Login
“Vishing” occurs when criminals cold-call victims and attempt to persuade them to divulge personal information over the phone. These scammers are generally after credit card numbers and personal identifying information, which can then be used to commit financial theft. Vishing can occur both on your landline phone or via your cell phone.
The term is a combination of “voice,” and “phishing,” which is the use of spoofed emails to trick targets into clicking malicious links. Rather than email, vishing generally relies on automated phone calls that instruct targets to provide account numbers. Techniques scammers use to get your phone numbers include:
Once vishers have phone numbers, they employ various strategies to deceive their targets and obtain valuable personal information:
To protect yourself from vishing scams, you should:
Staying vigilant and informed is your best defense against vishing scams. By verifying caller identities, being skeptical of unsolicited requests for personal information, and using call-blocking tools, you can significantly reduce your risk of falling victim to these deceptive practices. Additionally, investing in identity theft protection services can provide an extra layer of security. These services monitor your personal information for suspicious activity and offer assistance in recovering from identity theft, giving you peace of mind in an increasingly digital world. Remember, proactive measures and awareness are key to safeguarding your personal information against vishing threats.
The post How to Protect Yourself from Vishing appeared first on McAfee Blog.
Article tags
My mother recently turned 80, so of course a large celebration was in order. With 100 plus guests, entertainment, and catering to organise, the best way for me to keep everyone updated (and share tasks) was to use Google Docs. Gee, it worked well. My updates could immediately be seen by everyone, the family could access it from all the devices, and it was free to use! No wonder Google has a monopoly on drive and document sharing.
But here’s the thing – hackers know just how much both individuals and businesses have embraced Google products. So, it makes complete sense that they use reputable companies such as Google to devise phishing emails that are designed to extract our personal information. In fact, the Google Docs phishing scam was widely regarded as one of the most successful personal data extraction scams to date. They know that billions of people worldwide use Google so an invitation to click a link and view a document does not seem like an unreasonable email to receive. But it caused so much grief for so many people.
Emails designed to trick you into sharing your personal information are a scammer’s bread and butter. This is essentially what phishing is. It is by far the most successful tool they use to get their hands on your personal data and access your email.
‘But why do they want my email logins?’ – I hear you ask. Well, email accounts are what every scammer dreams of – they are a treasure trove of personally identifiable material that they can either steal or exploit. They could also use your email to launch a wide range of malicious activities from spamming and spoofing to spear phishing. Complicated terms, I know but in essence these are different types of phishing strategies. So, you can see why they are keen!!
But successful phishing emails usually share a few criteria which is important to know. Firstly, the email looks like it has been sent from a legitimate company e.g. Microsoft, Amex, or Google. Secondly, the email has a strong ‘call to action’ e.g. ‘your password has been changed, if this is not the case, please click here’. And thirdly, the email does not seem too out of place or random from the potential victim’s perspective.
Despite the fact that scammers are savvy tricksters, there are steps you can take to maximise the chances your email remains locked away from their prying eyes. Here’s what I suggest:
Never respond to an unexpected email or website that asks you for personal information or your login details no matter how professional it looks. If you have any doubts, always contact the company directly to verify.
Make sure you have super-duper internet security software that includes all the bells and whistles. Not only does internet security software McAfee+ include protection for daily browsing but it also has a password manager, a VPN, and a social privacy manager that will lock down your privacy settings on your social media accounts. A complete no-brainer!
Avoid using public Wi-Fi to log into your email from public places. It takes very little effort for a hacker to position themselves between you and the connection point. So, it’s entirely possible for them to be in receipt of all your private information and logins which clearly you don’t want. If you really need to use it, invest in a Virtual Private Network (VPN) which will ensure everything you share via Wi-Fi will be encrypted. Your McAfee+ subscription includes a VPN.
Public computers should also be avoided even just to ‘check your email’. Not only is there a greater chance of spyware on untrusted computers but some of them sport key-logging programs which can both monitor and record the keys you strike on the keyboard – a great way of finding out your password!
Ensuring each of your online accounts has its own unique, strong, and complex password is one of the best ways of keeping hackers out of your life. I always suggest at least 10-12 characters with a combination of upper and lower case letters, symbols, and numbers. A crazy nonsensical sentence is a great option here but better still is a password manager that will remember and generate passwords that no human could! A password manager is also part of your McAfee+ online security pack.
Even if you have taken all the necessary steps to protect your email from hackers, there is the chance that your email logins may be leaked in a data breach. A data breach happens when a company’s data is accessed by scammers and customers’ personal information is stolen. You may remember the Optus, Medibank and Latitude hacks of 2022/23?
If you have had your personal information stolen, please be assured that there are steps you can take to remedy this. The key is to act fast. Check out my recent blog post here for everything you need to know.
So, next time you’re organising a big gathering don’t hesitate to use Google Docs to plan or Microsoft Teams to host your planning meetings. While the thought of being hacked might make you want to withdraw, please don’t. Instead, cultivate a questioning mindset in both yourself and your kids, and always have a healthy amount of suspicion when going about your online life. You’ve got this!!
Till next time,
Stay safe!
Alex
The post How To Prevent Your Emails From Being Hacked appeared first on McAfee Blog.
As the use of mobile devices continues to skyrocket worldwide, a new danger is silently emerging against consumers. This menace, known as malicious software or malware, presents itself in various ways, affecting users in areas such as privacy, identity, and financial theft. This article delves into the deep end of how the proliferation of mobile devices is impacting consumer security.
Undeniably, mobile technology has become an invaluable part of our everyday life. Everywhere you look, you will see individuals caught up in their smartphones or tablets – browsing the internet, shopping, chatting, or even working. However, this increased dependence has not come without its pitfalls. As people tend to shy away from securing their mobile devices properly, they unknowingly expose themselves to fraudsters and hackers.
Mobile technology has become the new frontier for fraudsters and hackers. The ease and convenience that these devices offer have made consumers lower their guard, putting their personal information and security at risk. A worrying trend shows that a significant percentage of smartphone users do not bother to use a simple safeguard like a four-digit password. This lack of basic security, combined with the habit of saving login information on the device, creates an easy avenue for crime.
Statistically, mobile phones have become the prime target for theft, with cities like New York and Washington, D.C., recording high percentages of robberies involving mobile phones. This soaring rate of mobile theft offers a terrifying insight into the severity of the current situation and the challenges that lie ahead in the domain of consumer security.
→ Dig Deeper: So, Your Phone Got Stolen. Here’s What to Do.
Many factors converge to make these handheld marvels increasingly susceptible to breaches. From the expansive array of mobile apps to the subtleties of social engineering, let’s highlight key vulnerabilities and the need for heightened awareness.
Accessing another person’s mobile device has become incredibly easy. With the tech advancements we have today, a hacker can remotely control almost any mobile device. Malicious software can be designed as a harmless picture or audio clip. Unwary users who click on these links or open these attachments get malware installed on their devices without their permission.
On mobile devices, malware operates differently than early PC malware. It does not require your consent, and once installed, you lose control over your device. In essence, your device is figuratively in the hands of the fraudsters. This easy access to your device, coupled with the fact that most users do not secure their devices, has led to a surge in fraud and identity theft cases globally.
The sheer number of mobile applications available on app stores makes it difficult for users to determine which ones are safe. Malicious apps can often make their way onto app stores, and users might inadvertently download and install them, granting access to their device and personal data.
Hackers have become adept at using social engineering tactics to manipulate users into divulging sensitive information or clicking on malicious links. They might impersonate trusted entities or use psychological tricks to deceive users.
Many mobile device users are not sufficiently aware of the security risks associated with their devices. They might not realize the importance of regularly updating their operating systems and apps or employing strong passwords and other security measures.
Users who do not update their mobile operating systems are more susceptible to security vulnerabilities that hackers can exploit. Regular updates often include patches for known vulnerabilities.
→ Dig Deeper: Why Software Updates Are So Important
While many users rely on PINs or simple patterns to unlock their devices, using stronger authentication methods like long, complex passcodes or two-factor authentication can significantly enhance device security.
McAfee Pro Tip: You might be familiar with the phrases “two-factor” or “biometric” authentication. Furthermore, multi-factor authentication is gaining traction in professional settings. Amidst this sea of terminology, distinguishing between the various authentication methods can become quite a challenge. Know the difference between two-factor authentication and multi-factor authentication.
Modern criminals are well aware that your mobile device is an indispensable part of your life. This is because, in a single device, you store some of your most private conversations, confidential information, personal photos, and financial details. For many people, their smartphone is their life – from being a communication tool to a vault for their sensitive data.
These little gadgets have become the key to our personal and financial lives. As they are always on and always with us, they continually create, store, and connect us to valuable and often confidential information. This information has immense value to fraudsters and identity thieves. They realize that just like on your PC, software can track and record your online activities, chats, instant messages, emails, keystrokes, and program usage. It can also capture sensitive details such as bank account numbers, passwords, security questions and answers, GPS locations, and more.
The world of cyber threats as we know it is evolving, thanks to mobile technology. Traditional forms of cybercrime, which primarily targeted PCs are becoming increasingly sophisticated, due to the wealth of information available on mobile devices. The speed and dynamism of the mobile landscape have necessitated the development of new tactics and tools to navigate this challenging and ever-changing terrain.
Disguises and deceptions are commonplace in the mobile cybercrime arena. Things are rarely what they appear to be, with hackers and fraudsters continually developing novel and inventive ways of accessing confidential information. Therefore, the rules of the game have changed, and it is no longer sufficient to solely protect your PC with antivirus software. To ensure user security, a comprehensive approach that encompasses all devices is now paramount.
→ Dig Deeper: 4 Mobile Malware Threats You Can’t Even See
As mobile devices become an essential part of our lives, it is crucial to prioritize their security. With most devices connected to financial accounts, and storing a goldmine of personal, professional, and confidential data, it becomes a pressing necessity to invest in a comprehensive security solution. It should not be limited to an antivirus but should also extend to protecting your identity and personal data on all your devices.
A robust solution like McAfee+ service is recommended. This service not only includes antivirus protection but also safeguards the identity and data of the user and their families on ALL devices. Not only does it provide you with an antivirus shield, but it also ensures your peace of mind by offering identity and privacy protection. Investing in such a service will provide a much-needed barrier against the rising tide of mobile device-related fraud and identity theft.
As the usage of mobile devices continues to rise exponentially, so too does the threat to consumer security. The ease and convenience that these devices offer have inadvertently made them prime targets for fraudsters and hackers. As a result, there is an alarming increase in fraud, identity theft, and privacy loss.
However, as ominous as the threat landscape may seem, it can be navigated with adequate caution and security measures. Users must recognize the importance of securing their mobile devices and take necessary precautions. Investing in comprehensive security solutions that protect not just the device but also the privacy and identity of the users is a step in the right direction. As we further embrace mobile technology, we must also adapt and upgrade our security practices to ensure that these conveniences do not become our vulnerabilities.
The evolution of mobile technology has indeed changed the game in the realm of cyber threats. Still, with the right tools and practices, users can enjoy the benefits of their devices while maintaining their security and privacy.
The post Proliferation of Mobile Devices: The Impact on Consumer Security appeared first on McAfee Blog.
In the age of digital data and Internet access, the potential for scams is more significant than ever. These scams often involve leveraging popular search queries to trap unsuspecting netizens into their malicious schemes. Among the top searches in the online world, celebrities hold a prime spot. Through this guide, we aim to shed light on how scammers take advantage of the global fascination with celebrities to target their potential victims.
As digital users, most of us are likely well-acquainted with the phrase “Just Google it.” The search engine has become a go-to source for any information ranging from essential daily needs to entertainment gossip. But it’s crucial to remember that while you’re in pursuit of data, scammers are in search of their next victim.
Scammers have significantly evolved with the advancement of technology. They’ve mastered the art of creating fake or infected websites that can harm your computer systems, extract your financial information, or even steal your identity. Their strategies often include luring victims through popular searches, such as the latest Twitter trends, breaking news stories, major world events, downloads, or even celebrity images and gossip. The higher the popularity of the search, the greater the risk of encountering harmful results.
McAfee has conducted research for six consecutive years on popular celebrities to reveal which ones are riskiest to search for online. For instance, Emma Watson outplaced Heidi Klum as the most dangerous celebrity to look up online. Interestingly, it was the first year that the top 10 list comprised solely of women. Cybercriminals commonly exploit the names of such popular celebrities to lead users to websites loaded with malicious software, consequently turning an innocent search for videos or pictures into a malware-infected nightmare.
→ Dig Deeper: Emma Watson Video Scam: Hackers Use Celeb’s Popularity to Unleash Viruses
Scammers are well aware of the allure the word “free” holds for most Internet users. They cleverly exploit this to get your attention and draw you into their traps. For instance, when you search for “Beyonce” or “Taylor Swift” followed by prompts like “free downloads”, “Beyonce concert photos”, or “Taylor Swift leaked songs”, you expose yourself to potential online threats aiming to steal your personal information. It’s always prudent to maintain a healthy level of skepticism when encountering offers that seem too good to be true, especially those labeled as “free.”
While the internet can be a dangerous playground, it doesn’t mean that you cannot protect yourself effectively. Using common sense, double-checking URLs, utilizing safe search plugins, and having comprehensive security software are some strategies to help ensure your online safety. This guide aims to provide you with insights and tools to navigate the online world without falling prey to its many hidden dangers.
Truth be told, the responsibility for online safety lies primarily with the user. Just as you would not walk into any shady-looking place in real life, it requires a similar instinct to avoid shady sites while browsing online. One important piece of advice – if something appears too good to be true, in all probability, it is. So, take note of these practical tips to help you guard against celebrity scams and other online threats:
→ Dig Deeper: How to Tell Whether a Website Is Safe or Unsafe
→ Dig Deeper: The Big Reason Why You Should Update Your Browser (and How to Do It)
Having comprehensive security software installed on your devices is another crucial step towards preventing scams. Good antivirus software can protect against the latest threats, alert you about unsafe websites, and even detect phishing attempts. Furthermore, always keep your security software and all other software updated. Cybercriminals are known to exploit vulnerabilities in outdated software to infiltrate your devices and steal your data.
Apart from ensuring you have security software, be cautious about what you download on your devices. Trojans, viruses, and malware are often hidden in downloadable files, especially in sites that offer ‘free’ content. Cybercriminals tempting users to download infected files often use popular celebrity names. Therefore, download wisely and from reputed sources.
McAfee Pro Tip: Before committing to a comprehensive security plan, it’s crucial to evaluate your security protection and analyze your requirements. This proactive stance forms the bedrock for crafting strong cybersecurity measures that cater precisely to your unique needs and potential vulnerabilities. For more information about our acclaimed security solutions, explore our range of products.
In the digital world, where information and entertainment are available at our fingertips, it’s crucial to remain vigilant against scams, especially those involving celebrities. By exercising prudent online practices like scrutinizing URLs, using safe search plugins, and installing comprehensive security software, we can significantly reduce our risk of falling prey to these scams.
It’s imperative to understand that the popularity of a search term or trend is directly proportional to the risk it carries. So next time, before you search for your favorite celebrity, remember, the more famous the celebrity, the greater the risk. Together with McAfee, let’s promote safer browsing practices and contribute to a safer online community for all.
The post Celebrities Are Lures For Scammers appeared first on McAfee Blog.
One of the essential aspects of digital security resides in the strength of our passwords. While they are the most convenient and effective way to restrict access to our personal and financial information, the illusion of a fully secure password does not exist. The reality is that we speak in terms of less or more secure passwords. From a practical perspective, we must understand the behind-the-scenes actions that could potentially compromise our passwords and consequently, our digital lives.
Unfortunately, most users frequently overlook this crucial part of their digital existence. They remain largely ignorant of numerous common techniques that hackers employ to crack passwords, leading to the potential loss of personal details, financial information, or even identity theft. Therefore, this blog aims to enlighten readers on how they might be unknowingly making their passwords vulnerable.
Passwords serve as the first line of defense against unauthorized access to our online accounts, be it email, social media, banking, or other sensitive platforms. However, the unfortunate reality is that not all passwords are created equal, and many individuals and organizations fall victim to password breaches due to weak or compromised credentials. Let’s explore the common techniques for cracking passwords, and learn how to stay one step ahead in the ongoing battle for online security.
In the world of cyber-attacks, dictionary attacks are common. This approach relies on using software that plugs common words into the password fields in an attempt to break in. It’s an unfortunate fact that free online tools exist to make this task almost effortless for cybercriminals. This method spells doom for passwords that are based on dictionary words, common misspellings, slang terms, or even words spelled backward. Likewise, using consecutive keyboard combinations such as qwerty or asdfg is equally risky. An excellent practice to deflect this attack is to use unique character combinations that make dictionary attacks futile.
Besides text-based passwords, these attacks also target numeric passcodes. When over 32 million passwords were exposed in a breach, nearly 1% of the victims used ‘123456’ as their password. Close on its heels, ‘12345’ was the next most popular choice, followed by similar simple combinations. The best prevention against such attacks is avoiding predictable and simple passwords.
→ Dig Deeper: Cracking Passwords is as Easy as “123”
While security questions help in password recovery, they also present a potential vulnerability. When you forget your password and click on the ‘Forgot Password’ link, the website generally poses a series of questions to verify your identity. The issue here is that many people use easily traceable personal information such as names of partners, children, other family members, or pets as their answers, some of which can be found on social media profiles with little effort. To sidestep this vulnerability, it’s best not to use easily accessible personal information as the answer to security questions.
McAfee Pro Tip: Exercise caution when sharing content on social media platforms. Avoid making all your personal information publicly accessible to thwart hackers from gathering sensitive details about you. Learn more about the dangers of oversharing on social media here.
A common mistake that many internet users make is reusing the same password for multiple accounts. This practice is dangerous as if one data breach compromises your password, the hackers can potentially gain access to other websites using the same login credentials. According to a report published by LastPass in 2022, a recent breach revealed a shocking password reuse rate of 31% among its victims. Hence, using unique passwords for each of your accounts significantly reduces the risk associated with password reuse.
Moreover, it’s also advisable to keep changing your passwords regularly. While this might seem like a hassle, it is a small price to pay for ensuring your digital security. Using a password manager can help you remember and manage different passwords for different websites.
Social Engineering is a non-technical strategy that cybercriminals use, which relies heavily on human interaction and psychological manipulation to trick people into breaking standard security procedures. They lure their unsuspecting victims into revealing confidential data, especially passwords. Therefore, vigilance and skepticism are invaluable weapons to have in your arsenal to ward off such attacks.
The first step here would be not to divulge your password to anyone, no matter how trustworthy they seem. You should also be wary of unsolicited calls or emails asking for your sensitive information. Remember, legitimate companies will never ask for your password through an email or a phone call.
Despite the vulnerabilities attached to passwords, much can be done to enhance their security. For starters, creating a strong password is the first line of defense. To achieve this, you need to use a combination of uppercase and lowercase letters, numbers, and symbols. Making the password long, at least 12 to 15 characters, significantly improves its strength. It’s also advisable to avoid using common phrases or strings of common words as passwords- they can be cracked through advanced versions of dictionary attacks.
In addition to creating a strong password, adopting multi-factor authentication can greatly enhance your account security. This technology requires more than one form of evidence to verify your identity. It combines something you know (your password), something you have (like a device), and something you are (like your fingerprint). This makes it more difficult for an attacker to gain access even if they have your password.
→ Dig Deeper: 15 Tips To Better Password Security
The future of passwords looks promising. Scientists and tech giants are working relentlessly to develop stronger and more efficient access control tools. Biometrics, dynamic-based biometrics, image-based access, and hardware security tokens are some of the emerging technologies promising to future-proof digital security. With biometrics, users will no longer need to remember complex passwords as access will be based on unique personal features such as fingerprints or facial recognition.
Another promising direction is the use of hardware security tokens, which contain digital certificates to authenticate the user. These tokens can be used in combination with a password to provide two-factor authentication. This makes it more difficult for an attacker to gain access as they would need both your token and your password. While these technologies are still developing, they suggest a future where access control is more secure and user-friendly.
In conclusion, while there’s no such thing as a perfectly secure password, much can be done to enhance their security. Understanding the common techniques for cracking passwords, such as dictionary attacks and security questions’ exploitation, is the first step towards creating more secure passwords. Using unique complex passwords, combined with multi-factor authentication and software tools like McAfee’s True Key, can greatly improve the security of your accounts.
The future of passwords looks promising with the development of biometrics and hardware security tokens. Until then, it’s crucial to adopt the best password practices available to protect your digital life. Remember, your online security is highly dependent on the strength and uniqueness of your passwords, so keep them complex, unique, and secure.
The post What Makes My Passwords Vulnerable? appeared first on McAfee Blog.
| Language | Framework | URL | Method | Param | Header | WS |
|---|---|---|---|---|---|---|
| Go | Echo | ✅ | ✅ | X | X | X |
| Python | Django | ✅ | X | X | X | X |
| Python | Flask | ✅ | X | X | X | X |
| Ruby | Rails | ✅ | ✅ | ✅ | X | X |
| Ruby | Sinatra | ✅ | ✅ | ✅ | X | X |
| Php | ✅ | ✅ | ✅ | X | X | |
| Java | Spring | ✅ | ✅ | X | X | X |
| Java | Jsp | X | X | X | X | X |
| Crystal | Kemal | ✅ | ✅ | ✅ | X | ✅ |
| JS | Express | ✅ | ✅ | X | X | X |
| JS | Next | X | X | X | X | X |
| Specification | Format | URL | Method | Param | Header | WS |
|---|---|---|---|---|---|---|
| Swagger | JSON | ✅ | ✅ | ✅ | X | X |
| Swagger | YAML | ✅ | ✅ | ✅ | X | X |
FreshRSS brew tap hahwul/noir
brew install noir# Install Crystal-lang
# https://crystal-lang.org/install/
# Clone this repo
git clone https://github.com/hahwul/noir
cd noir
# Install Dependencies
shards install
# Build
shards build --release --no-debug
# Copy binary
cp ./bin/noir /usr/bin/docker pull ghcr.io/hahwul/noir:mainUsage: noir <flags>
Basic:
-b PATH, --base-path ./app (Required) Set base path
-u URL, --url http://.. Set base url for endpoints
-s SCOPE, --scope url,param Set scope for detection
Output:
-f FORMAT, --format json Set output format [plain/json/markdown-table/curl/httpie]
-o PATH, --output out.txt Write result to file
--set-pvalue VALUE Specifies the value of the identified parameter
--no-color Disable color output
--no-log Displaying only the results
Deliver:
--send-req Send the results to the web request
--send-proxy http://proxy.. Send the results to the web request via http proxy
Technologies:
-t TECHS, --techs rails,php Set technologies to use
--exclude-techs rails,php Specify the technologies to be excluded
--list-techs Show all technologies
Others:
-d, --debug Show debug messages
-v, --version Show version
-h, --help Show help
Example
noir -b . -u https://testapp.internal.domainsJSON Result
noir -b . -u https://testapp.internal.domains -f json
[
...
{
"headers": [],
"method": "POST",
"params": [
{
"name": "article_slug",
"param_type": "json",
"value": ""
},
{
"name": "body",
"param_type": "json",
"value": ""
},
{
"name": "id",
"param_type": "json",
"value": ""
}
],
"protocol": "http",
"url": "https://testapp.internal.domains/comments"
}
]
