials. A breach leads to targeted phishing. And those follow-ups are getting harder to spot.  

With McAfee+ Advanced, multiple layers work together so you’re not left figuring it out after the damage is done: 

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
• Personal Data Cleanup helps remove your information from sites selling it. 
• Scam Detector flags suspicious texts, emails, links, QR codes, and even deepfake videos before you engage  
• Safe Browsing helps block risky sites, even if you do accidentally click  
• Device Security helps detect malicious apps or downloads  
• Secure VPN keeps your data private, especially on public Wi-Fi    

McAfee Safety Tips This Week 

Our advice based on this week’s scams and stories: 

• If your child’s school uses Canvas, update their password now and enable multi-factor authentication if available 
• Consider a credit freeze for your child’s identity, especially if sensitive identifiers were part of the breach 
• Never click links in unsolicited texts about refunds, recalls, or account issues — go directly to the official site instead 
• Treat any message that references your recent orders or personal account details with extra skepticism, even if it looks legitimate 
• Use Scam Detector to check suspicious links before engaging, and stay alert in the weeks and months after a breach, not just the first few days 

And we’ll be back next week with more scams and cybersecurity news making headlines. 

The post How to Protect Yourself After the Canvas Education Data Breach + Fake Amazon Recall Texts appeared first on McAfee Blog.

With the launch of the first 16 satellites, Russia begins construction of a network for satellite internet that aims to cover the entire country by 2030. But getting there won’t be easy.

Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters.

Chrome users were caught off guard by a 4-GB Google AI model baked into Chrome, sparking privacy concerns. The good news: You can easily uninstall it. The bad? You might not want to.

Scam messages are getting smarter and faster. 

According to McAfee’s 2026 State of the Scamiverse report, Americans now spend 114 hours a year trying to figure out what’s real and what’s fake online. That’s nearly three full workweeks lost to second-guessing messages, alerts, and links. 

And when scams do succeed, they move quickly. The typical scam unfolds in about 38 minutes, leaving little room for hesitation. 

That creates a gap: People want to check before they act, but the tools haven’t always met them in that moment. 

ChatGPT + McAfee is designed to close that gap, bringing scam detection directly to a platform people are already using to ask questions and make decisions. 

And it’s available to anyone. You don’t have to be a McAfee subscriber. 

This isn’t just detection. It’s guidance in the exact moment you’re deciding what to do.  

Instead of guessing, you can paste a message or drop in a screenshot and get a clear explanation of what’s risky, and what to do next, powered by McAfee’s threat intelligence. 

What You Can Do with ChatGPT + McAfee 

With this integration, checking something suspicious becomes as simple as asking a question. 

Paste a message. Drop in a link. Upload a screenshot. 

McAfee analyzes it and explains what’s going on clearly and in context. 

Here’s how it works: 

Feature	What it does	How it protects you
Link safety check	Paste a suspicious URL and get a reputational analysis based on McAfee threat intelligence	Scam links are often designed to look legitimate. A quick check helps avoid phishing and malware
Message analysis	Submit texts, emails, or social messages for evaluation	Many scams now rely on urgency and tone. Analysis helps surface subtle red flags
Screenshot uploads	Upload screenshots of messages, emails, or posts for review	Scams don’t always come as clean text. This makes it easier to check what you’re actually seeing
Clear explanations	Get a breakdown of why something is flagged as risky or safe	Not just a warning—an explanation that helps you recognize patterns next time
Guided next steps	Receive recommendations on what to do next	Helps prevent escalation, especially in moments of uncertainty

It’s a quick, accessible way to get answers in the moment. But it’s just one part of a broader system designed to protect you more comprehensively. 

Add the app to your ChatGPT account here. 

Built on McAfee’s Threat Intelligence 

Behind the scenes, ChatGPT + McAfee is powered by the same intelligence that fuels McAfee’s broader scam protection ecosystem. 

When you submit something for review: 

• Links are checked against known threat signals  
• Messages are analyzed for scam patterns and language cues  
• Results are translated into clear, human-readable explanations  

The goal isn’t just to flag risk. It’s to help you understand it. 

A New Way to Stay Ahead of Scams 

Scams aren’t slowing down. If anything, they’re becoming more convincing, more personalized, and harder to detect. 

That’s where ChatGPT + McAfee comes in. But this is only one part of a much bigger system designed to protect you before, during, and after a scam attempt. 

With McAfee+ Advanced, multiple layers work together so you’re not left figuring it out after the damage is done: 

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
• Personal Data Cleanup helps remove your information from sites selling it. 
• Scam Detector flags suspicious texts, emails, links, QR codes, and even deepfake videos before you engage  
• Safe Browsing helps block risky sites, even if you do accidentally click  
• Device Security helps detect malicious apps or downloads  
• Secure VPN keeps your data private, especially on public Wi-Fi    

The ChatGPT experience gives you a fast, intuitive way to check something in the moment. 

McAfee+ Advanced makes sure you’re protected across everything else.

The post Now Available: Use ChatGPT with McAfee to Spot Scams Faster appeared first on McAfee Blog.

Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases, spill highly sensitive data onto the public internet.

To stop children from bypassing its age checks, Meta is revamping its age-verification tools with an AI system that analyzes images and videos for “visual cues,” such as height and bone structure.

It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity.

Using a 1930s trade law, Homeland Security targeted the man—who hasn’t entered the US in more than a decade—following posts on X condemning the killings of Renee Good and Alex Pretti.

Plus: The NSA tests Anthropic’s Mythos Preview to find vulnerabilities, a Finnish teen is charged over the Scattered Spider hacking spree, and more.

The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk.

You’re scrolling through Facebook or TikTok and see it. 

A flash sale from a brand you recognize. A limited-time investment opportunity. A job posting that promises quick money. 

The ad has comments. The account looks polished. Maybe someone you follow even liked it. 

So you click. 

From there, things move fast. You’re pushed to act quickly, enter your information, or send payment before the “deal” disappears. And just like that, the money is gone or your account is compromised. 

This isn’t an edge case anymore. According to new FTC data, nearly 30% of people who reported losing money to a scam in 2025 said it started on social media, with total losses hitting $2.1 billion. 

That’s why McAfee+ Advanced includes comprehensive protection designed to help you spot and stop scams at every step, including McAfee’s Scam Detector, which flags suspicious links and messages and explains why they may be risky, along with identity and privacy tools that help protect your information if a scam slips through. 

How Social Media Ad Scams Work 

A social media ad scam is when scammers use paid ads, fake profiles, or hijacked accounts on platforms like Facebook, Instagram, or TikTok to promote fake products, services, or investment opportunities in order to steal money or personal information. 

Step	What happens	What to do	How McAfee helps
1	You see an ad, post, or DM promoting a deal, job, or investment	Don’t engage immediately, even if it looks legitimate	Scam Detector flags suspicious links and messages before you interact
2	The ad links to a website or moves you into DMs	Avoid clicking unfamiliar links or continuing off-platform	Safe Browsing helps block risky or newly created websites
3	You’re pressured to act quickly or “secure your spot”	Slow down and verify the company independently	Scam Detector explains urgency tactics and why they’re risky
4	You’re asked to pay, share login info, or download something	Never send money or credentials based on a social media interaction	Identity Monitoring helps protect your personal data if exposed
5	The product never arrives, the investment disappears, or your account is compromised	Report the scam and secure your accounts immediately	Personal Data Cleanup and monitoring help reduce ongoing exposure

Red Flags To Watch For 

• Deals that feel unusually cheap or urgent  
• Ads linking to unfamiliar or slightly misspelled websites  
• Requests to move conversations off-platform quickly  
• Payment requests via apps, crypto, or wire transfer  
• Accounts with limited history or inconsistent engagement  

And that is the first part of This Week in Scams! This Friday we’re taking a different format to talk about this new FTC data and all that it reveals.  

Let’s keep digging in: 

FTC Report: Social Media Scams Are Now The Most Costly Fraud Channel 

New data from the FTC shows just how dominant social media has become in the scam landscape. 

• Social media scams drove $2.1 billion in reported losses in 2025  
• Losses have increased eightfold since 2020  
• Investment scams alone accounted for $1.1 billion of those losses 

Where Scams Are Happening And What’s Changing 

Category	What to know
Most common scams	Shopping scams lead, with over 40% of victims reporting purchases from social media ads that never arrived
Most costly scams	Investment scams drive the biggest losses, often starting with ads or group chats showing fake success
What’s changing	Scammers are using platform tools like ads, targeting, and profile data to reach people more precisely than ever

How Scams Play Out Across Platforms 

Platform	How scams typically start	What to watch for
Facebook	Ads, Marketplace listings, hacked accounts	Fake stores, duplicate listings, urgent purchase pressure
Instagram	Sponsored posts, influencer impersonation	“Limited drop” scams, fake brand collaborations
TikTok	Ads, stolen videos/profiles, comment links, bio links,	“Get rich quick” schemes, external link funnels, reselling via TikTok
WhatsApp	Group chats, investment communities	Fake testimonials, coordinated pressure to invest

 How McAfee Protects You from Scams and Cyber Threats 

McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:   

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast  
• Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place  
• Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage  
• Safe Browsing helps block risky sites if you do click  
• Device Security helps detect malicious apps or downloads  
• Secure VPN keeps your data private, especially on public Wi-Fi    

McAfee Safety Tips This Week 

Our advice based on this week’s scams and schemes: 

• Treat social media ads like any other unknown source, not a trusted recommendation  
• Pause before clicking, especially when urgency is involved  
• Verify brands by going directly to their official website  
• Avoid sending money or personal information through social media  
• Use tools like Scam Detector to check suspicious links before engaging  

And we’ll be back next week with more scams making headlines.

The post Ad Impersonation Scams and Record-Breaking Social Media Fraud Losses: This Week in Scams appeared first on McAfee Blog.

OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks.

The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years.

AI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn't a complete disaster.

A 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials.

Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more.

A new scam making the rounds takes a familiar delivery trick and upgrades it with hyper‑realistic messaging and a QR code that looks safe to scan. 

But don’t be fooled. 

It’s the same delivery scam playbook scammers have relied on for years, just repackaged with better design and more convincing details. 

You get a message with a notice that looks something like this, a real message received by our team and tested against McAfee’s Scam Detector. 

 

That added layer of realism is what makes this version more dangerous. But it doesn’t hold up under scrutiny. McAfee’s Scam Detector flagged both the suspicious language and the QR code in this message before any interaction. 

If you receive something like this, pause. Do not scan the code. 

You can also protect yourself with McAfee’s Scam Detector, which flags suspicious links and messages, including delivery scams and QR‑based attacks, and explains why they may be risky. 

What is the USPS QR Code Scam and How Does it Work? 

The USPS QR code scam is a phishing attempt where scammers impersonate postal services and use QR codes instead of clickable links to direct victims to malicious websites. 

Once scanned, the QR code can lead to a fake USPS page that asks for payment, login credentials, or personal information. 

How the scam works 

Step	What happens	The red flags	What to do	How McAfee helps
1	You receive a text about a delivery issue or missed package	Urgency, you’re not tracking a package	Be skeptical of unsolicited delivery messages	Scam Detector flags suspicious messages
2	The message includes a QR code instead of a link	QR codes instead of official tracking links  is a red flag	Do not scan QR codes from unknown sources	QR scanning protection warns before opening risky destinations
3	You scan the code and land on a fake USPS page	Generic or slightly off branding on the webpage	Do not enter any information	Safe Browsing blocks known malicious sites
4	The page asks for payment or personal details	Requests for small “redelivery” or “processing” fees  are not normal	Exit immediately and do not submit anything	Scam Detector explains why the page is risky, and Identity Monitoring supports you when if your info gets out.

What To Do If You Get This Message 

• Do not scan the QR code  
• Go directly to the official USPS website to check tracking  
• Delete the message  
• Report it as spam  
• Monitor your accounts if you interacted with it  

And that, my friends, is scam number one in this week’s This Week in Scams. 

Let’s get into what else is on our radar. 

A Major Health Data Breach Exposes 500,000 Records 

A massive health data incident is raising new concerns about how sensitive information is handled and shared. 

According to reporting from the Associated Press, data tied to 500,000 participants in a major U.K. health research project was found listed for sale online. The dataset included biological and health-related information, though it did not contain direct identifiers like names or contact details. 

Access to the data had been granted to research institutions, but that access has since been revoked. Authorities say no purchases were made, and the listing has been removed. 

Still, the situation highlights a growing reality: once data is accessed or shared, control over it becomes harder to guarantee. 

What This Breach Says About Data Privacy 

Scams are no longer isolated events. They are layered. 

A data breach does not just stay a breach. It becomes fuel for future scams. Exposed information can be used to make phishing messages more convincing, personalize attacks, and build trust with targets. 

That is why detection alone is not enough anymore. Protection has to account for both incoming threats and what happens when data is already out there. 

How McAfee Protects You In A World of Scams and Data Breaches  

McAfee+ Advanced gives you multiple layers working together so you are not left figuring it out after the damage is done:  

• Identity Monitoring alerts you if your personal info shows up where it should not, so you can act fast 
• Personal Data Cleanup helps remove your information from data broker sites, making you harder to target in the first place 
• Scam Detector flags suspicious texts, emails, links, and even deepfake videos before you engage 
• Safe Browsing helps block risky sites if you do click 
• Device Security helps detect malicious apps or downloads 
• Secure VPN keeps your data private, especially on public Wi-Fi   

McAfee Safety Tips This Week  

As always, we have some best practices and safety tips for navigating life online:  

• Pause before clicking, especially when a message creates urgency   
• Go directly to websites or apps instead of using email links   
• Be skeptical of routine account alerts that push immediate action   
• Double-check sender addresses and URLs closely   
• Use tools like McAfee’s Scam Detector to flag suspicious links and messages before interacting   
• Turn on identity monitoring so you’re alerted if your data is exposed  

And we’ll be back next week with more scams making headlines.

The post Fake USPS QR Code Text Scams and a Major Health Data Breach: This Week in Scams appeared first on McAfee Blog.

A US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors.

Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally.